Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From _Information Week_, August 12 (who got it from _Newsday_, August 6, p.5): SPACE HACKERS A test of electronic-mail between earth and laptops aboard the space shuttle Atlantis was intended to lay the groundwork for use of E-mail on space station Freedom. But the test is in jeopardy after 80 E-mail messages were received by the Atlantis crew from unauthorized users. The leak behind the E-mail address remains a mystery. *Junk Mail In Outer Space*, Joshua Quittner. Peter J. Scott, Member of Technical Staff | email@example.com Jet Propulsion Laboratory, NASA/Caltech | SPAN: GROUCH::PJS
The cover of the August 15th New York Daily News had a 9" x 11" photo of a man using an ATM, and a caption to the effect of "WANTED: This man is using an ATM card that was stolen from a rape victim 40 minutes ago." The next day, a different man was charged with rape and robbery, and in the August 17th Daily News, the following was printed: "Earlier this week, police released to the Daily News and other media outlets the photo of another man, saying that he was using a bank card stolen from a rape victim and that they wanted to question him. "...DeMartino said the initial picture had "a time sequence that differed on the printout from the ATM. The bank said the error was created by the machine downloading. "The mixup was "a very unfortunate situation," according to Bruce Herman, Apple Bank senior vice president and general counsel. "There was no malfunction in the ATM system that night," Herman said. "All relevant records and materials with respect to ATM transactions on the night in question were made available to the police at their request for analysis and evaluation." Unfortunately for the man in the photo, the admission of the mistake did not seem as well publicized as the photo. John Martin firstname.lastname@example.org
The AP reports from Geneva on 8/16 that one of the suspects in the murder in France of former Iranian prime minister Shapour Bakhtiar spend Monday and Tuesday night at a Geneva hotel, under a false Turkish identity. However, the failure of a police computer used to check hotel registration cards delayed until Wednesday the identification of the suspect, by which time he had already left (This seems to imply that the false identity was known to the Swiss police). It is interesting how the failure of the computer system is blamed here for something that presumably would have happened anyway if the computer system did not exist. Or is it that the Swiss police have become so dependent on their computer databases that they no longer use slower, more traditional sources and methods (eg. alert hotel staff)?
Deutsche Aerospace has proposed a 615-passenger Airbus, according to Flight (3-9 July). DA's executive VP for design and technology says "The tailplane itself would be smaller, because the fly-by-wire flight control system would allow greater inherent instability ...." Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: email@example.com
The Editor of Aerospace (the Asian monthly magazine) tells me that there was a recent crash of a Boeing Bell V22 Osprey "which tipped on its side due to an admitted 'glitch' in the lateral control system." Does anyone have further information? Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: firstname.lastname@example.org
Doctored radios revealed Iraqi moves during Gulf war: report LONDON, Aug 18 (AFP) - Radio equipment sold to Iraq before the Gulf war was fixed so that Britain could monitor transmissions giving the allies a crucial advantage during the conflict, the Sunday Telegraph reported here on Sunday. The British manufacturers did not know that their export equipment had been tampered with "so that the messages sent by the Iraqis could be picked up by Britain's GCHQ intelligence nerve centre" at Cheltenham in western England, the weekly said, quoting senior parliamentary sources". "Exchanges between Iraqi commanders were picked up and then passed on to the U.S. National Security Agency," the Telegraph quoted sources close to the government sources as saying. The decision to fix the equipment had been taken well before war broke out, but "at a time when the intentions of the Saddam regime were of deep concern to Western strategists following the execution of journalist Farzad Bazoft and the uproar over the supergun affair."
