The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 24 Issue 83

Thurs 27 September 2007


Air traffic radar and radio outage hits flights
Robert P. Schaefer
Excel can't multiply
Steven M. Bellovin
FIA blunder reveals secrets: obscured material viewable
Ben Moore
Deploy first, test later
Steven M. Bellovin
Redacted material still viewable
Ben Moore
Fake blogs and search engines
Gadi Evron
Silly "Bad Words" filter
Reinhard Kopka
29th IEEE Symposium on Security and Privacy
Cipher Editor
REVIEW: Endpoint Security, by Mark S. Kadrich
Richard Austin
Eugene Miya <>
Have you seen *Beautiful Code*? Awesome new book
Eugene Miya
Software Maintenance - A Management Perspective"
Info on RISKS (comp.risks)

Air traffic radar and radio outage hits flights

<"Robert P. Schaefer" <>>
Wed, 26 Sep 2007 12:36:41 -0400

A three-hour failure in three long-range air-traffic radar systems and radio
communications in Memphis on 25 Sep 2007 caused the FAA immediate problems
with 150 aircraft and subsequently affected perhaps 1000 planes in eight
southeast/midwest states.  Memphis-area regional controllers had to use
their personal cell phones to contact controllers at other facilities.  "The
outage was the latest in a string of embarrassing air traffic control
equipment and other problems this past spring and summer that spotlighted
the aging system that handles thousands of flights daily."  [Source:
Reuters, 25 Sep 2007: PGN-ed]

  [Also noted by Ben Moore.  PGN]

Excel can't multiply

<"Steven M. Bellovin" <>>
Thu, 27 Sep 2007 15:51:12 +0000

According to a *NY Times* blog (Pogue's Posts), Excel 2007 for Windows
doesn't cope properly when multiplying two numbers that should yield
65535 (
Instead, it gets 100,000.

For a very nice explanation and discussion of its relevance, see
Joel Spolsky, Joel on Software blog

FIA blunder reveals secrets: obscured material viewable

<"Ben Moore" <>>
Tue, 25 Sep 2007 01:20:58 GMT

Sometimes redacting just isn't enough! Especially if you don't know what
you're doing.

Formula-1's governing body has apparently blown of dozens more McLaren and
Ferrari secrets.  Technical and financial information in 200 pages of World
Motor Sport Council transcripts had been redacted, but the blackened pdf
text was of course easily copy-pasted and recovered.  Although later removed
from the website, the cat was out of the bag -- including technical team and
car details, suspended McLaren chief designer Mike Coughlan's annual salary,
the precise weight distribution of the MP4-22 and systems adopted by
Ferrari, the "philosophy of variable brake balance systems on both the
McLaren and the Ferrari", and details about Ferrari's unique method of
inflating its tires.

Deploy first, test later

<"Steven M. Bellovin" <>>
Tue, 25 Sep 2007 21:16:45 +0000

RISKS readers are familiar with the difficulty of deploying new software
systems.  Even with the best will in the world, some things with just break.
In an effort to forestall this, Arizona State University decided to act like
a 90s-style .com: deploy first, even if the software is buggy, try to cope
with the problems, and fix the code later.  As I read the Wall Street
Journal story (for subscribers,,
it didn't work very well.  3,000 employees were unpaid or underpaid, and the
backup procedures couldn't scale by nearly enough.

Some of the trouble was that many employees in, say, janitorial positions
didn't have their own computers, and not enough departmental machines were
available.  More of the trouble was the usual: the new system didn't behave
the same way as the old one did, especially when handling minor errors.

They had a backup plan: the HR department would write checks, no questions
asked, for any employee who received an inaccurate paycheck.  But there were
too many errors, and HR couldn't keep up.

  Mr. Reinke says instead of writing him a check to replace his blank
  paycheck, he was told that a change would be made in the system. He
  received his check a week later. In the meantime, he had to extend his
  overdraft protection in order to pay his $800-a-month mortgage. Hundreds
  of other employees had to wait as many as 12 days to have their paychecks
  fixed. A spokesman for the Arizona State Credit Union says that 55 people
  took out short-term loans.

