18-Feb-86 21:00:03-PST,10306;000000000000 Mail-From: NEUMANN created at 18-Feb-86 20:56:40 Date: Tue 18 Feb 86 20:56:39-PST From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.12 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Tuesday, 18 Feb 1986 Volume 2 : Issue 12 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Risks in automobile microprocessors -- Mercedes 500SE (Peter G. Neumann) Train safeguards defeated (Chuck Weinstock) Security Safeguards for Air Force Computer Systems (Dave Platt) How can Alvin Frost fight City Hall? (Jim DeLaHunt) More Plutonium/Shuttle (Martin J. Moore) Computerized Voting -- talk by Eva Waskell (Wednesday eve, 19 February, MIT) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Date: Tue 18 Feb 86 20:28:05-PST From: Peter G. Neumann Subject: Risks in automobile microprocessors -- Mercedes 500SE To: RISKS@SRI-CSL.ARPA We have had the El Dorado brake microprocessor recall, the Mark VII computerized air suspension recall, and the on-going CB interference problem in automotive microprocessors. For the record, let me add the current manslaughter trial of John C. (Sandy) Walker, who was driving when his 1982 Mercedes 500SE went into an uncontrollable skid. He escaped, but his passenger was killed in the resulting flames. An "accident reconstruction specialist", Paul O'Shea (also a consulting engineer for Mercedes and NASA, and winner of three championship races), testified that the state-of-the-art anti-skid braking system malfunctioned. When working properly, it is designed to slow the vehicle gracefully, and "will leave no skid marks, no matter how hard you step on the brakes." The longest skid marks from the accident on 9 June 1984 on the Silverado Trail in the Napa Valley were measured at 368 feet! One line of investigation is that mechanical defects might have caused a fire in the engine compartment, resulting in the malfunction of the brake computer. O'Shea noted that the emission-control system had been fitted with rubber hoses where metal hoses should have been, and which were placed too close to a heat-producing exhaust header. [SF Chronicle 5 Feb 86] ------------------------------ Date: Tuesday, 18 February 1986 15:49:12 EST From: Chuck.Weinstock@a.sei.cmu.edu To: Risks@sri-csl.arpa Subject: Train safeguards defeated You will recall the recent head-on collision between a Via passenger train and a freight in Canada [Risks-2.9]. A recent series of relevant messages on the railroad discussion list follows. For background, note that the Burlington Northern Railroad has had a significant number of "cornfield meets" (railroad slang for train collisions) in the past few years. Many were later blamed on alcohol and drugs being used by the crew. (It has gotten so bad that when the BN notified the community that it would transport no steam locomotives over it's most reasonable route to Vancouver for the Expo there, many railfans breathed a sigh of relief...they wouldn't want to trust something as precious as a steam locomotive to a railroad with a history of collisions.) Chuck - - - - Begin forwarded message - - - - [...] From: FarleighSE Subject: Re: VIA rail train collides head-on with freight. Date: 13 Feb 86 23:16:16 GMT To: railroad@rochester.arpa >Engines have "dead-man" controls. I know that the E- and F-unit diesels >had foot pedals that the engineer had to keep depressed continuously. >If the engineer let up on the pedal, emergency brakes would be applied. >I'm not sure the pedal system is in use today, but some variation is. >On GO Transit in your neck of the woods, for example, the engineer has >to be in contact with some part of the controls regularly (the throttle >or brake lever, for example). If he/she hasn't touched the controls >for 30 seconds, an alarm buzzes in the cab, telling him/her to touch the >controls at least briefly to confirm that he/she is still alive. If >no contact is made, on go the brakes! > >Carl Blesch Burlington Northern removed their Deadman controls a number of years ago. It seems that the Engineers were overriding the system (putting a brick on the pedal?). So the management of BN (means Better'n Nothin') decided to remove the Deadmans throttle altogether. About two years ago one of the many BN wrecks could have been avoided if the Deadman's throttle was installed and used. It seems that instead of BN's management addressing the problem of their many times stoned crew defeating the saftey device they opted to remove the safety device. Scott E. Farleigh AT&TIS - - - - End forwarded message - - - - ------------------------------ Date: Tue, 18 Feb 86 12:31 PST From: Dave Platt To: Risks Subject: Security Safeguards for Air Force Computer Systems From the Los Angeles Times, 2/17/86: "WASHINGTON (UPI) - The Air Force has failed to properly safeguard 77% of its computer systems, allowing the possible breach of classified data on space boosters, 'Star Wars' technology and major weapons systems, Pentagon auditors and officials say. The security vulnerability also extends to sensitive data on the MX and Midgetman missiles and B-1 and F-16 aircraft, they say. An Air Force official, responding to queries about the disclosure, said that he was '95% confident' that no 'actual compromises' of classified information on computers had actually occurred. The Air Force Audit Agency, which inspected eight bases, sharply criticized officers at each facility for failure to inspect safeguards, such as lead boxes designed to limit electromagnetic signals emitted by the equipment..." ------------------------------ Date: Mon 17 Feb 86 18:22:01-PST From: Jim DeLaHunt Subject: How can Alvin Frost fight City Hall? To: risks@SRI-CSL.ARPA I am intrigued by the apparent success of analyst Alvin Frost's attempt to keep the city of Washington, DC out of their own computer. With one 7- character password (and apparently physical access to the machine) he seems to be able to keep certain files out of the reach of his superiors. Does anybody know: * What machine, OS, etc. this is? * Whether his superiors have in fact cracked his protection? * What sort of data protection systems are immune to a legitimate systems manager logging on as root (or OPERATOR or whatever)? * What is actually going on here? Send responses to me; I will be glad to summarise to the net. --Jim DeLaHunt, Stanford University JDLH @ SU-Sushi.ARPA ------------------------------ Received: from eglin-vax.ARPA ... Tue 18 Feb 86 10:31:45-PST Date: 0 0 00:00:00 CDT From: "MARTIN J. MOORE" Subject: More Plutonium/Shuttle To: "risks" The 2/17/86 issue of Aviation Week contains an article entitled "Officials Disagree on Data Assessing Shuttle Reliability." The main topic of the article is the danger of plutonium contamination from nuclear shuttle payloads in case of an accident (I seem to have heard about this somewhere before :-). I recommend the article to the RISKS readership. One quote from Robert K. Weatherwax, author of a study titled "Review of Shuttle/Centaur Failure Probability Estimates for Space Nuclear Mission Applications" [December 1983] seems to answer the questions we were throwing around: We concluded that many, if not most, solid rocket motor failures would result in some release of plutonium, or at least a high likelihood of that. We recommended more safety analyses be done to evaluate the likelihood of booster failures in conjunction with this nuclear risk. A nuclear payload cannot explode, but it can be broken up, vaporzied or fragmented. You would have prompt fatalities on the ground and substantial contamination in eastern Florida [if a catastrophic launch failure occurred.] In a worst possible case, you could double the entire worldwide burden of plutonium in the atmosphere. Weatherwax is head of Sierra Energy and Risk Assessment, located in Sacramento. Sierra was contracted by the Air Force to perform the study. ------------------------------ Date: Tue, 18 Feb 86 23:06:33 EST From: "Steven A. Swernofsky" Subject: [BERLIN: Computerized Voting] To: RISKS@MC.LCS.MIT.EDU ... Date: Tue 18 Feb 86 13:51:03-EST From: Steve Berlin Subject: Computerized Voting To: bboard@XX.LCS.MIT.EDU Wednesday, February 19, 1986, 7:30 Ms. Eva Waskell Independent Investigative Reporter and Science Writer ``Computerized Voting: No Standards and a Lot of Questions'' Ms. Waskell will address problems involved with computerized voting programs. She will relate the status of litigation in several jurisdictions and will suggest safeguards in the voting system. Ms. Waskell's research provided a basis for several New York Times articles exposing problems with the most popular computerized balloting system in use. CPSR/Boston meets on the third Wednesday of each month, at 545 Technology Square, in the lounge on the 8th floor. 545 Tech Square is located at the corner of Main and Vassar Streets in Cambridge, near the Kendall Square stop on the red line. Meetings are free and open to the public, and free parking is available. For more information, contact CPSR/Boston at P.O. Box 962, Cambridge, MA, 02142, or call Steve Berlin at 617-253-6018. ------------------------------ End of RISKS-FORUM Digest ************************ -------