Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This is so absurd I should consider submitting it to rec.humor.funny. My guess
is a lot of companies put plugs on anyway and the law finally caught up - I
just can't imagine it any other way.
The British Plug In (San Jose Mercury News, 2 Feb 1992)
Britain has just announced that makers of electrical appliances in that
country must begin to attaching plugs to the ends of electrical cords.
Britons, for we don't know how long, have been required to buy plugs and
attach them to their new toasters, irons and electrical what have yous.
But now the Royal Society for the Prevention of Accidents, citing its
research into the matter, says it was surprised to learn that "it is common
practice everywhere else in the world to sell electrical goods with a plug
attached."
[And now, a plug for the Royal Society... PGN]
One of the San Diego off-airport parking outfits gave me a "time in" ticket dated February 30 (you can guess the real date). When I returned to retrieve my car on March 6th, I was presented with a demand for $3771.00 (at $11/day, $1/hour), to be paid before I was allowed to leave the lot. The garage attendant decided that this wasn't quite right, reentered the date into his "computer", and was again told that I was to pay $3771.00. At this point the manager was called for help (the exit line was getting quite long). I have a receipt here for $3771.00 for "parking". The travel accounting people are going to have fun with this one... :-) Tsutomu Shimomura tsutomu@LANL.GOV Los Alamos National Laboratory Los Alamos, NM 87545
The item below is reprinted in its entirety, from today's Independent, a UK
national newspaper. I do not recall any previous reports in RISKS of similar
cases of in-house "high-tech" cash dispenser robbery - but I must admit I have
not followed the stream of cash dispenser stories closely.
Brian Randell
====================
ROBBER 'FOILED BANK SYSTEM'
An electronics expert stole more than (pounds) 17,000 in a high-tech
robbery spree, plundering dozens of accounts from automatic cash dispensers
at banks, Paisley [Scotland] Sheriff Court was told yesterday.
Clydesdale Bank chiefs claimed their dispensing system was foolproof and told
angry customers that members of their own households must have been responsible
for making withdrawals without their knowledge.
Anthony Pratt, 32, a bank engineer, used a hand-held computer inside bank
premises to record transactions being made by customers at "hole-in-the-wall"
machines outside. He recorded the customer's secret number and later used it
on plastic cards he made with magnetic strips. Pratt, of East Kilbride, was
finally arrested after he took cash from a machine in Glasgow. He admitted
conspiracy to rob and robbery. Sentence was deferred for reports until 2 April.
Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923 FAX = +44 91 222 8232
On reading the Proceedings of the X-15 First Flight 30th Anniversary
Celebration (NASA CP-3105, Jan 1991), I ran across a section of some relevance
to Risks. Insertions in [] are mine.
In 1962, a very comprehensive, but little known, study was
initiated by Bob Nagle at AFFTC to quantify the benefits of
having a pilot and redundant-emergency systems [this seems to
be essentially a buzzword for "redundant systems"] on a research
vehicle. Each individual malfunction or abnormal event that
occurred after B-52 [X-15 launch aircraft] takeoff for the
first 47 free flights of the X-15 was analyzed. The outcome
of each event was forecast for three hypothetical models;
one with only the pilot but no redundant-emergency systems,
one with only the redundant-emergency systems but with no pilot,
and one with neither the pilot nor redundant-emergency systems
(i.e. single-string [buzzword for no redundancy], unmanned).
[The bar chart of results shows an expected failure rate of over
50% for the "neither" configuration, with many of the failures
destroying aircraft. Adding just a pilot or just redundant systems
produces only small improvements. Adding both takes the failure
rate down to near zero and eliminates aircraft losses.]
