[RISKS] Risks Digest 25.46

From: RISKS List Owner <risko_at_private>
Date: Wed, 26 Nov 2008 20:14:10 PST
RISKS-LIST: Risks-Forum Digest  Weds 26 November 2008  Volume 25 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/25.46.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
E-prescription for IT disaster (Tom Yager via Gene Wirchenko)
Computer virus shuts down three London hospitals (Patrick O'Beirne)
The Blackberry, the President, and Reality (Fred Cohen, Steve Wildstrom)
Choose too large a sample interval and look like an idiot (Max Power)
The Great RoHS/Tin Whisker Fiasco of 20?? (Jay R. Ashworth)
ACMS helps recover lost Moon data (David Shaw)
Re: Vintage IBM tape drive in Apollo moon dust rescue (David Brunberg)
Re: BBC Domesday Project (Kees Huyser, Amos Shapir)
Re: NASA's Mars Lander dies in the dark (John Levine)
Excel user awareness (Patrick O'Beirne)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 22 Nov 2008 16:28:04 -0800
From: Gene Wirchenko <genew_at_private>
Subject: E-prescription for IT disaster (Tom Yager)

Tom Yager, E-prescription for IT disaster, *Infoworld* Blog, 19 Nov 2008
http://weblog.infoworld.com/yager/archives/2008/11/eprescribing_mo.html?source=NLC-DAILY&cgd=2008-11-19

The federal paperless prescription mandate is a model for pathetic planning
that will leave users and IT blamed for failures

Researchers just finished mapping a patient's leukemia tumor genome, finding
only eight differences between her tumor cells and normal ones taken from
her skin. This breakthrough in medical technology was somehow accomplished
while the American Medical Association and U.S. government health agencies
are doing a rip and replace of the nation's medication distribution
system. Taking the prescription system paperless has been on the national
road map since timeshared mainframes were the rage, but up to now, those
delivering, managing, regulating, and receiving health care always found
wiser uses for the time and money required for a prescription system
overhaul.

Now, in the final seconds before an administration sworn to reform health
care takes office, e-prescribing is being lofted as a Hail Mary pass by
interests with a mix of honorable and questionable intentions. It has not
remotely begun to gel, but now it is poor planning made law, and it falls to
practitioners, pharmacies, and IT to make it work. Make it work now, or the
government will dock already inadequate reimbursement for treatment under
Medicare and Medicaid. Company-paid insurance can't be handled any other
way.

It probably seems that I'm casting too jaundiced an eye on the issue. Who
could oppose the modernization of a paper system whose flaws exact tolls in
lives and taxpayer dollars lost to fraud? Trouble is, e-prescribing is
loaded with agendas, with conduits for control and work-arounds for
potential future regulation and reformation (whatever those may be). It is
being executed under the rubric of urgent social necessity, but the health
care system has far more pressing issues to deal with. Doctors have less
time to see patients, new reasons to refuse to treat patients on government
assistance, and new levels of complication that tacitly discourage certain
types of prescriptions.

Ain't broke

E-prescribing is sold as an essential modernization of a creaky,
error-prone, inefficient, and costly paper system that cannot keep pace with
the explosive growth of prescriptions. If you didn't know better, you might
say they're right. This archaic system has its roots in simpler times when
small-town pharmacists knew small-town doctors and their office staff
personally. Pharmacists' experience and face-to-face dealings with patients
red-flagged erroneous or suspicious prescriptions. [...]

------------------------------

Date: Tue, 18 Nov 2008 16:13:25 +0000
From: Patrick O'Beirne <Mail3nospam_at_private>
Subject: Computer virus shuts down three London hospitals

A computer virus infection has forced a number of London hospitals to shut
down their IT systems, and revert to manual operation.

  [Searching on this turned up many reports, naming St Bartholomew's, the
  Royal London Hospital, and the London Chest Hospital, all part of the
  Barts and London NHS Trusts.  The URL Patrick gave me did not seem to
  work.  PGN]

------------------------------

Date: Mon, 17 Nov 2008 17:55:00 -0800
From: Fred Cohen <fc_at_private>
Subject: The Blackberry, the President, and Reality (Re: Solomon, RISKS-25.45)

The Records Act does not prevent the use of a Blackberry - all you have to
do is record what you send (and receive) - a relatively simple matter. The
fact that sending classified over a blackberry is a problem is, of course, a
limitation, but hardly a surprise. The other challenge relates to the
traceability of the blackberry to a location and the ability to use this
information to deliver smart weapons on target. And then there is the use of
the voice part for recording conversations when it appears to be off. And of
course the list goes on. But isn't this a good thing for computer security?
After all, we can secure things like this if we want to, and the fact that
so public an official has to deal with these sorts of issues should be an
eye-opener for lots of folks. It's a good thing that it is being brought up,
but it should not force him to stop using the device. Assuming it is
properly managed.

