Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Due to "a corrupted computer file", a New Year's fireworks show in Seattle had to be set off manually. Not only did that mean that the technicians had to *press all the buttons themselves*, but the display was *not properly synchronized* with the music that accompanied it! What a horrible fiasco! Oh the humanity! http://seattletimes.nwsource.com/html/localnews/2004102891_spaceneedle02m.html [I suppose Manual-ed Fire could have been accompanied by Manuel De Falla. I defy-ya' to play Noches en los jardines de Seattle as accompaniment. On the other hand, if the manual operation had misfired, they might have been sheepless in Seattle. PGN]
The FAA has issued "special conditions" for certification of the Boeing 787. (mirrored at http://cryptome.org/faa010208.htm). In part, these state: "Novel or Unusual Design Features The digital systems architecture for the 787 consists of several networks connected by electronics and embedded software. This proposed network architecture is used for a diverse set of functions, including the following: 1. Flight-safety-related control and navigation and required systems (Aircraft Control Domain). 2. Airline business and administrative support (Airline Information Domain). 3. Passenger entertainment, information, and Internet services (Passenger Information and Entertainment Domain). The proposed architecture of the 787 is different from that of existing production (and retrofitted) airplanes. It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight critical functions. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. Therefore, special conditions are imposed to ensure that security, integrity, and availability of the aircraft systems and data networks are not compromised by certain wired or wireless electronic connections between airplane data buses and networks." According the the story in Wired (http://www.wired.com/politics/security/news/2008/01/dreamliner_security) "Boeing spokeswoman Lori Gunter said the wording of the FAA document is misleading, and that the plane's networks don't completely connect. Gunter wouldn't go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as "air gaps," and software firewalls. Gunter also mentioned other technical solutions, which she said are proprietary and didn't want to discuss in public. "There are places where the networks are not touching, and there are places where they are," she said. Gunter added that although data can pass between the networks, "there are protections in place" to ensure that the passenger Internet service doesn't access the maintenance data or the navigation system "under any circumstance." She said the safeguards protect the critical networks from unauthorized access, but the company still needs to conduct lab and in-flight testing to ensure that they work. This will occur in March when the first Dreamliner is ready for a test flight." So that's all right, then. After all, no security problem has ever shown up after testing, has it? [The planned test flight should be interesting. Where can you get a plane-load of suicide hackers at short notice? MT] [This risk also spotted by Edwin Slonim http://www.avweb.com/eletter/archives/avflash/1028-full.html#196896 and Ric Steinberger. PGN]
The government has dragged its feet in releasing the final details about its Pass Card technology, and now they dump it into the Federal Register on the last day of the year. The government has decided to go with a technology that is more suited to tracking inventory and can be read from up to 20 feet away. Govt. officials counter by saying privacy protections will be built into the cards. Passport cards for Americans who travel to Canada, Mexico, Bermuda and the Caribbean will be equipped with technology that allows information on the card to be read from a distance. The technology was approved on 30 Dec 2007 by the U.S. State Department. Privacy advocates were quick to criticize the Department for not doing more to protect information on the card, which can be used by U.S. citizens instead of a passport when traveling to other countries in the western hemisphere. The technology would allow the cards to be read from up to 20 feet away. The technology is "inherently insecure and poses threats to personal privacy, including identity theft," said Ari Schwartz of the Center for Democracy and Technology. [Source: Eileen Sullivan, Passport card technology criticized, Associated Press; from the Ft. Worth Star-Telegram; PGN-ed] http://www.star-telegram.com/464/story/384245.html
