Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
An interview on this afternoon's (21 Oct 87) "All Things Considered" with an investment expert named Thomas Tisch [sp?] discussed the impact that programmed stock trading had on last Monday's stock market losses. According to Mr. Tisch, aggressive programmed trading typically is an attempt to take advantage of a difference in prices between different offerings of the same stock. For example, analysts will compare the price of a group of stocks on the NY Stock Exchange with the price of an option on the same stocks on the Chicago exchange. If a sufficiently large disparity exists, the programmed sales will be activated, buying the lower priced package and simultaneously selling the higher priced package. Because the disparities in price are usually small, this strategy requires large purchases, on the order of $25 million. During Monday's decline, trading on index futures was suspended, reducing the impact of this form of programmed trading on the market. In the case of Monday's fall, Mr. Tisch felt that a lot of the volatility the market showed was caused by another kind of programmed trading. Many large institutional investors, such as insurance companies, pension funds, and university endowments, had tried to protect their assets with "portfolio insurance." To protect against their assets being wiped out, these investors had programmed in a bail-out if their portfolio's value dropped too far. This resulted in an automated panic once the market as a whole started to drop. [ I didn't tape previous the broadcast, so I can't give you Mr. Tisch's credentials. All I have is hastily scribbled notes I took during the interview. I did, though get the following item on tape ] On Tuesday, during an address to the National Press Club, Garrison Keillor was asked what effect the market's decline would have on Bob's Bank in Lake Woebegone. Keillor replied, "I think the terrifying thing about this stock market crash is the idea that this could all be going on between computers with human beings hardly involved at all. That these vast banks of computers all over the country, using the phone lines, are battling each other for stocks, and that we have no part in this." LT Scott A. Norton, USN | From Internet, if you need a gateway, use Naval Postgraduate School | firstname.lastname@example.org Monterey, CA 93943-5018 | or email@example.com 4526P@NavPGS.BITNET | The WISCVM gateway will close 15 Dec 87. )
On Monday, a number of NASDAQ market makers abandoned their posts while stockholders were trying to bail out. (A good thing? Don't let 'em sell until it goes up again?) Although this was not a computer-caused problem, it kept the computers from handling the relevant trading during the 508-point drop. On Tuesday, computerized trading in stock-index futures and options was temporarily suspended for the first time in history in New York, Chicago, and Kansas City. On Wednesday, the PSE had to shut down its computerized trading system (SCOREX) for about five hours yesterday due to intolerable transmission delays resulting from the avalanche of orders. This was its first complete shutdown since installation in 1979. Volume dropped significantly. (On Monday SCOREX trading was halted in about 5% of the options, due to "technical problems".) [Source: San Francisco Chronicle, 22 October 1987] When a brokerage house loses out on transactions it was not able to make, this is what is known as an ERROR OF COMMISSION!
This morning's (Thursday, October 22) Wall Street Journal, Eastern Edition page 44, contains an article with the above headline, which continues: "Two top BankAmerica Corp. executives quit after being asked to resign . . . in an action related to data processing problems that cost the company an estimated $25 Million. "The two men were held responsible . . . for problems in converting to a new computerized accounting system for the bank's trust department last March. ". . . A bank spokesman said the conversion to a new system, called MasterNet, disrupted data processing records to the extent that BankAmerica is frequently unable to produce or deliver customer statements on a timely basis." The good (?) news is that ". . .the spokesman said . . . 'to the best of our knowledge, no customer information has been lost. . .'" Jerry
From the Federal Computer Week (10/19/87) (excerpted, without permission): The Air Force has issued technology assessment contracts to four teams to explore deployment of a multibillion-dollar Air Defense Initiative that could rival SDI for cost, complexity, and possibly for political debate. Issued by the Air Force Electronics Systems Division, the contracts, though slightly less than $1 million each, signal the beginning of a major tri-service effort to protect North America from attack by Soviet bombers or cruise missiles. A central impetus for the ADI research is the effect SDI will have on Soviet strategic planning, according to Air Force officials. The Air Force operates on the assumption that the ongoing progress on SDI has already pushed the Soviets to improve their bomber and cruise missile forces. If this improvement continues, the US will need to deploy ADI even if the threat it is designed to counter is an indirect result of SDI. The ADI system will bear more than a casual resemblance to SDI, according to Pentagon officials. Like SDI, it probably will include numerous space-based sensing platforms, which can see the entire North American continent and which can control air, ground, and space-based interceptors or hypersonic aircraft. ADI will require a complex real-time computerized command and control system to monitor threats coming from every compass quadrant. Like SDI, ADI's command and control system will have to be able to assess these multiple threats and then control widely dispersed defensive systems... John Pike of the Federation of American Scientists, a long-time critic of SDI, said the command and control problems of ADI will be even more complex than SDI. "Airplanes tend to blend into the background, especially when they are flying only a few hundred feet above the ground ... The Soviets are obviously going to have their missiles coming in from the north, but airplanes could come in from any direction." ... Former Defense Secretary James Schlesinger estimated that total costs for ADI could run as high as $50 billion. (The rest of the article discussed contractors/subcontractors and some of the suggestions for methods and timing. One interesting item was the suggestion that airships (lighter than air) are a possible sensor platform alternative.) --Walt Thode (firstname.lastname@example.org)
