The RISKS Digest
Volume 25 Issue 74

Wednesday, 22nd July 2009

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Elements of Programming, Alexander Stepanov/Paul McJones
The NSA wiretapping story nobody wanted: Whistleblower Klein
Amazon Erases Orwell Books From Kindle Devices
Brad Stone via Monty Solomon
Re: Amazon takes-back Kindle e-books
Hal Murray
Net-filtering tables turned
Geoff Kuenning
Jonathan Zittrain, "Lost in the Cloud"
Re: cloud computing & server loss
Harlan Rosenthal
Ruhr University team breaks code of KeeLoq system
David Lesher
U.S. Passport RFID security
Erica Naone via Monty Solomon
U.S. Passports: Special alloy sleeves urged to block hackers?
Todd Lewan via Monty Solomon
Arming ATMs with Pepper Spray?
Thomas Dzubin
Eye tracking to prevent screen snooping
Peter Houppermans
U.S. Withheld Data on Risks of Distracted Driving
Matt Richtel via Monty Solomon
Adobe Terms Gone Wild
Gene Wirchenko
Taiwan president in ruckus over prerecorded web messages
Canadian Mint says missing gold may have been stolen
Darryl Dueck
Re: July 4 cyber attack
Joseph Brennan
Risks of hierarchical map displays
Paul Wallich
An interesting reversal of the usual credit card problem
Roger Leroux
"Don't freak out," says ING Direct. At least I THINK it's ING Direct!
Daniel P. B. Smith
Info on RISKS (comp.risks)

Elements of Programming, Alexander Stepanov/Paul McJones

"Peter G. Neumann" <>
Wed, 22 Jul 2009 9:39:04 PDT

Alexander Stepanov and Paul McJones
Elements of Programming
ISBN 978-0-321-63537-2

What could be one of the most important books for developers of low-risk
systems has come to my attention, and deserves your consideration if you are
serious about understanding the mathematical foundations of programming and
applying them sensibly to your practice.  It is not an easy read, but it is
a very compelling approach.  To support its mathematically oriented
crispness, the book includes the definition of a small but elegant C++
subset that has been crafted by Sean Parent and Bjarne Stroustrup for
illustrative use in the book.  I believe this material should be taught
within all computer science curricula.

A long quote and a short one on the back jacket give an idea of what is

  Ask a mechanical, structural, or electrical engineer how far they would
  get without a heavy reliance on a firm mathematical foundation, and they
  will tell you, `not far.'  Yet so-called software engineers often practice
  their art with little or no idea of the mathematical underpinnings of what
  they are doing.  And then we wonder why software is notorious for being
  delivered late and full of bugs, while other engineers routinely deliver
  finished bridges, automobiles, electrical appliances, etc., on time and
  with only minor defects.  This book sets out to redress this imbalance.
  Members of my advanced development team at Adobe who took the course based
  on the same material all benefited greatly from the time invested.  It may
  appear as a highly technical text intended only for computer scientists,
  but it should be required reading for all practicing software engineers.
     — Martin Newell, Adobe Fellow

  The book contains some of the most beautiful code I have ever seen.
     — Bjarne Stroustrup

The bottom of the inside cover suggests that through this book you will come
to understand that mathematics is good for programming, and theory is good
for practice.  I applaud that sentiment.

The NSA wiretapping story nobody wanted: Whistleblower Klein

Wed, 22 Jul 2009 04:51:46 +0800

IDG News Service: By some estimates there are 15 to 20 of these secret
wiretapping rooms across the country. You're the only AT&T employee who has
come forward and talked about them in detail. Why?

Mark Klein: Fear. First of all it was a scary time. It still is a scary
time, but during the Bush years it was sort of a witch hunt atmosphere and
people were afraid. People are afraid of losing their jobs, and it's a rule
of thumb that if you become a whistleblower you'll probably lose your
job. And if you have a security clearance, you not only lose your job, but
you probably will be prosecuted by the government. The Bush administration
made that very clear in statements they made over and over again: 'Anybody
who reveals anything about our secret programs will be prosecuted and we are
running investigations to find out who leaked this to the New York Times.'
Well that puts a fear in people.

