|University of Bielefeld - Faculty of technology|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
|Back to Abstracts of References and Incidents||Back to Root|
|This page was copied from: http://catless.ncl.ac.uk/Risks/16.14.html|
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
I just got a new 900 MHz telephone made by Bel-tronis. Plastered all over it is the fact that it "Styled by BRONDI, Italy". I guess I should be impressed. Well today I prepare to make a call on it to SouthWest Airlines (1-800-I-FLY-SWA). Guess what? The phone does not have a "W" on it. On the #9 key it has XYZ. It is missing the "Q" though. It kind of reminds me of the (sorry about the non-PC reference) Polish joke of the day 555-POLZ. Except it would not work on this phone. Michael Hoffberg firstname.lastname@example.org email@example.com
From the Reuter newswire (94.06.10 @ 16:59) via Executive News Service (GO ENS) on CompuServe: LOS ANGELES, June 10 (Reuter) - A former deputy police chief who is now a private detective has been accused of obtaining highly sensitive criminal records from his old department, a spokeswoman for the District Attorney's Office said Friday. Spokeswoman Sandi Gibbons said Daniel Sullivan, former deputy chief of the Los Angeles Police Department, was charged Thursday with 11 misdemeanor counts of being in possession of criminal records. According to the article, Sullivan allegedly used an inside collaborator to get the data. The collaborator and another private detective who received confidential police files were also charged with misdemeanors. Some of the stolen information concerned people in official witness-protection programs, relocated to protect their lives.
A colleague (call him ZX) has just told me about how he voted in the recent European Elections, and I thought I would share it with you. He realised that he didn't have his voting card with him, but went to vote anyway. The voting hall contains several tables, where you exchange your card for a voting slip, and the usual booths / boxes etc. The procedure: Go to the table which is labelled with your street name, hand over your card, and receive a voting slip. ZX (with no card), went to the appropriate table, and explained that he wanted to vote, but did not have his voting card with him. The clerk said ``Oh, that's OK -- which street do you live in?''. ZX replied [RISK area -- pick a street, any street, from the following...] The clerk then looked up in his copy of the electoral register for that street, and asked ZX for the number of the house he lived in. [RISK area -- the names in the register were marked in a way that indicates who has voted already] ZX replied with his house number, the clerk said ``Oh, you must be Mr X'', and handed ZX a ballot slip. The obvious conclusion is that J. Random Voter can go to any polling station, say he's left his voting card at home, give a street name (supplied on the tables), pick the number of a house on that street from which no one has voted (by reading the electoral roll copy), and vote, without having had to produce any for of ID. The RISKs here are even higher when you consider that approx only 30% of the total electorate participated in this election.... Question: Should the UK update its voting system? Thomas Rushton SwEng / SEES, RMCS, Shrivenham, Swindon, WILTS, SN6 8LA, UK firstname.lastname@example.org tel: +44 (0)793 785684
Here's another risk on the horizon. We may have to wait a few years, though. From the June 1994 issue of Bobbin, "The premier news and information source of the global sewn products industry": Groups such as the American Textile Partnership (AMTEX), a research consortium that links the sewn products industry with the Department of Energy's national laboratories, also are looking at RF technology as a means to improve the production process. In a research project called the Embedded Electronic Fingerprint, long-term work is underway to develop a computer-type device the size of a grain of wheat that could be attached to a garment and used through the entire product life cycle. "A manufacturer could program into the device information unique to a garment, such as the size, color, style, line, or plant of manufacture, care instructions, etc.," explains Jud Early, director of research and development for the Textile/Clothing Technology Corp, [TC]**2. "There also would be a large amount of blank memory that could be used for anti-counterfeit tracking and more." Since each tag would have a unique identity, in-process inventory could be tracked easily using RF units--without ever touching garments or having to open shipping boxes. For example, a carton could be passed through a reading system, which would verify the contents against the packing list. So, all that is needed is for the clerk at the store to capture the identity of the shirt, perhaps through a barcode on the tag (so they wouldn't have to install the special shirt readers), and they already know your identity from your credit card number (unless someone else buys your shirts for you), so they can track your movements by setting up shirt readers in various places. But that might take more collusion between government and the stores than we want to speculate. So try this: a crime is committed. A few days later, you walk past a hidden shirt reader, and are immediately approached by an officer of the law, who arrests you for the crime. "But I was nowhere near the scene of the crime," you protest. "On the contrary," the officer counters, "one of our hidden shirt readers detected you shirt in the vicinity of the crime. You must be guilty." One would hope that the manufacturers of these devices don't accidentally program duplicate serial numbers in them. And you should think twice about lending your shirt to your girlfriend. Lynn Grant Grant@DOCKMASTER.NCSC.MIL
So does this mean that xv - vi = une ix ? [To which PGN replied, However, if ix were masculine, we would have un ix.] [To which Castor replied, One could argue that the gender of Unix is somewhat ill-defined.] [So, we need a language such as Latin with a neuter gender, and in which "un" is an indefinite article. PGN] [Kevin Kenny (email@example.com) noted that the other popular image viewer, `xli,' is the FORTY-ONE program!]
