The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 25

Monday 11 March 1991

Contents

o A pulsar repulsed!
PGN
o Robert Tappan Morris conviction upheld
PGN
o Re: Secret Service Foils Cellular Phone Fraud
Bart Massey
o QWERTY urban legend
Mark Jackson
o Pilot Error - an impartial assessment?
Henry E. Schaffer
o FEEDBACK on glass cockpits
Martyn Thomas
o Re: MD-11 glass cockpit
PGN
o Info on RISKS (comp.risks)

A pulsar re-pulsed!

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 11 Mar 1991 14:09:28 PST
The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000 times
per second, has now been attributed to electrical interference from a
closed-circuit television camera used to operate the telescope in Chile.
[Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8]

I suppose it would have been much more obvious had it been blinking at 60
cycles (or is it 50 in Chile?), although certainly less spectacular.  A little
like hearing a loud thumping in a quiet room and discovering it the pulse of
your own heart beat?  Ah, yes, for you statistical types, we need superANOVA,
which would have detected A NO VAriance situation.


Robert Tappan Morris conviction upheld

"Peter G. Neumann" <neumann@csl.sri.com>
11 Mar 91 09:56:14 PST
According to today's N.Y. Times, a federal appeals court has upheld the
conviction of Robert Tappan Morris.  The original conviction was for violating
federal computer crime statutes that restrict unauthorized entry into federal
computers.  In his appeal, Morris argued that because he had had legitimate
accounts on Cornell University computers, he had been authorized to use special
mailing programs that transfer documents within networks.  In denying that
appeal on Thursday, a three-judge panel of the U.S. Court of Appeals for the
2nd Circuit, in New York, said he had exceeded his authorization in using the
nationwide computer network.

As has been pointed out in RISKS previously, it is interesting to note that the
sendmail debug option, the finger program, and .rhosts require no authorization
for their use.  Copying an encrypted password file in most vanilla Unix systems
requires no authorization.  It seems to me that there is still a significant
gap between what it is thought the laws enforce and what computer systems
actually enforce.


Re: Secret Service Foils Cellular Phone Fraud (RISKS-11.23)

<bart@cs.uoregon.edu>
Sun, 10 Mar 91 16:11:20 -0800
In "Secret Service Foils Cellular Phone Fraud" (RISKS 11.23)
elr%trintex@uunet.UU.NET (Unix Guru-in-Training) quotes:
> New York Newsday, March 7, 1991, By Joshua Quittner
> ...    Dave Boll, who heads the Secret Service's Fraud Division in Washington,
> said that cellular telephones equipped with the counterfeit chips "sell for as
> much as $5,000 each".  And he estimated that such phones are used to make $100
> million in unbillable calls each year.   ...

Let's just arbitrarily assume that cellular long distance costs an average of
$100/hour (I expect that's only a little high...).  At $5000/phone, that
means that each buyer, just to pay for their investment, must make *50
hours* of long distance calls per year, or almost 10 minutes per day!  It's
possible that there's people out there with that much usage, but *how
many*???  If I had to guess, I would figure that $5000 is the max of a
distribution with a strong peak somewhere around 1/10th that figure...

Now, assume that the average buyer of one of these devices uses *10 times* that
much long distance time -- 500 hours per year.  At $100/hour, that's $50,000
per caller, implying 2000 of these phones, each with the same chip, were built
to make the $100 million worth of calls.  This is probably a *serious*
underestimate, but even then, 2000 chips is a pretty impressive underground
business!

Not to mention the fact that the $100 million mentioned is almost certainly the
value of the calls if they had been purchased legitimately, not the cost to the
phone company of completing them.  I would be willing to bet that few of those
calls would have been made if they weren't free, and that the cost of servicing
these extra calls was substantially smaller than their purchase value.

In case you haven't guessed, I suspect that this "estimate" is just inflated
numbers with little real basis intended to make the problem look more severe
than it really is.  The computer-related RISK, as I've mentioned here
before, is that resources will be wasted on overkill solutions to a minor
problem because of a lack of technical and social understanding of
computer-related crimes, while far more serious problems go unattended.

Anyone have any facts about where the numbers quoted above *really* came from?

