Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Source: Tiebreaking Vote Cast by Dead Man; Runoff Required, AP item, PGN-ed. Thanks to Joseph Lorenzo Hall for spotting this one.] http://www.1010wins.com/Tiebreaking-Vote-Cast-by-Dead-Man--Runoff-Required/4443153 OGDENSBURG, N.Y. (AP) — A school board election ended in a tie after an absentee ballot from one candidate's dead brother-in-law was ruled invalid. Vicky Peo and John Wilson each received 388 votes Tuesday for a seat on the Ogdensburg City School Board. The tying tally came after an absentee ballot from Peo's brother-in-law, Franklin "Peanut'' Bouchey, was ruled invalid because he died three days before the election. Superintendent Timothy Vernsey said the ruling was based on both education and election law. Vernsey says a special election pitting Wilson against Peo must now be held. [This is one of those cases that might fall through different cracks in different places. If this voter had opted for in-person early voting, his actual completed ballot was supposedly not attributable to him, and could not have been individually revoked. We know that in-person voting and absentee voting generally have different RISKS. In this case they might also have had different RULINGS — especially the ambiguity of a one-vote margin under these circumstances might have caused a partisan judge to demand a revote anyway. Besides, dead people have been voting for many years — unfortunately, it seems to be an old tradition. And in some voting technologies, one-vote margins are statistically a virtual tie anyway. PGN]
>From http://www.nytimes.com/2009/05/12/science/12quan.html Interesting article on how the FBI processes thousands of forensic samples into its DNA database. Scant detailed information, but some mention of how the FBI plans to ramping up the quantity and quality of is processing by increasing automation. They claim that this will reduce the error rate, an= d maybe so (or not), but will the inevitable errors that remain be harder to detect and eliminate? (Is there a a nice catchphrase for the effect where information in digital form has more credibility than in other forms?) Excerpts: In a Lab, an Ever-Growing Database of DNA Profiles NY Times ... The computers contain the National DNA Index System <http://www.fbi.gov/hq/lab/codis/national.htm>, a database of 6.7 million genetic profiles, the world=92s largest repository of forensic DNA information. Under a 2005 federal law, the database will continue to include convicted felons, but it will also add genetic profiles of people who have been arrested but not convicted and of immigrant detainees =97 for an estimated 1.3 million more profiles by 2012. ... But keeping pace with the expansion of DNA databases is a major challenge for the agency, which has sought ways to speed the processing of DNA evidence. As of 2007, the Justice Department estimated the backlog at 600,000 to 700,000 samples. In 2002, the F.B.I. was processing about 5,000 DNA samples each year. With the help of new robotic systems, analysts with the crime lab plan to process 90,000 samples each month by 2010. ... In addition to speeding up DNA typing, the robotics will help avoid mistakes. Contamination and mislabeling have been documented in at least five states; the fewer hands needed to process DNA, the better, said Richard A. Guerrieri, chief of the forensic DNA lab. Despite these improvements, F.B.I. officials still expect to struggle to stay abreast of the millions of new DNA samples expected to pour into the lab. Federal officials said that when Congress mandated the database expansion, it did not provide enough money. ...
The recent arguments about just how much computerization of medical data will help ultimately need to face up to real data. Some such data recently appeared. http://www.journalacs.org/article/S1072-7515(09)00200-2/abstract (Full article requires membership or payment - I haven't read it.) Summarizing the abstract: The study looked at the effects of the introduction of a Computerized Physician Order-Entry System (CPOE) on patient safety and on efficiency. "A total of 15 (0.22%) medication errors were discovered in 6,815 surgical procedures performed during the 6 months before CPOE use. After implementation, 10 medication errors were found (5,963 surgical procedures [0.16%]) in the initial 6 months and 13 (0.21%) in the second 6 months (6,106 surgical procedures) (p = NS). Mean total time from placement of order to nurse receipt before implementation was 41.2 minutes per order ... compared with 27 seconds per order using CPOE (p < 0.01)." (The dramatic time decrease was primarily due to the elimination of a transcription step.) There was also a reduction in "ancillary personnel positions". The study concludes: "Present CPOE technology can allow major efficiency gains, but refinements will be required for improvements in patient safety."
