Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 16: Issue 25
Tuesday 19 July 1994
Contents
NASDAQ computers crash- PGN abstracting
- An Irish Sting Operation
- Brian Randell
- TCAS story on NBC Dateline 7/14/94
- Andres Zellweger
- Vindication
- Winn Schwartau
- Re: Risks of electronics on aircraft
- Phil Overy
F. Barry Mulligan
Chris Norloff - Re: Digital Display Boards on Highways
- Don Root
- EDCC-1, Final Program [European Dependable Computing Conf.]
- Erik Maehle
- Info on RISKS (comp.risks)
NASDAQ Computers Crash
Peter G. Neumann <Neumann@csl.sri.com> 18 Jul 1994 08:43:17 -0800NASDAQ Computers Crash, Halting Trading for More Than Two Hours By Diana B. Henriques, The N.Y. Times, 16 July 1994 [PGN ABSTRACTING] The U.S. automated over-the-counter NASDAQ marketplace went down for 2.5 hours on the morning of Friday, 15 July 1994 when the computer system died. (It was finally restored just before N.Y. lunchtime.) The problem was traced to an upgrading to new communications software. One new feature was added each morning, beginning on Monday. Thursday's fourth new feature resulted in some glitches, but the systems folks decided to go ahead with the fifth feature on Friday morning anyway. It overloaded the mainframes (in Connecticut). Unfortunately, the backup system (in Rockville, MD) was also being upgraded, in order to ensure real-time compatibility. The backup of course died as well. ``[The backup system is] really for natural disasters, power failures, hardware problems that sort of thing,'' said Joseph R. Hardiman, Pres and CEO of NASDAQ. ``When you're dealing with operating software or communication software, it really doesn't help you.'' Volume on the day was cut by about one third, down from a typical 300 million shares. The effects were noted elsewhere as well, including several stock indexes, spreading to the Chicago options pits, trading desks, and the media. That in turn affected the large stock-index mutual funds.
An Irish Sting Operation
Brian Randell <Brian.Randell@newcastle.ac.uk> Fri, 15 Jul 1994 14:47:37 +0100Cable TV fiddlers ensnared by Garda's World Cup trap Alan Murdoch in Dublin, The Independent, 15 Jul 1994 HUNDREDS of fraudsters in Cork have been nabbed in an ingenious "sting" targeting three human weaknesses: greed, cable television, and the World Cup. For two years Cork Communications, a cable television supplier to 30,000 homes, has been plagued by revenue-sapping fiddles. Former subscribers were getting their "black box" cable decoders tampered with to let them watch pay-only channels such as Sky Sport and the Movie Channel for free. An illicit black-box black market appeared, supplied by a wave of house burglaries. "Hot" decoders were sold at an average Ir#60 a time. The result was 4,500 miscreants watching on the cheap, defrauding the firm of an annual Ir#750,000. The solution had echoes of an FBI sting in the mid Eighties when dozens of US crooks were lured with congratulations on winning a non-existent competition, only to be arrested on arriving to collect their "winnings". The solution devised by Cork Communications blended hi-tech ingenuity with an unerring sense of the one passion guaranteed to unite criminal classes this summer. A continuous message was broadcast on a cable channel which could be received only by decoders on which the scrambler system had been illegally by-passed. "To mark Ireland's first ever May Day bank holiday, YFBT Promotions is offering an Irish World Cup T-shirt absolutely free," if promised, giving a freephone number. Some 2,000 replies were taped. Weeding out those who heard about the offer in the pub, local gardai focused on former subscribers among the earliest callers. Last Monday Cork District Court granted 416 search warrants. The next 48 hours saw a blitz of raids such as J Edgar Hoover would have relished. An initial 150 people face charges and possible fines or imprisonment. A Garda spokesman said. "I hope this will prove a deterrent. We've scared a lot of people." Incidentally, three letters of the name YFBT Promotions stand for "Your Box is Tampered". Dept. of Computing Science, Univ. of Newcastle, Newcastle upon Tyne NE1 7RU, UK Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923 FAX = +44 91 222 8232
