The RISKS Digest
Volume 16 Issue 87

Tuesday, 7th March 1995

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Authentication: (1) Vienna Marathon 1995; (2) Lotus Notes
Li Gong
Sexy photos just computer glitch
Louis Todd Heberlein
The source of semantic content
Erann Gat
Government of Singapore
Robert Ashcroft
Happy Michelangelo's Birthday
Microsoft and Lotus spreadsheet errors
Timothy Hunt
Spreadsheet Errors working paper available
Ray Panko
6-cent T-shirts
Jeremy Stieglitz
Risk system comes too late to prevent Barings' collapse
Jeremy Stieglitz
Bob Frankston
Barings: Greenspan quote
Frank E. Carey
Re: Compact Fluorescent Lights
Mike Farringdon
Re: Compact Fluorescent Lights
Carl Maniscalco
Re: Compact Fluorescent Lights
Osma Ahvenlampi
Info on RISKS (comp.risks)

Authentication: (1) Vienna Marathon 1995; (2) Lotus Notes

Li Gong <>
Tue, 7 Mar 95 10:47:47 -0800
(1) The Manchester Guardian Weekly (week ending March 4, 1995) reported
that, in this year's Vienna Marathon, the runners will have to wear
specialized computer chips buried inside (or attached to) their shoelaces.
The purpose is to ensure that the runners stay on course.  Last year, some
took short cuts while an Italian rode some distance on the underground
(subway).  [LG: It is of course easy for one runner to help carry another's
shoelaces, but at least collusion is now required.]  [Or, put your shoelaces
on an accomplice's bicycyle, and take public transit?  PGN]

(2) On a different matter, Cynthia Dwork of IBM Almaden wrote in ACM SIGACT
News 26(1) (March 1995) that the authentication procedure using public-key
systems in Lotus Notes, as described in its "Internals online book", has
security flaws.  Lotus's response is (1) the actual system does not work as
described in the manual and (2) how it actually works is proprietary
information.  [LG: (1) is dangerous by itself, and if (2) is true, then why
pretending to describe the procedure in the first place.]

Li GONG     Email:   Tel: 415-859-3232  Fax: 415-859-2844
SRI International, Computer Science Lab, Menlo Park, California 94025, USA

sexy photos just computer glitch

Louis Todd Heberlein <>
Mon, 6 Mar 95 09:00:54 -0800
>From an Associated Press story entitled
  "Sexy photo just a computer glitch, lab worker says"

A Lawrence Livermore National Laboratory employee was found innocent of
misusing lab computers to store sexy photos.  Accused of accessing 33 photos
of bikini-clad women from an Internet site called "supermodels", the
employee said he thought the photos were related to engineering.

The employee has been promoted since the initial charges.

The source of semantic content

Erann Gat <>
Sun, 5 Mar 95 18:50:01 PST
It's probably old news for RISKS readers, but a very difficult concept for
lawmakers, that the semantic content of bit streams is in the eye of the
beholder, and that the apparent correspondence between bits and semantics is
the result of engineering convention and not an inherent property of the
bits.  Any attempt to legislate the content of digital communications is
therefore doomed to fail because it is trivial to hide the source of
semantic content.  The following is a simple example of how this can be
done; much more sophisticated examples are possible.

Imagine that Senator Exon's bill has pased, and it is now illegal to
transmit pornography on the net.

I take a pornographic image file P and encrypt it with a one-time pad.  That
is, I generate a string of random bytes the same length as P, and
exclusive-or corresponding bytes.  The encrypted image I put in a file
called F1 and the one-time-pad key I put in a file called F2.

F1 and F2 have some interesting properties.  They are both random bit
streams, completely devoid of semantic content.  In fact, there is no way to
tell which file contains the encrypted image and which file contains the
key.  They are mathematically indistinguishable.  All the information in P
is now encoded in the *correspondences* between the two files.  There is
really no information in either file. If either file is lost, P is
absolutely unrecoverable.

