[RISKS] Risks Digest 25.35

From: RISKS List Owner <risko_at_private>
Date: Mon, 22 Sep 2008 16:48:05 PDT
RISKS-LIST: Risks-Forum Digest  Monday 22 September 2008  Volume 25 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/25.35.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Sydney road tunnel closed by computer 'glitch' (John Colville)
DC Primary votes don't add up... even with a fudge factor (David Lesher)
Hurricane Ike (Les Denham)
Hacker claims Palin e-mail hacked via password reset (Rob McCool)
Re: Wall Street; where nothing can go worng wrogn wrgno.... (Martin Ward)
Re: Risks of financial systems too complex ,,, (Jim Horning)
Re: Risks of not using check digits (Erling Kristiansen, Paul van Keep)
Re: capability creep on red-light cameras (Paul Wallich)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 23 Sep 2008 08:39:12 +1000 (EST)
From: "John Colville" <colville_at_private>
Subject: Sydney road tunnel closed by computer 'glitch'

The M5 East tunnel is a 4-km tunnel on a major motorway leading into Sydney.
On 22 Sep 2008 the tunnel was closed for 2 3/4 hours starting at about 0900,
due to the failure of a backup computer.  It caused serious disruption to
traffic in that area of Sydney.  "... the tunnel had to be closed to traffic
because its safety equipment was disabled when the computer system was
down."

[``It is the sixth time the $800 million project has been shut since it
opened in late 2001.''  Previous failures included a different "computer
glitch" in Feb 2002; lighting systems failed 11 months later; a "combined
power failure" occurred in Mar 2004; the CCTV system failed in Dec 2004; and
another computer crash caused as five-hour closure on 25 Jun 2008.  PGN]  The
company which operates the tunnel has now agreed to a have a staff member on
duty at all times.

http://www.smh.com.au/news/national/oh-baby-m5-tunnel-takes-its-toll/2008/09/22/1221935513625.html?page=fullpage#contentSwap1

John Colville, Faculty of Engineering & IT; University of Technology, Sydney
Honorary Associate  + 61 2 9514 1854  colville_at_private

------------------------------

Date: Mon, 22 Sep 2008 16:17:32 -0400 (EDT)
From: "David Lesher" <wb8foz_at_private>
Subject: DC Primary votes don't add up... even with a fudge factor

Nikita Stewart and Elissa Silverman, *The Washington Post*, 22 Sep 2008; B01
<http://www.washingtonpost.com/wp-dyn/content/article/2008/09/21/AR2008092102344_pf.html>

As District officials continue to investigate errors in the early vote
tallies from the Sept. 9 primary, one number stands out: 1,542.  That number
appeared in the category for "overvotes" in 13 separate races when the
D.C. Board of Elections and Ethics released early results on election
night.  But those votes inexplicably vanished shortly after midnight, when
officials posted what they identified as corrected results. ...

The elections board initially blamed the discrepancies on a single defective
computer memory cartridge at the Precinct 141 polling site on U Street NW in
the Dupont Circle area. Sequoia has said the cartridge was not defective and
suggested that tabulation errors might have been triggered by workers or by
a static or electrical discharge.

[The article goes on about problems within Board, including the fact the
CTO does not have a claimed BS degree, and the ExDir's departure.]

Static discharge? At least they are not saying swamp gas was to blame.

[I was going to reference this to a past voting Risks post, but there are
so many to choose from...]

------------------------------

Date: Mon, 22 Sep 2008 16:03:36 -0500
From: Les Denham <les_at_private>
Subject: Hurricane Ike

Along with about 4 million other residents of this area, I experienced Ike
ten days ago.  And am still experiencing it.  Many of the problems are
computer related.

The first problem was that my home DSL service stopped when Ike was still
200 miles away (Friday evening).  I suspect that my phone service stopped
about the same time.  Shortly afterwards, my electricity stopped.

