Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 3: Issue 38
Sunday, 17 August 1986
Contents
Computer gives away California state funds- Rodney Hoffman
- High-Tech Sex Ring: Beware of Whose Database You Are In!
- Peter G. Neumann
- Computer Viruses
- Chris McDonald
Paul Garnet
Matt Bishop - Computer Viruses and Air Traffic Control
- Dan Melson
- Re: Traffic lights in Austin
- Bill Davidsen
- Info on RISKS (comp.risks)
Computer gives away California state funds
<Hoffman.es@Xerox.COM>
15 Aug 86 13:51:39 PDT (Friday)
From the Los Angeles Times, August 15 1986, page 2:
A computer error caused California's check-writing system to
issue $4 million in interest-payment checks to bondholders
who hold a type of bond on which no such payments were due.
Deputy state Treasurer Liz Whitney explained that those bonds
are of the "zero coupon" type, which are held for a period of
years and redeemed with accumulated interest at maturity
rather than bearing interest on a monthly or yearly basis.
The treasurer's office learned of the error last Friday, she
said, when a recipient inquired about the check's validity,
and stop-payment orders were issued. By Wednesday, all but
a few checks totaling $33,000 had been recovered.
No further details are given about the nature of the computer error.
-- Rodney Hoffman
High-Tech Sex Ring: Beware of Whose Database You Are In!
Peter G. Neumann <Neumann@CSL.SRI.COM>
Fri 15 Aug 86 19:37:38-PDT
From the San Francisco Chronicle, Friday 15 August 1986: POLICE SAY ARRESTS IN MARIN SMASHED HIGH-TECH SEX RING by Torri Minton and Katy Butler A sophisticated prostitution ring that kept computerized records on more than 12,000 patrons has been broken after a three-month investigation, authorities in San Jose said yesterday. The ring, known as EE&L Enterprises, collected $3.5 million a year dispatching at least 117 prostitutes by electronic beeper to cities all over Northern California from a computerized command center in San Rafael, according to San Jose vice Lieutenant Joe Brockman. ``It's a top-class operation -- the largest prostitution ring, to our knowledge, in Northern California," Brockman said. He said that the business took in more than $25 million during the eight years it was in business... Records seized by police ... included customers' names, telephone numbers, credit card numbers, sexual preferences and comments by the prostitutes... The office was equipped with four desks, several IBM computers, a photocopier, a paper shredder and a wall poster announcing that ``Reality is nothing but a collective hunch.'' On-line SuperCalifornication?
Computer Viruses
Chris McDonald SD <cmcdonal@wsmr06.arpa>
Fri, 15 Aug 86 7:47:01 MDT
[This is included because so many of you do
not seem to know the Cohen reference. PGN
Robert Stroud references a paper by Fred Cohen on "Computer Viruses." The full
text of the paper can be found in several public souces. The most available
for US readers is the minutes of the 7th DoD/NBS Computer Security Conference,
Sept 24-26, 1984, pages 240-263. The paper is not exclusively concerned with
any one particular operating system. It defines a "virus" as "a program that
can infect other programs by modifying them to include a possibly evolved copy
of itself." The paper references Ken Thompson's acceptance speech on the
Turing Award, "Reflections on Trusting Trust," which was published in the
August 1984 "Communications of the ACM." The reference, however, is only for
purposes of illustrating what Fred proposes is a "limited" virus.
[That paper includes the wonderful C compiler Trojan horse lurking
in wait for the next recompilation of the UNIX LOGIN procedure. PGN]
A close reading of the paper would reveal that very specific factors have to
exist for a "virus" to become "virulent." The most interesting facet of the
paper is really the question it raises as to whether the Bell-LaPadula and the
Biba models on mathematically defining "secure systems" even addresses the
potential of a "virus" attack.
Computer Viruses
<pgarnet@nswc-wo.ARPA>
Fri, 15 Aug 86 12:14:22 edt
Another paper by Fred Cohen is "Recent Results in Computer Viruses", written
while at Lehigh University. The copy I have does not have a date on it, but
I believe it was written sometime around the spring of 1985.
Anybody else know of any good, technical papers on the subject?
Paul
Re: Computer Viruses
Matt Bishop <mab@riacs.ARPA>
Fri, 15 Aug 86 07:28:27 -0700
If anyone wants to read an interesting science fiction book about computer
viruses (and things of that ilk) try reading John Brunner's "Shockwave
Rider." Briefly, it's about a man who puts computer viruses into the
worldwide data banks, enabling him to do all sorts of illegal things such as
change identities. Quite interesting, at least from the viewpoint of
computer security!
Matt Bishop
[I think we included mention of "Shockwave Rider" in RISK long ago.
However, with the interest in viruses and our large number of new
readers, I am not trying to avoid all duplication -- especially with
the distant past. PGN]
Computer Viruses and Air Traffic Control
Dan Melson <crash!pnet01!dm@nosc.ARPA>
Sat, 16 Aug 86 01:13:47 PDT
Those who fly regularly will be somewhat relieved to note that all terminals
of the ARTS and NAS systems, except master consoles (and a few others hardwired
straight into the machine and on site) are limited in what they can input,
nor can they escape the ATC program. Furthermore, I am not aware of any
means whereby employees can access any of the FAA's computers from other than
known sites. This also explains why there are so few ATC's on any net, despite
the large amount of computer work associated with the job today.
DM
[Beware of Trojan horses bearing gifts that look like sound programs,
officially installed through proper channels. There is also the
problem of accidental viruses such as the ARPANET collapse of 27
October 1980. (See Eric Rosen's fine article in the ACM Software
Engineering Notes 6 1 Jan 81, for those of you who have not seen
it before.) PGN]
Re: Traffic lights in Austin
<davidsen%kbsvax.tcpip@ge-crd.arpa>
15 Aug 86 10:57 EST
[From: Davidsen <davidsen%kbsvax@kbsvax.tcp-ip>]
I would call a 2% clean failure rate a success. If the two intersections had
failed in an unsafe mode, such as green in both directions, it would not
have been acceptable. If the lights had "stuck" showing green one way and
red the other, it could have caused severe delays. For the light to cleanly
go out is probably acceptable. Most drivers seeing a light with no signal
showing will use adequate caution to prevent accidents.
-bill davidsen
ihnp4!seismo!rochester!steinmetz!--\
\
unirot ------------->---> crdos1!davidsen
chinet ------/
sixhub ---------------------/ (davidsen@ge-crd.ARPA)
"Stupidity, like virtue, is its own reward"
Report problems with the web pages to the maintainer