The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 78

Tuesday 27 July 1993


o Computer-aided tax fraud
Mich Kabay
o Industrial Espionage
Mich Kabay
o Stingers
Bob Frankston
o Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet"
Li Gong
o Biz Card Machine — New Risk!
Dan Hartung
o Re: Earthquake "early warning" systems
Lauren Weinstein
Brian Herzog
o Re: Credit Cards on the Internet
Blake Sobiloff
Nandakumar Sankaran
Matt Crawford
o Re: Seecof's reading ability
Mark Seecof
o Dependability conference; call for participants
Jeremy Jacob
o High-assurance software courses
Nancy Leveson
o Centre for Software Reliability Workshop 1993
Pete Mellor
o Info on RISKS (comp.risks)

Computer-aided tax fraud

"Mich Kabay / JINBU Corp." <>
27 Jul 93 11:16:20 EDT
  By Denise Lavoie, Associated Press Writer (from the AP)

  Norwalk, Conn. (AP) — A day after its owner admitted cheating the
  government out of $6.7 million in taxes, Stew Leonard's dairy and produce
  store was accused Friday of mislabeling weights on hundreds of items.

It seems that almost half of 2,658 tested products were short-weighted or had
no weight listed on the label.  As for the tax fraud, the criminals apparently
removed records of $17.1 million in sales figures "in a computer-aided tax
fraud scheme."  The data diddling meant they failed to pay $6.7 million in
taxes. The penalty is that they must pay $15 million in back taxes and fines.

Would someone from that area of the country please post additional details
on how the computer scam operated?

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn

Industrial Espionage

"Mich Kabay / JINBU Corp." <>
27 Jul 93 11:16:36 EDT
Lopez Said To Order GM Papers; Volkswagen Denies Receiving Documents
Washington Post, 23 July 1993
By Frank Swoboda and Rick Atkinson, Washington Post Staff Writers

  Secret General Motors documents seized recently at a Wiesbaden apartment
  by German investigators were prepared at the request of former GM executive
  Jose Ignacio Lopez de Arriortua before he joined rival Volkswagen, German
  prosecutors said yesterday.

The article goes on to explain that the documents included information about
Opel (General Motors in Europe) new Vectra car and about a top-secret "O" car.
Both Lopez and VW deny any impropriety and denounced the prosecutor's public
announcement.  An intensive search of VW's computer systems is apparently
going on to see if GM proprietary data have been stored there.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn


Tue, 27 Jul 1993 11:53 -0400
There was a recent article about the US trying to buy back Stinger
antiaircraft missiles before they got sold to others.

This sounds like another version of the stories about government
installations being rather lax about complying with pollution control
requirements. Similarly, security considerations should include a time limit
on small powerful weapons. I presume that worry about the future is not a
checklist item. Does anyone on this list know more about the issues involved?

Chinese Airline Crashed a British Aerospace-made 146 "Whisperjet"

Li Gong <>
Mon, 26 Jul 93 11:32:31 -0700
BEIJING (UPI, July 23, 1993) — [PGN Excerpting Service]

A Chinese Northwest Airlines flight carrying 113 people bounced off the runway
and plunged into a lake in Yinchuan, the capital of Ningxia province, in a
remote part of west China, on 23 Jul 1993, killing 59 people.  The airliner
attempted two takeoffs.  The first was aborted.  On the second, it ran off the
runway, dropped into a lake, and broke apart.  Flight 2119, a British
Aerospace 146, was on a scheduled flight to Beijing.  Ian Watson, director of
regional operations for British Aerospace, said that "In the 10 years since it
came into service, the BA-146 has compiled one of the finest safety records in
the world."

The last major airline disaster in China occurred in November when a China
Southern Airlines Boeing 737 crashed into a mountain in the south China
tourist city of Guilin, killing all 141 aboard.  China has halted the
establishment of new airline companies to improve air safety and tighten
control over expansion in civil aviation.  About 35 airline companies have
sprouted up in China since CAAC relinquished control over the industry in
1988, faster growth than in any other country.

China has only 109 airports, a fraction of those in developed countries, but
passenger volume rose more than 24 percent in the first half of this year over
last year.

Biz Card Machine — New Risk!

Dan Hartung <>
Mon, 26 Jul 93 12:55 CDT
An unusual (and probably unexpected) risk has appeared — business card
vending machines.  I saw my first one at a service plaza on the Indiana Toll
Road (I-80/90).  Basically, it's a simplified desktop publisher that will
print out a variety of business card formats; you just enter your information.
The prices were, of course, outrageous — whereas I paid something less than 2
cents/card last time I had some printed professionally, this was at least 10
times that, even in quantity.  Well, I suppose that a traveling salesman in an
emergency ....

