The following, from the 17 April Government Computer News, highlights the risks from inadequate configuration control: "An audit of the $26 billion federal employees' Thrift Savings Plan found that ineffective control of software development has left the plan vulnerable to processing interruptions and may have compromised its data integrity." The article notes that the audit found: "- Between 1990 and 1993, more than 800 changes were made annually to the software. "- About 85 percent of 1993 updates, mandated or emergency changes, bypassed upfront quality assurance database testing. "- Comprehensive quality assurance testing was rarely performed. "- Six programmers, 17 percent, accounted for more than 40 percent of all 1992 and 1993 TSP software changes, for which there was little documentation." Ed Borodkin
Irish church discovers hot line to sex service (Reuters, 13 Apr 1995, via CompuServe's Executive News Service) DUBLIN, April 13 (Reuter) - A remote Irish Roman Catholic church ran up an 800 pound ($1,300) bill to a telephone sex service, but the local cleric says none of his priests was involved. The article explains that someone stole dial tone from the cordless phone and placed the calls from outside the church. The cordless phone is no longer on line. The church had to pay the phone bill. M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC) Director of Education, Natl Computer Security Assn (Carlisle, PA) [Some LISP-hacker outside the church said, "Let us play?" PGN]
Starring Gene Hacker, Sissy Cyberspacek; Hollywood Has Plugged Into Computers, and Entertainment May Never Be the Same (Kara Swisher, Washington Post, 23 Apr 1995, via CompuServe's Executive News Service) What do you get if you cross Hollywood with Silicon Valley? Siliwood? Last summer, Keanu Reeves and Sandra Bullock romanced each other as they foiled terrorists in the blockbuster action film "Speed." But this year, the two sex symbols are starring in big-budget movies cozying up to computer chips. Tinseltown is churning out a slew of cyberspace films and television shows built around people and computers. The slate of offerings grows daily, as the industry's creative minds focus on making the Internet worldwide network of computers thrilling, the illegal exploits of a notorious hacker gripping and hard disks sexy. The author explains that Hollywood can't resist taking advantage of the growing media hyperbole explosion about cyberspace. Some of the upcoming releases to watch [out] for: ..."Johnny Mnemonic," based on the William Gibson novel about a high-tech courier — played by Reeves — with a memory chip embedded in his head. Columbia Pictures Entertainment Inc.'s "The Net," ... will star Bullock as a shy computer systems analyst tossed "headlong into the middle of a murderous web of corruption and conspiracy" after she takes her keyboard where it shouldn't go. United Artists Entertainment Co. in the fall will release "Hackers," which is being flacked as a "cyberpunk thriller" whose protagonists have "awesome power at their fingertips." Walt Disney Co. reportedly is developing "f2f (face to face)" about an on-line serial killer. Fox Television recently launched "VR.5" and "Sliders," whose heroes are sexy computer geeks. It seems John Markoff is deluged with requests for movie rights to his forthcoming book about Kevin Mitnick. [Comments from MK: Oh, good, just what we needed: "Mommy, mommy, I wanna grow up to be like Kevin Mitnick!" Readers of RISKS and participants in the NCSA Forum on CompuServe may want to limber up their typing fingers and get ready to protest the glorification of criminal hackers that will likely be part of Hollywood's portrayal of people like Mitnick. It would be useful to be in the early showings of the films and write reviews for newspapers countering the errors of fact and emphasis we are likely to see.] M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC); Director of Education, Natl Computer Security Assn (Carlisle, PA)
FTC Warns Of High-Tech Swindles; Agency Gets Restraints Against 3 Companies (By Sharon Walsh, Washington Post Staff Writer, Washington Post, 21 Apr 1995, via CompuServe's Executive News Service) When Baptist youth minister Chris High of Tuscaloosa, Ala., put his inheritance into communications technology, he thought he was getting in on the ground floor of a fast-growing industry. He didn't know it is also the fastest growing area for fraudulent investment pitches. Key points from the article: o Federal Trade Commission (FTC) reports tripling in complaints about scams related to wireless licenses: 195 complaints in 1994 vs 63 in 1993. o Criminals run telemarketing operations sucking investments from victims; spend money on lavish lifestyle and more telemarketing, leaving little for licenses and equipment. o Most victims will lose their investments; total of $33 million stolen so far. o Beware of investment opportunities touting mobile radio, digital radio, wireless TV data interchange, interactive video and data services (IVDS). o Some of the criminals even call their victims back "and offer to help get lost money back — for a fee. These "recovery room" scams are up 400 percent over the last two years, according to the FTC. o The three cases announced by the FTC yesterday were: Chase McNulty Group Inc. of St. Petersburg, Fla., and its officers allegedly offered consumers partnerships in IVDS licenses for $5,000 to $6,000. The FTC contended that the majority of the money the group collected was going to the marketers, not to buying licenses. .... Digital Interactive Associates Inc. and Market Logistics Group Inc. of Florida and Colorado, ... [NOTE: On 8 May 2000, THE REMAINDER OF THIS ITEM WAS REMOVED BY PGN FROM THE ARCHIVE COPY IN RESPONSE TO A REQUEST FROM Robert T. McAllister of the lawfirm of McAllister and Murphy in Denver CO. Mr. McAllister's letter asserts that the original item in *The Washington Post* regarding DIA and MLG was incorrect in essentially all details, although his letter added that "The FTC did file a lawsuit against Digital Interactive Associates, Inc. and Market Logistics Group Inc., but that lawsuit was settled for nuisance value in April of 1999." As always, the Risks Digest makes every possible effort to ensure that information is factual, and requests that all mirrored copies of this issue be updated to correct the record. END OF ARCHIVE MODIFICATION. PGN] .... Satellite Broadcasting Corp. of Irvine, Calif., and its officials falsely represented that it was applying for a license and had the rights to distribute direct broadcast satellite television programming in Georgia, the FTC said. The company solicited investments of $10,000 to $25,000, the commission said. .... Consumers with complaints should call the national telemarketing fraud hot line at 1-800-876-7060. M.E.Kabay,Ph.D., Mgmt Consultant, LGS Group Inc. (Montreal, QC); Director of Education, Natl Computer Security Assn (Carlisle, PA)
The opponents of floating-point representation for time have done an insufficient analysis. About twenty years ago I was part of a research group doing extensive time series analysis of weather and related data. We needed a good way to represent time. Fortunately we had a few astronomers on the team, so time was reasonably well understood. We chose "second of century", using a double precision floating point representation. Analysis showed that this would preserve millisecond accuracy for the span of interest. (Actually for all of recorded history and more.) Since we usually were satisfied with one minute accuracy this seemed sufficient. There was a brief debate about using a better time base, but 12:00:01 AM GMT, 1 January, 1901 was easy to explain to everyone. There are a few applications that need better than millisecond precision, but for most of the worlds applications double precision floating point will provide enough precision for the next few millenia. (A simple test for those who are unsure about their needs. Do you compensate for the variations in the rate of the Earth's rotation? If not, you probably don't need millisecond accuracy.) This notation had some interesting side effects. At the time, floating point turned out to be somewhat faster than 64-bit integers due to a quirk of hardware. It also led to excellent compatibility with the other time series processing. Time was just another well behaved variable. This notation eliminated a lot of the mistakes made by the typical programmer who is ignorant of traditional time notations and their problems. There could have been some round-off issues, but we rarely did any arithmetic other than addition or subtraction of two times, where millisecond accuracy is maintained. It even led to a simple notation for interval time span data, e.g. "0.01 inches of rain fell between 1633 and 1647 on ...", which is how many meteorological measurements are made. The difficult problems were in translation to and from local. The most severe problem was the inherent ambiguity of local time in recent decades. There are two true times corresponding to each time in the one hour of overlap when Daylight Savings shifts back to Standard. Correctly resolving this ambiguity was always a headache. Fortunately most professional measurements have been recorded in UTC, or GMT before UTC was defined. A word of caution, double precision floating point is suitable for an internal representation of UTC, or "absolute" time. You have to do your own analysis if you are interested in timing relative to some event. Rob Horn email@example.com P.S. The turn of century problem has made The NY Times. It may be so widely hyped that almost all the problems are fixed by the time it comes. [Hmm! According to you, it comes at 1/1/01 rather than 1/1/00. I wonder who agrees with that! PGN]
