Subject: RISKS DIGEST 14.26

Subject: RISKS DIGEST 14.26
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Tuesday 12 January 1993 Volume 14 : Issue 26

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Florida Rental Car Scam (Dewey Coffman)
Computer games may endanger your health (Olivier MJ Crepin-Leblond)
Ford's honesty saves county $2 million (John Cigas)
Name+birthdate=no drivers license (Bruce Hayden)
Student Load Errors Blamed on Computer (Steve Peterson)
"Softkiller" as Arts? (Klaus Brunnstein)
Computer Theft of Criminal Records (Gary McClelland)
Computer hacking of flight details "was illegal" (Jonathan Bowen)
Upcoming Telephone Number problems (Rob Horn)
FAA prohibits pilot knowing GPS altitude in IFR flight (Jim Easton)
Risks of networks (Larry WB Ching via Monty Solomon and Jerry Leichter)
Version numbers (Andrew Marchant-Shapiro)
About Computer Expense... (Paul Robinson) [humor?]
Re: Large Foreign Exchange Rates (Mark Brader, Peter Trei, Dik Winter)
Correction on Computers, Freedom and Privacy 1993 (Bruce Koball)
1993 Complex Systems Engineering Synthesis and Assessment (C.A. Meadows)

The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to [email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 14, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to [email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Sun, 10 Jan 93 18:16:35 CST
From: [email protected] (Dewey Coffman)
Subject: Florida Rental Car Scam

Ex-Car Rental Owners Indicted, FORT LAUDERDALE, Fla. (AP)
Value Rent-A-Car Inc. rigged its COMPUTER system to set up a scam
overcharging customers who returned their cars with less than a full tank, a
federal indictment says. The indictment returned Friday says Steven M. Cohen,
one of three former owners charged, fixed Value's computer system in 1988 to
add five gallons to the fuel tank capacity of every vehicle in Value's fleet.
This allowed the company to overcharge customers who turned in the car with
less than a full tank.
Federal prosecutor Lothar Genge said that through 1991, about 47,000
customers were slapped with the phony charge, which ranged from a couple of
dollars to $10 or $15. Mitsubishi Motor Sales bought the company in 1990 and
is looking for ways to pay back the overcharges, Genge said.

------------------------------

Date: Thu, 7 Jan 1993 22:47:24 +0000
From: Olivier MJ Crepin-Leblond <[email protected]>
Subject: Computer games may endanger your health

Nintendo Inquiry Launched

The Government is probing claims of health hazards to children playing
computer games like Nintendo. The informal inquiry follows reports that two
boys in Cardiff had been struck down with epileptic fits.

Baroness Denton, junior Consumer Affairs Minister, has called for an urgent
report: `It is important to know if there are any health risks.
[From Teletext service on Carlton TV & Channel 4 (UK), Thursday 7th Jan 93]

Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department
Imperial College of Science, Technology and Medicine, London SW7 2BT, UK

------------------------------

Date: 07 Jan 1993 16:59:41 -0500 (CDT)
From: "I. LOVTUSKI" <[email protected]>
Subject: Ford's honesty saves county $2 million

Here is an excerpt from an article in the Kansas City Star, January 7, 1993:

Ford's honesty saves county $2 million, by Anne Lamoy

An alert bookkeeper at the Ford Claycomo assembly plant saved Clay County
from cheating itself out of $2 million. When paying the county's business
personal property taxes recently, Ford's bookkeeper realized that the
plant's two tax bills were much smaller than in previous years. Much, much
smaller. "When the original bills were printed, they left off a digit,"
Clay County Assessor Shirley Quick said Wednesday. "And that digit meant $1
million." In fact, both tax bills were exactly $1 million short, thanks to
a computerized data entry error.

The article goes on to state that Ford is the only company that owes more than
1 million in business personal property taxes in the county. It doesn't say
whether this is the first time their bill contained 7 digits.

