Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Who would have thought a tunnel would be subject to a computer failure? But alas, after the multi-year tunnel retrofit that recently completed, it seems as if all of the tunnel systems are now controlled by a single computer system that has failed. Too many eggs in one basket... The downtown Seattle bus tunnel is closed for the night and may not be open for Tuesday's commute because of a failure of the computer system that controls tunnel operations. Transit officials are asking riders to check the metro transit Web site after 4 a.m. Tuesday morning to see if the tunnel will be open. The Web site is www.kingcounty.gov/metro <http://www.kingcounty.gov/metro>. Riders should check timetables online under the heading "When the tunnel is closed," which is the same routing buses use on nights and weekends. All of the systems in the tunnel — as ventilation, lighting and signals — controlled by a computer system installed during the recent retrofit of the tunnel. Sound Transit is responsible for that system, and is trying to fix it, a Sound Transit spokesman said. [Source: Computer failure closes downtown bus tunnel, *Seattle Times* staff] http://seattletimes.nwsource.com/html/localnews/2004078843_webtunnelclosed17m.html
On 4 April near Sydney, Australia, a loss-of-separation incident occurred between a Boeing 737 and a Airbus A330. The immediate cause of the incident was incorrect data entry by the air traffic controller. A contributing factor was that the controller was, as per normal practice, reconfiguring his workstation to his personal preferences at the time of the incorrect data entry. This task normally takes over a minute, and is a distraction from the controllers' safety critical tasks. Other jurisdictions provide an overlap between operators to allow for such tasks. http://www.atsb.gov.au/publications/investigation_reports/2007/AAIR/aair200701982.aspx
Airlines all over the world are being warned to check to make sure there's actually oxygen in their aircraft oxygen systems after an embarrassing mix-up by Qantas Airlines at Melbourne International Airport. For ten months, crews have been filling airliner oxygen systems from a nitrogen cart that's supposed to be used to fill tires. The mistake went unnoticed until a couple of weeks ago when an observant aircraft engineer spotted service workers using the cart. "He was walking around the plane and asked what they were doing. When they said they were topping up the oxygen, he said, 'No you're not, that's a nitrogen cart,'" an unnamed source told *The Age*. As anyone who works with industrial gases knows, oxygen tanks have different fittings than other gases to prevent exactly this kind of mix-up. However, when the crews discovered the fittings on what they thought was their new oxygen cart didn't fit, they swapped them for the ones on the old cart they were retiring. Of course, Australian officials are looking into the error and Qantas has been busy notifying other airlines that use its services in Melbourne. Hundreds of aircraft may be affected. http://avweb.com/avwebflash/news/NitrogenUsedToFillAircraftOxygenSystems_196776-1.html
"[..] the military is quietly working to integrate Macintosh computers into its systems to make them harder to hack. That's because fewer attacks have been designed to infiltrate Mac computers, and adding more Macs to the military's computer mix makes it tougher to destabilize a group of military computers with a single attack [..]" http://www.forbes.com/home/technology/2007/12/20/apple-army-hackers-tech-security-cx_ag_1221army.html http://preview.tinyurl.com/29xelf
[Another report from the BBC regarding 'blind' faith GPS. It boggles the mind.] Shoppers on a Christmas trip to France were taken to the wrong country after a satellite navigation blunder diverted their coach seven hours off course. Instead of arriving in Lille, France, 50 members of Cheltenham and Gloucester (C&G) Social Club were taken 98 miles (157km) away to Lille, Belgium. "Unfortunately the driver from the coach company we commissioned made a blunder on his satellite navigation." Story from BBC NEWS, 11 Dec 2007 http://news.bbc.co.uk/go/pr/fr/-/1/hi/england/gloucestershire/7139603.stm
