The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 18 Issue 23

Monday 24 June 1996

Contents

o The Great Netcom Crash.....
David Lesher
o Microsoft, AOL, and AT&T also have netwoes
PGN
o Subject: Pachinko in the armor?
PGN
o DoD and IRS tax systems
Richard L. Wexelblat
o Unexpected risks of usability features
Steve Loughran
o Espionage Suit
David Kennedy
o Pointless PINs
Mark Seecof
o Re: Click *here* to lower the fuel rods
Nancy Leveson
o Urban Legends?
William Petrick
Charles Waite
o Re: More AOL censorship
Edward Reid
Ray Everett-Church via Mike Epstein
o Re: Spelling-checker war stories
Andrew Koenig
Kevin Haw
o Static, dust, and other risks
Rob Slade
o Re: Health Risk from Dusty Computer Displays
Terje Mathisen
o Re: "Piece of Plastic" Used to Detect Drugs
Douglas W. Jones
o Info on RISKS (comp.risks)

The Great Netcom Crash.....

David Lesher <wb8foz@netcom.com>
Fri, 21 Jun 1996 12:45:56 -0400 (EDT)
Netcom, Inc; one of the largest retail ISP's [450,000 subscribers,
230 POPs] went down for 14+ hours this week.

In what strikes me as "shades of Mariner II" Netcom President David
Garrison, appearing on KGO Radio said it was an extra "&" in the "border
gateway protocol code" in the MAE-East router in DC area that killed the
system.

They had to bring down all 100+ routers & flush each one to recover, he
reported.

The parallel to the Bell Atlantic STP bug of about five years back strikes
me. The routing nut has gotten so tough that the tools used on it can be
[VERY!] rapidly fatal.


Microsoft, AOL, and AT&T also have netwoes

<"Peter G. Neumann" (Neumann@CSL.sri.com<>
Mon, 24 Jun 1996 12:03:17
An article by Peter H. Lewis in *The New York Times*, 24 Jun 1996, p. D1,
noted the Netcom problem ("for 12 hours") noted in RISKS-18.23 by David
Lesher.  The article also noted these other problems:

    * Microsoft shut down its nationwide network on Sunday (presumably 23
      Jun 1996) for 10 hours as part of an intended backup power-supply
      upgrade, but the upgrade failed and they will have to try again.

    * America Online was out of service for an hour on 19 June "1996,
      when a planned system software upgrade backfired."

    * AT&T will shut down its Internet access for up to 8 hours each week,
      for maintenance.


Pachinko in the armor?

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 20 Jun 1996 08:34:39 -0800
There was a nice article surveying the pachinko bogus-card fiasco noted in
RISKS-18.15 and 16, and the risks of believing in technological solutions to
not-just-technological problems.

Printed-version title:
  Counterfeiters of a New Stripe Give Japan One More Worry;
  Fake Cards Thwart Efforts to End Pinball Scams
  By ANDREW POLLACK, *The New York Times*, 20 Jun 1996, D1

On-line-version title:
  A Case Study of the Hazards of Electronic Cash
  By ANDREW POLLACK, c.1996 N.Y. Times News Service, 20 Jun 1996

[Text seemingly identical in both versions.]


DoD and IRS tax systems

"Richard L. Wexelblat" <rwex@CLARK.NET>
Thu, 20 Jun 1996 21:38:14 -0400
Special note:  I work for the IRS and have a work-related vested interest
============   in _not_ having the Department of Defense involved in
               contracting for IRS software and systems.  Therefore,
           despite any claims of non-bias below, I am clearly
           "interested" in the classical sense of the word.

That part out of the way, I'd like to say (as a private citizen, a
tax-and-spend liberal, and an almost-always defender of free speech and the
right of the citizen to privacy) that the present initiative by Congress to
have DoD become the contracting agent for IRS system and software
development is a clear and present danger to privacy in the Republic in
which we stand.

The initiative referred to above is in the "Subcommittee Mark" of the
proposed next year's budget.  It's just a House Subcommittee so it's not
law, but it's a bad idea in my mind, even to consider it seriously.  Is the
Department of Star Wars and the $700 toilet seat really so excellent a
contracting agency that they are the clear choice to handle IRS business?

Well, that's my biased opinion, and I'd like very much to hear from
others who may have a more valid claim to disinterest!