Mark Terribile offered some interesting comments on Airbus aircraft design. But some of his speculation is ill-founded, and should not pass without comment. > If I understand correctly, Airbus was forced to use these multimode control > systems because some of its aircraft use sidestick controllers. > [...] > There is another serious problem with the control mechanism described: This is confused. His first comment refers to the Airbus A320 aircraft, which is the first `fly-by-wire' commercial transport. His second comment refers to the crash of a China Airlines A300 in Nagoya, which is a different aircraft, with the usual mechanical and hydraulic primary control systems and relatively limited use of computers. It does not have sidestick control. His speculation on the A320, that Airbus were forced to use modes because they chose a sidestick design, is incorrect. Fly-by-wire aircraft use modes because they have to. What toys you give the pilot to convey her instructions to the computer is almost an independent choice. If the plane is flown by computer, she doesn't need a large lever to move the control surfaces. > There is another serious problem with the control mechanism described: the > autopilot used one set of control surfaces (stabilizer trim) while the > pilot continued to operate another (elevators). This arrangement is used on more or less every transport aircraft flying, as well as all tiny planes big enough to warrant a three-axis autopilot. If this is a `serious problem', all aircraft have it. (Also, the trim system is not primary control as the elevators are. It serves a different function.) > There is a third problem: the pilot has no indication through his controls > that the autopilot--in effect, the aircraft's control laws--are actively > working against him. This is false for the A300, as for most conventional transports. In fact, the copilot who was flying had to work quite hard to counteract the nose-up trim. This is one of the puzzles of the accident. A further comment about the Nagoya accident is appropriate. Current knowledge is that the pilots failed to follow normal, explicit procedure for control of the aircraft, and secondly that they had both been drinking alcohol, which is illegal for good reason. Responsible senior management of China Airlines has resigned because of this accident. The FAA has virtually insisted that China Airlines work with it on improving safety procedures including crew training and oversight. Trying to draw conclusions about aircraft design from details of this particular accident is probably unwise. Those wary of fly-by-wire transport aircraft design might also like to know that Boeing's next airplane, the 777, is full fly-by-wire - just like the A320, but, of course, different. Peter Ladkin
re: Mark Terribile's posting:- 1) Boeing sell similar automation to the A320 - they also caused the second- worst Japanese crash and in this case much more directly (the fuselage broke). 2) whether you se sidestick or yoke, a modern airliner has no direct "cables" to the rudders - it relies on multiple links either electrical or hydraulic which would work equally well with sidesticks. A300s have been around for 20 years - this was an A320. 3) This is one of three crashes involving a simple confusion that I remember - the first Tri-Star crash (neither pilot had switched off the auto-pilot); the Kegworth crash (on a BOEING - the pilot shut down the wrong engine when it caught fire) and this one (the younger pilot didn't switch off the auto-pilot and didn't relinquish control. I automatically think of my poor (fortunately very quick-witted) gliding instructors when I read of this particular crash- thank you for not letting me land on the crosswind runway, Barry Hogarth!. 4) as for mode-switching and elevators etc - the senior pilot seems to have tried to recover without switching off the auto-pilot, the junior pilot seems to have flown as if the auto-pilot wasn't on. Reports will not say this as it's a conclusion, not a fact - it does however sound like the explanation. 5) Since several A320s have crashed when silly things have been happening, perhaps the automation, like the "watertight" hull of the Titanic, is creating a too-complacent pilot. As a far-too-complacent pilot myself in the past, I can understand this. I do not pretend any insight into the cause of the crash, all I can say is that if Mark Terribile is basing his preferred flight on the logic presented here, he won't fly at all. Regards Phil Overy Rutherford-Appleton Laboratory (computer programmer with a chequered past, not a pilot or a designer, although I have used gliders to exploit the many rain clouds over England)
