Hitachi appears to be experiencing injury problems with their medical imaging equipment. The FDA is on their case, mostly for their lack of reporting on recent incidents. The RISK: As with the Therac-25, prompt and responsible reporting by the manufacturer is key to minimizing the risk of further injury. Craig S. Bell, Portland, Oregon USA The U.S. Food and Drug Administration warned Hitachi Medical Systems America Inc. that it failed to properly report burns, hearing losses, and other injuries to patients using its magnetic resonance imaging (MRI) systems. The FDA suggested that this "may be symptomatic of serious problems in your firm's manufacturing and quality assurance systems. You must promptly initiate permanent corrective and preventive action. The FDA described one unreported case in which a woman complained she was "shocked and burned on the top of her head while being scanned" by a Hitachi MRI system, and another in which an MRI device caught fire. [Source: A Reuters item, 26 Jul 2005; PGN-ed]
This morning I received notice of an important product recall: Apparently the blood glucose meter I've been using for the past two years has too many features. Some background: There are two different units used for measuring blood glucose levels — mM and mg/dL. The metric world uses mM; the USA uses mg/dL. In order to provide a product which is useful to everybody, most blood glucose meters support both units, and allow the user to select which units they want to use. Unfortunately, it seems that some people have managed to put their meters into the wrong mode, and have subsequently failed to realize this. How this is possible, I am not sure — if you are expecting an answer of "5" it should be immediately clear that the value "90" is in the wrong units — but it seems that this is sufficiently concerning to require a complete recall of the "defective" products, in order that they can be replaced with a newer model which can only display results in mM. This brings to mind two risks — one which the manufacturer has responded to, and the other which they seem to be blithely ignoring: RISK #1: If you add too many features to your software, you'll probably end up confusing some of your users. RISK #2: If you add a feature and then subsequently remove it, there will inevitably be some unhappy customers who were using that feature. In this case, while mM are the units which Canadians "should" be using, many of them use mg/dL because those are the units which are most common on informational sites online. I think I'll keep my "defective" product.
I parked my Chrysler Voyager in my garage on Friday afternoon, no problems. Later that day there was a lightning strike near by. Got the van out Friday night. I pulled out of the garage and as soon as I hit the road the Check Engine Light came on and the speedometer dropped to zero, as I continued to gain speed, going up the hill. The automatic transmission was now stuck in 1st-gear. I turned around a few driveways up the street and went back to the house. Made appointment to take it in for servicing the next morning. Dealer is about four miles down the street. Limped along in 1st-gear to the dealer the next morning until we reached the only major four way intersection in this four mile gauntlet. Right in the middle of the intersection the engine died like I turned the key off. A good Samaritan pushed the van off the road. The dealer came and towed the van for the last mile of the trip. The dealer said that a tachometer feedback sensor had gone bad "and the van didn't know what speed it was going so it shut down to be safe". Now for the Us vs Embedded part of the story: Isn't it sufficient that *I* knew stopping in the middle of a busy four way intersections was a Really Bad Thing to do? *It* thought it knew better than I did. I'm really glad I did not have to cross any railroad tracks when *it* decided to stop on the crossing because it thought it was safe, rather than listen to my commands. http://www.softwaresafety.net/ http://www.unusualresearch.com/ http://www.bpaddock.com/
Germany: The crash of a PC controlling both tubes of Hamburg's Elbtunnel traffic system caused traffic to back up for 14 kilometers on the A7 during the morning of 28 July 2005. [Source: *Der Spiegel*, auf deutsch, thanks to Bruce Schneier; PGN-ed] http://www.spiegel.de/reise/aktuell/0,1518,367185,00.html
A University of Southern California database containing about 270,000 records of past applicants including their names and Social Security numbers was hacked in June 2005, and reported to USC by a journalist on 20 Jun. The breach of the university's online application database exposed "dozens" of records to unauthorized individuals, according to Katharine Harrington, USC dean of admissions and financial aid. "There was not a sufficiently precise tracking capability" but records were able to be viewed only randomly. "We are quite confident that there was no massive downloading of data." USC has since shut down the Web site and has notified people whose names and Social Security numbers were in the database of the security breach (as required by the new California law.) [Source: Univ. of Southern Calif. says database hacked, Yahoo! News, 19 Jul 2005, 3:46pm; PGN-ed] http://tinyurl.com/bc8gd [IP Archives:] http://www.interesting-people.org/archives/interesting-people/