Now suppose that I email F1 to person A and F2 to person B.  Then A and B
exchange F1 and F2.  A and B each can now recover the original image. Has
the law been broken?  Who broke it?  All anyone did in the above scenario
was to send a random bit stream to someone else.  At no time did anyone send
a bit stream with any identifiable semantic content.

One might argue that I broke the law by sending out two files that I knew
could be combined to produce a pornographic image.  So imagine now that A
sends a random bit string F1 to B, who then uses this as a one-time pad to
encode P, which B then sends back to A.  Has the law been broken?  Who broke

This scenario has an interesting subtlety.  In order to prove that B has
transferred information to A and not vice-versa it is necessary to prove
that A sent F1 *before* B sent F2 (since there is no way to distinguish F1
and F2).  So B could never be convicted of violating the law, since he could
always claim that he had sent F2 before receiving F1, and that therefore A
had transferred P to him rather than vice versa.  Even if the government had
timestamps to show that F2 was sent after F1, B could claim that this was
simply a retransmission.

If A and B exchange P in this way, then they can individually publish F1 and
F2, from which anyone can recover P, but both A and B can plausibly deny
having done anything but publishing a random bit stream.

The DA might try to prosecute both A and B on a conspiracy charge, but it is
not necessary for A and B to have conspired.  The mere knowledge that random
bit streams can be used in this manner might prompt some people to start
sending random bit streams around.  Without reliable time stamps there is no
way to trace the introduction of semantic content.  So as soon as anyone
starts to transmit one-time-pads, everyone can publish anything and no one
can be prosecuted for it.

The RISK here is that the government will not realize that attempts to
legislate content is a hunt for cybersnarks, and that transmitting random
bit streams may soon become a crime.

Erann Gat

   [The situation is even more complicated by the availability of
   programs that mask encrypted messages as graphical image files
   (.gif), so that irrespective of their REAL content, a message
   appears to be an innocuous picture.  PGN]

Government of Singapore

Robert Ashcroft <rna@GSB-Pound.Stanford.EDU>
Tue, 7 Mar 1995 14:08:14 -0800
This week's Economist (issue of March 4) has an article about the attitude
of the Singapore govt to soc.culture.singapore and the idea of the Internet
in general.

The Singapore govt is perhaps not the most liberal in the world, and in
particular is highly critical of "western influence".  On the one hand it
seeks to keep Singapore technologically up to date by wiring the country to
the Internet, on the other hand it seeks to maintain control over what its
population sees, two obviously incompatible goals.  In particular it's
concerned about "incorrect" things written in soc.culture.singapore.  The
information minister, George Yeo, suggests that the youth league of the
ruling People's Action Party should set up some sort of truth squad to
counteract incorrect posts.

This is a road down which I would just as soon not have a government walk.
Could they resist taking the next step, namely forging cancellations and so
forth (as for instance, the Church of Scientology seems to have done)?

The Internet _is a threat to any regime that tries to restrict in anyway
what their people see.  My own feeling is that any attempt to control it,
short of disconnecting it altogether, will be doomed.  As The Economist
notes, on the Internet, nobody gets the last word.  However, I imagine there
will be numerous battles before that sinks in.  I wonder how many
intelligence agencies now have separate Internet sections, studying such
things as Internet sabotage methods and the like.


Happy Michelangelo's Birthday

Tue, 7 Mar 95 17:45:03 PST
Guy Webster, in an *Arizona Republic* article, Michelangelo Virus Catches
More Businesses This Year reported several strikes this year.

* Denise Bayless' PC found scrambled data and software on the hard-drive.

* ``This year has been the worst, without question,'' said Ken Coleburn,
owner of a computer consulting firm in Tempe.  His company fielded 140 calls
this year, compared with about 30 last year.  He suggested this might have
been due to Michelangelo's birthday falling on a workday this year.

* RG Software Systems in Scottsdale, Ariz., which sells anti-virus software
to large companies worldwide, was contacted by three prospective customers
in other states Monday.  They apparently had lost crucial computer data to
Michelangelo, RG Software owner Ray Glath said.

