RISKS-LIST: Risks-Forum Digest Monday 19 September 2011 Volume 26 : Issue 57 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.57.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Redundancy is always a good idea, when it exists (David Lesher) EFF Heads Back to Court to Fight Warrantless Wiretapping (EFF) Re: United Airlines uses 11,000 iPads to take planes paperless (Alistair McDonald) Re: Air France 447 (Peter Houppermans) Re: United Airlines uses 11,000 iPads to take planes paperless (John Stanley) Pakistan orders ISPs to block VPNs and other encryption? (NNSquad) Supercookie (Bill Snyder via Gene Wirchenko) Re: "Why Governments Are Terrified of Social Media" (Chris D) Re: Zombie Cookies won't die (Chris Jewell) Re: Risks in Google, specifically Gmail (John Fouhy, Joseph Brennan) Re: Don't throw away Grandma's wind-up desk clock (Martin Ward) Re: Transaction without a password is more secure? (Wayne Mesard) Re: Researchers' Typo-squatting Stole 20 GB of E-Mail (Lauren Weinstein) Re: $100 Bill: The Fed Has a $110 Billion Problem ... (Nick Laflamme) Re: Yet another incident of over-reliance on GPS navigation (Paul Wallich) Re: Man unable to open car from the inside and dies of dehydration (David Peverley) Online risks for a power of attorney (Jared Gottlieb) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 15 Sep 2011 00:30:25 -0400 FSrom: David Lesher <wb8foz_at_private> Subject: Redundancy is always a good idea, when it exists Nonredundancy is a perennial RISKS favorite (e.g., RISKS-6.93 and 7-05, to name just a few telecom items, with lots more not telecom related.) I've just become aware of an older event than most discussed here. At 04:42 AM on November 24, 1961, SAC Headquarters [then at Ent Air Force Base] lost all communications with the BMEWS ("Dew Line") radars, AND also with NORAD at Colorado Springs. CINCSAC Gen. Thomas Power, fearing an attack in progress, ordered all SAC bombers to immediate alert; but he did hold them at the end of their runways. He soon managed to establish HF SSB radio contact with a watch aircraft, a B-52 over Thule AFB in Greenland, reassuring him. The cause was all those "redundant" links went through one AT&T Long-Lines microwave tower at Black Forest, near Colorado Springs. A technician there was running a routine maintenance test on some other circuits, but left out one step.... <http://goo.gl/TawMZ> ISBN: 978-0691021010 The limits of safety: organizations, accidents, and nuclear weapons; By Scott Douglas Sagan <http://www.gazette.com/articles/norad-123954-sac-bombers.html> We now have MANY more suppliers of bit transport, with diverse glass buried hither and yon; but do we yet have really independent, redundant, systems? [As we've noted here many times, we have often seen belief in the importance of redundancy, but with weak implementation. But we also recall that the management of redundancy itself tends to considerably increase complexity. PGN] ------------------------------ Date: August 29, 2011 4:00:29 PM From: EFFector List <Editor_at_private> Subject: EFF Heads Back to Court to Fight Warrantless Wiretapping EFFector Vol. 24, No. 29 Monday August 29, 2011 editor_at_private A Publication of the Electronic Frontier Foundation ISSN 1062-9424 effector: n, Computer Sci. A device for producing a desired change. : . : . : . : . : . : . : . : . : . : . : . : . : . : . : * EFF Heads Back to Court to Fight Warrantless Wiretapping More than five years ago, EFF filed the first lawsuit aimed at stopping the government's illegal mass surveillance of millions of ordinary Americans' private communications. Whistleblower evidence combined with news reports and Congressional admissions revealed that the National Security Agency (NSA) was tapped into AT&T's domestic network and databases, sweeping up Americans' emails, phone calls and communications records in bulk and without court approval. On August 31, 2011, the Ninth Circuit Court of Appeals will hear a warrantless wiretapping double-feature to decide whether EFF's two cases can proceed. At stake will be whether the courts can consider the legality and constitutionality of the National Security Agency's mass interception of Americans' Internet traffic, phone calls, and communications records. Read more: https://www.eff.org/deeplinks/2011/08/eff-s-warrantless-wiretapping-cases-back-court * Why IP Addresses Alone Don't Identify Criminals This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay. While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal. And it's worth highlighting the fact that these unnecessary incidents are avoidable. Law enforcement needs to understand that an IP address doesn't automatically identify a criminal suspect. Read more: https://www.eff.org/deeplinks/2011/08/why-ip-addresses-alone-dont-identify-criminals ------------------------------ Date: Thu, 15 Sep 2011 07:21:03 +0200 From: "Alistair