RISKS-LIST: RISKS-FORUM Digest Wednesday 11 May 1988 Volume 6 : Issue 82 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Risks of Research Computing -- Don't ask computers for flavors (PGN) Risks of Single Point Failures -- The Hinsdale Fire (Chuck Weinstock and Patrick A. Townson) Phone system RISKS: Second-order effects (Joel Kirsh) Program Trading Halted (PGN) Law to Regulate VDT Use (Dave Curry) Virus Prose (Vin McLellan and John Norstad) Re: "Auftragstaktik" (Henry Spencer) Risks of banking -- audio tellers (haynes) Reliability of SDI-related equipment (Andy Behrens) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, ftp kl.sri.com, get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Wed 11 May 88 09:43:52-PDT From: Peter G. Neumann Subject: Risks of Research Computing -- Don't ask computers for flavors A three-alarm fire destroyed the research building at Dreyer's ice cream plant in Oakland CA. Computers and files were destroyed -- the entire collection of "top-secret" formulas known only to the "flavor team" -- along with two freezers full of ice cream. The flavor team had recently been ``working toward updating all our files and materials and getting backups of everything -- computer disks, formulas, the whole works. It would [soon] have been stored in another building.'' (Don Conolly, director of R&D) The company had whittled down the potential new flavors for 1989 (usually about 7 are chosen each year) from 100 to about 25, but all of those complex formulas were lost. [SFChron, 10 May 1988, p.A2] ------------------------------ Date: Wed, 11 May 88 10:23:10 EDT Subject: Risks of Single Point Failures: The Hinsdale Fire [RISKS-6.81, Boyle] From: Chuck Weinstock This item points out the risks of not guarding against single point failures. In my memory this is the worst example of this sort of thing in terms of how much of the general public was affected. Chuck Excerpted from: TELECOM Digest Tuesday, May 10, 1988 10:36PM Volume 8, Issue 76 The Great Fire - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Patrick_A_Townson@cup.portal.com Subject: The Great Fire Date: Mon May 9 23:19:29 1988 In my earlier posting, details were very sparce and I was unable to be specific in describing the disaster which struck us here over the weekend. I now have a more detailed accounting for the net -- An extra alarm fire broke out Sunday, May 8 at 5:30 PM in the Illinois Bell Central Office, 120 North Lincoln Avenue, Hinsdale, Illinois. At the time of the fire, the Chicago area, and the west suburbs in particular, were experiencing a very bad electrical storm. There had been a great deal of lightning; rain was quite heavy, and winds were about 40 miles per hour. Fire Departments from 15 nearby communities battled the blaze before bringing it under control at about 8:30 PM. The fire was officially struck at 11:30 PM Sunday night. Deemed the worst disaster in the history of Illinois Bell, and one of the worst disasters ever in the telephone industry, the fire virtually gutted the two story building. The Hinsdale central office is a *major* switching center for the west suburban area. In addition to serving ten prefixes covering various communities including Oak Brook, Westmont, Darien, Hinsdale and others, the office housed the Directory Assistance Data Base for downstate Illinois; it served as the communications apex for air traffic control between Ohare, Midway, and the Aurora, IL aviation center; it was the headquarters for a majority of the cellular phone service in the greater Chicago area; *and* it handled long distance calls in and out of most of Dupage County, Will County and southern Cook County. *And the office is now almost gutted* The reason for the fire has not been detirmined, but fire department officials have reason to believe the building was struck by a tremendous bolt of lightning during the worst of the electrical storm which was in progress when the first fire alarms were called in at 5:30 PM. The fire caused another problem: the emission of toxic fumes which required the evacuation of several blocks of homes in the vicinity. These fumes came from batteries described as 'highly toxic' which were stored in the premises and a large amount of fiber optic cable. The Hinsdale office was very much a fiber optic center in the area. Because of the toxic release, at one point firemen working in the building had to be called out, in the interest of their own safety, and as firemen relieved each other working inside in ten to fifteen minute shifts, they were required to strip to their underwear and be hosed down with a special solution so that the contamination would not be carried elsewhere. After the fire was first reported, Illinois Bell employees on duty at the time followed company procedures by first notifying the Fire Department. Others then began fighting the fire, and a few began a process known as an emergency telephone tree, calling other employees and company management at home to notify them of the circumstances. Each employee thus notified was responsible for calling a few more employees. Within about an hour, while the fire was raging at its worst, several dozen employees had already