Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Reported in *The Week* magazine 27 Feb 2009 and its website: Two satellites have collided in orbit, destroying both, creating two large clouds of debris: an old Russian Cosmos satellite and an Iridium satellite (one of a fleet of communication satellites launched by Motorola in the late 90s and early 2000s). Nicholas Johnson of NASA said "This is the first time we've ever had two intact spacecraft accidentally run into each other." http://www.theweek.com/article/index/93177/Iridiums_satellite_collision
Hiawatha Bray, When your files are online and you aren't, *The Boston Globe*, 19 Feb 2009 Funny thing about cloud computing - it's useless at 35,000 feet. In cloud computing, you rely on applications running on the Internet instead of on your personal machine. So rather than write a file in Microsoft Corp.'s Word or Excel, you might use Google Docs. This online suite from Google Inc. features word processor and spreadsheet programs and stores your documents in the Internet cloud. But online documents aren't much use when you're disconnected from the Internet - like when you're flying. Airline companies are beginning to deploy on-board Wi-Fi service, but it'll be a couple of years before it is generally available. And even on the ground, you can't always find an Internet connection. With earthbound copies of critical files, you can work on them as needed and upload any changes to the Net, first chance you get. And if you work on multiple computers, you can share updated files with all your other machines. If you're a Google Docs user, get a copy of Gears. This free program, available at gears.google.com, lets you download your Google-generated documents onto your computer. Work with them even when you're offline, and when you log in again, Gears uploads your modified documents to the Google Docs Internet server, so your up-to-date document is available on any Internet-connected machine. Gears isn't just for Google Docs fans; it works with other cloud computing services, including Zoho, a rival online document editing service, and Google's Gmail messaging service. You can plow through your e-mail on the plane, write up replies, then transmit them once you're back online. But Gears has its limitations. For instance, you can edit your existing Google Docs when offline, but you can't create new ones. Besides, Gears gives you no easy way to share multimedia files, like video, audio, and digital photographs. ... http://www.boston.com/business/technology/articles/2009/02/19/when_your_files_are_online_and_you_arent/
Washington State resident Juan Zamora filled his Camaro at a local Conoco station using his PayPal debit card just as he does every week. The pump registered $26, but his account was debited $81,400,836,908 instead. The cause of the error has not yet been identified. http://seattletimes.nwsource.com/html/localnews/2008790918_webbigbill27.html Peter Gregory, CISA, CISSP, DRCE | Security and Risk Manager firstname.lastname@example.org | www.peterhgregory.com | Biometrics For Dummies
<http://news.bbc.co.uk/1/hi/business/7909627.stm> UBS in $31bn bond order mistake A Japanese unit of Swiss banking group UBS has mistakenly placed an order for 3 trillion yen ($31bn) of bonds. UBS Securities Japan said the error was caused by a glitch in its computer system, and that it had asked the Tokyo Stock Exchange to cancel the order. According to reports, this request has now been granted by the stock exchange." [...] This is not the first time that a UBS unit has given the Tokyo Stock Exchange an incorrect order. In 2001, a UBS business mistakenly issued an order to sell shares in Japanese advertising firm Dentsu. USB subsequently had to buy more stock in Dentsu in order to honour the order. This and a number of incidents by other firms saw the Tokyo Stock Exchange introduce new rules in 2007 that allow the cancellation of large-scale erroneous orders. Increasingly we see new mitigations being put into place for bad outcomes from risks that ought, by right, to be mitigated at source. A little sense-checking on such trades - don't sell more than you own (or significantly more, if automated short trading is to be allowed), don't spend more than a billion Yen in a single automated transaction, that kind of thing - should not be beyond the wit of the programmers, nor the wit of the bank's risk managers.