Dick Wexelblat,     Acting Lead Architect << asa APbA   IRS


Unexpected risks of usability features

Steve Loughran <slo@HPLB.HPL.HP.COM>
Thu, 20 Jun 96 13:50:22 BST
An entertaining part of Windows 95 is the time-zone chooser in its control
panel. As well as being able to select time zones like (GMT+01:00), users
who don't know or care about their meridan-relative time zone can just click
on a map of the world. The appropriate time zone is then highlighted and
-the cute bit- the whole world smooth scrolls round so that the user's
country is in the centre of the map.

In the latest beta of Windows NT 4.0, the map is still there but is
disabled: no mouse clicks are responded to and no highlights appear. The
smooth scrolling still works, but with timezone selection via a list it is
nowhere near as cute as it used to be.

What is interesting is the reason it doesn't work. It is not, as one would
expect, a technical problem, but a political one -and thus a lot harder to
fix:

>From "Windows NT 4.0 Beta 2 Commonly Reported Problems", Version 3.0
June 15th, 1996:

> 3.7.1:  Time zone map does not respond to mouse and display highlight

> Status:   Due to international border disputes we have removed this
> functionality  There are numerous timezones that follow international
> borders that are not universally agreed upon.  In order to satisfy all
> parties involved in these disputed areas we chose not to display any
> borders at all.  We are aware it is a feature that many people miss.


Espionage Suit

David Kennedy <76702.3557@CompuServe.COM>
{[lost.} somewhen recent\]
Courtesy of Associated Press via CompuServe's Executive News Service,
19 Jun 1996

                 Espionage Suit

By ANTHONY JEWELL, Associated Press Writer
<>   INDIANAPOLIS (AP) -- Johnson & Johnson's diabetes products
<>subsidiary encouraged workers to illegally spy on rivals and
<>gave "Inspector Clouseau" and "Columbo" awards for those who
<>got the most information, a competitor charged Wednesday.
<>   Boehringer Mannheim Corp., a German-owned drug and medical
<>device company, made the allegations in a federal court lawsuit
<>against J&J and its LifeScan Inc. subsidiary. Boehringer has
<>U.S. offices in Indianapolis.   [...]

o   Suit asks for Lifespan to cease using Boehringer's trade secrets and
seeks unspecified damages.

o   J&J says both companies did it but its LifeScan received no competitive
advantage from their activities.

o   Suit alleges that LifeScan used third parties as well as their own
employees to collect information about Boehringer.  And that LifeScan
"infiltrated" private meetings at Boehringer.

o   A former LifeScan employee broke the news in May 94.

<>   Boehringer's lawsuit said two LifeScan employees
<>"deliberately fostered an environment which made clandestine
<>and illegal activities directed at competitors ... both routine
<>and expected."
<>   Mannheim said David Van Avermaete and Daphne Flamer
<>initiated the "Inspector Clouseau Award," the "Columbo Award,"
<>and the "Mrs. Fletcher Award," after the lead character in the
<>TV series "Murder, She Wrote."
<>   The awards were allegedly "presented at meetings, with
<>prizes, to members of the sales force who obtained the best
<>information about competitors and their plans," the lawsuit
<>said.   [...]

<>   The suit claims a LifeScan employee stole a prototype of a
<>diabetes monitoring system known as Accutrend DM. Oldham said
<>the prototype was stolen in Europe, taken to a LifeScan
<>California lab and returned to Europe.  [...]

<>   Boehringer Mannheim, which had 1995 sales of more than $700
<>million, employs more than 3,500 people at facilities in
<>Fremont and Concord, Calif., and Gaithersburg, Md.

Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer Security Assoc


Pointless PINs

Mark Seecof <Mark.Seecof@latimes.com>
Tue, 18 Jun 1996 15:03:05 -0700
A colleague just got a handheld cellular telephone.  The device asks the
user to enter a 4-digit PIN before it will permit outbound calling.  The
vendor (local cell-phone duopoly carrier, not an independent) has set the
PIN to the last four digits of the assigned telephone number, which the
phone displays upon powerup BEFORE asking for the PIN.  This helps people
with poor memories and people with no authority equally.  The vendor's
service staff state that they have a fixed policy of configuring all 'phones
this way.  A longer (5 or 6 digit) "security code" enables users to change
the PIN, but the vendor refuses to supply that code to my colleague
(presumably to retard his ability to switch carriers for which that code is
also needed).  The vendor will allow my colleague to bring the 'phone to an
inconvenient location during limited hours at his own expense to have the
PIN changed; if he does this he must tell his PIN to the vendor's staff
(they already have the "security code," but he would be revealing his
PIN-choosing habits).  My colleague wonders why the phone has a PIN if it
offers zero security!


