|
Risks Digest 10.19
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
/** comp.risks: 9.0 **/
** Topic: RISKS DIGEST 10.19 **
** Written 11:11 am Aug 10, 1990 by risks in cdp:comp.risks **
RISKS-LIST: RISKS-FORUM Digest Friday 10 August 1990 Volume 10
: Issue 19
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED
SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann,
moderator
Contents:
Computers as counterfeiters? (Will Martin)
Computer voice recognition monitor for gang members (Rodney
Hoffman)
U.S.-supplied Saudi air defense software not working (Jon Jacky)
Hubble Trouble: `Astonishing' error of about 1 mm (Lauren
Weinstein)
Re: British Rail signalling software problem (Pete Mellor)
Re: "compress" and the Unisys patent (Anonymous)
Re: Design for the real world (Robert Biddle)
Computer Security Applications Conference (Marshall D. Abrams)
The RISKS Forum is moderated. Contributions should be relevant,
sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to [email protected].
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>GET RISKS-i.j <CR>; j is TWO digits. Vol summaries in
risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory listing of back issues.
ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
----------------------------------------------------------------------
Date: Thu, 9 Aug 90 12:36:58 CDT
From: Will Martin <[email protected]>
Subject: Computers as counterfeiters?
"Run for the hills! Congress is in session!"
The following item was included in a column on printer technology in the
August '90 issue of "St. Louis Computing," a tabloid freebie local paper:
"...computer printers have become so advanced that the Treasury Department
is concerned that they will soon be used to print money. Michigan
Senator Donald W. Riegle Jr. has introduced a bill that would make it a
crime to possess any device that the Treasury Department concludes would
facilitate counterfeiting."
Hmmmm.... I hope the generality is in the reporting and not in the proposed
legislation, because "any device" as cited above includes eyeballs,
pencils, engraving tools, paper, ink, color copiers, and millions of
other items both mundane and esoteric... If the legislation is actually
written so broadly or vaguely, I nominate it for "dumb bill of the month".
Anyone out there know the actual details of this proposal?
Will Martin
------------------------------
Date: 10 Aug 90 08:26:53 PDT (Friday)
From: Rodney Hoffman <[email protected]>
Subject: Computer voice recognition monitor for gang members
According to a story by John Kendall in the 'Los Angeles Times' 10 August
1990, a computerized voice recognition system will be used in a six-month
pilot program to assure that gang members on probation stay home during
"Red Alerts," declared by the Probation Dept.
>From the article:
"A computer will telephone designated gang members at random during the
hours they are restricted. The computer will direct them to state their
names and repeat after the computer as it names several states. The
computer will then electronically analyze their responses and compare the
findings with voice tapes made earlier. If the computer questions any of
its contacts, it will notify monitors, and a probation officer will be sent
to check in person....
"Probation Department Deputy Director Michael Lindsey ... expects the
computer monitor program to be in place sometime this month. If it is
deemed a success, he wants to extend electronic monitoring to the entire
county, with upward of 1,000 gang members in the system eventually. But
first, the present program must be perfected, he says.
"The $19,000 system employs a computer and voice-analysis software provided
free to the Probation Department for six months by BI Inc., a Boulder, CO
firm. Currently, four college students are preparing background
information for the computer on 100 gang members. Next, deputy probation
officers will record their charges' voices for comparison by computer.
"When gang trouble develops, the police and probation officers will
identify the gangs involved, determine what members are on probation and
tell them individually to stay home for periodic checks by the computer.
Lindsey hopes that computer monitoring will afford soft-core gang members
an excuse to stay out of trouble."
------------------------------
Date: Fri, 10 Aug 1990 9:53:38 PDT
From: [email protected] (Jon Jacky)
Subject: U.S.-supplied Saudi air defense software not working
The following excerpts appeared near the end of a story in THE SEATTLE
POST-INTELLIGENCER, Aug 10, 1990 p. A2:
BOEING FLYING FAMILIES OUT OF SAUDI ARABIA by Bill Richards
... Most of Boeing's employees work on either the Saudi's Airborne Warning and
Control System (AWACS) aircraft or on the ground-based Peace Shield network.
