[Brings back memories of the early A320 accidents caused in part by a stubborn fly-by-wire system... -p] Investigator: Computer likely caused Qantas plunge Rod McGuirk, Associated Press, 14 Oct 2008 A faulty computer unit likely caused a Qantas jetliner to experience two terrifying midair plunges within minutes last week. More than 40 people were injured when the Airbus A330-300 briefly nose-dived twice during a flight from Singapore to the western Australian city of Perth last Tuesday. Julian Walsh, chief air investigator at the Australian Transport Safety Bureau, said an initial investigation indicated the cause was a computer unit that detects through sensors the angle of the plane against the airstream. He said one of the plane's three such units malfunctioned and sent the wrong data to the main flight computers. The flight data recorder indicated the plane, carrying 303 passengers and 10 crew, climbed about 200 feet from its cruising level of 37,000 feet and then went into a nose-dive, dropping about 650 feet in 20 seconds, before returning to cruising level, the safety bureau said last week. The sharp drop was quickly followed by a second of about 400 feet in 16 seconds. [The Air Data Inertial Reference Unit (ADIRU) was sending "erroneous, spike" data to the Flight Control Primary Computers ("PRIM", comparable to the A320's ELACs), which event disconnected the autopilot. A short while later the ADIRU sent "very high, random, incorrect" values to the PRIM, causing a pitch-down command. The same occurred again another short while later. See the ASTB press release: http://www.atsb.gov.au/newsroom/2008/release/2008_43.aspx Incidentally, early suspicions centered on air turbulence, which were incorrect. I have disregarded many of the earlier postings from RISKS readers, but thank you for them. PGN] The problem is the latest in a series of malfunctions and near-misses for Australia's flagship carrier in recent weeks. Australian authorities are still investigating an explosion aboard a Qantas 747-400 aircraft carrying 365 people over the South China Sea in July that ripped a hole in the fuselage. That explosion caused rapid loss of pressure in the passenger cabin but no one was injured. Walsh said the French manufacturer Airbus had notified all operators of A330 and A340 aircraft, which are equipped with the same sensors, about how crews should respond to such a malfunction. But aircraft are unlikely to be grounded over a malfunction that had never happened before, he said. "It is probably unlikely that there will be a recurrence, but obviously we won't dismiss that," Walsh told reporters, saying they would investigate the problem further. The faulty unit will be sent to the U.S. component manufacturer for testing, he said. A report on the accident is to be released next month. Qantas said the preliminary findings showed that the fault lay with the manufacturer rather than the airline. "This is clearly a manufacturer's issue and we will comply with the manufacturer's advice," the airline said in a statement. http://sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/10/14/international/i053943D69.DTL
The ATSB report raises a few questions: (http://www.atsb.gov.au/newsroom/2008/release/2008_43.aspx) * Why wasn't the fault in ADIRU 1 screened out by comparison with the other two ADIRUs? * Why were "spikes" treated as valid input by the primary flight computers? * Was the possibility of erroneous input to the primary flight computers from the ADIRU considered in the hazard analysis? If so, with what result? If not, why not? The pilots deserve credit for their prompt recovery. Martyn Thomas CBE FREng http://www.thomas-associates.co.uk
[Bob Charette's item amplifies what was summarized in Paul Saffo's item in RISKS-25.19, and is included here for archival purposes. Bob is a well-known authority on risk analysis, but has not been a regular RISKS contributor. PGN] Bad Data into Computers Caused B-2 Crash Posted to *IEEE Spectrum* online by Robert Charette on June 9, 2008 5:00 AM The US Air Force reported that the February crash on take-off of the $1.4 billion B-2 stealth bomber called the Spirit of Kansas was caused by moisture interfering with the operations of 3 of the aircraft's 24 air pressure sensors. The sensors were all on the port side of the aircraft. The moisture problem was found to skew the data being fed into the aircraft's flight control computers. According to news reports, "The aircraft crew believed the bomber had reached the takeoff speed of 140 knots when in reality it was traveling ten knots slower