The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 25

Tuesday 19 July 1994


o NASDAQ computers crash
PGN abstracting
o An Irish Sting Operation
Brian Randell
o TCAS story on NBC Dateline 7/14/94
Andres Zellweger
o Vindication
Winn Schwartau
o Re: Risks of electronics on aircraft
Phil Overy
F. Barry Mulligan
Chris Norloff
o Re: Digital Display Boards on Highways
Don Root
o EDCC-1, Final Program [European Dependable Computing Conf.]
Erik Maehle
o Info on RISKS (comp.risks)

NASDAQ Computers Crash

Peter G. Neumann <>
18 Jul 1994 08:43:17 -0800
NASDAQ Computers Crash, Halting Trading for More Than Two Hours
By Diana B. Henriques, The N.Y. Times, 16 July 1994 [PGN ABSTRACTING]

The U.S. automated over-the-counter NASDAQ marketplace went down for 2.5 hours
on the morning of Friday, 15 July 1994 when the computer system died.  (It was
finally restored just before N.Y. lunchtime.)  The problem was traced to an
upgrading to new communications software.  One new feature was added each
morning, beginning on Monday.  Thursday's fourth new feature resulted in some
glitches, but the systems folks decided to go ahead with the fifth feature on
Friday morning anyway.  It overloaded the mainframes (in Connecticut).
Unfortunately, the backup system (in Rockville, MD) was also being upgraded,
in order to ensure real-time compatibility.  The backup of course died as
well.  ``[The backup system is] really for natural disasters, power failures,
hardware problems that sort of thing,'' said Joseph R. Hardiman, Pres and CEO
of NASDAQ. ``When you're dealing with operating software or communication
software, it really doesn't help you.''

Volume on the day was cut by about one third, down from a typical 300 million
shares.  The effects were noted elsewhere as well, including several stock
indexes, spreading to the Chicago options pits, trading desks, and the media.
That in turn affected the large stock-index mutual funds.

An Irish Sting Operation

Brian Randell <>
Fri, 15 Jul 1994 14:47:37 +0100
Cable TV fiddlers ensnared by Garda's World Cup trap
Alan Murdoch in Dublin, The Independent, 15 Jul 1994

HUNDREDS of fraudsters in Cork have been nabbed in an ingenious "sting"
targeting three human weaknesses: greed, cable television, and the World Cup.
For two years Cork Communications, a cable television supplier to 30,000
homes, has been plagued by revenue-sapping fiddles. Former subscribers were
getting their "black box" cable decoders tampered with to let them watch
pay-only channels such as Sky Sport and the Movie Channel for free.  An
illicit black-box black market appeared, supplied by a wave of house
burglaries. "Hot" decoders were sold at an average Ir#60 a time. The result
was 4,500 miscreants watching on the cheap, defrauding the firm of an annual
Ir#750,000.  The solution had echoes of an FBI sting in the mid Eighties when
dozens of US crooks were lured with congratulations on winning a non-existent
competition, only to be arrested on arriving to collect their "winnings".  The
solution devised by Cork Communications blended hi-tech ingenuity with an
unerring sense of the one passion guaranteed to unite criminal classes this
summer.  A continuous message was broadcast on a cable channel which could be
received only by decoders on which the scrambler system had been illegally
by-passed. "To mark Ireland's first ever May Day bank holiday, YFBT Promotions
is offering an Irish World Cup T-shirt absolutely free," if promised, giving a
freephone number.  Some 2,000 replies were taped. Weeding out those who heard
about the offer in the pub, local gardai focused on former subscribers among
the earliest callers. Last Monday Cork District Court granted 416 search
warrants.  The next 48 hours saw a blitz of raids such as J Edgar Hoover would
have relished. An initial 150 people face charges and possible fines or
imprisonment. A Garda spokesman said. "I hope this will prove a deterrent.
We've scared a lot of people."  Incidentally, three letters of the name YFBT
Promotions stand for "Your Box is Tampered".

