The RISKS Digest
Volume 5 Issue 81

Tuesday, 22nd December 1987

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o The Christmas Card Caper, (hopefully) concluded
Joe Morris
o The Virus of Christmas Past
Una Smith
o Viruses and "anti-bodies"
Brewster Kahle
o Cleaning Your PC Can Be Hazardous to Your Health
Brian M. Clapper
o Product liability
Mark A. Fulk
o Squirrels, mice, bugs, and Grace Hopper's moth
Peter Mabey
o Fire at O'Hare (Computerworld, Dec 14 issue)
o American Express computer problem
Frank Wales
o NYT article on computers in stock crash
Hal Perkins
o Info on RISKS (comp.risks)

The Christmas Card Caper, (hopefully) concluded

Joe Morris ( <>
Mon, 21 Dec 87 11:45:03 EST
The following item was posted on the VMSHARE bulletin board.  It describes
the origin of the CHRISTMAS EXEC file, and makes valid points about the
inability of computer systems to automatically recognize some types of
ill-behaved programs quickly enough to prevent damage to a network.

(VMSHARE is a closed bulletin board operated for the use of VM installations
who are members of SHARE, the large IBM mainframe user group.  Shadow copies
of the VMSHARE traffic are distributed to many other nets, including VNET
and BITNET.)                            
                                               Joe Morris (jcmorris@mitre)

  Append on 12/19/87 at 20:10 by Melinda Varian <BITNET: MAINT@PUCC>:

  The following statement, from a member of the EARN Board, answers the
  queries about the origin of the CHRISTMA EXEC.  Clausthal-Zellerfeld
  is quite a new VM installation.  When Heinz Haunhorst, of their staff,
  was notified that the first appearances of the virus on the networks
  originated at his node, he pursued the matter vigorously and skillfully.
  Helmut Woehlbier, of the Technical University of Braunschweig, also did
  an excellent job in helping to determine the originating node.

  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>

  Date:         Wed, 16 Dec 87 18:33:58 GMT
  Sender:       EARN Technical Group <EARNTECH@EB0UB011>
  From:         Michael Hebgen <$02@DHDURZ1>
  Comments: To: EARN Executive <EARNEXEC@IRLEARN>,
                EARN Board of Directors <EARN-BOD@IRLEARN>
  Comments: cc: German EARN Executive <DEARNEX@DHDURZ1>,
                German EARN node administrators <DEARNADM@DEARN>,
                Heinz Haunhorst <HENRY@DCZTU1>,
                "Dr. Gerald Lange" <LANGE@DCZTU1>,
                Otto Bernd Kirchner <KIRCHNER@DS0IBM1>
  To:           Melinda Varian <MAINT@PUCC>
  Subject:      CHRISTMAS EXEC

  Dear colleagues,

  after some very sophisticated detective work  it is clear that the origin
  of the CHRISTMAS EXEC is the EARN  node DCZTU1. A student there has writ-
  ten this EXEC  to send christmas greetings to his  colleagues and another
  student has  used it  without knowing what  he is doing  (as many  of our
  network users) and started the explosion.

  The node  DCZTU1 has already  blocked the Userid  of the author  and done
  all necessary steps.  Every node in the network can  be the next starting
  point  of a  similar explosion  and distribute  virus programms  or other
  bad things.

  As far as  I know the EDP-systems  there is no way to  prevent users from
  their own  mistakes. The only  solution I can think  of for this  type of
  behaviour is to observe "EDP-hygiene":

     If you receive an executable  file (EXEC, CLIST, program) from another
     might be  unknown user  do N  O T execute  without control  because it
     can result in gross missdemanour and serious damage.

     Check all EXECs/CLISTs,  what they are doing, before  you execute them
     and  check all  executable programs,  where  they come  from and  what
     they do.

     As in normal life uncontrolled behaviour may result in serious
     consequences  (I am  not going  to mention  AIDS). You  as a  user are
     responsable for all what you are doing.