[More details on the destruction and hackers would be interesting, as would some info on how a site running since 1996 wasn't backed up anywhere but ... on the site itself.] Hackers 'destroy' flight sim site Flight simulator site Avsim has been "destroyed" by malicious hackers. The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft's Flight Simulator. The attack took down the site's two servers and the owners had not established an external backup system. http://news.bbc.co.uk/2/hi/technology/8049780.stm
In the bowels of the world's most densely populated Meet-Me room — a room where over 260 ISPs connect their networks to each other — a phalanx of cabling spills out of its containers and silently pumps the world's information to your computer screen. One tends to think of the Internet as a redundant system of remote carriers peppered throughout the world, but in order for the net to function the carriers have to physically connect somewhere. For the Pacific Rim, the main connection point is the One Wilshire building in downtown Los Angeles. If this facility went down, most of California and parts of the rest of the world would not be able to connect to the Internet. Tour one of the web's largest nerve centers, hidden in an otherwise nondescript office building. http://www.wired.com/techbiz/it/multimedia/2008/03/gallery_one_wilshire http://en.wikipedia.org/wiki/Meet-me-room
While it will certainly be denied, the length of this outage can be directly attributed to the outsourcing of server administration to an Indian firm Tata Consultancy. Nielsen laid off (or drove off) many of its most important assets and replaced them with Indians brought into this country from India to run these servers. The vast majority of the talent being used is sub par with very little experience in dealing with a complex set of systems such as those used by Nielsen. See http://tvdecoder.blogs.nytimes.com/2009/05/06/tv-networks-frustrated-by-lengthy-ratings-delay/#comments for more information.
[bis(2-chloroisopropyl)ether == 2,2' dichlorodisopropyl ether!] That looked funny to me. I would have thought that both bis(2-chloroisopropyl)ether and 2,2'-dichlorodiisopropyl ether would refer, not just to compounds with the same numbers of atoms, but to the same structure — they should be chemical synonyms: Cl - CH2 - CH - O - CH - CH2 - Cl | | CH3 CH3 And sure enough they are, and the EPA knows it. Googling for each CAS number turned up useful pages, especially this one from US EPA: http://www.epa.gov/iris/subst/0407.htm Substance Name Bis(2-chloro-1-methylethyl) ether CASRN 108-60-1 At the bottom of the page is the update history for this chemical's record, including these: 06/06/2000 All CASRN changed from 39638-32-9 to 108-60-1 12/03/2002 I.A.6. Screening-Level Literature Review Findings message has been added. 03/15/2004 VIII. Edited synonyms. 11/30/2007 All Chemical name changed from bis(2-chloroisopropyl) ether to bis(2-chloro-1-methylethyl) ether. So, the 39638-32-9 number is a few years out of date and worth correcting, but it's not the kind of confusion that the matching chemical formulas suggested. (I may well have other complaints about the IL EPA, but not this one.)
... can't break through their own firewall I do need to preface this with the usual caveat about the risk of taking news stories at face value and setting policy in response to incidents. That said ... Just curious — did anyone think of just playing the audio over a standard phone line by holding the phone near a speaker? Did any involved in the inquest think to ask that question? Perhaps the bigger problem here is the reliance on the artifacts of technology without basic understanding. But then how is it any different from falsely ascribing to broadband the properties that are really due to Internet connectivity (my current sound bite)? In this case the audio was in the computer silo not the telephony silo. To be fair, the failure to be creative is a general problem — and one can be taught not to think creatively by punishing exceptions like this one very close to home, in which a cafeteria worker was suspended for offering students an alternative to vegiburgers when their promised grilled cheese sandwiches failed to arrive. http://www.boston.com/yourtown/news/newton/2009/05/by_calvin_hennick_globe_c orres_1.html Well, I guess if someone thinks about it it could be added to the long list of enumerated exceptions to the long list of rules. After all the term "ambulance chaser" is a reminder of better dead than sued.
