The RISKS Digest
Volume 24 Issue 09

Thursday, 17th November 2005

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Berlin tunnel control fail-safe fails for good
Debora Weber-Wulff
Software bug crashes Japanese stock exchange
Mark M Bennison
Flight Booking System Can't Recognise February 29
Chris Brady
Fun with Daylight Saving Time
William Reitwiesner
Computer Glitch Lets Prisoners Out Early
Craig S. Bell
Radio signal keeps gates and garage doors closed
Bob Heuman
T-mobile erratic behavior
M. Barnabas Luntzel
Freddie Mac profits misstated due to software error
Jeremy Epstein
Some Fast Lane accounts double-billed
Mac Daniel via Monty Solomon
Sony CD DRM Blow-Up Continues — Recalls Ordered, Lawsuits Possible
Lauren Weinstein
GPS tracking with Google Maps
Monty Solomon
'Splogs' Roil Web, and Some Blame Google
David Kesmodel via Monty Solomon
Whither Goes Google?
Lauren Weinstein
Amex Blue Chip magic!
Lindsay Marshall
UK Police Vehicle Movement Database
Alan Fitch
My approach to CLID / 'phone number privacy issues
Paul Wexelblat
Re: Cingular: "No password needed" ...
Kevin Kadow
Two books of possible interest
Info on RISKS (comp.risks)

Berlin tunnel control fail-safe fails for good

<Debora Weber-Wulff <>>
Wed, 09 Nov 2005 08:34:21 +0100

The Berlin daily newspaper "Tagesspiegel" reports on the reason for a
massive traffic jam during rush hour on the morning of Nov. 8, 2005:

After a night of repairs to one of the autobahn tunnels in Berlin the crew
wanted to test the fire alarm system. They tried starting some of the fire
alarms, and were worried that the automatic gates that are to keep cars from
entering a tunnel with a possible fire weren't closing right. They punched
more and more alarms, and the gates on both tunnel tubes (work was going on
in only one tube) suddenly banged closed - and the computer regulating them

The gates failed safe - but they couldn't be opened again. Not by hand, and
not by computer, which just refused to start again. They worked feverishly
from 5am to 10am, trying to get the gates open again so that traffic (which
is normally very heavy at that time of the morning), could move. [I'm glad I
took the train yesterday! -dww]

Police were able to evacuate cars trapped in the tunnel by way of an exit
from the tunnel, which was not gated.

A special complication was that the gates on the north end of the tunnel
were made by a different company than the gates on the south end of the
tunnel, this caused "additional problems". Which ones, are left to the
comp.risks readers as an exercise.

It is still not clear how the error happened or why the computer would not
re-start, speculation has it that the computer couldn't handle so many fire
alarms at the same time.

Moral of the story:

* It was good that the system failed safe.
* It was bad that it did not seem able to handle the number of fire alarms
  that are installed in the tubes.
* If you have different suppliers for parts, you want to make sure they are
  still delivering the same stuff.

Prof. Dr. Debora Weber-Wulff, FHTW Berlin, Treskowallee 8, 10313 Berlin +49-30-5019-2320 InternatMedieninf

Software bug crashes Japanese stock exchange

<"Bennison, Mark M" <>>
Thu, 03 Nov 2005 07:51:21 +0000

"The Tokyo Stock Exchange suffered its worst ever outage yesterday when
trading was suspended for four and a half hours due to a software problem.
A spokesman said that the glitch appeared to be connected to the decision to
expand the trading system's capacity last month in response to high trading
volumes.  The modified system had worked well, but crashed when the
automatic monthly clean-up of the software was implemented. A back-up system
also failed because it uses the same software."

Mark Bennison MBCS CITP

Flight Booking System Can't Recognise February 29

<Chris Brady <>>
Thu, 17 Nov 2005 11:49:56 +0000 (GMT)

In a Q&A session about our airline's new staff travel online booking system,
the following was asked:

Q. I am unable to book [a flight] online because my date of joining is
February 29. What should I do?

A. Because you joined in a leap year the system is unable to identify your
date of joining. You will need to ask Employee Services to change your date
to February 28 for staff travel purposes.

The risk: if the booking system doesn't recognise February 29 then there are
going to be a lot of empty flights on that date!! In this post-Y2K age, it
is astonishing that we are still suffering from such date issues and this is
not even with legacy systems, but brand new ones.