The following message appeared recently on VIRUS-L: Date: 07 Aug 91 20:28:57 +0000 From: email@example.com (David Risler) Subject: Virus Implants in DoD Weapons From the August 1991 "Armed Forces Journal International" "A draft Pentagon directive that called for implanting a computer "virus" or software disabling mechanism in every major new US weapon system - one that could be remotely triggered if the weapon fell into enemy hands - was under consideration last December at a high DoD level, a knowledgeable source told AFJI recently...If that is the case, the device is more likely to function as a variable duration "enabler"...rather than a disabler that could be remotely activated to prevent a weapon from being used. In all likelihood, no decision regarding implanting either kind of device in advanced weapons will come before the DARPA provides an assessment to Congress of how best to handle the issue. That report is expected on Capitol Hill by August." The article goes on to say that this would be great for weapons exports and that EEPROMS could carry such "Trojan Horses" that could be activated using electrical signals. Hmmmmmm. Comments? My comments: First off, I wish people would stop applying the word "virus" and "Trojan horse" to every new kind of software they come across. Such software would not spread, so it's not a virus; and there's little reason to hide the fact that it exists (though of course the details would be secret), so it's not a Trojan horse. "Software disabling mechanism" is about right, of a bit wordy. Really, it's a lock, just like the lock on your car. It happens to be a "normally unlocked" lock, while most locks we deal with are "normally locked". The difference is understandable, given the circumstances under which the protected devices are used. In many ways, there is nothing new here. All high-tech weapons already have, in effect, a "variable duration enabler": Their spare-parts supply. This isn't a particularly EFFECTIVE lock, since even in the best of circumstances it can take quite some time for a spare-parts store to be exhausted, and maintainers of military equipment usually prove to be very resourceful at stretching their supply. Besides, there's an active black market. On a more prosaic level, it's been Soviet practice for years to build guns with a caliber just marginally smaller than that of their expected opponents. Soviet rifles can use NATO bullets, but NATO rifles can't use Soviet bullets - a very effective time-independent "lock". There have already been jokes about soldiers forgetting the password needed to boot their tank. I'm sure this proposal will lead to all sorts of fears about similar problems. However, especially if implemented with an "enabler" rather than an external disabling signal, I see little problem from a technical point of view - and it strikes me as a very nice safeguard to have. Imagine if all of Iraq's weapons had shut themselves down after 6 months. Now, from a POLITICAL point of view, it's another question. Would Iraq (or any other country) be willing to purchase weapons so solidly under the control of a potential enemy? Certainly they'd try very hard not to. The history of attempts to control international weapons sales hardly leads one to be opti- mistic that there won't be countries willing to sell unprotected weapons - not to mention "lock removal" agents (though with computer-controlled weapons their work can be made very, very difficult). — Jerry
The AP (8/13/91) reports from Melbourne that Nahshon Even-Chaim, a 20-year old computer science student, is being charged in Melbourne's Magistrates' Court on charges of gaining unauthorized access to one of CSIRO's (Australia's government research institute) computers, and 47 counts of misusing Australia's Telecom phone system for unauthorized access to computers at various US institutions, including universities, NASA, Lawrence Livermore Labs, and Execucom Systems Corp. of Austin, Texas, where it is alleged he destroyed important files, including the only inventory of the company's assets. The prosecution says that the police recorded phone conversations in which Even-Chaim described some of his activities. No plea has been entered yet in the ongoing pre-trial proceedings.
The following was posted to several Usenet groups on 14 August. Date: 12 Aug 91 13:02:36 GMT From: firstname.lastname@example.org Newsgroups: talk.bizarre,talk.politics.drugs,talk.politics.misc Subject: "War On Drugs" Atrocities: The Forfeiture Laws [...] P R E S U M E D G U I L T Y The Law's Victims in the War on Drugs The Pittsburgh Press, Sunday, August 11, 1991, p.1 It's a strange twist of justice in the land of freedom. A law designed to give cops the right to confiscate and keep the luxurious poseesions of major drug dealers mostly ensnares the modest homes, cars and cash of ordinary, law-abiding people. They step off a plane or answer their front door and suddenly lose everything they've worked for. They are not arrested or tried for any crime. But there is punishment, and it's severe. This six-day series chronicles a frightening turn in the war on drugs. Ten months of research across the country reveals that seizure and forfeiture, the legal weapons meant to eradicate the enemy, have done enormous collateral damage to the innocent. The reporters reviewed 25,000 seizures made by the Drug Enforcement Administration. they interviewed 1,600 prosecutors, defense lawyers, cops, federal agents, and victims. They examined court documents from 510 cases. What they found defines a new standard of justice in America: You are presumed guilty. [The articles included some real horror tales. Part One is in RISKS-12.13LAW in the RISKS archive directory on CRVAX.SRI.COM. PGN]
Army Records Say Computer Shutdown Might Have Averted Scud Disaster By ROBERT BURNS, Associated Press Writer [A few excerpts by PGN from a lengthy AP item presumably from 15 Aug 91] Army investigators concluded that the exact reason for Patriot's failure to shoot at the Scud will never been known for sure. But they said the most likely explanation was a previously unknown glitch in Patriot computer software. Army technicians had determined as much as two weeks prior to the attack that the Patriot computer was vulnerable to losing track of incoming Scuds when the computer was kept running for long periods, according to internal Army reports released in response to a Freedom of Information Act request by The Associated Press. Tragically, no alert bulletins were sent to Patriot operators in the field because the technicians viewed this as a minor problem of less importance than other Patriot improvements they were working on. The technicians did not think Patriot computers would be kept running for more than several hours at a time. [Earlier reports in RISKS noted that the spec called for only 14 hours of operation, not 100, and that the clock was drifting...] ``Had rebooting, or shutting off the system, occurred, it would have decreased the chance that the inexact (computer) calculation would have occurred,'' said June 14 memo signed by Lt. Gen. Ellis D. Parker, director of the Army Staff. A previously classified internal Army memo dated Feb. 20 described a series of software improvements to the Patriot computer, including a change that was designed to avert the tracking problem under circumstances of long continuous operation. But in follow-up memos intended to be seen by users of the Patriot, no mention was made of the tracking problem or of a need for periodic computer shutdowns. The technical specialists simply thought they had found a way of improving further on the accuracy of Patriot, not correcting a potentially fatal error. ``No significance was given this change because no prior related tracking problems had been seen,'' said an Army Patriot program office report. ``Therefore, no alarm or urgent notification was transmitted to the field.''
