[RISKS] Risks Digest 26.14

From: RISKS List Owner <risko_at_private>
Date: Mon, 30 Aug 2010 20:05:25 PDT
RISKS-LIST: Risks-Forum Digest  Monday 30 August 2010  Volume 26 : Issue 14

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

Hot debate over Electronic Voting Machines (Joseph Lorenzo Hall)
Jeff Burbank: License to Steal (PGN)
BC Online Casino taken offline within hours (Kelly Bert Manning)
Crooks Crack Check Image Sites, Steal $9 Million - The Consumerist
  (Ben Popken via Davide Restivo and Dave Farber)
iPhone jailbreak opens world of questions (Raj Mathur)
Muni gets time wrong; 510 drivers get a ticket (Paul Saffo)
No fail-safe linkage?  12-year-old paralyzed by ride (PGN)
Cutoff of YouTube in Siberia due to a single video (Lauren Weinstein)
Mac_OS_X_Mail_parental_controls_vulnerability (Jonathan Kamens)
Stalkers Exploit Cellphone GPS (Justin Scheck via Monty Solomon)
Agency stored body images from Florida courthouse (Mike M. Ahlers via PGN)
New law bans texting while driving (Monty Solomon)
Re: BP: "Will no one rid me of this turbulent alarm?" (Steven Bellovin)
WSJ: What Do Online Advertisers Know About You? (Tim Jones via Monty Solomon)
Re: Quiet electric & hybrid cars endanger ... (ishikawa)
Re: Risks of free-text fields in medical records (Thor Lancelot Simon)
Abridged info on RISKS (comp.risks)


Date: Wed, 11 Aug 2010 08:50:42 -0400
From: Joseph Lorenzo Hall <joehall_at_private>
Subject: Hot debate over Electronic Voting Machines

The recent EVT/WOTE workshop at USENIX Security featured a panel on 9 Aug
2010 [It was very lively and quite contentious.  PGN!] about Indian voting
machines, and related developments involving Indian law enforcement's
interest in one of the Indian hackers involved.  This is a story from *The
Hindu Times* covering the debate and subsequent developments.  [Joseph
Lorenzo Hall, ACCURATE Postdoctoral Research Associate, UC Berkeley School
of Information and Princeton Center for Information Technology Policy

Narayan Lakshman, Hot debate over Electronic Voting Machines,
*The Hindu Times*, 11 Aug 2010

This week the debate on whether electronic voting machines (EVMs) in India
are tamper-proof, reached boiling point in far-away Washington, as a
representative of the Election Commission of India (ECI) and an American
university professor clashed publicly over contradictory claims regarding
the machines.

The controversy was stoked at an industry conference on EVMs, where Alok
Shukla, Deputy Election Commissioner at the ECI and Alex Halderman,
Assistant Professor of electrical engineering and computer science at the
University of Michigan, also put forth different accounts regarding the case
of Hari Prasad, a colleague of Mr.  Halderman who was alleged to have
appeared on Indian television with an EVM that he procured from unnamed
sources. ...

Vulnerable to `dishonest display'

Yet, Mr. Halderman noted that based on the experiments that he and his
colleagues had undertaken, they could demonstrate that EVMs were vulnerable
firstly to the so-called `dishonest display' attack whereby a
microcontroller and a Bluetooth radio chip could be smuggled into the device
using a genuine-looking display board. Through the use of these devices,
which Mr. Halderman said he had assembled at the cost of ``just a few
dollars,'' the attacker could then signal which candidates should receive
stolen votes via a Bluetooth smart phone.

Electronic booth capture

Second, Mr. Halderman alleged, the Indian EVM was also susceptible to attack
through the use of an electronic clip, which attached directly to the EVM
chips and could rewrite the votes stored there. Not only could the votes be
changed through this ``electronic form of booth capture,'' but the secrecy
of election data could also be violated as the clip would allow the attacker
to copy out the votes stored.

Further, Mr. Halderman said that the paper, wax and string seals used to
protect EVMs had been ``widely discredited'' and were entirely vulnerable to
tampering.  ``Machines [are] stored around the country in a variety of
locations, from abandoned warehouses to schools, etc.  [and it is] likely
many of them could be accessed by criminals, especially with the aid of
dishonest insiders,'' Mr. Halderman said.