Fun with Daylight Saving Time

<William Reitwiesner <>>
Thu, 27 Oct 2005 09:29:40 -0400

The proposed modification to Daylight Saving Time (DST) mentioned in
RISKS-23.94 has occurred.  The US Congress enacted the Energy Policy Act of
2005 (Public Law 109-58), so starting in 2007 DST in the US will no longer
run from the first Sunday in April to the last Sunday in October, but
instead will run from the second Sunday in March to the first Sunday in
November.  An added benefit is that after the change is implemented,
Congress retains the right to undo the change and revert back to the 2005
DST schedules.  See Report RS22284 from the Congressional Research Service,
available at "" and
"" and elsewhere, for more

One wonders how well the embedded time-aware code in most electronic
equipment will handle this.

Computer Glitch Lets Prisoners Out Early

<"Craig S. Bell" <>>
Mon, 24 Oct 2005 15:07:47 -0700 (PDT)

Some prisoners were also let out too late, which is just as bad:

Radio signal keeps gates and garage doors closed

<RsH <>>
Fri, 04 Nov 2005 21:36:24 -0500

Apparently garage doors and embassy gates are refusing to work because
something in Ottawa is broadcasting on their radio controlled opener
devices' frequencies and swamping them. No one seems to know who/what is
doing it and some fingers point to the military use of that same
frequency. The article from the CBC is at the URL below, and is also copied
below it. This is, of course, a common problem as we run out of available
radio bandwidth and try to cram more and more users into limited
space. There is a possibility that the U.S. Embassy or the U.S. military
stationed at the Embassy is responsible. Time will eventually tell.

R. S. (Bob) Heuman

Mystery signal blocking Ottawa door devices
Last Updated Fri, 04 Nov 2005 09:37:24 EST
CBC News

Many automatic garage doors in Ottawa have suddenly, and strangely,
stopped working, due to a powerful radio signal that appears to be
interfering with the remote controls that open them.

J.P. Cleroux of Ram Overhead Door Systems says the phenomenon began
last weekend.

"It affects a 25-mile radius. That's huge," said Cleroux.

Angolan Ambassador Miguel Puna's operation is one of those affected
by the problem. He can no longer open his embassy's electronic gate.

"Not only in this gate, but even other gates, we are having a lot of
problems," said Puna. "This could cause security concerns."

Two companies that have plotted the reported problems on maps say
they appear to cluster in the Byward Market area just east of
Parliament Hill, and a corridor leading southeast from there.

The Door Doctor has received more than 100 calls from irate
customers who can't operate their doors using the usual remotes.

The company installs and services Liftmasters, the most popular door
opener in North America, which operates by radio frequency.

The signal is transmitted on the 390-megahertz band, which is used
by virtually all garage door openers on the continent.

That's the same frequency used by the U.S. military's new
state-of-the-art Land Mobile Radio System.

Cleroux said operators have already been warned of this phenomenon
by service updates from U.S. manufacturers, who started seeing the
same problem around military bases last summer. The strong radio
signals on the 390-megahertz band simply overpower the garage door

One technician likened it to a whisper competing with a yell.

"From what we hear, it is the American Embassy that's operating on
390, and they're the only ones who can block it. But I'm not 100 per
cent sure, because we're all kind of up in the air until we know
exactly what's going on," said Cleroux.

The U.S. Embassy denies any transmissions on that frequency. So does
the Canadian military.

T-mobile erratic behavior

<"M. Barnabas Luntzel" <>>
Tue, 1 Nov 2005 11:30:37 -0800

The t-mobile sidekick2 has the voicemail number hard-coded, so all I see is
"voice mail".  Last night, I checked it.  It rings.  (It isn't supposed to
ring.)  Someone answers.  (Someone isn't supposed to answer.)  I say
"hmm. this is weird" to the lady.  She says "what number are you trying to
call?"  I say, "well, I don't know!"

So I decide then to call the support number, also built-in as "611".
Someone else (not a t-mobile support jockey) answers "Hello?"  It sounds
similar to the woman I had just called so I ask "did I just call you a
minute ago?" she says no.  So I say, naturally, "is your number 611?" she
says no.