[Referring to the graph.] The unmanned, single-string system
would have had 11 additional aborts and resulted in the loss of
15 X-15s. [The actual program built only three!] Not surprising
is the fact that the pilot is of little value in a system
without redundant-emergency systems. He must have some alternate
course available in order to be effective. The redundant-emergency
systems were also found to be of little value in an unmanned
system primarily because the fault detection and switchover logic
must presuppose the type of failure or event. For example, few
designers would have built in a capability to handle an
inadvertent nose gear extension at Mach 4.5.
[That last refers to something that actually happened to an X-15.
Landing gear is normally designed to be extended at a maximum
of a few hundred MPH. Having gear extend at 3000+ MPH is a
horrifying prospect, but the X-15 was landed safely with minor
damage to the aircraft and the pilot unhurt.]
Of more than academic interest was a parallel, but independent,
study conducted by Boeing on the first 60 flights of their
BOMARC missile, an unmanned, single-string, ramjet-powered
interceptor. The authors collaborated on the ground rules for
the study but not on the actual analysis. The similarity of
the results [a virtually identical bar chart] is striking,
especially when considering that the X-15 study was projecting
from a piloted, redundant design to an unpiloted, nonredundant
design, and the BOMARC study was the reverse...
("X-15 Contributions to the X-30", Robert G. Hoey, pp 103-121.)
Henry Spencer at U of Toronto Zoology henry@zoo.toronto.edu utzoo!henry
The following article appeared in the Wednesday 11 March 1992 issue of The
Independent, a (quality) national paper here in the UK. It is quoted in its
entirety, except for the umlaut over the "a" in "Branneby", without permission.
(On a recent flight I took, as we taxied to the terminal after touch down, the
pilot thanked the passengers for flying with the particular airline, and
pointedly remarked that the safest part of our journey had just been completed
:-)
Brian Randell
=============
COMPUTER SYSTEMS DEVELOPED FOR AIRCRAFT ARE BEING ADAPTED FOR USE ON THE ROAD.
Susan Watts reports
CAR FIRM FORGES AHEAD WITH DRIVE-BY-WIRE PROTOTYPE
SAAB, the Swedish car maker, seems untouched by recent controversy over
fly-by-wire aircraft, and is pressing ahead with plans for a drive-by-wire car.
Fly-by-wire aircraft rely on software controls to a far greater extent than
conventional aircraft. Three fatal crashes of the A320 aircraft have raised
fears over the safety of such systems, and how easy they are to fly.
Saab's parent, the Saab Scania Group, has experience of computer-controlled
transport, having built the Grippen fly-by-wire fighter aircraft. Its
automotive engineers have produced a prototype computer-controlled car. The
Independent took a brief test drive yesterday. The car felt very smooth to
drive, and remarkably easy to handle, although we did only a few miles an hour.
Saab concedes that safety fears could be one of the biggest obstacles to
selling such a radical change in car design. But it predicts that by the time
the car is in production people will be more confident about
computer-controlled transport.
There is no steering wheel, but a joystick to one side of the driver. There is
no mechanical link between the joystick and the wheels a computer intervenes to
control and optimise the hydraulic steering. The car has a back-up control
system that performs the same basic tasks as the computer, but uses traditional
electronics. This is ready to switch into action if any part of the computer
fails, or the driver hits an emergency "stop" button. To steer, the driver
turns the joystick from side to side, and the computer translates this into
wheel movement. The car senses the driver's movements on the joystick,
translates these into the optimum wheel angles and feeds back information to
the driver by altering the response felt through the joystick. At low speeds,
for manoeuvres such as parking, a small movement of the joystick produces a
large change in direction of the wheels. At higher speeds this relationship
changes, so a larger movement of the joystick is needed to shift the wheels.
The prototype has a computer keyboard and flat-screen display in the passenger
seat, so the driver can modify the software to change the "feel" of the
joystick. Per Branneby, the Saab test engineer who heads the steer-by-wire
project, said: "I can make it feel like a go-kart or an American limousine."
The idea is that driving without a steering wheel is physically safer, because
you can fit an airbag where the steering wheel would be and avoid the crushing
injuries often sustained by drivers in accidents.
