Subject: RISKS DIGEST 18.28 RISKS-LIST: Risks-Forum Digest Thursday 26 July 1996 Volume 18 : Issue 28 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** Contents: Johannesburg Stock Exchange Computer Fails, Again (Scott Hazelhurst) Static Klingons and Dynamic Cash (Peter Wayner) Sweden will not set limits for electric and magnetic fields (Martin Minow) Cleaning person inadvertently kills patients (Archie Russel via Michael D. Crawford) DMV security code breached at hospital in New Haven (Ed Fischer) Risks of Using VISA Cash in Atlanta (Heather Hinton) Computer systems and the Olympic Games (Jose Reynaldo A. Setti) Esoteric Encryption Risks (Russ Broomell) More on the Ariane-5 Disaster (Jan-Peter Munk) Re: Western power outages (Mark Stalzer, Paul Green) Re: the complexity of everyday life (Scot E. Wilcoxon, Bryan O'Sullivan) ABRIDGED info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 24 Jul 1996 14:52:07 GMT From: scott@concave.cs.wits.ac.za (Scott Hazelhurst) Subject: Johannesburg Stock Exchange Computer Fails, Again On 22 Jul 1996, the Johannesburg Stock Exchange's automated trading system, JET, failed for the second time this month (*) (Source: *Johannesburg's Business Day* newspaper of 23 July). Fully automated trading only started on 10 June. After only forty minutes trading, the system failed as did the backup system, and did not come up again that day. Only R56m worth of trade was done, versus the average daily trade of R400m (R4.4 = US$1). Brokers complained of three negative consequences of this: - the loss of margins on trade (although that would be partially offset by greater trades the next day) - leaving many positions open for extended periods at a time of great stock market volatility both nationally and internationally - loss of foreign investment confidence in the JSE (**) *Business Day* of 24 Jul 1996 quoted the president of the JSE as saying that problems had been fixed and that there were no problems in trade on the 23rd. He described the error as an "an obscure network bug in the special coding written for the decentralised SA network".(***) Comment: * The first failure, on 1 July, was attributed to "human error". ** The article said that the system was supplied by the Chicago Stock Exchange, and that it had been fixed by "technicians from the Chicago Stock Exchange". I would have thought that this would cause investors to worry more about the Chicago Stock Exchange. *** I wonder what a non-obscure bug would be, if an obscure one stops trading on a large stock exchange (13th by market capitalisation, I believe) for almost a full day. Hopefully all of this will help our Dependable Computing group raise funds from industry. Scott Hazelhurst, Dept. of Computer Science, University of the Witwatersrand, Johannesburg, 2050 Wits, South Africa +27 11 716-3806 scott@cs.wits.ac.za ------------------------------ Date: Wed, 24 Jul 1996 18:34:35 -0400 From: Peter Wayner Subject: Static Klingons and Dynamic Cash Devoted and casual RISKS readers will both want to dig up the 24 Jul 1996 edition of the *Wall Street Journal*, which has two very important stories on the front page. The first is a followup to the digital cash heist where about one half a billion dollars disappeared through counterfeit cards used in Japanese Pachinko parlors. The story notes that the idea to use cards could be traced to a CIA briefing that suggested that the North Korean government was building nuclear weapons with money laundered through pachinko parlors controlled by Koreans living in Japan. The cards were supposed to bring accountability and traceability. Instead billions of yen disappeared. The article leaves the impression that the money ended up in Korea, although no one can really be sure of anything except that it is gone from the balance sheets of the corporations that developed the cards. The second article describes how static electricity is beginning to be a real problem. The opening image comes from a room where the votes on a new tax levy were being tallied by computer. The first run of the computer showed the new tax being rejected by the voters. OOOPS. A bit of anti-static magic fluid was spread around the computer and the second run showed the new tax passing much to the relief of the people in power. The article goes on to say other interesting things about static, leaving RISKS readers hanging: How do they *know*a which is the correct count? I bet I can guess which choice ended up being official. ------------------------------ Date: Tue, 23 Jul 1996 23:01:36 -0700 From: Martin Minow Subject: Sweden will not set limits for electric and magnetic fields An article in the Swedish newspaper, *Svenska Dagbladet* (23 Jul 1996, http://www.svd.se/svd/ettan/X0006_Grnsvrden.html) by Annika Carlsson notes that Sweden will not establish limits for electrical and magnetic fields. Instead, the government has agreed on a "policy of watchfulness" (foersiktighetspolicy). The article notes that, when a choice is possible, one should choose technical solutions that yield the lowest electrical and magnetic fields. Lars-Eric Paulson, researcher at SSI (The National Radiation Protection Institute) stated: "We lack necessary research. When we started working two years ago, we thought that research