Subject: RISKS DIGEST 11.25 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 11 March 1991 Volume 11 : Issue 25 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: A pulsar repulsed! (PGN) Robert Tappan Morris conviction upheld (PGN) Re: Secret Service Foils Cellular Phone Fraud (Bart Massey) QWERTY urban legend (Mark Jackson) Pilot Error - an impartial assessment? (Henry E. Schaffer) FEEDBACK on glass cockpits (Martyn Thomas) Re: MD-11 glass cockpit (PGN) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j (where i=1 to 11, j is always TWO digits. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Mon, 11 Mar 1991 14:09:28 PST From: "Peter G. Neumann" Subject: A pulsar re-pulsed! The 1989 discovery of an apparent supernova-remnant pulsar, blinking 2000 times per second, has now been attributed to electrical interference from a closed-circuit television camera used to operate the telescope in Chile. [Source: an AP item in the San Francisco Chronicle, 11 Mar 91, p.A8] I suppose it would have been much more obvious had it been blinking at 60 cycles (or is it 50 in Chile?), although certainly less spectacular. A little like hearing a loud thumping in a quiet room and discovering it the pulse of your own heart beat? Ah, yes, for you statistical types, we need superANOVA, which would have detected A NO VAriance situation. ------------------------------ Date: 11 Mar 91 09:56:14 PST From: "Peter G. Neumann" Subject: Robert Tappan Morris conviction upheld According to today's N.Y. Times, a federal appeals court has upheld the conviction of Robert Tappan Morris. The original conviction was for violating federal computer crime statutes that restrict unauthorized entry into federal computers. In his appeal, Morris argued that because he had had legitimate accounts on Cornell University computers, he had been authorized to use special mailing programs that transfer documents within networks. In denying that appeal on Thursday, a three-judge panel of the U.S. Court of Appeals for the 2nd Circuit, in New York, said he had exceeded his authorization in using the nationwide computer network. As has been pointed out in RISKS previously, it is interesting to note that the sendmail debug option, the finger program, and .rhosts require no authorization for their use. Copying an encrypted password file in most vanilla Unix systems requires no authorization. It seems to me that there is still a significant gap between what it is thought the laws enforce and what computer systems actually enforce. ------------------------------ Date: Sun, 10 Mar 91 16:11:20 -0800 From: bart@cs.uoregon.edu Subject: Re: Secret Service Foils Cellular Phone Fraud (RISKS-11.23) In "Secret Service Foils Cellular Phone Fraud" (RISKS 11.23) elr%trintex@uunet.UU.NET (Unix Guru-in-Training) quotes: > New York Newsday, March 7, 1991, By Joshua Quittner > ... Dave Boll, who heads the Secret Service's Fraud Division in Washington, > said that cellular telephones equipped with the counterfeit chips "sell for as > much as $5,000 each". And he estimated that such phones are used to make $100 > million in unbillable calls each year. ... Let's just arbitrarily assume that cellular long distance costs an average of $100/hour (I expect that's only a little high...). At $5000/phone, that means that each buyer, just to pay for their investment, must make *50 hours* of long distance calls per year, or almost 10 minutes per day! It's possible that there's people out there with that much usage, but *how many*??? If I had to guess, I would figure that $5000 is the max of a distribution with a strong peak somewhere around 1/10th that figure... Now, assume that the average buyer of one of these devices uses *10 times* that much long distance time -- 500 hours per year. At $100/hour, that's $50,000 per caller, implying 2000 of these phones, each with the same chip, were built to make the $100 million worth of calls. This is probably a *serious* underestimate, but even then, 2000 chips is a pretty impressive underground business! Not to mention the fact that the $100 million mentioned is almost certainly the value of the calls if they had been purchased legitimately, not the cost to the phone company of completing them. I would be willing to bet that few of those calls would have been made if they weren't free, and that the cost of servicing these extra calls was substantially smaller than their purchase value. In case you haven't guessed, I suspect that this "estimate" is just inflated numbers with little real basis intended to make the problem look more severe than it really is. The computer-related RISK, as I've mentioned here before, is that resources will be wasted on overkill solutions to a minor problem because of a lack of technical and social understanding of computer-related crimes, while far more serious problems go