The RISKS Digest
Volume 8 Issue 46

Wednesday, 29th March 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


B-1B wept-swing swept-wing
Soviets Lose 2nd Mars Probe
Satellite failure due to unremoved lens Cap
Technology strikes again — Dodge Spirits and Dodge Fever
Matt Fichtenbaum
Suing over runaway computer systems
Rodney Hoffman
Virus Hits Hospital Computers
Rodney Hoffman
Prank Virus Warning Message
Bruce N. Baker
Subversive bulletin boards
Eric Percival
UK Computer Threat Research Association
David J. Ferbrache
Will the Hubble Space Telescope Compute?
Paul Eggert
The Airbus disaster and Ada
Ted Holden via Bob Burch via jpff
DIAC-90 — Call for Papers
Douglas Schuler
Info on RISKS (comp.risks)

B-1B wept-swing swept-wing

Peter Neumann <>
Wed, 29 Mar 1989 10:49:24 PST
The Air Force temporarily grounded its fleet of B-1B bombers yesterday after
the wings on one of the planes malfunctioned just before a training
flight...  The crew could not get the plane's wings to move back and forth
in tandem and, at one point, the left wing apparently moved too far forward
and punctured a fuel tank inside the fuselage.  The wings are normally swept
back for high-speed attack runs and forward for takeoffs and landings...
The B-1B still has problems with its radar-jamming gear...  [San Francisco
Chronicle, 29 March 1989, p. A11]

Soviets Lose 2nd Mars Probe

Peter Neumann <>
Wed, 29 Mar 1989 10:51:29 PST
The Soviet Union has lost radio contact with its backup spacecraft to Mars and 
the Martian moon Phobos...  In September 1988 the Soviets lost contact with the
first of the twin Martian probes, Phobos I.  [See RISKS-7.53 and 56.]

Satellite failure due to unremoved lens cap

Peter Neumann <>
Wed, 29 Mar 1989 10:56:52 PST
A $140 million Star Wars Satellite [launched on 24 March] failed one of its
first tests...  The satellite was meant to observe the firing of a nearby
rocket in space but was unable to do so because a lens cap blocked its view.
The lens cover stayed on a sensor too long, blocking it from tracking the
second-stage engine as it drifted away in space.  As a result, the satellite
was pointed in the wrong direction to view the longer of the second-stage
firings.  [San Francisco Chronicle, 28 March 1989, p. A10]

Technology strikes again — Dodge Spirits and Dodge Fever

Matt Fichtenbaum <>
Mon, 27 Mar 89 16:22:43 EST
  I test-drove a Dodge Spirit last week.  It had Chrysler's new 4-speed
overdrive automatic transmission, which is controlled electronically.
  As we were sitting in the car before beginning the test drive, the salesman
folded down his sun visor, noted the vanity mirror built into it, and said,
"Illuminated mirrors! How nice!" So I folded down _my_ visor, lifted the cover
on the mirror, and noticed that the lights didn't light.  "How did you make
yours light?"  I asked.  "They won't, until we connect a connector under the
hood," said he, "we disconnect things that might drain the battery if left on
inadvertently."  I resolved to check the mirror illumination later.
  So I drove out from the dealer's lot, accelerated gently to about ten miles
per hour, and notice that the transmission had not yet shifted up.  "Shift,
you!" said I.  The salesman then started to laugh embarrassedly and remembered
that the transmission controller needed "that connector" reconnected.
  This time the Spirit wasn't quite willing.

                                          [And the Flashers were weak...  PGN]

Suing over runaway computer systems

Rodney Hoffman <>
29 Mar 89 10:41:46 PST (Wednesday)
Edited excerpts from a feature article by Jeffrey Rothfeder in 'Business
Week' magazine April 3, 1989:


  Geophysical Systems Corp. hired a Raytheon Corp. subsidiary, Seismo-
  graph Service Corp., to build a $20 million computer system to process
  sonar-generated data.  The system couldn't do it.  Geophysical's clients
  canceled their contracts, and Geophysical entered bankruptcy.  Last 
  December, a Los Angeles jury awarded Geophysical Systems Corp. $48.3 
  million from to cover computer-system costs and lost profits, although 
  the judge has ordered a new trial to review the size of those damages.

