Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
My note in RISKS-23.96 on 20 years of putting out issues of the ACM Risks Forum has led me to reflect further on what we have accomplished in the way of progress and what remains to be done. The basic problems considered here keep recurring. Whatever progress might be made in computer-related technologies and their applications has not been reducing the threats, vulnerabilities, and risks related to the systems upon which we individually and as a civilization depend most. Overall, this leads me to a sense of frustration that the Risks Forum has been largely preaching to the choir, and that our message is not getting through to those who really need it most. All of you regular RISKS readers are likely to be totally unsurprised by the items that you read here --- they are just more of the same. Occasionally we might gain a new convert in the understanding of the depth of problems of what is wrong and what is needed to meaningfully address those problems. Somehow we need to be able to reach out professionally and effectively beyond the RISKS audience. I have testified at least a dozen times for governmental bodies on RISKS-related issues, but always have a gnawing feeling that these efforts fall on deaf ears or are largely ignored by brains that are preoccupied with other concerns. There are quite a few of you in the academic community who have consistently represented the best principles that might be gleaned from the RISKS experiences, such as Peter Denning, Rebecca Mercuri, Dave Parnas, and Jerry Saltzer, to name just a few. There are also quite a few of you working for commercial companies who have done the same, such as Jim Horning. There are also a few organizations that are able to gather dedicated people and financial resources to keep pressures up on certain aspects of the RISKS problems — for example, EPIC, EFF, and CDT on the legal issues relating to privacy and human rights. Beyond that, there are just a few of our RISKS readers who operate essentially on a pro-bono basis with effectively no funding at all. Notable among these is Lauren Weinstein, who as many of you know has been a very long-time contributor to RISKS and a wide variety of other venues, and the most prolific guest columnist for my CACM Inside Risks series. Because he has no ongoing institutional support, his continuing time spent and efforts in these areas have been decidedly to his own financial detriment, to the extent that merely keeping the lights on is literally an issue for him these days. Despite this circumstance, he has been strongly advocating a new outreach project that I believe could be very important not only toward making genuine progress in RISKS-related matters but in other areas of concern as well. He believes — and I do too — that those of us who worry about risks, hype, propaganda, distortions, and the general demise of scientific and realistic thinking have been outflanked by well-funded, vested interests who have everything to gain from maintaining the status quo. Further, making real progress against such entrenched forces means moving outside of the confines of preaching-to-the-choir Internet mailing lists and Web sites. When we can occasionally create sensible public discussions of hype-free facts about technological risks, effects of technology on society, privacy, security, and many other related topics, the response is generally enthusiastic and usually not politically biased. Most often we hear, "Why has nobody told us about this before!" We both agree that a significant nonpolitical, media-based outreach may represent the best hope of making some real progress, by directly reaching the vast audiences who all too often have been misled about what's really going on. Few of these persons can be expected to subscribe to RISKS or other such forums, especially because they are unlikely to even realize that many of these problems exist. Thus, it is necessary to go to the commercial broadcast media from which most people get their information and misinformation. Commercial radio is clearly a key medium to this end, whereas public broadcasters such as National Public Radio generally have very limited program schedules and do not reach the full spectrum of listeners of concern. The essence of Lauren's project idea is to achieve a significant outreach push into commercial radio, with the aim being to provide various forms of programming that would ``tell it like it is'' but not be politically biased yell-fests. Lauren has the necessary on-air broadcasting and production experience (many of you have heard his various commentaries and other works over the years), and the required technical abilities. I feel that this is an excellent approach and would be very valuable, but Lauren simply cannot move forward along these lines unless there is some source of significant funding — advertisers, underwriters, "angels", or other interested parties — to seed and keep the project going long enough to build a following among stations and listeners. Lauren takes pains to point out that this would be a significant effort that would require a considerable period of time, and that there's no guarantee of success. I feel that it would be well worth the effort for him to forge ahead with this (or related efforts that would usefully move these issues forward), if suitable funding can be found. Please let Lauren (lauren@vortex.com) and me (neumann@csl.sri.com) know if you, or other organizations or entities, might be interested in helping to make this happen. Thank you. PGN
A U.S. Customs database system in Virginia shut down for about 5.5 hours beginning around 6pm on 18 August. The system is used to process incoming international air passengers, but its absence caused havoc at Miami International Airport, where up to 2000 people were waiting to clear immigration. Airports in the NYC area were able to use backup systems. [The cause was subsequently blamed on a virus, according to lisa Orkin Emmanuel, Associated Press/AP Online, 22 Aug 2005; PGN-ed]
Planetary Astronomer Michael Brown, one of the co-discoverers of various Kuiper Belt Objects, including Sedna, the really distant one, recently announced the discovery of a Kuiper Belt Object even larger than Pluto. His web-page indicates why he released the information about the discovery earlier than planned: http://www.gps.caltech.edu/~mbrown/planetlila/#discovery He became concerned late in July, after he had learned that the computers that controlled the telescopes his team used for their observations kept publicly searchable logs of where the telescopes had been pointed. (From his description it sounds to me as if these logs must also contain a code for what they were looking at.) Brown also realized that they had used some of their codenames in the publicly available abstracts for some upcoming talks. A call to the Minor Planet Centre revealed that someone had recently used a tool the MPC provides to plot the location of his team's tenth planet for that very night! A hurried press conference followed.
