Ch7 is one of the three national commercial TV stations in Australia. On the evening of 13 Apr 2005 they had a power failure and a back-up power failure in Melbourne, the automatic cutover to an alternate broadcast center failed, and the national phone system failed. All national transmissions come from a single center. Almost a million viewers had 41 minutes of the blank screen. Lost ad revenues were estimated at AU$600,000. The cause was apparently not known. [Source: Australia's Channel 7 loses bucks in blackout, By Eleanor Sprawson, *The Herald Sun*, 15 Apr 2005; PGN-ed] Because transmissions for the whole country come from the one broadcasting centre, Seven was unable even to broadcast a message apologising for the situation until power in Melbourne was restored at 9.50pm. But the glitch did not result in a ratings boost for public broadcaster SBS, with figures showing viewers preferred Seven's blank screen. To Seven's astonishment more than 900,000 viewers stayed tuned to the network after screens went blank 38 minutes into the nail-biting episode. "Around a million Australians hung in there for us and we thank them for their commitment," Seven Sydney spokesman Simon Francis said last night. He also apologised to viewers who tried to ring Seven on Wednesday night, as the network's national phones were down too. Seven will re-screen the episode next Wednesday at 8.30pm, then a new episode in the current serial killer storyline at 9.30pm. Johnson confirmed the network "lost quite a bit" in advertising from the shutdown. Last night Geoff Clarke, media investment director for MindShare, estimated it had cost the network more than half a million dollars. The shutdown meant Seven came third in the ratings on Wednesday night.
The saga of hacked personal information continued with a report as we go to press that Lexis-Nexis admitted to having been victimized by the theft of personal records of 310,000 people (10 times more than originally reported), including SSNs and drivers' license numbers. 59 cases were discovered of access by unauthorized persons using legitimate IDs and passwords. 64,145 of those lost records involved California residents. [Source: David Colker and John Spano, *Los Angeles Times*, 13 Apr 2005; PGN-ed]
The scope of a computer system breach at a national retailer widened on 13 Apr 2005 to involve the customers of a second major credit card firm, but those companies refused to divulge the name of the retailer. The existence of the security breach first surfaced this week when HSBC North America began notifying 180,000 of its GM MasterCard customers that their credit card information had potentially been compromised. HSBC, which issues the GM cards, urged each customer to replace their card as quickly as possible. [Source: Breach in security reaches 2nd credit firm; MasterCard, Visa refuse to identify retailer whose computer system was hit Bruce Mohl, *The Boston Globe*, 14 Apr 2005; PGN-ed] http://www.boston.com/business/technology/articles/2005/04/14/breach_in_security_reaches_2d_credit_firm/ A computer security breach at Polo Ralph Lauren Corp. that has recently roiled two major credit card companies actually occurred last fall. But Polo only made the problem public on 14 Apr 2005. [Source: Retailer knew last fall about security breach that recently roiled credit card companies, By Hiawatha Bray, *The Boston Globe*, 15 Apr 2005] http://www.boston.com/business/globe/articles/2005/04/15/retailer_knew_last_fall_about_security_breach_that_recently_roiled_credit_card_companies/
Tufts University began sending letters to 106,000 alumni, warning of ''abnormal activity" on their fund-raising computer system that contained names, addresses, phone numbers, and, in some cases, Social Security and credit card numbers. [Source: Tufts warns alumni on breach; Computer attack exposed names, numbers to theft, By Hiawatha Bray, *The Boston Globe, 12 Apr 2005; PGN-ed] http://www.boston.com/business/technology/articles/2005/04/12/tufts_warns_alumni_on_breach/
While out shopping, my wife found a credit card dropped in the parking lot. Since the facility was a strip-style mall there wasn't an obvious place it could be left for the owner to pick it up. She decided to call the 1800 number on the back of the card to find out where she should mail or drop off the card. What happened next was almost surreal. After much button pressing to get past the automated prompts (my wife didn't want to just enter the card number because then she may hear information like the owner's balance) she finally got in touch with an agent. My wife tells the agent the story of the found card and after giving only the name on the card and the account number, the agent proceeds to tell her three things (completely unbidden): 1) The card has not yet been reported stolen 2) The cardholder's billing address 3) The cardholder's home phone number Combine this with *physical possession* of the card, you can see the problem. It was midway through item number 2 that my wife realized that the address wasn't the address of a branch or office and she tried to stop the agent from revealing more information. The agent more or less insisted that this was the best way to get the card back to the owner and when the agent was told that she was in essence enabling identity theft, her reply "oh, that's not a problem". My wife elected to drop it by a branch she passed en route home. The teller there was at least surprised at the story of the phone agent's activity, commenting that "she must be new". I can only hope that it is a poorly trained phone agent, however the fact that BofA's training program doesn't condition agents to resist giving out personal information so easily is more than a little disturbing.