[Now, why do you suppose they had the "power off' button to begin with?!? -p] A Sacramento County computer technician has pleaded guilty to trying to shut down California's power grid by pushing a button marked "Emergency Power Off," authorities said. Lonnie Charles Denison, 33, of South Natomas, admitted Friday in U.S. District Court in Sacramento that he went into a room at the Independent System Operator's data center in Folsom (Sacramento County) on April 15, broke a glass cover and pushed the button, prosecutors said. Denison, a contract employee at the data center, was upset with his employer, authorities said. The ISO oversees electricity purchases and distribution. Denison prevented the data center from communicating to the electricity market for about two hours, leaving the electrical power grid vulnerable to shortages, Matthew St. Amant, a California Highway Patrol officer assigned to an FBI task force, wrote in an affidavit. No blackout occurred because the incident - which cost $14,000 for 20 computer specialists to repair - happened on a Sunday, investigators said. Denison was identified by surveillance-tape footage and his security-access code, the affidavit said. He pleaded guilty to attempted damage of an energy facility, a felony. He is to be sentenced Feb. 29 by U.S. District Judge Garland Burrell. [Source: Henry K. Lee, *San Francisco Chronicle*, 16 Dec 2007, C3; email@example.com; PGN-ed] http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/12/16/BACHTVEM6.DTL (Henry
Could it be that FedEx is contemplating a move of their global operations from Memphis,TN, to Bishek, Kyrgyzstan? What are the RISKS? If FedEx were to consider Bishek as a base of operations, they would be well advised to note that SWECO's analysis did not involve components (either traffic or operational) that affect the 'bi-directional' and 'multi-directional' movement of global freight, or the possibility of the enterprise either being enhanced or enriched by the emplacement of a 'multi-point,' operation and distribution - Logistic Control System (LCS). In comparison, Santa's yearly trip as it stands, is at least thought of as being 'uni-directional' and 'load-insensitive.' Further, as an engineering firm, SWECO does not provide any information as to what sort of improvements/savings in terms of time, efficiency, reindeer food and methane emissions*** can be expected by the proposed need to re-locate... :-) Also, the SWECO Web-site prefers that clients connect using IE 5.0 or Netscape 4.7, and not a Mozilla-Firefox browser. Santa Claus should live in Kyrgyzstan http://www.sweco.se/templates/Page.asp?id=19592&print=1 *Experts at the consulting engineering company SWECO have come to the conclusion that Santa Claus should live in Kyrgyzstan. By starting his journey there, Santa can achieve the most efficient around-the-world trip to distribute Christmas gifts. He can eliminate time-consuming detours and avoid subjecting his reindeer to undue strain.* One of SWECO's areas of expertise is the use of geographic information and maps, for example to plan transports in an optimal manner. In order to calculate Santa's ideal route, they have also studied where children live, the Earth's rotation and various demographic data to find our planet's demographic centerpoint. Identifying Santa's optimal Christmas route is not just something we do for fun. SWECO uses the same technique when carrying out assignments on behalf of our clients. For example, we have helped numerous transport companies to optimise their routes as a means for shorting their driving distances, reducing negative impact on the environment and saving money, all at the same time! *Why figure out where Santa Claus should live? *This is a good exercise, and not just for fun. In recent years we have tried to think up original ideas for Christmas cards and gifts to our clients. One year we gave our clients blueprints for a gingerbread house, to highlight the fact that we have architects in the Group. This year we have chosen to show how GIS can contribute to a peaceful holiday season. *Why Kyrgyzstan? *A geographic and demographic analysis shows that Kyrgyzstan is located close to the richly populated countries of China and India and a ways up on the more densely populated northern hemisphere. This is also an ideal place to live if Santa Claus starts in eastern Asia and then continues his Christmas journey in