ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Another false apprehension -- erroneous database information Human Error Blamed for Soviet N-Plant Problems Shuttle Atlantis out to launch Risks of getting used to computers Index of Known MsDos Malware: 998 viruses/trojans Sometimes they even warn you about the pitfalls (self-trapping) Smart cockpit with no backup Black boxes in autos for accident "facts" Re: Artificial Dissemination Info on RISKS (comp.risks)
Another false apprehension -- erroneous database informationHerb Caen, the San Francisco Chronicle's chronicler of the chronic and (a)cute, starts off the 25 July 91 column with this ad infin-item: Dennis Perry, an Oakland truck driver, and his good friend, Yvonne Kendrick -- both are black --- rented a Hertz car to drive to Maryland to visit his family. They took along his 4-yr old dghtr, Danielle, and all went swimmingly until they were stopped in white-bread Williamsburg, Iowa, for no apparent reason. The police ran a check on the car and found it listed by Hertz as stolen. It wasn't, of course, but during the 24 hours it took Hertz to correct the mistake, Dennis and Yvonne were held in jail and Danielle went to a juvenile home. Atty. Dennis Hecht is handling the inevitable suit." The next item was on Judge Clarence Thomas not being able to get a cab in DC. After that came another item for our series of computer-addressed mail: Jayne Valdez of Antioch forwards a copy of PG&E's closing bill addressed to her late father, "Bob A. Speake, Deceased," with this neatly boxed encomium printed on it: "Bob Speake, deceased for the last 12 months, you had an excellent payment record. If you need to establish credit at another utility, you may use this message as a credit reference."
Human Error Blamed for Soviet N-Plant ProblemsMoscow -- Human error caused 20 of the 59 shutdowns at Soviet nuclear power plants in the first six months of 1991, the Trud newspaper reported yesterday. "It is not the first time that we have to admit the obvious lack of elementary safety culture in running reactors," Anatoly Mazlov, the government's head of nuclear safety, said. Mazlov reported that Soviet nuclear power plants worked at only 67 percent capacity in the first six months of 1991. [San Francisco Chronicle, 24Jul91, p.A8]
Shuttle Atlantis out to launchThe 24Jul91 morning launch was scrubbed. An NPR report indicated a "faulty engine computer". Postscript: The 25Jul91 San Fran Chronicle paper had a picture of Atlantis mission commander John Blaha and mission specialist Shannon Lucid holding their ears while fellow crew members taxied their T-38 trainers. The caption briefly mentioned the computer problem (with no details), but also noted that Blaha and Lucid's T-38 failed to start for a return to Houston! (T-38s require an external jumpstart.) It is perhaps worth contemplating whether computer failures have now become so commonplace that newspaper folks decided there was no need for coverage of the launch scrub itself!
Risks of getting used to computers
The Sunday, July 21 edition of the Los Angeles Times has a story headlined
"LAPD Begins Crackdown on Computer Messages." The story reports that the new
program is "aimed partly at finding and punishing" officers who sent offensive
personal messages cited in the recent Christopher Commission report (issued in
the wake of the Rodney King beating) as evidence of departmental racism and
sexism. The program "is also aimed at stopping...even innocuous personal
messages."
The story goes on to state that several officers have been assigned to the task
of spot-checking daily printouts of messages. "Efforts [will be] made to find
out who sent" offending messages. It also reports that "snooping by
headquarters has led to a 25% decline in...traffic."
"Creating a context for the messages is...difficult because [of an] inflexible
computer program," according to the article. Only chronological printouts are
available, making it difficult to extract messages relating to a particular
car. Messages from a patrol car are not identified as to which of two officers
sent them, although sergeants, who occupy cars alone, can be uniquely
identified. "The department is trying to get computer experts to write
programs" that will extract messages from one car.
I see two risks here. The first, of course, is to the officers, who became so
comfortable with the computer system that they forgot (or perhaps were never
aware?) that their messages could be monitored. The second is to the
department, which is now unable to extract useful data from their files. (This
makes me wonder. Wouldn't it be useful to them in court cases to be able to
extract the messages from a particular car over a period of an hour or so?)