  The new strategy's pain is undeniable. "Morale is the lowest it's been in
  the 14 years I've worked here," says Allan Crouch, who works in the
  university's human-resources department.

The university seems to be blaming HR, not IT.  Two HR employees have
been placed on leave.  And the IT folks?  They think the conversion was
a success:

  While unpaid employees may have been less than thrilled, school
  administrators, and consultants and software companies involved in the
  project rave about Arizona State's strategy. Oracle hailed it as a model
  for both universities and corporations to follow in a report it published
  in April 2007. In a statement, Jim McGlothlin, an Oracle vice president
  called the project "highly successful." Gary Somers, who worked on the
  project for CedarCrestone, Inc., the consulting company that helped
  implement the system, calls Arizona State's method "the wave of the

Ship first, debug later, use employees who haven't volunteered for financial
hardship as your test subjects.  Imagine the reaction of the school's
Institutional Review Board if a professor has proposed a human subjects
study with similar characteristics.

Steve Bellovin,

Redacted material still viewable

<"Ben Moore" <>>
Tue, 25 Sep 2007 01:20:58 GMT

Sometimes redacting just isn't enough! Especially if you don't know what
you're doing.

[Source: FIA blunder reveals secrets, 22 Sep 2007]

With seemingly no end to the espionage saga, it now emerges that F1's
governing body earlier this week contributed to the widespread distribution
of dozens more McLaren and Ferrari secrets.

A day before releasing the nearly 200 pages of World Motor Sport Council
transcripts to the public on Wednesday, the FIA had sent the documents to
both teams so that confidential technical and financial information could be

But when the PDF documents were initially made available on the Internet, it
soon became clear that the blackened sections could easily be revealed if
copy-pasted into another text editor.

The offending copies were quickly removed from the FIA website and replaced.

But a plethora of sensitive information, including not only technical team
and car details but private figures such as suspended McLaren chief designer
Mike Coughlan's annual salary, and the precise weight distribution of the
MP4-22 and also systems adopted by Ferrari, is therefore now widely known in
various corners of the formula one world.

The philosophy of variable brake balance systems on both the McLaren and the
Ferrari was also inadvertently revealed by the FIA, as well as details about
Ferrari's unique method of inflating its tyres, and other secrets.

We can confirm that some of those in possession of the formerly private
information have been approached by motor racing figures asking to be let in
on the secrets.

An FIA spokeswoman admits that the Paris based Federation is aware of the

She would not comment further, but the FIA confirmed last week that the
transcripts had been recorded by a professional stenographer and formatted
by an independent transcription company.

Fake blogs and search engines

<Gadi Evron <>>
Thu, 6 Sep 2007 01:06:13 -0500 (CDT)

URLs in this post should be considered as unsafe.

Fake sites and SE poisoning are nothing new. The use of blogs for this is
far from new, either. Thousands of new fake blogs pop up every day on
blogspot, livejournal, etc.

Web spam is a subject I have written about in the past, and some of you may
be familiar with it regardless of me (no kidding), especially if you run a
blog yourself.

A new fake blog which looks like blogspot, but has its own "domain",
recently popped up in a Google alert on my name.

I get hits on these fake pages all the time as my name is a key word used by
some of these spammers to grab attention to their pages.  This time around
they really over-did it.

The page has a blogspot layout, and continues with ads to pornographic sites
or malware (is there any difference anymore?).

Then the site shows the YouTube video which can be found under my name.
Following that is a post I made to a mailing list recently (poorly
formatted).  Then we have a few pictures of girls, linking once more either
to pornographic sites or malware drive-by sites (if there is a difference,

They finish the page off by adding comments, which are actually some old
securiteam posts by me.

Heck, it looks fake, but it is obvious the bad guys are investing more in
their fake web pages. Their auto-creation tools seem to be getting more
impressive, and I believe we will see much improved believable sites, soon.

Google Blog Search displays this site as (nasty words replaced with beep):

Gadi Evron
2 Sep 2007

  [Text that would certainly tag this issue as s*p*a*m deleted by PGN]


Again, I am unsure if these URLs are safe.

