[RISKS] Risks Digest 26.84

From: RISKS List Owner <risko_at_private>
Date: Wed, 16 May 2012 14:08:38 PDT
RISKS-LIST: Risks-Forum Digest  Wednesday 16 May 2012  Volume 26 : Issue 84

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

City Misses $1.6M in Parking Tickets Because of Computer Glitch (Monty Solomon)
Computer Glitch Forces Johnson County Motor Vehicle Offices to Close
  (Sarah Clark via Monty)
Computer Glitch Gave Free Education To College Students (Phil Yacuboski
  via Monty)
Computer glitch hampers Alaska deer hunt reporting (via Monty)
Computer glitch means NC jobless can't collect (via Monty)
Hundreds of potential jurors mistakenly head to Placer County courthouse
  (Ed Fletcher via Monty)
NJ toddler on no-fly list was mistakenly pulled from JetBlue flight
  (via Monty)
Risks of financial models being gamed (Bob Frankston)
Top judge: ditching software patents a "bad solution" (Lauren Weinstein)
Computerized prescriptions to stop fraud -- what could go wrong? (Rex Sanders)
Facebook Shares More About How It Uses Your Data (Somini Sengupta via Monty)
Dewayne Hendricks <dewayne_at_private>
Microsoft Funded Startup Aims to Kill BitTorrent Traffic (Ernesto via
  Dewayne Hendricks)
Comcast Wants You to Watch Commercials (Swanni via Dewayne Hendricks)
Slick new type of "password" (Al Stangenberger)
Paging George Orwell ... (Matthew Kruk)
Researcher runs IP network over xylophones (Lauren Weinstein)
Fiat Hacks Google Street View (Steven J. Greenwald)
Software Engineer: 2012's Top Job (Cindy Waxer)
Re: Humorous Doctor Office Interaction? (Rebecca Mercuri)
Re: USPS curtailing international lithium battery shipments (Martin Ward,
  JC Cantrell)
Never Trust a Robot, take 2 (Arnt Gulbrandsen)
Re: Power of Individual Voters (Mark E. Smith)
Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (Geoff Kuenning)
Abridged info on RISKS (comp.risks)


Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: City Misses $1.6M in Parking Tickets Because of Computer Glitch

JACKSONVILLE, Fla. -- Thousands of first coast drivers are just now getting
parking tickets from years ago.

Last week, Lisa Crawford received a $63 bill for an unpaid $20 parking
ticket - dated September 2011.

"It was very frightening because it said it could impound my car, and I look
at September and I'm like, oh my God I'm on borrowed time," Crawford said.

The notice Crawford received from the City of Jacksonville's collection
agency was one of 24,000 sent out in the past few weeks, according to the
city's public parking officer Jack Shad.

Crawford's bill was a tiny part of $1.6 million in fines the city hadn't
reported to the collection agency because they didn't realize they were
missing. ...

http://www.firstcoastnews.com/news/article/256684/483/City-Misses-16-Million-in-Parking-Tickets-Because-of-Computer-Glitch   16 May 2012


Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: Computer Glitch Forces Johnson County Motor Vehicle Offices to Close
  (Sarah Clark)

Sarah Clark, 8 May 2012

JOHNSON COUNTY, Kan. - Oh, the joys of making a trip to the DMV, or the
motor vehicle offices, as they're called in Kansas.

Drivers in Johnson County, Kan., were turned away after a computer glitch
forced offices to close on Tuesday. A message on the Johnson County
government website read:

"The Johnson County Motor Vehicle Offices located at 782 N. Ridgeview Road
in Olathe and 6000 Lamar in Mission are closed due to technical issues with
the new MOVRS computer system, Tuesday, May 8."

Other offices in Kansas outside of Johnson County remained open.

Tuesday was the first day for the new motor vehicle system after a week-long
shutdown of all Kansas Vehicle Offices. FOX 4 talked to taxpayers on Tuesday
who feel the upgrade is not making it easier to get licenses and

Several people waited for more than two hours on Tuesday as they tried to
renew a license or get a car registered. Daniel Corney says he was told he'd
have to wait over three hours to register his motorcycle. ...


Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: Computer Glitch Gave Free Education To College Students
  (Phil Yacuboski)

Phil Yacuboski and WBAL-TV, 15 May 2012

Four students at the University of Maryland, Baltimore County got a free
ride, according to a state audit released Tuesday.  "A student received a
refund but had not been charged tuition for that semester," said Bruce
Myers, legislative auditor.

The errors are the result of a computer glitch.

The audit, conducted between 2008 and 2011, showed that one student was not
charged up to $8,000 in tuition and fees, but that same student also got a
financial aid refund of more than $10,000.  A second UMBC student got almost
$10,000 in financial aid and never had to pay tuition and fees. ...



Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: Computer glitch hampers Alaska deer hunt reporting

KODIAK, Alaska (AP, 1 May 2012) - A computer glitch has resulted in
incomplete totals from data submitted online by Sitka blacktail deer hunters
around Alaska, according to state officials.

The Kodiak Daily Mirror says that hunter Joseph Mauer of Kodiak was
surprised to receive a reminder letter from the state Department of Fish and
Game asking that he resubmit his deer hunt totals from last season.

Mauer said he had already submitted his data at the end of last season using
the department's new online harvest reporting system for deer. ...



Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: Computer glitch means NC jobless can't collect

RALEIGH, N.C. - The Division of Employment Security website has been down
since late Thursday, locking out those who log on to update their benefits.

Spokesman Larry Parker said the division's web and phone services were
offline as the result of a mainframe problem, but that people could update
their files by visiting a local DES office. However, visits and calls to
offices in Raleigh, Smithfield, Durham and Cary showed computers there were
offline as well.

"They said everything was down all across the state," said Kwame Manigault.
He was trying to update his banking information at the Raleigh DES office.

  http://www.wral.com/business/story/11063925/  4 May 2012


Date: Wed, 16 May 2012 09:57:18 -0400
From: Monty Solomon <monty_at_private>
Subject: Hundreds of potential jurors mistakenly head to Placer County
  courthouse (Ed Fletcher)

Ed Fletcher, 2 May 2012

A snafu with Placer County's automated jury notification system caused a
major traffic jam Tuesday morning for the city of Auburn and a major
headache for 600 potential jurors who arrived at the county's historic

The court didn't actually need any jurors Tuesday, but the automated system
told all 1,000 potential jurors that the court will need over the entire
week that they were all needed at the courthouse Tuesday, said Geoff Brandt,
assistant court executive officer for Placer County. ...

Computer Glitch Summons Too Many Jurors, NPR, 3 May 2012

In California, the Placer County Courthouse accidentally summoned 1,200
people to jury duty on the same morning.  Taking their duty seriously,
residents tried to be on time but the traffic jam was too much.


Date: Wed, 16 May 2012 08:17:56 -0400
From: Monty Solomon <monty_at_private>
Subject: NJ toddler on no-fly list was mistakenly pulled from JetBlue flight

11 May 2012, *The Star-Ledger* Continuous News Desk

FORT LAUDERDALE, Fla. - The 18-month-old 'no-fly-list' toddler from New
Jersey who was mistakenly removed from a flight earlier this week has
JetBlue officials scrambling this morning to cover their tracks as the story
rattles around the globe. ...

Officials confirmed an 18-month-old girl was mistakenly pulled off a JetBlue
flight before it left Fort Lauderdale because airline employees thought her
name was on the U.S. no-fly list. According to the Associated Press, a
JetBlue representative told the family their toddler was on the federal list
that includes thousands of known or suspected terrorists.

On Thursday, JetBlue said a computer glitch caused the confusion and their
employees were simply doing their jobs. The U.S. Transportation Security
Administration says the girl never was flagged by the agency.  ...


Date: Sun, 13 May 2012 15:16:33 -0400
From: "Bob Frankston" <Bob19-0501_at_private>
Subject: Risks of financial models being gamed

More reminders with the limits on our ability to avoid risk:


  ``This strategy 2 and 3 grew so large that it became obvious to other
  investors who then saw an opportunity to bet against JPMorgan, which they
  viewed as cornered.''

