The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 24 Issue 18

Monday 6 March 2006


Cockpit usability
David Magda
Risks of using computers in airplanes
Yvo Desmedt
NJ Bill Would Prohibit Anonymous Posts on Forums
Desktop-to-mobile Malware
Peter B. Ladkin
Re: Active content: Bad idea. Bad.
Paul Wallich
Re: On learning from accidents
Hamish Marson
Jurek Kirakowski
George C. Kaplan
New Security Paradigms Workshop: Call for Papers
John McDermott
2006 USENIX Annual Technical Conference
Lionel Garth Jones
REVIEW: "Practical Internet Law for Business", Kurt M. Saunders
Rob Slade
REVIEW: "CyberRegs", Bill Zoellick
Rob Slade
Info on RISKS (comp.risks)

Cockpit usability

<David Magda <>>
Sun, 26 Feb 2006 12:00:10 -0500

A short-ish study [1] on the usability of aircraft avionics:

> The purpose of this study was to evaluate the accessibility of information
> provided by the avionics system of a technically advanced aircraft.  The
> evaluation employed a tool developed by Schvaneveldt et al. (2004) [2]
> which considers the importance of the information source when evaluating
> information accessibility.  Results showed that the TAA avionics had
> relatively little clutter but low accessibility ratings, especially in the
> area of Communication.

The interface showed to the operator is an important factor in how a system
works.  This topic has been discussed in RISKS on many occasions, but I
thought this item might be of some interest.


Risk of using computers in airplanes

<Yvo Desmedt <>>
Sat, 4 Mar 2006 11:02:15 GMT

Many years ago I told [PGN] about a Northwest Airlines airplane in Detroit
unable to take off since the computer could not boot. The airline switched
equipment (planes).  You suggested that I should have ... sent it to RISKS.

The following item was in the *International Herald Tribune*, p. 24, in "The
International Traveler Q&A", 3 Mar 2006:

  ... Los Angeles to London with American Airlines, we took off four hours
  late because of a defective computer, and then were diverted to New York
  to pick up a new computer ...  The new computer wasn't working, so we had
  to change planes.  We arrived in London nine hours behind schedule ...
  George B. Lambrakis, London

NJ Bill Would Prohibit Anonymous Posts on Forums (via IP)

<Lynn <>>
Mon, 06 Mar 2006 15:22:15 -0500 (EST)

NJ Bill Would Prohibit Anonymous Posts on Forums
Posted by ScuttleMonkey on Monday March 06, @02:06PM
from the glad-we're-not-in-nj dept.

Privacy The Internet

An anonymous reader writes "The New Jersey legislature is considering a bill
that would require operators of public forums to collect users' legal names
and addresses, and effectively disallow anonymous speech on online forums.
This raises some serious issues, such as to what extent local and state
governments can go in enacting and enforcing Internet legislation."

link to proposed bill:

IP Archives at:

  [This of course would have considerable impact on all Internet newsgroups,
  and opens up the question of liability that out-of-state moderators would
  have.  It also greatly increases the difficulties for whistle-blowers who
  might wish to publicly air vital concerns without the obvious risks of
  retribution.  Seems like a bad piece of legislation to me.  PGN]

Desktop-to-mobile Malware

<"Peter B. Ladkin" <>>
Fri, 03 Mar 2006 13:19:41 +0100

An organisation called the Mobile Malware Researchers Association has said
that it has identified (indeed, that it has a copy of) the "first" virus
that can infect both Win32 desktops and Windows Mobile Pocket PC machines
and spreads from the former to the latter.

The story was distributed by the UK IEE Newsletter this week:

MARA can be found at along with its list of

Peter B. Ladkin, University of Bielefeld, Germany  <>

Re: Active Content: Bad idea. Bad. (Slade, RISKS-24.17)

<Paul Wallich <>>
Mon, 27 Feb 2006 14:18:30 -0500

> Sorry, but if I've learned anything in almost 20 years of malware research,
> it's that active content can lead to trouble.

This seems even worse to me than to Rob Slade. Dangerous technology, and
deployed at (in significant part) the wrong end of the problem. What we'd
like isn't so much to authenticate a browser (and thus, presumably, the
person at the keyboard) to the site; what we'd like is something to
authenticate the site to the user. At the cost of telling legitimate users
they can only ever use one computer to get to their accounts, the technology
does nothing about the use of stolen personal information to establish new
accounts or to establish fraudulent first-time online access to existing
accounts. Meanwhile, it convinces users to set browser security in such a
way that sites users believe they should trust can execute (potentially)
arbitrary code. Whee.

