RISKS-LIST: RISKS-FORUM Digest Friday 12 May 1989 Volume 8 : Issue 70 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computers in mathematical proofs (Henry Spencer) Re: An Atlantis spacecraft computer problem resolved nicely (Yves Deswarte) Company sued for "computerized" firing scheme (Emily H. Lonsford) Logged on and Unattended (NOT FROM Jon Orseck) Dot Matrix == valid and LaserReceipts (Mike Albaugh) Computer generated checks (John McLachlan, Darin McGrew) Auto electronics and Radio Transmitters don't mix! (Peter Morgan Lucas) Mitnick update (Rodney Hoffman) TRW & SSA (Michael J. Tighe) Centralized Railroad Dispatching (Chuck Weinstock) ---------------------------------------------------------------------- Date: Thu, 11 May 89 03:18:49 EDT From: henry@utzoo.UUCP Subject: Computers in mathematical proofs The March 1989 Scientific American has a very interesting little piece in its "Science and the Citizen" column, talking about the growing acceptance of computerized proofs in mathematics. It cites the 1976 Haken/Appel proof of the four-color theorem, and the controversy that followed, but observes that at least in principle, that result could be checked by hand. Now we have a significant proof for which hand checking is out of the question: Clement W.H. Lam of Concordia University has used 3000 hours on a Cray-1, spread over two years, proving an instance of one of Gauss's conjectures ("there are no finite projective planes of order 10", to be precise). This proof, unlike the Haken/Appel one, is meeting little opposition, despite its complexity (100 trillion cases) and the fact that it was done with a collection of small programs rather than a single systematic large one. Lam himself says he was hoping for a positive result, which would be easy to check, rather than a negative one. But he is fairly confident in his result, citing two reasons: (a) the programs did do some internal consistency checks; (b) the result agrees with "mathematical intuition" (for example, an order-10 projective plane is known to be forbidden to have any symmetry, which apparently is almost unheard-of for such an object). Mathematicians are coming to accept computers, it seems. Ronald L. Graham of Bell Labs observes that nobody has flatly refused to accept Lam's result, as some did for the Haken/Appel result. Haken himself observes that there is a more mundane explanation for that: many of the objectors were older mathematicians who have since retired. Haken and Graham both observe that "simple theorems should have simple proofs" is a religious belief rather than a law of nature, and is verifiably false in some simple artificial mathematical systems. Henry Spencer at U of Toronto Zoology ------------------------------ Date: Thu, 11 May 89 12:20:05 -0200 From: deswarte@laas.laas.fr (Yves Deswarte) Subject: Re: An Atlantis spacecraft computer problem resolved nicely Except if recent major changes have been applied to the space shuttle avionics system, the 5 General Purpose Computers (GPC) are not organized in 2xpairs + 1 back-up, but in a redundant set of 4 computers + 1 back-up. A 2x2 configuration (Stratus-like) would not fulfill the requirement of remaining operational after two non-simultaneous or non-identical faults. With the 4-set configuration, "the first two [GPCs] to fail ... must be identified to the crew as failed; the third should also be identified as failed, but only by achieving as much coverage as is possible within limited processing and storage overhead." (*) That means that the 4 GPCs tolerate 2 independant faults and have a high probability to tolerate the 3rd fault (the coverage of the built-in test equipment -BITE- is 96.8 %). This is achieved by voting mechanisms, automatic diagnostics and (manual or automatic) reconfiguration. The back-up GPC takes control (after manual reconfiguration) only - if the voting mechanisms are defeated by two simultaneous identical faults (2 faulty GPCs have identical outputs), or by the 3rd fault if not covered by the BITE : 3.2% probability, - or if a software error disbles the 4 main GPCs. (*) "Redundancy Management Technique for Space Shuttle Computers" J.R. Sklaroff, IBM J.Res.Develop., January 1976, pp.20-28 -- Yves Deswarte, LAAS-CNRS & INRIA, Toulouse, France -- deswarte@laas.laas.fr [Yves, Many thanks. I apparently did a mental switch and crossed the A320 with the Shuttle. But in any event, it is my understanding that the shuttles have never had to depend on the backup software. I hope someone will correct me if that is wrong. PGN] ------------------------------ Date: Thursday, 11 May 1989 09:21:43 EST From: m19940@mwvm.mitre.org (Emily H. Lonsford) Subject: Company sued for "computerized" firing scheme This morning on National Public Radio there was a report on a trial in St. Louis, MO. The juryless trial is a class action suit against the Continental Can Company, which has more than one plant in St. Louis. The company is being sued by a group of more than 200 former employees who allege that a computer program was used to target them for termination before they could reach retirement age, thus denying them their pensions (and presumably saving money for the company.) The report went on to say that Continental Can was the leading beer-can maker in the sixties, but fell on hard times in the seventies and has had layoffs. Although the report did not specifically state it, I assume that the laws that pertain here would be those protecting older workers against age discrimination -- not against computerized screening (whether for age or anything else.) * Emily H. Lonsford * MITRE - Houston W123 (713) 333-0922 ------------------------------ Date: Thu, 11 May 89 12:41:14 EDT From: orseck@eniac.seas.upenn.edu (Jon Orseck) [BUT NOT FROM Jon