Deerfield couple swindled $31 million from Best Buy, federal court documents say; $2.75 million used to buy the land and build their house were `the proceeds of fraud' Jeff Long, Chicago Tribune, 24 Feb 2009 http://www.chicagotribune.com/business/chi-best-buy-fraudfeb24,0,6558363.story
[From Dave Farber's IP list] I didn't realize the number of Gmail users was so large until the outage. "Google's Gmail system was down for 2.5 hours earlier this week, the sixth such outage in the past eight months. It isn=92t unusual that an e-mail system crashes, but most such occurrences are limited to one organization. When Gmail, a service Google touts to businesses as more reliable and easier to use than Microsoft Exchange and Lotus Notes/Domino, goes down, it makes headlines - as well it should. " ... Just imagine if all of the phone lines to your office failed - not today but ten years ago, when the telephone was the most important means of communication (along with fax, I should add). That's what Gmail's users were facing on Monday. The silence was deafening..." http://www.basexblog.com/2009/02/26/google-gaffe-gmail-outage-shows-pitfalls-of-online-services/ Jonathan B. Spira, CEO and Chief Analyst, Basex, Inc. 8 www.basex.com
An item in Santa Cruz Sentinel for 24 Feb 2009 tells of a power outage affecting pumps that provide water to a storage tank, causing the tank to run dry. "Power also was cut to the communication lines designed to alert the district to a problem."
Recently, I needed to access my online account with the Nationwide building society. I'd recorded my secret number in an encrypted store, but had mistyped one digit. After three attempts to log in to my account I received the message that my account was now locked and I should re-register and wait for up to 5 days for the new details to appear through the post. I called the internet helpline and they confirmed that there is nothing they can do, the system forces the lockout and indeed I had to re-register. I pointed out the potential denial of service aspects of this approach but the only response was "Why would anyone do that?"
The best encryption in the world won't help you if your passphrase sucks. Jeff - --------- Forwarded message ---------- From: Wikileaks Press Office <email@example.com> Date: Fri, Feb 27, 2009 at 08:11 Subject: [WIKILEAKS] Wikileaks cracks key NATO document on Afghan war To: firstname.lastname@example.org WIKILEAKS EDITORIAL Fri Feb 27 13:10:25 GMT 2009 "Wikileaks cracks key NATO document on Afghan war" Wikileaks has cracked the encryption a key NATO document relating to the war in Afghanistan. The document, titled "NATO in Afghanistan: Master Narrative", details the key facts and themes NATO representatives are to give--and to avoid giving--to the world press. Among the revelations, which we encourage the public to review in detail, is Jordan's presence as secret member of the US lead occupation force. The encrypted document, from October, and believed still to be current, can be found on the Pentagon Central Command website "oneteam.centcom.mil": http://oneteam.centcom.mil/isc/Shared%20Documents/NATO%20Master%20Narrative.doc The password is "progress", which perhaps reflects the Pentagon's desire to stay on-message, even to itself. Jordan is a US backed middle eastern monarchy, and historically the CIA's closest partner in its extraordinary renditions program. In Jordan, "the practice of torture is routine", according to a January 2007 report by UN special investigator for torture, Manfred Nowak. NATO spokespersons are instructed conceal the country's involvement in the ISAF coalition. Publicly, Jordan withdrew in 2001. It does not appear on the current (Feb 13, 2009) NATO list of ISAF member states: http://www.nato.int/isaf/docu/epub/pdf/isaf_placemat.pdf Some other sensitive instructions on what not to say are: * Any decision on the end date/end state will be taken by the respective national and/or Alliance political committee. Under no circumstances should the mission end-date be a topic for speculation in public by any NATO/ISAF spokespeople. * The term "compensation" is inappropriate and should not be used because it brings with it legal implications that do not apply. * Any talk of stationing or deploying Russian military assets in Afghanistan is out of the question and has never been the subject of any considerations. Only if pressed: ISAF forces are frequently fired at from inside Pakistan, very close to the border. In some cases defensive fire is required, against specific threats. Wherever possible, such fire is pre-coordinated with the Pakistani military. Altogether four classified or restricted NATO documents of interest on the Pentagon site were discovered to share the 'progress' password. Wikileaks has decrypted the documents and released them in full: * http://wikileaks.org/wiki/NATO_Media_Operations_Centre:_NATO_in_Afghanistan:_Master_Narrative%2C_6_Oct_2008 * http://wikileaks.org/wiki/ISAF_Afghanistan_Theatre_Strategic_Communications_Strategy%2C_25_Oct_2008 * http://wikileaks.org/wiki/NATO-ISAF_Afghanistan_Strategic_Communications_External_Linkages%2C_20_Oct_2008 * http://wikileaks.org/wiki/NATO-ISAF_Strategic_Communications_Ends%2C_Ways_and_Means%2C_slide%2C_20_Oct_2008