McDonald" <alistair_at_private> Subject: Re: United Airlines uses 11,000 iPads to take planes paperless In Risks Digest 26.56, Geoff Kuenning says: >>But of course passengers will still be prohibited from using those >> same devices while the pilots have them turned on... I think many people misunderstand why devices are banned on landing. The reason is that the landing is, relatively speaking, one of the riskier parts of flight, and so there more likely to be an accident. The advice we get in the UK is to put your seat back upright, open the window blinds, and stop using portable electronic devices. Upright seat backs are easier for evacuation, especially for those behind you. By opening window blinds, no-one will be blinking in unfamiliar light if they have to evacuate (or the plane is torn in half, I suppose, in a worst-case scenario). By making sure everyone can hear any cockpit announcements, there will be less chance of someone being unaware of what any incidents and evacuation plans are. I notice that these days, although I can't use my own portable mp3 or DVD player, I can still watch movies via the on-board entertainment all the way down to the gate - because any cockpit announcements pause the movie and come through my headphones. This can't be guaranteed if I'm trying to damage my own hearing by listening to heavy metal at excessive volume on my iPod. Alistair McDonald UK: +44 7833 461 587 Lux: +352 661 832 898 Author of the SpamAssassin book: (http://www.packtpub.com/spamassassin/) ------------------------------ Date: Thu, 15 Sep 2011 09:51:12 +0200 From: Peter Houppermans <ph_at_private> Subject: Re: Air France 447 (Norman, RISKS-26.56) > Readers of RISKS should be sophisticated enough not to jump on the > "human error" bandwagon every time it seems convenient Hmm, So jumping on the "human error" bandwagon is, umm - a human error? I'll go and hide now :-). On the serious side, though, your observation goes deeper and wider than just this topic. I am presently busy upsetting security "professionals" by telling them they have turned into mere administrators - especially people with a technical background get so wrapped up in policy setting and gadget management that they tend to overlook the human in the chain. You can't just throw that out with a label "weakest part" - that's not addressing the issue, that's avoiding it. Using the label "weakest link" is maintaining that status instead of doing something about it. Especially in my privacy protection work, the humans are my starting point - because they are what I protect. They present you with a rich picture of psychology, social circumstances and behaviour, wants, likes, weaknesses but also strengths, and it is especially on the latter you build. Only after that you look at technology and how it is used. You'll need the same approach at board level, those people have a way of working which you need to roll with. In addition, even people which one could call "intellectually challenged" (to use the politically correct term) are still *WAY* more sophisticated than any computer I can buy or build. Somehow we have to find a way to make that work for us. Peter Houppermans, Private & Confidential Group, http://pncg.ch ------------------------------ Date: Fri, 16 Sep 2011 11:43:52 -0700 (PDT) From: John Stanley <stanley_at_private> Subject: Re: United Airlines uses 11,000 iPads to take planes paperless Geoff Kuenning: But of course passengers will still be prohibited from using those same devices while the pilots have them turned on... Of course. The pilot's iPads have been tested in the exact environment they will be used in, properly configured to disable any radio functions (WiFi, 3g, etc), and most important, will be immediately and directly accessible to the pilots so they can be shut down in the event of any perceived interference with critical flight operations. The passenger's iPads (and other iPad-like devices too numerous to count) will have none of that. And most of what they will have won't be iPads. Suppose you decide to allow people to use iPads because of this. Do you think the cabin crew has the time or knowledge to differentiate between true iPads (which you assume have met all Part 15 unintentional radiator standards and are thus safe, a questionable assumption to start with) and the iPad knock-offs from China (where you can't assume the the manufacturer knows what "Part 15" is, much less can meet the standards)? I know that anecdotal evidence doesn't mean anything to anyone who wants to play Angry Birds during landing, but here it is anyway. Even FCC certificated radio systems are not immune from interfering with aircraft communications. During a flight in New York Center airspace, as co-pilot, at night, IFR, we started getting interference on the assigned FAA operating frequency. We couldn't hear them. I knew what caused it -- I had just tuned another radio to a