The following letter from Samuel Skinner, US Sec. of Trans., appeared in Tuesday's (8-13) Chicago Tribune. It's in response to a negative editorial regarding ADVANCE, a system for traffic control being worked on in Chicago. I could not find the original editorial. -\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\- New Traffic Technology Worth The Risks WASHINGTON---"The smart car will never succeed," Eric Zorn proclaimed recently in this "Hometowns" column, as he and many others in the Chicago area began speculating on the effectiveness and long-term benefits of a new technology that's come to Chicago. I beg to differ with Mr. Zorn---as was evident several weeks ago when I helped to announce the new ADVANCE project, an intelligent vehicle highway system [See RISKS 11.53, 24 April 1991: "`Traffic crystal ball'" may be in your car's future" -JH]. Intelligent vehicle highway systems, or IVHS, consist of many advanced technologies which, in combination, will help us to ease congestion and improve highway safety, mobility, and driver convenience. Unfortunately, Mr. Zorn cheated himself and his readers by simply concentrating on the "smart car" portion of IVHS. Just as important is the "smart highway" part of the equation. This concept uses advanced technologies to better manage traffic throughout an area, providing a safer and smoother trip for all drivers. Actually, IVHS technologies already are in use. Features such as cruise control and anti-lock brakes provide "smart car" capabilities to today's drivers. In the not-too-distant future, crash avoidance devices will detect the presence of an obsticle or other vehicle and alert the driver to a possible collision. The "smart highway" is also a reality in many areas. For example, computers already are used to automatically change traffic signal timing and control the flow of traffic onto freeways to help reduce congestion. The ADVANCE IVHS project goes a step further by providing individual drivers with route guidance information to make their trips safer and faster. If the U.S. is to stay competetive into the 21st Century, we must invest in innovative ways to move goods and people more safely and efficiently. Being on the cutting edge of technology means taking risks, and frankly, some IVHS technologies may not work. However, there are strong indication that many will. Even today, one Japanese firm claims that they are selling 2,000 navigation devices per month in Japan. If projects like ADVANCE are a success, consumers will be buying these products from American companies and not their European and Japanese competitors. The long-term benefits from ADVANCE and other IVHS projects will not be known for many years. It is also impossible to predict consumer acceptance of advanced technologies in automobiles or elsewhere. One can only wonder what the early reaction was to those car radios the Mr. Zorn urges us to use. In 1926, Lee de Forest, the man who invented the cathode ray tube said, "While theoretically TV may be feasible, commercially and financially, I consider it an impossibility..." Only time will tell the full measure of success for ADVANCE and other IVHS technologies. But if we never start, we will never know. Meanwhile, we at the Department of Transportation will continue working on innovative solutions to assure America's transportation future. For as the Tribune's own editorial put it so well, "...if we have learned anything this century, it is that the future is limitless and its way paved with new notions." Clearly, the Congress shares this view, as both the Senate and House versions of the Surface Transportation Bill now being crafted include substantial increases in spending for research, development and deployment of IVHS technologies. Samuel K. Skinner U.S., Secretary of Transportation
