The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 6 Issue 82

Wednesday 11 May 1988

Contents

o Risks of Research Computing -- Don't ask computers for flavors
PGN
o Risks of Single Point Failures -- The Hinsdale Fire
Chuck Weinstock and Patrick A. Townson
o Phone system RISKS: Second-order effects
Joel Kirsh
o Program Trading Halted
PGN
o Law to Regulate VDT Use
Dave Curry
o Virus Prose
Vin McLellan and John Norstad
o Re: "Auftragstaktik"
Henry Spencer
o Risks of banking -- audio tellers
haynes
o Reliability of SDI-related equipment
Andy Behrens
o Info on RISKS (comp.risks)

Risks of Research Computing -- Don't ask computers for flavors

Peter G. Neumann <NEUMANN@csl.sri.com>
Wed 11 May 88 09:43:52-PDT
A three-alarm fire destroyed the research building at Dreyer's ice cream plant
in Oakland CA.  Computers and files were destroyed -- the entire collection of
"top-secret" formulas known only to the "flavor team" -- along with two
freezers full of ice cream.  The flavor team had recently been ``working
toward updating all our files and materials and getting backups of everything
-- computer disks, formulas, the whole works.  It would [soon] have been
stored in another building.''  (Don Conolly, director of R&D) The company had
whittled down the potential new flavors for 1989 (usually about 7 are chosen
each year) from 100 to about 25, but all of those complex formulas were lost.
[SFChron, 10 May 1988, p.A2]


Risks of Single Point Failures: The Hinsdale Fire [RISKS-6.81, Boyle]

Chuck Weinstock <weinstoc@SEI.CMU.EDU>
Wed, 11 May 88 10:23:10 EDT
This item points out the risks of not guarding against single point failures.
In my memory this is the worst example of this sort of thing in terms of how
much of the general public was affected.   Chuck

Excerpted from:

TELECOM Digest                           Tuesday, May 10, 1988 10:36PM
Volume 8, Issue 76

                            The Great Fire

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

From: Patrick_A_Townson@cup.portal.com
Subject: The Great Fire
Date: Mon May  9 23:19:29 1988

In my earlier posting, details were very sparce and I was unable to be
specific in describing the disaster which struck us here over the weekend.
I now have a more detailed accounting for the net --

An extra alarm fire broke out Sunday, May 8 at 5:30 PM in the Illinois Bell
Central Office, 120 North Lincoln Avenue, Hinsdale, Illinois. At the time
of the fire, the Chicago area, and the west suburbs in particular, were
experiencing a very bad electrical storm. There had been a great deal of
lightning; rain was quite heavy, and winds were about 40 miles per hour.

Fire Departments from 15 nearby communities battled the blaze before bringing
it under control at about 8:30 PM. The fire was officially struck at 11:30 PM
Sunday night. Deemed the worst disaster in the history of Illinois Bell, and
one of the worst disasters ever in the telephone industry, the fire virtually
gutted the two story building.

The Hinsdale central office is a *major* switching center for the west
suburban area. In addition to serving ten prefixes covering various
communities including Oak Brook, Westmont, Darien, Hinsdale and others,
the office housed the Directory Assistance Data Base for downstate Illinois;
it served as the communications apex for air traffic control between Ohare,
Midway, and the Aurora, IL aviation center; it was the headquarters for a
majority of the cellular phone service in the greater Chicago area; *and*
it handled long distance calls in and out of most of Dupage County, Will
County and southern Cook County.

        *And the office is now almost gutted*

The reason for the fire has not been detirmined, but fire department officials
have reason to believe the building was struck by a tremendous bolt of
lightning during the worst of the electrical storm which was in progress when
the first fire alarms were called in at 5:30 PM.

The fire caused another problem: the emission of toxic fumes which required
the evacuation of several blocks of homes in the vicinity. These fumes came
from batteries described as 'highly toxic' which were stored in the premises
and a large amount of fiber optic cable. The Hinsdale office was very much
a fiber optic center in the area.

Because of the toxic release, at one point firemen working in the building
had to be called out, in the interest of their own safety, and as firemen
relieved each other working inside in ten to fifteen minute shifts, they
were required to strip to their underwear and be hosed down with a special
solution so that the contamination would not be carried elsewhere.

After the fire was first reported, Illinois Bell employees on duty at the
time followed company procedures by first notifying the Fire Department.
Others then began fighting the fire, and a few began a process known as
an emergency telephone tree, calling other employees and company management
at home to notify them of the circumstances. Each employee thus notified
was responsible for calling a few more employees.

