RISKS-LIST: RISKS-FORUM Digest Friday 1 July 1988 Volume 7 : Issue 13 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: "Scratch-and-win"? Try "X-ray-and-win"! (PGN) SDIO computers stolen (PGN) Did DWIM DWYW (Do what you wanted)? (Stephen D. Crocker) Directions and Implications of Advanced Computing - DIAC-88 (Douglas Schuler) Grocery Store Barcodes: Another game you don't win (David A. Pearlman) ATM "receipts" (Mark Brader) Re: Risks of bank ATM cards (Dan Franklin) Risks of ATMs and the people who unload them (Rob Austein) More problems with VARs (Joe Morris) Re: Hard-disk risks from vendors (George Pajari) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. For Vol i issue j / ftp kl.sri.com / get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Fri 1 Jul 88 07:53:07-PDT From: Peter G. Neumann Subject: "Scratch-and-win"? Try "X-ray-and-win"! The Ontario Lottery Corp in Canada has removed all Money Match and Double Dollar tickets from sales (about $8M Canadian [per week?]) because tests have shown that the numbers under the latex patches on the $2 tickets could be read with 100% accuracy using x-ray equipment -- albeit at some expense. Lottery Corp's president Norman Morris said, "There's always somebody working to beat the system, and we're constantly working against them to improve the system." He added that the withdrawn tickets were much better than those made five or six years ago [but still not good enough!]. [Source: The Globe and Mail, 15 June 1988, front page article by Mary Gooderham] This is another example of the continual escalation resulting from more sophisticated attacks responding to more sophisticated technology. Past RISKS cases have included microprocessor-controlled slot machines, computer system breakins, internal frauds, and of course -- over many years -- phone phreaking. ------------------------------ Date: Fri 1 Jul 88 07:32:02-PDT From: Peter G. Neumann Subject: SDIO computers stolen [old story not previously noted here] Two computers were stolen from the Pentagon's Strategic Defense Initiative Office on consecutive nights (9 and 10 April 1988). The thieves entered by sabotaging the (physical) security system. "Videotape cameras did not record the theft because they had not been loaded," according to TV station WJLA. "The station, attributing its information to unidentified Pentagon investigators, said this lapse was a common one at the agency's offices." [Source: AP, Washington DC, 24 June, in NY Times, 26 June 1988, p. 18, on the same page with "Bishops Raise Morality Issue on `Star Wars'"...] [One wonders whether the motive was theft of stored information, or merely theft of the equipment for its own sake!] ------------------------------ Date: Thu, 30 Jun 88 21:10:57 PDT From: crocker@tis-w.arpa (Stephen D. Crocker) Subject: Did DWIM DWYW (Do what you wanted)? In RISKS-7.12, Tim Budd relays a story about the Do What I Mean (DWIM) facility in Interlisp. For example, if "CAR" was misspelled "car", the Interlisp interpreter would trap to the DWIM facility, which would notice a probable case error, make a replacement and proceed. This facility took a lot of time if it was called repeatedly. Budd says the DWIM facility did not say what it was doing, so the poor user did not know why his program was running so slowly. The true story about DWIM is more complex. MANY others, including, of course, the designer Warren Teitelman, can comment usefully on DWIM. Let me outline a few of the important points. o DWIM was a collection of facilities, some intended to fix errors and some intended to facilitate programming. Various forms of spelling correction were included, as were numerous other useful error correctors. Each of these facilities could be turned on or off, and various levels of feedback were possible. It was certainly possible to disable all DWIM facilities, and it was certainly possible to insist that the user be notified and/or queried before making any corrections. o DWIM was fundamentally an experimental system that enjoyed quite extensive use. No strong claims were made that DWIM was fail-safe, although it was well thought out and as solid as any production code I've ever dealt with. o DWIM was COMPLETELY documented. A relatively large fraction of the daunting Interlisp manual was devoted to the DWIM system. Some risks are endemic in any such system: o If a new user is given access to Interlisp with DWIM enabled, he may not know how it will operate or what it will do for him. It was not uncommon for a novice user to be set up with an environment that reflected the preferences and KNOWLEDGE of an experienced user. o The amount of documentation was daunting. Very few users could absorb the documentation at first exposure. o DWIM relied on various models of probable errors. Case errors are easy to understand, but some others were more subtle. DWIM would attempt to correct parenthesization errors by checking for stray 9's and 0's. If DWIM's model of probable errors