The RISKS Digest
Volume 8 Issue 38

Wednesday, 15th March 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Water Bug - Computerization Messing Up Yacht Race
Robert Horvitz
Sunspots & Communications
Cliff Stoll
pengo and the Wily hackers
Klaus Brunnstein
Toshiba DOS 3.3 Backup deletes files
Fiona M Williams
Star Trek computer virus
Kevin Rushforth
Re: NASA to replace top-level personnel with Expert Systems
Henry Spencer
Pushbutton Banking
Lynn R Grant
Risks of telephone access to your bank account
Michael McClary
Limitless ATMs
John Murray
Re: Prisoner access to confidential drivers' records
Scot E Wilcoxon
Risks of Human Emulating Machinery
Jon Loux
New Sprint Card
Ken Harrenstien
Incoming-call identification
David Albert
Info on RISKS (comp.risks)

Water Bug - Computerization Messing Up Yacht Race

Robert Horvitz <rh@well.UUCP>
Sat, 11 Mar 89 19:41:15 PST
An Irish friend, Derek Lynch, sent this article from the Irish Times' Sports
page (10 Feb 89).  Perhaps a British reader can provide the necessary

          "COMPUTER ERROR MAY PROVE COSTLY    by Dermot Gilleece

"A major decision with critical implications for Ireland's first involvement
in the Whitbread Round the World yacht race, will be taken in England next
week.  Race organisers, the Royal Naval Sailing Association, will be 
responding officially to a storm of criticism concerning the specifications
of competing yachts...

"The problem concerns the technique of measuring yachts which, in the context
of the Whitbread Race, are in the maxi, 70 foot class.  This is the
responsibility of the British-based Offshore Racing Council, which introduced
a new measuring process two years ago.

"Up to that stage, yachts were hand-measured, taking various complex factors,
even the size of the engine, into the equation.  It was then decided that
computers could handle the process more efficiently.

"In the event, a fault was discovered in the computer software with the result
that specifications were more liberal than intended.  So, the Offshore Racing
Council corrected the error last November.

"By then, however, two New Zealand yachts had been built according to the
faulty computer measurement...  The fact was that, while the New Zealand 
yachts measured 70 feet under the faulty process, their actual measurement
was 71 feet.

"The implications of this discovery were far-reaching.  Rear-Admiral Charles
Williams, chairman of the race committee, was bound by the new regulations
which, in effect, made the New Zealand craft illegal.  On the other hand,
if the New Zealand yachts were accepted into the Whitbread Race, they would
have a decided advantage over British and Irish craft - possibly by as much
as 10 hours in the 36,000 miles event, which will get under way in 

"Butch Dalrymple-Smith is a partner in the company of Ron Holland, the
Cork-based designer of NCB Ireland.  He said last night:  `My view is that
the New Zealand boat which we know to be outside the limit, was built with
the computer loophole in mind.

"`We knew about the problem as far back as last July when the Americans
decided that yachts built to the faulty computer process were unacceptable.
Admittedly NCB Ireland was built at that stage but we could still have 
carried out the necessary modifications had we needed to...'"

"It has been suggested that Rear-Admiral Williams has bowed to pressure
from the New Zealanders, who are heavily sponsored.  This was roundly
rejected last night by Captain Brian Evans, the race secretary...

"He added:  `The matter will be cleared up next week when we will be 
announcing our decision.'...

"If NCB Ireland were to be modified to make it competitive with the New
Zealanders, the expense would be formidable.  For instance, a new keel
would cost L/40,000, a mainsail L/10,000 and a new rig as much as 

"At this stage, it would appear that the RNSA will have no option other
than to back down in the face of overwhelming protests...  Meanwhile,
leading yachtsmen will be awaiting next week's decision with some
apprehension.  This is clearly a case in which a considerable quantity
of oil will be necessary to calm troubled waters."

Sunspots & Communications

Cliff Stoll <>
Mon, 13 Mar 89 13:55:36 est
There's a major sunspot group on the sun ... it's visible to the naked eye
(with suitable protection, of course).  Largest sunspot in a long time.
At least two flares have been associated with this group.

