There's nothing here that's akin to the infamous Therac disasters where interactions of hardware and software caused unexpected results, but more examples of how wrong configurations lead to dramatic radiation overexposures. "The Times found that on 133 occasions, devices used to shape or modulate radiation beams [...] were left out, wrongly positioned or otherwise misused." But there were also software errors - crashes that lost portions of the programming for the radiation beams. "as [the medical physicist] was trying to save her work, the computer began seizing up, displaying an error message. The hospital would later say that similar system crashes 'are not uncommon with the Varian software, and these issues have been communicated to Varian on numerous occasions.' [...] At 12:57 p.m. -- six minutes after yet another computer crash -- the first of several radioactive beams was turned on." In another case, "One therapist mistakenly programmed the computer for 'wedge out' rather than 'wedge in,' as the plan required. Another therapist failed to catch the error. And the physics staff repeatedly failed to notice it during their weekly checks of treatment records. Even worse, therapists failed to notice that during treatment, their computer screen clearly showed that the wedge was missing. Only weeks earlier, state health officials had sent a notice, reminding hospitals that therapists 'must closely monitor' their computer screens." The problem was lack of fail-safe processes. "The software required that three essential programming instructions be saved in sequence: first, the quantity or dose of radiation in the beam; then a digital image of the treatment area; and finally, instructions that guide the multileaf collimator. When the computer kept crashing, [...] the medical physicist, did not realize that her instructions for the collimator had not been saved, state records show. She proceeded as though the problem had been fixed. " It's a pretty frightening article. http://www.nytimes.com/2010/01/24/health/24radiation.html?hp [The article spans the middle of the front page and three inside pages. It's well worth reading in its entirety. I also received comments on this from Jared Gottlieb, Harry Hochheiser, Matthew Kruk, Nancy Leveson, Martyn Thomas, and others. See recent harbingers (RISKS-25.81,82) of the current round of events, as well as the earlier items on the Therac-25 problems (RISKS-8.5, 12.50, 14.04). PGN]
http://www.airportbusiness.com/online/article.jsp?siteSection=1&id=33648 Air-traffic control glitch due to the installation of new software Air-traffic control software problem (airplane positions could not be identified in a timely manner) caused the disruption of air flights in Japan on 14 Jan 2010. This happened after the installation of new software that consolidated the air-traffic control operations of two large and busy airports, Haneda and Narita. The program controls the radar screen displays for the controllers. Due to a software problem, the display on the screen got sluggish to the point that the operators switched to a backup system and operators diverted to traffic to other airports and such. On 15 Jan 2010, the official announcement was made by the Ministry of Land, Transport, Infrastructure and Tourism that the climate information, especially bad weather, was mistakenly fed to the module of the control program that display the positions of airplanes in this new software setup. This caused overload of processing, and thus the failure to keep track of the airplanes timely. This incorporation of the bad weather is a new feature according to the short announcement made by the minister in charge. Usual risk. But I really wonder why this was not caught in advance testing. The unwanted climate data by the position display module was silently thrown away without no logging? If the bad weather was properly reflected on the screen by the feed to the proper module (assuming the testing was done for the display of bad weather condition on radar), then the data was duplicated by mistake and fed to the airplane position display module, also? Why and how? Inquiring minds want to know more. I really wish that there is a public database of software bugs that caused social glitches like this one and that record details for posterity for the benefit of future programmers, etc. I suspect such a database will be a loath to parties in the legal tangling as the result of such bugs, but the society needs such a database, I think. We need better foundation and not try to build sand castles from scratch again and again with similar mistakes in the foundation. (This incident has nothing to do with the bankruptcy filing of Japan Air Lines recently.)
