The RISKS Digest
Volume 13 Issue 28

Monday, 16th March 1992

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


"British plug in"
Grant Grundler
Airport parking is expensive, but ... [this is ridiculous]
Tsutomu Shimomura
Computer-Aided Robbery at Clydesdale Bank
Brian Randell
X-15 reliability experience
Henry Spencer
Fly-by-wire SAAB
Brian Randell
Corporate Strategies for Info Protection, Ethics and Privacy
Sanford Sherizen
RISKS backlog
Re: American Mice (Mouse interference)
Scott Colwell
Rob Warnock
Brian Rossmajer
Registration for IEEE SRSP (Research in Security and Privacy)
Liz Luntzel
Info on RISKS (comp.risks)

"British plug in"

Grant Grundler <>
Thu, 12 Mar 92 16:25:55 PST
This is so absurd I should consider submitting it to rec.humor.funny.  My guess
is a lot of companies put plugs on anyway and the law finally caught up - I
just can't imagine it any other way.

         The British Plug In (San Jose Mercury News, 2 Feb 1992)

  Britain has just announced that makers of electrical appliances in that
country must begin to attaching plugs to the ends of electrical cords.
  Britons, for we don't know how long, have been required to buy plugs and
attach them to their new toasters, irons and electrical what have yous.
  But now the Royal Society for the Prevention of Accidents, citing its
research into the matter, says it was surprised to learn that "it is common
practice everywhere else in the world to sell electrical goods with a plug
                            [And now, a plug for the Royal Society...  PGN]

Airport parking is expensive, but ... [this is ridiculous]

Tsutomu Shimomura <tsutomu@NO-SENSE.LANL.GOV>
Thu, 12 Mar 92 15:09:34 -0700
One of the San Diego off-airport parking outfits gave me a "time in" ticket
dated February 30 (you can guess the real date).  When I returned to retrieve
my car on March 6th, I was presented with a demand for $3771.00 (at $11/day,
$1/hour), to be paid before I was allowed to leave the lot.  The garage
attendant decided that this wasn't quite right, reentered the date into his
"computer", and was again told that I was to pay $3771.00.  At this point the
manager was called for help (the exit line was getting quite long).

I have a receipt here for $3771.00 for "parking".  The travel accounting people
are going to have fun with this one... :-)

Tsutomu Shimomura           tsutomu@LANL.GOV
Los Alamos National Laboratory      Los Alamos, NM  87545

Computer-Aided Robbery at Clydesdale Bank

Fri, 13 Mar 92 10:09:10 GMT
The item below is reprinted in its entirety, from today's Independent, a UK
national newspaper. I do not recall any previous reports in RISKS of similar
cases of in-house "high-tech" cash dispenser robbery - but I must admit I have
not followed the stream of cash dispenser stories closely.
                                                              Brian Randell


An electronics expert stole more than (pounds) 17,000 in a high-tech
robbery spree, plundering dozens of accounts from automatic cash dispensers
at banks, Paisley [Scotland] Sheriff Court was told yesterday.

Clydesdale Bank chiefs claimed their dispensing system was foolproof and told
angry customers that members of their own households must have been responsible
for making withdrawals without their knowledge.

Anthony Pratt, 32, a bank engineer, used a hand-held computer inside bank
premises to record transactions being made by customers at "hole-in-the-wall"
machines outside.  He recorded the customer's secret number and later used it
on plastic cards he made with magnetic strips.  Pratt, of East Kilbride, was
finally arrested after he took cash from a machine in Glasgow.  He admitted
conspiracy to rob and robbery. Sentence was deferred for reports until 2 April.

Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK PHONE = +44 91 222 7923 FAX = +44 91 222 8232

X-15 reliability experience

Henry Spencer <>
Sun, 15 Mar 92 20:11:54 EST
On reading the Proceedings of the X-15 First Flight 30th Anniversary
Celebration (NASA CP-3105, Jan 1991), I ran across a section of some relevance
to Risks.  Insertions in [] are mine.

