[RISKS] Risks Digest 26.85

From: RISKS List Owner <risko_at_private>
Date: Mon, 28 May 2012 10:57:00 PDT
RISKS-LIST: Risks-Forum Digest  Monday 28 May 2012  Volume 26 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.85.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Class 1 Recall: Nicolet, Software Malfunction and Short Circuit (Monty Solomon)
Class I Recall: Baxa Software, Potential Dosing Errors (Monty Solomon)
NJ Mayor hacks website that advocated his recall (Arstechnica)
"Why voting machines still suck" (Paul Venezia via Gene Wirchenko)
Japanese Satellite Broadcasting scramble protection cracked (Ishikawa)
"Smartphone users more oblivious to others: study" (Gene Wirchenko)
The risk of having to "sell" research (Bob Frankston)
Controlling the Internet? (Lauren Weinstein)
China's version of Twitter adopts new usage restrictions (Lauren Weinstein)
In Malaysia, new Internet laws make you guilty unless proven innocent
  (Lauren Weinstein)
FBI forms a new internet-surveillance unit (Declan McCullagh via Joly MacFie)
BBC on Flame virus (Joly MacFie)
ID Thieves Loot Tax Checks, Filing Early and Often (Lizette Alvarez via
  Monty Solomon)
Orthodox Rally for a More Kosher Internet (Josh Nathan-Kazis via Monty Solomon)
Illuminating dialog with a scammer (Identity withheld by request)
"Can an Algorithm Write a Better News Story Than a Human Reporter?"
  (Gabe Goldberg)
Re: Never Trust a Robot, take 2 (Jonathan Pritchard)
Re: Microsoft Funded Startup Aims to Kill BitTorrent Traffic (Barry Gold)
Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (Dag-Erling Smørgrav)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 28 May 2012 11:12:54 -0400
From: Monty Solomon <monty_at_private>
Subject: Class 1 Recall: Nicolet, Software Malfunction and Short Circuit

CareFusion Cortical Stimulator Control Unit:
Class 1 Recall - Software Malfunction and Short Circuit

Nicolet Cortical Stimulator Control Unit, Nicolet C64 Stimulus Switching
Unit (SSU) Amplifier and NicoletOne Software with Cortical Stimulator License
U.S. Food and Drug Administration [Posted 02/23/2012]

AUDIENCE: Neurology, Risk Managers

ISSUE: CareFusion is recalling Nicolet Cortical Stimulator Control Unit,
Nicolet C64 Stimulus Switching Unit (SSU) Amplifier and NicoletOne Software
with Cortical Stimulator License for two reasons: the device's software
incorrectly indicates stimulation is delivered to a different electrode than
the one selected and a short circuit may develop between the cortical
stimulator control unit and the stimulus switching unit amplifier.  Both of
these issues may result in the surgeon resecting the wrong brain tissue. The
surgeon may also fail to resect pathological tissue, potentially leading to
continued pathologic processes and the need for re-operations. ...

http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm292975.htm

------------------------------

Date: Mon, 28 May 2012 11:12:54 -0400
From: Monty Solomon <monty_at_private>
Subject: Class I Recall: Baxa Software, Potential Dosing Errors

Baxa Corporation Abacus Total Parenteral Nutrition (TPN) Calculation
Software: Class I Recall - Potential Dosing Errors  [PGN-ed]
U.S. Food and Drug Administration [Posted 05/25/2012]

AUDIENCE: Pharmacy, Risk Manager

ISSUE: A number of errors have been reported by Abacus software users as a
result of ordering salt based parenteral nutrition ingredients on an ion
based ordering template. Abacus TPN Calculation Software is designed and
intended to allow the ordering of electrolytes in only one of two ways: as a
salt (such as calcium gluconate 10%) or as an elemental ion (such as
calcium). However, if a dosage is entered into the system based on one
method, when the template is configured for the other method, a dosing error
can occur.

The problem associated with mix-ups related to salt-based or ion-based
ordering of electrolytes is not exclusive to calcium gluconate. ...