Dept. of Computing Science, Univ. of Newcastle, Newcastle upon Tyne NE1 7RU, UK   PHONE = +44 91 222 7923  FAX = +44 91 222 8232

TCAS story on NBC Dateline 7/14/94

"Zellweger, Andres" <>
Fri, 15 Jul 94 10:26:27 EST
Some of you may have seen the rather unbalanced piece NBC Dateline piece on
the aircraft collision avoidance system, TCAS (July 14). The Dateline piece
implied that TCAS was unsafe and, in fact, increased the risk of flying.
Before the piece was aired, The Air Transport Association (ATA), Air Line
Pilots Association (ALPA), and the Allied Pilots Association (APA), along with
TCAS manufacturers, sent a joint letter to the President of NBC News
expressing concern about the Dateline: NBC segment on TCAS.  The letter states
that indications from those already interviewed, "as well as promotional
pieces already aired, clearly suggest that the segment will not present a
factual, balanced viewpoint of TCAS."

The fact is that TCAS substantially reduces the risk of midair collisions.
Airlines and pilots overwhelmingly support it, and in a number of incidents
pilots credit TCAS with saving lives.  The most recent testimony involved a
situation over the Pacific between Northwest and Cathay Pacific jumbo jets in
which TCAS helped avert a potential disaster.  The Northwest pilot later said
something to the effect that "700 people owe their lives to TCAS." (No mention
of this by NBC.)

FAA's R&D Service has concluded after extensive analysis that when both
aircraft are equipped with TCAS 2, the risk of collision is reduced by a
factor of 26.  And, despite what was reported on Dateline, TCAS has not
induced a single collision or near collision.  These assertions are not made
lightly.  They come after four years of experience with the operational
evaluation of TCAS II that FAA began in 1990 in cooperation with the aviation
community, including pilots and controllers.  This represents some 25 million
hours of TCAS operation.  During that time, almost 14,000 reports from pilots
and controllers have been received.

A quote from one of FAA's Public Affairs staffers puts this in context:
"Clearly, the trend in television news is towards the news magazine shows,
versus the straight news news programs.  Even CNN, whose straight news
broadcasts are among the best, is losing audience share, according to recent
statistics.  Bucking this trend, I plan to focus a lot more of my attention on
televised sports, although I haven't broached that subject with my wife yet.
Sports is one thing that TV does exceptionally well.  Which reminds, if you
still think soccer is boring after watching Romario of Brazil and Baggio of
Italy, then you need help.  Might as well just jump in your jammies, put on
your slippers, watch the news magazine shows, and wait for the final bell."


"Winn Schwartau" <>
Fri, 15 Jul 94 12:09:18 -0500
Now it seems that since an aviation authoritative source is talking about the
RISKS that I have been identifying for over 4 years, it's OK to be wary.  But
how easy people forget.

It is not in the best interest of the government, the FAA, the airlines or the
aircraft manufacturers to openly discuss, much less admit what *could* go
wrooonnngggg.  RISKS readers should be referred to my original works on the
subject which appear in:

    RISKS: (You know the issue better than I do.)

    Security Insider Report,   August, 1993. "The FAA Discovers
    HERF: Is John Q. Flyer in Danger?"

    "Information Warfare: Chaos on the Electronic Superhighway,"
    Thunder's Mouth Press.  ISBN 1-56025-080-1.

In ongoing research in related areas, we are presently identifying at least 19
(nineteen) actual HERF attacks against high tech organizations.  We will be
publishing the results of this work when we are permitted to release the names
and events.

I stand by the original work despite the nay-sayers.  If anything, recent
events and current discussions fully support what I have been saying since
1990: Magnetic weapons are the nuclear arms of the Information Age, and
governments from hither and yon are trying to figure out what to do about it.
Kind of puts Michelangelo in perspective, doesn't it.

