Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From the Honolulu Star-Bulletin's "Streetwise" column, 27 April 1992:
Time change leaves stoplights out of sync (By David Oshiro)
Here's a story on how the clever machines that run our lives are sometimes too
clever.
Three weeks ago, most of the mainland switched to daylight savings time.
Unbeknown to city transportation officials here, a microchip controlling
traffic signals on Kalanianaole Highway contained a program written on the
mainland that contained an automatic conversion to daylight-saving [sic] time.
So, *voila*! On Monday, April 6, the timing for peak traffic hours kicked in
an hour earlier, throwing signals off. Signals that were changing in
200-second cycles began to change in 185-second cycles.
It was only a 15-second difference, and it only lasted an hour, but that was
enough to mess up morning rush-hour traffic [which is pretty bad on this
highway].
City workers, however, were able to figure out the problem and fix it that day.
A city transportation official said that there was no easy way to test that
chip in advance, to see it [sic] would have worked properly when the switch to
daylight-saving time occurred.
Mike Morton <Mike_Morton@Proponent.com>
This past week I was at a Microsoft Technical Seminar (read "boasting session") and saw an interesting promotional piece. Although longer than a normal ad, I suspect it is planned to use the "playlet" for some kind of media presentation. The "plot" is that Microsoft's Excel spreadsheet is so easy to use, and has so many "labour saving" features that two dolts who have forgotten to put together their presentation are able to do so in a one minute elevator ride to "executive territory". Other than stylistic aids, the primary function promoted is an "extension" function which will "forecast trends". With so much spreadsheet use being devoted to business plans and cash flow projections, the attraction of such a function is obvious. However, the ad immediately triggered an alarm. The feature is introduced, in the ad, by the fact that the executive "wants to see ten percent growth". The original figure is $1000, so the user fills in the next column as $1100. No problem. Then the extension feature is brought into play, and I mentally follow along with the arithmetic. The next column should say $1210. But the spreadsheet fills in $1200. The fourth column should be $1331, but instead is filled in as $1300. Ah, to the numerate person, the reason is obvious: the function is not a geometric "ten percent growth" but an arithmetic adding of an additional hundred dollars each time. To the numerate person, obvious. To the general public? How many of the "average" business computer users would even notice? The RISK of this particular choice of "extension" algorithm might not be all that important. However, it points out the increasing addition of "aids" in computerized systems, and the need to note carefully the use that the using audience is likely to put those aids to. Business computer users, in my experience, tend to want to think in "percentage" figures (eg. annual growth). A simple "adding" function for forecasting will not give them the "correct" answer appropriate to their mental model. Small though this RISK might be in this instance, we have seen this same principal at work in situations with much higher stakes.
This workshop is discussed at length in the April issue of COMPUTER, pp. 76-78.
I don't recall seeing it on RISKS, although the general topic has certainly had
its share of discussion and flame in the past.
Jim H.