I also wonder if the Electronic Communications Privacy Act would apply here.
Did the officers have a reasonable expectation of privacy in any of their
messages?
Geoff Kuenning geoff@ITcorp.com uunet!desint!geoff
Index of Known Malware: 998 viruses/trojans
After weeks of work and excellent assistance of David Chess, Yisrael Radai,
Alan Solomon, Padgett Peterson and some others, I just published the "Index of
Known Malicious Software: MsDos systems". It covers most of the viruses and
trojans reported in this arena (similar indices for Amiga and Macintosh to
follow later this year). When summing up, I was deeply depressed: the index
counts:
120 virus families ("strains)") with 59 more sub-families
with 744 viruses, variants and clones
plus 7 trojans,
and 228 single (non-strain) viruses
plus 19 trojans
*** totalling 998 pieces of malware ***
Though some people (including Alan Solomon) foresaw 1,000 viruses later this
year, the rise in figures has been underestimated. As this development is
likely to continue, antivirus experts should cooperate even more strongly than
contemporarily discussed.
At the same time, the July edition of VTCs Computer Virus Catalog describes
+ 8 AMIGA viruses totalling 54 viruses
+10 Macintosh viruses totalling 20 (out of 28 existing)
+14 PC viruses/trojans totalling 84
The disparity between "virus known" and "viruses classified" (with the aim to
maintain a good quality over quantity of classification) demands other tools
and methods for analysis, classification and production of countermeasures. We
are working harder to a more actual version of Virus Catalog; I am glad that
Mr.Jahn joined VTC (for a doctor workm on secure databanks), and that Vesselin
Bonchev will join us next week for a (not yet specified) dissertation. On the
Moreover, I appreciate any cooperation with serious antivirus experts.
VTC documents (Index of Known Malicious Software: IMSDOS.791; Index of Virus
Catalog: Index.791; all entries classified up to now) are now available from
FTP:
Our FTP server: ftp.rz.informatik.uni-hamburg.de
Login anonymous
ID as you wish (preferably your name)
dir: directory of available information
cd pub/virus: VTCs documents
Hoping that this works, I will be absent (with Auto-Reply on) on a sailing trip
(with my schooner "Arethusa" which is a small replica of BLUENOSE but with
staysails) until August 18. 1991. Klaus Brunnstein, Hamburg
Sometimes they even warn you about the pitfalls (self-trapping alarms)I have a car with a built-in burglar alarm. The alarm is activated if the last door locked is locked from the outside without a key (by locking it on the INSIDE and then holding onto the door handle while closing the door). That means that it doesn't matter who leaves the car first; the alarm will still be armed at a sensible time. Once the alarm is armed, any attempt to open a door from the inside (after breaking a window, for example) or to start the car, without first unlocking one of the doors from the outside with a key, will set off the alarm. Do you see the pitfall? The owner's manual actually warns about it. Suppose you're sitting in the car with a passenger. You have locked the door from the inside. Your passenger gets out, locking the other door from the outside. That has just armed the alarm. It is now impossible for you to get out of the car or start the engine without setting off the alarm. With luck, you noticed this was going to happen when the "alarm" light on the center console started flashing; if you caught it in time you could unlock your door from the inside and stop it from arming. Once it's been armed, though, all you can do is get out of the car, setting off the alarm, and then turn off the alarm from the outside by unlocking the driver's door with the key. I hope your passenger didn't take the key.
Smart cockpit with no backup
The May 20 issue of Aviation Week (I'm catching up on old issues) has a short
piece on the avionics being planned for the USAF's new fighter, the Lockheed
F-22. It's no surprise that flight information will be displayed on
computer-driven digital displays. What is a bit surprising is that the usual
set of small mechanical backup instruments will not be present. Talk about
flight-critical software...
Henry Spencer at U of Toronto Zoology utzoo!henry
black boxes in autos for accident "facts"