RISKS-LIST: Risks-Forum Digest Monday 17 November 2008 Volume 25 : Issue 45 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.45.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Chinese hackers breach white house computer systems (PGN) Hacker Tool Targeting MS08-067 Vulnerability (Websense via Monty Solomon) Lose the BlackBerry? Yes He Can, Maybe: President-Elect Obama (Jeff Zeleny via Monty Solomon) Texas Suspends Massive Outsourcing Contract (Keith Price) Driver Blames GPS System For Car-Train Collision (Paul Saffo) Stop! Buses only! --What do you mean, you ARE a bus? (Mark Brader) Martian deep freeze: NASA's Mars Lander dies in the dark (Sharon Gaudin via PGN) The "Two Focaccia Buttons Defense" (Robert Hall) Risks of assuming constant hours in a day (Toby Gottfried) Excel auto-formatting (David Magda) Texting bug hits the Google phone (Amos Shapir) Vintage IBM tape drive in Apollo moon dust rescue (Chris Leeson) gnus-mime-print-part vs. Mom's room (jidanni) Re: BBC Domesday Project (Martin Ward, Theo Bucher) Re: Poison pill auto-disclosure (Terje Mathisen, David Alan Gilbert, Al Macintyre, Richard O'Keefe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 16 Nov 2008 18:44:23 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Chinese hackers breach white house computer systems Chinese hackers have penetrated the White House computer network on multiple occasions and obtained e-mails between government officials, a senior US official told the *Financial Times*. On each occasion, the attackers accessed the White House computer system for brief periods, allowing them enough time to steal information before US computer experts patched the system. US government cyber intelligence experts suspect the attacks were sponsored by the Chinese government because of their targeted nature. But they concede that it is extremely difficult to trace the exact source of an attack beyond a server in a particular country. "We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organisations," said the official. [Source: The *Financial Times* website has items by Demetri Sevastopolu, dated 7, 8, and 17 Nov 2008. The above text is an excerpt from the most recent. PGN-ed] ------------------------------ Date: Tue, 11 Nov 2008 12:37:35 -0500 From: Monty Solomon <monty_at_private> Subject: Hacker Tool Targeting MS08-067 Vulnerability Websense Security Labs has noticed a special hacker tool in China. In the past few weeks, Microsoft has announced and released a patch for the MS08-067 vulnerability, and a hacker tool named "wolfteeth bot catcher" has been widely used by hackers to attack machines running Windows operating systems without the KB958644 patch. Our write up of the original vulnerability details can be found here. 11 Nov 2008. http://securitylabs.websense.com/content/Blogs/3237.aspx http://securitylabs.websense.com/content/Alerts/3218.aspx ------------------------------ Date: Sun, 16 Nov 2008 15:53:42 -0500 From: Monty Solomon <monty_at_private> Subject: Lose the BlackBerry? Yes He Can, Maybe: President-Elect Obama President-elect Barack Obama will have to give up his habitual use of his BlackBerry when he becomes president -- largely because of the Presidential Records Act (but presumably also because of its inadequate security). His use of e-mail is likely to also be constrained. However, he apparently intends to be the first president with a laptop on his desk. [Source: Jeff Zeleny, *The New York Times*, 16 Nov 2008; PGN-ed] http://www.nytimes.com/2008/11/16/us/politics/16blackberry.html [Recall previous items (RISKS RISKS-19.29,32,33) regarding the ban against laptops on the Senate floor: fears of surfing, lobbyists, spamming, real-time on-line influence, etc., eschewing possible benefits of being able to search through pending legislation and to better communicate! PGN] ------------------------------ Date: Thu, 30 Oct 2008 15:12:40 -0700 From: Keith Price <price_at_private> Subject: Texas Suspends Massive Outsourcing Contract Late last week, the *Dallas Morning News* ran a story about a massive computer crash that destroyed hundreds of Texas Attorney General Greg Abbott's confidential documents which may prevent scores of Medicaid fraud prosecutions. ... This was noted in the IEEE Spectrum Risks blog -- http://blogs.spectrum.ieee.org/riskfactor/2008/10/late_last_week_the_dallas.html ------------------------------ Date: Tue, 11 Nov 2008 08:34:24 -0800 From: Paul Saffo <paul_at_private> Subject: Driver Blames GPS System For Car-Train Collision On the evening of 10 Nov 2008, a man's car got stuck on the Metro-North tracks in Bedford Hills, N.Y. in Westchester County because he said his GPS told him to make an immediate right turn. Police blamed Jose Silva's overdependence on GPS. He was cited for driving on the tracks and not obeying signs. Metro-North spokeswoman Marjorie Anders