RISKS-LIST: Risks-Forum Digest Friday 24 October 2008 Volume 25 : Issue 42 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.42.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Greenspan says computer input did it (CWmike via timothy via Wendell Cochran) Vint Cerf: Big Changes Ahead for the Internet (TechNews) UW researchers uncover gap in border security (Peter Gregory) Re: Computer likely caused Qantas plunge (Dag-Erling Smørgrav, Cameron Simpson, Adrian Edmonds) Re: Straight Party Voting Issues (David Phillips, Arthur Flatau) Re: Remarkable -- United Airlines Stock (John Levine) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 24 Oct 2008 06:24:27 -0700 From: Wendell Cochran <atrypa_at_private> Subject: Greenspan says computer input did it Greenspan Tells Congress Bad Data Hurt Wall Street Posted by timothy on Thursday October 23, @06:41PM from the but-all-this-looted-cash-won't-do-much-harm dept. Supercomputing The Almighty Buck United States Politics CWmike writes "Former Reserve Bank chairman Alan Greenspan has long praised technology as a tool to limit risks in financial markets. In 2005, he said better risk scoring by high-performance computing made it possible for lenders to extend credit to subprime borrowers. But today Greenspan told Congress that the data fed into financial systems was often a case of garbage in, garbage out. Christopher Cox, chairman of the Securities and Exchange Commission, told the committee that bad code led the credit rating agencies to give AAA ratings to mortgage-backed securities that didn't deserve them. Explaining in his testimony what failed, Cox noted a 2004 decision to rely on the computer models for assessing a decision that essentially outsourced regulatory duties to Wall Street firms themselves." ------------------------------ Date: Fri, 24 Oct 2008 13:42:26 -0400 From: technews_at_private Subject: Vint Cerf: Big Changes Ahead for the Internet Mikael Ricknas, IDG News Service, 21 Oct 2008, via ACM TechNews, 24 Oct 2008 Google vice president Vint Cerf predicts that 2008 and 2009 will be the most important years for the evolution of the Internet. "This year and the next year are probably the most significant years for Internet's evolution that I can remember," Cerf says. The most significant change will be the transition to IPv6, which will offer more address space for the Internet as the number of IPv4 addresses are expected to run out in 2010. Cerf notes that IPv6 also is required to comply with user's requests to go into encrypted mode. Another large change is the implementation of a more secure domain name system that uses Domain Name System Security Extensions (DNSSECs). DNSSEC ensures that users who use a domain name hookup receive the correct IP address instead of something from a hacker. The Internet also will soon support internationalized domain names with non-Latin character sets. "This is a big change, because for the last 30 years the only thing you could use was Latin characters, and just the letters a though z, digits 0 to 9, and a hyphen," Cerf says. He says other changes that would make the Internet more useful include broadcast and support for multihoming, which would make it easier for users to have more than one Internet service provider. http://www.infoworld.com/article/08/10/21/Big_changes_ahead_for_the_Internet_says_Vint_Cerf-IDGNS_1.html [This clearly has the potential to improve many things. However, case sensitive characters, cyrillic characters (e.g., "o") and others that might easily be confused with Latin characters are likely to provide some new opportunities for phishers (fissures in the dike?). PGN] ------------------------------ Date: Fri, 24 Oct 2008 07:46:03 -0700 (PDT) From: Peter Gregory <petergregory_at_private> Subject: UW researchers uncover gap in border security Perhaps RFID-passport/ID card cloning is making it into the mainstream media. Not that this is anything at all new to this esteemed audience. The end of the article says that the WA dept of licensing is looking into the matter - as though they have never heard of any of the RFID risks. Based upon their implementation, this may in fact be the case. http://www.komonews.com/news/33205899.html Peter Gregory, CISA, CISSP, DRCE | Risk Analyst and Manager | Published Author, Columnist petergregory_at_private | www.peterhgregory.com ------------------------------ Date: Fri, 24 Oct 2008 02:31:12 +0200 From: Dag-Erling Smørgrav <des_at_private> Subject: Re: Computer likely caused Qantas plunge (RISKS-25.40) > ... in a 6,500-foot drop. I have to retract that... it seems that it was in fact 650 feet, and the source *I* consulted (I believe it was Sky News) added a zero. ------------------------------ Date: Fri, 24 Oct 2008 14:12:34 +1100 From: Cameron Simpson <cs_at_private> Subject: Re: Computer likely caused Qantas plunge (Rieden, RISKS-25.38) Or the aircraft's horizontal speed might be utterly irrelevant to the