Ten or twenty years ago, we'd probably have heard warnings that communications
circuits might be disrupted, due to ionospheric interactions with the solar

Today, however, it's a rare communication link that depends on ionospheric
reflections (although military over-the-horizon radars do...).

So this sunspot won't affect our communications, huh?  
You say we've nothing to worry about?

Maybe.  Here's a few things to worry about:

  1)  Geomagnetic storms can screw up magnetic compasses.

  2)  Satellites in geosynchronous orbit have a rough time of it.
      Twice a year, (at each equinox), they're shadowed by the earth,
      and their solar panels don't generate electricity at night.
      In addition, the high energy particles can get wicked
      at this altitude, especially when there's a major solar flare.
      Well, it's near the equinox (so the comsats are battery
      powered at night), and there's bad solar flares.
      Result: these satellites are being stressed.

  3)  Earth satellite lifetimes depend on the shape and size of the
      earth's atmosphere.  Satellites in low orbits may have their
      lifespans shortened drastically when the atmosphere bulges out.
      What causes such bulges?  Increased solar activity.  

      If this sunspot — largest in memory — is an indicator of a very
      active sun in the next few years, low-flying satellites may be
      in trouble.  

Best of cheers,  Cliff Stoll    617/495-7147
Smithsonian Astrophysical Observatory 
Harvard - Smithsonian Center for Astrophysics

Sunspots & Communications (O Solar Milhaud!)

Peter Neumann <>
Wed, 15 Mar 1989 9:28:47 PST
Solar flares resulting from the unprecendented sunspot activity have reportedly
been wreaking havoc with communications around here since about 10 March.  (And
the peak of the 11-year sunspot cycle is still about a year away!) Radio and
satellite communications have been seriously affected.  In the Mount Diablo
area of California, there have been many reports of garage door openers failing
to operate.  (Younger RISKS readers will not remember a different effect caused
by signals from the first Sputnik, which merrily opened and closed garage doors
each time it traversed the U.S. — at the time there was little redundancy in
the g.d. control signals.  This time the controls are apparently being jammed.)

            [The "Subject:" line subtitle is due to the fact that I had 
            awful radio reception on hearing a piece by Darius Milhaud.]

            [By the way, today is the day to "Beware The Ides of March",
            which means that The Calends of April is only 17 days away.
            As we have learned, Beware the Calends of April also.]

pengo and the Wily hackers (RISKS-8.37)

Klaus Brunnstein <>
14 Mar 89 11:04 GMT+0100
In RISK FORUM 8.37, `Pengo' Hans Huebner stated that he had no share in the
KBG case as I mentioned in my RISK report. Since I myself had no share in 
the KGB hack (and in this sense, I am not as good a source as Pengo!), I tried 
to transmit only information where I had at least *two independent sources* of
*some credibility*. In Pengo's case (where I was rather careful because I could
not believe what I read), my two sources were:

    - the SPIEGEL report (I personally agree that names should be avoided as
      long as current investigations are underway; yet in this cases, the 
      names have been widely published in FRG and abroad);

    - a telephone conversation with a leading CCC person (before I present his
      name, I will inform him); after he had informed me about a public debate
      at Hannover fair (where the German daily business newspaper, Wirtschafts-
      woche had organised a discussion with data protection people and CCC),
      I asked him whether he knew of Pengo's contribution; he told me that
      he directly asked Pengo: '`Did you, without pressure and at your own 
      will, work for the Russians?', and Pengo answered: `Yes'. He told me that
      he immediately cut-off any contact to Pengo. Evidently, there was a 
      controversial discussion in Chaos Computer Club whether on should react
      in such a strict manner. I understand the strong reaction because the
      KGB hackers severely damaged CCCs attempt to seriously contribute to
      the public discussion of some of the social consequences of computers.
      They now face, more seriously than before, the problem of being regarded
      as members of a criminal gang.