gathered on location, waiting for a go ahead to begin clean up and restoration work. *But no one dreamed it would be nearly as bad as it was* Although the fire was struck at 11:30 PM, fire officials would not permit anyone to enter the building for several more hours, pending exhaustion of the toxic fumes. Illinois Bell employees were allowed access to the building beginning at 4:00 AM to survey the damage. Most of Monday was spent merely bailing out the water and removing the rubble from the fire. Emergency lighting was installed and cleaning crews began scrubbing soot from the walls, ceilings and floors. The cleanup was still in progress late Monday afternoon. At this writing (12:50 AM Tuesday, May 10), Illinois Bell has not announced any date that service will be restored. It is estimated that it will be at least 4-5 days before *emergency* service is restored. Hinsdale, you see, is also the main center for 911 services in over a dozen west suburban communities. Ordinarily in circumstances like this, the phone company will set up special phones in public areas. They will often times be mobile or cellular type instruments available for the public to use for emergency calls. But since Hinsdale *is* the cellular center for Chicago, even this option is not available. When the first firemen arrived on the scene, heavy black smoke was pouring out of all the windows on the first floor. By that time, employees were evacuating after having given up on their own emergency proceedures. What we are faced with now is a *major* traffic jam on the network in the Chicago area. Long distance calls in and out of the area are very sluggish in getting through. Directory Enquiry in downstate Illinois is only able to handle about ten percent of the calls they are receiving, those being requests that are being searched manually through paper directories on hand in the communities affected. Hinsdale was the major center for MCI/Sprint long distance also....and those services are severely crippled in the area. Obviously, data transmission lines and the like are dead. About 40,000 subscribers, representing 100,000 residents are without phone service for the indefinite future. In Hinsdale and the other communities affected, the Police Departments have stationed patrol cars a few blocks apart on the street, and residents have been told to go to the nearest police car to report emergencies. Illinois Bell has not announced -- as of Monday evening -- any schedule of priorities for restoration of service. Jim Eibel, vice president of operations for Illinois Bell said emergency phones would be set up within a day or two, when crews were able to reroute at least limited traffic through the LaGrange, IL center. Of equal importance of course is the restoration of 911 service, and the restoration of long distance service. Eibel said restoring service to the ten prefixes in the area, which would return regular phone service to local residents would probably not occur for 'several' days. Naturally, cellular service also has to be placed in the table of priorities somewhere. About fifty percent of the cellular service in the entire Chicago area is out right now due to the fire. Other Bell companies around the nation have responded by dispatching emergency crews to come to the aid of Illinois Bell, and these out of town crews will remain on site for several weeks as needed. In addition, while the fire was in progress, executives from MCI and Sprint met with their counterparts from Illinois Bell on location and immediatly offered their full assistance and cooperation during the period of turmoil we will be facing for the next several weeks. For up to the minute announcements during the next several days, it is recommended that you call a special recorded announcement service for company employees. Called the 'Illinois Bell Communicator', this recorded announcement will be updated 4-5 times daily, and can be recieved by dialing 312-368-8000, a number at IBT Chicago Headquarters Building. It goes without saying on this forum that everyone is requested to avoid making all but emergency calls into the Chicago west suburban area for at least the next several days. And if your call is met with an 'all circuits busy' message, kindly refrain from repeated dialing attempts, as this simply clogs the network even worse. A further update will be posted here when I have news available. The last fire to occur in a telephone center was in Manhattan a few years ago. You may recall the resulting damage and confusion from that situation. The last fire *in the Chicago area* occurred in the River Grove, IL central office in 1946...then an all manual exchange. Unlike that fire, considered bad at the time, the fire in Hinsdale this past weekend was many times worse, since Hinsdale is responsible not only for its local calling area but so many of the overall network services for the Chicago area. Patrick Townson ------------------------------ Date: Tue, 10 May 88 09:36 CDT From: Joel Kirsh Subject: Phone system RISKS: Second-order effects [...] It appears (to me, at least) that ATC never expected that a fire in a switching center could compromise their operations. Another