Orseck] Subject: Logged on and Unattended I am NOT orseck@eniac. I don't know him. He was working two shells deep and only logged out the first, leaving the % prompt visible on the screen and a shell exposed. Just imagine what would have happened had I sent letters apparently from him or posted embarrassing or inflammatory articles to newsgroups such as alt.sex. Never leave your terminal logged on and unattended! ------------------------------ Date: Fri May 12 13:51:34 1989 From: albaugh@dms.UUCP (Mike Albaugh) Subject: Dot Matrix == valid and LaserChecks This attitude goes back a ways. Around 1980 I almost had to swallow a dinner tab for 20+ people because accounting had a strict rule of no re-imbursement of restaurant tabs without "a cash-register receipt". The fact that the restaurant in question liked to consider itself "high class" and thus only issued hand-written receipts did not impress them. Five minutes work with a dot-matrix printer and a pair of scissors saved me $300. Had I not been so ethical it could have saved me more... Mike Albaugh ------------------------------ Date: Thu, 11 May 89 09:43:43 EDT From: jmclachlan@lynx.northeastern.edu Subject: computer generated checks Was the signature also printed by the computer? I would hope not, since anyone who can get at your mother's computer would clear your mother's account. As for the bank holding a computer generated check, their policy seems strange. Most companies pay employees with computer generated checks. Do the banks treat these checks any different? I'm very curious. John Mc [Payroll checks used to be printed on CHECK PRE-SIGNED Stock. It is even "easier" to laser the whole thing, including the signature. But then the computer system and the staff had better be trustworthy. PGN] ------------------------------ Date: 11 May 89 23:27:58 GMT From: mcgrew@ichthous.Sun.COM (Darin McGrew) Subject: Re: Computer-generated checks (RISKS-8.69) Stores that cash payroll and similar checks (very common in many farming communities) are vulnerable to this assumption as well. People who would never take a fake $500 bill think nothing of taking a fake payroll check. I read of a ring of payroll check counterfeiters that was caught recently. The (new) assistant manager who was called to approve the check had worked for the company the check was allegedly drawn against, and noticed that it didn't look like the paychecks he'd received. Then he looked more closely and noticed misspellings, incorrect addresses, etc., and called the police. It manifests itself in a variety of ways, but the basic issue is that computers are making it easier and cheaper to generate documents that look official and genuine. Darin McGrew mcgrew@Sun.COM ------------------------------ Date: Tue, 09 May 89 16:18:08 BST From: "Peter Morgan Lucas, Network Support, Swindon" Subject: Auto electronics and Radio Transmitters don't mix! Just a note to let you know of a possible risk to all of those of you who drive cars with electronic fuel injection systems. My father's newly acquired Volvo 480i has an interesting characteristic. When i operate my VHF ham radio gear (100 watts output at 144MHz), the car gives a cough (!) if accelerating hard when i press the transmit switch. The radio signal is clearly getting into the ignition/injection microprocessor and causing some sort of false triggering. The problem is only of very brief duration ( approximately a quarter of a second) after which it clears itself. This is only noticeable when accelerating hard in low gears (45MPH in second, 65-70MPH in third). The local Volvo dealer was somewhat perplexed (hes only a salesman, not a RF engineer, after all!) and said he would contact the importers to see if there's any modification (suppressor kit) to get round the fault. Point is, if 100 watts can cause the effect, is there any risk in driving past other VHF transmitters (TV, FM radio, police, military installations) where the transmitted power may well be 250 kilowatts???? Pete Lucas G6WBJ ------------------------------ Date: 12 May 89 14:58:47 PDT (Friday) From: Rodney Hoffman Subject: Mitnick update When last we heard about Kevin Mitnick, the hacker once called "as dangerous with a keyboard as a bank robber with a gun," the judge had rejected a plea bargain as too lenient, saying Mitnick deserved more than the agreed one year of jail time. (See RISKS 8.65) According to a wire service story in the 10 May 89 'Los Angeles Times,' Mitnick has now reached a new agreement, with no agreed-upon prison sentence. He pleaded guilty to stealing a DEC security program and illegal possession of 16 long-distance telephone codes belonging to MCI Telecommunications Corp. The two charges carry a maximum of 15 years and a $500,000 fine. The government agreed to lift telephone restrictions placed on Mitnick since he was jailed in December. At DEC's request, Mitnick will help the firm identify and fix holes in its security software to protect itself from other hackers. He will also cooperate in the government's probe of Leonard DiCicco, a fellow hacker. (DiCicco is the 'friend' referred to in RISKS 8.13 who turned Mitnick in.) [As the old saying goes, with friends like that, who needs enemies. PGN] ------------------------------ Date: Fri, 12 May 89 19:02:56 EDT From: Michael J. Tighe Subject: TRW & SSA The credit bureau of TRW has been working with the Social Security Administration to verify its database of 140 million names and Social Security numbers. In order to cover the cost, TRW is paying the Social Security Administration $1 million, while Social Security Administration will provide a matching $1 million. Since the Social Security Administration is asking for a budget increase for their computer and telecommunications systems, several legislators