The RISKS Digest
Volume 26 Issue 54

Saturday, 27th August 2011

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Air France 447: Smart planes still vulnerable to human error
Matthew Kruk
Air France 447, the A330 EFCS, and extreme nose-up
Heather McNeil
British Columbia Medicine Mixup, doggedly
Gene Wirchenko
Man unable to open car from the inside and dies of dehydration
David Landgren
Bitcoin + Cloud Computing = Approx. USD$231K Up In Smoke
Mark Thorson
United Airlines uses 11,000 iPads to take planes paperless
Daniel Dilger via Monty Solomon
Chinese newscast apparently reveals their cyber warfare games
Danny Burstein
Death, taxes and identity theft
Suzanne Johnson
Visa to adopt chip & pin in the US
Jeremy Epstein
4G and CDMA reportedly hacked at DEFCON
Lauren Weinstein
Why Governments Are Terrified of Social Media
Lauren Weinstein
Transaction without a password is more secure?
Jonathan Kamens
Re: The Anti-Malware Follies
Rob Slade
Workshop on Cryptography for Emerging Technologies and Applications (Caswell Sara J. <>
Info on RISKS (comp.risks)

Air France 447: Smart planes still vulnerable to human error

"Matthew Kruk" <>
Thu, 18 Aug 2011 18:23:47 -0600

On flight 447, the handoff from computer to pilots proved fatal for the 228

... The Airbus A330, like other new-generation airliners, is controlled by a
computer, in theory a sort of super-pilot, never tired or distracted, with
lightning-fast reflexes and an encyclopedic knowledge of how best to
fly. The human pilot still uses the stick and throttles in the traditional
way, but commands go to the computer, which in turn executes them. If the
pilot tells the airplane to bank too steeply or fly too slowly or too fast,
the computer will not comply. Its "laws" are intended to protect against
pilot errors that, far more often than mechanical failures, have led to

The transition from mechanical to digital flight controls has brought about
a shift in the way pilots are trained. Basic flying skills - the ability,
for instance, to recover from unusual situations or to intuitively sense
what an airplane is doing or is about to do - receive less and less
emphasis. Testable knowledge of airplane systems and standardized flight
procedures takes precedence. ...  But we are still in transition, and Flight
447 fell victim to a philosophical inconsistency. The computer was supposed
to protect the pilots from themselves, but in a pinch it threw up its hands
and abruptly turned over control to a startled and unprepared human crew.

Air France 447, the A330 EFCS, and extreme nose-up

Heather McNeil <>
Thu, 18 Aug 2011 15:31:37 -0700 (PDT)

The second section of a recent "Ask the Pilot" article
has some comments from an A330 captain regarding Air France flight 447: “We
know the airplane stalled, but the interim reports do not detail how the Air
France pilots reached this point in the first place. No way do I believe
that the pilots manually commanded an extreme nose-up input, as the report
is claiming. To say that a pilot would, for an "unreliable airspeed event,"
initiate a 7,000-foot-per-minute climb, with 16 degrees of nose-up input, is
crazy.  But the electronic flight control system (EFCS) of the A330 is
capable of generating this magnitude of performance on its own, if, say, the
overspeed protection mode was activated by the blocked pitot probes. This is
what the A330 simulator displays when this fault is inserted. The auto trim
also runs up to about 13 degrees of nose-up trim—the same figure
mentioned in the interims—and reduces the nose-down authority for the
resulting stall.'' The pilot cannot override the EFCS quickly when it is
misbehaving. The checklist procedures for this are time-consuming and
confusing. The `unreliable airspeed' checklist is also ineffective if the
EFCS takes control of pitch, as the pilot is locked out.

British Columbia Medicine Mixup, doggedly

Gene Wirchenko <>
Sun, 21 Aug 2011 21:24:46 -0700

"The Daily News", Kamloops, British Columbia, Canada; Saturday,
August 13, 2011; pages A1 and A2.

MISTAKE: Canine illness causes cancer confusion;
Man baffled by medical questions

PRINCE GEORGE—A B.C. man was forced to convince his doctor and his
girlfriend that he doesn't have cancer after a mixup with the province's
pharmacy system confused him with his dog.  It turned out that Rick
Gillingham of Prince George does not have cancer, but his dog, Cooper, was
taking the medication phenobarbital for canine epilepsy.