Anyway, the risk comes in here: the instructions suggest that you first
purchase a small number of cards to be sure they print correctly; you can
later put in more money and print out a larger quantity if you like what you
see.  Then this: "The machine stores your information for several minutes."

So, presumably, one could walk away from one of these machines with your cards
reading "John Smith, Computer Consultant, 10 Takeita Way, Suckerstown, MD" and
return from your business trip to find your house burgled of everything
resembling a computer ... simply because someone went up to the machine after
you left and printed out a set of their own.  Or a woman could give away,
unwittingly, her otherwise unlisted home phone number to a deep breather.  And
so on.

Again, as with so many of the risks discussed here, there is a debatable
amount of privacy invasion on what is basically public information ...  but
information that is given to people you would otherwise NOT want to have it.

Postscript: another risk was illustrated here — a sample "business card"
inscribed with a semiliterate harangue along the lines of "You shouldn't park
here, your license plate has been recorded by an anal-retentive mentally
unstable person, and if you park here again a pickup truck with no insurance
will wipe it back and forth along that nearby concrete wall."  More or less
identical in demeanor to the mail one gets for mis-posting.  Three times as
long, of course, and partly CAPITALIZED in TIME-HONORED Usenet NEWBIE style.
Yet I believe that such a card, slipped under someone's wiper, would
constitute legal assault.  (IANAL.)  And these people are *advocating* this?

Re: Earthquake "early warning" systems

Lauren Weinstein <>
Wed, 21 Jul 93 21:17 PDT
Living here in the L.A. area, where earthquakes are certainly more than an
academic concern, I can't help but question the usefulness of a warning system
that gives, perhaps, 15 to 30 seconds of panic time.  And I do mean panic
time--because that's what most people would do.  Primarily, most folks would
probably try to rush out of buildings (just like they do when quakes start,
even though they should know better).  Lots of them will get out the door just
in time to get hit by falling debris when the quake hits, which they could
have avoided if they had just stayed inside.

That's all assuming that the quake *does* hit.  If the alarm is false, you
can bet that the *next* time the alarm fires it will be generally
ignored--for better or worse.

One can certainly argue that the solution is education and training
and such--but human nature being what it is, you can bet that if people
believe the alarm, most of them are going to do pretty much the wrong
thing in response, especially when the duration in which to act
is very short.  The real effort should go into upgrading of older
buildings that predate modern earthquake area construction standards--
it's with those buildings that most injuries and deaths are likely
to occur.

I'm reminded of an old "Saturday Night Live" skit.  It was a fake
commercial for a device passengers could carry on planes that would give
them 10 seconds warning (or some such) of midair collisions.  The guy
is sitting calmly in his seat when the box starts beeping.  He grabs
it and stares at its display.  He yells:

"We're going to be hit by a 747!  (SCREAM!)"


Re: Earthquake `early' warning system (Stead, RISKS-14.77)

Brian Herzog - SunSoft Product Engineering <>
Sun, 25 Jul 1993 13:45:40 +0800
>The most damaging waves will arrive no earlier than an average
>velocity of 4.5 km/s.  This would appear to give 45 seconds warning at 100 km.

Er, my calculator says this would give 22 seconds warning at 100 km,
which makes the economic feasibility of an early warning system even
worse than stated.  I do hope the quote above is a typical email typo,
and not an accurate extraction from the California study!

Brian Herzog  <>

Re: Credit Cards on the Internet

Blake Sobiloff <>
Thu, 22 Jul 1993 13:47:26 -0500
(I hope this doesn't sound too much like an advertisement...) Reiter's
Scientific & Professional Books, a great bookstore in Washington, D.C., is now
on the Internet and is accepting credit card orders over the Internet for book
orders. Orders and inquiries can be sent to "" while comments
can be sent to "".

I enquired about exactly how they wanted me to give them my credit card
number, and they replied that they actually prefer to set up an account over
the phone with the pertinent information, and then give you an account number.
You then transmit the account number to them via email to place an order. They
did not, however, reject the possibility of conducting business via email
without voice verification.

My suggestion to look into public key encryption went unanswered...

