The RISKS Digest
Volume 25 Issue 51

Friday, 16th January 2009

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Software glitch causes incorrect medication dosages
Jeremy Epstein
Police avoid arrests due to time-consuming QPRIME computer system
Steven J Klein
Maryland Police surveillance
Lisa Rein and Josh White
Army subcontractor sends 7,000 misaddressed letters: 'computer glitch'
Rob McCool
Risks in Hating Web Video
Lauren Weinstein
"Spy pens" and the future of private speech
Jerry Leichter
Risk of Car Sharing: Getting Pinned with Someone Else's Ticket
Kent Borg
Taiwan Immigration Computer down for the Count
Tony Hoare: "Null References: The Billion Dollar Mistake"
Olivier Dagenais
Facebook hacked and no avenue for redress
Mark Neely
How to NOT perform customer service and updates
Gene Spafford
Risks of digital signatures
Ron Garret
Update: N.J. officials order paper trail upgrades to voting machines
Danny Burstein
Teenagers' Internet Socializing Not a Bad Thing
Monty Solomon
SecAppDev 2009
Johan Peeters
REVIEW: "Intellectual Property and Open Source", Van Lindberg
Rob Slade
Info on RISKS (comp.risks)

Software glitch causes incorrect medication dosages

<Jeremy Epstein <>>
Fri, 16 Jan 2009 11:51:46 -0500

``Patients at VA health centers were given incorrect doses of drugs, had
needed treatments delayed and may have been exposed to other medical errors
due to the glitches that showed faulty displays of their electronic health
records, according to internal documents obtained by The Associated Press
under the Freedom of Information Act.  The VA's recent glitches involved
medical data — vital signs, lab results, active meds — that sometimes
popped up under another patient's name on the computer screen.  Records also
failed to clearly display a doctor's stop order for a treatment, leading to
reported cases of unnecessary doses of intravenous drugs such as
blood-thinning heparin.  According to interviews and the VA's internal
memos, the glitches began after the VA distributed its annual software
upgrade last August [2008].''

By early October, hospitals began reporting the troubling problems: When
doctors pulled up electronic records of different patients within 10 minutes
of each other to offer treatment advice, the medical information of the
first patient sometimes displayed under the second person's name. In some
records, a doctor's stop order for intravenous injections also failed to
clearly display."

No explanation of what caused the software problem, which was reportedly
fixed in December.

  [Also noted by Danny Burstein, who added that this was not disclosed to
  patients by the VA.  PGN]

Police avoid arrests due to time-consuming QPRIME computer system

<Steven J Klein <>>
Sun, 04 Jan 2009 20:05:49 -0500


  FRUSTRATED Queensland police are turning a blind eye to crime to avoid
  time-consuming data entry on the force's new $100 million computer system.

  Queensland Police Union vice-president Ian Leavers said the system turned
  jobs that usually took an hour into several hours of angst.

  He said police were growing reluctant to make arrests following the latest
  phased roll-out of QPRIME, or Queensland Police Records Information
  Management Exchange.

  "They are reluctant to make arrests and they're showing a lot more
  discretion in the arrests they make because QPRIME is so convoluted to
  navigate," Mr Leavers said. He said minor street offences, some traffic
  offences and minor property matters were going unchallenged, but not
  serious offences.,23739,24723327-952,00.html

Steven J Klein, Your Mac & PC Expert, Phone: (248) YOUR-MAC or (248) 968-7622

  [p prime and q prime are of course the basis for public-key crypto.
  QPRIME by itself sounds like public-free flip-tow.  PGN]

Maryland Police surveillance (Lisa Rein and Josh White)

<"Peter G. Neumann" <>>
Thu, 8 Jan 2009 15:12:07 PST

Lisa Rein and Josh White, More Groups Than Thought Monitored in Police
Spying, *The Washington Post*, 4 Jan 2009

The Maryland State Police surveillance of advocacy groups was far more
extensive than previously acknowledged, with records showing that troopers
monitored - and labeled as terrorists - activists devoted to such
wide-ranging causes as promoting human rights and establishing bike
lanes. Intelligence officers created a voluminous file on Norfolk-based
People for the Ethical Treatment of Animals, calling the group a "security
threat" because of concerns that members would disrupt the circus. Angry
consumers fighting a 72 percent electricity rate increase in 2006 were
targeted. The DC Anti-War Network, which opposes the Iraq war, was
designated a white supremacist group, without explanation. [...]

