Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
http://www.mailonsunday.co.uk/pages/live/articles/news/news.html?in_article_id=509289&in_page_id=1770
On May 18, 2005, a Jordanian Airbus A320 completed a flight (on behalf of a Spanish charter airline) from Fuerteventura, Spain, to Leeds Bradford Airport in England. After landing, it decelerated normally as far as a speed of 73 knots, but then the brakes on both sides failed almost completely. With runway running out and reverse thrust insufficient to stop, the pilot steered off the runway. At 22 knots the brakes reengaged, and the plane stopped safely without injuries. The accident is covered by Report 6/2007 of the UK AAIB, which is available in PDF in sections under this page: http://www.aaib.gov.uk/sites/aaib/publications/formal_reports/6_2007_jy_jar/jy_jar_report_sections.cfm?view=print They say the failure was the result of "excessive wheel tachometer signal noise, caused by a bent tachometer driveshaft on each main landing gear assembly" combined with "inadequate fault tolerance within the brake control system". The tachometer is involved because that's how the Brake and Steering Control Unit (BCSU) tells whether the plane is skidding. But the tire and driveshaft could resonate at about the same frequency, causing the tachometer to produce electrical noise that in turn would cause the BCSU to malfunction and release the brakes to prevent a skid that was not happening. The solution was to replace the driveshaft with a stronger one (solid instead of hollow), which would also have a different resonant frequency. Mark Brader, Toronto, msb@vex.net [Another item from me about something that happened in England in 2005! I just happened across this report while checking the AAIB site on the off-chance that there was news about the recent Heathrow incident.]
In what appears to separate incidents, two major submarine FO cables (FLAG Telecom and SEA-ME-WE 4) have been cut in the Middle East. Dubai, Egypt, Saudi Arabia, Qatar, the United Arab Emirates, Kuwait, Bahrain, Pakistan, and India are all suffering badly. There's been much rerouting to trans-Pacific circuits. The RISKs? Well first, in an amazing short period of time [TAT-1, the {copper} first transatlantic telephone cable was put into service in 1956; TAT-8, the first fiber cable was in 1988.] our civilization/economy has become highly dependent on photons & refined beach sand. Second RISK: While cables are relatively safe in deep water, to be useful they must come ashore somewhere; and shallow water is where they are vulnerable. And ships also like those same shallows. Cables are only REALLY redundant if they have nothing in common, and for reasons of geography, politics and history, they flock together in those same shallow port waters. Alexander Harrowell made a sage comment on the NANOG list. [Landing spots..] have historically been in the same strategic locations. Suez, Singapore, Cape Town; it's the strategic map of the British Empire. "Five strategic keys lock up the world", as Lord Fisher said. (Dover, Gibraltar, Singapore, Cape Town, and Suez). I'm further reminded of Dan Charles' report on Relay, Maryland: <http://www.npr.org/templates/story/story.php?storyId=1030846> where he discussed how wagon trains, telegraph, railroads, and now fiber... all Go West via the same route. [See also a CNN report. PGN] http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html?eref=rss_=topstories
In addition to some of the reported incidents, there were several incidents in the Washington area some years ago in which digital PBXs interfered with air traffic control at National Airport (as it was then called). http://www.nydailynews.com/news/2008/01/27/2008-01-27_empire_state_building_car_zap_mystery.html http://www.nydailynews.com/img/2008/01/27/alg_empire-state.jpg Several cars a day get bizarrely stranded in a five-block 'Bermuda Triangle' near the Empire State Building. http://www.nydailynews.com/img/2008/01/27/amd_valeev.jpg In the shadow of the Empire State Building lies an "automotive Bermuda Triangle" - a five-block radius where vehicles mysteriously die. No one is sure what's causing it, but all roads appear to lead to the looming giant in our midst - specifically, its Art Deco mast and 203-foot-long, antenna-laden spire. "We get about 10 to 15 cars stuck near there every day," said Isaac Leviev, manager of Citywide