Within about an hour, while the fire was raging at its worst, several dozen
employees had already gathered on location, waiting for a go ahead to begin
clean up and restoration work.

   *But no one dreamed it would be nearly as bad as it was*

Although the fire was struck at 11:30 PM, fire officials would not permit
anyone to enter the building for several more hours, pending exhaustion of
the toxic fumes. Illinois Bell employees were allowed access to the building
beginning at 4:00 AM to survey the damage.

Most of Monday was spent merely bailing out the water and removing the
rubble from the fire. Emergency lighting was installed and cleaning crews
began scrubbing soot from the walls, ceilings and floors. The cleanup was
still in progress late Monday afternoon.

At this writing (12:50 AM Tuesday, May 10), Illinois Bell has not announced
any date that service will be restored. It is estimated that it will be
at least 4-5 days before *emergency* service is restored. Hinsdale, you
see, is also the main center for 911 services in over a dozen west suburban
communities.

Ordinarily in circumstances like this, the phone company will set up special
phones in public areas. They will often times be mobile or cellular type
instruments available for the public to use for emergency calls. But since
Hinsdale *is* the cellular center for Chicago, even this option is not
available.

When the first firemen arrived on the scene, heavy black smoke was pouring
out of all the windows on the first floor. By that time, employees were
evacuating after having given up on their own emergency proceedures.

What we are faced with now is a *major* traffic jam on the network in the
Chicago area. Long distance calls in and out of the area are very sluggish
in getting through. Directory Enquiry in downstate Illinois is only able
to handle about ten percent of the calls they are receiving, those being
requests that are being searched manually through paper directories on hand
in the communities affected.

Hinsdale was the major center for MCI/Sprint long distance also....and those
services are severely crippled in the area. Obviously, data transmission
lines and the like are dead.

About 40,000 subscribers, representing 100,000 residents are without phone
service for the indefinite future. In Hinsdale and the other communities
affected, the Police Departments have stationed patrol cars a few blocks
apart on the street, and residents have been told to go to the nearest
police car to report emergencies.

Illinois Bell has not announced -- as of Monday evening -- any schedule
of priorities for restoration of service. Jim Eibel, vice president of
operations for Illinois Bell said emergency phones would be set up within
a day or two, when crews were able to reroute at least limited traffic
through the LaGrange, IL center. Of equal importance of course is the
restoration of 911 service, and the restoration of long distance service.
Eibel said restoring service to the ten prefixes in the area, which would
return regular phone service to local residents would probably not occur
for 'several' days. Naturally, cellular service also has to be placed in
the table of priorities somewhere. About fifty percent of the cellular
service in the entire Chicago area is out right now due to the fire.

Other Bell companies around the nation have responded by dispatching
emergency crews to come to the aid of Illinois Bell, and these out of
town crews will remain on site for several weeks as needed. In addition,
while the fire was in progress, executives from MCI and Sprint met with
their counterparts from Illinois Bell on location and immediatly offered
their full assistance and cooperation during the period of turmoil we
will be facing for the next several weeks.

For up to the minute announcements during the next several days, it is
recommended that you call a special recorded announcement service for
company employees. Called the 'Illinois Bell Communicator', this recorded
announcement will be updated 4-5 times daily, and can be recieved by
dialing 312-368-8000, a number at IBT Chicago Headquarters Building.

It goes without saying on this forum that everyone is requested to
avoid making all but emergency calls into the Chicago west suburban area
for at least the next several days. And if your call is met with an
'all circuits busy' message, kindly refrain from repeated dialing attempts,
as this simply clogs the network even worse.

A further update will be posted here when I have news available.

The last fire to occur in a telephone center was in Manhattan a few years
ago. You may recall the resulting damage and confusion from that situation.
The last fire *in the Chicago area* occurred in the River Grove, IL central
office in 1946...then an all manual exchange. Unlike that fire, considered
bad at the time, the fire in Hinsdale this past weekend was many times worse,
since Hinsdale is responsible not only for its local calling area but so
many of the overall network services for the Chicago area.

Patrick Townson


Phone system RISKS: Second-order effects

Joel Kirsh <KIRSH@NUACC.ACNS.NWU.Edu>
Tue, 10 May 88 09:36 CDT
[...]  It appears (to me, at least) that ATC never expected that a fire in a
switching center could compromise their operations.  Another point is that
efforts to fight the blaze were slowed by toxic fumes from burning insulation.
Perhaps Illinois Bell never expected the fire, either.  [...]


