The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 21

Sunday 29 June 2008


Federal Agency Grounds Light Jet Used as Air Taxi
Matthew Wald
Spyware bill cloaks a mini-UCITA
Ed Foster via Monty Solomon
Wireless systems called disruptive
Robert P Schaefer
More on election system integrity
Gene Wirchenko
Re: Risks in Instant Runoff Voting
Scot Drysdale
Chrysler announces the rolling WiFi hotspot automobile
Drew Lentz
X-rated SMS case gives employees some privacy guarantees
John Timmer via Monty Solomon
Attorney-client calls from jail recorded
Joel Garry
HTML comments reveal corporate weakness
Photos and laptop crypto
Rob Slade
Michael Fiola fired
Gene Wirchenko
REVIEW: "Challenges to Digital Forensic Evidence", Fred Cohen
Rob Slade
Info on RISKS (comp.risks)

Federal Agency Grounds Light Jet Used as Air Taxi: Matthew Wald

<"Peter G. Neumann" <>>
Sun, 15 Jun 2008 21:12:54 PDT

On 5 Jun 2008, both engines of an Eclipse 500 (a light jet popular as an air
taxi of small corporate plane) became stuck at full throttle on approach to
landing.  The pilots aborted the landing, flew around while looking through
the manual, and discovered procedures for failure of one engine control or
the other, but not both.  ``They shut down one engine and then lost control
of the other, because of a possible software flaw.''  They were able to land
safely, although blowing out the tires.

``A week later, the Federal Aviation Administration issued an emergency
order Thursday grounding the planes of that model until the throttle
controls can be inspected.''
[Source: Matthew L. Wald, *The New York Times*, 13 Jun 2008; PGN-ed]

Spyware bill cloaks a mini-UCITA

<Monty Solomon <>>
Mon, 16 Jun 2008 14:28:51 -0400

By Ed Foster, Section The Gripelog, Mon Jun 16, 2008

The holy grail for the software industry's political muscle has long been
what in UCITA was called "electronic self help" - the right of software
publishers to remotely disable their software on the mere suspicion that it
hasn't been paid for. UCITA was ultimately stopped, but last Wednesday the
Senate Commerce Committee held a hearing on a bill that nominally is
supposed to fight spyware but seems intended to make remote disabling legal.

Wireless systems called disruptive

<"Schaefer, Robert P \(US SSA\)" <>>
Wed, 25 Jun 2008 08:23:40 -0400

I caught this in *The Boston Globe*, 25 Jun 2008, under "Wireless systems
are called disruptive", but found a better reference here:

  "Wireless systems used by many hospitals to keep track of medical
  equipment can cause potentially deadly breakdowns in lifesaving devices
  such as breathing and dialysis machines, researchers reported Tuesday in a
  study that warned hospitals to conduct safety tests.",0,6525457,print.story

The research was published in JAMA under the title "Electromagnetic
Interference From Radio Frequency Identification Inducing Potentially
Hazardous Incidents in Critical Care Medical Equipment".

A quote: "Results In 123 EMI tests (3 per medical device), RFID induced 34
EMI incidents: 22 were classified as hazardous, 2 as significant, and 10 as

More on election system integrity

<Gene Wirchenko <>>
Wed, 25 Jun 2008 08:51:22 -0700

Yet another story on the vulnerability of voting systems:
  Rogue code could seriously skew US presidential election results

Re: Risks in Instant Runoff Voting (Koenig, RISKS-25.20)

<Scot Drysdale <>>
Mon, 16 Jun 2008 22:37:02 -0400

I don't know what Martin Gardner said, but if "voting insincerely" means
voting something other than your true preference in order to get a desired
result, then there certainly can be a reason for voting insincerely under
approval voting.  Suppose 60% of the voters prefer A but also are happy with
B, 20% like only B, and 20% like only C.  Then if the 60% vote sincerely
they would list A and B, and B (with 80% approval) would be the elected
candidate.  But if the 60% only vote for A, then A gets elected.  Thus
voting insincerely (saying that you do not approve B when in fact you do
approve B) leads to a better result.

