RISKS-LIST: Risks-Forum Digest Thurs 29 November 2012 Volume 27 : Issue 10 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.10.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Commentary on L'Aquila earthquake verdict (Rob Seaman) Drivers adapt to red-light cameras (Jim Reisert) Close margin in Alaska senate race prompts recount (PGN) Skunk knocks Colorado TV station off air (Monty Solomon) Cambridge to Study Technology's Risk to Humans (Sylvia Hui via ACM TechNews) U.S. Congress considers mandating smart cards for Medicare beneficiaries and providers (Kevin Fu) How least-cost routing slams rural telephone service, getting worse (Lauren Weinstein) "Skype vulnerability may have exposed your messages" (Woody Leonhard via Gene Wirchenko) SEC Employees Brought Sensitive Data to Black Hat... (PGN) NASA Suffers Large Data Breach Affecting Employees, Contractors, ... (Bob Charette via Ed Levinson) "Public clouds; risky business for MSPs" (Gene Wirchenko) Hotel room door locks vulnerable to hacking (Mark Thorson) RFID used to track school students (Nick Brown) More on suspended student refusing to wear tracking device (Tim Cushing via Monty Solomon) Barnes & Noble Ebooks expire with your credit card! (Tim Cushing via Monty Solomon) Syria blacks out the Internet (Paul Saffo) Excellent article on Chinese censorhip (Philipp Winter/Jedidiah Crandall via PGN) When It Comes to Security, We're Back to Feudalism (WiReD via Dave Farber) "Malware uses Google Docs as proxy to command and control server" (Lucian Constantin via Gene Wirchenko) Trojan sent blackmails from PCs. Japanese Police arrested PC owners (Chiaki Ishikawa) Cyber Security and Information Intelligence Research Workshop (Frederick T. Sheldon) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 23 Nov 2012 17:11:01 -0700 From: Rob Seaman <seaman_at_private> Subject: Commentary on L'Aquila earthquake verdict Between Superstorm Sandy and the U.S. election, it has been a busy month, and the verdict of the l'Aquila Earthquake trial has yet to be discussed on RISKS. In engineering it is unsurprising that with expertise comes responsibility, occasionally rising to criminal penalties when a bridge falls down or a programming mistake causes a medical mishap or modern infrastructure to fail. Yet early opinions on the conviction of seven seismologists and other experts resulting from public comments they made prior to the 2009 earthquake in l'Aquila, Italy suggested a great resistance in the scientific community to similar penalties, here in "failing to predict an earthquake". For example: http://www.wired.com/wiredscience/2012/10/the-verdict-of-the-laquila-earthquake-trial-sends-the-wrong-message/ Contrasting opinions, well worth reading and mulling over, are beginning to emerge from others in the scientific community: http://arxiv.org/abs/1211.3175 and: http://theconversation.edu.au/laquila-charges-leave-earthquake-scientists-on-shaky-ground-10301 Perhaps the definition of "pure science" is "science I can't be thrown in jail over". Rob Seaman, National Optical Astronomy Observatory ------------------------------ Date: Tue, 27 Nov 2012 18:33:04 -0700 From: Jim Reisert AD1C <jjreisert_at_private> Subject: Drivers adapt to red-light cameras I think the title says it all. "A pilot program for red-light cameras in New Jersey appears to be changing drivers' behavior, state officials said, noting an overall decline in traffic citations and right-angle crashes. The Department of Transportation also said, however, that rear-end crashes have risen by 20% and total crashes are up by 0.9% at intersections where cameras have operated for at least a year." http://www.courierpostonline.com/article/20121127/NEWS01/311270020 Jim Reisert AD1C, <jjreisert@private>, http://www.ad1c.us [Fascinating! Collateral damage becomes collinear damage. In NYC, I long ago observed that you should never stop for a light changing to red, particularly on a staggered-timing north-south avenue. If you do, you are likely to be rear-ended by a pile-up of perhaps three taxis. PGN] ------------------------------ Date: Wed, 28 Nov 2012 3:30:20 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Close margin in Alaska senate race prompts recount The *Anchorage Daily News* reports that Alaska will conduct a recount of votes in one contest for the state senate. The race was certified at 7593 to 7542 votes -- a margin of 51. The nominal loser has requested a recount, which will be conducted in Anchorage according to the title of the article, and in Juneau according to the last sentence of the article! http://www.adn.com/2012/11/27/2705685/recount-will-be-conducted-in-anchorage.html ------------------------------ Date: Tue, 13 Nov 2012 21:09:01 -0500 From: Monty Solomon <monty_at_private> Subject: Skunk knocks Colorado TV station off air http://www.upi.com/Odd_News/2012/11/13/Skunk-knocks-Colorado-TV-station-off-air/UPI-93471352854469/ ------------------------------ Date: Wed, 28 Nov 2012 11:19:25 -0500 From: ACM TechNews <technews_at_private> Subject: Cambridge to Study Technology's Risk to Humans Sylvia Hui, Associated Press item (25 Nov 2012) via ACM TechNews, Wednesday, November 28, 2012 The potential risks that super-intelligent technologies pose to humans will be the focus of the proposed Center for the Study of Existential Risk at Cambridge University. The center will bring together philosophers and scientists to study the idea that in this or the next century machines with artificial intelligence could pursue their own interests. "It tends to be regarded as a flaky concern, but given that we don't know how serious the risks are, that we don't know the time scale, dismissing the concerns is dangerous," says Cambridge philosophy professor Huw Price. "What we're trying to do is to push it forward in the respectable scientific community." Price says the precise nature of the risks is hard to forecast, but advanced technology could be a threat when computers start to channel resources toward their own goals at the expense of human concerns such as environmental sustainability. Price is co-founding the project with Martin Rees, a professor of cosmology and astrophysics, and Jann Tallinn, one of the founders of the Internet phone service Skype. Cambridge plans to launch the center next year. http://news.yahoo.com/cambridge-study-technologys-risk-humans-190948884--finance.html ------------------------------ Date: Wed, 28 Nov 2012 23:43:10 -0500 From: Kevin Fu <kevinfu_at_private> Subject: U.S. Congress considers mandating smart cards for Medicare beneficiaries and providers This morning, I testified in the U.S. House on the risks of technology to combat waste, fraud and abuse in the Medicare program. My testimony focuses on the expectations of smart cards to reduce fraud. My testimony also highlights the types of fraud that remain in countries already using smart cards for national health programs. In short, there are several subtle risks in the proposed pilot program---ranging from questionable effectiveness and questionable evaluation methods to negative impact on patient care. I recommend ways to improve the utility of a pilot study. http://www.govtrack.us/congress/bills/112/hr2925/text http://energycommerce.house.gov/hearing/examining-options-combat-health-care-waste-fraud-and-abuse http://energycommerce.house.gov/sites/republicans.energycommerce.house.gov/files/Hearings/Health/20121128/HHRG-112-IF14-WState-FuK-20121128.pdf http://blog.secure-medicine.org/2012/11/dr-fu-goes-to-washington.html Kevin Fu, Associate Professor, Computer Science & Engineering University of Michigan, http://spqr.cs.umass.edu/ (lab moves to MI 1 Jan) ------------------------------ Date: Wed, 28 Nov 2012 11:10:54 -0800 From: Lauren Weinstein <lauren_at_private> Subject: How least-cost routing slams rural telephone service, getting worse http://j.mp/StvI4l (Addison Independent via NNSquad) "Farmhouses surrounded with many acres of fields, houses that may be miles apart. It's the geography and demographics of the area," Souza says. "It's the same reason that there's limited cell service in these areas. You might put up one cell tower, but the six it would take to provide complete coverage in the terrain are just not cost-justified." A rural phone service provider like Shoreham Tel maintains a small network of its own copper wires, then connects with the rest of the world via "trunking" or switching centers connecting with a larger carrier. Shoreham Tel's lines have trunking with the network maintained by FairPoint. "People in Sprint or Verizon don't have direct switching with us, but they do have direct with FairPoint's tandem switching. So FairPoint turns the call over to us and we terminate the call. The system has worked flawlessly for years," Souza says. "Then the least-cost routing issue emerged in the last three years. Entities started doing this, shaving every last penny out of it. Our customers aren't happy, and we understand that. But we can't control the other side of the system with calls coming at us." ------------------------------ Date: Wed, 14 Nov 2012 16:18:31 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Skype vulnerability may have exposed your messages" (Woody Leonhard) Woody Leonhard, *InfoWorld*, 14 Nov 2012 Microsoft sat by for months before plugging a security hole that could have allowed