Program Trading Halted

Peter G. Neumann <NEUMANN@csl.sri.com>
Wed 11 May 88 09:46:49-PDT
In a move intended to restore investor confidence in the stock market, five
large Wall Street firms announced yesterday that they had suspended program
trading for their own accounts.  The action came in the wake of intense
pressure from customers and other member firms who blamed the controversial
practice for many of the recent sharp swings in prices since the stock market
collapse last October.  Four of the firms will continue to execute such trades
for their customers, however.  [SFChron, 11 May 1988, p.C1]


Law to Regulate VDT Use

Dave Curry <davy@intrepid.ecn.purdue.edu>
Wed, 11 May 88 09:21:57 EST
MEASURE REGULATES VDT USE

  HAUPPAUGE, N.Y. - A measure regulating the use of computer terminals in the
workplace was passed Tuesday by the county legislative body.
  Described as the first of its kind in the nation, the bill will set
standards for public and private employers in firms that have more than 20
video display terminals.
  Legislator John Foley, the bill's sponsor, said the legislation would
prevent "high-tech sweatshops."  Opponents said it could drive business from
Suffolk County.
  The bill:
  + Requires a 15-minute break every three hours for employees who work at
    the terminals;
  + Will set work station standards, including adjustable desks and chairs
    and detachable video screens; and
  + Mandates that companies pay 80 percent of the cost of annual eye exams
    and eyewear required for an operator.
  A workplace experts [sic] said the bill would serve as a model for other
municipalities or states.
  "Whether this bill will result in legislation elsewhere is unclear, but
it'll rejuvenate a lot of campaigns for VDT standards around the country,"
expert Laura Stock said.
  Companies that would be affected said implementation of the law would be
costly, placing them at a competitive disadvantage in the marketplace.
                        - Associated Press

From the Lafayette (IN) Journal & Courier, May 11, 1988, page 1.   --Dave Curry

                             [Among other issues, RISKS-1.6, 1.7, 2.2, 3.9 and
                             4.40 have previously considered VDT safety.  PGN]


Virus Prose

"Vin McLellan" <SIDNEY.G.VIN%OZ.AI.MIT.EDU@XX.LCS.MIT.EDU>
Wed 11 May 88 01:01:45-EDT
   Ken van Wyk's crisp clear description of the "Lehigh" virus 
in a report to RISKS provided a text outlining a simple DOS virus 
which became a common reference in both professional and public 
discussions of the problem.

   Norstad's explorations into the mysteries of the "Scores" 
virus on the Macintosh have tended to illustrate how complicated 
(even relatively benign) PC viruses can be. He and his associates
have educated a huge community of academics who supervise and guide
student and faculty Mac users; giving an earthy and technical 
overview of the threat, the risk, and options for survival. It has
been a striking display of networked education... or was it medicine?
Another Norstad report, an example of his followup, follows.

    Vin McLellan, The Privacy Guild, Boston
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As relayed from:

INFO-MAC Digest         Wednesday, 4 May 1988      Volume 6 : Issue 46
<INFO-MAC@SUMEX-AIM.Stanford.EDU>

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Date: Mon, 2 May 88 09:52 CDT
From: John Norstad <JLN%nuacc.acns.nwu.edu@forsythe.stanford.edu>
Subject: Scores Virus Report 3

This is my third report on the Scores virus.  In my first report I
revealed what Scores did, how to detect it, and how to get rid of
it by hand using ResEdit.  In my second report I reviewed Ferret
1.0 and KillScores, two free disinfectant programs that have
appeared to get rid of Scores.  In this report I describe further
testing of Ferret 1.0, the new Ferret 1.1, and KillScores.

IMPORTANT:  Ferret 1.1 has very serious bugs!  Based on my tests I
recommend using KillScores instead.

1. Ferret 1.1 does NOT properly delete one of the viral resources
in the system file (INIT 17), at least on my small infected test
system!  I found this unbelievable, so I reran my test several
times, and it failed each time.  Ferret 1.0 does not have this
problem.

2. Ferret 1.1 does NOT properly disinfect files which contain CODE
resources marked "protected".  Some applications are distributed
with protected CODE resources, and Scores can infect them, so this
is another important bug.  Ferret 1.0 also has this bug.  In this
case the supposedly repaired application is left in a seriously
damaged state - it will bomb immediately on launch.

3. Ferret 1.1 does NOT properly disinfect locked files.  This is an
important bug, even though Scores can't infect locked files.  The
file could have been unlocked when it became infected, and then the
user could have locked it later.  Ferret 1.0 also has this bug.
I'd like to thank Rich Holmes for first pointing out this bug.

4. Ferret 1.1 still does NOT always properly report the names of
infected files.  Ferret 1.0 also has this bug.

To make things even worse, Ferret does not give the user any
indication that anything is wrong.  It leaves the user with the
impression that his/her system is clean, when in fact it's still at
least partially infected.

