University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from:

Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16, Issue 14

Monday 13 June 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator


o Unconventional Telephones
Mike Hoffberg
o Ex-deputy police chief charged over Computer Records
Mich Kabay
o RISKS in UK Election Voting Process
Thomas Rushton
o Big brother wants the shirt off your back
Lynn R Grant
o Re: GIF contains more than just a picture
Castor Fu
o Re: How to feel safer in an Airbus
Peter Ladkin
o Airbus A3(0?)0 deductions
Phil Overy
o Correction for address of Clipper paper
Sidney Markowitz
o Chunnel vision
David Honig
o RISKS of real-time image processing
Andy Cunningham
o Re: Women and Tetris addiction
Hilarie Orman
o Re: Campaigns and Elections
Robert J. Burkhart
o Re: Apathy toward computer errors
Tom Yurkiw
o Security? Maybe....
Neill Clift
o Re: Call Your OPERATER
o Re: Risks of too-simple responses
Ross Anderson
o Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

Unconventional Telephones

Mike Hoffberg < >
Sun, 12 Jun 94 21:45:24 CDT
     I just got a new 900 MHz telephone made by Bel-tronis.  Plastered all over it
     is the fact that it "Styled by BRONDI, Italy".  I guess I should be impressed.
     Well today I prepare to make a call on it to SouthWest Airlines
     (1-800-I-FLY-SWA).  Guess what?  The phone does not have a "W" on it.
     On the #9 key it has XYZ.  It is missing the "Q" though.
     It kind of reminds me of the (sorry about the non-PC reference) Polish
     joke of the day 555-POLZ.  Except it would not work on this phone.
     Michael Hoffberg

Ex-deputy police chief charged over Computer Records

"Mich Kabay [NCSA Sys_Op]" <75300.3232@CompuServe.COM>
12 Jun 94 09:26:26 EDT
     From the Reuter newswire (94.06.10 @ 16:59) via Executive News Service (GO
     ENS) on CompuServe:
       LOS ANGELES, June 10 (Reuter) - A former deputy police chief who is now a
       private detective has been accused of obtaining highly sensitive criminal
       records from his old department, a spokeswoman for the District Attorney's
       Office said Friday. 
          Spokeswoman Sandi Gibbons said Daniel Sullivan, former deputy chief of
       the Los Angeles Police Department, was charged Thursday with 11 misdemeanor
       counts of being in possession of criminal records.
     According to the article, Sullivan allegedly used an inside collaborator to get
     the data.  The collaborator and another private detective who received
     confidential police files were also charged with misdemeanors.  Some of the
     stolen information concerned people in official witness-protection programs,
     relocated to protect their lives.

RISKS in UK Election Voting Process

Fri, 10 Jun 94 16:24 BST
     A colleague (call him ZX) has just told me about how he voted in the 
     recent European Elections, and I thought I would share it with you.
     He realised that he didn't have his voting card with him, but went to vote
     anyway.  The voting hall contains several tables, where you exchange your card
     for a voting slip, and the usual booths / boxes etc.
     The procedure:  Go to the table which is labelled with your street name,
     hand over your card, and receive a voting slip.
     ZX (with no card), went to the appropriate table, and explained that he
     wanted to vote, but did not have his voting card with him.  The clerk
     said ``Oh, that's OK -- which street do you live in?''.  ZX replied
     [RISK area -- pick a street, any street, from the following...]
     The clerk then looked up in his copy of the electoral register for
     that street, and asked ZX for the number of the house he lived in.
     [RISK area -- the names in the register were marked in a way that
     indicates who has voted already]  ZX replied with his house number,
     the clerk said ``Oh, you must be Mr X'', and handed ZX a ballot slip.
     The obvious conclusion is that J. Random Voter can go to any polling
     station, say he's left his voting card at home, give a street name
     (supplied on the tables), pick the number of a house on that street
     from which no one has voted (by reading the electoral roll copy),
     and vote, without having had to produce any for of ID.
     The RISKs here are even higher when you consider that approx only 30%
     of the total electorate participated in this election....
     Question: Should the UK update its voting system? 
     Thomas Rushton SwEng / SEES, RMCS, Shrivenham, Swindon, WILTS, SN6 8LA, UK             tel: +44 (0)793 785684