  Geophysical had claimed that the Seismograph system couldn't meet its
  complex computation requirements — and that Seismograph knew this 
  before it started building the system.  By finding for his client, says
  Geophysical's attorney, "the court is saying that if we wanted a computer
  unable to handle our data we could have gone to Toys 'R' Us and been
  out $20 instead of $20 million."

  As computer runaways — systems that are over budget, installed late,
  or don't work — become endemic, fed-up customers are fighting back.
  And they're using the law to do it.  In 1988 the American Arbitration
  Assn. took on 190 computer disputes, most of them concerning defective
  systems, totaling $198 million in claims.  That was up from 123 cases
  in 1984, representing claims of $31 million.  Dozens of law firms now
  specialize in high-tech matters.

  [More tales of (smaller) cases.]  When a customer sues, it loses its
  computer supplier.  It may take years to find a replacement and build
  a new system — not to mention win the original suit.  Because of this,
  says one attorney, "when you sign a contract for a computer system, 
  you're locked in a deadly embrace with the supplier that you not be able
  to, or want to, get out of."  The boilerplate agreement that suppliers
  typically offer includes numerous so-called exclusions of warranty that
  limit the supplier's liability for system failures or delays.  Also, 
  the contract usually states that nothing in it is binding unless
  specifically spelled out.

  A former Price Waterhouse senior consultant recalls telling customers
  that it will take "only 72 hours for a crucial software project.  But 
  we wouldn't put this into the contract.  Then when it took us two months
  to do the job, we simply explained that the project now costs more
  because the extra work we did was out of the scope of our agreement."

  The State of New Jersey reached a settlement with Price Waterhouse over
  a bungled system to handle licensing and traffic violations for the Motor
  Vehicles Dept.  During nearly two years of negotiations,  the accounting
  firm fixed the system.  New Jersey got the system for $1.2 million less
  than the contracted price, and Price Waterhouse swallowed approximately
  $2 million in additional project costs.

  Many customers are starting to demand contract clauses providing for
  binding arbitration of disputes, and for acceptance tests before the 
  customer pays.

  Surprisingly, the new legal aggressiveness of customers isn't particu-
  larly troubling to most systems suppliers.  Customer activism may even
  reduce the number of runaways from an estimated 35% of all current
  computer projects.  Says a systems designer at one Big Eight accounting
  firm:  "It could be just the thing we need to make us more honest."


  * ACCEPTANCE TEST.  Requires the supplier to run the customer's 
    actual data successfully through the system.

  * GUARANTEE.  The customer pays leasing or purchase charges only
    after the new system has been working correctly for two months.

  * BINDING ARBITRATION.  Stipulates that the customer can elect to 
    have disputes resolved by an outside arbitrator.

  * SOFTWARE OWNERSHIP.  Give the customer the rights to the system's
    source code and leaves it in the customer's possession.

  * SUPPORT.  Guarantees that support and servicing for the system will
    be available for at least a year — even if the supplier goes out
    of business.

Virus Hits Hospital Computers

Rodney Hoffman <>
29 Mar 89 14:15:09 PST (Wednesday)
A short note in the `Los Angeles Times' 27 March 1989 carried this summary
of information from a letter in the 'New England Journal of Medicine':


   A "virus" infected computers at three Michigan hospitals last
   fall and disrupted patient diagnosis at two of the centers in
   what appears to be the first such invasion of a medical computer,
   it was reported last week.

   The infiltration did not harm any patients but delayed diagnoses
   by shutting down domputers, creating files of nonexistent patients
   and garbling names on patient records, which could have caused more
   serious problems.

   "It definitely did affect care in delaying things, and it could have
   affected care in terms of losing this information completely," said
   Dr. Jack Juni, a staff physician at the William Beaumont Hospitals 
   in Troy and Royal Oak, Mich., two of the hospitals involved.  "It
   was pretty disturbing."

