The RISKS Digest
Volume 2 Issue 12

Tuesday, 18th February 1986

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Risks in automobile microprocessors — Mercedes 500SE
Peter G. Neumann
o Train safeguards defeated
Chuck Weinstock
o Security Safeguards for Air Force Computer Systems
Dave Platt
o How can Alvin Frost fight City Hall?
Jim DeLaHunt
o More Plutonium/Shuttle
Martin J. Moore
o Computerized Voting — talk by Eva Waskell
Wednesday eve
19 February
o Info on RISKS (comp.risks)

Risks in automobile microprocessors — Mercedes 500SE

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Tue 18 Feb 86 20:28:05-PST
We have had the El Dorado brake microprocessor recall, the Mark VII
computerized air suspension recall, and the on-going CB interference problem
in automotive microprocessors.  For the record, let me add the current
manslaughter trial of John C. (Sandy) Walker, who was driving when his 1982
Mercedes 500SE went into an uncontrollable skid.  He escaped, but his
passenger was killed in the resulting flames.  An "accident reconstruction
specialist", Paul O'Shea (also a consulting engineer for Mercedes and NASA,
and winner of three championship races), testified that the state-of-the-art
anti-skid braking system malfunctioned.  When working properly, it is
designed to slow the vehicle gracefully, and "will leave no skid marks, no
matter how hard you step on the brakes."  The longest skid marks from the
accident on 9 June 1984 on the Silverado Trail in the Napa Valley were
measured at 368 feet!  One line of investigation is that mechanical defects
might have caused a fire in the engine compartment, resulting in the
malfunction of the brake computer.  O'Shea noted that the emission-control
system had been fitted with rubber hoses where metal hoses should have been,
and which were placed too close to a heat-producing exhaust header.
    [SF Chronicle 5 Feb 86]

Train safeguards defeated

Tuesday, 18 February 1986 15:49:12 EST
You will recall the recent head-on collision between a Via passenger train
and a freight in Canada [Risks-2.9].  A recent series of relevant messages
on the railroad discussion list follows.  For background, note that the
Burlington Northern Railroad has had a significant number of "cornfield
meets" (railroad slang for train collisions) in the past few years.  Many
were later blamed on alcohol and drugs being used by the crew.  (It has
gotten so bad that when the BN notified the community that it would
transport no steam locomotives over it's most reasonable route to Vancouver
for the Expo there, many railfans breathed a sigh of relief...they wouldn't
want to trust something as precious as a steam locomotive to a railroad with
a history of collisions.)

- - - - Begin forwarded message - - - - [...]
From: FarleighSE <>
Subject: Re: VIA rail train collides head-on with freight.
Date: 13 Feb 86 23:16:16 GMT

>Engines have "dead-man" controls.  I know that the E- and F-unit diesels
>had foot pedals that the engineer had to keep depressed continuously.
>If the engineer let up on the pedal, emergency brakes would be applied.
>I'm not sure the pedal system is in use today, but some variation is.
>On GO Transit in your neck of the woods, for example, the engineer has
>to be in contact with some part of the controls regularly (the throttle
>or brake lever, for example).  If he/she hasn't touched the controls
>for 30 seconds, an alarm buzzes in the cab, telling him/her to touch the
>controls at least briefly to confirm that he/she is still alive.  If
>no contact is made, on go the brakes!
>Carl Blesch

Burlington Northern removed their Deadman controls a number of years ago.
It seems that the Engineers were overriding the system (putting a brick on
the pedal?).  So the management of BN (means Better'n Nothin') decided to
remove the Deadmans throttle altogether.  About two years ago one of the
many BN wrecks could have been avoided if the Deadman's throttle was
installed and used.  It seems that instead of BN's management addressing the
problem of their many times stoned crew defeating the saftey device they
opted to remove the safety device.