Army subcontractor sends 7,000 misaddressed letters: 'computer glitch'

<Rob McCool <>>
Wed, 7 Jan 2009 15:19:09 -0800 (PST)

The US Army said today that 7,000 family members of soldiers killed in
recent wars were sent letters addressing them as "John Doe". The U.S. Army
Human Resources Command's Casualty and Mortuary Affairs Center in
Alexandria, Va. issued a formal apology for what they described as a
contractor's error. The contractor had used a placeholder greeting of "Dear
John Doe" in the letter, which was to have been automatically replaced by
the specific names of and addresses of the survivors but somehow wasn't.

Army Chief of Staff Gen. George W. Casey, Jr. is said to be sending a
personal letter to the families who received the improperly addressed

Risks in Hating Web Video

<Lauren Weinstein <>>
Fri, 16 Jan 2009 09:29:06 -0800

Greetings.  Since I occasionally post audio (and more recently video)
commentaries and other features on the Web, and have been doing so for a
number of years, I've been becoming increasingly concerned about the
phenomenon of what I might call "audio and video media haters" in the
Internet environment.  I'm beginning to see some significant related risks.

Without fail, after each of my posting announcements of an audio or video
presentation, I get e-mail from people that amount to variations on:

  "I refuse to watch video [listen to audio] on the Net.  Please make
  a text-only version of all your materials available."

Such messages have been particularly notable for this week's "Stimulus or
Ripoff" - "Network Neutrality in 30 Seconds - Part 3" video segment ( ), which I announced a couple
of days ago.

The reactions to the announcement of this particular video are a perfect
example of my concern.  Without the accompanying video track, and especially
its animations, the entire humor of the piece, and even the key punch line
itself, would be completely lost.  The short narration script alone might be
interesting to Net Neutrality intelligentsia, but the piece is designed to
try reach a much broader audience, and the visuals are key to driving home
the concepts (to those who have seen the video, no pun is intended by the
term "driving" in this case!)

There are of course legitimate accessibility concerns with all media.
Unfortunately, I have not found available captioning tools, for example, to
be entirely practical at this stage.  In some of my very early audio
efforts, I did make scripts available, and then ran into a wall trying to
note tone of voice (sarcasm, etc.) in a way that would make sense.  Without
such notations, I found that some readers were misunderstanding the intent
of the pieces.  And while it's certainly possible to write commentary
without tone of voice sarcasm, it can be quite constraining in an audio

As the powerful capabilities of video to entertain, inform, explain, and
convince — video is increasingly a sort of default "coin of the realm" in
many ways on the Internet — it seems likely that the sorts of issues and
concerns described above will be exacerbated.

I don't claim to possess any magic wand solutions to this, though I have
some relevant ideas.  But I do believe we'd be very foolish to declare such
matters as insignificant or unworthy of study.

