16-Feb-86 20:50:56-PST,9830;000000000000
Mail-From: NEUMANN created at 16-Feb-86 20:49:20
Date: Sun 16 Feb 86 20:49:19-PST
From: RISKS FORUM    (Peter G. Neumann, Coordinator) <RISKS@SRI-CSL.ARPA>
Subject: RISKS-2.11
Sender: NEUMANN@SRI-CSL.ARPA
To: RISKS-LIST@SRI-CSL.ARPA

RISKS-LIST: RISKS-FORUM Digest,  Sunday, 16 Feb 1986  Volume 2 : Issue 11

           FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
  SF Federal Reserve Bank 2 Billion Dollar Goof (SF Chron via Peter G. Neumann)
  Washington D.C. Analyst's Password Game (AP via Geoff Goodfellow)
  Boeing 767 EFIS -- compare Airbus A320 (Rob Warnock)
  Networks Pose New Threats to Data Security  
                              (InfoWorld-86/2/10 via Werner Uhrig)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious.  Diversity is welcome. 
(Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.)
(Back issues Vol i Issue j stored in SRI-CSL:<RISKS>RISKS-i.j.  Vol 1: MAXj=45)

----------------------------------------------------------------------

Date: Sun 16 Feb 86 20:04:54-PST
From: Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Subject: SF Federal Reserve Bank 2 Billion Dollar Goof
To: RISKS@SRI-CSL.ARPA

The SF Chronicle (7 Feb 86) had an article on what was "perhaps the biggest
banking blunder ever" (despite the Bank of New York just having had a $32
billion screw-up, reported in RISKS-1.31).  On 21 January 1986, the Fed was
testing its computers and accidentally transferred $2B to 19 financial
institutions.  A weekend test session had been constructed using 1000 actual
transactions from the previous Friday.  The test program and data were
accidentally left around, and thus the transactions were repeated on Monday
morning.  As opposed to the $32B case, all of the money was recovered, and
no actual losses were incurred.  A spokesman "stressed, however, that $2
billion represents only 2 percent of the funds handled by the Fed each day."
(... peanuts ... chicken-feed ...?)  In the future, testing will be done with
make-believe transactions and fictitious account numbers.  Six employees
deemed responsible were suspended without pay for three days.
  
   [Thanks to W. Randolph Franklin <wrf@degas.berkeley.edu> for reminding 
    me of that one.  I had meant to include it earlier.  PGN]

------------------------------

Date: 15 Feb 1986 05:39-PST
Sender: GEOFF@SRI-CSL.ARPA
Subject: Washington D.C. Analyst's Password Game [more on RISKS-2.10]
From: the tty of Geoffrey S. Goodfellow <Geoff@SRI-CSL.ARPA>
To: risks@SRI-CSL.ARPA
	
a010  2248  14 Feb 86
PM-Password, Bjt,0580
Disgruntled Computer Analyst Asks D.C. Children To Solve Money Mystery
By DIANE DUSTON
Associated Press Writer
    WASHINGTON (AP) - A disgruntled former District of Columbia employee
who hid the code word to computerized city accounts is inviting
children to try to find the password by playing a game he is placing
in a newspaper.
    Alvin C. Frost, an accountant for the city, said Friday he would
have clues published in The Washington Post this Sunday to a code
word he used to hide accounts in the city's computer system.
    The game is the latest twist in an ongoing dispute between the
district and Frost, who hid the accounts because of what he says are
mismanagement and improprieties in the city's finance office. He has
not accused officials of criminal wrongdoing.
    Frost, who worked for the city's office of financial management 3 1/2
years, resigned Friday.
    The accountant is asking children 12 years old and under to guess
the password based on the clues and win a tour of the monuments,
White House, Capitol, and Supreme Court and lunch in a downtown restaurant.
    ''Kids like to be involved in what is going on in the news,'' Frost said.
''Maybe this little game will get people involved in what's going on.''
    Though city officials say computer experts helped them crack the
code and regain access to the hidden accounts, Frost said he doesn't
think they know the password he used.
    ''Right now, they don't know. They don't know what's in the
computer,'' said Frost, who says he designed the computer program
used to manage the city's cash.
    Frost said there may be a ''tapeworm,'' or malfunction, in the
city's computer that could consume files if the word is not discovered.
    ''I planted the seed (to such a malfunction). Whether it actually
exists, they'll have to find out,'' said Frost.
    He was stripped of all his responsibilities after he devised the new
code word and refused to tell his superiors.
    He said he was resigning effective March 15, ''for historical and
literary reasons,'' a reference, he said, to the Ides of March, when
Julius Caesar was assassinated by a group of trusted friends.
    ''I've done my job,'' said Frost. ''Now it is time for the people to
get involved.''
    Frost gave reporters a chance to figure out the password by offering
these clues:
    -It has seven characters.
    -It has two syllables.
    -It's a real word.
    -All the characters are letters.
    -The word is not in the Declaration of Independence.
    -But the first syllable is used four times in the Declaration.
    -And, it is what the Declaration really means.
    At the news conference, a reporter guessed ''freedom,'' but Frost
wouldn't confirm it as the password.
    Officials did not return phone calls seeking comment Friday after
Frost announced he would resign.
    He said that last October he was questioned by the FBI and IRS about
operations in the office. He said the IRS was ''looking to trace the
trail of possible payoffs,'' but he would give no further details.
    Frost changed the password to some computer accounts after someone
entered the system and made copies of a letter he had written to
Mayor Marion Barry Jr. with his complaints.
    He was stripped of his responsibilities, though not fired, when he
refused to tell his superiors the code word.
    
