[RISKS] Risks Digest 25.74

From: RISKS List Owner <risko_at_private>
Date: Wed, 22 Jul 2009 13:37:02 PDT
RISKS-LIST: Risks-Forum Digest  Wednesday 22 July 2009  Volume 25 : Issue 74

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

Elements of Programming, Alexander Stepanov/Paul McJones (PGN)
The NSA wiretapping story nobody wanted: Whistleblower Klein (jidanni)
Amazon Erases Orwell Books From Kindle Devices (Brad Stone via
  Monty Solomon)
Re: Amazon takes-back Kindle e-books (Hal Murray)
Net-filtering tables turned (Geoff Kuenning)
Jonathan Zittrain, "Lost in the Cloud" (PGN)
Re: cloud computing & server loss (Harlan Rosenthal)
Ruhr University team breaks code of KeeLoq system (David Lesher)
U.S. Passport RFID security (Erica Naone via Monty Solomon)
U.S. Passports: Special alloy sleeves urged to block hackers?
  (Todd Lewan via Monty Solomon)
Arming ATMs with Pepper Spray? (Thomas Dzubin)
Eye tracking to prevent screen snooping (Peter Houppermans)
U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel via
  Monty Solomon)
Adobe Terms Gone Wild (Gene Wirchenko)
Taiwan president in ruckus over prerecorded web messages (jidanni)
Canadian Mint says missing gold may have been stolen (Darryl Dueck)
Re: July 4 cyber attack (Joseph Brennan)
Risks of hierarchical map displays (Paul Wallich)
An interesting reversal of the usual credit card problem (Roger Leroux)
"Don't freak out," says ING Direct. At least I THINK it's ING Direct!
  (Daniel P. B. Smith)
Abridged info on RISKS (comp.risks)


Date: Wed, 22 Jul 2009 9:39:04 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Elements of Programming, Alexander Stepanov/Paul McJones

Alexander Stepanov and Paul McJones
Elements of Programming
ISBN 978-0-321-63537-2

What could be one of the most important books for developers of low-risk
systems has come to my attention, and deserves your consideration if you are
serious about understanding the mathematical foundations of programming and
applying them sensibly to your practice.  It is not an easy read, but it is
a very compelling approach.  To support its mathematically oriented
crispness, the book includes the definition of a small but elegant C++
subset that has been crafted by Sean Parent and Bjarne Stroustrup for
illustrative use in the book.  I believe this material should be taught
within all computer science curricula.

A long quote and a short one on the back jacket give an idea of what is

  Ask a mechanical, structural, or electrical engineer how far they would
  get without a heavy reliance on a firm mathematical foundation, and they
  will tell you, `not far.'  Yet so-called software engineers often practice
  their art with little or no idea of the mathematical underpinnings of what
  they are doing.  And then we wonder why software is notorious for being
  delivered late and full of bugs, while other engineers routinely deliver
  finished bridges, automobiles, electrical appliances, etc., on time and
  with only minor defects.  This book sets out to redress this imbalance.
  Members of my advanced development team at Adobe who took the course based
  on the same material all benefited greatly from the time invested.  It may
  appear as a highly technical text intended only for computer scientists,
  but it should be required reading for all practicing software engineers.
     -- Martin Newell, Adobe Fellow

  The book contains some of the most beautiful code I have ever seen.
     -- Bjarne Stroustrup

The bottom of the inside cover suggests that through this book you will come
to understand that mathematics is good for programming, and theory is good
for practice.  I applaud that sentiment.


Date: Wed, 22 Jul 2009 04:51:46 +0800
From: jidanni_at_private
Subject: The NSA wiretapping story nobody wanted: Whistleblower Klein

IDG News Service: By some estimates there are 15 to 20 of these secret
wiretapping rooms across the country. You're the only AT&T employee who has
come forward and talked about them in detail. Why?

Mark Klein: Fear. First of all it was a scary time. It still is a scary
time, but during the Bush years it was sort of a witch hunt atmosphere and
people were afraid. People are afraid of losing their jobs, and it's a rule
of thumb that if you become a whistleblower you'll probably lose your
job. And if you have a security clearance, you not only lose your job, but
you probably will be prosecuted by the government. The Bush administration
made that very clear in statements they made over and over again: 'Anybody
who reveals anything about our secret programs will be prosecuted and we are
running investigations to find out who leaked this to the New York Times.'
Well that puts a fear in people.


