RISKS-LIST: Risks-Forum Digest Friday 11 November 2011 Volume 26 : Issue 60 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.60.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Happy 11/11/11 ANA plane goes nearly belly up after wrong knob turned (Rob McCool) E-voting remains insecure, despite paper trail (Gene Wirchenko) Alleged Absentee Ballot Fraud in Florida (PGN) Massive Internet Outage blamed on Juniper routers (Lauren Weinstein) Gmail goes Colbert (James Morris) Automated systems that don't use automatic daylight savings (Tim Panton) NASA Confirms 'Suspicious Events' in Satellite Hacking Report (Rebecca Mercuri) Apple was OK to fire man for private Facebook comments (Anna Leach via Gene Wirchenko) Re: Blackberry outage saves lives (Geoff Kuenning) Re: United Airlines uses 11,000 iPads ... (Andrew Douglass, Geoff Kuenning) W32.Duqu: As ye sow, so shall ye reap ... (Stanley De Jager via Randall) New Malicious Program by Creators of Stuxnet Is Suspected (NYTimes via PGN) UK police using gear to intercept and monitor cell phones via mobile network spoofing (Lauren Weinstein) What happens when *everyone's* PII is leaked? (Jeremy Epstein) Contract worker stole 9M+ Israelis' personal information (Jeremy Epstein) Skype flaw allows BitTorrent users to be identified (Jeremy Kirk via Gene Wirchenko) Skype for iPhone makes stealing address books a snap (Dan Goodin via Monty Solomon) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 29 Sep 2011 09:26:36 -0700 (PDT) From: Rob McCool <robm_at_private> Subject: ANA plane goes nearly belly up after wrong knob turned http://www.airliners.net/aviation-forums/general_aviation/read.main/5266959/ An ANA 737 went nearly belly up during cruise flight after the first officer turned the wrong knob to let the captain back into the cockpit. The knob for the rudder is similar to the knob to unlock the door and both are located in close proximity to each other. Luckily, it was late at night and most passengers were wearing their seat belts. ------------------------------ Date: Tue, 01 Nov 2011 13:13:08 -0700 From: Gene Wirchenko <genew_at_private> Subject: E-voting remains insecure, despite paper trail http://www.infoworld.com/t/security/e-voting-still-insecure-even-paper-trail-177623 InfoWorld Home / InfoWorld Tech Watch October 31, 2011 E-voting remains insecure, despite paper trail Microsoft researchers propose using cryptography technique as temporary Band-Aid for making new e-voting systems more secure By Ted Samson | InfoWorld opening and closing paragraphs: Microsoft Research has revealed a potential flaw in verifiable e-voting machines through which fraudsters could easily use discarded ballot receipts as a guide for altering votes. Fortunately, the researchers also offered a solution -- linking new receipts to previous ones with cryptographic hashes -- but that alone won't make e-voting entirely secure, they cautioned. This Microsoft Research report offers a fine example of how electronic-voting systems have improved to a degree, but it also shows that there's a lot of work to be done to make e-voting truly secure and verifiable. The fact that so many lawmakers have continued to drag their feet on this issue, even in light of documented controversies surrounding e-voting over the past several years, suggests at best an abysmally high level of technical ignorance among elected officials. At worst, it implies a general disregard for the democratic process on which this country was founded, a high level of corruption, or some combination thereof. ------------------------------ Date: Wed, 19 Oct 2011 09:11:47 -0700 From: Peter G Neumann <neumann_at_private> Subject: Alleged Absentee Ballot Fraud in Florida In Madison County, Florida, 8 residents have been arrested -- among them the election supervisor and a school board member -- relating to the 2010 school board election in that county. Apparently, the winner in one district was implicated in illegally creating absentee ballots mailed to false addresses, without voters' knowledge. This reminds me of an incident in the 2000 election in Florida, in which the inhabitants of entire rest home had voted 100% for one candidate, although *none* of those residents who had been interviewed by ABC had actually requested an absentee ballot -- according to the ABC news reporter recording me. I suspect this is not uncommon. ------------------------------ Date: Mon, 7 Nov 2011 10:37:17 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Massive Internet Outage blamed on Juniper routers "A global internet outage took down sites and services across the web on Monday. The outage began shortly after 2pm, and affected telco Time Warner Cable in the US and numerous ISPs in the UK, including Eclipse Internet and Easynet. Several of