   [Several other sources elsewhere — presumably more careful — reported
   no troubles.  PGN]

Microsoft and Lotus spreadsheet errors

"Timothy Hunt [Assistant Unix Systems Manager]" <>
Mon, 06 Mar 95 14:41:01 +0000
Suppliers admit to spreadsheet errors [Computing, 2nd March 1995, p.11]

Microsoft and Lotus Development have admitted that their spreadsheet
products may produce inaccurate results because of an inherent problem with
the design of all computers.  Mistakes can occur in precision calculations,
of the kind required by engineers and users in the scientific, banking and
finance sectors.

Andy Lees, desktop marketing manager at Microsoft UK, said rounding errors
may sometimes occur in Excel calculations set to a significant number of
decimal places.  He said this was due to the conversion of base 10 decimal
numbers into base 2 binary digits recognised by computers.  Lees played down
the problem, saying the margins of error was `very small' and that few would
come across it.

However, users in at least one large merchant bank were last week warned to
take extra care over calculations in Excel.  Barry Ward, technical support
manager at Computacenter, which is providing the bank with PC support
services, fears users may be unaware of the problem.  He added that the bank
stumbled across the error when one of its users manually checked
calculations against computer-generated results.  `I've been in the computer
business for 19 years and have never come across this problem before.  In my
opinion, this could throw a spanner in the works for a large multinational
company,' he added.

The user was adding and subtracting a simple set of figures: 120, 30.8, 20.5
and -120, -30.8 and -20.5.  Instead of zero, the result produced was -1.43
E-15.  Ward claimed changing the order of numbers produced different

According to Microsoft's Lees: `There is a limit to the level of accuracy
you can get with computers.  In Excel a rouding error will sometimes appear
on the fourteenth or fifteenth decimal place, but it will be very small.
Excel has a high degree of accuracy.'

Lotus Development acknowledged that some users require high levels of
precision in calculations, but claimed that rounding errors in its 1-2-3
spreadsheet can be avoided by formatting cells.

[This article reminds me of part of a course during my degree looking at
the problem of calculations in the Floating point domain (|F).  It is often
wrongly assumed that |F and the Real domain (|R) are equivalent, but because
of limits in the space to store a number, while it is always true that
  a+b-b = a; a,b member of |R,
it is NOT always true that
  a+b-b = a; a,b member of |F.
The course also looked into ways of designing algorithms to try and detect
and prevent errors of this kind occurring.]

Timothy J. Hunt, The Institute of Cancer Research, Royal Marsden NHS Trust,
Downs Road, Sutton, Surrey England SM2 5PT +44 (0)181 642 6011 x3312

Spreadsheet Errors working paper available

"Ray Panko" <>
Tue, 7 Mar 1995 14:13:39 -1000
We have just finished a working paper on spreadsheet errors.  The working
paper describes our experiment.  It also discusses earlier experiments and
field audits.  The paper also presents a taxonomy of spreadsheet errors.

The good news is that laboratory spreadsheeters only have about the error
rate per cell as professional programmers do per program statement.  The bad
news is that while professional programmers go on to the next step of deep
debugging, spreadsheet developers do not do this frequently.  Overall, it
looks like a significant fraction of the hundreds of millions of
spreadsheets produced each year have errors.

The paper is in Word for Windows 2.0 format.  You may get it via anonymous
ftp from After logging in, go to the Panko
directory.  Then the SSERRORS directory.  The file is SSWPMAR.DOC

I would value any comments and suggestions you might have.

