> On flight 447, the handoff from computer to pilots proved fatal for the > 228 aboard. I really get annoyed when people quickly and without evidence claim "human error." With regard to the Air France accident, it is far too soon to come to a final judgment. As for the notion that when automation fails, it just gives up and turns control over to the pilots, well, that problem has been discussed and studied for decades. Many knowledgeable experts in aviation safety people have studied and written about this problem. I've written about it in my books and journals. The aviation safety people at NASA Ames have studied it over and over again and made many recommendations, a number of which have been followed. Readers of RISKS should be sophisticated enough not to jump on the "human error" bandwagon every time it seems convenient. [Don, Thanks for rubbing this one in again. In RISKS, we have repeatedly emphasized that blame is usually widely distributable, and that many so-called human errors are the result of inadequacies in requirements, specifications, system designs, implementation inconsistencies and bugs, and so on, but human beings are still always a potential weak link. And yet the poor humans get fingered, because they have fewer champions such as you. PLEASE keep up the good work. Cheers! PGN] Don Norman, Nielsen Norman Group. KAIST (Daejeon, S. Korea), IDEO Fellow firstname.lastname@example.org www.jnd.org http://www.core77.com/blog/columns/ Latest book: "Living with Complexity <http://www.jnd.org/books.html#608>"
But of course passengers will still be prohibited from using those same devices while the pilots have them turned on... Geoff Kuenning email@example.com http://www.cs.hmc.edu/~geoff/
WASHINGTON (AP)—Are airline pilots forgetting how to fly? As planes become ever more reliant on automation to navigate crowded skies, safety officials worry there will be more deadly accidents traced to pilots who have lost their hands-on instincts in the air.... http://hosted.ap.org/dynamic/stories/U/US_AIRLINE_PILOTS_AUTOMATION?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT
Stephanie Reitz, Associated Press, 3 Sep 2011 HARTFORD, Conn.-For incoming freshmen at western Connecticut's suburban Brookfield High School, hefting a backpack weighed down with textbooks is about to give way to tapping out notes and flipping electronic pages on a glossy iPad tablet computer. A few hours away, every student at Burlington High School near Boston will also start the year with new school-issued iPads, each loaded with electronic textbooks and other online resources in place of traditional bulky texts. While iPads have rocketed to popularity on many college campuses since Apple Inc. introduced the device in spring 2010, many public secondary schools this fall will move away from textbooks in favor of the lightweight tablet computers. Apple officials say they know of more than 600 districts that have launched what are called "one-to-one" programs, in which at least one classroom of students is getting iPads for each student to use throughout the school day. Nearly two-thirds of them have begun since July, according to Apple. ... http://www.boston.com/news/local/massachusetts/articles/2011/09/03/many_us_schools_adding_ipads_trimming_textbooks/
[From D Kross] As schools embrace digital learning, evidence is scarce that expensive technology is improving education. http://www.nytimes.com/2011/09/04/technology/technology-in-schools-faces-questions-on-value.html?hp
Gregg Keizer: Hackers gain ability to impersonate CIA, MI6, Mossad, 6 Sep 2011 http://www.itbusiness.ca/it/client/en/home/News.asp?id=63989 Dutch firm DigiNotar has admitted its network was hacked and SSL security certificates were stolen. The certificates can be used for "man in the middle" attacks. The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the U.K.'s MI6 and Israel's Mossad, a Mozilla developer said Sunday. The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates. Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft's Windows Update service. "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," Christopher Soghoian, a Washington D.C.-based researcher noted for his work on online privacy, said in a tweet Saturday.