NASA EXTENDS THE WORLD WIDE WEB OUT INTO SPACE Astronauts aboard the International Space Station received a special software upgrade this week - personal access to the Internet and the World Wide Web via the ultimate wireless connection. Expedition 22 Flight Engineer T.J. Creamer made first use of the new system [on 22 Jan 2010], when he posted the first unassisted update to his Twitter account, @Astro_TJ, from the space station. Previous tweets from space had to be e-mailed to the ground where support personnel posted them to the astronaut's Twitter account. "Hello Twitterverse! We r now LIVE tweeting from the International Space Station -- the 1st live tweet from Space! :) More soon, send your ?s" This personal Web access, called the Crew Support LAN, takes advantage of existing communication links to and from the station and gives astronauts the ability to browse and use the Web. The system will provide astronauts with direct private communications to enhance their quality of life during long-duration missions by helping to ease the isolation associated with life in a closed environment. During periods when the station is actively communicating with the ground using high-speed Ku-band communications, the crew will have remote access to the Internet via a ground computer. The crew will view the desktop of the ground computer using an onboard laptop and interact remotely with their keyboard touchpad. Astronauts will be subject to the same computer use guidelines as government employees on Earth. In addition to this new capability, the crew will continue to have official e-mail, Internet Protocol telephone and limited videoconferencing capabilities. To follow Twitter updates from Creamer and two of his crewmates, ISS Commander Jeff Williams and Soichi Noguchi, visit: http://twitter.com/NASA_Astronauts For more information about the space station, visit: http://www.nasa.gov/station Archives: https://www.listbox.com/member/archive/247/=now [Well, that may be just a little more secure than an early desire for the space station that I heard when I visited Johnson Space Center long ago, which was that researchers should be able to uplink over the Internet to the Space Station control computer and monitor and guide their own experiments in real time. PGN]
The timestamp on SMS messages (known as TP-SCTS) stores the year in two nibbles in a binary-coded decimal representation with the nibbles swapped. Aside from the known risks of using a two-digit year, this is about as bad a representation as can be imagined. 2009 is represented as 1001 0000 in BCD swapped-nibble (i.e., as 09, decimal). 2010 (decimal) is represented as 0000 0001. A number of telephone SMS programs, generally those that don't inherit a code-base from pre-Y2K systems, have misread the spec, and are interpreting it as swapped-nibble binary, rather than BCD, so are interpreting 0000 0001 as 00010000, i.e., as 0x10 or 16 instead of 10. This is why some phones (notably Windows Mobiles) are displaying text messages as having been sent in 2016, rather than 2010. It's worthy of note that these systems would not have worked correctly in 1999 either - they would have interpreted 0x99 as 153 (decimal) - and may have displayed either 19153 or 2053. In the specific case of Windows Mobile, the text message database stores two dates, the TP-SCTS date and an internal datestamp applied to the text when received by the phone. There is a setting in the firmware that allows the internal datestamp to be shown in preference to the TP-SCTS date, so some phones are showing the correct information and some are not. This setting is set by the firmware programmer, normally being either the manufacturer or the network operator. RISKS: Date code written after 2000 may display Y2K-like bugs, by making assumptions that all dates are post-2000. Programs installed in firmware are much more difficult to correct for bugs, so code quality for firmware is much more important. Systems are frequently coded to a small set of sample data, rather than to the actual specification. Checking against the specification rather than unit testing with sample data is harder, but may be necessary, especially for systems that are difficult to correct. Richard Gadsden email@example.com [The authors of the post-Y2K phone software have obviously never heard The Ring of the Nibble-Young-un (Wagner). It's worthy of a Ring-Tone-Poem (Strauss). PGN]
Interesting article in The Register about a full body scanner demo on German live TV demo. You guessed: it would not be news unless the thing had failed to detect some Very Bad Stuff. You may want to watch the video, it's in German but I think you will be able to see that the key message is that the man scanned was carrying more than what he originally mentioned: http://www.theregister.co.uk/2010/01/24/body_scanner_fail/ Keep watching - he will use the stuff that wasn't picked up, just to prove the point (notice that he almost ruins a camera when he stirs the remains). I hope these scanners won't lure security staff into a false sense of security, and wonder how the use of these expensive devices will pan out in real life use. We'll soon see. Speaking of pan - no idea of correlation between frying pan material and what is used for a plane hull..
Corporate espionage in the news, and not just because of Google: Hilton and the Oil industry. Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. US oil industry hit by cyberattacks: Was China involved? http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved "At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage." Starwood Charges That Top Hilton Execs Abetted Espionage http://www.meetings-conventions.com/article_ektid31918.aspx "Starwood's claim points to a "mountain of undisputed evidence," including e-mails among Hilton senior management, that Klein and Lalvani worked with others within Starwood to steal sensitive documents by sending them via personal e-mail accounts, among other methods, and that such information was shared and used by all of Hilton's luxury and lifestyle brands, as well as in the development of Hilton's now-shelved Denizen brand. In the new filing, Starwood says, "This case is extraordinary, and presents the clearest imaginable case of corporate espionage, theft of trade secrets, unfair competition and computer fraud...Hilton's conduct is outrageous."" As to whether China is involved, maybe. But the automatic blaming has got to stop. Many other countries have been known to be conducting corporate espionage, such as France, and as the second story above shows, so do corporations themselves. [ Source on naming France: http://samvak.tripod.com/pp144.html ] But.. here are a few questions: - My dog barked, was China involved? - The traffic light turned red, was China involved? - I am tired. Is China involved?