TCAS story on NBC Dateline 7/14/94
"Zellweger, Andres" <azellweger@mail.hq.faa.gov> Fri, 15 Jul 94 10:26:27 ESTSome of you may have seen the rather unbalanced piece NBC Dateline piece on the aircraft collision avoidance system, TCAS (July 14). The Dateline piece implied that TCAS was unsafe and, in fact, increased the risk of flying. Before the piece was aired, The Air Transport Association (ATA), Air Line Pilots Association (ALPA), and the Allied Pilots Association (APA), along with TCAS manufacturers, sent a joint letter to the President of NBC News expressing concern about the Dateline: NBC segment on TCAS. The letter states that indications from those already interviewed, "as well as promotional pieces already aired, clearly suggest that the segment will not present a factual, balanced viewpoint of TCAS." The fact is that TCAS substantially reduces the risk of midair collisions. Airlines and pilots overwhelmingly support it, and in a number of incidents pilots credit TCAS with saving lives. The most recent testimony involved a situation over the Pacific between Northwest and Cathay Pacific jumbo jets in which TCAS helped avert a potential disaster. The Northwest pilot later said something to the effect that "700 people owe their lives to TCAS." (No mention of this by NBC.) FAA's R&D Service has concluded after extensive analysis that when both aircraft are equipped with TCAS 2, the risk of collision is reduced by a factor of 26. And, despite what was reported on Dateline, TCAS has not induced a single collision or near collision. These assertions are not made lightly. They come after four years of experience with the operational evaluation of TCAS II that FAA began in 1990 in cooperation with the aviation community, including pilots and controllers. This represents some 25 million hours of TCAS operation. During that time, almost 14,000 reports from pilots and controllers have been received. A quote from one of FAA's Public Affairs staffers puts this in context: "Clearly, the trend in television news is towards the news magazine shows, versus the straight news news programs. Even CNN, whose straight news broadcasts are among the best, is losing audience share, according to recent statistics. Bucking this trend, I plan to focus a lot more of my attention on televised sports, although I haven't broached that subject with my wife yet. Sports is one thing that TV does exceptionally well. Which reminds, if you still think soccer is boring after watching Romario of Brazil and Baggio of Italy, then you need help. Might as well just jump in your jammies, put on your slippers, watch the news magazine shows, and wait for the final bell."
Vindication
"Winn Schwartau" <p00506@psilink.com> Fri, 15 Jul 94 12:09:18 -0500
Now it seems that since an aviation authoritative source is talking about the
RISKS that I have been identifying for over 4 years, it's OK to be wary. But
how easy people forget.
It is not in the best interest of the government, the FAA, the airlines or the
aircraft manufacturers to openly discuss, much less admit what *could* go
wrooonnngggg. RISKS readers should be referred to my original works on the
subject which appear in:
RISKS: (You know the issue better than I do.)
Security Insider Report, August, 1993. "The FAA Discovers
HERF: Is John Q. Flyer in Danger?"
"Information Warfare: Chaos on the Electronic Superhighway,"
Thunder's Mouth Press. ISBN 1-56025-080-1.
In ongoing research in related areas, we are presently identifying at least 19
(nineteen) actual HERF attacks against high tech organizations. We will be
publishing the results of this work when we are permitted to release the names
and events.
I stand by the original work despite the nay-sayers. If anything, recent
events and current discussions fully support what I have been saying since
1990: Magnetic weapons are the nuclear arms of the Information Age, and
governments from hither and yon are trying to figure out what to do about it.
Kind of puts Michelangelo in perspective, doesn't it.
