Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 14: Issue 78
Tuesday 27 July 1993
Contents
Computer-aided tax fraud- Mich Kabay
- Industrial Espionage
- Mich Kabay
- Stingers
- Bob Frankston
- Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet"
- Li Gong
- Biz Card Machine -- New Risk!
- Dan Hartung
- Re: Earthquake "early warning" systems
- Lauren Weinstein
Brian Herzog - Re: Credit Cards on the Internet
- Blake Sobiloff
Nandakumar Sankaran
Matt Crawford - Re: Seecof's reading ability
- Mark Seecof
- Dependability conference; call for participants
- Jeremy Jacob
- High-assurance software courses
- Nancy Leveson
- Centre for Software Reliability Workshop 1993
- Pete Mellor
- Info on RISKS (comp.risks)
Computer-aided tax fraud
"Mich Kabay / JINBU Corp." <75300.3232@compuserve.com>
27 Jul 93 11:16:20 EDT
By Denise Lavoie, Associated Press Writer (from the AP) Norwalk, Conn. (AP) -- A day after its owner admitted cheating the government out of $6.7 million in taxes, Stew Leonard's dairy and produce store was accused Friday of mislabeling weights on hundreds of items. It seems that almost half of 2,658 tested products were short-weighted or had no weight listed on the label. As for the tax fraud, the criminals apparently removed records of $17.1 million in sales figures "in a computer-aided tax fraud scheme." The data diddling meant they failed to pay $6.7 million in taxes. The penalty is that they must pay $15 million in back taxes and fines. Would someone from that area of the country please post additional details on how the computer scam operated? Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
Industrial Espionage
"Mich Kabay / JINBU Corp." <75300.3232@compuserve.com>
27 Jul 93 11:16:36 EDT
Lopez Said To Order GM Papers; Volkswagen Denies Receiving Documents Washington Post, 23 July 1993 By Frank Swoboda and Rick Atkinson, Washington Post Staff Writers Secret General Motors documents seized recently at a Wiesbaden apartment by German investigators were prepared at the request of former GM executive Jose Ignacio Lopez de Arriortua before he joined rival Volkswagen, German prosecutors said yesterday. The article goes on to explain that the documents included information about Opel (General Motors in Europe) new Vectra car and about a top-secret "O" car. Both Lopez and VW deny any impropriety and denounced the prosecutor's public announcement. An intensive search of VW's computer systems is apparently going on to see if GM proprietary data have been stored there. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
Stingers
<Bob_Frankston@frankston.com>
Tue, 27 Jul 1993 11:53 -0400
There was a recent article about the US trying to buy back Stinger antiaircraft missiles before they got sold to others. This sounds like another version of the stories about government installations being rather lax about complying with pollution control requirements. Similarly, security considerations should include a time limit on small powerful weapons. I presume that worry about the future is not a checklist item. Does anyone on this list know more about the issues involved?
Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet"
Li Gong <gong@csl.sri.com>
Mon, 26 Jul 93 11:32:31 -0700
BEIJING (UPI, July 23, 1993) -- [PGN Excerpting Service] A Chinese Northwest Airlines flight carrying 113 people bounced off the runway and plunged into a lake in Yinchuan, the capital of Ningxia province, in a remote part of west China, on 23 Jul 1993, killing 59 people. The airliner attempted two takeoffs. The first was aborted. On the second, it ran off the runway, dropped into a lake, and broke apart. Flight 2119, a British Aerospace 146, was on a scheduled flight to Beijing. Ian Watson, director of regional operations for British Aerospace, said that "In the 10 years since it came into service, the BA-146 has compiled one of the finest safety records in the world." The last major airline disaster in China occurred in November when a China Southern Airlines Boeing 737 crashed into a mountain in the south China tourist city of Guilin, killing all 141 aboard. China has halted the establishment of new airline companies to improve air safety and tighten control over expansion in civil aviation. About 35 airline companies have sprouted up in China since CAAC relinquished control over the industry in 1988, faster growth than in any other country. China has only 109 airports, a fraction of those in developed countries, but passenger volume rose more than 24 percent in the first half of this year over last year.