   If patient information had been lost, the virus could have forced
   doctors to repeat tests that involve exposing patients to radiation,
   Juni said.  The phony and garbled files could have caused a mix-up
   in patient diagnosis, he said.

   "This was information we were using to base diagnoses on," said Juni,
   who reported the case in a letter in the New England Journal of
   Medicine.  "We were lucky and caught it in time."

Prank Virus Warning Message

Bruce N. Baker <BNBaker@KL.SRI.COM>
Tue, 28 Mar 89 08:06:39 PST
An individual placed a time bomb message on a government service system in the
San Francisco Bay Area saying, "WARNING! A computer virus has infected the
system!" The individual is learning that such a prank is considered almost as
funny as saying that you have a bomb in your carry-on luggage as you board a

Bruce Baker, Information Security Program, SRI International

Subversive bulletin boards

Eric Percival <>
Mon, 27 Mar 89 13:27:32 BST
This week's (26 March.) Sunday Times (UK) has an article relating to a Bulletin
Board being run by a 14-year-old boy in Wilmslow, Cheshire, England, which
contains information relating to such things as making plastic explosives.
Anti-terrorist detectives are said to be investigating for possible breaches of
the Obscene Publications Act.  Apparently reporters were able to easily gain
access to this bulletin board and peruse articles on such subjects as credit
card fraud, making various types of explosive, street fighting techniques and
dodging police radar traps.  One article was obviously aimed at children and
described how to make a bomb suitable for use on "the car of a teacher you do
not like at school," which would destroy the tyre of a car when it was started.
The boys parents did not seem to think that their son was doing anything wrong,
preferring him to be working with his computer rather than roaming the streets.
A London computer consultant, Noel Bradford, is quoted as having seen the
bulletin board and found messages discussing "how to crack British Telecom, how
to get money out of people and how to defraud credit card companies.  Credit
card numbers are given, along with PIN numbers, names, addresses and other

UK Computer Threat Research Association

"David.J.Ferbrache" <>
28 Mar 89 09:32:34 GMT
For those of you interested an umbrella organisation has been established
in the UK to co-ordinate information on, and research into all aspects of
computer security. In the first instance one of the organisations primary
concerns will be combatting the threat posed by computer viruses by
acting as a clearing house for virus information and control software.

Below is a copy of an initial letter mailed to prospective members:

            The Computer Threat Research Association

The computer threat research association, CoTra is a non-profit making
organisation that exists to research, analyse, publicise and find solutions for
threats to the integrity and reliability of computer systems.

The issue that caused the formation of CoTra was the rise of the computer
virus. This problem has since become surrounded by fear, uncertainty and doubt.
To the average user the computer virus and its implications are a worry of an
unknown scale. To a few unfortunates whose systems have become a critical issue.

The key advantage of CoTra membership will be access to advice and information.
Advice will be provided through publications, an electronic conference (a
closed conference for CoTra's members has been created on the Compulink CIX
system) as well as other channels such as general postings direct to members
when a new virus is discovered.

CoTra membership will be available on a student, full or corporate member
basis. All software that is held by CoTra that enhances system reliability,
such as virus detection and removal software, will be available to all members.
It is intended to establish discounts with suppliers of reliability tools and
services. A library of virus sources and executables and other dangerous
research material will be made available to members who have a demonstrable

A register of consultants who have specific skills in the systems reliability
field will be published by CoTra and reviews of reliability enhancing software
will be produced.

Your support of CoTra will ensure that you have the earliest and most accurate
information about potential threats to your computer systems.

CoTra, The computer threat research association,
c/o 144 Sheerstock, Haddenham, Bucks. HP17 8EX

Part of the organisation's aim is to establish reciprocal links with other
similar organisations worldwide to facilitate the sharing of experience and
rapid flow of information on new threats.

To this end if you are involved in, or have contacts with, a similar
organisation in your country, please write to CoTra (or by email to me, and I
will forward your correspondence) outlining your organisation and its aims.