Thanks to RISKS for staying on the leading edge of technology and for not
being distracted by those who would prefer the subject be kept in the closet.
risks of electronics on aircraft
Phil Overy <PJO@ib.rl.ac.uk> Fri, 15 Jul 94 09:55:49 BSTSince Lockerbie was caused by a device hidden by consumer electronics, and since it appears to be at least suspected that navigational devices are vulnerable to interference from outside consumer devices carried by passengers, has anyone thought that a terrorist attack might be carried out on the avionics instead?. It is not easy to screen for electronic devices in baggage etc. After all the mail about the A320, I have come to realise that avionics are already past the point of no return in modern jets - on an architecture programme last night, Norman Foster was extolling the virtues of the 747; on the flight deck was a very simple layout using four CRTs; is anyone claiming that the plane is not avionics-dependent when the instruments are condensed in this manner?. I am sure there are means of switching it all off, however what is the plane like to fly after the switch-off? When my car's power steering failed, I was VERY glad to be travelling slowly even though the steering would have been quite normal to a van driver: I can imagine that this effect is at its worst in helicopters. In the more mundane computer world, are any desktops vulnerable to reverse TEMPEST attacks aimed at denying service? We have some 286s I would quite gladly test.. Phil Overy
Re: Laptop Danger for Airplanes
"F. Barry Mulligan" <MULLIGAN@ACM.ORG> Fri, 15 Jul 1994 05:49:07 -0500 (CDT)In RISKS DIGEST 16.23 it was reported: > A cellular phone was also found on, although its owner claimed it had not > been used. ^ It should be noted that a cell phone periodically transmits to the control site so that the system knows its location, even if it's not 'in use'. A powered-up phone could easily generate the intermittent problems reported.
Laptops in Aircraft
<cnorloff@tecnet1.jcte.jcs.mil> Fri Jul 15 07:30:47 1994I agree we need more information on using electronic devices in aircraft. The following article has the most particular information I've seen yet. However, Idon't know if the suspect laptop computer was examined for FCC interference compliance. If all these "electronic devices" are so dangerous, why are our aircraft so sensitive, and why aren't computer manufacturers shielding their products better? Compass Deflection [begin quote] In cruise flight at FL310 25 NM west of the VOR, the #1 compass suddenly precessed 10 degrees to the right. I asked the First Flight Attendant if any passenger-operated electronic devices were in operation in the cabin. She said that a passenger had just turned on his laptop computer. I asked that the passenger turn off his laptop computer for a period of 10 minutes, which he did. I slaved the #1 compass, and it returned to normal operation for the 10-minute period. I then asked that the passenger turn on his computer once again. The # 1 compass immediately precessed 8 degrees to the right. The computer was then turned off for a 30-minute period during which the #1 compass operation was verified as normal. It was very evident to all on the flight deck that the laptop computer operation was adversely affecting the operation of the #1 compass. I believe that the operation of all passenger-operated electronic devices should be prohibited on airlines until the safe operation of all these devices can be verified. [end quote] _Callback_, number 180, May 1994. A monthly safety bulletin from The Office of the NASA Aviation Safety Reporting System, P.O.Box 189, Moffett Field, CA 94035- 0189 (no copyright notice displayed). Chris Norloff cnorloff@tecnet1.jcte.jcs.mil
Re: Digital Display Boards on Highways (RISKS 16.24)
Don Root <der@oes.ca.gov> Fri, 15 Jul 94 08:44:35 PDT
I note that the California Department of Transportation (CalTrans) is in
the process of greatly expanding it's network of Changeable Message Signs
(CMS) and freeway surveillance cameras. In many cases, cameras are being
installed in locations where they can observe the text on the nearby CMS. (in
many remote locations, CalTrans is using VSAT technology to feed a CMS and
monitor a camera).
Don Root, Assistant Chief,
Telecommunications, Calif. Office of Emergency Services
EDCC-1, Final Program
"Erik Maehle" <maehle@131.234.158.1> Fri, 15 Jul 1994 17:07:12 +0200
F I N A L P R O G R A M
EDCC-1
1st European Dependable Computing Conference
Berlin, Germany
October 4-6, 1994
[The original message from Erik was huge. I have excerpted the program.
