The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 20

Sunday 15 June 2008


Security hole exposes utilities to Internet attack
Representative Frank Wolf's computer owned by China
Hidden Code Costs Poker Players Thousands
Chuck Weinstock
Wikipedia for medical students?
Steven M. Bellovin
Wartime global temperature anomaly kicks the bucket
Mark Brader
Colleges With Federal Contracts Will Have to Use New E-Verify
Google "safebrowsing" diagnostic page
Rob Slade
ID cards by the back door
Peter Mellor
Spuds and system security
Rob Slade
Clothing firm "Cotton Traders" customer database breached
Peter Mellor
Update on ISP Actions Regarding C-Porn and Usenet
Lauren Weinstein
Re: Risks in Instant Runoff Voting
Stewart Fist
Andrew Koenig
Re: Stanford employees' data on stolen laptop
Hal Murray
Re: Advice from HM Revenue and Customs
Edward Rice
Re: She'll never fail to stop at a railroad crossing
Leonard Finegold
Re: An iTunes ... problem Apple will never fix
Andrew M. Langmead
Tracking the Trackers: Piatek et al.
Monty Solomon
Info on RISKS (comp.risks)

Security hole exposes utilities to Internet attack

"Peter G. Neumann" <>
Fri, 13 Jun 2008 16:11:17 PDT
Attackers could gain control of water-treatment plants, natural-gas
pipelines and other critical utilities because of a vulnerability in the
software that runs some of those facilities.  The bug has now been patched,
but the vulnerability could have counterparts in other so-called supervisory
control and data acquisition (SCADA) systems.

Representative Frank Wolf's computer owned by China

"Peter G. Neumann" <>
Wed, 11 Jun 2008 10:54:09 PDT
[Congress Daily, 11 Jun 1008, courtesy of Marcus H. Sachs]

SPYWARE? SPY WHERE? Rep. Frank Wolf, R-Va., today said the FBI determined
four of his government computers have been hacked by someone in China.
Wolf, a longtime critic of the Chinese government's record on human rights,
said computers in the offices of other lawmakers and at least one House
committee have also been hacked and he is calling for hearings to
investigate. Wolf said it seemed logical that Senate computers would also be

  [*USA Today* on 13 Jun 2008 warned about leaving any digital devices
  unattended for even a few minutes while in China for the Olympics.]

Hidden Code Costs Poker Players Thousands

Chuck Weinstock <>
Mon, 9 Jun 2008 18:04:37 -0400
On May 29,, an online poker room, announced that it had
discovered "unfair play" on its site. The press release at
discusses how they investigated the alleged cheating (a word they don't use)
by certain players who worked for the previous ownership of UltimateBet and
who exploited "unauthorized software". The paragraph of interest to Risks
readers is:

  "The fraudulent activity was enabled by unauthorized software code that
  allowed the perpetrators to obtain hole card information during live
  play. The existence of this vulnerability was unknown to Tokwiro until
  February 2008 and existed prior to UltimateBet's acquisition by Tokwiro in
  October 2006. Our investigation has confirmed that the code was part of a
  legacy auditing system that was manipulated by the perpetrators. Gaming
  Associates, independent auditors hired by the KGC, have confirmed that the
  software code that provided the unfair advantage has been permanently

The individuals involved targeted the highest limit games and it is my
understanding that some players were hit for 6 figures. UltimateBet is or is
in the process of repaying those who were cheated.

Wikipedia for medical students?

"Steven M. Bellovin" <>
Mon, 9 Jun 2008 22:03:07 -0400
A Washington Post story
on new iPhone applications had this:

  Modality: An anatomy app for medical students. The app is filled with
  anatomy drawings and images linked to Google and Wikipedia for more
  detailed information.

Would you trust a doctor whose knowledge of anatomy came from Wikipedia?

Steve Bellovin,

  [Of course, it depends on who provided the wikinformation—and who
  kept it up to date as knowledge changes.  PGN]

Wartime global temperature anomaly kicks the bucket

Mark Brader
Thu, 12 Jun 2008 01:18:51 -0400 (EDT)
This item in *New Scientist* reports on a letter in Nature by one David
Thompson and three colleagues.  (Long URL: you may have to join parts.)