Re: Click *here* to lower the fuel rods (Rebholz, RISKS-18.22)

Nancy Leveson <leveson@cs.washington.edu>
Tue, 18 Jun 1996 21:12:15 PDT
   >Somehow, the database had become corrupted.  If it didn't get fixed in
   >four hours, when the next core rotation began, a meltdown was likely.

This didn't make any sense to me from what I know about nuclear power plants
so I checked with a friend who is an engineer at one of the U.S. nuclear
power plants.  It's hard to reconstruct what really might have been the
case.  The computer could have been computing control rod movements and
printing them out for an operator to use to manually control the rods (this
is not done automatically) and there might have been no contingency plan or
the operators might not have been able to do the computation manually in the
time required.  Could that have caused a meltdown? No.  At worst, it might
have required the operator to reduce power or to shut down the reactor.


Urban Legends? (Fuel Rods, Rebholz, RISKS-18.22)

William Petrick <caprit@ix.netcom.com>
Wed, 19 Jun 1996 09:27:30 -0700
 > "A true war story:"

Just because someone says it, and others forward it does not make it true.
This must be an attempt to establish a new urban legend.  There are enough
misconceptions about commercial nuclear power plants already, so we need to
avoid creating fantasies that can be made into exciting movies.

First, there is no Edison Power and Light.  The two utilities operating
nuclear plants in New Jersey are Public Service Electric and Gas (PSE&G) and
GPU Nuclear Corp., operating plants in Salem NJ and Forked River NJ,
respectively.  There is also Consolidated Edison of NY, which runs a nuclear
plant in Buchanan, NY.

Second, rods do not move around in a nuclear core and there is no next core
rotation.

Third, Ingres and DEC VAXes are not used in safety systems in nuclear power
plants, so neither could have any impact on whether a meltdown was likely.

> Remind me to tell you about answering questions about how we at Ingres
> said we would provide support during nuclear wars at a sales call to
> the Strategic Air Command some time...

Another urban legend?...

My best guess is one of two possibilities:

(1) One of these plants was shut down for refueling, during which time they
remove spent fuel bundles and replace them with fresh fuel.  During this
process, they also move (rotate?)  other bundles to new locations for the
next year of operation.  The offline computers are used to maintain records
of the location of each bundle throughout its life in the core.  If that
database gets corrupted, the utility must revert to tracking everything by
hand -- a laborious and time-consuming process.  The four-hour window could
have been because the refueling is a critical-path item during an outage and
delays can cost millions of dollars in lost revenue.

(2) One of these plants was planning a control rod sequence exchange to
maintain a uniform fuel burnout throughout the core.  These rod patterns are
precalculated in DEC VAX computers and may involve an Ingres database.
Sometimes these exchanges are done at reduced power, so the four hour time
limit may have been the time at which they had to be back at full power or
they might have to shut down, again an economic decision that involves
millions of dollars.

In either case, there is no safety issue.

In fact, there are very few commercial nuclear plants in the US that use
computers or software in any safety system.  Upgrades to safety systems that
include digital technology is an ongoing area of development between the
industry, research groups, and the regulatory agency (Nuclear Regulatory
Commission).  There are also safety-critical discussion groups on the
Internet that exchange ideas.  Because of misconceptions of how safety
systems are defined and used in nuclear plants, I published a WEB page for
the safety-critical group that may help understand the context of safety in
nuclear power applications.  Anyone who posts nuclear power plant examples
should review that article at: http://www.netcom.com/~caprit/ctisafet.html.

The risk of this article is the rapid spread of misinformation!


Urban Legends? (Fuel Rods, Rebholz, RISKS-18.22)

Charles Waite <waite@waterw.com>
Thu, 20 Jun 1996 20:07:55 -0400
I love war stories, but alas, the story from: "Rebholz, Chris"
<crebholz@sjpubs01.sj.unisys.com>, is not true.

As a resident of New Jersey, I am unaware of any Edison Power and Light.
There are also four nuclear power plants in New Jersey, and I have worked at
all four, in groups responsible for the process computers.

>A true war story:

As the former Principal Engineer for Digital Systems at PSE&G's
(California's equivalent of PG&E) three nuclear plants, I assure you there
are no computer moving control rods.  There are computers used to compute
rod worth for future fuel loads, but no nuclear plant in this country
entrusts computers to move rods in such a way as to cause a meltdown.  Most
of the rod moving components and systems are old analog systems.  The
closest a computer comes to actual fuel movement is through a computer - a
"rod-worth minimizer" - that will stop an operator from pulling control rods
out of the prescribed, analyzed, approved "pull sheet."

