31-May-86 09:59:22-PDT,17057;000000000000 Mail-From: NEUMANN created at 31-May-86 09:57:29 Date: Sat 31 May 86 09:57:29-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.57 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Saturday, 31 May 1986 Volume 2 : Issue 57 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: SUMMARY OF RISKS VOLUME 2, COLLECTED IN RISKS-2.57. ---------------------------------------------------------------------- RISKS-2.1 1 Feb 86 First Six Months of the Forum in Retrospect; *** Updated Disaster List *** (Peter G. Neumann) RISKS-2.2 1 Feb 86 More on Shuttle destruct systems (Martin J. Moore, Sean Malloy, Brint Cooper) The Challenger [non]accident (Herb Lin) Redundancy (D. Cook) Galileo Plutonium power (Martin Schoffstall, James Tomayko) VDT's and birth defects in mice (Dan Hoey) ORCON dissemination constraint on RISKS 1.43 (Ted Lee) RISKS-2.3 1 Feb 86 The possible vs the impossible (Dave Parnas) RISKS generalizations (Jim Horning) Challenger speculation (Henry Spencer) Possible triggering of the self-destruct mechanism (Don Wegeng) Redundancy in the Shuttle's Computers (Mark S. Day) Galileo Plutonium power (Herb Lin) Icing the Shuttle (Jim McGrath) RISKS-2.4 2 Feb 86 Solid propellants (Mike McLaughlin) Plutonium (Jim McGrath) SRB Self-Destruct Mechanisms (Clive Dawson) Details on the 1981 Quebec election -- a program bug (Jean-Francois Lamy) RISKS-2.5 3 Feb 86 SRBs and What the Computers Should Monitor (Sean Malloy, Charley Wingate) SRB survival (Bill Keefe) Physical Security at the Cape (Tim Wicinski) A hard rain is gonna fall, (Marc Vilain) Correction re Galileo plutonium (James Tomayko) Quebec Election (Dan Craigen) SCRIBE time-bomb goes off! (Peter G. Neumann) RISKS-2.6 4 Feb 86 Shuttle computers (Marc Vilain) -- from NY Times SRBs and Challenger (Mike Iglesias) -- from LA Times Galileo, Plutonium, Centaur, physical security [4 messages] (Henry Spencer) RISKS-2.5 & "Some simple calculations" (Bob Ayers) A hard rain is gonna fall. (Herb Lin) By the slip of a finger ... (Ted Lee) RISKS-2.7 6 Feb 86 The lesson of Challenger (Barry Shein) Mistaken Arrest due to computer error (Steve Rabin) Denial of [Religious] Service (Chris Guthrie) Earthquake Monitoring Systems (Gary T. Leavens) Mice & CRT Radiation (Ted Shapin) SRBs, What the Computers Should Monitor, and Expert Systems? (Jim Giles) Redundancy in the Shuttle's Computers (K. Richard Magill) Nuclear Cargo in the Shuttle (Larry Shilkoff) Software Protection Symposium (Barbara Zayas) RISKS-2.8 7 Feb 86 Expert systems and shuttles (Michael Brown, Dave Platt) Plutonium (Martin J. Moore) Earthquake Monitoring Systems (Mike Raugh via Matt Bishop, Hal Murray, Eugene Miya) RISKS-2.9 9 Feb 86 Computerized train wreck? ... Computer-induced stock-market swings. (Martin Minow) Selectively Displaying Data -- Boeing 767 EFIS (Alan M. Marcum) Cape Range Safety Display Systems (Lynne C Moore) RISKS-2.10 12 Feb 86 Computerized aircraft collision avoidance (Peter G. Neumann) Computerized Feedback and the Stock Market (Eric Nickell) Analyst Changes City Treasurer's Computer Code (Mike McLaughlin) Plutonium on the Space Shuttle (Tom Slone) Request to RISKS Readers from COMPASS 86 (COMPuter ASSurance) (Al Friend) RISKS-2.11 16 Feb 86 SF Federal Reserve Bank 2 Billion Dollar Goof (SF Chron via Peter G. Neumann) Washington D.C. Analyst's Password Game (AP via Geoff Goodfellow) Boeing 767 EFIS -- compare Airbus A320 (Rob Warnock) Networks Pose New Threats to Data Security (InfoWorld-86/2/10 via Werner Uhrig) RISKS-2.12 18 Feb 86 Risks in automobile microprocessors -- Mercedes 500SE (Peter G. Neumann) Train safeguards defeated (Chuck Weinstock) Security Safeguards for Air Force Computer Systems (Dave Platt) How can Alvin Frost fight City Hall? (Jim DeLaHunt) More Plutonium/Shuttle (Martin J. Moore) Computerized Voting -- talk by Eva Waskell (Wednesday eve, 19 February, MIT) RISKS-2.13 20 Feb 86 Dec. 8 cruise missile