Towing, the AAA's exclusive roadside assistance provider from 42nd St. to the Battery. "You pull the car four or five blocks to the west or east and the car starts right up." "The lights work, the horn works, everything. But it won't start," Russell Valeev, a driver for Golden Touch Transportation said one recent evening as he sat in his 2005 Ford van with the hood propped open on E. 35th St., between Lexington and Park Aves. "It's my job. No money." The 102-story building, at Fifth Ave. between 33rd and 34th Sts., has been home to broadcast equipment since its opening in 1931, when RCA installed an experimental TV antenna. Since the 9/11 attacks destroyed the twin towers, the building has regained its status as the leading transmission site for commercial broadcast outfits, with 13 TV and 19 FM stations mounting antennas on its spire. The FCC said it has not received any complaints regarding interference affecting autos in midtown, and Empire State Building officials don't believe the claims. Yet some phantom transmission appears to cause the remote keyless entry systems of scores of car owners to go haywire and stop talking to their vehicles. [Source: Richard Weir, Empire State Building car zap mystery, *NY Daily News*, 29 Jan 2008; PGN-ed] [The NY Daily News blog is replete with cases reported by affected drivers. You can add yours to the blog or report it to rweir@nydailynews.com. But by now it's familiar territory and no longer News. PGN]
Zapping the bad guys: Attached to the roof of this police car is a 200-pound electromagnetic system that can quickly bring an opposing vehicle to a stop. The system is six- to eight-feet long (antennae included) and almost three-feet wide. It works by sending out pulses of microwave radiation that disable the microprocessors that control the central engine functions of a car. Credit: Eureka Aerospace http://www.technologyreview.com/files/13634/policecar_x220.jpg Researchers at Eureka Aerospace are turning a fictional concept from the movie *2 Fast 2 Furious* into reality: they're creating an electromagnetic system that can quickly bring a vehicle to a stop. The system, which can be attached to an automobile or aircraft carrier, sends out pulses of microwave radiation to disable the microprocessors that control the central engine functions in a car. Such a device could be used by law enforcement to stop fleeing and noncooperative vehicles at security checkpoints, or as perimeter protection for military bases, communication centers, and oil platforms in the open seas. [Source: Brittany Sauser, Stopping Cars with Radiation: A beam of microwave energy could stop vehicles in their tracks, MIT *Technology Review*, 13 Nov 2007] http://www.technologyreview.com/printer_friendly_article.aspx?id=19699
American LaFrance (ALF), a US manufacturer of fire trucks, has blamed a failed ERP implementation for its filing for bankruptcy this week. Coupled with “inventory not properly declared as obsolete'', ALF incurred $100 million in unanticipated costs, lengthy production delays, and problems servicing customers' existing trucks. http://www.americanlafrance.com/interior.asp?n=22 A significant consequence to ALF's operational problems is fire departments across North America are apparently experiencing significant delays in obtaining spare parts and service for their front-line fire trucks, and new orders (most of which will be replacements for aging apparatus) are being delayed by months. This will undoubtedly result in apparatus (and possibly the associated companies of firefighters) being placed out of service more than usual, and/or use of older, less reliable reserve apparatus (which typically don't meet current safety standards). Although problems with ERP implementations have caused a number of high profile business disruptions in recent years (eg Hersheys, HP) this is the first I've heard of a company blaming their bankruptcy on ERP. The RISKS involved in such large-scale IT projects are well known (especially to readers here), but unfortunately still occur all too often. [For the benefit of readers who aren't accountants or lawyers, Chapter 11 is a US bankruptcy provision that allows a company to voluntarily declare bankruptcy, prepare a financial reorganization plan under the supervision of the bankruptcy court, and (hopefully) ultimately be discharged from bankruptcy as a viable concern.]
