Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
risks@csl.sri.com, sdcrdcf!decvax!ucbvax!CSL.SRI.COM!risks
Subject: Largest computer crime loss in history?
Date: Tue, 17 Mar 87 07:50:01 -0800
From: kremen@aerospace.aero.org
According to page 22 of March 16th's Wall Street Journal, Volkswagen may
have lost over 259 million dollars due to foreign-exchange contract fraud.
According to the article, the fraud involved "the erasure of computer
data and tampering with computer programs."
I want to share an experience that I am having with a health problem
connected with my work. I am a programmer and spend a lot of time at a CRT.
I am not technology-phobic, but I have been enlightened by my chiropractor
that CRTs can be dangerous. Many CRTs in my work situations are placed low
enough so that my neck must be tilted at a *very slight* angle. I have been
experiencing neck stiffness on and off over the last two years...it
frequently bothers me for as much as a week at a time. My chiropractor
tells me that holding my head in a fixed position at that angle --- even as
slight an angle as it is --- for a long time is probably causing that
stiffness. It so happens that I must hold my head at nearly the same angle
when I play piano and look at music on the music rack of the piano. I am
changing my behavior quite a bit; I have raised the CRT on my main
workstation so that it is at eye-level; if the computer I am working at
can't be adjusted that way, I look down with my eyes instead of using my
neck. For piano playing, I tape the music up higher on the rack, or just
memorize things in order to avoid holding my head in that deadly fixed
position. I think that it is helping.
If this doesn't afflict you, then that's great. But I would guess
that in general the position of CRTs in most work areas are placed with
complete disregard for healthy neck position, and as a result many
programmers are in danger of getting this reaction. Maybe 10 years from now
we'll see photographs of computer work environments and experience the same
kind of dismay we get when we see photographs of turn-of-the-century
sweatshops. Think of it this way: would you want to watch *television*
with your neck at that angle (not to mention with the screen so close to
your face)?
[RISKS has explored this topic several times. The evidence is mounting
that there are hazards in using terminals. Among my acquaintances, I have
recently run across an orthomolecular physician who after setting up
a new color display and working on it for 16 hours straight discovered
serious physical damage to one of his eyes. Another person (with serious
candida albicans problems, and thus greatly increased sensitivity to
his environment) finds a strong sensitivity to fumes from his PC --
possibly from the power supply. Headaches, backaches, neckaches, and
certain internal problems are also linked or aggravated by extensive
terminal use. So, perhaps in the future terminals will come with a
warning: computers may be habit forming and hazardous to your health. PGN]
broadcast number
To: itm!brent%gatech.UUX%ncar.csnet@RELAY.CS.NET
cc: risks@CSL.SRI.COM
While I find computerized sales pitches obnoxious, I find it amazing that
the Atlanta cable TV system would have a dial-in number that overrides the
system without a password required. It is very easy to misdial a phone
number. But, as has been a theme of my earlier letters, the phone system
represents a misunderstood technology. A secret phone number itself does
protect against certain classes of malicious attack, but is very vulnerable
to accidents. Given the number of wrong numbers I get on my phone, I'm
surprised that Atlanta has not already been treated to confused callers
broadcasting to the city.
[There are indeed many risks associated with unlisted phone services.
A variety of existing services offered are accessible either accidentally
or intentionally from unexpected sources. (Steve Jobs' latest endeavor
also has a whole bunch of associated risks.) The phone service that lets
you call your home computer and then punch some more digits that turn
on the oven or unlock a door for the delivery man is one example. The
phone service of having your pacemaker battery checked remotely by a
computer that interrogates it in a diagnostic mode is another. Believing
that an unlisted phone number will not get called is of course utter
folly. My unlisted home computer number gets about a call-a-day's worth
of wrong numbers. The scanning phone solicitors are extremely agressive.
In the Atlanta case we again have an example of a risk that was not
anticipated, and discovered only after it was accidentally triggered. PGN]
My new unlisted phone number contains two adjacent '9's. Just about all of
the wrong numbers that I get are caused by somebody's '9' key
double-clicking. I'm giving serious consideration to changing to a phone
number with no repeated digit.
[I hesitated before including this one, but then decided there is an
interesting problem in coding theory. Perhaps phone companies could
offer an eight-digit number for those seeking a redundant digit to
reduce wrong numbers. But, the algorithm would have to be carefully
chosen to detect as many transpositions, accidentally repeated digits,
and adjacent (with respect to the keypad and the rotary dial) digits as
possible. I would subscribe at a reasonable price. PGN]
A friend of mine deposited her paycheck using the bank's ATM machine. When
she signed her paycheck, she also wrote the account number on the back.