  I propose to include such statements (in better english formulation) into
  the CODE OF CONDUCT and to  start an "enlightenment" process for the end-

  Best regards, m[e]rry christmas (without tree) and a happy new year

  Michael Hebgen

  EARN director of Germany and
  General secretary of EARN

  *** APPENDED 12/19/87 20:10:47 BY PU/MELINDA ***


Did any contributor suggest how the message jumped from EARN (or BITNET) into
VNET?  Supposedly the gateways (one at Yorktown, I believe)  are monitored
closely so that the ability of a message to cross without supervision
is quite limited.  I'm told that a few years ago there  was something of a
major flap when a meeting of relatively high IBM brass was shown a message
Melinda Varian (the BITNET source of the EARN message I forwarded) had sent
to an IBM'er via VNET (WITH the permission of IBM...upper management in IBM
just hadn't been aware of the arrangement).  My guess would be that it came
through an account on a customer machine but assigned to an IBM'er who could
pass mail into the IBM network.

Thought for the week: was this supposed to be a demonstration of a computerized
Christmas distribution TREE?

Second thought on the word "tree" (swiped from an undergraduate thesis at 
MIT from the 60's):

  Problems are posed by fools like me,
  but only heuristics can search a tree.

Joe Morris

The Virus of Christmas Past (Re: RISKS-5.80)

Una Smith <0402909%pucc.bitnet@RUTGERS.EDU>
Tue, 22 Dec 87 13:32:07 EST
Re the discussion of receiving run-able mail files (sometimes viruses)

A few years ago I received 2 pieces of mail, an XMAS EXEC written in
EXEC2 and a compiled module of some sort.  The module was hard to break
into, so no one I knew then knew how to tell what it did without running
it.   Well, it was a very nice, benign bug:

First, it imitated all the usual system messages one gets when logging off,
up to the full-screen VM370 logo.  Then, slowly, the logo disintegrated
into a night time scene of a cottage on a snowy hillside under some pine
trees, smoke floating out of the chimney (the "smoke" was made up of
phrases; "s..m..o..k..e" and "M..e..r..r..y...C..h..r..i..s..t..m..a..s",
etc.), and snow flakes "*" falling from the sky.  Elapsed time:  about
5 minutes.  Then it quit, abruptly leaving you sitting in front of a
terminal in some dingy office or terminal room, just as you were before.

The clue to this so-called Christmas card's origin was that the usual
machine name in the lower right was replaced with, if I remember
correctly, PSUVM.  Has anyone on the net now got an old copy of that
somewhere?  I didn't keep mine.

viruses and "anti-bodies"

Tue, 22 Dec 87 10:19:32 EST
Risks, recently, has been filled with reports of specific virus and how to kill
them manually.  Has there been any work on "anti-bodies" that attack specific
viruses?  It seems that contributors have enough knowledge about each virus to
build such beasts.  Such programs might push the state of the art, reduce the
effect of viruses, and keep down the traffic on this list.

    [A certain amount can be done contextually, e.g., with specific file
    names.  Paul Karger has suggested something similar for Trojan horses.
    See his paper in the 1987 IEEE Symposium on Security and Privacy.  But
    such techniques are intrinsically incomplete.  PGN]

Cleaning Your PC Can Be Hazardous to Your Health

Brian M. Clapper <>
Tue, 22 Dec 87 09:57:26 EST
The following news bulletin appeared on our mail machine this morning:

   "Recently a flash fire occurred at a Navy lab when an employee attempted
   to clean his computer screen using an alcohol based cleaner.  An
   investigation revealed that the employee sprayed the cleaner directly
   at the unit while it was turned on.  Static electricity which had built
   up on the screen then ignited the atomized cleaner.  To prevent a
   similar occurrence here, all PC users are cautioned to turn off their
   screens before cleaning, and to dampen a cloth with the cleaner before
   wiping the screen rather than spraying it at the screen."

