Subject: RISKS DIGEST 16.87 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 7 March 1995 Volume 16 : Issue 87 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, etc. ***** Contents: Authentication: (1) Vienna Marathon 1995; (2) Lotus Notes (Li Gong) Sexy photos just computer glitch (Louis Todd Heberlein) The source of semantic content (Erann Gat) Government of Singapore (Robert Ashcroft) Happy Michelangelo's Birthday (PGN) Microsoft and Lotus spreadsheet errors (Timothy Hunt) Spreadsheet Errors working paper available (Ray Panko) 6-cent T-shirts (Jeremy Stieglitz) Risk system comes too late to prevent Barings' collapse (Jeremy Stieglitz) Securities (Bob Frankston) Barings: Greenspan quote (Frank E. Carey) Re: Compact Fluorescent Lights (Mike Farringdon) Re: Compact Fluorescent Lights (Carl Maniscalco) Re: Compact Fluorescent Lights (Osma Ahvenlampi) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Tue, 7 Mar 95 10:47:47 -0800 From: Li Gong Subject: Authentication: (1) Vienna Marathon 1995; (2) Lotus Notes (1) The Manchester Guardian Weekly (week ending March 4, 1995) reported that, in this year's Vienna Marathon, the runners will have to wear specialized computer chips buried inside (or attached to) their shoelaces. The purpose is to ensure that the runners stay on course. Last year, some took short cuts while an Italian rode some distance on the underground (subway). [LG: It is of course easy for one runner to help carry another's shoelaces, but at least collusion is now required.] [Or, put your shoelaces on an accomplice's bicycyle, and take public transit? PGN] (2) On a different matter, Cynthia Dwork of IBM Almaden wrote in ACM SIGACT News 26(1) (March 1995) that the authentication procedure using public-key systems in Lotus Notes, as described in its "Internals online book", has security flaws. Lotus's response is (1) the actual system does not work as described in the manual and (2) how it actually works is proprietary information. [LG: (1) is dangerous by itself, and if (2) is true, then why pretending to describe the procedure in the first place.] Li GONG Email: gong@csl.sri.com Tel: 415-859-3232 Fax: 415-859-2844 SRI International, Computer Science Lab, Menlo Park, California 94025, USA ------------------------------ Date: Mon, 6 Mar 95 09:00:54 -0800 From: Louis Todd Heberlein Subject: sexy photos just computer glitch >From an Associated Press story entitled "Sexy photo just a computer glitch, lab worker says" A Lawrence Livermore National Laboratory employee was found innocent of misusing lab computers to store sexy photos. Accused of accessing 33 photos of bikini-clad women from an Internet site called "supermodels", the employee said he thought the photos were related to engineering. The employee has been promoted since the initial charges. ------------------------------ Date: Sun, 5 Mar 95 18:50:01 PST From: gat@aig.jpl.nasa.gov (Erann Gat) Subject: The source of semantic content It's probably old news for RISKS readers, but a very difficult concept for lawmakers, that the semantic content of bit streams is in the eye of the beholder, and that the apparent correspondence between bits and semantics is the result of engineering convention and not an inherent property of the bits. Any attempt to legislate the content of digital communications is therefore doomed to fail because it is trivial to hide the source of semantic content. The following is a simple example of how this can be done; much more sophisticated examples are possible. Imagine that Senator Exon's bill has pased, and it is now illegal to transmit pornography on the net. I take a pornographic image file P and encrypt it with a one-time pad. That is, I generate a string of random bytes the same length as P, and exclusive-or corresponding bytes. The encrypted image I put in a file called F1 and the one-time-pad key I put in a file called F2. F1 and F2 have some interesting properties. They are both random bit streams, completely devoid of semantic content. In fact, there is no way to tell which file contains the encrypted image and which file contains the key. They are mathematically indistinguishable. All the information in P is now encoded in the *correspondences* between the two files. There is really no information in either file. If either file is lost, P is absolutely unrecoverable. Now suppose that I email F1 to person A and F2 to person B. Then A and B exchange F1 and F2. A and B each can now recover the original image. Has the law been broken? Who broke it? All anyone did in the above scenario was to send a random bit stream to someone else. At no time did anyone send a bit stream with any identifiable semantic content. One might argue that I broke the law by sending out two files that I knew could be combined to produce a pornographic image. So imagine now that A sends a random