the affected companies blamed the downtime on a problem with the firmware in Juniper Network routers. "This outage has affected other networks running Juniper routers with the majority of them seeing their devices core dump and reload," affected ISP Phyber Communications said." http://j.mp/sPisRG (Silicon) Time Warner has said their entire Internet network operation was affected by this. I've been having connectivity problems on one of my primary circuits since late yesterday and continuing now that may or may not be related. I'll see if this message makes it out. ------------------------------ Date: November 11, 2011 11:28:12 AM EST From: james.morris_at_private Subject: Gmail goes Colbert (From Dave Farber's IP) The new gmail that apparently is going to be forced on everyone is not an improvement as far as I can see. It has a lot of cosmetic changes that someone liked, but the amazing thing is the way they are introducing it. There is no way to revert to the old version, but they devote special buttons to tell you how nice the new look is and to ask for you for feedback. The feed back section has just two Colbert-like questions: "What do you like about the new version?" and "What, if anything, would you change about the new version?" Colbert would ask something like "Is this awesome or super-awesome?" but he's trying to be ironic. James H. Morris http://www.cs.cmu.edu/~jhm ------------------------------ Date: Tue, 1 Nov 2011 17:30:02 +0000 From: Tim Panton <thp_at_private> Subject: Automated systems that don't use automatic daylight savings I just got this e-mail from reception of the building I'm in today: "With the clocks going back by one hour this has caused the security door in the reception area to automatically lock at 17:00 instead of 18:00. Due to our system being down at the moment we are unable to change this. Please can I remind you that you should carry you pass with you at all times for security reasons." So, of the three security systems mentioned, both the automated ones have partially failed, the fallback is to *e-mail* me to remind me to carry a pass so I won't get locked on the landing on my way back from the WC. Hardly a disaster, but annoying none the less. [I was hoping to get this issue out at 11/11/11/11:11. There's still hope to celebrate if you are in Alaska or Hawaii. Cheers! PGN] ------------------------------ Date: Sat, 29 Oct 2011 21:19:31 -0400 From: RTMercuri <notable_at_private> Subject: NASA Confirms 'Suspicious Events' in Satellite Hacking Report http://www.bloomberg.com/news/2011-10-27/chinese-military-suspected-in-hacker-attacks-on-u-s-satellites.html Chinese Military Suspected in Hacker Attacks on U.S. Satellites By Tony Capaccio and Jeff Bliss - Oct 26, 2011 9:01 PM PT Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month. "Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," according to the draft. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission." A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report. Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year, the draft says, citing a closed-door U.S. Air Force briefing. The draft report doesn't elaborate on the nature of the hackers' interference with the satellites. Chinese Military Writings U.S. military and intelligence agencies use satellites to communicate, collect intelligence and conduct reconnaissance. The draft doesn't accuse the Chinese government of conducting or sponsoring the four attacks. It says the breaches are consistent with Chinese military writings that advocate disabling an enemy's space systems, and particularly "ground-based infrastructure, such as satellite control facilities." U.S. authorities for years have accused the Chinese government of orchestrating cyber attacks against adversaries and hacking into foreign computer networks to steal military and commercial secrets. Assigning definitive blame is difficult, the draft says, because the perpetrators obscure their involvement. The commission's 2009 report said that "individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community," although it acknowledges that "these relationships do not prove any government affiliation." Chinese Denials China this year "conducted and supported a range of malicious cyber activities," this year's draft reports. It says that evidence emerging this year tied the Chinese military to a decade-old cyber attack on a U.S.