When Gillingham went to the local university hospital for a simple
painkiller recently, the doctor started asking him questions about his
cancer.  "I told him, 'I don't have cancer,' and he kept telling me not to
be coy, that nobody was within earshot, so it was all right to talk about it
and he needed to know," said Gillingham.

Gillingham's girlfriend overheard the conversation from the waiting room,
prompting her to storm in and demand to know why she was kept out of the
loop, too.  "She was saying things like, 'They are professional, they don't
make these kind of mistake.'  And I really didn't know what to tell her.  I
was at a loss for words."

As Gillingham attempted to convince his girlfriend that he wasn't sick, the
doctor finally revealed the source of the confusion.  "As well were yakking
about it, the physician piped up and said, 'Well, if you're not the one
taking the phenobarbital, who is?'  And as soon as he said that, the light
went on for her.  It was for the dog, not for me.  I didn't even remember
the name of the dog's stuff, but she did and it all clicked."

Cooper's veterinarian had prescribed phenobarbital to ease the animal's
canine epilepsy.  But when the dog's medication was entered into the
province-wide PharmaNet system, there was nothing to indicate that
Gillingham and his dog were not the same person—or even the same species.
Adding to the confusion, the vet's name is identical to a well-known cancer

"It would probably not have been harmful (if Gillingham took the dog's
drugs), but if someone else had this happen, it could be life-threatening,"
said his girlfriend, Charlaine MacGillivray.  "There should be some way of
knowing the difference at a glance between human medication and animal meds.
This is scary stuff."

Bob Nakagawa, an assistant deputy minister in the province's Health
Ministry, said his department asked the College of Pharmacists of B.C. to
investigate what happened.  [THE CANADIAN PRESS]

  Scary Bits: 1) The doctor trusted the system despite protests.  2) The
  doctor said that Gillingham and he could not be overheard, but they were.
  3) The girlfriend trusted the system.  4) There was apparently no way to
  distinguish Gillingham and Cooper.  5) There are two very different kinds
  of prescribers with the same name.

Man unable to open car from the inside and dies of dehydration

David Landgren <>
Thu, 25 Aug 2011 15:09:07 +0200

Agence France Presse (AFP) reports of a man who, unable to escape, succumbed
to dehydration inside a locked car.

He and his brother had been nightclubbing and he had consumed lots of
alcohol. On arriving home, his brother got out of the car (one presumes,
hopefully, that he was the one driving) and went to sleep in his bed. He
took the car keys with him, but left the car unlocked. The first man
continued to sleep in the car. After a certain period of time, the locking
system activated and locked the doors.

In the house, everyone assumed he was asleep in his own bed. The car was
parked in the sun and the outside temperature was 40 degrees Celsius
(104F). It is not clear at what time he woke up, however, there is evidence
that he tried to break a window to escape. He did not succeed, and died of

Apparently, the locking system in this particular model (the car maker is
not specified in the article) has an interesting "feature": when the car is
locked and the keys are not in the cabin, one cannot open the car from the
inside. Pressing the unlock button has no effect.

This sounds unbelievable, but AFP rarely makes mistakes in reporting. If
it's true, then it's a particularly horrifying example of embedded systems

Bitcoin + Cloud Computing = Approx. USD$231K Up In Smoke

Mark Thorson <>
Fri, 19 Aug 2011 12:19:59 -0700

Bitomat, the third largest exchange for bitcoin—the cybercryptocurrency
not backed up by a government or any hard assets—lost its wallet.dat file
which held all of its bitcoins.

According to the article, this was due to using the wrong cloud computing
model on the part of the exchange, not any fault of Amazon's cloud computing
services.  A consequence of this latest bitcoin disaster has been the
acquisition of Bitomat by the largest exchange, Mt. Gox.

This article calls it a "bid to restore confidence in the bitcoin market".
I don't quite get how merging the two exchanges involved in the largest
bitcoin disasters restores confidence, but I suppose confidence can't get
any lower so anything you do must be an improvement.

United Airlines uses 11,000 iPads to take planes paperless

Monty Solomon <>
Thu, 25 Aug 2011 09:40:29 -0400

[Source: Daniel Eran Dilger]

United is the latest airline to ditch pilots' paper flight manuals, having
announced today that it is distributing 11,000 iPads across all of its
Continental and United flight decks.

