The RISKS Digest
Volume 20 Issue 05

Friday, 6th November 1998

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Labor has premature delivery
R Romine
ABC News posts election results before the election!
Martin Minow
Salt Lake ATC center radar blackout affects 200 planes
Richard Schroeppel
AT&T Loses over 400 T3s
NYSE stock market crash — well, the other kind!
Declan McCullagh
Microsoft execs worry about free software movement
Microsoft and the Halloween Documents
Computer keeps 100 pounds per week from pensioners
Peter Leeson
Stores' shoplifting gates can set off pacemakers, defibrillator
Keith Rhodes
Swedish train-ticket reservation system down
Ulf Lindqvist
SAS airline timetables: Internet 1, Hardcopy 0
Martin Minow
New Swedish law makes most of the Internet illegal
Jacob Palme
Stanford e-mail system passwords stolen
Monty Solomon
Rats take a byte out of Ugandan exam computers
Grave error!
Dave Stringer-Calvert
Re: SRI voice-mail woes
Peter Kaiser
Re: Another wild bank saga
Jon Postel
REVIEW: "Democracy and Technology", Richard E. Sclove
Rob Slade
REVIEW: "Windows NT Server 4 Security Handbook", Hadfield/Hatter/Bixler
Rob Slade
Promoting Formal Methods
Dilia E. Rodriguez
Diego Latella
Info on RISKS (comp.risks)

Labor has premature delivery

Fri, 06 Nov 98 09:47:59 EST
Everyone on Wall Street and elsewhere eagerly awaits the official Bureau of
Labor Statistics statistics, which were due to be posted on their Web site
today.  The BLS takes great pains to avoid leaks.  However, much to
everyone's surprise, some tables appeared YESTERDAY.  As a consequence, BLS
Commissioner Katharine G. Abraham decided to release the full report
yesterday afternoon.  The interpretations were favorable, and the stock
market had a big gain.  Abraham was quoted as saying that even if the early
release ``was a computer error, it was a human failure'' in that the system
was not set up to prevent it.

A prior early release occurred in January 1997, when the Federal Reserve's
Beige Book was released at noon instead of 2 p.m., because no one bothered
to tell the Web site administrators that the time had been delayed.
[Source: Web Goof Leaks Data, Moves Stocks, By John M. Berry *The Washington
Post*, 6 Nov 1998, Page F01; PGN Stark Abstracting]

ABC News posts election results before the election!

Martin Minow <>
Wed, 4 Nov 1998 10:15:24 -0800
According to the Drudge Report <>, ABC News
posted ``final election results'' on its web site late Monday night, i.e.,
before the election began.  According to an apology from ABC News (also
quoted by Drudge) — and reading between the lines — they apparently posted
test data on their live Internet server. ABC News's web site is
<>.  My very brief look at the ABC News site did not
turn up any explanation or apology on their site.

Martin Minow,

  [For example, the dummy data showed incumbent Sen. Alfonse D'Amato
  (Rep.) besting Charles E. Schumer (Dem) in the New York Senate race,
  which turned out to be wrong.  PGN]
  [Declan McCullagh <> noted an article by
  Adam Clayton Powell III on the same story, noting that ABC had the
  right outcome on 61 out of 70 Senate and Governor races.  That article
  also noted that Fox TV had accidentally put up an advance dummy page for a
  Yankee-Padre World Series game — and almost got it correct!  PGN]

Salt Lake ATC center radar blackout affects 200 planes

Richard Schroeppel <rcs@VISI.NET>
Thu, 5 Nov 1998 12:03:50 -0500 (EST)
On 4 Nov 1998, the primary and backup radar systems for the Salt Lake Air
Traffic Control Center failed for about a minute, leaving about 200 planes
``up in the air'' over Utah, Nevada, Idaho, Montana, and Wyoming.  Handoffs
were done manually (actually, orally).  [Source: 4 Nov 1998,]

AT&T Loses over 400 T3s

Sean_Sosik-Hamor <>
Wed, 28 Oct 1998 12:50:40 -0500
We're not sure when the fault (probably a fiber cut, but that's unconfirmed)
actually happened, but Lucent Microelectronics in Allentown, PA lost all
network connectivity at approximately noon today.  AT&T lost approximately
400 T3s, which caused every single Lucent router nationwide to try to
relearn their routes and effectively pegged all routers at 100%.