bit string F1 to B, who then uses this as a one-time pad to encode P, which B then sends back to A. Has the law been broken? Who broke it? This scenario has an interesting subtlety. In order to prove that B has transferred information to A and not vice-versa it is necessary to prove that A sent F1 *before* B sent F2 (since there is no way to distinguish F1 and F2). So B could never be convicted of violating the law, since he could always claim that he had sent F2 before receiving F1, and that therefore A had transferred P to him rather than vice versa. Even if the government had timestamps to show that F2 was sent after F1, B could claim that this was simply a retransmission. If A and B exchange P in this way, then they can individually publish F1 and F2, from which anyone can recover P, but both A and B can plausibly deny having done anything but publishing a random bit stream. The DA might try to prosecute both A and B on a conspiracy charge, but it is not necessary for A and B to have conspired. The mere knowledge that random bit streams can be used in this manner might prompt some people to start sending random bit streams around. Without reliable time stamps there is no way to trace the introduction of semantic content. So as soon as anyone starts to transmit one-time-pads, everyone can publish anything and no one can be prosecuted for it. The RISK here is that the government will not realize that attempts to legislate content is a hunt for cybersnarks, and that transmitting random bit streams may soon become a crime. Erann Gat gat@jpl.nasa.gov [The situation is even more complicated by the availability of programs that mask encrypted messages as graphical image files (.gif), so that irrespective of their REAL content, a message appears to be an innocuous picture. PGN] ------------------------------ Date: Tue, 7 Mar 1995 14:08:14 -0800 From: Robert Ashcroft Subject: Government of Singapore This week's Economist (issue of March 4) has an article about the attitude of the Singapore govt to soc.culture.singapore and the idea of the Internet in general. The Singapore govt is perhaps not the most liberal in the world, and in particular is highly critical of "western influence". On the one hand it seeks to keep Singapore technologically up to date by wiring the country to the Internet, on the other hand it seeks to maintain control over what its population sees, two obviously incompatible goals. In particular it's concerned about "incorrect" things written in soc.culture.singapore. The information minister, George Yeo, suggests that the youth league of the ruling People's Action Party should set up some sort of truth squad to counteract incorrect posts. This is a road down which I would just as soon not have a government walk. Could they resist taking the next step, namely forging cancellations and so forth (as for instance, the Church of Scientology seems to have done)? The Internet _is a threat to any regime that tries to restrict in anyway what their people see. My own feeling is that any attempt to control it, short of disconnecting it altogether, will be doomed. As The Economist notes, on the Internet, nobody gets the last word. However, I imagine there will be numerous battles before that sinks in. I wonder how many intelligence agencies now have separate Internet sections, studying such things as Internet sabotage methods and the like. RNA ------------------------------ Date: Tue, 7 Mar 95 17:45:03 PST From: neumann@csl.sri.com Subject: Happy Michelangelo's Birthday Guy Webster, in an *Arizona Republic* article, Michelangelo Virus Catches More Businesses This Year reported several strikes this year. * Denise Bayless' PC found scrambled data and software on the hard-drive. * ``This year has been the worst, without question,'' said Ken Coleburn, owner of a computer consulting firm in Tempe. His company fielded 140 calls this year, compared with about 30 last year. He suggested this might have been due to Michelangelo's birthday falling on a workday this year. * RG Software Systems in Scottsdale, Ariz., which sells anti-virus software to large companies worldwide, was contacted by three prospective customers in other states Monday. They apparently had lost crucial computer data to Michelangelo, RG Software owner Ray Glath said. [Several other sources elsewhere -- presumably more careful -- reported no troubles. PGN] ------------------------------ Date: Mon, 06 Mar 95 14:41:01 +0000 From: "Timothy Hunt [Assistant Unix Systems Manager]" Subject: Microsoft and Lotus spreadsheet errors Suppliers admit to spreadsheet errors [Computing, 2nd March 1995, p.11] Microsoft and Lotus Development have admitted that their spreadsheet products may produce inaccurate results because of an inherent problem with the design of all computers. Mistakes can occur in precision calculations, of