RISKS DIGEST 10.19

 /** comp.risks: 9.0 **/

** Topic: RISKS DIGEST 10.19 **

** Written 11:11 am  Aug 10, 1990 by risks in cdp:comp.risks **

RISKS-LIST: RISKS-FORUM Digest  Friday 10 August 1990   Volume 10

: Issue 19


        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED

SYSTEMS 

   ACM Committee on Computers and Public Policy, Peter G. Neumann,

moderator


Contents:

  Computers as counterfeiters? (Will Martin)

  Computer voice recognition monitor for gang members (Rodney

Hoffman)

  U.S.-supplied Saudi air defense software not working (Jon Jacky)

  Hubble Trouble: `Astonishing' error of about 1 mm (Lauren

Weinstein)

  Re: British Rail signalling software problem (Pete Mellor)

  Re: "compress" and the Unisys patent (Anonymous)

  Re: Design for the real world (Robert Biddle)

  Computer Security Applications Conference (Marshall D. Abrams) 


The RISKS Forum is moderated.  Contributions should be relevant,

sound, in good

taste, objective, coherent, concise, and nonrepetitious.  Diversity is welcome.

CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line

(otherwise they may be ignored).  REQUESTS to RISKS-Request@CSL.SRI.COM.

TO FTP VOL i ISSUE j:  ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>

cd sys$user2:[risks]<CR>GET RISKS-i.j <CR>; j is TWO digits.  Vol summaries in 

risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory listing of back issues.

ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.


----------------------------------------------------------------------


Date:     Thu, 9 Aug 90 12:36:58 CDT

From: Will Martin <wmartin@STL-06SIMA.ARMY.MIL>

Subject:  Computers as counterfeiters?


"Run for the hills! Congress is in session!"


The following item was included in a column on printer technology in the

August '90 issue of "St. Louis Computing," a tabloid freebie local paper:


"...computer printers have become so advanced that the Treasury Department 

is concerned that they will soon be used to print money. Michigan

Senator Donald W. Riegle Jr. has introduced a bill that would make it a

crime to possess any device that the Treasury Department concludes would

facilitate counterfeiting."


Hmmmm.... I hope the generality is in the reporting and not in the proposed

legislation, because "any device" as cited above includes eyeballs,

pencils, engraving tools, paper, ink, color copiers, and millions of

other items both mundane and esoteric... If the legislation is actually

written so broadly or vaguely, I nominate it for "dumb bill of the month".


Anyone out there know the actual details of this proposal?

                                                               Will Martin


------------------------------


Date: 10 Aug 90 08:26:53 PDT (Friday)

From: Rodney Hoffman <Hoffman.ElSegundo@Xerox.com>

Subject: Computer voice recognition monitor for gang members


According to a story by John Kendall in the 'Los Angeles Times' 10 August

1990, a computerized voice recognition system will be used in a six-month

pilot program to assure that gang members on probation stay home during

"Red Alerts," declared by the Probation Dept.


>From the article:  


"A computer will telephone designated gang members at random during the

hours they are restricted.  The computer will direct them to state their

names and repeat after the computer as it names several states.  The

computer will then electronically analyze their responses and compare the

findings with voice tapes made earlier.  If the computer questions any of

its contacts, it will notify monitors, and a probation officer will be sent

to check in person....


"Probation Department Deputy Director Michael Lindsey ... expects the

computer monitor program to be in place sometime this month.  If it is

deemed a success, he wants to extend electronic monitoring to the entire

county, with upward of 1,000 gang members in the system eventually.  But

first, the present program must be perfected, he says.


"The $19,000 system employs a computer and voice-analysis software provided

free to the Probation Department for six months by BI Inc., a Boulder, CO

firm.  Currently, four college students are preparing background

information for the computer on 100 gang members.  Next, deputy probation

officers will record their charges' voices for comparison by computer.


"When gang trouble develops, the police and probation officers will

identify the gangs involved, determine what members are on probation and

tell them individually to stay home for periodic checks by the computer.

Lindsey hopes that computer monitoring will afford soft-core gang members

an excuse to stay out of trouble."


------------------------------


Date:    Fri, 10 Aug 1990 9:53:38 PDT

From: JON@GAFFER.RAD.WASHINGTON.EDU   (Jon Jacky)

Subject: U.S.-supplied Saudi air defense software not working


The following excerpts appeared near the end of a story in THE SEATTLE

POST-INTELLIGENCER, Aug 10, 1990 p. A2:


BOEING FLYING FAMILIES OUT OF SAUDI ARABIA by Bill Richards


... Most of Boeing's employees work on either the Saudi's Airborne Warning and

Control System (AWACS) aircraft or on the ground-based Peace Shield network.

