Two new IRS computer systems that will eventually cost taxpayers almost $2 billion are being put into service despite known security and privacy vulnerabilities, a Treasury watchdog said in a report coming out Thursday. The office of the Treasury Inspector General for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses had been addressed before putting the new systems into use. Inspector General J. Russell George said it was ''very troublesome'' that the IRS ''was aware of, and even self-identified, these weaknesses.'' The IRS, in a statement, said security of taxpayer data ''is of paramount importance'' to the agency and that, as noted in the report, it had implemented many of its recommendations and taken steps to improve security. It stressed that no taxpayer data has been harmed and numerous security safeguards were in place. The report focused on the Customer Account Data Engine, which will provide the foundation for managing all taxpayer accounts, and the Account Management Services system, which will provide faster and improved access by employees to taxpayer account data. Both systems are gradually being put into use. CADE, expected to cost more than $1 billion through 2012 to develop and operate, this year processed about 20 percent of the 142 billion returns filed. The Account Management Services system, AMS, still in its initial stages, will cost more than $700 million to develop and maintain through 2024. [Source: AP item, 16 Oct 2008] http://www.nytimes.com/aponline/washington/AP-IRS-Computer-Security.html
The German weekly magazine *Der Spiegel* 19 Oct 2008 reports on the data protection problems that a large rival publishing house, Springer, has had in the past few days. It turned out that people who had submitted ads for their local ad papers online had all of their data — name, address, mobile telephone, bank account info — available online, helpfully indexed by Google. It was especially problematic for people who had put in, shall we say, rather delicate, anonymous ads. One example was the retired gentleman looking for men to play stripping card games with him; another person was looking for a bisexual playmate. And there they were, searchable and unencrypted on the open Internet. It was discovered by a system administrator who was doing an ego search in September. He was shocked to find his mobile telephone number cheerfully delivered by Google. He investigated and found the data to be from an ad he had placed about a year and a half ago with a Springer newspaper for selling his apartment. Springer reacted quickly, removing the data, but it has taken ages to purge it from the Googlebanks. The system administrator is a bit angry at Springer, as they have not offered to pay him damages for having to get a new phone number. I googled the admin's name, I still get a hit on "Visual Form Maker - Adminscript" for the Hamburger Abendblatt, but the cache data is gone and the Link only returns a 404. http://www.hamburgerwochenblatt.de/php/edit_table.php?order=mwst&sort=ASC&sw=j&tbl=kleinanzeigen The tool is advertised as offering forms for web pages that can be created in an uncomplicated way for people without knowledge of programming. Perhaps people who cannot program should not be entrusted with making forms for web pages with sensitive data? Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin GERMANY +49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
Said the TBS network statement: "Two circuit breakers in our Atlanta transmission operations tripped, causing the master router and its backup -- which are necessary to transmit any incoming feed outbound — to shut down. This impacted our live feed from being distributed to any of the other networks in the Turner portfolio and caused the delay in our coverage. Both our primary and backup routers were impacted by this problem. We apologize to baseball fans for this mishap that caused a delay in our coverage." According to Pomeroy, the failure of the routers was unprecedented and prevented TBS from broadcasting a live message of any kind, including an informational scrawl at the bottom of the screen. Pomeroy said the network had no choice but to put on taped programming, which resulted in "The Steve Harvey Show" at least temporarily ending up in the slot reserved for Game 6. http://www.boston.com/sports/columnists/massarotti/2008/10/tbs_leaves_viewers_in_dark.html Jim Reisert AD1C/Ø, <email@example.com>, http://www.ad1c.us