a westerly direction. He would then be traveling against the Earth's rotation, which would give him twice as much time to deliver gifts to all of the world's children. By starting his journey there, Santa can achieve the most efficient around-the-world trip to distribute Christmas gifts. He can eliminate time-consuming detours and avoid subjecting his reindeer to undue strain." *Santa Claus has very little time to make each stop, is it really possible? *Yes, it is, but his extreme speed is also the reason why we rarely meet him. You might like to say hello, shake his hand and give him a pat on the shoulder, but by the time you get around to it he's already in the next town. *Where Santa Claus should live:* Latitude, (N)40.40 ° Longitude, (E) 74.24 ° *For more information: *Rebecka Gunner, Press Officer SWECO +46 (0)734-126675, firstname.lastname@example.org <mailto:email@example.com> [Source: Kyrgyzstan touted as ideal delivery hub for Santa, 24 Dec 2007] http://www.reuters.com/article/oddlyEnoughNews/idUSEIC47011920071224?feedType=nl&feedName=usoddlyenough *** Raymond Hainey, "Santa told to sack his gas-emitting team of reindeer," *The Scotsman*, 24 December, 2005 http://news.scotsman.com/ViewArticle.aspx?articleid=2689094
'Tis a great day for stupid computer tricks! -p Hanna Siegel, 16 DEC 2007, Wanna Change Votes in Ohio? Use a PDA and a Magnet; Study Finds Ohio's Voting System Is Seriously Flawed http://abcnews.go.com/Politics/story?id=3D4008511 Got a PDA and a magnet? You could switch votes cast in an Ohio election by connecting your PDA to the voting machine. A study conducted over a two-month period this year found that Ohio's voting systems are seriously flawed. An 86-page report released by Ohio Secretary of State Jennifer Brunner says, "The findings in this study indicate that the computer-based voting systems in use in Ohio do not meet computer industry security standards, and are susceptible to breaches of security that may jeopardize the integrity of the voting process." When Brunner was campaigning for her office seat, she promised a top-to-bottom overview of Ohio's voting system. Her findings have broad implications. With the election less than a year away, Ohio is an important swing state, decisive in returning President Bush to office in 2004. A team of researchers from Microsolve Inc., Penn State and the University of Pennsylvania found critical security failures in all five voting systems used across the state. The software is problematic, as well. The report found that servers crashed easily. Crashes in 2007 delayed results for hours. Brunner recommends that all touch-screen machines in Ohio be replaced with optical scan paper ballot machines, so that the results can be more easily verified. "We know this type of system will work because [many states] already use it," she said. Brunner was not Ohio's secretary of state when the current voting machines were purchased. When asked why flawed systems were put into operation, she replied, "I'm dealing with the system that I inherited."
http://blogs.zdnet.com/projectfailures/?p=3D541 Coming quick on the heels of a scathing voting machine report http://www.sos.state.oh.us/sos/info/EVEREST/14-AcademicFinalEVERESTReport.pdf from the Ohio Secretary of State (see Larry Dignan for details), <http://blogs.zdnet.com/security/?p=3D753> the machines have been decertified for use in parts of Colorado. According to The Denver Channel <http://www.thedenverchannel.com/politics/14875334/detail.html> : Secretary of State Mike Coffman cited security or accuracy problems in the decertified machines. A number of electronic scanners used to count ballots were also decertified, including a type used by Boulder County. Coffman said the system had a 1 percent error rate when counting ballots. ``So for every 100 ballots we tested, we found there was an error with one of those ballots,'' Coffman said. The post-election random audit on which the decertification was based: http://www.elections.colorado.gov/DDefault.aspx?tid=3D833 Detailed county-level audit results: http://www.elections.colorado.gov/DDefault.aspx?tid=3D989 Ohio and Colorado are only the latest states to experience voting machine problems. Rest assured, there are many more voting machine screw-ups and decertifications to come. Folks, this story has hardly begun.