SEARCH FOR NEWS LEAKS SPURS OHIO PHONE SWEEP By RANDALL ROTHENBERG, c.1991 New York Times News Service Law-enforcement officials in Ohio have searched the records of every telephone user in southwestern Ohio to determine who, if anyone, called a Wall Street Journal reporter to provide information that Procter & Gamble said was confidential and protected by state law. The investigation goes far beyond examining the telephone records of current and former employees of the giant consumer products company, an inquiry the Hamilton County prosecutor's office confirmed on Monday. The Journal reported the scope of the investigation Thursday. The prosecutor, Arthur Ney Jr., acting on a complaint by Procter & Gamble, ordered Cincinnati Bell to turn over all the telephone numbers from which people called the home or office of the reporter, Alecia Swasy, from March 1 to June 15. The situation began sometime before June 17 when Procter & Gamble, which makes Tide detergent, Crest toothpaste and other familiar supermarket products, asked the Cincinnati police to determine whether current or former employees were leaking confidential corporate information to The Wall Street Journal. On Monday the newspaper reported that the company had been bothered by two news articles published on June 10 and June 11 written by Ms. Swasy, a reporter based in Pittsburgh who covers Procter & Gamble. The articles cited unidentified sources saying that a senior executive was under pressure to resign from the company, and that it might sell some unprofitable divisions. But a spokeswoman for Procter and Gamble, Sydney McHugh, said Thursday that the company ``had been observing a disturbing pattern of leaks'' since the beginning of the year. She refused to elaborate, but said the decision to pursue legal action was reviewed at several levels in the company and was made by Jim Jessee, a corporate security officer. Two Ohio statutes protect the unauthorized disclosure of trade secrets. One makes it a felony to transmit formulas, customer lists or other tangible pieces of information that would be valuable to a company and its competitors. But another, broader law makes it a misdemeanor to disclose ``any confidential matter or information'' without the company's consent. The Cincinnati police approached the Hamilton County prosecutor's office, which sought and received from a grand jury a subpoena for telephone records. A copy of the subpoena, dated June 17, was given to The New York Times by someone involved in the case who insisted on anonymity. The subpoena ordered Cincinnati Bell to ``identify all (513) area code numbers that have dialed'' Ms. Swasy's home or office telephones in Pittsburgh during an eight-week period that started on March 1. Cincinnati Bell serves 655,297 telephone numbers in the 513 area code, in an area covering 1,156 square miles, said Cyndy Cantoni, a spokeswoman for the company. In the company's entire jurisdiction, which also covers parts of Kentucky and Pennsylvania, about 13 million toll calls are placed in an average month, she said. Ms. Cantoni said she could not comment on what Cincinnati Bell turned over to the authorities, but said the company routinely complied with subpoenas. Under normal procedure, the company's computers would have automatically searched its customer list and printed out only the originating numbers, and not the names or addresses, of calls to Ms. Swasy's numbers, Ms. Cantoni said. The Wall Street Journal, which is published by Dow Jones & Co., reported on Monday that neither Ms. Swasy nor executives at the Journal were informed of the subpoena by the authorities. Neither Terry Gaines, a first assistant prosecutor, nor Ed Ammann, a police department colonel involved with the investigation, returned repeated calls to their offices. Alan F. Westin of Columbia University, an authority on technology and privacy issues, said the legality of the Ohio authorities' search for the Procter & Gamble whistleblower may depend on how the investigation was pursued. If Procter & Gamble turned over the names and phone numbers of present and former employees to the police and the police matched that list against the numbers they were given by the telephone company, the rights of other, uninvolved parties may not have been violated, Westin said. But if the police learned the names of people unaffiliated with Procter & Gamble who called the Journal's reporter, he said, or if they turned over a list of numbers to Procter & Gamble for research, some Ohio residents' Fourth Amendment protections may have been sullied. ``When technology allows you to run millions of calls involving 650,000 telephone subscribers through a computer in order to identify who called a person, potentially to find out whether a crime was commited, you raise the question of whether technological capacity has gone over the line in terms of what is a reasonable search and seizure,'' Westin said.