> a barcode sticker was still attached to the pickaxe. Talk about risky ways of going about things! Store barcodes don't identify individual items. All you can determine from the barcode is that the hardware store sold *a* pickaxe. You *might* know what hardware store sold it (if it was a store barcode and not applied by the pickaxe manufacturer), but you can't know which pickaxe it was. Fundamentally, you'll only ever see barcodes that can identify a particular instance if there would be something else that would identify that object. For instance, truck axles have individual barcodes; those simply repeat the individually tracked serial numbers truck axles have always had. Products sold by weight, like cheese and meat, may also have individual barcodes that incorporate the weight. Normally, the barcode doesn't even incorporate all the available information about the object. It's a pure product code. A can of green beans has a barcode label that says it's a can of green beans, and the register tape will reflect that. The same can also has a lot number, so if you drop dead after you eat it, the canning company has some way of figuring out what other cans of green beans might be poisonous. The lot number is *not* encoded in the barcode, and you wouldn't be able to find it from the register information, because the grocery store really doesn't care. I assume that the article is leaving out a lot of information (for instance, that the pickaxe had the name of the hardware store on it, too, and the hardware store only sold one pickaxe recently). But I'm always amazed how willing people are to present barcodes as magic identifiers, and believe that they function that way. Perhaps it's because they look funny and aren't readable by eye? Elizabeth D. Zwicky firstname.lastname@example.org
Thursday April 20, UK Kathy Marks in the Telegraph reports that a large supermarket chain has paid substantial damages to a policeman whose description was circulated between stores by electronic mail after he complained about a joint of meat. Apparently, the E-mail message was headed "Refund fraud — urgent, urgent urgent" and gave an account of his complaint, together with details of his appearance and car registration. The policeman only found out about the message when he visited a local branch of the store to give advice about security. A friend who works there showed him a print out of the message on an internal noticeboard. The policeman is quoted: "...If this had got out unchecked it could have done me serious professional harm. I am in a position of extreme trust and there has got to be no doubt...that I am 100 percent trustworthy". His lawyer said that the out-of-court settlement amounted to "thousands, rather than hundreds" (of pounds). --- David
The April issue of the Communications of the ACM is all about Digital Libraries. More than one of the authors there alluded to the great Library that was founded in Alexandria by the Egyptian king Ptolemy I. One group even calls its project "alexandria". This library was one of the wonders of the ancient world; it contained more than 700,000 volumes at its peak. The CACM writers are optimistic that digital technology can be as much of a monument to the advancement of human knowledge as the Alexandrian Library was in its day. The other major topic of April's CACM issue is the ACM's new Electronic Publication Plan, which details a carefully thought-out set of rules for copying and citation of electronic documents and the status of hyperlinks to World Wide Web documents as citations (the ACM's position) or plagiaristic quoted inclusions (they rejected this view). The transmission of an electronic document from archive to reader poses important questions about the nature of copying to authors and publishers who expect royalties from the sale of their work, which the ACM appears to have succeeded in balancing against the cultural and technical difficulties of applying a pay-per-use paradigm to information resources released onto the Internet. But the ACM policymakers appear to have missed one of the great lessons of the Alexandrian Library. According to my encyclopedia (*), the library was kept in two buildings: one of these was a famous museum, which was destroyed by fire during the siege of Alexandria by Julius Caesar. The other part of the library was kept in the temple of Jupiter Serapis, where during the reign of Theodosius the Great, "a mob of fanatic Christians, led on by the Archbishop Theophilus, stormed and destroyed the temple, together, it is most likely, with the greater part of its literary treasures, in 391 A.D." The Alexandrian Library had endured for over 700 years, yet when it was destroyed, it was an enormous loss to humanity since its contents existed in only single copies, because of the difficulty in duplicating them. Some historians have gone as far as crediting its destruction as a principal cause of the Dark Ages that afflicted Europe for the next thousand years. The ACM Electronic Publishing Plan does not propose any measures to assure the survivability or integrity of electronic publications against disaster or terrorism. Along with the ease of copying an electronic document comes great ease in modifying its content undetectably. Perhaps a greater risk comes from simple financial pressures. Electronic documents must be maintained on functioning computer systems. When funds run short, the temptation will be enormous to purge infrequently-accessed documents from the database in order to reduce maintenance costs, or to forgo copying them to new media when upgrade time arrives. I wrote the thesis for my Master's degree as an electronic document. I still have the original, but it's on a PDP-10 format DECtape. Where can I find a machine capable of reading this tape twenty years later? What's to prevent this from happening to the contents of entire digital libraries? George McKee email@example.com +1 713 890 8122 (*) "Alexandrian Library" (1922) Encyclopedia Americana, Albany, N.Y. volume 1 [A to Annuals] p.373.