the kind required by engineers and users in the scientific, banking and finance sectors. Andy Lees, desktop marketing manager at Microsoft UK, said rounding errors may sometimes occur in Excel calculations set to a significant number of decimal places. He said this was due to the conversion of base 10 decimal numbers into base 2 binary digits recognised by computers. Lees played down the problem, saying the margins of error was `very small' and that few would come across it. However, users in at least one large merchant bank were last week warned to take extra care over calculations in Excel. Barry Ward, technical support manager at Computacenter, which is providing the bank with PC support services, fears users may be unaware of the problem. He added that the bank stumbled across the error when one of its users manually checked calculations against computer-generated results. `I've been in the computer business for 19 years and have never come across this problem before. In my opinion, this could throw a spanner in the works for a large multinational company,' he added. The user was adding and subtracting a simple set of figures: 120, 30.8, 20.5 and -120, -30.8 and -20.5. Instead of zero, the result produced was -1.43 E-15. Ward claimed changing the order of numbers produced different results. According to Microsoft's Lees: `There is a limit to the level of accuracy you can get with computers. In Excel a rouding error will sometimes appear on the fourteenth or fifteenth decimal place, but it will be very small. Excel has a high degree of accuracy.' Lotus Development acknowledged that some users require high levels of precision in calculations, but claimed that rounding errors in its 1-2-3 spreadsheet can be avoided by formatting cells. [This article reminds me of part of a course during my degree looking at the problem of calculations in the Floating point domain (|F). It is often wrongly assumed that |F and the Real domain (|R) are equivalent, but because of limits in the space to store a number, while it is always true that a+b-b = a; a,b member of |R, it is NOT always true that a+b-b = a; a,b member of |F. The course also looked into ways of designing algorithms to try and detect and prevent errors of this kind occurring.] Timothy J. Hunt, The Institute of Cancer Research, Royal Marsden NHS Trust, Downs Road, Sutton, Surrey England SM2 5PT +44 (0)181 642 6011 x3312 ------------------------------ Date: Tue, 7 Mar 1995 14:13:39 -1000 From: "Ray Panko" Subject: Spreadsheet Errors working paper available We have just finished a working paper on spreadsheet errors. The working paper describes our experiment. It also discusses earlier experiments and field audits. The paper also presents a taxonomy of spreadsheet errors. The good news is that laboratory spreadsheeters only have about the error rate per cell as professional programmers do per program statement. The bad news is that while professional programmers go on to the next step of deep debugging, spreadsheet developers do not do this frequently. Overall, it looks like a significant fraction of the hundreds of millions of spreadsheets produced each year have errors. The paper is in Word for Windows 2.0 format. You may get it via anonymous ftp from splicer2.cba.hawaii.edu After logging in, go to the Panko directory. Then the SSERRORS directory. The file is SSWPMAR.DOC I would value any comments and suggestions you might have. Also, please keep in mind that we will be having a minitrack on risks in end user computing at the January 1996 Hawaii International Conference on System Sciences. Aloha, Ra3y (the 3 is silent) Prof. Raymond R. Panko, Decision Sciences, College of Business Admin., University of Hawaii, 2404 Maile Way, Honolulu, HI 96822 (808) 956-5049 ------------------------------ Date: Mon, 6 Mar 95 09:56:00 PST From: Jeremy Stieglitz (S&T OnSite) Subject: 6-cent T-shirts I recently encountered two RISKS surrounding cash registers. The first occurred while I was on holiday in Arizona. I was caught in a downpour on the golf course and decided to buy an inexpensive t-shirt at the drug store. The shirt was on *special* sale, three for ten dollars. When I went to pay for the shirt, the clerk had no problem remembering the price, but an insurmountable problem entering the price into the cash register. No matter what he tried, the register was beeping and chirping everytime he tried to enter 1/3 of $10.00 as a price. (Perhaps this was simple human error, but there is still a RISK here...) After a rather long line was starting to form in my line, I said to this gentleman, "look, just ring it in as $3.50." He said he couldn't do that and kept trying to enter the proper price. After what seemed like ten or fifteen tries, he managed to enter something that was accepted by the register, and turned and smiled at me