                    Bart Massey


QWERTY urban legend

Mark_Jackson.wbst147@xerox.com <mjackson.wbst147@xerox.com>
Mon, 11 Mar 1991 06:38:02 PST
In Risks 11.24, Dick Karpinski <dick@ccnext.ucsf.edu> writes:

> In particular, the QUERTY [sic] standard succeeded because it slowed down
> the typist in order to avoid the problem of key jamming.

No.  The arrangement of the typewriter keyboard into the now-traditional layout
*was* intended to address jamming, but by reducing the tendency to jam and not
by slowing the typist.

Examine the mechanism of a mechanical typewriter, if you can find one.  It will
jam if the typebar for character N+1, in approaching the typing area,
interferes with the departure of the typebar for character N.  The time-window
for such interference is greatest for adjacent typebars.  The QWERTY
arrangement was designed to separate commonly-occuring letter-pairs so that
they could be typed more quickly without jamming.

(The "QWERTY-slowdown" legend is widespread.  Possibly it was started by Dvorak
and his partisans.)

Etaoin Shrdlu <MJackson.Wbst147@Xerox.COM>
                                          [Etaoin Shrdlu, he said, QWERTYously]


Pilot Error - an impartial assessment?

Henry E. Schaffer <hes@ccvr1.cc.ncsu.edu>
Mon, 11 Mar 1991 01:52:13 GMT
  A front page article in my local newspaper 3/10/91 from the L A Times (by W.
C. Rempel and R. O'Reilly, dateline Seattle) opens with the Madrid Boeing 747
accident in which the captain ignored the "Pull Up" recording and hit a hilltop
approaching Madrid - "Official cause of the accident: human error."  The
article continues, "Boeing research into three decades of commercial airline
accidents found that pilot error was the primary cause of more than 72 percent
(compared with 10.89 percent blamed on aircraft failure and 5 percent on the
weather.)  The article continues with discussion of the Aviation Safety
Reporting System, and how its leading complaint is about pilot fatigue, and how
Boeing advocates routine review of the flight data recorder to check on the
performance of flight crews.

  Then, there was a page 12 smaller article, unsigned but from the same source,
starting "Early ground warning systems issued so many false alarms that airline
crews routinely ignored them ..."  There was a short discussion on how Boeing
says that these systems are now more reliable and should be followed.

  It's good to know that the fox is still watching the hen house, and that the
press is approving.
                                --henry schaffer  n c state univ


FEEDBACK on glass cockpits

Martyn Thomas <mct@praxis.co.uk>
Mon, 11 Mar 91 13:45:51 GMT
The CHIRP report on the survey of pilots' and engineers' attitudes to cockpit
automation has been published (FEEDBACK No 23, Feb 1991). There will be a
statistical analysis in a peper for the Royal Aeronautical Society this month.

They had over 1400 responses to the survey. Overall, the replies were strongly
positive. The view seems to be that automation is here to stay and, to quote
one response, "...aircraft of this type are meant to be flown automatically for
all phases of flight including take-off and landing. ...  when [pilots] hand
fly they put the aircraft into an abnormal configuration, and cause an
immediate and dramatic increase in the workload of the other pilot."

There were criticisms:

"I spent a few years on 757. The moving map gave incorrect position on several
occasions, and one time could have been very serious. Danger was avoided by my
doing an auto go-around. Twice, all the screens went black for a few (5-10)
secs. several times the aircraft turned the wrong way on ILS interception. ...
PS. The 757 catchword was "What's it doing now?" Not due to bad pilot inputs,
but it made its own mistakes, like several spurious auto go-arounds. ... I
don't trust automatics at all."

and finally ...

"The most often heard expression on the flight deck is no longer 'what's it
doing now?' but 'well, I've never seen that before' ".

I'll try to get the RAeS paper and post a summary.

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:   mct@praxis.co.uk


MD-11 glass cockpit

"Peter G. Neumann" <neumann@csl.sri.com>
11 Mar 91 09:55:56 PST
   American Airlines spokesman Tim Smith said that in the ``glass cockpit'' of
the McDonnell Douglas MD-11, American test pilots noted they ``would see things
on the screen where they were not sure what it meant, and the manuals don't
tell us.''

[Abstracted from NEW JUMBO JET HAS PROBLEMS WITH ITS COMPUTERS, By SCOTT
THURSTON, c. 1991 Cox News Service, 11 March 1991, which also noted two earlier
mechanical problems.]

Presumably there is considerable experience required to adjust to this sphere
of flying.

Please report problems with the web pages to the maintainer

Top