On 20 Dec 2004, an F/A-22 Raptor, the USAF's new air-superiority fighter, crashed 11 seconds after takeoff from Nellis AFB, Nevada. It is the first production aircraft to be lost. They are said to cost $133 million each. The results of the investigation from the USAF Accident Investigation Board (AIB) are reported in this week's Flight International (14-10 June, 2005, p9). The pilot ejected with the aircraft near-inverted. The aircraft struck the end of the runway going backwards. There are three rate-sensor assemblies (RSA), manufactured by BAE Systems in the flight control system (FCS). There is a known "quirk" in the RSA, which is "programmed so that it could interpret a momentary power loss [to the FCS] as an instruction to enter test mode, which freezes or "latches" the unit, according to the AIB report." The pilot shut down the engines during a maintenance check pre-take-off, thinking the FCS was continuously powered by the auxiliary power unit (APU). The FCS in fact loses power briefly during a shutdown, and that appeared to suffice to latch all three RSAs. "The AIB attributed the pilot's mistake to "ambiguous" language in the aircraft's technical orders." The manufacturer, Lockheed Martin, has returned about 20 RSAs to BAE Systems for suspected latching events. Before this crash, such events only affected one or two of the RSAs, not all three together. There is a pilot warning for partial RSA latching, but no warning if all three latch. The RSA has been redesigned and is being installed on the fleet. Peter B. Ladkin, University of Bielefeld, Germany www.rvs.uni-bielefeld.de
Customers of Netcom, the second largest cellular provider in Norway, experienced sporadic or close to no service for days earlier this week. Companies that earlier abandoned "normal" phones and went all cellular are now installing land phones and/or IP phones. "Hundreds of thousands of customers and a government minister alike remained up in arms Tuesday, after losing use of their mobile telephones in recent days. ... NetCom has actively promoted the concept of the "wireless office," and companies from building giant NCC to Aftenposten have made the switch, also as a means of saving money. Instead, it's left them vulnerable to communications breakdown and even dangerous situations." Problem? Database indexing issues, after a upgrade the previous week. More details here: http://www.aftenposten.no/english/local/article1059215.ece
As we know, often even the most elaborate attempts at controlling access to hardware and software, even using the very latest technologies, may be less than entirely successful. An example is the just-announced "exploit" of Sony's powerful and popular new "PSP" portable gaming system (which includes WiFi and other advanced capabilities). The unit employs digital signing and hardware AES encryption to try prevent the running of "unofficial" applications. However, as I detail in two messages on the EEPI (Electronic Entertainment Policy Initiative - http://www.eepi.org ) discussion list, the PSP exploitation door has apparently been opened quite wide both for piracy and a vast array of homebrew applications. In ("The Waiting Tide? Major PSP Exploit May Appear in a Few Hours ...") I discuss the imminent release of the exploit: http://www.eepi.org/archives/eepi-discuss/msg00099.html and in ("PSP Exploit Apparently Confirmed") I've provided additional information and thoughts: http://www.eepi.org/archives/eepi-discuss/msg00100.html Lauren Weinstein Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR (http://www.pfir.org) Co-Founder, EEPI (http://www.eepi.org) Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com
We are all being encouraged to use encryption to protect sensitive files from data theft, but a Minnesota Court of Appeals has declared that merely having the ability to do encryption is de facto proof of criminal intent. It may be that courts not need to prove what criminal act you did, just having encryption software is like having burglary tools, or high explosives. It is assumed that only burglars have burglary tools, so mere possession means conviction, and the legislature can decide what constitutes a burglary tool. I got this summary from https://thei3p.org/pipermail/security-news-html Title: PGP use ruled relevant in child abuse case Source: The Register Date Written: 2005-05-25 Date Collected: 2005-05-27 The Minnesota State Court of Appeals has rejected an appeal from David Levie on charges of soliciting a nine-year-old girl to pose for naked pictures, ruling that the prosecution's introduction of an encryption program on his computer as evidence was admissible. During a search of his computer, police found the PGP (Pretty Good Privacy) encryption program. Levie's lawyers argued that forensic examination yielded no evidence of any encrypted files on his computer and so the presence of encryption software should not be used as evidence against Levie. One police officer testified that PGP may be included with every Apple computer on the market. The appeals court ruled that the presence of encryption software was relevant to the prosecution's case and refused to order a retrial, though the case will be sent back for re-sentencing. The case could establish a precedent in Minnesota of accepting the presence of encryption software as evidence of criminal intent. http://www.theregister.co.uk/2005/05/25/pgp_admissable_child_abuse_case/ Al Macintyre http://www.ryze.com/go/Al9Mac http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html