Up to 300 radiotherapy patients were turned away from a hospital in Bebington, Merseyside, UK, after a computer virus infected equipment. http://news.bbc.co.uk/1/hi/england/merseyside/4174204.stm
Using an airman's log-in information to access the online Assignment Management System (AMS) and download data from it, someone gained access into an Air Force personnel system and accessed individual information on about half of its officers and "a handful" of its noncommissioned officers. The Air Force has started notifying more than 33,000 service personnel of the security breach, according to a statement. ... Air Force officers can log in at www.afpc.randolph.af.mil/vs to see if their information was compromised. The service will call the enlisted members whose information the hackers viewed. [Source: Hacker nabs Air Force personnel data, Frank Tiboni, *Federal Computer Week*, 19 Aug 2005] http://www.fcw.com/article90229-08-19-05-Web
Thirteen high-school students in the Kutztown Area School District (Pennsylvania) face felony charges of tampering with computers after defeating security measures on laptops issued to them by the school district. They used administrator passwords (taped to the backs of the computers) to override Internet filters and download software such as iChat that the district policy forbids. The laptops included an application that allowed district administrators to see what students did with the computers. However, the students modified the monitoring program so that they could see what the administrators did with their computers. The students and their parents argued that the felony charges are unwarranted, but, according to the district, students and parents signed acceptable use policies that clearly state what activities are not allowed and that warn of legal consequences if the policy is violated. The students continued to violate district policies for use of the computers even after detentions, suspensions, and other punishments, according to the district. Only then did school officials contact the police. [*Wired News*, 9 August 2005; PGN-ed] http://www.wired.com/news/technology/0,1282,68480,00.html
Ryan Block, Cellphone carriers can listen in through your phone, Aug 5, 2005, http://cellphones.engadget.com/entry/1234000563053276/ We're always a little wary of that very blurry line between protection of the general public and infringements on basic civil liberties, but it would appear that according to the Financial Times by way of the Guardian, at least one UK cellphone carrier not only has the power (and mandate) to remotely install software over the air to users' handsets that would allow for the kind of monitoring we thought only perverts and paranoiacs had access to: picking up audio from the phone's mic when the device isn't on a call. While don't think the backlash on this one has really gotten underway yet, and though we do hate to rock a cliche', we can't help but be reminded of that classic Benjamin Franklin quote, ``They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.'' What's worse, a cellphone carrier and The Man are gonna take it from us without our permission on the sly?
First some background. I have signed up with my local gas company (Peoples Gas) for online payment and billing. As part of the process they, of course, require my e-mail address. In late May I received a postal letter informing me of their need to perform an inspection of my inside lines under threat of being disconnected if we failed to comply. Naturally, I scheduled an appointment. A technician came and mechanically sniffed the joints in the line said thanks and walked out the door. Fast forward to a much more recent day. Via the e-mail address which I signed up for online service with them, I receive a letter admonishing me for failing to allow the mandatory inspection. I was again threatened with disconnection for failure to comply. Knowing that I had previously had the inspection completed, I replied to the message stating exactly that. The e-mail bounced from their system as undeliverable. I called the phone number provided in the message, only to be connected to an automated system for setting an appointment with no obvious way to reach an operator. At this point, you may think that my complaint is in not being presented with an audit record at the time of inspection. Or perhaps, I am frustrated that there was no clearly defined way to break out of the process or way for me to indicate that my inspection had already been performed. You would be incorrect. You see, what I haven't yet mentioned is that they had addressed that message to me by placing my e-mail address on the CC line. But it wasn't just my e-mail address there, it was the e-mail address of everyone (well I guess only half of them actually as the list began with purplerose3637@*********.net; PWOODWARD1966@*****.com and ended with zedwards@***.com; zoldowski@********.net) receiving the notification. Yes, that is correct, I now have the e-mail address for ~240 people who are in risk of having their gas disconnected. The privacy policy on their web site (http://pecorp.com) states "We will never willfully sell, trade, rent, disclose, or make available personally identifiable information to any third party without first receiving your permission, except when we believe in good faith that the law requires it, or to protect the rights or property of Peoples Energy." The risks? I'll let you decide....
