The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 08

Thursday 25 July 1991

Contents

o Another false apprehension -- erroneous database information
PGN
o Human Error Blamed for Soviet N-Plant Problems
PGN
o Shuttle Atlantis out to launch
PGN
o Risks of getting used to computers
Geoff Kuenning
o Index of Known MsDos Malware: 998 viruses/trojans
Klaus Brunnstein
o Sometimes they even warn you about the pitfalls (self-trapping)
Andrew Koenig
o Smart cockpit with no backup
Henry Spencer
o Black boxes in autos for accident "facts"
Mark Seecof
o Re: Artificial Dissemination
Edward Jung
o Info on RISKS (comp.risks)

Another false apprehension -- erroneous database information

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 25 Jul 91 9:04:40 PDT
Herb Caen, the San Francisco Chronicle's chronicler of the chronic and (a)cute,
starts off the 25 July 91 column with this ad infin-item:

  Dennis Perry, an Oakland truck driver, and his good friend, Yvonne Kendrick
  -- both are black --- rented a Hertz car to drive to Maryland to visit his
  family.  They took along his 4-yr old dghtr, Danielle, and all went
  swimmingly until they were stopped in white-bread Williamsburg, Iowa, for no
  apparent reason.  The police ran a check on the car and found it listed by
  Hertz as stolen.  It wasn't, of course, but during the 24 hours it took Hertz
  to correct the mistake, Dennis and Yvonne were held in jail and Danielle went
  to a juvenile home.  Atty. Dennis Hecht is handling the inevitable suit."

The next item was on Judge Clarence Thomas not being able to get a cab in DC.
After that came another item for our series of computer-addressed mail:

  Jayne Valdez of Antioch forwards a copy of PG&E's closing bill addressed to
  her late father, "Bob A. Speake, Deceased," with this neatly boxed encomium
  printed on it: "Bob Speake, deceased for the last 12 months, you had an
  excellent payment record.  If you need to establish credit at another
  utility, you may use this message as a credit reference."


Human Error Blamed for Soviet N-Plant Problems

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 25 Jul 91 9:08:21 PDT
Moscow -- Human error caused 20 of the 59 shutdowns at Soviet nuclear power
plants in the first six months of 1991, the Trud newspaper reported yesterday.
"It is not the first time that we have to admit the obvious lack of elementary
safety culture in running reactors," Anatoly Mazlov, the government's head of
nuclear safety, said.  Mazlov reported that Soviet nuclear power plants worked
at only 67 percent capacity in the first six months of 1991.  [San Francisco
Chronicle, 24Jul91, p.A8]


Shuttle Atlantis out to launch

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 24 Jul 91 9:06:22 PDT
The 24Jul91 morning launch was scrubbed.  An NPR report indicated a "faulty
engine computer".

Postscript: The 25Jul91 San Fran Chronicle paper had a picture of Atlantis
mission commander John Blaha and mission specialist Shannon Lucid holding their
ears while fellow crew members taxied their T-38 trainers.  The caption briefly
mentioned the computer problem (with no details), but also noted that Blaha and
Lucid's T-38 failed to start for a return to Houston!  (T-38s require an
external jumpstart.)

It is perhaps worth contemplating whether computer failures have now become so
commonplace that newspaper folks decided there was no need for coverage of the
launch scrub itself!


Risks of getting used to computers

Geoff Kuenning <desint!geoff@uunet.UU.NET>
Sun, 21 Jul 91 16:02:12 PDT
The Sunday, July 21 edition of the Los Angeles Times has a story headlined
"LAPD Begins Crackdown on Computer Messages."  The story reports that the new
program is "aimed partly at finding and punishing" officers who sent offensive
personal messages cited in the recent Christopher Commission report (issued in
the wake of the Rodney King beating) as evidence of departmental racism and
sexism.  The program "is also aimed at stopping...even innocuous personal
messages."

The story goes on to state that several officers have been assigned to the task
of spot-checking daily printouts of messages.  "Efforts [will be] made to find
out who sent" offending messages.  It also reports that "snooping by
headquarters has led to a 25% decline in...traffic."

"Creating a context for the messages is...difficult because [of an] inflexible
computer program," according to the article.  Only chronological printouts are
available, making it difficult to extract messages relating to a particular
car.  Messages from a patrol car are not identified as to which of two officers
sent them, although sergeants, who occupy cars alone, can be uniquely
identified.  "The department is trying to get computer experts to write
programs" that will extract messages from one car.