That brings us to the real issue. The security of Federal systems and the
measures taken to protect (and not protect) them are problematic, they tend
to get low scores on relatively simple tests of security, and of course the
White House computer systems have been broken into recently (according to
the news stories) and emails revealed - blackberry not even involved. At the
dawn of the information age, as it enters the highest parts of our
government, we may actually see an executive who has to deal with these
issues and a serious effect on notional policy and operational
decisions. Change is coming, but will that change be change we can rely on?

Fred Cohen & Associates, 572 Leona Drive, Livermore, CA 94550 http://all.net/
1-925-454-0171  http://tech.groups.yahoo.com/group/FCA-announce/join

------------------------------

Date: Tue, 18 Nov 2008 13:25:35 -0500
From: Steve Wildstrom <steve_wildstrom_at_private>
Subject: The Blackberry, the President, and Reality (Re: Solomon, RISKS-25.45)

Most of what has been written about the President-elect and his BlackBerry
is nonsense. As President, he may not have time for as big a time-suck as a
BlackBerry, but neither the Presidential Records Act nor security concerns
(for unclassified material) should be an issue. A BlackBerry certainly meets
all the retention requirements of the PRA (actually, these would be met by
the underlying mail system-Exchange, Lotus Domino, or GroupWise.) With
respect to security, the BlackBerry has picked up a long list of approvals,
including certification under FIPS for "sensitive but unclassified"
information. BlackBerrys are widely used within the government, including by
law enforcement agencies, as is a similar technology for Windows Mobile and
Palm from Motorola Good Mobile Messaging.

Steve Wildstrom, Technology & You columnist, BusinessWeek, 1200 G St NW
Suite 1100, Washington, DC 20005 www.businessweek.com/technology/wildstrom.htm

------------------------------

Date: Wed, 19 Nov 2008 13:35:49 -0800
From: Max Power <dist23_at_private>
Subject: Choose too large a sample interval and look like an idiot

... Risks of using poorly customized map software ...
http://news.bbc.co.uk/2/hi/in_depth/629/629/7600053.stm

The BBC Box uses GPS based satellite transponder technology.
The Box pings its location every 24 hours. The Box should ping its
location every 11 hours, or some oddball number smaller than 24.
Sadly, the sample ping sample interval is too small -- and the mapping
software is not bright enough to use arcs between sample points to avoid
clearly wrong map displays.

In this case The Box's trip around Taiwan looks totally wrong (19/10/2008 &
20/10/2008).  The ship did not plow thru the Taiwanese mountains!

Also, the trip around Indonesia, and Malaya to Singapore looks totally wrong
as well.  And the trip skirting around Sri Lanka does not look right either.
And Yemen, eeesh!

* These nation's EEZ's are somewhat unsafe due to piracy, but that issue
  needs to be tackled by the UN.
* I don't believe that a smaller ping interval is any less safe, if the
  new data point is delayed from being displayed by 120 minutes.

What other visual mapping gaffes will we have to tolerate for the next year?
The Box project will last a year at least.

I actually hope the BBC inserts interpolated data points, or even better --
get a GPS log of the container ship's route.

The GPS unit in use here probably stores a data point every 15 minutes, and
can probably send trip logs autonomously.

Max Power, CEO, Power Broadcasting, http://HireMe.geek.nz

------------------------------

Date: Thu, 20 Nov 2008 11:03:14 -0500 (EST)
From: "Jay R. Ashworth" <jra_at_private>
Subject: The Great RoHS/Tin Whisker Fiasco of 20??

Slashdot just ran a story about a lead substitute based on bisumth.
  http://tech.slashdot.org/article.pl?sid=08/11/19/2330241

As I had expected, some of the commenters (me among them) noted that the
removal of lead from solder to meet European RoHS requirements is causing
problems with the formation of tin whiskers.
  http://www.siliconfareast.com/whiskers.htm

So, now, the question you have to ask yourselves is: what happens when one
of those tin whiskers shorts out a critical piece of avionics in the plane
you're flying in?

And, more importantly... has that thought already occurred to people who
build avionics, and make RoHS laws... and if so, why does Google have so
much trouble finding evidence thereof?
  http://www.google.com/search?q=rohs+tin+whiskers+avionics

Everybody seems to be trying to *fix* this potential problem, but the whole
point of RoHS was, as I understand it, keeping lead out of landfills.

How many avionics and other such life-critical items end up in landfills in
the first place?

Jay R. Ashworth, Ashworth & Associates, St Petersburg FL +1 727 647 1274
http://baylink.pitas.com http://photo.imageinc.us

------------------------------

Date: Thu, 20 Nov 2008 17:13:10 +1100
From: "David Shaw" <d.shaw_at_private>
Subject: ACMS helps recover lost Moon data

The risk of not being able to read aging storing media / formats is no doubt
familiar to many RISKS readers, but this particular story seems like a
textbook example.

"Scientists hope to recover lost data from the Apollo moon missions using a
40-year-old tape drive borrowed from the Australian Computer Museum Society
(ACMS). NASA lost its original tapes - containing data from studies of lunar
dust but thankfully back-ups were stored at Sydney University. Work is now
underway to restore a 1960s-era IBM 729 Mark V tape drive so the tapes can
be read."

