Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
ACE News is the official newsletter of The American Coaster Enthusiasts. The
following article appeared in ACE News, Volume XII, Issue 6, May 1990:
Worlds of Fun _Timber_Wolf_ Incident Blamed on Computer
The 1990 season began inauspiciously for Worlds of Fun (Kansas City, MO) when
two trains on the one-year-old _Timber_Wolf_ (world class woodie) collided on
opening day.
No one was seriously hurt in the March 31 crash, but nine of the 28 passengers
sent to the hospital were admitted, one with a broken leg. The ride was closed
immediately after the incident.
The accident occurred when the computerized control system allowed one train to
rear-end another on the first set of station brakes.
Beginning April 2, the $3-million wooden coaster was subjected to an exhaustive
investigation by Worlds of Fun, the Dinn Corporation (which built the coaster),
the engineering firm Burns & McDonnell, and TechnoMation, an electronic systems
integration design company.
Before _Timber_Wolf_ reopened to the public on April 27, the trains, structure,
track and braking and computer systems were all thoroughly inspected. The ride
also went through an extensive series of test runs with park executives aboard.
_Timber_Wolf_ is currently running with only one train. Two-train operation
will begin as soon as a new, co-processing computerized control system is
installed. With four times as many sensors as the original system (many of
them redundant) and two computer controls instead of one, Worlds of Fun
officials are confident that a similar accident will not occur.
[RISKS-4.91 (28 May 1987) and ACM SIGSOFT Software Engineering Notes
12 3 (Jul 1987) relate a previous case of two roller coasters involved
in a crash, in which electromagnetic radiation was suspected. PGN]
_The Philadelphia Inquirer_, in a story from Monday, 21 May 1990 by Maureen Graham and Mike Schurman headlined SHORE ATM TAPPED FOR $100,000 reported that an automatic teller machine located in Trump Castle Casino Resort in Atlantic City, NJ (and owned by National Westminster Bank) was missing about $100,000 which was apparently taken the previous week. The FBI was reportedly on the case, and was considering embezzlement, inaccurate or inadequate record keeping or theft by someone outside the bank. There was no forced entry into the macine. The article indirectly quoted the bank's CEO L. Douglas O'Brien, reporting that "Bank officials said they believed that the thief had access to the bank's security system." The funds were discovered during a weekly audit of the machines. Two ATMs at other casino hotels had amounts of $10,000 and $20,000 stolen. Some of the nitty gritty details: "According to O'Brien, the money is delivered by bank employees, as needed, to the Trump Castle lobby MAC [Money Access Center] machine and placed in a vault inside the machine. "The money from the vault is then transferred to canisters inside the machine by two employees — from the bank or from a Philadelphia security firm that services the bank on weekends and during non-banking hours. "O'Brien said the $100,000 was determined to be missing from the vault section of the MAC machine. "To provide security, a dual-access system is used to service a MAC machine -- each employee has access to only half the security information required to enter the system. "However, officials said they suspected one person bypassed the security system. "'It was a legal access. It was not forced open. The system was compromised,' O'Brien said." CoreState Financial Corp. operates the computer system for the machines. ****** End of article synopsis ***** In what may be a related development, I heard on the news this weekend of ATMs in New York city that had money stolen, again with no signs of tampering. There is no hard evidence that a computer RISK is involved in any of these thefts; other security breeches are as likely. The Inquirer article doesn't make clear what the "security system" consists of -- computer system or not? The tone of the article makes it sound as if the reporters suspected a computer RISK, but I can't always trust reporters' suspicions. Steve Thompson, University of Pennsylvania, 215-898-4585 Standard Disclaimer
I thought this personal story might be of interest to RISKS readers:
In mid 1988 I had an interesting experience with my bank account - I had had
$87,889,984 (or some such random value in the $87 million range!) added to my
account!! On asking the bank concerned if they could fix the problem they
blamed me for "Keying in the amount at an ATM!" Of course I protested my
innocence - where would I get that sort of money from?! :-) Now I would have
thought that surely:
a) The ATM software would check for such obvious erroneous
data if I had in fact entered such an amount as a
deposit. (ever heard of range checking?!)
b) With such large sums of money would the computer not
alert an operator to check to see that it was valid
(considering that I do not hold a corporate account).
