The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 18 Issue 12

Wednesday 15 May 1996

Contents

o Software piracy
PGN
o "Call Girls" web site [Name withheld by request]
o Morphing Character 217 in Macintosh Geneva Font
Paul Robinson
o The risk of adding protection
Ray Todd Stevens
o Troubleshooting ValuJet after the crash
Phillip C. Reed
o Re: Internet in danger
Jim Carroll
Kevin Stock
o Re: Odds of an accident for the Challenger
Michael Wild
John W. Cobb
o Discussion Drafts of Medical Records Privacy Legislation
James Love
o The SEI Software Engineering Symposium
Carol Biesecker
o Info on RISKS (comp.risks)

Software piracy

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 14 May 96 8:43:35 PDT
  "Software Pirates Loot Silicon Valley;
  Hong Kong street vendors hawk hot software"

An article by Jeff Pelline in the *San Francisco Chronicle*, 14 May 1996,
p. C1 aptly summarizes some of the basic problems of software piracy:

 * Two CD-ROMs with more than 100 programs (Windows 95, Windows NT,
   AutoCad, LotusNotes, Xing's Mpeg, ...) valued at $50,000 go for
   $70 from a Hong Kong street vendor (pushing something that looked
   like a hot-dog cart).  These items (and many conventional CDs as well)
   come from pirate operations in southern China [apparently turning out
   legitimate products when the "inspectors" are around for an hour or so,
   and hot stuff the rest of the time -- on a 24-hour production schedule].

 * Pirated software costs an estimated $12 billion annually worldwide.

 * "More than half of all software in existence today is lost to piracy."

 * An estimated 98% of the software sold in China is pirated -- to the
   tune of 200 million copies a year; in Brazil it is 95%, in Russia 94%.
   Korea is at 78%, Japan at 67%, the U.S. at 35%, according to a chart
   attributed to Glenco Engineering, Inc.

     [No one seems to mention the devious opportunity for
     Trojan horses being added inside the pirate shrinkwrap.]

     [If it's a floppy, it might be a copy.
      If it's a disk, you're also at risk.
      If it's a pirate, the vendors are irate.
      To avoid such frustration,
        try: Free Software Foundation.
      (Not enough BurmaShavian literature anymore?)]

[Considering the volume and issue, this item must be an 18.12 OVERTURE.  PGN]


"Call Girls" web site

<[Name withheld by request]>
Mon, 13 May 1996 15:09:47 -0700 (PDT)
Just fire up Ye Olde Web Browser, and open the URL
                              [URL withheld by Moderator's Standards.  PGN].
It'll show you a curvacious, scantily-clad female member of our species, ask
you for your phone number (including area code), and then a female with a
sexy voice will call you right back and say, um, "things" (ahem), to you.
Yes, that's right, a call-back phone-sex system on the Web.

But of course, it doesn't take much imagination to realize you don't have to
type in *your* phone number.  How about your boss's?  Or his wife?  Or your
not-so-favourite right-wing member of parliament/congress?  This could be
one of the best ways to get 'net censorship going: have these sexy voices
call up a random, powerful right-wing politician.  This is just a variation
of the old "order a large pizza with all the toppings to the house across
the street" trick we loved to do as teenagers.  Except the risks are
potentially more dangerous.


Morphing Character 217 in Macintosh Geneva Font

Paul Robinson <paul@TDR.COM>
Mon, 13 May 1996 08:09:13 EDT
I discovered an unexpected condition when attempting to do some printing of
a document created on the Macintosh, in that the character code using ASCII
217 in the Geneva font does not appear onscreen the same way depending on
what size it is.

I suspect this is an issue with other characters and character sets.  I know
there is a feature to select a certain character, usually a "box" to display
in place of characters not defined for a certain font, in order to show that
something is there, not merely either a blank or nothing at all.  Since I
would expect that to be consistent, that is acceptable, and in fact, much
more desirable behavior, e.g. if the character is undefined in a particular
character set, a square is printed, to show that the character is
unprintable (undefined) in that set.

But *this* behavior is both unexpected and undesirable.

What I discovered is that a character in a specific font on the Macintosh
can be "amorphic", in that it can be a different appearance depending on
whether it is printed or displayed on screen, and depending on what size it
is displayed at.  Now, I'm not talking about the difference between the
appearance of, for example, the letter "S" when shown onscreen and when
printed with a 9-pin dot-matrix printer and the appearance when printed with
a 300dpi laser or inkjet. No, I'm talking about selecting, say, an character
containing the image of a Star of David, and printing out a Hammer and
Sickle!

