RISKS-LIST: RISKS-FORUM Digest Thursday 19 May 1988 Volume 6 : Issue 87 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Stock Market Damping (Richard A. Cowan) Bankwire fraud (Steve Bellovin) Metallic Balloons (Keith Anderson) BENEFITS! of RISKS (John Kullmann) IRS mismatching and other computing anomalies (John M. Sullivan) Why technicians wait to respond to alarms (Lynn Gazis) Illinois Bell Hinsdale fire (Ted Kekatos, Ed Nilges, David Lesher) Risks of Ignoring Alarms (Daniel P Faigin) Halon environmental impact citation (Anita Gould) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, ftp kl.sri.com, get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Wed 18 May 88 20:43:44-EDT From: Richard A. Cowan Subject: Stock Market Damping Regarding the recent message about the Stock Market as a feedback system: If you think about it, it's easy to devise a damper on the frenzied stock market trading system. If there are too many trades causing wild swings in the market, caused partly by our ability today to handle a huge volume of trades because we have computers, all you have to do is increase the cost of this type of trading. Of course, if you aren't rich you don't want to have to pay even higher commissions. So you could implement a progressive "tax" on usage of the market trading system. But this would be difficult to enforce without changing the entire structure of the "free market" system. Right now, seats on the exchange are purchased for a flat fee (the going rate is $850,000) and I don't know if there is any type of usage fee. In the same way that the law has historically treated waterways and land, ownership gives you the right to use *and* abuse, where polluting the environment is analogous to overloading trades in the stock market. A potentially more enforceable mechanism is to tax short-term profits (capital gains) at a higher rate than long-term gains. I'm not sure (someone correct me on this), but I think the recent tax reform equalized the two rates, which were previously different. This makes no sense for market stability, as the old system at least provided some incentive to hold on to stocks for 6 months or more, or whatever period is considered "long-term." An obstacle with either solution is that people who have seats on the exchange profit greatly from the commissions and other business activity generated by a high stock market volume. The economy as a whole would probably function fine with one-tenth the stock market volume we have today. But you have an army of people fighting to gain that extra 0.01% return on their investments and they are legally bound to do this (this is the meaning of "fiduciary responsiblity"). Any alternative solutions or comments on my solutions? -rich ------------------------------ Date: Thu, 19 May 88 11:40:09 EDT From: smb@research.att.com Subject: Bankwire fraud (Re: RISKS-6.86) An unconfirmed report claims that the embezzlement scheme employed tapes of bank officers reading code words. Replay attacks! --Steve Bellovin ------------------------------ Date: Tue, 17 May 88 11:05 EST From: Keith 'Dain Bramaged' Anderson Subject: Metallic Balloons I understand that those metallic ballons also reflect radar, and play havoc with airport controller's systems. I believe that it works on the same principle as chaff, or "window" (I think that was what it was called), the stuff they dropped over germany during the war to ruin radar. Keith Anderson Kanderson@Hampvms ------------------------------ Date: Tue, 17 May 88 14:18:17 PDT From: John Kullmann Subject: BENEFITS! of RISKS Eugene Miya wrote of an episode with an automatic stamp machine. I would like to relate one I had when I was in high school, about , well, a while ago. It involved a dollar bill changer similar (at least externally) to the ones still in use today. I was second in line for it in the 'rathskeller' of our high school. After the girl in front of me finished I quickly stuck my bill in, being in a rush to return to my foosball game, and it popped back out because I had put it in backwards. Then, immediately following it, out came ANOTHER bill! Being a quick learner I quickly stuck it in backwards again, out it came, but no second bill followed. I then got another bill out of my pocket, stuck one in the right way, out came the change, stuck the second one in backwards, out it came, and out came the previous bill!! Well, you can imagine the rest of the story from here. Many trips up to locker with pockets BULGING with change. Cut classes until machine was empty of change. The next day the machine was restocked with change but I could never get it to happen again. I never did learn why that happenned. I bet the person servicing the machine was surprized when he/she opened it up! --John Kullmann, Apple Computer Inc., Cupertino, CA ------------------------------ Date: Wed, 18 May 88 00:21:35 edt From: jmsulliv@phoenix.Princeton.EDU (John M. Sullivan) Subject: IRS mismatching and other computing anomalies I recently got a notice from the IRS saying I had underreported some taxes in 1985. They of course had mismatched items on the return with 1099's, so I wrote back to tell them this. Just the other day I received their reply, which seemed to be mostly a form letter, but had one paragraph in all caps which was obviously personalized: WE HAVE ACCEPTED YOUR EXPLANATION HOWEVER, YOU STILL ARE SUBJECT TO SELF EMPLOYMENT TAX OF $4220.00 TIMES .11 IS $497.00. Ignoring the strange punctuation, I quickly noticed the strange math. I tried my head, pencil and paper, a calculator, and 'bc', and 4220*.11 always came out as 464.20, not the higher figure they gave. I called the IRS and it turns out that the SE tax rate for 1985 is 11.8%. So the $497 is correct, and in fact has been truncated down from $497.96. Evidently, dollar amounts are truncated (not rounded) to the nearest dollar, then printed with 2 decimal digits. Other figures are truncated at 2 decimal digits for printing (but I bet they won't let you figure your tax that way). John Sullivan sullivan@fine.princeton.edu ------------------------------ Date: Mon, 16 May 88 20:02:23 PDT From: Lynn Gazis Subject: Why technicians wait to respond to alarms I have a few words in defense of the nameless technician who waited ten minutes to report the fire in Hinsdale. Ten minutes is not a long time to miss an alarm. I work as a computer operator. Ten minutes is a coffee break. I could easily go out, grab a cup of coffee, look at the latest cartoons on someone's door, come in and see a slew of alarms on my console. (Two ten minute breaks are required by law.) Or I could be off backing up someone's PC. I doubt that that technician had nothing to do but monitor a site miles away which hadn't bothered to hire its own weekend shift. Often more than one thing breaks down at once. Many times I have come in to find three independent problems. That technician could easily have been off dealing with some minor emergency while a major one was going unreported. I don't think you can even necessarily blame the technician for not calling the fire department; probably he or she called the supervisor, was told "I'll take care of it," and hung up assuming everything is in hand. The supervisor, and not the technician, should be in trouble for not calling the fire department immediately. Any company should have emergency procedures, and those should involve calling the fire department, not running over to look at it yourself. If your alarm is a message on a console, and your technician is watching several things at once, then ten minute is a prompt response. If you want better response to your alarms, make the most serious ones noisy. I doubt that this alarm was noisy, because if it were, even the least attentive technician would respond right away, if only to get the thing turned off. Probably they had a loud alarm in the empty building, and a message on a terminal in Springfield as a backup. Lynn Gazis sappho@sri-nic.arpa ------------------------------ Date: 13 May 88 20:30:01 GMT From: ihuxv!tedk@moss.att.com (Kekatos) Subject: questions about Illinois Bell Hinsdale fire Organization: AT&T Bell Laboratories - Naperville, Illinois The Great Fire.... continued Most people have heard about the Illinois Bell "Hinsdale" fire by now. It has been mentioned on network TV news. Alot of people are asking questions. These are some of the questions that I have heard. How can one office have such an affect on the phone network? What ever happen to redundancy in the network? How come the local news service still thinks only 35,000 people are affected? What about the thousands of businesses that are affected. What about the hundreds of DATA-COMM links? All over the western suburbs, hundreds of Automatic Teller Machines are down. Hundreds of stores can not perform credit card approvals. How come it is taking them many days to do some work arounds on the long distance network? Why can't they re-route the long distance calls to other switches? How come the fire was not detected before it had so seriously damaged the switching office? Is the phone company to cheap to install fire detectors? I would think that there would at least a sprinkler system. Hundreds of payphones are affected. One person related their experience. "Direct dial calls still seem to be impossible, but operator-assisted calls sometimes work. I was able to make three long distance calls with my calling card this afternoon. I got the "all carrier circuits are busy.." announcement several times, but did finally get the bong tone and completed the calls that I needed to make." Another person relates their experience: "There is no operator, no 411, no 911, no long distance, though I was able to make one call at 2:00 a.m. " There is a sign at my bank that states: "Due to the fire at the Illinois Bell Hinsdale Central office, our computers are not functioning. Please visit our main office at [bank address]." ---- Ted G. Kekatos ------------------------------ Date: Wed, 18 May 88 16:07:55 EDT Return-Path: <@PUNFS.PRINCETON.EDU:EGNILGES@PUCC.BITNET> From: Ed Nilges Subject: Illinois Bell Fire ...might be compared to the King's Cross subway fire in London last year; too few maintenance people in both the Hinsdale office and at King's Cross owing to a false notion of "economy"... ------------------------------ Date: Thu, 19 May 88 0:02:08 EDT From: David Lesher Subject: Chicago Telephone fire (RISKS-6.84) Organization: Columbia Union College; Takoma Park, MD 20912 Regarding sprinklers and computers, I don't think it is realistic to rationalize away the lack of sprinklers by saying "We don't want to flood the computer room". Many computer rooms are sprinkler equipped. First, despite the image the public gets from TV and movies, each (sprinkler) head trips ITSELF ONLY. The standard heads