Having heard about the problem of the guy whose account with Google was suspended because he was suspected of storing child pornography, I'd like to mention a problem with Google's Gmail that I discovered. I use Yahoo for web mail. My DNS provider for paul-robinson.us forwards all mail addressed to any address ending in @paul-robinson.us to my mailbox on Yahoo. And Yahoo provides a drop-down selector on its composition option so when I send mail, I can select whether to send it from Yahoo under firstname.lastname@example.org or from my Yahoo account number. It works flawlessly, whether someone sends me a message from Yahoo or from any other domain, I get any mail they address to my domain. The same is not true with Gmail. There is a weird technical problem with Gmail, if a Gmail client sends mail to a domain that redirects its mail - like mine - and the terminating address that the redirection goes to is a Gmail account, Gmail discards the message. I found this out because my sister has her own domain name, the way I do, and I have mail sent to her domain to redirect to her account, same as I do. She even has the same DNS provider as I do. The difference is, she gets her mail from Gmail, and if a Gmail customer mails something to her domain name, she does not get the mail in her Gmail box.
mistake (Jon Brodkin) Jon Brodkin, ArsTechnica Each month, there is a clearly defined process Microsoft uses to release security patches to fix flaws in Windows and its other products. On a Thursday, Microsoft releases an advance notification, listing the software affected by the upcoming patches and the type of threat fixed, such as "elevation of privilege" or "remote code execution." But no specific details are released until the following Tuesday, the second Tuesday of each month, when the full security bulletins and accompanying patches are made public. But this month, the process went awry. The vague advance notification went out as scheduled yesterday. But today, the full security bulletins went live, four days before their scheduled release. We were able to view two of the five security bulletins before Microsoft unpublished them. Given that the security bulletins were unpublished within an hour of their release, give or take, and that they were dated "Tuesday, September 13, 2011" during the brief time they were live, it seems pretty clear someone at Redmond screwed up. ... http://arstechnica.com/microsoft/news/2011/09/microsoft-posts-security-bulletins-four-days-early-scrambles-to-fix-mistake.ars
http://www.cnbc.com/id/40521684/ [The total face value of the printed but totally unusable new high-tech $100 bills represents more than 10% of the entire supply of U.S. currency on the planet, according to this article. PGN]
This strikes me as a strong indication that Bitcoin cannot be taken seriously, except maybe as a elaborate and well-camouflaged Ponzi-scheme. The last time I checked, processing credit card information on Amazon EC2 was still not allowed. Forget about any real money transactions. Not only processing Bitcoin transactions there, but in addition doing so without adequate backup, shows a level of unprofessionalism that is staggering. I do not even want to know what serious security problems they had. On the other hand, this kind of blind enthusiasm and lack of understanding is typical for Ponzi-schemes. Sometimes even the scheme instigators seem to suffer from it and do not see what they are doing. This may be the case here. Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP—Email: email@example.com
[Source: dutch daily news] The Dutch government can no longer guarantee the security of its websites. This means, for instance, that the Internet identification site DigID is no longer reliable, which Dutch residents use for government services. The Dutch Interior Minister Piet Hein Donner has given a press conference in the early hours of Saturday morning to indicate the urgency of the problem. There is doubt about the reliability of Government sites because the Dutch Internet security company DigiNotar appears to have been hacked on July 19, compromising its security guarantees for "a number of domains, including Dutch Government Websites. ... http://www.dutchdailynews.com/dutch-government-websites-no-longer-secure/
"Security researchers have discovered a counterfeit web certificate for Google.com circulating on the internet that gives attackers the encryption keys needed to impersonate Gmail and virtually every other digitally signed Google property." http://j.mp/oPlzjQ (UK Register) A couple of notes on this. First, a widely syndicated story on this topic was titled "Hackers acquire Google certificate ..."—which isn't exactly true, what they acquired was strictly speaking a *forged* Google certificate, an important distinction when certificate revocation is considered. Secondly, as bad as this is (and regular readers know how critical I've been of both existing PKI certificates and DNS environments), the forged cert alone doesn't provide the ability to perform a man-in-the-middle attack without the added factor of *access*—either through poisoned DNS diversions, or direct tapping of traffic (e.g. by ISPs/governments), and so on.
http://blogs.itbusiness.ca/2011/09/privacy-concerns-with-google/ Tony Bradley, Privacy concerns with Google+ [Long item truncated for RISKS] My issue with Google+ Games is that when I try to play a game I have to first agree to grant the game and its developer various permissions to access and use information from my Google+ Profile—including my Circles. [...]