Fee-paying readers can access the Nature letter here:

Thompson's group analyzed the data set of world temperatures commonly used
in climate studies and found an unrecognized flaw in it, which could affect
those studies' conclusions.  What they realized was that after filtering out
effects like El Nino years and volcanic eruptions, the record showed a
marked dip of 0.3 degrees Celsius in 1945—but *not* if only temperatures
taken on land were counted.

Which suggested a measurement error, and they figured out what it was.  What
happened in 1945 was that as Britain's Royal Navy returned to peacetime
duties, they had more time to report sea temperatures!  So suddenly there
were *more* of their measurements in comparison to those taken by the US

And why did that matter?  Because the seawater that the Americans actually
measured was drawn from engine cooling-system intakes, while the British
dipped a bucket into the sea.  One method reads high, the other low.

Colleges With Federal Contracts Will Have to Use New E-Verify

"Peter G. Neumann" <>
Fri, 13 Jun 2008 19:12:12 PDT
[Source: The Chronicle of Higher Learning, 13 Jun 2008]

All colleges and universities entering into federal-government contracts
will be required to use the Department of Homeland Security's E-Verify
system to establish the immigration status of newly hired employees and all
employees working on such contracts, under an executive order signed this
week by President Bush.

E-Verify is the federal governments automated system for allowing employers
to verify job applicants eligibility to work as U.S. citizens, legal
permanent residents, or authorized immigrants. When an employer submits an
applicants name and personal information for eligibility verification,
E-Verify checks that information against Social Security Administration and
Homeland Security Department databases.

  [See the USACM website for testimony by PGN, Annie Anton, and most
  recently Gene Spafford (on EEVS, the Employee Eligibility Verification
  System, precursor of E-Verify).  It is evident that the warnings of these
  testimonies were not heeded.

Google "safebrowsing" diagnostic page

Rob Slade <>
Sun, 08 Jun 2008 11:23:39 -0800
Google has a set of tools for Webmasters at

You have to sign up to use them, but you can, seemingly, get at some of the
tools individually if you know the URL.  One that is making the rounds is a
diagnostic page for the safety of a URL, at: (Actually, if you just
put that in your browser you get a "Bed Request" page: you have to fill in a
URL on the end.)

I tried it out on an advertising site that has been used a lot, recently,
for referrals/redirections to malware, and it got a clean bill of health.

I've tried it with a site that has been serving a version of Nuwar for at
least a week, and confirmed that the site was still serving the malware
directly.  (This is not a referral situation.)  Google gave it a clean bill
of health.

I'd say the Google page was unreliable at the very best.

ID cards by the back door

Peter Mellor <>
Sat, 14 Jun 2008 09:03:55 EDT
The gist of this report is that the "National Entitlement Card" contains a
concealed chip with lots of personal information, and may be part of a
scheme by the British Government to introduce identity cards by stealth.

The author, Stuart Hill, who lives in the Shetland Isles, has done his
research, and this should not be dismissed as just another paranoid
conspiracy theory.

  —Excerpt from start of report --

In Shetland a vulnerable section of the community is being used to pilot a
scheme that threatens our fundamental freedoms. It is quite clear that the
new 'National Entitlement Card' that provides access to free travel for the
elderly and disabled, in fact marks the introduction of ID Cards by the back

My research shows that:

This is an EU scheme being carried out by the UK government and the
Scottish Executive. The government is planning a stealth programme for
ID cards, the steps for which are:
- introduction, the current stage where we are offered the bribe of free
- full coverage, everybody is required to have one
- full compulsion sounds good in a free country - and finally
- full identity services availability - in other words you can get no access
  to services without the card.


Recently I was denied free travel on the bus because I refused to submit my
new 'smart' card to the card reader on the bus. Before the machines were
fitted it was sufficient to show the card to the driver. This time it was
apparently not enough that I could show my card—it had to go on the
machine for data to be recorded. As far as I know, I have not given
permission for my personal details to be collected in this way.