At this point I want to call my mother, to see if it was she who had called.
A man whose voice I don't recognize answers. "Are you my mom?"  I apologize
for having the wrong number and hang up.

This seemed to last for about 2 hours, and then everything seemed to come
back to normal.

The risk?  Obvious.  What if I needed to call 911.  How reliable are the
routing directories for cell phones?  Are there backup systems in place for
911 routing (one can hope)?  Who would I reach?  Would they be able to help?

Freddie Mac profits misstated due to software error

<Jeremy Epstein <>>
Wed, 9 Nov 2005 09:48:56 -0500

"Freddie Mac will reduce its profit for the first half of 2005 by $220
million because of an error caused by faulty accounting software, the
mortgage finance company said yesterday.  ... The error stems from a flaw in
the accounting program Freddie Mac has used since 2001. In a recent review
of the company's accounting system, Freddie Mac employees realized the
software was routinely overstating the amount of interest that the housing
finance company earned from certain types of mortgage-backed securities that
it bought for investment purposes, spokesman Michael Cosgrove said."

Nothing very surprising there - I assume there are probably bugs in nearly
accounting software, just as there is in all other software.  What's
surprising is that we don't see these sorts of errors more frequently.  Or
maybe it's just that this one was big enough that it was noticed, while
similar errors exist elsewhere and are never noticed.  Again, this shouldn't
be surprising - when companies did their books by hand, there were doubtless
always errors, no matter how many people reviewed them.

"Lynn E. Turner, a former chief accountant for the Securities and Exchange
Commission, said this error indicates the company did not adequately test
its accounting systems when they were first installed."

This quote, on the other hand, bothered me.  Does this guy understand that
testing can only find the presence of errors, never their absence?  Yes, all
of us would like to see more testing, but it's impossible to ever test

As auditors pay more attention to finances and controls as part of Sarbanes
Oxley reviews, will these sorts of disclosures become more common?


Some Fast Lane accounts double-billed

<Monty Solomon <>>
Fri, 4 Nov 2005 08:45:51 -0500

By Mac Daniel, Globe Staff  |  November 4, 2005

Fast Lane double-billed 8,498 accounts this week, an error Massachusetts
Turnpike Authority officials attributed yesterday to the electronic toll
company running the system.  The computer glitch drew money Tuesday out of
credit card and checking accounts belonging to Fast Lane customers, then
mistakenly docked the same customers Wednesday. The total wrongly withdrawn
could amount to tens of thousands of dollars, said the Turnpike spokeswoman,
Mariellen Burns  [...]

Sony CD DRM Blow-Up Continues — Recalls Ordered, Lawsuits Possible

<Lauren Weinstein <>>
Wed, 16 Nov 2005 13:29:16 -0800 (PST)

  The global music giant Sony BMG yesterday announced plans to recall
  millions of CDs by at least 20 artists — from the crooners Celine Dion
  and Neil Diamond to the country-rock act Van Zant — because they contain
  copy restriction software that poses risks to the computers of consumers.

Note that in addition to the other problems, the copy protection software
in question also apparently tried to establish surreptitious Internet
connections with Sony-related servers!

What's really remarkable about this is that any competent outside analysis
in advance of the deployment would have raised a dozen different red

I am in general quite sympathetic to concerns about music and film piracy,
but this kind of "shoot self in foot" action by Sony does nothing but hurt
the industries' own best interests.

The record labels' and studios' managements need to invite in some
*straight talkers* regarding these technical issues — for high-level
consultations, ASAP.  — Lauren

Lauren Weinstein +1 (818) 225-2800

  [For a nice analysis of the Sony mess, see Bruce Schneier's blog entry:
  The situation is too complicated and in flux for me to summarize here.

GPS tracking with Google Maps

<Monty Solomon <>>
Mon, 31 Oct 2005 17:02:29 -0500

Developers have created a new pastime, fauxjacking, that mashes together GPS
mobile phones and Google Maps. One fauxjacking service, Mologogo, requires
only a $60 GPS-enabled phone and the use of a mobile carrier's Internet
services to work. People can use the free, downloadable Mologogo Java
application (available at to create real-time visual
records of their movements. Push pins on the Google maps show the times the
tracked device was in a particular location.  (Excerpt)

'Splogs' Roil Web, and Some Blame Google

<Monty Solomon <>>
Wed, 26 Oct 2005 01:24:56 -0400

David Kesmodel, *The Wall Street Journal* online, 19 Oct 2005, B1

Spam, long the scourge of email users, rapidly has become the bane of
bloggers too.