others to see all your stored Skype data http://www.infoworld.com/t/cloud-security/skype-vulnerability-may-have-exposed-your-messages-207051 ------------------------------ Date: Mon, 26 Nov 2012 10:30:17 PST From: "Peter G. Neumann" <neumann_at_private> Subject: SEC Employees Brought Sensitive Data to Black Hat... http://www.eweek.com/security/sec-employees-brought-sensitive-data-to-hacker-con-report/ ------------------------------ Date: Thursday, November 15, 2012 From: *Ed Levinson* Subject: NASA Suffers Large Data Breach Affecting Employees, Contractors, ... From IEEE Spectrum blog by Robert N. Charette: [On 14 Nov 2012,] NASA sent a message to all NASA employees informing them of a data breach involving an agency stolen laptop. According to the NASA message posted at SpaceRef.com on 31 Oct 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee's locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees. <http://www.spaceref.com/news/viewsr.html?pid=42609> More: http://spectrum.ieee.org/riskfactor/telecom/security/nasa-suffers-large-data-breach-affecting-employees-contractors-and-others/?utm_source=techalert&utm_medium=email&utm_campaign111=512 ------------------------------ Date: Tue, 20 Nov 2012 09:04:45 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Public clouds; risky business for MSPs" CDN CURATED: Toronto MSP posts a blog about the risks of public clouds, 19 Nov 2012 http://www.itbusiness.ca/it/client/en/CDN/News.asp?id=3D69373 opening paragraph: If there was ever an example of why Public Cloud storage can be hazardous, it was Go Daddy's service outage earlier this week. Thousands (or millions -- depending on whom you ask) of domains were taken off line. Businesses not only lost their websites, a number of them lost access to their e-mail. This lasted for 6 hours. ------------------------------ Date: Thu, 29 Nov 2012 07:33:03 -0800 From: Mark Thorson <eee_at_private> Subject: Hotel room door locks vulnerable to hacking An exploit revealed at the Black Hat conference is now suspected to be the method by which hotel rooms are being burglarized. A simple tool can plug into a port on the locks, reveal the secret key, and open them. The manufacturer is refusing to upgrade the locks for free, which places many hotel customers at risk. http://www.forbes.com/sites/andygreenberg/2012/11/26/security-flaw-in-common-keycard-locks-exploited-in-string-of-hotel-room-break-ins/ Now you've got something to take your mind off the bedbugs. ------------------------------ Date: Mon, 26 Nov 2012 11:32:30 +0100 (CET) From: "Nick Brown, Strasbourg, France" <nick.brown_at_private> Subject: RFID used to track school students The BBC reports (http://www.bbc.co.uk/news/technology-20461752) that a school in Texas is using RFID tags to track student movements around campus, apparently to satisfy a reporting requirement (apparently there is a monotonic relationship between the number of students attending on any given day and state funding, which is a whole separate discussion). What I found surprising in this case is that the only (reported) opposition to this seems to have been on religious grounds; one student claims* that "an individual's acceptance of a certain code, identified with his or her person, as a pass conferring certain privileges from a secular ruling authority, is a form of idolatry or submission to a false god". I'm not in a position to judge whether that is a sincerely-held point of view, or whether protests based on more secular reasoning --- such as, for example, "this is a really, really terrible idea" --- have been rejected out of hand. (After all, what could possibly go wrong with a system that displays and records the exact whereabouts of teenagers throughout the day?) * https://www.rutherford.org/files_images/general/11-21-2012_TRO-Petition_Hernandez.pdf ------------------------------ Date: Tue, 27 Nov 2012 23:45:19 -0500 From: Monty Solomon <monty_at_private> Subject: More on suspended student refusing to wear tracking device (Tim Cushing) Tim Cushing, Court Temporarily Blocks School District From Suspending Student For Refusing To Wear Student ID/Tracking Device, Techdirt, 27 Nov 2012 http://www.techdirt.com/articles/20121125/15041521137/court-temporarily-blocks-school-district-suspending-student-refusing-to-wear-student-idtracking-device.shtml ------------------------------ Date: Tue, 27 Nov 2012 23:45:19 -0500 From: Monty Solomon <monty_at_private> Subject: Barnes & Noble Ebooks expire with your credit card! (Tim Cushing) Tim Cushing, Barnes & Noble Decides That Purchased Ebooks Are Only Yours Until Your Credit Card Expires, Techdirt, 27 Nov 2012 