[Originally submitted 2005-07-07, but lost in the shuffle. PGN] The International Earth Rotation Service (IERS, http://www.iers.org) just announced a UTC leap second for the end of 2005, specifically at 2005-12-31T23:59:60Z (see http://hpiers.obspm.fr/eoppc/bul/bulc/bulletinc.dat). The previous leap second was 7 years before, at 1998-12-31T23:59:60Z, which was before Y2K! In contrast, from UTC's inception in 1972 through 1998, leap seconds were fairly common, occurring every 0.5 to 2.5 years. UTC is the basis for civil and military timekeeping worldwide. It is transmitted in coded radio time signals like WWV, and it is used by Russia's navigation satellites GLONASS (http://www.glonass-center.ru/stime.html), which therefore must accommodate leap seconds. However, GPS satellites use a continuous timescale that does NOT have leap seconds. THE RISKS? * In the 7 years since the last leap second, maintainers of systems and software that are UTC-aware may have forgotten how to properly handle a leap second, whether it is done manually or automatically (e.g. by synchronization with WWV, or with time servers that properly handle the leap second). * Newer systems and software have never encountered a leap second, unless via thorough testing. Some systems may have omitted consideration of leap seconds altogether! * Potential downtime or errors due to the need to do a manual update, or due to incorrect automatic updating. * Consequences of forgetting that the leap second occurs simultaneously around the world, regardless of local time zone. In New York, the leap second will occur at 7PM (actually, 18:59:60) on New Year's eve, and in Moscow, it will occur at 3AM (02:59:60) New Year's Day. Dave Glicksberg — glicksbergd AT eh see em DOT oh are gee — MY OPINIONS ONLY
A friend of mine here in L.A. — a middle school teacher in the Los Angeles Unified School District for around 30 years — sent me the note below. LAUSD is the second largest school district in the country, and is embarking on a computerization project that has many teachers concerned. The driving force appears to be the desire to obtain every last possible attendance dollar per student, despite the risks that appear obvious even to persons who are not computer experts. - - - - Thought you would want to hear about the latest L.A. school district new program for attendance taking and report card grades. It rolled out earlier this year at some schools already and should be debuting soon at many secondary schools by October. Every teacher has been mandated to set up an LAUSD e-pal account so that we can now do on-line attendance taking and grades. We were promised to have an additional brand new computer installed in our classrooms over the summer. All rooms were wired prior to summer vacation. Next semester we are being asked to take and report by computer attendance for every single class in real time, period by period, by logging into our e-mail account and using our issued password. Many teachers are a bit nervous about adjusting to the new requirement and the time away from focusing on instruction. We were warned to protect our password as if our career depended on it, keeping in mind what an evil-minded child could do on the system if our password got into their hands. The whole program originally named ISIS (after an Egyptian goddess) was just changed to LAUSDMAX. Their hope is that time and paper will be saved. I am a bit nervous about having to run to my attendance computer multiple times a day, especially when my school like most others can have multiple tardy students during a typical period which would require attendance adjustments for accuracy. I hope the district knows what it is doing and is not backing itself into another financial disaster. Can you imagine the problems substitute teachers will face? You would think they would be smart and just ask us to do the attendance in just one sitting at the end of the school day. Teachers are waiting to see if they make us maintain a paper rollbook as well. Will we be doing more or less work?
