The RISKS Digest
Volume 10 Issue 19

Friday, 10th August 1990

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Computers as counterfeiters?
Will Martin
Computer voice recognition monitor for gang members
Rodney Hoffman
U.S.-supplied Saudi air defense software not working
Jon Jacky
Hubble Trouble: `Astonishing' error of about 1 mm
Lauren Weinstein
Re: British Rail signalling software problem
Pete Mellor
Re: "compress" and the Unisys patent
Anonymous
Re: Design for the real world
Robert Biddle
Computer Security Applications Conference
Marshall D. Abrams
Info on RISKS (comp.risks)

Computers as counterfeiters?

Will Martin <wmartin@STL-06SIMA.ARMY.MIL>
Thu, 9 Aug 90 12:36:58 CDT
"Run for the hills! Congress is in session!"

The following item was included in a column on printer technology in the
August '90 issue of "St. Louis Computing," a tabloid freebie local paper:

"...computer printers have become so advanced that the Treasury Department
is concerned that they will soon be used to print money. Michigan
Senator Donald W. Riegle Jr. has introduced a bill that would make it a
crime to possess any device that the Treasury Department concludes would
facilitate counterfeiting."

Hmmmm.... I hope the generality is in the reporting and not in the proposed
legislation, because "any device" as cited above includes eyeballs,
pencils, engraving tools, paper, ink, color copiers, and millions of
other items both mundane and esoteric... If the legislation is actually
written so broadly or vaguely, I nominate it for "dumb bill of the month".

Anyone out there know the actual details of this proposal?
                                                               Will Martin


Computer voice recognition monitor for gang members

Rodney Hoffman &offman.ElSegundo@Xerox.com>
10 Aug 90 08:26:53 PDT (Friday)
According to a story by John Kendall in the 'Los Angeles Times' 10 August
1990, a computerized voice recognition system will be used in a six-month
pilot program to assure that gang members on probation stay home during
"Red Alerts," declared by the Probation Dept.

>From the article:

"A computer will telephone designated gang members at random during the
hours they are restricted.  The computer will direct them to state their
names and repeat after the computer as it names several states.  The
computer will then electronically analyze their responses and compare the
findings with voice tapes made earlier.  If the computer questions any of
its contacts, it will notify monitors, and a probation officer will be sent
to check in person....

"Probation Department Deputy Director Michael Lindsey ... expects the
computer monitor program to be in place sometime this month.  If it is
deemed a success, he wants to extend electronic monitoring to the entire
county, with upward of 1,000 gang members in the system eventually.  But
first, the present program must be perfected, he says.

"The $19,000 system employs a computer and voice-analysis software provided
free to the Probation Department for six months by BI Inc., a Boulder, CO
firm.  Currently, four college students are preparing background
information for the computer on 100 gang members.  Next, deputy probation
officers will record their charges' voices for comparison by computer.

"When gang trouble develops, the police and probation officers will
identify the gangs involved, determine what members are on probation and
tell them individually to stay home for periodic checks by the computer.
Lindsey hopes that computer monitoring will afford soft-core gang members
an excuse to stay out of trouble."


U.S.-supplied Saudi air defense software not working

Jon Jacky <ON@GAFFER.RAD.WASHINGTON.EDU>
Fri, 10 Aug 1990 9:53:38 PDT
The following excerpts appeared near the end of a story in THE SEATTLE
POST-INTELLIGENCER, Aug 10, 1990 p. A2:

BOEING FLYING FAMILIES OUT OF SAUDI ARABIA by Bill Richards

... Most of Boeing's employees work on either the Saudi's Airborne Warning and
Control System (AWACS) aircraft or on the ground-based Peace Shield network.
... The $1.2 billion Peace Shield system, which consists of a network of
computerized radar and communications equipment designed especially for the
Saudis, has been a problem for Boeing.  The equipment was designed as a
ground-based air defense system to complement the airborne AWACS, but Boeing
engineers are still attempting to debug the system's softwear [sic].  The
softwear is made by Computer Sciences Corp. of El Segundo, Calif.  Boeing
officials said Peace Shield was scheduled to be completed next year, but is
behind schedule.

"The system is not up and running," Boeing spokesman Don Brannon said
yesterday.  Brannon said most of the Peace Shield activity underway in Saudi
Arabia now involves construction work ....