 —End of excerpt --

Peter Mellor <>  +44 (0)20 8459 7669

Spuds and system security

Rob Slade <>
Fri, 13 Jun 2008 14:50:16 -0800
Recently, there has been a great deal of concern over the rise is prices of
common staple food grains.  A frequently cited cause for this price jump is
international speculation in commodity markets, and the disproportionate
aspect this can have on the price of the commodities themselves, quite apart
from the usual cycles of supply and demand.

What fewer people may know is that the UN declared 2008 as the international
year of the potato.  (They did this, of course, some time ago, so the
contrast in notions becomes even more intriguing.)

There is some irony in that, but it gets better.  (Both from the perspective
of irony, and from the point of view of useful analogies for infosec.)

The potato (the "humble" potato, as it is frequently described) is suitable
to a great many climatic conditions, and is generally more productive than
grain crops (and *much* more productive than meats, etc.)  It is also
surprisingly nutritious.

(Ah! I hear you cry, what about the Potato Famine?  Well, in that case the
potato was, oddly, a victim of its own success.  We know, or should know,
the dangers of the monoculture, which was what led to the famine.  [And that
topic has relevance to infosec as well, but it has been amply discussed
elsewhere.]  However, what is less well known is that the introduction of
the potato, 250 years prior to the famine, led to a 5-8 fold increase in the
population of Ireland over those twenty- five decades, due to an increase in
both food source and in nutrition.)

So, what about world food crops, commodities, and skyrocketing prices?  If
we convinced people to grow potatoes, wouldn't we just become dependent upon
potatoes, and then there would be speculation in potato futures?  Well,
oddly, it seems not.

Grain, when harvested, is fairly dry, and can easily be dried even more for
storage and shipment.  And, to pretty much anyone except a pasta maker,
wheat flour is wheat flour.  You can make any product you want out of
basically any flour you can get.

Potatoes are wet.  They get used fresh, for the most part.  (The technical
advances in producing dried mashed potatoes seems to parallel that or
artificial intelligence: there is a lot of interest, and a lot of work, but
those who have tried the results can tell you that there is work yet to be
done.)  Also, people who use and eat potatoes tend to have preferences.
(And there are a great many varieties of potatoes.  Remember that
monoculture bit?)

It seems that potatoes are one of the few staple crops that are resistant to
commodity markets (however susceptible it may be to the blight).

So, what's the point for infosec?  Remember the lessons of security
architecture.  Build your architecture based on resilient and resistant
technologies, not on the most popular.  It's not a new lesson: it rests on
the foundation of risk management which should be foundational to all

Clothing firm "Cotton Traders" customer database breached

Sat, 14 Jun 2008 10:29:02 EDT
The size of the breach (number of records compromised) has not been
confirmed, but is said to be "up to 38,000.  Attackers gained access to
customers' addresses and (worryingly) data used in "card not present"

The report states: "Apacs, the trade association for the payment industry,
said a specialist police force was investigating the case."  There is a
rumour (not mentioned in the report) that, although the breach occurred
"earlier in the year", Apacs only informed the banks a few weeks ago and
they are still dealing with it.

For details, see

Peter Mellor <>  +44 (0)20 8459 7669

Update on ISP Actions Regarding C-Porn and Usenet

Lauren Weinstein <>
Tue, 10 Jun 2008 17:02:30 -0700
  [From Network Neutrality Squad.  PGN]

            Update on ISP Actions Regarding C-Porn and Usenet

Greetings.  The related ISPs have been working to clarify aspects of
the New York Times story that I discussed earlier today

The upshot is interesting.  In contrast to the implications of the Times
piece, it appears that U.S. ISPs (unlike a newly penned deal in France
involving French ISPs) will not for the moment be actively blocking any
"class" of Web content, but rather will work to remove c-porn sites from
their servers (something most people apparently assumed they'd been doing
anyway ... ).

So the big to-do from the politicos about this aspect seems to best be filed
under grandstanding.

But there is a very disturbing additional element to this story.  Time
Warner Cable says that they are cutting off subscriber access to all Usenet
newsgroups (child porn was found in 88 of the vast number of total
newsgroups).  Sprint is cutting off 10's of 1000's of alt.* newsgroups (and
what a war it was back when those were created long, long ago!)  Verizon
plans "broad" newsgroup cutoffs.

