National Transportation Safety Board investigators say that a software error may have been a contributing factor in the crash of the Korean Air 747, Flight 801, in Guam. The bug didn't cause the crash; however, if it were not for the bug, the crash might have been averted. The airport at Guam has a system known as Radar Minimum Safe Altitude Warning. It notifies controllers if a plane is too low; they in turn can notify the pilot. It normally covers a circular area with a 63-mile radius. Because of the bug, it was only covering a one-mile wide strip around the circumference of the circular area. An NTSB member said "This is not a cause -- it might have possibly been a prevention". And why was the code changed? Because the old version gave too many false alarms. [Source: An AP wire story] [225 of the 254 people on board were killed. The bug in the upgraded software apparently existed in airports throughout the world, and was not detected until analysis after the crash. Seeking to discover the exact point in time at which the altitude-warning system had failed, investigators discovered that the system had not issued any expected warnings and had failed completely. PGN]
A Piper aircraft crashed into a 500,000-volt power line near the Cajon summit northeast of Los Angeles, causing widespread power interruptions across LA, Orange, and San Bernadino Counties. (The three people on board were killed.) More than 1000 traffic lights were either out or flashing, and apparently had to be reset individually. With record-high temperatures already affecting people's nerves, the evening commute was described as "chaotic". (I thought it always is.) [Source: *San Francisco Chronicle*, 6 Aug 1997, A18] Computer-related? Not necessarily (except maybe for the monitors that might have gotten fried by surges), but just another reminder of how our lives are dependent on our critical infrastructures, which in turn are dependent on all sorts of events *not* happening. Once again, recall that this is the Forum on Risks to the Public in Computers and Related Technologies. Electric power is clearly related!
More than 200 New England businesses experienced a four-hour Internet blackout on 7 Aug 1997 after an explosion knocked out electrical power in the Boston area. One person was killed in the blast, which overloaded a panel switch at MIT, causing a fire and cutting off Internet access to BBN Planet customers. Access resumed around 10:00 in the evening. The speed with which the incident happened made it impossible to reroute traffic, said a BBN spokesman. (*TechWire*, 8 Aug 1997; Edupage, 10 Aug 1997)
A column by Mary Schmich in the *Chicago Tribune* has been freely adapted (with only minor alterations) and has appeared widely on the Internet as the seemingly legitimate transcript of an MIT commencement speech supposedly given by noted author Kurt Vonnegut. Of course, Vonnegut never gave a commencement speech at MIT. But the transcript was sufficiently ironic and witty enough to be mistaken for his style, and generated all sorts of interesting responses. Schmich even had callers accusing her of stealing Vonnegut's speech! Other *Tribune* readers recognized the hoax, as did those MIT folks who knew that the commencement address had really been given by U.N. Secretary General Kofi Annan. But on the Internet, no one knows you are a hoaxter unless they happen to open their eyes once in a while to other inputs, so the hoax spread apace.