Three MIT students developed a program to generate papers with more-or-less random text based on a context-free grammar, and submitted it to the World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI) to be held in Orlando in July. Not surprisingly, one of their papers, "Rooter: A Methodology for the Typical Unification of Access Points and Redundancy", was accepted. The paper features such gems as: "the model for our heuristic consists of four independent components: simulated annealing, active networks, flexible modalities, and the study of reinforcement learning" ... "We implemented our scatter/gather I/O server in Simula-67, augmented with opportunistically pipelined extensions." [According to other out-of-band sources, this is reportedly a conference that generally accepts a paper from every would-be author, but charges speakers to attend; perhaps no one else attends other than those gullible speakers?] According to CNN, the prank was reminiscent of a 1996 hoax in which New York University physicist Alan Sokal succeeded in getting an entire paper with a mix of truths, falsehoods, non sequiturs and otherwise meaningless mumbo-jumbo published in the quarterly journal *Social Text*, published by Duke University Press. [Source: PGN-ed from a Reuters item] http://www.cnn.com/2005/TECH/science/04/14/mit.prank.reut/index.html
The "Vacancy of the Apostolic See" Web page appears to have been prepared one day BEFORE the Pope's death. The page's <http://www.vatican.va/gpII/documents/index_en.htm> HTML markup contains the following meta tags: <meta name="title" content="vacancy of the Apostolic See" /> <meta name="creator" content="Vacancy of the Apostolic See" /> <meta name="subject" content="Vacancy of the Apostolic See, death of John Paul II, Holy Father" /> <meta name="date.created" content="2005-04-01" /> <meta name="date.issued" content="2005-04-03" /> <meta name="date.expires" content="" /> Thus it appears that the web page was created on April 1st, yet the Pope's death certificate clearly indicates that the Pope died on April 2nd. "His Holiness John Paul II (Karol Woytyla) born in Wadovice (Crakow, Poland) the 18th of May 1920, resident of Vatican City, expired at 9:37 on the evening of April 2, 2005" It is a well-known fact that journalists prepare in advance obituaries of public figures that appear to be nearing their life's end. See for example the article "Quirk in British Computer Privacy Laws" (RISKS-11.63). Nevertheless, for the Vatican's content creators to advertise the fact that they were creating the "Vacancy of the Apostolic See" Web page while the Pope was still alive and struggling is at the very least a sign of poor taste; worse, the fact will now provide food to conspiracy theorists who thrive on these details. The risk: accurate metadata is not always appropriate. Diomidis Spinellis - http://www.spinellis.gr
Bullet trains run for years with faulty speed controls [Source: Mainichi Shimbun, Japan, 23 Mar 2005] http://mdn.mainichi.co.jp/news/20050323p2a00m0dm013000c.html Series 300 bullet trains have been running for years with faulty speed control equipment, Central Japan Railway Co. (JR Tokai) officials said. Automatic Train Control (ATC) devices that prevent Shinkansen trains from exceeding certain speeds have been faulty on the Series 300 trains, with 52 malfunctions reported this year alone. In one case, a train traveled at 280 kilometers per hour between Shin-Yokohama and Odawara stations in Kanagawa Prefecture on March 3, even though the speed limit on the line is 270 kilometers per hour. JR Tokai says the error came from faulty software supplied by the makers of the devices and that the glitch was not even detected during test runs. Land, Infrastructure and Transport Ministry officials have asked JR Tokai to provide a complete explanation of the case. JR Tokai said one of the cases involved a Series 300 bullet train driver being forced to reduce speed manually after the ATC on the train he was driving on March 19 failed to work. A check of the ATC later revealed that software supposed to detect train speeds was not working properly. This caused the ATC to estimate the train was traveling slower than it actually was. JR Tokai has stopped using the faulty equipment. [Incidentally, Amtrak's Acela trains have been shut down for the past few days because of detected failures in brake discs. PGN]
http://www.boston.com/news/odd/articles/2005/04/08/mich_message_board_says_speed_limit_100/ Drivers on southbound Interstate 75 in Michigan saw a construction message board that previously had been alerting drivers in Genesee County near Clio that construction was soon to start. One morning it said "speed limit 100 mph go go go." (The speed limit in that area is 70 mph. The sign is controlled remotely by a subcontractor's computer.) [Source: AP item from *The Boston Globe*, 8 Apr 2005; PGN-ed]
Israelis to receive secure e-mail address to be used for contacts with authorities http://www.ynetnews.com/articles/0,7340,L-3073923,00.html "The Social-Economic Cabinet approved Sunday a plan put forth by Finance Minister Benjamin Netanyahu to expand Israel's *approachable Government* program. The government also approved the *safe deposit box* program, a system of secure e-mail boxes that would allow government offices to send official permits, signed forms, receipts and messages to businesses and individuals. [...] At first, the system will support forms in text format (TXT, PDF, RTF, HTML, XML), the last two without Active Script. The `safe' will require the recipient to send a `proof of receipt' to the sender. Each sent message will be coded to identify the sender, to allow the recipient to forward the message to a third party, and an expiry date. [...] In order to use the system, individuals and businesses will be required to obtain a smart card, a card reader (estimated cost: NIS 55 or about USD 12), and to register an electronic signature (approximately NIS 20 or about USD 4.5)." In addition to all the usual RISKS such a scheme brings up, I should note that to this date, the bill paying website (http://www.mybill.co.il) works only with Win/IE, so I won't be surprised if the above setup will also be Win/IE only. Shoshannah Forbes http://www.xslf.com [... and that it might therefore be subject to exploitation of Winflaws. PGN]