    In 1962, a very comprehensive, but little known, study was
    initiated by Bob Nagle at AFFTC to quantify the benefits of
    having a pilot and redundant-emergency systems [this seems to
    be essentially a buzzword for "redundant systems"] on a research
    vehicle.  Each individual malfunction or abnormal event that
    occurred after B-52 [X-15 launch aircraft] takeoff for the
    first 47 free flights of the X-15 was analyzed.  The outcome
    of each event was forecast for three hypothetical models;
    one with only the pilot but no redundant-emergency systems,
    one with only the redundant-emergency systems but with no pilot,
    and one with neither the pilot nor redundant-emergency systems
    (i.e. single-string [buzzword for no redundancy], unmanned).

    [The bar chart of results shows an expected failure rate of over
    50% for the "neither" configuration, with many of the failures
    destroying aircraft.  Adding just a pilot or just redundant systems
    produces only small improvements.  Adding both takes the failure
    rate down to near zero and eliminates aircraft losses.]

    [Referring to the graph.]  The unmanned, single-string system
    would have had 11 additional aborts and resulted in the loss of
    15 X-15s.  [The actual program built only three!]  Not surprising
    is the fact that the pilot is of little value in a system
    without redundant-emergency systems.  He must have some alternate
    course available in order to be effective.  The redundant-emergency
    systems were also found to be of little value in an unmanned
    system primarily because the fault detection and switchover logic
    must presuppose the type of failure or event.  For example, few
    designers would have built in a capability to handle an
    inadvertent nose gear extension at Mach 4.5.

    [That last refers to something that actually happened to an X-15.
    Landing gear is normally designed to be extended at a maximum
    of a few hundred MPH.  Having gear extend at 3000+ MPH is a
    horrifying prospect, but the X-15 was landed safely with minor
    damage to the aircraft and the pilot unhurt.]

    Of more than academic interest was a parallel, but independent,
    study conducted by Boeing on the first 60 flights of their
    BOMARC missile, an unmanned, single-string, ramjet-powered
    interceptor.  The authors collaborated on the ground rules for
    the study but not on the actual analysis.  The similarity of
    the results [a virtually identical bar chart] is striking,
    especially when considering that the X-15 study was projecting
    from a piloted, redundant design to an unpiloted, nonredundant
    design, and the BOMARC study was the reverse...

("X-15 Contributions to the X-30", Robert G. Hoey, pp 103-121.)

Henry Spencer at U of Toronto Zoology    utzoo!henry

Fly-by-wire SAAB

Thu, 12 Mar 92 11:03:25 GMT
The following article appeared in the Wednesday 11 March 1992 issue of The
Independent, a (quality) national paper here in the UK. It is quoted in its
entirety, except for the umlaut over the "a" in "Branneby", without permission.
(On a recent flight I took, as we taxied to the terminal after touch down, the
pilot thanked the passengers for flying with the particular airline, and
pointedly remarked that the safest part of our journey had just been completed
        Brian Randell


Susan Watts reports


SAAB, the Swedish car maker, seems untouched by recent controversy over
fly-by-wire aircraft, and is pressing ahead with plans for a drive-by-wire car.
Fly-by-wire aircraft rely on software controls to a far greater extent than
conventional aircraft. Three fatal crashes of the A320 aircraft have raised
fears over the safety of such systems, and how easy they are to fly.

Saab's parent, the Saab Scania Group, has experience of computer-controlled
transport, having built the Grippen fly-by-wire fighter aircraft. Its
automotive engineers have produced a prototype computer-controlled car. The
Independent took a brief test drive yesterday.  The car felt very smooth to
drive, and remarkably easy to handle, although we did only a few miles an hour.

Saab concedes that safety fears could be one of the biggest obstacles to
selling such a radical change in car design. But it predicts that by the time
the car is in production people will be more confident about
computer-controlled transport.

There is no steering wheel, but a joystick to one side of the driver. There is
no mechanical link between the joystick and the wheels a computer intervenes to
control and optimise the hydraulic steering.  The car has a back-up control
system that performs the same basic tasks as the computer, but uses traditional
electronics. This is ready to switch into action if any part of the computer
fails, or the driver hits an emergency "stop" button.  To steer, the driver
turns the joystick from side to side, and the computer translates this into
wheel movement. The car senses the driver's movements on the joystick,
translates these into the optimum wheel angles and feeds back information to
the driver by altering the response felt through the joystick. At low speeds,
for manoeuvres such as parking, a small movement of the joystick produces a
large change in direction of the wheels. At higher speeds this relationship
changes, so a larger movement of the joystick is needed to shift the wheels.