Send E-mail to Erik to receive the full package on-line. There is a
1 August 1994 deadline on getting the conference rate for the hotels, so
act quickly. PGN]
ORGANIZED BY:
* Joint Technical Interest Group "Fault-Tolerant Computing Systems" of
the GI, ITG and GMA, Germany
* AFCET Working Group "Dependable Computing" France
* AICA Working Group "Dependability in Computer Systems", Italy
In association with the Council of European Professional Informatics
Societies (CEPIS)
IN COOPERATION WITH:
* GI Technical Interest Group "Dependable IT Systems"
* GI Technical Interest Group "Test and Reliability of Circuits and
Systems"
* IFIP Working Group 10.4 "Dependable Computing and Fault-Tolerance"
* IEEE TC on Fault-Tolerant Computing
* IEEE TC on Real-Time Computing
* EC-ESPRIT CaberNet Network of Excellence on Distributed Computing
System Architecture
* EWICS Technical Committee on Safety, Reliability and Security (TC7)
INTRODUCTION and BACKGROUND:
Organizations and individuals are becoming increasingly dependent on
sophisticated computing systems. In differing circumstances, the dependency
might for example center on the continuity of the service delivered by the
computing system, the overall performance level achieved, the real-time
response rate provided, the extent to which catastrophic failures are avoided,
or confidentiality violations prevented. These various concerns can be
subsumed into the single conceptual framework of dependability, for which
reliability, availability, safety and security, for example, can be considered
as particular attributes.
This, the first European Dependable Computing Conference, aims to provide a
European venue for researchers and practitioners from all over the world to
present and discuss their latest research results and developments. The
conference scope addresses all aspects of dependable computing, including:
fault-tolerant systems and components, safety critical systems, software
dependability, secure systems, validation, verification, testing and
evaluation. The conference program has been purposely organized in a single
track to encourage cross-fertilization between different viewpoints of
dependable computing.
EDCC-1 is the successor of two European conference series on fault
tolerance and dependability as well as on aspects of testing and diagnosis.
The first series, known as the "International Conference on Fault-Tolerant
Computing Systems" was organized (from 1982 up to 1991) by the German
Technical Interest Group "Fault-Tolerant Computing Systems". The other
series, known as the "International Conference on Fault-Tolerant Systems
and Diagnostics", was annually organized (from 1975 up to 1990) by
Universities and academic research institutions in the former
Czechoslovakia, Poland, Bulgaria and the former GDR. EDCC will be organized
every two or three years in different European countries.
ORGANIZATION COMMITTEE:
General Co-Chairs
Klaus Echtle Dieter Hammer
University of Dortmund Humbold-University of Berlin
Germany Germany
Program Chair
David Powell
LAAS-CNRS, Toulouse
France
Publicity Chair Finance Chair
Erik Maehle Volker Schanz
University of Paderborn VDE-ITG, Frankfurt/Main
Germany Germany
International Liaison Chairs
North America: Jacob Abraham Asia: Yoshi Tohma
University of Texas, Austin, Tokyo Institute of Technology
USA Japan
TECHNICAL PROGRAM
Tuesday, October 4, 1994
09:30 Opening Ceremony
10:00 Session 1: Fault-Tolerance Techniques
Chair: Winfried Goerke, University of Karlsruhe, Germany
A model for adaptive fault-tolerant systems
Matti A. Hiltunen, Richard D. Schlichting (University of Arizona,
Tucson, USA)
Designing secure and reliable applications using FRS: an
object-oriented approach
Jean-Charles Fabre, Yves Deswarte (LAAS-CNRS, Toulouse, France),
