Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Crossed wires cited in recent skidding incidents Two United A320s went off runway in recent months after wheels locked up http://www.msnbc.msn.com/id/23887919/ [For inspections of MD-80 wheel-well wiring, American Airlines canceled more than 500 flights on 8 Apr, and 1000 flights on 9 Apr. PGN]
I just discovered this problem: <http://paulschreiber.com/blog/2008/04/08/lost-in-translation/> In English, when reading numbers out loud, one often chunks the numbers into smaller groups. For example, when reading the phone number 555-1212, one would say five five five, one two one two, not five hundred fifty-five, one thousand two hundred and twelve. Similarly, one would call Interstate 280 interstate two eighty, not interstate two hundred and eighty. Toyota's Prius GPS does this. It's an example of good design—speak the language your customers speak. However, this falls apart when you switch the Prius over to French. Exit 420 becomes exit quatre (4) vingt (20). The problem? In most parts of the French-speaking world, 80 is also pronounced quatre vingts (four twenties). In this case, you have to listen to your GPS and read the screen to be sure you take the right exit.
Yet another computer related project over budget and behind schedule. [thanks to Bob Schaefer.] http://www.nextgov.com/nextgov/ng_20080403_9574.php
Donovan Slack, *The Boston Globe*, 6 Apr 2008 City complaint line lags; Despite Menino's vow, a system to track citizen calls is still years away When Boston officials rolled out their ambitious plans for a citizen complaint tracking system like the ones that are commonplace in cities across the country, Mayor Thomas M. Menino announced, "The city's changing, and my administration has to change, too." Nearly two years later, the administration has not changed much, leaving Boston far behind other cities such as New York, Chicago, Baltimore, and even Somerville and Hartford - and leaving untold numbers of citizen complaints by the wayside. City officials have spent $2 million. They've hired outside consultants. They've bought furniture and telephones for a complaint call center in City Hall, and painted the room a pale shade of blue. But senior officials say it could be nearly two more years and $2 million more before the administration has a citywide system to keep track of residents' complaints about everything from burned out street lights to missed trash pickups. ... http://www.boston.com/news/local/articles/2008/04/06/city_complaint_line_lags/
from the school's website of Evansville, Indiana
"... The Evansville Vanderburgh School Corporation recently experienced a
hardware malfunction with its AS400 computer server resulting in a loss of
student grades...
" Following scheduled maintenance on March 27, 2008, disk errors occurred.
After working with IBM engineers around the clock to mitigate data loss, the
engineers determined that due to an unfortunate and very rare combination of
hardware problems and backup configuration settings, all student grade book
assignment data for the current grading period is no longer in the
system. Harrison, North and Bosse High Schools and Harwood Middle School -
all on the six-week grading period - lost four weeks of individual
assignment grades that had been posted."
rest: http://www.evscschools.com/
[Also noted by Jim Reisert.
http://news.yahoo.com/s/ap/20080401/ap_on_re_us/grades_gone_1
PGN]
> Read the descriptions of the products. > ... they are in fact crafted by taking a genuine English description (from > a manufacturer's site, perhaps?) and then applying a randomized > thesaurus-based word replacement algorithm. My guess is that the changes are designed to make each page look different, so as to avoid being marked down for having many similar pages. martin@gkc.org.uk http://www.cse.dmu.ac.uk/~mward/ G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/
Yesterday I received an invitation from TaxCalc to purchase the new 2008 version [for those in the US, the UK tax year starts April 6th]: "We are delighted to inform you that TaxCalc 2008 is available for immediate download." It goes on: "Go to <http://response.pure360.com/_act/link.php?mId=A833682651665220042396&tId=7258777>www.taxcalc.com to order now." plus assorted other links where the URL is not actually the same as the supplied text. Which to me looks like a phishing attempt more than anything else. It seems though that pure360.com is a marketing organization that handles this sort of thing for a number of companies and the mail is in fact genuine. I'm guessing that if I click through the link [I'm not going to!] I will end up at taxcalc.com eventually, but why do they even do this? Why not just put up the real URL if I am going to end up there anyway? I sent a mail to pure360 CC'ing the taxcalc sales team, and to their credit they (taxcalc) gave me a call within the hour, although I didn't get the impression they were going to do anything about it. The call was clever/disturbing as well - I never gave my number out in my mail, and I used a different mail address from the one I have registered with them; they must have deduced who I was from the "phish"-link and looked up my number in their records. Now I am really paranoid. The link above clearly identifies me individually, am I giving out something to RISKS that puts me at even more RISK?! .... so I click through the link and end up at a taxcalc login page. Clearly some form of sanity has prevailed. The RISK, as always, is how can we expect to educate the public when reputable companies do things like this. Maybe they need to look at some basic material such as Dr Seuss' Internet guide - "One phish, two phish - red phish, blue phish" ...
