Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
(The full list is here: <http://josephhall.org/nqb2/index.php/2005/11/11/2005_glitches>) Here are some quick summaries of a few very interesting voting glitches that we saw last week. (Listed in order of interest to me.) [San Joaquin County, California - S.J. County has election night deja vu] San Joaquin County workers misplaced a memory cartridge for an optical-scan machine. They rescanned the ballots and but haven't found the cartridge. In this story, an official says that the new Diebold TSx DREs that they want to use will make things work more smoothly... although the official doesn't recognize that misplacing the memory cartridge in a paperless DRE would not be as easily recoverable (although I believe you'd still have the ballot images resident in memory, no?). [Cumberland County, Pennsylvania - Software error forces recount in close race for district judge] Two candidates in a race were both mistakenly listed as being from same party. Straight-ticket votes counted both candidates and initially resulted in over-votes. After this was corrected for, the race was down to a 2-vote margin (1703 to 1701 votes). Also see: ["Ballots counted again in judge race"] [Harwinton, Connecticut - Voting machine snafu may lead to challenge in Harwinton] One candidate was endorsed in a race by both Republican and Democratic parties and was listed twice in a choose 2 out of 3 race. This candidate, due to being listed twice, got twice as many votes as the other two candidates in the same contest. [Pasquotank Co., North Carolina - In Elizabeth City, a 14-vote gap has one candidate calling for a recount] Selecting a certain candidate in the only contest on the ballot resulted in a write-in candidate box being selected instead. The margin in this race was 14 votes. Also, 60 blank ballots were cast (recall that there was only one race for this election). Also see: ["Count on recount in E. City mayor's race"] [Lucas Co., Ohio - State plans to investigate voting chaos; Tuesday's problems are latest for Lucas County] This one is mysterious: "workers accidentally 'set an option [on the five machines] that prevented the results from being transported onto the memory card.'" Also, massive labor shortage resulted in chaos as election was highly understaffed and a system of "rovers" didn't function correctly (where one elections worker would travel to five polling places to get aggregate totals from machines). Also, see: ["Poll workers blast use of 'rovers'"] [Montgomery County, Ohio - Vote count goes all night] Various problems resulted in having to download votes from 2000 memory cards instead of from one card each from the 548 precincts. However, during this process, 186 memory cards were found to be missing. After looking through bags of precinct materials ("I voted" stickers, signs, etc.) they had found 171 cards. The remaining 15 cards were only found after rousing pollworkers from bed at 3 am so they could return to the polling place to get the cards either left in machines or lying around the polling place. [Wichita County, Texas - Human errors hamper voting] 35 precincts neglect to perform zeroing out process before election. This resulted in the vote data being impossible to download from the DRE (ES&S) with PEB device. ES&S technicians were able to open the machines, remove the removable memory cards and read the data from there. [Montgomery County, Ohio - 'Human error' creates doubt about failed vote in Carlisle] 77 "phantom votes" found to have been cast in an election where a bond measure was defeated by a margin of 146 to 79. ("Phantom votes" are when there are more votes counted than there are registered voters that could have cast votes) In this case, there were only 148 registered voters that could have cast votes in this race. : http://www.recordnet.com/apps/pbcs.dll/article?AID=/20051110/NEWS01/511100320/1001 : http://www.pennlive.com/politics/patriotnews/index.ssf?/base/news/1131618230305160.xml&coll=1 : http://www.cumberlink.com/articles/2005/11/12/news/news08.txt : http://www.rep-am.com/story.php?id=30053 : http://home.hamptonroads.com/stories/story.cfm?story=95098&ran=37812 : http://home.hamptonroads.com/stories/story.cfm?story=95171&ran=188639 : http://toledoblade.com/apps/pbcs.dll/article?AID=/20051110/NEWS09/511100477 : http://toledoblade.com/apps/pbcs.dll/article?AID=/20051112/NEWS09/511120462 : http://www.daytondailynews.com/localnews/content/localnews/daily/1110voting.html : http://www.timesrecordnews.com/trn/local_news/article/0,1891,TRN_5784_4226503,00.html : http://www.daytondailynews.com/localnews/content/localnews/daily/1112carlislevote.html Joseph Lorenzo Hall, PhD Student, UC Berkeley, School of Information (SIMS) <http://josephhall.org/>