Substantiating these arguments, Indian pollster G.V.L. Narasimha Rao said
that employees of Public Sector Undertakings and their technicians --
responsible for manufacturing the EVMs -- were a ``huge potential source of
fraud,'' even if the ECI had ruled out any form of insider threat. Further,
he said, a large number of private players were involved in election
operations including manufacturers, their agents, vendors of foreign
companies, government officials and so on. ...


Date: Wed, 11 Aug 2010 13:34:21 PDT
From: Peter G Neumann <risko_at_private>
Subject: Jeff Burbank: License to Steal

The second day (10 Aug) of EVT/WOTE 2010 began with Jeff Burbank (author of
License to Steal, Nevada's Gaming Control System in the Megaresort Age,
University of Nevada Press, 2005), who gave a superb talk on insider misuse
in the gambling industry and state oversight.  The video is not on the
USENIX website (although most of the other presentations are).  Perhaps you
have to read the book, which contains much of the material presented in
Jeff's talk.


Date: Sun,  8 Aug 2010 13:12:52 -0400 (EDT)
From: bo774_at_private (Kelly Bert Manning)
Subject: BC Online Casino taken offline within hours

The British Columbia Lottery recently rolled out a new online Gambling web
application, then had to pull the plug within hours.  No date for reopening
has been announced.

Apart from slow online response during the brief time it was online reports
state that BCLC let users gamble with money from other users accounts and
exposed user's personal information to other users.


To deal with the social downside of gambling addiction BCLC had recently
imposed a $9,999 limit on monthly loses and betting.  By coincidence that is
just under the $10,000 limit for Federal FINTRAC reporting of large gambling

BCLC's month was made even worse when the Federal FINTRAC agency announced
$670,000 in fines against BCLC for alleged repeated failure to comply with
reporting requirements.

BC's gambling addiction goes quite deep.

The party currently in power originally reduced the opposition to just seats
in the house, after the former Premier resigned in disgrace. Among other
issues in that debacle was "Casinogate" which involved the Minister
appointed by the former Premier intervening to approve a Casino Licence for
a hotel controlled by a motorcyle gang.

On the Bricks and Mortar side of the "business" BCLC let a gambling addict
continue to bet despite the addict's request to be banned. The request was
honored when the addict tried to collect a win, but was ignored his request
while he was losing money.


Gambling boosters claim that people will gamble anyway, so why not offer a
legal alternative?

Hasn't the USA had some success at charging and arresting companies which
process charge card transactions for illegal gambling websites?

My personal take is that anyone silly enough to pay to use an illegal online
gambling web service is also silly enough to think the game isn't rigged.
We have seem reports of rigged server code for gambling websites.


Date: Mon, 2 Aug 2010 19:38:40 -0400
From: Dave Farber <dave_at_private>
Subject: Crooks Crack Check Image Sites, Steal $9 Million - The Consumerist


Ben Popken, Crooks Crack Check Image Sites, Steal $9 Million, 2 Aug 2010
(Davide Restivo)

Know how when you go into your online checking account you can click on
checks that you've written and see the scanned image of them? Well, those
pictures have to be stored somewhere, and they're not always secure. Russian
crooks broke into three sites that store archival check images, stole the
information, and wrote over $9 million in phony checks against over 1,200

In order to keep the money, though, the crooks have to recruit "money mules"
through online job posting sites to unwittingly launder the checks and send
the thieves money from their own accounts, as we talked about recently in
"Watch A Money Mule Scam Unfold."

The security research firm that discovered the breach said that they've
notified the affected sites who have since sealed up the gaps, but the scam
is still operating and targeting other image archival companies.

Hm, what's the digital equivalent of the phrase, "hanging paper?"


Date: Fri, 6 Aug 2010 09:30:23 +0530
From: Raj Mathur <raju_at_linux-delhi.org>
Subject: iPhone jailbreak opens world of questions

The recently-announced Apple iPhone jailbreak:
is much more serious than a quick scan would suggest.  For one, the
jailbreak requires no confirmation from the user: just downloading and
viewing a (small) PDF is enough to bypass all the iPhone's security and
install code at the system level.

This is also probably the first time that known vulnerabilities in a system
have been amalgamated into a user-level package meant specifically for the
purpose of bypassing restrictions in the system.  While this seems like good
news for iPhone owners, it also means that anyone can exploit the same
vulnerabilities in the same fashion to his/her own malicious ends.
Specifically, there is nothing stopping you or I from creating an equivalent
PDF that installs malware into an iPhone.

