Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Ex-Car Rental Owners Indicted, FORT LAUDERDALE, Fla. (AP) Value Rent-A-Car Inc. rigged its COMPUTER system to set up a scam overcharging customers who returned their cars with less than a full tank, a federal indictment says. The indictment returned Friday says Steven M. Cohen, one of three former owners charged, fixed Value's computer system in 1988 to add five gallons to the fuel tank capacity of every vehicle in Value's fleet. This allowed the company to overcharge customers who turned in the car with less than a full tank. Federal prosecutor Lothar Genge said that through 1991, about 47,000 customers were slapped with the phony charge, which ranged from a couple of dollars to $10 or $15. Mitsubishi Motor Sales bought the company in 1990 and is looking for ways to pay back the overcharges, Genge said.
Nintendo Inquiry Launched The Government is probing claims of health hazards to children playing computer games like Nintendo. The informal inquiry follows reports that two boys in Cardiff had been struck down with epileptic fits. Baroness Denton, junior Consumer Affairs Minister, has called for an urgent report: `It is important to know if there are any health risks. [From Teletext service on Carlton TV & Channel 4 (UK), Thursday 7th Jan 93] Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department Imperial College of Science, Technology and Medicine, London SW7 2BT, UK
Here is an excerpt from an article in the Kansas City Star, January 7, 1993: Ford's honesty saves county $2 million, by Anne Lamoy An alert bookkeeper at the Ford Claycomo assembly plant saved Clay County from cheating itself out of $2 million. When paying the county's business personal property taxes recently, Ford's bookkeeper realized that the plant's two tax bills were much smaller than in previous years. Much, much smaller. "When the original bills were printed, they left off a digit," Clay County Assessor Shirley Quick said Wednesday. "And that digit meant $1 million." In fact, both tax bills were exactly $1 million short, thanks to a computerized data entry error. The article goes on to state that Ford is the only company that owes more than 1 million in business personal property taxes in the county. It doesn't say whether this is the first time their bill contained 7 digits. John Cigas, Rockhurst College cigas@rckhrst1.bitnet
Today on a trouble shooting talk show in Denver, a caller called in to complain that his license had been revoked, and he had to leave his car since he couldn't drive. Apparently, he had renewed his drivers license recently (required every three years in Colorado). At that time, a database check was made of the other 49 states. There was a match, based on birthdate and name. The other person with the same name and birthdate, had a suspended Penn. drivers license, based on a drunk driving conviction. Based on that match, his license was summarily revoked, and notice was mailed to him to that effect. (Which he apparently had not yet received). The license showed revoked at a routine traffic stop some time later. It is not clear how automatic the revocation process is. In any case, no hearing is offered before the revocation. The driver was especially upset because: 1) he had had a Colorado drivers license for 25 years. 2) he had never been to Pennsylvania, and 3) he didn't drink. The burden is apparently upon him to prove the the Colorado DMV that they had the wrong man. At present he is still fighting the organization trying to get his license reinstated. Bruce E. Hayden (303) 758-8400 bhayden@csn.org
The following appeared in the Minneapolis Star Tribune, 1/12/92:
STUDENT LOAD ERRORS BLAMED ON COMPUTER (AP)
Because of a computer problem, thousands of college students have been sent
notices ordering them to begin repaying loans that aren't due, a loan-
processing company in St. Paul [Minnesota] says.
Shirley Chase, an attorney for EduServ Technologies, formerly known as Hemar
Corp., said problems with a new computer system caused a backlog in
processing student requests to defer payments. She said the company hopes
to clear up the backlog by the end of February. More than 10,000 deferment
forms are backlogged, she said.
Because of the backlog, some students who are entitled to postpone their
loan payments have gotten notices urging them to pay and some have been
contacted by a collection agency. Chase said EduServ has "bent over
backward" to make sure no adverse credit reports are filed with credit
bureaus because of the delay. EduServ processes loans issued by banks and
other lenders and make sure payments are current.
Comment: Given that they probably had a choice of whether to send dunning
notices to everyone or temporarily stop sending them, it shouldn't be
surprising which choice they made.
Steve Peterson, FOURTH SHIFT Corporation, 7900 International Drive,
Bloomington, MN 55425 USA peterson@fs.com
[My daughter reported in from Massachusetts that she had seen a
message displayed in front of JD Auto Sales off Rte 128 in Swampscott
MA, with something like the following message:
TO ERR IS HUMAN.
TO BLAME IT ON A
COMPUTER IS EVEN MORESO.