Blake Sobiloff, Laboratory for Automation Psychology, Department of Psychology
University of Maryland, College Park, MD  20742-4411  <>

Credit Cards on the Internet

Thu, 22 Jul 93 12:56:26 EDT
This is further to the ongoing discussion on using credit cards over the
internet. To ensure security and escape the (possibly) prying eyes of
administrators at the sites through which a mail (ordering a product to
be paid through a credit card) passes, the sender could encrypt his/her
request. The key used for encryption could be a special INTERNET PIN that
the credit card company assigns while issuing the card, just like the one
assigned for ATM transactions through the card.

at the receiving end, the dealer simply forwards the mail to the credit
card company and waits for authorization from them. the dealer does not
know the card number since the mail is encrypted.

the credit card company could decrypt the mail, since they know the sender's
name and maybe the ZIP code (of course when the mail is encrypted, this
information should not be) and hence can find out the card number and the
special INTERNET PIN. once they decrypt the mail, they can verify if the
original sender listed the correct card number in his/her mail. once verified,
they can authorize the dealer to accept the request depending on the cost of
the product and the balance on the customer's account.

Nandakumar Sankaran, G34, Jordan Hall, Clemson University, Clemson, SC 29634
(803) 656 6979

Re: Credit Cards on the Internet (Robinson, RISKS-14.77)

Matt Crawford <>
Thu, 22 Jul 93 20:17:46 CDT
> (1) Soliciting CC transactions might violate the Acceptable Use
>     Provisions (doesn't apply if your feed is from a commercial
>     internet connection.)

I believe the parenthetical remark is quite incorrect.  Traffic on sponsored
networks must conform to the AUPs, even if it originates on a commercial net.
I know I received a couple of solicitations out of the blue from people who
didn't understand this, and who now know better.

Matt Crawford

Seecof's reading ability

Mark Seecof <>
Wed, 21 Jul 93 16:26:48 -0700
Despite Bidzos' attempt to bolster his DSS royalty defense by attacking my
literacy (he's wrong, BTW) and by weaseling that a "royalty" is not a "tax" (I
only said an unavoidable royalty "amounted to" a tax) I think he fails to show
that my comparison of NIST/PKP's proposal to a tax is invalid.  Bidzos could
have argued that it was overdrawn, less apt than another analogy, or even
wrong on some concrete grounds.  But his complaints are weak if strident.  And
talk about charging for DSS implementations rather than uses (at least for the
nonce) draws a distinction without a difference.  The U.S. taxes bottles of
liquor, not individual drinks poured at home, but economists will agree that
you pay every time you swallow.  Whether a tax is mills per ton or dollars per
ounce is not the point, anyway.  As for that $1 per certificate... Bidzos says
users won't pay it--I think he's wrong.  Users pay for everything in the end.

Also, the stuff about "free for government use" is smokescreen.  It's private
use that matters, including, especially, private use to communicate with the
government.  I cannot find, even by the closest scrutiny of the NIST/PKP
announcement, any promise to relieve users of royalties on products they use
to communicate with the government.  (Possible loophole: gov't could supply
DSS implementations to users royalty free; but that would depart from custom.)

Mark Seecof

Dependability conference; call for participants

Tue, 27 Jul 93 08:59:08 BST
    Institute of Mathematics and Its Applications
        1--3 September 1993
    Royal Hollway, University of London, Egham, Surrey, England

Invited speakers:
    Prof. David Parnas (McMaster University)
    Dr. Charles Pfleeger (Trusted Information Systems (UK))
    Dr. John Rushby (SRI International)
    Mr. Martyn Thomas (PRAXIS)

Conference  fees (pounds sterling), includes lectures, abstracts, coffee,
lunch and tea:
    IMA members     #185.00
    Non-members     #245.00
    IMA student members #145.00
    Student non-members #185.00

Residential fees (pounds sterling), includes bed,  breakfast  and  dinner
for 3 nights:
    #110, #130 or #150 depending on accommodation booked.

Further details are available from:
    Mrs Pamela Irving, Conference Officer
    The IMA, 16 Nelson Street, SOUTHEND-ON-SEA
    Essex  SS1 1EF  England
    Telephone: +44 702 354020   Facsimile:  +44 702 354111

High-assurance software courses

Nancy Leveson <>
Mon, 26 Jul 93 08:13:27 -0700
Announcing two courses in high assurance Software:

   An Introduction to Software System Safety, Oct. 25-27
        Nancy Leveson

   A Tutorial on Software Testing, Oct. 28-29
        Debra Richardson

Location: University of California, Irvine, CA


  In order to ensure and certify that software will execute without resulting
  in unacceptable risk, changes to normal software development practices are
  necessary.  This tutorial will focus on the unique problems involved in
  building safety-critical software and describe some techniques that can be
  used to enhance the safety of software-controlled systems.  Emphasis will
  be on procedures and techniques that are practical enough to be applied to
  projects today. Real-project experiences with these techniques in different
  application areas will be described.


