[RISKS] Risks Digest 25.72

From: RISKS List Owner <risko_at_private>
Date: Mon, 6 Jul 2009 11:19:04 PDT
RISKS-LIST: Risks-Forum Digest  Monday 6 July 2009  Volume 25 : Issue 72

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

More on the DC Metro collision 22 June 2009 (David Lesher, Al Stangenberger)
Re: Train collisions (Dave Parnas via PGN)
Earlier autopilot problem on New York City subway trains (George Mannes)
More focus on computers in the Air France crash (Steven M. Bellovin)
Clear clears its ownership, but not stored data (PGN)
Use of GPS leads to wrong house being destroyed (PGN)
Sequoia Voting Systems vs DC (David Lesher)
A Less than Simple Flight from Rome to Heathrow (Chris J Brady)
Train and iPod do not mix (Barry Munns)
Billions stolen in online robbery (PGN)
HOW many?  12.000 laptops lost PER WEEK in US airports (Peter Houppermans)
That old "object reuse" problem ... (Rob Slade)
Politicians, personal e-mail, and the ECPA (Bob Gezelter)
RISKS at catless.ncl.ac.uk (Lindsay Marshall)
Google Earth a tool for thieves and scoundrels? (John Hatpin via Mark Brader)
Re: A new way to lose money via ATM... (Jim Haynes)
Re: Bozeman (Andrew Koenig)
I think we're all Bozemans on this bus (Steve Lamont)
Abridged info on RISKS (comp.risks)


Date: Thu, 25 Jun 2009 22:09:40 -0400 (EDT)
From: "David Lesher" <wb8foz_at_private>
Subject: More on the DC Metro collision 22 June 2009 (Thompson, RISKS-25.71)

On Monday 22 June 2009, 6-car southbound train #112 rear-ended stopped
6-car southbound train #214, just north of Ft. Totten station. The lead
car of 112 split open horizontally, with the frame crushed to half its
length, and the sides/roof climbing the last 214 car.
Since this was inbound at afternoon rush hour, the trains were far from
full; there are 9 dead, including the operator of 112, and ~75 injured.

The NTSB reports that 112 was in automatic mode, where trackside block
limits and Central Command dictates the train's movements. An interview
with the 214 operator disclosed that it was stopped in manual mode.

Based on track and wheel markings, the operator of 112 started an
emergency stop several hundred feet before the collision.  Despite that,
214 was displaced 6-7 feet by the collision. (An empty 6-car train weighs
about 460,000 lbs.)

On Tuesday and Wed, NTSB ran tests on the blocks of signaling system.  On
Wednesday, they found that a train stopped where 214 was did NOT register on
the ATP system.


It's way too early to jump to conclusions, but the above is exactly what
100+ years of railroad signaling supposedly makes impossible. There will
be a lot of work in the coming months to discern what happened.

ref: past NTSB reports on Metro incidents. One discusses the signaling
system; the other shows another 1000-series car similarly split by a



Date: Fri, 26 Jun 2009 10:07:54 -0700
From: Al Stangenberger <forags_at_private>
Subject: More on the CD Metro collision

In case you missed it, NTSB issued a press release yesterday on
investigation progress.  http://ntsb.gov/Pressrel/2009/090625.html

One significant finding:

> Investigators conducted tests at the accident site last night with a
> similar train and found that when the train was stopped at the same
> location as the stopped struck train, the train control system lost
> detection of the test train.

This is certainly only one factor in a complex incident, for example the
operator of the leading train says he was running the train in manual mode
all his shift - why??

This will be an interesting one to watch.


Date: Tue, 23 Jun 2009 13:25:50 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Re: Train collisions (Re: RISKS-25.71)

Comment from Dave Parnas:
  This problem already seems to be solved on German trains.  If you watch
  them, you will see that they punch in some numbers when they pass a sign
  along the tracks.  In this way, you know if they are not alert.

On the other hand, the system is supposedly designed to make it impossible
for a train to cross the red light indicating a train on the tracks ahead,
with automated braking based on maintaining a safe distance between trains.