http://www.techdirt.com/articles/20121126/18084721154/barnes-noble-decides-that-purchased-ebooks-are-only-yours-until-your-credit-card-expires.shtml ------------------------------ Date: Thu, 29 Nov 2012 10:50:56 -0800 From: Paul Saffo <paul_at_private> Subject: Fwd: Syria blacks out the Internet This is a first -- a countrywide Internet blackout. It is going to have all sorts of unexpected consequences, but frankly I am surprised it took them so long to do it (they probably didn't know how)... An Akamai chart shows the shutdown pretty dramatically. Here is the original report of the blackout with continuing coverage -- note the charts: http://www.renesys.com/blog/2012/11/syria-off-the-air.shtml [See also techcrunch. PGN] http://techcrunch.com/2012/11/29/syria-shuts-down-internet-mobile-services-and-land-lines-partially-down-in-midst-of-uprising/ ------------------------------ Date: Tue, 27 Nov 2012 13:56:49 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Excellent article on Chinese censorhip Philipp Winter and Jedidiah R. Crandall, The Great Firewall of China: How it blocks Tor and why it is hard to pinpoint usenix;login: December 2012 vol 37 no 6 ------------------------------ Date: Tue, 27 Nov 2012 10:17:59 -0500 From: Dave Farber <dave_at_private> Subject: When It Comes to Security, We're Back to Feudalism (WiReD) Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether -- for Facebook. http://www.wired.com/opinion/2012/11/feudal-security/ ------------------------------ Date: Tue, 20 Nov 2012 12:45:22 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Malware uses Google Docs as proxy to command and control server" Lucian Constantin, IDG News Service, *InfoWorld*, 19 Nov 2012 Backdoor.Makadocs variant uses Google Drive Viewer feature to receive instructions from its real command and control server http://www.infoworld.com/d/security/malware-uses-google-docs-proxy-command-and-control-server-207428 ------------------------------ Date: Fri, 23 Nov 2012 04:15:05 +0900 From: "ISHIKAWA,chiaki" <ishikawa_at_private> Subject: Trojan sent blackmails from PCs. Japanese Police arrested PC owners In a few very public cases, backdoor trojan (Japanese press calls it virus) sent threatening blackmails from unsuspecting people's PCs. It is believed that the trojan probably was inside a free software like photo-touching utility, etc. that the unsuspecting people downloaded from bulletin board, etc. But the transfer vector is still sketchy. These incidents happened this summer (2012). These threatening messages caused complaints from the receivers and the police moved. However, the Japanese police branches were misled to believe that the owners of the PCs sent these threatening messages. The PCs were identified by the IP address used for sending the e-mail, or posted a message to web interface of the recipients. Since IP-address is a unique identifier, the PC can be uniquely identified. And naturally, the owners of the PCs are suspect, correct? One man in Osaka, from whose PC a threatening message (close to 250 bytes or so) was uploaded within one second of the initial access to the city's web page on July 29th was approached by the police and interrogated. He told the police investigator he had no knowledge of it, and suggested maybe someone could have hijacked the Wi-Fi he was using and other possibilities. He denied sending the message vehemently to the repeated investigations. Bu no avail. He was detained on 26 Aug 2012, and charged with a crime on 14 Sep. Access log record of the time period of the blackmailing on his PC's seemed to have been erased by the trojan. This missing record of the crucial date made the police more suspicious of the man and they thought that he tried to hide his act. So he was awaiting a trial. However, a police in Mie prefecture who had charged another man in a similar blackmail message case in early September, noticed a trace of strange file in the man's PC. The COTS (commercial off-the-shelf) virus checker, etc. could not identify it. With the help from certain unnamed security firms, Mie police concluded that there was a trojan on the man's computer and the possibility of the trojan sending out or posting threatening messages could not be ruled out. So the man was freed one week after the arrest. The Mie police further told the police in Osaka of their finding and the suspicious file name (iesys.exe). Osaka police based on this new information studied the first man's PC more carefully (I suppose. It did check the first man's PC with COTS virus scanner and such but found nothing before the original arrest.) Osaka police now figured that the same or similar trojan had been on the computer. Trojan seems to have