RISKS-LIST: Risks-Forum Digest Friday 1 April 2011 Volume 26 : Issue 40 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.40.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Appleplexy, Anyone? (PGN) Facebook introduces `enemies list' feature (Mark Thorson) Introducing Gmail Paper (jidanni) Not an April Fool's case: Samsung Swansong becomes a Duck Call (PGN) The April Fool Turing Test (Rob Slade) Some risk-related issues after the earthquake (Chiaki Ishikawa) Speaking of the US radiation detectors, cough, cough (Danny Burstein) Railway signaling glitch strands commuters (Alex Farlie) Docklands 2009 rail accident report (Alex Farlie) Major UK Internet Outage (Martin Ward) Comodo compromise (PGN) FBI unable to break a code, asks for public help (Danny Burstein) India: system failure impedes voting on a constitutional amendment (PGN) A Girl's Nude Photo, and Altered Lives (Jan Hoffman via Monty Solomon) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: 01 Apr 2011 00:20:11 -0000 From: Peter G Neumann <Neumann_at_private> Subject: Appleplexy, Anyone? In a fascinating article in *The New York Times* Sunday News of the Week in Review, 27 Mar 2011, Ben Zimmer (chairman of the American Dialect Society's new-words committee) noted that Microsoft is suing Apple and Apple is suing Amazon (over the use of `app store' and `Appstore', respectively). Facebook has filed trademarks on words like `like', `wall;, `poke', `face', and `book'. I think the whole thing is app-alling. But the wurst is yet to come. I never sausage nonsense until I heard of the formation of new company whose prospectus promises to remove undesired apps and e-mail/Web-visible promotions for those apps from your sight. This company has the rather absurdly concatenated name of Get-your-apps-Out-Of-My-face:Book-Your-Alternative-now.biz which presumably wants to be known as GOOMBYA. for short. Perhaps GOOMBYA can figure out how to get all the silly trademarks out of *my* face. PGN (for a better wor(l)d) ------------------------------ Date: 1 Apr 2011 1:02:03 -0800 From: Mark Thorson <eee_at_private> Subject: Facebook introduces `enemies list' feature PALO ALTO, CA -- Facebook today announced availability of a new feature, the enemies list. "This is the single most requested feature from our customer base, and we always respond to our customers," said company spokesman Ronald Ziegler. "It's based on the old proverb, 'The enemy of my enemy is my friend'," he added. "When two people add the same third party to their enemies lists, they automatically become Facebook friends." In response to a question, Ziegler said there is no corresponding function to automatically add the friends of enemies to a user's enemies list. ------------------------------ Date: Fri, 1 Apr 2011 13:18:23 +0800 From: jidanni_at_private Subject: Introducing Gmail Paper "It's paper, plain and easy. I sometimes find myself wondering: what will Google think of next? Cardboard?" http://mail.google.com/mail/help/paper/more.html [The Google website talks about automagically printing other stuff on the back of the page in red, bold, 36-point type, for your convenience. PGN] ------------------------------ Date: Wed, 30 Mar 2011 16:49:29 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Not an April Fool's case: Samsung Swansong becomes a Duck Call Risks of believing what you read? 1. Samsung reportedly admits installing keylogger software on their computers http://www.networkworld.com/newsletters/sec/2011/032811sec2.html 2. Samsung "keylogger" believed to be false positive "Samsung has issued a statement saying that the finding is false. The statement says the software used to detect the keylogger, VIPRE, can be fooled by Microsoft's Live Application multi-language support folder. This has been confirmed at F-Secure and two other publications, here and here. Still no explanation for why Samsung originally confirmed the keylogger's existence to Hassan ... " [This is a true story. But beware of the first three items in this issue. PGN] ------------------------------ Date: Tue, 29 Mar 2011 17:51:26 -0800 From: Rob Slade <rMslade_at_private> Subject: The April Fool Turing Test [Jerken Westin and colleagues in Sweden have developed a variant of the famous Turing Test, removing the computer in the loop. ``It bears some relationship to the Wizard-of-Oz experiments and involves placing several experimental participants in a symmetrical paradox.'' This is a rather fascinating probe not only of subjects' gullibility but also of experimenters being fooled. It's worth a look, and very timely. PGN] http://www.triple-c.at/index.php/tripleC/article/download/31/31 http://improbable.com/2011/03/28/the-april-fool-turing-test/ rslade_at_private slade_at_private rslade_at_private victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ ------------------------------ Date: Sat, 26 Mar 2011 20:26:56 +0900 From: "ISHIKAWA, Chiaki" <ishikawa_at_private> Subject: Some risk-related issues after the earthquake Bank, time signal radio station, disappeared ID, and risk assessment Two weeks after the big earthquake and subsequent tsunamis hit Japan, I observed a few problems in the general media. Mizuho Bank ATM total failure for the days after the earthquake (March 1). According to the latest report, which is almost 10 days after the problem appeared, the large queue of money transactions, which was caused by a large number of donations to an account for a relief efforts to help the stricken in the earthquake and tsunami ravaged area seems to be the culprit. There was a mention of the maximum limit of a queue for