The RISKS Digest
Volume 25 Issue 42

Friday, 24th October 2008

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Greenspan says computer input did it
CWmike via timothy via Wendell Cochran
Vint Cerf: Big Changes Ahead for the Internet
UW researchers uncover gap in border security
Peter Gregory
Re: Computer likely caused Qantas plunge
Dag-Erling Smørgrav
Cameron Simpson
Adrian Edmonds
Re: Straight Party Voting Issues
David Phillips
Arthur Flatau
Re: Remarkable — United Airlines Stock
John Levine
Info on RISKS (comp.risks)

Greenspan says computer input did it

<Wendell Cochran <>>
Fri, 24 Oct 2008 06:24:27 -0700

Greenspan Tells Congress Bad Data Hurt Wall Street
Posted by timothy on Thursday October 23, @06:41PM
from the but-all-this-looted-cash-won't-do-much-harm dept.

Supercomputing  The Almighty Buck United States Politics
CWmike writes "Former Reserve Bank chairman Alan Greenspan has long praised
technology as a tool to limit risks in financial markets. In 2005, he said
better risk scoring by high-performance computing made it possible for
lenders to extend credit to subprime borrowers. But today Greenspan told
Congress that the data fed into financial systems was often a case of
garbage in, garbage out. Christopher Cox, chairman of the Securities and
Exchange Commission, told the committee that bad code led the credit rating
agencies to give AAA ratings to mortgage-backed securities that didn't
deserve them. Explaining in his testimony what failed, Cox noted a 2004
decision to rely on the computer models for assessing a decision that
essentially outsourced regulatory duties to Wall Street firms themselves."

Vint Cerf: Big Changes Ahead for the Internet

Fri, 24 Oct 2008 13:42:26 -0400

Mikael Ricknas, IDG News Service, 21 Oct 2008, via ACM TechNews, 24 Oct 2008

Google vice president Vint Cerf predicts that 2008 and 2009 will be the most
important years for the evolution of the Internet.  "This year and the next
year are probably the most significant years for Internet's evolution that I
can remember," Cerf says.  The most significant change will be the
transition to IPv6, which will offer more address space for the Internet as
the number of IPv4 addresses are expected to run out in 2010.  Cerf notes
that IPv6 also is required to comply with user's requests to go into
encrypted mode.  Another large change is the implementation of a more secure
domain name system that uses Domain Name System Security Extensions
(DNSSECs).  DNSSEC ensures that users who use a domain name hookup receive
the correct IP address instead of something from a hacker.  The Internet
also will soon support internationalized domain names with non-Latin
character sets.  "This is a big change, because for the last 30 years the
only thing you could use was Latin characters, and just the letters a though
z, digits 0 to 9, and a hyphen," Cerf says.  He says other changes that
would make the Internet more useful include broadcast and support for
multihoming, which would make it easier for users to have more than one
Internet service provider.

  [This clearly has the potential to improve many things.  However, case
  sensitive characters, cyrillic characters (e.g., "o") and others that
  might easily be confused with Latin characters are likely to provide some
  new opportunities for phishers (fissures in the dike?).  PGN]

UW researchers uncover gap in border security

<Peter Gregory <>>
Fri, 24 Oct 2008 07:46:03 -0700 (PDT)

Perhaps RFID-passport/ID card cloning is making it into the mainstream
media. Not that this is anything at all new to this esteemed audience.

The end of the article says that the WA dept of licensing is looking into
the matter - as though they have never heard of any of the RFID risks. Based
upon their implementation, this may in fact be the case.

Peter Gregory, CISA, CISSP, DRCE | Risk Analyst and Manager | Published
Author, Columnist |

Re: Computer likely caused Qantas plunge (RISKS-25.40)

<Dag-Erling Smørgrav <>>
Fri, 24 Oct 2008 02:31:12 +0200

> ... in a 6,500-foot drop.

I have to retract that...  it seems that it was in fact 650 feet, and
the source *I* consulted (I believe it was Sky News) added a zero.

