Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
We are currently engaged in developing a system of remote video tracker pedestals for tracking missile tests, and have recently chosen to implement an interim hardware solution to allow time for a rational software development cycle (rather than 25K+ lines in less than 6 months with 2 programmers). One of the proposed advantages of the software solution is the ability to run a real-time simulation for operator training, and there have been some questions from our top management about why the software developers insist that this is exceptionally important. Yesterday, an operator attempted to manually track a live missile for the first time. He tracked it for about 1/2 second, and then commented, "Gosh, that thing moves a lot faster than I thought." Too bad none of the managers were there... Lynne C. Moore <moorel@eglin-vax.arpa>
This was printed in The Times yesterday April 16th. I am particularly intrigued by the prosecution under the forgery laws. I don't see how you can forge something like a telephone number - surely to be protected by a forgery law, an identification should be personal in some sense. Numeric codes are completely impersonal. =========================================================================== Prestel blunder 'helped hacker'. (c) Times Newspapers Limited, 1986 A top-level blunder allowed a computer journalist to penetrate British Telecom's Prestel information system, a court was told yesterday. A secret identification code allowing access to secret files was left unprotected within the computer system it was said. Mr Robert Schifreen, aged 22, used it to get the confidential identity numbers and passwords of every Prestel customer, Southwark Crown Court was told. Mr Schifreen, who subscribed to Prestel under the codename "Bug Hunter", later wrote an article on how easily he had cracked the system. But Mr Schifreen, who works for a computer magazine, denied he did so for personal gain, and accused Prestel of "negligence". Mr Austin Issard-Davies, for the prosecution, said a random experiment first gave him the telephone numbers of Prestel's private computers. The telephone numbers were not published to normal subscribers, and only a few people had access. But Mr Schifreen was said to have broken into the Prestel development test computer. It was alleged that he typed an experimental line of numbers, all twos, when the computer asked for a 10-digit identification. It worked, and the computer then asked for a four-digit password. He typed 1234 which turned out to be a test account and gave him access. But Mr Schifreen's attempts to get information out failed because he did not have the confidential identity code and password of the system manager. Nine months later, he came across the code and password "lying around" in one of the private Prestel computers. When questioned by police, Mr Schifreen allegedly admitted making unauthorised access into the system from his home computer, but claimed he had made Prestel more secure by doing so. Mr Issard-Davies said: "It is a bit like a burglar claiming all the credit for improved house security because the householder has put locks on all the windows." He added it was "twentieth century" forgery because Mr Schifreen allegedly used someone else's computer identification, like signing someone's name without consent. [omitted material] The charges have been brought under section one of the Forgery and Counterfeiting Act, 1981. The test case trial is the first contested case to go to court. The hearing continues today. ============================================================================ Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne. ARPA robert%cheviot@ucl-cs.ARPA UUCP ...!ukc!cheviot!robert [I reported on a breakin to British Telecom's Prestel Information Service in the ACM Software Engineering Notes vol 10 no 1 (January 1985). A 19-yr-old young man had penetrated the unencrypted password file. To demonstrate the vulnerability, he let a London Daily Mail reporter watch (reported in the LDM on 2 Nov 84) while he read Prince Philip's mailbox and then altered a financial market database. Things seem not to have improved much. PGN]
It has been about twenty years since I've worked with strategic systems (Polaris), but I can no longer resist putting in my two cents in the SDI debate. The issues concerning whether SDI can be made to work perfectly or even well enough the first time since it can't be tested in a realistic environment and there will be no second chance would appear to apply equally to both the US and Soviet Offensive Systems. During my four years with the Polaris Test Program, I know of no test involving more than a single live missile. Although these tests were for the most part very successful, there was never an attempt to test the ripple fire capability with real missiles on a single submarine, let alone a coordinated launch involving all submarines as well as all land based ICBMs. In addition to the readiness/reliability considerations of our strategic nuclear forces, I would suspect that the command and control problems would be formidable. We seem to have considerable difficulty sending a single urgent message (e.g. USS Liberty, USS Pueblo, USAF EC-121, etc.) , let alone a coordinated attack involving hundreds or thousands of platforms. I'm relatively certain that the numbers of warheads actually reaching the target following the initiation of an attack would be far less than the numbers in the inventories. Finally, the briefing from SDI office that I heard didn't promise perfection. Unlike some of the political supporters who promise that it will be safe for children to play outside during a nuclear exchange, the SDI technical types were talking about the impact it would have on the numbers and required modifications to the Soviet ICBMs that would be required for them to maintain the same confidence of assured first strike destruction of the US. (I promise that this will be my first and last comment concerning SDI as I think there's far too much uninformed speculation and political opinion on this subject in risk-forum already. I'll even volunteer to be edited out as I would like to see more contributions that could help those of us whose job is trying to assure that computer reliability and safety requirements are met.) Dan Ball [Don't bet on there being no provoking replies. PGN]
The discussion in the last few issues of RISKS has demonstrated that Reagan's Strategic Defense Initiative HAS ALREADY SUCCEEDED. It has done exactly what Reagan wanted, which is to convert an essentially political question, in which every American is qualifed and in fact obligated to participate, into a technical debate, in which only the technical clergy are allowed. Larry Campbell The Boston Software Works, Inc. ARPA: maynard.UUCP:campbell@harvard.ARPA 120 Fulton Street UUCP: {harvard,cbosgd}!wjh12!maynard!campbell Boston MA 02109
More than a million California telephone customers will be getting an unpleasant surprise in their April bills because of an equipment malfunction...[No estimate given of how much revenue was lost.] The estimate I saw was $25-30 million.
According to Charles Perrow Normal Accidents: Living with High-Risk Technologies Basic Books, New York, 1984 we should expect to see large-scale accidents such as the loss of the space shuttle Challenger. Perrow's thesis, I take it, is that the complexity of current technology makes accidents a 'normal' aspect of the products of these technologies. We may view space shuttles launches, nuclear reactors, power grids, transportation systems, and much real-time control software as lacking homeostatis, "give", forgiveness. Perhaps some of these technologies will forever remain "brittle". Questions: Does anybody have a good way to characterize this brittleness? To what extent is existing battle software "brittle"? Thank you for your suggestions/comments dbb
I have just finished reading Neil Frude The Intimate Machine New American Library, New York, 1983 which comments on animism and anthropomorphism in the past and present, and speculates on the continuence of these tendencies into the future with human-like qualities in computers. I did not find the argument persuasive, but then I bang at this terminal quite a bit, and certainly do not anthropomorphize it in the slightest. Perhaps some of you have <modern> stories about people who view computers as having human-like qualities, confusing their perceptions of humans and computers. If so, please send such direct to me unless you think them generally enlightening RISKS. Thanks, dbb
Please report problems with the web pages to the maintainer