Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after
each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment.
The flashlight take you to an analysis of the various trackers etc. that the linked site delivers.
Please let the website maintainer know if
you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
"James H. Paul" <0002296540@mcimail.com>
Fri, 29 Mar 91 21:11 GMT
REUTERS 03-28-91 05:40 PET
SOVIET SPACE STATION AVOIDS DOCKING DISASTER BY 40 FEET
MOSCOW, Reuters - The Soviet space station Mir came within 40 feet of a
collision with a cargo module which would almost certainly have killed the two
cosmonauts on board, Soviet television reported Thursday. Ground control staff
noticed only seconds before impact that computers which should have been
docking an unmanned Progress-7 cargo module onto Mir were in fact steering it
on a collision course. [...]
The cargo module was only 65 feet from impact when an alert ground
controller watching television pictures of the docking had to make a snap
decision to override the computers and change Progress-7's course. Rockets
deflected the module, which had already failed to dock once last week, so that
it passed within 40 feet of the space station and narrowly missed protruding
antennae and solar panels. [...]
The space station's next crew will have to make more extensive repairs to a
faulty antenna which was found to be the cause of the near miss. [...]
Tribe proposes computer freedom/privacy amendment to US Constitution
Paul Eggert <eggert@twinsun.com>
Wed, 27 Mar 91 09:26:05 PST
Here are excerpts from the Los Angeles Times, 1991/03/27, pages A3 and A12.
The issues are familiar to Risks readers, but awareness has spread to the
non-computer legal community, and it's worth noting how their reactions are
reported in the mainstream press. On page A12 the article runs in parallel
with the continuation of the day's biggest story, whose page one headline
reads ``High Court Allows Forced Confessions in Criminal Trials ... A key
pillar of constitutional law is upset.''
-- Paul Eggert
Computer Privacy Amendment Urged
Rodney Hoffman <Hoffman.El_Segundo@Xerox.com>
Wed, 27 Mar 1991 19:44:07 PST
Writing in today's 'Los Angeles Times' (p. A3), Henry Weinstein reports on one
of the keynote addresses from this week's Conference on Computers, Freedom, and
Privacy, sponsored by Computer Professionals for Social Responsibility.
According to the article, renowned constitutional scholar Laurence Tribe called
for a 27th Amendment to the US Constitution "in order to preserve privacy and
other individual rights threatened by the spread of computer technology.... to
cope with the many questions raised by the advent of 'cyberspace,' a place
without physical walls, or even physical dimensions, where an increasing amount
of the world's communication and business — ranging from ordinary letters to
huge global transfers of money — is taking place, via computer and telephone
lines."
Further quotes from the article:
"The existence of such a place creates all sorts of potential problems, Tribe
noted, because the nation's constitutional order historically has carved up the
social, legal and political universe along the lines of 'physical places'
which, in many situations, no longer exist. There is a 'clear and present
danger' that the Constitution's core values of freedom, equality and privacy
will be 'metamorphosed into oblivion' unless policy-makers come to grips with
the ramifications of technological change, Tribe said...."
"The proposed new amendment would provide that the Constitution's protections
for free speech and against unreasonable searches shall be fully applicable,
regardless of the technological method or medium used to transmit, store, alter
or control information. The point, he said, would be to make it clear that the
Constitution, as a whole, 'protects people, not places.'... [N]ormally wary
of Constitutional amendments, .... he said the computer revolution has created
'substantial gray areas' that need to be addressed."
"Lance Hoffman, a George Washington University professor of computer science
[And occasional RISKS contributor. And no relation to me! — RH] said, ....
'We're casting about, because we're in a new age in our technological
development, an age where a person can spend $1,000 and buy the computer
equivalent of a Saturday Night Special and take down a large computer system.'"