John Cigas, Rockhurst College [email protected]

------------------------------

Date: Fri, 8 Jan 1993 05:33:14 GMT
From: [email protected] (Bruce Hayden)
Subject: Name+birthdate=no drivers license

Today on a trouble shooting talk show in Denver, a caller called in to
complain that his license had been revoked, and he had to leave his car since
he couldn't drive.

Apparently, he had renewed his drivers license recently (required every three
years in Colorado). At that time, a database check was made of the other 49
states. There was a match, based on birthdate and name. The other person with
the same name and birthdate, had a suspended Penn. drivers license, based on a
drunk driving conviction.

Based on that match, his license was summarily revoked, and notice was mailed
to him to that effect. (Which he apparently had not yet received). The license
showed revoked at a routine traffic stop some time later. It is not clear how
automatic the revocation process is. In any case, no hearing is offered before
the revocation.

The driver was especially upset because:
1) he had had a Colorado drivers license for 25 years.
2) he had never been to Pennsylvania, and
3) he didn't drink.

The burden is apparently upon him to prove the the Colorado DMV that they had
the wrong man. At present he is still fighting the organization trying to get
his license reinstated.

Bruce E. Hayden (303) 758-8400 [email protected]

------------------------------

Date: Tue, 12 Jan 93 10:57:50 CST
From: Steve Peterson <[email protected]>
Subject: Student Load Errors Blamed on Computer

The following appeared in the Minneapolis Star Tribune, 1/12/92:

STUDENT LOAD ERRORS BLAMED ON COMPUTER (AP)

Because of a computer problem, thousands of college students have been sent
notices ordering them to begin repaying loans that aren't due, a loan-
processing company in St. Paul [Minnesota] says.

Shirley Chase, an attorney for EduServ Technologies, formerly known as Hemar
Corp., said problems with a new computer system caused a backlog in
processing student requests to defer payments. She said the company hopes
to clear up the backlog by the end of February. More than 10,000 deferment
forms are backlogged, she said.

Because of the backlog, some students who are entitled to postpone their
loan payments have gotten notices urging them to pay and some have been
contacted by a collection agency. Chase said EduServ has "bent over
backward" to make sure no adverse credit reports are filed with credit
bureaus because of the delay. EduServ processes loans issued by banks and
other lenders and make sure payments are current.

Comment: Given that they probably had a choice of whether to send dunning
notices to everyone or temporarily stop sending them, it shouldn't be
surprising which choice they made.

Steve Peterson, FOURTH SHIFT Corporation, 7900 International Drive,
Bloomington, MN 55425 USA [email protected]

[My daughter reported in from Massachusetts that she had seen a
message displayed in front of JD Auto Sales off Rte 128 in Swampscott
MA, with something like the following message:

TO ERR IS HUMAN.
TO BLAME IT ON A
COMPUTER IS EVEN MORESO.

An old RISKS theme, worthy of reminder. PGN]

------------------------------

Date: Mon, 11 Jan 1993 13:41:30 +0100
From: [email protected]
Subject: "Softkiller" as Arts?

FLATZ, leading performance artist from Munich (Bavaria) recently advertised
"SOFTKILLER - the first buyable computer art virus". For MS-DOS systems,
you may buy a diskette (in limited version: 20 diskettes each 1,800 DM equiv.
about 1,100$; or unlimited version: 500 diskettes each 300 DM equiv. 185$)
which after start will display some FLATZ head on the screen while formatting
the disk. Advertised shortly before xmas as "the ultimate donation for PC
owners", FLATZ explicitly warns that SOFTKILLER overwrites disks on data and
will overwrite itself after execution.

After publication of this advertisement, Bavarian Criminal Agency became
involved to analyse whether this might imply a crime of "computer sabotage"
(German Penal Code, section 303b) according to which the destruction of
programs and data which are essential for some person or institution will be
prosecuted. In the analysis, FLATZ admitted that his software was not
self-reproducing and therefore no virus. Moreover, his "attack on the
computerworld" is mentioned in capital letters on the envelope. On the other
side, distribution via BBS (though not foreseen by him) this warning is lost.