Also, please keep in mind that we will be having a minitrack on risks in end
user computing at the January 1996 Hawaii International Conference on System

Aloha, Ra3y (the 3 is silent)

Prof. Raymond R. Panko, Decision Sciences, College of Business Admin.,
University of Hawaii, 2404 Maile Way, Honolulu, HI 96822 (808) 956-5049

6-cent T-shirts

Jeremy Stieglitz (S&T OnSite) <>
Mon, 6 Mar 95 09:56:00 PST
I recently encountered two RISKS surrounding cash registers. The first
occurred while I was on holiday in Arizona. I was caught in a downpour on
the golf course and decided to buy an inexpensive t-shirt at the drug store.
The shirt was on *special* sale, three for ten dollars. When I went to pay
for the shirt, the clerk had no problem remembering the price, but an
insurmountable problem entering the price into the cash register. No matter
what he tried, the register was beeping and chirping everytime he tried to
enter 1/3 of $10.00 as a price. (Perhaps this was simple human error, but
there is still a RISK here...) After a rather long line was starting to form
in my line, I said to this gentleman, "look, just ring it in as $3.50." He
said he couldn't do that and kept trying to enter the proper price. After
what seemed like ten or fifteen tries, he managed to enter something that
was accepted by the register, and turned and smiled at me and said, ".06
cents please."

And then, just last week, I needed a shallot for something I was cooking.
The grocery store I went to had some very expensive shallots, something like
16$ a pound! So I took a very small bud and went up to the cash register.
The clerk put the bud on the scale, and it came up as 0.0 ounces, which it
would not accept. (The scale automatically deducted .1 ounce for the plastic
bag.) But I hadn't put a bag on the shallot. Once again, after several
tries, and a line forming behind me, I suggested she just tip the scale with
her thumb. She wouldn't go for it. She let me have the shallot for free.

The RISKS here seems to be when technological advances do not allow for
other alternatives.These automated registers probably do make balancing the
books a lot easier at the end of the day, but they don't seem to be very
flexible. In the old days, both clerks could have simply entered any price
they wanted in their registers. Nowadays, with their complete reliance on
these automated registers, balancing the register and not the balance sheet
seemed foremost to these clerks. And for lucky consumers like me, sometimes
we end up with .06 cent t-shirts and free shallots.

Risk system comes too late to prevent Barings' collapse

"Timothy Hunt [Assistant Unix Systems Manager]" <>
Mon, 06 Mar 95 13:48:05 +0000
[Article in Computing, 2 March 1995, front page]

Risk system comes too late to prevent Barings' collapse

Collapsed merchant bank Barings was only months away from installing
a risk management system in its Far East offices which was intended to
alert senior executives to gambles being taken with the company's money.

Barings, the UK's oldest investment house, was plunged into financial ruin
last weekend when 28-year old Nick Leeson lost more than UKP 750 million
of clients' funds on the Singapore derivatives exchange.

In January 1994, the bank began rolling out a communications architecture
called BORIS (Barings Order Routing & Information System) to improve the
processing of information about deals.  Prior to this, Barings staff had
used paper and fax machines to excahnge information.

BORIS had gone live in London, Tokyo and New York, with Barings' Far East
offices, including Singapore, set to follow by mid-1995.  An extension to
BORIS, dealing specifically with risk management, went live in London HQ
in the last few weeks and was also set to be rolled out in the Far East
in the near future.

Dealing in derivatives involves betting on the movement of shares on national
stock exchanges and carries substantial risk of losing vast amounts of money.

Frank Ranger, a director of City Consultants, said any system intended to
manage that risk needs access to data from every market involved in the
transactions.  `There is a clear need to get consolidated informatin from
products in some sort of control function,' he said.

Peter Hynd, Barings' assistant IT director, was unavailable for comment,
but sources believe the bank's existing settlement system contributed to
the collapse.

The Cash Risk Management system was supposed to flag cash positions, but
if settlements were not processed according to the bank's procedures, it
could not do so.

Timothy J. Hunt, The Institute of Cancer Research, Royal Marsden NHS Trust,
Downs Road, Sutton, Surrey England SM2 5PT +44 (0)181 642 6011 x3312

Securities (as opposed to security?)