Biz Card Machine -- New Risk!
Dan Hartung <dhartung@chinet.com>
Mon, 26 Jul 93 12:55 CDT
An unusual (and probably unexpected) risk has appeared -- business card vending machines. I saw my first one at a service plaza on the Indiana Toll Road (I-80/90). Basically, it's a simplified desktop publisher that will print out a variety of business card formats; you just enter your information. The prices were, of course, outrageous -- whereas I paid something less than 2 cents/card last time I had some printed professionally, this was at least 10 times that, even in quantity. Well, I suppose that a traveling salesman in an emergency .... Anyway, the risk comes in here: the instructions suggest that you first purchase a small number of cards to be sure they print correctly; you can later put in more money and print out a larger quantity if you like what you see. Then this: "The machine stores your information for several minutes." So, presumably, one could walk away from one of these machines with your cards reading "John Smith, Computer Consultant, 10 Takeita Way, Suckerstown, MD" and return from your business trip to find your house burgled of everything resembling a computer ... simply because someone went up to the machine after you left and printed out a set of their own. Or a woman could give away, unwittingly, her otherwise unlisted home phone number to a deep breather. And so on. Again, as with so many of the risks discussed here, there is a debatable amount of privacy invasion on what is basically public information ... but information that is given to people you would otherwise NOT want to have it. Postscript: another risk was illustrated here -- a sample "business card" inscribed with a semiliterate harangue along the lines of "You shouldn't park here, your license plate has been recorded by an anal-retentive mentally unstable person, and if you park here again a pickup truck with no insurance will wipe it back and forth along that nearby concrete wall." More or less identical in demeanor to the mail one gets for mis-posting. Three times as long, of course, and partly CAPITALIZED in TIME-HONORED Usenet NEWBIE style. Yet I believe that such a card, slipped under someone's wiper, would constitute legal assault. (IANAL.) And these people are *advocating* this? Yikes.
Re: Earthquake "early warning" systems
Lauren Weinstein <lauren@cv.vortex.com>
Wed, 21 Jul 93 21:17 PDT
Living here in the L.A. area, where earthquakes are certainly more than an academic concern, I can't help but question the usefulness of a warning system that gives, perhaps, 15 to 30 seconds of panic time. And I do mean panic time--because that's what most people would do. Primarily, most folks would probably try to rush out of buildings (just like they do when quakes start, even though they should know better). Lots of them will get out the door just in time to get hit by falling debris when the quake hits, which they could have avoided if they had just stayed inside. That's all assuming that the quake *does* hit. If the alarm is false, you can bet that the *next* time the alarm fires it will be generally ignored--for better or worse. One can certainly argue that the solution is education and training and such--but human nature being what it is, you can bet that if people believe the alarm, most of them are going to do pretty much the wrong thing in response, especially when the duration in which to act is very short. The real effort should go into upgrading of older buildings that predate modern earthquake area construction standards-- it's with those buildings that most injuries and deaths are likely to occur. I'm reminded of an old "Saturday Night Live" skit. It was a fake commercial for a device passengers could carry on planes that would give them 10 seconds warning (or some such) of midair collisions. The guy is sitting calmly in his seat when the box starts beeping. He grabs it and stares at its display. He yells: "We're going to be hit by a 747! (SCREAM!)" --Lauren--
Re: Earthquake `early' warning system (Stead, RISKS-14.77)
Brian Herzog - SunSoft Product Engineering <herzog@dobbs.eng.sun.com>
Sun, 25 Jul 1993 13:45:40 +0800
>The most damaging waves will arrive no earlier than an average >velocity of 4.5 km/s. This would appear to give 45 seconds warning at 100 km. Er, my calculator says this would give 22 seconds warning at 100 km, which makes the economic feasibility of an early warning system even worse than stated. I do hope the quote above is a typical email typo, and not an accurate extraction from the California study! Brian Herzog <herzog@eng.sun.com>