Seen in a forum on LoveMoney.com: "There is a new scam today offering cheap goods from China. They probably don't exist and they have hacked accounts, it appears they are in the MSN database. Anyone with hotmail or live.com accounts should change their passwords. This may be in the wrong thread. We are trying to figure out what they are doing. It looks like a major operation hacking from China." Is the risk believing that there is a risk here, or is there more of a risk in ignoring it? Hmm ... but the Chinese do seem to be gaining a reputation for hacking.
Google has uncovered a "highly sophisticated and targeted attack" coming from China on its infrastructure that resulted in some of its intellectual property being stolen. The cited article suggests that at least 20 technology companies were similarly targeted (and more than 30, according to other reports). http://www.computerworld.com/s/article/9145679/ In addition, *The Jewish Chronicle* website (thejc.com) was recently defaced. http://www.theregister.co.uk/2010/01/18/jc_defaced/ See also John Markoff, David E. Sanger, Thom Shanker, "In Digital Combat, U.S. Finds No Easy Deterrent, *The New York Times*, 26 Jan 2010, A1/A6 today's National Edition.
Tangentially to recent thread in alt.usage.english, Cheryl Perkins made a comment about how programmers dealing with addresses "don't like apostrophes" and "don't allow for their existence". John Varela then wrote this (quoted by permission) about his TomTom One 130: | I ran into that today when I wanted the GPS to take me to a store | called "Lowe's". There's no way to enter an apostrophe on the GPS. | A search for "Lowe" found nothing and a search for "Lowes" found a | store called "Lowest Price something-or-other". I had to find the | place on my own. Doing so gave me a real feeling of independence | and of superiority to technology. Mark Brader, Toronto, firstname.lastname@example.org | "Fast, cheap, good: choose any two." [Lowe'stcommon denominator? PGN]
``Researchers have now come up with a system that deciphers the templates a botnet is using to create spam. These templates are then used to teach spam filters what to look for.'' [Maybe "effectively perfect" against that specific type of attack *at this point in the development of spam*. Just ask Darwin.] http://bit.ly/7GwsVx (New Scientist) [From the Network Neutrality Squad, http://www.nnsquad.org]
The U.S. Coast Guard has announced that it will begin turning off the Loran-C navigation system on February 8, 2010, with a full decommissioning by October 1, 2010: http://www.access.gpo.gov/su_docs/fedreg/a100107c.html#Coast%20Guard http://yro.slashdot.org/article.pl?sid=10/01/12/223241 While some people have said that GPS has made it redundant, critics of the decision have said that having redundancy / backups is entirely the point. The "Federal Register" statement implies that this concern is not very pressing: > The Loran-C system was not established as, nor was it intended to be, a > viable systemic backup for GPS. Backups to GPS for safety-of-life > navigation applications, or other critical applications, can be other > radio-navigation systems, or operational procedures, or a combination of > these systems and procedures. Backups to GPS for timing applications can > be a highly accurate crystal oscillator or atomic clock and a > communications link to a timing source that is traceable to Coordinated > Universal Time. http://edocket.access.gpo.gov/2010/2010-83.htm Not sure what these other navigation systems would be (e.g., WAAS "augments" GPS, not replaces it). For time a least, WWVB is available in large portion of the continental U.S. http://en.wikipedia.org/wiki/Wide_Area_Augmentation_System Other countries have their own LORAN towers, and it remains to be seen how this will affect them: http://en.wikipedia.org/wiki/LORAN
Fidelity.com is where I keep my retirement millions. A few days after a cordial address update I double checked to find it had become a mangled DONGSHI 42351 PROV-INCE OF CHI TAIWAN behind both my and staff's backs. In order to please neighboring China, their run a batch job that alters all Taiwan addresses. It then took much staff effort whack mine back into shape. Jackson.com is where I keep my other millions. Foreign customers have a pseudo-state of "OT" appended to their addresses. It used to be "OC" but that probably landed mail into an even darker hole at the post office.