The 20 April 1992 issue of DM News, a direct marketing trade publication, reports that within the past two weeks, Metromail and Donnelly Marketing (two of the very largest mailing list companies) were approached by the FBI which is seeking mailing lists for use in investigations. Other mailing list firms also received feelers according to the story. "Neither of the identified firms would discuss details, but one source familiar with the effort said the FBI apparently is seeking access to a compiled consumer database for investigatory uses." "The FBI agents showed 'detailed awareness' of the products they were seeking, and claimed to have already worked with several mailing list companies, according to the source." Metromail, according to the article, has been supplying the FBI with its MetroNet address lookup service for two years. The FBI said that the database is used to confirm addresses of people the FBI needs to locate for an interview. This marks the first time since the IRS tried to buy mailing lists in 1984 that a government agency has attempted to use mailing lists for enforcement purposes. In a separate but related story in the April 24 issue of the Friday Report, a direct marketing newsletter, the RBOC's are teaming up with other firms to develop white page directories on CD-ROM. For example, US West has a joint venture with PhoneDisc USA of Marblehead, Ma. The article states that the company offers lists failing mailing list enhancements to law enforcement agencies. [NOTE: an enhanced list means the names and addresses were matched with a marketing database and additional demographic information was added to the list from the marketing database]. Mary Culnan, School of Business Administration, Georgetown University MCULNAN@GUVAX.GEORGETOWN.EDU
>Are call loggers a problem when you give your password to a mail retreival >system form a hotel or an office. Is there a hacker market for this info? >Finally how prevelant is this problem in various parts of the world? Many hotels detail your phone bill and include the phone numbers you called during your stay. How often does the hotel phone system capture your MCI/Sprint/AT&T calling-card number (which you touch-toned into the MCI, Sprint, or AT&T computer), too? I can easily change the PIN on my voice-mail system; changing the PIN on my calling card requires a call to the long-distance carrier, and possibly a new card - something the long-distance carrier isn't going to want to do too often. -Dan Wing, DWING@UH01.Colorado.EDU, WING_D@UCOLMCC.BITNET Systems Programmer, University Hospital, Denver
I had the same experience myself recently. But, in addition to instructions, it was also a telemarketing call by the local carrier! Since I use my cellular phone as a contact line for technical support and am always expecting calls (I subscribe to a nationwide switching service), I was rather angry that they used my time on the line like that. Especially since it was during a driving rainstorm while I was on the Interstate in the hills of northern Kentucky! I called *611 and told the person on the line to get me off whatever list I was on to get this unnecessary greeting and unwanted telemarketing. I haven't been bothered since, but I don't know if my call got me off any "list". John S. Karabaic, Systems Engineer, jkarab@NeXT.com, 513 792 5904 NeXT Computer, Inc.; 4434 Carver Woods Dr.; Cincinnati, OH 45242
Not only *could* the cellular phone company track one's movement "all over the country" (although with great difficulty and expense using today's switches), it is an active industry goal for the next generation of technology. "Call Delivery" — making your phone ring when someone dials your number, regardless of your geographic location and serving carrier of the moment — is an integral part of the standard being developed for interswitch communication (EIA/TIA IS-41). It is also seen as a key to making Personal Communication Networks (PCN) work. What happened to you in Georgia is the result of a feature known as "autonomous registration", by which the serving switch instructs a mobile unit to register (i.e. transmit its identity information including mobile phone number and serial number) as soon as radio contact is established (as indicated on the mobile's handset display by the "service light" or "service bars"). When the system detected you were a roamer, it placed a call to your phone and played the recorded greeting for your edification (although I don't know BellSouth's policy, it is quite unlikely you were charged for this call). Furthermore, Automatic Vehicle Location (AVL) services are also seen as highly desirable by a significant subgroup of wireless communication users (truckers and victims of car thieves come immediately to mind). There are companies that claim to be able to determine the position of a mobile unit in a cell site to within 100 feet using only the received 800 MHz radio signal, but the technology is unreliable and expensive. The more popular solution is to marry a Global Positioning System (GPS) receiver to a cellular phone or other wireless terminal, but this is both proprietary and also expensive. As long as the user retains the ability to "disappear" by turning the phone off, I see the benefit as outweighing the risk in this form of network tracking. I squirm a lot more when I read about "beacons" placed in every car for automatic toll collection and vehicle monitoring, because these specialized systems exist solely for the purpose of tracking and accounting (NOTE: does anyone really expect there to be an "off" switch on such a device?). It's one thing to choose to be tracked, and quite another to have an "Eye in the Sky" checking up on you... Phil Brown, Project Engineer, GTE Mobile Communications Internet address: phillip.d.brown#m#jr@gte.sprint.com
First Announcement
COMPASS '92: SEVENTH ANNUAL CONFERENCE ON COMPUTER ASSURANCE
Systems Integrity, Software Safety, and Process Security
June 15-18, 1992
Gaithersburg, Md.