A story on the Canadian Broadcasting Corp's web site, from Saint John, New Brunswick: A federal government toll-free phone line to encourage safe boating is directing callers in New Brunswick to a phone-sex offer instead. http://www.cbc.ca/story/canada/national/2005/04/14/boating-sex-mixup050414.html The article implies that an internal Canadian government re-organization resulted in a toll-free number being returned to a pool of available toll-free numbers, and the number was then probably picked up four months later by a phone-sex line (again, this is implied by the article above, but not stated as fact). The risk here is that the "recycle" process does not appear to check that the prior use of a toll-free number doesn't conflict in some social/moral way with the new user's intended use of the number. Oh, well, it could have been worse... at least the number wasn't previously used for Mattel's "Barbie" hotline. Semi-related anecdote... our local telephone supplier provides a service whereby we get a tool-free number for my residential phone, with a single (cheap) rate for callers from anywhere in North America. Useful when me or other members of my family are traveling, and even for friends to use to call. The snag... our toll-free number is one-digit off from the toll-free support number for one of the largest Cable/Internet/Phone service providers in the USA. As a result, I typically get one or two calls a week from customers of the service provider... since they are typically looking for support, they are often a big grumpy. When told "this isn't Company X's support line", some callers berate me, accusing me of trying to dodge their call (it's obviously not their first call to the support line).
*The Register* reports that the US is deploying newly developed wireless LAN- enabled mines, supposedly code-named Matrix: http://www.theregister.co.uk/2005/04/12/laptop_triggered_landmine/ (Any comments about "minefield" testing a new technology?) With the US being one of the few holdouts against the ban on landmines, there are predictable concerns about the danger the new mines hold for civilian populations. However, there would also seem to be any number of potential dangers to the troops using them. There are very few details provided in regard to the new mines. There appear to be different types. They have some kind of wireless capability. They have remote detonation capability. Based upon what is said, we can determine some additional aspects of the technology, as well as surmise more. They likely communicate via radio frequencies. They will have some kind of (likely minimal) software for reception of signal, authentication, and activation. (Deactivation is likely accomplished by activating the mine when [hopefully] nobody is around.) The mines are probably individually addressable: blowing an entire minefield for a single intrusion would not seem to be an effective use of resources. Radio communication would imply that either the mines are battery powered, or that they contain an antenna and transponder. Given the purpose and use of mines, it is likely that there is an alternate and more standard triggering mechanism such as pressure plates or tripwires that does not require wireless activation. There are, of course, other more advanced possibilities for such a technology. Mines could be remotely enabled and disabled, could communicate with each other, or could communicate sensor results with a central location. However, these functions are unlikely in a first generation device. The potential risks are numerous. With radio communications mines that are buried, or placed under or behind metal or water, may fail to detonate when needed, or deactivate. Any kind of software is, of course subject to failures (which, in this case, could be literally catastrophic). Authentication would be a fairly major issue: sniffing of radio traffic could easily determine commands, replay attacks, static passwords, or number sequences. (Note that the mines require "minimal training" for use.) Failure of authentication could, again, result in failure of either detonation or deactivation. Battery failure would be an issue and therefore transponders are more likely, but transponders would be more difficult to troubleshoot. (Should the transponders retransmit? That would assist with finding and disarming mines, but broadcasting a signal with known improper authentication would result in a means of determining the location of mines.) Overall, mines still seem to be a pretty bad idea. firstname.lastname@example.org email@example.com firstname.lastname@example.org http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
I recently received "The E*TRADE Complete Security System" for controlling access to my online E*TRADE account. It introduces two-factor authentication to the login process, requiring both something I know (my password) and something I have (a keyfob device). While this seems like a very good idea on the surface, the implementation leaves something to be desired from a usability standpoint. The keyfob device, which carries E*TRADE and RSA logos, has a 6-digit display that changes once per minute. In order to login, I need to present my username and a password consisting of my regular fixed password appended with the currently displayed 6-digit number. While this appears to have good security, some potential deficiencies come to mind -- * It requires more typing than the old scheme, including an unfamiliar sequence of characters that changes every time. A better arrangement would be for the keyfob to have a USB connector that I plug into my computer to prove that I have the keyfob. * If multiple service providers adopt this scheme, I'll need a pocket full of keyfobs. A better arrangement would be one keyfob that can hold credentials for logging into multiple sites. * The scheme seems to depend on the keyfob and the server to have synchronized clocks. What happens if the keyfob's battery dies or the server's clock becomes misadjusted, as appears to occur with some regularity? * What if I need to login when I don't have the keyfob? There is a phone number I can call to obtain temporary-access instructions, assuming that I can convince the agent that I am the legitimate owner of the account. This seems like a potential weak link in the scheme. Fortunately, use of this security system is optional. The RISK is that nobody will use this scheme because it is too inconvenient.