While campaigning against President George W. Bush, Barack Obama had pledged
that there would be "no more wiretapping of American citizens," but
President Obama's administration has continued to use many of his
predecessor's arguments when it comes to warrantless wiretapping.



Date: Sat, 18 Jul 2009 14:42:33 -0400
From: Monty Solomon <monty_at_private>
Subject: Amazon Erases Orwell Books From Kindle Devices (Brad Stone)

In George Orwell's "1984," government censors erase all traces of news
articles embarrassing to Big Brother by sending them down an incineration
chute called the "memory hole."  On Friday, it was "1984" and another Orwell
book, "Animal Farm," that were dropped down the memory hole - by Amazon.com.
In a move that angered customers and generated waves of online pique, Amazon
remotely deleted some digital editions of the books from the Kindle devices
of readers who had bought them.

An Amazon spokesman, Drew Herdener, said in an e-mail message that the books
were added to the Kindle store by a company that did not have rights to
them, using a self-service function. "When we were notified of this by the
rights holder, we removed the illegal copies from our systems and from
customers' devices, and refunded customers," he said.

Amazon effectively acknowledged that the deletions were a bad idea.  "We are
changing our systems so that in the future we will not remove books from
customers' devices in these circumstances," Mr. Herdener said.  [...]
  [Source: Brad Stone, *The New York Times*, 18 Jul 2009]

  [Lots of media coverage on this one, especially the 1984 connection.  See
  also an item from David Pogue's Posts: Some E-Books Are More Equal Than
  Others, 17 Jul 2009.  PGN]


Date: Fri, 17 Jul 2009 16:37:27 -0700
From: Hal Murray <hmurray_at_private>
Subject: Re: Amazon takes-back Kindle e-books

I see two RISKS-related issues.  One is that it undermines the whole e-book
industry.  The other is a good reminder of what can happen with closed

It's been slashdotted and is in many online news sources and blogs.


Date: Tue, 07 Jul 2009 13:40:16 -0700
From: Geoff Kuenning <geoff_at_private>
Subject: Net-filtering tables turned

The July 7th, 2009 edition of "Ask Amy" (an advice columnist) tells the tale
of an interesting RISK of using net filtering and online systems to control
your children.  Briefly, a high-school student's father was using the
school's "check up on your kids" Web site to an excessive degree.  The
fed-up student used the family's parental control software to find out how
often the dad was visiting the site (answer: three times daily) and in the
process learned some unsavory details about Dad's browsing habits.

I suppose the RISK lies in assuming you're smarter than your kids...and
forgetting that most tools can be used in multiple ways.

Geoff Kuenning   geoff@private   http://www.cs.hmc.edu/~geoff/

In any large population, there are some people who aren't very bright.
That's not their fault, it's just in their genes.  As an engineer, I have a
responsibility to design things that won't kill off the slower ones, just as
I have a responsibility to design things that won't harm my neighbor's dog.


Date: Mon, 20 Jul 2009 8:12:56 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Jonathan Zittrain, "Lost in the Cloud" (NYTimes Op-Ed)

  [I read this over breakfast on paper.  Thanks to Lauren Weinstein
  for the URL.]

Jonathan Zittrain, Lost in the Cloud, *The New York Times*, 20 Jul 2009

Earlier this month Google announced a new operating system called
Chrome. It's meant to transform personal computers and handheld devices into
single-purpose windows to the Web. This is part of a larger trend: Chrome
moves us further away from running code and storing our information on our
own PCs toward doing everything online - also known as in "the cloud" -
using whatever device is at hand.

Many people consider this development to be as sensible and inevitable as
the move from answering machines to voicemail. With your stuff in the cloud,
it's not a catastrophe to lose your laptop, any more than losing your
glasses would permanently destroy your vision. In addition, as more and more
of our information is gathered from and shared with others - through
Facebook, MySpace or Twitter - having it all online can make a lot of sense.

The cloud, however, comes with real dangers. [...]


Date: Thu, 16 Jul 2009 22:14:27 -0400
From: Harlan Rosenthal <Harlan.Rosenthal_at_private>
Subject: Re: cloud computing & server loss (RISKS-25.73)

Cloud Computing certainly exposes one to the consequence of other people's
actions, but law enforcement's lack of selectivity is nothing new.  Consider
the Secret Service raid on Steve Jackson Games years
ago. http://www.sjgames.com/SS/


Date: Fri, 10 Jul 2009 14:20:35 -0400
From: David Lesher <wb8foz_at_private>
Subject: Ruhr University team breaks code of KeeLoq system


Ruhr University scientists say it is now relatively straightforward to clone
the remote control devices that act as the electronic keys.  They have
overcome the KeeLoq security system, which is made by US-based Microchip
Technology and is used by Honda, Toyota, Volvo, Volkswagen and other
manufacturers to transmit access codes using radio frequency identification
technology.  The KeeLoq's security relies on poor key management, in which
every key is derived from a master that's stored in the reading device.
Moreover, it uses a proprietary algorithm that had already been shown to
generate cryptographically-weak output.