said, "You don't turn onto train tracks. Even if there are little voices in your head telling you to do so. If the GPS told you to drive off a cliff, would you drive off a cliff?" The same thing had happened in Jan 2008. Apparently the safety features that were added then were not enough to deter Silva. [Source: KPIX; PGN-ed] http://cbs5.com/watercooler/gps.beford.hills.2.829797.html ------------------------------ Date: Sun, 2 Nov 2008 03:43:29 -0500 (EST) From: msb_at_private (Mark Brader) Subject: Stop! Buses only! --What do you mean, you ARE a bus? In some British cities, restricted-traffic lanes such as bus-only lanes are protected by bollards that automatically lower themselves into the street when a permitted vehicle is detected, and rise again behind it. The other day in Manchester, though, a bollard rose *while* a bus was passing over it. The bus was brought to an abrupt stop and several passengers were injured. http://www.manchestereveningnews.co.uk/news/s/1077219_six_hurt_as_bus_hits_bollards I was hoping to find a BBC story on this, as they have shorter URLs and I know they don't expire quickly, but there doesn't seem to be one at present. However, while looking for it, I came across this item http://news.bbc.co.uk/1/hi/england/cornwall/7220833.stm about bollards in the city of Truro rising suddenly under the feet of pedestrians, which they also aren't supposed to do, earlier this year. [Later note added:] Here's a followup story link, although the cause is still unknown: http://www.manchestereveningnews.co.uk/news/s/1077703_call_for_bollards_inquiry ------------------------------ Date: Sun, 16 Nov 2008 12:00:37 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Martian deep freeze: NASA's Mars Lander dies in the dark After five months digging up and analyzing soil samples on Mars, verifying the existence of ice, and noting that snow falls from Martian skies, NASA's Phoenix Mars Lander has gone silent -- because the nights have grown longer and there is less sun to recharge the solar batteries. [Source: Sharon Gaudin, Computerworld, 11 Nov 2008] http://www.computerworld.com ------------------------------ Date: Tue, 11 Nov 2008 17:22:18 -0500 From: Robert Hall <bob-3FA86EQ8EH-_at_channels.research.att.com> Subject: The "Two Focaccia Buttons Defense" I had lunch today at a local bakery/sandwich place, ordering a sandwich and drink. The bill seemed high to me, even for that place, so I looked at the computer-generated register receipt: 6.29 [Sandwich] 1.59 [Drink] 8.77 Subtotal 0.61 Tax 9.38 Amount Due The prices seemed consistent with the menu, and computers never make arithmetic errors, right? Oops, wrong. (6.29 + 1.59 = 7.88, NOT 8.77) When I went back to point this out, the response was "Sorry, sir, but our system was reprogrammed recently and we have two focaccia buttons now. That's the problem." My first reaction was to want to understand better how it could make sense for *any* number of "focaccia buttons" to make 6.29+1.59 = 8.77. But then I remembered the Indiana Legislature and decided to accept my refund with grace. (In case you were wondering, I decided it was too risky to order pi for dessert.) Observations: 1. Check your receipts. Don't assume the computer never makes arithmetic errors; don't even assume it is doing the same arithmetic problem displayed on the paper. 2. Verify your paper optical-scan ballot. 3. Why does anybody trust Internet gambling sites (or any software based gambling machines of any kind, for that matter) to play fair? Robert J. Hall, AT&T Labs Research ------------------------------ Date: Sat, 1 Nov 2008 23:50:31 -0700 From: <toby_at_private> Subject: Risks of assuming constant hours in a day I am reporting [on] myself in this instance. I recently developed a small application for a group to sign up for some activities. As such, it involves date calculations. I made the (altogether reasonable, I thought) assumption that if you take a timestamp and add 24 hours, it becomes the same time on the following day. Well, not always. Such as when clocks change for Daylight Savings Time. 24 hours after 00:30 on Sunday Nov 2, it is 23:30 on Sunday Nov 2. (In local time that is.) In this case, the problem self repaired after the clocks were changed - it was only a bug during the 24 (23 ? 25? 