IBM does the same thing with all of its specialized kinds of computer lines ... business, scientific, mainframe, servers. There is a move afoot to merge IBM "I" business line with the "p" scientific, so soon there will be a few less types of IBM systems. Supposedly if you know about IBM's fantastic systems, you don't need to use a search engine to find out about them. But the reality is that there's lots of non-IBM companies serving the IBM market place, and it can be hard to locate them when IBM changes its product naming so often, into generic words and letters. There are conspiracy theorists that speculate IBM is killing off a line of computers deliberately. They are high performance, unhackable, have never been hit by malware, upwardly compatible, incompatible with Microsoft, so they don't have to be replaced as often. IBM would sell a lot more computers if they broke down as often as the competition. On the 400, now i5/OS, an asterisk is pervasive. names starting with asterisk are like keywords, functions, types of objects names ending with asterisk are wild cards
> I can't imagine what their marketroids were thinking. Me either, but "IBM i" and "System i" (without the quotes) return the right page as the first hit when put into Google. I can only imagine how difficult it must be for British secret agents to find Q when they need new gadgets. :-)
Re: Al Macintyre: Mmm, no, they haven't done the same with the other lines. There are four IBM hardware lines: System p — Power (AIX machines) System x — x86 (Intel) System z — mainframes i — which do indeed use Power hardware, same as System p. That's the convergence, and I've seen the speculation that IBM is trying to kill i5/OS. (I write about this stuff for trade rags, and I also just checked http://www-03.ibm.com/systems/i/, http://www-03.ibm.com/systems/p/, http://www-03.ibm.com/systems/x/, and http://www-03.ibm.com/systems/z/.) They are inconsistent, though: the i page just calls it "i", System p and System x use those names, and the mainframe page says "Mainframe" and then mentions both "System z" and "IBM z Can Do IT". But the mainframe is the world I mostly live in, and I've been assured by Poughkeepsie that "System z" is the real name; the latter usage is just shorthand. Or perhaps I misunderstood what you were saying? P.S. Mark Feit noted that "... 'IBM I' and 'System I' (without the quotes) return the right page as the first hit when put into Google." Interesting (and an improvement over a few months ago). I wonder if that took search engine placement work, or if Google is just smarter? Of course, in any OTHER case (such as searching in a document), the "i" nomenclature is still impossible to find.
IBM i. Easy to find. Typing "IBM i" into the search field in Google gives as the first hit http://www.ibm.com/systems/i/
The original name of Archy was "The Human Environment" which was officially shortened to "THE". Needless to say it wasn't searchable either . Though it appears it now would be; searching for "THE" on Google brings up theonion.com as the top hit. However, Yahoo! might be the winner in this odd contest, it brings up a the band "The The" as the second result, just after "The N Network" (which is a website for teens and has nothing to do with the pejorative term for persons of African descent).
A recent RISKS posting referred (in a throwaway aside) to "the ex-President who'd never seen a grocery store scanner." As this newsgroup is populated by rational people glad to have even trivial errors corrected, I'll note out that the story of Bush 41's supposed amazement at seeing a scanner has been pretty thoroughly debunked. Snopes has a detailed discussion: http://www.snopes.com/history/american/bushscan.asp David Guaspari, ATC-NY, 33 Thornwood Drive, Suite 500, Ithaca NY 14850 (607) 266-7114 email@example.com [Also noted by Brent Krupp. PGN]
Please report problems with the web pages to the maintainer