Perhaps the subject should be "RISKS of not using available spelling checker technology". In RISKS-16.12, I had a typo in the address for the ftp site containing Matt Blaze's paper. The correct site name is research.att.com and the file is in /dist/mab/eesproto.ps and is in PostScript format. Thanks and my apologies to the people who took my creative spelling of the word "research" literally and sent me mail informing me of the error. -- sidney markowitz <firstname.lastname@example.org> [My spell checker always balks on net addresses, so the "resarch" slipped by me. It also let a Blase go through in RISKS-16.13. PGN]
Colville reported in RISKS-16.13 on the first false alarm in the Chunnel. One might predict that these will be common at first. In the public's lexicon "False Alarm" might be replaced by "Channel Tunnel Syndrome" :-)
I had a first hand demonstration of a new road-side traffic monitoring system here in the UK earlier this week. I was driving into some road works on the M1 motorway and was slowing down to take account of the 50m.p.h. speed limit which had been imposed. Immediately (10 yards) after the speed limit sign was a bridge, and mounted on this bridge was a camera. On the other side of the bridge was a large dot matrix display, which immediately flashed up the message: SPEEDING L123 ABC 58 MPH (actual registration number changed to protect the guilty). RISKS: first of all, I'm expecting to get a warning about the consequences of speeding in the mail. (In the UK, the police usually won't give you a ticket unless you're at least 10mph over the speed limit). More importantly some drivers might be surprised by this and cause an accident. This technology starts to get real "big brother" overtones if it's used to actually send out tickets (camera/radar systems which produce photographic evidence of speeding are already in place, but human intervention is required to actually send out the tickets). And just how accurate is the character recognition anyway? Andy Cunningham, VI Corporation (Europe), Ilex House, Mulberry Business Park, Fishponds Road, Wokingham, RG11 2GY +44 734 892111 Fax: +44 734 892090
There are indeed deep psychological forces that draw women to the game of Tetris. I've been a Tetris junky, and I can give my testament to the risks of this particular addiction. First, I admit that I am, by nature, susceptible. I've been through several 12 step programs to rid myself of addictions in the past: adventure, pacman, rogue, hack. Yes, I've been there, and in several other autotelic hells as well: elisp, C++, interrupt handler bugs, and more recently I've been developing a WWW browsing problem. It started in childhood with a Revell model of a "car of the future" (lime-green with huge tailfins and clear bubbles over the occupants in their bucket seats) and continued with more plastic cars, battleships, airplanes, then those chests of little steel girders, then calligraphy, ..., OK, OK, I'm autotelic, I'm a woman, and I'm going to tell my Tetris tale. First, let me establish my credentials as a Tetris hard-core. I found it while on vacation in Maui. I dragged my family in our Aloha clothing to a video games den every evening after we cleaned up from a day on the beach. The clientele was young, local, kind of tough. Ordinarily I'd feel uncomfortable spending 5 minutes in such a place. But with a stack of quarters and a Tetris machine, I was transported. The locals would sit behind me sneering and asking if they could "PLEASE" use the machines. At first, I'd let them. But things changed when we got back home to Los Angeles. I found a video parlor in Marina Del Rey with Tetris. The clientele was even more disturbing, but again, the game presented a world of its own. One afternoon, a woman with two small children attempted to take the machine away from me. While I was concentrating on the play, she informed me that her kids wanted to use the machine. Without looking up, I told her that I'd only yield if it was management policy to impose a time limit. After a moment of shock she began screaming insults at me and dragged the children away. Though I didn't ever look up to see what kind of person she was, it did pretty much ruin my timing for that level. I got busy with various home and work projects shortly after that, and I haven't played much since. For