The prototype has a computer keyboard and flat-screen display in the passenger
seat, so the driver can modify the software to change the "feel" of the
joystick. Per Branneby, the Saab test engineer who heads the steer-by-wire
project, said: "I can make it feel like a go-kart or an American limousine."

The idea is that driving without a steering wheel is physically safer, because
you can fit an airbag where the steering wheel would be and avoid the crushing
injuries often sustained by drivers in accidents.

It should also be safer because the computer and hydraulics in between the
wheels and the joystick filter out "noise" from the road that would normally
make the steering wheel shake and judder such as stones in the road or gusty

Mr Branneby said drivers get most of the information they need to steer the car
by monitoring sideways forces on their seat. In the Saab car, the computer is
fed data from sensors that tell it about these forces, as well as the car's
speed and acceleration.  The car does not sense the environment it is in, so
cannot respond automatically and change its steering to deal with a bumpy or
icy road, or a skid. This is the next stage in Saab's research.

The two-litre Saab 9000 Turbo used to test the active steering has automatic
gears and anti-lock brakes and a conventional accelerator, although Mr Branneby
said these may eventually be linked to the central computer. He does not
envisage production models of cars using steer-by-wire joysticks until 2010 or
2015, although a version with active steering applied to a conventional
steering wheel may come sooner. He also said a production model would probably
have two joysticks one for each arm so the driver can swap the arm in control.

Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK PHONE = +44 91 222 7923 FAX = +44 91 222 8232

Bugging ISDN

Fri, 13 Mar 92 07:06:38 -0800
------- Forwarded Message

Date: Thu, 12 Mar 92 19:15 GMT
From: Sanford Sherizen <>
Subject: Corporate Strategies for Information Protection, Ethics and Privacy

As the Conference Program Director, I would like to invite readers of RISKS to
attend an important upcoming executive briefing entitled


        Sunday evening, April 26 and all day Monday, April 27, 1992 at Bentley
        College, Waltham, Mass.

        Sponsored by the Center for Business Ethics at Bentley College

Managers are on the hotseat.  They are increasingly being given responsibilities
for information protection, ethics and privacy issues.  The emphasis of this
briefing will be on how managers can best respond to these challenges.

Technological developments are intensifying protection, ethics and privacy as
business problems.  The Federal Sentencing Guidelines and other legal decisions
are defining senior managers as directly responsible for developing corporate
conduct rules and programs to deter organizational and employee wrongdoing.  The
media and public opinion are more clearly defining appropriate and inappropriate

Managers need assistance to understand these complex issues and to select
appropriate business policy choices.  Those attending this briefing will:

        Evaluate information protection, ethics and privacy issues in
        managerial/business terms;

        Hear successful policy choices, options and tradeoffs;

        Learn how to respond appropriately to these issues;

        Have an opportunity to network with peers from around the nationa who
        are facing similar decisions.

John Poduska, a respected figure in the computer field, will give the keynote
address on Sunday evening.  On Monday, there will be overview presentations on
technology, law, and ethics strategies.  Joe Murphy, co-editor of Corporate
Conduct Quarterly, will give a luncheon speech on the Federal Sentencing
Guidelines.  Small interactive discussion groups will be formed to evaluate
scenario and to discuss specific strategies.  The day will end with general
sessions and idea exchanges.

The fee for this exciting day-and-a-half conference will be $300.  That includes
the program, a reception, all meals and informative briefing materials.

For further information, contact the Center for Business Ethics, Bentley
College, 175 Forest Street, Waltham, MA 02154-4705, (617) 891-2981.  Specific
questions can also be sent to me by E-mail at MCI Mail 396-5782.

Sanford Sherizen, Data Security Systems, Natick, Mass.


