The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 2

Monday 14 January 2008


Coffee Grounds Qantas
Charles Wood
Computer problem suspected in erratic Airbus flight
Metal structure beneath runway affects aircraft instruments
David Dixon
Polish teenager uses city trams as train set
Peter Houppermans
Novel approach to reducing electoral fraud
Peter Mellor
Risks of believing a GPS system
Paul Karger
GPS in a tea shop anecdote
Mark Brader
More GPS mishaps
Paul Saffo
Nightmare on VoIP Street
Ed Ravin
A risk of static analysis tools—and refereeing
Peter Gutmann
Bank gives money to fraudster posing as its chairman
David Dixon
REVIEW: "Managing Knowledge Security", Kevin C. Desouza
Rob Slade
Info on RISKS (comp.risks)

Coffee Grounds Qantas

"Charles Wood" <>
Fri, 11 Jan 2008 18:39:51 +0900
Qantas Flight QF2 from London To Sydney via BKK (Bangkok) (a Boeing 747-400)
suffered a total AC electrical loss 15 minutes before landing at BKK on 8
January 2008.  The effect of the AC loss was that all AC powered equipment
in the aircraft stopped working and the crew was forced to revert to standby
battery power for instrumentation. A number of electrically controlled
sub-systems were disabled. Some passenger cabin services were re/started
including emergency lighting.  The crew landed successfully at BKK but with
reduced functionality. Power was available only to the Captains PFD, ND and
standby Attitude indicator.  They also had to contend with alt gear/flap
extension, no anti-skid, no autobrakes, and no thrust reverser.

Inspection of the aircraft showed that water from the first class galley had
overflowed down onto the sub-floor E racks which contained the GCU's
(controllers for engine generators) and BPCU (backup PCU) All controllers
were disabled resulting in total loss of AC power. The remaining power
source was the inverter that generated power from the backup battery.
Luckily his was out of reach of the flood so kept working.

Extrapolation of this event to long-haul flights over sea would have seen
loss of all navigation aids and communications, and reliance of the crew on
basic aids - if available - such as magnetic compass and sight of stars or

The incident cause was most probably a combination of factors and events
that finally resulted in a major problem.

1. The fiberglass drip shield above the E rack had a crack that allowed
   water to drip through.
2. The last C check at Avalon depot did not discover and remedy the crack.
  (QF maintenance as opposed to outsourced).
   NB. As of 11 January ABC Radio News disclosed that six other QF x --
   747's were found to have cracked drip trays.
3. Flooding of the first class cabin from the galley is a regular
   occurrence, usually from ice trays but also from blocked drains.
4. When the galley floods the water goes down onto the equipment bay
   directly below.
5. The galley drains in first class on OJM at BKK were blocked by coffee
6. Qantas has changed from 'pillow' style coffee bags to ground coffee
   machines - based on cost saving. This results in the possibility of coffee
   grounds being dumped in the galley sinks.
7. First class in Qantas has a cappuccino machine (also producing coffee

When you look at it, there are a number of problems that in their own right
are perhaps acceptable but in conjunction are a major problem.

- Fundamentally the overflow system for the galley should have been forced
  to flow to non critical areas.
- The rack drip tray should have been sound and if not the inspection should
  have picked that up and remedied it.
- The drainage system in the galley should have been immune to blockage.
- The cabin staff should have been trained to avoid provoking blockages in
  the drain system.
- Qantas should have avoided operational changes (coffee system) that would
  enable cabin staff to block the drain system.

As a final note. If Seven QF 744 aircraft have cracked drip trays, how many
aircraft with other operators have the same problem?

Computer problem suspected in erratic Airbus flight

Fri, 11 Jan 2008 00:54:26 +0000
An Air Canada flight that rolled suddenly from side to side then plunged in
the air may have suffered technical problems, according to passengers
interviewed after the plane was diverted to Calgary.  ... there had been a
computer failure and that they were flying the plane manually ..

Antonomasia ant See

Metal structure beneath runway affects aircraft instruments

"David Dixon" <>
Thu, 10 Jan 2008 17:44:40 +0000
London City Airport has warned pilots their instruments may be affected by
magnetic interference from metal structures found below the runway.

A report was carried out after an aeroplane was forced to turn back when its
autopilot system failed.

Railway lines, and other metal structures left from the days when the
airport was a dock, were found to be causing "significant interference".

A spokeswoman said action would be carried out "wherever necessary".

An investigation was launched by the Air Accident Investigation Branch
(AAIB) after a jet was unable to follow a standard departure route, because
of an autopilot problem, after taking off on 31 October 2006.

