The RISKS Digest
Volume 15 Issue 1

Thursday, 2nd September 1993

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Is there a roboticist in the house?
Ken Birman
o Computer Problems Slow Airline Flights Southern U-S
David Fowler
o AFSS Computer Crash Knocks Out Service for 12 Hours (July 93)
Dave Barrett
o Risks du jour: malpractice; chemical industry vulnerabilities
Phil Agre
o Newspaper tide tables
Marc Auslander
o Software design [C.A.R. Hoare]
Paul Smee
o Re: Cisco backdoor?
Paul Traina
Al Whaley
o Easy Access to Video Rental Records
David Jones
o Answers to phone-related questions
Lauren Weinstein
o Risks of Discussing RISKS
Dennis D. Steinauer
o Re: Mars Observer tank testing
Kevin Maguire
o Conference on Technology Conversion
Gary Chapman
o Info on RISKS (comp.risks)

Is there a roboticist in the house?

Ken Birman <>
Tue, 31 Aug 1993 00:39:30 GMT
   [Article 2650 (3 more) in cucs.general, sent to RISKS by
   Li Gong <>.]

(From the NY Times, Sat. August 28, page 7)

San Francisco, Aug 27 (AP) — A hazardous-duty robot malfunctioned Wednesday
night and spun out of control in an attempt to defuse an explosive situation.
"It was just spinning around, just going wild," said Edward Ellestad, a member
of the Police Department's bomb squad.  "People were yelling, `Shut it off!'
So we pulled the plug."  The police robot, nicknamed "Snoopy", went out of
control as officers tried to get it to grasp a pipe bomb found at the C&B Cafe
during a raid.  "It could have been a lot worse if had picked up the device
when it was doing 360's and banging off the walls," Officer Ellestad said.

Kenneth P. Birman, Dept of Computer Science, Cornell Univ., 607-255-9199
Isis Distributed Systems Inc. 607-272-6327,

Computer Problems Slow Airline Flights Southern U-S

David Fowler <>
Wed, 1 Sep 93 18:00:50 PDT
   (Hilliard, Florida) — The Federal Aviation Administration is still at a
loss to explain a computer glitch that knocked out a regional air traffic
control center in Hilliard, Florida.  An FAA spokeswoman says the trouble
yesterday caused delays of up to 90 minutes for flights in a large area of the
south. No planes or passengers were in danger.  In one case, access to a
cellular phone may have been key. The head of the local National Air Traffic
Controllers Association says one controller used a car phone to contact the
Air Force. He wanted to stop a live-fire exercise, because there was no way to
control other planes entering the area.  The FAA says it does not know what
caused the computer problems.

AFSS Computer Crash Knocks Out Service for 12 Hours

Dave Barrett <barrett@asgard.cs.Colorado.EDU>
Wed, 1 Sep 93 17:24:21 -0600
[From *AOPA Pilot*, September 1993, page 33]

   For a 12-hour period between July 7 and 8, the computers shut down at the
Salt Lake City and Atlanta aviation weather processors.  As a result, weather
information could not be transmitted to the entire automated FSS [Flight
Service Station] (AFSS) network, and nearly all AFSSs lost their ability to
file flight plons.  The system later returned to normal.  Apparently, the
computer crash was caused by a time-activated virus in the weather processing
software.  Both processors shut down at the same time.
   A separate system--known as Labs--that uses the old, teletype method of
transmitting weather data was not affected by the outage. This system, based
in Kansas City, continued to provide weather and flight-plan capability to
DUAT contractors, private weather vendors, FSSs and those AFSSs with teletype
equipment.  Labs is not connected in any way to the Salt Lake City and Atlanta
aviation processors.
   AOPA [Aircraft Owners and Pilots Association] has recommended that Labs
equipment be retained, even though it's a dated system.  In addition to its
merits as a provider to DUAT and private vendors, the computer crash proved
that Labs can be a valuable backup mechanism to the main weather processors.