More on Computers, Freedom, and Privacy
Peter G. Neumann <neumann@csl.sri.com>
Fri, 29 Mar 91 14:47:47 PST
The Conference on Computers, Freedom, and Privacy (Tuesday through Thursday of
this week, sponsored by CPSR and cosponsored by and in-cooperation with
numerous other organizations including ACM groups and committees) at which
Professor Lawrence Tribe spoke (see previous messages) had a broadly based
interdisciplinary audience, including law enforcers, lawyers, developers,
vendors, marketers, computer scientists, (nonpejorative-sense) hackers, as well
as crackers, whackers, and snackers (pejorative-sense hackers), trackers,
backers, flackers (journalists), claquers, EFF-ers Kapor and Barlow, and a
video crew one of whom was fresh from the Academy Awards Monday evening. Very
few quackers (who duck the hard issues) or slackers. It was one of the most
enjoyable meetings I have ever attended. All of my notes on the first two days
seem to have been lost somewhere in the hotel (I was keeping my comments on the
back of a bunch of laser printout pages that I happened to have with me), so my
plans to write a detailed summary for RISKS have been scratched unless someone
found the pages and saved them. I hope that some other RISKS reader will do
so. There were a lot of RISKSers there, and a lot of valuable discussion,
including various people arguing — for DIFFERENT REASONS — why they did or
did not think the proposed amendment was a good idea. Also, a formation
meeting was held for a U.S. Privacy Council, hoping to help privacy and privacy
legislation in the U.S. catch up with various other countries. I hope that the
organizers of that Council will provide details in RISKS.
[Peter Marshall: Re: Privacy Updates]
Brinton Cooper <abc@BRL.MIL>
Mon, 25 Mar 91 22:19:27 EST
Perhaps someone is listening after all! Brint
----- Forwarded message # 1:
Subject: Re: Privacy Updates
Keywords: CallerID/Privacy/Legislation
From: Peter Marshall <halcyon!peterm@sumax.seattleu.edu>
Date: Thu, 21 Mar 91 11:52:24 PST
Organization: The 23:00 News and Mail Service
In Washington, HB1774, setting up a joint committee on privacy and information
technology, passed the House Tuesday on a 98-0 vote and is now in the Senate
Law & Justice Committee, which has not yet set a hearing date on the bill.
Also in Washington, HB1489, on Caller ID, which had previously passed the
House, will have hearings in the Senate Energy & Utilities Committee at 10 a.m.
next Tuesday and Thursday. In that other Washington, Sen. Leahy has set up a
task force on CallerID; the Kohl "blocking bill" has been re-introduced, and
Rep. Markey has introduced HR1305, which although it merely requires per-call
blocking of CallerID, also restricts re-use and disclosure of ANI-delivered
information without informed consent.
Peter Marshall
halcyon!peterm@seattleu.edu
The 23:00 News and Mail Service - +1 206 292 9048 - Seattle, WA USA
Legion of Doom's "Terminus" sentenced
Rodney Hoffman <Hoffman.El_Segundo@Xerox.com>
Wed, 27 Mar 1991 10:40:59 PST
According to a story by Henry Weinstein in the 23 March 'Los Angeles Times',
computer consultant Leonard Rose pleaded guilty to federal felony wire fraud
charges for stealing UNIX source code and distributing Trojan horse programs
designed to gain unauthorized access to computer systems. He will serve a year
in prison.
Rose, known as "Terminus", was alledgedly associated with the Legion of Doom
"hacker group". In 1990, the Secret Service seized much of his computer
equipment.
Court allows appeal over computer error
Martyn Thomas <mct@praxis.co.uk>
Thu, 28 Mar 91 18:01:35 GMT
A UK computer company was fined #21,000 for misdeclaring #71,000 of VAT
(turnover tax). The misdeclaration occurred because software errors in an
accounts package led to May invoices being included in a tax return which
should have only included invoices up to April.
An appeal tribunal allowed the appeal against the fine, on the basis that
the company had shown reasonable care in preparing the return, and was not
aware of the bugs.
Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel: +44-225-444700. Email: mct@praxis.co.uk
RISK of being honest ["surplus" FBI data]
Peter Kendell <pete@tcom.stc.co.uk>
Tue, 26 Mar 91 08:46:01 GMT
>From the Guardian newspaper, London, 26 March 1991
Secret FBI files sold off inside $45 surplus computers
FBI informants given secret identities after testifying against the
Mafia and other criminals may be at risk after the US Justice
Department sold its computers without clearing the data banks.
Last summer, Charles Hayes, of Lexington, Kentucky, paid $45 (about 25
pounds) for a surplus computer from the local Justice Department
office. When he plugged it in, he found himself reading sealed grand
jury indictments and the confidential report of an FBI investigation
into organised crime. The computer contained information on FBI
informants and witnesses who had been given new identities.
When Mr Hayes informed the Justice Department, it sued him for return
of the equipment, which came from the US Attorney's office.
The federal government's watchdog office said it knew of many similar
cases and urged the department to recover the rest.
---
Agent Cooper, your secret is out! Seriously, though, what kind of incentive
for honesty is it when someone points out to a goverment agency that they have
made a serious security breach and they respond by suing him?
It would have been nice if the article had told us whether action had been
taken within the Justice Department to prevent future cock-ups.
Peter
[It struck me that I'd missed the greatest RISK in the story about the
surplus computers holding highly confidential information.
That is, that the Lexington Justice Department thought that, by recovering
the computers with the sensitive data stored in them, they could also recover
the data. I suppose the computers had removable media? PK]
USSR BBSList
"Selden E. Ball, Jr." <seb@lns61.tn.cornell.edu>
23 Mar 91 09:05:00 EST
Gentle folk,
Many people are doubtless already aware of this, but it came as a bit of a
surprise to me.
It is now possible to direct-dial computer bulletin boards in the USSR and
eastern European countries. Many of them are already on FidoNet. The following
list of BBSs was recently posted to a widely read news group.
The potential transmission speed for computer viruses is increasing faster than
your favorite comparison. sigh.
Selden Ball
seb@lns61.tn.cornell.edu
-----------------------------
From: LNS61::WINS%"<KIDSNET@vms.cis.pitt.edu>" 22-MAR-1991 18:56:05.24
To: SEB
Subj: USSR BBSList
Return-Path: <KIDSNET@vms.cis.pitt.edu>
Received: from vms.cis.pitt.edu by lns61.tn.cornell.edu with SMTP ;
Fri, 22 Mar 91 18:55:52 EST
Date: Fri, 22 Mar 91 17:07 EDT
From: KIDSNET MAILING LIST <KIDSNET@vms.cis.pitt.edu>
Subject: USSR BBSList
To: kids-l@vms.cis.pitt.edu
Message-id: <A00DB88427FF407349@vms.cis.pitt.edu>
X-Envelope-to: seb@lns61.tn.cornell.EDU
X-VMS-To: IN%"kids-l"
Date: 15 Mar 91 23:01:15 EST
From: Frank Topping <76537.1713@CompuServe.COM>
Subject: USSR BBSList
I thought some teachers might be interested in this - they're growing like
wildfire & connectivity opportunities abound!
-frank
.....................
|Area : K12Net Sysops
|From : Serge Terekhov 15-Mar-91 00:05:00
|To : All 15-Mar-91 17:28:42
|Subj.: Full list of USSR BBSes!