Big brother wants the shirt off your back

Mon, 13 Jun 94 16:16 EDT
     Here's another risk on the horizon.  We may have to wait a few
     years, though.  From the June 1994 issue of Bobbin, "The premier
     news and information source of the global sewn products industry":
          Groups such as the American Textile Partnership (AMTEX), a
          research consortium that links the sewn products industry with
          the Department of Energy's national laboratories, also are looking
          at RF technology as a means to improve the production process.  In a
          research project called the Embedded Electronic Fingerprint, long-term
          work is underway to develop a computer-type device the size of a grain
          of wheat that could be attached to a garment and used through the
          entire product life cycle.
          "A manufacturer could program into the device information unique to
          a garment, such as the size, color, style, line, or plant of
          manufacture, care instructions, etc.," explains Jud Early, director
          of research and development for the Textile/Clothing Technology
          Corp, [TC]**2.  "There also would be a large amount of blank memory
          that could be used for anti-counterfeit tracking and more."
          Since each tag would have a unique identity, in-process inventory
          could be tracked easily using RF units--without ever touching garments
          or having to open shipping boxes.  For example, a carton could be
          passed through a reading system, which would verify the contents
          against the packing list.
     So, all that is needed is for the clerk at the store to capture the
     identity of the shirt, perhaps through a barcode on the tag (so they
     wouldn't have to install the special shirt readers), and they already
     know your identity from your credit card number (unless someone else
     buys your shirts for you), so they can track your movements by setting
     up shirt readers in various places.
     But that might take more collusion between government and the stores
     than we want to speculate.  So try this: a crime is committed.  A few
     days later, you walk past a hidden shirt reader, and are immediately
     approached by an officer of the law, who arrests you for the crime.
     "But I was nowhere near the scene of the crime," you protest.
     "On the contrary," the officer counters, "one of our hidden shirt
     readers detected you shirt in the vicinity of the crime.  You must
     be guilty."
     One would hope that the manufacturers of these devices don't accidentally
     program duplicate serial numbers in them.  And you should think twice
     about lending your shirt to your girlfriend.
     Lynn Grant  Grant@DOCKMASTER.NCSC.MIL

GIF contains more than just a picture (Aldous, RISKS-16.13)

Castor Fu <castor@drizzle.Stanford.EDU>
Thu, 9 Jun 1994 23:10:30 -0700
     So does this mean that xv - vi = une ix ?
       [To which PGN replied,
       However, if  ix  were masculine, we would have  un ix.]
          [To which Castor replied, 
          One could argue that the gender of Unix is somewhat ill-defined.]
             [So, we need a language such as Latin with a neuter gender, 
             and in which "un" is an indefinite article.  PGN]
                [Kevin Kenny ( noted that the other
                popular image viewer, `xli,' is the FORTY-ONE program!]

Re: How to feel safer in an Airbus [Terribile, RISKS-16.13]