erased itself after the crime and that is why it was not spotted earlier (but it seems the files could be recovered by the police's tools now with the new knowledge.). After considering this infection and that uploading 250+ bytes message in one second is not humanly possible with simple typing, and choosing buttons using mouses to navigate the web manually, etc., the man facing trial was freed on 21 Sep. After these two publicised cases were reported on TV news and the danger of these trojans and the ordeal of the two men were covered for about a week, the media uncovered another case of a man in Tokyo, and he "admitted" that he sent a threatening e-mail from a PC in the house. (He thought he was trying to protect another family member who he thought had sent out the threatening e-mail. We learned later that a trojan sent the threatening e-mail.) We still learned of another case: a youth in his teens also admitted sending a threatening blackmail from his PC in a similar case, and his case was closed quickly as no contest since the youth also "admitted" that he sent the blackmail. (In this case, it seems that the youth figured he would not be charged a harsh penalty and could come of the case quickly by "admitting" the charge falsely.) Now, whoever masterminded the operation of these trojans, came out from the dark and sent the details of his/her operation to a lawyer who appeared in a TV news segment covering these cases. The e-mail sent from a server in a foreign country contained the detail of the blackmail messages which only the recipient and the police knew. So now police believes these messages from the purported mastermind are genuine. This mastermind told the lawyer that the teenager is innocent, and his/her act was meant to make fun of the police and prosecutor's offices whose IT skills are laughing stock of the town in his/her opinion. He/she was sorry to cause griefs to the owners of the computers and thus came out from the dark. After the general outline of e-mails from the mastermind became public, police and prosecutor's offices formerly apologized the suspected / arrested / charged people and the national police agency sent a notice about not trusting IP address alone as a key evidence in a similar case. To people in IT industry and readers of Risks, this is no brainer, but before Japanese police and prosecutor's offices are made keenly aware of it, some people suffered a very frustrating summer months. Also, there has been heavy criticism of high-handed police investigation that forced a few people to "admit" the crime which they did not commit after all. There have been cases of police and prosecutor mistakes that caused innocent people to be in jail for many years, and so Japanese public is very critical of these issues today. Even the court, which has been very prosecutor-friendly, seems to think more carefully about police evidence in some publicised cases. Now, the Japanese police is asking for cooperation from overseas police organizations and ISPs to trace the e-mails sent to the lawyers in the slim hope that it may lead to the origin. These all happened just because of recorded IP addresses. I am reporting this now since English coverage of these incidents seem to be rare (or is swamped with the flood of voting related issues this Fall). ------------------------------ Date: Tue, 27 Nov 2012 12:25:17 -0500 From: "Sheldon, Frederick T." <sheldonft_at_private> Subject: Cyber Security and Information Intelligence Research Workshop Cyber Security and Information Intelligence Research Workshop (CSIIRW) RESCHEDULED. See www.csiir.ornl.gov/csiirw The workshop will be help at Oak Ridge National Laboratory. In the aftermath of Hurricane Sandy, it seems fortuitous that we delayed the workshop to 8-10 Jan 2013. I'm certain that many people would not have been able to attend. To register for the event, you can simply go to: www.csiir.ornl.gov/csiirw and click on registration. There are some points-of-interest starting with the advance program: http://csiir.ornl.gov/csiirw/12/files/csiirw8-schedule.pdf and invited speakers: http://csiir.ornl.gov/csiirw/12/keynotes.html This year's theme is Federal Cyber Security R&D Program Thrusts, which is based on the Federal Cybersecurity R&D Strategic Plan: http://www.whitehouse.gov/blog/2011/12/06/federal-cybersecurity-rd-strategic-plan-released Frederick T. Sheldon, Ph.D., CSIIRW General Co-chiar Oak Ridge National Laboratory, 576-1339 Office 576-5943 Fax ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.10 ************************Received on Thu Nov 29 2012 - 12:00:40 PST
This archive was generated by hypermail 2.2.0 : Thu Nov 29 2012 - 12:46:34 PST