Tricom, a margin lending specialist in Australia was unable to complete its trades, and finalize settlements. the ASX had to declare a hold on its activities and close off the market without it. Everything was resolved by the next business day. Tricom stated (according to the Australian Newspaper) that it was net positive, but s/w let it down and it couldn't complete the volume of processing required due to a new s/w system. http://www.australianit.news.com.au/story/0,24897,23142583-15306,00.html suggests that the story is not that simple, the system was accepted under the 3 day burn-in test the ASX require, and that it will not form the main focus of any investigation. I think we'll see quite a lot of software/computer-systems blame over triggers to sell, but this appears to be about scaling functions to close off, rather than automatic bet-the-market outcomes. Interesting to think about what are the possible scaling functions in these kinds of systems. The average-to-peak difference could be immense, if you spread a range of people making smallish buys (by volume of event) spread over a long time, but then have a synchronization event which forces everyone to trigger SELL at the same time. It could be several decimal orders of magnitude variation in the transaction volumes, which makes capacity planning and even some data structure design quite important methinks...
U.S. Magistrate Judge Jerome Niedermeier ruled that a man accused of transporting child pornography has a Fifth Amendment right to keep his password in his head, not give it to prosecutors. In other words, the Fifth Amendment protects the right to keep passwords. <http://www.volokh.com/files/Boucher.pdf>
Michael Walton broke an encryption code in the AceCad software (a 3D modeling program for use in the construction of steel structures) which allowed him to make copies of it. He sold the copies for GBP 12 on eBay. The company has said that an AceCad licence costs between GBP 12,000 and 20,000. Walton, who reportedly had 80 identities on eBay, pleaded guilty to copyright infringement and will be sentenced in February. The maximum term to which he might be sentenced is 10 years. Precisely why he sold the package for less than 0.1% of its commercial value is not clear. The strength of the vendor's encryption has been questioned by some commentators. [Maybe he missed the K? PGN] http://www.channelregister.co.uk/2008/01/15/uk_software_pirate_ebay/ Peter Mellor Tel/Fax: +44 (0)20 8459 7669
The organization that has been set up to distribute set-top converter boxes (http://ww.dtv2009.gov) uses a database that was purchased from the US Postal Service in order to determine whether the applicant address is a business or a residence. My address was erroneously classified as a business. The USPS has corrected the error in their data base, but the set-top people don't seem to understand that there can be errors in their database because it isn't current.
*Technology Review* published results from usability (as opposed to security) reviews of voting machines, which find significant error rates due to user confusion. http://www.technologyreview.com/Infotech/20122/?nlid=850 Ben Bederson <http://www.cs.umd.edu/~bederson/>, an associate professor at the Human-Computer Interaction Lab at the University of Maryland, was part of a team that conducted a five-year study <http://www.brookings.edu/press/Books/2007/votingtechnology.aspx> on voting-machine technology. Bederson says that machines should be evaluated for qualities beyond security, including usability, reliability, accessibility, and ease of maintenance. Bederson has designed a prototype of a user-friendly voting machine. Whether electronic voting machines are under scrutiny for usability or security, many experts say that their design flaws call for reevaluation of the devices. Tadayoshi Kohno <http://www.cs.washington.edu/homes/yoshi/>, an assistant professor of computer science at the University of Washington, who has studied the security of several electronic systems, says, "My feeling of the electronic-voting community is that we started walking down a dark alley, and we know that it's very dangerous. We know that at the end of the valley is a safe place. As a philosophical question, I have to ask, should we continue going down this dark alley, or should we step back and figure out some other way we want to go to safety?"
This seems to have suddenly become a popular (and sometimes successful) way to try to steal money. Someone impersonating a Brinks carrier got away with over $100K in the DC area and it took some time for the bank to even realized it had been robbed. http://www.washingtonpost.com/wp-dyn/content/article/2008/01/10/AR2008011004339.html Another person wearing a uniform got into an apparently restricted area at a Brinks facility in Philadelphia and got his hands on $640K but was caught trying to get out. http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/01/17/national/a121606S03.DTL&tsp=1 The stories don't have enough detail to understand fully how security was breached but it sounds, from both articles, as if a uniform alone suffices to identify someone. No ID checks?
