16-Feb-87 11:36:05-PST,18915;000000000000 Mail-From: NEUMANN created at 16-Feb-87 11:34:12 Date: Mon 16 Feb 87 11:34:12-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.47 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Monday, 16 February 1987 Volume 4 : Issue 47 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The fielding is mutuel! (PGN) Another worm story (Dave Platt) Re: The student's extra $25,000 (Ronald J Wanttaja) Problems with the B-1B Bomber (Bill McGarry) Super-Smart Cards Are Here. (Leo Schwab) Iranamok Computer-Databased (Craig Milo Rogers) Re: electronic steering (Tom Adams, Amos Shapir) Re: Nova: Why Planes Crash (Alan M. Marcum) Re: Library computerization (Will Martin) Second British Telecom Fraud (Lindsay F. Marshall) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- Date: Mon 16 Feb 87 10:48:53-PST From: Peter G. Neumann Subject: The fielding is mutuel! To: RISKS@CSL.SRI.COM On Tuesday, 10 Feb 87, Golden Gate Fields opened its 41st season racing season with a $3 million upgrade -- including its computer systems. Unfortunately, the first day was a disaster. Due to starkly degraded computer capacity, only 80 of the 130 betting windows could be opened, despite adequate personnel for manning all windows. And those 80 were operating at a snail's pace. Bettors waiting in line for 20 minutes never got their bets in. The new Z Alpha Display next to the totalisator board was showing ridiculous probable payoffs. Actual payoffs could not be displayed and had to be announced. The Pick Six had to be cancelled altogether. It, a new Pick Nine, and a daily triple all used computer-readable marked cards, but the equipment was not up to the task. The GGF president Kjell Qvale said the reason for the breakdown was that the new equipment had been standing idly for too long and wasn't tested properly. Actually, mutuel machines are linked in groups of 8, and when one goes all 8 go. Something like 6 grids of 8 all collapsed. The resulting degradation in performance was intolerable. this is another example of the difficulty of testing a system adequately without the presence of LIVE operating conditions... although it sounds as if they had plenty of time to do less-than-live testing... [Derived from the SF Chron green pages, 11 Feb 87.] ------------------------------ Date: Fri, 13 Feb 87 14:42:36 PST From: dplatt@teknowledge-vaxc.arpa (Dave Platt) To: risks@csl.sri.com Subject: Another worm story There's a very interesting letter in the 1/87 issue of Byte magazine (page 408). Seems that the writer purchased a "speed-up BIOS chip for PC compatibles made by Softpatch Inc.", and installed it in his Televideo 1603 computer. Because the 1603 isn't strictly a PC-clone, he had to change two bytes in the video parameters (to suit the characteristics of the 14-inch monochrome monitor), and had to change one other byte to to make the BIOS checksum come out to zero. He decided to use the manufacturer's-logo byte for this latter change. Woe was he! The new BIOS contains a logo check, buried in the clock-tick interrupt routine, which is activated several hours after bootup. If the logo doesn't match, a glaring "PLEASE POWER OFF OR YOUR DISK WILL BE TRASHED!" message appears on the monitor, and if any key is typed (or is being held down when the message appears) the disk is "totally wiped out". The writer reports that the documentation which comes with the BIOS chip makes no mention of the worm. He apparently spoke with the author of the BIOS, who told him that his choice of the logo-byte for checksum fudging was "unfortunate", and that he (the BIOS's author) had wiped out his own hard-disk twice while testing the worm. Sounds to me as if Softpatch Inc. may be in a VERY dubious legal position with this worm, under the legal doctrine of "strict liability"... especially if the worm is accidentally activated on someone's computer due to a "wild branch" into the BIOS, as the writer suggests might happen. ------------------------------ Date: Fri, 13 Feb 87 09:56:57 pst From: hplabs!cae780!tektronix.TEK.COM!uw-beaver!ssc-vax!wanttaja@ucbvax.Berkeley.EDU (Ronald J Wanttaja) To: hplabs!CSL.SRI.COM!RISKS Subject: Re: The student's extra $25,000 At a recent aviation safety conference, Jack Eggspuler told a story similar to that of the student with the extra $25,000 credited to