Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
It seems a web database used by the Calgary Health Region to track and distribute results of lab tests has suffered a "glitch". According to the article that appeared today, "The Calgary Health Region announced Sunday that an Internet database - which physicians use to view lab work such as blood and urine tests - mixed up results between patients and posted records under the wrong names. Officials are now contacting the offices of nearly 400 doctors and other health providers who saw the incorrect records, to ensure patients are receiving proper treatment." Doctors are concerned that the mix-up means some patients are now receiving incorrect treatments which can complicate their conditions, or that patients are receiving treatments they don't need. Additionally, some patients may be fretting needlessly over their lab results because of the mix-up while others may be in for some unpleasant surprises when they receive the correct results! http://www.canada.com/calgary/calgaryherald/index.html [Also noted by Robert Israel at the University of British Columbia] http://www.theglobeandmail.com/servlet/story/RTGAM.20050711.wcalgary0/BNStory/National/ http://calgary.cbc.ca/regional/servlet/View?filename=ca-chr-tests20050711
Lisbon newspaper "O Público" reports today that the main information system for the Lisbon Hospital Center, which supports three large Lisbon hospitals, has not worked since July 8. It appears that the master patient index has become inaccessible, and may be lost. If a patient shows up without a hospital-issued card, which includes a patient id number, the patient's records cannot be accessed. Out- patient consultations and admissions are being processed manually, causing "great confusion." Emergency room admissions are much slower than usual. The waiting list for surgery also appears lost, although that has not been confirmed. A doctor at one of the hospitals and board member for a doctors union said that "No one knows for certain what will happen or when the problem will be solved." The assistant to the director of the hospital group explains that "The system failed totally eight days ago, and technicians tried to restore it immediately, but without success. At the beginning of last week, the US firm who supplied the system was brought in, and it is expected that the situation will be resolved by Monday." He also said that the failure was unexpected, that the hospital group did not the ability to fix it on their own, and that the breakdown "has had no impact on the normal functioning of the hospitals, except for the slowdown in patient registration." So, it takes much longer to admit patients, their medical records are inaccessible unless they have registered before and bring with them their registration card (something that anyone dealing with a medical emergency will for sure remember to do), and doctors report confusion, but there's really no impact, according to the hospital group administration. A mission-critical system has no backup or immediate access to repair expertise. For readers not familiar with Portugal, Lisbon public hospitals are notorious for poor financing, inefficiency, bureaucracy, and long waiting lists. They cater mostly to those who cannot afford private care, especially many pensioners in an aging city. Another common problem with public institutions in Portugal are poor procurement controls, especially for technology and informations services. Many purchases are made without much attention to cost of ownership, service guarantees, or access to parts and service. Some administrators are too easily seduced by fancy presentations by local representatives of foreign suppliers who have no local expertise or staying power. Fernando Pereira, Dept. of Computer and Information Science, U. of Pennsylvania
The utility department in Mascoutah (Illinois) sent Rose Mary Cook a bill for the use of 10 million gallons of water in a month, totalling $29,787 for the water and $43,581 for the ensuing sewer usage. The cause was not surprisingly the result of a broken meter. [Source: AP item, 14 July 2005] http://www.cnn.com/2005/US/07/14/hot.summer.ap/index.html In past years we have seen similarly large charges attributed to the installation of a new meter that was set slightly behind the old one.
The US Congress is considering changing the way daylight saving time is orchestrated, e.g.: http://www.cbc.ca/story/canada/national/2005/07/20/daylight-savings-folo050720.html Regardless of whether you actually think daylight saving is a good idea, there are definite risks when you decide to change the rules on how it works. In this case, the proposal is to have the change take effect this fall. I'm curious if Congress realizes that just about every single computer system would have to be updated so that it would keep the correct time. And this does not effect just people in the US. In the above link it discusses the effect on us Canadians. At this point in time about 80% of Canada's exports go to the US (and 25% of America's exports go to Canada): the two countries are heavily linked economically. If the US changes its system, it is all but a foregone conclusion that we Canadians would have to change the way we do things as well. If Congress really wants to go through with this change it would be prudent to at least push off the rule change until next year to give people time to update and test their systems. Mentions of daylight savings in past RISKS include 13.48, 18.04, 19.43, 9.80, 17.84, 20.28, 6.47, etc. More information on daylight saving time is available on Wikipedia (among other places): http://en.wikipedia.org/wiki/Daylight_saving_time
Do you believe in drivers' licenses as proof of someone's identity? The manager of the Virginia Department of Motor Vehicles office at the Springfield Mall was charged with selling at least 40 illicit licenses for up to $3,500 each. Many years ago we reported that the VA DMV rate for bogus licenses was $25, when a ring of inside perpetrators was busted. Two years ago, two employees of the Tysons Corner Virginia DMV pleaded guilty to fraudulently selling licenses. Coincidentally the manager's wife was also charged, and she had previously worked in the Tysons Corner DMV! The latest case was uncovered not by the DMV's oversight program, but by the U.S. State Department's Bureau of Diplomatic Security. [Source: *The Washington Post*, 13 July, B05; PGN-ed] http://www.washingtonpost.com/wp-dyn/content/article/2005/07/12/AR2005071201421.html
The following item might be of interest. Note that fraud recently brought down a VoIP supplier in the US. Newsgroup address: http://www.usenet.org.uk/uk.telecom.voip.html By Carolyn Schuk, for VOXILLA.COM It's one of the best kept secrets in the Voice over IP industry. The biggest problem facing VoIP providers isn't the specter of costly E911 requirements, overzealous regulators, or even competition from a myriad of sources. The biggest issue is fraud, perpetrated by scammers who take advantage of lax international communications standards and regulations, and make thousands of minutes of calls through carriers - many of them fly-by-night operators - in places such as Afghanistan and Lichtenstein, who charge exorbitant rates for call termination, leaving the originating service provider with sky high bills and no one to charge for them. VoIP scams have already caused start-ups in the fledgling industry millions of dollars in losses and are blamed, in part, for the recent demise of one service provider. "It is the single largest problem facing providers," says Ravi Sakaria, VoicePulse CEO, "because the development cost associated with addressing the issue is significant enough that it could be prohibitive for the smaller players."