- Jon Jacky, University of Washington, Seattle   jon@gaffer.rad.washington.edu


Hubble Trouble: 'Astonishing' error of about 1 mm (excerpt)

Lauren Weinstein <CL@SAIL.Stanford.EDU>
09 Aug 90 1748 PDT
By PAUL RECER, AP Science Writer
    WASHINGTON (AP) - A NASA committee investigating the focusing flaw that
crippled the Hubble Space Telescope said Thursday that there was an error of
about 1 millimeter in a measuring device used to grind the telescope mirrors.
In the precise world of optics, such an error is ``astonishing,'' said one
expert.
    A one-page statement released by NASA said a committee investigating the
Hubble problem found that a measuring device called a reflective null corrector
had been adjusted incorrectly when the primary mirror was being ground and
polished at the Hughes Danbury Optical Systems plant in Danbury, Conn.  Hughes
Danbury had preserved the null corrector in the exact position that had been
used to grind and polish the mirrors in the early 1980s and the investigation
committee tested the device on Wednesday.
    Preliminary results of the test, the statement said, ``have revealed
a clear discrepancy of approximately one millimeter between the
design of the null corrector and the device as it exists.''  [...]
    Daniel Schulte, a senior scientist at the optical laboratory at the
Lockheed Palo Alto Research Laboratory in California, said that an error of
that magnitude was ``astonishing.'' ``That's gross,'' he said. ``There's no
reason for an error of that size to be tolerated.''  Schulte said that in
normal optical manufacturing, a tolerance of a 20th or a 50th of a millimeter
is considered ``standard tolerance.''  He said the error was so large ``it had
to be a transposition of numbers or something like that, that was carried
through. It had to be something clerical like that.''  Schulte, an astronomer,
was a member of an independent panel named by NASA to evaluate the Hubble
focusing flaw just after it was discovered in June.
    A null corrector is a device that can be adjusted to create a pattern of
light in the exact shape desired in an optical lens or mirror. The light
pattern from a null corrector is interpreted by another device to tell a
computer the precise grinding and polishing pattern that must be followed.
However, if the null corrector is set wrong, then the lens or mirror will be
ground to an incorrect shape. In effect, the optics are then made to the wrong
prescription and cannot give the expected focus.  [...]


Re: British Rail signalling software problem

Pete Mellor <pm@cs.city.ac.uk>
Fri, 10 Aug 90 00:49:06 PDT
Many thanks to Clive Feather for explaining (RISKS-10.18) what probably
happened when a BR signalman closed down a part of the network because he
could (apparently) no longer trust the information displayed to him.

Disclaimer: I know next to nothing about railway signalling, so I could only
quote the Guardian news item verbatim (but adding a few speculations of my own).
Clive is obviously much better informed.

On one point, however, I do stand firm. That is the manufacturer's preposterous
(at any rate, it sounded preposterous to me) claim that the system was still
'under test'.

As Clive says:

> First you test it on a model railway. Then you hook in the display system in
> parallel with the existing one, and see what happens. Eventually, however, you
> have to go live.

I entirely agree, but that was my point: when you go live, the system is no
longer 'going through a testing stage' as the manufacturer said. If the system
is 'under test', then, as Clive says, you run it *in parallel* with the
existing system (as the final stage of its trial). The new system goes live,
without back-up parallel systems, when the manufacturer is confident that its
reliability is no worse than the system it replaces.

He can't have it both ways!

Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB UK


Re: "compress" and the Unisys patent (Littman, RISKS-10.18)

"Anonymous" <...>
Fri, 10 Aug 1990 7:58:11 PDT
The message in RISKS regarding compress was unnecessarily alarming.  In fact,
it really represents the start of a chain of hundreds of Usenet messages
discussing the Unisys patent in detail, including various postings by the
compress authors.  There is considerable question regarding software-only
implementations of the algorithms, *which* algorithms really are involved,
Unisys' true intentions, compression vs. decompression, validity or invalidity
of the patent if tested in court, etc.  It is not a simple situation, and there
is significant evidence that some people may have become alarmed unnecessarily,
or at the very least prematurely.

People who need more information about this subject should look over the entire
discussion if possible, not react to the initial statement.  This would seem to
be a risk of seeing only the first message in a chain!