Re: Credit Cards on the Internet
Blake Sobiloff <sobiloff@lap.umd.edu>
Thu, 22 Jul 1993 13:47:26 -0500
(I hope this doesn't sound too much like an advertisement...) Reiter's Scientific & Professional Books, a great bookstore in Washington, D.C., is now on the Internet and is accepting credit card orders over the Internet for book orders. Orders and inquiries can be sent to "books@reiters.com" while comments can be sent to "rbaker@reiters.com". I enquired about exactly how they wanted me to give them my credit card number, and they replied that they actually prefer to set up an account over the phone with the pertinent information, and then give you an account number. You then transmit the account number to them via email to place an order. They did not, however, reject the possibility of conducting business via email without voice verification. My suggestion to look into public key encryption went unanswered... Blake Sobiloff, Laboratory for Automation Psychology, Department of Psychology University of Maryland, College Park, MD 20742-4411 <sobiloff@lap.umd.edu>
Credit Cards on the Internet
<nandu@cs.clemson.edu>
Thu, 22 Jul 93 12:56:26 EDT
This is further to the ongoing discussion on using credit cards over the internet. To ensure security and escape the (possibly) prying eyes of administrators at the sites through which a mail (ordering a product to be paid through a credit card) passes, the sender could encrypt his/her request. The key used for encryption could be a special INTERNET PIN that the credit card company assigns while issuing the card, just like the one assigned for ATM transactions through the card. at the receiving end, the dealer simply forwards the mail to the credit card company and waits for authorization from them. the dealer does not know the card number since the mail is encrypted. the credit card company could decrypt the mail, since they know the sender's name and maybe the ZIP code (of course when the mail is encrypted, this information should not be) and hence can find out the card number and the special INTERNET PIN. once they decrypt the mail, they can verify if the original sender listed the correct card number in his/her mail. once verified, they can authorize the dealer to accept the request depending on the cost of the product and the balance on the customer's account. Nandakumar Sankaran, G34, Jordan Hall, Clemson University, Clemson, SC 29634 (803) 656 6979 nandu@cs.clemson.edu
Re: Credit Cards on the Internet (Robinson, RISKS-14.77)
Matt Crawford <matt@severian.chi.il.us>
Thu, 22 Jul 93 20:17:46 CDT
> (1) Soliciting CC transactions might violate the Acceptable Use > Provisions (doesn't apply if your feed is from a commercial > internet connection.) I believe the parenthetical remark is quite incorrect. Traffic on sponsored networks must conform to the AUPs, even if it originates on a commercial net. I know I received a couple of solicitations out of the blue from people who didn't understand this, and who now know better. Matt Crawford
Seecof's reading ability
Mark Seecof <marks@wimsey.latimes.com>
Wed, 21 Jul 93 16:26:48 -0700
Despite Bidzos' attempt to bolster his DSS royalty defense by attacking my literacy (he's wrong, BTW) and by weaseling that a "royalty" is not a "tax" (I only said an unavoidable royalty "amounted to" a tax) I think he fails to show that my comparison of NIST/PKP's proposal to a tax is invalid. Bidzos could have argued that it was overdrawn, less apt than another analogy, or even wrong on some concrete grounds. But his complaints are weak if strident. And talk about charging for DSS implementations rather than uses (at least for the nonce) draws a distinction without a difference. The U.S. taxes bottles of liquor, not individual drinks poured at home, but economists will agree that you pay every time you swallow. Whether a tax is mills per ton or dollars per ounce is not the point, anyway. As for that $1 per certificate... Bidzos says users won't pay it--I think he's wrong. Users pay for everything in the end. Also, the stuff about "free for government use" is smokescreen. It's private use that matters, including, especially, private use to communicate with the government. I cannot find, even by the closest scrutiny of the NIST/PKP announcement, any promise to relieve users of royalties on products they use to communicate with the government. (Possible loophole: gov't could supply DSS implementations to users royalty free; but that would depart from custom.) Mark Seecof