This is a classic example of hubris in assuming we can triumph over risk by
being smart. Even if the financial models themselves are correct the world
is constantly reinventing itself around us. This example is especially
telling since models themselves can be gamed.


Date: Sun, 13 May 2012 12:52:19 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: Top judge: ditching software patents a "bad solution"

  Judge Michel seemed unaware of the depth of the software industry's
  dissatisfaction with the patent system. He suggested the patent system's
  critics were relatively marginal figures not representative of the views
  of the broader technology industry. And he didn't seem to understand the
  dynamics of the patent arms race currently affecting the software
  industry.  "If software is less dependent on patents, fine then. Let
  software use patents less as they choose," Michel said.  "If other
  industries are terribly dependent on patents, then let's not wreck the
  system just because software people are unhappy."
    http://j.mp/KV8TAp  (ars technica via NNSquad)

On balance, I'd ditch software patents from the system in a heartbeat.


Date: Sun, 13 May 2012 08:50:37 -0700
From: Rex Sanders <rsanders_at_private>
Subject: Computerized prescriptions to stop fraud -- what could go wrong?

A long Associated Press story by Greg Risling describes big problems with
fraudulent drug prescriptions written on traditional prescription pads.

The solution: prescriptions sent by computer.

The very last line of the article contains this prophetic quote: "As more
(doctors) go electronic I think it will solve some problems but may create
some others."


Date: Sun, 13 May 2012 00:18:55 -0400
From: Monty Solomon <monty_at_private>
Subject: Facebook Shares More About How It Uses Your Data (Somini Sengupta)

Somini Sengupta, *The New York Times* Blogs, 11 May 2012

How does Facebook use all the words, pictures and clicks of its 901 million

A group of European college students first raised that question last
year. The Irish Data Protection Office, which regulates all of Facebook's
European data policies, took it up. On Friday, Facebook shared a bit more.

"We're adding more examples and detailed explanations to help you understand
our policies," Facebook's new chief privacy officer, Erin Egan, a veteran
privacy lawyer in Washington, wrote, in a blog post.  Facebook users can
give feedback and talk to Ms. Egan on Monday in a video chat.

The new explanations, available by clicking on the Help tab on the bottom of
the Facebook home page, include one on how cookies work on the site and what
information application developers receive when you download an app on the
Facebook platform. The explanations also inform users about who can see what
kinds of posts on their timelines. ...



Date: Sun, May 13, 2012 at 9:08 AM
From: Dewayne Hendricks <dewayne_at_private>
Subject: Microsoft Funded Startup Aims to Kill BitTorrent Traffic

Ernesto, TorrentFreak, 13 May 2012 [via Dave Farber's IP]

The Russian based Pirate Pay startup is promising the entertainment
industry a pirate-free future. With help from Microsoft, the developers
have built a system that claims to track and shut down the distribution of
copyrighted works on BitTorrent. Their first project, carried out in
collaboration with Walt Disney Studios and Sony Pictures, successfully
stopped tens of thousands of downloads.

Hollywood, software giants and the major music labels see BitTorrent as one
of the largest threats to their business.

Billions in revenue are lost each year, they claim. But not for long if the
Russian based startup Pirate Pay has its way. The company has developed a
technology which allows them to attack existing BitTorrent swarms, making it
impossible for people to share files.

The idea started three years ago when the developers were building a
traffic management solution for Internet providers. The technology worked
well. It was able to stop BitTorrent traffic if needed, which made the
developers realize that they might have built the holy anti-piracy grail.

``After creating the prototype, we realized we could more generally prevent
files from being downloaded, which meant that the program had great promise
in combatting the spread of pirated content,'' Pirate Pay CEO Andrei Klimenko
says. ...


Date: Tue, May 15, 2012 at 7:57 AM
From: Dewayne Hendricks <dewayne_at_private>
Subject: Comcast Wants You to Watch Commercials (Swanni)


Swanni, Washington, D.C. (15 May 2012) -- Comcast has filed for a patent
for a new technology that would force viewers to watch ads even when they
try to skip them on their Digital Video Recorders.

That's according to an article by FierceCable.