a while I tried using xtetris on my workstation, but it wasn't the same. And I've never actually used a GameBoy, because it's hard to get the little kids to share them, and even if they do they won't let you play for more than a few minutes before they start whining. So I'm going to talk only about my experiences with the big machines in the video arcades. So what is it exactly that draws women to Tetris? I think it's refrigerators. At first I thought it was cabinets, but I've been over this in my mind a lot, and I'm convinced that refrigerators are the key. The sociologist who mentioned women's "craving for order" seemed way off base, she'd obviously never been within a mile of a teenage girl's room, but still, that's the key to it. Women spend a lot of time trying to get things into refrigerators. The point is, they don't have a natural sense of order, but they've got to get the damn stuff into the fridge so it doesn't fall out, and that requires ingenuity. Cabinets are similar, but they use different reasoning skills than refrigerators. For example, it's OK to push something to the back of a cabinet and lose it for a year. And things that go into cabinets nest --- you've got to be careful with those graduated bowls if they're from different sets, because if you put one inside the other you'll need a screwdriver and pliers to get it out. Now refrigerators and Tetris are much the same thing. The Tetris shapes are like Tupperware boxes and milk cartons and packages of cheese. But unlike real household items, they remain sparkling and attractive no matter how long you leave them there. And if you pack them very carefully along the bottom, instead of rotting and giving off foul odors, they are conveniently whisked away, while more continue falling. This is sort of like having your husband help unload the groceries --- there you are trying to get the vegetables packed carefully into the bottom bins, and there he is stuffing soft drink cans into the dairy products section. As you move through the various difficulty levels of Tetris, it's even more like a refrigerator --- you don't get to start with a clean space, but instead have what looks like piles of debris from unknown previous users. Women know that these unseen entities are teenagers and you've got to be very resourceful and controlled to work around them. But what's the payoff in this contest? Well, mainly it's being able to exercise a skill that women already have, but with lots more positive feedback than real life. And for me, the video arcade games have two really important features. One is a cute little Slavic dance tune that plays in the background and helps with the timing. But the real clincher is that as you get proceed through the difficulty levels, there's entertainment. Little Russian men come out onto the screen and dance in that style where they fold their arms and bend their knees and kick straight out. Yes, that's the real thing about Tetris for some of us older ladies, it's the dancing men. In all my years of cleaning out the refrigerator, I've never had a man dance a jig for me. Well, that's why I play Tetris; I'm not sure about anyone else.
... just find out what everybody's hot issues are and make them all whatever promises you need to make, ... And so (once again) fact follows fiction ... Eugene Burdick (Co-Author of THE UGLY AMERICAN) wrote this script in his futurist novel THE 480. I thought this was also the same computer-assisted campaign process used for the last presidential campaign! Bob Burkhart at Twin Cities ACM Senior Consultant - The Security Board
>"'I'm not going to send it in. They make too many mistakes, and I'm not going >to rectify their mistakes,' he said. 'I can't see why people have to keep >paying for their mistakes all the time.'" He says this is the "last straw." The RISKS? If people place unreasonable trust and expectations on the accuracy of computer information, they are bound to be disappointed. Also, people quickly forget the advantages of using a particular system, and zero in on the drawbacks. Does this guy really want to stand in line for 8 hours or so, like they do in non-computerized elections? Finally, this illustrates the RISK of working for government institutions - people are far more aggressive in dealing with government agencies -- they speak in terms of `rights', they make demands rather than requests. The relationship is different from the company-customer framework - even the most obnoxious individuals must be humoured.