Some characters on some sets produce some interesting effects, including
such symbols as the entire Zodiac; various stars, both circled and squared,
white and black; arrows going in 8 directions, various other symbols such as
icons of telephones, scissors, greek and mathematical symbols, and many
others.

These symbols can be useful for various enhancements to a document.  For
example, one could print a coupon, and use the scissor symbol on the dotted
line with the words "Cut Here" to make a much nicer looking image.

But when displaying some sets, what you see isn't always what you get!

Here is an exact explanation of what I did and what I discovered:

I created a macro using the Word Basic programming language that is included
as a part of Microsoft Word for the Macintosh.  This macro created every
character in the Ascii set from 0 to 255.  I deleted all the nonprinting
characters (0-31), and left the rest that did show.

I changed the default font, which happens to be Times, to various fonts in
the collection we have for the purpose of creating a display of all the
different symbols and special effects characters such as arrows, borders,
and indicators such as superscript and subscript characters.

In one case, When I changed the font Geneva from 12 to 20 point, I noticed
something odd.  The character I later determined to be ASCII 217, in Geneva
12 point, appeared as an image of a rabbit.  In 20 point, however, that
character metamorphicized into the image of a Macintosh computer!

It gets more interesting.  I tried the different font sizes available, and
this is what I saw:

  Point  Character
   8     Upper Case Y with two dots above
   9     Image of a sheep
   10    Image of a Macintosh
   11    Upper Case Y with two dots above
   12    Image of a rabbit
   14    Image of a dog
   16    Upper Case Y with two dots above
   18    Image of a sheep
   20    Image of a Macintosh
   22    Upper Case Y with two dots above
   24    Image of a rabbit
   26,28,36,48,72   Upper Case Y with two dots above

The behavior appears to be consistent; the "special" images reappear at the
doubling of the character (except the "dog").  What is notable about this is
that when the character set is printed out on an Apple color inkjet printer,
what does appear - at the appropriate 8 to 72 point size as is used - is the
specific character, the upper case Y with two dots above.  (I can't yet
remember the exact name for that mark, I think it is called an umlaut.)

As for the risks, the example I gave above is pretty clear.  (Oh yes, the
Star of David and the Hammer and Sickle are available, but fortunately they
are different characters in different fonts!)

I am reporting this because I believe that if it happens in one font it can
happen in others.  Consider a font designed so that the $ appears as the
British pound sterling when printed, or the #, and it could cause
misunderstandings, perhaps even legal problems.  Especially if - and it is
possible - the printed output, having been checked several times in previous
revisions, is merely given a cursory glance when reprinted using a slightly
larger font.

It is well understood that Postscript is a programming language, and with
all the risks and benefits that implies.  But font files may or may not be,
depending on the system or the application, and that opens up a whole new
can of worms.

Unexpected behavior in a rarely-used symbol is, in-and-of-itself not a big
deal.  But in other contexts it could be, and thus I considered the issue to
be worth reporting.

Paul Robinson, General Manager, Tansin A. Darcos & Company/TDR, Inc.

  [I am curious about the upper-case Y-umlaut.  German, Turkish, and Swedish
  (for example) use umlauts (as does English, for diaeresis), but I have
  *never* seen an upper-case Y-umlaut.  I have seen Dutch names (Edsger
  Dijkstra's, for example) in handwritten Dutch appear with the i and j run
  together as if they formed a "y", with the dots over the i and j appearing
  as a y-umlaut (in lower case only).  Perhaps this is one of the
  Power(book) Morphin' Dangers?  PGN]


The risk of adding protection

"Ray Todd Stevens" <raytodd@tima.com>
Wed, 15 May 1996 13:13:01 +0000
I ran into an interesting risk recently.  A computer is located where it is
hard to gain physical access.  This computer some times needs reseting.  To
this end a system to remotely turn the power off and back on was installed.
Recently it was decided that this computer must operate in the case of a
power failure.  As a result a UPS was installed.  You guessed it, we now
can't remotely reset the computer.

Ray Todd Stevens  Senior Consultant  Stevens Services  R.R. # 14 Box 685
Bedford, IN 47421  (812) 279-9394  Raytodd@tima.com


Troubleshooting ValuJet after the crash

"Phillip C. Reed" <reedpc@libbey.com>
Wed, 15 May 1996 09:46:44 -0400
As part of the aftermath of the ValuJet Florida crash, the FAA announced
that they will be scrutinizing all of ValuJet's procedures, including flying
inspectors in the cockpit to watch the crew at work.  Exactly what they
expect to find doing this is cloudy to me, given the `observer effect'.
It's axiomatic that the crew will behave differently with an inspector
peering over their shoulder.