It should also be safer because the computer and hydraulics in between the
wheels and the joystick filter out "noise" from the road that would normally
make the steering wheel shake and judder such as stones in the road or gusty
winds.
Mr Branneby said drivers get most of the information they need to steer the car
by monitoring sideways forces on their seat. In the Saab car, the computer is
fed data from sensors that tell it about these forces, as well as the car's
speed and acceleration. The car does not sense the environment it is in, so
cannot respond automatically and change its steering to deal with a bumpy or
icy road, or a skid. This is the next stage in Saab's research.
The two-litre Saab 9000 Turbo used to test the active steering has automatic
gears and anti-lock brakes and a conventional accelerator, although Mr Branneby
said these may eventually be linked to the central computer. He does not
envisage production models of cars using steer-by-wire joysticks until 2010 or
2015, although a version with active steering applied to a conventional
steering wheel may come sooner. He also said a production model would probably
have two joysticks one for each arm so the driver can swap the arm in control.
Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923 FAX = +44 91 222 8232
------- Forwarded Message
Date: Thu, 12 Mar 92 19:15 GMT
From: Sanford Sherizen <0003965782@mcimail.com>
Subject: Corporate Strategies for Information Protection, Ethics and Privacy
As the Conference Program Director, I would like to invite readers of RISKS to
attend an important upcoming executive briefing entitled
AVOIDING MANAGERIAL LIABILITY: DEVELOPING CORPORATE STRATEGIES FOR
INFORMATION PROTECTION, ETHICS AND PRIVACY
Sunday evening, April 26 and all day Monday, April 27, 1992 at Bentley
College, Waltham, Mass.
Sponsored by the Center for Business Ethics at Bentley College
Managers are on the hotseat. They are increasingly being given responsibilities
for information protection, ethics and privacy issues. The emphasis of this
briefing will be on how managers can best respond to these challenges.
Technological developments are intensifying protection, ethics and privacy as
business problems. The Federal Sentencing Guidelines and other legal decisions
are defining senior managers as directly responsible for developing corporate
conduct rules and programs to deter organizational and employee wrongdoing. The
media and public opinion are more clearly defining appropriate and inappropriate
activities.
Managers need assistance to understand these complex issues and to select
appropriate business policy choices. Those attending this briefing will:
Evaluate information protection, ethics and privacy issues in
managerial/business terms;
Hear successful policy choices, options and tradeoffs;
Learn how to respond appropriately to these issues;
Have an opportunity to network with peers from around the nationa who
are facing similar decisions.
John Poduska, a respected figure in the computer field, will give the keynote
address on Sunday evening. On Monday, there will be overview presentations on
technology, law, and ethics strategies. Joe Murphy, co-editor of Corporate
Conduct Quarterly, will give a luncheon speech on the Federal Sentencing
Guidelines. Small interactive discussion groups will be formed to evaluate
scenario and to discuss specific strategies. The day will end with general
sessions and idea exchanges.
The fee for this exciting day-and-a-half conference will be $300. That includes
the program, a reception, all meals and informative briefing materials.
For further information, contact the Center for Business Ethics, Bentley
College, 175 Forest Street, Waltham, MA 02154-4705, (617) 891-2981. Specific
questions can also be sent to me by E-mail at MCI Mail 396-5782.
Sanford Sherizen, Data Security Systems, Natick, Mass.