Because of this, a second outage occurred due to the fact that the routers
were too busy relearning their routes to actually pass traffic.  This was a
nationwide outage for both Lucent and AT&T.  As of 01.45pm, Lucent locations
in Allentown, PA have isolated all traffic from the backbone, so at least
we're back up and running.


NYSE stock market crash — well, the other kind!

Declan McCullagh <>
Mon, 26 Oct 1998 16:00:19 -0500
Trading on the New York Stock Exchange was halted at 1:16 p.m. for just
under an hour on 26 Oct 1998, because of "equipment problems".

Microsoft execs worry about free software movement

Edupage Editors <>
An internal Microsoft memo written by one of that company's software
engineers indicates that Microsoft is concerned with developing strategies
for competing against free programs that have been gaining popularity with
software developers, such as the operating system Linux.  The memorandum
warns that the usual Microsoft marketing strategy known as FUD (an acronym
for fear, uncertainty, and doubt) won't work against developers of free
software, who are part of the OSS (open-source software) movement that makes
source code readily available to anyone for improvement and testing.  The
memo ( says: "The ability of the
OSS process to collect and harness the collective I.Q. of thousands of
individuals across the Internet is simply amazing.  More importantly, OSS
evangelization scales with the size of the Internet much faster than our own
evangelization efforts appear to scale."  (*The New York Times*, 3 Nov 1998;
Edupage, 3 Nov 1998)

Microsoft and the Halloween Documents

"Peter G. Neumann" <>
Fri, 6 Nov 98 8:47:21 PST
A second of the so-called Halloween Documents, written by Microsoft people
and lightly annotated by Eric Raymond (the first so-called because it was
analyzed by Eric over the Halloween weekend), is also available.  Analyzing
the perceived threats to Microsoft represented by open-source software, the
documents are also fascinating testaments to the appeals of open-source
software.  The first
was noted above, with Eric's alternative source as
The second is at

Computer keeps 100 pounds per week from pensioners

"Peter Leeson" <>
Thu, 5 Nov 1998 06:30:55 -0000
Approximately 200,000 elderly Brits are not receiving their proper state
pensions because of a computer glitch, losing up to 100 pounds a week for
the past few months.  The problem is blamed on the cutover to a new
170-million-pound computer system, and according to a government source is
likely to take another five months to fix.  [Source: Jon Hibbs, *London
Daily Telegraph*, 5 Nov 1998; PGN Abstracting]

Stores' shoplifting gates can set off pacemakers, defibrillator

"Keith A Rhodes" <>
Thu, 05 Nov 1998 12:46:51 -0500
Today's *New England Journal of Medicine* notes a case of a 72-year-old man
whose defibrillator was affected by interference from a Sensormatic
Ultra-Max anti-theft device in a bookstore's shoplifting gate.  Fortunately,
a nurse caught him, recognized the source of the problem, and pulled him
away.  The head of The Heart Institute of St. Petersburg, Florida, noted
that this is the most popular device — with 91,000 in use.

Debbie Coller of Sensormatic noted that the FDA advisory panel had found no
significant health hazard.  "Shoplifting gates have been around for about 25
years," she said. "Heart pacemakers have been around even longer.  During
that time, 1 billion safe passages already have occurred."  [Source:
Associated Press item, 4 Nov 1998; PGN Abstracting]

  [But RISKS readers may recall that heart-pacemaker interference deaths
  were reported in 1980 and 1985, and defibrillator interference was
  discussed in RISKS-  This not a new problem.  PGN]

    [An error in the original has been corrected in the archive copy.  PGN]

Swedish train-ticket reservation system down

Ulf Lindqvist <>
Thu, 29 Oct 1998 14:45:44 +0100 (MET)
Here is yet another example of a backup system that does not work when
needed.  [Source *Goteborgs-Posten*, via Tidningarnas Telegrambyra News
Service, 29 Oct 1998; Ulf Lindqvist abstracting and translating.]