The Abacus TPN Calculation Software was manufactured and distributed from
August 7, 2006 through April 15, 2009.  Affected catalog numbers include:

  8300-0045: Abacus Calculator Only (Abacus CE)
  8300-0046: Abacus Single Work Station (Abacus SE)
  8300-0047: Abacus Multi-Work Station (Abacus ME)

http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm305762.htm

------------------------------

Date: Sat, 26 May 2012 10:18:23 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: NJ Mayor hacks website that advocated his recall

The mayor of a small town in New jersey managed to take down the a website
that openly advocated his removal from office by recall.  He did not exactly
hack the web site, but he managed to hijack the e-mail account associated
with the domain of the website, and then used it to cancel the registration
for the domain, thereby causing the site to go dark.
http://arstechnica.com/security/2012/05/new-jersey-mayor-son-arrested-on-charges-they-nuked-recall-website/

  [Thanks to David Jefferson for spotting this one.  PGN]

------------------------------

Date: Thu, 17 May 2012 08:41:41 -0700
From: Gene Wirchenko <genew_at_private>
Subject: "Why voting machines still suck" (Paul Venezia)

Paul Venezia, *InfoWorld, 14 May 2012

Significant government funds go into snooping on citizens and outrageously
sophisticated weaponry. How about a little scratch for the basic instrument
of democracy?
http://www.infoworld.com/d/data-center/why-voting-machines-still-suck-192988

This article has a good summary of the situation and links to several
related articles.

------------------------------

Date: Thu, 17 May 2012 12:45:34 +0900
From: ishikawa <ishikawa_at_private>
Subject: Japanese Satellite Broadcasting scramble protection cracked

It has been widely reported in many blogs in Japan that a widely used
scramble protection system for satellite broadcasting (and for that matter
some ground-based broadcasting) in Japan called B-CAS (BS Conditional Access
System) has been compromised.

Basically, satellite broadcasting relies on an IC card supplied by B-CAS
company limited, to handle the management of subscription and duration (and
presumably key handling for descrambling).  In Japan, TV tuners on the
market have the card slot where the card is inserted.

Now, there were earlier reports of so called "black" B-CAS card that seems
to enable the viewing of all paid such channels earlier this year, which
initially seemed to be a hoax, but then turned out to be true(!). The card
was imported from Taiwan (or China).

Based on the knowledge that someone outside Japan cracked the basic
protection mechanism, the hacking community in Japan and elsewhere seems to
have been busy cracking the card, and apparently it has been successful.

It seems that some IC cards in selected lots seemed to have forgotten to
lock the key management file thus allows unauthorized modification.

And finding the PIN (8bytes) was brute force, but for some type of chips
used in the B-CAS cards, it was easy.  (Obviously, B-CAS cards are built
using different chips in lots.)

They password checking is performed by plain-text comparison using memcmp()
and thus immediately return failure when the mismatching occurs. Thus it was
vulnerable to timing analysis. If you get the first byte of 8 byte PIN
correct, then your NG is returned somewhat late. [These contact IC's clock
is often 1-10 MHz range, and thus you can tell.]  So you can know that you
now obtain the first byte. And then you can find the correct 2nd byte of PIN
when your NG result is returned somewhat later than in other cases, etc.  (I
think the cracker who found this has already disassembled the code inside
the chip AFTER he/she (?) figured out the PIN and found ways to dump the
code inside the chip.)

All in all, the news seems to have spread widely. I have heard it from a
friend of mine via e-mail early this week. And by that time, most of the
major chip types used in the B-CAS IC card seem to have been cracked.

Worse, in one type of the chip, it seems that the programmers can access the
internal program cleverly and thus can disassemble the internal routine,
thus finding the used encryption algorithm inside, which was never published
before.  With this knowledge, there are people who are talking of creating a
soft-BCAS routine that can decode off-line the scrambled data recorded from
satellite broadcast later without the IC card at all.

Initially, only a few types of the used chips were reported to be
vulnerable, and people who heard the early news seemed to have gone out and
bought tuner units with the vulnerable B-CAS IC card with the particular
chip types: so there was an usual surge of sales of these otherwise slow
selling tuners in the stores in Tokyo last weekend.

There has been a severe criticism of this adoption of this B-CAS card: even
the ordinary non-paying TV broadcast has to go through this scrambling today
and thus the B-CAS card is in EVERY tuner. (This may have been one reason
for the demise. The cards are available in the market aplenty. If you buy a
new one, and retire the old one, engineering types keep at least this IC
card from the old unit for the keeps. Thus crackers have had no qualm of
invalidating such cards by mis-programming during trials and errors
process.)

Strangely or understandably, TV news programs are silent for now.  I think
B-CAS company and the satellite broadcasting channels have to come up with a
clear road map before making an announcement. Then there will be a big TV
news, I suppose.

On the other hand, there may not. My friends say there are not so many
interesting TV programs in paid channels. And people who go out and modify
their B-CAS cards in this manner will be in the minority.