Risks du jour: malpractice; chemical industry vulnerabilities

Phil Agre <pagre>
Fri, 27 Aug 1993 15:58:41 -0700
*The New York Times*, August 27, 1993, p. B9, reports on a service in
Philadelphia that lets doctors find out whether a patient has filed any
malpractice suits.  The article discusses the obvious risks and makes it
sounds like most doctors are unlikely to be interested.  The service also
calls to mind the reportedly widespread practice of blacklisting job-seekers
who have filed workers' compensation claims.

The *Wall Street Journal*, August 27, 1993, pp. A1, A8, reports on the
computer industry's possible vulnerability to disruptions due to the
concentration of chemicals firms.  In some cases, chemicals used in
chip-making and packaging are only produced by a couple of plants, at least
one of which is on an earthquake fault in Japan.  This is perhaps an instance
of "hyperefficiency", the claimed tendency of market economies to expose
themselves to excessive disruption from rare but serious events in cases in
which companies find it difficult to invest in long-term disaster preparation
because of short-term competitive pressures.  In this case, many companies are
able to reduce overhead and thus cut costs by drastically reducing the number
of suppliers they deal with, and growing economies of scale in some kinds of
hardware manufacturing may lead to worrisome concentration as well.

The same WSJ (page B1) reports that Steven Spielberg's production company
chose the Thinking Machines CM-5 for "Jurassic Park" (in which, of course,
it ran some poorly designed software) because it "looked the least like a
science-fiction machine".  Wow.

Phil Agre, UCSD

Newspaper tide tables

Marc Auslander <>
Tue, 31 Aug 1993 14:18:55 -0400
The Canberra Times

For some considerable time, *The Canberra Times* has been publishing the wrong
tide times for Narooma.  The error has been in arithmetical calculation in
this office of the difference between tide times at Fort Denison as published
in standard tide tables and times at Narooma.  The error, the source of which
is lost in antiquity, was discovered last week when the editor, relying on The
Canberra Times figures, was swept out to sea.  But he managed to return to
shore - and ordered this correction.

Marc Auslander   <>   914 784-6699  (Tieline 863 Fax x6306)

Software design [C.A.R. Hoare]

Paul Smee <>
Wed, 1 Sep 1993 10:16:41 +0000 (GMT)
While clearing out my file cabinet, I uncovered the following, which struck me
as relevant to a lot of what goes on in comp.risks.  Quoted from a paper, 'The
Emperor's Old Clothes', by Charles Antony Richard Hoare, published in CACM Feb

    ...there are two ways of constructing a software design:  One way
    is to make it so simple that there are _obviously_ no deficiencies
    and the other way is to make it so complicated that there are no
    _obvious_ deficiencies.

    The first method is far more difficult.  It demands the same skill,
    devotion, insight, and even inspiration as the discovery of the
    simple physical laws which underlie the complex phenomena of
    nature.  It also requires a willingness to accept objectives which
    are limited by physical, logical, and technological constraints,
    and to accept a compromise when conflicting objectives cannot be
    met.  No committee will ever do this until it is too late.

(The paper was the 1980 ACM Turing Award Lecture.  The _'s represent his

Paul Smee, Computing Service, University of Bristol, Bristol BS8 1UD, UK - Tel +44 272 303132 - FAX +44 272 291576

Re: Cisco backdoor? (RISKS-14.87,88,89)

Paul Traina <>
Fri, 27 Aug 1993 11:37:44 -0700
I just spoke to Al, and found out what the story was.  We hired a
subcontractor and part of his deal with us is that we provide them access to
the Internet through cisco's corporate network.  Since we have a relationship
and our networks are physically tied together, the routers are specifically
configured to allow greater access between our site and theirs (at their

There was absolutely positively no "back door."  Al never actually performed
any tests with routers where he knew the configuration, and I would toss the
entire thing up to some miscommunication.