2?) or so hours immediately before the hour the clocks changed. I guess that is one of the reasons that we do the clock changes late at night during the weekend. It minimizes the Risks. ------------------------------ Date: Mon, 17 Nov 2008 13:18:49 -0500 (EST) From: "David Magda" <dmagda_at_private> Subject: Excel auto-formatting Auto-formatting in Excel has reared its head again: > Some of these details on various trading contracts were marked as hidden > because they were not intended to form part of Barclays' proposed deal. > However, this "hidden" distinction was ignored during the reformatting > process so that Barclays ended up offering to take on an additional 179 > contracts as part of its bankruptcy buyout deal, Finextra reports. [...] > It's unclear what the financial ramifications of the formatting error > might be. Excel spreadsheets might seem a fairly unsophisticated method of > logging multi-billion pound trading positions, but they are quick to > produce and easy to understand--vital consideration in a financial > market--which makes them widely used. http://www.theregister.co.uk/2008/10/15/lehman_buyout_excel_confusion/ ------------------------------ Date: Wed, 12 Nov 2008 17:53:54 +0200 From: Amos Shapir <amos083_at_private> Subject: Texting bug hits the Google phone A text conversation has revealed a big problem with the G1 mobile phone - powered by Google's Android software. The newly discovered bug causes the phone to restart when owners type in the word "reboot" soon after starting up the device. Full story at: http://news.bbc.co.uk/2/hi/technology/7722367.stm This reminds me of a bug/feature of a popular model of phone modem, which would hang up the line whenever it encountered the words NO CARRIER (I hope nobody is reading this edition of Risks over a phone line...)Amos Shapir ------------------------------ Date: Tue, 11 Nov 2008 11:16:52 -0000 From: Chris Leeson <Chris.Leeson_at_private> Subject: Vintage IBM tape drive in Apollo moon dust rescue Yet another data recovery exercise http://www.theregister.co.uk/2008/11/11/vintage_ibm_tape_drive_moon_dust _data/ A day after reading Mike Tibbetts post about the Domesday project, I came across this article on The Register. Data on Moon Dust from Apollo 11, 12 and 14 was stored on a number of tapes requiring a "1960s-era IBM 729 Mark V tape drive". The tapes were archived by NASA and Sydney University. Alas, due to an "archiving error", the NASA copies were disposed of. The Sydney ones are, however, still available. SpectrumData, a data recovery firm, have managed to track down a tape drive in the Australian Computer Museum Society, and will be borrowing it to try and read the tapes. They hope to have the hardware working by January, and to extract the data from the tapes then. The tapes were stored in a climate-controlled environment, so may still be viable (although there are lots of things that can wreck tapes). On the other hand, the restoration job is described as "It's going to have to be a custom job to get it working again. It's certainly not simple, there's a lot of circuitry in there, it's old, it's not as clean as it should be, and there's a lot of work to do." ------------------------------ Date: Tue, 11 Nov 2008 01:50:04 +0800 From: jidanni_at_private Subject: gnus-mime-print-part vs. Mom's room 'Twas the night before Christmas, when all through the house, not a creature was stirring... except the old printer up in Mom's room: In the "gnus" news reader, usually p runs the command gnus-summary-prev-unread-article Select unread article before current one. Except when the cursor happens to be resting on an image, whereupon p runs the command gnus-mime-print-part Print the MIME part under point. http://news.gmane.org/group/gmane.emacs.gnus.general/thread=67574 No problem. Trip the house circuit breaker, then go upstairs with a flashlight. "Paper jam, blew a fuse, I'll take care of it!" better than Mom: "So that's what you've been browsing! I'm returning the computer to the department store. You can have a new one when you're 18." ------------------------------ Date: Sun, 9 Nov 2008 13:04:43 +0000 From: Martin Ward <martin_at_private> Subject: Re: BBC Domesday Project (Re: Tibbetts, RISKS-25.44) > so far as I can tell, they seem to have lost it! Not completely lost. The whole Domesday Project appears to be available on the web here: http://www.domesday1986.com/ martin@private http://www.cse.dmu.ac.uk/~mward/ ------------------------------ Date: Sun, 9 Nov 2008 21:28:03 +0100 From: theo.bucher_at_private Subject: Re: BBC Domesday Project (Tibbetts, RISKS-25.44) Writing History as a Pioneer is Taking a Risk I sympathize with Mike Tibbetts, as I think it unfair to cite 'lack of foresight' as a cause of the loss of the Domesday data. Lack of knowledge may be closer. But anyone claiming anything like that today has the benefit of 20/20 hindsight. It's not a fair comparison. Who was to blame? Well, perhaps nobody, unless naivety is a sin. The Domesday Project was a pioneering feat. Pioneers sometimes pay a high price for their achievements. In this case no one really suffered, although it is sad that the collection disintegrated. History should be viewed in the light of the times of its happening. I submit that the outcome of this project and other such experiences were inevitable, contemplating the sociotechnomics (sociology in the space between technology and economics). Consider the following probable or possible circumstances. Conservation in public Archives works something like this: 1. Most archive holdings are on paper or photographic film. 2. The preservation of paper or photographic film requires a certain amount of knowledge, diligence and skill, but it's not extremely difficult. 