> The F/A-18 Hornet has had a series of recent accidents many of which are > being attributed to a very thin $535 electrical cable that controls the > antiskid brakes ... Where "recent" dates back to 1990? There may well be a problem, but 24 accidents in 15 years is hardly "a series of recent accidents". As the Navy spokesperson said, every significant accident involved failures by the pilots to follow procedure (notably one pilot not knowing how to use the emergency brakes!). I don't know that this is a Risk In Computing. [REMINDER: Risks in the Use of Computers are often interface problems, educational problems, training, experience, etc. PGN]
I recently applied for and got an account on a moderately sensitive government computer system that's accessed over the Net. You apply by sending various information (such as name & address, but not SSN) to them by e-mail. A person then reviews the request, and sends you back the account information. Two interesting things: 1. When my account was issued, the username and password were sent in two separate e-mail messages. That's a good practice (certainly not foolproof, but better than sending in one message). However, they were sent just seconds apart from the same address and to the same recipient address, which dramatically reduces the value of separating them. Doubtless, someone said "it's dangerous to send them together", but didn't consider that sending the impact of sending them at the same time. 2. The password is a fairly high quality value (seven random-looking letters and numbers, but no special characters). However, it's not changeable. So, my sensitive password came via e-mail, most likely will get written down, and can't be changed. Now *that's* a secure system!
The Cambridge Evening News reported yesterday ("Phone Pirates in seek
and steal mission" 17th August 2005) that several laptop computers have
been stolen from car boots (automobile trunks for US readers) in
Cambridge (UK). The article claimed that "Bluetooth" was used to detect
the laptops presence. While the thefts appear related, the claimed modus
operanti seems unlikely as short range wireless would be inactive unless
the laptops were powered on (to be fair, the article also mentioned
"other electronics"). The risk: thinking your devices are safe in the
car boot when they don't have wireless.
The article from RISKS-23.95 with subject Risks of REAL ID and the linked *The Boston Globe*/Associated Press article are incorrect. The REAL ID Act doesn't require states to do anything. The law states only requirements for use of a state-issued driver's license, or any other identification card, as a Federal ID. In the words of the law itself: "(1) IN GENERAL. Beginning 3 years after the date of the enactment of this division, a Federal agency may not accept, for any official purpose, a driver's license or identification card issued by a State to any person unless the State is meeting the requirements of this section." If a state intends its driver's licenses to be used *only* as driver's licenses, it need do nothing. [This could lead to some curious results. If every state were to claim that its licenses are to be used only as licenses, then all state elected officials could not use their drivers' licenses to board commercial aircraft. Or the Feds might just say that those state licenses must be considered as de facto Federal IDs (whether or not they actually satisfy the requirements). PGN]
Scott Peterson <scottp4@mindspring.com> wrote (in Risks 24.01)
<> Given some of the stories that have been posted here about the problems with
<> electronic navigation systems, the mind boggles at the potential for
<> disaster in this decision. [SP]
The biggest problem is the same one that applies to paper charts and
modern navigation technologies. GPS shows you where you are on the
planet's surface, not where you are on the chart. Cross up your datums
and things are just as apt to go "bump" in the night ...
Once again, the mediation is the same melody: "Never place all of your
trust in a single system" whether that system is GPS, ECDIS or a
lightning detector.
So long as running into things continues to be a "career limiting move"
for the commanding officer, I suspect the Navy will continue to be very
good about cross checking what different navigation inputs claim for the
ship's position.
For commercial shipping, with it's much smaller crews, and civilian
sailors, the level of faith placed in a GPS and chartplotter scares me.
Peter G. Neumann <neumann@csl.sri.com> added (in the same Risks digest):
<> Risks might occur when their Net connection is down and they cannot get
<> their updated maps online! Remember the sub that ran into a rock. I wonder
<> whether that rock has ever shown up on an online map since then?
Charts are updated with a system of "Notices to Mariners" and "Local
Notices To Mariners." They are published on a weekly or monthly basis,
available electronically, or by snail mail. With paper charts, the
information then needs to be (accurately!) transcribed onto the chart.
Given this time lag, one's net connection would have to be pretty solidly
down for ECDIS-N to not be an improvement on the older system. (Not that
I put that beyond the USN's capability, mind ...[1])
[1] Snotty remark from a former USCG navigator!
[Later note:
You might find the USCG's E-Nav website interesting (or some of
your readers may):
http://www.navcen.uscg.gov/enav/default.htm
]
I need to take issue with Rob Slade's review of Brian Carrier's new book. File System Forensic Analysis is really an excellent book. It not only is the first to go into the topic, but it has so much detail that it is likely to be of invaluable assistance to both practitioners and researchers for many years to come. I am completely baffled by Slade's criticism of the book taking a while to get to technical details, and his complaint that the book is uneven. Brian's book is specifically designed to be approachable to both a person who is new to the field and a seasoned expert. it does a great job with this goal. Indeed, if there was no introductory material, I image that Slade would have criticized File System Forensic Analysis for being impenetrable or unusable for people new to the field.
Please report problems with the web pages to the maintainer