The cable operator's move is in sharp contrast to Dish Network's new Auto
Hop DVR feature that allows viewers to watch recorded shows on the four
major broadcast networks without ever seeing a commercial.  Network
executives blasted Dish's new feature yesterday, but the satcaster said it
wants to "champion" the interests of subscribers, not advertisers or


Date: Tue, 15 May 2012 11:42:58 -0700
From: Al Stangenberger <forags_at_private>
Subject: Slick new type of "password"

I'm surprised that this idea made it out of testing and into production.

> On the subject of mobile security, new device locking features bring up
> an interesting dilemma about how gesture-based "passwords" compare to
> standard character passwords. Which is probably not very good, unless
> you keep your screen very clean and avoid greasy foods:
> http://news.cnet.com/8301-30685_3-57377224-264/reverse-smudge-engineering-foils-android-unlock-security/


Date: Tue, 15 May 2012 12:38:26 -0600
From: "Matthew Kruk" <mkrukg_at_private>
Subject: Paging George Orwell ...

Talking Surveillance Cameras Coming to U.S. Streets
'Intellistreets' system now being installed with DHS backing
Paul Joseph Watson, Infowars.com, 14 May 2012

Talking surveillance cameras that bark orders at passers-by and can also
record conversations are heading for U.S. streets, with manufacturer
Illuminating Concepts announcing the progress of its 'Intellistreets'



Date: Sun, 13 May 2012 08:27:48 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: Researcher runs IP network over xylophones

http://j.mp/JSkhxN   (*Network World* via NNSquad)

  "Vint Cerf once wore a shirt that read "IP on Everything," a wry comment
  on the versatility of the Internet Protocol he helped invent, a protocol
  that underlies all Internet communication.  Now a University of California
  Berkeley researcher [R. Stuart Geiger] has put Cerf's maxim to the test,
  running an IP network over a set of xylophones, played by human

Wait until they hit their XSP (Xylophone Service Provider) bandwidth cap
and get throttled back to wood blocks.

Video of the "Xylophone Internet" in action:
  http://j.mp/JSp7Lq  (YouTube)


Date: Wed, 16 May 2012 13:38:40 -0400 (GMT-04:00)
From: "Steven J. Greenwald" <sjg6_at_private>
Subject: Fiat Hacks Google Street View

Fiat hacks Google Street View to spoof Volkswagen in Sweden.
You really have to see the photo to appreciate this.
  [or google "Fiat Trolls Volkswagen via Street View", or perhaps


Date: Wed, 16 May 2012 11:19:14 -0400
From: ACM TechNews <technews_at_private>
Subject: Software Engineer: 2012's Top Job (Cindy Waxer)

Cindy Waxer, *InformationWeek*, 15 May 2012, via ACM TechNews

A recent CareerCast.com study ranked software engineer as the top job for
2012 based on five criteria, including salary, stress levels, hiring
outlook, physical demands, and work environment.  Software engineer ranked
higher than doctor, Web developer, computer programmer, and financial
planner due to tremendous demand and outstanding salary.  The U.S. Bureau of
Labor Statistics recently found that the median pay for software engineers
was $90,530 per year in 2010.  In addition, the demand for software
engineers is on the rise, with an estimated growth rate of 30 percent
between 2010 and 2020.  "Over the last few years there's definitely been a
20 percent to 25 percent uptick in salary for software engineers," says
Monetate's Tom Janofsky.  "I feel like I live in a different economy.  We're
constantly hiring."  Other benefits for software engineers are
collaboration, creative thinking, and hands-on experimentation that can
support a career in a continuous state of evolution.  Software engineers
also enjoy a lot of flextime, interesting colleagues, and a collaborative,
team-oriented work environment.  "A lot of what we do is about failing,
doing something wrong, and then going back and looking at the problem
again," Janofsky says.


Date: Sun, 13 May 2012 11:14:40 -0400
From: Rebecca Mercuri <notable_at_private>
Subject: Re: Humorous Doctor Office Interaction? (Nettesheim, RISKS-26.83)

The Patient Privacy Notice situation has been problematic for some
while. These agreements, created in order to comply with HIPAA regulations,
make it difficult (if not impossible) for the doctor to allow a relative to
received or review the patient files, even and especially if the person
becomes fully incapacitated, is unmarried (often only a spouse can gain
access, hence why there is such a debate over who can be married to whom),
and doesn't have a power of attorney or guardianship appointed.

