RISKS-LIST: RISKS-FORUM Digest Monday 21 August 1989 Volume 9 : Issue 14 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The Check's in the Mail (but the water got shut off anyway) (Dave Clayton) Australian Commonwealth Bank -- doubled deposits (Martyn Thomas) Automatic vehicle navigation systems (Pete Lucas) Tired of computers being trusted? (a balancing act for wheel watchers) (PGN) Re: Computer-based airline ticket scam (Jules d'Entremont) Human failures in emergencies (Henry Spencer) Hazards of Airliner Computerization (Mike Trout) Re: California studies "drive-by-wire" (John Chew) First test for electronic tagging starts in jail! (Olivier Crepin-Leblond) Re: unauthorized Internet activity (anonymous) DEMO Software Disk Infected (Jerusalem Version B) (J. Vavrina) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. *RISKS NOW ON csl.sri.com. FTPable ARCHIVES ON KL.sri.com UNTIL 4 SEPT 1989.* FOR VOL i ISSUE j, ftp KL.sri.com[CR]login anonymous (ANY NONNULL PASSWORD)[CR] get stripe:risks-i.j ... (OR TRY cd stripe:[CR]get risks-i.j Vol summaries (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99),(8.88). ---------------------------------------------------------------------- Date: Mon, 21 Aug 89 12:43:35 EDT From: Dave Clayton Subject: The Check's in the Mail--really (but the water got shut off anyway) WATER SHUT-OFFS NOT INTENTIONAL (From The Daily Spectrum; St. George, Utah, serving millions of acres of slickrock and a few thousand people!) Pleasant Grove, Utah(AP) Pleasant Grove city officials say they have found and fixed the reason for several water users being cut off--despite having paid their bills. An apologetic City Recorder Charmaine Childs explained that in June, Pleasant Grove switched to a new envelope bill, replacing the postcard billing it had used for years. The new bills include an envelope for residents to mail their payments. What officials didn't realize, however, that the bar code printed on the ^^^^^^^^ envelope was for Orem rather than Pleasant Grove. As the bar codes are read electronically by automated postal equipment, ^^^^ ^^^^^^^^^^^^^^ ^^ ^^^^^^^^^ ^^^^^^ ^^^^^^^^^ when residents mailed their water payments they went to Orem instead of Pleasant Grove. Childs said the Pleasant Grove postmaster noticed the wrong bar code on some of the envelopes and asked postal employees to watch for the blue envelopes and route them to Pleasant Grove rather than Orem. * * * * * * * * * * (It gets thirsty out there on the desert without water.) Dave Clayton, Academic Computing, U. of Rhode Island ------------------------------ Date: Mon, 21 Aug 89 12:11:36 BST From: Martyn Thomas Subject: Australian Commonwealth Bank -- doubled deposits This story appears in Datalink (UK Trade weekly) August 21st 1989. It contains no dates or references by which it can be checked. "Some cock-ups are bigger than others. Some are little but some come in such gigantic proportions that they stretch credulity. Take, for example, the mishap that afflicted the Australian Commonwealth Bank's computer. One could imagine all sorts of things going wrong with such an installation which keeps the scores on thousands of customers. But it's hard to imagine what went wrong when a malfunction at the bank doubled every deposit that customers made. As DP manager Pete Martin says: ' Of course it's a cock-up, it's a vast bloody cock-up. The hazards of computing are only limited by your imagination.' " Is this the story of mounting a transaction tape twice, previously reported (though I can't remember who the bank was), or is it a new story? Is it true? -- Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: ...!uunet!mcvax!ukc!praxis!mct ------------------------------ Date: Mon, 21 Aug 89 09:48:20 BST From: "Pete Lucas - NERC Computer Services U.K." Subject: Automatic vehicle navigation systems I read with some interest the recent proposals for auto-pilot systems for passenger vehicles. I must confess, these fill me with horror. The thought of a systems failure on one or more such vehicles, and the inability of the others to do much about it, is my greatest worry. Call me a technophobe if you like, but *NOBODY* can guarantee 100% reliability. The problems of power failures, parity errors, external magnetic/radio fields, poor maintenance etc. are as yet still serious considerations as to why such systems should not be implemented. Systems based on digitised street maps are never going to work - i can still remember being told by my brother, who was navigating me, `Take a 90 right 50 yards after the farmhouse...' only to discover that the farmhouse had been demolished the week before... This caused great amusement to the wreckers who recovered the resultant wreck from the swamp and towed it back to civilisation. How an auto-navigation system manufacturer would explain this sort of problem when 100 card ended up in the swamp, i cannot imagine. The fewer levels of `indirection' in such systems the safer they become - to place a (semi-)intelligent control system between the driver and the vehicle is by definition reducing driver control (although having driven in the States this may be no bad thing!) and increasing the number of possible failure modes. Two things to remember:: 1) Keep It Simple, Stupid! 