Re: On learning from accidents (Norman, RISKS-24.17)

<Hamish Marson <>>
Tue, 28 Feb 2006 10:47:00 +0000

Back in the late 80's I was doing my degree at Massey University (NZ).  In
many Technology & Physics papers we were taught & graded mercilessly on
getting the 'error' correct for the calculations. And showing the error on
the result as well.

Everything that Don Norman says about showing the correct precision for the
calculation is correct. You lost marks in exams for this. Why have we
suddenly lost the ability to do it in real life now?

Could it be because much of this work is left up to young people who might
be great at coding, but simply don't have an understanding of the reality
behind the calculations they're being asked to program. How many people who
write software actually have relevant experience in the real world for
things they're doing? 10%? Probably less?

Re: On learning from accidents (Norman, RISKS-24.17)

<"Kirakowski, Jurek" <>>
Wed, 1 Mar 2006 11:23:46 -0000

On confidence intervals around predictions:

Don Norman's well-written piece on learning from crash accidents
(RISKS-24.17) highlights the major risk here but skirts around it a little,
perhaps for sound, rhetorical effect. It is required engineering practice,
and indeed in courts of law the same principle is applied to expert
evidence: show the tolerance factor. What is the likelihood of error? How
sure are you?

If you produce a prediction without assessing the confidence interval around
the prediction you have just shown that you don't understand the problem you
are trying to solve. If you can't answer the "likelihood of error" question
in a court of law, then your status as an expert witness can be seriously

It has been said that the human race did quite well for several millions of
years without statistics and confidence intervals. Well, it's time to grow
up. The major RISK is that many people, even some so-called experts, fail to
understand this principle.

Re: On learning from accidents (Norman, RISKS-24.17)

<"George C. Kaplan" <>>
Wed, 01 Mar 2006 11:38:41 -0800

> I have seen this problem before: overly precise computations
> produce more trust than is warranted.

I collect slide rules as a hobby.  One common topic in discussions with
other collectors: Modern calculators and computers make it too easy to fall
into the false-precision trap (e.g. 10-digit answers to problems with
3-digit input data).  It's harder to do this with a slide rule, partly
because of the limited precision of the instrument, but also because the
scales graphically illustrate the decreasing significance of the rightmost
digits.  Successively finer scale divisions are squeezed closer together,
but all digits on a calculator display are equally prominent.

> I propose a design rule: never give an answer with more precision than is
> warranted. Ideally show locations on a map as a smudge, the size
> comparable to the statistical likelihood.

An excellent suggestion: Use an analog display to illustrate the limited
precision that's obscured by the bare digital display.

Aviation is one of the few fields in which slide rule-type devices are still
in common use, primarily as backup calculators in case the electronic
systems fail.  So it would be ironic if overly precise digital computations
were a contributing factor in the Southwest Airlines crash.

George C. Kaplan, Communication & Network Services, University of California
at Berkeley 1-510-643-0496

New Security Paradigms Workshop: Call for Papers

<"John McDermott (US Navy Employee)" <>>
Tue, 28 Feb 2006 14:50:08 -0500

Schloss Dagstuhl, Germany, September 18-21, 2006
Submissions due 26 March 2006

NSPW is a unique workshop that is devoted to the critical examination of new
paradigms in security.  Each year, since 1995, we examine proposals for new
principles upon which information security can be rebuilt from the ground
up.  We conduct extensive, highly interactive discussions of these
proposals, from which we hope both the audience and the authors emerge with
a better understanding of the strengths and weaknesses of what has been

In his seminal book "The Structure of Scientific Revolutions", Thomas Kuhn
describes the progress of science as "a series of peaceful interludes
punctuated by intellectually violent revolutions." These revolutions, which
he called "paradigm shifts", are periods during which "one conceptual world
view is replaced by another."