However, the operator of the paid-channel can not sit idle and must have
been pushing B-CAS company to do something in the last few days.

Stay tuned :-)

------------------------------

Date: Wed, 16 May 2012 14:56:15 -0700
From: Gene Wirchenko <genew_at_private>
Subject: "Smartphone users more oblivious to others: study"

"The Daily News", Kamloops, British Columbia, Canada; May 12, 2012; p. B3:

Users of smartphones, such as iPhones and BlackBerrys, have a different
sense of privacy and of the appropriateness of public cellphone usage
compared to users of more traditional mobile devices, a study shows.

Researchers from Tel Aviv University drew this conclusion after studying the
attitudes of about 150 people in Israel.

Eran Toch, from the school's department of industrial engineering, said in
a statement that smartphone users tend to have an illusion of being in a
"privacy bubble" when using their devices in public.

The research found that people with smartphones were 70 per cent more likely
than those with less advanced cellphones to think their devices gave them a
fair degree of privacy when using them in public.

Smartphone users were also 20 per cent less likely to think talking on their
devices in public bothered other people, and 50 per cent less inclined to be
annoyed by other people using their phones, the study found.'

------------------------------

Date: Thu, 17 May 2012 17:05:25 -0400
From: "Bob Frankston" <Bob19-0501_at_private>
Subject: The risk of having to "sell" research

I have no issue with the research reported below itself but the statement,
"A typical data network consists of an array of nodes -- which could be
routers on the Internet ...", implies they are talking about information in
the everyday sense as in the content of web pages. But that's an entirely
different sense of the term and doesn't have a simple mapping into Shannon's
abstract measure.

While I understand the need to make research appear relevant but we must be
wary of, and even critical of, researchers who may do meticulous research
and then ignore the difference between their technical use of the terms and
the common use. Such reports often become the basis for public policy as
when channel limits are used to justify claims of "spectrum scarcity".

------------------------------

Date: Mon, 28 May 2012 09:26:03 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: Controlling the Internet? (via NNSquad)

UN/ITU Internet Control (and an EU Web Cookie Insanity update!)
http://j.mp/KnsgFW  (This message on Google+)

House to examine plan for United Nations to regulate the Internet
http://j.mp/KyoJTK  (The Hill)

  "House lawmakers will consider an international proposal next week to give
  the United Nations more control over the Internet. The proposal is backed
  by China, Russia, Brazil, India and other UN members, and would give the
  UN's International Telecommunication Union (ITU) more control over the
  governance of the Internet."

If the UN/ITU actually did manage to get their clutches on the Internet, the
resulting blowback in terms of network fragmentation would be
immense. Unfortunately, ICANN's continuing shenanigans pretty much guarantee
network fragmentation as well. We need a purpose-built *third way*.

On the EU Web Cookie Insanity (WCI) front, reports are (and a quick test
seems to confirm for the moment) that the BBC for now appears to have pulled
down their wacky, looping cookie warning/control banners.

The British Telecom community donations site, however, continues to
intercept with a full page of cookie gobbledegook, which users who already
block cookies *cannot click past*.

As the old song goes, "Quick, send in the clowns -- Don't bother, they're
here."

Lauren Weinstein (lauren@private): http://www.vortex.com/lauren
People For Internet Responsibility: http://www.pfir.org
Data Wisdom Explorers League: http://www.dwel.org
Network Neutrality Squad: http://www.nnsquad.org
Global Coalition for Transparent Internet Performance: http://www.gctip.org
PRIVACY Forum: http://www.vortex.com
Lauren's Blog: http://lauren.vortex.com
Tel: +1 (818) 225-2800 / Skype: vortex.com

------------------------------

Date: Sun, 27 May 2012 17:09:50 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: China's version of Twitter adopts new usage restrictions

  "China's biggest microblogging service has introduced a code of conduct
  explicitly restricting the type of messages that can be posted."
  http://j.mp/JoeiQa  (BBC via NNSquad)

------------------------------

Date: Sun, 27 May 2012 12:48:52 -0700
From: Lauren Weinstein <lauren_at_private>
Subject: In Malaysia, new Internet laws make you guilty unless proven innocent

http://j.mp/LzYvxY  (the star via NNSquad)

  PETALING JAYA: The amendment to the Evidence Act transfers the burden of
  proof to the accused, which is contrary to the principle of justice, said
  lawyers and Internet users.  "At any trial, whether criminal or civil
  cases, it is up to the prosecutor to prove guilt beyond reasonable
  doubt. Now the burden will be shifted to the accused to disprove (the
  allegation against them)," said human rights lawyer Edmund Bon.  He added:
  "All around the world where there is Internet any reasonable person would
  be against the posting of hate messages.  But whether the Government
  should step in and take such control is another matter."