Peter Ladkin <>
Fri, 10 Jun 1994 11:04:40 +0200
     Mark Terribile offered some interesting comments on Airbus aircraft
     design. But some of his speculation is ill-founded, and should not
     pass without comment.
     > If I understand correctly, Airbus was forced to use these multimode control
     > systems because some of its aircraft use sidestick controllers.
     > [...]
     > There is another serious problem with the control mechanism described:
     This is confused.  His first comment refers to the Airbus A320
     aircraft, which is the first `fly-by-wire' commercial transport.  His
     second comment refers to the crash of a China Airlines A300 in Nagoya,
     which is a different aircraft, with the usual mechanical and hydraulic
     primary control systems and relatively limited use of computers. It
     does not have sidestick control.
     His speculation on the A320, that Airbus were forced to use modes
     because they chose a sidestick design, is incorrect. Fly-by-wire
     aircraft use modes because they have to. What toys you give the pilot
     to convey her instructions to the computer is almost an independent
     choice. If the plane is flown by computer, she doesn't need a large
     lever to move the control surfaces.
     > There is another serious problem with the control mechanism described: the
     > autopilot used one set of control surfaces (stabilizer trim) while the
     > pilot continued to operate another (elevators).
     This arrangement is used on more or less every transport aircraft
     flying, as well as all tiny planes big enough to warrant a three-axis
     autopilot. If this is a `serious problem', all aircraft have it.
     (Also, the trim system is not primary control as the elevators are. It
     serves a different function.)
     > There is a third problem: the pilot has no indication through his controls
     > that the autopilot--in effect, the aircraft's control laws--are actively
     > working against him.
     This is false for the A300, as for most conventional transports. In
     fact, the copilot who was flying had to work quite hard to counteract
     the nose-up trim. This is one of the puzzles of the accident.
     A further comment about the Nagoya accident is appropriate. Current
     knowledge is that the pilots failed to follow normal, explicit
     procedure for control of the aircraft, and secondly that they had both
     been drinking alcohol, which is illegal for good reason.  Responsible
     senior management of China Airlines has resigned because of this
     accident.  The FAA has virtually insisted that China Airlines work
     with it on improving safety procedures including crew training and
     oversight.  Trying to draw conclusions about aircraft design from
     details of this particular accident is probably unwise.
     Those wary of fly-by-wire transport aircraft design might also like to
     know that Boeing's next airplane, the 777, is full fly-by-wire - just
     like the A320, but, of course, different.
     Peter Ladkin

Airbus A3(0?)0 deductions

Phil Overy RAL <>
Fri, 10 Jun 94 09:06:53 BST
     re: Mark Terribile's posting:-
     1) Boeing sell similar automation to the A320 - they also caused the second-
     worst Japanese crash and in this case much more directly (the fuselage broke).
     2) whether you se sidestick or yoke, a modern airliner has no direct "cables"
     to the rudders - it relies on multiple links either electrical or hydraulic
     which would work equally well with sidesticks. A300s have been around for 20
     years - this was an A320.
     3) This is one of three crashes involving a simple confusion that I remember -
     the first Tri-Star crash (neither pilot had switched off the auto-pilot); the
     Kegworth crash (on a BOEING - the pilot shut down the wrong engine when it
     caught fire) and this one (the younger pilot didn't switch off the auto-pilot
     and didn't relinquish control. I automatically think of my poor (fortunately
     very quick-witted) gliding instructors when I read of this particular crash-
     thank you for not letting me land on the crosswind runway, Barry Hogarth!.
     4) as for mode-switching and elevators etc - the senior pilot seems to have
     tried to recover without switching off the auto-pilot, the junior pilot seems
     to have flown as if the auto-pilot wasn't on. Reports will not say this as
     it's a conclusion, not a fact - it does however sound like the explanation.
     5) Since several A320s have crashed when silly things have been happening,
     perhaps the automation, like the "watertight" hull of the Titanic, is
     creating a too-complacent pilot. As a far-too-complacent pilot myself in the
     past, I can understand this.
     I do not pretend any insight into the cause of the crash, all I can say is
     that if Mark Terribile is basing his preferred flight on the logic presented
     here, he won't fly at all.
     Phil Overy
     Rutherford-Appleton Laboratory
     (computer programmer with a chequered past, not a pilot or a designer, although
     I have used gliders to exploit the many rain clouds over England)

Correction for address of Clipper paper

Sidney Markowitz < >
Fri, 10 Jun 1994 13:18:05 -0700
     Perhaps the subject should be "RISKS of not using available spelling checker
     technology". In RISKS-16.12, I had a typo in the address for the ftp site
     containing Matt Blaze's paper. The correct site name is and
     the file is in /dist/mab/ and is in PostScript format. Thanks and
     my apologies to the people who took my creative spelling of the word
     "research" literally and sent me mail informing me of the error.
      -- sidney markowitz <>
         [My spell checker always balks on net addresses, so the "resarch"
         slipped by me.  It also let a Blase go through in RISKS-16.13.  PGN]

Chunnel vision (beaten to the pun)