RISKS Forum <>
Mon, 16 Mar 92 14:45:03 PST
The backlog is excessive, I was overly busy, and our computer systems suffered
several outages at times that might otherwise have permitted me to put out
another issue.  Sorry for the delay.  However, the backlog is mostly second-
and third-order stuff, which may or may not get included in the future,
depending.  During the previous week I think I was too permissive, so I am
likely to swing back the other way for a while.  Thanks for your patience.  PGN

Mice do roar! was re: Mouse restrictions on American Airlines

Scott Colwell <>
Wed, 11 Mar 92 13:46:09 +1000
[John Bartlett tells of his encounter with a flight attendant over the
regulations restricting the use of external mice (mouses?)]

Just 2 weeks ago I attended the RFI emission testing of our one of our
X terminals and where did the major emission come from?  If you guessed the
mouse then you're right.

A major source of emissions from equipment in the VHF band is the
cables.  They act as antennas, radiating whatever noise is on the circuits
that connect to them.  Mouse cables are often the worst offender since they
are rarely shielded.

So there is a very definite technological basis for this regulation but
perhaps the problem could be covered better.  I would prefer to see the
regulation require that the mouse have FCC class B or CISPR 22 class B
approval if this reduces the RFI levels to suitable levels.  If this does
not remove the problem then a new more stringent standard needs to be

But if a lower level of RFI is required, then why don't the laptops
themselves interfere with navigation instruments ? It is risky in the least
to assume that removing the mouse will turn an FCC class B laptop into a
significantly quieter device.

(By the way, leaving the mouse plugged in will most likely still radiate
regardless of whether it is used or not.)

Scott Colwell
Labtam Australia Pty. Ltd.  net:
Melbourne, Australia        phone:  +61-3-587-1444

Re: Mouse restrictions on American Airlines (Frankston, RISKS-13.26)

Rob Warnock <>
Mon, 9 Mar 92 08:37:06 GMT
But there very well may be [a difference]. I have seen cases in which
*significant* interference was radiated from an external mouse cable [into a
nearly audio input, as it happened]. All it takes is the airline running into
one such case, and they will tend to ban the entire class of device. Such is
the reasoning which [correctly, in my view] led to the banning quite a few
years ago of "pin printers" on airplanes. When I would ask if I could use my
portable computer [back then it was required that you ask], the answer was
always, "Yes, but not if it has a printer on it." Seems the output drivers for
the pins radiated a lot. These days, the boogyman de jure may be external mice.
I don't doubt that they've seen at least one such case...

Rob Warnock, MS-9U/510 Silicon Graphics, Inc., 2011 N. Shoreline Blvd.,
Mountain View, CA 94039-7311        (415)335-1673

Re: Mouse restrictions on American Airlines (Frankston, RISKS-13.26)

Usenet Newsmaster, <>
Mon, 9 Mar 92 01:29:08 PST
There is a potentially big difference.  The wire leading to the mouse could
make a wonderful transmitting antenna through which the RF soup in your
shielded computer might leak out.  Remember that it is only by the airline's
good graces that you're allowed to use the computer at all.  Electronic devices
such as computers, radios and TV's are all potential sources of RF interference.
Only radios and TVs are typically banned because of the specific way in which
they interfere with VOR recievers.  My guess is that American has traced
some interference to the use of a mouse.  Other airlines can't be far behind.

Let's find ways to cooperate before the NTSB has to put the use of a mouse as a
probable cause for an accident.  I'd rather know that the aircraft's navigation
equipment is working without interference than use a mouse.  But then I *am*
typing this on a PowerBook.

Risky humour

Brian Rossmajer <>
Sun, 8 Mar 92 14:26:05 EST
    Several people have mentioned that mouse cords can affect aircraft
instrumentation.  What are the known effects of, say, a six-foot mouse cord on
the altimeter of an Airbus 320?  (Brian W. Rossmajer)


Mon 9 Mar 1992 09:15 -0500
To all of you pointing out that a mouse cord can act as an antenna.  Yes, I
know it is possible, but was just passing on another's comment and didn't want
to confuse the issue by adding my own editorial commentary.

While I realize that air safety is a crucial issue, the airlines should have
some of the burden of establishing a rational policy .  If there is a
significant danger from mouse cords, then they should explain and
substantiate it.  Otherwise, I'll confine all my flying to red-eyes since
I'll have to treat airplanes as being good only for sleeping.  If I'm awake,
who knows what damage I'd do.

