[RISKS] Risks Digest 26.44

From: RISKS List Owner <risko_at_private>
Date: Sat, 14 May 2011 15:25:24 PDT
RISKS-LIST: Risks-Forum Digest  Saturday 14 May 2011  Volume 26 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.44.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents: [Backlogged.  Busy.  PGN]
Colleges worry about always-plugged-in students (Tracy Jan via
  Monty Solomon)
Warnings about Risks aren't just for technological issues (Paul Robinson)
Amazon Cloud Cloudy? (Ted Samson via Gene Wirchenko)
More About the Amazon Cloud Crash (Nestor E. Arellano via Gene Wirchenko)
Cloud Reliability (Patrick Thibodeau via Gene Wirchenko)
The algorithm says that'll be $23,698,655.93, plus $3.99 shipping
  (Mark Brader)
Texas exposes addresses, SSNs of 3.5 million residents (F John Reinke)
Risks of auto-classification (Steven Bellovin)
Iran claims it's under a second virus attack (Danny Burstein)
RSA hack spear-phishing via an Excel spreadsheet with embedded Flash
  (Jeremy Epstein)
Tracking File Found in iPhones (Matthew Kruk)
Re: Skype for Android User Data Leak (Robert N.M. Watson via PGN)
Re: Increasing risks due to leap seconds being ever more frequent
  (Amos Shapir)
Re: 'HTTPS Now' (Dimitri Maziuk)
Workshop on RFID Security and Privacy (Kevin Fu)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 24 Apr 2011 22:35:44 -0400
From: Monty Solomon <monty_at_private>
Subject: Colleges worry about always-plugged-in students (Tracy Jan)

Tangled in an endless web of distractions
Colleges worry about always-plugged-in students

Tracy Jan, *The Boston Globe*, 24 Apr 2011

It was supposed to be a quick diversion, Katie Inman told herself last week
as she flipped open her laptop. She had two tests to study for, three
problem sets due, a paper to revise. But within minutes, the MIT sophomore
was drawn into the depths of the Internet, her work shunted aside.  ``I had
just closed Facebook, but then I reopened it. It's horrible, I would type a
sentence for my paper, and then get back on Facebook.''

Desperate for productivity, Inman did something many of her classmates at
one of the most wired campuses would find unfathomable: She installed a
program that blocks certain websites for up to 24 hours. No social
networking. No e-mail. No aimless surfing.

While Inman took matters into her own hands, some MIT professors are urging
college leaders across the country to free students from their tether to
technology. Over the past decade, schools raced to connect students to the
Internet - in dorms, classrooms, even under the old oak tree. But now, what
once would have been considered heresy is an active point of discussion:
pulling the virtual plug to encourage students to pay more attention in
class and become more adept at real-life social networking. ...

http://www.boston.com/news/education/higher/articles/2011/04/24/colleges_worry_about_always_plugged_in_students/

------------------------------

Date: Thu, 21 Apr 2011 15:15:36 -0700 (PDT)
From: Paul Robinson <paul_at_paul-robinson.us>
Subject: Warnings about Risks aren't just for technological issues

We have warnings about risks because technology, if done incorrectly, can
cause major problems.  But it's not just technology; more than 100 years ago
there was a big warning to the legal community that if you use something the
wrong way you can get into a lot of trouble.  All we have to do to
confirm what happens when someone uses something incorrectly or makes a
mistake using something is look at any decision of the United States Supreme
Court.  I decided to write this up for a Wikipedia article and thought I'd
pass this on as it has relevance to Risks readers.

Every U.S. Supreme Court decision has the following boiler-plate warning
printed before the Syllabus, which is the summary of the decision:

  "NOTE: Where it is feasible, a syllabus (headnote) will be released, as is
  being done in connection with this case, at the time the opinion is
  issued. The syllabus constitutes no part of the opinion of the Court but
  has been prepared by the Reporter of Decisions for the convenience of the
  reader. See United States v. Detroit Timber & Lumber Co., 200 U. S. 321,
  337."

In the case of Detroit Timber, the court reporter misreported the decision
in Hawley v. Diller, 178 U.S. 476 (1900).  The syllabus, which as the above
note says, is the opinion of the court reporter as to what the court's
opinion means, was wrong.  The lawyers for the United States relied on the
syllabus for {Diller} instead of the court's actual opinion of the case and
as a result, they got it wrong too.