For those of you wondering if these web pages mean anything to the bad guys,
the answer is absolutely yes. Search engine ranking, indexing, etc. helps
them advance their own sites (or their clients'). Then of course, there is
advertising and Google ads.  It works. And the advertising space on
unrelated key words is a plus.

The concept is very similar to comment spam. Comment spam may not contribute
to SE ranking anymore due to the nofollow tag attached to links in comments,
but these get indexed and that's all the bad guys care about. Nofollow is
crap, and what shows up when you search is what matters.

As an example of how these things work, in a recent blog post of mine a
buddy left a comment (see here for
the example).

He left a URL for his legitimate Python/math/music/origami blog in his
comment, and now when you search for his blog you find my post placed in the
4th place with the title 'A Jew in a German Camp' (about the CCC Camp in
Germany). He is not pleased, but it is obvious how the bad guys abuse this,
and infect millions of computers just because their owners surf the net.

Silly "Bad Words" filter

<Reinhard Kopka <>>
Wed, 26 Sep 2007 15:31:44 +0200

On Wattflyer forum (for radio control eflight) a new filter was installed.
It turns words like 'class' into 'clrear'. A list of bad words are changed
against less offensive ones.  Even word parts! So, for example, all
occurrences of "ass" are changed into "rear".  Just think of grass, glass,
pass, embassy...

It was deactivated after less than a day. Wonder why :-)

  [Surprised that things like this keep happening?  We're not.  PGN]

29th IEEE Symposium on Security and Privacy, Oakland California

<"Cipher Editor" <>>
Tue, 18 Sep 2007 10:39:57 -0600

Oakland 2008 29th IEEE Symposium on Security and Privacy,
The Claremont Resort, Berkeley/Oakland, California, USA, May 18-21, 2008.
(Submissions due 9 November 2007)

Since 1980, the IEEE Symposium on Security and Privacy has been the premier
forum for the presentation of developments in computer security and
electronic privacy, and for bringing together researchers and practitioners
in the field.  Previously unpublished papers offering novel research
contributions in any aspect of computer security or electronic privacy are
solicited for submission to the 2008 symposium.  Papers may represent
advances in the theory, design, implementation, analysis, or empirical
evaluation of secure systems, either for general use or for specific
application domains.  The Symposium is also open to the submission of
co-located half-day or one-day workshops.  Topics of particular interest
include, but are not limited to:

- Access control and audit
- Anonymity and pseudonymity
- Application-level security
- Biometrics
- Cryptographic protocols
- Database security
- Denial of service
- Distributed systems security
- Formal methods for security
- Information flow
- Intrusion detection and prevention
- Language-based security
- Malicious code prevention
- Network security
- Operating system security
- Peer-to-peer security
- Privacy
- Risk analysis
- Secure hardware and smartcards
- Security engineering
- Security policy
- User authentication

REVIEW: Endpoint Security, by Mark S. Kadrich (Richard Austin)

<"Cipher Editor" <>>
Tue, 18 Sep 2007 10:39:57 -0600

[Excerpt from Cipher Newsletter, IEEE CIPHER, Issue 80, September 17, 2007]

Endpoint Security, by Mark S. Kadrich Addison-Wesley 2007.
ISBN 0-32-143695-4 $54.99 $29.95
Book Review By Richard Austin, 20 Jun 2007

Security professionals must face the fact that our networks are acquiring
new types of endpoints at a frightening pace.  They range from PDA's to
smartphones to network-attached printers to even network manageable power
strips.  And, unfortunately, as Kadrich is quick to point out, these devices
are all about features and functionality with little attention being focused
on securing them before they attach themselves to our networks.

His second chapter, "Why Security Fails," provides an excellent summary of
the reasons why security fails ranging from a check-the-box mentality ("if I
do this, then I will be secure") to the fact that vendors always position
themselves to stop the last threat (rather like the military is often
criticized for planning to fight the last war).

Chapter 3 presents his idea of what is missing using the surprising analogy
of the flush toilet and its control system.  He points out that we need to
approach the process of network security as a process control problem by
identifying control points (routers, VPN gateways, etc) and establish
control processes that integrate signals such as failed logon attempts, IDS
alerts, etc and business processes such as user termination, software
decommissioning and so on.  He defines (yet another) new way of diagramming
networks to reflect the control system analogy.  While we need a new network
diagramming standard like we need another compliance initiative, thinking
about the denizens of our network infrastructures from a process control
perspective is a source of useful insights.