The U.S. Food and Drug Administration Medwatch program has issued a warning based on the possibility of mode error that can lead diabetics to misread their home glucose monitor. The FDA's Medwatch program, which issued the warning, receives user and facility reports of problems with medical devices. The device provides glucose values in either American or European standard units (mg/dl of mmol/liter) based on setting in the device. That setting may be changed when users are trying to set the date or time fields in the device. The FDA News also notes reports that the setting may change when the meter is dropped or its battery is changed. The devices involved, a set of Abbott blood glucose monitors used by diabetics for home glucose monitoring, have not been recalled by the manufacturer. Abbott issued a press release on October 14, 2005 acknowledging the fault and is undertaking "a worldwide correction and notification to all healthcare professionals and users, when known, about the measurement switching problem" according to the FDA announcement. Abbott manufactures the devices for resale under a variety of brand names. The U.S. brand names involved include FreeStyle, FreeStyle Flash, FreeStyle Tracker, Precision Xtra, MediSense, Sof-Tact, Precision Sof-Tact, MediSense, Optium, and private label brands ReliOn Ultima, Rite Aid, and Kroger blood glucose meters. Precision Sof-Tact meters, which were inadvertently omitted from Abbott's press release, are also included. Outside the U.S. the involved brand names are Xceed, Liberty, Boots, Xtra Classic, Easy, and SofTrac. These products are distributed primarily through retail and mail order pharmacies and physicians' offices. Problems with blood glucose meters are not uncommon. Earlier this year Lifescan Inc, a subsidiary of Johnson & Johnson, issued a Class I Recall notice for its OneTouch SureStep blood glucose meter because of reports of failure of some segments of its LCD display that could lead users to believe that their glucose was normal when it was actually dangerously high. Class I recalls are "for dangerous or defective products that predictably could cause serious health problems or death. Examples of products that could fall into this category are a food found to contain botulinal toxin, food with undeclared allergens, a label mix-up on a life saving drug, or a defective artificial heart valve." Mode errors are among the more common forms of human-computer interaction problems. A classic paper on mode errors in the cockpit is "How in the world did I ever get into that mode?: Mode error and awareness in supervisory control" (Sarter, ND and D Woods, Human Factors 37, 5-19). Mode errors are a common problems with medical devices, especially relating to units of measurement. An example is shown at http://www.ctlab.org/Mode_Error.cfm Such problems are usually treated by manufacturers as a type of operator error and are usually incredulous regarding the contribution of device design to mode error. Glucose meters are ubiquitous because glucose control is the centerpiece of diabetes management. . - - - - - Links of interest: Short description of "mode error" with example: http://www.ctlab.org/Mode_Error.cfm Links regarding the Abbott products: FDA Medwatch: http://www.fda.gov/medwatch/safety/2005/safety05.htm#glucose FDA News (announcement): http://www.fda.gov/bbs/topics/NEWS/2005/NEW01250.html Abbott Laboratories website: http://www.abbott.com/ Abbott Laboratories "urgent correction" notice: http://www.abbott.com/news/press_release.cfm?id=1006 Abbott units of measure table: http://www.abbottdiabetescare.com/news/measurement_units.aspx Links regarding the Lifescan products: FDA Medwatch: http://www.fda.gov/medwatch/safety/2005/safety05.htm#LifeScan FDA Firm Safety Alert: http://www.fda.gov/oc/po/firmrecalls/lifescan04_05.html FDA Class I Recall noticee: http://www.fda.gov/cdrh/recalls/recall-041105.html Johnson & Johnson's Lifescan urgent recall notice (with example): http://www.lifescan.com/company/about/press/surestep_display/ FDA Recall classifications: http://www.cfsan.fda.gov/~lrd/recall2.html Richard Cook, MD, Cognitive Technologies Laboratory, University of Chicago (I have no commercial relationship with any pharmaceutical company or device manufacturer) Richard I. Cook, MD, Assoc.Prof., Department of Anesthesia and Critical Care Director, Cognitive Technologies Laboratory Univ. of Chicago 1-773-702-4890
On Friday 28 Oct '05, Standard Bank's (http://www.standardbank.co.za) ATM network started declining 30% of transactions [i.e., you couldn't withdraw money]. A Standard Bank spokesman claimed: * The problem was due to a "lack of capacity at the central processing unit". * A "management decision" had been taken to not switch to the backup system until non-peak hours because the switch-over would take 40 minutes during which time the entire ATM network [country-wide!] would be offline. * The fault arose additional processing capacity had been added to the centra processing unit to cater for the busy season. [Anyone care to enumerate all the ways they could improve on the availability and redundancy of their system?]