Dependability conference; call for participants
<Jeremy.Jacob@prg.ox.ac.uk>
Tue, 27 Jul 93 08:59:08 BST
Institute of Mathematics and Its Applications
Conference on THE MATHEMATICS OF DEPENDABLE SYSTEMS
1--3 September 1993
Royal Hollway, University of London, Egham, Surrey, England
Invited speakers:
Prof. David Parnas (McMaster University)
Dr. Charles Pfleeger (Trusted Information Systems (UK))
Dr. John Rushby (SRI International)
Mr. Martyn Thomas (PRAXIS)
Conference fees (pounds sterling), includes lectures, abstracts, coffee,
lunch and tea:
IMA members #185.00
Non-members #245.00
IMA student members #145.00
Student non-members #185.00
Residential fees (pounds sterling), includes bed, breakfast and dinner
for 3 nights:
#110, #130 or #150 depending on accommodation booked.
Further details are available from:
Mrs Pamela Irving, Conference Officer
The IMA, 16 Nelson Street, SOUTHEND-ON-SEA
Essex SS1 1EF England
Telephone: +44 702 354020 Facsimile: +44 702 354111
High-assurance software courses
Nancy Leveson <leveson@cs.washington.edu>
Mon, 26 Jul 93 08:13:27 -0700
Announcing two courses in high assurance Software:
An Introduction to Software System Safety, Oct. 25-27
Nancy Leveson
A Tutorial on Software Testing, Oct. 28-29
Debra Richardson
Location: University of California, Irvine, CA
AN INTRODUCTION TO SOFTWARE SYSTEM SAFETY, Oct. 25-27
In order to ensure and certify that software will execute without resulting
in unacceptable risk, changes to normal software development practices are
necessary. This tutorial will focus on the unique problems involved in
building safety-critical software and describe some techniques that can be
used to enhance the safety of software-controlled systems. Emphasis will
be on procedures and techniques that are practical enough to be applied to
projects today. Real-project experiences with these techniques in different
application areas will be described.
Topics:
Basic Principles of Risk
Basic concepts in risk
Why technological fixes may not reduce risk
Using past experience to prevent future accidents
How safe is safe enough?
Do computers reduce or increase risk?
System Safety Engineering and other Approaches to Engineering Safety
What is system safety
The system safety process and tasks
Software system safety
Application-specific approaches
Standards
Management Issues for Safety-Critical Projects
Instituting a safety culture into the organization
How management contributes to accidents
Role of safety management (including software)
Place in the organizational structure
General process (for small and large organizations)
Documentation
Cost and resource requirements
Models of Accidents and Hazard Analysis
General types of analysis techniques
Limitations and sources of uncertainty
Software Hazard Analysis
Software Requirements Analysis
Qualitative vs. quantitative analysis
Principles of Safe Design
The design process
Issues in safe design
The relationship between software design and safe system design
System safety design techniques and their application to software design
Software safety design analysis
Verification and Validation of Safety
Testing for safety
Static software analysis including Software Fault Tree Analysis
Design of Human/Machine Interaction for Safety
The role of humans in accidents
The role of the HMI in accidents
The need for and role of human operators in automated systems
Human error models
General design principles and approaches
Software design issues
A TUTORIAL ON SOFTWARE TESTING, Oct. 28-29
The intent of this tutorial is to equip managers, software engineers, and
test engineers with an understanding of testing technology to enable them to
promote software testing in their organizations from an ad hoc, labor
intensive, error-prone activity to a disciplined, technology-supported
process. Emphasis is on techniques that are practical today. Some underlying
testing theory will be presented to provide a foundation for evaluating
testing technology, and several new approaches will be discussed. Issues
of selecting complementary techniques and integrating them to achieve a
comprehensive testing process are also addressed.