Instant runoff can also lead to unfortunate results.  Suppose that there are
11 candidates.  A1 through A10 are each preferred by 10% of the voters and
hated by the other 90%.  B is everybody's strong second choice, liked almost
as much as their first choice.  In instant runoff B is eliminated in the
first round, and the election will eventually elect a candidate that 90% of
the voters hate, instead of a candidate that everybody is happy with.  Here
approval voting works much better, because B will appear on every ballot and
will be elected (if voters vote sincerely).

Chrysler announces the rolling WiFi hotspot automobile

<Drew Lentz []>
Mon, 23 Jun 2008 6:11 xDT

  [From Dave Farber's IP]

Thought you (and the list) might be interested in this.  Chrysler's
announcement to deploy Wi-Fi in vehicles to me spells opportunity for
malicious script kiddies and a "rolling" increase in the 2.4 noise floor.
  [See IP archives for further discussion.  PGN]
IP Archives:

X-rated SMS case gives employees some privacy guarantees

<Monty Solomon <>>
Fri, 20 Jun 2008 11:46:17 -0400

John Timmer, Arstechnica, 20 Jun 2008

Yesterday, the 9th Circuit Court released a ruling with huge implications
for privacy rights. In a case involving personal use of a work-provided
messaging service by a police officer, the court held that the employee had
a right to expect that the privacy of his messages would be honored, and
that any police access to those messages had to meet the standards of a
reasonable search. The ruling provides an extensive space for workspace
privacy, at least as long as the NSA isn't involved.

The decision arises from Quon vs. Arch Wireless (PDF), which has a rather
complicated background. Jeff Quon was a member of the city of Ontario, CA
SWAT team. The city provides its officers with access to a wireless text
messaging pager provided by Arch Wireless, which came with a monthly
character limit. Formally, the announced departmental policy was that the
content of the messages sent could be audited at any time. In practice,
however, the pagers were handled quite differently. The department never
viewed their content, and simply asked users to pay any charges for running
over the character limit.

Things proceeded uneventfully until the day when, as the decision phrases
it, "Lieutenant Duke grew weary of his role as bill collector." The
department decided to determine if the character limit was too low for
departmental business, so they requested a copy of all messages on their
account from Arch Wireless with the intent of determining whether business
or personal use was driving the overage charges. With the contents in hand,
they discovered many of Quon's messages were both personal and X-rated. An
internal investigation ensued, and Quon and the people he exchanged messages
with sued the city, its police department, and Arch Wireless. ...

Attorney-client calls from jail recorded

<Joel Garry <>>
Sat, 21 Jun 2008 10:50:38 -0700

A jail telephone system would record all calls, except those to numbers
listed in an attorney database.  The database was incomplete - most
obviously in not containing attorney's direct lines or cellphones.
California law prohibits recording calls from jail between inmates and
attorneys (just as doctors and patients, and ministers and penitents).  It
may be a felony with up to a $5,000 penalty per call.  One attorney found
out when the prosecutors gave him a cd with his recorded calls on it.  The
San Diego County Sheriff's Department says it was a glitch in the telephone
system.  The extent of the problem is unknowable.  Prosecutors had access to
the recordings from their PC's.  "We thought we had a better database" said
Sheriff's Department Legal Advisor Sanford Toyen.

The system has been turned off; investigations and court paper filings are
underway.  The system is being changed to give a number for attorneys to
call to be added to the database.

One risk would be assuming a poorly designed technology driven system will
be adequate to protect legally-required privacy.  Poor design decisions
include assuming perfect data in the database, assuming Sheriff's Department
users would be able to assess such risk, and assuming telephone users would
both hear and properly understand an aural message that the call is being
recorded.  Another risk may be added by the change: an opt-out system isn't
fast enough unless done properly (read: expensive).  Lawyer involvement is
left as an exercise for the cynical.

HTML comments reveal corporate weakness

Tue, 24 Jun 2008 02:03:01 +0800

We all know of the supposedly invisible parts of PDF documents, but
how about HTML comments? Beside the typical
<!-- headline Comes Here -->
<!-- Quick Links Section -->
<!-- Main Content Section -->

here's one from my million dollar retirement account:
<!-- ~~~~~~~concreate row that makes ns47 beahve~~~~~~~-->

So we see behind the steely corporate facade that if they don't
"concreate" that row, then "ns47" won't "beahve", probably bringing
the entire house of cards down.