The central computer for ticket sales and reservations at the Swedish
railway company (SJ) was down during the entire day, Wednesday 28 Oct 1998.
Phone ticket sales, normally serving 15,000 customers every day, were
completely shut down and at local sales offices only fare tickets without
reservations could be purchased.  The company press information officer
explains: ``There was a hardware failure in the mainframe supporting our
entire system.  This also caused the backup computer to fail.''

Ulf Lindqvist, Computer Engineering, Chalmers University of Technology
SE-412 96  Goteborg, SWEDEN  +46 31 772 1760

SAS airline timetables: Internet 1, Hardcopy 0

Martin Minow <>
Thu, 29 Oct 1998 15:12:14 -0800
Here's a new variant on a data error: according to a press report, the
printed edition of Scandinavian Airlines (SAS) winter timetable is
completely wrong — the printers mistakenly reprinted 350,000 copies of the
summer timetable.

Fortunately, the timetable available on the Internet and over the telephone
is correct.

Martin Minow <>

  [Also noted by Debora Weber-Wulff <>,
  who is in Sweden on sabbatical.  PGN]

New Swedish law makes most of the Internet illegal

Jacob Palme <>
Sun, 25 Oct 1998 08:51:12 +0200
  [Thanks to Dan Wing of Cisco for forwarding.  PGN]

A new Swedish law which makes most of the Internet illegal in Sweden took
effect yesterday. The law is named personal information handling law. It
makes much of the publication of information about individual persons on the
Internet illegal, such as criticism of named persons, publication of lists
of references in scientific papers or the sending of e-mail messages outside
of Europe.

More about the new law at URL

(note: The Swedish government will probably not use the law to stop
Internet. This law and other laws like it have made me understand that laws
are not meant to be obeyed.)

Question: All other EU countries are to enact similar laws.  Have other
countries interpreted the EU directive in the same way, and developed laws
which would make most of the Internet illegal?

Jacob Palme <> (Stockholm University and KTH)
for more info see URL:

Stanford e-mail system passwords stolen

Monty Solomon <>
Wed, 4 Nov 1998 03:42:42 -0500
Beginning about three weeks ago, about 4,500 Stanford e-mail users had their
passwords captured by a sniffer, planted because not all systems had been
properly upgraded with new security features.  The sniffer was detected only
a few days ago.  The attack was apparently carried out from Sweden and
Canada.  [Source: Reuters item, 3 Nov 1998, special to CNET,,4,28303,00.html; PGN Abstracting]

Rats take a byte out of Ugandan exam computers

Tue, 13 Oct 1998 21:09:52 GMT
The computer system used to determine thousands of university places (based
on national exams) crashed because of rats having chewed through cables.
Rats had previously severed phone links to parts of western Uganda and
Rwanda.  [Source: Reuters item, PGN Abstracting]

  Just goes to show that hackers come in all shapes and sizes.  :)  [ejm]

    [The rats were snackers rather than hackers, but they prevented the
    examiners from separating the knackers from the slackers.  PGN]

Grave error!

Dave Stringer-Calvert <>
Fri, 30 Oct 1998 15:04:37 -0800
The risks of Automated Mailing Software....