Yours sincerely, 
Dave Ferbrache, Dept of computer science, Heriot-Watt University, 79 Grassmarket
Edinburgh,UK. EH1 2HJ  Tel (UK) 031-225-6465 ext 553  UUCP ..!mcvax!hwcs!davidf

Will the Hubble Space Telescope Compute?

Paul Eggert <eggert%stand@twinsun.UUCP>
Tue, 28 Mar 89 14:57:02 PST
M. Mitchell Waldrop's article (_Science_, 17 March 1989, pp 1437-1439) on SOGS
is notable for its coverage accessible to the general scientific public,
and for its claim that the software engineering community has switched to
rapid prototyping.  Selected quotes follow.
  — Paul Eggert, Twin Sun Inc. <!twinsun!eggert>

        Will the Hubble Space Telescope Compute?

    Critical operations software is still a mess--the victim of
    primitive programming methods and chaotic project management

First the good news: two decades after it first went into development, the
$1.4-billion Hubble Space Telescope is almost ready to fly....

But now the bad news: the Space Telescope Science Institute in Baltimore still
has dozens of programmers struggling to fix one of the most basic pieces of
telescope software, the $70-million Science Operations Ground System (SOGS)....
It was supposedly completed 3 years ago.  Yet bugs are still turning up ... and
the system currently runs at only one-third optimum speed....  If Space
Telescope had been launched in October 1986, as planned at the time of the
Challenger accident, it would have been a major embarrassment: a superb
scientific instrument crippled by nearly unworkable software....

    1980-1  2"-thick requirements doc. written by NASA-appointed committee
    1981    contract awarded to TRW; peak team included 150 people
    1983    first software components delivered
    later   SOGS declared utterly unsuitable.

The problem was basically a conceptual one.  NASA's specifications for SOGS had
called for a scheduling algorithm that would handle telescope operations on a
minute-by-minute basis....  The tacit assumption was that the system would
schedule astronomers on a monthly and yearly basis by simply adding up
thousands upon thousands of these minute-by-minute schedules.

In fact, that tacit assumption was a recipe for disaster....  The number of
possible combinations to consider rises much faster than exponentially....
In the computer science community, where this phenomenon has been well known
for about 40 years, it is called ``the combinatoric explosion.''  Accepted
techniques for defusing such explosions call for scheduling algorithms that
plan their trips with a road map, so to speak. And SOGS simply did not have it.

In addition to performance issues, however, SOGS was also deficient in basic
design terms.  ``SOGS used last-generation programming technology,'' says one
senior programmer....  ``SOGS was designed in such a way that you couldn't
insert new releases without bringing down the entire system!  For days!'' says
the science institute's associate director for operations, Ethan Schreier....
Indeed, the fundamental structure of SOGS is so nonmodular that fixing a bug in
one part of the program almost invariably generates new bugs somewhere else....

So, where did SOGS go wrong?...

One of the main villains seems to have been the old-line aerospace industry
approach to software development....  In the wider computer science community
this Give-Me-The-Requirements approach is considered a dismal methodology at
best...  Modern programming practice calls for ... a style known as ``rapid

Even more fundamental ... few people at NASA were even thinking about
telescope operations in the early years....  the Space Telescope project as a
whole was saddled with a management structure that can only be described as
Byzantine....  At the hardware level the chaos at the top was reflected in a
raft of independently developed scientific instruments and onboard computers,
none of which were well coordinated with the others.  Indeed, the presumption
was that any such problems would be taken care of later in the software....

So, is SOGS fixed now?

Maybe.  With TRW's help, the institute has spent the past several years beating
the system into shape....  On the other hand, such progress has come at a
price.  SOGS now consists of about 1 million lines of programming code, roughly
ten time larger than originally estimated.  Its overall cost has more than
doubled, from $30 million in the original contract to roughly $70 million....

In both NASA and Pentagon contracting, the cost of the old-line approach is
becoming all too apparent.  Indeed, it has become a real sore point in the
computer community.