During the construction of an extension to my house, builders had to take down a wall bordering the garden. This wall ran parallel to an extension to the building next door, with a gap a about two inches wide in between. After the wall was taken down, I found the house next door had a hole drilled in the now-revealed wall, with Cat5 network cable extending from it; the Cat5 originally ran through the gap between their wall and ours. I did not splice into the cable, but to do so would have been easy. The risk is fairly obvious: Networks that are physically secure can be made physically insecure by building work, particularly when said networks run close to other properties.
A Technical Report published by BlackBoxVoting.org (4 Jul 2005) details
multiple critical security vulnerabilities in the Diebold Optical Scan
voting equipment that was used to tally approximately 25 million votes in
the 2004 US election.
Overview: http://www.bbvdocs.org/general/BBVreport-1sheet.pdf and
Full technical report: http://www.blackboxvoting.org/BBVreport.pdf
Harri Hursti, an independent security consultant - with the consent of
election officials in Leon County, Florida - was able to take full control
of the Diebold optical scan device and manipulate vote totals and audit
reports at will.
The Diebold Precinct-Based Optical Scan 1.94w device accommodates a
removable memory card. It had been believed that this card contained only
the electronic "ballot box", the ballot design and the race definitions;
astonishingly enough, the memory card also contains executable code
essential to the operation of the optical scan system. The presence of
executable code on the memory card is not mentioned in the official product
documentation. This architecture permits multiple methods for unauthorized
code to be downloaded to the memory cards, and is wide open to exploitation
by malicious insiders.
The individual cards are programmed by the Diebold GEMS central tabulator
device via a RS-232 serial port connection or via modem over the public
phone network. There are no checksum mechanisms to detect or prevent
tampering with the executable code, and worse yet, there are credible
exploits which could compromise both the checksum and executable. The
report notes that this appears to be in violation of Chapter 5 of the 1990
Federal Election Commission Standards for election equipment, and therefore
should never have been certified for use.
The executable code is written in a proprietary language, Accu-Basic.
Accu-Basic programs are first compiled into ASCII pseudocode, which is then
executed by an interpreter residing in the optical scan device. Hursti
located an inexpensive device capable of reading and updating the memory
cards advertised on the Internet, and using a publicly-available version of
the Accu-Basic compiler (found on the Internet, along with Diebold source
code and other documents, by Bev Harris in 2003) was able to exploit these
vulnerabilities - and publicly demonstrated the ability to modify vote
totals and audit reports at will.
According to the report:
"Exploits available with this design include, but are not limited to:
"1) Paper trail falsification - Ability to modify the election results
reports so that they do not match the actual vote data
"1.1) Production of false optical scan reports to facilitate checks and
balances (matching the optical scan report to the central tabulator
report), in order to conceal attacks like redistribution of the votes or
Trojan horse scripts such as those designed by Dr. Herbert Thompson.(19)
"1.2) An ingenious exploit presents itself, for a single memory card to
mimic votes from many precincts at once while transmitting votes to the
central tabulator. The paper trail falsification methods in this report
will hide evidence of out-of-place information from the optical scan report
if that attack is used.
"2) Removal of information about pre-loaded votes
"2.1) Ability to hide pre-loaded votes
"2.2) Ability to hide a pre-arranged integer overflow
"3) Ability to program conditional behavior based on time/date, number of
votes counted, and many other hidden triggers.
