The RISKS Digest
Volume 17 Issue 33

Friday, 8th September 1995

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Virtual reality damages vestibular-ocular reflex?
Daniel P. B. Smith
o Sony satellite dishes REMOTELY reprogrammable?
Robert L Krawitz
o Password cracking 'improves' security
Duncan Booth
o Total data loss
T H Pineapple
o Viruses Plague Microsoft Programs
o Word Macro virus, platform crossing, and VBA
Rob Slade
o Re: Two Way HOV Lane
Bill Hefley
o "Computers Ethics and Social Values" by Johnson/Nissenbaum
Rob Slade
o Cybersobriety/new book: Democracy & Technology
R.E. Sclove
o Software Assessment: Reliability, Safety, Testability
Friedman and Voas
o Network Security '95, final program information
o Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

Virtual reality damages vestibular-ocular reflex?

Daniel P. B. Smith <>
Thu, 7 Sep 1995 21:51:25 -0400

Electronic Engineering Times, 14 Aug 95, has an article entitled "Neural VOR predicts illness." According to the article, "A complete model of the vestibular-ocular reflex (VOR) was demonstrated here at the World Congress on Neural Networks. The neural-network-based model accurate mimics not only the behavior of a VOR but the abnormal behavior of damaged VORs. Separately, the author estimates that at least two months' exposure to inaccurate virtual-reality simulations could damage health VORs."

Choose your interpretation... does this highlight a RISK of virtual reality, or a RISK of drawing real-world conclusions from computer modelling?

Daniel P. B. Smith

Sony satellite dishes REMOTELY reprogrammable?

Robert L Krawitz <>
Fri, 8 Sep 1995 09:19:21 -0400

An article in the _Boston Globe_ 8 Sept 1995 mentioned that some Sony miniature satellite dishes have a problem, the nature of which is that the screen freezes and the audio drops for a second or two. What raised my eyebrows was a comment by a Sony official that the company is investigating the possibility of downloading a fix into the dishes (the problem is apparently software in nature, with the result being that the tuner doesn't lock properly). This would require no action on the part of users, and the TV set (in the words of the article) would not need to be on when the fix was downloaded for it to have effect.

If the official knew that this kind of remote reprogramming facility exists (as opposed to this person being a PR flack just blowing smoke), well, the possibilities may be left to the imaginations of my fellow RISKS readers.

Robert Krawitz <>, Member of the League for Programming Freedom
-- mail Tall Clubs International —

Password cracking 'improves' security

Duncan Booth <>
Thu, 07 Sep 1995 09:52:54 +0100

The following extract is from an advertisement for a program called WDPass:

Never lose your passwords again. For many organisations the major deterrent to using the security features in programs such as WordPerfect and Lotus 1-2-3 is the fear of rendering crucial files inaccessible by losing or forgetting passwords. It is logical to have an immediate solution to recovering passwords and enhancing security.

WDPass can immediately recover lost passwords and, thus access locked files allowing users to feel secure in using passwords to lock confidential files.

[Ingram Micro Services advertisement in September 1995 issue of Connectivity (a newsletter published by the PC User Group)]

The program claims to work for a variety of Wordperfect, Microsoft, Lotus and Borland file formats. I find it hard to believe that anyone could read this advert and think that buying a program that breaks the passwords on all of their files will make the confidentiality of their data more secure, but the risk is that out there are some senior executives gullible enough to think that this allows them to rely entirely on password protection of documents instead of more traditional locks and keys.

Duncan Booth, RCP Consultants Ltd, Didcot, OXON UK

Total data loss

T H Pineapple <>
Fri, 8 Sep 95 12:17 BST-1

If you're returning a hard disk to a data recovery firm, do make sure the couriers don't wind up having their van hijacked...

dude://steev@Almathera.Ltd.UK. Netsurf & Opticality. [ photogenics ] [ windows '95 companion ]

[Yes, in case you are wondering. It REALLY happened. The details are being withheld because of forensics and legal processes. Stay tuned. Maybe we will hear some more later. PGN]

Viruses Plague Microsoft Programs (Edupage, 31 Aug 1995)

Educom <>
Fri, 1 Sep 1995 04:24:21 -0400 (EDT)