point is that efforts to fight the blaze were slowed by toxic fumes from burning insulation. Perhaps Illinois Bell never expected the fire, either. [...] ------------------------------ Date: Wed 11 May 88 09:46:49-PDT From: Peter G. Neumann Subject: Program Trading Halted In a move intended to restore investor confidence in the stock market, five large Wall Street firms announced yesterday that they had suspended program trading for their own accounts. The action came in the wake of intense pressure from customers and other member firms who blamed the controversial practice for many of the recent sharp swings in prices since the stock market collapse last October. Four of the firms will continue to execute such trades for their customers, however. [SFChron, 11 May 1988, p.C1] ------------------------------ Date: Wed, 11 May 88 09:21:57 EST From: davy@intrepid.ecn.purdue.edu (Dave Curry) Subject: Law to Regulate VDT Use MEASURE REGULATES VDT USE HAUPPAUGE, N.Y. - A measure regulating the use of computer terminals in the workplace was passed Tuesday by the county legislative body. Described as the first of its kind in the nation, the bill will set standards for public and private employers in firms that have more than 20 video display terminals. Legislator John Foley, the bill's sponsor, said the legislation would prevent "high-tech sweatshops." Opponents said it could drive business from Suffolk County. The bill: + Requires a 15-minute break every three hours for employees who work at the terminals; + Will set work station standards, including adjustable desks and chairs and detachable video screens; and + Mandates that companies pay 80 percent of the cost of annual eye exams and eyewear required for an operator. A workplace experts [sic] said the bill would serve as a model for other municipalities or states. "Whether this bill will result in legislation elsewhere is unclear, but it'll rejuvenate a lot of campaigns for VDT standards around the country," expert Laura Stock said. Companies that would be affected said implementation of the law would be costly, placing them at a competitive disadvantage in the marketplace. - Associated Press From the Lafayette (IN) Journal & Courier, May 11, 1988, page 1. --Dave Curry [Among other issues, RISKS-1.6, 1.7, 2.2, 3.9 and 4.40 have previously considered VDT safety. PGN] ------------------------------ Date: Wed 11 May 88 01:01:45-EDT From: "Vin McLellan" Subject: Virus Prose Ken van Wyk's crisp clear description of the "Lehigh" virus in a report to RISKS provided a text outlining a simple DOS virus which became a common reference in both professional and public discussions of the problem. Norstad's explorations into the mysteries of the "Scores" virus on the Macintosh have tended to illustrate how complicated (even relatively benign) PC viruses can be. He and his associates have educated a huge community of academics who supervise and guide student and faculty Mac users; giving an earthy and technical overview of the threat, the risk, and options for survival. It has been a striking display of networked education... or was it medicine? Another Norstad report, an example of his followup, follows. Vin McLellan, The Privacy Guild, Boston >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> As relayed from: INFO-MAC Digest Wednesday, 4 May 1988 Volume 6 : Issue 46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Mon, 2 May 88 09:52 CDT From: John Norstad Subject: Scores Virus Report 3 This is my third report on the Scores virus. In my first report I revealed what Scores did, how to detect it, and how to get rid of it by hand using ResEdit. In my second report I reviewed Ferret 1.0 and KillScores, two free disinfectant programs that have appeared to get rid of Scores. In this report I describe further testing of Ferret 1.0, the new Ferret 1.1, and KillScores. IMPORTANT: Ferret 1.1 has very serious bugs! Based on my tests I recommend using KillScores instead. 1. Ferret 1.1 does NOT properly delete one of the viral resources in the system file (INIT 17), at least on my small infected test system! I found this unbelievable, so I reran my test several times, and it failed each time. Ferret 1.0 does not have this problem. 2. Ferret 1.1 does NOT properly disinfect files which contain CODE resources marked "protected". Some applications are distributed with protected CODE resources, and Scores can infect them, so this is another important bug. Ferret 1.0 also has this bug. In this case the supposedly repaired application is left in a seriously damaged state - it will bomb immediately on launch. 