The ways in which people react to new forms of media have always been
important, sometimes in political contexts that have affected untold
millions of lives over the centuries.  Video on the Web will not be an

Lauren Weinstein +1 (818) 225-2800
Network Neutrality Squad  Blog:

"Spy pens" and the future of private speech

<Jerry Leichter <>>
Sat, 10 Jan 2009 06:45:46 -0500

The decreasing size of electronics has made all kinds of devices from
fantasy practical.  Look around at audio and video recorders that fit in
pens, packs of gum, etc.:

Now, that stuff is specialized and hardly mass market.  One can even imagine
attempts to outlaw it.  But there's a really neat gadget, the Pulse Smartpen
by Livescribe - - that *is* mass market.  This is
a pen with 2 or 4GB of memory, a microphone, an optical scanner at the pen
tip, and a small LCD display.  You write on special paper - you can print
your own - and it records "digital ink" of what you wrote and time-sync's it
with the recording.  Later, you can review what you wrote and listen to what
was being said at the same time.  Sold today as a device for note-taking -
but Livescribe was apparently started by a bunch of ex-Apple guys, and they
are thinking big. There's an SDK so you can use the thing as a "pen
computing environment".  For example, they include a calculator: Write down
an arithmetic problem and the answer appears on the LCD.

Anyway ... besides the intended uses, with this kind of thing in millions of
pockets - you should expect that anything you say will be recorded.  Not all
bad, of course - we'll certainly have some more cops caught lying on the
stand about their interrogation techniques, as has happened of late with
cell phones.  But the overall effects on our ideas of privacy are hard to
predict.  People treated mail and chat and such as equivalents of speech -
transitory and private.  Reality - and the courts - have shown us that these
are permanent, searchable records.  Actual speech is about to cross over
into the same territory.

Welcome to the Panopticon.

Risk of Car Sharing: Getting Pinned with Someone Else's Ticket

<Kent Borg <>>
Fri, 09 Jan 2009 11:24:05 -0500

Last year I signed up for Zipcar, a car sharing service that operates in the
Boston area (among other cities).  It seemed good to support such an
enterprise--and it might come in handy.  OK, so one day my car is in the
shop and I need to get to work.  I rent a Zipcar for the day, drive to work,
park, work my day, return the car to its packing place, walk home.  Cool.

A month later I get an e-mail from Zipcar telling me I am being charged for
my parking ticket.  Charged for the fine, plus an extra $20 for handling.

What ticket!?  I don't remember getting a ticket.  I check the address of
the violation.  Nope, I never went to that Cambridge neighborhood.

I don't know where the error occurred.  Did the Cambridge police get the
plate number wrong?  Did they get the date wrong?  Did Zipcar match up plate
number to the wrong car?

Zipcar uses an RFID/proxcard system to unlock and lock their cars.  Somehow
they communicate to each car to tell it what proxcard is authorized per
their reservation records.  They have told me what time I picked up the
car--supposedly I picked up the car 4-minutes before the reservation time.

That is odd.  I don't claim to always be on time (ask my wife) but I am a
bit of a time nerd and always know how late I am, my watch is usually within
10-seconds of the correct time.  Even before I had my coffee, I am quite
sure I didn't pickup my first Zipcar 4-minutes early, I would have been
startled that they let me have the car early.  So I don't trust their time

Getting this cleared up might be difficult.

The risk: By sharing cars, if all the computer and human systems don't work
right, we risk also sharing parking tickets (and other liabilities?) that
are not shouldered by their rightful violators...

kb, the Kent who is $60 guilty until he can prove himself innocent.

Taiwan Immigration Computer down for the Count

Wed, 07 Jan 2009 02:15:27 +0800

... Legislator Ker said the computer crash lasted far too long and had
jeopardized national security as well as the nation's image...  National
Immigration Agency Chief Hsieh said "faulty hard drives" were responsible
... in the meantime, to prevent criminal suspects from seizing the
opportunity to flee Taiwan, his agency had provided a list...

Fortunately former President Chen "Count the towels" Shuibian is safely
behind bars and won't be making a break for it.

