Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
We are currently engaged in developing a system of remote video tracker
pedestals for tracking missile tests, and have recently chosen to implement an
interim hardware solution to allow time for a rational software development
cycle (rather than 25K+ lines in less than 6 months with 2 programmers). One
of the proposed advantages of the software solution is the ability to run a
real-time simulation for operator training, and there have been some questions
from our top management about why the software developers insist that this is
exceptionally important.
Yesterday, an operator attempted to manually track a live missile for the
first time. He tracked it for about 1/2 second, and then commented, "Gosh,
that thing moves a lot faster than I thought." Too bad none of the managers
were there...
Lynne C. Moore <moorel@eglin-vax.arpa>
This was printed in The Times yesterday April 16th. I am particularly
intrigued by the prosecution under the forgery laws. I don't see how
you can forge something like a telephone number - surely to be protected
by a forgery law, an identification should be personal in some sense.
Numeric codes are completely impersonal.
===========================================================================
Prestel blunder 'helped hacker'. (c) Times Newspapers Limited, 1986
A top-level blunder allowed a computer journalist to penetrate British
Telecom's Prestel information system, a court was told yesterday. A secret
identification code allowing access to secret files was left unprotected
within the computer system it was said. Mr Robert Schifreen, aged 22, used
it to get the confidential identity numbers and passwords of every Prestel
customer, Southwark Crown Court was told.
Mr Schifreen, who subscribed to Prestel under the codename "Bug Hunter",
later wrote an article on how easily he had cracked the system. But Mr
Schifreen, who works for a computer magazine, denied he did so for personal
gain, and accused Prestel of "negligence".
Mr Austin Issard-Davies, for the prosecution, said a random experiment first
gave him the telephone numbers of Prestel's private computers. The telephone
numbers were not published to normal subscribers, and only a few people had
access. But Mr Schifreen was said to have broken into the Prestel development
test computer. It was alleged that he typed an experimental line of numbers,
all twos, when the computer asked for a 10-digit identification. It worked,
and the computer then asked for a four-digit password. He typed 1234 which
turned out to be a test account and gave him access. But Mr Schifreen's
attempts to get information out failed because he did not have the
confidential identity code and password of the system manager. Nine months
later, he came across the code and password "lying around" in one of the
private Prestel computers.
When questioned by police, Mr Schifreen allegedly admitted making
unauthorised access into the system from his home computer, but claimed he
had made Prestel more secure by doing so. Mr Issard-Davies said: "It is a
bit like a burglar claiming all the credit for improved house security
because the householder has put locks on all the windows." He added it was
"twentieth century" forgery because Mr Schifreen allegedly used someone
else's computer identification, like signing someone's name without consent.
[omitted material]
The charges have been brought under section one of the Forgery and
Counterfeiting Act, 1981. The test case trial is the first contested case
to go to court. The hearing continues today.
============================================================================
Robert Stroud,
Computing Laboratory,
University of Newcastle upon Tyne.
ARPA robert%cheviot@ucl-cs.ARPA
UUCP ...!ukc!cheviot!robert
[I reported on a breakin to British Telecom's Prestel Information
Service in the ACM Software Engineering Notes vol 10 no 1 (January
1985). A 19-yr-old young man had penetrated the unencrypted password
file. To demonstrate the vulnerability, he let a London Daily Mail
reporter watch (reported in the LDM on 2 Nov 84) while he read
Prince Philip's mailbox and then altered a financial market database.
Things seem not to have improved much. PGN]
It has been about twenty years since I've worked with strategic systems
(Polaris), but I can no longer resist putting in my two cents in the SDI
debate.
The issues concerning whether SDI can be made to work perfectly or even
well enough the first time since it can't be tested in a realistic environment
and there will be no second chance would appear to apply equally to both the
US and Soviet Offensive Systems.
During my four years with the Polaris Test Program, I know of no test involving
more than a single live missile. Although these tests were for the most part
very successful, there was never an attempt to test the ripple fire capability
with real missiles on a single submarine, let alone a coordinated launch
involving all submarines as well as all land based ICBMs.
In addition to the readiness/reliability considerations of our strategic
nuclear forces, I would suspect that the command and control problems
would be formidable. We seem to have considerable difficulty sending a
single urgent message (e.g. USS Liberty, USS Pueblo, USAF EC-121, etc.) ,
let alone a coordinated attack involving hundreds or thousands of platforms.
I'm relatively certain that the numbers of warheads actually reaching the
target following the initiation of an attack would be far less than the
numbers in the inventories.
Finally, the briefing from SDI office that I heard didn't promise perfection.
Unlike some of the political supporters who promise that it will be safe for
children to play outside during a nuclear exchange, the SDI technical types
were talking about the impact it would have on the numbers and required
modifications to the Soviet ICBMs that would be required for them to
maintain the same confidence of assured first strike destruction of the US.
(I promise that this will be my first and last comment concerning SDI as I
think there's far too much uninformed speculation and political opinion on
this subject in risk-forum already. I'll even volunteer to be edited out as
I would like to see more contributions that could help those of us whose job
is trying to assure that computer reliability and safety requirements are met.)
Dan Ball
[Don't bet on there being no provoking replies. PGN]
The discussion in the last few issues of RISKS has demonstrated that Reagan's
Strategic Defense Initiative HAS ALREADY SUCCEEDED. It has done exactly
what Reagan wanted, which is to convert an essentially political question,
in which every American is qualifed and in fact obligated to participate,
into a technical debate, in which only the technical clergy are allowed.
Larry Campbell The Boston Software Works, Inc.
ARPA: maynard.UUCP:campbell@harvard.ARPA 120 Fulton Street
UUCP: {harvard,cbosgd}!wjh12!maynard!campbell Boston MA 02109
More than a million California telephone customers will be getting an unpleasant surprise in their April bills because of an equipment malfunction...[No estimate given of how much revenue was lost.] The estimate I saw was $25-30 million.
According to
Charles Perrow
Normal Accidents: Living with High-Risk Technologies
Basic Books, New York, 1984
we should expect to see large-scale accidents such as the loss of the
space shuttle Challenger. Perrow's thesis, I take it, is that the
complexity of current technology makes accidents a 'normal' aspect
of the products of these technologies.
We may view space shuttles launches, nuclear reactors, power grids,
transportation systems, and much real-time control software as lacking
homeostatis, "give", forgiveness. Perhaps some of these technologies
will forever remain "brittle".
Questions: Does anybody have a good way to characterize this brittleness?
To what extent is existing battle software "brittle"?
Thank you for your suggestions/comments dbb
I have just finished reading
Neil Frude
The Intimate Machine
New American Library, New York, 1983
which comments on animism and anthropomorphism in the past and present,
and speculates on the continuence of these tendencies into the future
with human-like qualities in computers.
I did not find the argument persuasive, but then I bang at this terminal
quite a bit, and certainly do not anthropomorphize it in the slightest.
Perhaps some of you have <modern> stories about people who view computers
as having human-like qualities, confusing their perceptions of humans
and computers. If so, please send such direct to me unless you think
them generally enlightening RISKS. Thanks, dbb
Please report problems with the web pages to the maintainer