The RISKS Digest
Volume 25 Issue 35

Monday, 22nd September 2008

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Sydney road tunnel closed by computer 'glitch'
John Colville
DC Primary votes don't add up... even with a fudge factor
David Lesher
Hurricane Ike
Les Denham
Hacker claims Palin e-mail hacked via password reset
Rob McCool
Re: Wall Street; where nothing can go worng wrogn wrgno....
Martin Ward
Re: Risks of financial systems too complex ,,,
Jim Horning
Re: Risks of not using check digits
Erling Kristiansen
Paul van Keep
Re: capability creep on red-light cameras
Paul Wallich
Info on RISKS (comp.risks)

Sydney road tunnel closed by computer 'glitch'

<"John Colville" <>>
Tue, 23 Sep 2008 08:39:12 +1000 (EST)

The M5 East tunnel is a 4-km tunnel on a major motorway leading into Sydney.
On 22 Sep 2008 the tunnel was closed for 2 3/4 hours starting at about 0900,
due to the failure of a backup computer.  It caused serious disruption to
traffic in that area of Sydney.  "... the tunnel had to be closed to traffic
because its safety equipment was disabled when the computer system was

[``It is the sixth time the $800 million project has been shut since it
opened in late 2001.''  Previous failures included a different "computer
glitch" in Feb 2002; lighting systems failed 11 months later; a "combined
power failure" occurred in Mar 2004; the CCTV system failed in Dec 2004; and
another computer crash caused as five-hour closure on 25 Jun 2008.  PGN]  The
company which operates the tunnel has now agreed to a have a staff member on
duty at all times.

John Colville, Faculty of Engineering & IT; University of Technology, Sydney
Honorary Associate  + 61 2 9514 1854

DC Primary votes don't add up... even with a fudge factor

<"David Lesher" <>>
Mon, 22 Sep 2008 16:17:32 -0400 (EDT)

Nikita Stewart and Elissa Silverman, *The Washington Post*, 22 Sep 2008; B01

As District officials continue to investigate errors in the early vote
tallies from the Sept. 9 primary, one number stands out: 1,542.  That number
appeared in the category for "overvotes" in 13 separate races when the
D.C. Board of Elections and Ethics released early results on election
night.  But those votes inexplicably vanished shortly after midnight, when
officials posted what they identified as corrected results. ...

The elections board initially blamed the discrepancies on a single defective
computer memory cartridge at the Precinct 141 polling site on U Street NW in
the Dupont Circle area. Sequoia has said the cartridge was not defective and
suggested that tabulation errors might have been triggered by workers or by
a static or electrical discharge.

[The article goes on about problems within Board, including the fact the
CTO does not have a claimed BS degree, and the ExDir's departure.]

Static discharge? At least they are not saying swamp gas was to blame.

[I was going to reference this to a past voting Risks post, but there are
so many to choose from...]

Hurricane Ike

<Les Denham <>>
Mon, 22 Sep 2008 16:03:36 -0500

Along with about 4 million other residents of this area, I experienced Ike
ten days ago.  And am still experiencing it.  Many of the problems are
computer related.

The first problem was that my home DSL service stopped when Ike was still
200 miles away (Friday evening).  I suspect that my phone service stopped
about the same time.  Shortly afterwards, my electricity stopped.

On Saturday afternoon, after the winds died down, I found I had phone
service, but still no electricity.  I tried to get my DSL working by
plugging the DSL modem into a UPS which still had some charge, but that
didn't work.  A little later, the phone service stopped working.  And the
cell phone service.

Next morning, I tried the phone, and it worked.  Later in the day, when the
electricity came on, I tried my DSL, and it worked.  In my email, I found a
message from my ISP apologizing for the interruption in service: the
co-location site had the backup generator for the servers function
correctly, but the backup generator for the air conditioning failed to
start.  Of course, this did not matter to me, because at the time I had
neither power, nor internet, nor phone.  By evening, the phone and the
internet had stopped working again, but I had found that by walking about a
mile from the house I could get a cell phone signal.  On one of these walks
I saw an AT&T truck and flagged the driver down.  I asked what the problem
was: we had power, and damage in my subdivision was minimal.  He explained
that each subdivision had a remote unit or subexchange with its own battery
backup, which was charged from the exchange — and the exchange was still
running on backup generators, which did not have enough reserve to power all
the subexchanges.

By Monday afternoon, AT&T had their act together, and I had a landline, DSL,
and cell phone signal.

For me, the most significant point of failure appeared to be that AT&T has
engineered their backup power supplies to only cope with about twelve hours
of power failure.  With hurricane Ike, we had over 90% failure of
electricity supply to the fourth largest city in the U.S.A.  The first
repairs were not completed for about 24 hours; it was a week before 50% of
power was restored; and ten days later we still have over 30% of electricity
customers without power.