Topics:
Software Testing Principles
Definitions and basic principles
Testing concepts
Psychological factors
Economic impacts
Managerial Considerations
Views of software testing
Contributions to quality
Testing phases and activities
Test Planning
Goals and objectives
Developing a test strategy
Test specifications and procedures
Evaluating and reporting results
Test process improvement
Proactive Software Testing
Technical Reviews
Rapid Prototyping
Software Testing Techniques
Functional testing
Structural testing
Error-Oriented testing
Integration testing
Software system testing
Evolution testing
Developing test oracles
Tools and Environments
Static/dynamic analysis tools
Test generation tools
Test Management tools
Methodology and Process
Hybrid testing techniques
Technique integration
Formalized process
Test Set Adequacy and Metrics
A theoretical view
Software metrics in testing
Process Assessment/Improvement
Process performance measures
Test process assessment
Improving the testing process
[For bios of Leveson and Richardson, and registration information,
send E-Mail to leveson@cs.washington.edu (Nancy Leveson).]
CSR Workshop 1993
Pete Mellor <pm@csr.city.ac.uk>
Sat, 24 Jul 93 17:02:26 BST
CSR (Centre for Software Reliability)
TENTH ANNUAL WORKSHOP
CO-HOSTED WITH JUSE
Japanese Union of Scientists and Engineers
APPLICATION OF SOFTWARE METRICS AND
QUALITY ASSURANCE IN INDUSTRY
PROVISIONAL PROGRAMME
Supported by the CEC under the Human Capital and Mobility Programme
The Grand Hotel, Oudezijds Voorburgwal 197, 1001 EX Amsterdam, The Netherlands
29th September - 1st October, 1993
CENTRE FOR SOFTWARE RELIABILITY
Tenth Annual Workshop
Application of Software Metrics and Quality Assurance in Industry
WEDNESDAY 29TH SEPTEMBER
08.30-0930 REGISTRATION AND REFRESHMENTS
Chair: Norman Fenton, City University, UK
09.30-10.30 Keynote Address: "Applying the Goal/Question/Metric
Paradigm in the Experience Factory"
Vic Basili, University of Maryland, USA
11.00-13.00 Tutorial: "Management Aspects of Software Reuse"
Sadahiro Isoda, Nippon Telegraph and Telephone Corp., Japan
13.00-14.15 LUNCH
Chair: Bev Littlewood, City University, UK
14.15-15.15 Keynote Address: "Now it's the turning point
for the Japanese Software Industry"
Yoshinori Iizuka, The University of Tokyo, Japan
15.45-17.45 Tutorial: "Setting up a Software Metrics Programme in Industry"
Shari Lawrence-Pfleeger, Systems/Software, USA
and City University, UK
THURSDAY 30TH SEPTEMBER
Chair: Robin Whitty, South Bank University, UK
09.00-09.30 "The Role of Quality Staff in Software Development"
Masanobu Hattori, Fujitsu Ltd, Japan
09.30-10.00 "Making Software Metrics and QA happen: practical
experiences in Italy"
Gualtiera Bazzano, ETNOTEAM, Italy
10.00-10.30 "Product Development and Quality Assurance
in the Software Factory"
Katsuyuki Yasuda, Hitachi Ltd., Japan
11.00-11.30 "Industrial Experience - Working with AMI"
Richard Espley, GEC-Marconi Avionics Ltd., UK
11.30-12.00 "Software Measurements - an Evolutionary Approach"
Norbert Fuchs, Alcatel, Austria
12.00-12.30 Title to be announced
Karl-Heinrich Mueller, Siemens, Germany
12.30-14.00 LUNCH
Chair: Yoshinori Iizuka, University of Tokyo, Japan
14.00-14.30 "Using Function Points for Software Cost
Estimation - Some Empirical Results"
Barbara Kitchenham, NCC, UK
14.30-15.00 "Evaluating Effort Prediction Systems"
Claude Stricker, University of Lausanne, Switzerland
15.00-15.30 "Use of Function Points for Estimation and Contracts"
Jolyn Onvlee, Onvlee Opleidingen, The Netherlands
16.00-16.30 "Quality Practice in the Industry"
Roberto Ciampoli, O. Group SpA, Italy
16.30-17.00 "Beyond SEI's CMM - the BOOTSTRAP Approach for
Profiling and Measuring Software Engineering Processes"
Gunter Koch, 2i Industrial Informatics
GmbH, Germany
17.00 PANEL DISCUSSION: "Do Quality Assurance Procedures
Lead to Measurable Quality Improvements?"