I really have no way to be sure. Given that ACM is still sending me invitations to log in to my email spam-filtering service almost daily, it seems plausible that this message inviting risky behavior was actually sent on behalf of ACM. But how can I verify that, short of communicating directly with you? Either way, sending it on April Fools Day is a nice ironic touch. Jim H. http://horning.blogspot.com/2005/03/phishing-report-through-february.html -----Original Message----- From: Election Services Corporation [mailto:email@example.com] Sent: Friday, April 01, 2005 1:59 PM To: Horning, Jim Subject: ACM SIG 2005 Election Importance: High Dear James Horning: ACM is pleased to offer its Special Interest Group (SIG) members the opportunity to vote by the Internet in the 2005 Election. You are encouraged to participate in this election. Please note that 12:00 noon Eastern Time, June 15, 2005 is the deadline for submitting your vote. It is important that the voice of ALL members be heard. To vote electronically, please go to: https://www.escvote.com/acmsig You will need your 7-digit ACM/SIG Member Number to log in to the secure voting site. If you do not know your membership number, please go to https://campus.acm.org/public/accounts/Forgot.cfm For additional help, please visit the help screen on the log-in page by clicking on the "Help" button. Enter your 7-digit ACM/SIG Member Number to reach the menu of active SIG elections that you are eligible to vote in. In the on-line menu, select the Special Interest Group seen below. Enter the 10-digit unique PIN seen below. Follow the on-line voting instructions. Special Interest Group: [obscured] Your Unique PIN is: [obscured] If you have any questions or would like to request a paper ballot, please e-mail firstname.lastname@example.org or call toll-free 1-866-720-4357. Thank you for taking the time to submit your vote electronically. Association for Computing Machinery [Jim CC:ed John White <email@example.com>, who responded: Yes, this message was/is legit. The spam-filtering message is changing shortly. Obviously, we have more work to do.]
In RISKS-23.83, Louise Pryor included a link to the Barclays ATM story that was "shortened" through makeashorterlink.com. Ironically, the article immediately before was about phishers becoming more sophisticated. Acceptance of techniques and services like this are only giving phishers more ammunition.
Louise Pryor's remarks (Times change ... problems don't (RISKS-23.82) RISKS-23.83) about human intervention in the bi-annual time change process, reminded me of my early days when the change was effected by an engineer burrowing inside a cabinet searching for the right switch on the right circuit board. The Leap Year change involved calculating new values for a resistor bank and resoldering!
There was a recent discussion of medical errors, and whether to blame the computer. Most errors are the sort that happened even before computers. Did the computer really cause a problem, or did it only make them easier to track? Jakob Nielsen's latest column explains how the interface may actually make the errors more common. For example: Doctors could always prescribe the wrong dosage, but it happens more often if an incorrect default is offered. There could always be confusion about when "tomorrow" starts if an order is written at 2:00 am, but humans were likely to understand the intent if they were on the same shift, or coming in to "the morning's orders". After computer entry, it starts to look more like an arbitrary date. http://www.useit.com/alertbox/20050411.html
Comcast cable in Sunnyvale CA, seems to have had some problems with the recent daylight savings change over. The time on my cable box was not adjusted forward 1 hour until around 11:30 Sunday morning, and until then the on-box channel guide was showing the wrong times for all programs, For example it was showing programs usually showing at 8AM as being on at 7AM. This appears to have happened due to lack of testing beforehand. The only adverse effect on me was that it caused me to be late for church as my cable box is the only clock I have in my living room. This is what I deserve for depending on a clock I can't set myself.
Please report problems with the web pages to the maintainer