Unfortunately, she interchanged two numbers, so the check was deposited in
some random person's account. The ATM machine gives her a receipt that
basically says that her deposit was accepted, so she went off and assumed
that the check was deposited correctly. Well, of course the bank didn't
bother to verify that the account number written on the back of the check
matched either the account number printed on the ATM slip (included with
deposits) or the account name. They just blindly took her word for it.
After quite a hassle and a couple of bounced checks, things were straightened
out, but it took quite a bit of time and much embarrassment.
I can think of two problems here. The redundancy of having a name
associated with your account and the further redundancy of having the ATM
print a special deposit slip to be included with each deposit is pretty
useless if people aren't going to check them. The other problem is it
introduces an incentive to *not* put your account number on the back of your
check, and instead depend on the ATM slip to furnish this information, thus
increasing the dependance on automation.
By the way, the bank stated that it was not at fault here. I'm not so sure,
after all, it should have detected the discrepancy.
Joe Herman
Regarding the recent discussion of the RISKS of computers and telephones:
Several years ago, when I lived in Victoria B.C., the local telephone sales
organizations (e.g. "Buy the XXX vacuum cleaner") purchased a computer which
called up various numbers to make its pitch. The problem with the system was
that it would not release the line, even if the potential customer hung up.
In one case, a mother was prevented from calling for an ambulance while her
child was choking. Fortunately, the child survived. Soon after, laws were
passed requiring the dial-up computers to hang up when the customer did.
Rob Aitken, Alberta Research Council, Calgary AB
[We've had several very similar cases in the past.
This one is included for the record. PGN]
In the cyclic process of deciding on how much to include in RISKS, I have once again been turning up the threshold due to an increase in somewhat marginal material. I realize that the masthead guidelines are in EVERY issue, and therefore perhaps only new readers pay attention to them. On the other hand, I believe that the RISKS Forum serves a very useful purpose in tolerating open discussion, even when some of it is not quite accurate — we all learn from the ensuing discussion. Therefore I hate to stifle openness. But I also get complaints when RISKS issues get very long or very frequent -- and besides it is tough on me trying to keep up with all of you when you get into FLOOD MODE on a popular issue. So, try to stick to the guidelines. By the way, I received messages from ONLY TWO of you questioning my command of the English (american) language in the masthead item in RISKS-4.63: ++++ NOTE: We are starting to mine out old loads rather heavily ++++ ++++ of late. PLEASE try to be MORE CONCISE and LESS REPETITIOUS! ++++ The use of "load" instead of "lode" was quite intentional (I try not to explain or even highlight all of my puns), and might even be interpreted by some of you as an editorial comment.
When I was in Junior High School (about a decade ago), I was working in the
school library when they instituted the magnetic tag approach to security.
Well, naturally, those of us who worked in the library, immediately started
trying to determine how to defeat the system. It didn't take us long to
discover that a hard rap on the spine of a book against a desk or table
sufficiently scrambled the magnetic elements that the book would pass
through the detector. Because the system is so easy to defeat, it's
actually easier to steal books now because you can be reasonably sure that
the bookstore employees have enough trust in their system not to watch what
people carry in and out.
[Computer/technology related? Well, it is a fine example of
the dangers of trusting a technological solution... PGN]
From Ronald J Wanttaja:
Ann Landers has a right to her opinion. But what do I say when someone
mentions that "Ann Landers says we gotta ban the little aircraft?"
You explain to them why banning little aircraft is not the solution. I
agree that it is difficult, but telling them to go away (as I am sometimes
inclined to do myself) is a sure way to polarize the community.
Similarly technical decisions are best left to those technically qualified.
Perhaps. But when the "unqualified" (such as Congressmen [...]) are ultimately
the ones who make the decisions, you ignore them at your own peril.