did not match the user's actual error pattern, the results would range from wasting time to miscorrection. DWIM stimulated strong feelings, both pro and con, in the Lisp community. As might be guessed, I liked it a lot, particularly because it represented the most complete collection of ideas on program error detection and correction and hence was a living laboratory. People who attempted to do research in this area and who did not have exposure to Interlisp had no idea what they were missing, and I saw some number of PhD dissertations completely wasted on poor imitations. What I never saw, however, was a serious study of how to introduce such facilities to new users and control the facilities in a way that would minimize the risks. ------------------------------ Date: 30 Jun 88 18:48:08 GMT From: bcsaic!douglas@june.cs.washington.edu (Douglas Schuler) Subject: Directions and Implications of Advanced Computing - DIAC-88 DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING DIAC-88 Twin Cities, Minnesota August 21, 1988 Earle Browne Continuing Education Center, University of Minnesota Computing technology in public and private institutions poses challenging technical, political, and social dilemmas. Programmers, analysts, students, and professors will face these dilemmas, either actively or unwittingly. Both within the computing profession and in the relation of our profession to other institutions, we have much to consider. The second annual symposium on Directions and Implications of Advanced Computing will be held at the University of Minnesota campus on Sunday August 21, 1988, the day before the American Association for Artificial Intelligence (AAAI) conference. Douglas Engelbart, the DIAC-88 plenary speaker, will share his perspective on using the computer to address global problems. Since the late 1950's, Engelbart has worked with systems that augment the human intellect including his NLS/Augment system, a hypertext system that pioneered "windows" and a "mouse." The driving force behind Engelbart's professional career has been his recognition of social impacts of computing technology. The plenary session will be followed by presentations of research papers and a panel discussion. The panel, John Ladd (Brown University), Deborah Johnson (Rens- salaer Polytechnic), Claire McInerney (College of St. Catherine) and Glenda Eoyang (Excel Instruction) will address the question, "How Should Ethical Values be Imparted and Sustained in the Computing Community?" Presented Papers Computer Literacy: A Study of Primary and Secondary Schools, Ronni Rosenberg Dependence Upon Expert Systems: The Dangers of the Computer as an Intellectual Crutch, Jo Ann Oravec Computerized Voting, Eric Nilsson Computerization and Women's Knowledge, Lucy Suchman and Brigitte Jordan Some Prospects for Computer Aided Negotiation, Douglas Schuler Computer Accessibility for Disabled Workers: It's the Law (invited paper) Richard E. Ladner Send symposium registration to: DIAC-88, CPSR/Los Angeles, P.O. Box 66038 Los Angeles, CA 90066-0038. Enclose check payable to CPSR/DIAC-88 with registration. For additional information, call David Pogoff, 612-933-6431. NAME ___________________________________________________ ADDRESS _________________________________________________ ________________________________________________________ ________________________________________________________ Phone (home) _____________________ (work) ______________________ Please check one: Symposium Registration Regular O $50 (Includes Proceedings and Lunch) CPSR Member O $35 Student/Low Income O $25 I cannot attend, but want the symposium proceedings O $15 There will a reception following the symposium. Proceedings will be distributed to registrants at the symposium. Non-attendees will receive proceedings by October 15, 1988. ** MY VIEWS MAY NOT BE IDENTICAL TO THOSE OF THE BOEING COMPANY ** Doug Schuler (206) 865-3226 [allegra,ihnp4,decvax]uw-beaver!uw-june!bcsaic!douglas douglas@boeing.com ------------------------------ Date: Mon, 27 Jun 88 17:01:28 PDT From: dap@cgl.ucsf.EDU (David A. Pearlman) Subject: Grocery Store Barcodes: Another game you don't win All this talk about how ATM's don't make mistakes in the customer's favor reminds me of one of my pet peeves: When the price on the food shelf is not the same as the price scanned at the cash register. It seems I run into this problem at least once a month at Safeway (and I've had this problem every *week* for the last month). When I catch it, the store will correct the mistake for me, but they don't offer any other sort of fix (no additional discount; no free goods). What this means is that a lot of people (who don't pay any attention) get ripped off. Those, like me, who pay attention, get the goods at the shelf price. Quite a good deal for the store, I'd say. David A. (DAP) Pearlman BITNET: dap@ucsfcgl.BITNET UUCP: ucbvax!ucsfcgl!dap ------------------------------ Date: Mon, 27 Jun 88 10:13:29 EDT From: msb@sq.com (Mark Brader) Subject: ATM "receipts" > From: dcatla!mclek@gatech.edu (Larry E. Kollar) > The ATMs around Atlanta always give you a receipt, whether or not your > request went through. I'd be very surprised if there are any ATMs anywhere that give a *receipt* for a deposit transaction. The ones I use are careful to refer to it as a *transaction record*. The distinction, of course, is that a receipt would constitute an agreement that you actually deposited the amount you claimed. For a withdrawal transaction, "receipt" doesn't even make sense. *You* would have to give *them* a receipt, if anybody did. Despite the above, I have in earlier days seen ATMs that referred to their transaction records as receipts. I suspect the original messages were written by programmers and not bankers... Mark Brader, Toronto utzoo!sq!msb, msb@sq.com ------------------------------ Date: Mon, 27 Jun 88 23:34:47 -0400 Subject: Re: Risks of bank ATM cards From: dan@WILMA.BBN.COM >From: dcatla!mclek@gatech.edu (Larry E. Kollar) [...] >As for the printer breaking or running out of paper, it's not a hard thing >for an ATM to detect the lack of paper flow and put itself out of service. >Whether or not ATMs do that is yet another question. At least some of them do. The ATMs I use (BayBanks, in Massachusetts) can tell you as soon as you begin using them if they are out of paper and cannot print a receipt; they then ask if you still want to use them. (They unfortunately can't tell when their ribbon renders the receipt almost unreadable. Oh well.) They also tell you about cancelled transactions. Someone else mentioned the phones near BayBanks machines. I was extremely grateful for that phone a couple of weeks ago, the night before I was leaving on a trip. I had inserted my card, told the ATM I wanted $250 cash, and listened to the mechanism start whirring when it suddenly went catatonic. The display was still lit, but there were no sounds or any other sign of activity. Pressing CANCEL did nothing. It still had my card hostage, so I couldn't just go to another machine. Also, I was worried about the possibility that it had actually dished out some money in the still-locked cash drawer which might end up going to the next person to use the machine. I picked up the phone and spoke to a woman who told me, after a moment, that the teller's communication line to the mainframe didn't seem to be working. She did something and my card popped out. (I guess there was more than one line from the ATM to the great world outside.) She told me to try another machine, but not too close, as it might be using the same line. I suggested a possible other machine and she confirmed that it was on a different line; I went there and got my money. I have no idea what I would have done without the phone. From the stories of other people, it sounds like BayBanks may do a better job than some other banks with their ATMs. Dan Franklin ------------------------------ Date: Tue, 28 Jun 1988 13:18 EDT From: Rob Austein Subject: Risks of ATMs and the people who unload them Here's another ATM horror story. It's really a people horror story, the ATM just made things more interesting. I have both my checking account and my MasterCard at a bank with a bad reputation for customer service but an extensive network of ATMs, which is usually ok because I use ATMs every week and talk to human tellers maybe twice a year. Last fall I had occasion to attempt to use an ATM to make a prepayment to my MasterCard from a travel advance via my checking account, because I knew that the upcoming trip would exceed my credit limit. To make a long story short, I'd forgotten whether the MasterCard had a password (PIN) associated with it, never having used it in an ATM before, so I followed what turned out to be bad instructions from the person who answered the 24-hour customer service phone, to wit, I used my normal ATM card to start the ATM session, then punched all the right buttons for a credit card deposit (which were distinct from any normal kind of deposit) and gave the machine the money in an envelope that clearly indicated that this was a payment to credit card #x. Then off I went to California. When I got to California and checked into the hotel, the hotel clerk told me that my MasterCard wouldn't take the estimated charge, so I made temporary arrangements and called the bank. The bank said that the fine print gave them to right to still be sitting on the payment, but that this right would expire before the day I was planning on checking out, so if I just sat tight everything would be fine. As the reader has no doubt guessed, things were not fine at checkout time, the MasterCard still wouldn't take the charge. I called the bank again and this time they had no record whatsoever of the payment, but neither were they willing to take steps over the phone such that the check would not be deposited if it were found (not in time to be useful to me, anyway). So here I was, on the other side