Chapter 4 (Missing Link Discovered) introduces the proposed components of a
solution that predictably includes network access control (NAC), But Kadrich
also includes what is often the missing link in NAC decision making: host
integrity. The basic concept is that a device must demonstrate a defined
level of trustworthiness before it is allowed to join a more trusted part of
the network.  If the device cannot demonstrate integrity of its operating
system, and a valid system configuration (anti-virus, firewall rules, etc),
it will not be granted access.  Additionally he makes the important point
that the device needs to be remotely manageable so that remediation can be
performed.  For example, if a host is missing a critical patch as required
by the integrity/configuration standards, it can be automatically installed
as part of the NAC process.

The next two chapters flesh out the underlying components of the NAC process
with a discussion of network capabilities and details on how to create a
secure baseline for hosts.

In chapter 7 (Threat Vectors), the general ways an endpoint can be attacked
are presented to prepare for a more in-depth look at threats and defenses
for common software environments (Windows, OS X and Linux) in their own
chapters.  The chapter on OS X is especially recommended as security
discussions of this increasingly popular operating system are rather rare.

Chapter 11 (PDAs and Smartphones) provides a good overview of these very
common endpoints and their software (Windows Mobile, Symbian, Palm,
Blackberry and Mobile Linux).  One could have wished for more detail but
that would easily have doubled the size of the book and taken it further
afield from its focus on endpoints in general.

Chapter 12 covers the important topic of embedded devices which include
things ranging from a network-attached printer to the SCADA systems that run
railyards and power plants.  Kadrich notes that this is mainly an awareness
chapter as there are almost no tools to implement anything approaching a NAC
solution for them as yet.

The final chapter is devoted to brief case studies that illustrate the
book's concepts and how they should be applied in practice.

In summary, "Endpoint Security" is a good overall look at the problems
presented by the proliferating variety of endpoints seeking to attach to our
network infrastructures.  The presentation is concept-based which can be
frustrating when one is seeking specific guidance but it more keeps the book
from becoming mired in product details and quickly dated by their changing
features.  Practicing security professionals would be well advised to read
the advice in this book and use it in examining just where the endpoints of
their networks lie.  If you're like me, you will find a few surprises along
the way.

Richard Austin recently retired as the storage network security architect at
a Fortune 25 company and currently earns his bread and cheese as an
itinerant university instructor and security consultant.  He welcomes your
thoughts and comments at