The problem was fixed after several weeks (!) and although rather amusing {and
if only I got the interest on that money :-( } to do an account balance and see
a nice amount for a change :-) but it still leaves me wondering just what
happened and why they should blame *me* for such an obvious computer error!
Maybe it was because I am a student! I wonder if this kind of error has
occurred to anyone else.
-Richard Muirden s892024@minyos.xx.rmit.OZ.AU
In response to your volume 9, Issue 94 observations regarding the security
of "secure" documents, I offer some comments:
1) The best defense is naivety. Diamond brokers (at least used to)
ship quantities of product via 1st class mail because it was
reliable (in the States) and anonymous.
Perhaps our most secure documents should be published in the Consumer
Information Catalog (available free from Pueblo, CO). Or perhaps they
are; suitably encrypted to look like regular documents.
2) The congressional register, if it is difficult to analyse, possibly
represents a chaotic system and models noise very well. Political
statements excluded.
On other topics...
Another interesting thing. We had our building "fire alert" system go
off the other day, fortunately a minor problem, and as we were watching
the fire department do their thing (very well) a cohort asked about the
policy regarding shutting down the machines in an emergency. I said that
(in so many words) I thought the idea was to preserve human (not machine)
lives. My workmate responded that his previous job was with a company
whose policy was that machines must be safely shut down before humans
could respond to such an emergency and insure personal safety.
Whether winding thread, sewing shirts or making steel, the organization has
life greater than human's; still.
Dave
After entertaining many explanations for misrouted telephone calls, RISKS
should consider another possibility. Last week, the Houston Post reported that
Ginger was in the dog house with the Arlington, Texas, police department. The
Post continued:
That's because the Lhasa apso twice managed to place
911 emergency calls from an Arlington home. At least,
police can think of no other explanation for the calls.
Police said they found the dog beside a telephone when
they entered the place after receiving the second call.
No one else was home.
Ginger's owner, Jane Shumaker, said she hadn't
programmed 911 into her telephone's automatic dialing
system, and she finds it hard to believe her pet made
the call. But she added, "I'm beginning to think she's
smarter than I thought. Maybe she was lonesome."
Dare I mention it? It seems our phone system is going to the dogs.
[An Apso Facto case. Don't terrier hair out.
The dog was doing a St. Gingervitus Dance. PGN]
> Computer Gaming World (Golden Empire Publications)
> June, 1990, Number 72, Page 8
> Editorial by Johnny L. Wilson
It CAN Happen Here
Although Nobel Prize-winning novelist Sinclair Lewis is probably best known
for 'Main Street', 'Babbitt', 'Elmer Gantry', and 'Arrowsmith', my personal
favorites are 'It Can't Happen Here' and 'Kingsblood Royal'. The latter is an
ironic narrative in which who suffers from racial prejudice toward the black
population discovers, through genealogical research, that he himself has black
ancestors. The protagonist experienced a life-challenging discovery that
enabled Lewis to preach a gospel of civil rights to his readership.
The former is, perhaps, Lewis' most lengthy novel and it tells how a radio
evangelist was able to use the issues of morality and national security to form
a national mandate and create a fascist dictatorship in the United States. As
Lewis showed how patriotic symbolism could be distorted by power-hungry elite
and religious fervor channeled into a political movement, I was personally
shaken. As a highschool student, reading this novel, for the first time, I
suddenly realized what lewis intended for his readers to realize. "It" (a
dictatorship) really CAN happen here, There is an infinitesimally fine line
between protecting the interests of society and encumbering the freedoms of the
self-same society in the name of protection.