[I got the following today--text, not HTML--purporting to be from firstname.lastname@example.org:] Your account has been temporarily inactivated due to our general security policy. In order for us to activate your account, please send the following documents: 1) Send us a copy of all Credit Cards, both front and back 2) Send us a copy of a valid identification document (passport, driver's license) 3) Send us a copy of any utility bill (bank statement, electricity, insurance) with your name and address on it. Please fax your documents to (888) xxx-xxxx. We assure you that your personal data and documents will not be transferred to third parties. Please note that all information which is sent by fax has to be clearly readable, otherwise we will need to re-request the verification documents. If you should require further assistance, please contact us again as we are at your service 24 hours a day, 7 days a week. Thank you for using PayPal The PayPal Team [Do people really fall for this? ARK] [Yes. PGN]
Interesting secondary consequences: "One witness told police someone went to another Kmart, got some applications there and was selling them in the Wauwatosa Kmart parking lot for $20 apiece." Who could predict such things? Computer Glitch Leads To Brawl At Wauwatosa Kmart; 2 People Arrested 26 Nov 2007, excerpted http://www.wisn.com/news/14697601/detail.html A melee at a Kmart store in Wauwatosa Saturday morning was started by a computer glitch. The store was running a promotion in which it would give away $10 to anyone applying for its credit card, but the computer glitch led to everyone's application being granted — bestowing up to $4,000 in instant credit to anyone who applied even if they shouldn't have qualified. Once word started to spread about the so-called "free money" Saturday, witnesses said things got pretty nuts inside the Wauwatosa store. "They were having a big fight. Two ladies was jumping a lady over credit cards," witness Sylvester Wilson said. Nearly a dozen Wauwatosa squad cars responded to the call just before 11 a.m. Saturday for what was called a large fight in progress. "It was a nice brawl. It came from inside to outside. If you go up there, you'll see hair, earrings, all pulled out on the ground," Wilson said. What started as a fight between two women in the crowded store evolved when several men intervened. A store employee got punched in the nose and crashed through a glass display case. He was treated for a broken nose and various cuts. Two suspects, a 22-year-old man and a 16-year-old boy, were arrested, accused of battery. Meantime, Kmart is still trying to clear up the credit card mess. Two employees confirmed for police that anyone who applied was being given instant credit — from $850 up to $4,000. They also told police that people started calling other people to the store for so-called free money. The store ran out of credit applications. One witness told police someone went to another Kmart, got some applications there and was selling them in the Wauwatosa Kmart parking lot for $20 apiece. Kmart would not comment on how many people got the credit cards who shouldn't have or how much merchandise they were able to buy with them. Previous Story: November 24, 2007: Brawl Breaks Out At Kmart <http://www.wisn.com/news/14682561/detail.html> Howard Israel, Corporate Security Officer, Fidessa Corporation Howard.Israel@fidessa.com <mailto:Howard.Israel@fidessa.com> (212) 320-3315
(Mellor, RISKS-24.92) The danger here is in misunderstanding what service you are buying. In Royal Mail (I've no idea what the 'In house' TNT service does) what actually happens is this: Recorded Delivery means that the package or letter goes totally untraced with regular mail until such time as it is Delivered or returned by the postman to the sorting office as Undelivered. If it is delivered it should be signed for by the recipient — upon return to office the postman hands in the delivery sheet and the item is only then entered into the system as Delivered. If undelivered, then a notice should be left and the item is only then logged into the system when the item is returned to the office. AKA *Nothing* is traced until a delivery is attempted. If the item doesn't shake out of the bottom of a bag in a sorting office somewhere, there is no more way to trace where it is during its journey than any piece of regular mail. Special Delivery, AKA what was referred to as Registered Mail (which no longer exists) is signed for, barcode traced and receives special handling throughout its entire journey from when it is posted at a Post Office to when it is delivered. The thing about Recorded Delivery is that if uncollected it must be returned to sender after 7 days and is therefore used as a legal instrument of notification in the UK.