On a slightly more serious note, are the electronics in airplane's all that
fragile?  Is a laptop computer really worse than a thunderstorm?  Are
camcorders allowed?  Handheld LCD games?  Flashbulbs?  As our electronics
become more mobile, the airlines have an opportunity to be compete the for
the best environment.  Some will provide travellers with better ways to work
while travelling while others will offer an electronics-free environment for
relaxation.  Of course, the nonE flights would mean you can't even write a
letter home without learning how to write with a pen (remember those?)

Email registration for IEEE SRSP [Program from RISKS-13.05 repeated]

Elizabeth Luntzel <>
Mon, 16 Mar 92 14:47:01 -0800
              [This is an annual meeting of the security research community,
              for serious security folks, and is usually an outstanding
              gathering.  Space limited, register early.  See you there?  PGN]



7:00am:         Registration opens
8:45--9:00: Welcoming Remarks: Deborah Cooper, John McLean

9:00--10:30:    DISTRIBUTED SYSTEMS: John Rushby, Session Chair
  9:00-- 9:30:  On Inter-Realm Authentication in Large Distributed Systems
            Virgil Gligor, Shyh-Wei Luan, Joseph Pato
  9:30--10:00:  Integrating Security in a Group Oriented Distributed System
            Michael Reiter, Kenneth Birman, Li Gong
 10:00--10:30:  Authorization in Distributed Systems:  A Formal Approach
            Thomas Woo, Simon Lam

11:00--12:00:   COVERT CHANNELS:  Tom Berson, Session Chair
  11:00--11:30: Lattice Scheduling and Covert Channels
            Wei-Ming Hu
  11:30--12:00: The Influence of Delay Upon an Idealized Channel's Bandwidth
            Ira Moskowitz, Allen Miller

12:00--2:00:    LUNCH (included in registration)

2:00--3:00: INTEGRITY: Dick Kemmerer, Session Chair
                       Marshall Abrams, Ed Amoroso, Teresa Lunt, James Williams

3:30--5:00: CRYPTOGRAPHIC PROTOCOLS: Dan Nessett, Session Chair
  3:30--4:00:   Encrypted Key Exchange:  Password-Based Protocols Secure
        Against Dictionary Attacks
            Steven Bellovin, Michael Merritt
  4:00--4:30    On Message Integrity in Cryptographic Protocols
            Stuart Stubblebine, Virgil Gligor
  4:30--5:00:   Roles in Cryptographic Protocols
            Einar Snekkenes

5:30    RECEPTION (good food and drinks, on the house)



9:00--10:30:    SECURITY MODELS: George Dinolt, Session Chair
   9:00-- 9:30: The Typed Access Matrix Model
            Ravi Sandhu
   9:30--10:00: A Resource Allocation Model for Denial of Service
            Jonathan Millen
  10:00--10:30: Non-Monotonic Transformation of Access Rights
            Ravi Sandhu, Gurpreet Suri

11:00--12:00:   INFORMATION FLOW: Dale Johnson, Session Chair
  11:00--11:30  A Logical Approach to Multilevel Security of Probabilistic
            James Gray, Paul Syverson
  11:30--12:00  Using Traces of Procedure Calls to Reason About Composability
            Catherine Meadows

12:00--2:00:    LUNCH (included in registration)

2:00--3:00: INVITED SPEAKER:  John McLean, Session Chair
  2:00--3:00    Security in Distributed Systems
                        Butler Lampson

3:30--5:00: CONCURRENCY CONTROL: Tom Haigh, Session Chair
  3:30--4:00:   A Multilevel Transaction Problem for Multilevel Secure
        Database Systems and Its Solution for the Replicated
            Oliver Costich, John McDermott
  4:00--4:30:   A Two Snapshot Algorithm for Concurrency Control Algorithm
        in Secure Multi-Level Databases
            Paul Ammann, Frank Jaeckle, Sushil Jajodia
  4:30--5:00:   Alternative Correctness Criteria for Concurrent
        Execution of Transactions in Multilevel Secure Database
            Sushil Jajodia, Vijayalakshmi Atluri

