The RISKS Digest
Volume 7 Issue 13

Friday, 1st July 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o "Scratch-and-win"? Try "X-ray-and-win"!
o SDIO computers stolen
o Did DWIM DWYW (Do what you wanted)?
Stephen D. Crocker
o Directions and Implications of Advanced Computing - DIAC-88
Douglas Schuler
o Grocery Store Barcodes: Another game you don't win
David A. Pearlman
o ATM "receipts"
Mark Brader
o Re: Risks of bank ATM cards
Dan Franklin
o Risks of ATMs and the people who unload them
Rob Austein
o More problems with VARs
Joe Morris
o Re: Hard-disk risks from vendors
George Pajari
o Info on RISKS (comp.risks)

"Scratch-and-win"? Try "X-ray-and-win"!

Peter G. Neumann <>
Fri 1 Jul 88 07:53:07-PDT
The Ontario Lottery Corp in Canada has removed all Money Match and Double
Dollar tickets from sales (about $8M Canadian [per week?]) because tests have
shown that the numbers under the latex patches on the $2 tickets could be read
with 100% accuracy using x-ray equipment — albeit at some expense.  Lottery
Corp's president Norman Morris said, "There's always somebody working to beat
the system, and we're constantly working against them to improve the system."
He added that the withdrawn tickets were much better than those made five or
six years ago [but still not good enough!].  [Source: The Globe and Mail, 15
June 1988, front page article by Mary Gooderham]

This is another example of the continual escalation resulting from more
sophisticated attacks responding to more sophisticated technology.  Past RISKS
cases have included microprocessor-controlled slot machines, computer system
breakins, internal frauds, and of course — over many years — phone phreaking.

SDIO computers stolen [old story not previously noted here]

Peter G. Neumann <>
Fri 1 Jul 88 07:32:02-PDT
Two computers were stolen from the Pentagon's Strategic Defense Initiative
Office on consecutive nights (9 and 10 April 1988).  The thieves entered by
sabotaging the (physical) security system.  "Videotape cameras did not record
the theft because they had not been loaded," according to TV station WJLA.
"The station, attributing its information to unidentified Pentagon
investigators, said this lapse was a common one at the agency's offices."
[Source: AP, Washington DC, 24 June, in NY Times, 26 June 1988, p. 18, on the
same page with "Bishops Raise Morality Issue on `Star Wars'"...]

    [One wonders whether the motive was theft of stored information,
    or merely theft of the equipment for its own sake!]

Did DWIM DWYW (Do what you wanted)?

Stephen D. Crocker <>
Thu, 30 Jun 88 21:10:57 PDT
In RISKS-7.12, Tim Budd relays a story about the Do What I Mean (DWIM) facility
in Interlisp.  For example, if "CAR" was misspelled "car", the Interlisp
interpreter would trap to the DWIM facility, which would notice a probable case
error, make a replacement and proceed.  This facility took a lot of time if it
was called repeatedly.  Budd says the DWIM facility did not say what it was
doing, so the poor user did not know why his program was running so slowly.

The true story about DWIM is more complex.  MANY others, including, of course,
the designer Warren Teitelman, can comment usefully on DWIM.  Let me outline
a few of the important points.

o DWIM was a collection of facilities, some intended to fix errors and some
  intended to facilitate programming.  Various forms of spelling correction
  were included, as were numerous other useful error correctors.  Each of
  these facilities could be turned on or off, and various levels of feedback
  were possible.  It was certainly possible to disable all DWIM facilities,
  and it was certainly possible to insist that the user be notified and/or
  queried before making any corrections.

o DWIM was fundamentally an experimental system that enjoyed quite extensive
  use.  No strong claims were made that DWIM was fail-safe, although it was
  well thought out and as solid as any production code I've ever dealt with.

o DWIM was COMPLETELY documented.  A relatively large fraction of the daunting
  Interlisp manual was devoted to the DWIM system.

Some risks are endemic in any such system:

o If a new user is given access to Interlisp with DWIM enabled, he may not
  know how it will operate or what it will do for him.  It was not uncommon
  for a novice user to be set up with an environment that reflected the
  preferences and KNOWLEDGE of an experienced user.

o The amount of documentation was daunting.  Very few users could absorb
  the documentation at first exposure.

o DWIM relied on various models of probable errors.  Case errors are easy
  to understand, but some others were more subtle.  DWIM would attempt
  to correct parenthesization errors by checking for stray 9's and 0's.
  If DWIM's model of probable errors did not match the user's actual error
  pattern, the results would range from wasting time to miscorrection.

