The Risks Digest Volume 2: Issue 12

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2: Issue 12

Tuesday, 18 Feb 1986

Contents

Risks in automobile microprocessors -- Mercedes 500SE: Peter G. Neumann
Train safeguards defeated: Chuck Weinstock
Security Safeguards for Air Force Computer Systems: Dave Platt
How can Alvin Frost fight City Hall?: Jim DeLaHunt
More Plutonium/Shuttle: Martin J. Moore
Computerized Voting -- talk by Eva Waskell: Wednesday eve
19 February
MIT
Info on RISKS (comp.risks)

Risks in automobile microprocessors -- Mercedes 500SE

Peter G. Neumann Tue 18 Feb 86 20:28:05-PST

We have had the El Dorado brake microprocessor recall, the Mark VII
computerized air suspension recall, and the on-going CB interference problem
in automotive microprocessors.  For the record, let me add the current
manslaughter trial of John C. (Sandy) Walker, who was driving when his 1982
Mercedes 500SE went into an uncontrollable skid.  He escaped, but his
passenger was killed in the resulting flames.  An "accident reconstruction
specialist", Paul O'Shea (also a consulting engineer for Mercedes and NASA,
and winner of three championship races), testified that the state-of-the-art
anti-skid braking system malfunctioned.  When working properly, it is
designed to slow the vehicle gracefully, and "will leave no skid marks, no
matter how hard you step on the brakes."  The longest skid marks from the
accident on 9 June 1984 on the Silverado Trail in the Napa Valley were
measured at 368 feet!  One line of investigation is that mechanical defects
might have caused a fire in the engine compartment, resulting in the
malfunction of the brake computer.  O'Shea noted that the emission-control
system had been fitted with rubber hoses where metal hoses should have been,
and which were placed too close to a heat-producing exhaust header.
    [SF Chronicle 5 Feb 86]

Train safeguards defeated

Tuesday, 18 February 1986 15:49:12 EST

You will recall the recent head-on collision between a Via passenger train
and a freight in Canada [Risks-2.9].  A recent series of relevant messages
on the railroad discussion list follows.  For background, note that the
Burlington Northern Railroad has had a significant number of "cornfield
meets" (railroad slang for train collisions) in the past few years.  Many
were later blamed on alcohol and drugs being used by the crew.  (It has
gotten so bad that when the BN notified the community that it would
transport no steam locomotives over it's most reasonable route to Vancouver
for the Expo there, many railfans breathed a sigh of relief...they wouldn't
want to trust something as precious as a steam locomotive to a railroad with
a history of collisions.)

Chuck
- - - - Begin forwarded message - - - - [...]
From: FarleighSE 

 Security Safeguards for Air Force Computer Systems
Dave Platt 
Tue, 18 Feb 86 12:31 PST
From the Los Angeles Times, 2/17/86:

"WASHINGTON (UPI) - The Air Force has failed to properly safeguard 77% of
its computer systems, allowing the possible breach of classified data on
space boosters, 'Star Wars' technology and major weapons systems, Pentagon
auditors and officials say.
   The security vulnerability also extends to sensitive data on the MX and
Midgetman missiles and B-1 and F-16 aircraft, they say.
   An Air Force official, responding to queries about the disclosure,
said that he was '95% confident' that no 'actual compromises' of classified
information on computers had actually occurred.
   The Air Force Audit Agency, which inspected eight bases, sharply
criticized officers at each facility for failure to inspect safeguards,
such as lead boxes designed to limit electromagnetic signals emitted
by the equipment..."



 How can Alvin Frost fight City Hall?
Jim DeLaHunt 
Mon 17 Feb 86 18:22:01-PST
I am intrigued by the apparent success of analyst Alvin Frost's attempt to
keep the city of Washington, DC out of their own computer.  With one 7-
character password (and apparently physical access to the machine) he seems
to be able to keep certain files out of the reach of his superiors.  Does
anybody know:
    * What machine, OS, etc. this is?
    * Whether his superiors have in fact cracked his protection?
    * What sort of data protection systems are immune to a legitimate
      systems manager logging on as root (or OPERATOR or whatever)?
    * What is actually going on here?

Send responses to me; I will be glad to summarise to the net.
    --Jim DeLaHunt, Stanford University     JDLH @ SU-Sushi.ARPA



 More Plutonium/Shuttle
"MARTIN J. MOORE" 
0 0 00:00:00 CDT
The 2/17/86 issue of Aviation Week contains an article entitled "Officials
Disagree on Data Assessing Shuttle Reliability."  The main topic of the
article is the danger of plutonium contamination from nuclear shuttle
payloads in case of an accident (I seem to have heard about this somewhere
before :-).  I recommend the article to the RISKS readership.  One quote from
Robert K. Weatherwax, author of a study titled "Review of Shuttle/Centaur
Failure Probability Estimates for Space Nuclear Mission Applications"
[December 1983] seems to answer the questions we were throwing around:

   We concluded that many, if not most, solid rocket motor failures would
   result in some release of plutonium, or at least a high likelihood of
   that.  We recommended more safety analyses be done to evaluate the
   likelihood of booster failures in conjunction with this nuclear risk.
   A nuclear payload cannot explode, but it can be broken up, vaporzied or
   fragmented.  You would have prompt fatalities on the ground and substantial
   contamination in eastern Florida [if a catastrophic launch failure
   occurred.]  In a worst possible case, you could double the entire worldwide
   burden of plutonium in the atmosphere.

Weatherwax is head of Sierra Energy and Risk Assessment, located in
Sacramento.  Sierra was contracted by the Air Force to perform the study.



 [BERLIN: Computerized Voting]
"Steven A. Swernofsky" 
Tue, 18 Feb 86 23:06:33 EST
...
Date: Tue 18 Feb 86 13:51:03-EST
From: Steve Berlin 


Report problems with the web pages to the maintainer