"The department had a detailed manual covering procedures for handling the benefits database and other sensitive information. However, the manual itself was considered too sensitive to be widely distributed, so it was restricted to civil servants only, The Guardian reports." http://www.theregister.co.uk/2007/12/17/hmrc_manual/. ("Civil servants" are senior staff.) email@example.com firstname.lastname@example.org email@example.com http://victoria.tc.ca/techrev/rms.htm
The discs lost by HM Revenue & Customs were password protected with WinZip version 8, which means that encryption was used but it was relatively weak and subject to both password search and known plaintext attacks. It is very unlikely to hold up against a determined attacker. WinZip version 9 introduced an AES based approach with a conservative design that had good protection against password searches and known plaintext attacks. With a good non-dictionary password I believe this would hold up against even the most determined attack had this been used in the HMRC scenario.
It's a little troubling to me that none of the articles that seem very popular lately on "how dangerous it can be to depend entirely on your satellite navigator" make clear the point — obvious to technical people, but not always to civilians — that the problem is *actually* failures in the *mapping and routing data*, and nothing directly to do with the satellites themselves. The RISK? Well, it's a slightly obscure one; the opposite of what we usually deal with around here: it's a bad idea to *reduce* the confidence of the general public in something which really *is* pretty stable; GPS in itself is pretty accurate and doesn't break much. In case you've never noticed, almost no one ever says "run on a bank", even when that's what's actually happening. Same reason. Mass psychology. Doesn't pay to ignore it. Jay R. Ashworth, Ashworth & Associates, St Petersburg FL USA +1 727 647 1274 http://photo.imageinc.us http://baylink.pitas.com firstname.lastname@example.org
The .mobi TLD is a relatively new one, specifically to address websites for mobile browsers. The organization that runs it, promotes it and sort of makes money helping get folks' sites working has periodic auctions of some of the more in-demand names. The latest group of these ended 5 December, 2007 As detailed here: http://dotmobi.typepad.com/dotmobi/2007/12/open-letter-to.html There were some problems with it. Quoting the salient part: > We have noticed that some people seem to believe that the auction > participants who received notifications and invoices before the extension of > the auction were the highest bidders at the close of the original auction > period. > > Sedo, however, tells us that: > > a) this is clearly not true in some cases, > b) this is unlikely to be true for the names generating the most activity, > and > c) this is possibly not true for any of the auctions. > > To those points, Sedo has told us the following: > > - As the scheduled auction end approached, bidding activity > increased dramatically, creating significantly higher-than-expected traffic. > - Although the web interface slowed down for some participants, the > auction interface and bid page remained available for many or all users, and > the web servers continued to log incoming bids. > - Once the bid processing server stopped functioning properly, > however, many of those bids — both standard and proxy — did not get posted > to the bid history page. > - As a result of the server crash, another system automatically > generated email notices at 5 p.m. GMT to the highest bidder listed > on the bid history page, despite Sedo's attempts to stop that process. > - Because the bid history page did not reflect all of the valid > bids, notices were sent to some participants who were not, in fact, the > highest bidders. Some interesting information is revealed. Aside from the failure of Sedo (or, it seems /anyone/) to accurately predict and provide for capacity, is the poor capacity planning. In the broader sense, there should have been a provision for failure of this sort. My core issue here is of this phrase, "...another system automatically generated email notices at 5 p.m. GMT to the highest bidder listed on the bid history page..." This strikes me as particularly poor planning. Sending notices should probably not simply be at a time, but upon a sending of "win" status. That alone would have Even worse is the end of the same sentence, "...despite Sedo's attempts to stop that process." If true (and not simply spin in the aftermath), having no good way to stop chronjobs, or sending of data seems like a serious failure on the part of a system with a notable public presence, and an often non-trivial financial commitment on the part of the end users. Entirely aside from designing the system to post, check, and confirm data, simply planning for component outages should have revealed this failure. Capacity testing, likewise, should have been performed to failure on individual components, and likewise should have revealed this failure condition. Note that although I work in the mobile industry, I did not have a bid in on any of these domains, winning or otherwise, so have no specific stake in the outcome of this event.
Please report problems with the web pages to the maintainer