Later reports seem to indicate that the signaling across one stretch
of track was inoperative, which prevented the system from working properly.


Date: Tue, 23 Jun 2009 16:30:19 -0400
From: George Mannes <gmannes_at_private>
Subject: Earlier autopilot problem on New York City subway trains

There was a train problem in the news two weeks before the DC disaster.
[Source: Heather Haddon, Autopilot causes L trains to bypass platforms,
*AM New York*, 10 Jun 2009]


Date: Mon, 29 Jun 2009 11:13:58 -0400
From: "Steven M. Bellovin" <smb_at_private>
Subject: More focus on computers in the Air France crash

According to the Wall Street Journal, 27 Jun 2009, investigators "suspect a
rapid chain of computer and equipment malfunctions stripped the crew of
automation today's pilots typically rely on to control a big jetliner."
Much of the article concerns the hypothesized sequence of events, but this
paragraph should resonate with RISKS readers:

  Unlike jetliners built in previous decades -- which required pilots to
  frequently manipulate controls and often manually fly the planes for long
  stretches -- newer computer-centric aircraft such as the A330 and Boeing's
  777 are designed to operate almost entirely on automated systems. From
  choosing engine settings and routes to smoothing out the ride during
  turbulence and landing in low visibility, pilots essentially monitor
  instruments and seldom interfere with computerized commands. So when those
  electronic brains begin to act weirdly at 35,000 feet, the latest crop of
  aviators may be less comfortable stepping in and grabbing control of the

There's on other point worth noting.  As has often been noted, it's rarely
one thing that brings down a modern airliner.  The current presumed
scenarios are known to be incomplete:

  Planes can -- and occasionally do -- fly safely without pitot probes
  functioning properly. That's why investigators believe some other
  important factor, which hasn't been identified yet, likely contributed to
  the crash.

The plane is a system, where the different pieces interact in complex ways.


Date: Fri, 26 Jun 2009 13:18:15 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Clear clears its ownership, but not stored data

Out of Business, Clear May Sell Customer Data <http://slashdot.org/>
Posted by kdawson Friday June 26, @11:40AM
from the but-don't-worry-it's-perfectly-safe dept.

privacy <http://slashdot.org/index2.pl?fhfilter=privacy>

narramissic <http://www.itworld.com/> writes "Earlier this week, the Clear
airport security screening service ceased operations, leaving many to wonder
what would become of the personal information, including credit card
numbers, fingerprints, and iris scans, of Clear's customers.  And now we
know.  The information could be sold to the provider of a similar service.
Until then, Clear has erased PC hard drives at its airport screening kiosks
and is wiping employee computers, but the information is retained on its
central databases (managed by Lockheed Martin).  Clear customer David
Maynor, who is CTO with Errata Security in Atlanta, wants Clear to delete
his information but that isn't happening, the company said in a note
<http://www.flyclear.com/> posted to its Web site Thursday.  'They had your
Social Security information, credit information, where you lived, employment
history, fingerprint information,' said Maynor. 'They should be the only
ones who have access to that information.'"



Date: Thu, 11 Jun 2009 19:28:46 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Use of GPS leads to wrong house being destroyed

The demolition crew was given only the GPS coordinates, and demolished the
wrong house.  No one home, no confirmation.  Ugly case.  [PGN-ed; Thanks to
Lauren Weinstein.]