failure caused by procedural problems (Martin J. Moore) Computerized voting (Matt Bishop) Non-science quotations on Plutonium (Bob Ayers) Software Piracy (D.Reuben) Air Force Security Safeguards (Stephen Wolff) Shuttle Safety (NYTimes News Summary) RISKS-2.14 24 Feb 86 Automotive Problems Intensify (Peter G. Neumann) A hard rain is gonna fall (around March 23) (Martin J. Moore) Misdirected modems (Alan Silverstein) Witch hunts, or Where does the buck stop? (M.L. Brown) Spells and Spirits (Steve Berlin) RISKS-2.15 25 Feb 86 Software Safety Survey (Nancy Leveson) Titanic Effect (Nancy Leveson) F-18 spin accident (Henry Spencer) Space shuttle problems (Brad Davis) Misdirected modems (Matt Bishop) RISKS-2.16 25 Feb 86 Volunteers to study security of computerized voting booths? (Kurt Hyde) Our Economy Is Based On Electricity (Jared M. Spool) Misdirected modems (Jared M. Spool) The Titanic Effect (Earl Boebert) RISKS-2.17 28 Feb 86 Replacing humans with computers? (Nancy Leveson) Eastern Airlines stock (Steve Strassmann) Computerized stock trading and feedback systems (Kremen) Computer Voting Booths (Larry Polnicky) Reliance on security (Jong) AI risks (Nicholas Spies) Data Encryption Standard (Dave Platt) RISKS-2.18 28 Feb 86 Titanic and What did I overlook? (Hal Murray) Titanic Effect (Jong) Computers placing telephone calls (Art Evans) Misdirected modems (Sam Kendall) Modems and phone numbers (David Barto) Misdirecting my modem (Mike McLaughlin) Power-outages, & other failures of central DP systems (Dave Platt) Computer voting booths (Dave Platt) Data Encryption Standard (Chris McDonald) RISKS-2.19 2 Mar 86 A word from Isaac Asimov about Robots (Bryan) AI risks (John Shore) Replacing Humans with Computers (David desJardins) On-line Slot Machines (Jeff Makey) RISKS-2.20 2 Mar 86 Risks in Encryption (Jerry Saltzer) NSA and encryption algorithms (Curtis Jackson) Low-Tech Computerized Voting (Harry S. Delugach) Risks in ballot-counting systems (Larry Campbell) Misdirected modems (Richard H. Lathrop) RISKS-2.21 3 Mar 86 The risks of (not) using Robots (Hal Murray) Computerized Voting Booths (Larry Polnicky) No-carrier detection by misdirected modems (Dave Platt) RISKS-2.22 5 Mar 86 Voting receipt (Mike McLaughlin) Voting booths (Jim McGrath) Computerized Voting (Tom Benson) Replacing humans with computers (Alan M. Marcum) Electricity's power (Marianne Mueller) RISKS-2.23 6 Mar 86 Computerized voting (Jeff Mogul, Larry Polnicky, Peter G. Neumann) ATM Ripoff (Dave Curry) Internet importance/robustness (Tom Perrine) RISKS-2.24 8 Mar 86 Computerized ballot stuffing (Andy Kegel) Progress report on computerized voting (Kurt Hyde) Wild Modems (Bjorn Benson) Misdirected modems (Phil Ngai) Power outages (Phil Ngai) Earthquake problems with Nuclear Reactors (Lindsay F. Marshall) RISKS-2.25 10 Mar 86 Balloting (Barbara E. Rice) Canceling ballots (Jim McGrath) Bank robbery (Curtis Jackson) Earthquake problems with Nuclear Reactors (throopw) Modems DON'T WORK AS SUPPOSED (Brent Chapman, Martin J. Moore, Phil Ngai) RISKS-2.26 14 Mar 86 Integrity of the Electoral Process (Mark Jackson) Ballot Secrecy (Lindsay F. Marshall) Nuclear waste-land (Jerry Mungle) Nuclear disasters (Lindsay F. Marshall) 103/212 modems (Ephraim) RISKS-2.27 15 Mar 86 Overload of a different sort [Air traffic stoppage] (Ted Lee) Cordless Phones Cry Wolf! (Peter G. Neumann) The Mob Breaks into the Information Age (Mike McLaughlin) [Non]computerized train wreck (Mark Brader) Ballot Integrity; Specialization in Decision-Making (Tom Benson) Network Security, Integrity, and "Importance" (Kurt F. Sauer) Modems (James R. McGowan) RISKS-2.28 17 Mar 86 Risks of commission vs. risks of omission (Dave Parnas and Peter G. Neumann) The TIME is RIPE -- a clock problem (Peter Neumann) Mailer Gone Mad? (Landrum) Money Talks (Matthew Kruk) Another discourteous modem (Glenn Hyatt) Will the modem discussions ever hang up? (Rob Austein) RISKS-2.29 17 