Going green with a light and streamlined machine

United said in a press release that its new iPad-bearing pilots will use
Jeppesen Mobile FliteDeck, "the industry's premier app featuring
interactive, data-driven enroute navigation information and worldwide
geo-referenced terminal charts. The enhanced full-color, high-quality
information display ensures the right information is displayed at the right

In addition to having less weight to carry in and out of the plane, the
weight savings also saves fuel, while reducing the amount of unnecessary
paper used and printed by airlines.

United states that "a conventional flight bag full of paper materials
contains an average of 12,000 sheets of paper per pilot. The green benefits
of moving to EFBs are two-fold: it significantly reduces paper use and
printing, and, in turn, reduces fuel consumption. ...

Chinese newscast apparently reveals their cyber warfare games

Danny Burstein <>
Tue, 23 Aug 2011 08:31:52 -0400 (EDT)

[The English source is a highly politicized newsgroup, but the factual
material seems to be legit.]

Slip-Up in Chinese Military TV Show Reveals More Than Intended
Piece shows cyber warfare against US entities, *Epoch Times*

A standard, even boring, piece of Chinese military propaganda screened in
mid-July included what must have been an unintended but nevertheless
damaging revelation: shots from a computer screen showing a Chinese military
university is engaged in cyberwarfare against entities in the United States.

The documentary itself was otherwise meant as praise to the wisdom and
judgment of Chinese military strategists, and a typical condemnation of the
United States as an implacable aggressor in the cyber-realm. But the
fleeting shots of an apparent China-based cyber-attack somehow made their
way into the final cut.

The screenshots appear as B-roll footage in the documentary for six seconds
- between 11:04 and 11:10 minutes - showing custom-built Chinese software
apparently launching a cyber-attack against the main website of the Falun
Gong spiritual practice, by using a compromised IP address belonging to a
United States university.  ...  The software window says "Choose Attack
Target." The computer operator selects an IP address from a list - it
happens to be - and then selects a target.


The story points out that => University of Alabama at
Birmingham, and has some comments from them, too.

Death, taxes and identity theft

Suzanne Johnson <>
August 25, 2011 12:52:59 PM EDT

  [via David Farber's IP distribution. PGN]

Apparently the IRS believes an individual's right to privacy terminates at
death...SSNs easily available online and used for fraud:


> And by the way, do the deceased have a right to privacy?  Apparently, no.
> I found also on the SSA website, "Because these individuals are deceased,
> the Privacy Act does not apply to our collection and maintenance of these
> records."

Visa to adopt chip & pin in the US

Jeremy Epstein <>
Sat, 13 Aug 2011 13:07:22 -0400

Visa is going to move to chip & pin (also known as EMV) in the US.  This
technology, already widely in use in Europe, will offer an exemption from
PCI DSS compliance if a merchant does at least 75% of their transactions
using EMV.  (Not clear if this is 75% by number or value.)  Beginning in Oct
2017, merchants that sell fuel (a major place where stolen credit cads are
used) will be forced to accept liability for fraudulent transactions if they
don't use EMV or similar technology.


Sounds good?  Well, not so much.  Will they use the same broken
techniques used in Europe [1]?  How will they protect against hackers
manipulating the devices to capture card and PINs [2]?

The RISKS?  Moving to a EMV, while perhaps a small step forward, may
inhibit a real improvement.  Once the transition starts (reissuing
everyone's cards - hundreds of millions in the US - and replacing all
of the merchant terminals with new ones that can handle the chip & PIN
technology), it will be hard to stop and switch again for another
decade or two.

[1] "Chip and PIN is Broken", Steven J. Murdoch, et al, IEEE Security
& Privacy 2010.

[2] "Legacy Support Leaves Chip-And-PIN Vulnerable", Information Week,
Aug 1 2011.

4G and CDMA reportedly hacked at DEFCON

Lauren Weinstein <>
Wed, 10 Aug 2011 10:08:45 -0700  (Extreme Tech)  [From Network Neutrality Squad]

  "For now the only evidence that such an attack occurred is the report of
  Coderman on the Full Disclosure mailing list. Coderman seems to be a
  relative veteran of security and open source mailing lists, though, and he
  says he has attended six DEF CONs. If he's telling the truth, then this
  attack would represent the first ever man-in-the-middle attacks on two
  networks that have so far proven to be unhackable. For the ailing and
  nigh-stillborn CDMA this isn't such a huge issue - but if 4G has fallen,
  just as AT&T, Sprint, Verizon, and cellular companies around the world
  begin to plow huge dollars into its roll out, this could be a massive

Lauren, NNSquad Moderator

Re: 4G and CDMA reportedly hacked at DEFCON)

Wed, 10 Aug 2011 14:08:22 -0400

I can confirm attempts against my dumb LG (install apps and register) on
Verizon. I just assumed it was the normal type of stuff that one sees at
defcon (been going since DC7). Even though I'm fairly confident that the
attempts were unsuccessful I had my phone admin do a clean wipe and restored
contacts from a backup. This does not confirm anything against 4G.