Re: Cisco backdoor? (RISKS-14.87,88,89)

Al Whaley <>
Tue, 31 Aug 1993 23:36:08 -0700 (PDT)
After consulting with Cisco, they have convinced me that the phenomenon I
reported earlier in RISKS-14.87 was not a back door but was instead a unique
situation to a particular company's equipment caused by an unrelated
management issue.  The explanation seems reasonable, and I am willing to
assume that the supposed back door does not exist at this point, especially
since several independent groups have not been able to confirm its existence.
Those with Cisco routers can presumably relax, at least as far as this issue
is concerned.

Al Whaley       +1-415 322-5411(Tel), -6481 (Fax)
Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302

       [At Al's request, and as a courtesy to CISCO, I have appended a
       note in the CRVAX ARCHIVE copy of RISKS-14.87 and RISKS-14.89
       pointing to THIS issue.  Other archive maintainers may wish to
       recopy those issues.  Thanks.  PGN]

Easy Access to Video Rental Records

David Jones <>
2 Sep 1993 12:06:46 -0400
I was in a local "Video Esprit" 24-hour video rental store here in Montreal
and I noticed a new service they have added for their customers.  There is a
PC in the store that, among other things, allows you to review your own
"rental history".  To access your records you just type in the last several
digits from your membership card.

Since the issue of privacy of video rental histories has had much discussion,
I thought RISK readers might be interested to know just how *easy* it has
become to get a list someone else's video rentals.  Just a glance at their
membership card is all it takes.

David Jones

answers to phone-related questions

Lauren Weinstein <>
Fri, 27 Aug 93 12:43 PDT
A couple of telephone-related questions popped up in the digest, and while
they might more properly be answered over on TELECOM, here are a couple of
answers anyway:

1) Dial 1 first.  This is becoming universal in North America to
   provide a sure way to distinguish between areas codes and prefixes.
   The network can only provide you with a recording that tells you
   that you need to dial 1 so long as no duplicate codes exist that
   will interfere with parsing of a particular call.  Many metro
   areas for years have been assigning prefixes that duplicate area
   codes.  Without 1+ dialing, the only way to differentiate would be
   by counting digits and providing long timeouts at the end of dialing
   all calls to determine when no more digits will be forthcoming.

   Starting around 1995, when the conventional area codes (second digit
   0 or 1) run out, new area codes will be assigned that look like
   prefixes.  The potential problems that may result in some phone
   systems, PBXs, etc. are quite nasty due to programmed (and in some
   cases hardwired) limitations in number parsing.

   The days when dialing 1 meant "toll call" are long since past in
   most areas, and will be gone everywhere quite soon.

2) It has long been understood that using the same code (e.g. *67) for
   both blocking *and* unblocking of calling number ID is a bad
   idea.  Bellcore originally assigned the single code, and various
   telcos have argued before state commissions that there are various
   technical reasons why they couldn't have separate codes with existing
   switch software (generics).  However, my understanding is that most
   of the major switch generics are in the process of being updated
   to allow this, and then those "technical" arguments will presumably
   no longer hold much sway in the discussion.

   The issue of calling number delivery via ANI (e.g. 800 numbers)
   is a complex one.  It can be argued that calling an 800 number is
   like making a collect call--the party you're calling is paying
   for the call, and they need to know who is using their resources
   (either correctly or abusively) and where their money is going.

Both of these issues are probably better followed-up over in TELECOM
or other telecommunications-specific forums.


Risks of Discussing RISKS

Dennis D. Steinauer <>
Mon, 30 Aug 93 15:57:46 EDT
Is discussing risks RISKY?  I would like to see more discussion of this topic
-- even though it's been discussed in years past.  I agree completely with
PGN, who suggests that many people (I'd argue the majority) are living with
blinders on.  Even those on the provider/vendor side who should understand
the risks of certain technologies (cellular phones being an obvious
example), have a) underrated the intelligence of potential adversaries,
b) overestimated the cleverness of their own technology, c) underestimated
the speed at which exploitation information and devices would be
disseminated, d) assumed that the using public can't be hurt by what they
don't know, and e) let the magnitude of the financial rewards overshadow
everything.  Perhaps, more open discussion — and knowledge that such
discussion -was- going to happen — would encourage providers not to
make naive assumptions regarding the risks and might cause users to demand
more of the products they buy.  (Where have we heard that before?)