I see two risks here.  The first, of course, is to the officers, who became so
comfortable with the computer system that they forgot (or perhaps were never
aware?) that their messages could be monitored.  The second is to the
department, which is now unable to extract useful data from their files.  (This
makes me wonder.  Wouldn't it be useful to them in court cases to be able to
extract the messages from a particular car over a period of an hour or so?)

I also wonder if the Electronic Communications Privacy Act would apply here.
Did the officers have a reasonable expectation of privacy in any of their
messages?
            Geoff Kuenning   geoff@ITcorp.com   uunet!desint!geoff


Index of Known Malware: 998 viruses/trojans

Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.dbp.de>
24 Jul 91 12:38 +0100
After weeks of work and excellent assistance of David Chess, Yisrael Radai,
Alan Solomon, Padgett Peterson and some others, I just published the "Index of
Known Malicious Software: MsDos systems". It covers most of the viruses and
trojans reported in this arena (similar indices for Amiga and Macintosh to
follow later this year). When summing up, I was deeply depressed: the index
counts:
                120 virus families ("strains)") with 59 more sub-families
                    with 744 viruses, variants and clones
                    plus   7 trojans,
                and      228 single (non-strain) viruses
                plus      19 trojans
                *** totalling 998 pieces of malware ***

Though some people (including Alan Solomon) foresaw 1,000 viruses later this
year, the rise in figures has been underestimated. As this development is
likely to continue, antivirus experts should cooperate even more strongly than
contemporarily discussed.

At the same time, the July edition of VTCs Computer Virus Catalog describes
                + 8 AMIGA viruses totalling 54 viruses
                +10 Macintosh viruses totalling 20 (out of 28 existing)
                +14 PC viruses/trojans totalling 84
The disparity between "virus known" and "viruses classified" (with the aim to
maintain a good quality over quantity of classification) demands other tools
and methods for analysis, classification and production of countermeasures. We
are working harder to a more actual version of Virus Catalog; I am glad that
Mr.Jahn joined VTC (for a doctor workm on secure databanks), and that Vesselin
Bonchev will join us next week for a (not yet specified) dissertation. On the
Moreover, I appreciate any cooperation with serious antivirus experts.

VTC documents (Index of Known Malicious Software: IMSDOS.791; Index of Virus
Catalog: Index.791; all entries classified up to now) are now available from
FTP:
         Our FTP server:  ftp.rz.informatik.uni-hamburg.de
         Login anonymous
         ID as you wish (preferably your name)
         dir: directory of available information
         cd pub/virus: VTCs documents

Hoping that this works, I will be absent (with Auto-Reply on) on a sailing trip
(with my schooner "Arethusa" which is a small replica of BLUENOSE but with
staysails) until August 18. 1991.        Klaus Brunnstein, Hamburg


Sometimes they even warn you about the pitfalls (self-trapping alarms)

<ark@research.att.com>
Wed, 24 Jul 91 22:11:38 EDT
I have a car with a built-in burglar alarm.  The alarm is activated if the last
door locked is locked from the outside without a key (by locking it on the
INSIDE and then holding onto the door handle while closing the door).  That
means that it doesn't matter who leaves the car first; the alarm will still be
armed at a sensible time.

Once the alarm is armed, any attempt to open a door from the inside (after
breaking a window, for example) or to start the car, without first unlocking
one of the doors from the outside with a key, will set off the alarm.

Do you see the pitfall?  The owner's manual actually warns about it.  Suppose
you're sitting in the car with a passenger.  You have locked the door from the
inside.  Your passenger gets out, locking the other door from the outside.
That has just armed the alarm.  It is now impossible for you to get out of the
car or start the engine without setting off the alarm.  With luck, you noticed
this was going to happen when the "alarm" light on the center console started
flashing; if you caught it in time you could unlock your door from the inside
and stop it from arming.  Once it's been armed, though, all you can do is get
out of the car, setting off the alarm, and then turn off the alarm from the
outside by unlocking the driver's door with the key.  I hope your passenger
didn't take the key.