3. Such know-how evolves only slightly over time, as, for example, new types of paper are used and new methods of conservation are developed. The know-how needed for conservation of conventional materials is therefore relatively stable, systematic and it is relatively easily learned and remembered, given a good general education in natural sciences. The basic information is freely available (and useful for all sorts of other purposes too). It remains available in a cheap and stable form: in Basic Object-Oriented Knowledge Systems (books), universally catalogued using a standard system (ISBN). 4. It is conventionally accepted that archives conserve their materials based mainly on controlling the environmental conditions and protecting from external influences. 5. The costs of preservation may rise slowly year on year. Not so slowly if the price of energy burgeons, but even that rise in costs will be accepted as essential to doing business; it impacts the complete conventional holdings of the archive. Incidentally, many public archives have collections of ancient historical documents in urgent need of restoration, lest they decay completely, but no funds for such a project. 6. The interest of a Chief Archivist will be mainly on keeping the gros of the inventory in good condition, and *accessible* and to provide good services to the customers of the day. 7. To hang on to their jobs, archivists will do what other people do. They put priority on keeping the overwhelming majority their customers happy, especially their top paying customers. Now consider some not improbable circumstances of a set of hi-tech recordings on a rare or obscure hi-tech medium needing to be migrated in 1992 (take it with a pinch of salt): 1. The hi-tech holding acquired in 1986 is a single holding (or one of only a very few) among thousands of other holdings having significant historical value that you can feel (because some of them are falling apart). 2. The archivist is not a hi-technologist. (S)he has no idea what is needed to conserve the holding. Asks the single IT specialist on archive staff (an expert in DOS/Windows 2.0). 3. Migrating data on a rare medium to a new medium, or (oh horror!) to a new *data format* is a P-R-O-J-E-C-T. But it's not a project like restoring some ancient books. It can't be done by the usual staff, it needs IT specialists. The archivist has no such IT specialist on staff. 4. IT specialists are only very rarely conservationists. IT jobs are secured by constantly inventing new kinds of wheels, excuse me, I mean, of course, by innovation. Can't hire any IT conservationists in 1992 because top IT people are busy thinking about how to integrate Wind-OS 3.x into a conventional IT environment - enough to do, and it's a sellers' market. The archivist needs to hire a C-O-N-S-U-L-T-A-N-T. Consultants cost more than staff. Gritting teeth, the archivist hires a Consultant. 5. Much of the information that IT specialists will need for the project is in the system documentation. That's the *system* documentation (not the user manuals). The system documentation is unique knowledge in the hands of the manufacturer. New generations of hardware and software entail learning new programming languages, new programming tools, new concepts for structuring and manipulating data, also new workarounds for the bugs in the systems, and that includes the bugs (errors and omissions) in the documentation, which may have been hurriedly completed shortly before the custom product was shipped (if 'complete' documentation was written at all). The consultant tells the archivist (s)he needs additional documentation that is not available, and not easily obtained, and, especially in view of the circumstances - custom development - the documentation may also be incomplete or inaccurate. Success is not guaranteed (and keeping within budget, even less so). 6. Formal methods of project management for IT existed in 1992, but were not as well developed as they are now and were not so widely applied. Even so 30 to 50% of projects fail to deliver. 7. The project is competing for funds with another project to restore high-profile irreplaceable tomes from 1066, to save them from complete annihilation. No customer has expressed any interest in this hi-tech holding since it was acquired. 