Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This is how the Airbus crash in France was reported on the front page of the Guardian. Unfortunately it is rather short on facts but no doubt these will follow. From The Guardian, June 27 1988 (copied without permission). by Paul Webster, Michael Smith, Peter Murtagh. At least four people were killed and at least 30 more unaccounted for last night after a European Airbus using a controversial computer controlled flying system crashed into a forest during a demonstration flight at an airshow in eastern France. British Airways and Air France suspended further flights of the plane, the A-320 which is Europe's most advanced passenger aircraft and is built by a French, British, West German and Spanish consortium. British Airways has had two A-320s in service since the spring and orders for a further eight. The future of the aircraft, in which British Aerospace has a 20 per cent stake worth 450 million pounds, and builds the wings and tailpiece, will be placed in doubt after yesterday afternoon's crash, the first disaster to hit the new generation of European Airbuses. The plane, carrying 127 guests, airshow joyriders and journalists, was flying low over the small airport at Habsheim, about 10 kilometres from Mulhouse in southern Alsace when the pilot let down the undercarriage and made two passes over the local aeroclub buildings. As he turned the plane the wheels caught the tops of the pine trees and plunged into the forest. It burst into flames shortly afterwards but many of those on board appeared to have escaped. Reports of people trapped inside could not be confirmed but the French authorities said that about 100 passenegers had been injured, two of them seriously. A policeman among the first on the scene said "The plane did not go into a nose-dive. It belly flopped onto the trees." The pilot who had minor head injuries, told a rescuer: "I tried to accelerate but the plane did not respond." A photographer among the passengers said the aircraft was turning when there was "a noise as if we were travelling along a bumpy road". He saw the tops of the trees and the plane caught fire near the cockpit when it came to a standstill. He said: "There was no panic and I only saw one woman passenger who seemed seriously hurt. She was quite badly burned," he added. The narrow bodied plane, designed for short to medium-range flight, went into service only last Thursday with Air Inter, the internal French airline, where pilots have been protesting for more than three years about its safety. In spite of warnings that the plane's two-man cockpit, without room for a flight engineer, was potentially dangerous, 21 airlines have ordered 522 of the planes. The crash could not have come at a worse time for the Aitbus whose reputation has been built on an impressive safety record since its first model went into production 18 years ago. The A-320 is the first civilian aircraft to use a computer-controlled flying system known as "fly-by-wire". This replaces the conventional stick and rudder control with three computers and miles of electronic cables, leaving the pilot with a "sidestick" like the control arm on a video game. The pilot uses it to direct the computers but they direct most of the instruments. However, if the pilot makes an error or unreasonable demands on the engine, the computer can over-rule his command. Last night Professor Bev Littlewood, of the software engineering department at the City of London University, questioned the system's safety. He said: "We have gone so far along the rocky road of computer control, it is now hard to ask fundamental questions about critical safety areas." Last year, the A-320 system was criticised by Mr Brian Perry, head of Avionics and Electrical Systems for the Civil Aviation Authority. He said: "It's true we are unable to establish a fully verifiable level that the A-320 software has no errors. It's not satisfactory but it's a fact of life". An Airbus spokesman said: "Airbus planes have flown over 5 million hours. In all cases the aircraft was not to blame". There have been three crashes involving Airbuses but none had caused casualties, he said.
This is forwarded from Robert L Park's "What's New" in the physics group, dated 24 June 88: 3. RESTRICTIONS ON ACCESS TO UNCLASSIFIED DOE TECHNICAL REPORTS came to light when the DOE's Office of Science and Technology Information offered "some limited reports" to university libraries if they would agree to grant access only to government agencies and principal investigators on DOE contracts. Most libraries refused on principle, but they wanted to know what they weren't getting. In response to a Freedom of Information request from the National Security Archive, however, DOE refused even to provide a list of titles, claiming the information was stored in a computer and thus could be retrieved only by writing a new program! The Office of Hearings and Appeals last week overruled DOE, pointing out that agencies would otherwise be allowed to conceal information simply by putting it in computerized form. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720
I recently applied for a job that would require a security (Q) clearance.
I was handed a form for "pre-employment screening" that any job offer
would be contingent upon. I was surprised by the invasiveness of the
form I was being asked to sign:
"I hereby authorize the [employer] and its agents to inspect, copy or
photostat any or all documents pertaining to my financial records, my
education records, my personal references, my employment records, and
local law enforcement records as they pertain to me. `Documents' shall
be construed in its broadest sense including any original, reproduction,
or copy of any kind of written, printed, recorded, documentary material
(or drafts thereof), or graphic matter regardless of the medium on which
it is produced, reproduced, or stored, including, but not limited to,
correspondence, memoranda, inter or intra-office communications, notes,
diaries, calendars, contract documents, publications, calculations,
estimates, vouchers, minutes of meetings, invoices, reports, studies,
computer tapes, computer cards, photographs, negatives, slides, dictation
belts, voice tapes, telegrams, notes of telephone conversations, and notes
of any oral communications."