  [I presume no Count was ennobled thereby.  PGN]

Tony Hoare: "Null References: The Billion Dollar Mistake"

<"Olivier Dagenais" <>>
Tue, 13 Jan 2009 15:36:04 -0500

RISKS readers may be interested in the following presentation by Tony Hoare
[Sir Anthony C. A. R. Hoare] at the upcoming QCon London 2009:

  Abstract: I call it my billion-dollar mistake. It was the invention of the
  null reference in 1965. At that time, I was designing the first
  comprehensive type system for references in an object oriented language
  (ALGOL W). My goal was to ensure that all use of references should be
  absolutely safe, with checking performed automatically by the
  compiler. But I couldn't resist the temptation to put in a null reference,
  simply because it was so easy to implement. This has led to innumerable
  errors, vulnerabilities, and system crashes, which have probably caused a
  billion dollars of pain and damage in the last forty years. In recent
  years, a number of program analysers like PREfix and PREfast in Microsoft
  have been used to check references, and give warnings if there is a risk
  they may be non-null. More recent programming languages like Spec# have
  introduced declarations for non-null references. This is the solution,
  which I rejected in 1965.

Facebook hacked and no avenue for redress [Via Dave Farber's IP]

<"Mark Neely" <>>
January 15, 2009 9:32:17 AM EST

I am writing partly to vent my frustration but mainly in the vain hope
someone on the IP list can help me out.

My Facebook account was hacked approximately 40hrs ago. I discovered this
when I was called by a concerned friend who wanted to confirm that I was
being held at gunpoint in London and desperately needed him to wire me cash
(via Western Union) so I could escape the country and return to Australia.
Of course, I was not in London, and it was not me he was chatting to on

I immediately attempted to log into Facebook, but the password had been
changed. So I tried to reset the password, but the e-mail address linked to
my Facebook account had also been changed. I could not access my account.

I spent an hour scanning the Facebook site looking for a contact phone
number. No such luck. I completed 2 different incident reporting forms, and
received auto-confirmations. I then scanned their T+Cs and Privacy notices
and discovered the e-mail address and sent an e-mail to
that address.

40 hours later, I have had no response from Facebook, and I have been
alerted by friends that the perpetrators are still active on my account,
initiating chats with people begging for help and a money transfer. I just
alerted several authorities in Australia (though it is now 1.30am in Sydney,
so had to use online forms). Unfortunately, the Australian Federal Police
(who do have a 24hr hotline) couldn't help me (they referred me to a Scam
Watch service!).

So I am asking whether anyone on the IP list has a direct contact with an
appropriate stakeholder at Facebook, or some specific advice on who I might
contact in the US to get the account suspended and the perpetrators locked
out (or, better, traced and apprehended).

Mark Neely, Master Strategist, Infolution Pty Ltd 'Beyond Strategy. Leading
Change' e: m: +61 (0)412 0417 29 skype: mark.neely
Read my blogs -->

IP Archives:

  [A follow-up note in IP from Chris Kelly <>
  indicated that Facebook had disabled the account while they are
  attempting to pinpoint the perpetrators.  PGN]

How to NOT perform customer service and updates

<Gene Spafford <>>
Sat, 10 Jan 2009 16:45:11 -0500

This both an accounting of experience and a warning away from a vendor.

I recently purchased 2 Samsung Blu-Ray DVD players: a BD-P2500, and a
BD-P1500.  Both have Internet connections for firmware updates and Blu- Ray
Live.  The BD-P2500 also supports live streaming of Netflix content.

A couple of days after Christmas, the 2500 froze up.  I could not get it to
respond to anything, including the factory reset code.  I contacted Samsung
and was given information to send the player in for service.  They've had it
for nearly 2 weeks with a status of "waiting for parts."  It has now been
broken longer than it was working.

The 1500 came up with a message on Thursday that a firmware update was
available.  So, I initiated the download.  It went without error, according
to the display.  After completion, it too was dead in the water — no
response to anything.  So, I called Samsung again.  The problem was
escalated in customer service.  This is what I got told:

1) There was a bad update put on the servers, and many players that got the
   download have frozen up.
2) They do not have a fix for it at the current time and do not know when
   one will be available.
3) I should check their WWW site once a week to see when an update is
   available.  "It should almost certainly be within a month."
4) Even though it is their fault for putting up a bad firmware update, if I
   am required to send in the player, it is out of warranty for service so
   it is my own expense.