A strange virus is invading documents created with Microsoft's popular Word program. While it doesn't destroy files or cause serious damage, it changes files into templates, which can then be awkward to work with or transfer. Microsoft is distributing a fix that gets rid of the virus and inoculates against future contamination, available though help lines or at < >. (Wall Street Journal 30 Aug 95 B2) Meanwhile, some would-be Windows 95 users are complaining that they get stuck after the first disk. A Microsoft spokeswoman says that a virus already on the users' computers is at fault — when it's activated by the first Windows 95 disk, it prevents any other disks from being installed. Details on how to fix the problem will be forthcoming, but meanwhile, users who install the program via floppy disk should use a virus checker to scan their systems first and set the write-protect tab on their program disks before installing them. (Houston Chronicle 31 Aug 95 C1)

Edupage is written by John Gehl ( & Suzanne Douglas
( Voice: 404-371-1853, Fax: 404-371-8057.

Word Macro virus, platform crossing, and VBA

"Rob Slade" <>
Wed, 06 Sep 1995 00:34:48 EST

In regard to the recent postings on the Word.Macro/WinWord.Concept virus by Paul Ducklin, Gene Spafford and others, there are some related developments of note.

As the postings have said, the concept of macro or interpreted viral "programs" has been known, experimented with and theorized for some time. A major factor in the success of such a virus is a "critical mass" of compatible systems. For a time the Rexx language appeared to be poised on the brink of "success" as a cross platform macro environment, and currently there is interest in MIME (Multi-purpose Internet Mail Extensions). Neither of those systems, however, has yet become a major player.

By a quirk of chance I have recently reviewed a number of books on Microsoft's Visual Basic. All of them have mentioned Microsoft's move towards Visual Basic for Applications, or VBA. This is to be a fully compatible programming/scripting/macro environment replacing and augmenting the various macro functions in Microsoft products. Once VBA is implemented, a macro virus word not merely be able to spread from WinWord to MacWord documents, but to Excel, Access, FoxPro and a host of other applications as well. Indeed, from the information in the books, Microsoft is interested in licensing VBA to other developers for inclusion in non-MS applications.

Perhaps it's time to turn off the macro "autoload" capabilities in all your applications? Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0

[Hey, folks, this is not really a virus. It is a Trojan horse, akin to the letter bombs of yore that contained squirreled nonprinting characters. As a reminder, we had a fine discussion in RISKS-16.55 and 56, begun by Mike Crawford, on the risks of Trojan horses in PostScript files. PGN]

Re: Two Way HOV Lane (Weinstock, RISKS-17.30,32)

Bill Hefley <>
Wed, 30 Aug 95 11:57:49 EDT

My colleague, Chuck Weinstock, recently reported to this forum a terrible accident that happened here in Pittsburgh, PA, regarding a head-on collision between two vehicles travelling in opposite directions on a high occupancy vehicle (HOV) lane. Several people were killed in this accident, and two individuals remain hospitalized. This HOV lane is supposedly only open in one direction at a time.

There are three new developments in this incident, according to last night's news:

  1. There have been news reports of at least three other incidents of cars travelling in both directions simultaneously in the HOV lane--three more potential head-on crashes occurring just since the fatal accident last week.
  2. An employee of the state department of transportation (PennDoT) who had been responsible for manually opening and closing the gates and turning on/off the signs to control access to the HOV lane was fired yesterday. His attorney reportedly admitted that he had opened the south end of the lane before closing the north end (in violation of procedure) and then lied to investigators by claiming that he had followed procedures. There may be criminal charges filed against the former PennDoT employee.
  3. PennDoT reportedly is planning to spend a million dollars to upgrade the control system and signage for this HOV lane. According to the news reports, it sounds like they are planning to put into a central location a set of manually-operated switches to control the gates and signs, much as they are manually controlled in the field by a single operator now.
IMHO, I'd have serious concerns about this sort of "automated" control system coupled with the use of a manual checklist. The same potential problem for human error or failure to follow the checklist could still exist, if the appropriate safety mechanisms are not built in. The only difference is that the problem has now merely moved from the physical gate and sign devices to a control panel in a central facility. All one needs to do is look at the prior literature on human error in control rooms to validate this concern.