While campaigning against President George W. Bush, Barack Obama had pledged
that there would be "no more wiretapping of American citizens," but
President Obama's administration has continued to use many of his
predecessor's arguments when it comes to warrantless wiretapping.

Amazon Erases Orwell Books From Kindle Devices (Brad Stone)

Monty Solomon <>
Sat, 18 Jul 2009 14:42:33 -0400

In George Orwell's "1984," government censors erase all traces of news
articles embarrassing to Big Brother by sending them down an incineration
chute called the "memory hole."  On Friday, it was "1984" and another Orwell
book, "Animal Farm," that were dropped down the memory hole - by
In a move that angered customers and generated waves of online pique, Amazon
remotely deleted some digital editions of the books from the Kindle devices
of readers who had bought them.

An Amazon spokesman, Drew Herdener, said in an e-mail message that the books
were added to the Kindle store by a company that did not have rights to
them, using a self-service function. "When we were notified of this by the
rights holder, we removed the illegal copies from our systems and from
customers' devices, and refunded customers," he said.

Amazon effectively acknowledged that the deletions were a bad idea.  "We are
changing our systems so that in the future we will not remove books from
customers' devices in these circumstances," Mr. Herdener said.  [...]
  [Source: Brad Stone, *The New York Times*, 18 Jul 2009]

  [Lots of media coverage on this one, especially the 1984 connection.  See
  also an item from David Pogue's Posts: Some E-Books Are More Equal Than
  Others, 17 Jul 2009.  PGN]

Re: Amazon takes-back Kindle e-books

Hal Murray <>
Fri, 17 Jul 2009 16:37:27 -0700

I see two RISKS-related issues.  One is that it undermines the whole e-book
industry.  The other is a good reminder of what can happen with closed

It's been slashdotted and is in many online news sources and blogs.

Net-filtering tables turned

Geoff Kuenning <>
Tue, 07 Jul 2009 13:40:16 -0700

The July 7th, 2009 edition of "Ask Amy" (an advice columnist) tells the tale
of an interesting RISK of using net filtering and online systems to control
your children.  Briefly, a high-school student's father was using the
school's "check up on your kids" Web site to an excessive degree.  The
fed-up student used the family's parental control software to find out how
often the dad was visiting the site (answer: three times daily) and in the
process learned some unsavory details about Dad's browsing habits.,0,2095115.column

I suppose the RISK lies in assuming you're smarter than your kids...and
forgetting that most tools can be used in multiple ways.

Geoff Kuenning

In any large population, there are some people who aren't very bright.
That's not their fault, it's just in their genes.  As an engineer, I have a
responsibility to design things that won't kill off the slower ones, just as
I have a responsibility to design things that won't harm my neighbor's dog.

Jonathan Zittrain, "Lost in the Cloud" (NYTimes Op-Ed)

"Peter G. Neumann" <>
Mon, 20 Jul 2009 8:12:56 PDT

  [I read this over breakfast on paper.  Thanks to Lauren Weinstein
  for the URL.]

Jonathan Zittrain, Lost in the Cloud, *The New York Times*, 20 Jul 2009

Earlier this month Google announced a new operating system called
Chrome. It's meant to transform personal computers and handheld devices into
single-purpose windows to the Web. This is part of a larger trend: Chrome
moves us further away from running code and storing our information on our
own PCs toward doing everything online - also known as in "the cloud" -
using whatever device is at hand.

Many people consider this development to be as sensible and inevitable as
the move from answering machines to voicemail. With your stuff in the cloud,
it's not a catastrophe to lose your laptop, any more than losing your
glasses would permanently destroy your vision. In addition, as more and more
of our information is gathered from and shared with others - through
Facebook, MySpace or Twitter - having it all online can make a lot of sense.

The cloud, however, comes with real dangers. [...]