an account was not set appropriately, or something. I don't know the practice in banking industry, but it seems that Mizho collects all such transactions (specifically money transfer from ATM and otherwise) and tries to clear the work queue during the evening. But according to some reports, the queue could not be cleared fast enough before next day's operation began. Inquiring mind wants to know why it was only Mizuho which experienced the problem (other banks with accounts for such donations have not had similar problems so far), and how the software behaves when the limit is reached. Are all those overflowing jobs simply not processed and carried over for the processing on the next evening? To me, it seems there were issues when such overflow occurred, but no clear explanation is not given yet. Risks and other mailing lists will benefit from such technically detailed report. I should mention that Mizuho took an unusual step of handing money to those who claimed to have received the money from someone into their account, and the money was not yet in their account. The maximum amount was 100,000 YEN per person. There were some abuses (those who moved from one branch to the other, and took out such money multiple times) and so it was be a mess indeed. * One of the two radio stations that emit Japan Standard Time signal stopped operating: the station is within 20 kilometers area (evacuation area) from the Fukushima Daiichi nuclear power plant. Ever since the evacuation was announced, and the staff (2-4 people) left, the station stopped transmitting the signal. I suppose that the operator didn't want to possibly incorrect timing signal in the absence. There are watches (including wrist watches) that can sync with the signal. CASIO, Seiko, Citizen and other makers of such clocks receive more than a dozen inquiries a day now. (I noticed something strange was going on with my watch that syncs at midnight, but that happens when the radio signal is not reachable due to indoor condition and didn't think much about it.) The other station in the western part of Japan is in operation, but most heavily populated area, namely Tokyo and its surrounding area, is not covered well by the signal from that station. Seismographs installed in mountain range and such uses the clock to sync the internal clock. The agency responsible for such instruments have resorted to use the wire signal for supplying the time information. Hmm, another risk of not so well tested software module and the somewhat unknown delay caused by wire transmission? * In some towns, ones birth record's, and everything one may need for identification purposes were washed away. Banks and other financial institutions were asked to open an account without identification information. (Usually, to prevent the cases of money laundering, etc., one is required to produce a valid ID or two.) * The problem at the nuclear power station, or risk assessment in general. By now, the security analysts all over the world, especially the people in physical security must be looking hard at what goes on at Fukushima Daiichi nuclear power station. I just would like to point out this. In risk assessment, one usually uses the expected (in the sense of statistics, or probability theory) value of risk using whatever numerical (or multi-dimensional value if necessary by incorporating some ideas of "order") to assess the risk. In general, with a suitable such measure-scale, P: Space of all possible situations and the p(e), a probability of event e, happening. E(x) : Expected value of x of a risk index in all possible situations sometimes written as <x>. c : some threshold to decide whether the risk can be taken considering the merit. E(x) < c If E(x) exceeds 'c', then the risk is too large to accept. I had wondered whether this approach would be tenable in a situation where the danger is beyond human scale: for example, contamination of waste disposal may persist for a few generation at least (exceeding the life time of an ordinary person) many times. Nuclear waste management is such a situation, and nuclear power plant is also such a case. Unintended release of radio active material must be tackled by a few generations. You have to ask the future generations whom you will never see before your death to take care of the consequences. Some geologists say the type of tsunami that caused the havoc was known to have devastated the area about 1000 years ago (this was confirmed by old historical record, and, more importantly, the sediment sample analysis conducted in the region. In one city, Sendai, a petition was handed into the city office based on this discovery to change the evacuation plan or build a safer shelter in an elevated place, etc.) So such a big tsunami was expected in today's scientific knowledge. (It probably was not when Fukushima Daiichi was built.) I wonder in some extreme situation like this, instead of the usual expected value of a risk index, one may want to use the Max(x), i.e., maximally possible risk that can arise. We say, if the maximum is within acceptable value, then we can take the risk, but if not, then we don't want to take the risk. OK: Max (x) < c NG c < Max (x) I had wanted to explain this notion to some people, but prevailing textbooks simply use the expected value without thinking much. (I thought I posted something about the use of maximum risk for assessment, instead of the expected value, but it was not posted, I am afraid. If I had, I was a good fortune teller.) Anyway, my prayer for the people hit by tsunami and survivors. ------------------------------ Date: Sun, 27 Mar 2011 00:09:24 -0400 (EDT) From: Danny Burstein <dannyb_at_private> Subject: Speaking of the US radiation detectors, cough, cough Garance Burke and Noaki Schwartz, Gaps in US radiation monitoring system revealed, Associated Press, 26 Mar 2011 http://news.yahoo.com/s/ap/20110326/ap_on_re_us/us_west_coast_radiation_monitors [Long article truncated for RISKS. PGN] SAN FRANCISCO - Parts of America's radiation alert network have been out of order during Japan's nuclear crisis, raising concerns among some lawmakers about whether the system could safeguard the country in a future disaster. Federal officials say the system of sensors has helped them to validate the impact of nuclear fallout from the overheated Fukushima reactor, and in turn alert local governments and the public. They say no dangerous levels of radiation have reached U.S. shores. In California, home to two seaside nuclear plants located close to earthquake fault lines, federal authorities said four of the 11 stationary monitors were offline for repairs or maintenance last week. The Environmental Protection Agency said the machines operate outdoors year-round and periodically need maintenance, but did not fix them until a few days after low levels of radiation began drifting toward the mainland U.S. About 20 monitors out of 124 nationwide were out of service earlier this week, including units in Harlingen, Tex. and Buffalo, N.Y. on Friday, according to the EPA. Gaps in the system -- as well as the delays in fixing monitors in some of Southern California's most populated areas -- have helped to prompt hearings and inquiries in Washington and Sacramento. "Because the monitoring system ... plays such a critical role in protecting the health and safety of the American people, we will examine how well our current monitoring system has performed in the aftermath of the tragic situation in Japan," said Sen. Barbara Boxer, a California Democrat who chairs the U.S. Senate Environment and Public Works Committee, which plans a hearing in the coming weeks on nuclear safety. EPA officials said the program effectively safeguarded the country against a threat that did not materialize. They said they put portable monitors in place as backups and repaired the permanent ones in Los Angeles, San Bernardino, San Diego last weekend. [...] ------------------------------ Date: Sun, 27 Mar 2011 02:48:06 +0100 From: Alex Farlie <groupsstuff_at_private> Subject: Railway signaling glitch strands commuters The reason I am mentioning this is an apparent claim by Network Rail (who are the entity with responsibility for the UK rail networks infrastructure.) that a glitch in software based signaling was involved.. http://www.bbc.co.uk/news/uk-england-york-north-yorkshire-12871897 [Given the age of parts of the rail network isn't that surprising...] ------------------------------ Date: Sun, 27 Mar 2011 03:02:21 +0100 From: Alex Farlie <groupsstuff_at_private> Subject: Docklands 2009 rail accident report The Rail Accident Branch report in relation to an incident on the Docklands Light Railway back in 2009 notes that, although the primary causes were not software related, the DLR is a computer based signaling system (and parts of it were considered in the investigation it seems). http://www.raib.gov.uk/publications/investigation_reports/reports_2010/report032010.cfm ------------------------------ Date: Tue, 29 Mar 2011 12:36:38 +0100 From: Martin Ward <martin_at_private> Subject: Major UK Internet Outage At about 02:00 on 11 Jan 2011, something went wrong with BT's planned maintenance within their core network. By 02:15, a significant number of 21CN (24Mbps and FTTC) ADSL connections were down. My information on what happened and how the situation was resolved is mainly from my own observations plus the limited information released by my ISP (Fast.co.uk). All ISPs have to operate under NDAs (Non-Disclosure Agreements) with BT Wholesale: which means that the information they can give out is very limited. BT Wholesale themselves refuse to talk to customers directly. So there is no means for the ordinary customer to find out accurate information: BT won't tell them and their ISP is not allowed to tell them. The NDA also prevents ISPs from giving BT contact details to their customers. BT still owns the "last mile" phone lines and equipment for most of the UK, so they are a single point of failure for ALL ISPs for most of the fixed-line Internet access in the UK. It's really important that they get it right since they provide wholesale Internet access to all the other ISPs. If you get poor service from them, switching ISPs won't help. Perhaps they cynically look at it from the other side: they don't need to bother too hard about getting it right, because customers have nowhere else to go? BT are in the unusual position that one part of the company (BT Wholesale) operates as a monopoly over most of the country, selling wholesale Internet access to ISPs: including BT's own retail division and their competitors. Of course, BT Wholesale is not allowed to give special treatment to BT's retail division. At 02:00, something went wrong with BT's planned maintenance, causing a large number of customers to lose Internet access. Fast's network monitoring detected the outage in a matter of seconds. They contacted BT and escalated the issue to the highest level of support. By 06:00 Fast had added a message to their status page and a recorded message on their support line. By 08:30, BT engineers were "working to restore normal service". By 09:40 BT could confirm that the problem was on their