In the bulk of information, I found much desinformation (not only regarding
computer stuff, like the notion of a sold `C-Compiler, which is a program to
accomodate old programs to modern computers'). I didnot mention such des-
informing non-facts (like the rumor that also personal information was sold) 
because I had only one source, which moreover was of very limited credability. 

Klaus Brunnstein

Toshiba DOS 3.3 Backup deletes files

Fiona M Williams <>
Tue, 14 Mar 89 14:34:50 GMT
A colleague of mine had just started to backup the hard disk of his Toshiba
3200 using the Toshiba DOS 3.3 backup command. While backup was still looking
at the root directory we had a power failure in the office. A couple of gnashes
later he re-booted the T3200 only to get the message "Bad or missing command
interpreter."  (This generally means that has been knackered.)
Also, when we looked at the backup diskette, there was nothing on it!

Having (eventually) found a Toshiba DOS 3.3 diskette we managed to have a look
at the hard disk only to find that all files in the root directory *had been
deleted*. (Sub-directories were ok though.) Norton's quick un-erase came to the
rescue so we managed to recover everything after about an hour.

I'd hate to think what might have happened if we'd had the power failure when
backup was on its 20th diskette, rather than its first, but in any case, the
moral seems to be that you should sometimes make a backup before making a

Stephen Farrell, MANTIS LTD.      (

Star Trek computer virus

Kevin Rushforth <kcr@Sun.COM>
Tue, 14 Mar 89 22:30:12 PST
I realize that the fictional world of Star Trek is not normally an appropriate
risks topic, but I feel this is an exception.  The next original episode of
"Star Trek: The Next Generation" (scheduled to air the week of 3/20-3/26) is
titled "Contagion" and is about (you guessed it) a computer virus:

   The Enterprise's computer system falls prey to a mysterious electronic
   "virus" which programs the ship to self destruct.

This episode may prove interesting to readers of comp.risks.  It raises
an interesting question as to what would happen if the on-board
computer of an F-16 or Space Shuttle were to contract a virus.

Kevin C. Rushforth, Sun Microsystems

Re: NASA to replace top-level personnel with Expert Systems

Sun, 12 Mar 89 01:33:01 -0500
A cynic might say that replacing many of NASA's top-level people with, say, a
PC each would be an *improvement*, bugs and all...  Let us not forget that some
human beings are far from fully debugged.  Today's NASA is notorious for bad
management (e.g. Challenger) and too much management (NASA's supervisor:worker
ratio today is twice what it was during Apollo).  If nothing else, a program
spouting nonsense is easier to ignore than a manager spouting nonsense --
programs have less political clout.
                                     Henry Spencer at U of Toronto Zoology

Pushbutton Banking

Lynn R Grant <Grant@DOCKMASTER.ARPA>
Wed, 15 Mar 89 14:00 EST
My bank, the Suburban Bank of Palatine (Illinois) has just announced
that starting April 1st (April Fool's Day!)  they will be implementing
"Pushbutton Banking," which will allow you to query balances, find out
what checks have cleared, and transfer balances between accounts, all
from the comfort of your easy chair, using your Touch-Tone phone.

All you need to access this is your account number and your security
code, which is the last four digits of your SSN.  I called the bank and
asked them if the security code was changable by the user.  They said
no, but how many people know your account number and SSN.  I pointed out
to them that since my Illinois driver's license has my SSN on it, every
time I pay by check at a store, I am showing the cashier my account
number and SSN.  The bank said that that hadn't occurred to them.  They
offerred to set up my account so that nobody, including me, could use
the pushbutton banker on it, and of course, I accepted.