Date: Fri, 17 Jul 2009 13:37:36 -0400
From: Monty Solomon <monty_at_private>
Subject: U.S. Passport RFID security (Erica Naone)

Meanwhile, although experts say that some RFID technologies are quite
secure, a University of Virginia security researcher's analysis of the NXP
Mifare Classic (see Hack, November/December 2008), an RFID chip used in fare
cards for the public-transit systems of Boston, London, and other cities,
has shown that the security of smart cards can't be taken for granted. "I
think we are in the growing-pains phase," says Johns Hopkins University
computer science professor Avi Rubin, a security and privacy researcher.
"This happens with a lot of technologies when they are first developed."
...  [Source: Erica Naone, RFID's Security Problem: Are U.S. passport cards
and new state driver's licenses with RFID truly secure? Technology Review,
Jan/Feb 2009; PGN-ed]


Date: Sat, 18 Jul 2009 14:42:33 -0400
From: Monty Solomon <monty_at_private>
Subject: U.S. Passports: Special alloy sleeves urged to block hackers?
  (Todd Lewan)

To protect against skimming and eavesdropping attacks, federal and state
officials recommend that Americans keep their e-passports tightly shut and
store their RFID-tagged passport cards and enhanced driver's licenses in
"radio-opaque" sleeves.  That's because experiments have shown that the
e-passport begins transmitting some data when opened even a half inch, and
chipped passport cards and EDLs can be read from varying distances depending
on reader technology.
  [Source: Todd Lewan, The Associated Press, 12 Jul 2009; PGN-ed]


Date: Mon, 13 Jul 2009 08:32:38 -0700 (PDT)
From: dzubint_at_private
Subject: Arming ATMs with Pepper Spray?

Now I've seen everything...

Apparently, a leading South African bank has fitted 11 ATMs around the Cape
Peninsula with pepper spray cans in an effort to prevent card skimming and
ATM bombing.

I guess the person who thought of this wasn't a reader of Risks Digest.

According to the following Guardian article
 ...the mechanism backfired in one incident last week when pepper
 spray was inadvertently inhaled by three technicians who required
 treatment from paramedics.

 Patrick Wadula, spokesman for the Absa bank, which is piloting
 the scheme, told the Mail & Guardian Online: "During a routine
 maintenance check at an Absa ATM in Fish Hoek, the pepper spray
 device was accidentally activated.

 "At the time there were no customers using the ATM. However,
 the spray spread into the shopping centre where the ATMs are

What's next?  PCs that pepper spray their users when they download a virus
or malware?  Hmmmm... perhaps not a bad idea :-)

Thomas Dzubin, Calgary, Saskatoon, or Vancouver CANADA


Date: Wed, 08 Jul 2009 11:56:07 +0200
From: Peter Houppermans <peter_at_private>
Subject: Eye tracking to prevent screen snooping

This is IMHO a rather promising new development in security, mainly because
it appears to promise more security without too much usability impact.  And
it may ruin Powerpoint presentations, another point in its favour :-).  It
neatly uses the fact that most modern laptops have a camera built in.

Source: http://www.siliconvalley.com/ci_12743292


Anderson calls it his "aha" moment -- a flash of insight from which he drew
a career-altering connection between decades-old research and his job as a
computer security expert.  Nearly two years ago, Anderson had a comfortable
job as vice president at an established computer security company. But while
reading "Consciousness Explained," a book by philosopher Daniel Dennett,
Anderson learned about one scientist's research into variations in the way
the human eye reads and processes text and images.
"This obscure characteristic ... suddenly struck me as (a solution to) a
security problem," said Anderson, 42, who has a doctorate in cryptology.
"I said, 'Holy cow. No one has thought of using this to protect the
contents of a screen.' It was just some obscure research."

Anderson quit his job at SafeNet, raised $1.2 million in seed money from
friends and family and plunged full time into developing his idea -- a
software program that allows only an authorized user to read text on the
screen, while everyone else sees gibberish. [..]