A paradigm shift is thus not an incremental contribution to an established
branch of science; it is an attempt to replace the fundamental dogma of a
branch of science with a different, and completely incompatible, set of core

The New Security Paradigms workshop is dedicated to the proposition that
what Kuhn called "anomalies" - signs that the prevailing paradigm can no
longer explain phenomena observed in the real world - are already visible in
the science of information security, and, indeed, that the anomalies are so
obvious and so serious that the prevailing information security paradigm is
or soon will be in crisis.  NSPW aspires to be the philosophical and
intellectual breeding ground from which a revolution in the science of
information security will emerge.

We solicit and accept papers on any topic in information security subject
to the following caveats:

1) Papers that present a significant shift in thinking about difficult
   security issues are welcome.
2) Papers that build on a recent shift are also welcome.
3) Contrarian papers that dispute or call into question accepted practice or
   policy in security are also welcome.
4) We solicit papers that are not technology-centric, including those that
   deal with public policy issues and those that deal with the psychology
   and sociology of security theory and practice.
5) We discourage papers that represent established or completed works as
   well as those that substantially overlap other submitted or published
6) We discourage papers which extend well-established security models with
   incremental improvements.
7) We encourage a high level of scholarship on the part of contributors.
   Authors are expected to be aware of related prior work in their topic
   area, even if it predates Google.  In the course of preparing an NSPW
   paper, it is far better to read an original source than to cite a text
   book interpretation of it.

Our program committee particularly looks for new paradigms, innovative
approaches to older problems, early thinking on new topics, and
controversial issues that might not make it into other conferences but
deserve to have their try at shaking and breaking the mold.

Participation in the workshop is limited to authors of accepted papers
and conference organizers. Each paper is typically the focus of 45
to 60 minutes of presentation and discussion. Prospective authors are
encouraged to submit ideas that might be considered risky in some other
forum, and all participants are charged with providing feedback in a
constructive manner. The resulting intensive brainstorming has proved to
be an excellent medium for furthering the development of these ideas. The
proceedings, which are published after the workshop, have consistently
benefited from the inclusion of workshop feedback.

We welcome three categories of submission:

1) Research papers. These should be of a length commensurate with the
   novelty of the paradigm and the amount of novel material that the
   reviewer must assimilate in order to evaluate it.

2) Position papers. These should be 5 - 10 pages in length and should
   espouse a well reasoned and carefully documented position on a security
   related topic that merits challenge and / or discussion.

3) Discussion topic proposals. Discussion topic proposals should include an
   in-depth description of the topic to be discussed, a convincing argument
   that the topic will lead to a lively discussion, and supporting materials
   that can aid in the evaluation of the proposal.  The later may include
   the credentials of the proposed discussants.  Discussion topic proposers
   may want to consider involving conference organizers or previous
   attendees in their proposals.

Submissions must include the following:

1) The submission in PDF format, viewable by Adobe Acrobat reader.

2) A justification for inclusion in NSPW. Specify the category of your
   submission and describe, in one page or less, why your submission is
   appropriate for the New Security Paradigms Workshop. A good justification
   will describe the new paradigm being proposed, explain how it departs
   from existing theory or practice, and identify those aspects of the
   status quo it challenges or rejects.  The justification is a major factor
   in determining acceptance.

3) An Attendance Statement specifying how many authors wish to attend the
   workshop.  Accepted papers require the attendance of at least one author
   for the entire duration of the workshop.  Attendance is limited, and we
   cannot guarantee space for more than one author.

No submission may have been published elsewhere nor may a similar submission
be under consideration for publication or presentation in any other forum
during the NSPW review process.

The submission deadline is Monday, 26 March 2006.
Notification of acceptance will be Monday, 28 May, 2006.

See for details of the workshop policies and
for submission procedures.

John McDermott, Publicity Chair, New Security Paradigms Workshop '06

  [Slightly pruned for RISKS.  This is a very important workshop.  PGN]

2006 USENIX Annual Technical Conference

<Lionel Garth Jones <>>
Mon, 06 Mar 2006 14:37:05 -0800

2006 USENIX Annual Technical Conference
May 30-June 3, 2006, Boston, MA
Early Bird Registration Deadline: May 12, 2006

We're pleased to invite you to attend the 2006 USENIX Annual Technical
Conference. This year we're offering 5 days of training running alongside a
3-day conference program filled with the latest research, security
breakthroughs, and practical approaches to the questions and problems you
wrestle with. You'll also have many opportunities to chat with peers who
share your concerns and interests.