On Saturday afternoon, after the winds died down, I found I had phone
service, but still no electricity.  I tried to get my DSL working by
plugging the DSL modem into a UPS which still had some charge, but that
didn't work.  A little later, the phone service stopped working.  And the
cell phone service.

Next morning, I tried the phone, and it worked.  Later in the day, when the
electricity came on, I tried my DSL, and it worked.  In my email, I found a
message from my ISP apologizing for the interruption in service: the
co-location site had the backup generator for the servers function
correctly, but the backup generator for the air conditioning failed to
start.  Of course, this did not matter to me, because at the time I had
neither power, nor internet, nor phone.  By evening, the phone and the
internet had stopped working again, but I had found that by walking about a
mile from the house I could get a cell phone signal.  On one of these walks
I saw an AT&T truck and flagged the driver down.  I asked what the problem
was: we had power, and damage in my subdivision was minimal.  He explained
that each subdivision had a remote unit or subexchange with its own battery
backup, which was charged from the exchange -- and the exchange was still
running on backup generators, which did not have enough reserve to power all
the subexchanges.

By Monday afternoon, AT&T had their act together, and I had a landline, DSL,
and cell phone signal.

For me, the most significant point of failure appeared to be that AT&T has
engineered their backup power supplies to only cope with about twelve hours
of power failure.  With hurricane Ike, we had over 90% failure of
electricity supply to the fourth largest city in the U.S.A.  The first
repairs were not completed for about 24 hours; it was a week before 50% of
power was restored; and ten days later we still have over 30% of electricity
customers without power.

Les Denham, Vice President, Interactive Interpretation & Training, Inc.
1500 Citywest, Suite 800, Houston, TX 77042, U.S.A. 1-713.840.3326

------------------------------

Date: Sun, 21 Sep 2008 22:38:16 -0700 (PDT)
From: Rob McCool <robm_at_private>
Subject: Hacker claims Palin e-mail hacked via password reset

http://blog.wired.com/27bstroke6/2008/09/palin-e-mail-ha.html

This blog entry refers to an anonymous hacker who claims to have been the
one behind the widely publicized breach of VP candidate Sarah Palin's Yahoo
e-mail account. The interesting part is that the claimed attack was not
based on a weak password, but instead based on a weak password-reset
mechanism.  The hacker claimed that with a few searches in Google and some
information (Palin's birthday) from Wikipedia, along with some guesses of
phrasing, he was able to gain access to her email account.

------------------------------

Date: Mon, 22 Sep 2008 12:32:52 +0100
From: Martin Ward <martin_at_private>
Subject: Re: Wall Street; where nothing can go worng wrogn wrgno....

A lot of the comments in RISKS-25.34 seem to imply that the people running
the financial firms were stupid and/or careless in not doing a correct risk
analysis.

These people are not stupid or careless, merely greedy, unscrupulous and
irresponsible. They did a careful risk analysis all right, and then made the
decision to deliberately feed false information into the computer models and
deliberately create massively complex financial instruments.

Their risk analysis looked like this:

Success: My company hands off the package before it blows up.  My company
makes a massive profit and I end up fabulously wealthy.  (Other companies
make massive losses and have to be bailed out by the government, but that is
incidental).

Failure: My company ends up holding the package when it blows up.  My
company makes a massive loss and ends up having to be bailed out by the
government. I end up extremely wealthy.

After careful consideration of all the risks and benefits, I decide to go
ahead!

In an ideal world, the risk analysis would look like this:

Success: My company hands off the package before it blows up.  My company
makes a massive profit and I become fabulously wealthy.  Other companies
make massive losses and have to be bailed out by the government. My company,
and all the others, gets investigated and I end up bankrupt and jailed for
many years.

Failure: My company ends up holding the package when it blows up.  My
company makes a massive loss and ends up having to be bailed out by the
government. I become extremely wealthy. My company, and all the others, gets
investigated and I end up bankrupt and jailed for many years.