The private version of the product can already be bought from the company at
http://oculislabs.com, at a price well below your average privacy screen.
>From their website it appears the "look, your mother is watching" Pro
version is not yet released.


Date: Wed, 22 Jul 2009 00:08:23 -0400
From: Monty Solomon <monty_at_private>
Subject: U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel)

In 2003, researchers at a federal agency proposed a long-term study of
10,000 drivers to assess the safety risk posed by cellphone use behind the
wheel.  They sought the study based on evidence that such multitasking was a
serious and growing threat on America's roadways.  But such an ambitious
study never happened. And the researchers' agency, the National Highway
Traffic Safety Administration, decided not to make public hundreds of pages
of research and warnings about the use of phones by drivers - in part,
officials say, because of concerns about angering Congress. ...
[Source: Matt Richtel, *The New York Times*, 21 Jul 2009; PGN-ed]


Date: Mon, 13 Jul 2009 16:47:50 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Adobe Terms Gone Wild


   Would you like to report a bug in an Adobe product?  Here is the URL:

They do have rather stringent terms.  You have to affirm lots of things
about interest in your bug report, oops, Idea.  My favourite bit is "You
represent and affirm that you are 18 years of age or older."  Oh, to be 17

How many people take one look at that page and decide not to bother?  Does
this affect the quality of Adobe software?


Date: Mon, 20 Jul 2009 14:33:23 +0800
From: jidanni_at_private
Subject: Taiwan president in ruckus over prerecorded web messages

Taiwan President Ma Ying-jeou was criticized after prerecorded Internet
messages leaked out.

Experienced Internet surfers found the messages due to be broadcast the next
two weeks had already been recorded. The surfers only had to change the
dates on the presidential website to see the new messages.

Presidential Office Spokesman Wang Yu-chi said Ma had prerecorded the
videos, which were supposed to address current affairs, adding that Ma would
remake the videos, and asked the person who first discovered the messages to
come forward and receive a "small prize" from the Presidential Office.



Date: Mon, 6 Jul 2009 19:36:58 -0500
From: "Darryl/Becky Dueck" <dbdueck_at_private>
Subject: Canadian Mint says missing gold may have been stolen


Money is missing, and all they're saying is, "we'll look into it - we have
one of the most secure facilities in the world".  I can't believe how little
uproar there has been.  -Darryl Dueck, Winnipeg, MB CANADA

The Royal Canadian Mint said Monday that $15.3 million worth of gold missing
from its vaults could have been stolen.  The gold was reported missing last
fall, but officials at the mint said they had hoped they would find that an
accounting error was responsible.

A review conducted by auditors Deloitte and Touche, however, recently
concluded that the gold wasn't simply forgotten during inventory.  "The
unaccounted for difference in gold does not appear to relate to an
accounting error in the reconciliation process, an accounting error in the
physical stock count schedules or an accounting error in the record keeping
of transactions during the year," the company concluded in a report released

Christine Aquino, director of communications with the mint, said that many
possible scenarios are being considered.  "We're not going to speculate on
the cause just yet.  We're not giving up on this. We're going to pursue this
rather vigorously."  Aquino said the mint asked the RCMP to look into the
matter two weeks ago.  She said in the meantime, the mint is prepared to
follow three of Deloitte and Touche's recommendations concerning its
accounting procedures and building security.  "They've also asked that we go
through our security measures for review.  But it's just one of the avenues
we're pursuing. We have one of the most secure facilities in Canada, if not
the world."  [Source: CBC News, 29 Jun 2009]


Date: Fri, 17 Jul 2009 10:50:23 -0400
From: Joseph Brennan <brennan_at_private>
Subject: Re: July 4 cyber attack (RISKS-25.73)

The attacks on web sites from Korea made the news, but there was at least
one attack on email, at columbia.edu.  More than 26,000 hosts in Korea
connected to the columbia.edu mx pool, collectively 160,000 times an hour,
and then just sat there.  Our network monitoring showed that they sent some
bytes that may have been a HELO string, but they did not send MAIL.

Our system responds by forking a sendmail process for each connection, and
even though they were mostly doing nothing waiting for data, the system load
went up.  However, it is summer at an edu, and we are pretty well
provisioned anyway, so the effect was "hm, that's funny, wonder why the load
is that high" rather than "OMG the sky is falling".