-based website of the Falun Gong spiritual group. Chinese officials long have denied any role in computer attacks. The commission has "been collecting unproved stories to serve its purpose of vilifying China's international image over the years," said Wang Baodong, a spokesman for the Chinese Embassy in Washington, in a statement. China "never does anything that endangers other countries' security interests." The Chinese government is working with other countries to clamp down on cyber crime, Wang said. Defense Department reports of malicious cyber activity, including incidents in which the Chinese weren't the main suspect, rose to a high of 71,661 in 2009 from 3,651 in 2001, according to the draft. This year, attacks are expected to reach 55,110, compared with 55,812 in 2010. Relying on the Internet In the October 2008 incident with the Terra AM-1, which is managed by the National Aeronautics and Space Administration, "the responsible party achieved all steps required to command the satellite," although the hackers never exercised that control, according to the draft. The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach. The Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that "routinely relies on the Internet for data access and file transfers," says the commission, quoting a NASA report. The hackers may have used that Internet connection to get into the ground station's information systems, according to the draft. While the perpetrators of the satellite breaches aren't known for sure, other evidence uncovered this year showed the Chinese government's involvement in another cyber attack, according to the draft. TV Report A brief July segment on China Central Television 7, the government's military and agricultural channel, indicated that China's People's Liberation Army engineered an attack on the Falun Gong website, the draft said. The website, which was hosted on a University of Alabama at Birmingham computer network, was attacked in 2001 or earlier, the draft says. The CCTV-7 segment said the People's Liberation Army's Electrical Engineering University wrote the software to carry out the attack against the Falun Gong website, according to the draft. The Falun Gong movement is banned by the Chinese government, which considers it a cult. After initially posting the segment on its website, CCTV-7 removed the footage after media from other countries began to report the story, the congressional draft says. Military Disruption The Chinese military also has been focused on its U.S. counterpart, which it considers too reliant on computers. In a conflict, the Chinese would try to "compromise, disrupt, deny, degrade, deceive or destroy" U.S. space and computer systems, the draft says. "This could critically disrupt the U.S. military's ability to deploy and operate during a military contingency," according to the draft. Other cyber intrusions with possible Chinese involvement included the so-called Night Dragon attacks on energy and petrochemical companies and an effort to compromise the Gmail accounts of U.S. government officials, journalists and Chinese political activists, according to the draft. Often the attacks are found to have come from Chinese Internet-protocol, or IP, addresses. Businesses based in other countries and operating in China think that computer network intrusions are among the "most serious threats to their intellectual property," the draft says. The threat extends to companies not located in China. On March 22, U.S. Internet traffic was "improperly" redirected through a network controlled by Beijing-based China Telecom Corp. Ltd., the state-owned largest provider of broadband Internet connections in the country, the draft said. In its draft of last year's report, the commission highlighted China's ability to direct Internet traffic and exploit "hijacked" data. To contact the reporters on this story: Jeff Bliss in Washington at jbliss_at_private; Tony Capaccio in Washington at acapaccio_at_private To contact the editor responsible for this story: Mark Silva in Washington at msilva34_at_private [See also this article. PGN http://sz0043.wc.mail.comcast.net/zimbra/mail?view=msg&id=879=860#11 ------------------------------ Date: Thu, 03 Nov 2011 10:34:33 -0700 From: Gene Wirchenko <genew_at_private> Subject: Apple was OK to fire man for private Facebook comments Anna Leach: 'Image is so central to Apple's success', says tribunal, *The Register*, 3 Nov 2011 http://www.theregister.co.uk/2011/11/03/apple_employee_fired/ selected text: Apple was right to fire an employee of one of its UK stores for saying rude things about the company on his Facebook wall, an employment tribunal in Bury St Edmunds ruled.