Polish teenager uses city trams as train set

Peter Houppermans <>
Fri, 11 Jan 2008 16:32:20 +0100
Here is an item that almost defies belief:

  A Polish 14-year-old boy allegedly turned the tram system in the city of
  Lodz into his own personal train set, triggering chaos and derailing four
  vehicles in the process.  Twelve people were injured in one of the
  incidents.  He modified a TV remote control so that it could be used to
  change track points.  Four trams were derailed, and others had to make
  emergency stops that left passengers hurt.  [Source: *The Register*
  (; PGN-ed]

My observation is that whoever designed those weakly protected remote
control capabilities must not have thought about the consequences either --
and that was supposedly a paid adult.

Peter Houppermans, Houppermans GmbH, Zurich, Switzerland

[Also noted by Michael Hogsett, and by Mike Radow, who commented: "Given the
idiocy of such an unprotected system, any comment would be superfluous." PGN]

Novel approach to reducing electoral fraud

Wed, 9 Jan 2008 15:10:54 EST
*The New York Times*, 7 Jan 2008

The idea, proposed by Ronald L. Rivest of MIT and Warren D. Smith, is that
votes are cast on paper and tallied by scanner or by hand.  After casting
their vote, each voter is given a photocopy of a randomly selected ballot
**cast by another voter**.  (A serial number, but no name, is on each

At the end of the day, all votes cast are entered on a web site.  The holder
of each copy connects to the site and confirms that the ballot whose copy
they hold is present and correct, or not.  The theory is that, even with a
low proportion of web confirmations, any electoral malpractice will be
revealed with a high degree of confidence, and that the knowledge that the
scheme is in force will, in any case, deter any attempt to rig the ballot.

Comments on the article put forward most of the obvious objections, which
are answered by the author or by Smith.  There are links to the papers in
which Rivest and Smith describe their method in detail.

Peter Mellor  +44 (0)20 8459 7669

Risks of believing a GPS system

Paul Karger <>
Tue, 08 Jan 2008 09:35:59 -0500
A driver of a rental car turned right when the GPS unit said to turn right.
Unfortunately, he turned onto the Metro North Harlem line railroad tracks in
Westchester County, NY, instead of proceeding another 20 feet or so to turn
onto the Saw Mill River Parkway.  The car became stuck on the tracks, and
was hit by a northbound train a short time later.  No one was injured, as
the driver had run down the tracks to try to warn the train to stop, but the
train could not stop in time.  About 500 passengers were stranded for 2
hours, and train service from Grand Central Terminal was delayed for several
hours, while they repaired damage to the electrified third rail.

The driver was from California and not familiar with the local roads, but
the railroad crossing was very well marked and had crossing gates, which
were up at the time (as the train didn't arrive until somewhat after the
driver got stuck).

I've been through this crossing many times, and my impression is it is quite
confusing to people exiting from the Saw Mill Parkway, but that for people
ENTERING the Parkway, as this person was doing, the tracks are pretty

Full details here:
and here:

  [Also noted by Edward Rice.  Led astray by "GI Jane", the man is (or was)
  a computer consultant!  PGN]

GPS in a tea shop anecdote

Mark Brader
Thu, 20 Dec 2007 04:59:10 -0500 (EST)
* From: "Richard Chambers" <>
* Newsgroups: alt.usage.english
* Subject: Re: Fings we was lernt rong in skool (Was Basrawis n all that cop)
* Message-ID: <eScaj.10711$>
* Date: Wed, 19 Dec 2007 17:51:06 GMT

Philip Eden wrote

>>> Learning where places are in Geography.
>> Quaintly out of date?  Has King's Lynn become Peterborough, and
>> Peterborough Aberdeen, in the last x years?
> I see the opposite effect. I had lunch with the head of school (of
> geography) at my old university (Brummagem) last year, and she
> was bemoaning the lack of interest most of her charges have in
> maps when they come up, and how difficult it now is to enthuse
> them when they are there. Maps, of course, are no longer called
> maps; they are now GIS (geographical information systems).
> We were both thoroughly sniffy about satnav: "I don't need satnav;
> I'm a geography graduate." Sad to say that sentiment doesn't apply
> to many (most?) recent geography graduates.

I have much the same feeling. I love maps, especially the new Ordnance
Survey 2.5 inch = 1 mile series. Living in Leeds, we have the Dales, North
York Moors, Peak District, Forest of Bowland, Yorkshire Wolds, Howardian
Hills, and the Lake District, all within easy driving distance. To my wife's
despair, I keep on buying Ordnance Survey maps for all these areas, but my
collection is now nearing completion. GPS does not tell you where the good
walks are. You need to be able to interpret the Ordnance Survey map if you
want to plan a good walk for yourself. Furthermore, you need to know how to
specify a Grid Reference point if you are going to use GPS to its full
potential. I enjoy the mental challenge of finding my way by use of a map.
GPS would rob me of that simple pleasure.