For example, in the nuclear power industry, estimates of human error (as a percentage of system failures) range from twenty to sixty-five percent [Moray88]. Within a particular type of system, operating power plants, 15 to 30% of reported events occurring during operation involved a human error component [Griffon-Fouco87]. Of these events:

Related studies [Meclot & Griffon-Fouco88] have indicated a number of deep causes of these human failures. Although sixty-two percent of the significant incidents can be attributed to the ergonomics of the workplace and the organization of the work, another fifty-six percent can be attributed to failure to follow procedures (26%), content of procedures (16%), task complexity (11%) and the form of the procedures (3%).

Taken from these prior studies, procedure following in a control room is still far from perfect reliability--human error can still occur. I hope that PennDoT does more than just add in switches to manually control the HOV lane, and also incorporates appropriate interlocks into their control room.


Griffon-Fouco, M., & Ghertman, F. (1987). Data Collection on Human Factors. In J. Rasmussen, K. Duncan, & J. Leplat (eds.), New Technology and Human Error [Chap. 18]. (B. Wilpert, Series Ed.) (New Technologies and Work). (pp. 193-207). Chichester, UK: John Wiley & Sons.

Meclot, B., & Griffon-Fouco, M. (1988). L'Analyse des Incidents et L'Interface Homme-Machine. In Man-Machine Interface in the Nuclear Industry [IEAE-CN-49/34]. Tokyo, Japan. (IAEA Proceedings Series). (pp. 51-60). Vienna, Austria: International Atomic Energy Agency.

Moray, N. P., & Huey, B. M. (eds). (1988). Human Factors Research and Nuclear Safety. Washington, D. C.: National Academy Press.

Bill Hefley - Senior MTS, Software Engineering Institute, Carnegie
Mellon Univ. Pittsburgh, PA 15213 +1-412-268-7793
[Note added on 8 Sept 1995: The fired worker has now been charged with involuntary manslaughter and faces as much as 31 years in prison. Not only did he open the gates in the wrong order, but he knew of the accident and failed to radio it in or offer assistance, his fire extinguisher, or any help. BH]

"Computers Ethics and Social Values" by Johnson/Nissenbaum

"Rob Slade" <>
Sat, 02 Sep 1995 00:42:25 EST


"Computers, Ethics & Social Values", Johnson/Nissenbaum, 1995, 0-13-103110-4
%A Deborah Johnson
%A Helen Nissenbaum
%C One Lake St., Upper Saddle River, NJ 07458
%D 1995
%G 0-13-103110-4
%I Prentice-Hall, Inc.
%O +1-201-236-7139 fax: +1-201-236-7131
%P 714
%T "Computers, Ethics & Social Values"

Johnson's earlier book, "Computer Ethics" (cf. BKCMPETH.RVW), may be considered the preeminent work in the field. This collection of papers, co-edited with Nissenbaum, enhances, but does not extend, that prior work.

Ethical problems may be divided into a number of groups in the computer world. Three stand out in particular. Some dilemmas arise from a conflict of agreed "good" values. These are the situations described in moral scenarios: should the poor man steal the medicine necessary to cure his wife from the inventor who will not reduce his price. A second class have to do with unknown or unpredictable situations. In the non-computer world, an example would be megaprojects of unknown environmental impact. The third grouping would include situations where a vast majority hold to a certain standard of behaviour, while a minority act otherwise. Cults and certain brands of terrorism would fall into this category.

Most non-computer ethical discussion is directed at the first class of problems, and most works on morality in computing follow suit. The articles in this book go a bit further. Chapter five, and parts of six and seven, raise issues related to group two problems. The ethical analysis is, however, limited and tentative. The inclusion of articles by Stallman, and Dorothy Denning's interview with Frank Drake, would seem to be an attempt to discuss the third type of issues. The bulk of the work, though, speaks with a single voice from the position of conventional morality, yet fails to address realistically the problem of bringing outsiders into the fold.