Embarrassed council officials have apologised for asking the occupant of a
village cemetery to fill in a survey.  A questionnaire from Rushcliffe
Borough Council asked 'The Occupier, Burial Ground' in Flintham, Notts, if
he or she had been a victim of crime in the last 12 months or belonged to a
Neighbourhood Watch Scheme.  The wrongly-addressed letter was among 2,000
sent out to businesses in the area as part of a survey to pinpoint concerns
over crime and vandalism.  But a council spokesman admitted: 'There is not
much chance of a reply being received from the occupant there.'  [...]
[From Yorkshire Evening Press, 10/30/98]

Re: SRI voice-mail woes (PGN, RISKS-20.04)

Peter Kaiser <>
Thu, 22 Oct 1998 08:38:49 +0200
> The absence of both voice-mail and call-forwarding
> certainly makes life tough.

But simpler, I should think — it certainly does in my life.  Indeed, on an
occasion when several hundred persons (including me) lost computer service
at our desktops at work for ten days, work life in our building became
extremely simple, if at a rather higher emotional voltage.

At home we used to have an answering machine, but my wife — more or less a
technophobe — hated it, so I disconnected it.  Since then I tell people
that our not having an answering machine is a service to our callers,
subtly signalling them that we either are away or don't wish to answer the
phone, thereby saving them the connection charges.


Re: Another wild bank saga (RISKS-20.04)

"Peter G. Neumann" <>
Tue, 27 Oct 1998 13:12:09 -0400
Yes (as noted by many readers), I was unable to disremember some of the
earlier confusion between the British BILLION and the American BILLION.  In
the olden dayes in England (until a few decades ago), the Brits commonly
used the European MILLIARD which is equivalent to the American BILLION, with
their BILLION equivalent to the American TRILLION.  Apparently the Brits
have informally switched in common usage, although the French and Germans
still use the MILLIARD.  The confusion is commonly resolved by referring to
a thousand million or a million million.  Perhaps the Euro presents an
opportunity to standardize, but I have not heard any such news.

Jon Postel

"Peter G. Neumann" <>
Tue, 20 Oct 1998 07:55:17 -0400
Jon Postel was one of the real pioneers of the ARPAnet/Internet, first at
SRI (then Stanford Research Institute) and then at ISI.  Recently, he was
head of the IANA (Internet Assigned Numbers Authority).  Although there are
still many network risks remaining, Jon was instrumental in many different
ways in making the existing networks as operationally robust as they have
become.  He will be deeply missed.

REVIEW: "Democracy and Technology", Richard E. Sclove

"Rob Slade" <>
Fri, 30 Oct 1998 09:58:02 -0800

"Democracy and Technology", Richard E. Sclove, 1995, 0-89862-861-X,
%A   Richard E. Sclove
%C   72 Spring Street, New York, NY   10012
%D   1995
%G   0-89862-861-X
%I   The Guilford Press
%O   U$18.95 212-431-9800 fax: 212-966-6708
%P   319 p.
%T   "Democracy and Technology"

"This book promotes the reconstruction of technology along more democratic
lines.  [...]  Insofar as (1) citizens ought to be empowered to participate
in shaping their society's basic circumstances and (2) technologies
profoundly affect and partly constitute those circumstances, it follows that
(3) technological design and practice should be democratized."  Personally,
I can sympathize with the aims, and even the thesis, that the author
proposes for this text.  However, he also notes a personal experience that
taught him "that even the most well-intentioned, elite study group can be
deeply unaware of the extent to which its conclusions embody far-reaching
value judgements."  What Sclove seems to have missed is the fact that
however important your ideas may be, they have to be communicated to those
who may have different backgrounds, and also have to be backed up by some
kind of evidence.  Although the declamations may be impassioned, only the
most sympathetic and dedicated reader will be able to plow through the
prose; and the arguments, as they proceed, have little support beyond force
of personality.