Thanks to RISKS for staying on the leading edge of technology and for not
being distracted by those who would prefer the subject be kept in the closet.

risks of electronics on aircraft

Phil Overy <>
Fri, 15 Jul 94 09:55:49 BST
Since Lockerbie was caused by a device hidden by consumer electronics, and
since it appears to be at least suspected that navigational devices are
vulnerable to interference from outside consumer devices carried by passengers,
has anyone thought that a terrorist attack might be carried out on the avionics
instead?. It is not easy to screen for electronic devices in baggage etc. After
all the mail about the A320, I have come to realise that avionics are already
past the point of no return in modern jets - on an architecture programme last
night, Norman Foster was extolling the virtues of the 747; on the flight deck
was a very simple layout using four CRTs; is anyone claiming that the plane is
not avionics-dependent when the instruments are condensed in this manner?. I am
sure there are means of switching it all off, however what is the plane like to
fly after the switch-off? When my car's power steering failed, I was VERY glad
to be travelling slowly even though the steering would have been quite normal
to a van driver: I can imagine that this effect is at its worst in helicopters.

In the more mundane computer world, are any desktops vulnerable to reverse
TEMPEST attacks aimed at denying service?  We have some 286s I would quite
gladly test..

Phil Overy

Re: Laptop Danger for Airplanes

"F. Barry Mulligan" <MULLIGAN@ACM.ORG>
Fri, 15 Jul 1994 05:49:07 -0500 (CDT)
In RISKS DIGEST 16.23 it was reported:
> A cellular phone was also found on, although its owner claimed it had not
> been used.                     ^

It should be noted that a cell phone periodically transmits to the control
site so that the system knows its location, even if it's not 'in use'. A
powered-up phone could easily generate the intermittent problems reported.

Laptops in Aircraft

Fri Jul 15 07:30:47 1994
I agree we need more information on using electronic devices in aircraft.  The
following article has the most particular information I've seen yet.  However,
Idon't know if the suspect laptop computer was examined for FCC interference
compliance.  If all these "electronic devices" are so dangerous, why are our
aircraft so sensitive, and why aren't computer manufacturers shielding their
products better?

Compass Deflection

[begin quote] In cruise flight at FL310 25 NM west of the VOR, the #1 compass
suddenly precessed 10 degrees to the right.  I asked the First Flight
Attendant if any passenger-operated electronic devices were in operation in
the cabin.  She said that a passenger had just turned on his laptop computer.
I asked that the passenger turn off his laptop computer for a period of 10
minutes, which he did. I slaved the #1 compass, and it returned to normal
operation for the 10-minute period.  I then asked that the passenger turn on
his computer once again.  The # 1 compass immediately precessed 8 degrees to
the right.  The computer was then turned off for a 30-minute period during
which the #1 compass operation was verified as normal.  It was very evident to
all on the flight deck that the laptop computer operation was adversely
affecting the operation of the #1 compass.  I believe that the operation of
all passenger-operated electronic devices should be prohibited on airlines
until the safe operation of all these devices can be verified.  [end quote]

_Callback_, number 180, May 1994.  A monthly safety bulletin from The
Office of the NASA Aviation Safety Reporting System, P.O.Box 189,
Moffett Field, CA 94035- 0189  (no copyright notice displayed).

Chris Norloff

Re: Digital Display Boards on Highways (RISKS 16.24)

Don Root <>
Fri, 15 Jul 94 08:44:35 PDT
     I note that the California Department of Transportation (CalTrans) is in
the process of greatly expanding it's network of Changeable Message Signs
(CMS) and freeway surveillance cameras.  In many cases, cameras are being
installed in locations where they can observe the text on the nearby CMS.  (in
many remote locations, CalTrans is using VSAT technology to feed a CMS and
monitor a camera).