Quote: "There was a willful designing of the systems to measure the risks in
a certain way that would not necessarily pick up all the right risks" If an
engineer, for personal gain, willfully designed (say) a sewage monitoring
system so that it did not pick up the right risks, and as a result thousands
of homes were flooded with sewage and destroyed, that engineer would (I
hope) end up in jail. But in the financial world, people can get away with
doing much more damage, for personal gain, with no personal risk to
themselves.

martin@private http://www.cse.dmu.ac.uk/~mward/
G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/

------------------------------

Date: Sun, 21 Sep 2008 23:27:33 -0700
From: "Jim Horning" <jhorning4_at_private>
Subject: Re: Risks of financial systems too complex ,,, (Smith, RISKS-25.34)

I thoroughly agree with Daniel's main point, but let's not blame computers
too much.

This is the result of financial creativity driven by greed, both of which
have been around for quite a bit longer than computers.  Many of the
securities at the heart of the 1929 market crash were very nearly as complex
as those you describe.  See, for example, John Kenneth Galbraith's
insightful 1955 book, The Great Crash 1929
(http://www.amazon.com/Great-Crash-1929-Kenneth-Galbraith/dp/0395859999/).
An ironic side note is the role of Goldman Sachs in some of the most
highly-leveraged creations.

  [And PLEASE read Jim's very insightful blog all the way to the end:
    http://horning.blogspot.com/2008/09/economy-is-fundamentally-sound.html
  PGN]

------------------------------

Date: Mon, 22 Sep 2008 20:13:48 +0200
From: Erling Kristiansen <erling.kristiansen_at_private>
Subject: Re: Risks of not using check digits (Re: Douglass, RISKS-25.34)

It is not correct that Dutch bank account numbers do not use check digits. I
have an account with ABN-AMRO, and I just did the check: I changed one digit
of an otherwise correct number.  (I was prepared to accept the risk of
sending 1 cent to the wrong recipient.)  The transaction was rejected by the
on-line banking service.  According to one source I found (in Dutch):
http://cgi.dit.nl/bank.cgi the check is that a specified weighted sum of the
9 digits must be divisible by 11.

There is one exception: The Postbank. Postbank account numbers don't even
have a fixed length, very short (3-4 digits) numbers typically being given
to major charities and other high-profile customers. There is no intrinsic
check of validity, as far as I know. The Postbank is supposed to check the
name of the recipient, but I have positive evidence that this does not
always happen, even for a rather large transaction.

------------------------------

Date: Mon, 22 Sep 2008 14:16:03 +0200
From: Paul van Keep <paul_at_private>
Subject: Re: Risks of not using check digits (Re: Douglass, R 25.34)

... The 9-(and 10-)number system has an 11-test that ensures a sparse usage
of the available number space.  The formula is pretty simple: The total of 9
times digit1 plus 8 times digit2 etc. should be divisible by 11.  The
account number 123456789 for instance is a valid number.

[Note: Paul's formulation of the formula is for the nine-digit number
system, where digit9 is the unit's digit.  The extension to ten digits is
more obvious with the equivalent mathematical formula given on the wiki
below, using the sum from i=0 (to N=9 or 10) of the ith digit times i+1,
where the right-most digit is the i=0th digit.  (Elf is 11 in Dutch, and
does not imply a mischievous creature carrying out the arithmetic.)  PGN]

See the Dutch Wikipedia entry for a more complete description:
http://nl.wikipedia.org/wiki/Elfproef

------------------------------

Date: Sun, 21 Sep 2008 20:45:38 -0400
From: Paul Wallich <pw_at_private>
Subject: Re: Capability creep on red-light cameras (Ashworth, RISKS-25.34)

> Jay R. Ashworth" <jra_at_private> writes:

> And remember: if that database exists, your wife's divorce attorney will be
> able to subpoena it.

If that were the only problem.  If that database exists, your employer, your
employer's competitors and the stores you shop at will be buying
soft-realtime access to it.

------------------------------

Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 25.35
************************
Received on Mon Sep 22 2008 - 16:48:05 PDT

This archive was generated by hypermail 2.2.0 : Mon Sep 22 2008 - 17:17:04 PDT