are outraged by the fact they they are spending $1 million for this non-government project. Claiming that the project is "as far away from the mission of the Social Security Administration as anything I have ever come across", Senator David Pryor (D-Ark) questioned the competence and credibility of Social Security Administration Commissioner Dorcas R. Hardy and asked for an investigation by the HHS inspector general. In addition, several lawmakers such as Dale Bumpers (D-Ark) believe the project to be a violation of civil liberties. Said Bumpers, "I don't like any public institution releasing an individual's private information." The American Law Division of the Congressional Research Service has already concluded that the project is a violation of the Privacy Act of 1974. Mike Tighe ------------------------------ Date: Tue, 09 May 89 15:51:20 EDT From: Chuck Weinstock Subject: Centralized Railroad Dispatching Railroad Brings Far-Flung Dispatchers Together in Huge Computerized Bunker by Daniel Machalba, Wall Street Journal, May 9, 1989 Starting next month, Union Pacific Railroad train dispatchers will begin working at computers in a windowless bunker built inside an old freight house in Omaha, Neb. The railroad designed the structure's 18-inch-thick, reinforced-concrete walls to withstand, if need be, a telphone pole hurled by a 180-mile-an-hour tornado. The precautions show the importance and risks of railroads' move into centralized, computer-aided train dispatching. By consolidating dispatchers now located at 10 far-flung field offices from Oregon to Omaha, Union Pacific expects to reap savings of more than $20 million a year. But it must also safeguard its new center from disruptions that could cripple railroad operations on a wide scale. "The bunker will survive anything short of a nuclear attack," says Michael Walsh, chairman of the rail unit of Union Pacific Corp., Bethlehem, PA. Last March, CSX Corp. opened a similar computerized dispatching center in Jacksonville, FL. The company says the new center will reduce the number of dispatchers needed to run its 20,000 miles of railroad to 350 from 550, while consolidating 34 dispatch offices into one. At the heart of the new center is computer software that can track the progress of trains and automatically switch tracks and signals, so that a fast freight train can pass a slower one. Freed of such routine tasks, dispatchers will be able to concentrate on special situations. Railroad officials say such efficiencies will make it possible for each dispatcher to control double or triple the amount of track. They also hope that bringing the dispatchers into one big room, with panoramic views of trackage projected onto wall screens, will reduce communications problems and resultant train delays. CSX dispatcher Jan Cato gives one example of how the centers are more efficient. In order for Amtrak's southbound Silver Star to overtake and safely pass two freight trains on its way from Savannah, GA to Jacksonville, she merely types in the locomotive numbers, speeds and other vital data about the trains and the computer does the rest of the work. Previously she had to throw no less than 50 levers manually to line up switches and signals. "The computer does the thinking when it comes to things such as tonnage, speed, and priority," said Union Pacific dispatcher Bob McKenzie last month in the company's employee magazine. "But it can't determine when you have problems like a train with an engine down, broken air hose or a train down during inspection of a hot-box [overheated axle]. That's when a dispatcher needs to step in." Some dispatchers worry about information overload. "I have my doubts I could physically handle the expanded territory that would come with the new system," says Richard Pennisi, a Union Pacific dispatcher in Cheyenne, WY., who is taking a cash settlement rather than moving to take a job at the Omaha dispatch center. Other railroads say they are reluctant to move their dispatchers to a single location, fearing a widening gap between dispatchers and the territories they cover. "We just don't think we can operate the railroad as well without the day-to-day, eye-to-eye contact," says Jack Martin, a senior assistant vice president of Norfolk Southern Corp. However, officials of Burlington Northern Inc.'s rail unit are closely watching the new central facilities. Burlington Northern, which has already cut the number of its dispatch offices in half from 14 a decade ago, is considering further consolidation to one or two locations. CSX's dispatch center, which is housed in a circular buildiing 150 feet in diameter is permitting the railroad to retire antiquated dispatching facilities such as a 50 year old one in Deshler, Ohio. Dick Fliess, a CSX Transport vice president, says the company has solved software problems that slowed some train operations when the new center opened. At Union Pacific's dispatch center, which will cost about $47 million, the railroad is also consolidating its crew-calling staff, previously scattered in four regional centers, into second story offices above the dispatching bunker on the ground floor. [Someone in the rec.railroad newsgroup pointed out that there is a real risk of centralizing dispatching beyond the obvious one of a system failure. The UP is likely to be one of the railroads that moves around the MX trains. With centralized dispatching it becomes easier to determine that a particular block of cars always move around together (and thus possibly contain MX's). Furthermore, knocking out the center not only shuts down the railroad, but also disables (or at least impedes) the mobility of the MX. Chuck] ------------------------------ End of RISKS-FORUM Digest 8.70 ************************ -------