Date: Fri, 5 Jun 2009 23:23:12 -0400 (EDT)
From: "David Lesher" <wb8foz_at_private>
Subject: Sequoia Voting Systems vs DC

Sequoia Voting Systems agreed yesterday to turn over sensitive information
to the D.C. Council about how the District's voting machines work and
tabulate results, setting the stage for one of the most comprehensive probes
on the reliability of electronic voting equipment.  The agreement is a
response to the election night chaos in the September primaries, when
Sequoia machines tabulated more ballots than there were voters, resulting in
thousands of phantom votes. ...  [Source: Tim Craig, *The Washington Post*,
6 Jun 2009]


Date: Tue, 23 Jun 2009 08:48:18 -0700 (PDT)
From: Chris J Brady <chrisjbrady_at_private>
Subject: A Less than Simple Flight from Rome to Heathrow

I thought Heathrow was bad enough with its new multi-million pound Terminal
5. Remember the opening fiasco of the thousands of delayed bags being
trucked around Europe and then back again, eventually to be auctioned at
Gatwick as unclaimed? But at least at Heathrow they always get the departure
gates correctly displayed on the computer driven LED displays.

But recently Rome FCO airport produced a first for me. The screens
displaying departures were like huge 6 foot / 2 metre laptop screens on
end. In detail they listed the airlines, flight codes, departure gates, and
important information like 'now boarding.' When I discovered them upstairs
in Terminal C, incidentally in the time-distracting shopping area, one
screen showed up-to-date / minute by minute listings for 12.00 through to
about 14.00, and the two screens next door had listings for 19.00 through to
21.00 and 21.00 to 24.00. On the two latter screens some of the flights were
listed as 'now boarding' including one for Toronto at about 20.00. However
the actual time was 13.00. Hmm ...

Interestingly a possible explanation could have been seen at the bottom left
hand corners of the errant screens where there was that ubiquitous Windows
'Start' button in green. I tried pressing it but the screens were not touch

Clearly Windows had crashed and apparently left the previous day's flights
on display on the two screens. When I told an official he shrugged - like
airport officials tend to do - and walked away. The screens stayed like that
until I left the area at 16.30 for my BA flight to London.

But as we queued at the BA flight's departure gate, to have our boarding
passes processed, I noticed that the Windows driven screen there clearly
stated that the flight we were about to board was on Gulf Air to Dubai. The
BA contract staff had not noticed, so I assumed that this misinformation was
not unusual. I was correct.

However that wasn't quite the end of my computer malfunctioned
experience. At Heathrow T5 BA/BAA, with their spanking brand new computer
controlled baggage delivery system, they kindly delivered my hold baggage
onto the wrong belt so that after waiting for about 30 minutes I then
reported it missing. After interrogating their computer system the BA staff
told me that it had not even been loaded onto the plane at Rome, that this
was not unusual from Rome, and that it would (probably) arrive the next day
and be delivered to my home by courier. [Incidentally it appears that
thousands (millions?) of 'delayed' bags actually do fly around the world
without their owners on board - but that's another risk.] However as I was
about to leave the hall and go through customs, and in a less than happy
mood, I spotted my lonely bag all by itself on a delivery belt at the far
end of the baggage hall.

So I guess it was all a case of a human workforce who don't care about
giving out the wrong information, or at least in Rome FCO Airport simply not
switching off (or rebooting) displays that were clearly giving out the
incorrect information, together with "the principal of computer automation"
(e.g. for baggage delivery) "that things automatically go wrong;" a mix that
can't fail to cause an interesting experience if not one of concern. And
this was during a simple flight from Rome to London.


Date: Fri, 19 Jun 2009 16:47:42 +1000
From: Barry Munns <brmunns_at_private>
Subject: Train and iPod do not mix (Re: Wirchenko, RISKS-25.70)

Not an area I'm an expert in, but many years ago I worked as an auditor for
the New South Wales (Australia) State Rail. As the job on occasion required
us to walk around the maintenance workshops and railway tracks, we received
safety training. My recollection of the training was an emphasis on not
relying on actually hearing a train coming at you, as the sound waves mostly
radiate sideways (not forward of the train). Hence, despite being very big
and noisy the trains can 'sneak up on you' (even at very low speeds). Which
is why when workers are doing track maintenance they put explosive charges
down the track to provide an audio cue that the train is coming.

So, whilst wearing an ipod didn't help the situation, walking on a railway
track is not very clever in the first place.


Date: Fri, 3 Jul 2009 15:59:07 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Billions stolen in online robbery

  [Thanks to Gunnar Peterson for spotting this one.]

