The RISKS Digest
Volume 9 Issue 14

Monday, 21st August 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The Check's in the Mail (but the water got shut off anyway)
Dave Clayton
Australian Commonwealth Bank — doubled deposits
Martyn Thomas
Automatic vehicle navigation systems
Pete Lucas
Tired of computers being trusted? (a balancing act for wheel watchers)
Re: Computer-based airline ticket scam
Jules d'Entremont
Human failures in emergencies
Henry Spencer
Hazards of Airliner Computerization
Mike Trout
Re: California studies "drive-by-wire"
John Chew
First test for electronic tagging starts in jail!
Olivier Crepin-Leblond
Re: unauthorized Internet activity
DEMO Software Disk Infected (Jerusalem Version B)
J. Vavrina
Info on RISKS (comp.risks)

The Check's in the Mail--really (but the water got shut off anyway)

Dave Clayton <LCO101@URIACC.BITNET>
Mon, 21 Aug 89 12:43:35 EDT
(From The Daily Spectrum; St. George, Utah, serving millions of acres
of slickrock and a few thousand people!)

Pleasant Grove, Utah(AP)

   Pleasant Grove city officials say they have found and fixed the reason
for several water users being cut off--despite having paid their bills.
   An apologetic City Recorder Charmaine Childs explained that in June,
Pleasant Grove switched to a new envelope bill, replacing the postcard
billing it had used for years.
   The new bills include an envelope for residents to mail their payments.
What officials didn't realize, however, that the bar code printed on the
envelope was for Orem rather than Pleasant Grove.
   As the bar codes are read electronically by automated postal equipment,
                        ^^^^ ^^^^^^^^^^^^^^ ^^ ^^^^^^^^^ ^^^^^^ ^^^^^^^^^
when residents mailed their water payments they went to Orem instead of
Pleasant Grove.
   Childs said the Pleasant Grove postmaster noticed the wrong bar code
on some of the envelopes and asked postal employees to watch for the blue
envelopes and route them to Pleasant Grove rather than Orem.

* * * * * * * * * *

(It gets thirsty out there on the desert without water.)

Dave Clayton, Academic Computing, U. of Rhode Island

Australian Commonwealth Bank — doubled deposits

Martyn Thomas <mct@praxis.UUCP>
Mon, 21 Aug 89 12:11:36 BST
This story appears in Datalink (UK Trade weekly) August 21st 1989.  It
contains no dates or references by which it can be checked.

"Some cock-ups are bigger than others.  Some are little but some come in
such gigantic proportions that they stretch credulity.  Take, for example,
the mishap that afflicted the Australian Commonwealth Bank's computer.  One
could imagine all sorts of things going wrong with such an installation
which keeps the scores on thousands of customers.  But it's hard to imagine
what went wrong when a malfunction at the bank doubled every deposit that
customers made.  As DP manager Pete Martin says: ' Of course it's a cock-up,
it's a vast bloody cock-up.  The hazards of computing are only limited by
your imagination.'  "

Is this the story of mounting a transaction tape twice, previously reported
(though I can't remember who the bank was), or is it a new story?  Is it true?
-- Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.  Email: ...!uunet!mcvax!ukc!praxis!mct

Automatic vehicle navigation systems

"Pete Lucas - NERC Computer Services U.K." <>
Mon, 21 Aug 89 09:48:20 BST
I read with some interest the recent proposals for auto-pilot systems for
passenger vehicles.  I must confess, these fill me with horror. The thought of
a systems failure on one or more such vehicles, and the inability of the others
to do much about it, is my greatest worry.  Call me a technophobe if you like,
but *NOBODY* can guarantee 100% reliability.  The problems of power failures,
parity errors, external magnetic/radio fields, poor maintenance etc. are as yet
still serious considerations as to why such systems should not be implemented.
Systems based on digitised street maps are never going to work - i can still
remember being told by my brother, who was navigating me, `Take a 90 right 50
yards after the farmhouse...' only to discover that the farmhouse had been
demolished the week before...  This caused great amusement to the wreckers
who recovered the resultant wreck from the swamp and towed it back to
civilisation.  How an auto-navigation system manufacturer would explain this
sort of problem when 100 card ended up in the swamp, i cannot imagine.

The fewer levels of `indirection' in such systems the safer they become - to
place a (semi-)intelligent control system between the driver and the vehicle
is by definition reducing driver control (although having driven in the States
this may be no bad thing!) and increasing the number of possible failure modes.

Two things to remember::

1) Keep It Simple, Stupid!

2) If you never depended on it, you can carry on without it.

Natural Environment Research Council, NERC Computer Services, Holbrook House,
Station Road, SWINDON SN1 1DE


Tired of computers being trusted? (a balancing act for wheel watchers)

Peter Neumann <>
Sat, 19 Aug 1989 11:37:29 PDT
Blind trust in computer systems struck home this week.  My daughter brought her
car off-island for the initial 7500-mile dealer checkup that included rotating
and rebalancing the tires and checking the alignment.  After the return ferry
trip and drive home, she noticed a terrible shimmy and called the dealer to
complain.  The dealer claimed that they then determined that their computer had
been malfunctioning, and apologized profusely.  (Perhaps the mechanic was not
sufficiently computer literate?)  She immediately took the car to the best tire
man on the island, who said he had NEVER seen anything so badly out of balance.
(The dealer covered the cost.)