Note that there is no time limit on this authorization, and that this
is merely pre-employment screening, not yet an application for a clearance.
Have all of you folks with clearances agreed to something similar? Is
national security incompatible with the personal privacy of those who
are aware of security matters?
Larry Hunter, hunter@yale.edu
The Israel Broadcasting Authority is a semi-independed agency, funded in
part by a tax on radio and TV sets (called, for historical reasons, 'TV
license fee'). Anyone owning a TV or renting one should inform the IBA
of this fact, so they know where to send the bill. Naturally, many
people evade the tax by not informing the IBA when they move.
This week, the IBA used a computerized database to send all people older
than 26 and listed as living with their parents, letters informing them
that the law requires that any change of address be reported to the IBA.
The assumption is that most of these people no longer live with their
parents, have their own untaxed TV sets, and that their parents will
forward the message. I don't know what database they have used, since I
also got such a letter, but have not been living with my parents for
years.
Amos Shapir
National Semiconductor (Israel), 6 Maskit st. P.O.B. 3007, Herzlia 46104,
Israel Tel. +972 52 522261 amos%taux01@nsc.com
Try typing 'kill 1' when you really mean 'kill %1'. Douglas Krause, University of California, Irvine
In response to Jerry Harper's troubles with a VAR, I have had (am currently having) a similar problem. I bought a XT clone for my home use from a "reliable" VAR. It came with a 1 year warranty. About 4 months after I bought it, it started making horrible noises. I opened it up and it was the fan on the power supply(PS) that was making the noise. I called my VAR and was told to return either the whole unit and they would replace the PS or just bring in the PS and get a new one. So I removed the PS and took it in for replacement. The owner was not there at the time and an employee exchanged it for me. I made the mistake of not getting a receipt showing the serial numbers of both power supplies (the bad one and the replacement). About a week later I got a call from the owner claiming that I had foisted a bogus PS off on him. He was quite irate, claiming he had never ever carried the brand of PS I had returned and wanted me to pay him $60 for the replacement. I copied my original receipt (with the PS serial number) and sent him a copy, but he claims it doesn't match the one I returned and still demands $60. Meanwhile, the replacement PS developed the same fan problem as the original and had to be replaced. I took it in and he replaced it, but is still irate and wants $60. I told him to send me a bill, and as soon I get the bill that I would file in small claims court and we could let the Judge sort it all out and decide how much if any I owed him. I have not yet gotten the bill. The point is, when you buy something as complex as a computer, make sure you get a receipt signed by the VAR specifying ALL the serial numbers of ALL the components and verify that the list is correct. Then, if you should have to take it back for warranty repair, make sure you get a receipt for any swapouts indicating BOTH the serial number of the new unit AND the serial number of the bad unit. Hal Norman - Disclaimer: These are my personal opinions and are NOT to be construed as those of my employer.
In RISKS 7.9 dcatla!mclek@gatech.edu (Larry E. Kollar) writes: > The ATMs around Atlanta always give you a receipt, whether or not ... In California, Security Pacific's ATMs (part of the STAR System) issue a message that the machine is out of receipts, and ask if you want to proceed. You can still make transactions, but as we have seen, there is a higher degree of risk. Many ATM transactions don't generate a receipt. Account balances, for example, are displayed only on the electronic display and no receipt is given. There is no way that receipts can cover all contingencies. A machine that will not operate if it is out of receipts reduces the magnitude of the problem, but what happens when the receipt producing mechanism fails, either by the print mechanism, feed mechanism, or receipt quantity sensor failing? A good design should try to minimize abnormal transaction termination, but it must also have provisions for unanticipated failure modes to be handled gracefully — soft failures instead of hard failures. Audit trails sometimes get screwed up, too. It seems that in order for all parties to get maximal protection from errors, there should be multiple independent levels of redundancy and record keeping. Independent video tapes of the customer AND display screens would provide a mechanism for resolving discrepancies, but I know of no systems that use this technique. Many ATMs look like they have cameras to monitor customer (ab)use, but often it's just a dummy camera to discourage vandalism. Even telephone systems to report problems won't catch everything. Failed transactions may not make it clear that a problem needing correction occurred, so there would be reason to report it. We're a long way from making automated systems foolproof. Thus we must monitor such systems and not let the service providers call all the shots.
As a member of the National Computer Security Center, I am asking for direct contributions of reports on malicious software. Please report computer viruses, trojan horses, or other forms of offensive software. I and the Center will use this information to track attacks, gain an understanding of system vulnerabilities, and develop defenses. Please send your reports to: SOFTWARE @ DOCKMASTER.ARPA. Joseph P.S. If the information is proprietary or not-to-be-shared, please indicate on the report. The NCSC shares some information with NBS. I will try to release summaries or abstracts to RISKS (of the non proprietary/secret variety); although it may formally come through NBS.
Please report problems with the web pages to the maintainer