------------------------------

Date: Sat, May 26, 2012 at 8:57 AM
From: Joly MacFie <joly_at_private>
Subject: FBI forms a new internet-surveillance unit

  [By Declan McCullagh, via Dave Farber's IP]

http://news.yahoo.com/blogs/technology-blog/big-brother-watching-fbi-forms-internet-surveillance-unit-173958595.html

The FBI has recently formed a secretive surveillance unit with an ambitious
goal: to invent technology that will let police more readily eavesdrop on
Internet and wireless communications.

The establishment of the Quantico, Va.-based unit, which is also staffed by
agents from the U.S. Marshals Service and the Drug Enforcement Agency, is a
response to technological developments that FBI officials believe outpace
law enforcement's ability to listen in on private communications.
<http://news.cnet.com/8301-31921_3-20032518-281.html>

While the FBI has been tight-lipped about the creation of its Domestic
Communications Assistance Center, or DCAC -- it declined to respond to
requests made two days ago about who's running it, for instance -- CNET has
pieced together information about its operations through interviews and a
review of internal government documents.

DCAC's mandate is broad, covering everything from trying to intercept and
decode Skype conversations to building custom wiretap hardware or analyzing
the gigabytes of data that a wireless provider or social network might turn
over in response to a court order. It's also designed to serve as a kind of
surveillance help desk for state, local, and other federal police.
<http://news.cnet.com/8301-31921_3-20035168-281.html>

The center represents the technological component of the bureau's "Going
Dark" Internet wiretapping push, which was allocated $54 million by a Senate
committee last month. The legal component is no less important: as CNET
reported on May 4, the FBI wants Internet companies not to oppose a proposed
law that would require social-networks and providers of VoIP, instant
messaging, and Web e-mail to build in backdoors for government surveillance.
<http://news.cnet.com/8301-31921_3-20017671-281.html>
<http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/>

During an appearance last year on Capitol Hill, then-FBI general counsel
Valerie Caproni referred in passing, without elaboration, to "individually
tailored" surveillance solutions and "very sophisticated criminals." Caproni
said that new laws targeting social networks and voice over Internet
Protocol conversations were required because "individually tailored
solutions have to be the exception and not the rule."
<http://news.cnet.com/8301-31921_3-20032518-281.html> on
<http://www.fbi.gov/news/testimony/going-dark-lawful-electronic-surveillance-in-the-face-of-new-technologies>
<http://news.cnet.com/8301-31921_3-20032910-281.html>

Joly MacFie 218 565 9365 VP(Admin), ISOC-NY - http://isoc-ny.org Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com  http://pinstand.com - http://punkcast.com

------------------------------

Date: Mon, May 28, 2012 at 12:22 PM
From: Joly MacFie <joly_at_private>
Subject: BBC on Flame virus (via Dave Farber's IP)

This new threat appears not to cause physical damage, but to collect huge
amounts of sensitive information, said Kaspersky's chief malware expert
Vitaly Kamluk.  "Once a system is infected, Flame begins a complex set of
operations, including sniffing the network traffic, taking screenshots,
recording audio conversations, intercepting the keyboard, and so on."  More
than 600 specific targets were hit, ranging from individuals, businesses,
academic institutions and government systems.

Iran's National Computer Emergency Response Team posted a security alert
stating that it believed Flame was responsible for "recent incidents of mass
data loss" in the country.

The malware code itself is 20MB in size - making it some 20 times larger
than the Stuxnet virus. The researchers said it could take several years to
analyse.  Kamluk: size and sophistication of Flame suggested it was not the
work of independent cybercriminals, and more likely to be government-backed.

This is an extremely advanced attack. It is more like a toolkit for
compiling different code based weapons than a single tool. It can steal
everything from the keys you are pressing to what is on your screen to what
is being said near the machine.  It also has some very unusual data stealing
features including reaching out to any Bluetooth enabled device nearby to
see what it can steal.

Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't
need to be connected to a network, although it has that capability as well.
This wasn't written by some spotty teenager in his/her bedroom. It is large,
complicated and dedicated to stealing data whilst remaining hidden for a
long time.  http://www.bbc.co.uk/news/technology-18238326  [PGN-ed]

Joly MacFie 218 565 9365 VP(Admin), ISOC-NY - http://isoc-ny.org Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com  http://pinstand.com - http://punkcast.com

  [George Ledin comments that Flame is heating up.
    http://www.securelist.com/en/blog#
    http://www.bbc.com/news/technology-18238326
  PGN]

------------------------------

Date: Sat, 26 May 2012 16:31:06 -0400
From: Monty Solomon <monty_at_private>
Subject: ID Thieves Loot Tax Checks, Filing Early and Often (Lizette Alvarez)

Lizette Alvarez, *The New York Times*, 26 May 2012

MIAMI - Besieged by identity theft, Florida now faces a fast-spreading form
of fraud so simple and lucrative that some violent criminals have traded
their guns for laptops. And the target is the United States Treasury.

With nothing more than ledgers of stolen identity information - Social
Security numbers and their corresponding birth dates and names - criminals
have electronically filed thousands of false tax returns with made-up
incomes and have received hundreds of millions of dollars in wrongful
refunds, law enforcement officials say.

The criminals, some of them former drug dealers, outwit the Internal Revenue
Service by filing a return before the legitimate taxpayer files. Then the
criminals receive the refund in a convenient but hard-to-trace prepaid debit
card, typically sent to them by a bank or a tax software company, which
downloads the amount approved by the IRS The swindlers often provide
addresses for vacant houses, even buying mailboxes for them, and then
collect the refunds there.

Postal workers have been harassed, robbed and, in one case, murdered as they
have made their rounds with mail trucks full of debit cards and master keys
to mailboxes.

The fraud, which has spread around the country, is costing taxpayers
hundreds of millions of dollars annually, federal and state officials
say. The IRS sometimes, in effect, pays two refunds instead of one: first
to the criminal who gets a claim approved, and then a second to the
legitimate taxpayer, who might have to wait as long as a year while the
agency verifies the second claim. ...

http://www.nytimes.com/2012/05/27/us/id-thieves-loot-tax-checks-filing-early-and-often.html

------------------------------

Date: Wed, 16 May 2012 17:46:41 -0400
From: Monty Solomon <monty_at_private>
Subject: Orthodox Rally for a More Kosher Internet (Josh Nathan-Kazis)

Use Twitter and Facebook While Condemning Danger of Web
Josh Nathan-Kazis, *Forward*, 14 May 2012, issue of May 18, 2012.

An upcoming ultra-Orthodox mega-rally in New York about the dangers posed by
the Internet has a promotional Twitter account.

The event's box office has an e-mail address. Speeches will be live
streamed. And one of the event's organizers owns a Web marketing company
specializing in search engine optimization.

This isn't your average anti-Internet demonstration.

After years of oft-flouted rabbinic bans on Internet use, a group of both
Hasidic and non-Hasidic rabbis is pushing a new approach that will be
unveiled at the Mets' CitiField on May 20. Organizers project an attendance
of some 40,000 Orthodox Jewish men; women were not invited.

Without letting up on their severe condemnation of technology and the
Internet, the rabbis behind the CitiField event are accepting the Web's
inevitability while instructing their followers to use Internet-filtering
technology. ...

http://forward.com/articles/156102/orthodox-rally-for-a-more-kosher-internet/

------------------------------

Date: Wed, 23 May 2012 00:11:22 -WXYZ
From: [Identity withheld by request]
Subject: Illuminating dialog with a scammer

Today I got to see first-hand how one class of computer scammers work.

I answered the phone and said "Hello", but there was a silence, and then
someone with a subcontinental accent comes on and says "Hello".  So it
sounds like they are using a predictive dialer and came on too late to hear
me answer the phone.  After a few moments the caller realizes this and
starts with the pitch:

"We are calling from the Computer Department.  Your Microsoft Windows
Computer has been sending us many error messages due to viruses and
malicious files on your computer.  You have not responded to the error
messages we sent you so we are calling you about this problem."

The caller went into a long pitch about how malicious files were even worse
than viruses.  They wanted to convince me that my Windows computer had a
problem, so they told me to sit down in front of the computer.  The caller
then asked me to locate the Windows key on my keyboard, and to press Windows
- R, then type in "EVENTVWR".  I figured this meant they wanted to run the
Windows Event Viewer, so I told them OMG, there are many scary messages
here!  The caller explained that these messages were indications of the
"malicious files" that they were warning me about.