2) If you never depended on it, you can carry on without it. Natural Environment Research Council, NERC Computer Services, Holbrook House, Station Road, SWINDON SN1 1DE JANET: PJML@UK.AC.NERC-WALLINGFORD.IBMA PHONE: +44 793 411613 ------------------------------ Date: Sat, 19 Aug 1989 11:37:29 PDT From: Peter Neumann Subject: Tired of computers being trusted? (a balancing act for wheel watchers) Blind trust in computer systems struck home this week. My daughter brought her car off-island for the initial 7500-mile dealer checkup that included rotating and rebalancing the tires and checking the alignment. After the return ferry trip and drive home, she noticed a terrible shimmy and called the dealer to complain. The dealer claimed that they then determined that their computer had been malfunctioning, and apologized profusely. (Perhaps the mechanic was not sufficiently computer literate?) She immediately took the car to the best tire man on the island, who said he had NEVER seen anything so badly out of balance. (The dealer covered the cost.) Are there no consistency checks or reasonableness checks on the results of such computerized systems? Are they designed to be mechanic-proof? Are we getting to the point that almost everyone in society is going to have to be not just computer literate, but keenly aware of the risks and pitfalls? Probably No, No, and Yes. [I contemplated the plight of a land-locked driver having to negotiate such an ill-adjusted car when heavily laden, and came up with something about where the lubber meets the load. As I have been far too conservative in my interstitial insertions of late, I thought you wouldn't mind. PGN] ------------------------------ Date: 20 Aug 89 00:42:27 ADT (Sun) From: jules@iisat.UUCP (Jules d'Entremont) Subject: Re: Computer-based airline ticket scam (RISKS 9.11) >From: Jordan Brown >In the interests of equal access to scammery to all, I will divulge ... It sounds like Jordan is, like me, growing tired of all these stories about "computer crime". What is computer crime anyway? Crime has existed since the dawn of civilization, and criminals have always been eager to use the latest technology for their sinister deeds. Guns, knives, cars, matches, even panty hose are used by criminals daily, but when is the last time you read a newspaper article about "panty hose crime?" Crime is crime. It took a long time before the term "computer error" fell out of favour with most people; how much longer will it take for "computer crime" to reach the same fate? Jules d'Entremont Phone: 454-5631 (Home) 465-5535 (Office) UUCP: {uunet,utai,watmath}!dalcs!iisat!jules Bitnet/Uucp: jules@iisat.uucp Arpanet: jules%iisat.uucp@uunet.uu.net ------------------------------ Date: Mon, 21 Aug 89 01:30:47 -0400 From: henry@utzoo.UUCP Subject: Human failures in emergencies The July 17 issue of Aviation Week has a very interesting letter from P.G. Boughton, commenting on the British 737 crash in which the pilot shut down the good engine instead of the bad one: "I am amazed that Boeing has taken all the blame... I am an F-14/F-4 backseater with more than 3000 hr. Twice I have had experienced pilots shut down the incorrect engine. Both times we had enough airspeed and altitude to get the engine relit. The hardest obstacle... was getting the pilot to try a restart. He just could not believe he shut down the incorrect engine... "In trainers I can get about 10% of experienced aviators to miss a bright, flashing FIRE light at eye level for up to 5 minutes by introducing multiple emergencies, hurried approaches, and frequent simulated approach-control radio transmissions... The British 737 pilots were in just such a multiple emergency." Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry henry@zoo.toronto.edu ------------------------------ Date: Fri, 18 Aug 89 10:42:31 EDT From: miket@brspyr1.brs.com (Mike Trout) Subject: Hazards of Airliner Computerization Last night on National Public Radio's re-broadcast of BBC news, there was an extensive BBC report on the hazards of airliner crew fatigue. Although the bulk of the report was not earth-shattering and contained nothing particularly new to RISKS readers, there were a few points of interest: With the increasing computerization of airliner operation, there is less and less for crews to do. Planes are basically flying themselves, and crews have been reduced to monitors. Human beings are notoriously bad monitors; we have a basic desire to "do" things; that is, to solve problems by moving in a step-by-step process, reaching conclusions and beginning work on a new problem. No one is yet suggesting that airliner computerization has gone too far, but all parties admitted that flight crews now routinely fall asleep in the flight deck. This is no longer unusual; studies indicate that sleeping crews are so common that Boeing and other manufacturers are considering adding loud beepers that go off randomly. [Wouldn't it make more sense to give them something constructive to DO?] Many airlines have already adopted official procedures whereby flight attendants are required to visit the flight deck every 15 or 20 minutes to wake up the crew. A former RAF pilot and current editor of _Flight_International_ discussed how in the "old days," it was necessary to flip switches, study analog dials, and mentally compute problems. This kept crews busy on tasks that they knew were critical. Today, all possible factors are displayed on CRT screens, pre-calculated for easy access, whether the crew has asked for the displays or not. This leads to an attitude of complacency and unimportance. Biological time clocks are not well understood, and may play a major factor in crew fatigue. One pilot mentioned that on overwater night flights in which the sun rises in front of the plane, it was virtually impossible to keep awake, even if you weren't tired. The new 747-400, which is flown by only two crew members, always carries a spare crew, as it is designed for extremely long-range flights. Still, no one wants to return to the days of the trans-oceanic flying boats, when journeys took days and everyone, passengers and crew included, was awake during the day and asleep in hotels at night. We pay a price for our "instantaneous" transportation system. Michael Trout, BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110 (518) 783-1161 ------------------------------ Date: Thu, 17 Aug 89 15:11:26 EDT From: john@trigraph.uucp (John Chew) Subject: Re: California studies "drive-by-wire" In response to Rodney Hoffman 's summary of an article by William Trombley in the Los Angeles Times on 1989 07 24: Can anyone hypothesize any sort of fail-safe mechanism for the proposed scheme to "platoon" vehicles at 70 mph with 50 foot separation? 