--- Training: Tuesday-Saturday, May 30-June 3, 2006
USENIX '06 offers 5 days of tutorials led by highly respected
Instructors covering crucial topics including:

* Measuring Security,  Dan Geer
* Ajax and Advanced Responsive WebApp Development, Alex Russell
* Administering Linux in Production Environments, AEleen Frisch
* Building a Logging Infrastructure and Log Analysis for Security, Abe Singer
* Defense Against the Dark Arts: Repelling the Wily Hacker, Bill Cheswick

To view the entire training program, see:

--- Technical Sessions: Thursday-Saturday, June 1-3, 2006
The 3-day technical program begins with the keynote address: "Planetlab:
Evolution vs. Intelligent Design in Planetary-Scale Infrastructure," by
Larry Peterson, Princeton University and PlanetLab Consortium, and includes
other Invited Talks of note, such as:

* Plenary Session: "Why Mr. Incredible and Buzz Lightyear Need Better Tools:
  Pixar and Software Development," by Greg Brandeau, Vice President of
  Technology, Pixar Animation Studios

* Closing Session: "Real Operating Systems for Real-time Motion Control," by
  Trevor Blackwell, CTO, Anybots

* Peiter "Mudge" Zatko, BBN Technologies, on "Success, Failure, and
  Alternative Solutions for Network Security"

* Matt Welsh, Harvard University, on "Deploying a Sensor Network on an
  Active Volcano"

* And more!

The Systems Practice and Experience track is the premier forum for
presenting the latest in groundbreaking research. Be among the first to
check out the latest innovative work on the topics you need most. Check out
the full technical program at:

Finally, don't miss the opportunity to pose your toughest questions to the
experts in the Guru Is In Sessions. Mingle with colleagues and leading
experts at the Birds-of-a-Feather sessions and at the various evening social
events, including a Poster Session & Happy Hour, vendor sessions, and an
off-site conference reception.

USENIX '06 promises to be an exciting showcase for the latest in innovative
research and cutting-edge practices in technology. We look forward to seeing
you in Boston in May. Register today at:

On behalf of the USENIX '06 Organizers,

Atul Adya, Microsoft
Erich Nahum, IBM T.J. Watson Research Center
USENIX '06 Program Co-Chairs

2006 USENIX Annual Technical Conference
May 30-June 3, 2006, Boston, MA
Early Bird Registration Deadline: May 12, 2006

REVIEW: "Practical Internet Law for Business", Kurt M. Saunders

<Rob Slade <>>
Mon, 13 Feb 2006 08:01:36 -0800

BKPRILFB.RVW   20051117

"Practical Internet Law for Business", Kurt M. Saunders, 2001,
1-58053-003-6, U$73.00
%A   Kurt M. Saunders
%C   685 Canton St., Norwood, MA   02062
%D   2001
%G   1-58053-003-6
%I   Artech House/Horizon
%O   U$73.00 800-225-9977 fax: 617-769-6334
%O   Audience s- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   162 p.
%T   "Practical Internet Law for Business"

The preface states that this book is intended to allow business and
system managers to understand the legal issues surrounding electronic

Chapter one provides a brief and basic historical overview of the
Internet, stressing the decentralized nature, and the fact that nobody
is in charge.  Jurisdiction, and the rulings in regard to it, are
discussed in chapter two.  (Somewhat ironically, in view of the topic,
while international decisions are mentioned, the material is
definitely oriented to the legal system of the United States.)
Encryption is the topic of chapter three, which deals with export
controls on cryptographic software (even though the regulations have
been extensively liberalized) and electronic signature laws (even
though many of these laws allow for completely unencrypted
"signatures").  Chapter four very briefly examines the issue of trade
secrets, seemingly without much relation to the Internet.  Trademarks,
on the other hand, do have a great deal of relevance to the net in
cybersquatting cases and the like, and are addressed in chapter five.
Some of the material on copyright, in chapter six, repeats content
dealt with in chapter five.  Chapter seven provides an interesting and
detailed examination of email privacy in the workplace.  Chapter eight
is rather vague, since its definition of "online crime" is not very
specific.  (Some of the case law presented is also reported
simplistically: the account of United States vs Thomas, for example,
does not deal with the issue of community standards that made the
material legal in California but not in Tennessee.)  The book closes
with patent law, in chapter nine (oddly separated from the other
intellectual property topics in chapters four to six), most of which
deals with the non-patentability of software.