Known USSR Bulletin Board Systems
Version 10c of 3/13/91
Compilation (C) 1991 Serge Terekhov
BBS name ! Data phone ! Modem ! FIDO addr
-----------------------------!----------------!----------!------------
PsychodeliQ Hacker Club BBS +7-351-237-3700 2400 2:5010/2
Kaunas #7 BBS +7-012-720-0274 ? -
Villa Metamorph BBS +7-012-720-0228 ? -
WolfBox +7-012-773-0134 1200 2:49/10
Spark System Designs +7-057-233-9344 1200 2:489/1
Post Square BBS +7-044-417-5700 2400 -
Ozz Land +7-017-277-8327 2400 -
Alan BBS +7-095-532-2943 2400/MNP 2:5020/11
Angel Station BBS +7-095-939-5977 2400 2:5020/10
Bargain +7-095-383-9171 2400 2:5020/7
Bowhill +7-095-939-0274 2400/MNP 2:5020/9
JV Dialogue 1st +7-095-329-2192 2400/MNP 2:5020/6
Kremlin +7-095-205-3554 2400 2:480/100
Moscow Fair +7-095-366-5209 9600/MNP 2:5020/0
Nightmare +7-095-128-4661 2400/MNP 2:5020/1
MoSTNet 2nd +7-095-193-4761 2400/MNP 2:5020/4
Wild Moon +7-095-366-5175 9600/MNP 2:5020/2
Hall of Guild +7-383-235-4457 2400/MNP 2:5000/0
The Court of Crimson King +7-383-235-6722 2400/MNP 2:50/0
Sine Lex BBS +7-383-235-4811 19200/PEP 2:5000/30
The Communication Tube +7-812-315-1158 2400/MNP 2:50/200
KREIT BBS +7-812-164-5396 2400 2:50/201
Petersburg's Future +7-812-310-4864 2400 -
Eesti #1 +7-014-242-2583 9600/MNP -
Flying Disks BBS +7-014-268-4911 2400/MNP 2:490/40.401
Goodwin BBS +7-014-269-1872 2400/MNP 2:490/20
Great White of Kopli +7-014-247-3943 2400 2:490/90
Hacker's Night System #1 +7-014-244-2143 9600/HST 2:490/1
Lion's Cave +7-014-253-6246 9600/HST 2:490/70
Mailbox for citizens of galaxy +7-014-253-2350 1200 2:490/30
MamBox +7-014-244-3360 19200/PEP 2:490/40
New Age System +7-014-260-6319 2400 2:490/12
Space Island +7-014-245-1611 2400 -
XBase System +7-014-249-3091 2400/MNP 2:490/40.403
LUCIFER +7-014-347-7218 2400 2:490/11
MESO +7-014-343-3434 2400/MNP 2:490/60
PaPer +7-014-343-3351 1200 2:490/70
-----------------------------!----------------!----------!------------
|--- Maximus-CBCS v1.02
| * Origin: The Court of the Crimson King (2:50/0)
..................................................
Frank Topping, sysop
Sacramento Peace Child - NorCal K-12Net Feed (916)451-0225 (1:203/454)
conference moderator:
"The Educational Exchange Conference" - "OERI" BBS (800)222-4922
operated by: Office of Educational Research and Improvement - (OERI)
U.S. Dept. of Education, Washington, D.C.
A Consciously Chosen Risk
<[anonymous]>
Sat, 23 Mar 91 12:40 xxT
Even in time of personal loss there are lessons learned that might be helpful
to others. In this case I'm not exactly sure what the lesson is, but the RISK
is readily apparent. My mother-in-law died recently and my wife and I have the
burden of handling all the financial and legal details. Among those were
notifying Social Security, two state-run pensions, and two insurance carriers
(Blue Cross and the Medicare carrier.) All of the details were handled over
the phone — we did not have to send in any proof of death or even just a
letter. (It happens that one of the state pensions has someone who reads the
obituary column and had already started the necessary action for that account,
but presumably they don't read every small town newspaper.) In all cases all
we had to give was her name and social security number.
The RISK is obvious: if one wanted to harass someone who was dependent on
social security and pensions all one would need do is phone in and pose as some
relative and announce their death. (getting the SSN shouldn't be hard.)
When I realized during my first call (to Social Security) what the situation
was I asked the person I was talking to about it. He replied that they had
quite consciously decided to place as little extra burden as possible on what
are usually still grieving relatives, even though they knew the risk involved.
He pointed out that had there been survivors' benefits involved (which there
weren't), proof would have had to be supplied. It should also be noted that in
each case a letter will be sent to the address of record, so if there were a
harassment it would presumably be discovered quickly. I'm not too sure however
that the way that is handled is not without its flaws: one of the places we
called asked if they had the right address; since in all cases the address had
already been changed to ours I don't know if the others would have asked or
given us an opportunity to change it to prevent the letter from going to the
last known address. (We also stopped the telephone service the same way,
supplying only the phone number and confirming the name and address.)