I've been wondering about getting an in-car GPS navigator, but I'm beginning to wonder about the wisdom of this. My son was being driven by a friend in London. The friend's car was equipped with some sort of GPS navigation. They were driving eastbound along the north side of the River Thames, intending to cross at Tower bridge to a destination on the south side of the river. The GPS said "turn right" when they reached the bridge. The only snag is that this is a one-way system. To cross the bridge you turn left, *away* from the bridge, and drive right round the block. Unfortunately, said friend payed more attention to the GPS than the road signing, and very nearly collided with a car coming the other way. I now wonder what liability the makers of such equipment have. At the very least, an inaccurate system can be a distraction on a busy road, and conflicts in data to a driver can cause delays in reaction. At worst, it could cause a fatal accident. Incidentally, I get very irked by my Garmin GPS72, which powers up with a screen that says "All data is presented for reference only. You [the user] assume total responsibility and risk...." Yet from their website: "Garmin products make it easy to get there and back. These rugged navigators are built to handle the Great Outdoors — and still keep you on track." I'm not sure they can have it both ways!
Westpac (www.westpac.com.au), a large Australian bank, was forced to halt trading on its shares and deliver its annual profit briefing a day early after it accidentally sent its results by email to research analysts. A template containing past results was sent to analysts. It was soon discovered that the new figures were embedded in the spreadsheet and were accessible with via "a minor manipulation". Analysts telephoned the bank to report the error and the template was recalled. But the damage was done. The Australian Stock Exchange was notified and trading was suspended as it appeared that some people had access to information not generally available to the market. The bank then brought forward its results announcement. Westpac Chief Financial Officer, Philip Chronican, said there was no evidence that the figures had been circulated and there were no signs of disorderly trading in Westpac shares. He added: "It is not just one error, it is a compounding of two or three errors ... We will obviously be conducting a full inquiry to make sure it doesn't happen again." More detail at: http://www.smh.com.au/news/business/westpac-jumps-the-gun-on-profit/2005/11/02/1130823280336.html
I received this note today: > Due to a serious fire at the University of Southampton, UK, the > www2006.org website and mailing lists are temporarily unavailable. [...] > > Information about the fire can be found at: > http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm Perhaps they needed a real (physical/architectural) firewall to protect their servers? More seriously, just a reminder that as much as we worry about cybersecurity, physical problems can be just as serious a threat to continuity. [The report indicates that the fire was accidental; whether the destruction was accidental or intentional, it's a very effective Denial of Service.]