The RISK is that the FAA will waste a lot of time and energy looking at
something that won't give them useful information. Perhaps it's time for
video cameras in the cockpit?

Phil Reed  Libbey Inc  reedpc@libbey.com


Re: Internet in danger (RISKS-18.11)

"Jim Carroll" <PJCARROL@ca.oracle.com>
Tue, 14 May 1996 11:04:05 -0400
I seem to recall hearing a CBC Radio report on a similar situation
developing in Germany in, if memory serves, January of this year.  The
target which they were attempting to quash was hate literature.
Surprisingly (because I'm Canadian), the report mentioned that most of the
hate literature on the Internet originates in Canada.  (This begs the
question of the source and reliability of this statistic.)

As I remember it, the German government was taking issue with this material,
and figured (similar to the case in France) that the best approach was to
hold the ISPs legally accountable.  The reaction on the part of the ISPs was
to cut off any newsgroup deemed to be inappropriate.

What surprises me is that nobody is fingering the telcos using the same
slippery-slope arguments, ie, providing the hardware and the bandwidth.

Perhaps someone with a better recollection of events than I could give this
story better clarity.

Jim Carroll <pjcarrol@ca.oracle.com>  Principal Consultant, Core Consulting
Oracle Corporation Canada Inc.


Re: Internet in Danger (RISKS-18.11)

Kevin Stock <kstock@Auspex.Com>
Wed, 15 May 96 04:14:17 PDT
There have been similar reports to this from various places for some time.
However, one extra detail did catch my interest; France Telecom (the French
state-owned telephone service) recently launched its own Internet access
service under the name 'Wanadoo'. I wonder if it will also withdraw from
providing the News.


Re: Odds of an accident for the Challenger (Green, RISKS-18.10)

Michael Wild <mwild@iee.org>
Mon, 13 May 1996 23:44:17 -0700 (PDT)
A discussion of the Rogers report from the perspective of organizational
psychology can be found in Chris Argyris, _Overcoming Organizational
Defences_ (Allyn & Bacon, 1990). Inter alia, he says ".. the Rogers
Commission unwittingly strengthened the organizational routines that caused
the problems in the first place." I would commend Argyris' book to anyone
seeking to understand the attitudes that underly many of the RISKS discussed
in this forum.

Michael Wild  <mwild@iee.org>, <michael@kyrie.demon.co.uk>


Re: Odds of an accident for the Challenger (Green, RISKS-18.10)

John W. Cobb <cobbjw@ornl.gov>
Wed, 8 May 1996 18:22:05 -0400
>Nowhere in this volume could I find a reference to the numerical odds
>of a shuttle accident.

A lot of what Feynman's personal conclusions are not in the volumes.
Perhaps you remember the minor flap about Feynman's addition of a separate
appendix.

However, Feynman did publish several other accounts (and some video
interviews) discussing these issues, including the probability of failure.
I don't remember the exact reference source but some places to look are:

1) Feynmen's "So what do you care what other people think?" (or some
similar title).

2) A Cover story article in Physics Today soon after the report was issued.

Both of these are good reads in and of themselves as well as being
excellent supplementary sources on the Challenger episode.

Feynman's role on the Roger's commission raises another issue that is
worthy of discussion here. Do we help or exacerbate risks with our methods
of ex-post facto accident investigations (Challenger, air-crashes, Exxon
Valdez, ...) ?

Feynman seemed to feel that some very important issues about the management
structure at NASA were not included in the Roger's report and that
consequently were not being addressed. This does not include items in the
report that have not been vigorously pursued (a debatable proposition in
and of itself).

Do investigations reveal problems and fix them or do they simply serve to
identify scapegoats? What's more, how do we define investigation ground
rules to favor the former over the latter?

These are the critical questions to ask in order to reduce the probability
of another challenger

John W. Cobb, Off. Computing&Network Management, Oak Ridge National Laboratory
MS-6486 Oak Ridge, TN 37831-6486  1-423.576.5439  cobbjw@ornl.gov


Discussion Drafts of Medical Records Privacy Legislation

James Love <love@tap.org>
Tue, 14 May 1996 19:05:23 -0400 (EDT)
   [Sent to RISKS via Stanton McCandlish <mech@eff.org>.  RISKS
   generally eschews such postings.  However, this one may have broad
   appeal to readers in the U.S., and far-reaching implications. PGN]

Re: Getting Copies of "Discussion Drafts" of Med Privacy Bill Online

This is a sign-on letter to Senators Kassebaum and Warner, asking that the
Senate make copies of its "discussion drafts" of S. 1360, the Medical
Records Confidentiality Act, on the Internet.  The discussion drafts reflect
the current versions of the controversial legislation, after negotiations
between various Senators and lobbyists.