Anyway — one approach to the problem has developed over the last few years
(since the Internet worm incident, to be more precise) that might be worth
noting.  A voluntary cooperative group of security incident response teams
known as FIRST (Forum of Incident Response and Security Teams) has developed
to address the problem of sharing potentially risky information without
giving away the store in the process.  Member teams include response teams
representing a wide range of "constituencies", including the Internet (i.e.,
CERT), various government agencies (e.g., DISA/ASSIST for DoD, Dept of
Energy's CIAC, CCTA for the UK, SurfNET in the Netherlands, etc.),
private sector organizations, vendors, and academia.  Member teams share
information on both latent and active system vulnerabilities through a
series of alerts issued by the various teams.  The alerts attempt to walk
the fine line of describing a problem in sufficient detail (along with
corrective actions) without providing enough information for exploitation.
 By initially distributing alerts only among member teams (and careful
vetting of members), there is reasonable control over distribution.

This certainly has not solved the problems associated with identifying and
closing system or network risks, it has made, I believe, great strides toward
building trust and mutual support through effective information sharing and
cooperation.  Other groups have use a similar approach to address similar
problems — e.g., the sharing of virus information. I would be quite
interested to hear how others have addressed the problem.

Re: Mars Observer tank testing (Stern, RISKS-14.89)

Kevin Maguire <maguire@zappa.Jpl.Nasa.Gov>
Mon, 30 Aug 93 14:32:30 PDT
> Apparently the tank pressurization system on the Observer was tested
> exactly once, and it "blew up." Whether this phrase is meant to imply
> an explosion or merely a bad leak is an exercise left to the reader.

This is hardly a suspicious occurrence.  Testing of a new pressure vessel
design always includes, as a matter of standard practice, testing to
failure.  This testing is required to ensure that the burst pressure is
where analysis indicated and that it is far enough removed from the
operating pressure.

What would have been suspicious is if this test had NOT been performed.

Kevin Maguire             

  [It is my understand that standard procedure is to limit-test the FIRST
  tank to see how far it can be stressed, that is, stressed to the point
  at which it actually blows.  That is clearly not a test one wishes to
  do on many tanks.  It also tells you nothing about other tanks.  PGN]

Conference on Technology Conversion [long]

Gary Chapman <>
Wed, 01 Sep 1993 14:57:36 -0400 (EDT)

The 21st Century Project and the National Commission on Economic Conversion
and Disarmament are co-sponsoring the National Conference on Technology
Conversion: Reinvestment in National Needs. What follows is a schedule of
speakers for the conference, which will be held October 7th and 8th in
Arlington, Virginia. Anyone interested in the subjects that will be covered at
this conference is encouraged to register and attend.

Gary Chapman, Coordinator, The 21st Century Project, Cambridge, MA

National Conference on Technology Conversion: Reinvestment in National Needs

October 7-8
Roslyn Westpark Hotel
Arlington, VA

Speakers will include representatives from:

The 21st Century Project
American Capital Strategies
Cray Research Corporation
Computer Professionals for Social Responsibility
Department of Energy
Economic Policy Institute
Federal Highway Administration
Federation for Industrial Retention and Renewal
Industrial Union Department, AFL-CIO
International Association of Machinists
Microelectronics and Computer Corporation
National Economic Council
National Institute of Standards and Technology
Northrop Corporation
Congressional Office of Technology Assessment
Sun Microsystems
Toxics Use Reduction Institute
United Technologies Corporation
White House Office of Science and Technology Policy
Westinghouse Electric
World Resources Institute
Worldwatch Institute

The National Commission for Economic Conversion and Disarmament will convene a
conference on a major aspect of the conversion challenge:

1. To redirect our military-oriented federal science and technology policy
toward solving our neglected domestic problems

2. To promote investments in emerging technologies that can create new jobs
and market opportunities for converting businesses

3. To explore the means of financing technology conversion

4. To democratize the policymaking process.

The conference will bring together policy makers within the Administration and
Congress, scientists and engineers, corporate managers and trade unionists,
and those in the independent sector working on issues of conversion, the
environment, renewable energy and transportation policy.