Interesting Chip-and-PIN article by the Guardian here: http://www.guardian.co.uk/technology/2008/jan/03/hitechcrime.news [Purveyors and law enforcement folks say crime is down. The article says maybe not. (Starkly PGN-ed)]
[From David Farber's IP group] Summary: if you know someone's name, address and phone number, you can retrieve their purchase history from Sears' web site. http://www.benedelman.org/news/010408-1.html This is an interesting follow-on to the recent discovery that Sears is pushing spyware: http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-join-the-community-get-spyware.aspx http://www.benedelman.org/news/010108-1.html
Consumers of Internet pornography who secretly signed up for memberships on adult-oriented Web sites in the past few months may be in for a shock -- some of their personal information, including e-mail addresses, may have been compromised by a security breach. .... The breach has raised serious alarm in the world of adult-oriented Web sites, with many concerned about the effect on customers if they learn that their most secret transactions are not so secret after all. [Source: *The Washington Post, 3 Jan 2008] http://www.washingtonpost.com/wp-dyn/content/article/2008/01/03/AR2008010303549_pf.html [This gives new meaning to "Porn site exposes ... PGN]
Thieves stole laptop computers containing the names and social security numbers of every registered voter in the city from election commission offices over the Christmas holiday. The computers also contain voters' addresses and phone numbers. [Associated Press, 28 Dec 2007] [In David Farber's IP, Brad Malin noted an article by Michael Cass in the *Tennesseean*, 3 Jan 2008. The building had weekend 12-hour periods without guards, and had no alarms or video surveillance. PGN] http://www.tennessean.com/apps/pbcs.dll/article?AID=/20080103/NEWS0202/801030369
A nicely articulate Blog piece of *The New York Times* about TSA-screening absurdities drew the usual litany of wry anecdotes and complaints, but this one stood out for its peerless irony value: http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/index.html #61. 29 Dec 2007 About two years after 9/11 I was selected at random by a TSA agent for additional security screening at an airport checkpoint. I was asked to remove my hat, shoes, belt, and jacket, after which I was told to spread my arms and legs for electronic "wanding". When I asked why I had been chosen for the extra attention, two more agents quickly appeared, and their unsmiling faces emphasized that airport security was, indeed, very serious business. "We need to be sure you don't have anything you can use to take control of an aircraft", the screener told me. I will never forget the absurdity of his words. You see, I was, in fact, about to take control of an aircraft, an Airbus A320 to be precise, and fly it up the Potomac River to LaGuardia. That's what airline Captains like me get paid to do. That's why I had showed up at the airport in full uniform, properly credentialed and ready to go. Security was then, and remains now, largely a sham. It's all about politics and the appearance of vigilance. It's about collecting pocket knives from forgetful, but otherwise law-abiding people. We have been lead to believe that we now have the best secured aviation system in the world. And if success is measured with flow-charts, color codes, and administrative name changes, maybe we do. In truth, we have all been let down by the very people in charge. They would have us believe that they are actually addressing security issues, when in fact they are doing little more than staging public relations theater. Posted by Rick Reahr Plus ša change.... My father, Pan Am Captain Arthur Moen always marveled at the foolishness of taking pocket knives from airline pilots, and tried fruitlessly for decades to get the airlines and FAA to install intrusion-resistant cabin doors, something they did only three decades after his death (by defective jet).
[Henry sent me a photo that he might have taken himself. PGN] The console display says "check engine" & "no malfunction" at the same time! Dueling messages! It is supposed to say "check engine" & "1 malfunction", if "check engine" is the only malfunction being reported. BTW, my ever-lying Verizon DSL line finally got fixed after replacing about 4 bad splices. (The computer kept calling me to tell me that the malfunction in my phone line had been fixed, but since it hadn't, the good news rolled over into voice mail!) I think that the old-style POTS phone system is now in its state of "graceful decline", and will join the hand-cranked phone on the dustbin of history within 15 years.