Compass 1991 Program [EXCERPT. EMail to jchernia for details.]
<jchernia@NSF.GOV>
Mon, 25 Mar 91 12:38:00 EST
COMPASS '91
6th Annual Conference on Computer Assurance
National Institute of Standards and Technology, Gaithersburg, MD
June 24-28, 1991
Sponsored by IEEE National Capital Area Council &
IEEE Aerospace and Electronic Systems Society
COMPASS '91 PRE-CONFERENCE TUTORIALS, Monday, June 24th
0900 Registration for Tutorial 1
1000 Tutorial 1: Safe Systems--A Disciplined Approach
John McDermid, University of York
John Cullyer, University of Warwick
1200 Lunch; Registration for Tutorial 2
1300 Tutorial 1: Safe Systems--A Disciplined Approach (continued)
Tutorial 2: Software Safety Analysis--Linking Fault Trees
and Petri Nets
Janet Gill, Patuxent River Naval Air Test Center
1700 Close of tutorials
Safe Systems--A Disciplined Approach
Professor John McDermid, University of York, and Professor John Cullyer,
University of Warwick, will discuss the integration of formal methods into
the life cycle development of safety-critical software. Professor McDermid
will discuss the safety life cycle and the safety analysis of software.
Professor Cullyer will discuss the integration of formal methods during
the requirements and specification phases, design phases (including
hardware), and the verification and validation phase. Finally, Professor
McDermid will discuss the skills, education and training required to apply
formal methods to safety-critical software.
Software Safety Analysis--Linking Fault Trees and Petri Nets
Independently, fault trees and Petri nets serve limited evaluation purposes
in safety-critical systems. This tutorial presents a technique for
converting and linking fault tree analysis (FTA) with Petri net modeling
and vice versa. This technique permits the analyst to determine if a
software fault can be reached be analyzing the software in detail with FTA.
COMPASS '91 PROGRAM, Tuesday, June 25th
0800 Registration
0900 Opening Remarks, General Chair, Lt. Col. Anthony Shumskas,
Office of the Secretary of Defense, Department of Defense
0915 Honorary Chair Address
0930 Keynote Address, David L. Parnas, Queens University
1030 Break
1100 Conference Topic Panel: Educating Computer Scientists for the
Year 2000
Chair, John Cherniavsky, National Science Foundation
David L. Parnas, Queens University
Peter J. Denning, NASA Ames Research Center
William L. Sherlis, DARPA
John A. McDermid, University of York/British Computer Society
Bruce Barnes, National Science Foundation
Raymond Miller, University of Maryland
1245 Lunch
1345 Panel (continued)
1515 Break
1545 Questions from the audience to panel members
1830 Cocktail Reception/Banquet (Holiday Inn)
The Accidents of Life--From Conception to Our Last Moments
John Cullyer, University of Warwick
COMPASS '91 PROGRAM, Wednesday, June 26th
0800 Registration
0830 Computer Related Risk of the Year: Weak Links and Correlated Events
Peter G. Neumann, SRI International
0915 SESSION 1: EUROPEAN ECONOMIC COMMUNITY '92 PERSPECTIVES
Chair, John Cullyer, University of Warwick
Computer Software and Aircraft
J. Peter Potocki de Montalk, Airbus Industrie
Some Results From DRIVE
Thomas Buckley, University of Leeds
1015 Break
1045 SESSION 2: HOW INDUSTRY TRAINING IN COMPUTER ASSURANCE CAN BE
IMPROVED THROUGH EDUCATION
Chair, Diane Jachinowski, Nellcor
Peter G. Neumann, SRI International
J. Alan Taylor, British Computer Society
Claire Lohr, Lohr Systems
William Junk, University of Idaho
1245 Lunch
1345 SESSION 3A: CERTIFICATION AND SAFETY OF CRITICAL SYSTEMS