50 feet at 70 mph is less than half a second (thank heavens I made it through school before metrification was complete :-)). When the vehicle ahead of you suffers some sort of catastrophic failure of the sort about which RISKS readers lie awake at night contemplating, it seems to me that half a second is insufficient time to reassert manual control, but that any attempt at automatic collision avoidance in a crisis is likely to be a worse alternative. Did the article mention how the system was expected to behave under hazardous circumstances? john j. chew, iii phone: +1 416 425 3818 AppleLink: CDA0329 trigraph, inc., toronto, canada {uunet!utai!utcsri,utgpu,utzoo}!trigraph!john dept. of math., u. of toronto poslfit@{utorgpu.bitnet,gpu.utcs.utoronto.ca} ------------------------------ Date: Thu, 17 AUG 89 18:51:17 GMT From: Olivier Crepin-Leblond Subject: First test for electronic tagging starts in jail ! Compiled from various short articles in the British Media: The first person to be electronically tagged has spent the first first night (17 August 1989) of his sentence in prison, since British Telecom has not yet installed a telephone at his house. The man in question is on burglary charges, and is unemployed, and the line will be paid-for by the government. British Telecom has assured that they would complete the installation today, 17 August 89. This is the first case of electronic tagging, which is on trial here in UK. It has been presented as an alternative for minor jail sentences, to reduce over-crowding of UK's prisons. Apparently, it is already practised in some states in US. The device is an electronic beeper which is constantly worn by the criminal, and cannot be removed. A central computer makes random telephone calls at the house, where the criminal has to apply the beeper to the receiver, in order to prove that he is present. In this way, the person cannot go more than about 200ft from his phone, and has to stay in his house. There has already been some criticism about this new method, both from the criminal's point of view and the general public. Some say it would be humiliating to wear the tag, since it shows in public. Some say this is the start of "1984" by Orwell, where people's whereabouts are controlled by a computer. Others say that the sentence doesn't have any meaning, since the criminal can enjoy life at home. The debate is not over, it's only beginning. disclaimers: all standard ones... tag free. Olivier Crepin-Leblond Electrical & Electronic Eng., Computer Systems & Electronics, King's College London, England ------------------------------ Date: Sat, 19-Aug-89 20:52:24 PDT From: [anonymous] Subject: Re: unauthorized Internet activity (CERT Internet Security Advisory) The original poster suggested using the UNIX utilities "strings", "sum", and "last" to detect a security intrusion. As someone who was once involved from the other side, I would like to suggest that potential victims consider the possibility that these programs have been tampered with. They might be blind to contraband files or other records. You should also consider the possibility that a contraband file system has been created in the unused disk space of your system. ------------------------------ Date: Mon, 21 Aug 89 11:34:07 EST From: SDSV@MELPAR-EMH1.ARMY.MIL Subject: DEMO Software Disk Infected (Jerusalem Version B) A research and development lab located at Ft. Belvoir Virginia had their PC's infected with the Jerusalem, Version B, Virus. Further investigation uncovered the virus entered the lab through a DEMO software disk from ASYST Software Technologies supplied with a IEEE-488 board from METROBYTE. The infected program is RTDEMO2.EXE. In a conversation with Mr. Dave Philipson from ASYST, to the best of his knowledge, 50 to 100 copies of the infected software were released. The infection entered their facility through software received from their parent company in England. Mr. Brent Davis of METROBYTE informed me that the DEMO disk was supplied with three (3) of their products; MBC-488, IE-488 and UCMBC-488. METROBYTE is in the process of contacting all purchasers of these products. Many thanks to Mr. John McAfee for his assistance, SCAN34 which was used to identify the type of virus, and M-JRUSLM which was used to eradicate the virus. Both ASYST and METROBYTE were extremely helpful and responded expeditiously to the problem. Many thanks to Mr. Brent Davis and Mr. Dave Philipson for their action and assistance. Comm 202-355-0010/0011 AV 345-0010-0011 DDN SDSV@MELPAR-EMH1.ARMY.MIL [This is of course an OLD `virus'. New `viruses' continue to appear. For example, this morning's issue of the VIRUS-L Digest, V2 #178, contains a message from Christoph Fischer (Karlsruhe), entitled NEW VIRUS [`VACSINA'] DICOVERED AND DISASSEMBLED. For requests to receive VIRUS-L, contact krvw@SEI.CMU.EDU. RISKS long ago stopped trying to include information on virus attacks. PGN] ------------------------------ End of RISKS-FORUM Digest 9.14 ************************