Sun, 5 Mar 1995 18:20 -0500
As the Derivative fiasco continues to unfold I keep thinking about how much
it sounds like the typical computer risk though it is an age old financial
fiasco. But the resemblance is not just coincidence and it helps in putting
the computer risks in perspective. The key characteristic of both is that
the effect of an action is out of proportion to the action itself and is not
(easily?) predictable. In both cases, hubris is the killer. Fortune had an
update on article on the issues (pun?). It is a world populated by those who
invest millions or billions on hunches and, even more scary, make bets best
of formulas they do not understand. Perhaps no one understands. Sounds like
software. (Sounds also like the sophomore effect — a naive belief in the
magic of the new trick one has just learned)

Like software, used with a reasonable understanding and modest goals,
derivatives can be effective tools (ironically, to reduce risk). Like
software, complexity and a lack of reality checking leads to disaster. And
like software, success can breed disaster by encouraging one to plunge deeper
and deeper. A billion dollars is a lot to lose, but companies have been
brought down by software bugs.

Barings: Greenspan quote

Frank E. Carey, Bell Labs <>
Mon, 6 Mar 95 09:16:03 EST
``The one thing the Barings episode illustrates is the productivity for
making losses has gone up very significantly in the last 25 years.  You
couldn't write the execution slips fast enough 25 years ago to lose as much
money as was lost by one idividual, aided by terrific technology.''

Alan Greenspan, chairman of the Federal Reserve, quoted in *The New York
Times*, 6 March 1995.

Re: Compact Fluorescent Lights (RISKS-16.84)

Wed, 1 Mar 1995 10:14:05 GMT
We use a light box containing four fluorescent tubes for SAD (Seasonal
Affective Disorder) and noticed two weeks ago that the remote controls for
TV & VCR wouldn't 'control' when the light box was on.  This seems to be the
same symptoms that Suffern noticed with compact fluorescent lights.

Incidentally, while we've only been using the light box for
three months, it does appear to alleviate SAD symptoms.

Mike Farringdon

Compact fluorescent lights and infrared weirdness

Thu, 2 Mar 1995 20:38:13 -0500
I suppose this isn't really a computer Risk, but someone might find it
interesting anyway. Edward S Suffern's report of compact fluorescent lights
causing malfunctions in his infrared remote control devices (RISKS-16.84)
reminded me of a related problem that I ran into in my former job as the
chief technician for a cable televison system.

My installer had reported a problem with a converter that he had just
installed (to aid in converter control, installers were issued only enough
of set top units to complete their scheduled installations for the day. Any
problems encountered were referred to allegedly more trustworthy members of
the technical staff.) This converter was equipped with an infra-red remote
control device. When I arrived at the subscriber's home, the display on the
converter was showing "7" and no matter what channel I attempted to turn it
it to, the converter always changed back to channel 7. I installed another
box, assuming that it would solve the problem--CATV converters are
notoriously unreliable despite what your local cable company might tell you.
The new converter exhibited exactly the same behavior.

Baffled, I stood next to the TV set scratching my head until I happened to
turn towards the viewer's sofa and noticed sunshine glinting off the
whirling, chrome-plated blades of an electric fan running by the window--and
a lightbulb went on inside my head. Sure enough, when I turned the fan off,
the problem went away. Turning the fan back on caused the problem to

It seems that the moving blades of the fan were pulse-modulating the
sunshine in exactly the right manner to confuse the infra-red receiver in
the converter into thinking it was getting the "change to channel 7" command
from the remote.

I spent almost another ten years in the industry after that and never ran
accross that particular problem again.

Carl Maniscalco (  San Diego, CA

Re: Compact fluorescent lights (RISKS-16.84)

Osma Ahvenlampi <>
Fri, 3 Mar 1995 22:20:45 GMT
In RISKS-16.84, Edward S Suffern <Suffern@DOCKMASTER.NCSC.MIL> wrote of
energy saving fluorescent lights affecting TVs and other remote controlled
equipment, suspecting that these type of bulbs emit infra-red enough to
confuse remote receivers. This is slightly inaccurate. Energy saving light
bulbs actually emit less infra-red radiation than a normal incadescent bulb.
However, the light is "strobing" at the 50kHz range, which is about the same
as the pulse frequncy of a common remote control. Some receivers (simpler
designs) get confused by this, and that's what caused the malfunction.

Please report problems with the web pages to the maintainer