The RISKS Digest
Volume 7 Issue 97

Wednesday, 21st December 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Software Safety report in UK
Jane Hesketh via Philip Wadler
o Over-reliance on a single source of data
Cory Kempf
o Computers vs Scandanavian Design
Bob Frankston
o Supercomputer used to "solve" math problem
Henry Cox
o Re: Armed with a keyboard and considered dangerous
Dan Franklin
o Another article on the dangerous keyboard artist
Jerry Leichter
o Virus article debunked
Stephen Page
o Info on RISKS (comp.risks)

Software Safety report in UK

Philip Wadler <>
Wed, 21 Dec 88 10:48:42 GMT
The following may be of interest to Risks readers.  The message is from Jane
Hesketh of Edinburgh Computing and Social Responsibility.  — Phil Wadler

>From jane@aiva Mon Dec 19 10:52:12 1988

Computer Weekly 15.12.88

"Software safety cannot be guaranteed, warns DTI"

A draft report for the Government on safety-critical software emphasises the
impossibility of guaranteeing error-free programs, despite their widespread
use to control aeroplanes and nuclear power plants.

Commissioned by the DTI and carried out by the Institution of Electrical 
Engineers and the BCS, the report has met with mixed reactions from the  
safety-critical software community.

One of the more ominous warnings contained in the report is that an entirely
unambiguous specification is not strictly feasible.

"The uncertainty in our knowledge of the real world creates the potential
for our specifications to be wrong, including being incomplete," the report
states. " This is apart from any mistakes we may introduce when we come to
describe the requirements in specifications".

The report is not describing remote safety-critical applications but ones
already in operation. While Sizewell B will be the first UK nuclear power
plant whose safety system is computer-controlledd, the safety of a nuclear
plant on the NorthWest coast of France is already in the hands of software.

One of the criticisms of the draft report is that it is limited too closely
to safety-critical software in the UK. The whole thing lacks a European
perspective" says Robin Bloomfield, chairman of consultancy delard, which
co-wrote the MoD safety-critical software standard 00-55. " For example, it
should have included a current West German proposal for a standard to cover
all industries".

Another criticism is that the report does not go far enough in trying to 
bring together safety-critial standards, which many in industry now feel to 
be diffuse and inconsistent.

"This document has not covered standards sufficiently," says David Youll,
who is software engineering group manager at the Cranfield IT Institute.

Over-reliance on a single source of data

Fri, 16 Dec 88 17:13:11 EST
With all of this discussion on over-reliance on automation, an anecdote that
a friend told me a while back came to mind.  I though that it was
appropreate to the current discussion.

Ed (the guy who told this to me) is a Master Chief Petty Officer (ret.).
Part of his responsibilities included checking out new members of his
squadron in the flight simulator.  One of the pilots that he had to check
out in the simulator was acting a bit 'cockey'.  While the new guy was not
looking, Ed disconnected the Artificial Horizon.  (for those of you not
familiar with airplane cockpits, this is a control that is used to inform
the pilot of the current orientation of the aircraft about the X & Y axes
(it doesn't tell direction).  there are several other instraments that give
the same data, notably the turn and bank indicator) The pilot took of (the
simulator) and almost immediatly flipped over and crashed.  He did this
three times in a row.  The reason?  Over-reliance on a single channel of
data input — the Artificial Horizon.  It showed the plane in a level
flight, while the turn and bank indicator showed the correct data.

This occured in a simulator.  Nobody died as a result.  It does 
illustrate what happens when humans (and computers for that matter)
depend on a single source of data, and that source is spewing out
bogus data (which can sometimes happen).

Other conclusions I will leave to you... this is too long already.

Cory Kempf     UUCP:!gloom!cory

Computers vs Scandanavian Design

bobf@lotus.UUCP <Bob Frankston>
Wed Dec 21 07:49:41 1988
The Boston Globe had an article on the near demise of Scandanavian Design — a
70 store furniture chain that was doing $100M/yr.  According to the article
what caused things to fall apart was an attempt to convert from an antiquated
Honeywell system to a modern ($4.5M) IBM system.

The article also mentions a lack of senior management.  The observation is that
computers are not turnkey systems one just installs but they require an MIS
staff with much expertise.  The reason is not that computers are complicated
but that they are integral to the operation of one's business.