Don Root, Assistant Chief,
Telecommunications, Calif. Office of Emergency Services

EDCC-1, Final Program

"Erik Maehle" <maehle@>
Fri, 15 Jul 1994 17:07:12 +0200
                        F I N A L  P R O G R A M

             1st European Dependable Computing Conference
                           Berlin, Germany
                          October 4-6, 1994

   [The original message from Erik was huge.  I have excerpted the program.
   Send E-mail to Erik to receive the full package on-line.  There is a
   1 August 1994 deadline on getting the conference rate for the hotels, so
   act quickly.  PGN]


   * Joint Technical Interest Group "Fault-Tolerant Computing Systems" of
     the GI, ITG and GMA, Germany
   * AFCET Working Group "Dependable Computing" France
   * AICA Working Group "Dependability in Computer Systems", Italy

   In association with the Council of European Professional Informatics
   Societies (CEPIS)


   * GI Technical Interest Group "Dependable IT Systems"
   * GI Technical Interest Group "Test and Reliability of Circuits and
   * IFIP Working Group 10.4 "Dependable Computing and Fault-Tolerance"
   * IEEE TC on Fault-Tolerant Computing
   * IEEE TC on Real-Time Computing
   * EC-ESPRIT CaberNet Network of Excellence on Distributed Computing
     System Architecture
   * EWICS Technical Committee on Safety, Reliability and Security (TC7)


Organizations and individuals are becoming increasingly dependent on
sophisticated computing systems. In differing circumstances, the dependency
might for example center on the continuity of the service delivered by the
computing system, the overall performance level achieved, the real-time
response rate provided, the extent to which catastrophic failures are avoided,
or confidentiality violations prevented. These various concerns can be
subsumed into the single conceptual framework of dependability, for which
reliability, availability, safety and security, for example, can be considered
as particular attributes.

This, the first European Dependable Computing Conference, aims to provide a
European venue for researchers and practitioners from all over the world to
present and discuss their latest research results and developments. The
conference scope addresses all aspects of dependable computing, including:
fault-tolerant systems and components, safety critical systems, software
dependability, secure systems, validation, verification, testing and
evaluation. The conference program has been purposely organized in a single
track to encourage cross-fertilization between different viewpoints of
dependable computing.

EDCC-1 is the successor of two European conference series on fault
tolerance and dependability as well as on aspects of testing and diagnosis.
The first series, known as the "International Conference on Fault-Tolerant
Computing Systems" was organized (from 1982 up to 1991) by the German
Technical Interest Group "Fault-Tolerant Computing Systems". The other
series, known as the "International Conference on Fault-Tolerant Systems
and Diagnostics", was annually organized (from 1975 up to 1990) by
Universities and academic research institutions in the former
Czechoslovakia, Poland, Bulgaria and the former GDR. EDCC will be organized
every two or three years in different European countries.


General Co-Chairs
Klaus Echtle                            Dieter Hammer
University of Dortmund                  Humbold-University of Berlin
Germany                                 Germany

Program Chair
David Powell
LAAS-CNRS, Toulouse

Publicity Chair                         Finance Chair
Erik Maehle                             Volker Schanz
University of Paderborn                 VDE-ITG, Frankfurt/Main
Germany                                 Germany

International Liaison Chairs
North America: Jacob Abraham            Asia: Yoshi Tohma
University of Texas, Austin,            Tokyo Institute of Technology
USA                                     Japan


Tuesday, October 4, 1994

09:30   Opening Ceremony

10:00   Session 1: Fault-Tolerance Techniques
        Chair: Winfried Goerke, University of Karlsruhe, Germany

        A model for adaptive fault-tolerant systems
        Matti A. Hiltunen, Richard D. Schlichting (University of Arizona,
        Tucson, USA)

        Designing secure and reliable applications using FRS: an
        object-oriented approach
        Jean-Charles Fabre, Yves Deswarte (LAAS-CNRS, Toulouse, France),
        Brian Randell (University of Newcastle-upon-Tyne, United Kingdom)

        A fault-tolerant mechanism for simple controllers
        Joao Gabriel Silva, Luis Moura Silva, Henrique Madeira, Jorge
        Bernardino (University of Coimbra, Portugal)

11:30   Session 2: Formal Methods
        Chair: John McDermid, University of York, United Kingdom

        Formal semantics for Ward & Mellor's transformation schema
        Carsta Petersohn, Cornelis Huizing, Jan Peleska, Willem-Paul de
        Roever (Christian-Albrechts-University of Kiel, Germany)

        Formal reasoning on fault coverage of fault tolerant techniques: a
        case study
        C. Bernardeschi, A. Fantechi, Luca Simoncini (University of Pisa,