[Source: Alex Williams, *The New York Times*, 19 Oct 2008] ANYONE who has spent more than a few minutes over the last couple of weeks trolling tech blogs or cocktail lounges has probably heard about Mail Goggles, a new feature on Google's Gmail program that is intended to help stamp out a scourge that few knew existed: late-night drunken e-mailing. The experimental program requires any user who enables the function to perform five simple math problems in 60 seconds before sending e-mails between 10 p.m. and 4 a.m. on weekends. That time frame apparently corresponds to the gap between cocktail No. 1 and cocktail No. 4, when tapping out an e-mail message to an ex or a co-worker can seem like the equivalent of bungee jumping without a cord. Mail Goggles is not the first case of a technology developed to keep people from endangering themselves or others with the machinery of daily life after they have had a few. For years, judges have ordered drunken-driving offenders to install computerized breath-analyzers linked to their car's ignition system to prevent them from starting their vehicles when intoxicated. But as the first sobriety checkpoint on what used to be called the information superhighway, the Mail Goggles program also raises a larger question: In an age when so much of our routine communication is accomplished with our fingertips, are we becoming so tethered to our keyboards that we really need the technological equivalent of trigger locks on firearms? In interviews with people who confessed to imbibing and typing at the same time - sometimes with regrettable consequences - the answer seems to be yes. ... http://www.nytimes.com/2008/10/19/fashion/19drunk.html?partner=rssuserland&emc=rss&pagewanted=all
[Source: Mary Pat Flaherty, *The Washington Post*, 18 Oct 2008, P. A1, from ACM TechNews, Monday, October 20, 2008] New state voter registration systems across the U.S. are incorrectly rejecting voters and threatening to disrupt the election process. The problems are occurring in states that switched from locally managed lists of voters to statewide databases, a change required by the Help America Vote Act. Although the switch is supposed to be a more efficient and accurate way to keep lists up to date, the transition is causing the systems to question the registrations of thousands of voters when discrepancies occur between their registration information and other official records. In Alabama, for example, dozens of voters are being labeled as convicted felons due to incorrect lists, and Michigan is scrambling to restore thousands of names it illegally removed from voter rolls due to residency questions. In Wisconsin, tens of thousands of voters could be affected, as officials admit that their database is wrong one out of every five times it flags a voter, often due to data discrepancies such as a middle initial or a typo in a birth date. Herbert Lin, who is studying the issue for the federal Election Assistance Commission, says that states are not using the "best scientific knowledge known today," as required by law. One of the problems with Wisconsin's database, which has been in place since August, is that 95,000 voters are incorrectly listed as being 108 years old. If no birth date was available when names were moved into the electronic system, it automatically assigned 1 Jan 1900. By federal law, anyone whose name is flagged must be notified and given a chance to prove his or her eligibility, but voting rights experts say voters are not always alerted, and some, even if they are notified, may simply decide to skip the election as a result. http://www.washingtonpost.com/wp-dyn/content/article/2008/10/17/AR2008101703360.html
Ohio Secretary of State Jennifer Brunner cut back on the accessible functionality of their website after apparent penetration efforts. This was reportedly not the first such attack. [Source: Sarah Lai Stirland, WiReD blog, 20 Oct 2008] http://blog.wired.com/27bstroke6/2008/10/ohio-secretary.html
This message is from Black Box Voting, a non-profit that monitors voting irregularities and fraud. Steve Kelem, Los Altos Hills, CA - ------ Original Message -------- Subject: From BBV: Two-Minute warning on voting machines [...] Date: Thu, 11 Sep 2008 02:55:21 -0700 From: Black Box Voting <firstname.lastname@example.org> TWO-MINUTE WARNING ON VOTING MACHINES: Welcome to "SPEED VOTING" Permission to reprint or excerpt granted, with link to blackboxvoting.org Diebold/Premier says it's too late to fix a new voting machine 2-minute warning and "time-out" feature, which can kick voters off the machine, forcing them to accept a provisional ballot. At least 15 voters were booted off the machine in Johnson County, Kansas recently, and Diebold/Premier says this is due to a software upgrade which sets a timer on voter inactivity. According to the company, the machines receiving the upgrade are used in 34 states and 1,700 jurisdictions.* * This seems inflated, though. Unless the optical scan machines are also outfitted with a 2-minute warning, which doesn't make sense, it would seem that this should only apply to the DRE states and locations.
My cable TV provider allows on-line access to accounts and major changes to services can be made on-line. If you forget the password, you can request a reset. They reset and e-mail you the temporary password. This is done by many and is reasonable. However, this hi-tech company mails out the same password every time — the name of the company. That means that I can attempt to login as an "enemy", claim that I have forgotten the password. They mail him the temporary password but I already know what it is. After a brief pause while they send him an e-mail, I log in with the universal password and change it. I can then do things like order services, cancel services, etc. and, in general, be a real pest. The true owner cannot login and will have just received a misleading message telling him to use the new temporary password. Talk about dumb!