"According to public statements by elections officials(20), the paper trail
produced by the precinct optical scan has been placed into the role of a
vital safeguard mechanism. The paper report from the optical scan machine
is the key record used to confirm the integrity of the central tabulator
record. The exploits demonstrated in the false optical scan machine reports
("poll tapes") shown on page 16 do not change the votes, only the report of
the votes. When combined with the Trojan horse attack demonstrated by Dr.
Thompson, this attack vector maintains an illusion of integrity by
producing false reports to match the contaminated central tabulator report.
"The [second] exploit demonstrated in the poll tape with a true report
containing false votes, shown on page 18, changes the votes but not the
report. This example pre-stuffs the ballot box in such a way as to produce
an integer overflow. In this exploit, a small number of votes is loaded for
one candidate, offset by a large number of votes for the opposing candidate
such that the sum of the numbers, because of the overflow, will be zero.
The large number is designed to trigger an integer overflow such that after
a certain number of votes is received it will flip the vote counter over to
begin counting from zero for that candidate... combining the false report
method (demonstrated on page 16) with the pre-arranged integer overflow
(demonstrated on 18) seems to be an especially efficient exploit because it
is a one-step process that takes out both the actual process and its
safeguard at the same time, while surviving scrutiny of almost anything
short of a full manual recount."
Reportedly, at least 500 jurisdictions used the vulnerable optical scan
system in 2004; for example, the Diebold Precinct-Based Optical Scan 1.94w
system counted approximately 2.5 million votes in 30 counties, or about
one-third of all the votes in Florida, and nationwide, approximately 25
million votes (http://www.freddevan.com/blog/archives/00006724.html).
Although the exploits described in the report could be uncovered if a full
hand recount was performed, in practice, detection is unlikely. Most
jurisdictions limit the time frame for contesting an election. For
numerous reasons, both candidates and election administrators are reluctant
to question the official tally, while hand recounts are expensive - with
costs borne by the contesting party. Few elections tallied by optical scan
equipment are ever fully recounted, and automatic recounts legally
triggered by a narrow margin of victory will, of course, fail to detect
large-scale manipulation that shifts results outside the recount threshold.
Finally, there are classic problems with paper ballot chain of custody; the
more time passes, and the further a paper artifact travels from its point
of origin, the more vulnerable it is to tampering.
Therefore, the mere presence of a paper trail will not deter or detect
electronic vote manipulation by malicious insiders unless the
voter-verified paper ballot or optical scan ballot is actually randomly
audited - preferably, in-precinct, on election night . Yet the cost and
time required by a truly effective and random audit protocol undermines the
case for electronically-assisted vote tallying. Therefore some analysts
now recommend US implementation of the Canadian system - hand-counting of
paper ballots in-precinct on Election Night, with accommodation for the
visually-impaired - as the best countermeasure to systematic electronic
election fraud.
Based on my experience in the financial services industry, discovery of
multiple security vulnerabilities of this severity in equipment in use by
any bank or brokerage house would trigger an immediate shutdown of all the
affected systems, followed by a full internal and external audit, and, in
all likelihood, formal investigation by regulatory and law enforcement
agencies. We should accept no less from the election services industry.
The affected Diebold optical scan equipment should be immediately withdrawn
from use in any election until independent recertification is achieved, or
a secure alternative is obtained. All other election equipment -
manufactured by Diebold or by other vendors - should be examined, and if
subject to the same vulnerability, should also be withdrawn. An
investigation to determine how equipment with such serious vulnerabilities
to insider manipulation could ever have been certified should also be
launched, and certification and oversight procedures enhanced.
Good people died to gain and defend our right to vote. Election
administration must not be exempt from industry best practices for
security, audit and control.
