Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Rust Imitator Flew Flowers to the Black Sea
By Elfie Siegl, Moscow - Reported in Tages Anzeiger, Zurich - 13Jun90
For the second time after Mathias Rust's landing on Red Square, a
West German amateur pilot flew illegally into the Soviet Union with
his private plane. As reported by the union newspaper "Trud", an
unknown FRG citizen landed last Saturday [9Jun90] between 4 and 5pm
at an airport in the Black Sea health resort, Batumi. He got out
and distributed flowers, business cards, and leaflets which called
for support of Gorbachov and of "perestroika".
The Air Force Staff merely told Trud that many questions needed
to be clarified. The press release of the Air Force Staff stated
that such a small airplane "simply couldn't be noticed".
The pilot flew over Turkey towards the Soviet border south of
Batumi, then under the radar control of the air force, and landed
at the civilian airport in Batumi.
[I have three questions. Was this reported elsewhere? The Tages
Anzeiger is not a rag. Secondly, the author states that this is the
second time since Rust's famous flight. Who was the first
imitator? Lastly, why was this not front page news? Is it to be
assumed that any yokel can fly into Russia? Forgive my naivete.]
Posted: Sun, Jun 10, 1990 1:52 PM PDT Msg: SJJA-2888-9119
From: RDAVIS
To: MTynan
CC: CWoodworth, RCarr
Subj: UK Hacker Goes To Jail
Date: Fri, 08 Jun 90 09:10:12 +0100
From: Anthony Appleyard <PUM04@prime-a.central-services.umist.ac.uk>
Subject: First jailed UK computer hacker
>From a UK newspaper called 'The Daily Telegraph', Friday 8 June 1990:-
['Mad Hacker' jailed for computer war]
A computer operator who called himself "The Mad Hacker" became the first in
Britain to be jailed for the offence yesterday. Nicholas Whiteley, 21, of
Enfield, north London, was sentenced to 4 months with a further 8 months
suspended for criminally damaging computer disks and wreaking havoc on
university systems. Whiteley, who, it was said, was driven by a desire top
become Britain's top hacker, wept in the dock and held his hands to his
face as he walked to the cells to begin his sentence.
Judge Geoffrey Rivlin, QC, described him as "very malicious and arrogant",
and told him: "Anyone minded to behave in this way must be deterred from
doing so.".
Whiteley declared war on computer experts, using a computer in his bedroom
to swamp university computers with masses of useless material including
threats and boasts about his brilliance. One said: "Don't mess with me
because I am extremely nutty.".
He was found guilty last month of 4 charges of causing damage to magnetic
disks in mainframe computers at the universities of London, Bath, and Hull.
The judge said some of the computers stored important and confidential data
relating to medical and scientific research.
#......................................................................
{A.Appleyard} (email: APPLEYARD@UK.AC.UMIST), Fri, 08 Jun 90 08:58:20 BST
According to the NYT Westwood Village and Reseda, CA are installing digital parking meters which can be reprogrammed (using an infrared beam) when the rates go up. Need I say more?
This reminds me of the time a couple of weeks ago when I was taking part in a car rally, providing communications support. I was amused to hear some of the traffic being passed just after the race started, to do with two sets of fancy digital clocks that provided the elapsed times. It would appear that one of the clocks advanced itself by three minutes, as a result of nearby UHF CB activity from the race marshalls. It did not seem possible (or perhaps legal) to alter the errant clock, so from there on the time had to be adjusted manually before being reported. Since the average lap time was about one minute such a failure was obvious, but had the course been much longer then errors could easily have crept in. Dave Horsfall (VK2KFU) Alcatel STC Australia dave@stcns3.stc.oz.AU dave%stcns3.stc.oz.AU@uunet.UU.NET ...munnari!stcns3.stc.oz.AU!dave
From what I understand, Caller ID *cannot* be used to report crank phone calls. It is simply provided (in some areas - Pennsylvania's legislature has ruled that Caller ID is an invasion of privacy) as a convenience. In order to legally report the phone number of a crank call without prior tracing arrangements with Bell's Nuisance Call Group, one needs to use the Call Trace function which reports the caller's phone number to Bell while keeping the number secure from the call's recipient. The only thing I couldn't understand is that it seems that the ability to "Call Trace" is an optional service (costing ~$1.50/month). I would imagine that it would be in the public's better interest to make it available to anyone since one usually cannot anticipate when such a call might be made. (I'd love to report the numbers of these calls that I get telling me that I need to call 976-xxxx RIGHT NOW. I definitely consider these to be a nuisance!) --Marc
My answering service told its customers in a recent "fact sheet" that the software they run is used at many (over 200?) locations around the US. I pick up my messages by calling a "message-number" and dialing a five digit code. The first four digits are nothing more than my account number (assigned sequentially beginning at 0000), and the last digit is whatever it takes to make the number a multiple of nine (casting out nines)! How simple. It'd be trivial for me to read anyone's messages. In fact, since the mapping from DID number to the account number is fairly easily determined from a few tries (293-[78]XYZ maps into "account" [12]XYZ, for example), I could scan the phone book for rented numbers from this answering service, and scam on just about anyone I felt like. Security. Ha. If this is the same software that's running on hundreds of sites around the country, lots of answering services are very vulnerable. Just another person that doesn't always answer the phone, Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095
As the EEC IT SEcurity Criteria have been constructed from groups in 4 EEC
member countries, the paper can be ordered from any of the following adresses:
for France: Service Central de la Security des Systemes d'Information
Division Information et Systemes
18 Rue du Docteur Zamenhof
F-92131 Issy les Moulineaux
(apology for missing accents)
for Germany: Zentralstelle fuer die Sicherheit der Informationstechnik (ZSI)
Am Nippenkreuz 19
D 5300 Bonn 2
for The Netherlands:
Netherlands National Comsec Agency
Bezuidenhoutseweg 67
P.O. Box 20061
NL 2500 EB The Hague
for United Kingdom:
Head of UK CLEF Scheme Certification Body
CESG Room 2/0805
Fiddlers Green Lane
Cheltenham
GLOS GL52 5AJ
For those interested in the Green book: you may receive a copy (English or
German) from ZSI (=German Information Security Agency, GISA), adress above;
essential parts of Green Book (esp. the functional classes F1-F5,F6-F10) are
also in EEC ITSEC' annex A, while the 'quality classes' Q0-Q7 have been adapted
and partly enhanced with ideas from the other countries' criteria catalogs.