Here's why this issue is important. If you asked most people to name a
Supreme Court case they might be able to mention the Miranda Warning even if
they don't know the full case name {Miranda v. Arizona}, but almost
everyone, even if they don't have an opinion on abortions (like myself), can
name the case of {Roe v. Wade}.  The opinion - which I actually read once -
runs over 100 pages.  It basically says that abortions can't be prohibited
for the first three months of pregnancy and restrictions imposed by law on
obtaining an abortion from a licensed physician during this period are not
allowed.  Restrictions can be imposed on the second trimester, and even
greater ones may be imposed on the third trimester.

Now, there are three possible ways the writer of the Syllabus could
summarize the case.  Correctly, as I have done.  Incorrectly, and say that
states can't forbid physician-provided abortions and that a woman may obtain
an abortion at any time (that's actually effectively the decision of the
Canadian Supreme Court in {R. v. Morgentaler)), or the syllabus could
incorrectly say that that states can forbid all abortions at any time.

Now, let's say you're some prosecutor and the syllabus in Roe v. Wade had
misreported the decision as saying a state can forbid all abortions, and
your office decides to prosecute some doctor for performing abortions during
the first month of pregnancy.  What's likely to happen is that first, the
trial court finds your prosecution to be invalid because of the decision in
Roe v. Wade, and dismisses the case; second, orders the state to pay the
several thousand dollars this doctor unnecessarily spent in legal fees; and
third, opens your office up for a civil suit for malicious prosecution for
doing exactly what the Supreme Court said was not permitted, to prosecute a
doctor for performing abortions done during the first three months of
pregnancy, and as a result, the damages could be hundreds of thousands of
dollars.

So as a result of the error I mentioned, every case the Supreme Court prints
has a reference to U.S. v. Detroit Timber to remind them that if you're not
careful to read the actual opinion and instead depend on the syllabus,
you're taking a big risk!

The Lessons of history teach us - if they teach us anything - that no one
learns the lessons that history teaches us.

------------------------------

Date: Fri, 22 Apr 2011 13:23:52 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Amazon Cloud Cloudy? (Ted Samson)

http://www.infoworld.com/t/managed-services/popular-websites-crippled-hours-long-amazon-cloud-service-outage-657
Ted Samson, InfoWorld Home / InfoWorld Tech Watch, April 21, 2011

Amazon's popular EC2 and Relational Database Services suffered glitches
earlier this morning, leaving popular websites and services such as Reddit,
Foursquare, and HootSuite crippled or outright disabled well into the early
afternoon. The outages are a sobering reminder of the risks of placing one's
eggs in a service provider's basket, even a relatively well-established one
such as Amazon Web Services. The mishap will no doubt prompt users of
Amazon's services to call on the company to explain why it lacked the
necessary backup and disaster-recovery systems to prevent this sort of
downtime. ...

------------------------------

Date: Tue, 26 Apr 2011 10:07:01 -0700
From: Gene Wirchenko <genew_at_private>
Subject: More About the Amazon Cloud Crash (Nestor E. Arellano)

http://www.itbusiness.ca/it/client/en/home/News.asp?id=62242

Nestor E. Arellano, Firm averts Amazon cloud crash by 'spreading out the
risk', *IT Business*,  26 Apr 2011

... but thanks to redundant cloud services a Canadian company was able to
avoid any major disruption.  By employing a combination of cloud and quasi
cloud back-up services, Voices.com, a London, Ontario-based voice talent
firm, suffered only about 90 minutes of minor signal latency before being
able to recover full online capabilities while other Amazon clients did not
fare as well.

Because of server problems at Amazon's data center, which handles the
company's EC2 Web hosting services, Web sites, including popular Web 2.0
sites, were left staggering or disabled.

As of noon Eastern time last Friday, those sites had been affected for about
30 hours.

Reddit reported at 10:30 a.m. that it was still running in emergency
mode. Foursquare appeared to be up and running, while Quora was bouncing
between read-only mode and not launching at all and showing an "internal
server error" message.

Vancouver-based Twitter monitoring service HootSuite was also having
problems, reporting at one point that it was "back up" and then changing to
"again offline."

Thanks to Amazon's most recent outage, supporters of cloud services are
going to have a tough time arguing that the uptime delivered by cloud
services is superior to anything corporate IT can deliver.

