Forum on Risks to the Public in Computers and Related Systems
Volume 25: Issue 35
Monday 22 September 2008
- Sydney road tunnel closed by computer 'glitch'
- John Colville
- DC Primary votes don't add up... even with a fudge factor
- David Lesher
- Hurricane Ike
- Les Denham
- Hacker claims Palin e-mail hacked via password reset
- Rob McCool
- Re: Wall Street; where nothing can go worng wrogn wrgno....
- Martin Ward
- Re: Risks of financial systems too complex ,,,
- Jim Horning
- Re: Risks of not using check digits
- Erling Kristiansen
Paul van Keep
- Re: capability creep on red-light cameras
- Paul Wallich
- Info on RISKS (comp.risks)
The M5 East tunnel is a 4-km tunnel on a major motorway leading into Sydney. On 22 Sep 2008 the tunnel was closed for 2 3/4 hours starting at about 0900, due to the failure of a backup computer. It caused serious disruption to traffic in that area of Sydney. "... the tunnel had to be closed to traffic because its safety equipment was disabled when the computer system was down." [``It is the sixth time the $800 million project has been shut since it opened in late 2001.'' Previous failures included a different "computer glitch" in Feb 2002; lighting systems failed 11 months later; a "combined power failure" occurred in Mar 2004; the CCTV system failed in Dec 2004; and another computer crash caused as five-hour closure on 25 Jun 2008. PGN] The company which operates the tunnel has now agreed to a have a staff member on duty at all times. http://www.smh.com.au/news/national/oh-baby-m5-tunnel-takes-its-toll/2008/09/22/1221935513625.html?page=fullpage#contentSwap1 John Colville, Faculty of Engineering & IT; University of Technology, Sydney Honorary Associate + 61 2 9514 1854 email@example.com
Nikita Stewart and Elissa Silverman, *The Washington Post*, 22 Sep 2008; B01 <http://www.washingtonpost.com/wp-dyn/content/article/2008/09/21/AR2008092102344_pf.html> As District officials continue to investigate errors in the early vote tallies from the Sept. 9 primary, one number stands out: 1,542. That number appeared in the category for "overvotes" in 13 separate races when the D.C. Board of Elections and Ethics released early results on election night. But those votes inexplicably vanished shortly after midnight, when officials posted what they identified as corrected results. ... The elections board initially blamed the discrepancies on a single defective computer memory cartridge at the Precinct 141 polling site on U Street NW in the Dupont Circle area. Sequoia has said the cartridge was not defective and suggested that tabulation errors might have been triggered by workers or by a static or electrical discharge. [The article goes on about problems within Board, including the fact the CTO does not have a claimed BS degree, and the ExDir's departure.] Static discharge? At least they are not saying swamp gas was to blame. [I was going to reference this to a past voting Risks post, but there are so many to choose from...]
Along with about 4 million other residents of this area, I experienced Ike ten days ago. And am still experiencing it. Many of the problems are computer related. The first problem was that my home DSL service stopped when Ike was still 200 miles away (Friday evening). I suspect that my phone service stopped about the same time. Shortly afterwards, my electricity stopped. On Saturday afternoon, after the winds died down, I found I had phone service, but still no electricity. I tried to get my DSL working by plugging the DSL modem into a UPS which still had some charge, but that didn't work. A little later, the phone service stopped working. And the cell phone service. Next morning, I tried the phone, and it worked. Later in the day, when the electricity came on, I tried my DSL, and it worked. In my email, I found a message from my ISP apologizing for the interruption in service: the co-location site had the backup generator for the servers function correctly, but the backup generator for the air conditioning failed to start. Of course, this did not matter to me, because at the time I had neither power, nor internet, nor phone. By evening, the phone and the internet had stopped working again, but I had found that by walking about a mile from the house I could get a cell phone signal. On one of these walks I saw an AT&T truck and flagged the driver down. I asked what the problem was: we had power, and damage in my subdivision was minimal. He explained that each subdivision had a remote unit or subexchange with its own battery backup, which was charged from the exchange -- and the exchange was still running on backup generators, which did not have enough reserve to power all the subexchanges. By Monday afternoon, AT&T had their act together, and I had a landline, DSL, and cell phone signal. For me, the most significant point of failure appeared to be that AT&T has engineered their backup power supplies to only cope with about twelve hours of power failure. With hurricane Ike, we had over 90% failure of electricity supply to the fourth largest city in the U.S.A. The first repairs were not completed for about 24 hours; it was a week before 50% of power was restored; and ten days later we still have over 30% of electricity customers without power. Les Denham, Vice President, Interactive Interpretation & Training, Inc. 1500 Citywest, Suite 800, Houston, TX 77042, U.S.A. 1-713.840.3326
http://blog.wired.com/27bstroke6/2008/09/palin-e-mail-ha.html This blog entry refers to an anonymous hacker who claims to have been the one behind the widely publicized breach of VP candidate Sarah Palin's Yahoo e-mail account. The interesting part is that the claimed attack was not based on a weak password, but instead based on a weak password-reset mechanism. The hacker claimed that with a few searches in Google and some information (Palin's birthday) from Wikipedia, along with some guesses of phrasing, he was able to gain access to her email account.