Bruce O'Dell, Partner, Digital Agility Incorporated www.digitalagility.com
Member, ACM SIGSOFT, SIGMETRICS, SIGART bodell@digitalagility.com
Whitehall Fails to Plug IT Theft (eGov monitor Newdesk) An online version with embedded links is available at: http://www.egovmonitor.com/node/1843 Central government departments have reported to have suffered at least 150 cases of computer theft in the last six months, according to official figures. The Home Office alone recorded 95 incidents of computer items being stolen between January and June 2005 - equivalent to a theft taking place in the Department every other day. By comparison, the Ministry of Defence reported 23 computer thefts to date in 2005, down from a total of 153 in the previous year. Ministers made the disclosures in response to a series of parliamentary questions tabled by Liberal Democrat MP Paul Burstow into incidents of computer hacking, fraud and theft in each department. In a written answer, Doug Touhig, a junior minister at the MoD, said the Ministry had also experienced 30 attempted computer hacking incidents so far in 2005, having only reported 36 for the whole of 2004. However the Minister gave an assurance that "none of the reported incidents of hacking had any operational impact". Most of these incidents were due to internal security breaches, rather than external threats. Half of the cases were classed as "internal - misuse of resources". Instances of reported computer thefts in other departments were in single figures so far this year, and most recorded no cases of IT systems being accessed illegally. The Department for Transport said it had experienced 71 cases of computer hacking in 2003-4, 31 in the following year and one incident since April. The Treasury, the Department for International Development and the Department for Education and Skills said their IT systems had been breached on one occasion in 2004-5. Figures from the DfES show that in the two years since 2003/4, it experienced 37 incidents of computer theft, all but one of which were "perpetrated by insiders". The Department of Health said it did not distinguish between losses and theft of IT equipment, but said there were 44 such incidents in 2004-5, costing it almost 40,000 pounds. Figures provided by Health Minister Jane Kennedy put the total sum lost by the Department over the last four years at 233,000 pounds. Ian Cuddy, Chief Editor, eGov monitor, Hurlingham Studios, Ranelagh Gardens, London SW6 3PA UK 020 7384 1551 ian.cuddy@egovmonitor.com www.egovmonitor.com
I signed up for a mailing list from a potential vendor that my company was considering using a few months back (well, I submitted a request for info which got put on their mailing list). A few weeks later I received a marketing e-mail from them. OK, that was expected. But I got the same e-mail on my home e-mail. That was not expected. I have a domain, dontsharemyemail.com, that I use exclusively for signing up for lists. I use a unique address for each list I sign up for so I can track leaky e-mail lists. Looking into the e-mail I received at home from the vendor I found that it was sent to a mailing list that I used for a charity I give to. I contacted both the vendor and the charity. The vendor confirmed the address was on their list, but they said they had no record of how they got it. They don't by lists (their marketing dept. complains about this) and they were very puzzled. The charity confirmed that they had no record of sharing the address (they claim they don't do that either). After a little while it dawned on me what could have happened. Sure enough, I looked at the headers of both e-mails and found that both parties used Microsoft's bcentral.com mailing list service. As far as I can figure, Microsoft's programmers figured that since the same name, address, phone, etc., info was attached to both e-mail addresses, they should be stored as a single entity. Thus when the vendor sent to "me" it was sent to both e-mail addresses. Even though both were completely separate mailing lists from completely separate customers. The risks are in keeping your customer's private data private when you manage multiple customers.
On 6 July 2005, the European Parliament decisively rejected the directive of
the European Commission, which would have brought software into the patent
system.
For those like me who have followed the argument about software patents over
the last many years, this comes as a relief. I was first alerted to the
potential damage of software patents many years ago when I heard Richard
Stallman talk. He gave another set of seminars in London around two years
ago. I find his arguments against software patents totally convincing. He
has summarised these neatly in an article in The Guardian on 23rd June:
http://www.guardian.co.uk/online/story/0,,1511965,00.html
A search on the Guardian site turns up several related articles and letters.
My colleague David Dodson has circulated the press release from the FFII
("Foundation for a Free Information Infrastructure"), a campaigning group.
The web sites listed at the foot of the release are worth visiting by anyone
who still needs to be convinced that software patents are a bad thing. In
particular, see: http://webshop.ffii.org/
This does not mean that we can relax, of course, since further attempts to
sneak in such legislation will probably be made. "The price of freedom is
eternal vigilance."
> The Foundation for a Free Information Infrastructure (FFII) is a
> non-profit association registered in several European countries, which
> is dedicated to the spread of data processing literacy. The FFII
> supports the development of public information goods based on copyright,
> free competition, open standards. More than 3,000 companies and 90,000
> individuals have entrusted the FFII to act as their voice in public
> policy questions concerning software copyright and patents. The FFII
> maintains an office in Brussels and national sections in many countries.
It's essentially a cross-European grassroots group of volunteers, organised
primarily by e-mail lists and websites/wiki systems, primarily focussed on
the campaign against software patents and the software patent directive, and
which in the process has slowly learned its way around some of the Brussels
political jungle.
Increasingly, it has also acted as a focus for statements and support
from concerned SMEs:
http://www.economic-majority.com/testimony/index.en.php
Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB p.mellor@csr.city.ac.uk +44(0)20 7040 8422
edited by Joseph Feller, Brian Fitzgerald, Scott Hissam, and Karim Lakhani, 24 chapters, with a foreword by Michael Cusumano and an epilogue by Clay Shirky, The MIT Press, 2005. 538pp+xxxi. ISBN 0-262-06246-1. Part I: Motivation of F/OSS Development Part II: Evaluation of F/OSS Development Part III: F/OS Processes and Tools Part IV: F/OSS Economic and Business Models Part V: Law, Community, and Society [Everything anybody ever wanted to know about F/OSS (which is the book's way of abbreviating "Free and Open Source Software")? Probably not, but may be useful. PGN]
Please report problems with the web pages to the maintainer