National Institute of Standards and Technology
Technology Administration
U.S. Department of Commerce
Department of Defense Approval: "In reviewing the Institute for Electrical and
Electronics Engineer's Plans for COMPASS '92, the Assistant Secretary of
Defense (Public Affairs) finds this event meets the standards for participation
by DoD personnel under instruction 5410.20 and DoD Standards of Conduct
Directive 5500.7. This finding does not constitute endorsement of attendance
which must be determined by each DoD component."
Compass IEEE Aerospace and Electronic Systems Society
Sponsors IEEE National Capital Area Council
In cooperation with The British Computer Society
Conference Sponsors: ARINC Research Corporation, Computer Sciences Corporation
Control Systems Analysis, Department of Defense, George Mason University
Logicon, Inc., National Institute of Standards and Technology,
Naval Research Laboratory, Naval Surface Warfare Center
Research Triangle Institute, Systems Safety Society, TRW Systems Division
Program Committee:
Paul Ammann, George Mason University
Greg Chisholm, Argonne National Laboratory
John Dobson, University of Newcastle Upon Tyne
Frank Houston, Food and Drug Administration
William S. Junk, University of Idaho
John Knight, University of Virginia
D. Richard Kuhn, NIST
John McDermid, University of York
John McHugh, University of North Carolina
Gerry Masson, Johns Hopkins University
Reginald Meeson, Institute for Defense Analyses
Andrew Moore, Naval Research Laboratory
Matthew Morgenstern, Xerox Advanced Information Technology
Jim Purtilo, University of Maryland
Edgar H. Sibley, George Mason University
Tony Zawilski, The Mitre Corporation
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
A principal agency of the Department of Commerce's Technology Administration,
NIST has as its mission to strengthen U.S. industry's competitiveness, advance
science, and improve public health, safety, and the environment.
NIST conducts basic and applied research in the physical sciences and
engineering, developing measurement techniques, test methods, standards, and
related services. The Institute does generic and precompetitive research and
development work on new advanced technologies.
NIST researchers work at the frontiers of science and technology in such areas
as chemical science and technology, physics, materials science and engineering,
electronics and electrical engineering, manufacturing engineering, computer
systems, building technology and fire safety, and computing and applied
mathematics.
INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE)
The Institute of Electrical and Electronics Engineers is the world's largest
technical professional society. Founded in 1884 by a handful of practitioners
of the new electrical engineering discipline, today's Institute is comprised of
more than 320,000 members who conduct and participate in its activities in 147
countries. The men and women of the IEEE are the technical and scientific
professionals making the revolutionary engineering advances which are reshaping
our world today.
The technical objectives of the IEEE focus on advancing the theory and practice
of electrical, electronics and computer engineering and computer science. To
realize these objectives, the IEEE sponsors technical conferences, symposia and
local meetings worldwide; publishes nearly 25% of the world's technical papers
in electrical, electronics and computer engineering; and provides educational
programs to keep its members' knowledge and expertise state-of-the-art. The
purpose of all these activities is two fold: To enhance the quality of life for
all peoples through improved public awareness of the influences and
applications of its technologies; and, to advance the standing of the
engineering profession and its members.
The IEEE, through its members, provides leadership in areas ranging from
aerospace, computers and communications to biomedical technology, electric
power and consumer electronics. For the latest research and innovations in the
many diverse fields of electrical and electronics engineering, industry and
individuals look to the IEEE.
COMPASS '92 June 15-18, 1992
About the Conference
COMPASS is an acronym formed from COMPuter ASSurance, the subject of this
conference, the seventh of a series that began with COMPASS '86. According to
its charter, "The purpose of COMPASS is to advance the theory and practice of
critical systems through the medium of scientific and engineering meetings and
publications. The organization, under the IEEE, is dedicated to the study of
critical systems, especially those using digital computers or other new
technologies."
Critical systems are defined as systems whose failure could cause injury, loss
of life, or significant property loss or damage. Such failures may be failures
of commission, doing what should not be done, or of omission, not doing what
should be done. Critical systems have failed in the past. Radiation therapy
machines have killed cancer patients; industrial robots have killed workers;
spacecraft have been destroyed; and, hackers have vandalized and/or stolen from
information systems. The goal of COMPASS is to find and publicize ways to
prevent unacceptable failures of critical systems.