Are there no consistency checks or reasonableness checks on the results of such
computerized systems?  Are they designed to be mechanic-proof?  Are we getting
to the point that almost everyone in society is going to have to be not just
computer literate, but keenly aware of the risks and pitfalls?  Probably No,
No, and Yes.

    [I contemplated the plight of a land-locked driver having to negotiate such
    an ill-adjusted car when heavily laden, and came up with something about
    where the lubber meets the load.  As I have been far too conservative in my
    interstitial insertions of late, I thought you wouldn't mind.  PGN]

Re: Computer-based airline ticket scam (RISKS 9.11)

Jules d'Entremont <jules@iisat.UUCP>
20 Aug 89 00:42:27 ADT (Sun)
>From: Jordan Brown <jbrown@herron.UUCP>
>In the interests of equal access to scammery to all, I will divulge ...

It sounds like Jordan is, like me, growing tired of all these stories about
"computer crime".  What is computer crime anyway?  Crime has existed since the
dawn of civilization, and criminals have always been eager to use the latest
technology for their sinister deeds.  Guns, knives, cars, matches, even panty
hose are used by criminals daily, but when is the last time you read a
newspaper article about "panty hose crime?"

Crime is crime.  It took a long time before the term "computer error" fell
out of favour with most people;  how much longer will it take for "computer
crime" to reach the same fate?

Jules d'Entremont   Phone: 454-5631 (Home)  465-5535 (Office)
UUCP: {uunet,utai,watmath}!dalcs!iisat!jules
Bitnet/Uucp: jules@iisat.uucp     Arpanet:

Human failures in emergencies

Mon, 21 Aug 89 01:30:47 -0400
The July 17 issue of Aviation Week has a very interesting letter from P.G.
Boughton, commenting on the British 737 crash in which the pilot shut down
the good engine instead of the bad one:

    "I am amazed that Boeing has taken all the blame...  I am an
    F-14/F-4 backseater with more than 3000 hr.  Twice I have had
    experienced pilots shut down the incorrect engine.  Both times
    we had enough airspeed and altitude to get the engine relit.
    The hardest obstacle... was getting the pilot to try a restart.
    He just could not believe he shut down the incorrect engine...

    "In trainers I can get about 10% of experienced aviators to
    miss a bright, flashing FIRE light at eye level for up to 5
    minutes by introducing multiple emergencies, hurried approaches,
    and frequent simulated approach-control radio transmissions...
    The British 737 pilots were in just such a multiple emergency."

                                     Henry Spencer at U of Toronto Zoology

Hazards of Airliner Computerization

Mike Trout <>
Fri, 18 Aug 89 10:42:31 EDT
Last night on National Public Radio's re-broadcast of BBC news, there was an
extensive BBC report on the hazards of airliner crew fatigue.  Although the
bulk of the report was not earth-shattering and contained nothing particularly
new to RISKS readers, there were a few points of interest:

With the increasing computerization of airliner operation, there is less and
less for crews to do.  Planes are basically flying themselves, and crews have
been reduced to monitors.  Human beings are notoriously bad monitors; we have a
basic desire to "do" things; that is, to solve problems by moving in a
step-by-step process, reaching conclusions and beginning work on a new problem.
No one is yet suggesting that airliner computerization has gone too far, but
all parties admitted that flight crews now routinely fall asleep in the flight
deck.  This is no longer unusual; studies indicate that sleeping crews are so
common that Boeing and other manufacturers are considering adding loud beepers
that go off randomly.  [Wouldn't it make more sense to give them something
constructive to DO?]  Many airlines have already adopted official procedures
whereby flight attendants are required to visit the flight deck every 15 or 20
minutes to wake up the crew.  A former RAF pilot and current editor of
_Flight_International_ discussed how in the "old days," it was necessary to
flip switches, study analog dials, and mentally compute problems.  This kept
crews busy on tasks that they knew were critical.  Today, all possible factors
are displayed on CRT screens, pre-calculated for easy access, whether the crew
has asked for the displays or not.  This leads to an attitude of complacency
and unimportance.  Biological time clocks are not well understood, and may play
a major factor in crew fatigue.  One pilot mentioned that on overwater night
flights in which the sun rises in front of the plane, it was virtually
impossible to keep awake, even if you weren't tired.  The new 747-400, which is
flown by only two crew members, always carries a spare crew, as it is designed
for extremely long-range flights.  Still, no one wants to return to the days of
the trans-oceanic flying boats, when journeys took days and everyone,
passengers and crew included, was awake during the day and asleep in hotels at
night.  We pay a price for our "instantaneous" transportation system.