Spammers have created millions of Web logs to promote everything from
gambling Web sites to pornography. The spam blogs — known as "splogs" --
often contain gibberish, and are full of links to other Web sites spammers
are trying to promote. Because search engines like those of Google Inc.,
Microsoft Corp. and Yahoo Inc. base their rankings of Web sites, in part, on
how many other Web sites link to them, the splogs can help artificially
inflate a site's popularity.  Some of the phony blogs also carry
advertisements, which generate a few cents for the splog's owner each time
they are clicked on.

The phony blogs are a particular problem for Google, Microsoft and Yahoo
because each offers not only a Web search engine focused on providing the
most relevant results for users but also a service to let bloggers create

Just this past weekend, Google's popular blog-creation tool, Blogger, was
targeted in an apparently coordinated effort to create more than 13,000
splogs, the search giant said. The splogs were laced with popular keywords
so that they would appear prominently in blog searches, and several bloggers
complained online that that the splogs were gumming up searches for
legitimate sites.  ...

Whither Goes Google?

<Lauren Weinstein <>>
Sun, 13 Nov 2005 12:13:57 -0800

Google currently represents virtually a textbook example of the complex
interplay between innovative, socially positive inventions and developments
on one hand, and oppressively dangerous technological arrogance on the
other.  Or as the fictional David St. Hubbins of the film "This is Spinal
Tap" put it more simply around twenty years ago: "It's such a fine line
between stupid and clever."

We can look to history for other examples, though the analogies will of
course never be perfect.  Microsoft is one recent case where an attitude
that many considered to be arrogant appears to have been somewhat tempered
by financial, legal, and political realities.  Microsoft will survive.

Not so AT&T's "Mother Knows Best" Ma Bell.  While the name AT&T will live on
as the new moniker of another generally arrogant firm — SBC Communications
-- AT&T for most practical purposes has imploded.

History teaches us much.  The controversies over Google Print for Libraries
share some aspects with ill-fated attempts to essentially abolish copyrights
after the French Revolution — for the presumed betterment of society.

Attributes such as technological brilliance and visionary thinking can be
used not only to describe many at Google, but also the phalanx of
individuals who created the atomic bomb for the Manhattan Project.  Like
those at Google, the minds behind the first nuclear weapons were convinced
that they were working for the good of mankind, and — I believe it's fair
to say — were in many cases blinded by sheer technological enthusiasm to
the more ominous aspects of their creations.  While Google isn't building
physical weapons of mass destruction, a very real mix of extremely potent
positive and negative impacts on society, and a range of complex risks that
need to be fully understood, are increasingly coming into focus relating to
Google's operations.

Such powerful forces can sometimes be managed successfully to truly exclude
evil, but only when those in charge recognize that their own intellects and
even good will are insufficient to prevent the "great machines" from being
used in ways that can seriously damage individuals and society.  It's all
too easy not only to be blinded by science, but also to create mechanisms
that can be horrendously abused by entities who don't necessarily share the
benevolent philosophies of their creators.

There are things that Google could do immediately to potentially ameliorate
this situation, but only if their powers-that-be recognize that there are
intelligent folks outside of the current Google circle who understand these
issues in ways that could avoid a lot of problems for Google — and for the
rest of us.

One relatively simple step would be for Google to create a permanent
advisory panel or committee of respected outside individuals well versed on
policy and risk issues associated with technology and its impacts on and
interactions with society.  Such a committee would likely make both public
and private reports (the latter protecting proprietary information and plans
as appropriate).  If such a committee had appropriate access within Google,
and if Google were genuinely willing to pay serious attention to the ongoing
recommendations of such a group, it is likely not only that future risks to
society, but also future risks to Google's own business, could be greatly
reduced, and Google's own prospects enhanced as a result.