Re: cloud computing & server loss (RISKS-25.73)

Harlan Rosenthal <>
Thu, 16 Jul 2009 22:14:27 -0400

Cloud Computing certainly exposes one to the consequence of other people's
actions, but law enforcement's lack of selectivity is nothing new.  Consider
the Secret Service raid on Steve Jackson Games years

Ruhr University team breaks code of KeeLoq system

David Lesher <>
Fri, 10 Jul 2009 14:20:35 -0400


Ruhr University scientists say it is now relatively straightforward to clone
the remote control devices that act as the electronic keys.  They have
overcome the KeeLoq security system, which is made by US-based Microchip
Technology and is used by Honda, Toyota, Volvo, Volkswagen and other
manufacturers to transmit access codes using radio frequency identification
technology.  The KeeLoq's security relies on poor key management, in which
every key is derived from a master that's stored in the reading device.
Moreover, it uses a proprietary algorithm that had already been shown to
generate cryptographically-weak output.

U.S. Passport RFID security (Erica Naone)

Monty Solomon <>
Fri, 17 Jul 2009 13:37:36 -0400

Meanwhile, although experts say that some RFID technologies are quite
secure, a University of Virginia security researcher's analysis of the NXP
Mifare Classic (see Hack, November/December 2008), an RFID chip used in fare
cards for the public-transit systems of Boston, London, and other cities,
has shown that the security of smart cards can't be taken for granted. "I
think we are in the growing-pains phase," says Johns Hopkins University
computer science professor Avi Rubin, a security and privacy researcher.
"This happens with a lot of technologies when they are first developed."
...  [Source: Erica Naone, RFID's Security Problem: Are U.S. passport cards
and new state driver's licenses with RFID truly secure? Technology Review,
Jan/Feb 2009; PGN-ed]

U.S. Passports: Special alloy sleeves urged to block hackers?

Monty Solomon <>
Sat, 18 Jul 2009 14:42:33 -0400
  (Todd Lewan)

To protect against skimming and eavesdropping attacks, federal and state
officials recommend that Americans keep their e-passports tightly shut and
store their RFID-tagged passport cards and enhanced driver's licenses in
"radio-opaque" sleeves.  That's because experiments have shown that the
e-passport begins transmitting some data when opened even a half inch, and
chipped passport cards and EDLs can be read from varying distances depending
on reader technology.
  [Source: Todd Lewan, The Associated Press, 12 Jul 2009; PGN-ed]

Arming ATMs with Pepper Spray?

Mon, 13 Jul 2009 08:32:38 -0700 (PDT)

Now I've seen everything...

Apparently, a leading South African bank has fitted 11 ATMs around the Cape
Peninsula with pepper spray cans in an effort to prevent card skimming and
ATM bombing.

I guess the person who thought of this wasn't a reader of Risks Digest.

According to the following Guardian article
 ...the mechanism backfired in one incident last week when pepper
 spray was inadvertently inhaled by three technicians who required
 treatment from paramedics.

 Patrick Wadula, spokesman for the Absa bank, which is piloting
 the scheme, told the Mail & Guardian Online: "During a routine
 maintenance check at an Absa ATM in Fish Hoek, the pepper spray
 device was accidentally activated.

 "At the time there were no customers using the ATM. However,
 the spray spread into the shopping centre where the ATMs are

What's next?  PCs that pepper spray their users when they download a virus
or malware?  Hmmmm... perhaps not a bad idea :-)

Thomas Dzubin, Calgary, Saskatoon, or Vancouver CANADA

Eye tracking to prevent screen snooping

Peter Houppermans <>
Wed, 08 Jul 2009 11:56:07 +0200

This is IMHO a rather promising new development in security, mainly because
it appears to promise more security without too much usability impact.  And
it may ruin Powerpoint presentations, another point in its favour :-).  It
neatly uses the fact that most modern laptops have a camera built in.


Anderson calls it his "aha" moment — a flash of insight from which he drew
a career-altering connection between decades-old research and his job as a
computer security expert.  Nearly two years ago, Anderson had a comfortable
job as vice president at an established computer security company. But while
reading "Consciousness Explained," a book by philosopher Daniel Dennett,
Anderson learned about one scientist's research into variations in the way
the human eye reads and processes text and images.
"This obscure characteristic ... suddenly struck me as (a solution to) a
security problem," said Anderson, 42, who has a doctorate in cryptology.
"I said, 'Holy cow. No one has thought of using this to protect the
contents of a screen.' It was just some obscure research."

Anderson quit his job at SafeNet, raised $1.2 million in seed money from
friends and family and plunged full time into developing his idea — a
software program that allows only an authorized user to read text on the
screen, while everyone else sees gibberish. [..]