and rotated for takeoff. The misfunction also meant that the sensors showed the plane to be in a nose down position, causing it to command a high level of pitch, around 30 degrees. This, combined with the low takeoff speed, caused the aircraft to stall and veer to the left." The pilot and co-pilot ejected successfully, although the co-pilot was hurt. What the Air Force noted was that the crash could have prevented by more effective risk communications. Again, according to the story, "The vulnerability of the sensors to moisture was first detected by air crews and maintenance staff in 2006, at which time it was discovered that turning on the 500 degree pitot heat prior to sensor calibration would evaporate the water and cause a return to normal readings. However, this was never formally noted and so the pilots of the aircraft were unaware of the potential problem or its solution." In fact, another B-2 had to abort a takeoff at the same base because of the same problem apparently last year, but the pilots of the B-2 that crashed hadn't been briefed about it. On a personal side, the B-2 belong to the 509th bomb wing, my old outfit. I was an avionics tech back in the early 1970s, and I find it strange that the problems with the sensors were not logged, nor that when an abort happened, the causes were not formally briefed. I also find it interesting that the information about heating the pitot at the very least wasn't informally spread among the very small B-2 pilot community. If memory serves me correctly, the problem back when I was in the Air Force was that pilots complained about everything - even if a system worked as designed but didn't work the way they wanted it to - on their aircraft during after-flight debriefs, which were all noted, filed, cataloged and analyzed. No issue was too small not to make note of.
Jon Hilkevitch, *Chicago Tribune*, 1 Oct 2008 Improvement in train-control mechanisms on the corridor through Illinois to St. Louis will give Amtrak engineers precise information in the locomotive cab that reinforces what the signals along the tracks are saying and indicates track conditions ahead. For instance, sensors indicating that gates and warning lights are operating properly at railroad crossings and no vehicles are blocking the tracks will enable approaching trains to maintain top speeds through the crossings, officials said. The system is considered fail-safe, even at high speeds. If an engineer violates the signals, the system will stop the train. The new signal system is being installed on about 25 miles of track, from Joliet to Mazonia, to improve the safety and reliability of passenger service, according to the Federal Railroad Administration. The improved technology will also boost train speeds from 79 m.p.h. to 110 mph on sections of 118 miles of track between Mazonia and Ridgely, near Springfield. [And we know this fail-safe system is implemented by computers, of course, so we all feel reassured that Nothing Can Go Wrong.] Full article at: http://www.chicagotribune.com/news/local/chi-amtrak-funding_01oct01,0,7784079.story David Lawver, UW-Madison DoIT/SNCC-SM Operational Process Coordinator 1-608/262-8159 3108 CS&S firstname.lastname@example.org
[Search Google News for "debt clock".] In a sign of the times, the National Debt Clock in New York has run out of digits to record the growing figure. The government's current debt at about 10.2 trillion dollars. The organisation that runs the sign said it plans to update it next year by adding two digits to make it capable of tracking debt up to a quadrillion dollars. http://ukpress.google.com/article/ALeqM5h_QzfbREUJ7Nlu72_cIsVDT3envQ [Mark added subsequently:] Say, if this is the first time this has happened, does that make it 1D10T? :-)
[Aaron Emigh sent me an article that discusses generally the issue of the absence of validation of 35 out of 45 countries' public keys used to validate data in RFID passport chips. http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece (Note: The PKD participants' list  lists only nine participants: Australia, Canada, Germany, Japan, New Zealand, Singapore, Korea, the UK, and the USA. Either the reported number is incorrect, or another country has begun participating since the list was published in April of this year.) The ICAO seems to understand the issue; the PKD's 2007 report  states "The business case for validating ePassports is compelling: border control authorities can confirm that the document held by the traveler: was issued by a bona fide authority, has not been subsequently altered, is not a copy." In