The following little story might be (i.e., probably is) an urban legend. My
wife has a friend, who has a friend, who bought a GPS system for his car,
and used it to go somewhere in Gloucestershire. On the way, he stopped off
in Bourton on the Water for a cup of tea. Because GPS systems are worth
quite a lot of money, and are easily removed, they are a sure reason for
having your car broken into if you leave them on display. So, exactly as
advised, he removed it, put it in his pocket, and started walking from the
car park to find a tea shop. As he was walking towards the centre of the
town, he suddenly heard a now-familiar voice saying "Turn left after 30
metres". He couldn't turn it off, so he just ignored it. "You've missed the
turn". Then later: "Turn back, you must turn back". This instruction became
annoyingly insistent. Eventually, he managed to turn it off, or at least, he
thought he had. He went into a tea shop and ordered a pot of tea and some
scones. "Turn back, you must turn round, then turn right after 100 metres".
>From time to time, the other customers in the tea shop were treated to
further rather insistent directions while he drank his tea and ate his

More GPS mishaps

Paul Saffo <>
Thu, 10 Jan 2008 08:23:52 -0800
Not a new story, but a very nice writeup about the problem in the UK with
GPS systems not knowing the appropriateness of roads for large trucks.

Mark Rice-Oxley, *The Christian Science Monitor*, 10 Jan 2008

Satellite navigation systems send trucks down the wrong routes in Britain

Drivers end up rolling through towns on roads meant for a horse and
cart.  Can people please stop running into Ena Wickens's roof?

Mereworth, England

With its winding country lanes and parish church, its 18th-century cottages
and sleepy allotments, life is gentle and agreeable in this bucolic
southeast English village. Or at least it was until the truck drivers
started coming through.

First there was the Slovenian driver en route to Wales with a load of paper
who took an improbable detour and ended up wedging his juggernaut into a
tiny lane. It was stuck for two days.

Then there were the 10-wheelers that wheezed their way up Butcher's Lane, a
thin ribbon of a road constructed with horse and cart in mind. One made a
mess of the roof on Ena Wickens's cottage, which lies flush to the lane. No
sooner had it been repaired than another truck snorted its way up the
roadway and crumpled part of the roof again.

"It's such a worry," says Ms. Wickens as she putters around the garden
behind her cozy Jane Austen cottage. "This last time, it was lucky I was in,
otherwise he would just have driven off. There is a sign at the bottom of
the road saying 'Unsuitable for large vehicles,' but still they come."

Why, exactly, do they come? The answer is to be found in the satellite
navigation kits (satnav for short) that are handy for getting motorists from
one location to another, but not always judicious in selecting the most
appropriate routes.

Legendary examples already exist of satnav equipment leading gullible
drivers astray. There have been cars driving into streams, a woman who was
directed the wrong way up a freeway, and even an ambulance crew that was
diverted 200 miles by mistake.

There was the bus party looking forward to a day trip to Lille in northern
France that was spirited off to the less fabulous Lille, Belgium, 100 miles
away by mistake.

In Britain, satnav technology is generating a second, related problem of
trucks plowing unwittingly into country lanes unsuitable for anything larger
than small passenger vehicles.

One driver, for instance, stranded his 50 foot-wagon up a lane for three
days in Ivybridge, southwest England, until a tractor could be found to tow
it out. Another driver wedged a tractor-trailer on a bridge in the same part
of the country that was finally released by cutting down hedges and
trees. And then there was the coach operator who became stuck on a small
roadway—only to escape by driving through nearby fields.

Satellite navigation has turned one country lane in Wales into a virtual
gill net, ensnaring almost every truck that comes along: One could only be
set free recently by knocking down a stone wall. And last month, a
Lithuanian lorry driver was stuck for four days after his vehicle became
wedged on a rural roadway more suitable for sheep than trucks.

Mereworth's unwanted encounter with modern navigation stems in part from an
accident of geography. The hamlet lies close to a main freeway that runs
from the port of Dover north to London and main transit routes to northern

Situated in Kent =96 the "garden of England" =96 Mereworth is a quaint mix
of ancient and modern, an 18th-century church and castle and red-brick
cottages alongside more modern detached homes. Tiny lanes thread their way
improbably through hop fields and dwellings with no sidewalks. Most truckers
barreling up the nearby freeway would probably have deep reservations about
a set of directions that steered them into the village's serpentine
streets. But not everyone is familiar with the back roads of Britain, nor
always puts the right display screen on their dashboard.