DWIM stimulated strong feelings, both pro and con, in the Lisp community.
As might be guessed, I liked it a lot, particularly because it represented
the most complete collection of ideas on program error detection and
correction and hence was a living laboratory.  People who attempted to do
research in this area and who did not have exposure to Interlisp had no
idea what they were missing, and I saw some number of PhD dissertations
completely wasted on poor imitations.  What I never saw, however, was
a serious study of how to introduce such facilities to new users and control
the facilities in a way that would minimize the risks.

Directions and Implications of Advanced Computing - DIAC-88

Douglas Schuler <bcsaic!>
30 Jun 88 18:48:08 GMT

             DIAC-88   Twin Cities, Minnesota   August 21, 1988

      Earle Browne Continuing Education Center, University of Minnesota

Computing technology in public and  private  institutions  poses  challenging
technical,  political,  and social dilemmas. Programmers, analysts, students,
and professors will face these dilemmas, either actively or unwittingly. Both
within  the  computing  profession  and  in the relation of our profession to
other institutions, we have much to consider.

The second annual  symposium  on  Directions  and  Implications  of  Advanced
Computing will be held at the University of Minnesota campus on Sunday August
21, 1988, the day before the American Association for Artificial Intelligence
(AAAI) conference.

Douglas Engelbart, the DIAC-88 plenary speaker, will share his perspective on
using  the  computer  to  address  global  problems.   Since the late 1950's,
Engelbart has worked with systems that augment the human intellect  including
his  NLS/Augment  system,  a  hypertext system that pioneered "windows" and a
"mouse."  The driving force behind Engelbart's professional career  has  been
his  recognition  of  social  impacts  of  computing technology.  The plenary
session  will  be followed by presentations of research papers  and  a  panel  
discussion.  The panel, John Ladd (Brown University), Deborah Johnson  (Rens-
salaer Polytechnic), Claire McInerney (College of St. Catherine)  and  Glenda  
Eoyang (Excel  Instruction)  will address  the question, "How  Should Ethical 
Values be Imparted  and  Sustained in the Computing Community?"

                 Presented Papers

  Computer Literacy: A Study of Primary and Secondary Schools, Ronni 

  Dependence Upon  Expert  Systems:   The  Dangers  of  the  Computer  as  
    an Intellectual Crutch, Jo Ann Oravec

  Computerized Voting, Eric Nilsson

  Computerization and Women's Knowledge, Lucy Suchman and Brigitte Jordan

  Some Prospects for Computer Aided Negotiation, Douglas Schuler

  Computer Accessibility for Disabled Workers: It's the Law (invited paper)
    Richard E. Ladner

Send symposium registration to: DIAC-88, CPSR/Los Angeles,  P.O.   Box  66038
Los  Angeles,  CA   90066-0038.   Enclose  check payable to CPSR/DIAC-88 with
registration.  For additional information, call David Pogoff, 612-933-6431.

  NAME ___________________________________________________
  ADDRESS _________________________________________________
  Phone (home) _____________________ (work) ______________________

  Please check one:
  Symposium Registration           Regular             O $50
  (Includes Proceedings and Lunch) CPSR Member         O $35
                                   Student/Low Income  O $25

  I cannot attend, but want the symposium proceedings  O $15

There  will  a  reception  following  the  symposium.   Proceedings  will  be
distributed  to  registrants  at  the  symposium.  Non-attendees will receive
proceedings by October 15, 1988.

    Doug Schuler     (206) 865-3226

Grocery Store Barcodes: Another game you don't win

David A. Pearlman <dap@cgl.ucsf.EDU>
Mon, 27 Jun 88 17:01:28 PDT
All this talk about how ATM's don't make mistakes in the customer's
favor reminds me of one of my pet peeves: When the price on the food
shelf is not the same as the price scanned at the cash register.

It seems I run into this problem at least once a month at Safeway (and
I've had this problem every *week* for the last month). When I catch
it, the store will correct the mistake for me, but they don't offer
any other sort of fix (no additional discount; no free goods). What
this means is that a lot of people (who don't pay any attention) get
ripped off. Those, like me, who pay attention, get the goods at the
shelf price. Quite a good deal for the store, I'd say.