On Sunday 16 Dec 2007, I ran Quickbooks 2006 on my Mac. I got an error that said there was not enough room to download an update, that it needed 100 bytes (!). I thought it was likely a bad error message because I do not normally use an account that has administrator access, so it probably was unprepared for some protection violation and gave a bad error message. I logged in as admin to try to get the updated but got the same error. I checked the Inuit Quickbooks web site and found that I already had the latest version available. When I logged back into my regular account, I discovered my desktop was empty, that the folders and files had disappeared. Using a shell I saw that the Desktop directory was now a regular file with 0 bytes. After some disk integrity checks and cleanup that failed to pinpoint a problem, I later ran Quickbooks again and realized that my Desktop had ben trashed again. Searching online, I discovered a number of Quickbooks Mac users had been similarly afflicted. By 9am PST Monday morning, Intuit had corrected the problem on their server. Unfortunately, this was after a large number of users had lost files. A representative from the company called to collect information about my situation and explained that it had been a scripting problem in the server, which incorrectly deleted user information after no update had been found. I was surprised that I never saw anything about it in mainstream press. Here are some links about the issue from the Quickbooks community web site. More is available by googling "Quickbooks deletes desktop". http://quickbooksgroup.com/webx/forums/mac/1917 http://quickbooksgroup.com/webx/forums/mac/1907
In a move to prevent lithium battery fires on commercial aircraft, U.S. airline passengers will no longer be able to pack loose lithium batteries in checked luggage beginning 1 Jan 2008 once new federal safety rules take effect. The new regulation, designed to reduce the risk of lithium battery fires, will continue to allow lithium batteries in checked baggage if they are installed in electronic devices, or in carry-on baggage if stored in plastic bags. Common consumer electronics such as travel cameras, cell phones, and most laptop computers are still allowed in carry-on and checked luggage. However, the rule limits individuals to bringing only two extended-life spare rechargeable lithium batteries, such as laptop and professional audio/video/camera equipment lithium batteries in carry-on baggage - but none in checked baggage. Entire press release here: http://tinyurl.com/29fnue Peter Gregory, CISA, CISSP | email@example.com | www.isecbooks.com Skypeid peterhgregory | Join InfraGard
> Who would have thought a tunnel would be subject to a computer > failure? ... Too many eggs in one basket... Sometimes you only have one basket... I worked on SCADA software that runs in quite a few tunnels in Europe. A modern tunnel is a complex system where the subsystems are connected in ways that require to be controlled by a (logically) single computer system. E.g. a fire event starts a sequence where everything is involved - sensors spot the gases, signs switch to red on the entry, fans switch to a mode sucking out the smoke, staff is alerted etc. Everything has to be logged (preferably tamper-resistantly) so that there is evidence what happened and how the staff reacted. Surely the lower level systems will go to sane failsafe values in the case of problems, but nobody will risk to operate such system in full traffic with major subsystems disabled. This application is normally redundant so there is no hardware single point of failure, but this of course does not guard against programming errors, inadequate testing an other things well-known to the RISKS reader. Tunnel retrofitting is not an easy task, normally much worse than building one from scratch - the main problem is that you have to interface things you are probably not familiar with that are given and the number of interfaces explodes. And let me tell you, when there was a real fire in a tunnel controlled by our software, we were very relieved that everything worked as expected. One is never sure that the tests caught everything...
Reading the various satnav articles (Shapir, RISKS-24.91, Jacobson, RISKS-24.92) reminds me of my own favorite satnav folly. My 2007 Prius has a satnav. Recently, I tried to navigate from Boulder, Colorado to Sunspot, New Mexico (Google directions: "http://tinyurl.com/ywwbvz ") for an observing run at the National Solar Observatory. The nav system found Sunspot OK, and the onscreen map showed the dedicated state highway (NM 6563) but asserted that there was no route there from here. Likewise, once I was at the observatory, the system wouldn't let me navigate to practically anywhere else in the U.S.! I played with it a bit and found the key—force it to route through the nearby town of Cloudcroft. I believe Toyota's nav system uses a regress-to-the-nearest-highway algorithm, which fails spectacularly for Sunspot: the nearest U.S. highway (US54) is only about 7 horizontal miles away at closest approach, but nearly a mile down in altitude. To get to the observatory you have to take a much longer, windier route through Cloudcroft—it's nearly 40 miles (as the car winds) from the closest approach point. Google Maps finds the route perfectly.