his account [Steve Thompson, RISKS-4.46]: He had banked for years at a small-town bank. One day, a large banking conglomerate bought up the small bank. After this, Jack noticed that his deposits weren't being listed. He went into the bank to talk to them. It turned out that his account number, which had been assigned to him when the bank was independent, was identical to Borden Industries' account number with the conglomerate. Yup, his penny-ante deposits were going into Borden's account. He thought it was straightened out. A week or so later he went in to cash a check, and asked for his balance. It was: $9,238,345.35. Ulp! He thought of a new Piper, but settled for a copy of the printout. He's got it hanging on his wall... GIBU: Garbage in, Bucks out? Ron Wanttaja (ssc-vax!wanttaja) ------------------------------ To: ucbvax!CSL.SRI.COM!NEUMANN Date: Wed, 11 Feb 87 0:15:16 EST From: decvax!bunker!wtm@ucbvax.Berkeley.EDU (Bill McGarry) Subject: Problems with the B-1B Bomber ReSent-To: RISKS@CSL.SRI.COM In the January 19th, 1987 issue of Newsweek, there is an article on the problems with the B-1B bomber project (page 20) . Three key systems are reported as being "faulty" with two of those attributed to software problems: * Terrain-following radar: "Software glitches have prevented pilot training but Air Force engineers say the flaws will be corrected within weeks." * Flight-control software: "..is especially critical during delicate in-flight refueling operations. Faulty software programs make such operations difficult." The third key system, electronic countermeasures systems (stealth), is reported as "jamming their own signals instead of the enemy's" but it was not mentioned whether software played any role in the problem. Bill McGarry, Bunker Ramo, Shelton, CT PATH: {philabs, decvax, ittatc}!bunker!wtm ------------------------------ Date: Wed, 11 Feb 87 23:30:58 pst From: well!ewhac@lll-lcc.ARPA (Leo 'Bols Ewhac' Schwab) Apparently-To: risks@sri-csl.arpa Subject: Super-Smart Cards Are Here. Organization: Whole Earth 'Lectronic Link, Sausalito, CA I just saw an article in the San Francisco Chronicle describing a new little goodie which inventors have called the Super-Smart card. It is a credit-card-sized unit with lots of memory in it, and it also appears to have a 12-key keypad on the back. What I found interesting about this article is that its inventors don't know what to do with it (solution looking for a problem), and are soliciting potential applications, such as encoding medical information. Do we really need this? Think about it. Supposedly "foolproof" systems have been defeated before (VideoCypher, British Telecom, countless computer systems, etc.). Why should this be any different? This is not just a card with an indentification number specially encoded, this is a full computer system in a credit card. It's got memory, I/O, an external interface (I would surmise that this would be the case so external readers can be plugged in), etc. Imagine: All your personal information encoded on a credit card. What if it's stolen? Thieves are getting more and more ingenious, and a particularly smart one could easily upload all the information out of the card. What if an even more ingenius person encoded fabricated information on the card? Suppose you're in an auto accident. The card is damaged. How will emergency personnel read the vital medical information? The list could go on. I agree that it's a neat gadget, and wouldn't mind having all kinds of information available in my wallet, but do we REALLY need something like this? Not necessarily because of the RISKS involved, but just as a new piece of technology to worry about. "Damn, the batteries are dead. And I can't buy new batteries without the card. And I can't use the card because the batteries are dead..." :-) Leo L. Schwab ihnp4!ptsfa!well!ewhac well ---\ dual ----> !unicom!ewhac hplabs -/ ("AE-wack") ------------------------------ To: Risks@csl.sri.com From: Craig Milo Rogers Subject: Iranamok Computer-Databased Date: Thu, 12 Feb 87 09:21:32 PST From the Los Angeles Times, Wed 11 Feb 1987, front page: IRAN INQUIRY REPORTED FOCUSING ON NEW DATA ... Computer Records Revealed ... FBI agents reviewed National Security Council computer records ... The records, part of a massive electronic filing system disclosed to