This work is a lot about law, and not very much about the Internet.
How practical it may be is a question that individual readers will
have to answer.

copyright Robert M. Slade, 2005   BKPRILFB.RVW   20051117    or

REVIEW: "CyberRegs", Bill Zoellick

<Rob Slade <>>
Mon, 06 Mar 2006 11:14:05 -0800

BKCBRRGS.RVW   20051202

"CyberRegs", Bill Zoellick, 2002, 0-201-72230-5, U$39.99/C$59.95
%A   Bill Zoellick
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2002
%G   0-201-72230-5
%I   Addison-Wesley Publishing Co.
%O   U$39.99/C$59.95 416-447-5101 fax: 416-443-0948
%O   Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   307
%T   "CyberRegs: A Business Guide to Web Property Privacy and Patents"

The introduction states that the nature of the Web is in flux.  Those who
take too strong and doctrinaire a stance on the character of the Internet
will be subject to failures in their attempts to do business there.  In
addition, the author states his opinion, based on the research conducted for
the book, that attempts to apply regulation to the net should be sparing.

Part one deals with copyright.  Chapter one reviews the past history of
copyright legislation and purposes, and also the recent case of Napster.
(The book was completed before the Napster case concluded.)  "DVD Jon" and
the DeCSS case is the topic of chapter two.  The author's experiences with
the publishing and sale of special reports forms the basis for an
examination of licensing, in chapter three, and also the balance of rights
between publisher and user/consumer.  The development and shift in copyright
regulations and perspectives is given in chapter four.  Chapter five lists
further reading on the topic: an annotated bibliography of text and online
sources.  The works are well chosen and the annotations provide good
overviews of the material.

Part two addresses patents.  Chapter six outlines the Amazon "1-Click"
patent, and the issue of an idea versus a specific implementation.  A
variety of other patents and lawsuits are examined in chapter seven.
Chapter eight deals with the issue of patentability of an entity or item.
The issue of patenting business methods is dealt with in chapter nine.
Chapter ten examines the impact of patents on the Internet.  Walker Digital
and the business of creating and holding business patents is in chapter
eleven.  Recent US legislation amending patent concepts and applicability is
covered in chapter twelve.  Chapter thirteen opines about the future and
fourteen closes off the topic with the reference section.

Part four surveys electronic signatures and the E-Sign act.  Chapter fifteen
discusses the provisions of the act itself, including the fact that it
doesn't (in any significant way) define what an electronic signature can be,
thus obviating the need for many of the functions of a signature.  (This is
followed by a brief section entitled "A Deeper Look" that explains the
technical concept of digital signatures.)  Business will increase because of
the act, says chapter sixteen.  Chapter seventeen makes the case (rather
weakly, perhaps) that E-Sign is a good act, because it doesn't impede
allowable technologies.  Eighteen is the references chapter for electronic

Part four moves in on privacy.  Chapter nineteen cites a couple of cases of
the market for private information.  US legal precedents regarding the right
to privacy are in chapter twenty.  Consumer concerns, in chapter twenty-one,
are followed up by "A Deeper Look" at cookies and Web bugs, and by another
on the Platform for Privacy Preferences Project (P3P).  US legislative moves
regarding privacy are discussed in chapter twenty-two.  (It is interesting
to note that Zoellick quotes a legislator stating that privacy acts would be
passed before 2002.  This did not happen.  In addition, of the various
aspects discussed in the chapter, bill S.1789, before the Senate as this
review is being written, addresses only access and enforcement.)  Chapter
twenty-three tries, without much success, to propose a framework for
privacy.  Again, twenty-four contains references.

An epilogue finishes out the book by opining that businesses can, and
should, work at understanding the Web better, so that they can shape its
future development.  As long as they develop it the way the author suggests.

Oddly, this work does not seem to add materially to other discussions of
Internet law.  That it examines intellectual property issues in such depth
is interesting, but not illuminating.  However, Zoellick does have a much
more engaging writing style than other authors who have written on legal
topics in relation to the net, and the text is much more readable than most
such books.  There is a good deal of valuable information in this volume on
the subjects examined: but there is a lot of opinion as well.

copyright Robert M. Slade, 2005   BKCBRRGS.RVW   20051202    or

Please report problems with the web pages to the maintainer