The papers seem to have a fair distribution between academic and popular works. Be forewarned: some of the latter have a Saturday-magazine level of accuracy to the information. Non-American readers should note a heavy reliance on American case and constitutional law, although most discussions are sufficiently detailed as to raise common law issues.

copyright &copy; Robert M. Slade, 1995 BKCMETSV.RVW 950609
Vancouver Institute for Research into User Security, Canada V7K 2G6

Cybersobriety/new book: Democracy & Technology

Tue, 29 Aug 1995 13:08:17 -0500 (EST)

Richard E. Sclove, _Democracy and Technology_ (New York: Guilford Press, 1995). Paperback ISBN 0-89862-861-X; hardcover ISBN 0-89862-860-1.

The book develops a constructive agenda for democratizing all domains of technology--ranging from household to workplace, government, urban infrastructure, medicine, farming, etc.

[For further information, contact Dick Sclove, Executive Director, The Loka Institute, P.O. Box 355, Amherst, MA 01004-0355, USA 413 253-2828; Fax 413 253-4942 World Wide Web: or PGN]

Book: Software Assessment: Reliability, Safety, Testability

"Friedman, Michael A" <>
29 Aug 1995 16:52:39 -0800

Book: Software Assessment: Reliability, Safety, Testability
Authors: Michael A. Friedman & Jeffrey M. Voas
Publisher: John Wiley & Sons, New York (1-800-225-5945)
ISBN 0-471-01009-X; Hardbound, $54.95

Is software quality testing really effective or just a waste of time? The skeptics conclude that it is an exercise in futility to try to measure the reliability and safety of these complex systems under all critical circumstances. They contend that quality assurance comes only through a strict adherence to rigorous development process models. In this groundbreaking book, Michael Friedman and Jeffrey Voas dispel that myth. They demonstrate that extremely accurate, cost-effective software quality testing can now be a reality, thanks to powerful new analytical tools. Central to the approach outlined in Software Assessment is an assessment optimization technique called testability analysis. Pioneered at the College of William and Mary and NASA by Jeffrey Voas, testability analysis predicts the likelihood that latent bugs will be detected through testing. Because no test oracle is required, testability analysis can be automated. The book offers a balanced presentation of theory and practice. Featuring exhaustive coverage of the foundations of reliability, safety, and testability, it uses real-world examples, illustrations, and clear descriptions to explore all of the latest techniques for assessing those qualities.


1. The Balls and Urn View of Software Testing
2. The PIE Assessment Model of Software Testability I
3. The PIE Assessment Model of Software Testability II
4. Designing Toward the Tester's Utopia
5. Software Safety
6. Assessment of Safety-Critical Software Units
7. Software Reliability Modeling
8. Software Reliability Growth Modeling
9. System Modeling
10. Software Reliability Prediction, Allocation and Demonstration Testing
11. Generating Test Cases

Unix Network Security '95, final program information

SANS'95 Conference Office <>
7 Sep 1995 11:15:30 -0400

[You don't know what SANS is? The official message that I trimmed down for RISKS didn't say. The NS is presumably Network Security, but WITHOUT SANS (bad franglais pun) deacronymization, it is hard to tell. PGN]

The entire program lasts a week (November 13 - 18) with in-depth courses on Monday through Wednesday and on Saturday. The multi-track Technical Conference is on Wednesday and Thursday.

[Send E-mail to or phone 719-599-4303 for full program and registration information. PGN]
Unix Network Security 95 (November 16-17, Washington D.C.)

Thursday, November 16, 1995

9:00 - 10:30 Keynote Address Keynote: "Early Insecurity" Peter Salus

Track 1: Remainder of Thursday

11:00 - 12:30 pm
Session 1-1: "Legal Issues of Computer Security"
2:00 - 3:30
Session 1-2: Intruder Profiles and Incident Response Experiences
"Current Trends in Intruder Methods", Moira West or Tom Longstaff, CERT "An Incident Response Case Study", Brent Mead, Jet Propulsion Laboratory
4:00 - 5:30
Session 1-3: Incident Response Case Studies, Randy Marchany, VPI
"Security in the Blacksburg Electronic Village"
"Email Harassment: the Aura of Anonymity"

Track 2

11:00 - 12:30
Sessions 2-1: Intrusion Detection - Past, Present and Future
"Informal Methods of Intrusion Detection", Matt Bishop, Univ. California Davis
"An Introduction to Intrusion Detection Modeling", Karl Levitt, UCDavis

2:00 - 3:30 pm
Session 2-2: Current Intrusion Detection Systems and
Future Trends: A Panel, Moderated by Dorothy Denning, Georgetown University
Panel Members:
Becky Bace, Department of Defense
Karl Levitt, University of California at Davis
Teresa Lunt, ARPA/ITO

4:00 -5:30 pm
Session 2-3: Encryption Alternatives: Overview and Applications
Dr. Robert Baldwin, RSA Data Security, Inc.