Brian M. Clapper, Naval Air Development Center, Warminster, PA 18976

Product liability

Mon, 21 Dec 87 11:24:30 EST
It seems to me that a large number of problems with product liability
arise from a propensity to confuse two issues: _liability_ and _negligence_.

If the use of a product carries with it a certain, irreducible risk of
injury, then the manufacturer SHOULD be liable for the damages resulting.
That liability SHOULD result in increased costs to the users of the
product (or to the public in general, in the case of mass vaccines).
After all, the damages are part of the cost of the product.  Such a liability
should be limited to actual damages, meaning such things as medical costs,
loss of earning power, and _reasonable_ (capped) compensation for pain and
suffering.  In particular, _punitive_ damages should be reserved for cases
of negligence.  Part of the result is that this sort of liability ought to
result in predictable costs to the manufacturer, so that it can include those
costs in the final price.  Finally, most such liability cases should be
resolved in administrative courts with low legal costs and short delays.

Cases of negligence arise when someone fails to take reasonable and prudent
care; for example, the Ford Pinto sort of case.  In such cases the present
system is perfectly reasonable, with contingency fees and the like.
I would not want to see lawyer's fees fixed for such cases, as I believe
that would deny legal protection to the poor and would prevent pursuit
of cases against the largest and wealthiest defendants.  If, as is often
asserted, manufacturers are wrongly found negligent because a jury wants
to compensate some obviously suffering individual, then the compensation
under the liability-no-negligence system should satisfy the jury's desires.

Such a system requires specifying a number of special cases; for example,
if a corporation buys an expert system, they presumably have access to
someone who can explain the risks inherent in using that system.  In
such cases, sharp limits on non-negligent liability are reasonable.  It
would not be the author's fault if the company managed the entire pension
fund with his financial system.

In general, if we were to shift to such a split system of liability, it
would take us quite a while and quite a bit of experience to develop
the details.  Finally, I would like to add that this idea is not original
with me; I first saw it advocated in an editorial in Nature.

Mark A. Fulk

P.S. This is not to say that government-imposed fines and the like are
not also appropriate.  They are simply insufficient, as the government
frequently lacks the stomach to take on offenders.  The tort system
provides a channel for citizen-originated complaints to get a hearing
in front of disinterested parties.

Squirrels, mice, bugs, and Grace Hopper's moth (Re: RISKS-5.78)

Peter Mabey <mcvax!!phm@uunet.UU.NET>
Mon, 21 Dec 87 16:13:24 GMT
>  Squirrels, mice, bugs, and Grace Hopper's moth (Mark Mandel) ...
>The word "bug", in the sense we use in the computer world, did NOT
>originate with "Amazing" Grace Hopper's moth. ...

According to the Oxford English Dictionary (Supplement I), the first
recorded use of the term in print is a quote from Edison in the Pall Mall
Gazette of 1889 - so it's probably coming up to its centenary now.

Peter Mabey  (phm@stl  ...!mcvax!ukc!stl!phm +44-279-29531 x3596)
Standard Technology Ltd., London Road, Harlow, Essex CM17 9NA, U.K.

Fire at O'Hare (Computerworld, Dec 14 issue)

99700000 <haynes@ucscc.UCSC.EDU>
Tue, 22 Dec 87 11:45:25 PST
Has an article about another fire resulting in melted cables, this time a
fire at O'Hare that put United Airlines out of operation.

And has a special section on computer security.  No better than one would
expect from Computerworld, but that's it.

American Express computer problem

Frank Wales <mcvax!!frank@uunet.UU.NET>
Fri, 18 Dec 87 17:23:52 GMT
You may be interested in a letter I received this morning from American
Express; its text is as follows:

  [the letter is verbatim — the poor grammar is theirs, not mine]

  Dear Mr Wales

  I regret to advise you that a problem has arisen concerning
  access to our Automated Teller Machine network.