David Honig <honig@binky.ICS.UCI.EDU>
Fri, 10 Jun 1994 15:54:36 -0700
     Colville reported in RISKS-16.13 on the first false alarm in the Chunnel.  
     One might predict that these will be common at first.  In the public's 
     lexicon "False Alarm" might be replaced by "Channel Tunnel Syndrome" :-)

RISKS of real-time image processing

Andy Cunningham <andyc@eurovi.uucp >
Fri, 10 Jun 94 08:50:36 BST
     I had a first hand demonstration of a new road-side traffic monitoring system
     here in the UK earlier this week.
     I was driving into some road works on the M1 motorway and was slowing down
     to take account of the 50m.p.h. speed limit which had been imposed.
     Immediately (10 yards) after the speed limit sign was a bridge, and mounted
     on this bridge was a camera.  On the other side of the bridge was a large
     dot matrix display, which immediately flashed up the message:
     	L123 ABC     
     	 58 MPH
     (actual registration number changed to protect the guilty).
     RISKS: first of all, I'm expecting to get a warning about the consequences of
     speeding in the mail.  (In the UK, the police usually won't give you a ticket
     unless you're at least 10mph over the speed limit).  More importantly some
     drivers might be surprised by this and cause an accident.
     This technology starts to get real "big brother" overtones if it's used to
     actually send out tickets (camera/radar systems which produce photographic
     evidence of speeding are already in place, but human intervention is required
     to actually send out the tickets).  And just how accurate is the character
     recognition anyway?
     Andy Cunningham, VI Corporation (Europe), Ilex House, Mulberry Business Park,
     Fishponds Road, Wokingham, RG11 2GY   +44 734 892111 Fax: +44 734 892090

Re: Women and Tetris addiction

Hilarie Orman <>
Fri, 10 Jun 1994 19:05:16 -0700
     There are indeed deep psychological forces that draw women to the game of
     Tetris.  I've been a Tetris junky, and I can give my testament to the risks of
     this particular addiction.  First, I admit that I am, by nature, susceptible.
     I've been through several 12 step programs to rid myself of addictions in the
     past: adventure, pacman, rogue, hack.  Yes, I've been there, and in several
     other autotelic hells as well: elisp, C++, interrupt handler bugs, and more
     recently I've been developing a WWW browsing problem.  It started in childhood
     with a Revell model of a "car of the future" (lime-green with huge tailfins
     and clear bubbles over the occupants in their bucket seats) and continued with
     more plastic cars, battleships, airplanes, then those chests of little steel
     girders, then calligraphy, ..., OK, OK, I'm autotelic, I'm a woman, and I'm
     going to tell my Tetris tale.
     First, let me establish my credentials as a Tetris hard-core.  I found it
     while on vacation in Maui.  I dragged my family in our Aloha clothing to a
     video games den every evening after we cleaned up from a day on the beach.
     The clientele was young, local, kind of tough.  Ordinarily I'd feel
     uncomfortable spending 5 minutes in such a place.  But with a stack of
     quarters and a Tetris machine, I was transported.  The locals would sit behind
     me sneering and asking if they could "PLEASE" use the machines.  At first, I'd
     let them.
     But things changed when we got back home to Los Angeles.  I found a
     video parlor in Marina Del Rey with Tetris.  The clientele was even
     more disturbing, but again, the game presented a world of its own.
     One afternoon, a woman with two small children attempted to take the
     machine away from me.  While I was concentrating on the play, she
     informed me that her kids wanted to use the machine.  Without looking
     up, I told her that I'd only yield if it was management policy to
     impose a time limit.  After a moment of shock she began screaming
     insults at me and dragged the children away.  Though I didn't ever
     look up to see what kind of person she was, it did pretty much ruin my
     timing for that level.  I got busy with various home and work
     projects shortly after that, and I haven't played much since.
     For a while I tried using xtetris on my workstation, but it wasn't the same.
     And I've never actually used a GameBoy, because it's hard to get the little
     kids to share them, and even if they do they won't let you play for more than
     a few minutes before they start whining.  So I'm going to talk only about my
     experiences with the big machines in the video arcades.
     So what is it exactly that draws women to Tetris?  I think it's refrigerators.
     At first I thought it was cabinets, but I've been over this in my mind a lot,
     and I'm convinced that refrigerators are the key.  The sociologist who
     mentioned women's "craving for order" seemed way off base, she'd obviously
     never been within a mile of a teenage girl's room, but still, that's the key
     to it.  Women spend a lot of time trying to get things into refrigerators.
     The point is, they don't have a natural sense of order, but they've got to get
     the damn stuff into the fridge so it doesn't fall out, and that requires
     ingenuity.  Cabinets are similar, but they use different reasoning skills than
     refrigerators.  For example, it's OK to push something to the back of a
     cabinet and lose it for a year.  And things that go into cabinets nest ---
     you've got to be careful with those graduated bowls if they're from different
     sets, because if you put one inside the other you'll need a screwdriver and
     pliers to get it out.
     Now refrigerators and Tetris are much the same thing.  The Tetris shapes are
     like Tupperware boxes and milk cartons and packages of cheese.  But unlike
     real household items, they remain sparkling and attractive no matter how long
     you leave them there.  And if you pack them very carefully along the bottom,
     instead of rotting and giving off foul odors, they are conveniently whisked
     away, while more continue falling.  This is sort of like having your husband
     help unload the groceries --- there you are trying to get the vegetables
     packed carefully into the bottom bins, and there he is stuffing soft drink
     cans into the dairy products section.
     As you move through the various difficulty levels of Tetris, it's even more
     like a refrigerator --- you don't get to start with a clean space, but instead
     have what looks like piles of debris from unknown previous users.  Women know
     that these unseen entities are teenagers and you've got to be very resourceful
     and controlled to work around them.
     But what's the payoff in this contest?  Well, mainly it's being able to
     exercise a skill that women already have, but with lots more positive feedback
     than real life.  And for me, the video arcade games have two really important
     features.  One is a cute little Slavic dance tune that plays in the background
     and helps with the timing.  But the real clincher is that as you get proceed
     through the difficulty levels, there's entertainment.  Little Russian men come
     out onto the screen and dance in that style where they fold their arms and
     bend their knees and kick straight out.  Yes, that's the real thing about
     Tetris for some of us older ladies, it's the dancing men.  In all my years of
     cleaning out the refrigerator, I've never had a man dance a jig for me.  Well,
     that's why I play Tetris; I'm not sure about anyone else.