At this time, no test or reverse engineering of SOFTKILLER has been done.
Probably, it is technically not worth the effort. But with some probability,
other artists may come up with similar "ideas". Happy,Healthy and Riskless 1993

Klaus Brunnstein (University of Hamburg, North Germany, January 10, 1993)

------------------------------

Date: Fri, 8 Jan 1993 11:22:59 -0700
From: [email protected] (Gary McClelland)
Subject: Computer Theft of Criminal Records

An AP story in the Boulder Daily Camera (1/8/93) reports a familiar story with
a few new variations.

A private investigator and two police employees have been indicted by a Denver
grand jury for improperly obtaining the criminal histories of 8,559
individuals. The Private Eye paid $3 to $5 per search and as much as $1,300
per week (he kept great records!). The scheme unraveled when a co-worker of
the police employee who was doing the snooping became angry that her colleague
was spending so much time looking up names that she was falling behind in her
regular work. So after seeing a "criminal history format" on her screen that
she was not supposed to be using, the co-worker turned her in. A computer log
revealed that on the day she was caught, she had run checks on 95 people! It
turns out that a transaction recording system allowed investigators to
reconstruct all 8559 criminal history searches. With such a great logging
system it seems strange that no one noticed 8559 extra searches; if the
co-worker hadn't got the extra work dumped on her, these folks would still be
stealing criminal records.

gary mcclelland, univ of colorado, [email protected]

------------------------------

Date: Tue, 12 Jan 93 15:04:24 GMT
From: [email protected]
Subject: Computer hacking of flight details "was illegal"

Today's UK newspapers are full of the story on the British Airways (BA)
"dirty tricks" campaign against Virgin and their successful suing by
Richard Branson. Of particular relevance to "risks" is the following
extract from the Independent newspaper (p6, 12 January 1993):

... The [BA] team were told that in future, their key task would be
to access highly confidential information from their rival's
[Virgin's] computer system.
"We were shown how to get the information by tapping into our computer
terminals in the Helpline office. We tapped in with our regular BA code
and called up the Virgin flight numbers".
In common with many other airlines, Virgin rents out a segment of a
vast computer known as Babs - British Airways Booking System. Mr Khalifa
and his colleagues simply tapped into it. "We could see on the Babs
computer system when flight is open [sic], when it closed, if it was
delayed and how many passengers were due to board".
For the next nine months the Helpline hackers provided BA with critical
information on Virgin's flights.

Jonathan Bowen, Oxford University

[A much longer version of this article was reported
by Bob Dowling <[email protected]>. PGN]

------------------------------

Date: Fri, 8 Jan 93 11:48:27 EST
From: horn%[email protected] (rob horn)
Subject: Upcoming Telephone Number problems

I don't recall mention on Risks of the impending problems with modem networks.
The North American telephone numbering plan is being changed. This is going
to gradually lead to problems for all the people with long distance numbers
that are pre-stored in documents, files, programs, and modems.

The change (as I understand it) is that the leading 1 digit should be used
ONLY when dialing outside the area code, rather than the current system that
imposes the need when dialing outside the local calling area. Then the area
code restriction to the form x0x or x1x will be removed. I expect the change
to be done carefully by the telco's so that mistakes will cause failure to
connect rather than incorrect connection.

Just to make things interesting, this change is being staged area code by area
code. So for people who plan to fix their internal stored numbers you need to
know when your area is being changed.

Rob Horn [email protected]

------------------------------

Date: Fri, 8 Jan 93 12:34:43 PST
From: [email protected] (Jim Easton)
Subject: FAA prohibits pilot knowing GPS altitude in IFR flight

I was recently informed that the KLN-90 GPS(Global Positioning System)
navigation unit used in airplanes was designed so that the pilot cannot
display the altitude the unit calculates from satellite data. It does display
the barometric altitude and will issue a warning if the barometric altitude
differs significantly from the GPS altitude.