We shortened the timeout waiting for MAIL, and rate-limited the
worst-offending IP blocks, and got the load back to normal.  The attack was
not continuous throughout the weekend.  Maybe the botnet had other missions
part of the time.  Like the http attacks, it stopped during the following

Possibly the goal was that we would be forced to blackhole South Korean IP
space in order to function.  Columbia University has a significant number of
people with personal and academic contacts in South Korea.

Joseph Brennan, Lead E-mail Systems Engineer
Columbia University Information Technology


Date: Mon, 20 Jul 2009 22:30:01 -0400
From: Paul Wallich <pw_at_private>
Subject: Risks of hierarchical map displays

The other day, for no good reason, I got misplaced on some local dirt
roads. "No problem," I thought, because my car had a GPS and a map database
that actually knew about all those dirt roads. But when I zoomed the display
out far enough to see where the nearest paved road back to exurbia might be,
all the dirt roads disappeared, and I was apparently driving through a
void. So I couldn't figure out which road would take me back to pavement,
because I couldn't display both the roads I was on and the one I wanted to
get to at the same time.

Obviously, I could have pulled over and used pan as well as zoom controls,
or asked for directions to some known point (and hoped none of the dirt
roads on the route was closed or washed out). But that would have required
both presence of mind and a place to park where I could be sure of getting
back on the road after figuring out location and route.

I wonder whether such hierarchical displays contribute to some of the
GPS-aided navigation debacles that sometimes grace this publication -- a
driver may have some idea that they're going the wrong way, but their
display doesn't offer enough information to plan a new route easily, and the
psychological pressure to keep moving forward can increase as conditions get


Date: Thu, 16 Jul 2009 23:00:38 +0000
From: Roger Leroux <yrl1967_at_private>
Subject: An interesting reversal of the usual credit card problem

There's a board game company called GMT Games (www.gmtgames.com). They have
a "pre-order" system in place that lets you order a game before it is
published (they call it the P500 system), and in order to participate you
need to provide them with a credit card number.

Recently, I and other customers received this e-mail from them:

"Please Update Your Online Credit Card Information

Ugh! Microsoft strikes again! As you probably know, we encrypt your credit
card data, several times, to make sure that your data is always safe online.
Well, a recent Windows update done by our service provider apparently
modified the encryption key used to decrypt the data for us to read and use
for charging. Please don't worry about your cc info. *There was absolutely
no security issue here. In fact, it's quite the opposite. For any card that
you entered into our system before July 4, neither we nor anyone else can
read the card # (as the encryption key was changed).* There is no problem
with cc #s entered after July 4.

So we're asking you guys to please go into your online account in the next
day or two and update the credit card # that is listed there (for many of
you it will now look like a long string of alphanumerics) with your correct
# so that we can charge the games slated to begin charging on Monday, July
13th. If you guys have any questions about this, or would prefer to do this
by phone or online chat, please don't hesitate to contact our office
ladies either on our website or at our toll-free number. They'll be happy to
help you get the data re-entered if you'd like some help. We apologize for
any inconvenience this may cause."

It was nice that for a change no personal information was leaked, but I
think this highlights the problems of applying OS updates without the
ability to do a rollback or for that matter, having a backup of the original
(suitably encrypted of course) data.


Date: Wed, 22 Jul 2009 11:53:08 -0400
From: "Daniel P. B. Smith" <usenet2006_at_private>
Subject: "Don't freak out," says ING Direct. At least I THINK it's ING Direct!

Every time I turn around, a bank website presents me with glaringly obvious
RISKS about which one can only say "what _were_ they thinking?

1) When I click on "View My Account" at http://www.ingdirect.com , I am
taken to a login screen headed by a bold blue notice:

  "Our site will be getting a minor facelift soon. So if you notice
  anything different after you sign in, don't freak out. You're in the
  right place."

*That* should train customers to be vigilant.

2) I opened a bank account at a local bank, and went through all the silly
rigamarole about picking a picture and so forth, and got to the idiotic
"security questions." This site is one of the kind that forces you to select
from a limited list of bad options, which usually manage to be both insecure
yet difficult to remember (Let me think, did I enter the answer as "Main
Street," "main street," or "Main st."?)

But one made my jaw drop: one of the available choices was "How many
children do you have?"

What are the chances that a stranger could successfully guess *that* one? By
comparison, my birthday is as strong as Fort Knox.


Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 25.74
Received on Wed Jul 22 2009 - 13:37:02 PDT

This archive was generated by hypermail 2.2.0 : Wed Jul 22 2009 - 14:30:53 PDT