[Courtesy of Lillie Coney <email@example.com>, Associate Director, Electronic Privacy Information Center (EPIC) 1718 Connecticut Avenue, NW, Washington, DC 20009 1-202-483-1140 x111, National Committee for Voting Integrity, www.votingintegrity.org] The accuracy of some Republican votes cast 17 May 2005 in seven voting booths in three Wayne County voting districts is being investigated, potentially affecting the outcome of two township supervisor races. For example, in Lehigh Township, 163 Republicans voted, but 211 votes were counted. [Source: Andrew M. Seder, Seven voting machines under scrutiny in Wayne County, Scranton Times-Tribune, 25 May 2005; PGN-ed] http://www.zwire.com/site/news.cfm?newsid=14583638&BRD=2185&PAG=461&dept_id=416046&rfi=6
This note came from a faculty member at a California University: I'm doing a letter of recommendation for a student who wants to go to law school. He is required to submit all recommendation letters to a clearinghouse called the Law School Admission Council. He gave me their form, which has pre-printed his name, home address, birth date, and Social Security Number. Pretty lame, and he is required to use it. What is really amazing is they also list his LSAC Account number which is not the SSN. If you visit the LSAC web site and propose to create an account, it will present a form that requests your SSN. The HELP button next to the SSN field responds with this explanation: This information is needed to match your online account to your LSAC records. It also allows LSAC to match such items as transcripts, letters of recommendation, score reports, and law school requests to your file. Your Social Security number or Social Insurance number is necessary to obtain your username and password or to reset your password if you forget it. In other words, everyone who has anything to do with your application will learn your SSN. And by the way, it is also a secret key to your password. Given all of the recent publicity about identity theft and of organizations that have managed to lose track of customer data, "lame" is an understatement.
The spam-filter of my web-based e-mail provider is not perfect, so I (like most of you, probably) periodically check my "probable spam" folder for false positives. Today it contained a "change of address" e-mail from a casual correspondent. Of course, it was not just a plain-text message from the old, well-known address indicating the new one. Rather, it was HTML-Mail, with a couple largeish images, sent "on behalf of" my correspondent, from the new address, with the essential part buried in an endorsement of the ease of switching e-mail addresses via this nifty new service. Even human eyeballs would count it as spam at first glance, and since we do not often correspond, there is a high probability I would not have any idea "where he went" when I did send him e-mail (at the old address), if I didn't regularly rummage through my trash. And he, of course, will never know how many of his friends tossed his notice, unless he notifies them some other way, which makes the whole "easy switching" deal pointless. I'm assuming that this service is offered primarily as a way to get people to upload their address books for future spamming, so it wouldn't kill them to make it more effective at its purported task, and less like spam.
Microsoft is cooperating with China's government to censor MSN's Spaces Chinese-language Web portal. Bloggers are prevented from posting words such words as *democracy*, *human rights*, and *Taiwan independence*. 5 million blogs have been created since the service started on 26 May 2005. China reportedly has 87 million online users. [Source: AP item by Curt Woodward, 14 Jun 2005, seen in the *San Francisco Chronicle*.] [I wonder whether this issue of RISKS will be blocked because of those OFFENSIVE words? (And I thought *democracy* and *human rights* were DEFENSIVE words?) PGN]
In Feb 2004, a Japanese division of Citibank had a mag tape disappear during shipment by truck from its data management center in Singapore, with information on about 120,000 customers. The tape has never been found. This week it happened again to a box of tapes sent by United Parcel Service, with info on nearly 4,000,000 American customers. Citigroup is apparently in the process of responding to the Singapore case with the company-wide introduction of "secure electronic channels" — although that process is not yet complete. [Tom Zeller Jr., *The New York Times*, 9 Jun 2005; PGN-ed]] http://www.nytimes.com/2005/06/09/business/09data.html?th&emc=th Zeller's article has more on ChoicePoint, 10 million consumers falling victim to identity theft each year, discussion of the 2003 California law that mandates reporting, and this delightful quote from Mike Gibbons (former FBI chief of cybercrime investigations, now a consultant for Unisys): "I think there are some people who dismiss this as a sky-is-falling problem. But the sky has already fallen and it's just a matter of when a piece hits you in the head." Also a quote from Bruce Schneier: "There are social expectations about security that can't be met, but the practices are still so shoddy."