network, and were still "working to restore normal service". By 10:40 BT's most senior engineers were working on the problem. By 11:30 BT had finally realised that the problem was caused by their planned maintenance work overnight, and started trying to work out how to fix it. By 12:27, Fast engineers had confirmed the cause of the problem, worked out a fix, and told BT exactly what they had to do to fix it. By 13:20 BT Operations finally started rebuilding the configuration on the device that controls the tunnels between Fast's network and the BT network. This was expected to take about 30 minutes. By 14:00, twelve hours after the network went down, normal service finally started being restored to customers. Discussion: When you carry out planned maintenance on a network device, should it not be customary to check that the device is still working properly afterwords? Regardless of the above, shouldn't BT have some automated monitoring process running which checks that their network is healthy and pages an engineer as soon as any significant problems are detected? When I logged in that morning and noticed that the network was down, I immediately checked my logs and found that it had gone down some time between 02:00 and 02:15 that morning. As a long time comp.risks reader, my first thought was that an upgrade had gone wrong (my second thought was "Why didn't they notice?"). Why did it take BT over nine hours to figure out the cause of the outage? Why did they then need another ISP's engineers to tell them exactly what they had to do to fix their own network? Given that the fix took only 30 minutes to implement, why was it over twelve hours before service was restored? STRL Reader in Software Engineering and Royal Society Industry Fellow martin@private http://www.cse.dmu.ac.uk/~mward/ Erdos number: 4 ------------------------------ Date: Thy, 31 Mar 2011 22:19:02 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Comodo compromise Comodo holds one of the master keys to the SSL X.509 Public Key Infrastructure. One of their affiliates has been compromised and nine rogue certificates issued. Browsing will get you lots of items on this case. ------------------------------ Date: Wed, 30 Mar 2011 21:29:06 -0400 (EDT) From: Danny Burstein <dannyb_at_private> Subject: FBI unable to break a code, asks for public help FBI: Help Us Crack This Code and Solve a Murder Case Investigators Want Public to Help Unlock Code Linked to 1999 Murder of St. Louis Man [ABC News] The FBI is looking for a few beautiful minds to help solve a murder case. If you think you have what it takes to crack a code that the best cryptanalysts in the country have failed for 12 years to master, they'd like to hear from you. ... After 12 years of trying to untangle the cryptographic mess, investigators from the FBI's Cryptanalysis and Racketeering Records Unit and the American Cryptogram Association are throwing up their hands. ... http://abcnews.go.com/US/fbi-seeks-public-cryptic-code-1999-st-louis/story?id=13256467 ------------------------------ Date: Sun, 27 Mar 2011 18:06:28 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: India: system failure impedes voting on a constitutional amendment Prime minister Manmohan Singh's No vote in Rahya Sabha was cast as a Yes. However, 169 intended Yes votes were recorded as only 149. The amendment was to rename Orissa to Odisha. [Source: New Delhi, March 24, DH News Service; PGN-ed] http://www.deccanherald.com/content/148607/evm-laughter-machine-rs.html ------------------------------ Date: Sun, 27 Mar 2011 23:37:28 -0500 From: Monty Solomon <monty_at_private> Subject: A Girl's Nude Photo, and Altered Lives (Jan Hoffman) Jan Hoffman, 26 Mar 2011 LACEY, Wash. - One day last winter Margarite posed naked before her bathroom mirror, held up her cellphone and took a picture. Then she sent the full-length frontal photo to Isaiah, her new boyfriend. Both were in eighth grade. They broke up soon after. A few weeks later, Isaiah forwarded the photo to another eighth-grade girl, once a friend of Margarite's. Around 11 o'clock at night, that girl slapped a text message on it. "Ho Alert!" she typed. "If you think this girl is a whore, then text this to all your friends." Then she clicked open the long list of contacts on her phone and pressed "send." In less than 24 hours, the effect was as if Margarite, 14, had sauntered naked down the hallways of the four middle schools in this racially and economically diverse suburb of the state capital, Olympia. Hundreds, possibly thousands, of students had received her photo and forwarded it. In short order, students would be handcuffed and humiliated, parents mortified and lessons learned at a harsh cost. Only then would the community try to turn the fiasco into an opportunity to educate. Around the country, law enforcement officials and educators are struggling with how to confront minors who "sext," an imprecise term that refers to sending sexual photos, videos or texts from one cellphone to another. But adults face a hard truth. For teenagers, who have ready access to technology and are growing up in a culture that celebrates body flaunting, sexting is laughably easy, unremarkable and even compelling: the primary reason teenagers sext is to look cool and sexy to someone they find attractive. Indeed, the photos can confer cachet. ... http://www.nytimes.com/2011/03/27/us/27sexting.html ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.40 ************************Received on Thu Mar 31 2011 - 22:43:42 PDT
This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 03:55:27 PDT