I wrote at length about the computer security aspects of the HIPAA
legislation back in 2004 -- see:


Date: Sun, 13 May 2012 09:02:44 +0100
From: Martin Ward <martin_at_private>
Subject: Re: USPS curtailing international lithium battery shipments

On Sunday 13 May 2012 at 06:02, RISKS List Owner <risko_at_private> wrote:
> "Primary lithium metal or lithium alloy (non-rechargeable) cells and
> batteries, or secondary lithium-ion cells and batteries (rechargeable),
> regardless of quantity, size, or watt hours,

"regardless of watt hours"? What about the tiny batteries inside hearing aids?
A quick search found various lithium batteries with usual nominal 3 volt
rating and a capacity of just 15 mAh: these are used extensively in "blinkies"
15 mAh at 3 volts is 0.045 watt hours, or 162 Joules or 40 calories
(0.04 food Calories).

This is enough energy to raise the temperature of 1Kg of water by 0.04
degrees C, or equivalently to raise the temperature of 10g of water by 4
degrees C.

And this is supposed to bring down an airplane?

About as likely as being able to do so with a 110 mL tube of toothpaste!

STRL Reader in Software Engineering and Royal Society Industry Fellow
martin@private  http://www.cse.dmu.ac.uk/~mward/


Date: Mon, 14 May 2012 11:15:36 -0700 (PDT)
From: JC Cantrell <jccant_at_private>
Subject: Re: USPS curtailing international lithium battery shipments ...

"...hmm, wonder what's in my ultrasonic tapeless tape measure?"

I wonder what's in that musical Mother's Day card you just sent. And, how long before the Dept. of Homeland Security comes to visit?


Date: Mon, 14 May 2012 12:50:08 +0200
From: Arnt Gulbrandsen <arnt_at_private>
Subject: Never Trust a Robot, take 2 (Re: RISKS-26.83)

In RISKS-26.83, a note is forwarded from/via Steve Greenwald about a sailing
accident: Perhaps the crew "had the electronic chart zoomed out to a point
where the Coronado Islands no longer showed up, and so had no warning that
their track would take them straight into a rock".

The GPS car navigation systems I've seen all exaggerate the widths of roads
to make them clearly visible. Which has its risks, of course. But a zoom
function that deemphasizes reefs and islands and uses all of its pixes to
show deep blue sea seems worse.


Date: Sun, 13 May 2012 00:30:02 -0700
From: "Mark E. Smith" <mymark_at_private>
Subject: Re: Power of Individual Voters (Rees, RISKS-26.83)

> "Those who control the processes control the declared result.  The blank
> votes, or refusal to vote, can be overcome just like the elections that
> declare 99% support for dictators."

Those elections assume everyone is registered and votes. Blank or protest
votes are easy to control, but it takes no special knowledge or access, is
easy to spot, and rarely escapes notice whenever a US voting district counts
a few thousand more votes than it has registered voters.

The real problem here is that when a district with say, 300 registered
voters, tallies 3,000 votes for the candidate who wins, elections officials
are not required to do anything at all except to state that the "computer
glitch" was harmless and did not change the results of the election.


Date: Mon, 14 May 2012 18:06:30 -0700
From: Geoff Kuenning <geoff_at_private>
Subject: Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone: Nick Bilton

> ... Snapchat allows a person to take and send a picture and control how
> long it is visible by the person who receives it, up to 10 seconds.  After
> that, the picture disappears and can't be seen again. If the person
> viewing the picture tries to use an iPhone feature that captures an image
> of whatever is on the screen, the sender is notified.

If they have a friend nearby during those ten seconds, is it also wiped from
the friend's mind?

And if the quick-witted friend uses their own phone to snap the screen...

Geoff Kuenning   geoff@private   http://www.cs.hmc.edu/~geoff/


Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 26.84
Received on Wed May 16 2012 - 14:08:38 PDT

This archive was generated by hypermail 2.2.0 : Wed May 16 2012 - 14:49:12 PDT