An old RISKS theme, worthy of reminder. PGN]
FLATZ, leading performance artist from Munich (Bavaria) recently advertised "SOFTKILLER - the first buyable computer art virus". For MS-DOS systems, you may buy a diskette (in limited version: 20 diskettes each 1,800 DM equiv. about 1,100$; or unlimited version: 500 diskettes each 300 DM equiv. 185$) which after start will display some FLATZ head on the screen while formatting the disk. Advertised shortly before xmas as "the ultimate donation for PC owners", FLATZ explicitly warns that SOFTKILLER overwrites disks on data and will overwrite itself after execution. After publication of this advertisement, Bavarian Criminal Agency became involved to analyse whether this might imply a crime of "computer sabotage" (German Penal Code, section 303b) according to which the destruction of programs and data which are essential for some person or institution will be prosecuted. In the analysis, FLATZ admitted that his software was not self-reproducing and therefore no virus. Moreover, his "attack on the computerworld" is mentioned in capital letters on the envelope. On the other side, distribution via BBS (though not foreseen by him) this warning is lost. At this time, no test or reverse engineering of SOFTKILLER has been done. Probably, it is technically not worth the effort. But with some probability, other artists may come up with similar "ideas". Happy,Healthy and Riskless 1993 Klaus Brunnstein (University of Hamburg, North Germany, January 10, 1993)
An AP story in the Boulder Daily Camera (1/8/93) reports a familiar story with a few new variations. A private investigator and two police employees have been indicted by a Denver grand jury for improperly obtaining the criminal histories of 8,559 individuals. The Private Eye paid $3 to $5 per search and as much as $1,300 per week (he kept great records!). The scheme unraveled when a co-worker of the police employee who was doing the snooping became angry that her colleague was spending so much time looking up names that she was falling behind in her regular work. So after seeing a "criminal history format" on her screen that she was not supposed to be using, the co-worker turned her in. A computer log revealed that on the day she was caught, she had run checks on 95 people! It turns out that a transaction recording system allowed investigators to reconstruct all 8559 criminal history searches. With such a great logging system it seems strange that no one noticed 8559 extra searches; if the co-worker hadn't got the extra work dumped on her, these folks would still be stealing criminal records. gary mcclelland, univ of colorado, mcclella@yertle.colorado.edu
Today's UK newspapers are full of the story on the British Airways (BA)
"dirty tricks" campaign against Virgin and their successful suing by
Richard Branson. Of particular relevance to "risks" is the following
extract from the Independent newspaper (p6, 12 January 1993):
... The [BA] team were told that in future, their key task would be
to access highly confidential information from their rival's
[Virgin's] computer system.
"We were shown how to get the information by tapping into our computer
terminals in the Helpline office. We tapped in with our regular BA code
and called up the Virgin flight numbers".
In common with many other airlines, Virgin rents out a segment of a
vast computer known as Babs - British Airways Booking System. Mr Khalifa
and his colleagues simply tapped into it. "We could see on the Babs
computer system when flight is open [sic], when it closed, if it was
delayed and how many passengers were due to board".
For the next nine months the Helpline hackers provided BA with critical
information on Virgin's flights.
Jonathan Bowen, Oxford University
[A much longer version of this article was reported
by Bob Dowling <rjd4@cus.cam.ac.uk>. PGN]
I don't recall mention on Risks of the impending problems with modem networks. The North American telephone numbering plan is being changed. This is going to gradually lead to problems for all the people with long distance numbers that are pre-stored in documents, files, programs, and modems. The change (as I understand it) is that the leading 1 digit should be used ONLY when dialing outside the area code, rather than the current system that imposes the need when dialing outside the local calling area. Then the area code restriction to the form x0x or x1x will be removed. I expect the change to be done carefully by the telco's so that mistakes will cause failure to connect rather than incorrect connection. Just to make things interesting, this change is being staged area code by area code. So for people who plan to fix their internal stored numbers you need to know when your area is being changed. Rob Horn hornr@mr.polaroid.com
I was recently informed that the KLN-90 GPS(Global Positioning System) navigation unit used in airplanes was designed so that the pilot cannot display the altitude the unit calculates from satellite data. It does display the barometric altitude and will issue a warning if the barometric altitude differs significantly from the GPS altitude. On asking Bendix/King why they would deny a pilot information already computed in the unit, the spokesperson explained that the calculated GPS altitude is often several hundred feet different from the "officially correct" barometric altitude, and that pilots might be so stupid as to try to fly by the GPS altitude - thus putting themselves at risk of a collision. Accordingly, the TSO(Technical Standards Order) by which the FAA defines approval of GPS navigation systems for IFR(Instrument Flight Rules) prohibited them from making GPS altitude information available to the pilot. Last month I was flying in the clouds in mountains and experienced a failure of the primary pressure altimeter in the aircraft. Cross checking a second pressure altimeter with the GPS altitude on a non-TSO GPS navigator verified that it was the primary altimeter that was wrong. Not having this information could easily have resulted in my death. I would much prefer to educate pilots about GPS altitude errors than to deny them the possibility of having what could be lifesaving information. Jim Easton, Box 889, Bonita, CA 91908 (619)548-0138
[I pulled the following from a recent TELECOM Digest, and it may very well
have appeared elsewhere previously. But if ever there was an indication that
the Internet is not the safe playground we like to think it is, it's this.