would yield limiting values, but this couldn't be accomplished." Research did determine, however that, among the approximately 70 Swedish children that get leukemia every year [out of a population of about 9 million], one case is due to large electric power transmission lines. [Note: I'm unsure of the proper translation here. A literal translation would use "depends on" where I wrote "is due to." This would seem to be a rather strong statement.] Furthermore, about ten people per year get cancer because of "wandering currents." I.e., electric currents that choose a path different than what is intended, thus causing a doubled electric field: partially from the wandering current and partially from the electric wiring. The lack of a national policy has led to different approaches. For example, Solna, a suburb of Stokholm, choose to run a major electric transmission underground even though, as Lars-Eric Paulsson notes. this wasn't recommended on electric field suppression grounds. However, Solna chose the more expensive alternative because of social and psychological concern for the residents in the transmission line's path. According to SSI, no other country has set limits for electric and magnetic fields. The value of 0.2 micro-Tesla has been used at times, but there is no evidence that more intense fields are dangerous. [Please excuse my clumsy translation.] Martin Minow, minow@apple.com (former resident of Solna) ------------------------------ Date: Wed, 24 Jul 1996 23:27:06 -0700 From: "Michael D. Crawford" Subject: Cleaning person inadvertently kills patients I don't know if this is true, but it sounds plausible. [Similar cases have been reported previously in the RISKS archives.] >>From: Archie Russell >> >>"For several months, our nurses have been baffled to find a dead patient in >>the same bed every Friday morning" a spokeswoman for the Pelonomi Hospital >>(Free State, South Africa) told reporters. "There was no apparent cause for >>any of the deaths, and extensive checks on the air conditioning system, and >>a search for possible bacterial infection, failed to reveal any clues." >> >>"However, further inquiries have now revealed the cause of these deaths. It >>seems that every Friday morning a cleaner would enter the ward, remove the >>plug that powered the patient's life support system, plug her floor polisher >>into the vacant socket, then go about her business. When she had finished >>her chores, she would plug the life support machine back in and leave, >>unaware that the patient was now dead. She could not, after all, hear the >>screams and eventual death rattle over the whirring of her polisher. >> >>"We are sorry, and have sent a strong letter to the cleaner in question. >>Further, the Free State Health and Welfare Department is arranging for an >>electrician to fit an extra socket, so there should be no repetition of this >>incident. The enquiry is now closed." >> >>from (Cape Times, 6/13/96) >>BTW, the headline of the newspaper story was, "Cleaner Polishes Off >>Patients." Mike Crawford crawford@scruznet.com http://www.scruznet.com/~crawford/ ------------------------------ Date: Thu, 25 Jul 1996 09:47:40 -0400 From: EdFischer@aol.com Subject: DMV security code breached at hospital in New Haven A security employee at the Hospital of St. Raphael in New Haven apparently disclosed a security access code (password?) for telephone access to DMV records, supposedly to be used only to check records following accidents or car breakins on the hospital campus, but of course providing access to all DMV records. The access code should not have been disclosed, and the employee's code and all other hospital codes have been cancelled, pending review. [Source: *Hartford Courant*, 25 July 1996, PGN Abstracting] Edward Fischer, Director, Information Systems, Post-Newsweek Stations, Inc. 3 Constitution Plaza, Hartford CT 06103 (860) 493-2522 ed@postnewsweek.com ------------------------------ Date: Thu, 25 Jul 1996 09:43:40 -0400 (EDT) From: hhinton@mailhost.ee.ryerson.ca (Heather Hinton) Subject: Risks of Using VISA Cash in Atlanta The following article was included in "The Globe and Mail", a Toronto, Canada newspaper on Monday, July 22 (p.1, Section C): >From Neil A. Campbell of the Globe's Olympic staff: "In an effort to be on the cutting edge of the Games, one of my $20 bills was exchanged last week for a $20 VISA cash card. The Olympics are being used to hype this new product, which is basically an Interac card without the PIN number. Just about everybody in Atlanta is supposed to be accepting VISA cash cards but the $20 card is unblemished because the only merchant who knew anything about it had a machine that wasn't working. Colleague Jan Wong was able to buy two coffees with her $5 card. But VISA cash can't be combined with real cash, so she is currently wandering Atlanta searching for something that costs $1.44, including tax, so she can kiss off VISA cash forever." from Heather Hinton, hhinton@ee.ryerson.ca ------------------------------ Date: Thu, 25 Jul 1996 09:52:39 -0200 From: "Jose Reynaldo A. Setti" Subject: More on computer systems and the Olympic Games Among all problems that are embarrassing the ACOG, some are really funny, as the *Toronto Globe and Mail* reports today: Results