Colorado Attorney General John Suthers became a victim of identity theft when checks issued by a credit card company for a cash advance promotion were stolen from his home mailbox last week, police said. The lessons here: * How easy is it for someone to break into your mail box and steal stuff, especially stuff you not know you be getting, like some promotion from a credit card company? * I think for people living in a rural area with mail boxes out on the street for the convenience of the postal service, they need to rethink how they get their mail, perhaps lobby for the postal service to categorize some mail to go to lock boxes at the post office, where you periodically pick up that which could put you at id theft risk if it is stolen. * If you live in an apartment complex, with "locked" mail boxes, how many people have the key? - you and your family - whoever rented the apartment before you - the mailman [and substitutes] - apartment management and maintenance - former employees of the above - anyone who knows how to "pick" a lock [and so on. PGN]
Once more, with no good answer as to why, and no good reaction to the report of the problem... Oh well... Full details 16 May 2005 at: http://www.wftv.com/news/4494998/detail.html 40 pages of private medical information for hundreds of people was incorrectly faxed to a Seminole County Florida airplane parts business, containing the usual sensitive stuff. The recipient tried to call a HIPPA hotline, the response from which was that they were not interested. [PGN-ed]
An article of that title, by Liz Pulliam Weston: http://moneycentral.msn.com/content/Banking/FinancialPrivacy/P116528.asp?GT1=6582 There's some good advice there (which may seem obvious to regular RISKS readers), but IMHO, most of the supposed advantages of the European system stem mostly from the fact that European financial institutes (and fraudsters) haven't caught up yet with their US counterparts.
The privacy violation of heiress Paris Hilton (RISKS-23.76) in which her wireless phonebook had been compromised was actually the result of one phone call and a little social engineering, with one of the culprits posing as a cell-phone company operative. Exploitation of security flaws then resulted from the information gathered. [Source: Brian Krebs, subtitled Source Says Hacker Posed as T-Mobile Employee to Get Access to Information, *The Washington Post*, 19 May 2005; PGN-ed]
The Patriot Act - brilliant! Its critics would have preferred a less stirring title, perhaps something along the lines of the Enhanced Snooping, Library and Hospital Database Seizure Act. But then who, even right after 9/11, would have voted for that? Precisely. He who names it and frames it, claims it. The Patriot Act, however, may turn out to be among the lesser threats to our individual and collective privacy. There is no end to what we will endure, support, pay for and promote if only it makes our lives easier, promises to save us money, appears to enhance our security and comes to us in a warm, cuddly and altogether nonthreatening package. [...] http://www.nytimes.com/2005/06/13/opinion/13koppel.html?ex=1276315200&en=ca684bc680a0d6c0&ei=5090
[Source: Julia Silverman, AP, 9 Jun 2005; KATU 2 News - Portland, Oregon, www.katu.com, via Jim Schindler, http://katu.com/stories/77696.html] An Oregon National Guardsman recently returned from Iraq and discovered $10,000 missing from his bank account. A police investigation resulted in charging his mother with aggravated theft, identity theft, and fraudulent use of a credit card, and concluded that she had opened up mail with his new ATM card and pin number. His mother said that she used the money for video poker, electronic entertainment devices, medical expenses, and daily living expenses. "The 'maternal bond' made me do it."
In RISKS-23.89 Geoff Kuenning wrote about the airliner's hijack warning that could not be turned off. He makes the point that 'duress' alarms should not be easily cancelable. In this particular instance, the aircraft was escorted by fighters to another country. The outcome might have cost the airline a penny or two and might have annoyed and possibly scared the passengers, but at least it ended without loss of life. Now consider the case where the accidental alert was generated when the aircraft was already over American soil, perhaps close to a major city. The outcome could very well have been terribly tragic. The article does not make clear whether the original alert was accidentally triggered manually or by a malfunction ("the plane's transponder ... had inadvertently sent code used for hijack warnings"). However, the article does appears to suggest that the operator is investigating the technical reason for "a malfunction which meant that ... the crew were unable to shut it off", but this could be journalistic licence or lazy sub-editing . There is no easy answer to these puzzles, but perhaps the design and inherent reliability of the alerting system in question would bear attention. At least some of the RISKS lie in deciding which is the greater RISK, coupled with designing, installing, maintaining and operating a 'fail-proof' system. Michael 'Streaky' Bacon
I haven't flown in a while, and the procedures may have changed, but the situation is actually slightly more complicated (and, I think, more reasonable) than Geoff suggests. Every airplane used for airline transportation is equipped with a transponder, which, when hit by a radar signal, sends back a coded signal that includes the airplane's altitude and a 12-bit code that the pilot can set. If you're not talking to a controller, you set 1200 (octal). If you are talking to a controller, the controller gives you a code to set. There is a specific code that means "I am being hijacked." Once you set that code, the controller's radar will pick it up. Once that happens, the controllers are supposed to assume a hijack is in progress even if the code subsequently changes. So there is no need for a latching mechanism in the cockpit, which could presumably be defeated by disconnecting the circuit breaker on the transponder. And yes there has to be such a breaker. What else do you do if the thing catches fire?