In RISKS-5.44, Scott Dorsey (email@example.com) writes: > I seem to recall a mention that the Berkeley computer center was >occupied by protesters sometime in the sixties, ... I attended Monash University, Melbourne, Australia, in the 1970s at the height of the student rebellions. The Computer Centre, fearing an imitation of events in the U.S., posted large notices on the doors of the machine room alleging that after the fire alarm bells went off, you had 45 seconds to clear the room before the carbon dioxide came in, the oxygen disappeared, and those remaining died. (This was before the advent of Halon.) It was assumed that the operators were expected to trigger the fire alarm at any sign of a student invasion, though the administration denied this. In RISKS-5.45, Brent Chapman (firstname.lastname@example.org) writes: >Have there been any cases of terrorist or political attacks on comp centers? Perhaps someone who was there at the time can tell us about the most famous computer centre trashing, that at Sir George Williams in Montreal. >How many of you have no idea where the machines you use are physically located In teaching first year, I always make a point of telling the students what the machine is, where it is, and telling them to have a look at it (through the glass). Reason: I want them to have a mental image of the machine, and to understand clearly that the terminal is not the computer. This is less important than it used to be, but it is still a good idea; many of our freshmen are still complete computer novices (though no longer the majority). Also, knowing the name, power, ability, etc., of many machines will be important for some of the students later on, if they become systems programmers or administrators. It's never too early to start learning that the old ones are Vaxes, the new ones are Suns, the 3/280 is about three times as powerful as the Vax, etc. \\\\ Graeme Hirst University of Toronto Computer Science Department //// utcsri!utai!gh / email@example.com / 416-978-8747
> > One of the greatest guarantees of privacy is anonymity. The Social Security number is a standard item on many forms where it has no business being. If you find yourself in a situation where they want to know it and they won't settle for not having it, it might be better to switch than fight .. make one up. Disclaimer: not recommended for interest-bearing accounts and other income-generators, or for giving blood. [...] I'm not sure about the current state of affairs here in the States, but about three years ago a fellow in Buffalo was being harassed by the Postal Service for setting up just such a service, where people could get a PO box under a pseudonym. Their excuse was the need to prevent mail fraud, which he said he would always co-operate in the investigation of. For every box the Postal Service wanted to see a real name and a real occupation. When mail pseudonyms are outlawed, only outlaws will have mail pseudonyms. P.S. I presume the Internet has a rule against anonymous messages.
The eight character limit may have been designed in, but direct mapping into DES keys is no feature. The average entropy of English is about one bit per letter over blocks of eight or more letters; so rather than 56 bits of equivocation the routine assuredly provides eight. Hashing long strings together using CBC or CFB message authentication techniques yields eight byte hex strings in which every last trace of equivocation is present in a 'random' looking pattern. Time for a change of password routines.
In RISKS 5.45 (Brent Chapman, Re: Civil Disobedience), several minimal computer physical security mechanisms were listed. Although it may be slightly dated, I have found the FIPS-PUB-31 (Guidelines For Automated Data Processing Physical Security and Risk Management,NBS,1974, 95 pp) to be a good basic reference for the issues needing consideration, including: security analysis, natural disasters, supporting utilities, system reliability, physical protection, internal controls, off-site facilities, contingency planning, security awareness, and internal audit. Of course, there are more recent texts dealing with the same topic, but this is one of the more complete ones I've seen that focuses on computer facilities, control and contingencies. It is axiomatic that organizations will supply only that security that is (a) affordable and (b) justifiable under the circumstances. Someone must take the responsibility to identify the various options available and evaluate the local risks, making a final recommendation to the top management. "This document contains statements of opinion by the author which are not attributable to BBN Communications Corporation or its management." Barry C. Nelson /Senior Systems Engineer / BBN Communications Corporation / 70 Fawcett Street, Cambridge, MA 02238
A very interesting fictional treatment of Civil Disobedience in a terminally automated society is to be found in John Brunner's novel "The Shockwave Rider" which has achieved the status of a minor classic in the science fiction world. Some very telling points are made, and the subject is explored in considerable depth. However, it also points up the fact that the distinction between CD and criminal activity is not so much a point of law, as the degree of fear/anger triggered in the targetted beureaucracy, which usually has sufficient dollars to overwhelm all but the most visible of protestants. Robert Stanley Cognos Incorporated S-mail: P.O. Box 9707 Voice: (613) 738-1440 (Research: there are 2!) 3755 Riverside Drive FAX: (613) 738-0002 Compuserve: 76174,3024 Ottawa, Ontario uucp: decvax!utzoo!dciem!nrcaer!cognos!roberts CANADA K1G 3Z4
Please report problems with the web pages to the maintainer