12:30   Lunch

14:00   Session 3: Evaluation
        Chair: Bjarne Helvik, DELAB, Trondheim, Norway

        On performability modeling and evaluation of software fault
        tolerance structures
        Silvano Chiaradonna, Andrea Bondavalli, Lorenzo Strigini
        (CNUCE/CNR, Pisa, Italy)

        Optimal design of fault-tolerant soft-real-time systems with
        imprecise computations
        Cesare Antonelli (University of Perugia, Italy), Vincenzo Grassi
        (Tor Vergata University of Rome, Italy)

        Computational restrictions for SPN with generally distributed
        transition times
        Andrea Bobbio (University of Brescia, Italy), M. Telek (University
        of Budapest, Hungary)

15:30   Break

16:00   Session 4: Hardware Testing
        Chair: Bernd Straube, Fraunhofer - EAS, Dresden, Germany

        Test generation for digital systems based on alternative graph
        Raimund Ubar (Tallinn Technical University, Estonia)

        The configuration ratio: a model for simulating CMOS intra-gate
        bridge with variable logic thresholds
        M. Renovell, P. Huc, Y. Betrand (University of Montpellier II,

        Coverage of delay faults: when 13% and 99% mean the same
        Andrzej Krasniewski, Leszek B. Wronski (Warsaw University of
        Technology, Poland)

17:30   Session 5: Fault Injection
        Chair: Jean Arlat, LAAS-CNRS, Toulouse, France

        RIFLE: a general purpose pin-level fault injector
        Henrique Madeira, Mario Rela, Francisco Moreira, Joao Gabriel Silva
        (University of Coimbra, Portugal)

        On single event upset error manifestation
        Rolf Johansson (Chalmers University of Technology, Goteborg,

18.30   End

Wednesday, October 5, 1994

08:30   Session 6: Software Testing
        Chair: Pierre-Jacques Courtois, AIB-Vincotte Nuclear, Brussels,

        Injecting faults into environment simulators for testing safety
        critical software
        Hong Zhu, P.A.V. Hall, J.H.R. May (The Open University, Milton
        Keynes, United Kingdom), T. Cockram (Rolls-Royce plc, United

        On statistical testing of synchronous data flow programs
        Pascale Thevenod-Fosse, Christine Mazuet, Yves Crouzet (LAAS-CNRS,
        Toulouse, France)

09:30   Session 7: Built-in Self Test
        Chair: Andrzej Hlawiczka, Technical University of Gliwice, Poland

        Hierarchical test analysis of VLSI circuits for random BIST
        G. Masseboeuf, J. Pulou (Laboratoire d'Automatique de Grenoble),
        J.L. Rainard (CNET, Meylan, France)

        Zero aliasing compression based on groups of weakly independent
        outputs in circuits with high complexity for two fault models
        Peter Boehlau (University of Potsdam, Germany)

10:30   Break

11:00   Session 8: Software Diversity
        Chair: Hubert Kirrmann, ASEA Brown Boveri AG, Baden-Daetwil,

        Systematic and design diversity - software techniques for hardware
        fault detection
        Tomislav Lovric (University of Dortmund, Germany)

        Detection of permanent hardware faults of a floating point adder by
        S. Gerber, M. Goessel (University of Potsdam, Germany)

        MLDD (Multi-Layered Design Diversity) architecture for achieving
        high design fault tolerance capabilities
        Aki Watanabe, Ken Sakamura (University of Tokyo, Japan)

12:30   Lunch

14:00   Session 9: Parallel Systems
        Chair: Paulo Verissimo, INESC, Lisbon, Portugal

        Reconfiguration and checkpointing in massively parallel systems
        Bernd Bieker, Erik Maehle (University of Paderborn, Germany), Geert
        Deconinck, Johan Vounckx (Catholic University of Leuven, Belgium)

        An approach for hierarchical system level diagnosis of massively
        parallel computers combined with a simulation-based method for
        dependability analysis
        J. Altmann, F. Balbach, A. Hein (University of Erlangen-Nuernberg,