COMPASS expresses the idea of "Pointing the Way" and of "encompassing" many
technologies and technical disciplines. The logo, a variation of yin-yang
overlaying a compass rose, symbolizes both of these ideas.
COMPASS '92 has adopted the slogan "Building The Right System, Right." This
expresses the need for the developers of critical systems to rigorously define
the right requirements and ensure that they are satisfied, resulting in systems
that function as intended.
The sponsors and organizers of COMPASS encourage you to participate in future
COMPASS activities. Contact any member of the conference committee or the
conference board for more information.
Conference Committee
Board of Directors Chair: Dolores R. Wallace, NIST
General Chair: Robert Ayers, ARINC Research Corporation
Program Chair: Edgar H. Sibley, George Mason University
Local Arrangements: Laura M. Ippolito, NIST
Publications: Julie Langston, Computer Sciences Corporation
Publicity: Paul Anderson, Space & Naval Warfare Systems Command Division
Registration: Judy Bramlage, General Accounting Office
Treasurer: Bonnie Danner, TRW Systems Division
Tutorials: Michael Brown, Naval Surface Warfare Center
COMPASS '92, Monday, 15 June 1992
9:00 a.m. Tutorial 1: "Approaches to Developing Safety-Critical Software"
Stephen S. Cha, Charles H. Lavine, and Jeffery C. Thomas, Aerospace
Corporation, El Segundo, Ca.
This tutorial surveys various software safety techniques proposed in
literature or currently in practice. Following an introduction to software
safety concepts, several industrial software development examples will be
examined. The tutorial concludes with a discussion on formal methods and
future research directions.
12:45 p.m. Lunch
2:00 p.m. Tutorial 2: "Interlocks-A Safety Engineering Tool"
Phil Sedgwick, Control Systems Analysis, Newport, RI
This tutorial introduces INTERLOCKS, a methodology and PC-based tool, that
graphically describes and simulates the operation of computer system
controls. INTERLOCKS, in use by the DoD, employs a graphic language familiar
to hardware and software engineers-simple AND and OR logic. The result for
safety engineers is an INTERLOCKS network that models and simulates the
hardware, software, and operator events that are prerequisite to critical
function initiation.
COMPASS '92, Tuesday, 16 June 1992
9:00 a.m. Opening Remarks, Conference General Chair: Robert Ayers, ARINC
Research Corporation, Annapolis, MD.
9:15 a.m. The Technical Program, Program Committee Chair: Edgar H. Sibley,
GMU, Fairfax, VA.
9:30 a.m. Keynote Speaker, John Rushby, SRI International, Menlo Park, CA.
"What Really Goes Wrong, And What Might Fix It?"
11:00 a.m. Session 1 Verification
Chair: Andrew Moore, Naval Research Laboratory, Washington, D.C.
"Using Z Specifications in Category Partition Testing", Nina Amla and Paul
Ammann, George Mason University, Fairfax, VA.
"Verification of Numerical Programs Using Penelope/Ariel", Sanjiva Prasad,
ORA Corporation, Ithaca, N.Y.
"Modular Verification of Ada Library Units", Carla Marceau and Wolfgang
Polak, ORA Corporation, Ithaca, N.Y.
12:45 p.m. Lunch
2:00 p.m. Session 2 Security, Chair: Paul Ammann, George Mason University
"A Probabilistic Approach to Assurance of Database Design", Lucian Russell,
Argonne National Laboratory, Argonne, Ill.