David A. (DAP) Pearlman   BITNET: dap@ucsfcgl.BITNET   UUCP: ucbvax!ucsfcgl!dap

ATM "receipts"

Mark Brader <>
Mon, 27 Jun 88 10:13:29 EDT
> From: dcatla! (Larry E. Kollar)
> The ATMs around Atlanta always give you a receipt, whether or not your
> request went through.

I'd be very surprised if there are any ATMs anywhere that give a *receipt*
for a deposit transaction.  The ones I use are careful to refer to it as a
*transaction record*.  The distinction, of course, is that a receipt would
constitute an agreement that you actually deposited the amount you claimed.

For a withdrawal transaction, "receipt" doesn't even make sense.  *You* would
have to give *them* a receipt, if anybody did.

Despite the above, I have in earlier days seen ATMs that referred to their
transaction records as receipts.  I suspect the original messages were
written by programmers and not bankers...

Mark Brader, Toronto           utzoo!sq!msb,

Re: Risks of bank ATM cards

Mon, 27 Jun 88 23:34:47 -0400
>From: dcatla! (Larry E. Kollar) [...]
>As for the printer breaking or running out of paper, it's not a hard thing
>for an ATM to detect the lack of paper flow and put itself out of service.
>Whether or not ATMs do that is yet another question.

At least some of them do.  The ATMs I use (BayBanks, in Massachusetts) can tell
you as soon as you begin using them if they are out of paper and cannot print a
receipt; they then ask if you still want to use them.  (They unfortunately
can't tell when their ribbon renders the receipt almost unreadable.  Oh well.)
They also tell you about cancelled transactions.

Someone else mentioned the phones near BayBanks machines.  I was extremely
grateful for that phone a couple of weeks ago, the night before I was leaving
on a trip.  I had inserted my card, told the ATM I wanted $250 cash, and
listened to the mechanism start whirring when it suddenly went catatonic.  The
display was still lit, but there were no sounds or any other sign of activity.
Pressing CANCEL did nothing.  It still had my card hostage, so I couldn't just
go to another machine.  Also, I was worried about the possibility that it had
actually dished out some money in the still-locked cash drawer which might end
up going to the next person to use the machine.  I picked up the phone and
spoke to a woman who told me, after a moment, that the teller's communication
line to the mainframe didn't seem to be working.  She did something and my card
popped out.  (I guess there was more than one line from the ATM to the great
world outside.)  She told me to try another machine, but not too close, as it
might be using the same line.  I suggested a possible other machine and she
confirmed that it was on a different line; I went there and got my money.  I
have no idea what I would have done without the phone.

From the stories of other people, it sounds like BayBanks may do a better job
than some other banks with their ATMs.
                                            Dan Franklin

Risks of ATMs and the people who unload them

Rob Austein <SRA@XX.LCS.MIT.EDU>
Tue, 28 Jun 1988 13:18 EDT
Here's another ATM horror story.  It's really a people horror story,
the ATM just made things more interesting.

I have both my checking account and my MasterCard at a bank with a bad
reputation for customer service but an extensive network of ATMs, which is
usually ok because I use ATMs every week and talk to human tellers maybe twice
a year.  Last fall I had occasion to attempt to use an ATM to make a prepayment
to my MasterCard from a travel advance via my checking account, because I knew
that the upcoming trip would exceed my credit limit.  To make a long story
short, I'd forgotten whether the MasterCard had a password (PIN) associated
with it, never having used it in an ATM before, so I followed what turned out
to be bad instructions from the person who answered the 24-hour customer
service phone, to wit, I used my normal ATM card to start the ATM session, then
punched all the right buttons for a credit card deposit (which were distinct
from any normal kind of deposit) and gave the machine the money in an envelope
that clearly indicated that this was a payment to credit card #x.  Then off I
went to California.

When I got to California and checked into the hotel, the hotel clerk told me
that my MasterCard wouldn't take the estimated charge, so I made temporary
arrangements and called the bank.  The bank said that the fine print gave them
to right to still be sitting on the payment, but that this right would expire
before the day I was planning on checking out, so if I just sat tight
everything would be fine.  As the reader has no doubt guessed, things were not
fine at checkout time, the MasterCard still wouldn't take the charge.  I called
the bank again and this time they had no record whatsoever of the payment, but
neither were they willing to take steps over the phone such that the check
would not be deposited if it were found (not in time to be useful to me,
anyway).  So here I was, on the other side of the country, I couldn't use the
MasterCard because the bank had lost the payment, and I couldn't write the
hotel a check because the bank might FIND the payment.  Fortunately I also had
an American Express Card for just such emergencies, so I was able to square
things with the hotel and fly home to yell at the bank.