While I expect that one will, in the future, buy systems that take care of the
business and allow management to concentrate on the interesting aspects
(whatever that might be for an individual), we need to make it clear that the
current systems are idiot savants.

What is missing is a deep computer literacy that allows nonprofessionals (and
many professionals in the field) to understand the computer as a component of a
system.  It is one thing to teach Basic in school, it is another to impart a
deeper understanding of computation.

A trivial example was an office manager I had.  I was implementing a property
sticker system and wanted red permanent stickers and black removeable stickers.
She did this, but both sets had the same numbers, she had assumed that a red
158 and a black 158 were different.  While that may be true visually and could
even be stored that way, it wasn't an effective distinction in such a system.
What was missing was the concept of a unique ID.

Supercomputer used to "solve" math problem

Henry Cox <>
Wed, 21 Dec 88 09:23:26 est

[ From the Montreal Gazette, 21 December 1988 ]

  A team of Concordia University [ another Montreal area university ]
computer scientists using a U.S. Defence Department supercomputer have
solved a theoretical mathematics problem so complex that it is beyond
the capability of the human mind to comprehend.
  Clement Lam, who is a member of the matemetical computation division at
Concordia's computer science department, said the complexity forces
scientists to accept the supercomputer's solution more or less on faith. [
The RISKS connection... ]
  This raises important questions about the power of computers and whether a
proof that mankind cannot fully understand can be accepted.  "This is one of
the very important philosophical questions," Lam said.  [ A practical
question as well, I think.  How can we be sure the answer is correct if we
can't check it? ]
  He added, however, that he is confident the mathematical problem faced by
him and his colleagues "is solved".
  The problem, first posed in the 18th century by a Swiss mathematician,
deals with the question of whether a mathematical entity called a "finite
projective plane of order 10" can exist.
  Lam and three collegues, John McKay, Larry Theil, and Stanley Swiercz,
concluded that such an entity cannot exist.
  The problem deals with whether numbers and groups of numbers can be
organized in a particular fashion.  To discover the solution, concordial
scientists had to search through more than 1,000,000,000,000,000
combinations of possibilities - or about 50,000 for every human being.
  He said studying just one possibility would be like having the computer
examine every combination and outcome of a chess move, but much more
complex.  The skill was is organizing and programming the computer.

[ The RISKS are obvious. The willingness of people to accept a computer's
answer on faith (whether at the cash register at the grocery store or in the
university environment) remains disturbing.                   Henry Cox]

Re: Armed with a keyboard and considered dangerous [RISKS-7.96]

Dan Franklin <dan@WATSON.BBN.COM>
Wed, 21 Dec 88 16:58:02 EST
F. Baube (commenting on a news article quoted by Rodney Hoffman in RISKS-7.95):
> > [..] Federal prosecutors also obtained a court order restricting
> > Mitnick's telephone calls from jail, fearing he might gain access
> > to a computer over the phone lines....
> .. and presumably he would whistle at 1200 bps.

Hardly.  All he needs is a touch-tone phone.

First, it may well be possible to play games with phone service using only
touch-tone phones; I could easily believe that each local phone exchange has
a "secret" number that allows their employees to alter the characteristics
of phone lines for testing purposes.

But more importantly, he could have set up a phone number in advance which
would allow him to use a touch-tone pad like a keyboard.  (With 12 keys on
the pad, two keypresses are sufficient to represent any ASCII character,
including control characters.)  Add text-to-speech equipment for the other
direction, and he's all set.

Having been jailed before, he could easily have prepared for being jailed or
otherwise kept away from keyboards again.  This private line and the equipment
need not be in his house or under his name, so there's no way anyone could be
sure it wasn't available to him.
                                                Dan Franklin

              [Also noted by Deshler Armstrong  <> ]