> ...Subject: Canada's tax agency computers pile up > ...To properly destroy a drive, they say, it should be run through > commercial equipment that slices it into bits no bigger than the width of > a pencil." [from *The Week* mag. 8 May 2009, page 8] RISKS readers will recognize immediately that the size of the chunks, if you are doing it this way, will have to be small enough to make the content on one chunk of no utility. At the density of a HDD, a pencil width holds quite a bit of data. I won't do a calculation for you, but clearly this is not small enough for a disk that holds even 100 gigabyte on 10 sq.in. (10 gigabytes/sq.in.) Fred Cohen & Associates, 572 Leona Drive Livermore, CA 94550 1-925-454-0171 http://all.net/ Join http://tech.groups.yahoo.com/group/FCA-announce/join
In the last several issues of RISKS, there have been a disproportionate number of stories about how the roof was going to fall in because there was a "large data breach including people's (US) Social Security Numbers". It seems worth taking a look again, explicitly, at why exactly that's a problem... as that's not the underlying cause of the trouble, and no one seems to be working on the thing that *is* the underlying cause, despite over a decade — at least — of us flogging it around the barn here in RISKS. The problem, of course, is one of authentication, on two levels. The second is easier to solve, but not as applicable to identify theft; the first bears directly on identity theft (more properly, "unauthorized credit reputation injury"), but is much harder to solve. == The first and larger problem is one of authenticating that a random person presenting themselves to you is actually the individual — with a name, address, and possibly SSN — whom they say they are, and not someone who has stolen that person's credentials. The other half of that is interlocking credit grantors with credit bureaus so that they all agree they're talking about the same person... without the requirement that the US start issuing national ID cards, which is a major third-rail political issue — to the point where states were refusing to implement the RealID program for driver license conformation promulgated by the last administration. The second problem is authenticating already existing customers who wish to make changes to their accounts. This one is far easier to do properly; it entails two major points: 1) Using ad-hoc authenticators instead of "things only the customer should know". Once your mother's maiden name or the city in which you were born — or your Social Security Number (which the government says should not be used as an authenticator for this sort of thing in the first place) "leak", they're useless as authenticators, because they never change. In fact, Microsoft/Carnegie Mellon research to be released at the IEEE Symposium on Security and Privacy this week shows just how insecure "fixed" challenges (obvious ones like Mother's Maiden Name, chosen by the business, not the customer) actually are: 1 in 4 chance of guessing by people who know the individual, *1 in 6* by random strangers. http://it.slashdot.org/article.pl?sid=09/05/19/0037208 The only thing valid as an authenticator is a challenge and response *both chosen by the customer* — at the time of account creation once you've authenticated the customer's ID, or in some secure out of band fashion when a breach may have occurred. 2) Anyone who holds authenticator information in a customer database needs to audit access to it, and do something about the audit data they gather; watching for patterns at the least, and actually checking who had access to it if an adverse report is made — this is partially to protect from bad actors at the granting company, and partly to make it possible for customers stupid enough to use the same authenticator at multiple suppliers to determine who leaked it if they are stuck with fraudulent transactions. We all know that people *shouldn't* reuse authenticators, but planning systems around the idea that they won't is ... a poor design choice? But even this seems too much for most companies: I have seen, in my personal interactions with card companies, utilities, and the like, occasional bursts of "we'll let you specify an authenticator question and answer, if you don't like any of our pre-specified choices" (and you shouldn't), but they're a) few, b) far between, and c) tend to go away again, mostly because they were some smart person's good