The backlog is excessive, I was overly busy, and our computer systems suffered several outages at times that might otherwise have permitted me to put out another issue. Sorry for the delay. However, the backlog is mostly second- and third-order stuff, which may or may not get included in the future, depending. During the previous week I think I was too permissive, so I am likely to swing back the other way for a while. Thanks for your patience. PGN
[John Bartlett tells of his encounter with a flight attendant over the regulations restricting the use of external mice (mouses?)] Just 2 weeks ago I attended the RFI emission testing of our one of our X terminals and where did the major emission come from? If you guessed the mouse then you're right. A major source of emissions from equipment in the VHF band is the cables. They act as antennas, radiating whatever noise is on the circuits that connect to them. Mouse cables are often the worst offender since they are rarely shielded. So there is a very definite technological basis for this regulation but perhaps the problem could be covered better. I would prefer to see the regulation require that the mouse have FCC class B or CISPR 22 class B approval if this reduces the RFI levels to suitable levels. If this does not remove the problem then a new more stringent standard needs to be developed. But if a lower level of RFI is required, then why don't the laptops themselves interfere with navigation instruments ? It is risky in the least to assume that removing the mouse will turn an FCC class B laptop into a significantly quieter device. (By the way, leaving the mouse plugged in will most likely still radiate regardless of whether it is used or not.) Scott Colwell Labtam Australia Pty. Ltd. net: scott@labtam.labtam.oz.au Melbourne, Australia phone: +61-3-587-1444
But there very well may be [a difference]. I have seen cases in which *significant* interference was radiated from an external mouse cable [into a nearly audio input, as it happened]. All it takes is the airline running into one such case, and they will tend to ban the entire class of device. Such is the reasoning which [correctly, in my view] led to the banning quite a few years ago of "pin printers" on airplanes. When I would ask if I could use my portable computer [back then it was required that you ask], the answer was always, "Yes, but not if it has a printer on it." Seems the output drivers for the pins radiated a lot. These days, the boogyman de jure may be external mice. I don't doubt that they've seen at least one such case... Rob Warnock, MS-9U/510 Silicon Graphics, Inc., 2011 N. Shoreline Blvd., Mountain View, CA 94039-7311 (415)335-1673 rpw3@sgi.com
There is a potentially big difference. The wire leading to the mouse could
make a wonderful transmitting antenna through which the RF soup in your
shielded computer might leak out. Remember that it is only by the airline's
good graces that you're allowed to use the computer at all. Electronic devices
such as computers, radios and TV's are all potential sources of RF interference.
Only radios and TVs are typically banned because of the specific way in which
they interfere with VOR recievers. My guess is that American has traced
some interference to the use of a mouse. Other airlines can't be far behind.
Let's find ways to cooperate before the NTSB has to put the use of a mouse as a
probable cause for an accident. I'd rather know that the aircraft's navigation
equipment is working without interference than use a mouse. But then I *am*
typing this on a PowerBook.
--Craig
Several people have mentioned that mouse cords can affect aircraft
instrumentation. What are the known effects of, say, a six-foot mouse cord on
the altimeter of an Airbus 320?
bwrossmajer@descartes.waterloo.edu (Brian W. Rossmajer)
To all of you pointing out that a mouse cord can act as an antenna. Yes, I know it is possible, but was just passing on another's comment and didn't want to confuse the issue by adding my own editorial commentary. While I realize that air safety is a crucial issue, the airlines should have some of the burden of establishing a rational policy . If there is a significant danger from mouse cords, then they should explain and substantiate it. Otherwise, I'll confine all my flying to red-eyes since I'll have to treat airplanes as being good only for sleeping. If I'm awake, who knows what damage I'd do. On a slightly more serious note, are the electronics in airplane's all that fragile? Is a laptop computer really worse than a thunderstorm? Are camcorders allowed? Handheld LCD games? Flashbulbs? As our electronics become more mobile, the airlines have an opportunity to be compete the for the best environment. Some will provide travellers with better ways to work while travelling while others will offer an electronics-free environment for relaxation. Of course, the nonE flights would mean you can't even write a letter home without learning how to write with a pen (remember those?)