I can squeeze in one more movie reference.  In the classic science fiction
film "Forbidden Planet" (1956), we learn of a world where a magnificent and
supremely benevolent race of advanced beings built a gigantic, fantastic
machine to provide for the physical, intellectual, and spiritual advancement
of their society.  But the Krell, these marvelous creatures, were so
enmeshed in the project, and so close to the problems that they were trying
to solve, that they failed to fully understand the implications of their
creation's power.  When they activated their great machine, its interactions
with the long-suppressed dark side of their minds resulted in their entire
civilization being destroyed in a single night — by their own "creatures
from the Id" — empowered by the machine itself despite its noble purpose.

Good intentions don't always equal good results, and forewarned is
forearmed.  Let's do better than the Krell.

Lauren Weinstein Tel: +1 (818) 225-2800 DayThink:
Co-Founder, PFIR - People For Internet Responsibility -

Amex Blue Chip magic!

<"Lindsay Marshall" <>>
Sat, 29 Oct 2005 10:13:11 +0100

  [A strange saga on what exactly the Amex Blue Card Chip does, or how to
  get blue chipping away at attempts to get an explanation.  PGN]

UK Police Vehicle Movement Database

<"Alan Fitch" <>>
Thu, 17 Nov 2005 09:40:44 -0000

First have a look at this story...

Summary: a network of number-plate recognition cameras is being constructed.
These will allow police to find people driving without correct tax and
insurance. Conveniently this can be done without a new law.

Now read on... (from a colleague of mine)

> Last night on the way home my number plate was scanned on the M27 and
> reported to the police because the automated records indicated that I had
> not paid my road tax.  I was duly stopped by a nice motor cycle police man
> (called Chipps I think... remember the series!) who checked the road tax
> (all duly paid almost a month ago).  He then had to spend 5 mins filling
> in a form as this had to be regarded as an official "stop" event, whilst
> muttering that the DVLA only update the system once a month and had the
> most inaccurate updated data in the system!!!.
> Hence technology + Automation + DVLA = 5 mins wasted police time
> Now how many motorists re tax each month? and what percentage
> are stopped? So how much waster Police time is that?

For non UK readers
  M27 = motorway (UK) / autoroute (France) / autobahn (Germany)
  DVLA = Driver Vehicle and Licensing Agency who administer vehicle taxing
         and licensing in the UK

Alan Fitch, Doulos Ltd. Church Hatch, 22 Market Place, Ringwood, Hampshire,
BH24 1AW, UK  +44 (0)1425 471223

My approach to CLID / 'phone number privacy issues

<Paul Wexelblat <>>
Thu, 27 Oct 2005 13:46:08 -0400

I have my phone listed under a bogus name - The phone company lets
you use whatever name you want --

1. Cheaper than unlisted - no additional charge
2. Bogus name comes up on CLID - all my friends/acquaintances know who it is.
3. Marketeers who call (and /only/ marketeers) use the bogus name -
   instant hang-up/ "you have the wrong number"
4. The phone company - if they call - has always used my real name
   (in case you're wondering)
5. It also helps detect direct mail marketeers (who use phone records
   for mailing lists)
6. (No need to block ID)

I have not seen any down side with this approach

(Reverse lookups document the bogus name)

P.M. Wexelblat PhD, Dept. of Computer Science, University of Massachusetts
Lowell, One University Ave, Lowell, MA 01854

Re: Cingular: "No password needed" ... (Fenwick, RISKS-24.08)

<Kevin Kadow <>>
Thu, 10 Nov 2005 19:34:58 -0600

Interestingly, no password was the default for T-Mobile customers for the
past several years, but in October the system was updated, and now requires
that customers set a password, and T-Mobile now recommends enabling password
security, but does provide information on their web site for customers who
want to turn the feature off:

  T-Mobile recommends that you turn on your VoiceMail password for added
  security, but the choice is yours.

The risks are obvious--to everyone except decision-makers at Cingular.

Apparently TMO realized the risks — after massive press coverage of their
celebrity customer's voicemail and contact lists being "hacked".

Two books of possible interest

<"Peter G. Neumann" <>>
Thu, 17 Nov 2005 9:44:06 PST

Christopher Steel, Ramesh Nagappan, Ray Lai
Core Security Patterns:
  Best Practices and Strategies for J2EE, Web Services, and Identity Management
Prentice Hall 2006 (first printing Sep 2005)

Clifford J. Berg
High-Assurance Design:
  Architecting Secure and Reliable Enterprise Applications
Addison-Wesley 2006 (first printing Oct 2005)

Please report problems with the web pages to the maintainer