  As you know a Personal Identification Number (PIN) is needed to
  use these machines.  Due to an internal system error your
  unique PIN has been deleted.  The effect of which, is to deny 
  you access to cash or Travellers Cheque withdrawal.  Would you
  please call London (01) [...] or Brighton [...]
  where our staff will immediately amend our records with the PIN
  of your choice.  When telephoning, please be prepared to answer
  two or three questions about your personal details so that we
  can maintain the necessary security.

  I am very sorry for the inconvenience this must cause.

  Yours sincerely
  (signed by Xerox)
  Customer Services

      [I have deleted the telephone numbers above, for obvious reasons.  PGN]

First of all, because the numbers are not normal customer service numbers, I
called the 24-hour Emergency number (the normal Customer Service number was
busy, as usual), and made sure that the letter was not a scam.  I was told,
after some rummaging around by the operator, that both were legitimate Amex
numbers.  I then called the London one, and found that, according to the
exchange, it didn't exist.  I then called the Brighton one and, after being
asked to hold for so long that the operator had to physically go and get her
supervisor, sorted out my PIN with them.

In the course of this, I asked what had happened: (I'm paraphrasing here --
it was an hour ago)

Amex: "A slight computer problem; nothing to worry about."

Me: "You mean you've had a security breach?"

Amex: "No, no.  Nothing like that.  That's impossible.  Our systems are
completely confidential.  Someone was just transferring some information onto
one of our systems, to make it more efficient, you know, and some information
got deleted in the process.  We didn't even know until members started
calling us up to ask why their cards were being rejected by dispensers."

I didn't ask where their backups were — they obviously didn't have any,
or they wouldn't have been reduced to admitting their failure to their

Aside from Amex's dubious practice of actually asking customers to write
down a PIN and post it to them (or, in this case, tell them over the phone),
something which both astonishes and amuses my Bank Manager, what does
this episode reveal about American Express's computer systems and procedures,
often touted as being among the best in the banking business?

[As a side note, I'm also not too convinced that the questions about
personal details are good enough to convince them that I am who I say I am;
I know that the information I gave wouldn't convince *me*.  But that's an
issue for another day.]

Frank Wales, Development Engineer,    [frank@zen.uucp<->mcvax!!frank]
Zengrange Ltd., Greenfield Rd., Leeds, ENGLAND, LS9 8DB. (+44) 532 489048 x220 

NYT article on computers in stock crash

Hal Perkins <>
Mon, 21 Dec 87 21:48:36 EST
[Last week the New York Times ran a series of articles analyzing the
stock market crash.  One was on the role of computers in the crash.
It's too long to include the whole thing in Risks.  These excerpts
concentrate on the unplanned and unexpected and omit background
information about program trading, etc.  I highly recommend the entire
article to anyone who is interested in the subject.  It also is good
holiday reading for any Star Wars fans who believe that computers can
be programmed to direct a real-time battle successfully.  HP]

From The New York Times, Tuesday, December 15, 1987.  Page 1.

The Computer's Contribution to the Rise and Fall of Stocks
by David E. Sanger

In the span of a few hours, the stock market's October collapse drove
home the fact that new technology has done far more to Wall Street than
just accelerate the tempo of trading.

Securities firms have always embraced innovations that promised to
improve their profits.  During this decade... brokerages spent millions
of dollars on electronic networks... [and on] complex computerized
trading techniques to exploit the flood of information.

But in the process, the new generation of hardware and software
fundamentally altered the way buying and selling decisions were made.
And they subtly magnified the degree of risk that investors and traders
routinely accepted.

... [B]ig investors, seeking an advantage measured in seconds, were
often led to abandon independent judgement in favor of executing
trading strategies programmed into their computers.

On Monday, Oct. 19, Wall Street's legendary herd instincts, now
embedded in digital code and amplified by hundreds of computers, helped
turn a selloff into a panic....

"We are learning that when we compress the time in which things happen,
they happen differently," said Robert A. Brusca, the chief economist at
Nikko Securities....

