Subject: RISKS DIGEST 18.23 RISKS-LIST: Risks-Forum Digest Monday 24 June 1996 Volume 18 : Issue 23 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: The Great Netcom Crash..... (David Lesher) Microsoft, AOL, and AT&T also have netwoes (PGN) Subject: Pachinko in the armor? (PGN) DoD and IRS tax systems (Richard L. Wexelblat) Unexpected risks of usability features (Steve Loughran) Espionage Suit (David Kennedy) Pointless PINs (Mark Seecof) Re: Click *here* to lower the fuel rods (Nancy Leveson) Urban Legends? (William Petrick, Charles Waite) Re: More AOL censorship (Edward Reid, Ray Everett-Church via Mike Epstein) Re: Spelling-checker war stories (Andrew Koenig, Kevin Haw) Static, dust, and other risks (Rob Slade) Re: Health Risk from Dusty Computer Displays (Terje Mathisen) Re: "Piece of Plastic" Used to Detect Drugs (Douglas W. Jones) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 21 Jun 1996 12:45:56 -0400 (EDT) From: wb8foz@netcom.com (David Lesher) Subject: The Great Netcom Crash..... Netcom, Inc; one of the largest retail ISP's [450,000 subscribers, 230 POPs] went down for 14+ hours this week. In what strikes me as "shades of Mariner II" Netcom President David Garrison, appearing on KGO Radio said it was an extra "&" in the "border gateway protocol code" in the MAE-East router in DC area that killed the system. They had to bring down all 100+ routers & flush each one to recover, he reported. The parallel to the Bell Atlantic STP bug of about five years back strikes me. The routing nut has gotten so tough that the tools used on it can be [VERY!] rapidly fatal. ------------------------------ Date: Mon, 24 Jun 1996 12:03:17 From: "Peter G. Neumann" (Neumann@CSL.sri.com> Subject: Microsoft, AOL, and AT&T also have netwoes An article by Peter H. Lewis in *The New York Times*, 24 Jun 1996, p. D1, noted the Netcom problem ("for 12 hours") noted in RISKS-18.23 by David Lesher. The article also noted these other problems: * Microsoft shut down its nationwide network on Sunday (presumably 23 Jun 1996) for 10 hours as part of an intended backup power-supply upgrade, but the upgrade failed and they will have to try again. * America Online was out of service for an hour on 19 June "1996, when a planned system software upgrade backfired." * AT&T will shut down its Internet access for up to 8 hours each week, for maintenance. ------------------------------ Date: Thu, 20 Jun 1996 08:34:39 -0800 From: "Peter G. Neumann" Subject: Pachinko in the armor? There was a nice article surveying the pachinko bogus-card fiasco noted in RISKS-18.15 and 16, and the risks of believing in technological solutions to not-just-technological problems. Printed-version title: Counterfeiters of a New Stripe Give Japan One More Worry; Fake Cards Thwart Efforts to End Pinball Scams By ANDREW POLLACK, *The New York Times*, 20 Jun 1996, D1 On-line-version title: A Case Study of the Hazards of Electronic Cash By ANDREW POLLACK, c.1996 N.Y. Times News Service, 20 Jun 1996 [Text seemingly identical in both versions.] ------------------------------ Date: Thu, 20 Jun 1996 21:38:14 -0400 From: "Richard L. Wexelblat" Subject: DoD and IRS tax systems Special note: I work for the IRS and have a work-related vested interest ============ in _not_ having the Department of Defense involved in contracting for IRS software and systems. Therefore, despite any claims of non-bias below, I am clearly "interested" in the classical sense of the word. That part out of the way, I'd like to say (as a private citizen, a tax-and-spend liberal, and an almost-always defender of free speech and the right of the citizen to privacy) that the present initiative by Congress to have DoD become the contracting agent for IRS system and software development is a clear and present danger to privacy in the Republic in which we stand. The initiative referred to above is in the "Subcommittee Mark" of the proposed next year's budget. It's just a House Subcommittee so it's not law, but it's a bad idea in my mind, even to consider it seriously. Is the Department of Star Wars and the $700 toilet seat really so excellent a contracting agency that they are the clear choice to handle IRS business? Well, that's my biased opinion, and I'd like very much to hear from others who may have a more valid claim to disinterest! Dick Wexelblat, Acting Lead Architect << asa APbA IRS ------------------------------ Date: Thu, 20 Jun 96 13:50:22 BST From: Steve Loughran Subject: Unexpected risks of usability features An entertaining part of Windows 95 is the time-zone chooser in its control panel. As well as being able to select time zones like (GMT+01:00), users who don't know or care about their meridan-relative time zone can just click on a map of the world. The appropriate time zone is then highlighted and -the cute bit- the whole world smooth scrolls round so that the user's country is in the centre of the map. In the latest beta of Windows NT 4.0, the map is still there but is disabled: no mouse clicks are responded to and no highlights appear. The smooth scrolling still works, but with timezone selection via a list it is nowhere near as cute as it used to