Edward Sanders happened to visit his regular Bank of America branch at 5th and Brannan in San Francisco after someone else had managed to rob the bank -- without any alarms being activated (and therefore without being photographed). Unfortunately, the FBI thought that Sanders' face -- which had been routinely recorded -- was close enough to eye-witness reports of the robber, after which it appeared on *wanted* posters around town. Sanders wonders why the FBI never bothered to ask the tellers if the selected image was indeed that of the robber. Sanders has filed a $250,000 lawsuit against BoA, with potential triple damages. [Source: *San Francisco Chronicle*, 2 Aug 1997, A1]
The 10 Aug 1997 issue of Edupage contained the following awful, scary, horrible thing demonstrating just how behind the times at least three of our Senators are. The most far-reaching RISK: that our legislators are completely incompetent to pass judgement on any technology-related legal issues. But we already knew that, didn't we? Senator Michael B. Enzi (R., Wyoming) wants to use his laptop on the floor of the U.S. Senate, but many of his colleagues are opposed to the idea. Senator Diane Feinstein (D., California) says: "I'm not against computers, but I think they have their place and it's not everywhere. When you're speaking on the Senate floor, you should be speaking from a lifetime of experience, not from what you punch up on a computer." Senator Robert G. Torricelli (D., New Jersey) agrees: "The entry of an electronic notebook on the floor of the United States Senate will inevitably lead to staff instructions on voting and the scripting of all remarks." And the idea makes Senator Robert C. Byrd (D., Virginia) positively cranky: "What will be the next step if we take this? I would be a bit irritable, I think, if I looked around and saw someone sitting beside me, typing on this thing." (*The New York Times*, 10 Aug 1997; (Edupage, 10 August 1997)
C-Net News is reporting a flaw with Microsoft's Internet Explorer 3.x and 4.0 allows a network connection to be opened to a foreign machine in alleged violation of the Java Security Model. The article can be found at http://www.news.com/News/Item/0,4,13226,00.html. Randy Holcomb
In California last week, death row inmate Thomas Martin Thompson was within hours of his execution when the 9th Circuit Court of Appeals intervened and granted a stay of execution because of a previous error the court had made in not considering an "en banc" review of this case earlier. In Judge Kozinski's dissent within the published opinion _Thompson v. Calderon_, he supplies a brief description of the court's processes that were implicated in the court's previous error to schedule the "en banc" review in the normal timely manner. http://www.appellate-counsellor.com/9thcir/Thompson/main.htm Background: The court operates under a strict set of rules. The rules provide that notice be given to other judges so that they may request "en banc" review (during a limited time period) of a panel's decision before it is published. After the time period expires, their request for "en banc" review would have to follow different procedures (requiring more effort and justification?) The judges appear to have a network of personal computers. E-mail is used to provide the notice of a pending decision, and also for interposing the request for "en banc" review. According to an unnamed "Judge Y" quoted in the decision: "I . . . attempted to determine why I had not become aware of your decision earlier. The answer appears to be that my chambers systems malfunctioned and the opinion simply fell between the cracks. A partial explanation, but not excuse, is that the disposition was circulated shortly before a law clerk transition and that the old and new law clerks assigned to he case failed to communicate." Another judge called "Judge X" also appeared to have problems with the system. From the somewhat fuzzy description, it looks like either (1) Judge X did not receive an e-mail notice of the decision and yet the authoring judge had confirmation of receipt, or (2) Judge X or a law clerk misplaced or lost the e-mail. As a result of Judge X's and Judge Y's problems with the system, they did not timely request "en banc" review of the case; following the rule under which they were requesting the review, the scheduling judge had no authority to schedule the review. Later, after losing his appeal to the U.S. Supreme Court and his request for clemency from the governor, Thompson filed an emergency appeal again to the Court of Appeals for an "en banc" review, which was denied. Then the Court of Appeals, on its own initiative chose to review its panel's earlier decision and reversed itself, rendering the decision discussed here. Risks? (1) Inadequate training and system recovery procedures, (2) Possible bugs in the e-mail system, (3) Possible system design issues (is the e-mail system user friendly for the sorts of message sorting, flagging, and tickling that an appellate judge needs to do, is a higher level of redundancy appropriate, is a more proactive message tickler system appropriate where missed legal deadlines can forever cause litigants to lose full or further opportunity for legal review) (4) The bare facts presented suggest possible employee sabotage, or what would possibly be negligence if done by other than government employees. --Bryan Webb