Klaus Brunnstein University of Hamburg
In RISKS-10.05 I expressed some "minority opinion" about the article on A320 in
Aeronautique, April 1990 (RISKS-10.02). The article that was written by Mr.
Bertrand Bonneau and translated to English by Pete Mellor.
While taking issue with the original article, I tried to compliment the
translation. In trying to do that I made a terrible mistake by refering to
Bertrand Bonneau as the "the translator to English". This mistake offended the
Pete Mellor to no end, as he expressed in RISK-10.06: "If this is a joke about
the translation, it's a bit too subtle for me!"
I APOLOGIZE FOR THIS MISTAKE !
[An explanation (not an excuse): After composing my message
about the article I looked for the translator's name and misread
the line: "Translation of article by Bertrand Bonneau" as if the
translation, not article, was by Bertrand Bonneau.
I read it as: "Translation (of article) by Bertrand Bonneau"
in stead of : "Translation of (article by Bertrand Bonneau)".
RISKS readers are kindly asked not to submit contributions
about "Risks in Using Languages with Ambiguous Syntax" and
not to recommend using LISP as the ultimate solution.
In later issues of RISKS several contribution expressed strong
disagreements with what I submitted.
One of the key points made by them that in this case (unlike many
others) as expressed in:
<> "The pilot and copilot survived the Mulhouse crash, and immediately
<> made statements implicating delays in engine acceleration (Times 27th
<> June 1988)".
Another point is the rush to judgment motivated by the desire of the
French airlines/Industry/Government/etc., not to ground the aircraft.
This was expressed in:
<> "...the day after the accident, the DGAC announced a preliminary
<> conclusion that the pilots, and not the aircraft, were to blame for
<> the disaster. According to the French press, details of the flight
<> records were given to Aerospatiale, which announced that it had
<> confirmation that the aircraft was not at fault in the crash. Several
<> days later, the DGAC exonerated the mechanical performance of the
<> Airbus. The head of the DGAC, Daniel Tenenbaum, said that if this had
<> not been the case, it would have been necessary to ground the A320
<> for tests."
<> (And we couldn't have that, now, could we? :-)
<> [In fairness, I should add that I have spoken to a number of people
<> in the CAA and elsewhere who know a lot about flight certification
<> and about the Mulhouse accident in particular, who have assured me
<> that it *was* pilot error, but, as always, confidentiality prevented
<> them from saying *how* they knew that.]
Facts (that took very little time to find after the accident) included
that the pilots flew too slow and too low (e.g., as I remember it the
pilots submitted plans for 100' and flew at 35'), that due to the high
pitch angle the pilots didn't see early enough the terrain into which
they flew, and that the pilot disconnected some of the safety systems
(some of RISKS readers complained later that it is not safe for an
aircraft system to allow manual override and disconnection — [this was
probably submitted by non-pilots]). All of that was confirmed by the
FDR. [By the way, it shouldn't take more than just a few hours to read
the FDR.]
The surviving pilots (from the hospital) complained that it took too
long for the engines to regain their power. Many consider the pilots'
statement to be too self-serving (what a surprise!). It was the opinion
of many (including not only the FAA/NTSB-like organizations but many
people even in competing aircraft engine companies) that this delay was
well within the normal response of such an engine.
Based on the above the aircraft was cleared ("un-grounded").
History didn't prove this decision to be wrong.
Danny
P.S., About the timeliness of Aircraft Accident investigation reports:
The NTSB report about the UAL DC-10 crash at Des Moines, Iowa,
on July-19-89, is not out yet (as of June-15-90).
Please report problems with the web pages to the maintainer