Outbound spyware transmissions from infested machines accounted for up to eight per cent of total outbound web traffic in pilot tests of a new managed spyware screening service. UK web security firm ScanSafe said the volume of traffic observed during a 10-week pilot test of its Spyware Screening service showed that spyware applications are becoming stealthier in their ability to hide their outbound 'covert' channels among normal web traffic. That's bad news because data sent when spyware "calls-home" can include confidential and even privileged information. Spyware now accounts for around 20 per cent of web-based threats, which includes other malware such as worms and Trojans, and is still on the increase, according to ScanSafe. The firm said malware such as CoolWebSearch, which hides on an infected client using newly developed root-kit architecture, often evades detection. [Source: Spyware 'calling home' volumes soar, By John Leyden, *The Register*, 25 July 2005] http://www.theregister.co.uk/2005/07/25/spyware_screening/
[Source: Kim Zetter, 26 Jul 2005] First there was PGP e-mail. Then there was PGPfone for modems. Now Phil Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail encryption program, is debuting his new project, which he hopes will do for internet phone calls what PGP did for e-mail. Zimmermann has developed a prototype program for encrypting voice over internet protocol, or VOIP, which he will announce at the BlackHat security conference in Las Vegas this week. Like PGP and PGPfone, which he created as human rights tools for people around the world to communicate without fear of government eavesdropping, Zimmermann hopes his new program will restore some of the civil liberties that have been lost in recent years and help businesses shield themselves against corporate espionage. VOIP, or internet telephony, allows people to speak to each other through their computers using a microphone or phone. But because VOIP uses broadband networks to transmit calls, conversations are vulnerable to eavesdropping in the same way that e-mail and other internet traffic is open to snoops. Attackers can also hijack calls and reroute them to a different number. Few people consider these risks, however, when they switch to VOIP. ... http://www.wired.com/news/technology/0,1282,68306,00.html
ITN apologises for porn link blunder [METRO (London), 19 Jul 2005] Newscaster ITN apologised yesterday after a TV bulletin inadvertently featured a link to a hardcore porn website. ... A viewer who accessed the site was horrified to see X-rated images and complained. ... ITN said it kept the address in the story as it thought the site was no longer active. It later realised access to the site had been blocked by its firewall software. The risk is that the web may not look the same from every vantage point.
In his blog at http://www.geoffreyhuntley.com, Geoffrey Huntley reports his findings about eighteen IBM RS/6000 E30 servers that his company purchased after they had been decommissioned by the State Transit Authority of New South Wales (STA NSW). While the fact that the 'root' password was set to "root" could be seen as a courtesy of the SAT-NSW administrators to the new user, the systems contained not only the complete software used by the SAT-NSW but also employee data including PIN information used to "secure" the system against unauthorized access, and ticketing data including incident reports filed by customers. For good measure, the backup tapes were also included. Full story at http://www.geoffreyhuntley.com/news/data-security-101/ Amazingly, it's the government agencies that are often criticized for creating a needless bureaucratic overhead by having a procedure for all and every situation. One should assume that installing the "wipe the disks before selling a computer" routine would be possible. Florian Liekweg, IPD Universität Karlsruhe
Adam Laurie, tech director of the London security and networking firm "The Bunker", apparently got bored on a recent trip and found the time to hack the Hotel's TV system which lets customers not just watch 'normal' TV programming, but also, for a fee, provides access to not-safe-for-work flicks and access to the Internet including e-mail. The article at http://www.wired.com/news/privacy/0,1848,68370,00.html reports that a laptop running linux, its IrDA port and an USB TV tuner can be used to trick the TV into doing more than it was supposed to do, including gaining access to the NSFW content without being charged for it, snooping on other people's TV watching habits, their Internet browsing habits and their e-mails. Also, the "coding" system used for infrared-based access control to the hotel minibars doesn't seem to be insurmountable either. The bill so far: Lost profit for the hotel, lost privacy for the customers, the possibility for corporate espionage. Return value: Easy network access. Good deal, eh? Florian Liekweg, IPD Universität Karlsruhe
The Computer Security Industry Alliance <http://www.csialliance.org> recently issued three reports of possible interest: CSIA Calls for Increased Adoption of Telework by the Federal Government: Cites Need to Ensure Continuity of Federal Operations in a Disaster https://www.csialliance.org/resources/pdfs/CSIA_Telework.pdf CSIA Urges the Administration and Congress to Elevate Cyber Security and Research & Development Efforts: CSIA voices concern over the dissolution of a Presidential committee focused on information security issues and calls for a national vision for cyber security R&D. https://www.csialliance.org/resources/pdfs/CSIA_RD.pdf CSIA Calls for a National K-12 Cyber Awareness Program: A Focused, Organized National Effort is Needed to Teach Children Cyber Security, Cyber Ethics and Cyber Safety. https://www.csialliance.org/resources/pdfs/K12_White_Paper.pdf