Not only do we have to face new risks; we have to face new forms of old ones.
— Jerry]
Date: Thu, 7 Jan 1993 03:34:36 -0500
From: Monty Solomon <monty@proponent.com>
Subject: Sci.electronics Phone Fraud!
[Moderator's Note: Monty also passed this along for us today. PAT]
From: larryc@shell.portal.com (Larry WB Ching)
Newsgroups: sci.electronics
Subject: SCI.ELECTRONICS Phone fraud !!!
Summary: A recent attempt to rip-off sci.electronics correspondents.
Keywords: fraud, con artists, phone numbers
Message-ID: <C077BC.GBn@unix.portal.com>
Date: 1 Jan 93 23:16:23 GMT
Sender: news@unix.portal.com
Organization: Portal Communications — 408/973-9111 (voice) 408/973-8091
At about 6PM Thursday evening, I got a phone call. The operator said
that he had a collect call to me from Charles Pooley in New York. The
name was familiar, but I didn't remember exactly why. I said I would
accept the call, but then the "operator" said the call couldn't get
through because I had the call collect option blocked. He then said he
could pass the call through if I gave him my calling card number. I
said that I'd rather call Mr. Pooley myself, and could the "operator"
give me Mr. Pooley's number. There was a pause, then a phone number
with a San Jose area code! It didn't occur to me until later that , if
the call was from New York, why was the call-from number (408) !??!
I remembered that Charles and I had been corresponding on a topic from
sci.electronics. I was lucky enough to have an old message from him lying
around, and emailed him a message about my mysterious phone call.
Charles Pooley replyed to me today — turns out the guy tried the same scam
on him too! But this time, the bogus operator said the collect call was from
me to Charles! Charles was also wary, and didn't give the crook his calling
card number.
So - WATCH OUT! How this con artist chose my name and Charles' to try is
beyond me. As far as public postings in sci.electronics, I don't think Charles
and I had exchanged more than four public postings. Most of our correspondence
has been via "private" email.
This has definitely raised my paranoia level. If, out of the millions of
public postings during 1992, someone should choose two correspondents who have
exchange only a slight amount of messages .... I mean, why us? Or, is there
a "boilerroom" operation going on, with a bunch of phony operators, armed with
USENET listings — calling people with this con?
OH! - I may have put my phone number in one of my public
sci.electronics postings - that's probably how the scamsters make
their selection. Makes sense ...
CHILDREN BEWARE!!!
larryc@shell.portal.com
[Moderator's Note: I note the public access site you use for Usenet
(Portal Com) is located in area 408 (San Jose, CA). PAT]
[Also sent to RISKS by Mike LeVine,
levine%fidler.decnet@chinalake.navy.mil]
Alas, Microsoft isn't the only software company sliding corrections in without notice — there are (at least) two versions of Digital Research's (really wonderful) DR-DOS 6.0 floating around out there as well. In this case, the problem isn't quite so critical: the early version will not run Windows 3.1, apparently because of some hooks Microsoft inserted (rampant speculation). Windows 3.0 will run, however. The new version, which has been fairly freely distributed, but which has the SAME version number, corrects the Windows incompatibility (which some might call an advantage). DR-DOS users should check to make sure that their COMMAND.COM is dated 4-07-92 (or later?). For me, this has created no serious problems, but I can forsee situations in which failure to adhere to a reasonable numbering system could lead to all kinds of headaches — "What version of our software are you using?" "Version 6.37a." "Yes, but WHICH version 6.37a...?" Andrew Marchant-Shapiro Depts of Sociology and Political Science USmail: Union College, Schenectady NY 12308 AT&T: (518) 370-6225 INTERNET: marchana@gar.union.edu BITNET: marchana@union.bitnet
The following item appeared on the Operations List on Bitnet, and I thought
I'd pass it on because it is unfortunately very true.
Date: Sun Jan 10, 1993 1:09 am EST
From: Mainframe Operations Discussion List
EMS: INTERNET / MCI ID: 376-5414
MBX: OPERS-L@vm1.cc.uakron.edu
TO: Multiple recipients of list OPERS-L
EMS: INTERNET / MCI ID: 376-5414
MBX: OPERS-L@akronvm.bitnet
Subject: Re: Some Good Old Standbys
> I came across these in a Usenet post and found them quite relevant
And one I saw in a humor column recently:
If the automobile industry were like the computer industry
over the past 30 years, a Rolls-Royce would now cost $5.00,
would get 300 miles to the gallon, and once a year would
explode killing all passengers inside!