More info at:
http://www.abc.net.au/news/stories/2008/11/10/2415393.htm

The real irony here is that the ACMS's valuable, historical collection of
computers has been evicted twice and struggles for funding. I suspect we
went awfully close to never being able to retrieve NASA's lost data.

------------------------------

Date: Mon, 17 Nov 2008 22:03:05 -0500
From: "David Brunberg" <dbrunberg_at_private>
Subject: Re: Vintage IBM tape drive in Apollo moon dust rescue (RISKS-25.45)

While the problem (loss of data due to obsolete formats/equipment) is real,
consider this: the moon dust/rock samples have been carefully preserved and
are available for analysis by qualified scientists.  It would probably be
cheaper to re-run the chemical and isotopic analyses.  The analytic
technology has progressed to be able to use much smaller masses and would
probably offer more precision and flexibility.

It's been discussed thoroughly before, but a more significant problem, in my
opinion, is the loss of data due to aging of storage media, and specifically
the loss of time sensitive data.  For instance, 30-year-old photographs
that, when compared against current images, might lead to major astronomical
findings by showing long-term changes in positions or conditions of
celestial objects.

------------------------------

Date: Tue, 18 Nov 2008 09:31:20 +0100
From: Kees Huyser <kees.huyser_at_private>
Subject: Re: BBC Domesday Project (Tibbetts, RISKS-25.44)

Jeffrey Darlington of the Digital Preservation Department of the The
National Archives wrote in 2003 about the rescue in an article in Ariadne, a
magazine for information professionals in archives, libraries and museums:
  http://www.ariadne.ac.uk/issue36/tna/

------------------------------

Date: Wed, 19 Nov 2008 17:45:31 +0200
From: Amos Shapir <amos083_at_private>
Subject: Re: BBC Domesday Project (Tibbetts, RISKS-25.44)

In other words, they have bound the data format from the start to specific
hardware implementations, which were rare even then.  This put an extra
burden on the archivers who would necessarily have to convert it later.
(Maybe this reflects the general attitude in a country where power is still
measured by horses, and people are weighed by stones :-)) Once data is
digitized, it would certainly fare much better if it was kept in the most
simple form; I suspect it would have been easier to rescue even if it was
all put on punched cards!

------------------------------

Date: 18 Nov 2008 13:02:19 -0000
From: John Levine <johnl_at_private>
Subject: Re: NASA's Mars Lander dies in the dark (RISKS-25.45)

In fairness, that was always the plan.  The original schedule when Phoenix
landed in May was to operate for three months during the Martian summer, but
it worked well enough that they extended the mission twice until it ran out
of sunlight.

I wonder why they didn't design it to go to sleep and try waking it up when
the days get longer.  Perhaps they figure that by then there will be so much
dust on it that it won't get enough sunlight to restart.

John Levine, johnl@private, http://www.johnlevine.com
Primary Perpetrator of "The Internet for Dummies",

------------------------------

Date: Tue, 18 Nov 2008 08:47:06 +0000
From: Patrick O'Beirne <Mail3nospam_at_private>
Subject: Excel user awareness (Re: Magda, RISKS-25.45)

It's not Excel auto-formatting. It's a breakdown in the communication of
significance between those who know what something means and those who just
manipulate spreadsheets without knowing what they mean; compounded by
last-minute rush and pressure and lack of supervision.  see
  http://www.sysmod.com/praxis/prax0811.htm

Some of my comments are:

"A maximum of one minute checking time, then. If you delegate work, you have
the responsibility to check it. Spotting 179 differences in 1000 rows is not
that hard. Lawyers always work with paper evidence, so a simple check would
have been to print the excel sheet as received, print the PDF, and visually
compare the pagination. If they had had to do it by midnight, then at least
the largest numbers could be checked in 15-20 mins. After all, even with the
late submission by the client, counsel had nearly four hours just to look at
it and convert it to PDF.  If the check had been done on Sept 18, much
embarrassment would have been spared."

"Let's look at the interface between client and lawyer.  Clients should be
able to expect well-paid lawyers to exercise vigilance and help protect the
clients against themselves. As well as their first job which is to review
the substantive content of documents, it should be standard practice in to
review all received files for metadata and hidden data.  It could be hidden
text in a Word document, blacked-out text in a PDF, or file properties in an
Office document that reveal identities.  However, lawyers are rather
expensive IT reviewers, so for one's own protection, one should review
documents both in content and form before release. Form includes not just
hidden data, but anything that is not manifestly clear to the parties
involved and could be a source of confusion. Is "Y/N" in column Z a
sufficient indicator, and was its significance made plain?"

I have not read about the judgment yet on the case which was due Nov. 5

Patrick O'Beirne, Systems Modelling Ltd.
http://www.sysmod.com/  (+353)(0) 5394 22294

------------------------------

Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 25.46
************************
Received on Wed Nov 26 2008 - 20:14:10 PST

This archive was generated by hypermail 2.2.0 : Wed Nov 26 2008 - 20:35:41 PST