Basic Principles of Risk
    Basic concepts in risk
    Why technological fixes may not reduce risk
    Using past experience to prevent future accidents
    How safe is safe enough?
    Do computers reduce or increase risk?
System Safety Engineering and other Approaches to Engineering Safety
    What is system safety
    The system safety process and tasks
    Software system safety
    Application-specific approaches
Management Issues for Safety-Critical Projects
    Instituting a safety culture into the organization
    How management contributes to accidents
    Role of safety management (including software)
    Place in the organizational structure
    General process (for small and large organizations)
    Cost and resource requirements
Models of Accidents and Hazard Analysis
    General types of analysis techniques
    Limitations and sources of uncertainty
    Software Hazard Analysis
    Software Requirements Analysis
    Qualitative vs. quantitative analysis
Principles of Safe Design
    The design process
    Issues in safe design
    The relationship between software design and safe system design
    System safety design techniques and their application to software design
    Software safety design analysis
Verification and Validation of Safety
    Testing for safety
    Static software analysis including Software Fault Tree Analysis
Design of Human/Machine Interaction for Safety
    The role of humans in accidents
    The role of the HMI in accidents
    The need for and role of human operators in automated systems
    Human error models
    General design principles and approaches
    Software design issues


The intent of this tutorial is to equip managers, software engineers, and
test engineers with an understanding of testing technology to enable them to
promote software testing in their organizations from an ad hoc, labor
intensive, error-prone activity to a disciplined, technology-supported
process.  Emphasis is on techniques that are practical today.  Some underlying
testing theory will be presented to provide a foundation for evaluating
testing technology, and several new approaches will be discussed.  Issues
of selecting complementary techniques and integrating them to achieve a
comprehensive testing process are also addressed.

  Software Testing Principles
    Definitions and basic principles
    Testing concepts
    Psychological factors
    Economic impacts
  Managerial Considerations
    Views of software testing
    Contributions to quality
    Testing phases and activities
  Test Planning
    Goals and objectives
    Developing a test strategy
    Test specifications and procedures
    Evaluating and reporting results
    Test process improvement
  Proactive Software Testing
    Technical Reviews
    Rapid Prototyping
  Software Testing Techniques
    Functional testing
    Structural testing
    Error-Oriented testing
    Integration testing
    Software system testing
    Evolution testing
    Developing test oracles
  Tools and Environments
    Static/dynamic analysis tools
    Test generation tools
    Test Management tools
  Methodology and Process
    Hybrid testing techniques
    Technique integration
    Formalized process
  Test Set Adequacy and Metrics
    A theoretical view
    Software metrics in testing
  Process Assessment/Improvement
    Process performance measures
    Test process assessment
    Improving the testing process

[For bios of Leveson and Richardson, and registration information,
send E-Mail to (Nancy Leveson).]

CSR Workshop 1993

Pete Mellor <>
Sat, 24 Jul 93 17:02:26 BST
                      CSR (Centre for Software Reliability)
                             TENTH ANNUAL WORKSHOP
                              CO-HOSTED WITH JUSE
                    Japanese Union of Scientists and Engineers

                        QUALITY ASSURANCE IN INDUSTRY

                            PROVISIONAL PROGRAMME

    Supported by the CEC under the Human Capital and Mobility Programme
The Grand Hotel, Oudezijds Voorburgwal 197, 1001 EX Amsterdam, The Netherlands
                    29th September - 1st October, 1993


Tenth Annual Workshop

Application of Software Metrics and Quality Assurance in Industry



Chair:  Norman Fenton, City University, UK

09.30-10.30 Keynote Address:  "Applying the Goal/Question/Metric
                                   Paradigm in the Experience Factory"
    Vic Basili, University of Maryland, USA

11.00-13.00 Tutorial:  "Management Aspects of Software Reuse"
    Sadahiro Isoda, Nippon Telegraph and Telephone Corp., Japan

13.00-14.15 LUNCH

Chair:  Bev Littlewood, City University, UK

14.15-15.15 Keynote Address:  "Now it's the turning point
                                   for the Japanese Software Industry"
    Yoshinori Iizuka, The University of Tokyo, Japan

15.45-17.45 Tutorial: "Setting up a Software Metrics Programme in Industry"
    Shari Lawrence-Pfleeger, Systems/Software, USA
    and City University, UK


Chair:  Robin Whitty, South Bank University, UK

09.00-09.30 "The Role of Quality Staff in Software Development"
         Masanobu Hattori, Fujitsu Ltd, Japan