The private version of the product can already be bought from the company at, at a price well below your average privacy screen.
From their website it appears the "look, your mother is watching" Pro
version is not yet released.

U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel)

Monty Solomon <>
Wed, 22 Jul 2009 00:08:23 -0400

In 2003, researchers at a federal agency proposed a long-term study of
10,000 drivers to assess the safety risk posed by cellphone use behind the
wheel.  They sought the study based on evidence that such multitasking was a
serious and growing threat on America's roadways.  But such an ambitious
study never happened. And the researchers' agency, the National Highway
Traffic Safety Administration, decided not to make public hundreds of pages
of research and warnings about the use of phones by drivers - in part,
officials say, because of concerns about angering Congress. ...
[Source: Matt Richtel, *The New York Times*, 21 Jul 2009; PGN-ed]

Adobe Terms Gone Wild

Gene Wirchenko <>
Mon, 13 Jul 2009 16:47:50 -0700


   Would you like to report a bug in an Adobe product?  Here is the URL:

They do have rather stringent terms.  You have to affirm lots of things
about interest in your bug report, oops, Idea.  My favourite bit is "You
represent and affirm that you are 18 years of age or older."  Oh, to be 17

How many people take one look at that page and decide not to bother?  Does
this affect the quality of Adobe software?

Taiwan president in ruckus over prerecorded web messages

Mon, 20 Jul 2009 14:33:23 +0800

Taiwan President Ma Ying-jeou was criticized after prerecorded Internet
messages leaked out.

Experienced Internet surfers found the messages due to be broadcast the next
two weeks had already been recorded. The surfers only had to change the
dates on the presidential website to see the new messages.

Presidential Office Spokesman Wang Yu-chi said Ma had prerecorded the
videos, which were supposed to address current affairs, adding that Ma would
remake the videos, and asked the person who first discovered the messages to
come forward and receive a "small prize" from the Presidential Office.

Canadian Mint says missing gold may have been stolen

"Darryl/Becky Dueck" <>
Mon, 6 Jul 2009 19:36:58 -0500

Money is missing, and all they're saying is, "we'll look into it - we have
one of the most secure facilities in the world".  I can't believe how little
uproar there has been.  -Darryl Dueck, Winnipeg, MB CANADA

The Royal Canadian Mint said Monday that $15.3 million worth of gold missing
from its vaults could have been stolen.  The gold was reported missing last
fall, but officials at the mint said they had hoped they would find that an
accounting error was responsible.

A review conducted by auditors Deloitte and Touche, however, recently
concluded that the gold wasn't simply forgotten during inventory.  "The
unaccounted for difference in gold does not appear to relate to an
accounting error in the reconciliation process, an accounting error in the
physical stock count schedules or an accounting error in the record keeping
of transactions during the year," the company concluded in a report released

Christine Aquino, director of communications with the mint, said that many
possible scenarios are being considered.  "We're not going to speculate on
the cause just yet.  We're not giving up on this. We're going to pursue this
rather vigorously."  Aquino said the mint asked the RCMP to look into the
matter two weeks ago.  She said in the meantime, the mint is prepared to
follow three of Deloitte and Touche's recommendations concerning its
accounting procedures and building security.  "They've also asked that we go
through our security measures for review.  But it's just one of the avenues
we're pursuing. We have one of the most secure facilities in Canada, if not
the world."  [Source: CBC News, 29 Jun 2009]

Re: July 4 cyber attack (RISKS-25.73)

Joseph Brennan <>
Fri, 17 Jul 2009 10:50:23 -0400

The attacks on web sites from Korea made the news, but there was at least
one attack on email, at  More than 26,000 hosts in Korea
connected to the mx pool, collectively 160,000 times an hour,
and then just sat there.  Our network monitoring showed that they sent some
bytes that may have been a HELO string, but they did not send MAIL.

Our system responds by forking a sendmail process for each connection, and
even though they were mostly doing nothing waiting for data, the system load
went up.  However, it is summer at an edu, and we are pretty well
provisioned anyway, so the effect was "hm, that's funny, wonder why the load
is that high" rather than "OMG the sky is falling".