It's a little troubling to me that none of the articles that seem very popular lately on "how dangerous it can be to depend entirely on your satellite navigator" make clear the point that GPS is very susceptible to in-band jamming (either accidental or deliberate) and that it is steadily becoming a single point of failure for private transport, commercial transport, and the emergency services. Navigation systems based on the known location of cell-phone transmitters would be more resilient.
A friend of my father's drives a taxi for a living, and recently fitted a satnav to it. Now, whenever a customer gets in, he offers them a choice - do they want to go by the satnav's directions, or by his idea of the best route? Most people opt for the satnav. This makes him happy; he has been driving for years and knows all the tricks for getting around town, whereas the satnav - following its own idea of "best" - tends to get stuck in jams (with the meter running, of course). "Best" route for him, perhaps, not for his customers? Reportedly the satnav paid for itself within a few weeks!
On 18 Nov 2007, noted computer pioneer James P. Anderson, Jr., died at his home in Pennsylvania. Jim, 77, had finally retired in August. Jim, born in Easton, Pennsylvania, graduated from Penn State with a degree in Meteorology. From 1953 to 1956 he served in the U.S. Navy as a Gunnery Officer and later as a Radio Officer. This later service sparked his initial interest in cryptography and information security. Jim was unaware in 1956, when he took his first job at Univac Corporation, that his career in computers had begun. Hired by John Mauchly to program meteorological data, Dr. Mauchly soon became a family friend and mentor. In 1959, Jim went to Burroughs Corporation as manager of the Advanced Systems Technology Department in the Research Division, where he explored issues of compilation, parallel computing, and computer security. While there, he conceived of and was one of the patent holders of one of the first multiprocessor systems, the D-825. After being manager of Systems Development at Auerbach Corporation from 1964 to 1966, Jim formed an independent consulting firm, James P. Anderson Company, which he maintained until his retirement. Jim's contributions to information security involved both the abstract and the practical. He is generally credited with the invention and explication of the reference monitor (in 1972) and audit trail-based intrusion detection (in 1980). He was involved in many broad studies in information security needs and vulnerabilities. This included participation on the 1968 Defense Science Board Task Force on Computer Security that produced the "Ware Report", defining the technical challenges of computer security. He was then the deputy chair and editor of a follow-on report to the U.S. Air Force in 1972. That report, widely known as "The Anderson Report", defined the research agenda in information security for well over a decade. Jim was also deeply involved in the development of a number of other seminal standards, policies and over 200 reports including BLACKER, the TCSEC (aka "The Orange Book"), TNI, and other documents in "The Rainbow Series". Jim consulted for major corporations and government agencies, conducting reviews of security policy and practice. He had long- standing consulting arrangements with computer companies, defense and intelligence agencies and telecommunication firms. He was a mentor and advisor to many in the community who went on to prominence in the field of cyber security. Jim is well remembered for his very practical and straightforward analyses, especially in his insights about how operational security lapses could negate strong computing safeguards, and about the poor quality design and coding of most software products. Jim eschewed public recognition of his many accomplishments, preferring that his work speak for itself. His accomplishments have long been known within the community, and in 1990 he was honored with the NIST/NCSC (NSA) National Computer Systems Security Award, generally considered the most prestigious award in the field. In his acceptance remarks Jim observed that success in computer security design would be when its results were used with equal ease and confidence by average people as well as security professionals - a state we have yet to achieve. Jim had broad interests, deep concerns, great insight and a rare willingness to operate out of the spotlight. His sense of humor and patience with those earnestly seeking knowledge were greatly admired, as were his candid responses to the clueless and self-important. With the passing of Jim Anderson the community has lost a friend, mentor and colleague, and the field of cyber security has lost one of its founding fathers. Jim is survived by his wife, Patty, his son Jay, daughter Beth and three grandchildren. In lieu of other recognition, people may make donations to their favorite charities in memory of Jim.
Please report problems with the web pages to the maintainer