09.30-10.00 "Making Software Metrics and QA happen:  practical
             experiences in Italy"
    Gualtiera Bazzano, ETNOTEAM, Italy

10.00-10.30 "Product Development and Quality Assurance
             in the Software Factory"
    Katsuyuki Yasuda, Hitachi Ltd., Japan

11.00-11.30 "Industrial Experience - Working with AMI"
    Richard Espley, GEC-Marconi Avionics Ltd., UK

11.30-12.00 "Software Measurements - an Evolutionary Approach"
    Norbert Fuchs, Alcatel, Austria

12.00-12.30 Title to be announced
    Karl-Heinrich Mueller, Siemens, Germany

12.30-14.00 LUNCH

Chair:  Yoshinori Iizuka, University of Tokyo, Japan

14.00-14.30 "Using Function Points for Software Cost
                 Estimation - Some Empirical Results"
    Barbara Kitchenham, NCC, UK

14.30-15.00 "Evaluating Effort Prediction Systems"
    Claude Stricker, University of Lausanne, Switzerland

15.00-15.30 "Use of Function Points for Estimation and Contracts"
    Jolyn Onvlee, Onvlee Opleidingen, The Netherlands

16.00-16.30 "Quality Practice in the Industry"
    Roberto Ciampoli, O. Group SpA, Italy

16.30-17.00 "Beyond SEI's CMM - the BOOTSTRAP Approach for
                 Profiling and Measuring Software Engineering Processes"
    Gunter Koch, 2i Industrial Informatics
    GmbH, Germany

17.00   PANEL DISCUSSION:  "Do Quality Assurance Procedures
                            Lead to Measurable Quality Improvements?"

    Tom Anderson, Bev Littlewood (CSR, UK) Vic Basili
    (Maryland, USA) Bill Hetzel (SQE, USA) Sinclair Stockman
    (British Telecom, UK) Yoshinori Iizuka (University of Tokyo,
    Japan) Toshiro Ohno (Toshiba, Japan) Mitsuru.Ohba (IBM,
    Japan), Ayatomo Kanno (Science University, Tokyo, Japan)




Chairs:   Norman Fenton,                      Tom Anderson, Univ. of
          City University, UK                 Newcastle upon Tyne, UK

        "Complexity Traces: an Instrument     "Introducing Metrics into
          for Software Project Management"     Industry:a Perspective on GQM"
    Christof Ebert, University of         Richard Bache, Infometrix,
    Stuttgart, Germany                    UK, & Martin Neal, Lloyd's
                                              Register, UK

       "Measurement through the Software      "Practical Implementation
        Life-cycle: a Comparative Case         of Process Improvement
        Study"                                 Initiatives"
       Bob Cole and Derek Woods,              Paul Goodman, Brameur, UK
       Glasgow Caledonian University

       "Integrating Software Quality          "A Case History of Automated
        Assurance into the Teaching of         Incremental Improvement of
        Programming"                           Software Product Quality"
       Edmund Burke, University of            Les Hatton, Programming
       Nottingham, UK                         Research Ltd., UK

       "QUANTUM - A Measurement-based         "Experience of Introducing
        Framework for Software                 Quality and Measurement in
        Quality Assurance"                     Telecommunication Software
       Chris Miller, Praxis, UK               Sinclair Stockman,
                                              British Telecom, UK

        Title to be announced                  Title to be announced
        Francois de Nazelle,                   Yannis Kliafis, Greece
        Q-Sys, France

12.30-13.45 LUNCH

Chair:  Barbara Kitchenham, NCC, UK

13.45-14.45 "Measuring the Measurements:  the Technology for
                 Measuring Software Practice"
    Bill Hetzel, Software Quality Engineering, USA

14.45-15.15 "A Framework for System Development Activities and
                 Responsibilities - Quality Improvement by filling up the
                 Communication Gap"
    Minoru Itakura, Fujitsu Ltd., Japan

15.45-16.15 "Situational Measurement"
    Hans van Vliet, Vrije Universiteit, The Netherlands

16.15-16.45 "The Behavioural Analysis makes the Company Mature"
    Ryuzo Kaneko, NEC Corp., Japan

16.45-17.15 "Function Points" (exact title to be announced)
    Martin Hooft van Huysduynen, Ing Bank,
    The Netherlands

[The full registration materials were too long for RISKS, and have been pared
down.  Request on-line registration information and other information by
E-Mail from , or contact Ms. Carol Allen, Centre
Manager, Centre for Software Reliability, The City University, Northampton
Square, London EC1V OHB UK, Tel: +44 71 477 8421, Fax: +44 71 477 8585]

Please report problems with the web pages to the maintainer