On asking Bendix/King why they would deny a pilot information already computed
in the unit, the spokesperson explained that the calculated GPS altitude is
often several hundred feet different from the "officially correct" barometric
altitude, and that pilots might be so stupid as to try to fly by the GPS
altitude - thus putting themselves at risk of a collision. Accordingly, the
TSO(Technical Standards Order) by which the FAA defines approval of GPS
navigation systems for IFR(Instrument Flight Rules) prohibited them from
making GPS altitude information available to the pilot.

Last month I was flying in the clouds in mountains and experienced a failure
of the primary pressure altimeter in the aircraft. Cross checking a second
pressure altimeter with the GPS altitude on a non-TSO GPS navigator verified
that it was the primary altimeter that was wrong. Not having this information
could easily have resulted in my death. I would much prefer to educate pilots
about GPS altitude errors than to deny them the possibility of having what
could be lifesaving information.

Jim Easton, Box 889, Bonita, CA 91908 (619)548-0138

------------------------------

Date: Sat, 9 Jan 93 08:03:32 EDT
From: Jerry Leichter <[email protected]>
Subject: Risks of networks

[I pulled the following from a recent TELECOM Digest, and it may very well
have appeared elsewhere previously. But if ever there was an indication that
the Internet is not the safe playground we like to think it is, it's this.
Not only do we have to face new risks; we have to face new forms of old ones.
-- Jerry]

Date: Thu, 7 Jan 1993 03:34:36 -0500
From: Monty Solomon <[email protected]>
Subject: Sci.electronics Phone Fraud!

[Moderator's Note: Monty also passed this along for us today. PAT]

From: [email protected] (Larry WB Ching)
Newsgroups: sci.electronics
Subject: SCI.ELECTRONICS Phone fraud !!!
Summary: A recent attempt to rip-off sci.electronics correspondents.
Keywords: fraud, con artists, phone numbers
Message-ID: <[email protected]>
Date: 1 Jan 93 23:16:23 GMT
Sender: [email protected]
Organization: Portal Communications -- 408/973-9111 (voice) 408/973-8091

At about 6PM Thursday evening, I got a phone call. The operator said
that he had a collect call to me from Charles Pooley in New York. The
name was familiar, but I didn't remember exactly why. I said I would
accept the call, but then the "operator" said the call couldn't get
through because I had the call collect option blocked. He then said he
could pass the call through if I gave him my calling card number. I
said that I'd rather call Mr. Pooley myself, and could the "operator"
give me Mr. Pooley's number. There was a pause, then a phone number
with a San Jose area code! It didn't occur to me until later that , if
the call was from New York, why was the call-from number (408) !??!

I remembered that Charles and I had been corresponding on a topic from
sci.electronics. I was lucky enough to have an old message from him lying
around, and emailed him a message about my mysterious phone call.

Charles Pooley replyed to me today -- turns out the guy tried the same scam
on him too! But this time, the bogus operator said the collect call was from
me to Charles! Charles was also wary, and didn't give the crook his calling
card number.

So - WATCH OUT! How this con artist chose my name and Charles' to try is
beyond me. As far as public postings in sci.electronics, I don't think Charles
and I had exchanged more than four public postings. Most of our correspondence
has been via "private" email.

This has definitely raised my paranoia level. If, out of the millions of
public postings during 1992, someone should choose two correspondents who have
exchange only a slight amount of messages .... I mean, why us? Or, is there
a "boilerroom" operation going on, with a bunch of phony operators, armed with
USENET listings -- calling people with this con?

OH! - I may have put my phone number in one of my public
sci.electronics postings - that's probably how the scamsters make
their selection. Makes sense ...

CHILDREN BEWARE!!!