I wonder how many other people around the world are stuck with
non-functional players and a vague answer about the fix?  And the best they
can do is have me check the WWW site once a week to see when they are ready
for me to pay to install a fix to a problem they caused in the first place.
What crock!

Needless to say, I will probably not buy another Samsung product.  You might
want to consider this as a big red flag in your own purchasing decisions --
the risk of bad updates and really bad customer service.

Risks of digital signatures

<Ron Garret <>>
Thu, 15 Jan 2009 11:51:32 -0800

Last year I started a small investment fund.  Earlier today I sent out an
e-mail to a mailing list for all the investors reminding everyone to send me
their SSN or Tax ID number, which I needed in order to complete the tax
filings for the fund.  The investors are mostly tech- savvy people who are
better educated about computer risks than most, and I am a long-time RISKS
reader.  So in order to insure that no one thought this was a phishing
expedition, I signed the message with my PEM key.

I then went to run some errands.  When I returned there was a message in my
inbox from one of the investors saying, "Would you please delete the message
with my SSN in it from the mailing list archives?"  Apparently he saw my
digital signature and thought that meant he didn't have to worry about
security any more, so he just hit "reply" on his mail client and typed in
his SSN — which was of course sent out to the entire mailing list.

When I went to delete the message in question I found that it had spawned a
rather extensive discussion thread about the risks of blindly hitting the
"reply" button and what could be done to mitigate them.  Every message in
the thread contained a copy of the previous message.  I did eventually
manage to delete them all from the archives, but there are now dozens of
copies of this poor man's SSN sitting in various people's mail boxes, e-mail
logs, etc. etc. which are of course out of my (and his) control.

Update: N.J. officials order paper trail upgrades to voting machines

<danny burstein <>>
Thu, 8 Jan 2009 21:25:16 -0500 (EST)

A bit late in the game, but a welcome move — "Electronic voting
machines used in 18 New Jersey counties will be refitted with attachments to
provide a paper trail that could be used for potential recounts, Secretary
of State Nina Mitchell Wells has decided.  Wells made her decision Monday,
accepting the recommendation of a special voting machine examination
committee, and making a change sought by activists who contended that
electronic voting machines are vulnerable to hackers. ...


Teenagers' Internet Socializing Not a Bad Thing

<Monty Solomon <>>
Sun, 11 Jan 2009 00:38:11 -0500

[Source: Tamar Lewin, *The New York Times*, 20 Nov 2008]

Good news for worried parents: All those hours their teenagers spend
socializing on the Internet are not a bad thing, according to a new study by
the MacArthur Foundation.

"It may look as though kids are wasting a lot of time hanging out with new
media, whether it's on MySpace or sending instant messages," said Mizuko
Ito, lead researcher on the study, "Living and Learning With New Media."
"But their participation is giving them the technological skills and
literacy they need to succeed in the contemporary world. They're learning
how to get along with others, how to manage a public identity, how to create
a home page."

The study, conducted from 2005 to last summer, describes new-media usage but
does not measure its effects. ...

SecAppDev 2009

<"Johan Peeters" <>>
Sun, 4 Jan 2009 14:51:45 +0100 is excited to announce SecAppDev 2009, an intensive one-week
course in secure application development. is a non-profit
organization dedicated to improving security awareness and skills in the
developer community. The course is a joint project with K.U. Leuven and
Solvay Brussels School of Economics and Management.

SecAppDev 2009 follows the widely acclaimed courses in 2005, 2006, 2007 and
2008, attended by an international audience from a broad range of industries
including financial services, telecom, consumer electronics and media. In
order to offer an effective learning environment, we limit the number of
participants. This allows for optimal interaction between participants and

The course is taught by leading experts including

- Dr. Gary McGraw, the Cigital CTO, inspired speaker and prolific author.
- Prof. Dr. Daniel Bernstein whose Internet applications have
  impeccable security credentials.
- Prof. dr. ir. Bart Preneel who heads COSIC, the renowned crypto lab.
- Ken van Wyk, well-known author and lecturer as well as the moderator
  of the SC-L.