A lot of the comments in RISKS-25.34 seem to imply that the people running the financial firms were stupid and/or careless in not doing a correct risk analysis. These people are not stupid or careless, merely greedy, unscrupulous and irresponsible. They did a careful risk analysis all right, and then made the decision to deliberately feed false information into the computer models and deliberately create massively complex financial instruments. Their risk analysis looked like this: Success: My company hands off the package before it blows up. My company makes a massive profit and I end up fabulously wealthy. (Other companies make massive losses and have to be bailed out by the government, but that is incidental). Failure: My company ends up holding the package when it blows up. My company makes a massive loss and ends up having to be bailed out by the government. I end up extremely wealthy. After careful consideration of all the risks and benefits, I decide to go ahead! In an ideal world, the risk analysis would look like this: Success: My company hands off the package before it blows up. My company makes a massive profit and I become fabulously wealthy. Other companies make massive losses and have to be bailed out by the government. My company, and all the others, gets investigated and I end up bankrupt and jailed for many years. Failure: My company ends up holding the package when it blows up. My company makes a massive loss and ends up having to be bailed out by the government. I become extremely wealthy. My company, and all the others, gets investigated and I end up bankrupt and jailed for many years. Quote: "There was a willful designing of the systems to measure the risks in a certain way that would not necessarily pick up all the right risks" If an engineer, for personal gain, willfully designed (say) a sewage monitoring system so that it did not pick up the right risks, and as a result thousands of homes were flooded with sewage and destroyed, that engineer would (I hope) end up in jail. But in the financial world, people can get away with doing much more damage, for personal gain, with no personal risk to themselves. firstname.lastname@example.org http://www.cse.dmu.ac.uk/~mward/ G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/
Re: Risks of financial systems too complex ,,, (Smith, RISKS-25.34)<"Jim Horning" <email@example.com>> Sun, 21 Sep 2008 23:27:33 -0700
I thoroughly agree with Daniel's main point, but let's not blame computers too much. This is the result of financial creativity driven by greed, both of which have been around for quite a bit longer than computers. Many of the securities at the heart of the 1929 market crash were very nearly as complex as those you describe. See, for example, John Kenneth Galbraith's insightful 1955 book, The Great Crash 1929 (http://www.amazon.com/Great-Crash-1929-Kenneth-Galbraith/dp/0395859999/). An ironic side note is the role of Goldman Sachs in some of the most highly-leveraged creations. [And PLEASE read Jim's very insightful blog all the way to the end: http://horning.blogspot.com/2008/09/economy-is-fundamentally-sound.html PGN]
Re: Risks of not using check digits (Re: Douglass, RISKS-25.34)<Erling Kristiansen <firstname.lastname@example.org>> Mon, 22 Sep 2008 20:13:48 +0200
It is not correct that Dutch bank account numbers do not use check digits. I have an account with ABN-AMRO, and I just did the check: I changed one digit of an otherwise correct number. (I was prepared to accept the risk of sending 1 cent to the wrong recipient.) The transaction was rejected by the on-line banking service. According to one source I found (in Dutch): http://cgi.dit.nl/bank.cgi the check is that a specified weighted sum of the 9 digits must be divisible by 11. There is one exception: The Postbank. Postbank account numbers don't even have a fixed length, very short (3-4 digits) numbers typically being given to major charities and other high-profile customers. There is no intrinsic check of validity, as far as I know. The Postbank is supposed to check the name of the recipient, but I have positive evidence that this does not always happen, even for a rather large transaction.
Re: Risks of not using check digits (Re: Douglass, R 25.34)<Paul van Keep <email@example.com>> Mon, 22 Sep 2008 14:16:03 +0200
... The 9-(and 10-)number system has an 11-test that ensures a sparse usage of the available number space. The formula is pretty simple: The total of 9 times digit1 plus 8 times digit2 etc. should be divisible by 11. The account number 123456789 for instance is a valid number. [Note: Paul's formulation of the formula is for the nine-digit number system, where digit9 is the unit's digit. The extension to ten digits is more obvious with the equivalent mathematical formula given on the wiki below, using the sum from i=0 (to N=9 or 10) of the ith digit times i+1, where the right-most digit is the i=0th digit. (Elf is 11 in Dutch, and does not imply a mischievous creature carrying out the arithmetic.) PGN] See the Dutch Wikipedia entry for a more complete description: http://nl.wikipedia.org/wiki/Elfproef
Re: Capability creep on red-light cameras (Ashworth, RISKS-25.34)<Paul Wallich <firstname.lastname@example.org>> Sun, 21 Sep 2008 20:45:38 -0400
> Jay R. Ashworth" <email@example.com> writes: > And remember: if that database exists, your wife's divorce attorney will be > able to subpoena it. If that were the only problem. If that database exists, your employer, your employer's competitors and the stores you shop at will be buying soft-realtime access to it.
Report problems with the web pages to the maintainer