[Discussion of how the technology fueled the willingness of big
investors to trade for short-term profit instead of investing for
long-term returns.]  In other words, it helped turn [large,
traditionally conservative institutions] from investors into traders.

What's more, the computer's enormous appetite for price data helped
divorce buy and sell decisions from developments in the business world,
focusing them instead on numerical relationships among thousands of
fluctuating stock prices....

Technology also gave a false sense of security to investors who
deceived themselves into thinking that ballyhooed computer-based
trading techniques would somehow protect them in a falling market....

The Allure of Technology

[Discussion of how the stock exchanges have built huge computer centers
to process enormous daily transaction volumes.]

Starting six years ago, a new generation of personal computers and more
powerful work stations began playing another, very different role...
They were programmed to spot bargains, and to constantly compare the
prices of stock index futures contracts... with the prices of the
actual stocks....

Without question the new techniques made the markets more efficient...
[assuring] that prices reflected pertinent information instantly, and
they encouraged investors to trade simultaneously in more than one
market, helping to minimize disparities in prices.

But the programs also introduced enormous pressure to act and react
instantly.  "Overnight, the reaction time to market-influencing events
dropped from months or days to minutes and seconds," said Allen Sinai,
the chief economist of Sherson Lehman Brothers.  "Unless you could
evaluate all this data instantly, you were out of business."

New Tricks for Investors

[Description of various "program trading" strategies, including stock
index arbitrage, which takes advantage of momentary differences between
the prices of stocks and of the corresponding futures contracts (trades
must be made instantly before the price difference disappears), and
portfolio insurance, which is supposed to reduce the risk of a downturn
by selling stock index futures.]

[on portfolio insurance:]  Advocates of the system were asserting
before the collapse that it assured that losses would not exceed 5
percent of the value of the portfolio....

Promotions [of portfolio insurance] worked: By October, between $70
billion and $90 billion was invested in funds using some form of the

As a result, some [investors] abandoned ordinary prudent techniques,
such as selling a portion of their holdings for cash when the market
hit new highs, because they were confident the programs would work....

When Facts Became Myths

The problems lay in the computerized models of how markets act:  They
rested on assumptions that proved false.  One assumption, for example,
was that the markets would be well behaved, meaning that stock prices
and futures prices would closely track each other.  Another was that
whenever the computer commanded a buy or a sell, there would be buyers
and sellers.

On Oct. 19, neither condition applied.  Stocks and futures prices were
far out of whack.  At times, no buyers could be found.  Computers
literally froze — they were not programmed to cope with the

The role of stock index arbitrage is harder to assess....

...traders say that it may have begun a wave of selling that was then
exaggerated by portfolio insurance programs.

In retrospect, the portfolio insurance programs may have helped create
much of the turmoil that ultimately defeated them.

"The problem was that everyone is working from roughly the same
theories," said Peter U. Vinella, a partner at Berkeley Investment
Technologies in Berkeley, Calif., which writes many complex trading
programs.  "They all get the same feedbacks.  And that leads everyone
to take the same action."

A Fear of Defying the Computer

Why do people become captive to computers?  Programs, of course can
easily be overruled by humans, who make the final decision about
whether to proceed with a transaction.  But amid chaos, when seconds
could mean the difference between profit and ruin, traders are deeply
reluctant to disregard the neat columns of computer-generated

"People get lulled into thinking, `My program says this will work,'"
said Robert H. Mundheim, the dean of the University of Pennsylvania law
school....  "And you don't have time to think through the assumptions
that went into the programs — if you understood them in the first

[Discussion of whether a fully automated trading system might have
avoided some of the panic that set in when orders were backed up for
hours, causing investors to sell even more.]

Slowing of Market Studied

Investigators have already discarded as unenforceable one option:
stopping the use of computer programs that speed the pace of
decision-making.  More practical, experts say, would be actions that
slow the market, giving participants a chance to absorb new data and
adjust accordingly....

Please report problems with the web pages to the maintainer