effects. Several people were injured in this incident. For example, at: http://www.news.com.au/couriermail/story/0,23739,24460989-952,00.html we see stuff like: The "ghost in the machine'' malfunction which caused a mid-air drama leaving 46 people injured has puzzled air safety investigators who cannot recall a similar incident in aviation history. [...] Passengers on board the flight have described haunting images of children and babies hitting the ceiling of the plane. While the incident left some with spinal injuries and others with broken bones and lacerations [...] At least 30 passengers and crew aboard QF72 were seriously injured - some with spinal injuries and others with broken bones and lacerations 650 feet in 20 seconds is about 10m/s descent. It is irrelevant how shallow the absolute angle was if the descent started abruptly enough because acceleration can still be immense. Analogy: if you're on a bus and someone swings a nasty uppercut at you, does the speed of the bus matter? Cameron Simpson <cs@private> DoD#743 http://www.cskk.ezoshosting.com/cs/ ------------------------------ Date: Thu, 23 Oct 2008 23:08:32 -0700 From: Adrian Edmonds <Adrian.Edmonds_at_private> Subject: Re: Computer likely caused Qantas plunge (RISKS-25.40) Whilst working for a UK company specialising in fire detection/extinguishing we regularly received incident reports from the CAA. Whilst our main concern was fuel tank vent and dump systems I was struck by the number of airborne accidents involving turbulence. Some of these incident reports caused much hilarity on a Friday afternoon, especially the ones showing just what can happen with a food trolley and sleeping passengers I have always flown since then with my seatbelt firmly attached around my body. Just like they say on the inflight safety announcements, keep your seatbelt on at all times. Adrian Edmonds, Stryker GI,8 Haeshel Street,PO Box 3534, Caeserea 38900 ISRAEL +972-73 737 4772 ------------------------------ Date: Fri, 24 Oct 2008 09:35:11 -0400 From: "David Phillips" <skydaver_at_private> Subject: Re: Straight Party Voting Issues (Finegold, RISKS-25.41) Leonard Finegold passed on information about problems with straight party voting issues, undercounting, etc. I can only speak to North Carolina, where I have lived & voted for 24 years. While we do have straight party voting available, and all of the potential problems from Leonard's post do exist, it is well publicized during each election cycle that a straight party vote will NOT select a presidential candidate, or any judicial candidates, or any of the non-partisan races on the ballot. I cannot remember whether this has always been the case since I moved here, but believe that it has. ------------------------------ Date: Fri, 24 Oct 2008 09:37:09 -0500 From: Arthur Flatau <flataua_at_private> Subject: Re: Straight Party Voting Issues (Finegold, RISKS-25.41) It seems the problem with straight party voting here in Austin is perhaps a poor user interface (I have not yet voted this year, so I can I am making some conjectures based on past experience as well as this article from the Austin American Statesman: Ignore straight-ticket voting rumors, clerk says http://www.statesman.com/news/content/news/stories/local/10/23/1023voterscam.html) Travis County uses Hart InterCivic eSlates machine, I believe that these are used fairly widely throughout Texas. The problem is, I believe, that when you vote straight party (presumably for either Democratic or Republican, although all the rumors seem to be about the Democratic party), it seems the machine merely selects all the Democratic candidates. If you then try to vote for the Democratic Party candidate (Obama) or presumably any other Democratic candidate, you unselect that person. I am not sure that is all that bad a design (assuming it does work as I think). You are given a chance to review all of you selections before pushing the button to cast your vote. In any case, although there are major problems with electronic voting, including the Hart InterCivic eSlates this seems like at best a minor issue. You do have to be careful to review who you actually voted for, but this is true for any voting system, including paper ballots. ------------------------------ Date: 24 Oct 2008 00:01:53 -0000 From: John Levine <johnl_at_private> Subject: Re: Remarkable -- United Airlines Stock (Nelson, RISKS-25.38) > surely its 'sell' if the price exceeds an upper limit and 'buy' if its > below the lower limit. After all, the purpose of the program is to make > money, not to give it away! No, Russ got it right. That's known as momentum investing. I don't think it makes much sense, but there are definitely people who do it. John Levine, johnl_at_private, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.42 ************************Received on Fri Oct 24 2008 - 11:53:52 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 24 2008 - 12:10:50 PDT