be. What is interesting is the reason it doesn't work. It is not, as one would expect, a technical problem, but a political one -and thus a lot harder to fix: >From "Windows NT 4.0 Beta 2 Commonly Reported Problems", Version 3.0 June 15th, 1996: > 3.7.1: Time zone map does not respond to mouse and display highlight > Status: Due to international border disputes we have removed this > functionality There are numerous timezones that follow international > borders that are not universally agreed upon. In order to satisfy all > parties involved in these disputed areas we chose not to display any > borders at all. We are aware it is a feature that many people miss. ------------------------ Date: [lost. somewhen recent] From: David Kennedy <76702.3557@CompuServe.COM> Subject: Espionage Suit Courtesy of Associated Press via CompuServe's Executive News Service, 19 Jun 1996 Espionage Suit By ANTHONY JEWELL, Associated Press Writer >> INDIANAPOLIS (AP) -- Johnson & Johnson's diabetes products >>subsidiary encouraged workers to illegally spy on rivals and >>gave "Inspector Clouseau" and "Columbo" awards for those who >>got the most information, a competitor charged Wednesday. >> Boehringer Mannheim Corp., a German-owned drug and medical >>device company, made the allegations in a federal court lawsuit >>against J&J and its LifeScan Inc. subsidiary. Boehringer has >>U.S. offices in Indianapolis. [...] o Suit asks for Lifespan to cease using Boehringer's trade secrets and seeks unspecified damages. o J&J says both companies did it but its LifeScan received no competitive advantage from their activities. o Suit alleges that LifeScan used third parties as well as their own employees to collect information about Boehringer. And that LifeScan "infiltrated" private meetings at Boehringer. o A former LifeScan employee broke the news in May 94. >> Boehringer's lawsuit said two LifeScan employees >>"deliberately fostered an environment which made clandestine >>and illegal activities directed at competitors ... both routine >>and expected." >> Mannheim said David Van Avermaete and Daphne Flamer >>initiated the "Inspector Clouseau Award," the "Columbo Award," >>and the "Mrs. Fletcher Award," after the lead character in the >>TV series "Murder, She Wrote." >> The awards were allegedly "presented at meetings, with >>prizes, to members of the sales force who obtained the best >>information about competitors and their plans," the lawsuit >>said. [...] >> The suit claims a LifeScan employee stole a prototype of a >>diabetes monitoring system known as Accutrend DM. Oldham said >>the prototype was stolen in Europe, taken to a LifeScan >>California lab and returned to Europe. [...] >> Boehringer Mannheim, which had 1995 sales of more than $700 >>million, employs more than 3,500 people at facilities in >>Fremont and Concord, Calif., and Gaithersburg, Md. Dave Kennedy [CISSP] InfoSec Recon Team Chief, National Computer Security Assoc ------------------------------ Date: Tue, 18 Jun 1996 15:03:05 -0700 From: Mark Seecof Subject: Pointless PINs A colleague just got a handheld cellular telephone. The device asks the user to enter a 4-digit PIN before it will permit outbound calling. The vendor (local cell-phone duopoly carrier, not an independent) has set the PIN to the last four digits of the assigned telephone number, which the phone displays upon powerup BEFORE asking for the PIN. This helps people with poor memories and people with no authority equally. The vendor's service staff state that they have a fixed policy of configuring all 'phones this way. A longer (5 or 6 digit) "security code" enables users to change the PIN, but the vendor refuses to supply that code to my colleague (presumably to retard his ability to switch carriers for which that code is also needed). The vendor will allow my colleague to bring the 'phone to an inconvenient location during limited hours at his own expense to have the PIN changed; if he does this he must tell his PIN to the vendor's staff (they already have the "security code," but he would be revealing his PIN-choosing habits). My colleague wonders why the phone has a PIN if it offers zero security! ------------------------------ Date: Tue, 18 Jun 1996 21:12:15 PDT From: Nancy Leveson Subject: Re: Click *here* to lower the fuel rods (Rebholz, RISKS-18.22) >Somehow, the database had become corrupted. If it didn't get fixed in >four hours, when the next core rotation began, a meltdown was likely. This didn't make any sense to me from what I know about nuclear power plants so I checked with a friend who is an engineer at one of the U.S. nuclear power plants. It's hard to reconstruct what really might have been the case. The computer could have been computing control rod movements and printing them out for an operator to use to manually control the rods (this is not done automatically) and there might have been no contingency plan or the operators might not have been able to do the computation manually in the time required. Could that have caused a meltdown? No. At worst, it might have required the operator to reduce power or to shut down the reactor. ------------------------------ Date: Wed, 19 Jun 1996 09:27:30 -0700 From: caprit@ix.netcom.com (William Petrick) Subject: Urban Legends? (Fuel Rods, Rebholz, RISKS-18.22) > "A true war story:" Just because someone says it, and others forward it does not make it true. This must be an attempt to establish a new urban legend. There are enough misconceptions about commercial nuclear power plants already, so we need to avoid creating fantasies that can be made into exciting movies. First, there is no Edison Power and Light. The two utilities operating nuclear plants in New Jersey are Public Service Electric and Gas (PSE&G) and GPU Nuclear Corp., operating plants in Salem NJ and Forked River NJ, respectively. There is also Consolidated Edison of NY, which runs a nuclear plant in Buchanan, NY. Second, rods do not move around in a nuclear core and there is no next core rotation. Third, Ingres and DEC VAXes are not used in safety systems in nuclear power plants, so neither could have any impact on whether a meltdown was likely. > Remind me to tell you about answering questions about how we at Ingres > said we would provide support during nuclear wars at a sales call to > the Strategic Air Command some time... Another urban legend?... My best guess is one of two possibilities: (1) One of these plants was shut down for refueling, during which time they remove spent fuel bundles and replace them with fresh fuel. During this process, they also move (rotate?) other bundles to new locations for the next year of operation. The offline computers are used to maintain records of the location of each bundle throughout its life in the core. If that database gets corrupted, the utility must revert to tracking everything by hand -- a laborious and time-consuming process. The four-hour window could have been because the refueling is a critical-path item during an outage and delays can cost millions of dollars in lost revenue. (2) One of these plants was planning a control rod sequence exchange to maintain a uniform fuel burnout throughout the core. These rod patterns are precalculated in DEC VAX computers and may involve an Ingres database. Sometimes these exchanges are done at reduced power, so the four hour time limit may have been the time at which they had to be back at full power or they might have to shut down, again an economic decision that involves millions of dollars. In either case, there is no safety issue. In fact, there are very few commercial nuclear plants in the US that use computers or software in any safety system. Upgrades to safety systems that include digital technology is an ongoing area of development between the industry, research groups, and the regulatory agency (Nuclear Regulatory Commission). There are also safety-critical discussion groups on the Internet that exchange ideas. Because of misconceptions of how safety systems are defined and used in nuclear plants, I published a WEB page for the safety-critical group that may help understand the context of safety in nuclear power applications. Anyone who posts nuclear power plant examples should review that article at: http://www.netcom.com/~caprit/ctisafet.html. The risk of this article is the rapid spread of misinformation! ------------------------------ Date: Thu, 20 Jun 1996 20:07:55 -0400 From: waite@waterw.com (Charles Waite) Subject: Urban Legends? (Fuel Rods, Rebholz, RISKS-18.22) I love war stories, but alas, the story from: "Rebholz, Chris" , is not true. As a resident of New Jersey, I am unaware of any Edison Power and Light. There are also four nuclear power plants in New Jersey, and I have worked at all four, in groups responsible for the process computers. >A true war story: As the former Principal Engineer for Digital Systems at PSE&G's (California's equivalent of PG&E) three nuclear plants, I assure you there are no computer moving control rods. There are computers used to compute rod worth for future fuel loads, but no nuclear plant in this country entrusts computers to move rods in such a way as to cause a meltdown. Most of the rod moving components and systems are old analog systems. The closest a computer comes to actual fuel movement is through a computer - a "rod-worth minimizer" - that will stop an operator from pulling control rods out of the prescribed, analyzed, approved "pull sheet." The real problems with computers at nuclear plants are actually much more interesting. I'll submit an example I posted in another group a few months ago if I can find it on my archive tape. But for now, let's get real. Charles Waite, Kemper-Masterson, Inc., c/o 38 Fox Run Mount Laurel, NJ 08054 (609)235-4275 ------------------------------ Date: Thu, 20 Jun 96 10:29:18 -0400 From: ed@titipu.resun.com (Edward Reid) Subject: Re: More AOL censorship (Bostic, RISKS 18.22) A lot of people beat up on AOL for good reasons. At least as many beat up on AOL without knowing what they are talking about. I have no love for AOL, but I see no reason to attack them for things they didn't do. > >From: Postmaster@aol.com This is suspicious to start with. I've corresponded with AOL admins on numerous occasions, including David O'Donnell, who normally acts as AOL