were flowing faster yesterday, but the Info '96 database, which is supposed to provide biographical information to journalists and others, was still shaky. Biographies of many famous athletes, including U.S. long jumper Carl Lewis, were unavailable, and information on others was so poor as to call the whole system into question. Lisa Neuberger, a sailor who carried the flag for the Virgin Islands at the opening ceremonies, is listed as being 95 years old. Sule Olaleye of Nigeria is the 125th-ranked table-tennis player in the world. It is no wonder he is so unaccomplished--the computer insists he is only 17 centimetres tall. The risks of depending on computers is that they tend to make you older, shorter and probably fat and bald, too. Dr. Jose Reynaldo Setti, Universidade de Sao Paulo, Dept. of Transport Engineering 13560-250 Av. Carlos Botelho, 1465, Sao Carlos, SP Brazil ------------------------------ Date: Thu, 25 Jul 96 09:43 EST From: "-Broomell, Russ" Subject: Esoteric Encryption Risks While I'm not an expert in encryption, I have been following the on-going discussions on increasing standards. It seems to me that there's a broader risk that we're ignoring. It really hit home the other night... A friend and I were having dinner, and since he knows that I work with computers for a living, he asked what I thought about taking customer orders through his web site. He had heard something about credit cards not being secure and wanted to know what I thought. I made the mistake of asking him how he put handles computer security in general. He says that he uses the internet to send new product designs and costs to and from his manufacturers. If he feels they are *really sensitive* he uses a disk compression program with password protection. Then, for large files, he has his *computer person* copy the files to a directory on his web site - and he e-mails the location and password to the intended recipient. He *makes sure there's no link pointing to the file, so nobody can find it* and then deletes it after the recipient has acknowledged receipt. The risk here is obvious - the discussion of 100+ bit encryption is lost on this guy - he uses little or no encryption for data protection. Although maybe we can find a lesson here, that anonymity is still the best policy. ------------------------------ Date: Wed, 24 Jul 1996 09:46:38 GMT From: Jan-Peter Munk Subject: More on the Ariane-5 Disaster Today (24 Jul 1996) here in Berlin, the local newspaper *Der Tagesspiegel* published some facts from the final inquiry report about the Ariane-5 disaster on 4 Jun. This report was officially released on Tuesday, 23 Jul. In accordance to the report the Ariane-5 crash was caused by a faulty software. 37 secs after lift-off no information about present position and course was available. The data was to be delivered by a redundant set of Inertial Reference Systems (IRS). But two of these platforms (subsystems) failed. This failure was not(!) considered by the test software which ran before the lift-off. The official inquiry commission found out that the IRS was designed for the preceding model, Ariane-4. That's why on 4 June 1996 a function was called that was supposed to align the missing Inertial platforms. But: This function was not necessary for Ariane-5! However, this alignment function overloaded the computer, and as a result, the necessary data was not delivered. "This [design, JPM] fault could have been discovered", Mr. Wolfgang Kubbat (Darmstadt U of Technology) as a member of the inquiry commission was cited. The vice chairman of the commission, Mr. Lennart Luebeck, emphasized the demand for better and more realistic tests. The president of the European Space Agency (ESA), Mr. Luton, said that there won't be a discussion on the system architecture [of Ariane-5, JPM]. He estimates a total cost rise for the program of about 2 to 4 percent (current state: 37 billion FF/ 11 billion DEM). The next launch of a Ariane-5 is considered for spring 1997. Jan-Peter Munk (student), Daimler-Benz AG, Research and Technology Alt-Moabit 96a, D-10559 Berlin munk@DBresearch-berlin.de JPMunk@t-online.de [BTW, The brief quote cited in RISKS-18.27 by Pat Lincoln was followed in the full text by this: > The extensive reviews and tests carried out during the Ariane > 5 development programme did not include adequate analysis and > testing of the inertial reference system or of the complete flight > control system, which could have detected the potential failure. > Despite the series of tests and reviews carried out under the > programme, in the course of which thousands of corrections were > made, shortcomings in the system approach concerning the > software resulted in failure to detect the fault. It is stressed that > alignment function of the inertial reference system, which served > a purpose only before lift-off (but remained operative afterwards), > was not taken into account in the simulations and that the > equipment and system tests were not sufficiently representative. http://www.esrin.esa.it/htdocs/tidc/Press/Press96/press33.html PGN] ------------------------------ Date: Wed, 24 Jul 1996 10:16:22 -0700 From: stalzer@macaw.hrl.hac.com (Mark Stalzer) Subject: Re: Western power outages (Pettit, RISKS-18.27) Tracy Pettit