"Formal Security Specifications for Open Distributed Systems", Sead Muftik,
DSV Dept., Stockholm University, Sweden and Univ. of Sarajevo, Yugoslavia
"A Formal Approach for Security Evaluation", John A. McDermid and Qi Shi,
University of York, UK
4:00 p.m. Debate: Resolved: "Certain Safety-Critical Systems Should Not Be
Computerized". Moderated by John Knight, University of VA
5:30 p.m. Close of Daytime Activities
7:00 p.m. Birds of a Feather Session, Marriott
COMPASS '92, Wednesday, 17 June 1992
9:00 a.m. Keynote Speaker, Ted Ralston, Ralston Research Associates, Tacoma,
WA, "Preliminary Report on the International Study on Industrial
Experience with Formal Methods"
10:30 a.m. Panel 1 Formal Methods in Industry
.., Naval Research Laboratory, Washington, D.C.
Leo Beltracchi, United States Regulatory Commission, Washington, D.C.
12:45 p.m. Lunch
2:00 p.m. Session 3 Safety, Chair: M. Frank Houston, Food and Drug Admin.,
Rockville, Md.
"Efficient Response Time Bound Analysis of Real-Time Rule-Based Systems",
Albert Mo Kim Cheng and Chia-Hung Chen, University of Houston, Houston, TX
"The Use of Ada PDL as the Basis for Validating a System Specified by Control
Flow Logic", Richard B. Mead, ARINC Research Corporation, Annapolis, MD.
One further paper to be selected
4:00 p.m. Panel 2 Software Safety and Economics, Chair: J. Bret Michael,
George Mason University, Fairfax, VA.
Stephen Fortier, Intermetrics, McLean, VA.
William S. Junk, University of Idaho
Edward A. Addy, Logicon, Inc., Dahlgren, VA.
John McHugh, University of North Carolina, Chapel Hill, N.C.
5:30 p.m. Close of Daytime Activities
6:30 p.m. Banquet with Dinner Speaker, Marriott
COMPASS '92, Thursday, 18 June 1992
9:00 a.m. Session 4 Processes, Chair: Reginald Meeson, IDA
"A Review of Computer Controlled Systems Safety and Quality Assurance
Concerns for Acquisition Managers", John R. Friend, U.S. Navy, Polaris
Missile Facility, Charleston, S.C.
"An Analysis of Selected Software Safety Standards", Dolores Wallace, D.
Richard Kuhn, and Laura Ippolito, NIST, Gaithersburg, Md.
"A Process Representation Experiment Using MVP-L", Carol Diane Klinger,
Melissa Neviaser, and Ann Marmor-Squires, TRW, Fairfax, Va.; Christopher M.
Lott and H. Dieter Rombach, University of Maryland, College Park, Md.
11:00 a.m. Panel 3 Software in Trial - Liability and Other
Legal Issues (A Dramatization)
Moderator: Michael S. Nash, Esq., IDA, Alexandria, VA
Jay T. Westermeier, Fenwick and West, Washington, D.C., For the Plaintiff
To be selected, For the Defendant
Richard L. Wexelblat, IDA, Alexandria, Va., As Expert Witness
To be selected, Insurer
To be selected, Harried Software Developer/Programmer
12:45 p.m. Lunch
2:00 p.m. Session 5 Software Safety Standards
"IEEE P-1228: Latest Status", Cindy Wright, DISA, Tysons Corner, Va.
"IEC65A, WG9 and WG10 — System and Software Safety Standards for
Programmable Electronic Systems", Victor Maggioli, DuPont, Newark, Del.
3:30 p.m. Awards and Closing Ceremony
4:00 p.m. Conference Closing
NIST is located in Gaithersburg, Md., approximately 25 miles northwest of
Washington, D.C. The meeting will be held in the Green Auditorium of the
Administration Building.
Social Functions: A banquet with a cash bar and banquet speaker will
be held at the Gaithersburg Marriott on Wednesday, June 17.
Transportation: BWI Limo, 301/441-2345, offers commercial van service from
Baltimore-Washington Airport to the Gaithersburg area. Call for reservations.
Airport Transfer Van Service, 301/948-4515, is available from Dulles
International and Washington National Airports to Gaithersburg.
The Washington Metro has subway service to Gaithersburg. Metro can be boarded
at Washington National Airport. Take a Yellow Line train marked "Mount Vernon
Square" to Gallery Place and transfer to a Red Line train marked "Shady Grove"
to Shady Grove. Service is every 6 to 15 minutes depending on the time of day.