Mar 86 Commission vs. Omission (Martin J. Moore plus an example from Dave Parnas) A Stitch in Time (Jagan Jagannathan) Clockenspiel (Jim Horning) Cordless phones (Chris Koenigsberg) Money talks (Dirk Grunwald, date correction from Matthew Kruk) [Non]computerized train wreck (Mark Brader) On-line Safety Database (Ken Dymond) RISKS-2.30 18 Mar 86 Classes of Errors (Scott Rose) Range Safety System (David desJardins) Commission vs omission (Geoffrey A. Landis) Stupid Clock Software (Dave Curry) Control characters in headers from eglin-vax (Martin J. Moore) Money Talks (Prasanna G. Mulgaonkar) RISKS-2.31 19 Mar 86 Still more on shuttle destruct systems (Martin J. Moore) Clock Synchronization (Andy Mondore) Timestamp integrity at system startup (John Coughlin) Danny Cohen on SDI (Charlie Crummer) Two more mailer problems (Sidney Markowitz) Marking money for the blind (Atrocity Joelll) Why would anyone want to computerize voting? (Larry Campbell) RISKS-2.32 20 Mar 86 Om/Comm-ission, and analysis of risks (Niall Mansfield) RSO's and IIP's (Dave Curry) Complex systems ru(i|n)ning our cities (Mike Mc Namara) Re: Two more mailer problems (Bernard S. Greenberg) Banknotes for the visually handicapped (Nigel Roberts, Barbara E. Rice) Psychological and sociological consequences (Harald Baerenreiter) RISKS-2.33 23 Mar 86 RSO's and IIP's - Martin Moore's response (Dave Curry) Omissions/commissions and missile destructs (Chris McDonald) Blind and Paper Money (sdo) Two Cases of Computer Burglary (NY Times) RISKS-2.34 27 Mar 86 RSO's and IIP's - Martin Moore's response (Henry Spencer) Range Safety: a final word (Martin Moore) Someone really sophisticated, with a Ph.D... (Nigel Roberts, Keith F. Lynch) RISKS-2.35 30 Mar 86 San Jose Library (Matthew P. Wiener, Ken Laws) Inter-system crashes (Rich A. Hammond) RISKS-2.36 1 Apr 86 Errant Clocks (Barry Shein) Computer Illiteracy (Matthew P. Wiener) San Jose Library (Dick Karpinski, Holleran) Psychological and sociological consequences (Dave Benson) More inter-system crashes (Henry Spencer) COMPASS 86: A Progress Report (Al Friend) RISKS-2.37 6 Apr 86 Request for information about military battle software (Dave Benson) Programming productivity (Henry Spencer) Space Shuttle Software (via PGN) Open-and-Shut Case Against Reagan's Command Plane (Geoffrey S. Goodfellow) Computer Illiteracy (Matt Bishop) RISKS-2.38 8 Apr 86 The UK Driving Vehicle Licensing Centre (Brian Randell) Computer crime wave (Chris Hibbert) Programming productivity (Herb Lin) Request for information about military battle software (Scott E. Preece) Aviation Week Technical Survey: AI & Aviation (Werner Uhrig) RISKS-2.39 11 Apr 86 $36 million accounting mistake (Graeme Hirst) Admissability of computer files as evidence? (Kathryn Smith) "Rapid advance" of SDI software (Walt Thode) Blame-the-computer syndrome (JAN Lee) Hackensack Phone Snafu (Dirk Grunwald) RISKS-2.40 12 Apr 86 GREAT BREAKTHROUGHS [Red Herrings swimming upstream?] (Dave Parnas) Military battle software ["first use", "works"] (James M Galvin, Herb Lin, Scott E. Preece, Dave Benson) First use - Enterprise (Lindsay F. Marshall) RISKS-2.41 13 Apr 86 Computer Naivete (Lindsay F. Marshall) Admissability of computer files as evidence (Scott E. Preece) Programming productivity (Henry Spencer) The San Jose Public Library [and responsibilities] (Sriram Vajapeyam) RISKS-2.42 14 Apr 86 Robot safety (Ron Cain via Bill Park) Use of computer files as evidence (Rob Horn) Review of *Softwar* (Gary Chapman) Computerized Voting -- No Standards and a Lot of Questions (Summary of Eva Waskell's talk by Ron Newman) RISKS-2.43 17 Apr 86 Re: Review of *Softwar* (Marvin Schaefer) GREAT BREAKTHROUGHS (Herb Lin) Star Wars software advance (AP) Smart bombs in Libya (Washington Post) Pacific Bell Bills (SF Chronicle) BU joins the InterNet... (Barry Shein) RISKS-2.44 21 Apr 86 Why Simulation Is A Good Thing... (Lynne C. Moore) Hacking & forgery laws (Robert