It happened again: a UK government institution lost quite a few data records of citizens. I won't bother to list the risks of leaving a laptop with unprotected data in a car; but again the major risk here is having people work with sensitive material who are either careless, uneducated or unaware of the sensitiveness of the data. http://www.timesonline.co.uk/tol/news/politics/article3213274.ece
More than 2,000 people in Medford (Mass.) were called with an automated message: Their children were not in class. So many parents started arriving at Brooks Elementary School to check on their children that officials put the place in lockdown. Superintendent Roy E. Belson said a telephone glitch occurred shortly after the district's automated calling system went through its update. Someone forgot to log out of the database before trying to send a message sometime before noon to the few parents whose children had been marked absent. [...] [One of the planned steps for preventing a recurrence is] posting a sign next to the phone system warning users to 'make sure you shut down the database before you go to message' mode." [Source: *The Boston Globe*, 31 Jan 2008] http://www.boston.com/news/local/articles/2008/01/31/phone_glitch_hangs_up_schools/
"Computer malfunction" and "flying manually" on an A319. What rot. Yes, I understand it is what the pilot said (or so it says on a note on an aviation forum cross-posted from another forum and supposedly written by a B757 first officer that was on the flight), but he has to say something to all the people in the back. Here is a link to the incident report in the Transport Canada Civil Aviation Daily Occurrence Reporting System: http://www.pprune.org/forums/showpost.php?p=3828916&postcount=42 They do not know if it was turbulence-related, system-related or both. When there is an upset, the A320-series aircraft have a set of so-called "Abnormal attitude laws". You can check out the FCOM description of these and other flight control laws in section 1.27.30 at http://www.smartcockpit.com/pdf/plane/airbus/A320/systems/0010/ or if you don't have time, a very brief comment at http://www.pprune.org/forums/showpost.php?p=3832144&postcount=60 or a little more time for a "Noddy's Guide to Airbus Flight Control Laws" at http://www.pprune.org/forums/showpost.php?p=3832616&postcount=64 I should warn that the "postcount" number on the links above may change as the forum is edited, which will send them to notes other than the ones I intend to reference, in which case one can simply search through the notes on the thread at http://www.pprune.org/forums/showthread.php?t=307936 to recover the referenced posts. Peter B. Ladkin Causalis Limited and University of Bielefeld, Germany www.causalis.com www.rvs.uni-bielefeld.de
Continuing from the story regarding a leaking coffee area causing a power outage on a Qantas jet last week, Australia's Sydney Morning Herald reported today that a former Qantas engineer has been charged with forging a maintenance engineer's license and maintaining jets without a license. SMH reports that one of the aircraft he was alleged to have performed unlicensed maintenance on was VH-OJM, the Boeing 747-438 that suffered a power loss and made an emergency landing in Bangkok. The risks of insufficient background checking for such high profile jobs (i.e., of the variety of "if this is done wrong, people can die") is obvious. One hopes Qantas revisits confirmation of correct credentials for all its engineering staff in light of this mishap. The SMH story can be found at: http://www.smh.com.au/news/news/qantas-engineer-charged-with-forgery/2008/01/15/1200419845101.html Preston de Guise <pdeguise@gmail.com> +61 414 978 190 http://www.anywebdb.com
While this may be true, the original story (Dixon, RISKS-25.02) was about magnetic interference at London City Airport, not London Heathrow. For those not familiar with London, there are a number of "London" airports. London City is very central and caters for short haul, mainly business traffic. London Heathrow is the main international hub and is situated on the Western fringes of Greater London, well away from the centre. The other London airports (Gatwick, Luton, Stansted) are tens of miles outside the greater London area. [Mistaken airport identification in Rees's item also noted by Mark Brader. PGN]