... The $1.2 billion Peace Shield system, which consists of a network of
computerized radar and communications equipment designed especially for the
Saudis, has been a problem for Boeing. The equipment was designed as a
ground-based air defense system to complement the airborne AWACS, but Boeing
engineers are still attempting to debug the system's softwear [sic]. The
softwear is made by Computer Sciences Corp. of El Segundo, Calif. Boeing
officials said Peace Shield was scheduled to be completed next year, but is
behind schedule.
"The system is not up and running," Boeing spokesman Don Brannon said
yesterday. Brannon said most of the Peace Shield activity underway in Saudi
Arabia now involves construction work ....
- Jon Jacky, University of Washington, Seattle [email protected]
------------------------------
Date: 09 Aug 90 1748 PDT
From: Lauren Weinstein <[email protected]>
Subject: Hubble Trouble: 'Astonishing' error of about 1 mm (excerpt)
By PAUL RECER, AP Science Writer
WASHINGTON (AP) - A NASA committee investigating the focusing flaw that
crippled the Hubble Space Telescope said Thursday that there was an error of
about 1 millimeter in a measuring device used to grind the telescope mirrors.
In the precise world of optics, such an error is ``astonishing,'' said one
expert.
A one-page statement released by NASA said a committee investigating the
Hubble problem found that a measuring device called a reflective null corrector
had been adjusted incorrectly when the primary mirror was being ground and
polished at the Hughes Danbury Optical Systems plant in Danbury, Conn. Hughes
Danbury had preserved the null corrector in the exact position that had been
used to grind and polish the mirrors in the early 1980s and the investigation
committee tested the device on Wednesday.
Preliminary results of the test, the statement said, ``have revealed
a clear discrepancy of approximately one millimeter between the
design of the null corrector and the device as it exists.'' [...]
Daniel Schulte, a senior scientist at the optical laboratory at the
Lockheed Palo Alto Research Laboratory in California, said that an error of
that magnitude was ``astonishing.'' ``That's gross,'' he said. ``There's no
reason for an error of that size to be tolerated.'' Schulte said that in
normal optical manufacturing, a tolerance of a 20th or a 50th of a millimeter
is considered ``standard tolerance.'' He said the error was so large ``it had
to be a transposition of numbers or something like that, that was carried
through. It had to be something clerical like that.'' Schulte, an astronomer,
was a member of an independent panel named by NASA to evaluate the Hubble
focusing flaw just after it was discovered in June.
A null corrector is a device that can be adjusted to create a pattern of
light in the exact shape desired in an optical lens or mirror. The light
pattern from a null corrector is interpreted by another device to tell a
computer the precise grinding and polishing pattern that must be followed.
However, if the null corrector is set wrong, then the lens or mirror will be
ground to an incorrect shape. In effect, the optics are then made to the wrong
prescription and cannot give the expected focus. [...]
------------------------------
Date: Fri, 10 Aug 90 00:49:06 PDT
From: Pete Mellor <[email protected]>
Subject: Re: British Rail signalling software problem
Many thanks to Clive Feather for explaining (RISKS-10.18) what probably
happened when a BR signalman closed down a part of the network because he
could (apparently) no longer trust the information displayed to him.
Disclaimer: I know next to nothing about railway signalling, so I could only
quote the Guardian news item verbatim (but adding a few speculations of my own).
Clive is obviously much better informed.
On one point, however, I do stand firm. That is the manufacturer's preposterous
(at any rate, it sounded preposterous to me) claim that the system was still
'under test'.
As Clive says:
> First you test it on a model railway. Then you hook in the display system in
> parallel with the existing one, and see what happens. Eventually, however, you
> have to go live.
I entirely agree, but that was my point: when you go live, the system is no
longer 'going through a testing stage' as the manufacturer said. If the system
is 'under test', then, as Clive says, you run it *in parallel* with the
existing system (as the final stage of its trial). The new system goes live,
without back-up parallel systems, when the manufacturer is confident that its
reliability is no worse than the system it replaces.
He can't have it both ways!
Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB UK
------------------------------
Date: Fri, 10 Aug 1990 7:58:11 PDT
From: "Anonymous" <...>
Subject: Re: "compress" and the Unisys patent (Littman, RISKS-10.18)
The message in RISKS regarding compress was unnecessarily alarming. In fact,
it really represents the start of a chain of hundreds of Usenet messages
discussing the Unisys patent in detail, including various postings by the
compress authors. There is considerable question regarding software-only
implementations of the algorithms, *which* algorithms really are involved,
Unisys' true intentions, compression vs. decompression, validity or invalidity
of the patent if tested in court, etc. It is not a simple situation, and there
is significant evidence that some people may have become alarmed unnecessarily,
or at the very least prematurely.