Why Governments Are Terrified of Social Media

Lauren Weinstein <>
Thu, 25 Aug 2011 01:28:06 -0700

[From Network Neutrality Squad.  PGN]

                 Why Governments Are Terrified of Social Media

In Missouri, teachers and others are up in arms over a law that would
ban most contacts between teachers and students through social media, not
only via systems like Facebook, but even apparently mechanisms such as
Google Docs ( [ABC News] ).

In the UK, Prime Minister David Cameron has proposed censoring or
cutting off BlackBerry and other social media systems based on the
misguided and false assumption that this would prevent planning and
communications by potential rioters or other "undesirable" persons.

And back here in the U.S., BART shut down parts of the cell phone
network, in an attempt to block communications in advance of a legal
protest that never took place, though we know full well from history
that protests—even of enormous scope—do not require high
technology to be organized and deployed ( [Lauren's Blog] ).

Around the world, including here in the U.S., governments are
demanding unencrypted access to supposedly "secure" communications

The common thread is very clear.  Governments are increasingly
terrified of the communications abilities that Internet and other
technologies have provided their citizenry and other residents.

While usually careful to express their concerns in the context of
seemingly laudable motives like fighting crime or terrorism, in
reality these governments have revealed the distrust and contempt with
which they view their populations at large.

This is by no means a new phenomenon.

Throughout human history, governments and many leaders have cast a
jaundiced eye on virtually every new technological development that
enabled communications, particularly if that technology made it easier
for direct person-to-person messages to be exchanged outside the view
of government services and minders.

These government efforts to suppress and control communications have
virtually all failed in the end, though a great deal of damage has
been done to individuals and groups in the process.

At one time, even the ability to read and write was considered too
dangerous a skill set for the commoners.  The invention of the
printing press threw government and churches alike into convulsions of

And now "social media" is the new scapegoat, the whipping boy, the
technological designated evil that short-sighted politicians of both
major parties, and their various administrative minions and
supporters, are demanding be monitored, leashed, and controlled.

In reality of course, it's not the technology that these persons wish
to leash—it's ordinary people.  It's you and me and the vastness of
other law-abiding persons who have become the targets of the 21st
century law enforcement mantra: "Screw the Bill of Rights—treat
everybody like a suspect, all the time."

The broad implications of this "guilty until proven innocent" mindset
are all around us now.  They're at the heart of the newly revealed
alliance between CIA and the New York Police Department to monitor the
activities of innocent citizens, using surveillance techniques that
would have seemed comfortably familiar to the old East German Stasi
secret police.

They're seen in the massive government-mandated Internet data
retention demanded by "The Protecting Children from Internet
Pornographers Act of 2011"—now moving rapidly through Congress, and
disingenuously titled to suggest it only applies to child abuse, when
in reality its true reach would broadly encompass all manner of
Internet access activities ( [Atlantic] ).

Governments seem to increasingly no longer feel that it's necessary or
desirable to have "probable cause" or court orders before spying on
individuals, tracking their movements via hidden GPS units, building
dossiers, or even disrupting communications.  Constitutional
guarantees are more and more viewed by our leaders as quaint artifacts
of the past, to be ignored today merely as annoying inconveniences.

The innocent are now being treated largely as potential "future
criminals"—and so subject to many of the same sorts of surveillance
and other law enforcement techniques that in the past were generally
limited to specific suspects of specific crimes.

To the extent that these activities for now appear to be mostly aimed
at persons with skin colors or religions different from us, it becomes
easier to "go with the flow" of this new law enforcement mentality, to
not make waves, to be quiet, to be sheep.

But the same techniques used today against one group can be easily
repurposed for others.  Government ordered records of users' Internet
activities will affect us all, and the infrastructures created to
support these surveillance-related systems may be be extremely

When governments no longer trust the people, when officials make the
mental and physical leaps to targeting vast numbers of innocent
persons in the manner of criminal suspects of yesteryear, we have
embarked on a road that leads to a very dark place indeed.