Currently these drafts are only distributed in paper, and are mostly
available to Washington DC lobbyists.  Senator Kassebaum controls access to
the discussion drafts, and Senator Warner is in charge of Senate rules on
topics such as public access to Senate documents.

The letter has been signed by Gary Ruskin, Director of the Congressional
Accountability Project, Lori Fena, Director of the Electronic Frontier
Foundation, James Love, Director of Consumer Project on Technology, and Jim
Warren, a well known computer journalist and information activist.  To add
your name, send a note to Gary Ruskin at gary@essential.org.

   The letter follows:

Senator Nancy Kassebaum, Chair
Committee on Labor and Human Resources
428 Dirksen Senate Office Bldg
Washington, DC 20510-6300

Senator John Warner, Chair
Committee on Rules and Administration
305 Russell Senate Office Bldg
Washington, DC 20510-6325

Dear Senators Kassebaum and Warner:

We are writing to express the frustrations of many American citizens who
cannot effectively monitor the actions of the U.S. Congress, because the
Senate does not give ordinary citizens the same access to key legislative
documents that it gives to interest groups that can afford full time
lobbyists.  Our immediate concern is the refusal of the Senate Labor
Committee to provide online access to a series of discussion drafts of S.
1360, the Medical Records Confidentiality Act.  This controversial
legislation seeks to pre-empt state laws in favor of a federal system
regulating access to personal medical records.  The legislation is
controversial and complex and the stake holders are many.  Privacy and
consumer groups say the legislation provides too much access and too little
privacy, while industry groups are pressing for even easier access to
identified medical records.

The legislation was introduced last October.  Beginning in April, the
Committee on Labor and Human Resources has prepared several "discussion
drafts" for a new chairman's mark.  These drafts have been given to
lobbyists, but the Committee staff has refused to make the text of the
drafts available on the Internet where they would be readily available to
the general public.  As a consequence, as Equifax, IBM, Dun & Bradstreet,
TRW, Blue Cross, Aetna, and other groups with full-time lobbyists read each
and every new discussion draft, the general public mistakenly believes the
October 24, 1995 version of the bill represents the relevant text of the
legislation.

Why keep the discussion drafts from the general public?  The bill is very
long, and it is costly and difficult to distribute the bill in the paper
formats. Most citizens don't have any way of even knowing that the various
discussion drafts even exist.

With efforts to push for a rapid mark-up on S. 1360 it seems urgent to
resolve this issue soon.  More generally, however, the Senate should adopt
new rules about access to the various types of "unofficial" drafts of bills,
including committee prints, managers amendments, chairman's marks, and
widely disseminated discussion drafts, which are the real stuff of the
legislative process.  The text of these important documents should be placed
on the Internet for the benefit of the general public, as soon as they are
made available to Washington lobbyists.

Sincerely,


Gray Ruskin, Director, Congressional Accountability Project (Member,
Advisory Committee, Congressional Internet Caucus) gary@essential.org

Lori Fena, Director, Electronic Frontier Foundation, lori@eff.org

James Love, Director, Consumer Project on Technology, love@tap.org

Jim Warren, tech-policy columnist and open-government advocate
Government Technology Magazine, MicroTimes Magazine, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075  jwarren@well.com

To add your name to this letter, send a note to Gary Ruskin.
His contact info is:
  Gary Ruskin  gary@essential.org  202/296-2787; fax: 202/833-2406

James Love, Center for Study of Responsive Law, P.O. Box 19367, Washington DC
20036 202/387-8030 Consumer Project on Technology; love@tap.org with webpages.


The SEI Software Engineering Symposium

Carol Biesecker <cb@SEI.CMU.EDU>
15 May 1996 14:59:12 GMT
  [Starkly abridged by PGN]

The SEI Software Engineering Symposium
Achieving Maturity Through Technology Adoption
September 9 - 12, 1996
David L. Lawrence Convention Center
Pittsburgh, Pennsylvania

The SEI Software Engineering Symposium is an annual event hosted by the SEI
to provide an opportunity for people to learn about practical solutions to
software-related problems and the role of the SEI in assisting the
development and adoption of those solutions.  The primary goal of the
symposium is to provide a forum to facilitate communication among the
various sectors of the software engineering community and to help
participants build collaborative relationships based on their shared
interests.