POWER SURGE CAUSES FAILURE OF SYSTEMS IN NEW YORK NUCLEAR PLANT By KEITH SCHNEIDER, c.1991 N.Y. Times News Service WASHINGTON A power surge at dawn Tuesday knocked out instruments that operators used to control the reactor at a nuclear power plant in upstate New York and caused the failure of a succession of systems that monitored the plant's operations. Workers at the Nine Mile Point Nuclear Station, on Lake Ontario about 6 miles from Oswego, were never in danger from a release of radiation, said Niagara Mohawk Power Corp., the plant's operator and co-owner. But the problems at the Unit 2 reactor, the newest of the plant's two reactors, caused Niagara Mohawk to shut down the plant and declare the second-highest level of alert possible under federal rules. And the Nuclear Regulatory Commission said the plant could not reopen until an investigation into the events, which began Tuesday, was completed. Niagara Mohawk lifted the alert at 7:45 p.m. Tuesday. It is only the third time that such an alert, known as a site area emergency, has occurred at an American nuclear power plant, the NTC said. Parts of the monitoring systems were unaffected by the loss of power, enabling the operators to oversee the safe shutdown of the reactor. According to the NRC, the operating record of Nine Mile Point's two nuclear reactors since the late 1980's has ranked among the worst of the 111 licensed nuclear reactors in the United States. For three years until its status was changed in June, Nine Mile Point was on the agency's list of problem plants. The emergency was declared after one of three transformers at Unit 2 failed at 6 a.m. The failure caused a powerful surge of electricity to rush back into the plant, tripping the circuit breakers in the main turbine and five of the plant's internal power systems. The turbine shutdown caused the nuclear reactor to automatically begin to shut itself down, plant engineers said. Manual shutdown procedures also were started, they said. Four of the internal power systems that failed provided electricity to critical gauges, safety monitors, the plant's main computer, and monitoring equipment in the main control room. Some of the most important gauges operators use to control the reactor were knocked out, including the one showing the position of control rods in the reactor and another that measured the power of the reaction. Another system of emergency indicators that failed were annunciators, a series of playing-card-sized windows at the top of the control panel that flash and sound an alarm when equipment or processes are functioning improperly. Their function is similar to that of red warning lights on an automobile's dashboard, serving as a first line of warning that can be verified by a gauge. The failure of many primary gauges, the main computer and annunciators meant that if the reactor were an automobile, operators would have been driving with a sheet across the windshield. Niagara Mohawk and the NRC said they considered the incident to be serious because the power systems had been designed so they would not fail. Each had backup batteries. In the event of a main electrical failure, circuits were supposed to automatically shift the systems to battery power. The plant's engineers determined Tuesday that the power surge destabilized the circuits that needed to be stable for 4 milliseconds to work properly, said Gary Grant, a senior reactor operator. ``Nobody anticipated this transformer failure and all this happening at the same time,'' said Grant. Nine Mile Point is one of 37 nuclear plants in the county manufactured by General Electric Co. Lynn Wallis, a spokesman for GE in San Jose, Calif, said Tuesday: ``The NRC has evaluated our design. They are licensed and they are safe. That's all I can provide. You ought to talk to the utility and the NRC.'' The Nine Mile Point Nuclear Station generates 1,705 megawatts of electricity for upstate New York residents from two boiling-water nuclear reactors. Unit 1, a 615-megawatt reactor, began operating in 1969 and was not affected by the incident Tuesday. Unit 2, a 1,080-megawatt reactor that began operating in 1988, is owned by Niagara Mohawk and four other utilities, including Long Island Lighting, New York State Electric and Gas, Rochester Gas and Electric and Central Hudson Gas and Electric. The NRC describes a site area emergency, one of four categories of alert, as one in which there are ``actual or likely major failures of plant functions needed for protection of the public.'' Only twice previously have site area emergencies been declared by utilities. There has never been a general emergency, described by the government as an actual or imminent degradation of the nuclear reactor core, though if the system had been in place in 1979, the Three Mile Island accident would have qualified. Last year, Plant Vogtle, a nuclear generating station owned and operated by Georgia Power, 26 miles southeast of Augusta, declared a site area emergency after the plant's main power supply failed and backup diesel generators were turned on, the NRC said. In 1982, a steam generating tube ruptured at the Ginna nuclear plant, operated by Rochester Gas and Electric 20, miles northeast of Rochester, and a similar emergency was declared because of the threat of a worse accident caused by the loss of coolant for the reactor core, said the NRC. The NRC said Tuesday that emergency incidents at nuclear reactors in the United States were declining, indicating an improvement in management and operations since 1979. Last year, the number of unusual events, the lowest level of alert, declined to 151 from a peak of 312 in 1985. In 1990, the number of alerts, the second lowest emergency event category, was 10, about the same as it had been for a decade. Niagara Mohawk said it took just 22 minutes for the plant to restore power to the control room monitors.
Please report problems with the web pages to the maintainer