Apparently the Nissan Corp. has ruined the fun of aftermarket tuners on the latest GT-R high performance street sportscar in Japan. The ECU is set on a hair trigger and balks at many aftermarket performance upgrades as well as non-factory installed tires and wheels through the run-flat detectors. But more ominously, the onboard navigation system watches your speed via GPS and recognizes popular racetrack locations. You must scroll through a series of menus and agree to disable the 180kph (111mph) speed limiter. Then after thrashing it on the track, you must take it for a $1000 Nissan High Performance Center safety check or the warranty is void. Big Brother is your co-pilot.
BKSCDTVS.RVW 20071124
"Security Data Visualization", Greg Conti, 2007, 978-1-59327-143-5,
U$49.95/C$59.95
%A Greg Conti www.gregconti.com
%C 555 De Haro Street, Suite 250, San Francisco, CA 94107
%D 2007
%G 978-1-59327-143-5 1-59327-143-3
%I No Starch Press
%O U$49.95/C$59.95 415-863-9900 fax 415-863-9950 info@nostarch.com
%O http://www.amazon.com/exec/obidos/ASIN/1593271433/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1593271433/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/1593271433/robsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 244 p.
%T "Security Data Visualization: Graphical Techniques for Network
Analysis"
Data visualization is very valuable. It is, however, difficult to
perform properly in many situations: interpretation of data into
graphics can be extremely useful, but it is often difficult to
determine how best to present the information, and in the same way
that proper visualization can be tremendously helpful, the wrong
choice can be terrifically misleading. Conti somewhat avoids this
issue in the introduction, since all he claims for the book is
inspiration.
Chapter one provides a number of data visualization and user interface
examples. Some simple data visualization experiments in chapter two show a
few interesting ideas that can be explored with text and simple graphics
files, as well as comparative images as simple processing is pursued. The
port scan data displays suggested in chapter three don't seem to work quite
as well. Similarly, chapter four looks at vulnerability scanning, but the
recommendations presented don't appear to add much of value in displaying
the data. Slightly better results seem to be obtained using real Internet
data in chapter five, since some notion of the implications of the
information can be taken from the illustrations. Chapter six contains a
number of examples of impressive visualization of security data, but there
is limited discussion as to how to determine the best means of displaying
data of different types. The aspects of creation of visualizations, for
firewall logs, is dealt with in chapter seven, and with IDS (Intrusion
Detection System) data in eight. Chapter nine discusses ways of attacking
visualizations, usually by injecting spurious data. General principles for
building visualization systems are in chapter ten. Chapter eleven turns to
areas for additional research on the topic in the future. Chapter twelve
lists references and resources.
The book is pretty, and it may provide inspiration. However, it
probably won't provide an awful lot of assistance in getting your data
effectively visualized.
copyright Robert M. Slade, 2007 BKSCDTVS.RVW 20071124
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
http://victoria.tc.ca/techrev/rms.htm
Please report problems with the web pages to the maintainer