Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Headlines in `The Independent' (new British `serious' newspaper) on Tuesday
28 October 1986:
Stock Exchange computers fail under strain
Shambles as the Big Bang hits the floor
THE CITY'S "Big Bang" exploded after just 29 minutes' trading yesterday
morning when the computers buckled under the strain. The Stock Exchange
system which speads information to dealers and investors went off the air at
8.29 am, to be followed 18 minutes later by the central dealing computer,
the Stock Exchange Automated Quotations system known as SEAQ. By that time,
market makers were already experiencing problems in putting their prices
into the system, and some of them had ceased to trade at all. The failures
were blamed by the Stock Exchange on brokers overloading the system, both to
look at their competitors prices and out of pure curiosity.
Jonathan Bowen, Programming Research Group, Oxford University
There was an item in today's Independent (a new UK paper) about the results
of a security audit of 50 UK companies. Sadly, the results will be all too
familiar to RISKS readers. When will practice catch up with theory?
Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne.
UUCP ...!ukc!cheviot!robert
[Sorry for the absence of a specific reference to the original report. PGN]
["It is probably one of those expensive management consultancy things
costing ten pounds a page!" - Robert]
============================================================
Reproduced without permission from The Independent 30th October 1986 p.16
"How Fred lets the fraudsters in" (c) Newspaper Publishing PLC
by Michael Cross
Frauds involving computers will cost British companies 40m pounds next year,
the insurance broker Hogg Robinson said yesterday. The culprits are not
usually teenage computer wizards but disgruntled employees and previous
employees.
Hogg Robinson's report, an audit of 50 firms, suggests that British
companies are extraordinarily careless about looking after their computers.
Apart from fraud, the dangers are sabotage, damage caused by carelessness,
and run of the mill disasters such as fire or flood.
The chink in most computers' armour is the password. All but three sites the
auditors examined used passwords to control access to computers. Most were
useless. When people choose their passwords, they often pick names of
spouses or pets. These are easy for colleagues to guess. America's favourite
password is "love", closely followed by "sex". Top of the list in Britain is
"Fred".
Other favourites, said David Davis, director of research at Hogg Robinson,
are "pass", "God", "genius" and "hacker". "If a hacker tries these he will
get through 20 per cent of the time", Mr Davis said.
Passwords are particularly vulnerable when they remain unchanged for a long
time. The chairman of one major company the auditors investigated had kept
the same password for five years. It was "chairman".
Another danger point is in computers that allow unlimited guesses at
passwords. One in 10 of the sites surveyed allowed any number of attempts
to "log in". The really secure passwords are the dual-key encrypted type.
These are codes distributed in two parts, which link up inside a computer.
But only two or three computers, all government installations, carry such
protection in Britain.
Despite the vulnerability of passwords, the report suggests that few
computers fall victim to outside "hackers". Three of the sites inspected
showed signs that hackers had gained access to the computers through
external telephone lines. Dr Frank Taylor, chairman of the British Computer
Society's security committee, said there is no real evidence that hackers
are causing large financial losses.
Dr Taylor's horror stories have a more humdrum flavour. One concerns a
building supplies company which had no security on its counter terminals.
Crooked employees were able to give huge discounts to friends, and the
company went broke. Another company lost its data - and nearly everything
else - when lightning struck a power cable.
Computers face a host of dangers from everyday activities, the report says.
Mr Davis said that computers are designed to be operated by, "a race of
supermen who do not eat, drink or smoke". He has a useful tip for computer
people who cannot give up human habits; drink black coffee rather than
white. It causes less damage if spilt.
A while back I reported that a lighning strike had taken out the computer
that controlled the synchronization of Austin's downtown traffic lights.
(Local control units took over - only two lights went "on the blink".)
I recently learned that there was more to the story. It seems that Austin
has a "traffic flow program" embedded in that system that changes the
durations of red/yellow/green lights for given intersections based on the
time of day. The goal is to give more time for people to get intown in the
mornings and out of town in the evening. The local control units fall back
to an "equal time for all" scheme, regardless of time of day.
Since the power loss occurred late in the afternoon, evening rush hour
traffic was snarled more than usual. In addition, there were several near-
accidents caused by people who "knew" that the yellow light would be long
enough (based on months of commuting experience).
Alan Wexelblat
UUCP: {seismo, harvard, gatech, pyramid, &c.}!ut-sally!im4u!milano!wex
The following items were posted to the delphi digest on mod.mac. The issues
have been covered before in mod.risks, but the example is worth noting.
Elliott S Frank ...!{ihnp4,hplabs,amd,nsc}!amdahl!esf00 (408) 746-6384
==============================
Delphi Mac Digest Thursday, 30 October 1986 Volume 2 : Issue 55
From: PIZZAMAN (14213)
Subject: Computers and Medical Charts
Date: 26-OCT 16:26 Business Mac
The most amazing thing happened at the hospital yesterday. I was accused of
unethical behavior because I used my computer to prepare a conference for the
Department of Surgery!
Let me explain.... I am the Clinical Coordinator of the Department of
Surgery at a rural community hospital. This is a voluntary job, in addition
to my regular practice of surgery. My responsibilities include the preparing
of the mortality and morbidity conferences each month, as well as trying to
put together educational topics of interest for the other surgeons. Having
trained at a University Hospital in Philadelphia, I enjoy doing this teaching.
In order to prepare for one of these conferences, I took my Tandy 100 to the
record room, and took my notes on it. When I got to the office, I plugged
the Imagewriter cable into the RS-232 connector on the back of the Tandy,
and using Smartcom II, loaded the information into the Mac for work
processing, spread sheeting, and graph creation.
Now, I am being accused of taking confidential information out of the
hospital in the form of patient records and doctors names! All I had on the
computer were my notes. The paranoid medical staff is afraid that having
this information in my "COMPUTER" is dangerous, in some way. Since I
consider my two computers just extensions of other work tools that I use, I
can't understand this. Would they be just as paranoid if I used a legal pad
to make notes instead of the computer?
By the way, the bylaws of the hospital allow for the use of records for
research, and I had permission from the President of the Medical Staff to do
the study in question.
Pretty amazing paranoia, huh? Do people really still fear computers this way?
Any physicians out there have similar experiences? Any legal advice?
==============================
From: PEABO (14226)
Subject: RE: Computers and Medical Charts (Re: Msg 14213)
Date: 26-OCT 19:45 Business Mac
It might have something to do with Legislators, who tend to know even less
about computers than hospital staff. I've read some stories about how some
corporations are getting concerned about what J. Q. Middlemanager is taking
home to work on using his own computer after downloading from the company
mainframe.
peter
==============================
From: LAMG (14239)
Subject: RE: Computers and Medical Charts (Re: Msg 14213)
Date: 27-OCT 01:20 Business Mac
Yes, it's paranoid behavior, but no, it's not amazing, I'm afraid. In my
institution (UCLA Dept. of Radiological Sciences) most of the data used for
teaching and research is in "machine readable" form at one time or another.
Clearly there is a valid issue related to the removal of confidential patient
records from the hospital (I don't know what the regulations are there) but
these would apply equally to data whether in handwritten, printed or machine
readable form.
You didn't say exactly who is objecting to your work and on what
grounds, but it sounds like they don't have a very good idea of what
you're using the computers for. I can't give you legal advice though.
Franklin Tessler, M.D.
Please report problems with the web pages to the maintainer