The time from National to Shady Grove is about 50 minutes. The Shady Grove
station is approximately four miles from the Marriott Hotel.
Driving Instructions: From northbound I-270 take Exit 10, Rt. 117 West, Clopper
Road. At the first light on Clopper Road, turn left on to the NIST grounds.
From Southbound I-270 take Exit 11B, Route 124 West, Quince Orchard Road. At
the second light turn left on to Clopper Road. At the first light on Clopper
Road, turn right on to the NIST grounds. To reach the Administration
Building, turn left after passing the guard office. Signs will direct you to
visitor parking. Transportation will be provided to and from the
Gaithersburg Marriott and NIST on Monday through Thursday.
Accommodations: Conference registration does not include your hotel
reservation. A block of rooms has been reserved at the Gaithersburg Marriott
Hotel, 620 Perry Parkway, Gaithersburg, Md. 20877. The hotel phone number is
301/977-8900. The special room rate is $65 single or double. To register for
a room, please use the enclosed hotel reservation form and send it directly
to the hotel no later than June 1, 1992. After that date the rooms will be
released for general sale at the prevailing rates of the hotel.
Registration Information Contact: Judy Bramlage, COMPASS '92 Registration
609 Orrin St., SE, Vienna, Va. 22180-4837, 202/512-6210, Fax: 202/512-6451
Technical Information Contact: Robert Ayers, ARINC Research Corporation,
2551 Riva Rd., Annapolis, Md. 21401, Phone: 410/266-4741 Fax: 410/266-4040
COMPASS '92 June 15-18, 1992
Conference Registration Card
Advance Registration (before June 1, 1992)
___ Conference Registration (includes 1 copy of proceedings)
___ Proceedings Only
___ Extra Proceedings _____ copies
___ Tutorial #1
___ Tutorial #2
Name
Company
Street Address
Rm. No./Mail Code
City, State, Zip
Country
Business Telephone
IEEE Membership No.
Co-Sponsor Name
Total Amount US $
Form of ___ Check enclosed made payable to COMPASS '92.
Payment (Checks from outside USA should be written on a USA bank.)
___ MasterCard No.________________________Exp.____
___ Visa No.______________________________Exp.____
___ Diners Club No._______________________Exp.____
___ American Express No.__________________Exp.____
Authorized Signature
Request for refunds after 1 Jun 1992 will be subject to a $15 admin fee.
Registration:
Advance Registration (before June 1, 1992)
Members Non-Members Students
------- ----------- --------
Conference 250 315 100
Tutorial 50 70 50
Proceedings Only 20 30 20
************************************************
On-Site Members Non-Members Students
------- ----------- --------
Conference 300 375 100
Tutorial 70 90 50
Proceedings Only 20 30 20
Conference fee includes coffee breaks, lunches and social functions.
Please place in an envelope and mail to: Judy Bramlage, COMPASS '92
Registration, 609 Orrin Street, SE, Vienna, Va. 22180-4837
COMPASS '92 June 15-18, 1992
Hotel Registration Card
Marriott Hotel, 301/977-8900
Name
Company
Street Address
Rm. No./Mail Code
City, State, Zip
Country
Business Telephone
Arrival Date
Departure Date
Number of Persons
Rate: $65 single or double (apply 12% tax to rate). All reservations must be
received by June 1, 1992. All room reservations must be guaranteed by a
one-night deposit. Deposit will guarantee first night availability, and will
be credited to last night of reservation. Deposit refunded if request
received 48 hours prior to arrival.
Form of ___ Check enclosed made payable to The
Payment Gaithersburg Marriott
___ One night deposit enclosed $__________________
Guaranteed by______________________________Exp.____
Card #_____________________________________________
Authorized Signature_______________________________
Please place in an envelope and mail to: The Gaithersburg Marriott,
620 Perry Parkway, Gaithersburg, Md. 20877
Please report problems with the web pages to the maintainer