Part one is intended to synthesize modern research in the social dimensions
of technology and democratic theory into a rudimentary but comprehensive
democratic theory of technology.  Chapter one, using a statistical sampling
of two communities (one of which is oversimplified into caricature) states
that technology affects society, but that society can choose those
technologies that it will accept.  The idea that technology affects society
is re-examined in greater detail and verbiage in chapter two.  Democratic
decision-making is said to be superior in chapter three, and some objections
are replied to.  Unfortunately, this entire section is based on only four
real examples, and those situations include one failure, one closed and
homogeneous community, and two "megaprojects" requiring massive, formal
bureaucratic and political decisions.  The theory eventually turned out is
extremely rudimentary: it states that technology should be democratized, but
fails to determine whether it can be.

Part two proposes a set of evaluation points that can be used to review
technologies for compatibility with democracy.  Chapter four is supposed to
look at technologies of community, but concentrates primarily on work
situations.  In this regard it weakens the arguments of part one in that
examples are given of cooperative social structures (successfully) imposed
on hierarchical work environments, and democratically designed work
technologies subsumed to a centralized corporate structure.  When the topic
does finally turn to a purer consideration of community it is to
dismissively denigrate the possibility of technological support of virtual
community.  Democratic work is said to be free of routine and inflexible
schedules, but chapter five singularly fails to say how this utopian state
of affairs is to be accomplished.  The first of three discussions of
politics, chapter six proposes that technologies that promote distorted
ideologies or exacerbate social inequities be avoided.  Actually, though,
the material hardly touches on any example technologies at all.  Two of the
points in chapter seven boil down to "smaller is prettier" since
technologies with a smaller scope of impact promote local self-governance.
The third, however, is rather vague.  We are to prefer technologies that
promote decentralization and federation, without any real ideas of what
those are.  (There is also no analysis of the relative importance of
self-governance versus federation, a debate that my Canadian heritage finds
most compelling.)  The first point in chapter eight is that we should not
foul our own nests, and I assume that most would agree with that; the only
problem being the determination of how strictly to adhere to it.  The
second, however, seems to be an almost religious insistence on flexibility.
For the perpetuation of a species we might note that adaptability is a good
thing, but technology can be managed by the species (that is, us) according
to changing conditions.  Is the slotted screw somehow morally superior to
the Robertson because slotted screwdrivers can be used as (rather clumsy)

Part three is a defence of the democratic politics of technology against
traditional economic models.  Chapter nine appears to want to eliminate the
concept of value from the discussion.  Economic theory is not actually
challenged in chapter ten.  Instead it is turned into a straw-philosophy,
"economism," and attacked as unfit for comparison with social justice.  I
fully agree with the kind of participatory inventiveness that chapter eleven
espouses, which used to go by the name of amateur scholarship.  It cannot,
however, be successfully mandated: it must be self-driven.  This has to be
obvious from the examples given in the chapter which are almost universally
either proper systems analysis stories or failures.  Chapter twelve purports
to lay out a roadmap for pursuing more democratic technologies, but is
weakened by a vast majority of statements that use "could" or "might" rather
than "will."  Sclove does admit to a number of important social factors that
work against his ideals (at least in the United States) in chapter thirteen,
but finishes by only hoping that they can be overcome.

This book is forceful, turgid, passionate, dull, and verbose.  At first
reading, I thought that the nine criteria for evaluation of technologies
were the most important part of the work.  However, as an exercise I tried
reviewing some processes.  War and weapons technologies came out
surprisingly well, marred only by a tendency to perpetuate authoritarian
structures.  Guerilla or sectarian violence came out even better.  Again, I
am in full agreement with the general aims of the book, but have to conclude
that a lot more work needs to be done on the specifics.

copyright Robert M. Slade, 1998   BKDEMTEC.RVW   980816

REVIEW: "Windows NT Server 4 Security Handbook", Hadfield/Hatter/Bixler

"Rob Slade" <>
Mon, 2 Nov 1998 11:45:58 -0800
BKNT4SHB.RVW   980814

"Windows NT Server 4 Security Handbook", Lee Hadfield/Dave Hatter/Dave
Bixler, 1997, 0-7897-1213-X, U$39.99/C$56.95/UK#36.99
%A   Lee Hadfield
%A   Dave Hatter
%A   Dave Bixler
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   1997
%G   0-7897-1213-X
%I   Macmillan Computer Publishing (MCP)
%O   U$39.99/C$56.95/UK#36.99 800-858-7674
%P   476 p.
%T   "Windows NT Server 4 Security Handbook"