Laplante says he has one customer -- a small manufacturer whose core
business application was built on WorkXpress and running on Amazon -- who
has been knocked offline. "They are fired up and they are very angry," he
said. The customer now wants the app hosted on a server in their shop.

Laplante said the Amazon outage, which began Thursday morning, is going to
make it difficult to sell cloud approaches. "I'm going to have to sell
against this outage."  Paul Haugan, CTO of Lynnwood, Wash., said his city
has been looking at Amazon's cloud offerings, but "the recent outage
confirmed, for us, that cloud services are not yet ready for prime time."

Haugan's view, which stems not just from Amazon's outage alone, is that
"cloud services need some more maturing and a much more hardened
infrastructure and security model prior to our adoption."

Voices.com, said Ciccarelli suffered a hit to its reputation.  ``It wasn't
just that our IT department had to wade through a ton of calls.  Our
reliability was put in question because our clients don't really care that
Amazon is providing us the cloud service, what they see is our company
handling their audio files.''

Thankfully, despite the complaints, Voices.com did not lose any clients.

Today, Voices.com spreads the risk around.

``Not having all our eggs is one basket adds extra layers of redundancy in
case disaster strikes,'' said Ciccarelli.

  [Alternative risks result from trying to coordinate too many baskets,
  not to mention too many eggs.  PGN]

------------------------------

Date: Tue, 26 Apr 2011 10:09:31 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Cloud Reliability

http://www.itbusiness.ca/it/client/en/CDN/News.asp?id=62250
Patrick Thibodeau, Who gets blame for Amazon outage?
Reliability of cloud services is makes customers complacent;
many don't plan for worst-case scenarios, *IT Business*, 26 Apr 2011

Amazon.com has promised to provide a "detailed post-mortem" on the root
causes of the prolonged outage of its cloud services in recent days. Users
of the Amazon services, meanwhile, may also have to explain how they got
caught up in the outage.  The ensuing conversations may be uncomfortable for
both Amazon and its cloud customers -- perhaps even more so for users of the
services.

Cloud services overall have been remarkably reliable, which may be fostering
a dangerous complacency among customers who are putting too must trust in
them. This is another old and familiar story of technology hubris, one that
was famously illustrated by another tech marvel, the unsinkable Titanic.

In this case, it is IT managers who will have to explain to their users --
and to their company's executives -- why they didn't have a lifeboat.

Amazon's partial outage, which began Thursday and seemed largely resolved
today, was an exceptional event.

Based on data compiled by AppNeta, the uptime reliability of 40 of the
largest providers of cloud-based services, including Amazon, Google, Azure
and Salesforce.com, shows how well cloud providers are delivering
uninterrupted services. The performance management and network monitoring
firm, known as Apparent Networks until this week, captures minute-by-minute
uptime and other data from cloud providers used by its customers.

The overall industry yearly average of uptime for all the cloud services
providers monitored by AppNeta is 99.9948 per cent, which equal to 273
minutes or 4.6 hours of unavailability per year.

The worst providers clock in at 99.992 per cent or 420 minutes or seven
hours of unavailability a year.

The best providers are at 99.9994 per cent or three minutes or .05 hours of
unavailability a year.

The takeaway for cloud users looking at the AppNeta data is often that the
risk of an outage is very low.

------------------------------

Date: Tue, 26 Apr 2011 02:18:37 -0400 (EDT)
From: msb_at_private (Mark Brader)
Subject: The algorithm says that'll be $23,698,655.93, plus $3.99 shipping

A biologist named Michael Eisen tells the story of trying to buy
a book about developmental biology from Amazon.  It was out of print,
but Amazon had two listings for new copies -- with prices in the
millions of dollars, and rising daily.  Eisen monitored the prices
for a while and came up with the following explanation:

* Seller A didn't really have the book, but planned to buy it from
  Seller B if someone placed an order.  They had a better feedback
  record than B, so someone might buy it from A even at a higher
  price, and had programmed their price to be 27.0589% higher than A's,
  so they'd make a profit.

* Seller B, meanwhile, was trying to ensure they just barely had the
  lowest price, and had programmed their price to be 0.17% lower than
  their competition.

* Both prices were updated automatically once a day -- thus rising
  exponentially until somebody noticed.

See http://www.michaeleisen.org/blog/?p=358.