When the dust settled, here's what they told me.  It seems it doesn't matter
what buttons you push on the ATM if you put the wrong card in, the human who
unloads the ATM processes it "appropriately" for the card you used.  I.e., the
effect was as if I'd deposited a check into the checking account it was drawn
on.  Since this is obviously a nonsense transaction, it isn't recorded anywhere
(amazing logic), and I would have eventually found out what had happened when I
received the UNCANCELLED check with my monthly statement and called up the bank
to ask what the hieroglyphics meant.

Now, I don't know if the ATM is simply asking for more information than it's
giving to the teller who unloads it in the morning (probably, I know that these
ATMs only look at the first four digits of a PIN no matter what you type) or if
this was an amazingly stupid teller.  Maybe both.  I did take the bank to task
for not having at least kept track of what the ATM/teller pair had done, at
which point they said that they'd had this problem before.  They had also had
the problem of the customer service people giving bad instructions on the phone
in this situation before.

The bank did make good on all the little expenses (except time) that I had
incurred during this fiasco.  I think they were embarrassed about the American
Express Card....

More problems with VARs <Joe Morris>
Mon, 27 Jun 88 16:59:48 EDT
In RISKS-7.10 Hal Norman of JPL commented on problems of a VAR who claims
that the power supply he (Hal) is trying to return as defective wasn't part
of the system the VAR sold.  There's a flip side to this: soon after the 
first customer ship of the original IBM PC, several dealers were found to
be playing a game with the customers by buying a stripped PC (16K, no disk
drives) and installing their own memory chips and some el cheapo disks.
They would then sell the unit at the IBM list price, making much more than
if they had paid IBM's dealer price for the unit.  IBM was burned repeatedly
by units that failed and were returned for warranty repair; the customers
thought they had bought an IBM box and weren't happy when IBM declined to
give warranty service to non-IBM parts.

That's why the disk drive front panels suddenly acquired the IBM logo, so
that the non-IBM drives could be more easily identified.

I don't know why the AT's (and probably PS/2's) don't sport the IBM logo.
It may be that the drives themselves have the IBM part numbers or whatever
on the chassis so that they can be identified; the drives on the older
units have no IBM markings I can find.

Something to do on a rainy day: look at the ads in _Computer_Shopper_ and
try to guess the pedigree of the major subassemblies used in some of the
more aggressively-marketed clones.  The number of vendors who supply that
data is depressingly small.

Re: Hard-disk risks from vendors (RISKS-7.8)

George Pajari <>
Fri, 17 Jun 88 14:06:19 PDT
>From: Jerry Harper <mcvax!euroies!jharper@uunet.UU.NET>
>Subject:  Hard-disk risks from vendors
>We use a number of 286 machines (American Research Corporation -made in Taiwan)
> ...[details of various hardware problems]...
> ... he said he was too "busy" to come out ...[more problems]...
> ...[never] did the vendor admit any liability, nor did
> he seriously offer a replacement. This is of some concern to a number of
> Are too many people getting into the VAR market by the seat of their pants?

I get very upset with comments such as the above.  

Why do consumers in the computer market (especially PCs and other low-end
systems) assume that they can get more than they pay for?

Jerry as much as admits that they bought a cheap Asian clone to save
money then seems not to understand why the support is non-existent?

Unfortunately your hardware supplier has to eat also and the narrow margin on
his sales doesn't permit much support.  Why does he charge so little?  Because
if he included enough mark-up to pay for reasonable support people like Jerry
would buy from someone else! So it is the market (of which Jerry is a part)
which supports and even encourages such vendors.

Don't complain about support unless you are willing to pay for it.

George Pajari        sometime grad-student and full-time consultant
(no...I don't sell hardware...just get frustrated with clients who
expect the same level of service from low-margin clone vendors as from
full-price outlets)
These opinions are those of my company.  I own it, dammit.

Please report problems with the web pages to the maintainer