Part one is an overview, both of security and Windows NT.  Chapter one's
presentation of security basics has many good points, but also some
unfortunate gaps and errors.  The review of security concepts in NT provides
a good grounding in how the matter is seen from Microsoft's perspective in
chapter two.  (It also has a rather interesting quick introduction to
firewalls.)  The NT architecture overview in chapter three does not really
concentrate on security topics.  When it does, the coverage of access
control is reasonably clear, if not terribly readable.

The Implementation of security, in part two, explains individual functions
well but does not provide conceptual frameworks for security operations.
Most of the material does provide the ideas behind a feature, but then
simply follows through the screens for turning it on.  Topics include
domains, trust relationships, NTFS (New Technology File System) security,
protecting domain resources, and NT Workstation security.  Somewhat
different is chapter six, which gives a thorough tutorial on internal user
authentication procedures.

Part three walks through the implementation of a master domain network.
Chapters cover planning, implementation steps, and configuration of trust
relationships, but the material is too brief for a realistic guide.  Part
four looks at security for various related products, such as BackOffice,
NetWare, Macintosh, Internet, and UNIX.  Again, there are more mentions than
working details.  Part five first explains and then walks you through
implementation for C-2 security configuration.

Of those I have reviewed to date, this book delves deepest into many areas
of NT security and protection.  However, it still does not draw back the
shroud surrounding the NT security model.  The explanations of operations
are clear and there is much useful information, but still no clear direction
to the besieged sysadmin.

copyright Robert M. Slade, 1998   BKNT4SHB.RVW   980814

Promoting Formal Methods

"Dilia E. Rodriguez" <rodrigue@AI.RL.AF.MIL>
Thu, 22 Oct 1998 08:15:33 -0400 (EDT)
Coming of Age    Formal Aspects of Computing at 21
2nd December 1998, British Royal Society

The 21st anniversary of the British Computer Society Formal
Aspects of Computing Science Special Interest Group

To mark this coming of age, we have invited four of our distinguished
Fellows of the British Royal Society to select highlights of current
research achievements, reflect on past lessons learned and look forward to
future directions.

      Mike Gordon     21 Years of Hardware Verification
      Tony Hoare      Top-down and bottom-up and meeting in the middle
      Robin Milner    Computing is Interaction
      Gordon Plotkin  On Syntax

This 21-year period has seen formal methods mature from inception as a
purely academic research area, to establish itself in computer science
curricula, and most recently to be practically applied in industry.

The FACS at 21 meeting will take place at The Royal Society, 6 Carlton House
Terrace, London, commencing 9.30 am and finishing by 5.00 pm. In addition,
there will be an opportunity to attend an evening meal attended by the
speakers. (Registration form below.)

For more information contact: Computing Research Centre, School Of Computing
and Management Sciences, Sheffield Hallam University, Sheffield, S1 1WB, UK.
Tel. +44 (0) 114 225 5555. Current information is available at:


Diego Latella <>
Wed, 28 Oct 1998 11:29:56 +0100 (MET)
ERCIM  Working Group on Formal Methods for Industrial Critical Systems
                        Fourth International Workshop
              Formal Methods for Industrial Critical Systems
                              (PRELIMINARY CFP)
                               July 11-12 1999

Deadline for submission: March 1st, 1999, to
  S. Gnesi, CNR-IEI, Via S. Maria 46, I56126 Pisa - ITALY
  telephone: +39 050 593489


Mon, 02 Nov 1998 17:22:22 +0100
Safety, Reliability  and Security of Computer Systems
Toulouse, France, 27-29 September 1999

Submissions by 31 Jan 1999.

Please report problems with the web pages to the maintainer