different channel. I turned the offending radio off; problem solved. Imagine if that radio had been in the hands of a passenger in the middle of a 747 during landing. There is a significant difference between allowing pilots to do something in an airplane and allowing every passenger aboard to do the same thing. ------------------------------ Date: Thu, 15 Sep 2011 22:46:40 -0700 From: Lauren Weinstein <lauren_at_private> Subject: FTC proposes stricter Net access rules for children under 13 (NNSquad) http://j.mp/nnLJSU (This message on Google+) http://j.mp/rgPhnB (Wired) "The Federal Trade Commission proposed Thursday to revamp its online child privacy rules to reflect the ubiquity of smartphones and geolocation services. The proposed updates (.pdf) to the Children's Online Privacy Protection Act of 1998 were welcomed by many in the privacy community. They see the new proposal as a means to combat behavioral advertising targeting America's youth. By contrast, Facebook, Microsoft, the Entertainment Software Association, the Toy Industry Association and others are arguing for self-regulation when it comes to targeted, online behavioral advertising." - - - At least the FTC is explicitly not proposing that Congress require sites that don't cater to children to collect age-related identity information. On the other hand, some of the verification techniques being proposed seem intrusive, others seem -- well -- rather weird. In particular, finding someone to be "your parent" for a video-conference check probably won't be a stretch for the average intelligent kid: http://j.mp/oBtUFk ("Yep! That's my Bobby!" [Picasa]) This is not to suggest that I'm unsympathetic to concerns of parents and their children's Internet use. But I discern some potential "slippery slopes" in various of these proposals, of significant concern relating ultimately to adults' use of the Net, and I believe that some of these proposals will be mainly effective at scoring political points. ------------------------------ Date: Tue, 30 Aug 2011 09:24:39 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Pakistan orders ISPs to block VPNs and other encryption? (NNSquad) http://j.mp/nBQ0b4 (domain-b) "According to a PTA spokesman the directive was intended only to stop militants from using secure Internet connections to communicate with each other. However he admitted that this was only possible by preventing all Internet users in Pakistan from using virtual private networks (VPNs), according to the *Express Tribune* newspaper." ------------------------------ Date: Fri, 02 Sep 2011 09:49:32 -0700 From: Gene Wirchenko <genew_at_private> Subject: Supercookie (Bill Snyder) Bill Snyder, 22 Aug 2011, Browsing and Privacy: How to Not Get Tracked All modern browsers have built-in tools and add-ons to protect users from having their Web behavior tracked. But regardless, some sites still find ways to track you. Here are tips for taking matters into your own hands. http://www.cio.com/article/688362/Browsing_and_Privacy_How_to_Not_Get_Tracked two nasty bits: A researcher at Stanford University recently found that Microsoft (MSFT) has been using an online tracking technology that allowed the company to sneakily track users on MSN.com even though it had used some of the standard techniques developed to avoid tracking. Another group of researchers found that other sites, including Hulu.com, employed super cookie techniques to track users for advertising purposes. They wrote: "We found two sites that were respawning cookies, including one site -- Hulu.com -- where both flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used Etags, and is capable of unique tracking <bold>even where all cookies are blocked by the user and 'private browsing mode' is enabled.</bold>" (The authors are from The University of California at Berkeley, Worcester Polytechnic and the University of Wyoming. The emphasis is mine.) ------------------------------ Date: Sun, 18 Sep 2011 22:15:11 +0100 From: "Chris D." <e767pmk_at_private> Subject: Re: "Why Governments Are Terrified of Social Media" (RISKS-26.55) In the UK, politicians are pushing ahead with plans requiring ISPs to block pornography unless subscribers specifically request access to it, to protect children. I have no idea if this really is a problem, or parents and politicians looking for something to worry about (I'm not a parent myself), but newspaper headlines like "Parents Will Get Power To Stop The Internet Porn Invasion" don't help a balanced debate. Allegedly most children claim to have viewed Internet porn, but I suspect an element of schoolyard bragging here... Another proposal is to `encourage' Google and other search sites to `remove from their search results content that beaches copyright'. Main RISKs here seems to be: (a) politicians legislating for the desired results and leaving others with the problem of figuring out how to achieve