Smart cockpit with no backup

<henry@zoo.toronto.edu>
Wed, 24 Jul 91 02:12:19 EDT
The May 20 issue of Aviation Week (I'm catching up on old issues) has a short
piece on the avionics being planned for the USAF's new fighter, the Lockheed
F-22.  It's no surprise that flight information will be displayed on
computer-driven digital displays.  What is a bit surprising is that the usual
set of small mechanical backup instruments will not be present.  Talk about
flight-critical software...
                              Henry Spencer at U of Toronto Zoology utzoo!henry


black boxes in autos for accident "facts"

Mark Seecof <marks@capnet.latimes.com>
Wed, 24 Jul 91 12:13:14 -0700
Excerpts from an article in the Los Angeles Times June 13, 1991; page E8.
Edited and submitted to RISKS Digest by Mark Seecof <marks@latimes.com> of the
L.A. Times Publishing Systems Department.

  [elisions and bracketed comments mine --Mark S.]

  ``A Black Box Tells Just the Facts'' LEGAL VIEW column by Jeffrey S. Klein
  and Louis M. Brown.  Klein is an attorney and president of the Times' San
  Fernando Valley and Ventura County Editions.  Brown is professor of law
  emeritus at USC and chairman of the board for the National Center for
  Preventive Law.

  Most court cases about auto accidents involve disputes about facts, not the
  law.  That means lawyers argue mostly about how fast a car was going, who
  didn't stop at the red light, whether a driver crossed over the double yellow
  line, and similar questions.  Less time is spent debating legal niceties, such
  as jury instructions or rules of evidence.

  One innovative idea to reduce the time and expense of re-creating the scene
  of an auto accident in the courtroom was recently suggested by Harold Weston,
  a Los Angeles lawyer: a ``black box'' for automobiles, just like those in the
  cockpits of commercial airplanes.  Weston offered his proposal in a legal
  publication, the Los Angeles Daily Journal.  The black box would include a
  running video camera that would record events just the way the driver sees
  them.

  A black box could also record speed, acceleration, braking, turn signals, and
  even whether the seat belt was fastened.  Perhaps the device that triggers
  the air bag could tell the black box that an accident has occurred, Weston
  noted.  ``If we are going to have dashboards that look like cockpits,
  shifters that look like throttles, and turbos that sound like turbines, we
  might as well add the black boxes to complete the whole image,'' he wrote.

  In fact, there is such a device, invented by Joseph A. Michetti, who lives in
  Ventura.  A patent for it was issued in 1989 and it is now being developed
  for marketing, including a five-minute video about the device, called a
  ``vero-vedi.''  It has not only one video camera but two--one directed
  forward and one directed rearward.

  Of course, a video recording of an accident, even if it captures all the
  relevant details, will not reduce the number of accidents, but it could cut
  down the work of lawyers and judges--and give juries a much better factual
  base upon which to make decisions.  It could also settle insurance claims
  that might otherwise wind up in court.  If an insurance company can see who
  was at fault, there is less likely to be a courtroom battle.

  Pictures of ``facts'' can be admissible in the courtroom.  We are all
  accustomed to seeing photographs offered as evidence.  And some lawyers now
  make video recordings of the signing of a will.

  A video camera in every car might sound expensive in the short run, but it is
  also preventive.  It could save lots of insurance company, lawyer, and court
  time.

That's the end of the column.  Below are my comments, which of course reflect
only my personal opinions and not those of my employer.

There are many unexplored ramifications of implementing such a system.  Off
the top of my head I think of: self-incrimination problems (especially if
police want to review the black boxes from every blue Ford sedan on Oahu after
a hit-and-run accident, or what if a tape shows some OTHER crime?), sabotage
problems (by guilty drivers), and forgery problems (people buy warranty-voiding
replacement PROMS for their car computers to increase performance (with greater
smog output as the chief side-effect), so I think a market for black boxes
which never record excessive speed or always record seatbelt usage would
develop, plus another market for "clean videotapes" to be substituted after an
accident).

I read an article in Smithsonian sometime in the last year or two (I've hunted
for the issue but I must have discarded it)... about very-long haul trucking in
Europe/Asia/Africa.  Trucks carry goods from England to the Middle-east across
many European countries.  The trucks are required to have chart recorders that
show speed and distance travelled against time.  These are called tachymeters
and the charts (recorded in a circular fashion) are called "tacho discs."
Police review the tacho discs to catch drivers who speed or break hours-of-work
rules.  The drivers abominate the tacho system and I for one feel some sympathy
for them as the police can use the tacho records as a basis for punishing even
trivial violations, or worse, to "detect" violations which may have happened in
extenuating circumstances not recorded by the device (e.g., exceeding speed
limit to pass a very slow vehicle during a small window of opportunity).