Have you seen *Beautiful Code*? Awesome new book

<Eugene Miya <>>
Wed, 26 Sep 2007 14:20:53 -0700

%A Andy Oram
%A Greg Wilson, eds.
%T Beautiful Code
%I O'Reilly & Associates, Inc.
%C Sebastopol, CA 95472
%D 2007
%K book, text,
%X 1: Brian Kernighan, A Regular Expression Matcher
2: Karl Fogel, Subversion's Delta Editor: Interface As Ontology
3: Jon Bentley, The Most Beautiful Code I Never Wrote
4: Tim Bray, Finding Things
5: Elliotte Rusty Harold, Correct, Beautiful, Fast (in That Order):
   Lessons from Designing XML Verifiers
6: Michael Feathers, Framework for Integrated Test: Beauty Through Fragility
7: Alberto Savoia, Beautiful Tests
8: Charles Petzold, On-the-Fly Code Generation for Image Processing
9: Douglas Crockford, Top Down Operator Precedence
10: Henry S. Warren, Jr., The Quest for an Accelerated Population Count
11: Ashish Gulhati, Secure Communication: The Technology Of Freedom
12: Lincoln Stein, Growing Beautiful Code in BioPerl
13: Jim Kent, The Design of the Gene Sorter
14: Jack Dongarra and Piotr Luszczek, How Elegant Code Evolves with Hardware:
    The Case of Gaussian Elimination
15: Adam Kolawa, The Long-Term Benefits of Beautiful Design
16: Greg Kroah-Hartman, The Linux Kernel Driver Model:
    The Benefits of Working Together
17: Diomidis Spinellis, Another Level of Indirection
18: Andrew Kuchling, Python's Dictionary Implementation:
    Being All Things to All People
19: Travis E. Oliphant, Multidimensional Iterators in NumPy
20: Ronald Mak, A Highly Reliable Enterprise System for
    NASA's Mars Rover Mission
21: Rogerio Atem de Carvalho and Rafael Monnerat,
    ERP5: Designing for Maximum Adaptability
22: Bryan Cantrill, A Spoonful of Sewage
23: Jeffrey Dean and Sanjay Ghemawat, Distributed Programming with MapReduce
24: Simon Peyton Jones, Beautiful Concurrency
25: R. Kent Dybvig, Syntactic Abstraction: The syntax-case Expander
26: William R. Otte and Douglas C. Schmidt, Labor-Saving Architecture:
    An Object-Oriented Framework for Networked Software
27: Andrew Patzer, Integrating Business Partners the RESTful Way
28: Andreas Zeller, Beautiful Debugging
29: Yukihiro Matsumoto, Treating Code As an Essay
30: Arun Mehta, When a Button Is All That Connects You to the World
31: T. V. Raman, Emacspeak: The Complete Audio Desktop
32: Laura Wingerd and Christopher Seiwald, Code in Motion
33: Brian Hayes, Writing Programs for "The Book"

Software Maintenance - A Management Perspective" Phaneendranath

14 Sep 2007 15:32:37 -0700

Nearly 11 years after my Ph.D., the topic software maintenance is still hot
and demanding attention from management echelons. My thesis is now available
in electronic format published by Universal Publishers. I thought you might
be interested to check this at the link:

Find out more about "Software Maintenance - A Management Perspective" by
Vellanky, Phaneendra Nath at:

>From the abstract:

Computer systems play an important role in our society. Software drives
those systems. Massive investments of time and resources are made in
developing and implementing these systems.  Maintenance is inevitable. It is
hard and costly. Considerable resources are required to keep the systems
active and dependable. We cannot maintain software unless maintainability
characters are built into the products and processes. There is an urgent
need to reinforce software development practices based on quality and
reliability principles. Though maintenance is a mini development lifecycle,
it has its own problems. Maintenance issues need corresponding tools and
techniques to address them. Software professionals are key players in
maintenance. While development is an art and science, maintenance is a
craft. We need to develop maintenance personnel to master this craft.
Technology impact is very high in systems world today. We can no longer
conduct business in the way we did before. That calls for reengineering
systems and software. Even reengineered software needs maintenance, soon
after its implementation. We have to take business knowledge, procedures,
and data into the newly reengineered world. Software maintenance people can
play an important role in this migration process. Software technology is
moving into global and distributed networking environments. Client/server
systems and object-orientation are on their way. Massively parallel
processing systems and networking resources are changing database services
into corporate data warehouses. Software engineering environments, rapid
application development tools are changing the way we used to develop and
maintain software. Software maintenance is moving from code maintenance to
design maintenance, even onto specification maintenance. Modifications today
are made at specification level, regenerating the software components,
testing and integrating them with the system. Eventually software
maintenance has to manage the evolution and evolutionary characteristics of
software systems. Software professionals have to maintain not only the
software, but the momentum of change in systems and software.

In this study, we observe various issues, tools and techniques, and the
emerging trends in software technology with particular reference to
maintenance. We are not searching for specific solutions. We are identifying
issues and finding ways to manage them, live with them, and control their
negative impact.

>From the acknowledgments:

If software development is an art, maintenance is craft. The nature of
software maintenance and its study precludes originality. The practical
nature of the field, the vast horizons that it covers, extensive product
line - particularly hardware platforms, software, and applications, the
experience with products, the budding tools and techniques, professionals
entering almost from every other field and into various levels, makes
software maintenance a peculiar field of study. This author draws
inspiration and resources from his experience in software development and
maintenance extending many years since 1972, and various courses and
seminars attended on software maintenance, CASE Tools, Software Development

Please report problems with the web pages to the maintainer