Tom Anderson, Bev Littlewood (CSR, UK) Vic Basili
(Maryland, USA) Bill Hetzel (SQE, USA) Sinclair Stockman
(British Telecom, UK) Yoshinori Iizuka (University of Tokyo,
Japan) Toshiro Ohno (Toshiba, Japan) Mitsuru.Ohba (IBM,
Japan), Ayatomo Kanno (Science University, Tokyo, Japan)
19.30 WORKSHOP BANQUET
FRIDAY 1ST OCTOBER
PARALLEL SESSIONS
Chairs: Norman Fenton, Tom Anderson, Univ. of
City University, UK Newcastle upon Tyne, UK
09.30-10.00
"Complexity Traces: an Instrument "Introducing Metrics into
for Software Project Management" Industry:a Perspective on GQM"
Christof Ebert, University of Richard Bache, Infometrix,
Stuttgart, Germany UK, & Martin Neal, Lloyd's
Register, UK
10.00-10.30
"Measurement through the Software "Practical Implementation
Life-cycle: a Comparative Case of Process Improvement
Study" Initiatives"
Bob Cole and Derek Woods, Paul Goodman, Brameur, UK
Glasgow Caledonian University
10.30-11.00
"Integrating Software Quality "A Case History of Automated
Assurance into the Teaching of Incremental Improvement of
Programming" Software Product Quality"
Edmund Burke, University of Les Hatton, Programming
Nottingham, UK Research Ltd., UK
11.30-12.00
"QUANTUM - A Measurement-based "Experience of Introducing
Framework for Software Quality and Measurement in
Quality Assurance" Telecommunication Software
Development"
Chris Miller, Praxis, UK Sinclair Stockman,
British Telecom, UK
12.00-12.30
Title to be announced Title to be announced
Francois de Nazelle, Yannis Kliafis, Greece
Q-Sys, France
12.30-13.45 LUNCH
Chair: Barbara Kitchenham, NCC, UK
13.45-14.45 "Measuring the Measurements: the Technology for
Measuring Software Practice"
Bill Hetzel, Software Quality Engineering, USA
14.45-15.15 "A Framework for System Development Activities and
Responsibilities - Quality Improvement by filling up the
Communication Gap"
Minoru Itakura, Fujitsu Ltd., Japan
15.45-16.15 "Situational Measurement"
Hans van Vliet, Vrije Universiteit, The Netherlands
16.15-16.45 "The Behavioural Analysis makes the Company Mature"
Ryuzo Kaneko, NEC Corp., Japan
16.45-17.15 "Function Points" (exact title to be announced)
Martin Hooft van Huysduynen, Ing Bank,
The Netherlands
[The full registration materials were too long for RISKS, and have been pared
down. Request on-line registration information and other information by
E-Mail from c.allen@csr.city.ac.uk , or contact Ms. Carol Allen, Centre
Manager, Centre for Software Reliability, The City University, Northampton
Square, London EC1V OHB UK, Tel: +44 71 477 8421, Fax: +44 71 477 8585]
Report problems with the web pages to the maintainer