        Hierarchical checking of multiprocessors using watchdog processors
        I. Majzik, A. Pataricza (Technical University of Budapest,
        Hungary), M. Dal Cin, W. Hohl, J. Hoenig, V. Sieh (University of
        Erlangen-Nuernberg, Germany)

15:30   Break

16.00   Panel Discussion:
        Future directions in dependable computing
        Moderator: Jean-Claude Laprie, LAAS-CNRS, Toulouse, France

        Algirdas Avizienis, University of California, Los Angeles, USA
        Jan Hlavicka, Czech Technical University, Prague, Czech Republic
        Michele Morganti, ITALTEL Central Reserarch Labs. Milano, Italy
        Brian Randell, University of Newcastle-upon-Tyne, United Kingdom
        Ernst Schmitter, Siemens AG, Munich, Germany

17.30   End

18.00   Boat Trip

20.30   Conference Dinner

        Invited Speaker: David Talbot, Head of Division,
        Software and Advanced Information Processing,
        DG III-Industry-ESPRIT, Commission of the European Commission

Thursday, October 6, 1994

08:30   Session 10: Fault Tolerance in VLSI
        Chair: Jozsef Sziray, Computer Research and Innovation Center,
               Budapest, Hungary

        An effective reconfiguration process for fault-tolerant VLSI/WSI
        array processors
        Yung-Yuan Chen, C.-H. Cheng, Y.-C. Chou (Chung-Hua Polytechnic
        Institute, Hsin-Chu, Taiwan)

        Concurrent error detection in fast FNT networks
        Jamel M. Tamir, Satnam S. Dlay, Raouf N. Gorgui-Naguib, Oliver R.
        Hinton (University of Newcastle-upon-Tyne, United Kingdom)

        Feasible regions quantify the configuration power of systems with
        multiple fault types
        Laurence E. LaForge (University of Nevada, Reno, USA)

10:00   Session 11: Measurement
        Chair: Tashko Nikolov, Technical University of Sofia, Bulgaria

        Software reliability analysis of three successive generations of a
        switching system
        M. Kaaniche, K. Kanoun, M. Cukier (LAAS-CNRS, Toulouse, France), M.
        Bastos Martini (CpQD-Telebras, Brazil)

        Performance of consistent checkpointing a modular operating system:
        Results of the FTM experiment
        Gilles Muller, Mireille Hue (IRISA/INRIA, Rennes, France), Nadine
        Peyrouze (Bull Research, France)

11:00   Break

11:30   Session 12: Switching Networks and Hypercubes
        Chair: K. Iyoudou, Moscow Aviation Institute, Russia

        Ring-Banyan network: a fault tolerant multistage interconnection
        network and its fault diagnosis
        Jae-Hyun Park, Heung-Kyu Lee (Korea Advanced Institute of Science &
        Technology, Taejon, Korea)

        Reconfiguration of faulty hypercubes
        Dimitri R. Avresky, K.M. Altawil
        (Texas A&M University, College Station, USA)

        Fault tolerance on Boolean n-cube architectures
        Chu-Sing Yang, Shun-Yue Wu (National Sun Yat-Sen University,
        Kaohsiung, Taiwan)

13:00   Lunch

14:30   Session 13: Distributed Systems
        Chair: Jan Torin, Chalmers University of Technology, Goteborg,

        Relative signatures for fault tolerance and their implementation
        Martin Leu (University of Dortmund, Germany)

        GATOSTAR: a fault tolerant load sharing facility for parallel
        Bertil Folliot, Pierre Sens (MASI Laboratory, Paris, France)

        A hierarchical membership protocol for synchronous distributed
        P.D.V. van der Stok, M.M.M.P.J. Claessens, D. Alstein (Eindhoven
        University of Technology, The Netherlands)

16:00   Break

16:15   Joint meeting of European Dependable Computing and Fault Tolerance
        Working Groups - open to all EDCC-1 participants

        E. Schmitter, J.C. Laprie. L. Simoncini

18.00   End

Please report problems with the web pages to the maintainer