The State of Maryland runs a "high risk" insurance pool for otherwise medically uninsurable patients. The pool exists to take care of those patients that regular health insurance companies deem unprofitable and who may ring up large losses. The pool, called MHIP, contracts with Magellan Health Services to evaluate health issues of insured. Magellan is a highly profitable gate keeper service who decide, in advance, using non-peer-reviewed methods, how many visits it will take to cure each patient. In one case, Magellan reported an incorrect, out-of-state address (a PO BOX) for an MHIP client. This was a simple data entry error and it was the only "evidence" that the client was trying to live outside the state and take unfair advantage of a program for Maryland residents. Result: MHIP announces it is terminating coverage effective in less than six weeks. "This letter is to inform you that your MHIP policy will terminate effective August 31, 2005, because of your lack of residency." The letter was sent to a Maryland address — a house — owned by the alleged evil-doer — taxed as a primary residence. Guilty until proven innocent. MHIP provides an out: the client is given the opportunity to try to prove residency by (what call center denizens breezily describe as) filling out the Questionnaire. Oh, any by the way, send in ALL of the following documents: * Did you come to Maryland for the purpose of obtaining MHIP coverage? * Do you own or rent living quarters in Maryland? * Send in a copy of the rental agreement or the deed. * Send in copies of the rent checks. * Send in evidence from the rental agent. * Where did you live during the past 6 months? * Is substantially all of your stuff in Maryland? * Did you file income tax returns recently? * What state did you file to? * Send in copies of your income tax returns. * Send in copies of your W-2 forms. * Do you own vehicles? * If yes, send in purchase date, copies of titles, registration cards, and operator permits. * If sold, send in a bill of sale. * What state issued your operator's permit? * Did you renew your operator's permit in the last 6 months? * Are you registered to vote? * If yes, where are you registered to vote? * Send in a copy of your voter registration card. * Have you registered to vote in some other state in the past 6 months? * Are you on welfare? * If yes, from what state are you receiving welfare? Can you say "invasion of privacy?" Perhaps this is a "slight" case of overreaching by the hired administrators of a government program (a company called Schaller-Anderson). Some effort to confirm damning data before taking drastic action might be appropriate. Assuming the client is committing fraud is insulting to the client and highlights the State's apparent attitude toward its citizens. Risks: computer data "proves" a case of fraud. This goes in the pile of cases where the POE-LEESE arrest an individual based on erroneous or out-dated computer data. When the computer says it is so then it is so. Thus spaketh the machine.
Only Franz Kafka could dream up such a crazy government on-line ID system (): Web text relating to the Quebec Regie PAC ID scheme http://www.rrq.gouv.qc.ca/an/services/15_09_06.htm (Provincial services that use the PAC) http://www.rrq.gouv.qc.ca/an/services/15_09_06_02.htm [Personal access code (PAC)] == The Website Text == Why do we authenticate your identity before giving you access to some of our services? Some of our services, for example, CompuPension and the on-line Application for a Retirement Pension require information contained in your file at the Régie. We must be sure of your identity so that you will be the only person who has access to your information. [...] While you are on-line, you can obtain a user code and choose a password. They will give use rapid access to the personalized services offered by Revenu Québec and by the Régie des rentes du Québec. [...] We can also authenticate your identity without using Clic Revenu if you have a personal access code (PAC) issued by the Régie des rentes du Québec. Your code will be valid for 2 years and will be sent to you by regular mail. [ +++++ The authentication itself (editor)] : http://www.rrq.gouv.qc.ca/an/services/15_09_06_02.htm Personal access codes are issued by the Régie des rentes du Québec and give access only to the Régie's on-line services. You can obtain a PAC if: * you are 18 years of age or over and * you are a contributor to the Québec Pension Plan or * you are a beneficiary of the Québec Pension Plan or * you are entitled to child assistance payments Your PAC is confidential; you alone knows the code. It is sent to you by mail and is valid for 2 years following its effective date. Why the PAC 'ID scheme' is poorly (+ badly) designed, especially for NON-QUEBEC RESIDENTS: * I know I have ZERO income from Quebec entities. (True for most nonresidents.) * I know I know I owe no taxes to Quebec entities. (True for most nonresidents.) * Anyone aged 16-72 that has a Canadian SIN is a 'Contributor' to the Quebec Pension scheme. * I know that I have not contributed to any PQ Govt entities separate from taxes, as above. * I have no other relations with Quebec entities that could alter the above conditions. Knowing all inputs are ZERO — should be sufficient enough to be given a PAC. Why use the PAC: for some people in some situations The PAC ID scheme may be a slightly better system for some people — recent immigrants or Xpats not living in Canada for example. There is no guarantee that one will be able to get the non-PAC ID submission forms to work properly! (I guess the 'Risk' is here!) The PAC rejection form is here: http://hireme.geek.nz/Insane_PQ_gov_doc.jpg The current arrangement makes it impossible for long term (outside of Canada) Quebec Xpats to easily conduct business with the Quebec Government.