Re: Campaigns and Elections (Agre, RISKS-16.12)

"Robert J. Burkhart" <>
Sun, 12 Jun 94 23:04 EST
       ... just find out what everybody's hot issues are and make them all
       whatever promises you need to make, ... 
     And so (once again) fact follows fiction ... 
     Eugene Burdick (Co-Author of THE UGLY AMERICAN) wrote this script 
     in his futurist novel THE 480.  I thought this was also the same
     computer-assisted campaign process used for the last presidential campaign!
     Bob Burkhart at Twin Cities ACM  Senior Consultant - The Security Board

Re: Apathy toward computer errors (Seymour, RISKS-16.13)

"Tom Yurkiw (Tommy the Yurk)" <>
Sat, 11 Jun 1994 17:57:23 -0400
     >"'I'm not going to send it in. They make too many mistakes, and I'm not going
     >to rectify their mistakes,' he said. 'I can't see why people have to keep
     >paying for their mistakes all the time.'" He says this is the "last straw."
     The RISKS?  If people place unreasonable trust and expectations on the
     accuracy of computer information, they are bound to be disappointed.
     Also, people quickly forget the advantages of using a particular system,
     and zero in on the drawbacks.  Does this guy really want to stand in line
     for 8 hours or so, like they do in non-computerized elections?
     Finally, this illustrates the RISK of working for government institutions -
     people are far more aggressive in dealing with government agencies --
     they speak in terms of `rights', they make demands rather than requests.
     The relationship is different from the company-customer framework - even
     the most obnoxious individuals must be humoured.

Security? Maybe....