* The tribunal judge upheld Apple's dismissal of the man for gross misconduct in a case which sets another precedent for social network users who like to bitch about work online. The Apple Store worker had made derogatory comments about Apple's brand and products on his Facebook wall. Although his posts were not public, one of his unfriendlier "friends" -- also a colleague in the store -- printed the comments out and showed them to their boss, who fired the man for misconduct. A striking feature of the case was that although the man's Facebook comments were not public - privacy settings had been applied - the judge decided because that the comments could be easily copied and pasted by his friends they did not attract any privacy protection. ------------------------------ Date: Wed, 26 Oct 2011 15:40:06 -0700 From: Geoff Kuenning <geoff_at_private> Subject: Re: Blackberry outage saves lives (Thorson, RISKS-26.59) > Perhaps this could be exploited by throttling down network traffic during > hazardous driving conditions, such as the first heavy rain of the season, > major holiday evenings, and at the end of large sports events. This bad idea was already tried by BART, with disastrous results. There are many socially beneficial uses for smartphones that don't involve driving. Even interfering with communication inside cars is a bad idea, because it ignores the fact that the passengers might be the ones contacting the babysitter to inform them they're going to be late. Geoff Kuenning geoff@private http://www.cs.hmc.edu/~geoff/ ------------------------------ Date: Tue, 25 Oct 2011 14:56:35 -0400 From: Andrew Douglass <andlass.dougrew_at_private> Subject: Re: United Airlines uses 11,000 iPads ... (Stanley, RISKS-26.59) Good details all, but my concern was with *intentional* interference with the flight systems, e.g., terrorism. It is a question necessarily suggested I think by any concerns re interference by consumer electronics. In the general operation of highly complex, fly-by-wire aircraft, such a deliberate act could be a very bad thing. I have to hope contingency plans are in place, and they probably aren't. There are I must believe alternatives (for example hardened navigation options, like some sort of failsafe gyroscopic or accelerometer control system (the wiser minds here will have better ideas). Flying these large planes is a highly abstract exercise and flight crews unprepared for malfunctions, as apparently with Air France 447, can be rendered suddenly helpless -- flying at cruising altitude is itself a flight-critical operation. ------------------------------ Date: Wed, 26 Oct 2011 21:33:36 -0700 From: Geoff Kuenning <geoff_at_private> Subject: Re: United Airlines uses 11,000 iPads ... (Irons, R-26.59) > Not quite. The main reason tablets and laptops are banned during takeoff > and landing isn't because of concerns over interference, but because they > might hinder an evacuation, and are potentially dangerous projectiles in > the event of an impact or rapid deceleration. ... That's the first sensible justification that I've heard on this list for prohibiting passengers from using devices that are allowed in the cockpit. Of course, the airlines still don't get it quite right, since many still permit (as only one example) the wearing of noise-canceling headphones that are turned off; those, too, would be unpleasant to encounter at high speed. Geoff Kuenning geoff@private http://www.cs.hmc.edu/~geoff/ ------------------------------ Date: October 19, 2011 1:34:20 PM EDT From: Randall Webmail <rvh40_at_private> Subject: W32.Duqu: As ye sow, so shall ye reap ... (Stanley De Jager) > From Stanley De Jager: > A new threat is getting some press this week and is being touted as "The > next Stuxnet!" or at least a precursor to the next. The W32.Duqu appears > to be written by either the same folks that brought us Stuxnet, or someone > with access to its original source code. But whereas Stuxnet went after > the control components for a device, this new code seems to be > exfiltrating data to find assets for a possible future attack. > It was Aeschylus, the Greek father of tragedy, that once wrote "For the > impious act begets more after it, like to the parent stock." > W32.Duqu: The Precursor to the Next Stuxnet > http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet > And a much deeper public analysis here: > W32.Duqu: The precursor to the next! Stuxnet > http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf ------------------------------ Date: Wed, 19 Oct 2011 09:11:47 -0700 From: Peter G Neumann <neumann_at_private> Subject: New Malicious Program by Creators of Stuxnet Is Suspected ... Duqu is intended to steal digital information that may be needed to mount another Stuxnet-like attack. According to Symantec researchers, ``Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party, The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.'' Duqu is designed to last 36 days and then remove itself from the system it infected. [Source: John Markoff, The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say. Israeli Test on Worm Called Crucial in Iran Nuclear Delay William J. Broad, John Markoff, David E. Sanger, *The New York Times*, 16 Oct 