On 2 Nov 2005, 63-year-old Sandra Keans was preparing for her City Council race. The next day, she discovered that she and 500 other graduates of the University of New Hampshire had been listed as deceased in the annual alumni directory. This was attributed to "a foible of fatal proportions" resulting from a publishing technician's error. [Source: 'Dead' alumni walking: UNH report of their demise greatly exaggerated Maria Cramer and Emma Stickgold, *The Boston Globe*, 4 Nov 2005; PGN-ed] http://www.boston.com/news/local/articles/2005/11/04/dead_alumni_walking/
Over the last few months, almost all UK retailers who can take credit or debit card payments have been switching to the use of "Chip and PIN" card readers instead of the older system in which the customer signs a sales invoice. The card reader scans the customer card, the customer then types in his or her PIN to the numeric keypad on the reader, and the system then verifies that the card details and PIN match. This is believed to be more secure than relying on signatures, which in general is probably true. However, it may lead to some interesting side effects... Last week, one of my colleagues was in the Waitrose supermarket near our office. When she came to pay with her credit card, she was asked to type per PIN into the keypad as normal. As the cashier was handing the receipts over, she spotted something rather odd. The itemised till receipt correctly showed the goods which she had taken from the shelves and which had been scanned in by the barcode reader at the checkout. The sales receipt, however, showed a different amount, indicating that she had been billed for the wrong amount. My colleague and the cashier realised that she had in fact paid an amount which exactly matched the value of the goods of the previous customer, who had paid by cash instead of credit card. After having spotted that there was a discrepancy, it took 20 minutes for a supervisor to sort out the mess. The RISK here would seem to be that the "chip and PIN" system is not automatically synchronised with the rest of the checkout, and that customers may be being charged for the wrong amount on an ongoing basis if the cashier is not aware to check the receipts for consistency. This morning, our local supermarket has reverted to using the signature method for checking identity. Andy Law email@example.com
Seen on the Excel-L list: (Blacked out squares indeed - somebody thought that black shading would hide text!) - - - - <Start of copied data> Westpac was forced to halt trading on its shares and deliver its annual profit briefing a day early after it accidentally sent its results by email to research analysts. Details of the $2.818 billion record profit result for the 12 months to September 30, which were due to be announced this morning, were overshadowed by concerns that some information may have been leaked to the market. The new figures were embedded in a template of last year's results and were accessible with minor manipulation of the spreadsheet. "A trading halt is not a trivial issue and therefore not a decision we took lightly," Mr Chronican said. "It is not just one error, it is a compounding of two or three errors. We will obviously be conducting a full inquiry to make sure it doesn't happen again." <end of copied data> Source: http://www.zdnet.com.au/news/security/soa/E_mail_bungle_leaves_Westpac_red_faced/0,2000061744,39220583,00.htm?feed=rss http://www.smh.com.au/news/business/westpac-jumps-the-gun-on-profit/2005/11/02/1130823280336.html - - - - Another one for the collection, from Richard on the Excel-L list: File Properties can be changed even in 'protected' workbook >Just another oh-by-the-way... > >use the workbook properties with caution. I used to store various version >info here, but later realised that this can be accessed and changed by >using windows explorer. > >Even if the structure of the workbook is password protected (preventing a >normal user from accessing the workbook properties tabs) > >Nifty eh? > >Richard > > - - - - >The EXCEL-L list is hosted on a Windows NT(TM) machine running L-Soft >international's LISTSERV(R) software. For subscription/signoff info >and archives, see http://peach.ease.lsoft.com/archives/excel-l.html . Patrick O'Beirne FICS, Systems Modelling Ltd. +353 55 22294 http://www.sysmod.com/ Spreadsheet Auditing Methodology http://sysmod.buy.ie
It always amuses me when security companies mess up their security. If you're planning to attend the RSA Conference, you can go to http://2006.rsaconference.com/us/register/travel.aspx, which points you to their travel agency at https://www.meetingpartners.com/RSA_Conf_2006/. The latter has an expired certificate. You'd think that RSA, of all folks, would ensure that their certificates are valid....