Re: Computer likely caused Qantas plunge (Rieden, RISKS-25.38)

<Cameron Simpson <>>
Fri, 24 Oct 2008 14:12:34 +1100

Or the aircraft's horizontal speed might be utterly irrelevant to the effects.

Several people were injured in this incident. For example, at:,23739,24460989-952,00.html
we see stuff like:
  The "ghost in the machine'' malfunction which caused a mid-air drama
  leaving 46 people injured has puzzled air safety investigators who
  cannot recall a similar incident in aviation history.  [...]
  Passengers on board the flight have described haunting images of
  children and babies hitting the ceiling of the plane.
  While the incident left some with spinal injuries and others with
  broken bones and lacerations [...]
  At least 30 passengers and crew aboard QF72 were seriously injured -
  some with spinal injuries and others with broken bones and lacerations

650 feet in 20 seconds is about 10m/s descent. It is irrelevant how
shallow the absolute angle was if the descent started abruptly enough
because acceleration can still be immense. Analogy: if you're on a bus
and someone swings a nasty uppercut at you, does the speed of the bus

Cameron Simpson <> DoD#743

Re: Computer likely caused Qantas plunge (RISKS-25.40)

<Adrian Edmonds <>>
Thu, 23 Oct 2008 23:08:32 -0700

Whilst working for a UK company specialising in fire detection/extinguishing
we regularly received incident reports from the CAA. Whilst our main concern
was fuel tank vent and dump systems I was struck by the number of airborne
accidents involving turbulence. Some of these incident reports caused much
hilarity on a Friday afternoon, especially the ones showing just what can
happen with a food trolley and sleeping passengers I have always flown since
then with my seatbelt firmly attached around my body.

Just like they say on the inflight safety announcements, keep your seatbelt
on at all times.

Adrian Edmonds, Stryker GI,8 Haeshel Street,PO Box 3534, Caeserea 38900 ISRAEL
+972-73 737 4772

Re: Straight Party Voting Issues (Finegold, RISKS-25.41)

<"David Phillips" <>>
Fri, 24 Oct 2008 09:35:11 -0400

Leonard Finegold passed on information about problems with straight party
voting issues, undercounting, etc.

I can only speak to North Carolina, where I have lived & voted for 24 years.
While we do have straight party voting available, and all of the potential
problems from Leonard's post do exist, it is well publicized during each
election cycle that a straight party vote will NOT select a presidential
candidate, or any judicial candidates, or any of the non-partisan races on
the ballot.  I cannot remember whether this has always been the case since I
moved here, but believe that it has.

Re: Straight Party Voting Issues (Finegold, RISKS-25.41)

<Arthur Flatau <>>
Fri, 24 Oct 2008 09:37:09 -0500

It seems the problem with straight party voting here in Austin is perhaps a
poor user interface (I have not yet voted this year, so I can I am making
some conjectures based on past experience as well as this article from the
Austin American Statesman: Ignore straight-ticket voting rumors, clerk says

Travis County uses Hart InterCivic eSlates machine, I believe that these are
used fairly widely throughout Texas.  The problem is, I believe, that when
you vote straight party (presumably for either Democratic or Republican,
although all the rumors seem to be about the Democratic party), it seems the
machine merely selects all the Democratic candidates.  If you then try to
vote for the Democratic Party candidate (Obama) or presumably any other
Democratic candidate, you unselect that person.  I am not sure that is all
that bad a design (assuming it does work as I think).  You are given a
chance to review all of you selections before pushing the button to cast
your vote.  In any case, although there are major problems with electronic
voting, including the Hart InterCivic eSlates this seems like at best a
minor issue.  You do have to be careful to review who you actually voted
for, but this is true for any voting system, including paper ballots.

Re: Remarkable — United Airlines Stock (Nelson, RISKS-25.38)

<John Levine <>>
24 Oct 2008 00:01:53 -0000

> surely its 'sell' if the price exceeds an upper limit and 'buy' if its
> below the lower limit.  After all, the purpose of the program is to make
> money, not to give it away!

No, Russ got it right.  That's known as momentum investing.  I don't think
it makes much sense, but there are definitely people who do it.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be,, ex-Mayor

Please report problems with the web pages to the maintainer