Ah, the amazing ability of http://maps.google.com/ to pinpoint anything one tosses into its search box. Let's just change this search string from house number 21, to e.g., 22: http://maps.google.com/maps?f=q&hl=en&q=21+DaGuan+RD+%E5%A4%A7%E8%A7%80%E8%B7%AF21%E8%99%9F%2C+Taichung%2C+Taiwan http://maps.google.com/maps?f=q&hl=en&q=22+DaGuan+RD+%E5%A4%A7%E8%A7%80%E8%B7%AF22%E8%99%9F%2C+Taichung%2C+Taiwan Whammo... for #21 all along Google was merely matching a text string attached to a story associated with a point in their database. For #22 etc. Google Maps says "We could not understand the location." If one has a Facebook account, here I am telling the business owner their new address finds a point (stuck to their old address (mentioning their new address.)) http://www.facebook.com/permalink.php?story_fbid=253295461155&id=12619981155 Me? I'm at http://maps.google.com/maps?ll=24.181699,120.866261. No text strings to get hijacked by pagerank.
My son and I have something in common: We love the online game Warcraft. We are separated by a continent as he lives with his mother, but we still meet online through this game. For those who are not familiar, it consists of a 5GB game download, followed by numerous similarly-sized updates, and finally being able to play (and pay monthly) online. We recently attempted to upgrade our gaming accounts to their new "Wrath of Leech King" expansion - it was suppose to be a Christmas present for him. So I entered their web site, gave my credit card details, clicked upgrade. It promptly said congratulations, and that the account was upgraded. A day later, we got another e-mail saying that the purchase was "undone" and the game upgrade was rolled back. No details were given, but we were given a hint that we should phone them. That simple task of phoning them took three days of non-stop phoning from overseas: Their UK help desk was so swamped/understaffed that I could not get in their waiting queue. When I did, I was dropped off after waiting 9 minutes on the phone. It eventually turned out that my security-conscious son had not entered his correct name and address when signing up to the service some years back, and apparently only during the upgrade that Blizzard bothers to check these things. After a successful phone call to their help desk, we were sent a questionnaire to fill out to correct the details. However, even after the details were entered into their system, we were STILL denied the upgrade. Reason? As far as I can tell, it was their security system again: It will not let you "upgrade" twice from the same IP address! Since according to their records, we had one "successfully" upgraded, we were now denied an upgrade! After numerous fruitless e-mails, I finally re-re-re-did the registration from a work computer, and it went through, and it became a late new year present for my son instead. Moral of the story: 1) You must reveal your complete identity if you want to play games, 2) Your request must not look like it's coming from a sweatshop in China. And you thought playing online games was all fun and games? Turgut Kalfaoglu, Msc. Computer Engineering, Izmir Institute of Technology
A number of municipal cinemas in larger Norwegian cities have a common fidelity program called Kinosonen ("the cinema zone"). Amongst other benefits, members get a card they can use to prepay tickets (at a discount, of course). A few days ago, two e-mails were sent out to program members. The first e-mail enjoined all members to change their PIN as quickly as possible "for security reasons". All well and good. The second... The second said, loosely translated: We have been notified of a flaw in our procedures, and have asked all our members to change their PIN. Several members have been issued the same PIN for their membership cards. As many as 1200 cards may be affected. This only applies to cards issued after 2007-11-25. We are in the process of changing the PIN for those 1200 members. You will receive a new PIN by e-mail. So... am I to conclude that the security of their system depends on each member's PIN being unique? The mind boggles. If so, why do they ask members to select their own PIN? What happens if a member selects a PIN that is already in use - does she get a message to that effect? So now she knows that somebody else uses that PIN, can she take advantage of that knowledge? If not, why are duplicate PINs a problem in the first place? I'm not sure how long the PIN is, by the way, but my guess is four or five digits. The total population of these cities and their suburbs is around two million people. Even with conservative estimates of their membership base, latecomers are going to have a hell of a time trying to find an unused PIN. Even with six digits, the odds are that a lot of people are going to use either their birth date or the last six digits of their 12-digit card number...
It seems foreseeable that someday a mass cutoff of botnet infected computers will trigger some kind of disastrous side effect. Of course, mission critical or life critical applications should never be allowed to exists on unprotected net connected computers, especially those infected by malware. Nevertheless, it would be foolish to presume that nobody else is ever foolish. Here's the risk. We may know that a mass collection of computers are hosting malware, but we have no way of knowing what good and vital services they may also be providing. Is it not true therefore, that any action to remotely cut off a class of nodes is somewhat reckless by nature. [Old whine in new bot-tles? PGN]
We have a special issue on Security in Cloud Computing scheduled for publication in Nov/Dec 2010. The final date for submissions is approaching (5 Mar 2010). and The Call for Papers is here: http://www.computer.org/portal/web/computingnow/spcfp6
Please report problems with the web pages to the maintainer