are fuse style, but most computer rooms use thermostatic ones that turn off again when the area cools. If your CPU is burning, will a little water do any more damage? Second, the switch itself is only part of the space in the building. I recall from the NY switch fire (1970 +/- 3 db) that one reason for the severe delays in restoration was the fire consumed the cable vault burnt up to the exit of the building. As I recall, MA bought the building next door BEFORE the fire was out (no small trick in the NYC real estate market) in order to install the new CO and toll switch. By the way, even 8 years ago, many CO's were unmanned even during working hours. Only those with test boards were staffed. I think the real message of Hinsdale is failure to learn from the mistakes of the past. [I have quoted Henry Petroski here before -- we never learn from our successes, but we have an opportunity to learn from our failures. (On the other hand, we probably tend to learn less from other people's failures than from our own...) PGN] ------------------------------ Date: Wed, 18 May 88 08:52:32 PDT From: faigin@sm.unisys.com (Daniel P Faigin) Subject: Risks of Ignoring Alarms Organization: Unisys - System Development Group, Santa Monica In the latest RISKS-FORUM article on the Hinsdale Illinois Bell fire, I read the following: >At 3:50 PM, a technician in a Bell central office in Springfield, IL got a >fire alarm trip signal from Hinsdale. *HE CHOSE TO IGNORE THE ALARM TRIP*. >Within a period of 10 minutes, several more alarms from Hinsdale tripped, >including one for a loss of power. This made me think back to the First Interstate fire that just happened in L.A., where one person died because *they didn't believe the alarm, and went to investigate*. As more and more of these incidents occur, we get more and more warning devices. We now have *electronic* smoke detectors in our homes and at work. We have humidity sensors for our computers, temperature alarms, pressure and motion sensors. All of them electronic, all of them driven by our transistor technology. As with any alarm system, a certain percentage of alarms are false. With more alarms, the actual number of false alarms grows. Our society begins to view the alarms in a manner similar to how the people treated the boy who called "wolf". We don't believe them. We wait for human confirmation that there actually is a problem. When there isn't a problem, we are relieved. When there is, it often turns out (as in Hinsdale and LA), that we are actually worse off. In certain industries, such as nuclear and chemical manufacturing/research, all alarms are treated as real emergencies until proved otherwise. This includes notifying the authorities. We too often ignore the alarm and wait until security tells us there is a real problem. In doing this, we lose valuable evacuation and containment time. How many of you have had a smoke detector go off in your building? What did *you* do about it? ------------------------------ Date: Thu, 19 May 1988 02:59 EDT From: Anita Gould Subject: Halon environmental impact citation In RISKS 6.79, Dave Cornutt asks about the ozone-depletion risks of the halon used in fire-fighting. Science News (9 April 1988, Vol. 133, No. 15) recently ran a cover story on current usage of halocarbons and the search for ways to reduce it. Here are some answers taken from there. The Montreal Protocol, the international agreement currently under consideration, would freeze production of halon at 1986 levels. Yes, halon is unfortunately *very* bad for the ozone layer. Halon 1301 (CF3Br), used primarily in room-flooding systems, is ten times as destructive as the more common CFCs used in other applications, while halon 1211 (CF2BrCl), used in hand-held fire extinguishers, is three times as destructive as the common ones. However, halons are used in much smaller quantities. Of the total 1.1 billion kilograms of halocarbons produced worldwide annually, 14.1 million (just over 1%) are the halons mentioned above, split evenly between the two types. (I'm mixing 1985 and 1986 EPA figures.) I have no idea to what extent the amount produced reflects the amount released; particularly in the case of halons, one may hope that new installations, rather than steady-state use, are responsible for a significant fraction of the total. There are currently no good substitutes for halon, but according to SN, they "are released far more frequently during tests than during fires." Of course, failure to conduct tests has risks of its own! I'm sure they can be minimized by designing equipment to be tested under dry run conditions. Does anyone know if this is actually being done? This is a solution I hesitate to propose, since every point where test conditions deviate from actual ones is a chance for something to go wrong. RISKS readers are all to familiar with the canonical horror story in which the system (be it hardware, software, human, or what-have-you) works fine during tests, but the tests fail to simulate actual conditions in some unforseen way. (Any guesses on what percentage of incidents reported herein fit this paradigm?) However, weighing the choices, I believe that this is the best solution currently available, provided that both designers and users of fire-control systems go into it with their eyes open. -Anita Gould ------------------------------ End of RISKS-FORUM Digest ************************