Once the caller was satisfied that I had bought into their scenario that my
computer was "dangerously corrupted", they moved into the payload phase -
they asked me to press Windows - R, then type in "www.support.me".  This
brought me to logmeinrescue.com, a remote login service.  They tried to walk
me through downloading the remote control console software.  At this point I
tired of the game and told them the program wouldn't run.  They then asked
me about "how do you get to your e-mail", but before I could finish giving
them an e-mail address they hung up.

I reported the scammers to logmeinrescue.com.  Apparently they offer free
trial accounts, so the scammers don't have to pay for the remote access to
their victims' computers.  This seems to have been going on for a while: a
web search for "support.me scam" shows many reports going back at least to
2010.

Here's a recording of one scam session that was using the same script
I was called with:

  http://www.youtube.com/watch?v=_hxXu0qD9Nc

>From the point of view of a technical person, the entire come-on was
laughably lame, but they're still in business after years of operation --
the joke is on us.

------------------------------

Date: Sat, 26 May 2012 11:14:44 -0400
From: Gabe Goldberg <gabe_at_private>
Subject: "Can an Algorithm Write a Better News Story Than a Human Reporter?"

"Can an Algorithm Write a Better News Story Than a Human Reporter?"

Had Narrative Science -- a company that trains computers to write news
stories -- created this piece, it probably would not mention that the
company's Chicago headquarters lie only a long baseball toss from the
Tribune newspaper building. Nor would it dwell on the fact that this
potentially job-killing technology was incubated in part at
Northwestern's Medill School of Journalism, Media, Integrated Marketing
Communications. Those ironies are obvious to a human. But not to a computer.

http://www.wired.com/gadgetlab/2012/04/can-an-algorithm-write-a-better-news-story-than-a-human-reporter/

------------------------------

Date: Thu, 17 May 2012 11:21:13 +0100
From: "Jonathan Pritchard" <Jonathan.Pritchard_at_private>
Subject: Re: Never Trust a Robot, take 2 (RISKS-26.83)

As an occasional reader of RISKS this one caught my eye. Electronic systems
for navigation and chart display on commercial ships have well established
mechanisms for filtering displays specifically to reduce "clutter" but the
anti-grounding functions on all of them are mandated to alarm even when data
is not being displayed on screen. This is seen as one of the major benefits
of electronic chart display systems in that the person using them can be
alerted to potential dangers without having to display all categories of
chart objects all the time. There are also many many guidelines for how
over-reliance can be countered through manual inspection of routes prior to
departure. This is very different to car navigation where a "good" display
is synonymous with "complete" - i.e all features - the point being the sea
doesn't have roads and the fundamental dynamics are different...

Jonathan Pritchard, Product Research and Development, United Kingdom
Hydrographic Office, Admiralty Way, TAUNTON, Somerset TA1 2DN
+44 (0)1823 337900 Ext 4006 jonathan.pritchard_at_private

------------------------------

Date: Wed, 16 May 2012 15:06:55 -0700
From: Barry Gold <BarryDGold_at_private>
Subject: Re: Microsoft Funded Startup Aims to Kill BitTorrent Traffic
  (Hendricks, RISKS-26.84)

> Billions in revenue are lost each year, they claim. But not for long if the
> Russian based startup Pirate Pay has its way. ...

I had to look again to check the date.  Then I noticed it was Pirate *P*ay,
not Pirate *B*ay.

Even so... do these people think that there will be no response?  The
Internet does what with censorship?

Oh well, if they're willing to invest the $$ to keep changing their methods
of attack as the underlying BitTorrent software changes to adapt, they may
be able to slow (not stop) the flow of pirated content -- over BitTorrent.
Leaving... YouTube and various file-sharing sites and a gazillion
competitors.

A new business model is needed.  Until MPAA & RIAA come up with that, they
will be fighting a permanent losing battle.

Anyway, assuming it's serious.

------------------------------

Date: Thu, 17 May 2012 19:24:46 +0200
From: Dag-Erling Smørgrav) <des_at_private>
Subject: Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone (RISKS-26.83)

Geoff Kuenning <geoff_at_private> writes:
> If they have a friend nearby during those ten seconds, is it also wiped
> from the friend's mind?

This reminds me of the following video, which is currently making the rounds
on the intertubes:

  http://www.youtube.com/watch?v=3DIFe9wiDfb0E

Dag-Erling Sm=C3=B8rgrav - des_at_private

------------------------------

Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.85
************************
Received on Mon May 28 2012 - 10:57:00 PDT

This archive was generated by hypermail 2.2.0 : Mon May 28 2012 - 11:38:49 PDT