The RISKS Digest
Volume 6 Issue 26

Saturday, 13th February 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Trojan horsing around with bank statements
o Star Wars Test
Reid Simmons
o Last-clasp credit cards
Carolyn M. Kotlas
o "Inmate gets into computer files"; computer porn
Prentiss Riddle
o Safe Programming Languages
Martyn Thomas
o Viruses and Virtual Memory
Dave Tweed
o Software-based Mugging — RISKS of Dragon Quest
John Elemans via Kevin Kelly
o Info on RISKS (comp.risks)

Trojan horsing around with bank statements

Peter G. Neumann <Neumann@KL.SRI.COM>
Sat 13 Feb 88 18:04:02-PST
My Wells Fargo EquityLine statement of 2 Feb 88 had the following message
at the bottom:


It took until 11 Feb for Wells Fago to send out the following letter:

  I wish to extend my personal apology for a message printed on your
  EquityLine statement dated February 2, 1988.

  This message was not a legitimate one.  It was developed as part of
  a test program by a staff member, whose sense of humor was somewhat
  misplaced, and it was inadvertently inserted in that day's statement
  mailing.  The message in no way conveys the opinion of Wells Fargo
  Bank or its employees.  You may be assured that the financial 
  information on the statement was correct, and the confidentiality of
  your individual account information has been maintained. [...]

  [James G. Jones, Executive Vice President, South Bay Service Center]

Star Wars Test

Sat, 13 Feb 1988 18:08 EST
Item in The Boston Globe, 2/13/88 (from the Associated Press)

         Tracking test fails in 'star wars' satellite flight

A satellite launched last week to test elements of the proposed "star
wars" antimissile shield failed in a tracking exercise when an optical 
sensor gave false data to two onboard computers...

Col. John Otten of the Air Force... said an optical sensor on a satellite
gave flawed data when it tried to track target objects that were beyond
its range.

Otten said the sensor data went into the computers, causing them to 
respond inappropriately.  He said the flaw was detected within an hour
and that the computers were told to ignore the data. This corrected the
problem. [! more likely, it just masked the symptoms]

Some of the test data on the system disappeared because of the problem,
but Otten said the loss was minor because the tracking exercise was a
secondary objective. "In the fundamental mission, we succeeded," he said.

The satellite, Delta 181,... spent 12 hours conducting a series of tests
to gather data needed to refine the "star wars" antimissile system.
Last week, the program manager...called the flight "a very successful mission."
However, Aviation Week and Space Technology, in a story prepared for 
Monday [2/15/88] publication, said the satellite was unable to complete
"battle management fire control computations."

The magazine said the computers were responsible for the problem, but Otten
said the flaw actually was caused by the optical sensor attempting to lock
onto an object beyond its range.  Otten said the problem developed when the
optical sensor located an object, looked away, and then tried to relocate
the original object.  By then, the target had moved beyond the range of the

[There is no indication in the article what the "primary mission" was, or
how "success" was determined, considering the number of things that
apparently went wrong.]

Reid Simmons, MIT AI Lab

Last-clasp credit cards (Re: RISKS-6.25)

Carolyn M. Kotlas <ecsvax!>
Fri, 12 Feb 88 08:13:45 est
       "Collidal goo considered harmful" (Jon Jacky)

[PGN's annotation notes that credit-card magnetic stripes may be affected by
magnetized clasps, which are increasingly being found on] snap-closure purses
and wallets.  I personally had 2 credit cards' codes scrambled for apparently
no reason.  Quite accidentally, I noticed that the magnetic snap on my handbag
was powerful enough to attract and lift a heavy pair of scissors.  If it was
that strong, it probably had no problem affecting the credit card inside which
was in a thin nylon case.  After I switched to handbags without these snaps, I
never had a problem again.  The handbag manufacturers seem to think that these
snaps are so convenient that they are putting them on more and more bags, so it
is almost impossible to find non-magnetized snaps on handbags.  I would be
curious to know how many of the handbags cited in the article, besides being
made of eelskin also had snap closures.

Carolyn Kotlas    (kotlas@ecsvax.UUCP  or  kotlas@ecsvax.BITNET)
UNC-Educational Computing Service   P. O. Box 12035      2 Davis Drive
Research Triangle Park, NC  27709   State Courier #315   919/549-0671

                       [She who clasps last clasps best.  If it changes the
                       credit-card hologram, you are an iconoclasp.  PGN]

"Inmate gets into computer files"; computer porn

Prentiss Riddle <woton!>
11 Feb 88 21:04:02 GMT
"PARCHMAN, Miss. (AP) — An inmate serving a 30-year term has been
accused of tampering with computer records at the State Penitentiary,
allowing him to sell about 100,000 pounds of prison cotton and possibly
try to obtain an early release.  Corrections Commissioner Gene Scroggy
said Monday the inmate had worked as a clerk at the penitentiary's
prison industries program and was given his own computer and access to
the institution's entire computer system."