Both tracks: 5:45 - 6:45 pm
Special Bonus Session and Contest:
The Best Security Stories of 1995 Contest Winners

E-mail (before September 12) your abstract and complete contact information (name, title, organization, address, telephone, fax, email address to

Evening: BOFs 8:00 to 10:00

Friday November 17
Track I

9:00 - 10:30 am
Session 1-4: Intruders and Incident Response

"Network Intruder Profiles", Gene Shultz, SRI
"Building An Incident Response Team for Your Organization", Gene Shultz, SRI

10:45 am - 12:15 pm
Session 1-5 Firewalls - Design Issues and Case Studies, Part I
"An Overview of Firewall Design and Selection Criteria", Marcus Ranum
"Case Study: A Winding Road To Security", Marcus Ranum

1:15 to 2:45
Session 1-6 Firewalls - Design Issues and Case Studies, Part II
"Case Study: A Secure Firewall Implementation", Paul Vixie, Vixie Enterprises
"Firewalls Into the 20th Century - Where Do We Go From Here", Fred Avolio, Trusted Information Systems

3:00 - 3:45

Session 1-7: "Case Study: Experiences In Implementing A Network

Authentication System In A Large Commercial Site", Bryan Koch, Norwest Technical Services

Track 2

9:00 - 10:30
Session 2-4: "Surviving the Battlefield of Security Policy
Design and Implementation", Michele D. Crabb, Sterling/NASA Ames, Todd Welch, Sterling/NASA Ames, plus one other speaker to be announced

10:45 - 12:15
Session 2-5: "Insecurity in the PC-UNIX Realm",
Kenneth R. van Wyk, Defense Information Systems Agency and two associates to be named at the conference

1:15 - 2:45
Session 2-6: Potpourri One - Real World Experiences

"Case Study: Whom Shall I Say is Calling?", Hal Pomeranz - The NetMarket Co.
"Four Short Case Studies: Variations On A Theme", Darren Reed, Cybersource Software Services (Australia)

3:00 - 3:45
Session 2-7: Potpourri Two - Real World Experiences
"Augmenting Security in a UNIX Environment", Steve Lutz, Chase Manhattan

Both Tracks
3:45 - 4:30
Session 8: Plenary Session
"The Taking of Clark", Bill Cheswick, AT&T Bell Labs

4:30 - 4:45 Summing Up: The Conference Chairpersons

List of Full-Day Intensive Courses:

COURSE M1: UNIX Security Threats and Solutions (Basic)
Dr. Matt Bishop (Univ. of California at Davis)

(NEW and UNIQUE) COURSE M2: Firewalls: Principles, Six Key Pitfalls, and Finding The Right Solution, Bruce D. Wilner

(NEW AND UNIQUE) COURSE T8: Building a Successful Security Infrastructure
Michele Crabb, Sterling Software Inc. for NASA Ames Research Center

COURSE T9: Advanced Topics in UNIX Security
Dr. Matt Bishop, University of California at Davis

(EXPANDED) COURSE W16: UNIX Security Tools: Use and Comparison
Dr. Matt Bishop (Univ. of California at Davis)

COURSE W17: Network Security, the Kerberos Approach
Dan Geer, Open Vision

Four Half-Day Post Conference Workshops

Workshop S51:
(NEW) Security and the World Wide Web, John Stewart, Cisco
Workshop S52:
(New and Unique)Workshop on Security Policy Design and Implementation, Michele Crabb, Sterling at NASA Ames
Workshop S53:
Survival Strategies: Ten Keys To Giving Winning Technical Presentations
Alan Paller, President, The CIO Institute
Workshop S54:
Survival Strategies: Great Technical Writing Made Easy, Carolyn Sherman

Please report problems with the web pages to the maintainer