Another article on the dangerous keyboard artist

Tue, 20 Dec 88 10:56 EST
     "LOS ANGELES (UPI) - In a rare ruling, a convicted computer hacker was
ordered held without bail Thursday on new charges he gained illegal access to
secret computer information of Leeds University in England and Digital
Equipment Corp.
     Kevin David Mitnick, 25, of Panorama City, is named in two separate
criminal complaints charging him with computer fraud.  Assistant U.S. Attorney
Leon Weidman said it is unusual to seek detention in such cases, but he
considers Mitnick 'very, very dangerous' and someone who 'needs to be kept away
from computers.'
     U.S. Magistrate Venetta Tassopulos granted the no-bail order after Weidman
told her that since 1982, Mitnick had also accessed the internal records of the
Los Angeles Police Department, TRW Corp. and Pacific Telephone.
     'He could call up and get access to the whole world,' Weidman said.
     Weidman said Mitnick had served six months in juvenile hall for stealing
computer manuals from a Pacific Telephone office in the San Fernando Valley and
using a pay phone to destroy $200,000 worth of data in the files of a northern
California company.
     Mitnick later penetrated the files of TRW Corp. and altered the credit
information of several people, including his probation officer, Weidman said.
     He said Mitnick also used a ruse to obtain the name of the police
detective investigating him for hacking when he was a student at Pierce
College.  He telephoned the dean at 3 a.m., identified himself as a campus
security guard, reported a computer burglary in process and asked for the name
of the detective investigating past episodes, Weidman said.
     The prosecutor said Mitnick also gained access to the Police Department's
computer data and has impersonated police officers and judges to gain
     A complaint issued Monday charges Mitnick with using a computer in
suburban Calabasas to gain access to Leeds University computer data in England.
He also allegedly altered long-distance phone costs incurred by that activity
in order to cover his mischief.
     A second complaint issued Thursday charges Mitnick with stealing
proprietary Digital Equipment Corp. software valued at more than $1 million and
designed to protect the security of its computer data.  Mitnick allegedly
stored the stolen data in a University of Southern California computer.
     An affidavit filed to support the complaints said unauthorized intrusions
into the Digital computer have cost the company more than $4 million in
computer downtime, file rebuilding and lost employee worktime.
     A computer operator at Voluntary Plan Assistance in Calabasas, which
handles disability claims for private firms, told investigators he allowed his
friend unauthorized access to the firm's computer.
     From that terminal, Mitnick gained access to Digital facilities in the
United States and abroad, the affidavit said."

Virus article debunked

Stephen Page <>
Wed, 21 Dec 88 20:15:21 gmt
A disappointingly journalistic article entitled "Rewriting the Book on
Viruses" appears in the December 1988 edition of Computer Newsletter,
a publication of the British Computer Society. It describes a talk
from a Dr Alan Solomon, "who runs the only Data Recovery hospital in
the world". Here are some extracts:

"... Solomon insists that viruses are actually extremely scarce.
'Viruses are very rare indeed. I'm getting about 1 or 2 reports a week
which turn out to be genuine viruses. That's in a population of half
a million computers,' estimates Solomon..."

"The biggest virus problem is misinformation, according to Solomon, who
told the audience that 'everything you've read and everything you know
about viruses is wrong'. He goes on to state an example, 'People are
calling everything a virus. At the height of commotion, a couple of months
ago, I had a person call in and say "I've got a problem, I think it's a
virus. My printer won't print a pound sign."'"

"Viruses do not travel on executable disks, they spread on blank disks.
Solomon warns, 'The real threat is data disks ... 99% of the time boot
sector viruses are travelling on data disks.'"

"Solomon prescribes a few tips on preventative measures: get software from
a reputable source, if a boot fails — switch the computer off, stay informed
and make a clean copy of DOS and write protect it."

There are two interesting flaws in this article:
1.  No where in the article, with the sole exception of the word "DOS"
    in the extract above, does the author point out that the article
    defines "computers" to mean "machines of an IBM-PC architecture
    running the PC/MS-DOS operating system". Thus he dangerously
    misleads the reader into worrying about blank mainframe disks
    or, worse, into not worrying about executable disks on other

2.  His assertion that viruses are "extremely scarce" is incorrect for
    some hardware/software architectures, in particular the Macintosh.
    I would not like to guess at a percentage, but certainly almost
    every Macintosh user I have met has suffered from an nVir attack!

Disinformation is always dangerous. Perhaps RISKS readers need to arm them-
selves with a short nontechnical fact sheet for their colleagues who
are interested in finding out what is really going on.
Has anyone written something simple along these lines, which we could
show to people who find all the journalism confusing (or wrong)?

Please report problems with the web pages to the maintainer