[email protected]

[Moderator's Note: I note the public access site you use for Usenet
(Portal Com) is located in area 408 (San Jose, CA). PAT]

[Also sent to RISKS by Mike LeVine,
levine%[email protected]]

------------------------------

Date: 7 Jan 93 14:35:00 EST
From: "MARCHANT-SHAPIRO, ANDREW" <[email protected]>
Subject: version numbers

Alas, Microsoft isn't the only software company sliding corrections in without
notice -- there are (at least) two versions of Digital Research's (really
wonderful) DR-DOS 6.0 floating around out there as well. In this case, the
problem isn't quite so critical: the early version will not run Windows 3.1,
apparently because of some hooks Microsoft inserted (rampant speculation).
Windows 3.0 will run, however. The new version, which has been fairly freely
distributed, but which has the SAME version number, corrects the Windows
incompatibility (which some might call an advantage). DR-DOS users should
check to make sure that their COMMAND.COM is dated 4-07-92 (or later?).

For me, this has created no serious problems, but I can forsee
situations in which failure to adhere to a reasonable numbering system
could lead to all kinds of headaches -- "What version of our software
are you using?" "Version 6.37a." "Yes, but WHICH version 6.37a...?"

Andrew Marchant-Shapiro Depts of Sociology and Political Science
USmail: Union College, Schenectady NY 12308 AT&T: (518) 370-6225
INTERNET: [email protected] BITNET: [email protected]

------------------------------

Date: Mon, 11 Jan 1993 17:19:55 EST
From: "Paul Robinson, Contractor" <[email protected]>
Subject: About Computer Expense...

The following item appeared on the Operations List on Bitnet, and I thought
I'd pass it on because it is unfortunately very true.

Date: Sun Jan 10, 1993 1:09 am EST
From: Mainframe Operations Discussion List
EMS: INTERNET / MCI ID: 376-5414
MBX: [email protected]

TO: Multiple recipients of list OPERS-L
EMS: INTERNET / MCI ID: 376-5414
MBX: [email protected]
Subject: Re: Some Good Old Standbys

> I came across these in a Usenet post and found them quite relevant

And one I saw in a humor column recently:

If the automobile industry were like the computer industry
over the past 30 years, a Rolls-Royce would now cost $5.00,
would get 300 miles to the gallon, and once a year would
explode killing all passengers inside!
- tom

[email protected] [email protected] (work)
{ucbvax,mcvax,uunet}!udel!mvac23!thomas

------------------------------

Date: Fri, 8 Jan 1993 01:28:00 -0500
From: [email protected] (Mark Brader)
Subject: Re: Large Foreign Exchange Rates (Kain, Risks-14.23)

> So in the face of unreasonable people (dictators, etc.), perhaps we
> need to use a floating point representation for the exchange rates
> - but I do think that one decimal digit for the exponent should be
> adequate.

He walks right into it!

According to the Guinness Book of World Records, in June 1946 the
Hungarian pengo [two acute accents on the o] reached a valuation of
1 / 1.3e20 of the gold pengo of 1931. Now I don't know what *that*
value was, but I think we can assume that the exchange rates with
at least some other currencies must have exceeded 1e19.

The German inflation of 1923 also went well past the 1e10 mark --
no pun intended -- if I recall correctly.

Mark Brader, Toronto utzoo!sq!msb, [email protected]

------------------------------

Date: Thu, 7 Jan 93 15:08:41 EST
From: [email protected] (Peter Trei)
Subject: Re: Large Foreign Exchange Rates (R. Y. Kain, RISKS-14.23)

>So in the face of unreasonable people (dictators, etc.), perhaps we need to
>use a floating point representation for the exchange rates - but I do think
>that one decimal digit for the exponent should be adequate.
^^^
I wouldn't be too certain. I don't have it hand, but I recall an
occasion when a South American currency (Paraguay?) depreciated to
billions (43 billion?) to one versus it's gold equivalent (it's in the
Guinness book of records).