8. You are the archivist. What would you do? That is maybe a generous scenario. With a little thought, a number of other kinds of SNAFU could probably be discerned as possible contributory causes. I realise this was the National Data Archive, so some of the details that I filled in are to be taken as metaphors and no more. But it is conceivable that the contributing parties were not at fault, i.e. that they did not fail to learn from history, and they were certainly doing something useful: they were writing history for others to learn from. ------------------------------ Date: Fri, 31 Oct 2008 09:14:41 +0100 From: Terje Mathisen <terje.mathisen_at_private> Subject: Re: Poison pill auto-disclosure (Robinson, RISKS-25.43) This is very similar to the setup used by rsync.net (where I keep some (encrypted) backups of critical information): They have a "canary" page which they promise to update every week: http://www.rsync.net/resources/notices/canary.txt It states, among other things, that "rsync.net Warrant Canary Existing and proposed laws, especially as relate to the US Patriot Act, etc., provide for secret warrants, searches and seizures of data, such as library records. Some such laws provide for criminal penalties for revealing the warrant, search or seizure, disallowing the disclosure of events that would materially affect the users of a service such as rsync.net. rsync.net and its principals and employees will in fact comply with such warrants and their provisions for secrecy. rsync.net will also make available, weekly, a "warrant canary" in the form of a cryptographically signed message containing the following: * a declaration that, up to that point, no warrants have been served, nor have any searches or seizures taken place * a cut and paste headline from a major news source, establishing date Special note should be taken if these messages ever cease being updated, or are removed from this page." If this message ever stops being updated, I must assume it was because they either forgot to do so (hasn't happened yet), or some outside party have indeed served them with a warrant, but without also forcing them to continue making bogus updates to the canary message. ------------------------------ Date: Sat, 1 Nov 2008 18:03:09 +0000 From: "Dr. David Alan Gilbert" <dave_at_private> Subject: False security from privacy screens A major phone shop here in Manchester has just been redecorated; they've now got a nice clean glass wall into the rest of the shopping centre. That would be the wall against which they have the PCs they take your information and do credit checks on. I explained to one of the shop workers that I thought it insecure and he said 'It's ok, we've got privacy screens'. A lot of places seem to treat privacy screens as silver bullets, they indeed do stop people seeing the screens from off angle - but where you can stand straight in front of the machine (e.g. when someone has just put a glass wall up or as is common in new open plan banks when you can just stand a bit further back) they are completely useless. I took the assistant outside the shop and showed him; and he referred me to the shop manager, who unfortunately just said 'well what can I do - I didn't design the shop'. So much for security. I suggested he put a poster up on the glass wall. ------------------------------ Date: Thu, 30 Oct 2008 11:58:17 -0600 From: Al Macintyre <macwheel99_at_private> Subject: Re: Poison pill auto-disclosure (Robinson, RISKS-25.43) I heard a similar story, which may be urban legend. A librarian sent notification each day to the library's Board of Directors. "We have not yet received any secret demand under the Patriot Act." Then when they got the first such demand, where the rules prohibit telling anyone about it, she stopped sending the notification, so now they all knew. ------------------------------ Date: Tue, 4 Nov 2008 13:42:50 +1300 From: "Richard O'Keefe" <ok_at_private> Subject: Re: Poison pill auto-disclosure (Robinson, RISKS-25.43) Paul Robinson (RISKS-25.43) proposed a "Dead man switch" technique for forcing disclosure. I am not a lawyer of any kind, but there seem to be some flaws: 1. He assumes that it is legal for Bob to inform Alice about the defects. The contract under which he has access to the software may forbid this. According to the Wikipedia, UCITA has so far been passed in only two states, but wasn't it going to prohibit public criticism of bad software? Even in states or countries sans UCITA, specific software licences may forbid this. 2. If there is a court order prohibiting Bob from publishing information about the defects, then his failure to effectively cancel his prior arrangement with Alice will almost certainly count as defiance of the court order. 3. If I'm wrong about 2, then the scheme might work once. But don't expect it to work twice; laws can be patched. ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.45 ************************Received on Mon Nov 17 2008 - 15:10:19 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 17 2008 - 15:31:26 PST