- tom
mvac23!thomas@udel.edu lapp@cdhub1.dnet.dupont.com (work)
{ucbvax,mcvax,uunet}!udel!mvac23!thomas
> So in the face of unreasonable people (dictators, etc.), perhaps we > need to use a floating point representation for the exchange rates > - but I do think that one decimal digit for the exponent should be > adequate. He walks right into it! According to the Guinness Book of World Records, in June 1946 the Hungarian pengo [two acute accents on the o] reached a valuation of 1 / 1.3e20 of the gold pengo of 1931. Now I don't know what *that* value was, but I think we can assume that the exchange rates with at least some other currencies must have exceeded 1e19. The German inflation of 1923 also went well past the 1e10 mark -- no pun intended — if I recall correctly. Mark Brader, Toronto utzoo!sq!msb, msb@sq.com
>So in the face of unreasonable people (dictators, etc.), perhaps we need to
>use a floating point representation for the exchange rates - but I do think
>that one decimal digit for the exponent should be adequate.
^^^
I wouldn't be too certain. I don't have it hand, but I recall an
occasion when a South American currency (Paraguay?) depreciated to
billions (43 billion?) to one versus it's gold equivalent (it's in the
Guinness book of records).
It is easy to underestimate the size of data a program may be asked to
deal with, especially several years down the line. (See the Bank of New York
problems, recorded here several years ago, when a program suddenly had more
than 2^16 transactions/day). The cautious programmer will be generous to a
fault. The best case I've seen was in a banking program where dollar amounts
were stored as 96 bit integer quantities of pennies - this rolls over at
nearly $8E26, or about 792 trillion trillion dollars.
Peter Trei
The lack of need for seven digit accuracy is correct, the single digit exponent is not. I have a German banknote of 1,000,000,000 Mark, barely enough to buy a bread by one month after issue. I have also seen German stamps of 1,000,000,000,000,000,000 Mark (Eine Trillionen Mark, German trillions of course). That was in the early twenties of course. And I add that at that time Germany was a democratic country, no unreasonable people were involved. dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland home: bovenover 215, 1025 jn amsterdam, nederland; e-mail: dik@cwi.nl
Bruce Koball reports that the net address for cfp93 information and registration reported in RISKS-14.21 should have been cfp92@well.sf.ca.us. However, Bruce's address was correct, so this should not have caused anyone too much trouble.
CALL FOR PAPERS
1993 Complex Systems Engineering Synthesis and Assessment
Technology Workshop (CSESAW '93)
July 20-22, 1993
Washington, DC
This is a call for papers to be presented at the 1993 Complex Systems
Engineering Synthesis and Assessment Technology Workshop (CSESAW '93)
which will be held July 20-22, 1993. The theme of this year's workshop
is integration. This workshop will explore issues related to the design
synthesis and assessment of complex, computer-based, mission-critical
systems. Many DoD related systems tend to be large, complex,
fault tolerant, distributed, real-time, time-critical systems.
Of interest is the development and enhancement of the system level
ability to specify, capture, synthesize, analyze, model, prototype,
test and implement such systems. The emphasis is on developing forward
engineering capabilities; however, reverse engineering capabilities will
also be addressed.
TOPICS OF INTEREST
INTEGRATION OF CAPTURE, OPTIMIZATION, AND ASSESSMENT TECHNOLOGIES
INTEGRATION OF DEPENDABLE SYSTEM DESIGN INTO SYSTEM ENGINEERING
INTEGRATION OF SECURE SYSTEMS DESIGN INTO SYSTEM ENGINEERING
APPLICATION OF SIMULATION, MODELING, MEASUREMENT, METRICS,
AND PROTOTYPING WITHIN SYSTEM ENGINEERING
REQUIREMENTS ELICITATION, SPECIFICATION AND TRACEABILITY
Authors are requested to submit (5) copies of the paper of no more than
7,000 words (5 pages or less). Include a cover letter listing the author(s),
paper title, area of interest, and the name, address, FAX, telephone number,
and e-mail address (if available) of the author who is responsible for all
correspondence and preparation for the workshop by 15 April 1993. The
accepted papers will be published as a Proceedings, which will be distributed
within the Government and also made available to the general public.
Submission Deadline: 15 April 1993
Acceptance Notification: 15 May 1993
Final Paper Submission: 1 June 1993
Submission Address:
Steve Howell
Naval Surface Warfare Center
Code B40
10901 New Hampshire Avenue
Silver Spring, MD 20903-5000
e-mail inquiries: showell@nswc-wo.navy.mil
phone inquiries: 301-394-3987
fax inquiries: 301-394-1175
Please report problems with the web pages to the maintainer