Scott E. Farleigh

- - - - End forwarded message - - - -

Security Safeguards for Air Force Computer Systems

Tue, 18 Feb 86 12:31 PST
From the Los Angeles Times, 2/17/86:

"WASHINGTON (UPI) - The Air Force has failed to properly safeguard 77% of
its computer systems, allowing the possible breach of classified data on
space boosters, 'Star Wars' technology and major weapons systems, Pentagon
auditors and officials say.
   The security vulnerability also extends to sensitive data on the MX and
Midgetman missiles and B-1 and F-16 aircraft, they say.
   An Air Force official, responding to queries about the disclosure,
said that he was '95% confident' that no 'actual compromises' of classified
information on computers had actually occurred.
   The Air Force Audit Agency, which inspected eight bases, sharply
criticized officers at each facility for failure to inspect safeguards,
such as lead boxes designed to limit electromagnetic signals emitted
by the equipment..."

How can Alvin Frost fight City Hall?

Mon 17 Feb 86 18:22:01-PST
I am intrigued by the apparent success of analyst Alvin Frost's attempt to
keep the city of Washington, DC out of their own computer.  With one 7-
character password (and apparently physical access to the machine) he seems
to be able to keep certain files out of the reach of his superiors.  Does
anybody know:
    * What machine, OS, etc. this is?
    * Whether his superiors have in fact cracked his protection?
    * What sort of data protection systems are immune to a legitimate
      systems manager logging on as root (or OPERATOR or whatever)?
    * What is actually going on here?

Send responses to me; I will be glad to summarise to the net.
    --Jim DeLaHunt, Stanford University     JDLH @ SU-Sushi.ARPA

More Plutonium/Shuttle

"MARTIN J. MOORE" <mooremj@eglin-vax>
0 0 00:00:00 CDT
The 2/17/86 issue of Aviation Week contains an article entitled "Officials
Disagree on Data Assessing Shuttle Reliability."  The main topic of the
article is the danger of plutonium contamination from nuclear shuttle
payloads in case of an accident (I seem to have heard about this somewhere
before :-).  I recommend the article to the RISKS readership.  One quote from
Robert K. Weatherwax, author of a study titled "Review of Shuttle/Centaur
Failure Probability Estimates for Space Nuclear Mission Applications"
[December 1983] seems to answer the questions we were throwing around:

   We concluded that many, if not most, solid rocket motor failures would
   result in some release of plutonium, or at least a high likelihood of
   that.  We recommended more safety analyses be done to evaluate the
   likelihood of booster failures in conjunction with this nuclear risk.
   A nuclear payload cannot explode, but it can be broken up, vaporzied or
   fragmented.  You would have prompt fatalities on the ground and substantial
   contamination in eastern Florida [if a catastrophic launch failure
   occurred.]  In a worst possible case, you could double the entire worldwide
   burden of plutonium in the atmosphere.

Weatherwax is head of Sierra Energy and Risk Assessment, located in
Sacramento.  Sierra was contracted by the Air Force to perform the study.

[BERLIN: Computerized Voting]

"Steven A. Swernofsky" <SASW@MC.LCS.MIT.EDU>
Tue, 18 Feb 86 23:06:33 EST
Date: Tue 18 Feb 86 13:51:03-EST
From: Steve Berlin <BERLIN@XX.LCS.MIT.EDU>
Subject: Computerized Voting
To: bboard@XX.LCS.MIT.EDU

                   Wednesday, February 19, 1986, 7:30

                             Ms. Eva Waskell

          Independent Investigative Reporter and Science Writer

      ``Computerized Voting: No Standards and a Lot of Questions''

Ms. Waskell will address problems involved with computerized voting
programs.  She will relate the status of litigation in several jurisdictions
and will suggest safeguards in the voting system.

Ms. Waskell's research provided a basis for several New York Times articles
exposing problems with the most popular computerized balloting system in use.

CPSR/Boston meets on the third Wednesday of each month, at 545 Technology
Square, in the lounge on the 8th floor.  545 Tech Square is located at
the corner of Main and Vassar Streets in Cambridge, near the Kendall
Square stop on the red line.  Meetings are free and open to the public,
and free parking is available.

For more information, contact CPSR/Boston at P.O. Box 962, Cambridge, MA,
02142, or call Steve Berlin at 617-253-6018.

Please report problems with the web pages to the maintainer