The format of the symposium will include plenary sessions, tutorials, panel
discussions, presentations, and birds-of-a-feather sessions on topics that
fall within three broad topic areas that promise significant sustained
impacts on the state of the practice in the coming decade.

Topic 1: Trustworthy Systems: Security, Reliability, Safety

As computer-intensive systems grow in scope, and as their information bases
grow ever richer, the users have corresponding concerns and increased needs
for confidence in these systems. Continued successful use of such systems
requires a high degree of reliability and security from harmful intrusions.
Presentations in this topic area will address aspects of systems that lead
them to be considered trustworthy or not. Such presentations will include
descriptions of systems specifically called "trustworthy systems," but will
also includes such related topics as system vulnerability, system
reliability, and information warfare.

Topic 2: Engineering of Software-Intensive Systems

In recent years, primary concepts of program design and program construction
have been influenced and even overturned by developments in such domains as
software reuse, by research in such topics as software architectures, and by
methodologies such as object-oriented construction. As these developments
mature and become ubiquitous, an emerging common thread is the notion of
composition of systems; this notion underlies technologies such as
architecture design languages as well as new system-oriented approaches such
as open systems. Presentations in this topic area will describe a number of
these developments, such as recent work in patterned architectures,
integration of heterogeneous commercial tools, and program understanding.

Topic 3: New Dimensions in Process and Risk

The Capability Maturity Model(SM) (CMMSM) has become the most widely used basis
for achieving process improvement in software engineering, and it has provided
a framework for the development of a number of other maturity models for
improvement efforts within other domains.  With the forthcoming release of the
CMM Version 2.0, this vital aspect of software engineering enters a new phase.
New developments, such as integration of measurement technologies with the
CMM, as well as extension of the model toward risk assessment, risk
management, and Personal Software Process (PSP), are extending the domain of
process improvement enormously. Presenters in this topic area will consider
practical and theoretical issues related to the CMM (e.g., CMM integration),
results of industrial-scale process improvement efforts, and issues
surrounding process-related technologies (e.g., current capabilities in
process enactment engines).

Plenary Sessions: Six keynote speakers representing the views of industry
and government will provide different yet complementary perspectives on
current concerns as well as issues forming just over the horizon. Invited
speakers include representatives from government and industry.

A view from DARPA, where tomorrow's technology is being explored today, will
highlight a number of important issues in software assurance.  Speakers from
the Department of Defense will address ways in which information is becoming
increasingly important both as an asset and as a potential threat.
Industrial perspectives on the trials and successes in day-to-day practice
will fill out the picture of the relationships among these various sectors
as we approach the millennium, and how those relationships are changing with
the times.

Who should attend?

To address the broad set of concerns represented by the software engineering
community, presentations will cover topics of interest to people with
differing levels of knowledge and technical expertise. A range of topical
sessions will be offered to discuss issues of concern to senior managers,
senior technical staff, and practitioners. The structure of the technical
program will focus on

1. fundamentals of a technology area for those new to the technology or those
   who need to brush up on key concepts and developments
2. state-of-the-art or state-of-the-practice discussions to outline the best
   industrial practices and the ways in which they improve the baseline on
   practices
3. experience reports detailing the results of using particular technologies
   or approaches to improvement
4. management issues and answers to some of the fundamental questions that
   determine if and when to adopt a technology, such as return on investment
   or other business-case analyses
5. transition plans for key technologies that are deemed "close to ready" for
   transition into routine use and that offer nontrivial, measurable
   improvements to adopters

Tutorials, Monday, September 9, 1996
____ Personal Software Process
____ Identifying Success Strategies for Software Process Automation
____ Planning the Cultural Dimensions of Improvement
____ Comprehensive Risk Management
____ How to Deploy Software Process Improvement
____ FODA for Pragmatists
____ Legacy System Reengineering
____ Goal-Driven Software Measurement

Plenary sessions, panel discussions, and presentations, are offered Tuesday,
September 10 through Thursday, September 12.

CMM and Capability Maturity Model are service marks of Carnegie Mellon
University.  The SEI is a federally funded research and development center
sponsored by the U.S. Department of Defense, and operated by CMU.

Contact Information

  Events
  Software Engineering Institute
  Carnegie Mellon University
  Pittsburgh, Pennsylvania  15213-3890
  FAX 412 / 268-7401
  Internet:  registration@sei.cmu.edu
     [And look for their web page for details.  Carol did not give
     a URL, but many readers object to URLs as not meaningful in
     the fullness of time anyway -- and besides, preannouncements
     are of less interest in the long run.  PGN]

Please report problems with the web pages to the maintainer

Top