wrote an interesting piece in RISKS-18.27 on the US power grid and it vulnerabilities. I want to take issue with one point however, namely that setting electricity rates in a market will lower reliability. [...] I think a market based approach might let us discover a better balance between cost and reliability. The bond market is a good analogy, the cost of US treasuries for a given rate is higher than corporate bonds since people are willing to pay more for the reliability of government bonds (please, no laughing). Similarly, many consumers of electricity (municipal distributors) will probably be willing to pay a bit more for power from a utility that has a good reliability record. Others might go after the cheapest power possible, even with outages, to perform tasks that are not time critical like pumping water into a reservoir or charging electric cars. You might get an increase in reliability if redundant networks of different grades of power start to appear. The overall impact on reliability is difficult to say, but it might actually improve. Mark Stalzer, mas@acm.org ------------------------------ Date: Wed, 24 Jul 96 17:39 EDT From: Paul_Green@vos.stratus.com Subject: Re: Western power outages (Pettit, RISKS-18.27) The Massachusetts Department of Public Utilities is currently undergoing a comment period regarding their proposed rulemaking on unbundling electric producers from transmission companies. If you act quickly you can get your comments submitted in a timely fashion. The brochure they had inserted in my electric bill says "The DPU will work to ensure that the new system will be as safe and reliable as the current structure." Where I live (fairly rural town), I estimate that the electric service is about 99% reliable; i.e., about 8 hours downtime/year. Not so good. While most outages are fairly short (~1 hour), each year we seem to get a major outage (~6 hours). Thus, I own a rather large generator, and I do use it. It is my understanding that most of our outages are transmission-related and are due to weather or motor vehicle accidents. The proposed rules are online at "http://www.magnet.state.ma.us/dpu/". The public comment period ends on August 2, 1996. The E-mail address for comments is: "dpuask@state.ma.us". The postal address for comments is: Mary Cottrell, Secretary RE: DPU 96-100 Department of Public Utilities 100 Cambridge St Boston, MA 02202 USA Paul Green, Sr. Technical Consultant, Stratus Computer, Marlboro, MA. [Typo (DPU) corrected in archive copy. Further correction noted in RISKS-18.29. PGN] ------------------------------ Date: Tue, 23 Jul 1996 22:58:15 -0500 From: "Scot E. Wilcoxon" Subject: Re: the complexity of everyday life (Norman on Tenner, RISKS-18.27) >The main emphasis is on the unintended side effects of human introduction >of items alien to the culture or environment Keep this in perspective. The complexity of everyday life in developed countries is much simpler than the complexity of everyday life for Man in the wild. Without our technology, we would spend a lot of time fending off our natural environment (including germs, lice, and predators) and feeding ourselves (hope for global temps to rise to normal so there's more food and more large animals to hunt). Scot E. Wilcoxon sewilco@fieldday.mn.org ------------------------------ Date: Tue, 23 Jul 1996 17:45:54 -0700 (PDT) From: "Bryan O'Sullivan" Subject: Re: the complexity of everyday life (Norman on Tenner, RISKS-18.27) RISKS of books about RISKS? In RISKS-18.27, Don Norman recommends Edward Tenner's "Why Things Bite Back" as a fine book on the unintended consequences of technology. While I am inclined to agree that it makes a diverting light read, I would not commend it for serious perusal. As Caitlin Burke's review of this book (which may be found at http://www.thenetnet.com/) makes clear, Tenner is somewhat confused by his subject matter, and is prone to undermining his own points through the lightweight treatment he devotes to them. [Caitlin Burke ] The most notable instance of this she cites is Tenner's coverage of Post-Traumatic Stress Disorder (PTSD). Tenner suggests that the improved ability of the military to treat wounded soldiers and return them to service was a major factor the high incidence of PTSD, making no mention of much more important issues such as the nature of the training soldiers received, their youth, or disapproval of the war "back home". While Tenner's proclivity towards undermining the ironies he seeks to expose through the introduction of unintended ironies of his own is unfortunate, his book is an enjoyable, and largely (even studiously) uncontroversial, romp. One final caution is, however, in order: "Why Things Bite Back" focuses much more on biological issues than on those relating to computers, and as such may not provide substantial grist for the mills of RISKS readers. ------------------------------ Date: 19 July 1996 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use BITNET LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] The INFO file (guidelines, submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. All contributors are assumed to have read the full info file. ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 18.28 ************************