There may yet be potential complications regarding compress and the Unisys
patent, but this is by *no* means an established fact at this point and is a
matter of active analysis at this time.


Re: Design for the real world (RISKS-10.18)

&obert.Biddle@comp.vuw.ac.nz>
Fri, 10 Aug 90 14:54:32 +1200
>From our library computer:
Callmark      Main Collection                          Status : In
               TS171.4 P213 D 2ed
     TITLE   Design for the real world : human ecology and social change /
             Victor Papanek. 2nd ed., completely rev.

      NAME   1. Papanek, Victor, 1925-

   IMPRINT   London : Thames and Hudson, 1985.
    EXTENT   xxi, 394 p. : ill. ;

     NOTES   First published: New York : Pantheon Books, 1971.
             Includes index.
             Bibliography: p. 351-385.

   SUBJECT   1. Design, Industrial.

And a very interesting, if often anectodal, book it is too.

Robert Biddle, Computer Science, Victoria University, Wellington NEW ZEALAND


Advance notice of Computer Security Applications Conference

(Marshall D. Abrams) <abrams@soldier.mitre.org>
Mon, 06 Aug 90 13:47:02 -0400
Marshall D. Abrams, The MITRE Corporation, 7525 Colshire Drive, Mail Stop Z269,
Mc Lean, VA 22102 phone: (703) 883-6938 FAX: (703) 883-5639 [effective 7/10/90]

              Sixth Annual Computer Security Applications Conference

                                December 3-7, 1990
                       Westward Look Hotel, Tucson, Arizona

                                   Sponsored by
                     American Society for Industrial Security
                      Aerospace Computer Security Associates

                                in cooperation with
                 IEEE Technical Committee on Privacy and Security
                American Institute of Aeronautics and Astronautics
             ACM Special Interest Group on Security, Audit and Control

Keynote Speaker: Senator Dennis DeConcini (D - Arizona)

Luncheon Speakers: Ralph V. Carlone, GAO
                   Dave Fitzsimmons, Cartoonist, Arizona Daily Sun

Distinguished Lecture in Computer Security: Dorothy E. Denning, DEC

Tutorial Program, Monday, 3 December 1990

Morrie Gasser, DEC, "Security In Distributed Systems"
Brett Fleish, Tulane, "Introduction to Trusted Computer System Design"
Richard Linde, Unisys, "Penetration Testing"
Charles Martin, Duke Univ. "Applying Formal Methods by Hand"

Tutorial Program, Tuesday, 4 December 1990

Morrie Gasser, DEC, "Security in Distributed Systems II"
Teresa Lunt, SRI, "Approaches to Database Security"
E. J. Humphreys, British Telecom, "OSI Security"
David Snow, ITT, "Risk Management"
John McHugh, CIT, "Software Safety"

Technical Program,  Wednesday - Friday, 5-7 December 1990

            Technical Paper Sessions
                +  Trusted System Development (architecture, design,
                   formal methods, auditing, user interface)
                +  Network Security
                +  Security Engineering (risk assessment, life cycle)
                +  ISO Standards
                +  Data Base Security (research, application)
                +  Non DOD Applications
                +  DOD Applications
                +  Integrity

            Panel  Sessions
            +  Computer Crime
                +  Trusted System Development
                +  Education and Ethics
                +  Trusted Subject-based DBMS
                +  Software Safety
                +  Certification of Professionals
                +  Security Standards for Open Systems
                +  Computer Security in Government Labs

Special Events: Biosphere II: a prototype of the Earth for the future;
Sonora Desert Museum: living animals and plants of the Sonoran Desert Region

Additional Information For a copy of the advance program, which includes rates,
schedule, registration form, and special activities, contact: Diana Akers,
Publicity Chair, (703) 883-5907, akers%smiley@gateway.mitre.org , Victoria
Ashby, Co-Chair, (703) 883-6368, ashby%smiley@gateway.mitre.org , The MITRE
Corporation, 7525 Colshire Dr., McLean, VA 22102

Advance Programs will be available early September.  Please request one at that
time.  Conference proceedings and videotape of the Distinguished Lecture will
be available.  Program Subject To Change.

Please report problems with the web pages to the maintainer

x
Top