the ICAO PKD Procedures , it says (section 7.2): "The Country Signing CA Certificate (Ccsca) must be disseminated by the Participant prior to eMRTD [electronic machine readable travel document] issuance." So it does seem that this was understood, and that the way to enable validation of ePassport data is to participate in the PKD. The article implies that Secunet Golden Reader accepts self-signed certs from countries that have not filed a Ccsca, and that this data could be accepted by border patrol agents. It would obviously seem a better choice to force border personnel to validate the printed documents, where they presumably have some expertise in rejecting fraudulent credentials, in lieu of accepting any digital data that can't be validated. Does anyone know whether there are processes that capture a requirement for manual review for non-PKD-participating countries' passports? I don't have a copy of ICAO 9303. 1. http://www2.icao.int/en/MRTD/Downloads/PKD%20Documents/PKD_Board_-_Participants_list_v_1.1.pdf 2. http://www2.icao.int/en/MRTD/Downloads/PKD%20Documents/PKD_Board_-_Annual_Report_2007.pdf) 3. http://www2.icao.int/en/MRTD/Downloads/PKD%20Documents/PKD_Procedures_Final _Version.pdf
This form of story is becoming depressingly familiar at the moment in the UK to the point where numbness is setting in. http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm "Up to 1.7m people's data missing. A missing computer hard drive may have contained details of 1.7 million people who had enquired about joining the armed forces, the government has said." What made this story stand out for me was a quote in it from EDS, via Bob Ainsworth, the government minister with responsibility. They said: "EDS assesses that it is unlikely that the device was encrypted because it was stored within a secure site that exceeded the standards necessary for restricted information." To paraphrase: there was no way this could go missing, so we didn't bother to encrypt it.
Russian security company Elcomsoft posted a press release on 12 Oct 2008 detailing a new method to crack WPA and WPA2 keys: With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack. ... http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-speed/ http://www.prweb.com/releases/wi-fi/cracking/prweb1405954.htm http://securityandthe.net/wp-content/uploads/2008/10/elcom_pressrelease_wpa.pdf
My department is hosting a distinguished lecturer, so I went to the university web site for submitting important campus news items. I described the talk and the speaker, clicked submit -- and was presented with a request to log in with my university login and password. A bit odd, I thought, but perhaps not unreasonable -- maybe only faculty can submit news items. So I logged in -- and got a web form for administering database access control lists and tables... This would be Just Another Buggy Web site, but there's one final detail that elevates this incident to a classic: the distinguished lecturer is Peter Neumann... (http://calendar.columbia.edu/sundial/webapi/get.php?vt=detail&id=25765&con=embedded&br=ais_featured) Steve Bellovin, http://www.cs.columbia.edu/~smb [Very amusing. My talk was given one-half hour after Steve sent that message, on Integrity of Elections. I suppose examples of voting machines (and ATMs) showing a blue screen of death or an operating system login prompt would also tickle Steve's fancy. PGN]
I've just received a flyer from Dell which, among other things, describes a whole range of new services for which I can sign up when I buy a new PC. 1. "Recovering your data". For 60 Euros, during 3 years, Dell will "help me recover my data following flood, fire, or other incident". No indication is given of how likely this is to by physically possible, nor exactly how much effort Dell will put into this before declaring my disk to be dead. I'll still be making my own backups, thanks. 