People who need more information about this subject should look over the entire
discussion if possible, not react to the initial statement. This would seem to
be a risk of seeing only the first message in a chain!
There may yet be potential complications regarding compress and the Unisys
patent, but this is by *no* means an established fact at this point and is a
matter of active analysis at this time.
------------------------------
Date: Fri, 10 Aug 90 14:54:32 +1200
From: [email protected]
Subject: Re: Design for the real world (RISKS-10.18)
>From our library computer:
Callmark Main Collection Status : In
TS171.4 P213 D 2ed
TITLE Design for the real world : human ecology and social change /
Victor Papanek. 2nd ed., completely rev.
NAME 1. Papanek, Victor, 1925-
IMPRINT London : Thames and Hudson, 1985.
EXTENT xxi, 394 p. : ill. ;
NOTES First published: New York : Pantheon Books, 1971.
Includes index.
Bibliography: p. 351-385.
SUBJECT 1. Design, Industrial.
And a very interesting, if often anectodal, book it is too.
Robert Biddle, Computer Science, Victoria University, Wellington NEW ZEALAND
------------------------------
Date: Mon, 06 Aug 90 13:47:02 -0400
From: (Marshall D. Abrams) <[email protected].org>
Subject: Advance notice of Computer Security Applications Conference
Marshall D. Abrams, The MITRE Corporation, 7525 Colshire Drive, Mail Stop Z269,
Mc Lean, VA 22102 phone: (703) 883-6938 FAX: (703) 883-5639 [effective 7/10/90]
Sixth Annual Computer Security Applications Conference
December 3-7, 1990
Westward Look Hotel, Tucson, Arizona
Sponsored by
American Society for Industrial Security
Aerospace Computer Security Associates
in cooperation with
IEEE Technical Committee on Privacy and Security
American Institute of Aeronautics and Astronautics
ACM Special Interest Group on Security, Audit and Control
Keynote Speaker: Senator Dennis DeConcini (D - Arizona)
Luncheon Speakers: Ralph V. Carlone, GAO
Dave Fitzsimmons, Cartoonist, Arizona Daily Sun
Distinguished Lecture in Computer Security: Dorothy E. Denning, DEC
Tutorial Program, Monday, 3 December 1990
Morrie Gasser, DEC, "Security In Distributed Systems"
Brett Fleish, Tulane, "Introduction to Trusted Computer System Design"
Richard Linde, Unisys, "Penetration Testing"
Charles Martin, Duke Univ. "Applying Formal Methods by Hand"
Tutorial Program, Tuesday, 4 December 1990
Morrie Gasser, DEC, "Security in Distributed Systems II"
Teresa Lunt, SRI, "Approaches to Database Security"
E. J. Humphreys, British Telecom, "OSI Security"
David Snow, ITT, "Risk Management"
John McHugh, CIT, "Software Safety"
Technical Program, Wednesday - Friday, 5-7 December 1990
Technical Paper Sessions
+ Trusted System Development (architecture, design,
formal methods, auditing, user interface)
+ Network Security
+ Security Engineering (risk assessment, life cycle)
+ ISO Standards
+ Data Base Security (research, application)
+ Non DOD Applications
+ DOD Applications
+ Integrity
Panel Sessions
+ Computer Crime
+ Trusted System Development
+ Education and Ethics
+ Trusted Subject-based DBMS
+ Software Safety
+ Certification of Professionals
+ Security Standards for Open Systems
+ Computer Security in Government Labs
Special Events: Biosphere II: a prototype of the Earth for the future;
Sonora Desert Museum: living animals and plants of the Sonoran Desert Region
Additional Information For a copy of the advance program, which includes rates,
schedule, registration form, and special activities, contact: Diana Akers,
Publicity Chair, (703) 883-5907, akers%[email protected].org , Victoria
Ashby, Co-Chair, (703) 883-6368, ashby%[email protected].org , The MITRE
Corporation, 7525 Colshire Dr., McLean, VA 22102
Advance Programs will be available early September. Please request one at that
time. Conference proceedings and videotape of the Distinguished Lecture will
be available. Program Subject To Change.
------------------------------
End of RISKS-FORUM Digest 10.19
************************
** End of text from cdp:comp.risks **
|
|