Stroud) Strategic Systems Reliability Testing (Dan Ball) SDI (Larry Campbell) Cost of phone billing error (Dave Redell) Normal Accidents and battle software (Dave Benson) Psychological risks, part II (Dave Benson) RISKS-2.45 28 Apr 86 HBO gets Hacked:: We Interrupt This Program ... for a Viewer Protest. (Geoff Goodfellow, Frank J. Wancho) Ball's contribution on Polaris and SDI (from Dave Parnas) SDI Reliability Testing - Offensive deterrent vs SDI (Jon Jacky) What are the limits to simulation? (Eugene Miya) Reference on admissibility of computer records (Bill Cox) Phone billing error at Pacific Bell, etc. (John Coughlin) Cracked Libya Defense (Udo Voges) Challenger article (Ron Minnich) RISKS-2.46 29 Apr 86 Martin J. Moore (on Challenger article) TV "piracy" (Nicholas Spies) HBO -- Hacked Briefly Overnight (Mike McLaughlin) The dangers of assuming too much -- on TMI-2 (J. Paul Holbrook) A POST Script on Nuclear Power (Peter G. Neumann) RISKS-2.47 1 May 86 HBO hacking (Phil R. Karn, Dan Franklin) What are the limits to simulation? (Herb Lin) Strategic Systems Reliability Testing (Herb Lin) Correction on Challenge Discussion (Jeff Siegal) RISKS-2.48 3 May 86 Failure to Backup Data (James H. Coombs) Computer detracting from effective communication? (Bruce A. Sesnovich) Words, words, words... (Mike McLaughlin) Copyright Laws (Matthew Kruk) Re: Correction on Challenger (Martin J. Moore) RISKS-2.49 7 May 86 Perrow on reactor containment vessels (Richard Guy) Captain Midnight (Scott Dorsey, MRB) NSA planning new data encryption scheme - they'll keep the keys (Jon Jacky) Espionage (Mike McLaughlin) The Star Wars Swindle (Dave Weiss) Backups (Will Martin) Interpreting Satellite Pictures (Lindsay F. Marshall) Word-processing damages expression (Niall Mansfield, PGN) Proofreading vs. computer-based spelling checks (Dave Platt) RISKS-2.50 8 May 86 Refocus the discussion, please! (Bob Estell) [Response.] Also, Delta rocket shutdown (Peter G. Neumann) Large systems failures & Computer assisted writing (Ady Wiernik) DESisting (dm, William Brown II) Failure to Backup Data (Greg Brewster) RISKS-2.51 11 May 86 Reliability limits (Brian Randell) NSA assigning encryption keys (Jay Elinsky) HBO pirate (Lauren Weinstein) Failure to Backup Data, by James H. Coombs (Roy Smith) Admissibility of legal evidence from computers (Mike McLaughlin) Electronic document media (Mike McLaughlin) RISKS-2.52 13 May 86 Launch failures (Phil R. Karn) Brittleness of large systems (Dave Benson) HBO (Scott Dorsey, Dave Sherman) Word processing -- reroute [reroot?] the discussion (Chuq Von Rospach) RISKS-2.53 16 May 86 A late report on the Sheffield (AP [from Martin Minow], LA Times [Dave Platt] News items [Lobsters; Eavesdropping] (Alan Wexelblat) More Phone Bill Bugs... (Dave Curry) Backup problems (Davidsen, Roy Smith) RISKS-2.54 25 May 86 Meteorites (Larry West) Meteorites, Chernobyl, Technology, and RISKS (Peter G. Neumann) London Stock Exchange Computer System Crash (Lindsay F. Marshall) Backup (Fred Hapgood, Bruce O'Neel) RISKS-2.55 28 May 86 Culling through RISKS headers; SDI (Jim Horning) Blind Faith in Technology, and Caspar Weinberger (Herb Lin) Risks of doing software quality assurance too diligently (PGN from Chris Shaw and the Torrance Daily Breeze) Collegiate jungle (Mike McLaughlin) Decease and Desist -- Death by Computer (Deborah L. Estrin) The Death of the Gossamer Time Traveler (Peter G. Neumann) Computer Ethics (Bruce A. Sesnovich) RISKS-2.56 30 May 86 A joke that went wrong (Brian Randell) Computer Program for nuclear reactor accidents (Gary Chapman) On risks and knowledge (Alan Wexelblat) [Excerpt] Technical vs. Political in SDI (Dave Benson) Are SDI Software predictions biased by old tactical software? (Bob Estell) Culling through RISKS headers (Jim Horning) RISKS-2.57 31 May 86 SUMMARY OF VOLUME 2 CONTRIBUTIONS ------------------------------ End of RISKS-FORUM Digest ************************ -------