It is certainly worrysome that the people charged with keeping my money
safe don't think about these things.  True, the pushbutton banker could
probably not be used to steal money, but it could certainly invade your
privacy, and could be used to perform denial-of-service attacks (someone
dials in and transfers all your checking account money to your savings
account, causing all your checks to bounce.  The merchants you paid by
check all charge you their 10 or 20 buck returned check fee.  When you
try to explain your way out of the charges, the bank says "Well, it must
have been you; who else would know your account number and security

--Lynn Grant

Risks of telephone access to your bank account

Michael McClary <>
15 Mar 89 13:13:05 GMT
Upon moving to California, I opened an account at a local bank (Wells Fargo).
They took down a bunch of personal information to use to identify myself when
using their 24-hour telephone account-munging service.  The information was a
standard set, such as mother's maiden name.  All public record, as I recall,
but in any case nothing a cheap private detective couldn't dig up, given a
little time.  So anyone who'd, say, gotten hold of my checkbook, could find out
how much it was good for.

But the surprise came when I was back in Michigan finishing the move, and
needed to transfer funds to cover a check.  Instead of a random set of the
items, they asked for EVERY SINGLE ONE of them.  Anyone listening in on the
phone would have all they'd need to use the service.

Now combine that with cellular phones that:
 - are not scrambled,
 - don't switch channels enough to break up a conversation,
 - can be recieved on the high end of an old TV set's UHF dial
 - are generally owned by busy people with money
and you've got the makings of some nasty surprises.

Limitless ATMs (Re: RISKS DIGEST 8.37)

John Murray <>
15 Mar 89 20:43:27 GMT
> From: @sri-unix.UUCP,
>       . . . .   A credit card and the associated PIN were stolen from my
> home, and the thief then used the card to withdraw $3900 in cash from ATM's.
> Since the ATM's had a per-transaction limit of $300, the withdrawal was done in
> 13 separate transactions.  The interesting thing is that only two ATM's were
> used for all of these operations! Further, the card only had a $3000 credit
> limit, and about $600 was already in use.

Several ATM systems have (used to have?) loopholes in them, which allowed
this type of thing to occur. For example:

* In regions where on-line links are unreliable, a machine might use floppy
  disks for its data. The transaction file and "hot-card" data are only
  updated once a day, and the bank moves this info using its regular
  courier system. All sorts of risks can occur over public holiday weekends.

* The card in question is a credit card. It seems unlikely that data for
  ALL cards EVER issued ANYWHERE is instantly available EVERYWHERE,
  especially across international boundaries. Perhaps some systems just
  accept this potential for loss.

* Some off-line systems could rewrite data onto the card, so that taking the
  card to a different machine wouldn't work. However, using joint cards could
  not be trapped.

 - John Murray, Amdahl Corp. (My own opinions, etc.)

Re: Prisoner access to confidential drivers' records

Scot E Wilcoxon <>
14 Mar 89 05:42:21 GMT
Much of the information which was mentioned is already easily
available.  For $3, the California DMV will give you auto registration
information.  "Names, addresses", and "what cars they drive" certainly,
and maybe also "loans" (I forgot to ask the DMV about loans, but I
know Minnesota lists loan info).  Auto and driver registration
information is public in most states.

Apparently the California government has considered the license holders' desire
for privacy (or perhaps of the ignorance of the public status of the
information).  Along with the $3, you must give a signed statement of the
reason why you want the information.  The license holder then is notified by
mail that the information was delivered, and of the reason you gave.

Scot E. Wilcoxon

Risks of Human Emulating Machinery

Mon, 13 Mar 1989 09:59:51 EST
In reply to "Risks of Congenial Machinery" from Robert Steven Glickstein.
Hear, hear.  In the effort to make our machines more like humans, we have
failed.  The best we can do is make a parroting parody of some intellectual
function.  Useful?  Yes.  Important?  Yes.  Vital to the functioning of many
(most) institutions in our society?  Yes.  But human?  No.  We cannot make
our machines more like humans, so we have done the next best thing.  We have
made our humans more like machines.  The silicon revolution is nothing more
than the industrial revolution without the smoke.  Mechanized.  Mass produced.
And impersonal.