Space trading game Eve Online has suffered a virtual version of the credit
crunch.  One of the game's biggest financial institutions lost a significant
chunk of its deposits as a huge theft started a run on the bank.  One of the
bank's controllers stole about 200billion credits and swapped them for real
world cash of 3,115 pounds.  As news of the theft spread, many of the bank's
customers rushed to remove their virtual cash.  ...  The scandal is not the
first to play out in Eve Online. In early 2009 one of the game's biggest
corporations, called Band of Brothers, was brought down by industrial


Date: Tue, 30 Jun 2009 10:31:32 +0200 (CEST)
From: Peter Houppermans <peter_at_private>
Subject: HOW many?  12.000 laptops lost PER WEEK in US airports

This is probably an interesting paper to draw figures from to see if you can
somehow convince people to (a) leave full disk crypto alone and (b) properly
shut down a laptop when not in use, despite the lengthy boot time of a
modern enterprise laptop lumbering under anti-virus, corporate software
management tools and a fragmented file system.

Ponemon rang up 106 big airports in 46 states to discover that Business
travelers lose about 12,000 laptops a week in US airports.  Not all, or even
most, are stolen by airport staff -- 40 per cent of losses occur at security
checkpoints.  But of the laptops that are found, just 33 per cent are
reclaimed by their owner. The rest are sold off, leaving "potentially
millions of files containing sensitive or confidential data that may be
accessible to a large number of airport employees and contractors."  40% of
loss occurs at security checkpoints. Should that not be IN security
checkpoints then?


Date: Tue, 23 Jun 2009 17:23:50 -0800
From: Rob Slade <rMslade_at_private>
Subject: That old "object reuse" problem ...

UBC graduate students and instructors visited Ghana, China (the world's
largest electronic waste dump, in Guiyi), and India to find out what happens
to electronic trash.  Criminals scour the hard drives for credit card
information and other personal information.  (The electronic waste also
pollutes the environment and poisons scavengers seeking to extract metals.)

In Ghana, students bought a hard drive originally used by U.S. defence
contractor Northrop Grumman, containing about 50 files marked as competitive
and sensitive, including information on government contracts for the U.S.
Department of Homeland Security.  Northrop spokesman Thomas Henson said that
the company has a detailed procedure to dispose of electronics and the drive
was likely stolen from a vendor that handles its disposed electronics.
(Yeah, right.)

(Maybe the Chinese don't have to hack into important computers to get
sensitive info ...)


rslade_at_private     slade_at_private     rslade_at_private
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade


Date: Sun, 28 Jun 2009 14:22:45 -0500
From: Bob Gezelter <gezelter_at_private>
Subject: Politicians, personal e-mail, and the ECPA

The matter of the e-mails between Governor Mark Sanford (R-SC) and his
paramour becoming public raises any number of questions. However, what has
been notable in much of the press coverage is the lack of question of
whether a crime was committed in the process of supplying them to The State
(a South Carolina newspaper).

A more detailed discussion of this affair appears in my blog under the
under "Governor Sanford Email Disclosure: An ECPA Violation" at

Robert "Bob" Gezelter, 35-20 167th Street, Suite 215,
Flushing, New York  11358-1731  +1 (718) 463 1079   http://www.rlgsc.com


Date: Tue, 9 Jun 2009 18:56:27 +0100
From: Lindsay Marshall <Lindsay.Marshall_at_private>
Subject: RISKS at catless.ncl.ac.uk

There are now full-text RSS 1, RRS 2 and Atom feeds available from the
risks.org website at http://catless.ncl.ac.uk/Risks/ .


Date: Mon, 29 Jun 2009 15:16:49 -0400 (EDT)
From: msb_at_private (Mark Brader)
Subject: Google Earth a tool for thieves and scoundrels?