2. "Tracking down your stolen laptop" (55 Euros). If, during the first 3 years, my laptop is stolen and connected to the Internet, "its location can be determined" and "local law enforcement agencies will help you get it back". I'd be interested in seeing Dell's worldwide agreement with "local law enforcement agencies", and what the penalty clauses are if said agencies fail to return my laptop. I'd also be interested to know what other mechanisms Dell has planned to track where my laptop was used *before* I reported it stolen. Naturally, we will be assured that "strict safeguards are in place to stop this happening". (I'd be interested to know how this works... do they use some form of ID built into the CPU, or is there an open port on the firewall, or are the MAC addresses of the network cards - Ethernet and WiFi - piggybacked into network packets in some way?) 3. (The best one) "Formatting your data remotely" (70 Euros). Note that I'm translating from French here; what I presume they mean is "formatting your disk [partitions] remotely", not some service whereby they right-justify your paragraphs for you. The description of the service is breathtaking: "Dell can remotely format (sic) your sensitive data if your PC is lost or stolen. Your critical data will not fall into the wrong hands". Wow. So if I buy this service (and probably, even more worryingly, if I don't), my Dell laptop will have software on it which will listen for a message from the mother ship which will tell it to "format the data". The RISKs are beyond enumeration, but let's start with: - If your PC is stolen and the thief is sufficiently clever to backup the data before connecting it to the Internet, then not only does she have all your data, but you might naively think she doesn't. - If the guy I met at the airport last week, to whom I lent my laptop for a minute so he could check his webmail after we swapped business cards, happened to note the service tag of the PC, and it turns out that he works for a rival company, he will likely have all the info he needs to ensure that I have a very bad day. - If Joe in Cincinnati calls Dell to say his laptop has been stolen, and his serial tag is off by one from mine, and someone presses the wrong key in the mother ship, how much is Dell's liability for my data? However, all (data) may not be lost. Because Dell also offers: 4. "Certified data destruction" (18 Euros). When the time comes to get a new PC, Dell will take my old one and guarantee the secure destruction of all the data on the hard drive, and recycle its components. So apparently a simple format (remote or otherwise) isn't enough to keep your data out of the hands of the bad guys. I'm confused. I would also be very interested to have a list of people who are so serious about the need for their data to be securely destroyed, that they are prepared to pay in advance for it. I wonder if a disgruntled former call-center employee might sell me that data? No, surely not. And the people in charge of actually destroying the data wouldn't take a copy, either. Nick Brown, Strasbourg, France.
In two studies co-authored by Lehigh's Liuba Belkin, people using e-mail lied almost 50 percent more often than those using pen-and-paper. Workers are significantly more likely to lie in e-mail messages than in traditional pen-and-paper communications, according to two new studies co-authored by Lehigh's Liuba Belkin. More surprising is that people actually feel justified when lying using e-mail, the studies show. "There is a growing concern in the workplace over e-mail communications, and it comes down to trust," says Belkin, an assistant professor of management in the College of Business and Economics. "You're not afforded the luxury of seeing non-verbal and behavioral cues over e-mail. And in an organizational context, that leaves a lot of room for misinterpretation and, as we saw in our study, intentional deception." The results of the studies are reported in the paper, "Being Honest Online: The Finer Points of Lying in Online Ultimatum Bargaining." Belkin and her co-authors-Terri Kurtzberg of Rutgers University and Charles Naquin of DePaul University-presented their findings at the annual meeting of the Academy of Management held in August. ... http://www3.lehigh.edu/News/V2news_story.asp?iNewsID=2892
A crafty bank robber in America made a Thomas Crown style escape from the scene of his crime by recruiting a crowd of unsuspecting identically-dressed accomplices on the Internet. King5.com reports that the well-organised villain struck as an armoured van was picking up cash from the a Bank of America branch in Monroe, Washington. Wearing a dust mask, safety goggles, dayglo vest and a blue shirt, he pepper-sprayed a security guard and grabbed a bag of cash before fleeing briskly. Responding plods were hampered in their pursuit by the fact that a dozen other dayglo-vested, masked, goggled and blue-shirted men had congregated in the vicinity -- just as the legion of bowler-hatted suits assembled in New York's Metropolitan Museum in the latest Thomas Crown film [to?] fatally embugger the authorities' efforts to bracelet the eponymous billionaire blagger. In this case, it appears that the anonymous miscreant recruited his unsuspecting dupes on Craigslist. ... [Source: The Register, 3 Oct 2008. The rest of the story is good too. PGN] http://www.theregister.co.uk/2008/10/03/craigslist_thomas_crown/