idea, instead of CIO level fixed company policy, which is apparently what's necessary. In at least one case, I have such an authenticator, but the agents are always bemused to see it, because that option "hasn't been offered for some years, now". == That first problem I mentioned, though, is the sticker: how do you authenticate that a person is validly whom they claim to be when, randomly, they walk up to you and ask to open an account — or worse, call, write, or web into you and ask to start an account. Lots of companies placed in this position use the knowledge of an SSN — and let's be clear here; it's not just the contents of the SSN that are the authenticator, *it's the fact that you know it* — as authentication that you are who you say you are. [ Here comes the money quote :-) ] And the result of that is that they've overloaded the semantics of a SECRET onto a datum that was never meant to be secret — or, more to the point, to *need* to be secret. In consequence of which, lots of older systems don't treat it that way — they don't obscure it from view, or audit access to it. And it travels around in cleartext since it is not *only* an authenticator, but *also* an *identifier* — and this is the root cause of the problem. It *must* be plaintext to be usable as an identifier... and it *must not* be plaintext to be useful and safe as an authenticator. [ Does that state it clearly enough? ] At the moment, though, companies don't necessarily have any choice, since there's no other cookie that can be passed from a customer to a credit grantor to a credit reporting agency, and uniformly identify the same person. == That's my analysis of the problem, anyway, and since I don't recall seeing anyone really break down, either in the public press or in more technical fora like RISKS, exactly where the failure lies, I have to assume that -- even though I know there are lots of people out there smarter than me — the problem might well be that the people in position to fix it don't really know why it's a problem, be they systems designers, CIO's or legislators. Since the problem affects both credit granting vendors *and* credit-reporting agencies on the way to affecting the customers, it's likely they will both have to cooperate to solve it. One possible solution, as much as I hate granting to CRAs even more power than they already — some say, unjustly — possess, is to have the CRAs authenticate creditors directly in some reasonable fashion, and then do a one-time cookie-authentication system for customers to authenticate themselves to new credit-grantors, similar in spirit to the one-time credit card numbers which some banks now issue for on-line purchases. This will not fix the second, smaller problem — at least not directly -- but would pretty much wipe out the larger problem or identify theft: if you can't open a new account without tight coupling to the agency which authenticates both you and the seller to one another, then people can't run up bills in your "name", sticking you with both the bill and the reputation problems. Since this would probably reduce the incidence of credit fraud in general quite markedly, I can't imagine that the credit grantors wouldn't want to participate in such a system. Even if those commercial parties are on board, though, the problem of making the system design generally palatable to the public who also have to cooperate is a tough one, and one for which I don't have a specific answer yet. It will be interesting (at least to me :-) to see what opinions others in the RISKS community have to my delineation of the questions, at least. Jay R. Ashworth, Ashworth & Associates, St Petersburg FL +1 727 647 1274 http://baylink.pitas.com http://photo.imageinc.us email@example.com
An airplane on a take-off run clearly could perform an automatic sanity check (comparing thrust settings and actual acceleration with gross weight, air speed/temperature/pressure, flap settings ...) and raise an alarm if something's seriously amiss. (It cannot easily automatically know other important things like runway length, aerodynamic effect of ice on wings, obstacles ...). Indeed, the Halifax report does briefly mention that authorities suggest "systems to warn crews of inadequate take-off performance." So what's the problem with the development and installation of such systems? Technical complexity? Expense? Reliability? Training? Longer checklist for pilots? Legal mess with false positives/negatives?