Michael Trout, BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110
(518) 783-1161

Re: California studies "drive-by-wire"

John Chew <john@trigraph.uucp>
Thu, 17 Aug 89 15:11:26 EDT
In response to Rodney Hoffman <>'s summary
  of an article by William Trombley in the Los Angeles Times on 1989 07 24:

Can anyone hypothesize any sort of fail-safe mechanism for the proposed scheme
to "platoon" vehicles at 70 mph with 50 foot separation?  50 feet at 70 mph is
less than half a second (thank heavens I made it through school before
metrification was complete :-)).  When the vehicle ahead of you suffers some
sort of catastrophic failure of the sort about which RISKS readers lie awake at
night contemplating, it seems to me that half a second is insufficient time to
reassert manual control, but that any attempt at automatic collision avoidance
in a crisis is likely to be a worse alternative.  Did the article mention how
the system was expected to behave under hazardous circumstances?

john j. chew, iii             phone: +1 416 425 3818     AppleLink: CDA0329
trigraph, inc., toronto, canada   {uunet!utai!utcsri,utgpu,utzoo}!trigraph!john
dept. of math., u. of toronto     poslfit@{utorgpu.bitnet,}

First test for electronic tagging starts in jail !

Olivier Crepin-Leblond <>
Thu, 17 AUG 89 18:51:17 GMT
Compiled from various short articles in the British Media:

     The first person to be electronically tagged has spent the first
first night (17 August 1989) of his sentence in prison, since British Telecom
has not yet installed a telephone at his house. The man in question is
on burglary charges, and is unemployed, and the line will be paid-for
by the government. British Telecom has assured that they would
complete the installation today, 17 August 89.
     This is the first case of electronic tagging, which is on trial here
in UK. It has been presented as an alternative for minor jail sentences,
to reduce over-crowding of UK's prisons.
Apparently, it is already practised in some states in US. The
device is an electronic beeper which is constantly worn by the criminal,
and cannot be removed. A central computer makes random telephone calls
at the house, where the criminal has to apply the beeper to the receiver,
in order to prove that he is present. In this way, the person cannot go
more than about 200ft from his phone, and has to stay in his house. There
has already been some criticism about this new method, both from the
criminal's point of view and the general public. Some say it would be
humiliating to wear the tag, since it shows in public. Some say this is
the start of "1984" by Orwell, where people's whereabouts are controlled
by a computer. Others say that the sentence doesn't have any meaning, since
the criminal can enjoy life at home.
The debate is not over, it's only beginning.

disclaimers: all standard ones... tag free.
Olivier Crepin-Leblond
Electrical & Electronic Eng., Computer Systems & Electronics,
King's College London, England

Re: unauthorized Internet activity (CERT Internet Security Advisory)

Sat, 19-Aug-89 20:52:24 PDT
The original poster suggested using the UNIX utilities "strings", "sum", and
"last" to detect a security intrusion.  As someone who was once involved from
the other side, I would like to suggest that potential victims consider the
possibility that these programs have been tampered with.  They might be blind
to contraband files or other records.

You should also consider the possibility that a contraband file system has
been created in the unused disk space of your system.

DEMO Software Disk Infected (Jerusalem Version B)

SDSV@MELPAR-EMH1.ARMY.MIL <J. Vavrina, Intel & Sec Div, Automation Branch>
Mon, 21 Aug 89 11:34:07 EST
A research and development lab located at Ft. Belvoir Virginia had their PC's
infected with the Jerusalem, Version B, Virus.  Further investigation
uncovered the virus entered the lab through a DEMO software disk from ASYST
Software Technologies supplied with a IEEE-488 board from METROBYTE.  The
infected program is RTDEMO2.EXE.

In a conversation with Mr. Dave Philipson from ASYST, to the best of his
knowledge, 50 to 100 copies of the infected software were released.  The
infection entered their facility through software received from their parent
company in England.

Mr. Brent Davis of METROBYTE informed me that the DEMO disk was supplied with
three (3) of their products; MBC-488, IE-488 and UCMBC-488.  METROBYTE is in
the process of contacting all purchasers of these products.

Many thanks to Mr. John McAfee for his assistance, SCAN34 which was used to
identify the type of virus, and M-JRUSLM which was used to eradicate the virus.

Both ASYST and METROBYTE  were extremely helpful and responded expeditiously
to the problem.  Many thanks to Mr. Brent Davis and Mr. Dave Philipson for
their action and assistance.

Comm 202-355-0010/0011  AV 345-0010-0011  DDN SDSV@MELPAR-EMH1.ARMY.MIL

    [This is of course an OLD `virus'.  New `viruses' continue to appear.  For
    example, this morning's issue of the VIRUS-L Digest, V2 #178, contains
    a message from Christoph Fischer <RY15%DKAUNI11.BITNET@IBM1.CC.Lehigh.Edu>
    For requests to receive VIRUS-L, contact krvw@SEI.CMU.EDU.  RISKS long ago
    stopped trying to include information on virus attacks.  PGN]

Please report problems with the web pages to the maintainer