The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 7 Issue 51

Tuesday 13 September 1988


o Single Character Errors
Geoff. Lane
o Soviet Mars Probe and single character errors
o Stanford Collider Shut Down
o Destructive remote controls
Jim Williams
o Re: computer follies
Michael Greim via Mark Brader
o IFF and the Vincennes
Dennis Brantly
o Re: Disinterest in disaster not based on probability estimates
Amos Shapir
o ``MS-DOS "virus" programs do not exist.''
David Dyer-Bennet
o Hiding payoff slot
Peter da Silva
o Citation for "car engines become target for hackers"
o Info on RISKS (comp.risks)

Single Character Errors

"Geoff. Lane. Tel UK-061 275 6051" <ZZASSGL@CMS.UMRCC.AC.UK>
Tue, 13 Sep 88 11:07:15 BST
It has been suggested in a previous RISKS that single keystroke errors may
just be an Urban Myth.  Unfortunately not - in the GEORGE 3 operating system
(which used to run on ICL 1900 series computers) the command to edit a file
was "ed" and the command to erase a file was "er".  The letters "d" and "r"
are conveniently next to each other on the keyboard.

Apart from this one aberration the George 3 system was a great improvement
on all its successors!

Geoff. Lane., University of Manchester Regional Computer Centre

Soviet Mars Probe

Peter G. Neumann <Neumann@KL.SRI.COM>
Tue, 13 Sep 88 15:20:18 PDT
For the "single-character" doubters:

The Soviet Mars probe was mistakenly ordered to "commit suicide" when ground
control beamed up a 20 to 30 page message in which a single character was
inadvertently omitted.  The change in progam was required because the Phobos
1 control had been transferred from a command center in the Crimea to a new
facility near Moscow.  "The [changes] would not have been required if the
controller had been working the computer in Crimea."  The commands caused
the spacecraft's solar panels to point the wrong way, which would prevent
the batteries from staying charged, ultimately causing the spacecraft to run
out of power.

[From the SF Chronicle, 10 Sept 88, item (page A11), thanks to Jack Goldberg.]

Stanford Collider Shut Down

Peter G. Neumann <Neumann@KL.SRI.COM>
Tue, 13 Sep 88 15:35:20 PDT
Stanford University's $115 million linear collider has been shut down after
several months' efforts failed to get it running properly.  Although there
seems to be nothing basically wrong with the system, it is "simply so
complicated that, despite the best efforts of more than 100 people, they have
not been able to keep all its complex parts working together long enough to get
results."  Since spring they have "fought a succession of glitches and
breakdowns in the machine's myriad magnets, computer controls, and focusing
devices."  [Source: San Francisco Chronicle, 13 September 1988, p. A2]

Destructive remote controls

Tue, 13 Sep 88 13:26:56 EDT
Recently, I was in a hotel room in the Washington, DC area.  The TV in
the room had a remote control that was not, as is often done, anchored
to the bedside table, but did have this theft-deterant notice on it:

    "This remote control will only work on Beeblebrox Hotel TVs.
    REMOTE WILL DAMAGE your home TV sets."

The first sentence I believe, the second I absolutely do not.  I can not
imagine what form the damage might take, unless the IR coming from the
remote is so bright that it would burn out the sensor in an "ordinary"
TV or VCR.  So, is this notice a lie, to decrease the likelyhood of theft?
That's all I could figure, but it sure reduced my opinion of Beeblebrox
Hotel for putting such a silly notice on the thing.  

Why am I posting this to RISKS?  Well, suppose it's true!  What damage
could I do with this "infrared laser"?  Will it hurt my eyes?  If I had an
HP-28 calculator, or similar device, which uses an optical connection
for the printer, could I accidentally damage that?  Had I been an actual
paying guest I would have harassed them about it, but I was just visiting
and it was on a weekend, so I doubted I'd find out anything useful.

Technical information:  The remote (and TV) were made by General Electric, it
was powered by two AAA cells, and seemed to be a typical IR controller, but
with minimal functions.  "Beeblebrox" is not the true name of the hotel ;-).

Jim Williams

Re: computer follies

Mark Brader <>
Mon, 12 Sep 88 14:55:19 EDT
Path: sq!utfyzx!utgpu!utzoo!attcan!uunet!mcvax!unido!sbsvax!greim
From: greim@sbsvax.UUCP (Michael Greim)
Date: 7 Sep 88 09:29:05 GMT
Organization: Universitaet des Saarlandes, Saarbruecken, West Germany

Here are some computer follies published some time ago.

>From Jack Campin ( on Nov 27 1987

<I have had the doubtful privilege of looking after an ICL 3930 over the last

IFF and the Vincennes

13 Sep 88 10:11 EDT
In response to the Geoff. Lane msg of Mon, 12 Sep 88 09:32:13 BST; "IFF and the
Vincennes" in which he stated:

  "a) NO  combat fighter plane  will ever go  into combat with  its IFF system
  operating - for obvious reasons!"

I must disagree.  

My understanding is that there are 3 catagories in which a "bogy" will be
placed, depending on the IFF, or absence of IFF:

1> Friend
2> Foe
3> Unknown

IF a ship finds itself in a COMBAT situation and detects an aircraft which is
approaching and which is not of catagory 1, then the ship will more than likely

The only way that an aircraft can be determined to be a FRIEND is either by
having correct IFF or by visual comfirmation.  An aircraft with NO IFF, will be
of catagory 3 (Unknown), but if considered approaching in a threatening manner
(ship's determination not the pilot) will quickly be changed by default to
catagory 2 (Foe) and will be fired upon.