Les Denham, Vice President, Interactive Interpretation & Training, Inc.
1500 Citywest, Suite 800, Houston, TX 77042, U.S.A. 1-713.840.3326

Hacker claims Palin e-mail hacked via password reset

<Rob McCool <>>
Sun, 21 Sep 2008 22:38:16 -0700 (PDT)

This blog entry refers to an anonymous hacker who claims to have been the
one behind the widely publicized breach of VP candidate Sarah Palin's Yahoo
e-mail account. The interesting part is that the claimed attack was not
based on a weak password, but instead based on a weak password-reset
mechanism.  The hacker claimed that with a few searches in Google and some
information (Palin's birthday) from Wikipedia, along with some guesses of
phrasing, he was able to gain access to her email account.

Re: Wall Street; where nothing can go worng wrogn wrgno....

<Martin Ward <>>
Mon, 22 Sep 2008 12:32:52 +0100

A lot of the comments in RISKS-25.34 seem to imply that the people running
the financial firms were stupid and/or careless in not doing a correct risk

These people are not stupid or careless, merely greedy, unscrupulous and
irresponsible. They did a careful risk analysis all right, and then made the
decision to deliberately feed false information into the computer models and
deliberately create massively complex financial instruments.

Their risk analysis looked like this:

Success: My company hands off the package before it blows up.  My company
makes a massive profit and I end up fabulously wealthy.  (Other companies
make massive losses and have to be bailed out by the government, but that is

Failure: My company ends up holding the package when it blows up.  My
company makes a massive loss and ends up having to be bailed out by the
government. I end up extremely wealthy.

After careful consideration of all the risks and benefits, I decide to go

In an ideal world, the risk analysis would look like this:

Success: My company hands off the package before it blows up.  My company
makes a massive profit and I become fabulously wealthy.  Other companies
make massive losses and have to be bailed out by the government. My company,
and all the others, gets investigated and I end up bankrupt and jailed for
many years.

Failure: My company ends up holding the package when it blows up.  My
company makes a massive loss and ends up having to be bailed out by the
government. I become extremely wealthy. My company, and all the others, gets
investigated and I end up bankrupt and jailed for many years.

Quote: "There was a willful designing of the systems to measure the risks in
a certain way that would not necessarily pick up all the right risks" If an
engineer, for personal gain, willfully designed (say) a sewage monitoring
system so that it did not pick up the right risks, and as a result thousands
of homes were flooded with sewage and destroyed, that engineer would (I
hope) end up in jail. But in the financial world, people can get away with
doing much more damage, for personal gain, with no personal risk to
G.K.Chesterton web site:

Re: Risks of financial systems too complex ,,, (Smith, RISKS-25.34)

<"Jim Horning" <>>
Sun, 21 Sep 2008 23:27:33 -0700

I thoroughly agree with Daniel's main point, but let's not blame computers
too much.

This is the result of financial creativity driven by greed, both of which
have been around for quite a bit longer than computers.  Many of the
securities at the heart of the 1929 market crash were very nearly as complex
as those you describe.  See, for example, John Kenneth Galbraith's
insightful 1955 book, The Great Crash 1929
An ironic side note is the role of Goldman Sachs in some of the most
highly-leveraged creations.

  [And PLEASE read Jim's very insightful blog all the way to the end:

Re: Risks of not using check digits (Re: Douglass, RISKS-25.34)

<Erling Kristiansen <>>
Mon, 22 Sep 2008 20:13:48 +0200

It is not correct that Dutch bank account numbers do not use check digits. I
have an account with ABN-AMRO, and I just did the check: I changed one digit
of an otherwise correct number.  (I was prepared to accept the risk of
sending 1 cent to the wrong recipient.)  The transaction was rejected by the
on-line banking service.  According to one source I found (in Dutch): the check is that a specified weighted sum of the
9 digits must be divisible by 11.

There is one exception: The Postbank. Postbank account numbers don't even
have a fixed length, very short (3-4 digits) numbers typically being given
to major charities and other high-profile customers. There is no intrinsic
check of validity, as far as I know. The Postbank is supposed to check the
name of the recipient, but I have positive evidence that this does not
always happen, even for a rather large transaction.

Re: Risks of not using check digits (Re: Douglass, R 25.34)

<Paul van Keep <>>
Mon, 22 Sep 2008 14:16:03 +0200

... The 9-(and 10-)number system has an 11-test that ensures a sparse usage
of the available number space.  The formula is pretty simple: The total of 9
times digit1 plus 8 times digit2 etc. should be divisible by 11.  The
account number 123456789 for instance is a valid number.

[Note: Paul's formulation of the formula is for the nine-digit number
system, where digit9 is the unit's digit.  The extension to ten digits is
more obvious with the equivalent mathematical formula given on the wiki
below, using the sum from i=0 (to N=9 or 10) of the ith digit times i+1,
where the right-most digit is the i=0th digit.  (Elf is 11 in Dutch, and
does not imply a mischievous creature carrying out the arithmetic.)  PGN]

See the Dutch Wikipedia entry for a more complete description:

Re: Capability creep on red-light cameras (Ashworth, RISKS-25.34)

<Paul Wallich <>>
Sun, 21 Sep 2008 20:45:38 -0400

> Jay R. Ashworth" <> writes:

> And remember: if that database exists, your wife's divorce attorney will be
> able to subpoena it.

If that were the only problem.  If that database exists, your employer, your
employer's competitors and the stores you shop at will be buying
soft-realtime access to it.

Please report problems with the web pages to the maintainer