In the run-up to the 2004 election, I found activist messages about (against) Arnold Schwarzenegger were being screened by ACM's e-mail screening service controlled by Postini. I was only able to verify this, and retrieve my messages, because I had chosen the "quarantine" option, and checked the quarantine area soon enough, before the messages were permanently expunged. Now we hear that messages regarding the Downing Street memos have been blocked from Comcast.net customers (one of the largest high-speed cable internet providers in the U.S.), based on content of the message — a URL -- rather than subject line or sender address or domain. The potential for (mis)information manipulation by large and powerful corporations is frightening, particularly as U.S. law exempts them from "common carriage" legal requirements. We would never (I hope!) stand for our telephone company to redirect our flight-reservation phone call to a different airline "partner" company; why must we tolerate such distortion on the Internet? Pete Klammer, P.E. 3200 Routt Street / Wheat Ridge, Colorado 80033-5452 (303)233-9485 / PKlammer@ACM.org
Fees for a new driver's license could triple. Lines at motor vehicles offices could stretch out the door. U.S. Governors warned yesterday that states and consumers would bear much of the burden for a terrorism-driven push to turn licenses into a national ID card. Ed Rendell, Democrat of Pennsylvania: ''Trying to make this work, there will be hell to pay'' and could cost Pennsylvania ''$100 million plus'' to restructure motor vehicle offices to respond to the REAL ID Act. By 2008, states must begin to verify whether license applicants are legal residents of the United States. [Source: Governors balk at new US license rules; Warn of higher costs, privacy concerns in push for standard IDs Robert Tanner, Associated Press, 19 Jul 2005; PGN-ed] http://www.boston.com/news/nation/articles/2005/07/19/governors_balk_at_new_us_license_rules/
A $1 lottery ticket is serially numbered, with UV-encoded information, on tamper-evident paper, and tracked with a heavily- audited central system. Reasonable, since that ticket could be worth hundreds of millions of dollars. Your ballot has a level of protection equal to its projected value: Zero. Until votes are worth something, they will continue to be worthless. Stanley F. Quayle, P.E. N8SQ +1 614-868-1363 stan-at-stanq-dot-com 8572 North Spring Ct., Pickerington, OH 43147 USA http://www.stanq.com
For the Olympics in 2000, the state government (New South Wales) decided to start daylight saving almost 2 months early (in August) so that the Olympics visitors would benefit from the longer evenings. Some of the other states in Australia followed suit. In the organisation I was then working for, the problem was that it took quite some time for a patch to come from Microsoft to update the Windows NT and 2000 operating systems that were being used. The RISK was not that we had to revert to the good old days of manually changing the time on the computer with the widely used calendar applications like Microsoft Outlook. It turned out that MS Outlook stores all appointment times in UTC, converting between local time and UTC when the appointment is made and then back again when displaying the appointment. Installing the updated TZ info from MS changed this conversion but not the stored UTC data. So what ended up happening was that every appointment that was scheduled in the period between between August and October that was entered into the diary before the TZ update was applied was wrong by one hour after the TZ patch was applied. Similarly, if you sent an appointment to someone who didn't have the TZ patch installed (but had manually changed their time for those two months), then the times would also be out for that appointment. For those who were heavily reliant on their MS Lookout calendar, it made for an interesting couple of months... [Various other comments were received on this topic. PGN]
Please report problems with the web pages to the maintainer