3. Ferret 1.1 does NOT properly disinfect locked files. This is an important bug, even though Scores can't infect locked files. The file could have been unlocked when it became infected, and then the user could have locked it later. Ferret 1.0 also has this bug. I'd like to thank Rich Holmes for first pointing out this bug. 4. Ferret 1.1 still does NOT always properly report the names of infected files. Ferret 1.0 also has this bug. To make things even worse, Ferret does not give the user any indication that anything is wrong. It leaves the user with the impression that his/her system is clean, when in fact it's still at least partially infected. I also did further testing of KillScores. KillScores had no problems with the cases above where Ferret failed - it properly disinfected all the files on my test system. In the case of locked files KillScores unlocks the file, disinfects it, and leaves it unlocked. In my second report I mentioned that CE Software's Vaccine effectively prevents infection by Scores, at least on my test system. If you are at all worried about viruses, and you should be, I strongly recommend that you get Vaccine and use it religiously. CE Software deserves all of our thanks for developing and giving away this important tool. It's not perfect protection, as the authors freely admit in the documentation, but it is effective against Scores, and I understand that it's also effective against most of the other recent Mac viruses. Once again, I must emphasize that I do not have the facilities or time to do large scale testing of many infected applications. All of my testing is done on a small floppy-only system, with only MacWrite, TeachText, and ResEdit for infected applications. So I can't guarantee that KillScores or any other program is perfect, or that I haven't made mistakes in these reports. Also, I should probably mention that all of my statements in all of my reports reflect my opinions only, and not those of my employer, Northwestern University. John Norstad, Academic Computing and Network Services, Northwestern University Evanston, IL 60208 Bitnet: JLN@NUACC Internet: JLN@NUACC.ACNS.NWU.EDU ------------------------------ Date: Wed, 11 May 88 00:04:54 EDT From: mnetor!utzoo!henry@uunet.UU.NET Subject: Re: "Auftragstaktik" I agree with most of Gary Chapman's comments, but must correct one error of fact: Auftragstaktik was not a World War I invention. It became formal doctrine in the 1870s, after the Franco-Prussian War, and had been employed earlier in the Seven Weeks' War (1866). A possible reason for the error is that there were *two* famous German generals named Moltke: the originator of Auftragstaktik, and his nephew, the less-successful WWI commander. The quote I gave was from the elder Moltke, who died in 1891. Ironically, the well-known WWII successes of Auftragstaktik came after it was already in decline, because of Hitler's intolerance for disobedience. Guderian spent most of the Battle of France making excuses for (and bending the truth about) how far his units were advancing. Henry Spencer @ U of Toronto Zoology {ihnp4,decvax,uunet!mnetor}!utzoo!henry ------------------------------ Date: Tue, 10 May 88 18:46:16 PDT From: haynes@ucscc.UCSC.EDU (99700000) Subject: Risks of banking -- audio tellers (Re: RISKS-6.81, (Daniel P Faigin) Organization: California State Home for the Weird I had a similar experience with a commercial system for telephone transfers between banks some years ago. I keyed in all the data in response to the computer voice prompts. At the end it should have said "Data accepted. Goodbye." Instead it said "System error. Session terminated." So I waited a few hours and tried again with the same results, and tried again the next day with the same results, having called the help number and been advised by a real live person to try again. A few days later I got a call from the bank complaining that the account I was transferring out of was grossly overdrawn and what's going on anyway? So it turns out that the transactions had in fact gone through before the point where the voice announced an error; and the error didn't undo the transaction. Clearly a very bad example of how to write software. haynes@ucscc.ucsc.edu haynes@ucscc.bitnet ...ucbvax!ucscc!haynes ------------------------------ Date: Sat, 7 May 88 18:08:53 EDT From: burcoat!andyb@dartvax.Dartmouth.EDU (Andy Behrens) Subject: Reliability of SDI-related equipment [More on RISKS-6.81, Chapman] Organization: Burlington Coat Factory Warehouse Syndicated columnist Mary McGrory describes what happened when the U.S. House of Representatives considered an amendment by Reps. Dellums and Boxer. The amendment would have reduced SDI funding to the "basic research" level -- only $1.3 billion. "The electronic scoreboards on the wall were busy recording the huge numbers of those in favor of more voodoo in outer space, when all of a sudden they went wild and starting flashing a sensational victory for Dellums. "Members gathered around Dellums' elegant figure and congratulated him noisily as the numbers piled up. At one point the score for Dellums was 358 to 237, and the fail-safe technology showed a total of 595 members -- 100 more than exist. "There was wild laughter about the wonders of science. The heretics hailed the vivid proof that software can go soft and the timely hint that a wayward microchip could bring Star Wars crashing down. "The presiding officer announced that the roll would be called in the old way, by hand. The laborious reading began, and the hilarity increased. But the result was what it was always going to be: 118 in favor of [the amendment], 299 for pressing on amid the wars." Andy Behrens andyb@burlcoat.UUCP ------------------------------ End of RISKS-FORUM Digest ************************