"A lot of continental drivers are using systems which are not equipped for
heavy vehicles," says Dennis Styles of Mereworth's parish council. "The
cheaper models lead them down these narrow lanes. We have horse-and-cart
roads from the early 1900s and they are now taking these huge vehicles" down

Villages up and down the country are howling about the sudden invasion of
snorting trucks filling up tiny streets originally built for carriages. Some
have even asked to be "wiped off the map."

In Wedmore, southwest England, the council wants urgent action to refine
satnav software to make it more sensitive =96 and sensible.  "It's happening
on a daily basis," says council chairman John Sanderson. "We've had people's
properties being damaged. There are no pavements, so big vehicles have to go
close to properties. We get gridlock where police have had to come along and
sort it out. When we talk to the HGV [heavy goods vehicle] drivers from the
continent and ask them why they keep coming through, they say they have been
sent by the satnav."

Mapping companies admit the technology is still in its infancy and
acknowledge that improvements need to be made. "The road network is immense"
says a spokesman for Tele Atlas, an international digital mapping company.

"GPS navigation is still a new technology, and the road network changes
every year. So there's a constant updating process that needs to be
done. What is happening is that haulier companies are using navigation
devices that are specific to passenger cars."

Help may be at hand, though. Tele Atlas says it has launched a more
sophisticated device for hauliers that can request what vehicle is being
driven and then navigate them through the most appropriate route. The
national mapping agency, Ordnance Survey, which produces road network data
for satnav software companies, is refining its maps to show routes that big
rigs should avoid. The aim is to provide a more intelligent picture of
Britain's roads, which are used by more than 100,000 trucks a day.

"We want to get freight route maps recommended by all the local authorities
into one consistent single format, agree on it, and make it available as
part of our data," says Paul Beauchamp of Ordnance Survey.

He admits that the errant trucking problem has become worse in recent
years. "There are more HGVs on the road than ever before, and more and more
people are using satnavs," he says. "The more they are used, the higher the
number of cases becomes."

But the trucking industry is wary of efforts to "redraw" the map to keep
trucks off small roads. They warn that with the extraordinary growth in home
deliveries, triggered principally by the rise in online shopping, big
vehicles will still have to navigate small lanes.

"It's also worth saying that improved satnavs won't themselves solve all the
problems," says Geoff Dossetter of the Freight Transport Association, an
industry group that represents more than 200,000 truckers. "At the end of
the day, it still comes down to the driver—if he ignores the fact he's
driving off a cliff or into a pond, it's his own fault more than the

All of which means Ena Wickens will probably want to keep the name of
her roofer handy.

Nightmare on VoIP Street

Ed Ravin <>
Wed, 9 Jan 2008 14:50:16 -0500
A friend of mine uses Vonage for her primary phone line.  Their VoIP system
gave her a nightmarish experience during the wee hours of December 15.

The problem started around midnight - her VoIP phone rang, and caller-ID
showed it was a number local to her area, but she didn't recognize it.  She
answered, but there was no one on the line.  Her phone rang again several
minutes later - same caller-ID, again no one there.  And a few minutes
later, the phone rang again, same caller-ID, same nobody there.

Then her cell phone rang.  The cell phone's caller-ID showed the same phone
number as her VoIP phone did.  Again, the line was dead when she answered
it.  Twice more in short order, the phantom caller rang her cell phone.

Now wide awake and rather disturbed, she went to her computer to look up the
phone number of her putative persecutor.  Google helpfully provided a
reverse directory lookup - to a person with an Arabic-sounding name that she
did not recognize.  With the help of Mapquest, she found out that this
unknown person lived only a few miles from her.  Worried and feeling
vulnerable, she was unable to get to sleep, thinking that a strange person
in the neighborhood was calling both her home phone and cell phone for no
apparent reason.

At 3 in the morning, her VoIP phone rings again - this time, the caller-ID
says that her own cell phone is making the call!  But the cell phone is
turned off and is sitting on her nightstand.  She finally smells the rat,
and at 4 AM calls the Vonage customer support line After a 30 minute wait, a
polite but difficult-to-understand person explains that Vonage has been
experiencing a problem with "phantom calls" and it should be resolved soon.

My friend had her Vonage account set up so that if her VoIP number was down,
it would automatically forward calls to her cell phone.  So Vonage's
software PBX had her cell phone number on file, and it apparently went
haywire and began placing calls to numbers in its database, and using other
numbers in its database as the caller-ID.