In plenary sessions we will examine current science and technology policy, the
missing pieces of this policy, and the means of financing investments that
will turn emerging technologies into sustainable, life-affirming enterprise.
In working groups we will look more closely at some of the most promising of
these technologies.

Conference Co-Sponsors include:

Economic Policy Institute
Industrial Union Department, AFL-CIO
Energy Conversion Devices, Inc.
University of Wisconsin Extension/ School for Workers
The 21st Century Project

II. Registration Information

To register by mail send a check for $80, payable to ECD, to: ECD, Suite 9,
1801 18th Street, NW, Washington, D.C.  20009.  Your registration fee covers
lunch and break refreshments on both days and refreshments at the October 7
reception (there will be a cash bar).

A small number of rooms have been reserved for conference participants at the
Westpark Hotel, at a reduced rate of $87.00 per night. For reservations call
(703) 527-4814 or (800) 368-3408.  The Westpark Hotel is located at 1900 North
Fort Myer Drive, Arlington, VA, one block from the Key Bridge and the Roslyn
Metro Stop; on the Blue Line from National Airport.

Space is limited, so please make reservations early.  If you have any s
regarding the conference, please call Miriam Pemberton, Jim Raffel or Kristen
Kann at 202-462-0091.

On the afternoon of October 8th we will hold 12 workshops on emerging
technologies, four at a time. To help us schedule these to accommodate
conference participants best, please indicate the three workshops that you are
most interested in attending when registering:

A. Fuel Cell Technology
B. Renewable and Alternative Energy Technology
C. Transportation Technology
D. Environmental Technology
E. Aerospace Technology Markets
F. Infrastructure Development
G. Smart Materials Technology Implementation in Infrastructure Enhancement
H. High Speed Rail and Freight Transportation
I. Zero-Discharge Manufacturing Technology
J. Information Infrastructure
K. Shipbuilding Industry
L. Manufacturing Extension Services

III. Preliminary Conference Schedule


Plenary I - Conversion and National Science & Technology Policy

1. Introductory Remarks:

Senator Barbara Boxer, (D-CA)  (invited)

Katherine Gillman, Special Assistant for Defense Conversion, White House
Office of Science and Technology Policy

Ann Markusen, Professor, Rutgers University; co-author of Dismantling the
Cold War Economy

2. Redefining National Security: Federal Policy in the Post-Cold War Era

George Brown (D-CA), Chair, House Science, Space and  Technology Committee

Vice President Albert Gore, Jr. (invited)

Seymour Melman, Chair, National Commission for Economic Conversion and

3. Dual-Use Technology Policy and Beyond

Dorothy Robyn, National Economic Council

Lewis M. Branscomb, Albert Pratt Public Service Professor, John F. Kennedy
School of Government, Harvard University

4. Technology Transfer

Rep. Ron Wyden, (D-OR)

Robert D. Glasser, Center for National Security Studies, Los Alamos National

Jim Ling, Science, Technology and Public Policy Program, MIT


Plenary II - Reinvestment and Conversion: Toward a National Needs

1. Environmental Sustainability

Michael Renner, Senior Researcher, Worldwatch Institute

Greg Pitts, Microelectronic and Computer Technology Corporation

2. Economic Conversion

Peter diCicco, Secretary Treasurer, Industrial Union Department, AFL-CIO

Rep. Rosa DeLauro, (D-CT) (invited)

Lou Kiefer, International Association of  and Aerospace Workers

Joseph Hoffman, Manager of Marketing Systems Development and Engineering
Division, Westinghouse Electronics Systems Group

3. Democratizing the Decision-Making Process

Gary Chapman, Director, 21st Century Project, a nationwide effort to reorient
public support for science and technology toward solving critical domestic