So was Apple unaware of these vulnerabilities?  That would reek of terminal
ignorance.  Assuming then that they were aware, what steps did they take to
warn customers and provide upgrades to mitigate these issues?  Or did they
deliberately ignore the potential risks to their customers so that
jailbreaks would be possible and people would continue buying iPhones?
While the last may seem far-fetched, it is true that means of jailbreaking
iPhones are in Apple's interests from a pure numbers point of view.

At a larger level, are we going to see new botnets comprised of well-
connected, high-power mobile devices?  I'm trying to picture a scenario
where existing PCs and mobile devices coalesce into creating super- powered
networks capable of attacking, spamming and warring over multiple media.
Time to hand over to the science-fiction writers, I guess.

Raj Mathur  raju@private  http://kandalaya.org/


Date: Thu, 12 Aug 2010 12:32:28 -0700
From: Paul Saffo <paul_at_private>
Subject: Muni gets time wrong; 510 drivers get a ticket

*San Francisco Chronicle*

When it comes to parking tickets, timing is everything, as ABC7's Dan Noyes
discovered.  Under San Francisco's program to catch traffic scofflaws, some
Muni buses have been mounted with front-facing video cameras to record cars
that are illegally parked in transit-only lanes. The problem is, the camera
clocks were not adjusted for daylight saving time in March and were off an
hour -- an important detail for people like George Chen. The San Francisco
smoke shop owner who has permission to park in a loading zone claims he
moved his car in time. Still, the City slapped him with an $85 ticket.

Turns out the time was wrong on cameras for 17 buses, a problem that wasn't
discovered until the end of the June. More than 500 drivers were erroneously
ticketed, said Noyes. Now, it looks like those folks are entitled to a
refund by the Municipal Transportation Agency. Here's a list of erroneous
citations with license plate numbers.

Aileen Yoo, 12 Aug 2010


Date: Thu, 5 Aug 2010 18:11:56 -0700
From: Peter G Neumann <neumann_at_private>
Subject: No fail-safe linkage?  12-year-old paralyzed by ride

  Operator of Dells ride that injured girl faces felony
  [This was reported by several people.  PGN]

  "He made a mistake, ... He fully cooperated with the investigation You
  don't do anything criminally wrong and they issue a felony charge and they
  arrest you. A mistake is not a crime, so they didn't need to arrest him. I
  respectfully disagree with the issue as a criminal charge in the case
  where they've shown neglect and nothing more."

  http://tinyurl.com/253jnlt  (host.madison.com)

This was an inevitable accident.  What's amazing is that it took eight years
to happen.  What's lucky is that the first accident wasn't a death.



Date: Tue, 3 Aug 2010 15:54:16 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: Cutoff of YouTube in Siberia due to a single video

Cutoff of YouTube in Siberia due to a single video
http://bit.ly/cKjiUf  (Google European Public Policy Blog)
  [From Network Neutrality Squad]


Date: Tue, 3 Aug 2010 11:04:17 -0400
From: "Jonathan Kamens" <jik_at_private>
Subject: Mac_OS_X_Mail_parental_controls_vulnerability: Something_better_to_do?

The parental controls built into the Mac OS X Mail client can be easily
bypassed by anyone who knows the email address of the child and his/her
parent. The Mail client can be fooled into adding any address to the child's
whitelist (i.e., the list of addresses with whom the child is allowed to
correspond), as if the parent had approved the address, without his/her
knowledge or consent. This vulnerability can be taken advantage of by the
child or by any third party anywhere on the Internet.

I have reported this vulnerability to Apple, and they have declined to
assign a CVE ID for it, disclose it to the public, or indicate a time-line
for when it will be disclosed or fixed.

For more information:


Date: Fri, 6 Aug 2010 16:33:54 -0400
From: Monty Solomon <monty_at_private>
Subject: Stalkers Exploit Cellphone GPS

Justin Scheck, What They Know: Stalkers Exploit Cellphone GPS,
*Wall Street Journal*, 3 Aug 2010

Phone companies know where their customers' cellphones are, often within a
radius of less than 100 feet. That tracking technology has rescued lost
drivers, helped authorities find kidnap victims and let parents keep tabs on
their kids.