With my telephone bill for July, I received a flyer with a description of the latest feature offered by the German Telekom: T-Net-Box, a kind of answering-machine service. To allow calls to reach that answering machine, you'll have to do two things: 1. You have to enable the feature yourself. 2. You have to activate forwarding of incoming calls to the answering machine for certain conditions (always, if busy, after third ring). (Of course, I immediately tried step 2 before step 1, and it seemed to work. But now calls which should have been forwarded were rejected with a message that no T-Net-Box was enabled. I would have liked a bit more of documentation. Oh, well...) Step 1 consists of dialing a toll free number. The call is answered by an automatic responder which explains a few things and asks you to think of a PIN (4 to 10 digits), enter it twice, and, unless you mistyped it the second time, confirms that your T-Net-Box has been enabled. What it does *not* tell you, but that's printed in really *big* letters on the flyer, is that you'll have to pay *only* DM 4,-- per month. For all further operations besides turning forwarding on and off, you'll have to enter the PIN, but you can do it from any touch tone phone. Only (de)activating forwarding (you don't need a PIN for that) and disabling the box must be done from your own phone. So: Somebody has access to my phone. For several reasons I don't want the T-Net-Box, but this person now just enables it when I don't notice and doesn't tell me anything about it. He/she may even at the same time activate forwarding on busy and after third ring, and I would probably not notice. (Immediate call forwarding would be noticeable because the dial tone changes.) Only when I check my next phone bill thoroughly, I'll find out that there are an extra DM 4,-- on it, and then I'll probably have quite a problem getting rid of the unwanted T-Net-Box--German Telekom is known to be not very customer friendly when you think you have paid too much. When I asked at a Telekom shop, they couldn't tell me much about that problem, or about any of the other questions I'd got. (Actually, I hadn't expected them to be able to help me.) The toll free T-Net-Box help line has been busy whenever I tried, so I finally called the regular customer service who told me that someone would call me back--which even happened today. This person now was surprised about my concern. His reaction was essentially, ``But who would do such a thing?'' Besides that immediate risk it seems that the new feature is not well incorporated in what has already been there. I thought about setting the Box to take calls when the line is busy. I've already got call waiting and would have expected the Box to take over when I don't accept the second call. But according to the Telekom person who called me, the Box has precedence; I'd never get call waiting. The person in the shop, though, told it the other way round, so it's probably just one thing I'll have to experiment with. Wilhelm Mueller, Der Senator fuer Bau, Verkehr und Stadtentwicklung, Referat 43, Ansgaritorstrasse 2, D-28195 Bremen, Germany +49-421-361-10629
Recently I was amused by the story of a motorcycle riding friend who has a GPS device on his bike. He started out to visit someone several hundred miles away and saw his map with the destination details blow out of his pocket and get mangled by traffic behind him. But no matter, before leaving he had entered the precise coordinates of his destination in the GPS, so he decided to follow the tracker/advisor and see how close he could get before he had to call. He took a few wrong turns because he wasn't paying attention to the route advisor, and he took a couple of impulsive side trips, eventually getting back 'on course'. Low and behold, several hours later the unit starts beeping to indicate he is within 30 yards of his destination .... and there he is in front of the proper house. As he and his friend settle into conversation, one of the computer savvy room mates takes the GPS off the bike and downloads the recorded trip information to a mapping program. They all have a good laugh at his wrong turns. I, however, am concerned at the potential risks. GPS devices are nearly foolproof already and will come to be trusted as infallible soon. Then when the police demand (or subpoena) a GPS to see EXACTLY where you were at what time (and, oh by the way ... seems you were speeding here, and here, and, oops you were parked right behind The SmutShak for 23 minutes ...) we will not only have to face serious privacy concerns, but be put in the position of having to prove innocence in the face of 'incontrovertible' evidence. Except that it is controvertible ... I've seen GPS devices lose contact with satellites and fill in the missing route segment as it 'should have been'. Despite the convenience GPS offers there is a tremendous risk to privacy if your every move can be recorded. Technology and privacy are antagonists. And I love them both. Sam Lepore, San Francisco