``It's the methodology that got us to Apollo and Skylab,'' says [James] Weiss
[data systems manager for Space Telescope at NASA headquarters].  ``But it's
not getting us to the 1990s.  The needs are more complex and the problems are
more complex.''

``SOGS,'' he says, ``is probably the last example of the old system.''

The Airbus disaster and Ada

Wed, 29 Mar 89 11:03:08 BST
This is a question for RISKS.  I found this on the network.  Can any
RISKS-readers answer it?

  From: bob@imspw6.UUCP (Bob Burch)
  Newsgroups: comp.misc,comp.lang.ada
  Subject: French Airbus Disaster / Ada?
  Date: 27 Mar 89 12:37:11 GMT
  Organization: IMS, Rockville, MD

  I am hearing a couple of versions of the role which the Ada programming
  language might or might not have played in the air-bus disaster at the
  Paris Air Show about a year or so ago.  I would appreciate hearing from
  anyone who actually knows anything about this topic.

  Ted Holden, HTE


Douglas Schuler <>
Wed, 29 Mar 89 08:08:18 pst
                              Call for Papers
              DIAC-90   Boston, Massachusetts   July 28, 1990

Computer  technology  significantly  affects  most  segments  of   society,
including   education,  business,  medicine,  and  the  military.   Current
computer technology and technologies that seem likely to emerge  soon  will
exert  strong  influences on our lives, in areas ranging from work to civil
liberties.  The DIAC symposium considers these influences in a broad social
context  -  ethical,  economic, political - as well as a technical context.
We seek to address directly the relationship between technology and policy.
We  solicit  papers  that  address  the  wide  range  of  questions  at the
intersection of technology and society.

Within this broad vision, we request  papers  that  address  the  following
suggested  topics.   Other  topics may be addressed if they are relevant to
the general focus.


  + Research Funding Sources/Effects     + AI and the Conduct of War
  + Software Development Methodologies   + Autonomous Weapons Systems


  + Community Access                     + Computing for the Disabled
  + Computerized Voting                  + Uses of Models and Simulations
  + Civil Liberties                      + Arbitration and Conflict Resolution
  + Computing and the Law                + Computing in Education 
  + Computing and Workplace              + Software Safety

Submissions  will be read by members of the  program  committee,  with  the
assistance  of  outside  referees.   The program  committee  includes  Alan  
Borning   (U.  WA)  Christiane  Floyd  (Technical  University  of  Berlin), 
Jonathan Jacky  (U. WA),  Deborah Johnson  (Renssalaer  Polytechnic),  Eric 
Roberts (DEC),  Richard Rosenberg (SIGCAS, U of  British  Columbia),  Ronni 
Rosenberg  (MIT),  Marc Rotenberg (CPSR),  Douglas Schuler (Boeing Computer 
Services), Lucy Suchman (Xerox PARC), and Terry  Winograd (Stanford).

Complete papers should include an  abstract  and  should  not  exceed  6000
words.   Papers  on ethics and values are especially desirable.  Reports on
work in progress or  suggested  directions  for  future  work  as  well  as
appropriate surveys and applications, will also be considered.  Submissions
will be judged on clarity, insight, significance, and originality.   Papers
(4  copies)  are  due by March 1, 1990.  Notices of acceptance or rejection
will be mailed by April 15, 1990. Camera ready copy is due by June 1, 1990.
Send  papers  to  Douglas Schuler, Boeing Computer Services, MS 7L-64, P.O.
24346, Seattle, WA  98124-0346.  For more information contact Doug  Schuler

Proceedings will be distributed at the symposium,  and  will  be  available
during  the  1990 AAAI conference.  The DIAC-87 and DIAC-88 proceedings are
published by Ablex Publishing Company.  Publishing the DIAC-90  proceedings
is planned.

       Sponsored by Computer Professionals for Social Responsibility
            P.O. Box 717,                Palo Alto, CA  94301

DIAC-90 is partially supported by the  National  Science  Foundation  under
Grant No. 8811437, through the Ethics and Values Studies Office.

Please report problems with the web pages to the maintainer