and said, ".06 cents please." And then, just last week, I needed a shallot for something I was cooking. The grocery store I went to had some very expensive shallots, something like 16$ a pound! So I took a very small bud and went up to the cash register. The clerk put the bud on the scale, and it came up as 0.0 ounces, which it would not accept. (The scale automatically deducted .1 ounce for the plastic bag.) But I hadn't put a bag on the shallot. Once again, after several tries, and a line forming behind me, I suggested she just tip the scale with her thumb. She wouldn't go for it. She let me have the shallot for free. The RISKS here seems to be when technological advances do not allow for other alternatives.These automated registers probably do make balancing the books a lot easier at the end of the day, but they don't seem to be very flexible. In the old days, both clerks could have simply entered any price they wanted in their registers. Nowadays, with their complete reliance on these automated registers, balancing the register and not the balance sheet seemed foremost to these clerks. And for lucky consumers like me, sometimes we end up with .06 cent t-shirts and free shallots. ------------------------------ Date: Mon, 06 Mar 95 13:48:05 +0000 From: "Timothy Hunt [Assistant Unix Systems Manager]" Subject: Risk system comes too late to prevent Barings' collapse [Article in Computing, 2 March 1995, front page] Risk system comes too late to prevent Barings' collapse Collapsed merchant bank Barings was only months away from installing a risk management system in its Far East offices which was intended to alert senior executives to gambles being taken with the company's money. Barings, the UK's oldest investment house, was plunged into financial ruin last weekend when 28-year old Nick Leeson lost more than UKP 750 million of clients' funds on the Singapore derivatives exchange. In January 1994, the bank began rolling out a communications architecture called BORIS (Barings Order Routing & Information System) to improve the processing of information about deals. Prior to this, Barings staff had used paper and fax machines to excahnge information. BORIS had gone live in London, Tokyo and New York, with Barings' Far East offices, including Singapore, set to follow by mid-1995. An extension to BORIS, dealing specifically with risk management, went live in London HQ in the last few weeks and was also set to be rolled out in the Far East in the near future. Dealing in derivatives involves betting on the movement of shares on national stock exchanges and carries substantial risk of losing vast amounts of money. Frank Ranger, a director of City Consultants, said any system intended to manage that risk needs access to data from every market involved in the transactions. `There is a clear need to get consolidated informatin from products in some sort of control function,' he said. Peter Hynd, Barings' assistant IT director, was unavailable for comment, but sources believe the bank's existing settlement system contributed to the collapse. The Cash Risk Management system was supposed to flag cash positions, but if settlements were not processed according to the bank's procedures, it could not do so. Timothy J. Hunt, The Institute of Cancer Research, Royal Marsden NHS Trust, Downs Road, Sutton, Surrey England SM2 5PT +44 (0)181 642 6011 x3312 ------------------------------ Date: Sun, 5 Mar 1995 18:20 -0500 From: Bob_Frankston@frankston.com Subject: Securities (as opposed to security?) As the Derivative fiasco continues to unfold I keep thinking about how much it sounds like the typical computer risk though it is an age old financial fiasco. But the resemblance is not just coincidence and it helps in putting the computer risks in perspective. The key characteristic of both is that the effect of an action is out of proportion to the action itself and is not (easily?) predictable. In both cases, hubris is the killer. Fortune had an update on article on the issues (pun?). It is a world populated by those who invest millions or billions on hunches and, even more scary, make bets best of formulas they do not understand. Perhaps no one understands. Sounds like software. (Sounds also like the sophomore effect -- a naive belief in the magic of the new trick one has just learned) Like software, used with a reasonable understanding and modest goals, derivatives can be effective tools (ironically, to reduce risk). Like software, complexity and a lack of reality checking leads to disaster. And like software, success can breed disaster by encouraging one to plunge deeper and deeper. A billion dollars is a lot to lose, but companies have been brought down by software bugs. ------------------------------ Date: Mon, 6 Mar 95 09:16:03 EST From: f.e.carey@att.com (Frank E. Carey, Bell Labs) Subject: Barings: Greenspan quote ``The one thing the Barings episode illustrates is the productivity for making losses has gone up very significantly in the last 25 years. You couldn't write the execution slips fast enough 25 years ago to lose as much money as was lost by one idividual, aided by terrific technology.'' Alan Greenspan, chairman of the Federal Reserve, quoted in *The New York Times*, 6 March 1995. ------------------------------ Date: Wed, 1 Mar 1995 10:14:05 GMT From: m.g.farringdon@swansea.ac.uk Subject: Re: Compact Fluorescent Lights (RISKS-16.84) We use a light box containing four fluorescent tubes for SAD (Seasonal Affective Disorder) and noticed two weeks ago that the remote controls for TV & VCR wouldn't 'control' when the light box was on. This seems to be the same symptoms that Suffern noticed with compact fluorescent lights. Incidentally, while we've only been using the light box for three months, it does appear to alleviate SAD symptoms. Mike Farringdon m.g.farringdon@swansea.ac.uk ------------------------------ Date: Thu, 2 Mar 1995 20:38:13 -0500 From: HeavyWater@aol.com Subject: Compact fluorescent lights and infrared weirdness I suppose this isn't really a computer Risk, but someone might find it interesting anyway. Edward S Suffern's report of compact fluorescent lights causing malfunctions in his infrared remote control devices (RISKS-16.84) reminded me of a related problem that I ran into in my former job as the chief technician for a cable televison system. My installer had reported a problem with a converter that he had just installed (to aid in converter control, installers were issued only enough of set top units to complete their scheduled installations for the day. Any problems encountered were referred to allegedly more trustworthy members of the technical staff.) This converter was equipped with an infra-red remote control device. When I arrived at the subscriber's home, the display on the converter was showing "7" and no matter what channel I attempted to turn it it to, the converter always changed back to channel 7. I installed another box, assuming that it would solve the problem--CATV converters are notoriously unreliable despite what your local cable company might tell you. The new converter exhibited exactly the same behavior. Baffled, I stood next to the TV set scratching my head until I happened to turn towards the viewer's sofa and noticed sunshine glinting off the whirling, chrome-plated blades of an electric fan running by the window--and a lightbulb went on inside my head. Sure enough, when I turned the fan off, the problem went away. Turning the fan back on caused the problem to reappear. It seems that the moving blades of the fan were pulse-modulating the sunshine in exactly the right manner to confuse the infra-red receiver in the converter into thinking it was getting the "change to channel 7" command from the remote. I spent almost another ten years in the industry after that and never ran accross that particular problem again. Carl Maniscalco (heavywater@aol.com) San Diego, CA ------------------------------ Date: Fri, 3 Mar 1995 22:20:45 GMT From: Osma Ahvenlampi Subject: Re: Compact fluorescent lights (RISKS-16.84) In RISKS-16.84, Edward S Suffern wrote of energy saving fluorescent lights affecting TVs and other remote controlled equipment, suspecting that these type of bulbs emit infra-red enough to confuse remote receivers. This is slightly inaccurate. Energy saving light bulbs actually emit less infra-red radiation than a normal incadescent bulb. However, the light is "strobing" at the 50kHz range, which is about the same as the pulse frequncy of a common remote control. Some receivers (simpler designs) get confused by this, and that's what caused the malfunction. ------------------------------ Date: 6 February 1995 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. RISKS can also be read on the web at URL http://catless.ncl.ac.uk/Risks Individual issues can be accessed using a URL of the form http://catless.ncl.ac.uk/Risks/VL.IS.html (Please report any format errors to Lindsay.Marshall@newcastle.ac.uk) RISKS ARCHIVES: "ftp unix.sri.comlogin anonymousYourName cd risks or cwd risks, depending on your particular FTP. Issue J of volume 16 is in that directory: "get risks-16.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 15, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username and password. Also ftp bitftp@pucc.Princeton.EDU. WAIS repository exists at server.wais.com [192.216.46.98], with DB=RISK (E-mail info@wais.com for info) or visit the web wais URL http://www.wais.com/ . Management Analytics Searcher Services (1st item) under http://all.net:8080/ also contains RISKS search services, courtesy of Fred Cohen. Use wisely. ------------------------------ End of RISKS-FORUM Digest 16.87 ************************