Chair, Michael Brown, Naval Surface Warfare Center
Certification of Production Representative/Production Software
Intensive Systems for Dedicated Test and Evaluation
Lt. Col. Anthony F. Shumskas, Office of the Secretary of Defense
Interrelationships of Problematic Components of Safety-Related
Automated Information Systems
Morey J. Chick, General Accounting Office
A Case-Study of Security Policy for Manual and Automated Systems
Edgar H. Sibley, James B. Michael, and Ravi Sandhu
George Mason University
1515 Break
1545 SESSION 3B: CERTIFICATION AND SAFETY OF CRITICAL SYSTEMS (CONTINUED)
Safety Criteria and Model for Mission-Critical Embedded Software
Systems
R. A. Gove and Janene Heinzman, Booz Allen, and Hamilton
A Case-Study on Isolation of Safety-Critical Software
Edward A. Addy, Logicon, Incorporated
1830 Birds of a Feather Meeting (Holiday Inn)
Presentation: Software Development Methods in Practice
J. V. Hill, Rolls-Royce and Associates Limited
COMPASS '91 PROGRAM, Wednesday, June 26th
0800 Registration
0830 Day's Keynote: High Assurance Computing
H. O. Lubbes, Naval Research Laboratory
0900 SESSION 4A: FORMAL METHODS
Chair, Andrew Moore, Naval Research Laboratory
Report on the Formal Specification and Partial Verification of
the VIPER Microprocessor
Bishop Brock and Warren A. Hunt, Computational Logic, Incorporated
Using Correctness Results to Verify Behavioral Properties of
Microprocessors
Phillip J. Windley, University of Idaho
Estella: A Facility for Specifying Behavorial Constraint Assertions
in Real-Time Rule-Based Systems
Albert Mo Kim Cheng, University of Houston; and
James C. Browne, Aloysius K. Mok, and Rwo-Hsi Wang,
University of Texas at Austin
1000 Break
1030 SESSION 4B: FORMAL METHODS (CONTINUED)
Design Strategy for a Formally Verified Reliable Computing Platform
Ricky Butler and James L. Caldwell, NASA Langley Research Center;
and Ben L. De Vito, Vigyan, Inc.
Specifying and Verifying Real-Time Systems Using Time Petri Nets and
Real-Time Temporal Logic
Xudong He, North Dakota State University
Developing Implementations of Estelle Specifications Using the PEDS
Toolkit
William Majurski, NIST
1245 Lunch
1345 SESSION 5: US AND INTERNATIONAL SPONSORED INITIATIVES
Chair, H. O. Lubbes, Naval Research Laboratory
NIST: Workshop on Assurance of High Integrity Software
Dolores R. Wallace, D. Richard Kuhn, NIST, and
John Cherniavsky, National Science Foundation
NASA Langley: Research Program in Formal Methods
Ricky Butler, NASA Langley Research Center
1445 Break
1515 SESSION 6: RISK CONTAINMENT PLANNING AND QUALITY MEASUREMENTS
Chair, Michael Brown, Naval Surface Warfare Center
Planning and Implementing and IV&V Program in a Large Scale DoD
Software Development Program
Florence Sippel and Kevin Mello, Naval Underwater Systems Center
Quality and Security, They Work Together
Richard Carr, Marie Tynan, NASA Headquarters; and
Russell Davis, PRC, Inc.
Data Collection and Descriptive Analysis: A First Step for
Developing Quality Software
Anita Shagnea, Kelly Hayhurst, and B. Edward Withers,
Research Triangle Park
Fault Locator and Weighting System
Jeffrey Bulow, General Electric, Syracuse
1715 Closing Remarks
Friday, June 28th
0830 - 1400 Forum: US and International Standards for High Integrity
Systems (DoD, Government, and Industry)
Chair, Dolores Wallace, National Institute of Standards and
Technology
[The packet was very long, including registration and hotel information.
You may get the complete version from John, or even from me. PGN]
Please report problems with the web pages to the maintainer