------------------------------

Date: Mon, 11 Apr 2011 18:04:32 -0400
From: "fj_at_rcc" <kfjohn_at_private>
Subject: Texas exposes addresses, SSNs of 3.5 million residents

Identity Fraud would be impossible with out the Gooferment's lame "social
security number". Argh! Everything is so predictable!

http://arstechnica.com/security/news/2011/04/texas-exposes-addresses-ssns-of-35-million-residents.ars

> And now, a large group of Texans are about to have it a lot worse:the
> state revealed Monday <http://txsafeguard.org/>that personal information
> for 3.5 million citizens has been exposed to the public, including names,
> addresses, Social Security numbers, and more.

Ferdinand John Reinke, 3 Tyne Court, Kendall Park, NJ 08824 908-209-3625
fjohn@private  http://www.reinke.cc http://www.reinkefj.com

------------------------------

Date: Sun, 24 Apr 2011 18:38:38 -0400
From: Steven Bellovin <smb_at_private>
Subject: Risks of auto-classification

While reading the AP news recently, via the Associated Press' official iPad
app, I went to the "Religion" section.  I was rather surprised to see an
article about a New York Mets baseball player being put on the disabled list
due to an injury.  This seemed rather odd to me (even though as a long-time
(and long-suffering) Mets fan I might be expected to utter prayers for
relief when such things happen), until my wife pointed out the player's
name: *Angel* Pagan...

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

  [I suppose members of the team now known as the Los Angeles Angels of
  Anaheim appear regularly in that section.  Media supporting a home team
  is always popular, even if it is an example of Plug and Pray.  PGN]

------------------------------

Date: Mon, 25 Apr 2011 23:21:21 -0400 (EDT)
From: danny burstein <dannyb_at_private>
Subject: Iran claims it's under a second virus attack

After Stuxnet: Iran says it's discovered 2nd cyber attack [Jerusalem Post]

Tehran - Iran has been targeted by a second computer virus in a "cyber war"
waged by its enemies, its commander of civil defense said on Monday.
Gholamreza Jalali told the semi-official Mehr news agency that the new
virus, called "Stars", was being investigated by experts. ...  "Fortunately,
our young experts have been able to discover this virus and the Stars virus
is now in the laboratory for more investigations," Jalali was quoted as
saying. He did not specify the target of Stars or its intended impact.

rest:
http://www.jpost.com/IranianThreat/News/Article.aspx?id=217795

------------------------------

Date: Mon, 04 Apr 2011 14:46:18 -0400
From: Jeremy Epstein <jeremy.epstein_at_private>
Subject: RSA hack spear-phishing via an Excel spreadsheet with embedded Flash

http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111

Victim retrieved the message from spam folder, opened it, which used a
zero-day vulnerability in Flash to install malware that then phoned home,
giving control to the bad guys.  RSA confirmed it.

Pretty darn clever.....

Jeremy Epstein, Senior Computer Scientist, SRI International
1100 Wilson Blvd, Suite 2800, Arlington VA  22209  703-989-8907 (M)

------------------------------

Date: Thu, 21 Apr 2011 01:27:58 -0600
From: "Matthew Kruk" <mkrukg_at_private>
Subject: Tracking File Found in iPhones

Nick Bilton, *The New York Times*, 20 Apr 2011
(Miguel Helft and John Markoff contributed reporting.)
http://www.nytimes.com/2011/04/21/business/21data.html?_r=1&nl=todaysheadlines&emc=tha26

Apple faced questions [on 20 Apr 2011] about the security of its iPhone and
iPad after a report that the devices regularly record their locations in a
hidden file.  The report came from a technology conference in San Francisco,
where two computer programmers presented research showing that the iPhone
and 3G versions of the iPad began logging users' locations a year ago, when
Apple updated its mobile operating system.  After customers upgraded the
software, a new hidden file began periodically storing location data,
apparently gleaned from nearby cellphone towers and Wi-Fi networks, along
with the time.  The data is stored on a person's phone or iPad, but when the
device is synced to a computer, the file is copied over to the hard drive,
the programmers said. The data is not normally encrypted; although users can
encrypt their information when they sync their devices, few do.

To some privacy advocates, the storing of the data was a clear breach.  "The
secretive collection of location data crosses the privacy line," said Marc
Rotenberg, executive director of the Electronic Privacy Information Center,
a privacy policy organization based in Washington.  "Apple should know
better than to track iPhone users in this way."  Others said the discovery
of the hidden file was unlikely to have a major practical impact on privacy
and security.  "It is more symbolic than anything else," said Tim O'Reilly,
a longtime technology pundit and founder of O'Reilly Media. "It is one more
sign of how devices are collecting data about us and potentially sharing it
with others. This is the future. We have to figure out how to deal with it."