We shortened the timeout waiting for MAIL, and rate-limited the
worst-offending IP blocks, and got the load back to normal.  The attack was
not continuous throughout the weekend.  Maybe the botnet had other missions
part of the time.  Like the http attacks, it stopped during the following

Possibly the goal was that we would be forced to blackhole South Korean IP
space in order to function.  Columbia University has a significant number of
people with personal and academic contacts in South Korea.

Joseph Brennan, Lead E-mail Systems Engineer
Columbia University Information Technology

Risks of hierarchical map displays

Paul Wallich <>
Mon, 20 Jul 2009 22:30:01 -0400

The other day, for no good reason, I got misplaced on some local dirt
roads. "No problem," I thought, because my car had a GPS and a map database
that actually knew about all those dirt roads. But when I zoomed the display
out far enough to see where the nearest paved road back to exurbia might be,
all the dirt roads disappeared, and I was apparently driving through a
void. So I couldn't figure out which road would take me back to pavement,
because I couldn't display both the roads I was on and the one I wanted to
get to at the same time.

Obviously, I could have pulled over and used pan as well as zoom controls,
or asked for directions to some known point (and hoped none of the dirt
roads on the route was closed or washed out). But that would have required
both presence of mind and a place to park where I could be sure of getting
back on the road after figuring out location and route.

I wonder whether such hierarchical displays contribute to some of the
GPS-aided navigation debacles that sometimes grace this publication — a
driver may have some idea that they're going the wrong way, but their
display doesn't offer enough information to plan a new route easily, and the
psychological pressure to keep moving forward can increase as conditions get

An interesting reversal of the usual credit card problem

Roger Leroux <>
Thu, 16 Jul 2009 23:00:38 +0000

There's a board game company called GMT Games ( They have
a "pre-order" system in place that lets you order a game before it is
published (they call it the P500 system), and in order to participate you
need to provide them with a credit card number.

Recently, I and other customers received this e-mail from them:

"Please Update Your Online Credit Card Information

Ugh! Microsoft strikes again! As you probably know, we encrypt your credit
card data, several times, to make sure that your data is always safe online.
Well, a recent Windows update done by our service provider apparently
modified the encryption key used to decrypt the data for us to read and use
for charging. Please don't worry about your cc info. *There was absolutely
no security issue here. In fact, it's quite the opposite. For any card that
you entered into our system before July 4, neither we nor anyone else can
read the card # (as the encryption key was changed).* There is no problem
with cc #s entered after July 4.

So we're asking you guys to please go into your online account in the next
day or two and update the credit card # that is listed there (for many of
you it will now look like a long string of alphanumerics) with your correct
# so that we can charge the games slated to begin charging on Monday, July
13th. If you guys have any questions about this, or would prefer to do this
by phone or online chat, please don't hesitate to contact our office
ladies either on our website or at our toll-free number. They'll be happy to
help you get the data re-entered if you'd like some help. We apologize for
any inconvenience this may cause."

It was nice that for a change no personal information was leaked, but I
think this highlights the problems of applying OS updates without the
ability to do a rollback or for that matter, having a backup of the original
(suitably encrypted of course) data.

"Don't freak out," says ING Direct. At least I THINK it's ING Direct!

"Daniel P. B. Smith" <>
Wed, 22 Jul 2009 11:53:08 -0400

Every time I turn around, a bank website presents me with glaringly obvious
RISKS about which one can only say "what _were_ they thinking?

1) When I click on "View My Account" at , I am
taken to a login screen headed by a bold blue notice:

  "Our site will be getting a minor facelift soon. So if you notice
  anything different after you sign in, don't freak out. You're in the
  right place."

*That* should train customers to be vigilant.

2) I opened a bank account at a local bank, and went through all the silly
rigamarole about picking a picture and so forth, and got to the idiotic
"security questions." This site is one of the kind that forces you to select
from a limited list of bad options, which usually manage to be both insecure
yet difficult to remember (Let me think, did I enter the answer as "Main
Street," "main street," or "Main st."?)

But one made my jaw drop: one of the available choices was "How many
children do you have?"

What are the chances that a stranger could successfully guess *that* one? By
comparison, my birthday is as strong as Fort Knox.

Please report problems with the web pages to the maintainer