You might ask what is to prevent an "enemy" aircraft from being classified as a
FRIEND?  Elaborate measures ARE in place to prevent this from happening,
HOPEFULLY they are adequate.  It is because it is easier to "turn the IFF off"
(becoming catagory 3 rather than 2) than break the codes necessary to become
catagory 1, that makes the Unknown aircraft so likely to be fired upon in a
combat situation.

So my argument is that if a friendly aircraft is operating in an area where
there are also friendly forces, it had best keep its IFF "ON" or "risk" that
it's own forces may shoot it down.  

In the "heat of battle" each individual ship must make fast decisions based on
the information it has available to it at that time (IFF).  Those decisions
ultimately determine the fate of the ship/crew/mission. 

Case in point:

  Vietnam, 1972

  I was the operator of MR3, Missile Radar #3 (AN/SPG 51-C) on the USS Towers
  (DDG-9) off the coast of Haiphong Harbor, North Vietnam, approx. 3AM.  We
  were in the process of shelling various railway yards and also taking fire
  from 175mm shore batteries when a low-flying, high-speed aircraft was
  detected heading towards our ship at approx. 12 miles distance, with no IFF.

  The plane was immediately assumed hostile, both MR2 & MR3 were assigned the
  target.  MR3 "locked on" first.  2 "birds" (standard - missiles) were loaded
  on the launcher, and the launcher was assigned to MR3.  At that time the
  target was within only 1 - 2 seconds from being fired upon.

  It was a US F-4 phantom fighter.  He detected our "intent to launch" and
  QUICKLY turned on his IFF.  The launcher was unloaded (you don't want to
  leave live missiles on the rail when you're taking hostile fire from shore
  batteries!) and MR3 was then unassigned.

  IFF was the only thing that prevented us from firing at, and more than likely
  shooting down, one of our own aircraft.

I guess my point is that having your IFF "turned off" doesn't really buy you
anything, at least not in a "combat" situation.  Perhaps in a "sneak attack"
during peace time, when you would more than likely be given the benefit of the
doubt, but not once a conflict has started.  Anti-ship weapons (and their
launch platforms) have become too sophisticated, their warheads too powerful,
for a Captain to risk his ship & crew on being wrong.

Re: Disinterest in disaster not based on probability estimates

Amos Shapir <amos@taux02.UUCP>
12 Sep 88 22:44:06 GMT
Clifford Johnson (RISKS-7.51) complained about the public's disinterest in
disasters vs.  their interest in the lottery, even though the former's odds of
occurring are much greater.

I'm afraid the public's view is understandable even from the statistical point
of view: the odds of winning the lottery are slim, but it does happen to
somebody somewhere every week; a nuclear disaster is rare, and so far each of
the few that did happen caused less casualties than a major airliner crash, and
all the victims were concentrated in a small area.  Anyone outside such an area
is safe.  It's this 'lumping' of consequences that distorts the calculation of
statistical odds.  

Amos Shapir, National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel
Tel. +972 52 522261  TWX: 33691, fax: +972-52-558322

``MS-DOS "virus" programs do not exist.'' (Re: RISKS-7.49)

David Dyer-Bennet <>
12 Sep 88 22:35:54 GMT
In RISKS-7.49, Mark Moore writes about a public-domain software catalog
containing an article claiming that MS-DOS "virus" programs do not exist.  I
view this with a certain glee, because for several years I've been
attempting to follow up each story about viruses I hear; so far, the story
has either faded into the distance, or I have been told that they have the
virus isolated, but won't show it to me.  While I accept that people running
academic computer centers, in particular, have some justification for taking
a paranoid attitude (though I wasn't approaching them from within as a
student), I've been telling people for some time that by covering up viruses
the way they do, they are going to lead people to believe it's all a myth,
which in the long run is bad.  So let me just say, "I told you so." to those
who've been concealing the evidence.
                                      — David Dyer-Bennet, Terrabit Software

    ...!{rutgers!dayton | amdahl!ems | uunet!rosevax}!umn-cs!ns!ddb
    ddb@Lynx.MN.Org, ...{amdahl,hpda}!bungia!viper!ddb
    Fidonet 1:282/341.0, (612) 721-8967 hst/2400/1200/300

Hiding payoff slot (Re: RISKS-7.42)

Tue, 13 Sep 88 11:47:06 EDT
 > Modified games must have some sort of mechanism (either mechanical or human)
 > to pay off a win.  ...                                           jim frost

The gambling mechanism already exists in most vending mchines these days,
and could be easily justified as part of a videogame. This mechanism is
a change slot. If the game gives change under computer control, it can
easily be modified to handle the payoff as well.

Also, many video-games these days have a 'challenge mode', where you can
send in for a tee-shirt if you beat a particularly hard level. Perhaps
this could be considered gambling?

Peter da Silva, Ferranti International Controls Corporation

Citation for "car engines become target for hackers"

Wed Sep 7 15:24:11 1988
Readers seeking more information about car engine computer hacking are directed
to the article "Electronics puts its foot on the gas" in the May 1988 issue of
"IEEE Spectrum."  The article profiles a couple of companies working in this
area.  While one company had reverse-engineered source code and was using
in-circuit emulators to debug their changes, another was merely substituting
values into an array they'd located.  The tone of the article was not as
negative as that quoted from "The Australian" by George Michaelson in RISKS
DIGEST 7.39.  A company specializing in BMWs had done a lot of business
directly with dealers desperate to fix acceleration problems in some customers'

Please report problems with the web pages to the maintainer