* From: John Hatpin <RemoveThisjfhopkin_at_private>
* Newsgroups: alt.fan.cecil-adams
* Subject: Google Earth a tool for thieves and scoundrels?
* Message-ID: <sfch45ht91u584ouantrdcu1mt7lfcu8ul_at_private>
* Date: Mon, 29 Jun 2009 13:29:34 +0100
* Xref: number.nntp.dca.giganews.com alt.fan.cecil-adams:1618846

Just happened across this report today from an unlikely source, the BCS
(British Computer Society):


|Thieves in Hull are thought to be using Google Earth to help them
|steal sought after fish from people's gardens.
|Up to 12 cases of fish going missing have been reported during a
|three-week period, with many of those missing Koi carp, worth
|several hundred pounds each.
|Police believe the online technology is being used as it would
|otherwise be impossible to locate gardens with fish and ponds in.
|Sam Gregory, Humberside police community support officer, said:
|'Google shows what is in your garden and you can see people's
|ponds. One of the properties targeted has an eight foot fence and
|is set back from the road.'
|'The pond is in the corner and can't be seen. Unless you were
|standing right next to the wall, you wouldn't be able to hear
|the running water,' he added.
|Previously, Google Earth had led to the arrest of two muggers in
|Holland after their victim saw them on Google's Street View.

Firstly, it took me a while to realise that "12 cases of fish going
missing" wasn't talking about big boxes of fish.

Now, I'd heard people complaining that "Google Earth can be used by
burglars to case out their targets", but always dismissed it as
Luddite hysteria; this is the first time I've actually seen it to be
the case.  Of fish.

Have there been any previous instances where GE has been used by
ne'er-do-wells to redistribute wealth nefariously?

John Hatpin


Date: Tue, 23 Jun 2009 19:42:46 -0500 (CDT)
From: Jim Haynes <jhhaynes_at_private>
Subject: Re: A new way to lose money via ATM... (RISKS-25.71)

I wonder why an ATM needs an operating system anyway.  Maybe we should
go back to software as it was done in 1950 and write the instructions to
tell the hardware what to do, no more and no less.

But if it does need an operating system, there was a paper written by David
Parnas long ago where he explained how to write software so that it was
hierarchically modular.  That is, the kernel was as simple as possible; and
increased functionality was achieved by adding modules on top of what was
already there, never having to modify something underneath the modules being
added.  Philip Levy designed an operating system for the Z-80 using these
principles.  The result was a system that could serve anything from an
embedded microcontroller to a multitasking workstation simply by adding the
right set of modules as needed.  Seems like I was told that Data General had
an operating system designed along the same lines, again so that a machine
could span a wide range of different kinds of applications.

Maybe the problem is that today memory is essentially free, so it's easier
to throw in baggage we don't need than it is to decide just what we do need.


Date: Wed, 24 Jun 2009 09:16:23 -0400
From: "Andrew Koenig" <ark_at_private>
Subject: Re: Bozeman (RISKS-25.71)

When I read the article about Bozeman requiring job applicants to grant
access to their online personae, I immediately wondered whether the same
principle might not apply in the physical domain as well.

That is, I wonder what would happen if a prospective employer were to
require all applicants to sign a contract that assigns the applicant's
fourth-amendment rights to the employer as a condition of consideration for
employment.  In other words, in exchange for the company looking at your job
application, you would agree to give the company power of attorney to
authorize police searches of your home and possessions.

Would such a contract be considered binding?  Would it even be considered
conscionable?  If not (and I certainly hope not), what is the difference
between such a contract and what Bozeman is doing?  In both cases it is a
matter of using a contract to force someone to divulge information to a
government entity that would ordinarily require a search warrant.


Date: Tue, 23 Jun 2009 18:43:50 -0700
From: Steve Lamont <spl_at_private>
Subject: I think we're all Bozemans on this bus

Regarding that recent story about Bozeman, Montana, requesting usernames
and passwords for social networking sites:


They appear to have backed down and apologized.


Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 25.72
Received on Mon Jul 06 2009 - 11:19:04 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 06 2009 - 12:12:26 PDT