I also did further testing of KillScores.  KillScores had no
problems with the cases above where Ferret failed - it properly
disinfected all the files on my test system.  In the case of locked
files KillScores unlocks the file, disinfects it, and leaves it
unlocked.

In my second report I mentioned that CE Software's Vaccine
effectively prevents infection by Scores, at least on my test
system.  If you are at all worried about viruses, and you should
be, I strongly recommend that you get Vaccine and use it
religiously.  CE Software deserves all of our thanks for developing
and giving away this important tool.  It's not perfect protection,
as the authors freely admit in the documentation, but it is
effective against Scores, and I understand that it's also effective
against most of the other recent Mac viruses.

Once again, I must emphasize that I do not have the facilities or
time to do large scale testing of many infected applications.  All
of my testing is done on a small floppy-only system, with only
MacWrite, TeachText, and ResEdit for infected applications.  So I
can't guarantee that KillScores or any other program is perfect, or
that I haven't made mistakes in these reports.

Also, I should probably mention that all of my statements in all of
my reports reflect my opinions only, and not those of my employer,
Northwestern University.

John Norstad, Academic Computing and Network Services, Northwestern University
Evanston, IL 60208    Bitnet:   JLN@NUACC     Internet: JLN@NUACC.ACNS.NWU.EDU


Re: "Auftragstaktik"

<mnetor!utzoo!henry@uunet.UU.NET>
Wed, 11 May 88 00:04:54 EDT
I agree with most of Gary Chapman's comments, but must correct one error
of fact:  Auftragstaktik was not a World War I invention.  It became formal
doctrine in the 1870s, after the Franco-Prussian War, and had been employed
earlier in the Seven Weeks' War (1866).  A possible reason for the error is
that there were *two* famous German generals named Moltke:  the originator
of Auftragstaktik, and his nephew, the less-successful WWI commander.  The
quote I gave was from the elder Moltke, who died in 1891.

Ironically, the well-known WWII successes of Auftragstaktik came after it
was already in decline, because of Hitler's intolerance for disobedience.
Guderian spent most of the Battle of France making excuses for (and
bending the truth about) how far his units were advancing.

Henry Spencer @ U of Toronto Zoology  {ihnp4,decvax,uunet!mnetor}!utzoo!henry


Risks of banking -- audio tellers (Re: RISKS-6.81, (Daniel P Faigin)

99700000 <haynes@ucscc.UCSC.EDU>
Tue, 10 May 88 18:46:16 PDT
I had a similar experience with a commercial system for telephone transfers
between banks some years ago.  I keyed in all the data in response to the
computer voice prompts. At the end it should have said "Data accepted.
Goodbye."  Instead it said "System error. Session terminated."  So I waited a
few hours and tried again with the same results, and tried again the next day
with the same results, having called the help number and been advised by a real
live person to try again.  A few days later I got a call from the bank
complaining that the account I was transferring out of was grossly overdrawn
and what's going on anyway?  So it turns out that the transactions had in fact
gone through before the point where the voice announced an error; and the error
didn't undo the transaction.  Clearly a very bad example of how to write
software.

haynes@ucscc.ucsc.edu   haynes@ucscc.bitnet   ...ucbvax!ucscc!haynes


Reliability of SDI-related equipment [More on RISKS-6.81, Chapman]

Andy Behrens <burcoat!andyb@dartvax.Dartmouth.EDU>
Sat, 7 May 88 18:08:53 EDT
Syndicated columnist Mary McGrory describes what happened when the U.S. House
of Representatives considered an amendment by Reps. Dellums and Boxer.  The
amendment would have reduced SDI funding to the "basic research" level -- only
$1.3 billion.

"The electronic scoreboards on the wall were busy recording the huge numbers of
those in favor of more voodoo in outer space, when all of a sudden they went
wild and starting flashing a sensational victory for Dellums.

"Members gathered around Dellums' elegant figure and congratulated him noisily
as the numbers piled up.  At one point the score for Dellums was 358 to 237,
and the fail-safe technology showed a total of 595 members -- 100 more than
exist.

"There was wild laughter about the wonders of science.  The heretics hailed the
vivid proof that software can go soft and the timely hint that a wayward
microchip could bring Star Wars crashing down.

"The presiding officer announced that the roll would be called in the old way,
by hand.  The laborious reading began, and the hilarity increased.  But the
result was what it was always going to be: 118 in favor of [the amendment], 299
for pressing on amid the wars."
                    Andy Behrens        andyb@burlcoat.UUCP

Please report problems with the web pages to the maintainer

Top