But the technology isn't always used the way the phone company intends.  One
morning last summer, Glenn Helwig threw his then-wife to the floor of their
bedroom in Corpus Christi, Texas, she alleged in police reports. She packed
her 1995 Hyundai and drove to a friend's home, she recalled recently. She
didn't expect him to find her.  The day after she arrived, she says, her
husband "all of a sudden showed up." According to police reports, he barged
in and knocked her to the floor, then took off with her car.

The police say in a report that Mr. Helwig found his wife using a service
offered by his cellular carrier, which enabled him to follow her movements
through the global-positioning-system chip contained in her cellphone. ...



Date: Mon, 9 Aug 2010 11:02:41 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Body scans (Mike M. Ahlers)


Mike M. Ahlers, Agency stored body images from Florida courthouse, CNN,
4 Aug 2010

* The Marshals Service used millimeter wave technology to collect images
* The images were of people entering a federal courthouse in Orlando, Florida
* A sampling of the ghost-like images was obtained under the
  Freedom of Information Act
* The Marshals Service says the images were never accessed before  the request

The U.S. Marshals Service is confirming that it has stored more than 35,000
"whole body" images of people who had entered a U.S. courthouse in Orlando,
Florida.  The images captured by millimeter wave technology are more
ghost-like and far less detailed than those produced by "backscatter"
machines commonly used by the Transportation Security Administration at
airports nationwide.

But the Electronic Privacy Information Center, a privacy rights group that
obtained the Marshals Service photos, said the disclosure shows that body
imaging machines can store intrusive images of people's bodies and that the
federal government will store images in the absence of strong judicial or
legislative restraints.  EPIC and other privacy groups filed suit against
the TSA this year, asking the court to bar it from using body imagers at

In a letter to EPIC, Justice Department attorneys agreed to give 100 images
of the approximately 35,314 images that were stored on the Orlando
courthouse machine from February 2 until July 28. It called the 100 images a
"representative sample" of stored images.

A U.S. Marshals Office spokeswoman said the Brijot Gen2 machine in Orlando
automatically stores the images to a hard drive, and security officers can
look at an image of the person who just entered the machine and the two
previous images. But all other images can only be accessed via an
administrative passcode, spokeswoman Carolyn Gwathmey said.  Gwathmey said
the stored images had never been accessed before the receipt of the Freedom
of Information Act request.

Marc Rotenberg of the Electronic Privacy Information Center conceded that
the Marshals Service's images are "not particularly revealing" but said this
experience highlights the necessity for prohibitions on government's use of
backscatter technology, which can capture far more revealing images by using
X-rays to provide detailed images in or under a person's clothing.  "The
only thing that is preventing the TSA from [storing images] is that we keep
raising this with them," Rotenberg said.

In written comments this year to CNN, the TSA said images at airports
"cannot be stored, transmitted or printed" when in normal operations.

"TSA has clearly demonstrated the extensive steps and strict measures that
have been taken to protect passenger privacy," the agency said.

The images released to the Electronic Privacy Information Center were
captured by a machine at the Middle District of Florida in the Orlando
courthouse. The Marshals Service also tested a machine at a U.S. courthouse
in Washington for about 90 days in the 2007 and 2008 time frame, Gwathmey
said. During the test, the machine was not used to screen individuals
entering the courthouse, she said.

That machine was returned to the vendor, and any images that may have been
stored on it are no longer under agency control, the Justice Department

[See also CNET.  PGN]


Date: Wed, 4 Aug 2010 09:18:59 -0400
From: Monty Solomon <monty_at_private>
Subject: New law bans texting while driving

[Mass.] Governor Patrick Signs Safe Driving Legislation, 02 Jul 2010

New law bans texting while driving for all drivers and cell phone-use
by junior operators; Massachusetts one of 29 states to prohibit
Dangerous behavior behind the wheel

An Act relative to safe driving.


Date: Sun, 8 Aug 2010 11:50:37 -0400
From: Steven Bellovin <smb_at_private>
Subject: Re: BP: "Will no one rid me of this turbulent alarm?"

The obvious question, of course, is "why didn't you fix the underlying
problem with the alarm?"  Of course, that can itself be a difficult
business, which raises a separate question: why not have the alarms sound
only in the control room, where the watch stander can evaluate the problem
and sound the rig-wide alarm if something is actually wrong?  My guess is
that that isn't possible.  It may be a deliberate design choice -- you want
alarms to warn people even if the watchstander has to leave the room -- but
it may be an issue of over-automation.