Neill Clift <>
Sun, 12 Jun 1994 08:47:13 BST
     I posted this to comp.os.vms and somebody suggested it would be of interest to
     risks readers. I am a risks reader but it didn't cross my mind until I was
     X-NEWS: comp.os.vms: 22614
     From: (Neill Clift)
     Newsgroups: comp.os.vms
     Subject: Security? Maybe...
     Message-ID: <>
     Date: 11 Jun 94 22:15:20 BST
     Organization: None
     Lines: 38
     One of our customers employees asked me to have a quick look at two security
     packages for VMS that he was evaluating. The purpose of my quick look was to
     determine if there where any obvious holes that these packages introduced or if
     their auditing features where easily evaded. I spent less than a couple of
     hours on each one (I wasn't getting paid just having a laugh :-)).
     Package 1
     This s/w had a facility for performing checksums on various files to enable
     detection of tampering. I asked their representative what algorithm they used
     for their checksum. All he would say was that it was proprietary. You would
     expect 'proprietary' to mean that there was at least some thought behind it. I
     found the algorithm to consist of summing the file as a contiguous set of
     longwords and a recording of the modification date. Files could easily be fixed
     up after modification! Why didn't they implement one of the many checksums
     something like tripwire supports?
     This s/w trapped AUDIT_SERVER messages via a mailbox. The protection on the
     mailbox allowed read and write access to the world so that data could be read
     out before the auditing s/w could get at it with a simple copy command. Fake
     audits could also be introduced. This s/w had mechanisms for DCL command
     procedures to take actions based on the audits passing parameters extracted
     from the alarm data (evil grin).
     Package 2
     On looking what this s/w installed I spotted a privileged image that looked a
     good target. Within 20 mins I had decided that I could probably use it to
     obtain all privileges as an unprivileged user. After an hour or two of
     programming I had done just that. In the end I exploited what I thought was the
     quickest bug to use but this bit of code appeared to be teaming with problems.
     Both of these packages looked very flash and professional from the outside.
     Sad but true.
     Neill Clift

Re: Call Your OPERATER (RISKS-16.09)

Hardwire <>
Mon, 30 May 94 18:57 EST
     I remember reading about this in NETWORK WORLD.  It's kind of funny: MCI
     already owned 1800 OPERATER long before AT&T released 1800 OPERATOR (Which was
     5 months after MCI released 1800 COLLECT).  MCI was using the OPERATER number
     internally for something, but not collect calls.  They noticed after AT&T
     released their collect call product: 800 OPERATOR they were getting a lot of
     calls from people who misdialed.  MCI was directing them to the correct
     number or 800 COLLECT.  Due to the large number of calls MCI finally decided
     to send 800 OPERATER to the 800 COLLECT system.  According the NETWORLD WORLD
     article, MCI was making about $200K a month thanks to people with the 'Quayle'

Re: Risks of too-simple responses (Lodge, RISKS-16.12)

Thu, 9 Jun 1994 17:51:46 +0100
     > ... All French credit cards are smart cards, and have been in mass use 
     > for several years now. The French don't seem to be having any problems 
     > with fragility or expense.
     This is not quite so. One of the standard ways of defrauding the French
     smartcard system is to destroy the chip, whether by stamping on it or by an
     overvoltage.  This causes the terminal to revert to standin mode, which is
     quite vulnerable.  Fraud was reduced slightly by the introduction of
     smartcards - in France it is about 0.08%, against 0.2% for MasterCard and
     0.1% for VISA - bit it has by no means been eliminated (source: `Cards
     International' 22 July 1993).
     Quite apart from fraud, the French card failure rate of 3% was the reason
     why smartcards were not introduced in Belgium (source: `Cards International'
     27th October 1993).
     Also, there was a furore recently when French banks announced that all
     merchants would have to move over to electronic terminals. This would have
     cost over half a million small family businesses perhaps Ffr20,000 each, and
     the main beneficiary would have been Bull - a struggling state-owned company
     which was losing billions and being supported by the French government
     (which seems to have been behind the move on terminals).
     The risk? There are several - in not understanding the trade-off between
     security and reliability, and in letting governments set security standards
     before the technology is properly mature.
     Ross Anderson <>  Cambridge University Computer Lab

Previous Issue Index Next Issue Info Searching Submit Article

Report problems with the web pages to
This page was copied from:
Last modification on 1999-06-15
by Michael Blume