The March issue of Security Management magazine reports that manufacturers are testing some sort of nonlethal weapon designed to deliver a "high frequency pulse" that would disable any unshielded electronic circuitry hit by the beam — with the suggestion this would be used somehow by the police. Presumably this would be used in a car chase to take out a car's control circuits, possibly disabling its electronic ignition. I naively imagine a car's electronics to be fairly well shielded — the steel shell, the engine block itself, etc. — and so this may be quite a powerful pulse (perhaps a microwave-savvy reader can comment?). The article only has a paragraph on this weapon and doesn't explain the technology. I speculate about a police-car-mounted maser or perhaps just a conventional microwave transmitter of sufficient power. The risks here seem fairly obvious. First of all, risks in the actual effect of the weapon during a legitimate high speed chase — can there be any guarantee that it will only stall the engine? Supposing it takes out the power steering or activates the air-bags or does some other bizarre and dangerous thing? Then there is the question of the precise focus of the beam, and whether it might affect nearby vehicles. Presumably there is no "tracer" effect, so the shooter doesn't know if the target was hit or not. Secondly, assuming that it is a good weapon, i.e., it has good targeting, only has the effect of stalling the engine or simply reducing engine performance, etc. then it seems there would be little to prevent any random microwave-hacker from doing the same thing, relatively indetectably, especially if the weapon consists solely of a powerful microwave transmitter. Oh, as a side note, the article mentions that the device would be able to destroy any sort of computer equipment.... Laurence R. Brothers firstname.lastname@example.org
Modern sport parachute systems are frequently equipped with an automatic activation device on the reserve parachute that will initiate deployment of the reserve if the person descends through a certain altitude whilst exceeding a certain velocity, i.e., if you're low and falling fast (no parachute!) it will initiate deployment of your reserve. Currently, the most popular AAD (and by far the best made technically) is the CYPRES. When turned on, it performs a self check that tests the repeatability of the pressure sensor (to compute altitude), the integrity of the system, as well as reporting the battery voltage and testing the voltage on a dummy load. The CYPRES can activate the reserve via a pyrotechnic cutter, which, when current is applied, fires, and cuts a crucial bit of line which allows the reserve container to open. The CYPRES has only one button, and the self-test is performed each time it is turned on, with feedback to the user of the success or failure of the test. CYPRES mandates that batteries be replaced every 500 jumps, 2 years, or when the self-test fails with a battery-low code, whichever comes first. Recently (last two weeks), a CYPRES activated (i.e., the jumper was low and falling fast), but failed to cut the loop,and the skydiver hit the ground with no parachutes out. Current reports indicate that: 1) The selftest was succeeding 2) Battery voltage *as reported by the self test* was in the moderate to high range (6.2 of 5.8-6.3v) 3) The batteries were 4 years old (2 years beyond their lifetime!) 4) The unit functioned correctly when tested in a chamber with a new battery. 5) The battery apparently lacked sufficient power to heat the wire to ignite the charge A full report by the manufacturer has *not* been issued, so it is possible that there are errors in this report, however, it is correct the best of my knowledge. The question: Does violating the *written* guidelines constitute a situation in which the self-test can *fail* to report the correct status of the unit -- and should the user be aware of this failure mode? The risk: if you build in a self-test that does not in fact cover all failure modes, you are putting the user at increased risk, as people will rely on the electronic self-test, rather than the written instructions on how to use the device. In a life-or-death situation, it is RISKy to provide a self-test that produces ambiguous results. Caveat: CYPRES has been designed to be as user friendly and reliable as possible. In the 3 years since it has been widely used in the sport, CYPRES's has been responsible for saving approximately 50 jumpers who would likely have otherwise died (true positives). There have been no innapropriate activations (i.e., false negatives). There have (obviously) been millions of uses where the device has not fired, and it wasn't supposed to anyways (true negatives). This is the first incidence of a false positive, where the unit should have fired, and failed to perform. Conclusion: Read your manuals, and perform scheduled maintenance even *if* the self test might imply that it isn't necessary. Barry Brumitt, D-15427, Skydiving Instructor AFF/SL '95, CYPRES equipped