5:00:   MEETING OF THE IEEE Technical Committee on Security and Privacy



9:00--10:30:    SYSTEMS: Tanya Korelsky, Session Chair
   9:00-- 9:30: Evolution of a Trusted B3 Window System Prototype
            Jeremy Epstein, John McHugh, Rita Pascale,
            Charles Martin, Douglas Rothnie, Hilarie Orman,
            Ann Marmor-Squires, Martha Branstad, Bonnie Danner
   9:30--10:00: A Neural Network Component For An Intrusion Detection System
            Herve Debar, Monique Becker, Didier Siboni
  10:00--10:30: An Optimal Solution to the Secure Reader Writer Problem
            Glenn Benson

11:00--12:00:   DATABASE SECURITY: John Dobson, Session Chair
  11:00--11:30: Security for Object-Oriented Database Systems
            Jonathan Millen, Teresa Lunt
  11:30---12:00 A Natural Decomposition of Multi-level Relations
            Frederic Cuppens, Kioumars Yazdanian

12:00--12:15:   AWARDS


ADVANCE (Mar/9/92 TO Mar/23/92) MEMBER        $230
                             NONMEMBER        $290
                               STUDENT        $ 50

LATE   (Mar/24/92 TO Apr/10/92) MEMBER        $280
                             NONMEMBER        $360
                               STUDENT        $ 50

Since payment must be in US dollars only, please WIRE FEE to

Account Name:             1992 SYMP on RESRCH SEC & PRIVACY
Bank and Address:         Home Savings of America
                          1800 North Sepulveda Boulevard
                          Manhattan Beach, CA 90266-9977
Bank Routing Number:      322070006
Bank Account Number:      1369041221

  AND fax a copy of the wiring information to Liz Luntzel,
  1 415 859-2844, so we know you've paid.


You may email the following information to me,,
to register for the symposium.

Mail Stop:
Street Address:
Phone Number:

IEEE or IEEE Computer Society Member Number:

Do You Wish to Present at a Poster Session?

Have you participated in any recent research, development, or evaluation
project in computer Security?  If so, please name the project and the area of
computer security:


CLAREMONT.)           Cut-off Date: April 2, 1992

1992 IEEE Symposium on Research in Security and Privacy, May 4-6, 1992

Check-in time is after 3:00pm; check-out is 12:00 noon

DOUBLE: (2 persons/1 bed)
DOUBLE DOUBLE (2 persons/2 beds)

All reservations must be accompanied by an advance deposit or credit card
guarantee.  You may cancel your individual reservations up to 72 hours prior to
arrival, after which your deposit becomes nonrefundable.  The telephone number
of the hotel is: (415)843-3000

To reserve Oakland Airport Transportation, please call 24 hours in advance to
(415)843-3000, x133.

Group Rates:  $91 Single         $103 Double

Name:                             (sharing with):


Street Address:


I WILL ARRIVE ON (DAY) ____  (DATE):____
I WILL DEPART ON (DAY) ____  (DATE):____


    CREDIT CARD:     ____
         Type:                 Expiration Date:

Please mail this section of the form with your payment to:
  The Claremont Resort
  Ashby & Domingo Avenues
  Oakland, CA 94623-0363


Delta Airlines, Inc., is offering special fares to the Symposium.  These fares
are based on Delta's published round-trip fares within the U.S. and San Juan.
A 5% discount off any published fare (except group, military, government
contract, Visit USA, and Delta's Canadian fares), providing all rules and
conditions of the airfare are met; a 45% discount off the unrestricted Coach
(Y,YN,Y1) fare.  Seven days advance reservations and ticketing is required.
Exceptions: Travel from Delta's Canadian cities will apply at 40% discount, and
travel solely on Delta Connection Carriers will appy at a 35% discount.  To
take advantage of these discounts, call Delta, or have your travel agent call,
at 1-800-241-6760, for reservations (8-11:00pm EST daily).  Refer to file
number H0575.  Certain restrictions may apply and seats are limited.  These
discounts are available only through Delta's toll-free number.


If you need any further information, including an on-line or FAX copy of the
program, please email me.  We look forward to seeing you at the Symposium!

Liz Luntzel (Teresa Lunt's Assistant)


Please report problems with the web pages to the maintainer