No, not the risks you're thinking of. A friend is applying to law school. He's young but knows something about computers. Law schools collaborate with the Law School Admissions Council (http://www.lsac.org) to use a single application form. This form is created using OmniForm (published by Nuance, formerly known as ScanSoft). OmniForm requires that you install an ActiveX control on your computer. This control apparently only works on Windows computers. Macs are not welcome. (So much for "Legally Blonde.") Linux and other flavors of UNIX are beyond the pale. My friend was mumbling obscenities about installing this control. The computer he was working on apparently died during the process so I took a deep breath and said he could work with my notebook computer. He dug into the application, got to the ActiveX installation screen and the control refused to install. At that point I took over (not wanting him messing with my security settings). I finally got the control to install after doing the following: - Disabling my anti-spyware software (ewido security suite). I then tried to install the control with no luck. - Setting the privacy permission for lsac.org to "allow." Again no luck installing the control. - Eliminating all security by making the security settings (Tools/Internet Options/Security/Custom Level) completely open. I enabled each and every ActiveX and other control including unsigned controls and controls marked as not safe. The control then installed successfully. Now perhaps I didn't have to go quite that far but a deadline was approaching and I really didn't want to take the time to perform the trial and error that would apparently be required to determine exactly how much security to give up. It occurs to me that this is truly THE law school admission test. If you're dumb enough to let this control install you're probably good law school material. OTOH if you don't let the control through then you're too smart to be a lawyer. (That's about all the humor I can manage after 1.5 hours fighting with this stuff. I've disconnected from the net and am running my usual four scanning programs right now.) Tony Lima, Prof. of Economics, California State University, East Bay firstname.lastname@example.org (510) 885-3889
I installed a more recent release of Linux on two desktop machines with no problems. When I tried to do a similar upgrade on my laptop I ran into trouble. The X window system produced a blank white screen instead of a functioning window system. Checking with a discussion board revealed that several other people were having the same problem, and called it several different things. It did seem to involve certain makes of video hardware. I found a pointer to a bug tracking system run by the people who produce the Linux distribution. The bug had been reported there, several times in fact, and eventually the several bugs were recognized as being the same and were merged into one. Someone had figured out which library module of the X window system was causing them problem. He suggested a work-around of replacing that module with the one from the previous release of Linux, since that would restore correct operation. Someone figured out exactly which line of code was causing the problem. It was being completely optimized away by the compiler, and needed to be executed repeatedly. He suggested a way to change the code so it would not be optimized away, or compile with less aggressive optimization, or compile with a previous version of the compiler. Changing the code was rejected on the grounds that there might be hundreds of other instances of the same code throughout the system. They would all have to be located and changed to insure correct operation. So the problem escaped being referred to the X window system people and was instead referred to the compiler people. They studied the offending line of code and discussed at some length whether it was or was not correct behavior for the compiler to optimize it away. Some were of the opinion that the problem should be referred to the keepers of the C language specification, since there was disagreement about what the compiler should do with such a line of code. But one of their number decided that ambiguity or not, updating the compiler should not break things that previously worked unless the previous behavior was demonstrably wrong; so he made a change to the compiler. This was picked up by the keepers of the Linux distribution, who made the updated compiler available and then recompiled the X window system and made that available as an update. One could argue whether they should have recompiled the entire distribution, since there is no telling how many other programs and libraries in the system might be affected by the compiler anomaly. Not doing so seems reasonable enough, since it would take resources away from fixing other bugs that have other causes.
In RISKS-23.50 ("U.S. military sites offer a quarter million Microsoft Word documents"), I wrote about the large number of Microsoft Word documents visible on US military sites (sites in the .mil domain) through Google searches. The article documented how such documents could lead to the leakage of confidential data. A week later I set up a script to watch the number of Word documents available through Google searches on various TLDs to see if and when the military would recognize the threat those documents posed and remove them. According to the data I gathered the number of Word documents in .mil sites returned by Google peaked at 1,180,000 on September 20th 2005, and then started gradually declining. Currently there are 942,000 documents online. No such decline was visible on other domains I monitored, so the change is probably not an artifact of Google's collection or query mechanisms, but an organized move by the US military. Maybe somebody understood the risk associated with these documents and was in a position to act. I've placed the charts illustrating the trends online at http://www.spinellis.gr/blog/20051109/
Please report problems with the web pages to the maintainer