investigators by the White House this winter, contains copies of private messages sent between National Security Council offices to the White House's internal IBM computer network, called PROFS. ... The computer messages under scrutiny by the FBI - which range from routine memos and obscene jokes to eyes-only accounts of intelligence operations - were composed and sent by most NSC employees in the belief that they were not being recorded elsewhere. In fact, however, their contents were stored on magnetically treated "hard" computer discs and retained for at least one to two months before being erased, White House spokesman Dan Howard said Tuesday. "We were living under a delusion. We thought when we deleted them from our own files, that they dissapeared," the rueful Administration official said. "In fact, they were just going into storage." ... The rest of the article contains more details on who was using the system and what they were saying. Craig Milo Rogers ------------------------------ From: ulysses!gamma!pyuxww!sw1e!uusgta@ucbvax.Berkeley.EDU Date: Tue, 10 Feb 87 22:05:01 est To: pyuxww!CSL.SRI.COM!RISKS Subject: Re: Electronic steering (RISKS-4.46) Lear Jets have no mechanical connection between rudder pedals (steering wheel) and nose wheel. I would also assume a microprocessor is involved. While I have seen these jet's steering fail (intermittently) due to water leakage I have never heard of an accident attributed to this. This lack of steering linkage means the nose wheel swivels freely without power (*very* helpful to linesmen). It is probably useful to note that main wheels are independently brakeable though. # ---Tom Adams--- # {bellcore,ihnp4}!sw1e!uusgta St. Louis MO 314-235-4237 # Opinions expressed here are mine, not those of Southwestern Bell Telephone ------------------------------ From: Amos Shapir Date: Wed, 11 Feb 87 08:49:10 -0200 Subject: Re: Electronic steering Organization: National Semiconductor (Israel) Ltd. Apparently-To: risks@sri-csl.arpa In RISKS-4.46 Steve McLafferty writes: >The killer (pun intended) is the electronic four-wheel steering. There is >no mechanical connection whatsoever between the steering wheel and the >steering gearboxes! I really hope that scheme never makes it to production! Last time I heard, power steering and brakes are designed in such a way that even when all power is lost, the driver can still control the car and stop manually. Amos Shapir National Semiconductor (Israel) 6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel (011-972) 52-522261 amos%nsta@nsc.com 34.48'E 32.10'N ------------------------------ From: sun!news@seismo.CSS.GOV [...] From: marcum%nescorna@Sun.COM (Alan M. Marcum) Date: 10 Feb 87 17:30:51 GMT To: seismo!mod-risks@seismo.CSS.GOV Subject: Re: Nova: Why Planes Crash (RISKS-4.46) In RISKS DIGEST 4.46, Werner Uhrig wrote: >I just saw [Nova: Why Planes Crash].... One...interesting [item] was... >that the [autopilot] may... have been a... factor in several incidents.... >Examples included...a Chinese airliner...[where] one engine [failed]... I've read the NTSB report on this incident (and I saw the television program). It appears to have been much more a case of pilot error (failing to follow standard procedures -- namely "disengage the autopilot upon engine failure") than of "computer failure." >...the crash...near Miami, where the crew was occupied trying to analyze a >[lack of gear-down indication], flying the plane on auto-pilot, unaware >that...it did not hold [2000'].... Again, this was much more a disregard of primary duties: no one bothered to fly the airplane. Three supposedly qualified pilots all diverted nearly their entire attention from their primary jobs at the same time, for several minutes! Now, do these (and others) indicate an over reliance on technology? Is THAT the risk we're seeing in aviation today? Or is it lack of sufficient training in systems that are growing more and more complex? During primary training and initial instrument training, a good curriculum will include tremendous information about the systems of the aircraft. A frequent criticism of recent airline training is that it is becoming more procedures-based ("if this happens, do this"), rather than systems-based ("this is how it all works, and plays together"). As a counterpoint (i.e. that in many cases it IS an