While Usenet newsgroups are certainly not the draw that they were many years
ago, they still have an important role to play in the free exchange of legal
information on the Internet today.

Using the presence of illicit materials in some portion of a content stream
as an excuse to abolish or decimate the legal content is inexcusable.  In
fact, that sort of "guilt by association" and "we can get away with this
because most people don't know about it" action is the very essence of a
particularly insidious form of censorship.

Of course, the ISPs could argue that they're under no legal obligation to
carry Usenet newsgroups in any form.  This is true.  But then, most ISPs
aren't under a legal mandate to provide connectivity to any given Web sites,

So one might wonder, given these ISPs' eagerness to hoist much or all of the
completely legal content of Usenet on the petard of fettering out c-porn,
which aspects of the Internet will be next to fall into the line-of-sight of
their big red cutoff switch?

Lauren Weinstein +1 818 225-2800
PFIR Network Neutrality Squad -
PRIVACY Forum - Lauren's Blog:

Re: Risks in Instant Runoff Voting (Gladsen, RISKS-25.19)

Stewart Fist <>
Mon, 9 Jun 2008 12:50:29 +1000
Your correspondents on preferential voting systems rightly point out that no
preferential or proportional voting system can ever faithfully reproduce the
will of the people, because no such perfect measure of group-will exists.
At best, an electoral system can only generally reproduce the expressed
intentions of the voting public, and the preferential system probably does
this best.

While people vote for a candidate, they also vote against other candidates.
So Richard Gladsen's statement:

 > For example, in the 2000 US Presidential election, voters whose true
 > preference was Nader>Gore>Bush had a strong incentive to insincerely vote
 > for Gore.

can equally translate to ".... had a strong incentive to sincerely vote
against Bush".  A preferential system would have permitted the Nader voters
to sincerely vote for Nader>Gore and against Bush, if that was their
intention ... or, indeed, to vote for Nader>Bush and against Gore, if that
was equally their intention.

So the claim that "voters always have an incentive to be insincere in how
they cast their votes" is not really valid.

Behind this discussion is also the assumption that the only concern when
choosing a voting system is that it closely reflects this idealistic
expression of group-will.  Of equal importance is that the system leads to a
stable system of government, and that this stable government does not become

The electoral system should tend to err on the side of "overreflecting"
the will of the people—and thereby giving the governing party a
reasonable majority so that it is strong and stable enough to make some
(possibly unpopular) changes to tax and other laws—yet allow for quick
and clean changes of government when a swing in public attitudes against the
governing party occurs.

In other words, it needs to be a "toggle"—where a small change in public
position, should on a regular basis, reflect a larger proportional change in
political representation, and possibly a change of government.  You often
need this to overcome the advantage of incumbency.

Proportional representation systems tend to create unstable governments for
this reason.

Lastly, stable political systems appear to depend on the country having two,
or possibly three (at most) major parties—not dozens.  This means that
the parties will go into an election with clearly established and
reasonably-defined policies on display.  Alternative systems, like that of
Italy, produce a multiplicity of small parties which then must form unstable
coalitions through backroom deals in order to govern.  So priorities and
policies are largely set after the election, and governments can be
blackmailed by a small party in the coalition.

Preferential systems tend to encourage voters to select a major party as
their favourite, while also allowing them to give support and encouragement
to individuals/small parties like Nader in America, and the Green/Democratic
parties elsewhere.  These individuals can then sometimes challenge the
majors for the swinging vote—and, in effect, create the "toggle"—which
has the effect of "keeping the bastards honest" (the slogan of Australia's
small third party).

Stewart Fist, 70 Middle Harbour Rd, LINDFIELD, NSW 2070 Australia
Ph +61  2  9416 7458

Re: Risks in Instant Runoff Voting (Gladsen, RISKS-25.19)

"Andrew Koenig" <>
Mon, 9 Jun 2008 12:43:39 -0400
Richard Gladsen claims that Arrow's Theorem proves that every election
system gives voters a reason to vote insincerely.