Moreover, I suggest that electronic monitoring devices encourage a unilateral
(by enforcement agencies and people with axes to grind) revision of the social
contract on which traffic laws are ultimately based.  You see, electronic
monitoring helps to enforce the strict numerical or other limits in the laws.
But real people tend to expect (a) fuzzy enforcement to match their fuzzy
obedience (driving 57 or 58 is "close enough" to 55 for most people), (b)
lenient enforcement under "otherwise safe" circumstances to match the general
belief that it's not much of a crime to speed a little on a good road in good
light when there aren't too many other cars around, and last but perhaps most
important: fuzzy, lenient enforcement to allow for the fact that the laws are
generally much stricter than the majority of voters really want.

I've read of studies showing that a large majority of drivers think they're
"better" or "much better than average" drivers.  Obviously this is impossible.
I suspect that the same drivers (remember, that's most of 'em...  including
me!) believe that they're qualified by their skills to exercise more discretion
than other folks about bending traffic rules.  This self-confidence, coupled
with the famous inability of legislators to resist voting for harsh laws (so as
to avoid accusations of being "soft on drunk drivers|crime|whatever"), means
that the laws on the books are often more restrictive than the concensus on
what the "practical" law should be.  The public relies on soft enforcement
practices to make the system work.  Micrometric law enforcement is something
for which our culture, not to say our legal system, really isn't prepared.

Indeed, there's reason to believe that "human nature" wants us to set the
posted speed limit five or ten MPH below what we want the actual top speeds to
remain because that's the amount by which people will routinely exceed the
posted limit.  If you figure that the posted limit has been pegged 10 MPH low
for reasons rooted in human psychology, with the concomitant expectation of
fuzzy enforcement, then to introduce strict enforcement would amount to a 10
MPH revision of the "real" speed limit.

I think that police, prosecutors, and insurance adjusters tend to like
technical means of detecting and quantifying violations of laws or standards,
because these means reduce the amount of discretion exercised by the enforcers
of the rules and thus the amount of post-hoc argument over how that discretion
was exercised.

However, the laws on the books assume the exercise of discretion.  Changing
the amount of slop in enforcement decisions without changing the standards
seems a dangerous business to me.  Because it's easier to add a new method than
to revise an old standard ("What?  You want to have more children run over by
speed maniacs?") we might ratchet ourselves into situation that no one really
wants.

The biggest RISK of black-boxes for automobiles is that they'll enable strict
enforcement of the wrong set of standards.

Footnote: California has several special rules intended to fuzz traffic
enforcement in favor of putative violators.  The Highway Patrol (state
troopers) mostly don't (can't) use radar.  Local cops can use radar only after
special formalities to justify the limits they're enforcing.  $22351 CVC allows
a special defense to charges of breaking a posted speed limit < 55 MPH; which
is that the driver's speed was safe even though it was over the limit.  Because
the limit is presumed on its face to be the safe limit, this defense must be
proven by the defendant.  People actually do this now and then; the law serves
as a check on local jurisdictions which might use unreasonably low speed limits
as fine-generating revenue boosters.  Lastly, petty violators (including minor
speeding tickets but not including reckless or drunk driving) can often avoid
trial, conviction, and punishment by going to a court-ordered "traffic school"
which costs about $50 and eight hours of excruciating boredom but saves a fine,
point count, and what amounts to another (huge) fine in the form of giant
insurance premium increase.  Drivers can only do the "traffic school" bit once
every 18 months, but the very existence of the dodge (which has been shown to
have no effect on accident rates) is an acknowlegement that the official
punishment for minor traffic offenses is too harsh.


Re: Artificial Dissemination (See Curtin, RISKS-12.05)

<edwardj@microsoft.com>
Fri Jul 19 01:48:33 1991
For the edification of the readers of this newsgroup I will repeat what has
been said in the press already about the Bill Gates memo: it was not an email
message, but a message sent via paper and routed through inter-office mail.

Any leaking that occurred would have happened from someone copying the memo and
sending it to an external source.  There was no forwarding of email involved.
It is therefore not an example of comp.risks as much as an example of
human-resources.risks!

Edward Jung

Please report problems with the web pages to the maintainer

Top