... The $1.2 billion Peace Shield system, which consists of a network of

computerized radar and communications equipment designed especially for the

Saudis, has been a problem for Boeing.  The equipment was designed as a

ground-based air defense system to complement the airborne AWACS, but Boeing

engineers are still attempting to debug the system's softwear [sic].  The

softwear is made by Computer Sciences Corp. of El Segundo, Calif.  Boeing

officials said Peace Shield was scheduled to be completed next year, but is

behind schedule.  


"The system is not up and running," Boeing spokesman Don Brannon said

yesterday.  Brannon said most of the Peace Shield activity underway in Saudi

Arabia now involves construction work .... 


- Jon Jacky, University of Washington, Seattle   jon@gaffer.rad.washington.edu


------------------------------


Date: 09 Aug 90  1748 PDT

From: Lauren Weinstein <UCL@SAIL.Stanford.EDU>

Subject: Hubble Trouble: 'Astonishing' error of about 1 mm (excerpt)


By PAUL RECER, AP Science Writer

    WASHINGTON (AP) - A NASA committee investigating the focusing flaw that

crippled the Hubble Space Telescope said Thursday that there was an error of

about 1 millimeter in a measuring device used to grind the telescope mirrors.

In the precise world of optics, such an error is ``astonishing,'' said one

expert.  

    A one-page statement released by NASA said a committee investigating the

Hubble problem found that a measuring device called a reflective null corrector

had been adjusted incorrectly when the primary mirror was being ground and

polished at the Hughes Danbury Optical Systems plant in Danbury, Conn.  Hughes

Danbury had preserved the null corrector in the exact position that had been

used to grind and polish the mirrors in the early 1980s and the investigation

committee tested the device on Wednesday.

    Preliminary results of the test, the statement said, ``have revealed

a clear discrepancy of approximately one millimeter between the

design of the null corrector and the device as it exists.''  [...]

    Daniel Schulte, a senior scientist at the optical laboratory at the

Lockheed Palo Alto Research Laboratory in California, said that an error of

that magnitude was ``astonishing.'' ``That's gross,'' he said. ``There's no

reason for an error of that size to be tolerated.''  Schulte said that in

normal optical manufacturing, a tolerance of a 20th or a 50th of a millimeter

is considered ``standard tolerance.''  He said the error was so large ``it had

to be a transposition of numbers or something like that, that was carried

through. It had to be something clerical like that.''  Schulte, an astronomer,

was a member of an independent panel named by NASA to evaluate the Hubble

focusing flaw just after it was discovered in June.

    A null corrector is a device that can be adjusted to create a pattern of

light in the exact shape desired in an optical lens or mirror. The light

pattern from a null corrector is interpreted by another device to tell a

computer the precise grinding and polishing pattern that must be followed.

However, if the null corrector is set wrong, then the lens or mirror will be

ground to an incorrect shape. In effect, the optics are then made to the wrong

prescription and cannot give the expected focus.  [...]


------------------------------ 


Date: Fri, 10 Aug 90 00:49:06 PDT

From: Pete Mellor <pm@cs.city.ac.uk>

Subject: Re: British Rail signalling software problem


Many thanks to Clive Feather for explaining (RISKS-10.18) what probably

happened when a BR signalman closed down a part of the network because he

could (apparently) no longer trust the information displayed to him.


Disclaimer: I know next to nothing about railway signalling, so I could only

quote the Guardian news item verbatim (but adding a few speculations of my own).

Clive is obviously much better informed.


On one point, however, I do stand firm. That is the manufacturer's preposterous

(at any rate, it sounded preposterous to me) claim that the system was still 

'under test'.


As Clive says:


> First you test it on a model railway. Then you hook in the display system in

> parallel with the existing one, and see what happens. Eventually, however, you

> have to go live.


I entirely agree, but that was my point: when you go live, the system is no

longer 'going through a testing stage' as the manufacturer said. If the system

is 'under test', then, as Clive says, you run it *in parallel* with the

existing system (as the final stage of its trial). The new system goes live,

without back-up parallel systems, when the manufacturer is confident that its

reliability is no worse than the system it replaces.


He can't have it both ways!


Peter Mellor, Centre for Software Reliability, City University, 

Northampton Square, London EC1V 0HB UK                          


------------------------------


Date: Fri, 10 Aug 1990 7:58:11 PDT

From: "Anonymous" <...>

Subject: Re: "compress" and the Unisys patent (Littman, RISKS-10.18)


The message in RISKS regarding compress was unnecessarily alarming.  In fact,

it really represents the start of a chain of hundreds of Usenet messages

discussing the Unisys patent in detail, including various postings by the

compress authors.  There is considerable question regarding software-only

implementations of the algorithms, *which* algorithms really are involved,

Unisys' true intentions, compression vs. decompression, validity or invalidity

of the patent if tested in court, etc.  It is not a simple situation, and there

is significant evidence that some people may have become alarmed unnecessarily,

or at the very least prematurely.