  [See also
http://online.wsj.com/article/SB10001424052748704123204576283580249161342.html
  and
Apple, Google In Privacy Hot Water Over "Locationgate", 25 Apr 2011
http://searchengineland.com/apple-google-in-privacy-hot-water-over-locationgate-74526
  PGN]

------------------------------

Date: Wed, 20 Apr 2011 16:43:17 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Re: Skype for Android User Data Leak (RISKS-26.43)

> "Skype mistakenly left these files with improper permissions, allowing
> anyone or any app to read them," said Case. "Not only are they accessible,
> but [they're] completely unencrypted."

Robert Watson at the University of Cambridge noted to me:

  Sounds like a classic failure of discretionary access control: you have to
  get the permissions right!

  Although it strikes me that the comment from Case gets the gist wrong:
  encrypting them is all well and good, but if they have to be decrypted to
  be used, then the key has to be lying around too. Getting the permissions
  wrong seems a greater sin. But the greatest sin of all is requiring
  application developers to get the permission bits right.  Robert

------------------------------

Date: Tue, 26 Apr 2011 17:26:30 +0300
From: Amos Shapir <amos083_at_private>
Subject: Re: Increasing risks due to leap seconds being ever more frequent

The problem seems to be that the UTC base serves two purposes, as a basis
for timezones to define local (Sun-relative) time, and also as a benchmark
for timing intervals.  At high precision, these uses might contradict each
other, and the leap-second solution is viewed as inadequate.

There is a good history of the efforts to separate these two functions in
The Future of Leap Seconds (including a reference to Kamp's article).

------------------------------

Date: Thu, 21 Apr 2011 13:27:12 -0500
From: Dimitri Maziuk <dmaziuk_at_private>
Subject: Re: 'HTTPS Now' (RISKS-26.43)

> Date: April 20, 2011 11:15:14 AM EDT
> From: EFF Press <press_at_private>
> Subject: EFF: 'HTTPS Now' Campaign Urges Users to Take an Active Role
>   in Protecting Internet Security

> As a first step, individuals using the web are encouraged to install HTTPS
> Everywhere, a security tool for the Firefox browser developed by EFF and
> the Tor Project.  HTTPS Everywhere automatically encrypts a user's
> browsing, changing it from HTTP to HTTPS whenever possible.

If that also bypasses the Firefox's "self-signed cert" dialog, it's worth
installing just for that. On the other hand, if it does not, one wonders how
the majority of users will react to "Evil hackers Are Taking Over The
Internet! Run away!" popping up after every other mouse click.

<tinfoil hat>Or perhaps EFF got hired by VeriThawteInc in the cunning plan
to expand the latter's customer base?</tinfoil hat>

Dima

Dimitri Maziuk Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

------------------------------

Date: Tue, 26 Apr 2011 02:27:46 -0400
From: Kevin Fu <kevinfu_at_private>
Subject: Workshop on RFID Security and Privacy

7th Annual Workshop on RFID Security and Privacy (RFIDsec)
Amherst, MA, USA
June 26-28, 2011
http://rfid-cusp.org/rfidsec/
  Early bird registration ends May 13
     [Sorry to be late.  I've been seriously preoccupied.  PGN]

RFIDsec brings together researchers from academia and industry for topics of
importance to improving the security and privacy of RFID, NFC, contactless
technologies, and the Internet of Things.  RFIDsec bridges the gap between
cryptographic researchers and RFID developers through invited talks,
tutorials, and contributed presentations and posters.

Pre-workshop tutorials cover the physics of RFID, hands-on differential
power analysis of hardware tokens, hands-on programming of batteryless
RFID-scale sensor devices, and an introduction to RFID security and privacy.

Social highlights include a reception and a New England-style clambake
with scenic views of the rolling foothills and majestic mountains of
the Pioneer Valley.

Discounts for full-time students are made possible by the generosity
of Microsoft Research, Mocana, Cryptography Research, the RFID
Journal, and DIFRwear.

------------------------------

Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.44
************************
Received on Sat May 14 2011 - 15:25:24 PDT

This archive was generated by hypermail 2.2.0 : Sat May 14 2011 - 20:54:51 PDT