Jim Benn, Federation for Industrial Renewal and Retention (FIRR)

4. Reception (Thursday Evening)


Plenary III: Technology Innovation and Infrastructure Development

1. Government Initiatives and Institutions

Jeff Faux, President, Economic Policy Institute

Herb Whitehouse, Whitehouse Fiduciary Advisers

2. Private Financing

Bruce R. Guile, Director, Programs, National Academy of Engineering,
Washington, DC; tax credits and incentives for innovation and new technology

Tom Schlesinger, Southern Finance Project

3. Alternative Financing Structures

Martin Trimble, National Association of Community Development Loan Funds

Mike Locand Associates, economic consulting firm specializing in conducting
feasibility studies for employee buyouts, with a concentration on the steel

Adam Blumenthal, Vice President and Partner, American Capital Strategies


Workshops on the Following Emerging Technologies:

A. Fuel Cell Technology

William J. Lueckel, Vice President, Government Programs and Marketing,
International Fuel Cells, United Technologies Corporation

Jeff Serfass, Exec. Dir., Fuelion Group

B. Renewable and Alternative Energy Technology

Eric Vaughn, President, Renewable Fuel Association

Frank Bruno, CEO, Turbo Power and Marine Systems, Inc., division of Pratt
Whitney (invited)

C. Transportation Technology: Vehicles, Highways and Public Transit

Victor S. Rezendes, Director, Energy Issues, GAO; on flexible fuel vehicle

Wesley B. Truitt, Deputy Manager for Business Development, Northrop Corporation

D. Environmental Technology

David Blaskovich, Senior Director, Programs, Cray Research Corporation

Mark Schaefer, White House Office of Science and Technology Policy

R. Darryl Banks, Program Director, Program in Technology and Environment,
World Resources Institute

Clyde Frank, Deputy Assistant Secretary for Technology Development, Office
of Environmental Management, Department of Energy

E. Aerospace Technologies

David P. Radzanowski, Analyst in Aerospace Policy, Science Policy Research
Division, Congressional Research Service

Samuel N. Goward, Associate Professor, Director, Laboratory for Global
Remote Sensing Studies, University of Maryland at College Park

F. Infrastructure Development

Harry B. Caldwell, Office of Policy Development, Highway Needs and
Investment Branch, Federal Highway Administration

Sue McNeil, Carnegie-Mellon University; infrastructure management,
condition assessment, and image processing

G. Smart Materials Technology Implementation  in Infrastructure Enhancement

Craig A. Rogers, Professor and Director, Center for Intelligent Material
Systems and Manufacturing, Virginia Tech

Vijay Varadan, Professor of Engineering Science, Pennsylvania State
University and Editor-in-Chief, Journal of Smart Materials and Structures

H. High Speed Rail and Freight Transportation

Raymond V. Lanman, National Railroad Passenger Corporation (Amtrak);
commuter rail and business development

Edward K. Morlok, University of Pennsylvania; freight transportation in the
future: New Demands, New Approaches, New Technologies

John Ullmann, Professor of Management and Quantitative Methods, Hofstra

I. Zero-Discharge Manufacturing Technology

Robert Atkinson, U.S. Congress, OTA, Industrial Technology & Employment Program

Ken Geiser, Director, Toxics Use Reduction Institute at U Mass, Lowell

J. Information Infrastructure

Marc Rotenberg,  Washington Office Director, Computer Professionals for
Social Responsibility

John Gage, Sun Microsystems (invited)

K. Shipbuilding Industry

William Avery, Johns Hopkins Applied Physics Laboratory; expert on Ocean
Thermal Energy Conversion

Virgil Rinehart, Senior Advisor for Shipbuilding, Maritime Agency

L. Manufacturing Extension Services

Philip Nanzetta, Director, Manufacturing Extension Partnership, National
Institute of Standards and Technology

George Sutherland,  Director, Great Lakes Manufacturing Technology Center

Please report problems with the web pages to the maintainer