them (and assuming that anything can be done easily with computers by pressing a few buttons, or setting check boxes nowadays), and (b) legally requiring ISPs to monitor subscribers' usage, and make value judgments as to what the heck is "pornography" or other potentially-objectionable material. Like 1970s East Germany, it's easy to imagine a future when half of the population are employed to watch over the other half, with huge Internet bills to pay for it, of course. In any case, presumably juveniles who really want to seek out pornography will know where to find it, so it's just the rest of us will be inconvenienced; I can imagine seniors having to get their grandkids to disable the parental locks on their laptops. ------------------------------ Date: 19 Sep 2011 00:15:38 -0000 From: Chris Jewell <chrisj_at_private> Subject: Re: Zombie Cookies won't die (RISKS-26.55) rm -rf ~/.mozilla/"Default User"/Cache/* chmod a-w ~/.mozilla/"Default User"/Cache I haven't noticed that my browsing is any slower. I assume that Windows/NT supports something similar (and I'm sure Mac OS 10 does), though many users may not know how. ------------------------------ Date: Thu, 15 Sep 2011 22:29:15 +1200 From: John Fouhy <john_at_private> Subject: Re: Risks in Google, specifically Gmail (Robinson, RISKS-26.56) Paul Robinson unfairly maligns Gmail. I have my own domain, registered through misk.com, and backed by a Gmail account. It works flawlessly, and has done so for a number of years. [well, almost flawlessly -- Gmail puts my @gmail address in the Sender: header which causes some undesirable behaviour, notably with Outlook] ------------------------------ Date: Mon, 19 Sep 2011 09:46:09 -0400 From: Joseph Brennan <brennan_at_private> Subject: Re: Risks in Google, specifically Gmail (Robinson, RISKS-26.56) > The same is not true with Gmail. There is a weird technical problem with > Gmail, if a Gmail client sends mail to a domain that redirects its mail - > like mine - and the terminating address that the redirection goes to is a > Gmail account, Gmail discards the message. Better described: If you send mail from a Gmail account, and delivery ends up forwarding back to the same Gmail account, Gmail does not add an inbox tag to the message. It's not actually discarded, since you do have the message, tagged as sent mail. That's their logic anyway. The incoming message is considered a duplicate, based (I think) on the Message-ID. The catch is that people testing delivery want to see the almost-duplicate that has different headers showing delivery through the forwarding routing. I think Gmail is the only system that does duplicate suppression between incoming and sent mail. While I like to be open to new concepts, this seems like a bug to me. Our helpdesk has had probably over one hundred tickets reporting that forwarding an account to Gmail does not work. Joseph Brennan, Lead Email Systems Engineer Columbia University Information Technology ------------------------------ Date: Fri, 16 Sep 2011 10:29:41 +0100 From: Martin Ward <martin_at_private> Subject: Re: Don't throw away Grandma's wind-up desk clock (Lee, RISKS-26.49) When I want the *exact* time I depend on one of our radio-controlled clocks: which I don't even need to reset twice a year when British Summertime starts or ends, or my solar-powered radio-controlled watch: which doesn't even need the battery changing. There used to be a saying: "A man with one watch knows what time it is; a man with two watches is never quite sure." This problem disappears with my radio-controlled clocks since they all show exactly the same time! STRL Reader in Software Engineering and Royal Society Industry Fellow martin@private http://www.cse.dmu.ac.uk/~mward/ ------------------------------ Date: Wed, 31 Aug 2011 09:55:20 -0400 From: Wayne Mesard <wmesard_at_private> Subject: Re: Transaction without a password is more secure? (RISKS-26.54) > * THERE'S NO NEED TO USE YOUR PIN, SO YOUR TRANSACTIONS ARE EVEN > MORE SECURE > > Can somebody please explain to me how it's "more secure"... The wording isn't the best, but they are making a legitimate point. While it may be the case that many ATMs are not appropriately secured, it is *certainly* the case that the majority of point-of-sale terminals are less secure than even a fairly weakly-protected ATM. This makes them much more attractive targets for skimmers. If I enter my PIN at a compromised POS terminal, then the evil-doer has my PIN and can go to any ATM and clean me out. If he doesn't have my PIN, then he can only access my compromised account from other POS terminals. Still bad, but not as bad. http://www.creditcards.com/credit-card-news/gas-station-card-skimmers-1282.php http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming FWIW, I never enter my PIN anywhere except at ATMs located at reputable, CCTV-monitored bank branches. (I also never use a debit card, and