unattended. Anyone have any facts about where the numbers quoted above *really* came from? Bart Massey ------------------------------ Date: Mon, 11 Mar 1991 06:38:02 PST From: Mark_Jackson.wbst147@xerox.com Subject: QWERTY urban legend In Risks 11.24, Dick Karpinski writes: > In particular, the QUERTY [sic] standard succeeded because it slowed down > the typist in order to avoid the problem of key jamming. No. The arrangement of the typewriter keyboard into the now-traditional layout *was* intended to address jamming, but by reducing the tendency to jam and not by slowing the typist. Examine the mechanism of a mechanical typewriter, if you can find one. It will jam if the typebar for character N+1, in approaching the typing area, interferes with the departure of the typebar for character N. The time-window for such interference is greatest for adjacent typebars. The QWERTY arrangement was designed to separate commonly-occuring letter-pairs so that they could be typed more quickly without jamming. (The "QWERTY-slowdown" legend is widespread. Possibly it was started by Dvorak and his partisans.) Etaoin Shrdlu [Etaoin Shrdlu, he said, QWERTYously] ------------------------------ Date: Mon, 11 Mar 1991 01:52:13 GMT From: hes@ccvr1.cc.ncsu.edu (Henry E. Schaffer) Subject: Pilot Error - an impartial assessment? A front page article in my local newspaper 3/10/91 from the L A Times (by W. C. Rempel and R. O'Reilly, dateline Seattle) opens with the Madrid Boeing 747 accident in which the captain ignored the "Pull Up" recording and hit a hilltop approaching Madrid - "Official cause of the accident: human error." The article continues, "Boeing research into three decades of commercial airline accidents found that pilot error was the primary cause of more than 72 percent (compared with 10.89 percent blamed on aircraft failure and 5 percent on the weather.) The article continues with discussion of the Aviation Safety Reporting System, and how its leading complaint is about pilot fatigue, and how Boeing advocates routine review of the flight data recorder to check on the performance of flight crews. Then, there was a page 12 smaller article, unsigned but from the same source, starting "Early ground warning systems issued so many false alarms that airline crews routinely ignored them ..." There was a short discussion on how Boeing says that these systems are now more reliable and should be followed. It's good to know that the fox is still watching the hen house, and that the press is approving. --henry schaffer n c state univ ------------------------------ Date: Mon, 11 Mar 91 13:45:51 GMT From: Martyn Thomas Subject: FEEDBACK on glass cockpits The CHIRP report on the survey of pilots' and engineers' attitudes to cockpit automation has been published (FEEDBACK No 23, Feb 1991). There will be a statistical analysis in a peper for the Royal Aeronautical Society this month. They had over 1400 responses to the survey. Overall, the replies were strongly positive. The view seems to be that automation is here to stay and, to quote one response, "...aircraft of this type are meant to be flown automatically for all phases of flight including take-off and landing. ... when [pilots] hand fly they put the aircraft into an abnormal configuration, and cause an immediate and dramatic increase in the workload of the other pilot." There were criticisms: "I spent a few years on 757. The moving map gave incorrect position on several occasions, and one time could have been very serious. Danger was avoided by my doing an auto go-around. Twice, all the screens went black for a few (5-10) secs. several times the aircraft turned the wrong way on ILS interception. ... PS. The 757 catchword was "What's it doing now?" Not due to bad pilot inputs, but it made its own mistakes, like several spurious auto go-arounds. ... I don't trust automatics at all." and finally ... "The most often heard expression on the flight deck is no longer 'what's it doing now?' but 'well, I've never seen that before' ". I'll try to get the RAeS paper and post a summary. Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: mct@praxis.co.uk ------------------------------ Date: 11 Mar 91 09:55:56 PST From: "Peter G. Neumann" Subject: MD-11 glass cockpit American Airlines spokesman Tim Smith said that in the ``glass cockpit'' of the McDonnell Douglas MD-11, American test pilots noted they ``would see things on the screen where they were not sure what it meant, and the manuals don't tell us.'' [Abstracted from NEW JUMBO JET HAS PROBLEMS WITH ITS COMPUTERS, By SCOTT THURSTON, c. 1991 Cox News Service, 11 March 1991, which also noted two earlier mechanical problems.] Presumably there is considerable experience required to adjust to this sphere of flying. ------------------------------ End of RISKS-FORUM Digest 11.25 ************************