People who need more information about this subject should look over the entire

discussion if possible, not react to the initial statement.  This would seem to

be a risk of seeing only the first message in a chain!


There may yet be potential complications regarding compress and the Unisys

patent, but this is by *no* means an established fact at this point and is a

matter of active analysis at this time.


------------------------------


Date: Fri, 10 Aug 90 14:54:32 +1200

From: Robert.Biddle@comp.vuw.ac.nz

Subject: Re: Design for the real world (RISKS-10.18)


>From our library computer:

Callmark      Main Collection                          Status : In

               TS171.4 P213 D 2ed

     TITLE   Design for the real world : human ecology and social change /

             Victor Papanek. 2nd ed., completely rev.


      NAME   1. Papanek, Victor, 1925-


   IMPRINT   London : Thames and Hudson, 1985.

    EXTENT   xxi, 394 p. : ill. ;


     NOTES   First published: New York : Pantheon Books, 1971.

             Includes index.

             Bibliography: p. 351-385.


   SUBJECT   1. Design, Industrial.


And a very interesting, if often anectodal, book it is too.


Robert Biddle, Computer Science, Victoria University, Wellington NEW ZEALAND


------------------------------


Date: Mon, 06 Aug 90 13:47:02 -0400

From: (Marshall D. Abrams) <abrams@soldier.mitre.org>

Subject: Advance notice of Computer Security Applications Conference


Marshall D. Abrams, The MITRE Corporation, 7525 Colshire Drive, Mail Stop Z269,

Mc Lean, VA 22102 phone: (703) 883-6938 FAX: (703) 883-5639 [effective 7/10/90]


              Sixth Annual Computer Security Applications Conference


                                December 3-7, 1990

                       Westward Look Hotel, Tucson, Arizona


                                   Sponsored by

                     American Society for Industrial Security

                      Aerospace Computer Security Associates


                                in cooperation with

                 IEEE Technical Committee on Privacy and Security

                American Institute of Aeronautics and Astronautics

             ACM Special Interest Group on Security, Audit and Control


Keynote Speaker: Senator Dennis DeConcini (D - Arizona)


Luncheon Speakers: Ralph V. Carlone, GAO

                   Dave Fitzsimmons, Cartoonist, Arizona Daily Sun


Distinguished Lecture in Computer Security: Dorothy E. Denning, DEC


Tutorial Program, Monday, 3 December 1990


Morrie Gasser, DEC, "Security In Distributed Systems"

Brett Fleish, Tulane, "Introduction to Trusted Computer System Design"

Richard Linde, Unisys, "Penetration Testing"

Charles Martin, Duke Univ. "Applying Formal Methods by Hand"


Tutorial Program, Tuesday, 4 December 1990


Morrie Gasser, DEC, "Security in Distributed Systems II"

Teresa Lunt, SRI, "Approaches to Database Security"

E. J. Humphreys, British Telecom, "OSI Security"

David Snow, ITT, "Risk Management"

John McHugh, CIT, "Software Safety"


Technical Program,  Wednesday - Friday, 5-7 December 1990


            Technical Paper Sessions

                +  Trusted System Development (architecture, design, 

                   formal methods, auditing, user interface)

                +  Network Security

                +  Security Engineering (risk assessment, life cycle)

                +  ISO Standards 

                +  Data Base Security (research, application)

                +  Non DOD Applications 

                +  DOD Applications

                +  Integrity


            Panel  Sessions   

          +  Computer Crime

                +  Trusted System Development

                +  Education and Ethics

                +  Trusted Subject-based DBMS 

                +  Software Safety 

                +  Certification of Professionals

                +  Security Standards for Open Systems

                +  Computer Security in Government Labs


Special Events: Biosphere II: a prototype of the Earth for the future;

Sonora Desert Museum: living animals and plants of the Sonoran Desert Region


Additional Information For a copy of the advance program, which includes rates,

schedule, registration form, and special activities, contact: Diana Akers,

Publicity Chair, (703) 883-5907, akers%smiley@gateway.mitre.org , Victoria

Ashby, Co-Chair, (703) 883-6368, ashby%smiley@gateway.mitre.org , The MITRE

Corporation, 7525 Colshire Dr., McLean, VA 22102


Advance Programs will be available early September.  Please request one at that

time.  Conference proceedings and videotape of the Distinguished Lecture will

be available.  Program Subject To Change.


------------------------------


End of RISKS-FORUM Digest 10.19

************************

** End of text from cdp:comp.risks **



Comments

Popular posts from this blog

BOTTOM LIVE script

Evidence supporting quantum information processing in animals

ARMIES OF CHAOS