The Civil Air Patrol, an auxiliary of the US Air Force, runs a website where members can access their membership and qualification status. Of course it is password protected, and of course I had forgotten mine. The site provides the normal "forgot your password?" link which takes you to a page where you enter your member number and email address, and then a "submit" button that is supposed to trigger an email with your login details. This submit button, however, triggered an obscure and lengthy error message, something to do with the output of the server can't be parsed maybe because of println's or whatever. I am a webmaster for several sites and even I couldn't figure out exactly what it was complaining about. In any case, it wasn't working. Before I continue, let me add that in the process of logging in members are reminded of a recent administrative requirement to take a brief online course on OPSEC (operational security) and agree to the OPSEC rules. Apparently, someone had released the new radio frequency lists, which had been changed because the old lists were publicly available. I took the online course (it did not require logging in!) and submitted a form with the "I agree to abide by the OPSEC requirements" box checked. In brief, I agreed not to tell things to people who didn't need to know them. I went to the helpdesk page and submitted a problem report. In the problem report I had to enter both my member number and email address. That's the same data the "forgot password" form required. In response, I was requested to provide my SSN and another piece of information. The request arrived by email, but with instructions not to answer by email, but to POST THIS INFORMATION AS A RESPONSE ON A PROBLEM REPORT WEBPAGE. A web page that required no login to reach. My response was "yeah, right." By e-mail, I received a followup response. "Please provide your daytime phone number and we will call you to get the information." Keep in mind, this is an auxiliary to the US Air Force, a government operation, at a .mil address, where I had just been required to certify that I would follow OPSEC rules to protect their data. They expected that I would tell my SSN to anyone who calls on the phone asking for it. I don't tell the magazine subscription people my true "month of birth" or other bit of personal data they want to "verify they'd spoken to me", I sure as heck am not going to tell Joe Random Caller my SSN. (But this is the same CAP that routinely sells my membership data to credit card companies, who want me to get my special "CAP logo credit card" at their special usurious rate.) In my response I asked first if they were kidding me, or if this was some kind of test to see if I understood the meaning of OPSEC. I pointed out that the "forgot password" page required only my id number and email address, both of which they already had, and maybe they should just trigger the "forgot password" action using the data they already had. They had no need for anything more. Or, barring that, fix the original problem and I would get the update myself. This response got me passed off to someone else who realized (I hope) the stupidity of what they had asked me to do, or at least the futility (I expect) of getting me to cooperate, and an email with my login credentials arrived shortly thereafter. The final nail? They did not reset my password to a new value and then force me to change it upon the next login. They sent me my EXISTING PASSWORD IN PLAINTEXT. WITH MY USERNAME. This is YOUR government at work, folks.
What could possibly go wrong? http://www.theinquirer.net/gb/inquirer/news/2008/09/04/unlock-house-via-internet
Russ Nelson is correct in supposing that automated trading takes place, but I think he has his trading operations backward: surely its 'sell' if the price exceeds an upper limit and 'buy' if its below the lower limit. After all, the purpose of the program is to make money, not to give it away! The usual term for his "mean people" is short sellers. They don't need money to operate: if they are well regarded enough, many markets will let them sell what they don't have in the expectation that the price will drop and they can then acquire the stock at a lower price before they have to complete the bargain by delivering it to the purchaser. Needless to say, if they go short on a large enough amount of stock, the expected price fall becomes a self-fulfilling prophesy. A similar thing happened in Australia during the Poseidon bubble, when more shares than existed in a mining stock were short sold when the bubble burst, but there was no bail-out for those gamblers. Trading in the stock was suspended and the short sellers were forced to complete their bargains no matter how much money they lost in the process. Needless to say, the stockholders made a killing and the short sellers lost their shirts. Then short selling was banned completely and trading resumed.
Outliers have been mentioned recently (25.37 and 25.39). One should take care to distinguish between an outlier and an unexpected reading. 1. When the target is moving, you can never be sure whether an unexpected reading is an error (therefore trim it) or true but the start (worsening, etc.) of a trend. Making *either* assumption on a priori grounds can be dangerous to your health and is risky. 2. When the target is static and the measurement process is relatively uncontaminated then you may use the normal distribution assumptions — variation is error — and identify unexpected readings as "outliers" (ie you claim to know the distribution and therefore can consider this reading "lies outside.") But the onus is on you to establish the two first conditions are met. Not to do so is also risky. Ratings from a dozen or so judges, some of which may be biased either way? Simple. Use medians. If there is no bias then the mean = median. If there is, the median process removes the biases (including the horrible thought that there may be a coalition of judges.)
Perhaps this should be re-titled "Risk of Inflammatory reporting". To quote from the piece: 1. "A faulty computer unit likely caused a Qantas jetliner to experience two terrifying midair plunges within minutes last week" 2. "and then went into a nose-dive, dropping about 650 feet in 20 seconds" A 650-foot drop in 20 seconds gives a vertical velocity of 22mph. Taking a conservative estimate of cruise speed at 600mph, simple geometry tells us that this "terrifying mid-air plunge" amounted to a 2.1 degree dive - something which even the most attentive of passengers would be unlikely to have noticed. Whilst I fully accept that the failure to hold altitude has significant concerns for air-traffic safety, I suggest that this "terrifying plunge" stuff is tabloid baloney which should be ridiculed rather than repeated.
It should be pointed out that these rates of descent (~2000 fpm) are quite typical for a jetliner even during normal operation. Even a small plane can safely descend at these rates, though that would feel fairly dramatic.