of the country, I couldn't use the MasterCard because the bank had lost the payment, and I couldn't write the hotel a check because the bank might FIND the payment. Fortunately I also had an American Express Card for just such emergencies, so I was able to square things with the hotel and fly home to yell at the bank. When the dust settled, here's what they told me. It seems it doesn't matter what buttons you push on the ATM if you put the wrong card in, the human who unloads the ATM processes it "appropriately" for the card you used. I.e., the effect was as if I'd deposited a check into the checking account it was drawn on. Since this is obviously a nonsense transaction, it isn't recorded anywhere (amazing logic), and I would have eventually found out what had happened when I received the UNCANCELLED check with my monthly statement and called up the bank to ask what the hieroglyphics meant. Now, I don't know if the ATM is simply asking for more information than it's giving to the teller who unloads it in the morning (probably, I know that these ATMs only look at the first four digits of a PIN no matter what you type) or if this was an amazingly stupid teller. Maybe both. I did take the bank to task for not having at least kept track of what the ATM/teller pair had done, at which point they said that they'd had this problem before. They had also had the problem of the customer service people giving bad instructions on the phone in this situation before. The bank did make good on all the little expenses (except time) that I had incurred during this fiasco. I think they were embarrassed about the American Express Card.... --Rob ------------------------------ Date: Mon, 27 Jun 88 16:59:48 EDT From: Joe Morris (jcmorris@mitre.arpa) Subject: More problems with VARs In RISKS-7.10 Hal Norman of JPL commented on problems of a VAR who claims that the power supply he (Hal) is trying to return as defective wasn't part of the system the VAR sold. There's a flip side to this: soon after the first customer ship of the original IBM PC, several dealers were found to be playing a game with the customers by buying a stripped PC (16K, no disk drives) and installing their own memory chips and some el cheapo disks. They would then sell the unit at the IBM list price, making much more than if they had paid IBM's dealer price for the unit. IBM was burned repeatedly by units that failed and were returned for warranty repair; the customers thought they had bought an IBM box and weren't happy when IBM declined to give warranty service to non-IBM parts. That's why the disk drive front panels suddenly acquired the IBM logo, so that the non-IBM drives could be more easily identified. I don't know why the AT's (and probably PS/2's) don't sport the IBM logo. It may be that the drives themselves have the IBM part numbers or whatever on the chassis so that they can be identified; the drives on the older units have no IBM markings I can find. Something to do on a rainy day: look at the ads in _Computer_Shopper_ and try to guess the pedigree of the major subassemblies used in some of the more aggressively-marketed clones. The number of vendors who supply that data is depressingly small. ------------------------------ Date: Fri, 17 Jun 88 14:06:19 PDT From: George Pajari Subject: Re: Hard-disk risks from vendors (RISKS-7.8) Organization: UBC Department of Computer Science, Vancouver, B.C., Canada >From: Jerry Harper >Subject: Hard-disk risks from vendors >We use a number of 286 machines (American Research Corporation -made in Taiwan) > ...[details of various hardware problems]... > ... he said he was too "busy" to come out ...[more problems]... > ...[never] did the vendor admit any liability, nor did > he seriously offer a replacement. This is of some concern to a number of > Are too many people getting into the VAR market by the seat of their pants? I get very upset with comments such as the above. Why do consumers in the computer market (especially PCs and other low-end systems) assume that they can get more than they pay for? Jerry as much as admits that they bought a cheap Asian clone to save money then seems not to understand why the support is non-existent? Unfortunately your hardware supplier has to eat also and the narrow margin on his sales doesn't permit much support. Why does he charge so little? Because if he included enough mark-up to pay for reasonable support people like Jerry would buy from someone else! So it is the market (of which Jerry is a part) which supports and even encourages such vendors. Don't complain about support unless you are willing to pay for it. George Pajari sometime grad-student and full-time consultant (no...I don't sell hardware...just get frustrated with clients who expect the same level of service from low-margin clone vendors as from full-price outlets) These opinions are those of my company. I own it, dammit. ------------------------------ End of RISKS-FORUM Digest 7.13 ************************