The real problems with computers at nuclear plants are actually much more
interesting.  I'll submit an example I posted in another group a few months
ago if I can find it on my archive tape.  But for now, let's get real.

Charles Waite, Kemper-Masterson, Inc., c/o 38 Fox Run
Mount Laurel, NJ  08054  (609)235-4275


Re: More AOL censorship (Bostic, RISKS 18.22)

Edward Reid <ed@titipu.resun.com>
Thu, 20 Jun 96 10:29:18 -0400
A lot of people beat up on AOL for good reasons. At least as many beat up on
AOL without knowing what they are talking about. I have no love for AOL, but
I see no reason to attack them for things they didn't do.

> >From: Postmaster@aol.com

This is suspicious to start with. I've corresponded with AOL admins on
numerous occasions, including David O'Donnell, who normally acts as AOL
postmaster. I've never received a message indicating it was from
postmaster@aol.com. The admins all use their individual e-mail addresses. In
fact, AOL actively discourages e-mail to postmaster because it delays the
response while someone sifts through the volume of e-mail to forward it to
the responsible individual within AOL. They provide other addresses for
reporting abuse, etc.

> message from the postmaster also made the point that their customers have to
> pay for all their e-mail so this is a problem (well, THEN *YOU* EDIT THEIR
> MAIL -- YOU'RE GETTING THE @$%#^ MONEY, NOT ME!)

This clinches it. AOL customers do not pay to receive e-mail and never
have. Many people make this mistake; it was Compuserve that once
charged to receive e-mail. The AOL postmaster would of course know this,
so the message is a clear and unmistakable forgery.

I suggest that the original recipient examine the message headers more
closely. Someone who can't even get the basic facts about AOL right
probably didn't forge the headers very well either.

> This is why we also have to be careful with this anti-spam crap, there are
> people out there, some of whom work as postmasters for the largest online
> services on the planet, who, are, well...you get my point, can't quite fog a
> mirror, I guess is the expression.

Yes, world.std.com is a large online service and someone who works
there can't detect an e-mail forgery ... well, you get my point.

> Morons. I may just mass unsub all AOL addresses from all lists here. I mean,
> this is their postmaster threatening, not some random.

On the contrary, it *is* some random.

On the other hand, the posting to comp.risks didn't show the full
headers of the message from bzs@world.std.com, so maybe that was a
forgery too. Not to mention that I have no way of knowing whether bzs
actually works for world.std.com. I hope not; this posting is so rude
that I hate to attribute it to anyone working for any service provider.

Edward Reid <reide@freenet.tlh.fl.us>


Re: More AOL censorship (RISKS-18.22)

Mike Epstein <epstein@nyiq.net>
Thu, 20 Jun 96 11:45:07 -0400
This was posted on SPAM-L, a list devoted to ending spam, by an AOL
Assistant Postmaster. He gave his permission for me to send it to you.

Date:    Wed, 19 Jun 1996 23:12:09 -0400
>From:    Ray Everett-Church <IFRITRay@AOL.COM>
Subject: Re: Interesting AOL message

>From: bzs@world.std.com (Barry Shein)
>So I just get a "spam" complaint from an AOL postmaster threatening:
<>From: Postmaster@aol.com
<>To: netadmin@world.std.com, postmaster@world.std.com
<>Subject: Fwd: cc:Mail UUCPLINK 2.0 Undeliverable Message
<>Date: Thu, 12 Oct 1995 16:49:01 -0400
<> Repeated offenses of this nature will result in AOL taking action to
<> prevent further problems.

I'd be *most* interested in seeing the ENTIRE original message from AOL.
I'm quite surprised to see mail bouncing off a server being called
"SPAM"...unless it's a junk mail list (replies to the junk mailers
usually bounce as a normal course of events).

In full disclosure, some time last month I had an e-mail conversation with
Mr Shein that ultimately ended in a stream of obscenities from him. We were
talking about the fact that "world.std.com" gives a home to DEMC, a major
junk mail outfit. They spam from throw-away accounts at ISPs, but point
replies back to their autoresponder firmly ensconced at DEMC.COM, which is
served by world.std.com. I sought to explain that by providing a stable
return address, he is aiding DEMC in its spamming activities.