> ... one must believe that waiting lists, which exist in virtually all known > government run health care systems, do not matter. Waiting lists also exist in virtually all known private health care systems. As an long-term ex-private patient, who has now been forced back onto the Australian public health-care system for financial reasons, I've experience the best and worst of both ends of the spectrum. In my experience, there's very little between them in Australia - both in terms of the quality of the care, the compassion and training of the staff, and in the waiting time for access. I've spent much more time in the waiting rooms of specialist doctors who charge highly for their services, as I do with my local bulk-billed (government paid) local doctor. It is true that my public-hospital hip replacement waiting time would have been shortened from three months, down to one month — but since I'd put up with the problem gradually worsening over the previous three years, this was hardly consequential. If it had been heart surgery, there would have been no difference. However the total cost of the hip replacement to me --- hospital, surgeons, prosthesis, and everything was zero. Loss of productivity for the nation -- also zero. Risk of dying while waiting the extra two months — not far above zero I think Ms Gorman needs to get out of Colorado and see how the rest of the world operates before she influences the setting of the state's health-care policy. Stewart Fist, 70 Middle Harbour Rd, LINDFIELD, NSW 2070 Australia
Re: FAA ATC shutdown (McIntyre, RISKS-25.67) > It is important for government to be open to the people in identifying > problems, but some stuff needs to be kept confidential from potential > trouble makers. [Thanks, Fred. I was hoping someone would make that observation! PGN]
> Linda Gorman's note is a partisan rant where it suggests that government > is uniquely incompetent. That rant doesn't belong in RISKS. In common (US) parlance, "partisan" refers to a bias in favor of one of the two political parties enfranchised by voting regulations: Democrat or Republican. Since both parties routinely promote increased government power as the superior solution to nearly every problem or issue (differences are in the details, and increasingly marginal; e.g - the recent "rescue" of the financial system, begun by a Republican regime, embraced and extended by the Democrat politicians who replaced that regime), I fail to see how Mr. Kaiser's characterization of her post as "partisan" (even if his analysis is accepted at face value) is at all accurate. Further, how is the opinion expressed in Ms. Gorman's post less appropriate to this list than the many others that I have read here on various topics suggesting that government is uniquely competent? > Shall we talk about voting devices? Electronic voting systems are IT projects largely contracted by government exclusively to favored private (some would write "mercantilist") contractors (Diebold, Sequoia, etc.) For well over a decade, ATC (tracon & en route alike) systems have been IT projects largely contracted by government exclusively to favored private (some would write "mercantilist") contractors (LockMart, SunHelo<sp?>, etc.) And the point of differentiation was intended to be?
Excerpted from Bruce's CRYPTO-GRAM, May 15, 2009 <firstname.lastname@example.org> Daniel Gardner's The Science of Fear was published last July, but I've only just gotten around to reading it. That was a big mistake. It's a fantastic look at how humans deal with fear: exactly the kind of thing I have been reading and writing about for the past couple of years. It's the book I wanted to write, and it's a great read. Gardner writes about how the brain processes fear and risk, how it assesses probability and likelihood, and how it makes decisions under uncertainty. The book talks about all the interesting psychological studies -- cognitive psychology, evolutionary psychology, behavioral economics, experimental philosophy — that illuminate how we think and act regarding fear. The book also talks about how fear is used to influence people, by marketers, by politicians, by the media. And lastly, the book talks about different areas where fear plays a part: health, crime, terrorism. There have been a lot of books published recently that apply these new paradigms of human psychology to different domains — to randomness, to traffic, to rationality, to art, to religion, and etc. — but after you read a few you start seeing the same dozen psychology experiments over and over again. Even I did it, when I wrote about the psychology of security. But Gardner's book is different: he goes further, explains more, demonstrates his point with the more obscure experiments that most authors don't bother seeking out. His writing style is both easy to read and informative, a nice mix of data an anecdote. The flow of the book makes sense. And his analysis is spot-on. My only problem with the book is that Gardner doesn't use standard names for the various brain heuristics he talks about. Yes, his names are more intuitive and evocative, but they're wrong. If you have already read other books in the field, this is annoying because you have to constantly translate into standard terminology. And if you haven't read anything else in the field, this is a real problem because you'll be needlessly confused when you read about these things in other books and articles. So here's a handy conversion chart. Print it out and tape it to the inside front cover. Print another copy out and use it as a bookmark. Rule of Typical Things = representativeness heuristic Example Rule = availability heuristic Good-Bad Rule = affect heuristic Confirmation bias = confirmation bias That's it. That's the only thing I didn't like about the book. Otherwise, it's perfect. It's the book I wish I had written. Only I don't think I would have done as good a job as Gardner did. The Science of Fear should be required reading for...well, for everyone. The paperback will be published in June. http://www.amazon.com/exec/obidos/ASIN/0525950621/counterpane/ A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/04/book_review_the.html
Please report problems with the web pages to the maintainer