In RISKS-17.07 James@prognote.demon.co.uk (James G Henderson) wrote: > [...] that Notre Dame's organ is not suitable for concerts following >a two year restoration costing =A31.3 million (Pounds Sterling) [...] ``=A31.3 million Pounds Sterling'' sounds like quite a lot of money. On closer inspection, the restoration cost was only 1.3 million: `=A3' is the MIME quoted-printable encoding for the Pound sign (a script L). The theory behind MIME quoted-printable encoding is that it leaves 99% of the text alone, thereby allowing users with older software to grasp the essence of the message. That may be true, but it also means that the recipient of such a message will not be aware that the message he read was almost, but not quite, the same as the message the sender sent. Incidentally, MIME quoted-printable provides three codes for currency signs and all three end in a digit: the dollar sign is `=24', pound is `=A3', and yen is `=A5'. Hans Mulder email@example.com
Originally, the deadline for registration for Security and Privacy was today, April 21. However, we still have a number of openings still available, and we have extended the registration period through May 5. Instructions for registration are in the advance program and registration form. Cathy Meadows Program Co-Chair [The full program and registration information are included in RISKS-16.80. Please contact Cathy for further information. PGN]
MDS 95: 2ND CONFERENCE ON THE MATHEMATICS OF DEPENDABLE SYSTEMS 4-6 September 1995, University of York, England Sponsored by Nuclear Electric THE INSTITUTE OF MATHEMATICS AND ITS APPLICATIONS CALL FOR PAPERS (extended deadline) AND APPLICATION FORM The construction of dependable systems, by which we mean systems providing high levels of reliability, availability, safety and/or security, is a problem of considerable concern to both providers and users of information processing systems of all types. Historically, different aspects of system dependability (e.g. reliability and security) have been studied quite independently, albeit that many of the goals are similar. For example, the notion of certifying functionality assurance levels applies equally to reliable systems and secure systems. In addition, users will often require some combination of security and fail-safe operation. The purpose of MDS 95 is to consider the mathematical aspects of the provision of dependable systems, one goal being a comparison and possible unification of mathematical techniques for providing safe, reliable and secure systems. A number of different mathematical approaches have been taken to the overall problem, including probabilistic/statistical reasoning, formal models of safe, secure and reliable systems and logics of authentication and access control/privilege delegation. Papers on all these areas are solicited, the unifying theme being the application of mathematical techniques to the overall dependability problem. Hence papers will be particularly welcome that cross-fertilise the application domains. The conference will consider dependability for both hardware and software systems. PROGRAMME AND PROCEEDINGS: The conference will consist of three days of presentations by contributing authors. The programme will also include invited lectures by prominent researchers and practitioners in dependable systems theory and practice. Time will be made available for discussions. A digest of papers will be available to participants during the meeting and the proceedings will be published after the conference. PANEL DISCUSSION: The Panel will be chaired by Dr B Wichmann (National Physical Laboratory and The Open University) and led by Professor J Rushby (SRI). Other members will be announced later. The main topic will be the contribution of Formal Methods to certification. INVITED SPEAKERS: Monsieur P Chapront (GEC Alsthom, France), Professor J Knight (University of Virginia, USA), Professor B Littlewood (City University, UK), Professor D L Parnas (McMaster University, Canada), Professor F Piper (Royal Holloway, University of London, UK) and Dr C T Sennett (Defence Research Agency, UK). SUBMISSIONS: Five copies of complete papers (in English) should be sent to Mrs Pamela Bye, Conference Officer, The Institute of Mathematics and its Applications, 16 Nelson Street, Southend-on-Sea, Essex, SS1 1EF, England (Tel. +44 1702 354020, Fax +44 1702 354111, Email firstname.lastname@example.org) by 17 May 1995. [...] [For the rest of the announcement, submission standards, registration info, etc., contact Victoria Stavridou <email@example.com>. PGN] PROGRAMME COMMITTEE: Programme Chair : V Stavridou (Royal Holloway, University of London), D Gollmann (Royal Holloway, University of London), M Ingleby (British Rail Research), J Jacob (University of York), N Jefferies (Vodafone Ltd), B Littlewood (City University), R Shaw (Lloyd's Register), B Wichmann (National Physical Laboratory).
Please report problems with the web pages to the maintainer