Now it appears that the civil liberties of game designers and gamers
themselves are to be assaulted in the name of protecting society. In recent
months two unrelated events have taken place which must make us pause: the
raiding of Steve Jackson Games' offices by the United States Secret Service,
and the introduction of A.B. 3280 into the California State Assembly by
Assemblyperson Tanner.
On March 1, 1990, Steve Jackson Games (a small pen and paper game company)
was raided by agents of the United States Secret Service. The raid was
allegedly part of an investigation into data piracy and was, apparently,
related to the latest supplement from SJG entitled, GURPS Cyberpunk (GURPS
stands for Generic Universal Role-Playing System). GURPS Cyberpunk features
rules for a game universe analogous to the dark futures of George Alec Effinger
('When Gravity Fails'), William Gibson ('Neuromancer'), Norman Spinrad ('Little
Heroes'), Bruce Sterling ('Islands in the Net'), and Walter Jon Williams
('Hardwired').
GURPS Cyberpunk features character related to breaking into networks and
phreaking (abusing the telephone system).Hence, certain federal agents are
reported to have made several disparaging remarks about the game rules being a
"handbook for computer crime". In the course of the raid (reported to have
been conducted under the authority of an unsigned photocopy of a warrant; at
least, such was the only warrant showed to the employees at SJG) significant
destruction allegedly occurred. A footlocker, as well as exterior storage
units and cartons, were deliberately forced open even though an employee with
appropriate keys was present and available to lend assistance. In addition,
the materials confiscated included: two computers, an HP Laserjet II printer, a
variety of computer cards and parts, and an assortment of commercial software.
In all, SJG estimates that approximately $10,000 worth of computer hardware and
software was confiscated.
The amorphous nature of the raid is what is most frightening to me. Does
this raid indicate that those who operate bulletin board systems as individuals
are at risk for similar raids if someone posts "hacking" information on their
computer? Or does it indicate that games which involve "hacking" are subject
to searches and seizures by the federal government? Does it indicate that
writing about "hacking" exposes one to the risk of a raid? It seems that this
raid goes over the line of protecting society and has, instead, violated the
freedom of its citizenry. Further facts may indicate that this is not the
case, but the first impression strongly indicates an abuse of freedom.
Then there is the case of California's A.B 3280 which would forbid the
depiction of any alcohol or tobacco package or container in any video game
intended primarily for use by minors. The bill makes no distinction between
positive or negative depiction of alcohol or tobacco, does not specify what
"primarily designed for" means, and defines 'video game' in such a way that
coin-ops, dedicated game machines, and computer games can all fit within the
category.
Now the law is, admittedly, intended to help curb the use and abuse of
alcohol and tobacco among minors. Yet the broad stroke of the brush with which
it is written limits the dramatic license which can be used to make even
desirable points in computer games. For example, Chris Crawford's 'Balance of
the Planet' depicts a liquor bottle on a trash heap as part of a screen talking
about the garbage problem. Does this encourage alcohol abuse? In 'Wasteland',
one of the encounters involves two winos in an alley. Does their use of
homemade white lightening commend it to any minors that might be playing the
game?
One of the problems with legislating art is that art is designed to both
reflect and cast new light and new perspectives on life. As such, depiction of
any aspect of life may be appropriate, in context. Unfortunately for those who
want to use the law as a means of enforcing morality, laws cannot be written to
cover every context.
We urge our California readers to oppose A.B. 3280 and help defend our basic
freedoms. We urge all of our readers to be on the alert for any governmental
intervention that threatens our freedom of expression. "It" not only CAN
happen here, but "it" is very likely to if we are not careful.
If you read between the lines you will note that a development
version of AT&T UNIX was infected. The message is that the
"NCSC" is more concerned about "confidentiality" then, say,
integrity. The sooner we get a counter balance to the NCSC
critical mass within POSIX P1003.6 (security) the better our
future.