LOS ANGELES TIMES, March 18, 1987 RICH CONNELL and TRACY WOOD, TIMES STAFF WRITERS The financially troubled Southern California Rapid Transit District has created a phantom warehouse to "store" more than $1 million in lost, stolen or misplaced bus parts, RTD employees have told The Times. The dummy warehouse, as some RTD employees also all it, was devised nearly a year ago and exists only in the RTD's computers — a kind of accounting limbo for lost materials that at other transit agencies are promptly acknowledged and written off as losses. RTD workers charted that the ghost warehouse, labeled "SD14", is symptomatic of management efforts to hide mistakes with little regard for public cost. "It makes [RTD middle managers] look good to higher-ups ... . You're not losing as much money on paper," said one warehouse employee familiar with the system. John Richeson, RTD's assistant general manager, the district's overseer of inventory, said he learned of the non-existent warehouse only last week as a result of inquiries by The Times. However, he defended the bookkeeping maneuver as a good idea for handling "inventory that is not in the location it is supposed to be." RTD managers acknowledged that the non-existent warehouse is an unusual bookkeeping procedure, but they insisted that it is neither improper nor deceptive. Richeson said that to characterize the district as hiding its inability to control inventory is "not the proper interpretation." The list of missing parts in the phantom warehouse has grown from zero nearly a year ago to more that 500,000 items worth $1.28 million in bus and office supplies on hand. RTD officials said that hunting down the missing supplies and trying to determine how much has been stolen and how much has been misplaced has been a low priority because the search would be too expensive and time consuming. "The dollar value certainly is not substantial in terms of the overall inventory or the overall volume of things we are doing," Richeson said. However, the fuzzy status of materials moved to the non-existent stock area creates other problems. It is now more difficult for transit police investigators to know quickly when parts are truly missing and possibly stolen, said RTD Police Chief James Burgess. "That's one of the problems we do encounter with this system," he said. [...] RTD managers inserted the phantom warehouse into the district records after a systemwide inventory of bus parts was taken last April. The inventory supposedly produced a complete tally of RTD bus and office supplies, from which accurate computer records of parts on hand were produced for the first time. However, several sources familiar with warehouse operations said the inventory served mainly to reveal the lax controls on parts and supplies. "It was a complete disaster," said one, explaining that a lot of material listed in inventories could not be found. In other instances, RTD officials acknowledged, inventories that were on hand may have been overvalued. "The inventory was meaningless," said another source who participated in the inventory [...] Almost immediately after the inventory adjustments were made to the books, parts began disappearing again, causing new problems. A computer system that is supposed to automatically replenish parts when they are needed began refusing to place some orders. Since disappearing parts were not being removed from inventory lists, the computer showed the district had those parts on hand. But stock clerks checking the shelves were unable to find them. Faced with a parts-purchasing bottleneck that could sideline badly needed buses, district employees began making expensive rush orders for special overnight deliveries from manufacturers. Partly in response to this new set of inventory problems, RTD management placed the phantom warehouse on its books. They listed it as SD14, the kind of computer label used to designate an actual warehouse at a specific location. SD14 was inserted in a column of real warehouse listings, with nothing other than its number to set it apart, for example, from SD10, the computer designation for a storeroom at a bus yard near downtown Los Angeles. ELECTRONICALLY 'SHIPPED' Wayward parts were thereafter electronically "shipped" to the new warehouse, freeing the central computer system to reorder parts to keep the system's 2,800 buses running. In addition, the fake storage area has eased the pressure on managers to account for missing parts. In the past year, they no longer have had to "write off" all the parts they could not find and were able to minimize unexplained losses in their budgets. RTD officials insist that the chief purpose of the phantom warehouse was to ensure that a detailed investigation of missing materials could be made. Maynard Walters, RTD director of purchasing who authorized creation of the ghost storage depot, recalled telling his staff, "I don't want it [written off as a loss]. I want it put in an account and held there so I can have a report on why it's not there." However, after 11 months, officials say they have not had the manpower to track down all the errant parts and supplies assigned to SD14. "We have a certain amount of personnel that we can spend finding all of these things...," said James Connolly, the RTD's materials manager, who set up the fictitious warehouse. Gradually, SD14 grew until it had three or four times the parts and inventory value of other satellite stockrooms. ARGUMENTS ERUPTED So real did SD14 appear, that for months, warehouse clerks and mechanics unsuccessfully tried to retrieve needed parts from it — and even got into arguments with higher-ups over why supplies stored there could not be delivered. "I couldn't figure out what it was," one RTD warehouse worker said. "I'd look on the computer screen [for parts]. It would say nobody has them but SD14. I'd say why can't we get them from SD14. [Eventually, I was told] SD14 doesn't exist." As time went on, the phantom storehouse became a running joke among warehouse workers. The instant any part was misplaced, someone would suggest, "look in SD14," employees said [...] NEW FACILITY As part of a sophisticated parts-tracking system at the new facility, computer-guided robots will store and retrieve all parts, keeping an accurate, running inventory as they go, RTD officials contend. "It's just like night and day in terms of the ability to control things," Richeson said. Other RTD employees are less confident. They point to management shake-ups and earlier highly touted state-of-the-art systems that have not solved inventory control problems. One RTD worker, referring to the new high-tech warehouse, said, "There'll be problems there we haven't even anticipated, that will be magnified tenfold."
Please report problems with the web pages to the maintainer