[This is an annual meeting of the security research community,
for serious security folks, and is usually an outstanding
gathering. Space limited, register early. See you there? PGN]
1992 SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY, 4-6 May 1992
REGISTRATION INFORMATION
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
7:00am: Registration opens
8:45--9:00: Welcoming Remarks: Deborah Cooper, John McLean
9:00--10:30: DISTRIBUTED SYSTEMS: John Rushby, Session Chair
9:00-- 9:30: On Inter-Realm Authentication in Large Distributed Systems
Virgil Gligor, Shyh-Wei Luan, Joseph Pato
9:30--10:00: Integrating Security in a Group Oriented Distributed System
Michael Reiter, Kenneth Birman, Li Gong
10:00--10:30: Authorization in Distributed Systems: A Formal Approach
Thomas Woo, Simon Lam
11:00--12:00: COVERT CHANNELS: Tom Berson, Session Chair
11:00--11:30: Lattice Scheduling and Covert Channels
Wei-Ming Hu
11:30--12:00: The Influence of Delay Upon an Idealized Channel's Bandwidth
Ira Moskowitz, Allen Miller
12:00--2:00: LUNCH (included in registration)
2:00--3:00: INTEGRITY: Dick Kemmerer, Session Chair
Marshall Abrams, Ed Amoroso, Teresa Lunt, James Williams
3:30--5:00: CRYPTOGRAPHIC PROTOCOLS: Dan Nessett, Session Chair
3:30--4:00: Encrypted Key Exchange: Password-Based Protocols Secure
Against Dictionary Attacks
Steven Bellovin, Michael Merritt
4:00--4:30 On Message Integrity in Cryptographic Protocols
Stuart Stubblebine, Virgil Gligor
4:30--5:00: Roles in Cryptographic Protocols
Einar Snekkenes
5:30 RECEPTION (good food and drinks, on the house)
8:00: POSTER SESSIONS
TUESDAY
9:00--10:30: SECURITY MODELS: George Dinolt, Session Chair
9:00-- 9:30: The Typed Access Matrix Model
Ravi Sandhu
9:30--10:00: A Resource Allocation Model for Denial of Service
Jonathan Millen
10:00--10:30: Non-Monotonic Transformation of Access Rights
Ravi Sandhu, Gurpreet Suri
11:00--12:00: INFORMATION FLOW: Dale Johnson, Session Chair
11:00--11:30 A Logical Approach to Multilevel Security of Probabilistic
Systems
James Gray, Paul Syverson
11:30--12:00 Using Traces of Procedure Calls to Reason About Composability
Catherine Meadows
12:00--2:00: LUNCH (included in registration)
2:00--3:00: INVITED SPEAKER: John McLean, Session Chair
2:00--3:00 Security in Distributed Systems
Butler Lampson
3:30--5:00: CONCURRENCY CONTROL: Tom Haigh, Session Chair
3:30--4:00: A Multilevel Transaction Problem for Multilevel Secure
Database Systems and Its Solution for the Replicated
Architecture
Oliver Costich, John McDermott
4:00--4:30: A Two Snapshot Algorithm for Concurrency Control Algorithm
in Secure Multi-Level Databases
Paul Ammann, Frank Jaeckle, Sushil Jajodia
4:30--5:00: Alternative Correctness Criteria for Concurrent
Execution of Transactions in Multilevel Secure Database
Systems
Sushil Jajodia, Vijayalakshmi Atluri
5:00: MEETING OF THE IEEE Technical Committee on Security and Privacy
8:00: POSTER SESSIONS
WEDNESDAY
9:00--10:30: SYSTEMS: Tanya Korelsky, Session Chair
9:00-- 9:30: Evolution of a Trusted B3 Window System Prototype
Jeremy Epstein, John McHugh, Rita Pascale,
Charles Martin, Douglas Rothnie, Hilarie Orman,
Ann Marmor-Squires, Martha Branstad, Bonnie Danner
9:30--10:00: A Neural Network Component For An Intrusion Detection System
Herve Debar, Monique Becker, Didier Siboni
10:00--10:30: An Optimal Solution to the Secure Reader Writer Problem
Glenn Benson
11:00--12:00: DATABASE SECURITY: John Dobson, Session Chair
11:00--11:30: Security for Object-Oriented Database Systems
Jonathan Millen, Teresa Lunt
11:30---12:00 A Natural Decomposition of Multi-level Relations