It is easy to underestimate the size of data a program may be asked to
deal with, especially several years down the line. (See the Bank of New York
problems, recorded here several years ago, when a program suddenly had more
than 2^16 transactions/day). The cautious programmer will be generous to a
fault. The best case I've seen was in a banking program where dollar amounts
were stored as 96 bit integer quantities of pennies - this rolls over at
nearly $8E26, or about 792 trillion trillion dollars.
Peter Trei

------------------------------

Date: Fri, 8 Jan 1993 01:04:30 GMT
From: [email protected]
Subject: Re: Large Foreign Exchange Rates (Kain, RISKS-14.23)

The lack of need for seven digit accuracy is correct, the single digit
exponent is not. I have a German banknote of 1,000,000,000 Mark, barely
enough to buy a bread by one month after issue. I have also seen German
stamps of 1,000,000,000,000,000,000 Mark (Eine Trillionen Mark, German
trillions of course). That was in the early twenties of course. And I add
that at that time Germany was a democratic country, no unreasonable people
were involved.

dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland
home: bovenover 215, 1025 jn amsterdam, nederland; e-mail: [email protected]

------------------------------

Date: Thu, 7 Jan 93 14:34:46 PST
From: "Peter G. Neumann" <[email protected]>
Subject: Correction on Computers, Freedom and Privacy 1993 (RISKS-14.21)

Bruce Koball reports that the net address for cfp93 information and
registration reported in RISKS-14.21 should have been [email protected].
However, Bruce's address was correct, so this should not have caused anyone
too much trouble.

------------------------------

Date: Fri, 8 Jan 93 10:49:36 EST
From: [email protected] (Catherine A. Meadows)
Subject: CSESAW93 call for papers

CALL FOR PAPERS

1993 Complex Systems Engineering Synthesis and Assessment
Technology Workshop (CSESAW '93)

July 20-22, 1993
Washington, DC

This is a call for papers to be presented at the 1993 Complex Systems
Engineering Synthesis and Assessment Technology Workshop (CSESAW '93)
which will be held July 20-22, 1993. The theme of this year's workshop
is integration. This workshop will explore issues related to the design
synthesis and assessment of complex, computer-based, mission-critical
systems. Many DoD related systems tend to be large, complex,
fault tolerant, distributed, real-time, time-critical systems.
Of interest is the development and enhancement of the system level
ability to specify, capture, synthesize, analyze, model, prototype,
test and implement such systems. The emphasis is on developing forward
engineering capabilities; however, reverse engineering capabilities will
also be addressed.

TOPICS OF INTEREST

INTEGRATION OF CAPTURE, OPTIMIZATION, AND ASSESSMENT TECHNOLOGIES
INTEGRATION OF DEPENDABLE SYSTEM DESIGN INTO SYSTEM ENGINEERING
INTEGRATION OF SECURE SYSTEMS DESIGN INTO SYSTEM ENGINEERING
APPLICATION OF SIMULATION, MODELING, MEASUREMENT, METRICS,
AND PROTOTYPING WITHIN SYSTEM ENGINEERING
REQUIREMENTS ELICITATION, SPECIFICATION AND TRACEABILITY

Authors are requested to submit (5) copies of the paper of no more than
7,000 words (5 pages or less). Include a cover letter listing the author(s),
paper title, area of interest, and the name, address, FAX, telephone number,
and e-mail address (if available) of the author who is responsible for all
correspondence and preparation for the workshop by 15 April 1993. The
accepted papers will be published as a Proceedings, which will be distributed
within the Government and also made available to the general public.

Submission Deadline: 15 April 1993
Acceptance Notification: 15 May 1993
Final Paper Submission: 1 June 1993

Submission Address:
Steve Howell
Naval Surface Warfare Center
Code B40
10901 New Hampshire Avenue
Silver Spring, MD 20903-5000

e-mail inquiries: [email protected]
phone inquiries: 301-394-3987
fax inquiries: 301-394-1175

------------------------------

End of RISKS-FORUM Digest 14.26
************************