A case in point.  A senior project manager in the DP shop of a large defense
contractor told me a story about his home bank back in the town in New York
where he grew up.  It used to be that the tellers and managers of the bank
knew everybody in the town.  If a check came in without sufficient funds in
your account to cover it (Banks don't like this, for some reason) they would
call you at work and make some arrangements for you to cover it (run down and
make a deposit, hold the check, whatever).  It was a community matter.  Now,
with ATMs and electronic funds transfers, etc., walking into the bank is the
financial equivalent of entering a meat locker.

"But Bob," I said.  "The bank must be serving a larger number of people.  It's
just impossible to be personal in a corporate setting.  This isn't Bailey's
Savings and Loan, you know."

"No," he said.  "But the town's population hasn't gone up in fifty years."

You decide.

Jon Loux.  University of Connecticut.  

New Sprint Card

Ken Harrenstien <KLH@SRI-NIC.ARPA>
Thu, 9 Mar 89 13:23:18 PST
Regarding the message from Will Martin:
... Fred Lawrence, Sprint's executive vice president for network development,
    said the Voicecard would work a little like the company's Foncard: Callers
    dial the phone number printed on the card, adding a second number such as a
    birthdate, and then give a two-second verbal password. Sprint equipment
    compares the voice print with one that is on record. The call goes through
    only if the voice prints match, Lawrence said. ...

My hair rose when I saw this.  I may be over-reacting in the absence of
additional information, but I sincerely hope this idea does not spread.  If it
did, I won't be able to make a long-distance call, because I'm deaf.

Let me explain for the benefit of people who don't get it.  How could deaf
people make calls in the first place anyway?  There are normally two ways:

First, they can use TDDs (Telecommunication Device for the Deaf).
This is typically a small terminal-like unit that uses half-duplex FSK
(1400/1800 Hz) to transmit Baudot codes at 45.45 baud.  More foresighted
designs also provide the capability of using ASCII with a standard 300
baud (Bell 103) full-duplex modem.  People can thus type to each other.

Second, they can use an interpreter — the usual resort when one of the
parties is hearing and doesn't have a TDD.  But it's very rare that one
can use the same interpreter (i.e. the same voice) every time.

Perhaps the Sprint people have thought about this, and have an
alternate security method for those cases.  But I rather suspect not.
I don't have any problem with proposals for whiz-bang new techno-fixes
that are focused on just one modality, but all too often these ideas
unwittingly exclude other modes, which is exactly the wrong thing to
do where a public service is concerned.

Think about color-coded displays.  Touch displays.  Mice.  Voice-synthesized
responses.  And so on.  None of these is suitable for everyone, but as long as
a system is not limited to just one way of doing things, no one will be
excluded.  I sincerely hope that in the rush to automate everything, designers
take advantage of the flexibility that computers give them to provide for as
many alternatives as possible.  The person who benefits will someday be you.

Incoming-call identification

David Albert <>
Thu, 2 Mar 89 19:04:57 EST
Today's (3/2/89) Boston Globe has an article on telephone features,
including incoming-call identification.  I quote a relevant section:

    [Spokesperson for Bell Atlantic Karen] Johnson ... brushed aside
    questions about the privacy of incoming callers.  "We feel that
    in most cases, the caller gives up anonymity and the customer
    gains privacy and security.  In all the time we've offered it,
    we've had very few complaints."

    New England Telephone's [product manager for the new calling
    services Gerald J.] Malette agreed.  "We feel the person being
    called has the right to know who's calling," he said.

Well, we keep bringing up the issue on the net; perhaps it's time we started
complaining directly to the people keeping track of the number of complaints,
such as the two named above.  In particular, I suggest we bring to their
attention the issue of the confidentiality of calls to services such as the
Samaritans, to the police (on their business number), to the government (say,
asking questions about tax laws), and to businesses in general.  Do we really
want to give up our privacy when a business might turn around and compile a
mailing list (or worse, a calling list) based on telephone calls received?
When we want to ask an anonymous question of a government agency?  When we are
baring our souls to a suicide line? Let's all get out there and complain before
it's too late (if we're not too late already).

Please report problems with the web pages to the maintainer