  [Strong response omitted.  PGN]

Ray Everett-Church, Asst. Postmaster (everett@aol.net, IFRITRay@aol.com)
America Online's Internet Development Outreach and Technology Team
http://www.everett.org/~everett  AOLers misbehaving? mail: abuse@aol.com


Re: Spelling-checker war stories

Andrew Koenig <ark@research.att.com>
Thu, 20 Jun 1996 08:32:37 +0400
In RISKS-18.22, Mark Seecof notes that spelling checkers that use prefix and
suffix tables can find nonwords.  I saw a paper by Doug McIlroy a number of
years ago that noted two such nonwords that have a good chance of appearing
in actual documents: thier and presenation.

After all, if you can derive flier from fly, you can derive thier from thy.
And if you can derive relation from relate, you can derive senation from
senate, hence presenation.

Incidentally, Doug noted that the most frequently misspelled word in his
sample was `accommodate,' which he found seven ways to misspell.

Andrew Koenig  ark@research.att.com


Re: Spelling-checker war stories

Kevin Haw <haw@ecs.fullerton.edu>
Sat, 22 Jun 1996 21:55:41 -0700 (PDT)
A few years ago, an author in the UK's PUNCH shared the most interesting
phrases that made it past his spellchecker, but were caught by his editor.
My personal favorite: a reference to the Prime Minister "Margret Hatchet".

- Kevin N. Haw  haw@titan.ecs.fullerton.edu


Static, dust, and other risks (Minow, RISKS-18.21)

"Rob Slade" <roberts@mukluk.hq.decus.ca>
Tue, 18 Jun 1996 16:19:07 EST
Martin's posting reminded me of something I found while researching health
risks associated with computers some time ago.  Please bear with me: the
original article was not a formal review of the study, and I haven't got a
reference for it.

Going strictly from memory, this involved an Australian company.  The data
entry/query clerks, almost universally, were suffering from facial skin
rashes and attributed it to radiation from the monitors.  A physician,
consulted about the problem, prescribed a barrier cream, and the skin rashes
disappeared.

Someone knew enough about physics to note that 1) monitors don't produce
that much radiation and 2) barrier creams wouldn't stop radiation anyway.
An investigation was launched into the real cause.

The work of the department involved looking up long columns of numbers.
The workers were in the habit of running their fingers down the screen in
order to pinpoint the item they needed.  Static attracted dust, make-up,
and other pollutants to the screen, and the fingers transferred these to
the workers' faces.  Hence the rash.

The barrier cream provided some protection against the pollutants.  More than
that, however, it was greasy.  Workers who ran their fingers down the screens
found they were making streaks on the monitor.  Therefore, they learned not to
touch the screen--and no longer picked up pollutants.


Re: Health Risk from Dusty Computer Displays (Minow, RISKS-18.21)

Terje Mathisen <Terje.Mathisen@hda.hydro.com>
Mon, 24 Jun 1996 12:08:15 +0200
I took part in this study, and got some interesting information from the guy
from the Physics Department of Oslo University who did the field
measurements on my machines:

With modern low-emission crt displays, i.e. like the Nokia 21" MultiGraph
445X screens in my office, the keyboard can (and did, in my case) radiate
more than the crt! The crt was the predominant source of static electricity,
however.

The computer enclosure as well as crt and keyboard was grounded, not the hard disk.

- <Terje.Mathisen@hda.hydro.com>


Re: "Piece of Plastic" Used to Detect Drugs (Marco, RISKS-18.22)

Douglas W. Jones <jones@pyrite.cs.uiowa.edu>
18 Jun 1996 17:12:25 GMT
KCRG, A local TV station in Cedar Rapids went into some detail on the story
because the local school district almost bought the widget, and another
local district did, and was satisfied with what they got.

The Tracker had an empty plastic "electronics box" you wore over your
shoulder, connected by a coiled telephone-style cord to a pistol grip.  The
antenna was hinged to the pistol grip so it could swing very freely from
side to side, and the operating instructions were to hold the grip so that
the axis of the hinge was exactly vertical.

As a result, like a classic dousing rod, very slight subconscious hand
movements can cause wild changes in where the antenna points.  The result,
in the hands of a skilled practitioner can be as gratifyingly accurate as a
dousing rod, but of course, what it's doing is uncovering subconscious
guesses on the part of the practicioner, not pointing at water or drugs.

Perhaps I should start selling forked birch sticks to police departments?

Doug Jones  jones@cs.uiowa.edu

Please report problems with the web pages to the maintainer

Top