"But years before the RIM battle boiled over, other Western companies handed the country a far greater power: the capability to infiltrate the secure system used by most banking, mail, and financing sites, making the most protected data on the Web available to the prying eyes of the emirates' government-connected telecommunications giant." http://j.mp/rrZIGC (Slate)
David Segal, *The New York Times*, 5 Sep 2011 In mid-August, Jason Rule learned some surprising news about the coffee shop that he owns and operates in Hays, Kan.: the place had closed for good. Not in the real world, where it is thriving. Coffee Rules Lounge was listed for a few days as "permanently closed" on Google Maps. During that time, anyone searching for a latte on a smartphone, for instance, would have assumed the store was a goner. "We're not far from Interstate 70," said Mr. Rule, "and I have no doubt that a lot of people running up and down that highway just skipped us." In recent months, plenty of perfectly healthy businesses across the country have expired - sometimes for hours, other times for weeks - though only in the online realm cataloged and curated by Google. The reason is that it is surprisingly easy to report a business as closed in Google Places, the search giant's version of the local Yellow Pages. ... http://www.nytimes.com/2011/09/06/technology/closed-in-error-on-google-places-merchants-seek-fixes.html
I presently work in the Emergency Services communications sector and am appalled at the desire to encrypt Emergency Services communications in the same way as Police Communications are. There is a fundamental difference between Police usage and Emergency Service usage. In the Police case there is a possibly understandable desire to keep communications private. In Emergency Services case, the more information that is disseminated the better. Most of the disasters I have seen unfold are fundamentally hampered by lack of effective communication. The systems just get overloaded and public information release gets severely chocked. Having news agencies or others monitoring emergency communications may - on the balance of probabilities - just save a few lives. I'm thinking especially about bush fires where prior warning may assist. The usual Emergency Services communications model results in a big lag between operational orders and information being released to public. Command and Control take the major part of the system's attention. Public communications are pretty low on the rankings. I realise that simply listening to the communications chat may cause undue worry or even result in misjudged actions resulting in death. I argue that having some information will - in general - give a better result than having no information at all. The recent Victorian bush fires are a classic example of lack of information flow to the public. The result was hundreds of deaths. As an aside, one of the major problems in the Victorian bush fires was lack of a common communications network between Emergency Services and Police. Basically the Police couldn't use their radios to talk to Emergency Services units and vice versa. One solution proposed is to move all radio systems to an encrypted Police standard. In contrast to this, in Western Australia, there is a current program to deploy thousands of radios into the Western Australian Emergency Radio Network (WAERN). These are analogue unencrypted radios designed to allow Emergency Services communications across an area about 2.5 times the total area of Western Europe. Quite how the encrypted Police systems will integrate with this is an as-yet unexplained mystery.
I have studied the technology and security mechanisms behind Chip & PIN in depth through the specialist smart card centre at Royal Holloway College, University of London as part of the studies for my InfoSec MSc. I won't deny that there are means by which they can be improved, but they are a lot less broken than the current mag stripe cards and liability system still in use in the USA and that used to be in effect in Europe. The banks wouldn't change the system voluntarily because of the implementation costs, so they were forced to by legal and regulatory means - the liability was transferred to them from the customer, which forced their hands. Statistics show that losses from card fraud dropped dramatically when C&P was introduced, and criminals were forced to move a lot of their activities to other areas. It's not perfect but it is much better. Fact. The terminals do need better anti-tamper protection/detection, and the additional verification system for online purchases (e.g. "Verified by Visa") has definite flaws, especially around the initial enrollment process. Murdoch et al. at Cambridge have done excellent work in highlighting the issues, but a lot of the defences can be implemented in the design of the cards and the terminals, and these are being improved all the time. I don't know for certain, but I expect that the US system will contain extra security features to reduce the vulnerabilities in the system. For obvious reasons the banks refuse to discuss the details and future plans. They still believe in security by obscurity, even if most of us do not. As for the reports in other publications, I'm not impressed with the standard of much of their analysis and reporting. As for the cost of card replacement, they are normally replaced on a 3 year cycle anyway, so the cost of replacement with new cards is nowhere near as high as it first appears. The C&P cards also allows the introduction of the Chip Authentication Program (google Barclays 'PINSentry') handheld device that can authenticate a cardholder and digitally sign transactions. It improves the security of online banking. Banks in the UK now use them to verify the identity of people at the counter by using them to get the user to prove they know the PIN for the card presented. In summary, I don't agree that the US banks shouldn't do this. The EU economy now runs on the use of EMV and debit card payments outstrip the use of cash and cheques by a very significant percentage. The size of the EU economy is as big as the US economy and interoperability is essential for travellers and e-commerce. I would also be interested to hear of viable alternatives, I'm not aware of any at the moment.