Some years ago, on an overnight flight, I had a chance to ask the pilot why
he left the seatbelt sign illuminated all night, when the flight was quite
smooth.  The answer was over-automation: the way the plane was designed,
every time he turned it on, a chime sounded and an automated PA system
message warned the passengers.  This meant that even modest turbulence would
result in passengers being awakened.  He didn't like the system, but it
wasn't possible for him to turn if off -- some designer, somewhere, felt
that it was better to relieve the pilot of the extra work of sounding the
chime and making an announcement, without really understanding the actual
usage model.


Date: Fri, 6 Aug 2010 16:26:51 -0400
From: Monty Solomon <monty_at_private>
Subject: WSJ: What Do Online Advertisers Know About You?

Tim Jones, *Wall Street Journal*, 4 Aug 2010

In a groundbreaking new series titled "What They Know," the *Wall Street
Journal* is taking a close look at the information that online advertisers
collect about you as you browse the Web: "The tracking files represent the
leading edge of a lightly regulated, emerging industry of data-gatherers who
are in effect establishing a new business model for the Internet: one based
on intensive surveillance of people to sell data about, and predictions of,
their interests and activities, in real time."  What the industry knows
about you may surprise you. The articles examine the world of tracking
cookies, and other less well-known tracking technologies like flash cookies
and beacons. They found that "the nation's 50 top websites on average
installed 64 pieces of tracking technology onto the computers of visitors,
usually with no warning."

Using information gathered this way, the advertising industry is able to
accurately guess substantial information about you - often including your
gender, age, income, marital status, credit-rating, and whether you have
children or own a home. The findings are used not only to determine what
advertisements you see, but sometimes to decide what kind of discounts or
credit card offers you're allowed access to. ...

What They Know:

Online Behavioral Tracking:


Date: Tue, 03 Aug 2010 15:26:33 +0900
From: ishikawa <ishikawa_at_private>
Subject: Re: Quiet electric & hybrid cars endanger ... (Klein, RISKS-26.11)

>  [And what if you are deaf?  PGN]

Prompted by the quite electric car's noted problem in Japan, especially so
for the visually-challenged people, some are experimenting with embedding
active RFID tag in the car and let the pedestrians such as blind people
carrying the detector to learn of the approaching cars by means of RFID. The
detecting device warns of the approaching car using sound warning.

I think the same mechanism can then be used for the deaf by using the
detector to cause some kind of vibration motion depending on the direction
of approaching vehicle, etc.

The cost of having an active tag in each car and the
detecting device carried by the handicapped may not be small. It should be
born by the society as a whole IMHO.


Date: Tue, 3 Aug 2010 02:11:15 +0000 (UTC)
From: tls_at_private (Thor Lancelot Simon)
Subject: Re: Risks of free-text fields in medical records (Goldberg, R-26.13)

>With auto-complete fields, typing the beginning of a drug name can trigger a
>pop-up of MANY drugs with the same root, where careless clicking selects the
>wrong one, a common problem with Windows' auto-complete function.

I have never understood why such software does not make the prescriber
select *both* the generic and a trade name for each medication and confirm
that they match.  It seems to me this would basically eliminate such errors.

For example: I am allergic to Voltaren (diclofenac), an anti-inflammatory
drug.  I have more than once found that my medical records contain the false
information that I am allergic to Vytorin (ezetimbe).  I cannot imagine, if
the provider had to select both names with no prompting, this error would
ever happen.

>Similarly, a pull-down field for dosage can lead to careless selection of an
>incorrect value, a common problem with Windows' pull-down selection

This would be trivially remedied by requiring the dosage to be pulled-down
*and* typed in, and, again, matching values.  For IV drugs, the simplest
cross-check is probably to force the provider to confirm how many minutes
or hours one standard-size bag will last.

PGN writes:

>  [This is one of those issues in which both arguments are partially
>  correct.  Fixed fields are risky with poorly defined, overlapping,
>  or otherwise confusing.   Free-text fields have many other risks.
>  The risks question is much deeper than that dichotomy.  PGN]

But I think it is wrong to highlight only the _risks_ of free-text fields.
Used to confirm what is selected from menus, it seems to me they offer a
considerable opportunity for risk reduction.


Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 26.14
Received on Mon Aug 30 2010 - 20:05:25 PDT

This archive was generated by hypermail 2.2.0 : Mon Aug 30 2010 - 21:22:27 PDT