[description of Duff's virus deleted]
he loosed the thing inside AT&T as an experiment to see how
well such a weak virus would spread, and how it could be
started. (he started the infection by adding an infected copy
of "echo" to some public directories he had write access
too).
[more deletions]
it caused some particular problems on a "secure" unix that was
being developed, since the kernel detected the attempts of the
virus to propagate, and killed the virus.
I think there's a serious misconception here about Duff's virus, where it
spread, and ``AT&T UNIX''. There are no lines to read between; what was said
is literally and completely true, with no hidden messages. Tom's virus was
developed on 9th Edition UNIX systems, a research version that bears little
relation to System V or anything else in the product line. No ``development
version'' of the UNIX system was affected. This is doubly true of AT&T's
secure UNIX system product (System V/MLS), which has been certified at the B1
level. The ``secure unix'' affected was an experimental implementation of
mandatory access controls, using a modified 9th Edition kernel. And, as noted,
even the affected system was still under development at the time — hardly a
fair criticism of any finished system.
All that aside, I wouldn't be so quick to dismiss the NCSC's efforts as focused
on confidentiality rather than integrity. While there certainly is that bias,
there's a lot to be said for maintaining confidentiality even in the commercial
world (as numerous stories in RISKS attest, of course). And, at least for some
programs, the mandatory access controls can be used to maintain integrity: mark
any critical program as being in the lowest-possible security level, lower than
any user process. That way, any attempt to modify the program appears to be an
access-control violation.
And there's one more point that shouldn't be ignored. The Orange Book does not
simply list a set of features. It describes a development process, an attitude
towards software management, and (to some extent) an enforced modularity. All
of these contribute to reliable — and hence secure — software. Furthermore,
the certification process itself is quite stringent. There's a world of
difference between, say, ``B1- certifiable'' — which generally means a feature
list — and ``B1 certified.''
If there are specific features you'd like to see added to POSIX for better
integrity maintenance, by all means propose them. But as far as I can tell,
the NCSC — and its sponsor, DoD — are among the few groups that not only take
security seriously, but are prepared to put their money where their mouth is.
--Steve Bellovin
>If you read between the lines you will note that a development version of AT&T >UNIX was infected. The message is that the "NCSC" is more concerned about >"confidentiality" then, say, integrity. The sooner we get a counter balance to >the NCSC critical mass within POSIX P1003.6 (security) the better our future. If you read the Usenix paper referred to, you will find out that (a) the secure Unix in question is a research system, not a product or potential product, and (b) as mentioned in the Risks posting, the virus infected it at a time when much of the security had not yet been turned on. I would urge people to read the paper before jumping to unwarranted conclusions. Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry
When Tim first wrote about his problems I thought that they were
related to the fact that zipcodes don't provide a functional dependency
for city and state. That is, more than one city (well wide spot in the
road) can be in one zip code. This problem has bitten my father who
now has subscriptions with a 4 line address of the form:
Doc Kuder
3 Elm St.
Brownsville
Emmittburg, PA 18888
Because there is an Elm Street in both Brownsville and Emmittburg and
they've got nothing to do with each other, but the Post Office insists
that 18888 is Emmittburg.
I also thought that Tim's problem might be that the zip code he's using is only
for the dorms at Caltech. The rest of campus has its own zip code, and the box
number Tim uses doesn't match dorm practice. It shouldn't matter since both
zip codes go to the same campus Post Office. When I first moved off campus, I
used the campus zip code and had my delivered even slower than normal since it
was sent to campus first then bounced. That house has since become part of
campus — I wonder what it's zip code is now?
Tim's problem is actually "Box". A quick scan of the zip code directory shows
that only post office boxes in Pasadena can be found in zip code 91102. I
suggest that Tim use something like "Building" or "Mailstop". The campus Post
Office may be able to give him the definitive answer.
David A. Kuder david@indetech.com
Please report problems with the web pages to the maintainer