Earlier versions of enscript, a pretty-printing utility on UNIX, had a bug which caused it to mis-identify comments within strings and strings within comments, so such constructs would be printed in the wrong font format. The funny thing was that among the examples which were included with the program, was a pretty-printed listing of the enscript source code itself; the bug had caused the very code which was supposed to deal with these constructs—which naturally contained strings like "/*"—to be formatted badly, thus pointing clearly to where the bug was lurking!
(Smith, RISKS-26.55) > Police say 25-year-old Sarah Ho of Boston was driving on the Dover Road in > South Newfane late Saturday afternoon when she came upon a road closed > sign. She told police she drove around the sign after seeing other vehicles > drive around the sign. I think it's worth noting that this is only partially a GPS-trust issue. Some years ago, my elderly mother was following written directions to my brother's apartment when she discovered that the exit ramp she needed had been closed for construction work. Undeterred, she drove around the barriers and might have caused serious harm had a cop not intervened. (It was shortly thereafter that we banned her from driving in Los Angeles.) While it's true that people place too much trust in GPS navigation, it's also true that drivers are notorious for ignoring obvious warnings. Geoff Kuenning firstname.lastname@example.org http://www.cs.hmc.edu/~geoff/
(Smith, RISKS-26.55) The article quotes the driver "She told police she drove around the sign after seeing other vehicles drive around the sign." This seems to be a case of over-reliance on herd mentality, rather than a problem with using GPS.
We have a Subaru Legacy with a similar locking system. If the car is locked using the button on the key-fob the doors cannot be opened from the inside: this is supposedly an anti-theft feature. In addition if you unlock the doors using this button but fail to open at least one door within a minute, the doors are re-locked. These features made me worried that an electronic fault could trap us inside. For this reason I bought a hammer designed to break toughened glass windows and installed it in a handy position by the driving seat. Perhaps all cars with anti-theft locking systems should have one fitted as standard. Sometimes a mechanical over-ride is good to have.
Kevin Sack, *The New York Times*, 8 Sep 2011 http://www.nytimes.com/2011/09/09/us/09breach.html A medical privacy breach involving Stanford Hospital in Palo Alto, Calif., led to the public posting of data for 20,000 emergency room patients, including names and diagnosis codes, on a commercial Web site for nearly a year, the hospital has confirmed. Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph. Although medical security breaches are not uncommon, the Stanford breach was notable for the length of time that the data remained publicly available without detection. ...
Today, in processing the spam which managed to sneak past my filters I found one (personally addressed to me, not BCC'd) offering cash for old iPhones -- regardless of condition. Now—my first thought (other than noting that I have never owned an iPhone, so what makes them think that I have used ones) was "How difficult is it to totally remove all personal information from an iPhone -- especially a non-jailbroken one." A bit of searching seems to find similar places buying laptops and cell phones, offering a high initial price, and then discovering all kinds of reasons to drop their price to practically nothing. So, it appears that they do pay at least something for them—but as little as possible. I, personally, would drill through any chips which might store information rather than sell a used iPhone (if I had one) to such a place. (Or more likely, try to turn it into a portable device running linux or similar to play with, but not to use for phone communication.) But how many blindly turn over their used devices with no thought to what information they may be releasing. (703) 938-4564 http://www.d-and-d.com/dnichols/DoN.html
Please report problems with the web pages to the maintainer