Summarized from the *Detroit Free Press,* 7 August 1997, pp. 1A,11A: Produce Palace International (a Warren, MI, fruit & vegetable store) has filed suit against Tec-America Corporation and its local distributor, All-American Cash Register (Inkster, MI), over Y2K problems. The article claims this is one of the first Y2K lawsuits ever filed. In April 1995, the store spent about $100K for a computer system (including 10 registers) that handles purchases and inventory control. Immediately they noticed some problems in the system. The problems escalated in 1996, when customers began using credit cards with 2000 expiration dates. When asked to process such a transaction, the system crashes, requiring 4-5 hours to restart. The system suffered 105 such crashes between 30 April 1996-6 May 1997. Currently, the store is working around the problem by using the system to confirm that customers have sufficient credit, but writing up the transaction on paper. Later, the transactions are manually entered into the system using a 1999 expiration date. The store estimates they have lost over $50K in additional wages paid and hundreds of thousands of dollars in lost business. The article comments that the lawsuit may not help much; lawsuits can take years to resolve, and in the meantime, they're still stuck with a poorly-functioning system. An aside: as bad as things may be in 2000 when all of these systems start failing, I wonder how bad it will be in 1999, when work arounds like these won't work anymore ... --Jim Huggins, GMI Engineering & Management Institute (email@example.com)
In RISKS-19.28, Jordin Kare described a problem with electronic airline ticketing for people with similar names. The problem is worse when you have people with identical names, and affects all forms of airline reservations, not just E-tickets. My father and I have the same name on our driver licenses, except that he is Jr. and I am III. The airlines apparently do not or cannot capture the last few bytes of this kind of common naming convention. I was aware that this could be a problem the last time we travelled together, so I told the travel agent to make sure that she clearly identified that there were two of us, and that we needed two tickets and two seats. When we arrived to check in, we found that the airline had, in its diligence to cope with people who make multiple reservations for a single trip, indeed cancelled one of our tickets and reservations. The counter clerk at check-in was able to get us in ahead of the standby travellers, otherwise we would have been out of luck. We discussed strategy with her, and she suggested that I simply use my middle name instead of my first name whenever I travel with Dad again.
Jim Horning describes his problems and dismay with bank procedures when his account was raided in an over-the-counter fraud scam, and brings up several electronic banking issues. I think a longer term risk of electronic banking fraud is that people may revert wholesale to paper banking in reaction. That at least gives them the feeling that they are in control of all the transactions, especially if they have the ability to block all electronic access to their accounts. I often worry about what would happen if an electronic transaction was fouled up. There is even greater risk of the "computer is always right" syndrome, already documented in RISKS. I get more and more worried as I think about all the sources of electronic transactions destined for my account, growing every day. It feels very out of control, and I am relying very heavily on a lot of other people's information protection systems. Steve Branam Hub Products Engineering 508-486-6043 firstname.lastname@example.org Digital Equipment Corporation DTN 226-6043
[via Dave Farber] The forger's new techniques I suspect are in response to Wells Fargo's recent use of requiring a fingerprint of the person trying to cash a check if they themselves do not have an account at the bank. I got hit last November in a check washing fraud case. Postal mail was stolen from my mailbox containing a handwritten check from me. Since then, I never leave mail for pickup in my mailbox on the street, it's too easy for someone to drive by and steal the contents. The amount was for about $75.00. The thieves washed the check in solvent, removing the ink, then rewrote the payee and the amount and duplicated my signature. The new amount was $990.00. I found out about the problem via my on-line banking, but I had to wait for the statement to get a hold of the check. The check was cashed in the branch in Palo Alto that is my account home. After providing some evidence and written description of events, the bank eventually gave me $990 back. This past spring, I saw the notes in the bank about the finger printing requirements. With this new scam that Jim points out, the cashier appears to be the account owner and no fingerprint would be required. Intersting way to get around and very difficult to catch. I was put out for inconvenience of having to close and open a new account and for getting a new set of laser checks. Maybe I could put a restriction on my checking account that disallowed the cashing of checks to myself or to "cash". I always use my ATM card for getting money. Mark