Following up from "Whole of UK Child Benefit records on CD lost in the post" http://catless.ncl.ac.uk/Risks/24.92.html#subj3 >Regarding the possibilities of fraud: > >The data includes: National insurance (NI) number Name, address and birth >date Partner's details Names, sex and age of children Bank/savings account >details ... quite useful for an identity fraudster, particularly the NI >number. There is plenty of scope here for a fraudster to redirect payments. I'm surprised that no mention has been made of one Jeremy Clarkson, an infamous celebrity motoring journalist. When the story broke about the loss of the Child Benefit Records on CD he rather rashly claimed that it was a storm in a tea cup, just a bit of scaremongering. To prove his point he published personal details and claimed there was nothing to fear. He is now 500 pounds poorer and a little wiser. http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/01/07/nclarkson107.xml http://www.guardian.co.uk/money/2008/jan/07/personalfinancenews.scamsandfraud At the time he wrote: "I have never known such a palaver about nothing. The fact is we happily hand over cheques to all sorts of unsavoury people all day long without a moment's thought. We have nothing to fear." However, yesterday he told readers he had opened his bank statement to find a direct debit had been set up in his name and £500 taken out of his account. "The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again," he said. "I was wrong and I have been punished for my mistake." He added: "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."
BKSTPTMN.RVW 20071110 "Software Testing Practice: Test Management", Andreas Spillner et al, 2007, 978-1-933952-13-0, U$44.95 %A Andreas Spillner spillner@informatik.hs-bremen.de %A Thomas Rossner thomas.rossner@imbus.de %A Mario Winter winter@gm.fh-koeln.de %A Tilo Linz tilo.linz@imbus.de %C 26 West Mission St, Suite 3, Santa Barbara, CA 93101-2432 %D 2007 %G 978-1-933952-13-0 1-933952-13-X %I Rocky Nook Inc. %O U$44.95 805-687-8727 fax 805-687-2204 joan@rockynook.com %O http://www.amazon.com/exec/obidos/ASIN/193395213X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/193395213X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/193395213X/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 321 p. %T "Software Testing Practice: Test Management" This book is intended to assist candidates who are writing the exam for the International Software Testing Qualifications Board (ISTQB) Certified Tester. Chapter one stresses the importance of software and software quality, and explains that the text is based on the ISTQB Certified Tester second ("Advanced") level, specifically the Test Manager module (excluding the topic of reviews). This chapter also presents an overview of the first ("Foundation") level as background. The tools and processes used to structure testing are outlined in chapter two. Testing is examined, in chapter three, in relation to the software life cycle. Problems with different development models are analyzed, but it is interesting that the complexity of the models is not covered as a risk factor. Criteria for a testing policy are discussed in chapter four. Chapter five mandates a formal test plan. The blueprint will be helpful for those who do not have a structure in place, but appears overly committed to items that are not inherently necessary for all trials. Controls to ensure and follow the progress of testing are detailed in chapter six. Chapter seven explains some of the common quality and process improvement models, and their implications for testing. Testing is used to detect faults or deviations in software, and chapter eight looks at the classification and handling of such issues. Chapter nine examines risk analysis with respect to software testing. The material follows most standard principles for risk management, and so is not wrong in any specifics, but the text fails to present helpful means for using this technique to best advantage. Various important skills that should be contained within the test team are listed in chapter ten. Test metrics are discussed, in chapter eleven, in an academic manner that is very similar to the style of chapter nine. In the same way, by attempting to apply a single process of evaluation to all test management software tools, the authors restrict the utility of chapter twelve. Chapter thirteen lists standards bodies, as well as some of the guidelines that relate to software development and evaluation. The book reflects the certification, and one cannot fault it for that. However, if the authors had been willing to move beyond the overall coverage of principles, they might have produced a more useful work. copyright Robert M. Slade, 2007 BKSTPTMN.RVW 20071110 rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org http://victoria.tc.ca/techrev/rms.htm
Please report problems with the web pages to the maintainer