postmaster. I've never received a message indicating it was from postmaster@aol.com. The admins all use their individual e-mail addresses. In fact, AOL actively discourages e-mail to postmaster because it delays the response while someone sifts through the volume of e-mail to forward it to the responsible individual within AOL. They provide other addresses for reporting abuse, etc. > message from the postmaster also made the point that their customers have to > pay for all their e-mail so this is a problem (well, THEN *YOU* EDIT THEIR > MAIL -- YOU'RE GETTING THE @$%#^ MONEY, NOT ME!) This clinches it. AOL customers do not pay to receive e-mail and never have. Many people make this mistake; it was Compuserve that once charged to receive e-mail. The AOL postmaster would of course know this, so the message is a clear and unmistakable forgery. I suggest that the original recipient examine the message headers more closely. Someone who can't even get the basic facts about AOL right probably didn't forge the headers very well either. > This is why we also have to be careful with this anti-spam crap, there are > people out there, some of whom work as postmasters for the largest online > services on the planet, who, are, well...you get my point, can't quite fog a > mirror, I guess is the expression. Yes, world.std.com is a large online service and someone who works there can't detect an e-mail forgery ... well, you get my point. > Morons. I may just mass unsub all AOL addresses from all lists here. I mean, > this is their postmaster threatening, not some random. On the contrary, it *is* some random. On the other hand, the posting to comp.risks didn't show the full headers of the message from bzs@world.std.com, so maybe that was a forgery too. Not to mention that I have no way of knowing whether bzs actually works for world.std.com. I hope not; this posting is so rude that I hate to attribute it to anyone working for any service provider. Edward Reid ------------------------------ Date: Thu, 20 Jun 96 11:45:07 -0400 From: Mike Epstein Subject: Re: More AOL censorship (RISKS-18.22) This was posted on SPAM-L, a list devoted to ending spam, by an AOL Assistant Postmaster. He gave his permission for me to send it to you. Date: Wed, 19 Jun 1996 23:12:09 -0400 >From: Ray Everett-Church Subject: Re: Interesting AOL message >From: bzs@world.std.com (Barry Shein) >So I just get a "spam" complaint from an AOL postmaster threatening: >>From: Postmaster@aol.com >>To: netadmin@world.std.com, postmaster@world.std.com >>Subject: Fwd: cc:Mail UUCPLINK 2.0 Undeliverable Message >>Date: Thu, 12 Oct 1995 16:49:01 -0400 >> Repeated offenses of this nature will result in AOL taking action to >> prevent further problems. I'd be *most* interested in seeing the ENTIRE original message from AOL. I'm quite surprised to see mail bouncing off a server being called "SPAM"...unless it's a junk mail list (replies to the junk mailers usually bounce as a normal course of events). In full disclosure, some time last month I had an e-mail conversation with Mr Shein that ultimately ended in a stream of obscenities from him. We were talking about the fact that "world.std.com" gives a home to DEMC, a major junk mail outfit. They spam from throw-away accounts at ISPs, but point replies back to their autoresponder firmly ensconced at DEMC.COM, which is served by world.std.com. I sought to explain that by providing a stable return address, he is aiding DEMC in its spamming activities. [Strong response omitted. PGN] Ray Everett-Church, Asst. Postmaster (everett@aol.net, IFRITRay@aol.com) America Online's Internet Development Outreach and Technology Team http://www.everett.org/~everett AOLers misbehaving? mail: abuse@aol.com ------------------------------ Date: Thu, 20 Jun 1996 08:32:37 +0400 From: Andrew Koenig Subject: Re: Spelling-checker war stories In RISKS-18.22, Mark Seecof notes that spelling checkers that use prefix and suffix tables can find nonwords. I saw a paper by Doug McIlroy a number of years ago that noted two such nonwords that have a good chance of appearing in actual documents: thier and presenation. After all, if you can derive flier from fly, you can derive thier from thy. And if you can derive relation from relate, you can derive senation from senate, hence presenation. Incidentally, Doug noted that the most frequently misspelled word in his sample was `accommodate,' which he found seven ways to misspell. Andrew Koenig ark@research.att.com ------------------------------ Date: Sat, 22 Jun 1996 21:55:41 -0700 (PDT) From: Kevin Haw Subject: Re: Spelling-checker war stories A few years ago, an author in the UK's PUNCH shared the most interesting phrases that made it past his spellchecker, but were caught by his editor. My personal favorite: a reference to the Prime Minister "Margret Hatchet". - Kevin N. Haw haw@titan.ecs.fullerton.edu ------------------------------ Date: Tue, 18 Jun 1996 16:19:07 EST From: "Rob Slade" Subject: Static, dust, and other risks (Minow, RISKS-18.21) Martin's posting reminded me of something I found while researching health risks associated with computers some time ago. Please bear with