I posted this to comp.os.vms and somebody suggested it would be of interest to risks readers. I am a risks reader but it didn't cross my mind until I was told. X-NEWS: macro.demon.co.uk comp.os.vms: 22614 Path: macro.demon.co.uk!neill From: email@example.com (Neill Clift) Newsgroups: comp.os.vms Subject: Security? Maybe... Message-ID: <1994Jun11.firstname.lastname@example.org> Date: 11 Jun 94 22:15:20 BST Organization: None Lines: 38 One of our customers employees asked me to have a quick look at two security packages for VMS that he was evaluating. The purpose of my quick look was to determine if there where any obvious holes that these packages introduced or if their auditing features where easily evaded. I spent less than a couple of hours on each one (I wasn't getting paid just having a laugh :-)). Package 1 This s/w had a facility for performing checksums on various files to enable detection of tampering. I asked their representative what algorithm they used for their checksum. All he would say was that it was proprietary. You would expect 'proprietary' to mean that there was at least some thought behind it. I found the algorithm to consist of summing the file as a contiguous set of longwords and a recording of the modification date. Files could easily be fixed up after modification! Why didn't they implement one of the many checksums something like tripwire supports? This s/w trapped AUDIT_SERVER messages via a mailbox. The protection on the mailbox allowed read and write access to the world so that data could be read out before the auditing s/w could get at it with a simple copy command. Fake audits could also be introduced. This s/w had mechanisms for DCL command procedures to take actions based on the audits passing parameters extracted from the alarm data (evil grin). Package 2 On looking what this s/w installed I spotted a privileged image that looked a good target. Within 20 mins I had decided that I could probably use it to obtain all privileges as an unprivileged user. After an hour or two of programming I had done just that. In the end I exploited what I thought was the quickest bug to use but this bit of code appeared to be teaming with problems. Both of these packages looked very flash and professional from the outside. Sad but true. Neill. Neill Clift email@example.com
I remember reading about this in NETWORK WORLD. It's kind of funny: MCI already owned 1800 OPERATER long before AT&T released 1800 OPERATOR (Which was 5 months after MCI released 1800 COLLECT). MCI was using the OPERATER number internally for something, but not collect calls. They noticed after AT&T released their collect call product: 800 OPERATOR they were getting a lot of calls from people who misdialed. MCI was directing them to the correct number or 800 COLLECT. Due to the large number of calls MCI finally decided to send 800 OPERATER to the 800 COLLECT system. According the NETWORLD WORLD article, MCI was making about $200K a month thanks to people with the 'Quayle' syndrome.
> ... All French credit cards are smart cards, and have been in mass use > for several years now. The French don't seem to be having any problems > with fragility or expense. This is not quite so. One of the standard ways of defrauding the French smartcard system is to destroy the chip, whether by stamping on it or by an overvoltage. This causes the terminal to revert to standin mode, which is quite vulnerable. Fraud was reduced slightly by the introduction of smartcards - in France it is about 0.08%, against 0.2% for MasterCard and 0.1% for VISA - bit it has by no means been eliminated (source: `Cards International' 22 July 1993). Quite apart from fraud, the French card failure rate of 3% was the reason why smartcards were not introduced in Belgium (source: `Cards International' 27th October 1993). Also, there was a furore recently when French banks announced that all merchants would have to move over to electronic terminals. This would have cost over half a million small family businesses perhaps Ffr20,000 each, and the main beneficiary would have been Bull - a struggling state-owned company which was losing billions and being supported by the French government (which seems to have been behind the move on terminals). The risk? There are several - in not understanding the trade-off between security and reliability, and in letting governments set security standards before the technology is properly mature. Ross Anderson <firstname.lastname@example.org> Cambridge University Computer Lab
|This page was copied from:||http://catless.ncl.ac.uk/Risks/16.14.html|
by Michael Blume