When I was an attorney for the United States government, we had panic alarms under our desks. If one got pressed accidentally (by a knee, for example), we could not shut it off, as suggested was a good idea in RISKS-23.89, so a cadre of US Marshals would come charging into our office to see what was going on. [The alarms used a little button that took a key to reset.] The difference between that system and the "hijack alarm" to which the news article article in RISKS-23.89 might have been referring explains why the hijack alarm can't be un-resettable: It, too, is not impossible to accidentally activate, but it serves another important purpose to which the pilot would be denied access if the alarm couldn't be reset, presumably until the plane landed and was serviced. The hijack alarm was probably just the pseudo-secret transponder code for "Help! I'm being hijacked." There are a couple of these codes, for "Help, Emergency," "My radios have stopped working; please don't shoot me down," and so on. They are set by flipping four thumbwheel switches, buttons, etc., one at a time to dial up the right code. Occasionally, it's possible to "scroll by" one of the special codes when switching from one transponder code to another. For example, if you were assigned to squawk 3456, and then reassigned 2222, you would probably briefly transmit codes 4456, 5456, 6456, etc., as you scrolled the first digit around to two. Then you'd probably transmit 2556, 2656, 2756, etc., and 2266, 2276, etc., and finally, 2227, 2228, etc. If any one of these codes meant something special and you "fell across" it, you'd want to keep going, but couldn't if you couldn't leave the special code.
> [e-mail challenge-response] allows two distinct failure modes: > 1) I ignore the challenge and a legitimate message is not delivered > 2) I acknowledge the challenge and spam is delivered, "From" me [...] I also know some who would deliberately respond to the challenge and so make the spam go through in a misguided attempt to punish the person using the broken challenge-response system. Mr. Smasher misses a third failure mode, one which concerns me far more than the other two. That is that it's not generally possible for a recipient of a challenge to tell if it's real or not. It is conceivable that it could have been sent from a spammer attempting to verify that the recipient address is read by a person, and when they respond they are doomed to an eternity of exciting special offers on penis refills and toner cartridge enhancement.
BKCISPEN.RVW 20050330 "CISSP Exam Notes", K. Wan, 2003, 988-97323-1-9, U$24.95 %A K. Wan firstname.lastname@example.org %C Hong Kong %D 2003 %G 988-97323-1-9 %I KP Lab Limited %O U$24.95 http://www.kp-lab.com/ %O http://www.powells.com/cgi-bin/biblio?inkey=91-9889732319-0 %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 196 p. (PDF ebook) %T "CISSP Exam Notes - All you need to pass the exam" This appears to be a self-published ebook, available from the author, in PDF format. Despite the fact that an ebook softcopy could readily be edited, it has not been updated in the two years since it was published: some of the CISSP requirements have changed since then, and the book does not reflect that. The ten domains of the CISSP CBK (Common Body of Knowledge) are covered in ten chapters, with the material provided in point form. The structure and flow of the material bears a striking resemblance to the slides in the (ISC)^2 CISSP review seminar. However, given minor discrepancies, I suspect that the book is not directly based on the (ISC)^2 slides, but rather on another course that, itself, was based on the (ISC)^2 CBK review seminar. (In response to the initial draft of this review, the author responded that his ebook was based on the other books that followed the course outline, rather than on the course itself.) (Wan's company, KP Lab, seems to be restricted to producing training guides for various certifications.) As noted, the points in the book follow the structure of the course slides. There is usually a sentence or phrase expanding or explaining each point from the Common Body of Knowledge listing, so the material is slightly longer than the subject outline that is available from the (ISC)^2 site. The explanations are, however, briefer even than those in the first edition of "The CISSP Prep Guide" by Krutz and Vines (cf. BKCISPPG.RVW), which is, itself, one of the tersest guides on the market. As with that work, and other similar texts, if you do not already know the content, this tome will not help you very much. Unlike most other CISSP study guides, there are no "sample" questions. Overall, the points are reasonably well selected. (The section on malware is very disappointing, and the section on legal concepts is rather weak.) The material is more up-to-date than any other besides the "Official (ISC)^2 Guide to the CISSP Exam" (cf. BKOIGTCE.RVW). In terms of books dealing with an overall familiarization with the topics to be covered on the CISSP exam, this one does have an advantage in price, and in speed of access. (I requested a copy directly from the author by e-mail, and got it within two hours. If, for example, you are in a boot camp course situation, you may need all the help you can get, quickly.) copyright Robert M. Slade, 2005 BKCISPEN.RVW 20050330 email@example.com firstname.lastname@example.org email@example.com http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
Please report problems with the web pages to the maintainer