me: the original article was not a formal review of the study, and I haven't got a reference for it. Going strictly from memory, this involved an Australian company. The data entry/query clerks, almost universally, were suffering from facial skin rashes and attributed it to radiation from the monitors. A physician, consulted about the problem, prescribed a barrier cream, and the skin rashes disappeared. Someone knew enough about physics to note that 1) monitors don't produce that much radiation and 2) barrier creams wouldn't stop radiation anyway. An investigation was launched into the real cause. The work of the department involved looking up long columns of numbers. The workers were in the habit of running their fingers down the screen in order to pinpoint the item they needed. Static attracted dust, make-up, and other pollutants to the screen, and the fingers transferred these to the workers' faces. Hence the rash. The barrier cream provided some protection against the pollutants. More than that, however, it was greasy. Workers who ran their fingers down the screens found they were making streaks on the monitor. Therefore, they learned not to touch the screen--and no longer picked up pollutants. ------------------------------ Date: Mon, 24 Jun 1996 12:08:15 +0200 From: Terje Mathisen Subject: Re: Health Risk from Dusty Computer Displays (Minow, RISKS-18.21) I took part in this study, and got some interesting information from the guy from the Physics Department of Oslo University who did the field measurements on my machines: With modern low-emission crt displays, i.e. like the Nokia 21" MultiGraph 445X screens in my office, the keyboard can (and did, in my case) radiate more than the crt! The crt was the predominant source of static electricity, however. The computer enclosure as well as crt and keyboard was grounded, not the hard disk. - ------------------------------ Date: 18 Jun 1996 17:12:25 GMT From: jones@pyrite.cs.uiowa.edu (Douglas W. Jones) Subject: Re: "Piece of Plastic" Used to Detect Drugs (Marco, RISKS-18.22) KCRG, A local TV station in Cedar Rapids went into some detail on the story because the local school district almost bought the widget, and another local district did, and was satisfied with what they got. The Tracker had an empty plastic "electronics box" you wore over your shoulder, connected by a coiled telephone-style cord to a pistol grip. The antenna was hinged to the pistol grip so it could swing very freely from side to side, and the operating instructions were to hold the grip so that the axis of the hinge was exactly vertical. As a result, like a classic dousing rod, very slight subconscious hand movements can cause wild changes in where the antenna points. The result, in the hands of a skilled practitioner can be as gratifyingly accurate as a dousing rod, but of course, what it's doing is uncovering subconscious guesses on the part of the practicioner, not pointing at water or drugs. Perhaps I should start selling forked birch sticks to police departments? Doug Jones jones@cs.uiowa.edu ------------------------------ Date: 18 March 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: ABRIDGED info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. [...] DIRECT REQUESTS to (majordomo) with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] INFO [for unabridged version of RISKS information] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, nonrepetitious, and without caveats on distribution. Diversity is welcome, but not personal attacks. [...] ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Particularly relevant contributions may be adapted for the RISKS sections of issues of ACM SIGSOFT Software Engineering Notes or SIGSAC Review. * Submissions: By submitting an item that is accepted for publication in RISKS, the author grants permission for unlimited public distribution and redistribution in electronic or other form. * Reuse: Blanket permission is hereby granted for reuse of all materials in RISKS, under the following conditions. All redistributed items must include the Risks-Forum masthead line. All reuse must be accompanied by the following statement: Reused without explicit authorization under blanket permission granted for all Risks-Forum Digest materials. The author(s), the RISKS moderator, and the ACM have no connection with this reuse. As a courtesy, reusers of individual items (as opposed to forwardings of entire issues) should notify the authors, and should pay particular attention to any subsequent corrections. RISKS ARCHIVES: "ftp ftp.sri.comlogin anonymous[YourNetAddress] cd risks or cwd risks, depending on your particular FTP. [...] [Back issues are in the subdirectory corresponding to the volume number.] Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue] ftp://ftp.sri.com/risks The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS PRIVACY: For info on the PRIVACY Forum Digest and Computer PRIVACY Digest, see the unabridged INFO file at RISKS-Request (send one-line message INFO to risks-request@CSL.sri.com as noted above). ------------------------------ End of RISKS-FORUM Digest 18.23 ************************