Something I've discussed with some of my peers (several of whom are spending most of their time engaged in advising lawyers for who are defending us from a meritless patent infringement suit) is some sort of peer review process for patents. It seems to me that it would be possible to set up a reasonably reliable peer review process so that patent applications could be reviewed for obviousness and prior art. In addition to freeing patent attorneys from time-consuming prior-art investigations, it would serve to fulfill the constitutional mandate for the patent process -- to "promote the progress of science" -- by enhancing inter-communications between technologists. Dan Hicks http://www.millcomm.com/~danhicks [Actually not a bad idea. Although this item is only marginally relevant to RISKS, it certainly addresses a serious problem in our technology. Please send any subsequent discussion to Dan, who -- if it has some RISKS relevance -- can perhaps provide a concise summary. PGN]
In RISKS-19.28, Paul VanDyke commented on the use of Ctrl+Alt+Del being used as the secure-logon sequence on a Windows NT system (his point being the potential confusion since Ctrl+Alt+Del is the reboot sequence when the PC is running in real mode, and in some other protected mode OSes as well). I understand that Microsoft's reason for choosing Ctrl+Alt+Del was that the secure-logon sequence must not be capable of interception by any app, and that it was hard to find a key combination which was not already used by some dusty-deck (if I may mix metaphors) Windows app. Which is not to say that Paul's point has no validity. On NT I sometimes type two Ctrl+Alt+Dels in my impatience to get to the security dialogue. On Windows 95, that's instant death. dave
> I used to think that is was neat to hit C-A-D and not have the computer > reboot, but not anymore. Bad programming Microsoft! No, this was a good move on their part! It was the only conceivable equivalent to the old Secure Attention Key -- so the user can be sure whom he is actually talking to! Nobody under WindowsNT but the operating system can catch the Ctrl-Alt-Delete key combination, so you know that when you press that and get a login window, you're actually getting a Windows NT login window and not a window from a Trojan horse application. email@example.com [Similar comment from Scott Andrew Borton <firstname.lastname@example.org>. The DoD Orange Book will live forever on that one. PGN]
Waitaminit. This person's friend carelessly hit C-A-D on the wrong keyboard, and IBM OS/2 Warp Server reboots, apparently without demanding any kind of confirmation, and it's _Microsoft's_ fault? What about IBM? What about the RISKS of LAN admins with the fast fingers and multiple unlabeled keyboards? MS certainly deserves some criticism, but this is just silly. Even leaving all this aside, the C-A-D combo hasn't defaulted to a completely unconditional reboot under any MS OS since MS-DOS, including all versions of Windows since 3.1 (the earliest version I had around to check.) Nor does Novell NetWare or your average Unix box. I'm honestly stunned that Warp Server is apparently lacking in this respect. Bryan
Subtitled: Microsoft arrogance > I used to think that is was neat to hit C-A-D and not have the computer > reboot, but not anymore. Bad programming Microsoft! Yes, another two cases of blatant M$ arrogance (see also the posting in RISKS-18.70). In the first case, not only that but also of grave impoliteness. I mean, in real life it is customary for a newcomer or guest to (at least at first) ask the owner if one may use certain facilities. Or what would you think of a party guest that uses your phone without asking or starts redecorating your bedroom? In the second case, I think Microsoft is the *only* company that has the audacity to ignore the past and happily change the semantics of Ctrl-Alt-Del by 180 degrees (`login' instead of `shutdown'). But it's not stupidity that is behind that, it's a way to control the market. Just take the latest development with M$ mail: now they use WinWord as the mail editor, so each and every mail is in reality empty with an attached WinWord document. Doesn't matter when you have the same system, but gets hellish complicated in a heterogeneous environment, effectively "forcing" everybody to "upgrade" to the new Wintel system. And this scheme works, given the usual decision-making structure: Managers are the first to get the newest Wintel systems, because these are perfect for them (easy to use, nice to look at, and WinWord doesn't choke on the few-paged documents that managers normally write). Then managers try to send mail to the technical workers and bingo, the scheme works: due to intentionally ignored industry standards, the technical people suddenly aren't able to read the bosses mails (though it works perfectly between them). And now the Dilbert solution: managers (who have the power to make that decision) force the technical people (who don't have any decision power, who always complain but seldom get heard) to "upgrade" their perfectly working old system to the non-standard, non-robust and inadequate new system. Please, open your eyes, look around and tell me: is it that bad or am I just too cynical? Roland
Please report problems with the web pages to the maintainer