The Washington Post printed a full page of old stock prices one day last week in their business section. According to their explanation, the data is normally stored in a file named "ap stox 2". In preparing the erroneous page, a user saw "ap stox2" (i.e. no space) "elsewhere in the machine" and used it instead. The article also says that "Steps have been taken to prevent a recurrence". I wonder what kind of steps? Educating users? Probably the most useful thing to do would be to have the date in the filename, so an old file could not be mistaken for current data. Bill Fenner firstname.lastname@example.org
The Associated Press newswire for 94.12.26 @ 02:43 EST (via CompuServe's Executive News Service) reports a case of failed identification and authentication: Sting Backfires. MIAMI (AP) -- FBI agents thought they were setting a trap by buying copies of 35 Medicare cards and selling them to a suspected fraud operation. But now the cards are being used to buy expensive leg braces and other medical equipment -- and the FBI can't track them. "The FBI lost control of the cards. Now they have a monster on their hands," a government investigator familiar with the case told The Miami Herald for a story in Sunday's issues. According to the story, Medicare spokesperson "Faye Baggiano, associate administrator of the Health Care Financing Administration in Washington," admits that they have used the social insurance number as the Medicare identifier; therefore "Medicare says it can't cancel the copied cards, which have been circulating for 16 months, because that would wipe out legitimate federal benefits to the people whose names are on those cards." Normally, Medicare "provides phony numbers that can be canceled; it is unclear why the FBI used real numbers. An analysis of just 10 of the 35 stolen cards shows "a total of $163,745 for services that the real card holders say they never got or tried to get." <<Comments by MK: yet another case where inadequate identification and authentication leads to problems--not to speak of the design error of using production data for test purposes!<> M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn.
The attached is from the headline story Tuesday 27 December of the Courier-Mail newspaper (ph: +61 7 2526011, fax: +61 7 2526696) in the state of Queensland, Australia. I thought it may be of interest to readers of "Risks" as it covers a number of themes discussed before: $25m power bungle - Report slams hi-tech move Exclusive by Ed Southorn A $25 million project to turn one of the state's power stations into an automated plant created an unsafe workplace requiring twice the number of engineers to run, a confidential report reveals. The new automatic control systems also caused more than $1.5 million damage to machinery at the Swanbank station near Ipswich. ...The audit found the Swanbank automatic control system had failed to protect the plant from damage. The system had been unable to prevent a "trip" (temporary shutdown) cutting oil flow to a turbine. This had resulted in a bent shaft leaving the turbine with reduced generating capacity. ...The automatic alarm system which tells operators how the plant is functioning was not properly operating almost two years after it was installed. ...The report found lack of adequate testing before commissioning and "waving of proper commissioning and acceptance testing procedures" and "a single-minded drive to meet target dates." [Posted by Tom Worthington, Director of the Community Affairs Board, Australian Computer Soc. Inc. email@example.com http://www.peg.apc.org/~tomw
Police in Israel have started an investigation last week to determine how the entire population registry of the country has ended up being offered for sale by a private company, on a CD ROM disk for $1200. Political parties are entitled to get the voters registry (which includes people's names, addresses, birth dates and ID number) from the Ministry of the Interior. The latest elections in 1992 were the first time this information was disseminated on a CD ROM and not just printouts; these disks should have been returned to the Ministry after the elections, and were coded and numbered, but it's not clear from newspaper reports here how this coding was done, and how this was supposed to prevent the parties or their employees from keeping their own copies. In addition to the registry (which is actually public information, though not freely available) the government-owned phone company sells a disk containing all phone books, and the government's companies registry is also available (I'm not sure if it is sold legally). All this information enabled a TV reporter to demonstrate getting the list of all companies privately directed by the minister of Finance (including the names of all other directors), or the private address and phone number of the chief of the Mossad and all of his neighbors (which were shown on screen, though with illegible resolution). Israel is a small country, but it's only a matter of time and computing power before this kind of personal information processing is available everywhere. Amos Shapir, The Hebrew Univ. of Jerusalem, Dept. of Comp. Science, Givat-Ram, Jerusalem 91904, Israel +972 2 585706,586950 firstname.lastname@example.org
Perhaps it didn't happen on Mary Payne's watch; but I do recall there was a problem with floating point in early VAX-11/780 machines. Believe it required a microcode change, and a board swap for machines equipped with a floating point accelerator. Then there was the early production G.E. 635 floating point problem which resulted from truncating, rather than rounding, a 2's complement number, giving a negative bias to the results. Supposedly (urban legend alert!) this was recognized as important when a tape calculated on one of the machines was used to operate a numerically-controlled cutting torch. The torch was supposed to cut a circular plate out of a thick piece of steel. The actual cut had a jog in it, resembling (coincidentally, I'm sure) the "Intel Inside" logo. Then there was the floating point problem early in the life of the IBM 360 series. As I recall this was not so much an error as a surprisingly sudden loss of significance resulting from the base-16 fractions, such that a shift for exponent alignment shifted four bits at a time. And I recall some allegation about an early CDC machine (1604? 3600?) in which fixed point -1 x -1 = -1.
> Is this just a ploy to line their pockets from their captive market? No. Take another look at the figures you quoted. It costs *more* to support pulse dialing. They can't go 100% touchtone until all their subscribers quit using old gear. So they have to keep the "pulse counters" around (and maintained) until then. Therefore, if you want pulse dialing, they are going to charge you $2 extra each month. This is the most *sensible* thing I've seen a phone co. do in a long time. It encourages folks to quit using pulse/rotary phones. And it gives them hard figures on how many folks still can't use touchtone.
A local newspaper in Minneapolis recently ran a short article about the year 2000 problems, and pointed out that in 1995 any five-year planning programs are at risk. Scot E. Wilcoxon email@example.com +1 612 936 0118
[With regard to Brian's "Computing Science" column in the Jan-Feb 1994 issue of _American Scientist_ (Vol. 83, No. 1, pp. 12-15), <P.O. Box 13975, Research Triangle Park, NC, 27709, 800-282-0444>, which PGN noted in RISKS-16.67, Brian has made the following offer:] For net denizens who don't read ink on paper, I can supply a plain-ASCII version of the article's text by E-mail. Send me a request at firstname.lastname@example.org. [The column is based largely on material that has appeared in the RISKS Forum over the years. (Thanks, folks!) BH]
Please report problems with the web pages to the maintainer