2011; PGN-ed] ------------------------------ Date: Sun, 30 Oct 2011 16:40:26 -0700 From: Lauren Weinstein <lauren_at_private> Subject: UK police using gear to intercept and monitor cell phones via mobile network spoofing "Britain's largest police force is operating covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area." http://j.mp/s9aJyb (Guardian) One way to fight this is to focus on using trusted Wi-Fi networks for communications when possible in constrained areas. The details are complex but the principle has promise for special situations. ------------------------------ Date: Mon, 24 Oct 2011 08:06:09 -0400 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: What happens when *everyone's* PII is leaked? We've all seen hundreds of cases of PII being lost, stolen, etc. But what happens when an entire country's PII gets released? Is that better or worse - since absolutely everybody is potentially affected, is the government forced to reissue authentication information to everyone, and change all the databases? (Assuming you can identify everyone to ensure that they get the right authenticators, that is.) Does the fact that it affects everyone mean that people will be more cautious of social engineering attacks, since everyone knows that they could be the target? Or does it reduce the value of the lost/stolen information, since everyone will be more on guard against attacks? "The database provides the personal and familial information of all Israeli citizens in the Population Registry -- more than nine million people, some of whom are no longer alive. Each citizen's family relations, personal identification number and other private information are contained in the database. [...] At some point, the registry was sold for the paltry sum of only a few thousand shekels [less than US$1000], and it is likely that it was used for malevolent purposes. Since the start of the investigation, Israeli agents have attempted to track down every copy of the registry and remove it from the Internet. " Of course removing "every copy" from the Internet is a fool's errand. I don't have any answers to what the reaction will be, but we may have a case study to watch. The database was leaked several years ago, but I only just read about it in an article about figuring out how the information came to be posted on the web. http://www.haaretz.com/news/national/israel-cracks-case-behind-population-database-illegally-posted-on-web-1.391714 ------------------------------ Date: Tue, 25 Oct 2011 20:21:21 -0400 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: Contract worker stole 9M+ Israelis' personal information [source: InfoSecNews, InfoSec News <alerts_at_private>, 24 Oct 2011] http://www.jpost.com/NationalNews/Article.aspx?id=242957 A contract worker from the Ministry of Labor and Welfare was charged with stealing the personal information of over 9 million Israelis from the Population Registry, the Justice Ministry announced Monday after a media ban was lifted. The worker electronically copied identification numbers, full names, addresses, dates of birth, information on family connections and other information in order to sell it to a private buyer. The information was also given to another individual who used it to design a software program called "Agron 2006", which exploited the database to allow queries of all Israeli citizens, allowing information to be illegally sold based on various parameters. Those parameters could include familial relationships of the entire Israeli population, over several generations. [...] Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn ------------------------------ Date: Fri, 21 Oct 2011 10:26:23 -0700 From: Gene Wirchenko <genew_at_private> Subject: Skype flaw allows BitTorrent users to be identified (Jeremy Kirk) http://www.itbusiness.ca/it/client/en/home/News.asp?id=64617 Jeremy Kirk, Skype flaw allows BitTorrent users to be identified Researchers have demonstrated its possible to link BitTorrent users to Skype account information via IP addresses. It's a possible risk to Skype's user privacy, 21 Oct 2011. ------------------------------ Date: Fri, 21 Oct 2011 18:52:22 -0400 From: Monty Solomon <monty_at_private> Subject: Skype for iPhone makes stealing address books a snap (Dan Goodin) Dan Goodin, *The Register*, 20 Sep 2011 If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message. In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you'll have a fully-searchable copy of the victim's address book. ... http://www.theregister.co.uk/2011/09/20/skype_for_iphone_contact_theft/ ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.60 ************************Received on Fri Nov 11 2011 - 12:14:44 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 11 2011 - 18:41:12 PST