AP-NY-02-15-86 0147EST

------------------------------

Date: Fri, 14 Feb 86 02:53:46 PST
From: sun!redwood.uucp!rpw3@ucbvax.berkeley.edu (Rob Warnock)
To: sun!risks
Subject: Re: Boeing 767 EFIS -- compare Airbus A320

Alan Marcum <marcum@sun.uucp> writes:
+---------------
| ...currently being done in the "Electronic Flight Instrument System" (EFIS)
| being used on, for example, the Boeing 767.  The EFIS can be configured to
| display various data on command by the flight crew, and to display "flags"...
|                        ... It is interesting in light of this digest to note
| that in all EFIS configurations I've seen, there are ALWAYS conventional
| (i.e. mechanical) backups for the critical instruments portrayed by the EFIS.
+---------------

Well... see pages 14-17 of the special supplement on Keyboards & Switches
in Electronic News, Monday, February 10. These four pages have a special
on the new style cockpit showing up on recent planes, and has a very nice
color picture of the A320 cockpit. The Airbus A320 has no conventional yoke
to fly the plane with -- each pilot has only a small "side stick", much like
the shuttle pilots. Quote: "The side sticks are used to apply the input order
such as azimuth and climb angle while the on-board computers take complete
responsibility for applying the correct amount of power and for leveling off
the aircraft at the desired altitude. An A320 aircraft cannot be commanded
to go into an overspeed, overload, or stall condition..."

I commend the entire article to the readership of this list, since it has
other little goodies in it, like: "When operation is normal, the flight
deck is a dark and restful place. When an event happens that needs a pilot's
attention, lights go on, displays change color. Formerly, when this happened,
pilots had to make decision, throw switches. They had to really take charge.
Now, although there are noticeably fewer switches for the pilot to get involved
with, the switching still goes on behind the scenes, as systems and circuits
test themselves and make decisions that call for no human intervention...
And the over-riding benefit is the avoidance of human error."

I'm sure the decrease in display density helps an awful lot. But what happens
when a pilot is trying to analyze a critical display and it changes on him/her
because the system thought a new display was more important? Maybe the system
was right. We'll see...

Oh yes, they saved enough money on switches and instruments to go from
doubly-redundant to triply-redundant computers. That's nice... ;-}

p.s. Not knocking it, you know, just noting that pure fly-by-wire is
already here, including ordering the plane "to navigate to a selected
airport and make an unassisted landing."


Rob Warnock
Systems Architecture Consultant

UUCP:	{{ihnp4,hplabs,dual}!fortune,sun,ism780c}!redwood!rpw3
DDD:	(415)572-2607
USPS:	627 26th Ave, San Mateo, CA  94403

------------------------------

Date: Thu 13 Feb 86 04:32:42-CST
From: Werner Uhrig  <CMP.WERNER@R20.UTEXAS.EDU>
Subject: Networks Pose New Threats to Data Security  [InfoWorld-86/2/10]
To: risks@R20.UTEXAS.EDU

  "As local area networks become more commonplace in the corporate computing
  environment, the possibility of prying eyes gaining access to your data is
  significantly increased.  And the spy is likely to be someone who knows you
  well."

[ nothing earth-shaking or new, just interesting to see what issues the
"popular press" pulled into the spotlight. ]

------------------------------

End of RISKS-FORUM Digest
************************
-------