Today, social media is the crosshairs.  Governments certainly are
enthusiastic about using social media for their own investigatory and
enforcement purposes, but they appear to be desperately seeking ways
to control and limit the ability of ordinary persons to communicate
privately and securely on these systems, or to use them at all in some

This is hypocrisy of the highest order.  It is a serious risk to
innocent individuals being targeted by its adherents today.

Unchallenged, tomorrow it will be a serious risk to us all.

People For Internet Responsibility: Skype:
Network Neutrality Squad:  Tel: +1 (818) 225-2800

Transaction without a password is more secure?

Jonathan Kamens <>
Tue, 09 Aug 2011 09:31:21 -0400

I've just switched to a new bank, and of course they're trying to get me to
use their debit card for purchases as often as possible so they can make
money off of the fees. (I've already told them I want a plain ATM card, not
a debit card, but they're still sending me the literature.) I couldn't help
but notice these Orwellian statements in a pamphlet they sent me (EMPHASIS
added by me):

    What's the best way to use my [bank name elided]//Debit MasterCard
    for purchases?

    * When paying, say or press "Credit"
    * Your purchase comes directly out of your checking account

Can somebody please explain to me how it's "more secure" for anyone to be
able to steal my debit card and use it to take money directly out of my
checking account without entering my PIN?

I imagine if I called the bank and asked what they're talking about, they'd
say, "If you don't need to enter your PIN, then the people standing near you
won't be able to see what it is." But (a) you can protect against that just
by blocking people's view of the keypad with your other hand, and (b) that's
probably not the threat they should be most worried about, and (c) it's
totally irrational, since anyone who saw my PIN would have to get their
hands on my card to use it, and if they get my hands on my card then they
can use it to make purchases without a PIN!

And I had such high hopes for my new bank. *sigh*

Re: The Anti-Malware Follies (Ledin, RISKS-26.53)

Rob Slade <>
Mon, 8 Aug 2011 14:38:25 -0800

> This is a bold and at first blush promising idea. ...

Um, not quite so bold.  Fred Cohen noted the possibility in 1983 or so.  In
fact, the first (widely) available antivirus program for the PC/MS-DOS world
was not a scanner, but an activity/behaviour monitor and blocker.  (It had
actually been brought out as an anti-trojan, but was quite effective against
early viruses.)

Workshop on Cryptography for Emerging Technologies and Applications

"Caswell Sara J." <>
Mon, 8 Aug 2011 13:21:40 -0400

Workshop on Cryptography for Emerging Technologies and Applications
Call for Abstracts, NIST Campus in Gaithersburg, MD, 7-8 November 2011

The National Institute of Standards and Technology (NIST) is hosting a
workshop on Cryptography for Emerging Technologies and Applications that is
intended to identify the cryptographic requirements for emerging
technologies and applications.

The workshop provides an opportunity for industry, research and academia
communities, and government sectors, to identify cryptographic challenges
encountered in their development of emerging technologies and applications,
and to learn about NIST's current cryptographic research, activities,
programs and standards development.

In preparation for the workshop, NIST calls for the submission of abstracts
that identify cryptographic challenges identified during the research and
development of emerging technologies and applications. Submitted abstracts
will be posted on before the workshop, and the authors of
selected abstracts will be invited to present their work during the
workshop. The deadline for abstract submission is September 26, 2011 at 5:00
PM Eastern Daylight Saving Time. The abstracts should be sent to:<>, indicating in the
subject line: "CETA Workshop Abstract Submission". The submission should
clearly identify the emerging technology space (e.g., "Internet of Things"),
the class of cryptographic requirements (e.g. Stream ciphers), the title of
the abstract, and the author(s). The abstract's body should contain no more
than 300 words.

Examples of emerging or evolving technology spaces include:
*        Sensor and building networks
*        Mobile devices
*        Smart Objects/Internet of Things, and
*        Cyber physical systems.

Examples of cryptographic requirements for emerging sectors might include
performance or resource issues, cryptographic services (such as anonymous or
group signatures), or key management challenges.

Authors are welcome to identify, through their submissions, other areas of cryptography for emerging technologies and applications that are not listed above.

Location: NIST Campus, 100 Bureau Dr., Gaithersburg, MD 20899
Date: 7 and 8 November, 2011
Registration fee: $155.00

Additional information about the workshop and submission of abstracts can be found at:

Please report problems with the web pages to the maintainer