Brian Randell (University of Newcastle-upon-Tyne, United Kingdom)
A fault-tolerant mechanism for simple controllers
Joao Gabriel Silva, Luis Moura Silva, Henrique Madeira, Jorge
Bernardino (University of Coimbra, Portugal)
11:30 Session 2: Formal Methods
Chair: John McDermid, University of York, United Kingdom
Formal semantics for Ward & Mellor's transformation schema
Carsta Petersohn, Cornelis Huizing, Jan Peleska, Willem-Paul de
Roever (Christian-Albrechts-University of Kiel, Germany)
Formal reasoning on fault coverage of fault tolerant techniques: a
case study
C. Bernardeschi, A. Fantechi, Luca Simoncini (University of Pisa,
Italy)
12:30 Lunch
14:00 Session 3: Evaluation
Chair: Bjarne Helvik, DELAB, Trondheim, Norway
On performability modeling and evaluation of software fault
tolerance structures
Silvano Chiaradonna, Andrea Bondavalli, Lorenzo Strigini
(CNUCE/CNR, Pisa, Italy)
Optimal design of fault-tolerant soft-real-time systems with
imprecise computations
Cesare Antonelli (University of Perugia, Italy), Vincenzo Grassi
(Tor Vergata University of Rome, Italy)
Computational restrictions for SPN with generally distributed
transition times
Andrea Bobbio (University of Brescia, Italy), M. Telek (University
of Budapest, Hungary)
15:30 Break
16:00 Session 4: Hardware Testing
Chair: Bernd Straube, Fraunhofer - EAS, Dresden, Germany
Test generation for digital systems based on alternative graph
theory
Raimund Ubar (Tallinn Technical University, Estonia)
The configuration ratio: a model for simulating CMOS intra-gate
bridge with variable logic thresholds
M. Renovell, P. Huc, Y. Betrand (University of Montpellier II,
France)
Coverage of delay faults: when 13% and 99% mean the same
Andrzej Krasniewski, Leszek B. Wronski (Warsaw University of
Technology, Poland)
17:30 Session 5: Fault Injection
Chair: Jean Arlat, LAAS-CNRS, Toulouse, France
RIFLE: a general purpose pin-level fault injector
Henrique Madeira, Mario Rela, Francisco Moreira, Joao Gabriel Silva
(University of Coimbra, Portugal)
On single event upset error manifestation
Rolf Johansson (Chalmers University of Technology, Goteborg,
Sweden)
18.30 End
Wednesday, October 5, 1994
08:30 Session 6: Software Testing
Chair: Pierre-Jacques Courtois, AIB-Vincotte Nuclear, Brussels,
Belgium
Injecting faults into environment simulators for testing safety
critical software
Hong Zhu, P.A.V. Hall, J.H.R. May (The Open University, Milton
Keynes, United Kingdom), T. Cockram (Rolls-Royce plc, United
Kingdom)
On statistical testing of synchronous data flow programs
Pascale Thevenod-Fosse, Christine Mazuet, Yves Crouzet (LAAS-CNRS,
Toulouse, France)
09:30 Session 7: Built-in Self Test
Chair: Andrzej Hlawiczka, Technical University of Gliwice, Poland
Hierarchical test analysis of VLSI circuits for random BIST
G. Masseboeuf, J. Pulou (Laboratoire d'Automatique de Grenoble),
J.L. Rainard (CNET, Meylan, France)
Zero aliasing compression based on groups of weakly independent
outputs in circuits with high complexity for two fault models
Peter Boehlau (University of Potsdam, Germany)
10:30 Break
11:00 Session 8: Software Diversity
Chair: Hubert Kirrmann, ASEA Brown Boveri AG, Baden-Daetwil,
Switzerland
Systematic and design diversity - software techniques for hardware
fault detection
Tomislav Lovric (University of Dortmund, Germany)
Detection of permanent hardware faults of a floating point adder by
pseudoduplication
S. Gerber, M. Goessel (University of Potsdam, Germany)
MLDD (Multi-Layered Design Diversity) architecture for achieving
high design fault tolerance capabilities
Aki Watanabe, Ken Sakamura (University of Tokyo, Japan)
12:30 Lunch
14:00 Session 9: Parallel Systems
Chair: Paulo Verissimo, INESC, Lisbon, Portugal