I remember reading an article many years ago, probably by Martin Gardner,
that claims that under approval voting, there is never a reason to vote
insincerely.  Approval voting is very simple: Each voter can cast zero or
one votes for each candidate; all votes counts equally.  The candidate with
the largest number of votes wins.  Note that voting for every candidate is
equivalent to not voting at all, and that approval voting degenerates to
traditional voting if there are only two candidates.

It should be clear that approval voting will elect the candidate that the
largest number of voters find acceptable (as defined by their willingness to
vote for that candidate), and that this candidate might not be the favorite
of the largest number of voters.  We can argue separately about that
property of approval voting.  But I think my recollection is correct that
under approval voting, there is never any reason to vote insincerely.

Re: Stanford employees' data on stolen laptop (RISKS-25.18)

Hal Murray <>
Sun, 08 Jun 2008 19:15:11 -0700
> [Someday encrypting such data sets will become the default.  PGN]

Then we'll just have a different set of RISKs, and Murphy says they will be
harder to understand and explain.

Do you think people will use good passwords?  Do you think they will write
them down?

I'll bet companies would try to wiggle out of notifying victims when a
laptop is stolen: Your data is safely encrypted.  Why should we worry

I was going to suggest that sensitive data shouldn't be stored on laptops.
I'll bet the alternatives are worse, or at least more complicated to analyze
and explain.

Re: Advice from HM Revenue and Customs (Mellor, RISKS-25.19)

Edward Rice <>
Wed, 11 Jun 2008 21:48:22 -0400
I queried HMRC for further information and received the following
explanation of that web page.

At 10:50 AM +0100 6/11/08, Storey, Michael (CustCon Online Services) wrote:
>Thank you for your e-mail.  The text on this page has been withheld from
>the general public due to exemptions in the Freedom of Information Act

>The manuals used by Her Majesty's Revenue & Customs (HMRC) are written for
>internal instructional purposes and because of that we have to withhold
>certain information when these manuals are published to the website as it's
>not intended for public consumption. These manuals are published in line
>with the Code of Practice on Access to Government Information.

>Michael Storey, HMRC Web Team

Re: She'll never fail to stop at a railroad crossing (R 25 19)

Leonard Finegold <>
Sun, 8 Jun 2008 16:13:57 -0400
My physician was trying to enter a diagnosis into his computer, during an
office visit.  The computer insisted on entering Prostitute for me; he was
trying to put in Prost ate.

He did an end-run.

PS.  I'm no prostitute, although some people think that most faculty members
are (intellectually).

Re: An iTunes ... problem Apple will never fix (Power, RISKS-25.19)

"Andrew M. Langmead" <>
Sun, 8 Jun 2008 15:31:01 -0400
Max Power seems to have overlooked the selection "Provide iTunes Feedback"
from the "Help" menu" or his search seemed to have not included anything as
obvious as entering "itunes bug report" into a search engine like Google.

I guess the risk here software defects can exist by users failing to tell
the software publisher when the software fails to meet their needs, and
that users will choose inappropriate avenues to vent their frustration.

  [This and related comments were received from many readers.
  For example, try  PGN]

Tracking the Trackers: Piatek et al.

Monty Solomon <>
Wed, 11 Jun 2008 00:30:49 -0400
Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy
University of Washington, Department of Computer Science & Engineering


As people increasingly rely on the Internet to deliver downloadable music,
movies, and television, content producers are faced with the problem of
increasing Internet piracy. To protect their content, copyright holders
police the Internet, searching for unauthorized distribution of their work
on websites like YouTube or peer-to-peer networks such as BitTorrent. When
infringement is (allegedly) discovered, formal complaints are issued to
network operators that may result in websites being taken down or home
Internet connections being disabled.

Although the implications of being accused of copyright infringement
are significant, very little is known about the methods used by
enforcement agencies to detect it, particularly in P2P networks. We
have conducted the first scientific, experimental study of monitoring
and copyright enforcement on P2P networks and have made several
discoveries which we find surprising. ...


Please report problems with the web pages to the maintainer