Photos and laptop crypto

<Rob Slade <>>
Sun, 15 Jun 2008 13:21:10 -0800

The lead article/editorial in Bruce Schneier's latest CryptoGram
( points out the foolishness in
warning people to beware of terrorists taking pictures.  Millions of people
take billions of pictures every year for legitimate or innocent reasons, and
the major terrorist attacks have not involved terrorists walking around
taking photographs of the targets.  It doesn't make sense to try and protect
yourself by raising an alarm about an activity that is probably (*extremely*
probably) not a threat.

Rather ironically, the second piece talks about the fact that your laptop
may be searched when you fly to another country, and the advisability of
laptop encryption.  Leaving aside privacy and legality concerns, Schneier is
for encryption.

Now, I don't fly as much as some, but more than many.  Since I'm a security
researcher, I've got all kinds of materials on my laptop that would probably
raise all kinds of flags.  I've got files with "virus," "malware," "botnet,"
and all kinds of other scary terms in the filenames.  (I've got a rather
extensive virus zoo in one directory.)  Nobody at immigration has ever
turned a hair at these filenames, since nobody at immigration has ever asked
to look at my laptop.  (Even the security screeners don't ask me to turn it
on as much as they used to, although they do swab it more.)

I'm not arguing that people shouldn't encrypt materials on their laptops:
it's probably a good idea for all kinds of reasons.  However, unless I'm
very fortunate in my travels (and, from my perspective, I tend to have a lot
more than my fair share of travel horror stories), the risk of having
immigration scan your laptop is not one of them.

Michael Fiola fired

<Gene Wirchenko <>>
Thu, 19 Jun 2008 08:14:32 -0700

This one is nasty.  Mr. Fiola was abruptly fired for having child
pornography on his employee-issued laptop, but now, it seems that there was
insufficient evidence to show that he downloaded it.  His life has been
hellish for the last 18 months though:

REVIEW: "Challenges to Digital Forensic Evidence", Fred Cohen

<Rob Slade <>>
Mon, 23 Jun 2008 12:19:36 -0800

BKCHTDFE.RVW   20080318

"Challenges to Digital Forensic Evidence", Fred Cohen, 2008,
1-878109-41-3, U$39.00
%A   Fred Cohen
%C   572 Leona Dr, Livermore, CA   94550
%D   2008
%G   1-878109-41-3
%I   Fred Cohen and Associates
%O   U$39.00 925-454-0171
%O   Audience s+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   122 p.
%T   "Challenges to Digital Forensic Evidence"

Fred Cohen knows his stuff when it comes to digital forensics, despite
the fun he has with legalities in the frontmatter of this book.  Cohen
states, in chapter one, he wrote the book because of the mistakes he
had seen people make when bringing technical materials into a legal
setting.  The work is a sold background for a forensic examiner, and
covers a number of areas that are missed in most of the current
literature on this topic.  Forensics is more than simply getting bits
out of a given operating filesystem.

Chapter two concentrates on the errors or problems that arise in the
process of collecting evidence.  Many computer forensics books list
the sections that should be included in a written report, but this
author provides, in chapter three, practical advice on both wording
and approaches, including such aspects as the reporting of errors in
previously submitted reports.  Chapter four demonstrates difficult
situations, some covered in prior chapters and some new, based on
actual cases.

Chapter five reiterates and emphasizes a point that Cohen raises
frequently throughout the book: as an expert, you are working within,
and subject to, an adversarial system and all its attendant
limitations, but your primary responsibility is to the truth.  Being
honest in your work and statements is the basis for all of your
testimony.  As chapter six points out, it is also the best way to
avoid being challenged.

There are many books that talk about forensic tools: this isn't one of
them.  There are a number of works that address specifics of file
systems and storage devices: this isn't one of them.  A few texts even
address some aspects of the investigative process and management:
Cohen addresses some of those issues.  However, I have not seen any
other guides that will tell you, clearly and plainly, how to avoid the
most common failings of technical experts trying to provide evidence
in a decidedly non-technical legal system.

copyright Robert M. Slade, 2008   BKCHTDFE.RVW   20080318

Please report problems with the web pages to the maintainer