Reconfiguration and checkpointing in massively parallel systems
Bernd Bieker, Erik Maehle (University of Paderborn, Germany), Geert
Deconinck, Johan Vounckx (Catholic University of Leuven, Belgium)
An approach for hierarchical system level diagnosis of massively
parallel computers combined with a simulation-based method for
dependability analysis
J. Altmann, F. Balbach, A. Hein (University of Erlangen-Nuernberg,
Germany)
Hierarchical checking of multiprocessors using watchdog processors
I. Majzik, A. Pataricza (Technical University of Budapest,
Hungary), M. Dal Cin, W. Hohl, J. Hoenig, V. Sieh (University of
Erlangen-Nuernberg, Germany)
15:30 Break
16.00 Panel Discussion:
Future directions in dependable computing
Moderator: Jean-Claude Laprie, LAAS-CNRS, Toulouse, France
Panelists:
Algirdas Avizienis, University of California, Los Angeles, USA
Jan Hlavicka, Czech Technical University, Prague, Czech Republic
Michele Morganti, ITALTEL Central Reserarch Labs. Milano, Italy
Brian Randell, University of Newcastle-upon-Tyne, United Kingdom
Ernst Schmitter, Siemens AG, Munich, Germany
17.30 End
18.00 Boat Trip
20.30 Conference Dinner
Invited Speaker: David Talbot, Head of Division,
Software and Advanced Information Processing,
DG III-Industry-ESPRIT, Commission of the European Commission
Thursday, October 6, 1994
08:30 Session 10: Fault Tolerance in VLSI
Chair: Jozsef Sziray, Computer Research and Innovation Center,
Budapest, Hungary
An effective reconfiguration process for fault-tolerant VLSI/WSI
array processors
Yung-Yuan Chen, C.-H. Cheng, Y.-C. Chou (Chung-Hua Polytechnic
Institute, Hsin-Chu, Taiwan)
Concurrent error detection in fast FNT networks
Jamel M. Tamir, Satnam S. Dlay, Raouf N. Gorgui-Naguib, Oliver R.
Hinton (University of Newcastle-upon-Tyne, United Kingdom)
Feasible regions quantify the configuration power of systems with
multiple fault types
Laurence E. LaForge (University of Nevada, Reno, USA)
10:00 Session 11: Measurement
Chair: Tashko Nikolov, Technical University of Sofia, Bulgaria
Software reliability analysis of three successive generations of a
switching system
M. Kaaniche, K. Kanoun, M. Cukier (LAAS-CNRS, Toulouse, France), M.
Bastos Martini (CpQD-Telebras, Brazil)
Performance of consistent checkpointing a modular operating system:
Results of the FTM experiment
Gilles Muller, Mireille Hue (IRISA/INRIA, Rennes, France), Nadine
Peyrouze (Bull Research, France)
11:00 Break
11:30 Session 12: Switching Networks and Hypercubes
Chair: K. Iyoudou, Moscow Aviation Institute, Russia
Ring-Banyan network: a fault tolerant multistage interconnection
network and its fault diagnosis
Jae-Hyun Park, Heung-Kyu Lee (Korea Advanced Institute of Science &
Technology, Taejon, Korea)
Reconfiguration of faulty hypercubes
Dimitri R. Avresky, K.M. Altawil
(Texas A&M University, College Station, USA)
Fault tolerance on Boolean n-cube architectures
Chu-Sing Yang, Shun-Yue Wu (National Sun Yat-Sen University,
Kaohsiung, Taiwan)
13:00 Lunch
14:30 Session 13: Distributed Systems
Chair: Jan Torin, Chalmers University of Technology, Goteborg,
Sweden
Relative signatures for fault tolerance and their implementation
Martin Leu (University of Dortmund, Germany)
GATOSTAR: a fault tolerant load sharing facility for parallel
applications
Bertil Folliot, Pierre Sens (MASI Laboratory, Paris, France)
A hierarchical membership protocol for synchronous distributed
systems
P.D.V. van der Stok, M.M.M.P.J. Claessens, D. Alstein (Eindhoven
University of Technology, The Netherlands)
16:00 Break
16:15 Joint meeting of European Dependable Computing and Fault Tolerance
Working Groups - open to all EDCC-1 participants
Chairs:
E. Schmitter, J.C. Laprie. L. Simoncini
18.00 End
Report problems with the web pages to the maintainer