The biggest risk here is believing what you see on your caller-ID display.
Using computerized tools to compound your error and jump to the wrong
conclusions is a close second.  Then there's the well-known "mission creep"
risk, where data supplied for one purpose is (mis) used for another.  Even
though the misuse was unintentional, it's a stark reminder that phone
numbers are a special kind of data with real-world implications, especially
when in the hands of buggy software that can make phone calls.

It took three days before Vonage sent my friend an email notice
acknowledging the phantom calls.  Apparently this incident was part
of a much larger outage (the SIP of the iceberg?), as described here:

and here:

A risk of static analysis tools—and refereeing

Peter Gutmann
Wed, 09 Jan 2008 20:04:07 +1300
[This item is adapted, with permission, from a posting to another group.  PGN]

Interesting anecdote: Some years ago a simple static code analysis tool was
submitted to a conference.  Two of the three reviewers, both of whom were
extremely careful programmers, ran it on their own code just to see what
would happen.

The tool produced 100% false positives (not 95, not 99, but fully 100%).  As a
result, the paper wasn't accepted.

The same paper was later submitted to another conference (where reviewers
didn't try this), where it was accepted and won the best paper award.

[Possible] Moral: The sort of people who contribute to RISKS may not be
representative of programmers as a whole.

Bank gives money to fraudster posing as its chairman

"David Dixon" <>
Thu, 10 Jan 2008 17:49:49 +0000
A fraudster walked into a branch of Barclays Bank (A major UK bank) posing
as its chairman Marcus Agius and managed to walk out with 10,000 pounds
(c. $20,000).  The conman is believed to have found Mr Agius' details online
and persuaded call centre staff into issuing a Barclaycard (credit card) in
his name.

REVIEW: "Managing Knowledge Security", Kevin C. Desouza

Rob Slade <>
Fri, 14 Dec 2007 11:26:50 -0800
BKMAKNSE.RVW   20070927

"Managing Knowledge Security", Kevin C. Desouza, 2007, 0-7494-4961-6,
%A   Kevin C. Desouza
%C   120 Pentonville Rd, London, UK, N1 9JN
%D   2007
%G   0-7494-4961-6 978-0-7494-4961-2
%I   Kogan Page Ltd.
%O   U$65.00/UK#32.50 +44-020-7278-0433
%O   Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   200 p.
%T   "Managing Knowledge Security"

Desouza is of the "competitive intelligence" community, so the "knowledge"
of the title refers to special skills, processes, or other information that
gives your business a particular advantage, and which is either unknown or
in limited circulation elsewhere.

Chapter one provides some examples of thefts of intellectual property.  The
author also exhorts companies to classify and assign a value to their
informational assets (with which advice I can only heartily concur).  He
goes on to describe the activities involved in spying on corporations, and
notes the limitations of traditional security guards in this regard.
Chapter two explains how employees can be the greatest threat to the loss of
institutional knowledge--and can also be the biggest asset in protecting it.
Considerations with regard to personal computing devices (such as laptops
and advanced cell phones) for traveling executives are discussed in chapter
three.  As well, there are suggestions on how to avoid being kidnapped, and
some recommendations with respect to recycling paper and obsolete computer
equipment.  Chapter four looks at a range of the possible alliances between
companies, and the ways that various problems related to intellectual
property might occur as a result of those associations.  Chapter five
contains recommendations of diverse measures to limit physical access to
corporate offices.  Business continuity is addressed, in chapter six, from
the perspective of loss of knowledge resources.  (Oddly, there is little
discussion of the higher levels of risk from social engineering inherent in
such situations.)  Basic information security practices, threats, and
technologies are outlined in chapter seven.

The book presents an interesting viewpoint in regard to security, but does
not seem to break any new ground.  In terms of information security or
classification, this work does not go beyond any standard security text such
as the original edition of "Computer Security Basics" (cf. BKCMPSEC.RVW) or
(ISC)2's "Official Guide" (cf.  BKOITCE.RVW).  With regard to social
engineering, which one might consider a specialty of those in the "business
intelligence" field, any of Ira Winkler's volumes, such as "Corporate
Espionage" (cf.  BKCRPESP.RVW) or "Spies Among Us" (cf. BKSPAMUS.RVW), has
more detail and extensive suggestions.  Desouza's work, clear and engaging
as it is, is possibly an interesting additional outlook, but hardly a
necessary addition or replacement.

copyright Robert M. Slade, 2007   BKMAKNSE.RVW   20070927

Please report problems with the web pages to the maintainer