given the RISKS and the fees, I don't understand why anyone does. Just use a credit card and pay the full balance every month.) ------------------------------ Date: Thu, 8 Sep 2011 18:29:59 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Re: Researchers' Typo-squatting Stole 20 GB of E-Mail (was Risks of Typos, RISKS-26.55) http://j.mp/q7I3WX (Wired) [NNSquad] "Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months." ------------------------------ Date: Thu, 15 Sep 2011 17:10:12 -0500 From: Nick Laflamme <nick_at_private> Subject: Re: $100 Bill: The Fed Has a $110 Billion Problem with New Benjamins (26.56) I'm surprised that neither Leonard Finegold, who submitted the item, nor PGN, who read it and provided the excerpt, noted that the article cited is nine months old. What's happened with this story since 7 Dec 2010? Has the Bureau of Engraving pursued any of the solutions suggested? Have any of the new currency started to circulate? And has anything made this article more or less relevant now than it was nine months ago? [I was hoping that item would provoke a follow-up as to what's new. PGN] ------------------------------ Date: Thu, 15 Sep 2011 09:48:02 -0400 From: Paul Wallich <pw_at_private> Subject: Re: Yet another incident of over-reliance on GPS navigation (Kuenning, RISKS-26.56) In my (thank goodness limited) experience this is also an issue of decision-making under short deadlines in the presence of (real or perceived) peer pressure. When you see other drivers going around a road-closed sign, or when you're following written directions from a local, it's easy to assume that they have knowledge about the situation that goes beyond or contradicts a terse road sign. (In my childhood home town, visitors used to blench as we zipped right past the "Road Legally Closed" notice that decorated the route to the nearest interstate for 10 years or so.) What's difficult to calibrate is the amount of local knowledge needed to traverse a "closed" or otherwise posted section of road safely -- locals can typically drive back roads at least 20 km/h faster than visitors, and the Dunning-Krueger effect is in full play. (This also brings me to one of my pet peeves about GPS maps: they have nowhere near the right level of discrimination among road types. Perhaps a two or three-level classification was appropriate during the years of expensive color printing or limited device memory, but today you could do far more accurate and safer routing with more levels or even a continuous distribution of road-quality classifications.) ------------------------------ Date: Thu, 15 Sep 2011 15:06:20 +0100 From: David Peverley <pev_at_private> Subject: Re: Man unable to open car from the inside and dies of dehydration I find this particularly interesting in the context of my current car - it is a twelve year old model with the same auto-lock if-not-opened feature. I'd been ferrying bags from out of the boot and having returned from one load to get the next found the door had blown shut with the keys inside and the car had locked them in. The reason? The micro-switch in the lock mechanism that senses lock opening / closing had failed and the previous owner had not replaced it. This is understandable as you could only replace the whole lock assembly for around £40 and is only available from official dealers with the only obvious visible consequence being that the courtesy light wouldn't turn on with the boot opening. A no-brainer not to spend that much to turn a light on and off... For cars that additionally disable internal opening mechanisms one might reasonably predict that when a large number get to a decent second-hand age and start being affected by long-term wear and tear, this may well happen a lot more often if the designers haven't been able to recognise such sensor failures? ------------------------------ Date: Sun, 18 Sep 2011 12:00:00 -0600 From: jared gottlieb <jared_at_private> Subject: Online risks for a power of attorney The risk is some banks do not recognise the power of attorney for on-line banking. This is a significant restriction to the the person with the power-of-attorney, particularly when they live at a distance or simply want to take advantage of tracking account transactions without delay. The Guardian (guardian.co.uk) reports a study "... with some financial institutions putting unnecessary restrictions on how an [individual with a power of] attorney can access an account, and many refusing point blank to allow attorneys to operate online accounts." and the Chicago Tribune (chicagotribune.com) had a headline "Power of attorney powerless in online banking Bank says caretaker spouse will have to rely on monthly statements" ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.57 ************************Received on Mon Sep 19 2011 - 13:45:39 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 19 2011 - 19:10:02 PDT