I live in Athens, Ohio. One of the local newspapers is the *Athens News* (http://www.athensnews.com/). As it turns out, there is also an English-language *Athens News* in the other Athens (http://www.athensnews.gr/). Not surprisingly, electronic correspondence intended for one *Athens News* sometimes ends up at the other. This happened in July, with a letter mistakenly sent to our local *Athens News*. The editor decided to print it anyway: http://www.athensnews.com/opinion/letters/2008/jul/03/letter-abandoned-dogs-ask-wheres-odysseus-when-you/ This set off a chain of events that eventually led to a successful trans-Atlantic resolution of the situation: http://www.athensnews.com/news/2008/jul/07/dogs-rescued-greek-island/ http://www.athensnews.com/news/local/2008/jul/10/letter-editor-sparks-international-dog-rescue/ http://www.athensnews.com/news/2008/jul/14/greek-dogs-safely-placed-homes-europe/ I am also reminded of when, several years ago, I was walking past the gates at Dallas-Fort Worth International Airport, I noticed that American Airlines flights to "San Jose CA" and "San Jose CR" were departing from adjacent gates. The scheduled departure times were less than two hours apart.
The Oyster card is used on London's travel network. Details of how to hack one of the world's most popular smartcards have been published online. The research by Professor Bart Jacobs and colleagues at Radboud University in Holland reveals a weakness in the widely used Mifare Classic RFID chip. This is used in building entry systems and is embedded in the Oyster card used on London's transport network. Publication of the research was delayed by legal action taken by the chip's manufacturer. Paper chase Prof Jacobs and his team first identified the vulnerability in a research paper that was due to be published in March 2008. However, the release of the article was delayed after chip manufacturer NXP attempted to secure a court injunction against its publication. The paper was finally released on Monday at the European Symposium on Research in Computer Security (Esorics) 2008 security conference held in Malaga, Spain. Sensitive data stored on the Mifare Classic chip is protected by a unique number that acts as a key. When the chip, or a card bearing it, is placed near a reader it transmits and receives information based on its key. The security of the system depends on the key remaining secret. [Source: Peter Price, BBC] http://news.bbc.co.uk/2/hi/programmes/click_online/7655292.stm
[From Dave Farber's IP group. PGN] > PGN wrote (see RISKS-25.37) : TheAustralian.news.com.au blames "Erroneous > trades" routed to Nasdaq sent Google shares tumbling. Shares rebounded in > after-hours trading to $413.06. It's not necessarily erroneous trades. A number of stockholders will have a stop on their shares, so that they automatically sell if the price drops below a certain amount, typically 10% or whatever they think is outside the normal day's range of stock trading. Other people are interested in buying the stock once its price climbs out of its normal range. There's a whole theory ("technical trading") which tries to predict what is normal, and when a stock is going to exceed its normal price range. They have set a limit on the price they're willing to buy. When the price goes above that, they buy the stock. Sometime mean people will buy a bunch of shares of a stock, then sell them all at once. Depending on market conditions, they can depress the price of the stock enough to hit people's stops, at which point they sell, which drives the price down further, and further. The mean people then buy all the stock back (which takes a lot of cash, obviously), which sends the price of the stock zooming. If they're lucky, again, they'll send the price up so high that they'll start to hit limits, and more and more people will buy the stock. The mean people are happy to sell the stock to them. And when all of this winds down and the price returns to approximately its original value, both the people with stops and limits are screwed and the mean people make a lot of money. Sounds like NASDAQ saw that happen, and undid it. Usually the effect is small and the mean people get away with it. --my blog is at http://blog.russnelson.com 521 Pleasant Valley Rd. Potsdam, NY 13676-3213 +1 315-323-1241 IP Archives: https://www.listbox.com/member/archive/247/=now
Please report problems with the web pages to the maintainer