Also recently seen in my local paper was a wire service report on computer
pornography, which lumped together dirty joke files, girly graphics,
sexually oriented computer games and BBS systems catering to pedophiles.
The tone of the article was pitched at scaring parents about what their kids
might be getting into with their PCs.  (I wish I'd clipped a copy, but I
thought sure some RISKS reader would beat me to it.)

Prentiss Riddle riddle@woton.UUCP  {ihnp4,harvard}!ut-sally!im4u!woton!riddle
Opinions expressed are not necessarily those of my employer.

Safe Programming Languages

Martyn Thomas <mcvax!praxis!mct@uunet.UU.NET>
Wed, 10 Feb 88 17:37:27 BST
There is a (draft) definition of a language that is designed to make it
harder to write incorrect programs.

The language (defined in terms of its abstract syntax tree, to facilitate
program transformation in the language), is called NewSpeak, and is the work
of Ian Currie, at the Royal Signals and Radar Establishment, MoD, UK.  It is
an "unexceptional language" - programs cannot loop infinitely, run out of
store at runtime, or cause address errors or numeric overflow.  Where the
compiler cannot deduce the safety of an operation, the programmer is
required to supply a checkable assertion.

The language is designed for safety-critical applications, and the ideal
hardware target is VIPER (RSRE's formally-proven 32-bit microprocessor).

A design rationale is in "Orwellian programming in safety-critical systems",
Proc IFIP working conference on System Implementation Languages, experience
and assessment.  University of Kent at Canterbury, 1984.

Further details may be available from Ian Currie at RSRE, St Andrews Rd, Gt
Malvern, Worcs  WR14 3PS, UK.

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:   ...!uunet!mcvax!ukc!praxis!mct 

Viruses and Virtual Memory

Thu, 11 Feb 88 09:09:38 EST
   All of this discussion (panic?) about viruses in the PC world makes me
wonder all the more why users aren't more interested in virtual memory
systems with hardware protection. In a properly designed system (hardware +
O/S) it's impossible for a user-level application to corrupt system code
(subvert interrupt vectors, etc.)

   It's generally accepted that you need physical access to such
a system in order to corrupt it. Software distribution by networks
or removable media can't do it. You would have to replace system
files *and then reboot* (physical access).

   This, along with the other benefits of virtual memory (larger address
space, easier multitasking, easier porting of software from "real" systems),
would seem to me to push towards having it.  The hardware is there for both
Intel and Motorola processors.  Yet, OS/2 doesn't have it. Some UNIX
look-alikes don't even have it. Why not?
                                             Dave Tweed, Apollo Computer, Inc.

Software-based Mugging — RISKS of Dragon Quest (lightly edited)

Kevin Kelly <well!>
13 Feb 88 03:58:17 GMT
[From the Information Conference on the WELL that Kevin cohosts with Howard
Rheingold. John posts from Tokyo.  This is the first software mugging I've
heard of, so thought you might be interested.]

Topic  40:  The public image of software
From: John Elemans (sungja)      Wed, Feb 10, '88  [several messages]

NHK, Japan's national broadcasting company, today reported that at one store
alone 10,000 people lined up today to buy a newly released *program*. People
began lining up the yesterday, Feb 9, to pick up the first copies of "Dragon
Quest III", the latest installment in a serial adventure program for
Nintendo computers. The newscast also reported that educational authorities
were shocked to find many students skipping classes in order to get the
program as soon as possible. Police warned 300 students against skipping

Estimated first day sales for Dragon Quest III are 1,000,000 ROM cartridges.
The first day price was 4,130 Yen, at 129 Yen/US$ that is a first day retail
sale of 32,000,000 US$! One commentator called it "softo-fever".  [...]

The Japan Times (Wednesday, Feb 10, 1988) reported that 289 students were not
warned by police against skipping classes, but actually "taken into custody".

Also, at least one software-mugging was reported. A 14-year old told police
he was knocked off of his bike by three older boys who took his "Dragon
Quest III" and rode off on their bikes!

Please report problems with the web pages to the maintainer