Frederic Cuppens, Kioumars Yazdanian
12:00--12:15: AWARDS
12:15: SYMPOSIUM ADJOURNS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ADVANCE (Mar/9/92 TO Mar/23/92) MEMBER $230
NONMEMBER $290
STUDENT $ 50
LATE (Mar/24/92 TO Apr/10/92) MEMBER $280
NONMEMBER $360
STUDENT $ 50
Since payment must be in US dollars only, please WIRE FEE to
Account Name: 1992 SYMP on RESRCH SEC & PRIVACY
Bank and Address: Home Savings of America
1800 North Sepulveda Boulevard
Manhattan Beach, CA 90266-9977
Bank Routing Number: 322070006
Bank Account Number: 1369041221
AND fax a copy of the wiring information to Liz Luntzel,
1 415 859-2844, so we know you've paid.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
You may email the following information to me, luntzel@csl.sri.com,
to register for the symposium.
Name:
Company:
Mail Stop:
Street Address:
City/State/Zip/Country:
Phone Number:
IEEE or IEEE Computer Society Member Number:
Do You Wish to Present at a Poster Session?
Have you participated in any recent research, development, or evaluation
project in computer Security? If so, please name the project and the area of
computer security:
cut:^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
CLAREMONT RESORT REGISTRATION: (YOU MUST REGISTER DIRECTLY WITH THE
CLAREMONT.) Cut-off Date: April 2, 1992
1992 IEEE Symposium on Research in Security and Privacy, May 4-6, 1992
Check-in time is after 3:00pm; check-out is 12:00 noon
SINGLE:
DOUBLE: (2 persons/1 bed)
DOUBLE DOUBLE (2 persons/2 beds)
All reservations must be accompanied by an advance deposit or credit card
guarantee. You may cancel your individual reservations up to 72 hours prior to
arrival, after which your deposit becomes nonrefundable. The telephone number
of the hotel is: (415)843-3000
To reserve Oakland Airport Transportation, please call 24 hours in advance to
(415)843-3000, x133.
Group Rates: $91 Single $103 Double
Name: (sharing with):
Company/Group:
Street Address:
City/State/Zip/Country::
I WILL ARRIVE ON (DAY) ____ (DATE):____
I WILL DEPART ON (DAY) ____ (DATE):____
I WILL GUARANTEE MY RESERVATION WITH:
ADVANCE DEPOSIT: ____
CREDIT CARD: ____
Type: Expiration Date:
Please mail this section of the form with your payment to:
The Claremont Resort
Ashby & Domingo Avenues
Oakland, CA 94623-0363
cut:^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Delta Airlines, Inc., is offering special fares to the Symposium. These fares
are based on Delta's published round-trip fares within the U.S. and San Juan.
A 5% discount off any published fare (except group, military, government
contract, Visit USA, and Delta's Canadian fares), providing all rules and
conditions of the airfare are met; a 45% discount off the unrestricted Coach
(Y,YN,Y1) fare. Seven days advance reservations and ticketing is required.
Exceptions: Travel from Delta's Canadian cities will apply at 40% discount, and
travel solely on Delta Connection Carriers will appy at a 35% discount. To
take advantage of these discounts, call Delta, or have your travel agent call,
at 1-800-241-6760, for reservations (8-11:00pm EST daily). Refer to file
number H0575. Certain restrictions may apply and seats are limited. These
discounts are available only through Delta's toll-free number.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you need any further information, including an on-line or FAX copy of the
program, please email me. We look forward to seeing you at the Symposium!
Liz Luntzel (Teresa Lunt's Assistant)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Please report problems with the web pages to the maintainer