The three-letter codes for those two airports are SJC and SJO respectively. My sister once booked the wrong one. I told her that she should have just flown into SFO. [Chuck Charlton, San Francisco]
> The improved technology will also boost train speeds from 79 m.p.h. Cool. The reason this will allow train speeds above 79 m.p.h is that the Interstate Commerce Commission made a rule in *1922* that required cab signals like this for speeds of 80 and up. <http://en.wikipedia.org/wiki/Cab_signalling> Joseph Brennan, Columbia University Information Technology
There seem to be a number of unfounded or otherwise curious assumptions in M. Brown's inquiry. Regarding items 2 & 3 - Dell is re-labeling Absolute Software's (http://www.absolute.com/) Computrace service, which I happen to use extensively on behalf of my employer. A Computrace equipped laptop will attempt to "phone home" via Internet connection once per day. Obviously, there does need to _be_ a connection. The computer is identified via an ESN (a 16 x 36-value [0-9; A-Z] unique string assigned by Absolute when the product is registered). The ESN is correlated in Absolute's database with the hardware MAC address and other hardware items to establish a "fingerprint" for the computer. Regarding relationships with law enforcement, Absolute does pretty well, in my experience. The issue in recovery lies mostly with the requirements to have a judge authorize a search warrant (or local equivalent) to serve on the ISP, and yet again for the physical location of the stolen computer. That can be a pain, but to make it easier would only further threaten our Liberty; I recommend leaving that as is, thank you very much. A small piece of Computrace code that is capable of reinstalling the main program at next Internet connection is loaded on ROM on compatible (all Dells, most models of other brands) computers. So the hard drive may be formatted or replaced and the tracking program will reinstall itself. A computer was stolen from my employer's premises in 2006, and the very first thing that the thief did was swap out the hard drive. That computer was calling in again within 36 hours. Regarding Data Delete, see the above constraints on computer identification. In addition, Absolute requires that computer owners pre-register any administrators to be authorized for Data Delete (at a substantial cost per admin), and the log in requires two factor authentication using a password and a time-based RSA key issued to registered admins. Lastly, initiating Data Delete costs 250 USD, and Absolute wants assurance about where the money is coming from before they nuke the computer. Is it impossible that a black hat could maliciously trigger this function? Hardly, but there would seem to be many ways to inflict equivalent damage that are a darned sight easier (not to mention cheaper) to effect. I am mystified why any thinking human would assume that it was impossible for data to be stolen before the Data Delete function was invoked. I wouldn't, and Absolute has never stated or implied otherwise (although it sadly doesn't much surprise me to find that Dell seems to have dumbed down the description of the service). So the alternative of giving a potential data hijacker an unlimited time window to conceive of and execute theft of data is preferable to an imperfect, less-than-real-time deletion in exactly what way? Regarding the certified destruction of data (#4), I can't quite make out whether M. Brown is trying to belittle the perceived need for this service, or its implementation by Dell. We also use this service as part of Dell's Asset Recovery Services, of which the more important part to us is their certification that the computer has been disposed of in compliance with all applicable environmental laws and regulations. We do a 7-pass DOD wipe (DBAN) before such a computer is sent to Dell, however the data destruction service does provide some additional assurance in the event that our in-house wiping procedure has quietly failed. In the case of the typical consumer, the admitted risk is no doubt offset by the probability that most users would not know or care to even attempt to purge data on their own, and those who did would probably do no more than a Windows delete operation on files.
[... the 17-sided unistable uniform solid that will always roll over onto the same side ... PGN] Not quite. (1) The question, lying around for years, was "What convex polyhedron with least number of faces, cut from uniform material, can be demonstrated to be gravitationally stable on only one face? Mine had 19, not 17, faces. (2) on submitting this for publication, I learned that Richard Guy already had the very same design in the galleys, with the presses running, having found it two months earlier (he was gracious enough to say that I had independently discovered it). [Ken, TNX for the correction. Tangential to RISKS, but we always strive for correctness. PGN]
Ken Knowlton incorrectly recounts Richard Feynman's exploits. Feynman opened the file cabinets by guessing that the combination chosen by Frederic de Hoffman was based on a natural constant. It was e (the base of the natural logarithms). The Captain's safe was opened by the Los Alamos locksmith, who told Feynman how he did it. He knew the default combinations were usually 25-0-25 or 50-25-50. It was the latter. You can read about it here: http://www.gorgorat.com/ Search down for "Safecracker Meets Safecracker".
If the clock is out of digits, can't they just print some more? Mark Hull-Richter, Linux Software Developer, Registered Linux User #472807 [sign up at http://counter.li.org/]
Please report problems with the web pages to the maintainer