error on the part of the pilots -- often an error which adherence to procedures, even as taught in procedures-based training, could have avoided), during the China Air incident, the entire cockpit crew, including the backup crew, experienced severe spatial disorientation. Everyone there misinterpreted the attitude indicators (one of the primary non-visual flight instruments, used in essentially every instrument-capable airplane, from trainers like Cessna 172s, to 767s and L1011s), which showed, very clearly, and correctly, what was happening to the 747 as it began its uncontrolled (though NOT uncontrollable!) roll. Both the captain and the first officer believed that both of their attitude indicators (attitude indicators in that 747, and in most planes, are gyroscopic instruments) had tumbled at the same time! As soon as the plane broke out below the clouds, the captain was able to recover from the unusual attitude -- using VISUAL flight skills. How much of the China Air incident could be blamed on computers? On technology? On training? Where are the REAL risks? Alan M. Marcum Sun Microsystems, Technical Consulting marcum@nescorna.Sun.COM Mountain View, California ------------------------------ Date: Wed, 11 Feb 87 9:34:08 CST From: Will Martin -- AMXAL-RI To: risks@SRI-CSL.ARPA Subject: Re: Library computerization The St. Louis Public library has also recently eliminated its physical card catalog and gone to a computerized system for cataloging and for book loaning and tracking. It is based on bar-code scanning, and I've noticed a rise in incorrect book-overdue notices and the like; one specific example that happened to me was that I had checked out and returned a book which had water damage distorting the bar-code label. Some weeks after returning it I got an overdue notice, so I went to the library, found the book on the shelf, and took it and the notice to circulation to remonstrate with them. They seemed to be used to reports of errors by that time, so I suppose this was relatively common. My guess for the reason for that error was that the bar-code-reader returned an incorrect reading when they processed the return. This was during their transition period, though, and things seem better now. However, the catalog is now on microfilm or -fiche, which is harder to use than the paper card catalog, plus it is only updated periodically. (With the paper cards, they could always insert new cards at any time -- whether they actually DID this, or waited until they had a batch to put in, or did it on a weekly or other time-based schedule, I do not know.) I find the COM microfilm catalog to be particularly difficult to use, as the film is in manually-driven reader units, and there is no indication to the user just where in the reel the viewer is pointing. (That is, they have the author/title and subject catalogs both on the same reel, and I can never remember which is first, and they do not tell you. So you turn on the reader and see you are looking at "M" in the author/title section, and you want to go to "G" in the subject section. You have to crank for a minute or so in one direction and hope you are going the right way; if not, you hit end-of-reel, and have to crank back over what you already skipped over, plus the rest of the alphabet, before you even get into the section you want to search.) At least the fiche allow a random or direct search to get the right fiche, and then you can jump around within it with the reader unit. But you always have to look at two fiche -- they issue change-update sets more often than they re-issue a complete updated catalog set. Regards, Will Martin ------------------------------ From: "Lindsay F. Marshall" Date: Tue, 10 Feb 87 09:39:20 gmt To: risks@csl.sri.com Subject: Second British Telecom Fraud This had nothing to do with the Phonecard scam. As far as I could make out from the newspaper reports it was a simple fraud - probably worked by hacking wiring in exchanges or something (that is a pure guess, no details were mentioned). There certainly seemed to be no computer aspects involved. Lindsay P.S. Does anyone have a pointer to the work on human error being done by people at UCSD? Hofstadter mentions it in his latest book and it sounds interesting. ------------------------------ End of RISKS-FORUM Digest ************************ -------