The course takes place from March 2nd to March 6th in the Groot Begijnhof in
Leuven, Belgium, a UNESCO World Heritage site.

Registration is on a first-come, first-served basis. Early Bird registration
offers a 25% discount on the course fee and ends on January 15th. Public
servants can attend the course at a 50% discount.

  [Sorry not to get to this issue of RISKS until the day after the
  Early-Bird deadline.  If you apply after seeing this message here, tell
  them you saw it in the 16 Jan RISKS, and maybe they can give you a break.
  Johan, Please give them a break!  Dank U wel.  PGN]

More information on the web site,

Wishing you a safe, happy and secure 2009,

Johan Peeters, Program Director,

REVIEW: "Intellectual Property and Open Source", Van Lindberg

<Rob Slade <>>
Mon, 5 Jan 2009 10:22:01 -0800

BKIPOPSO.RVW   20081128

"Intellectual Property and Open Source", Van Lindberg, 2008,
978-0-596-51796-0, U$34.99/C$34.99
%A   Van Lindberg
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-0-596-51796-0 0-596-51796-3
%I   O'Reilly & Associates, Inc.
%O   U$34.99/C$34.99 800-998-9938 707-829-0515
%O   Audience i Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   371 p.
%T   "Intellectual Property and Open Source"

The preface states that this book provides documentation for the legal
system, obviously intending that it be addressed to a technical
audience, explaining to them what the legal operations are (as related
to intellectual property, or IP).

Chapter one outlines the legal categories of IP (patent, copyright,
trademark, and trade secret), as well as reviewing general economic theory,
and the philosophy of knowledge as a type of material "good."  Patent
documents are explained, in chapter two, in terms of file formats.  The
important concepts of invention (as claim) versus embodiment, conception
versus reduction to practice, and first to file as opposed to first to
invent are also defined.  What is, and isn't, patentable is covered in
chapter three.  The details, requirements, and limits of copyright are in
chapter four.  Chapter five points out that trademark has value not only for
the company, but also for the customer.  The discussion of trade secret, in
chapter six, notes the factors involved in the utility of a trade secret.
This chapter also examines some issues of open source software for the first
time, since the preceding material is fairly generic.

Chapter seven looks at contracts and licences, a number of issues of
which are important to open source.  Using an interesting (and useful)
analogy of the difference between banks and credit unions, chapter
eight notes the economic and legal basis for open source software, and
why (and where) it works.  (The licencing discussion is also extended
here.)  The factors involved in ownership of intellectual property
(whether on the part of the individual, company, or work-for-hire) are
examined in chapter nine.  Chapter ten notes terms, and provides
examples, of open source licences.  Some very interesting implications
of accepting code patches are noted in chapter eleven.  Chapter twelve
extends chapter ten's content, specific to the General Public License
(GPL).  Chapter thirteen briefly looks at the process of reverse
engineering, but is primarily concerned with the legality of the
operation.  The establishment of non-profit organizations, and
particularly in relation to the benefit for open source projects, is
outlined in chapter fourteen.

Appendices provide various samples of legal documents.

The writing is articulate, and the material reasonably comprehensive.  The
organization leaves a little bit to be desired.  The book is almost two
books; one on IP and one on open source; and it's not clear why chapters
seven, ten, and twelve are distinct (and separated).  However, this is a
valuable guide for anyone in the technical world who wishes to know about
legal issues of intellectual property, and particularly for anyone in, or
contemplating, an open source project.

copyright Robert M. Slade, 2008   BKIPOPSO.RVW   20081128

Please report problems with the web pages to the maintainer