Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 26: Issue 78

Tuesday 10 April 2012

Contents

More on The Evil Bit and the "I'm not sure" value!

Ben Okopnik

Tacocopters delivering hot tacos on the fly

Peter Bernard Ladkin

The Addictiveness of Games

Sam Anderson

Voting machine flaw

Joseph Lorenzo Hall

"Computer Science for the Rest of Us"

Randall Stross via Erwin Gianchandani

"Facial recognition tech could help stop drunk drivers"

Nestor E. Arellano via Gene Wirchenko

NIST ISPAB recommendation about cybersecurity risks of medical devices

Kevin Fu

Hacking medical devices

Jack Holleran

Updating auto software over the Internet

Robert Schaefer

FBI: Smart Meter Hacks Likely to Spread

Robert Schaefer

US government hires company to hack into video game consoles

Robert Schaefer

"The computer did it"

Paul Wallich

Nano Particles--Giga Benefits, Giga Risks

Stephen Unger

"Flaw in popular mobile apps exposes users to identity theft"

Ted Samson via Gene Wirchenko

Police Are Using Phone Tracking as a Routine Tool

Eric Lichtblau via Matthew Kruk

Unraveling a massive click fraud scheme

WSJ item via Lauren Weinstein

The Risks of Advertising

Gene Wirchenko

DRM is crushing indie booksellers online

Lauren Weinstein

Hotspots using Deep Packet Inspection

Lauren Weinstein

Internet Use Promotes Democracy Best in Countries Already Partially Free

Lauren Weinstein

Re: The Moral Network

Bob Frankston

Info on RISKS (comp.risks)

More on The Evil Bit and the "I'm not sure" value! (RISKS-26.77)

Ben Okopnik <ben@okopnik.com>

Wed, 4 Apr 2012 19:42:54 -0400

> The intentional ambiguity of this additional state makes it a perfect
> third value for a binary bit.

The correct solution is so blatantly obvious that I blush to mention it -
but The Security of The Free World, as well as Baseball, Mom, and Apple Pie
are at Stake (mmm, steak and apple pie... but I digress), and thus I feel I
have no choice.

The solution does involve sacrificing one additional 3-state bit (along
with the traditional goat), and the truth table would look like this:

0   0   Lawful Good
0   1   Lawful Neutral
0   2   Lawful Evil
1   0   Neutral Good
1   1   Neutral
1   2   Neutral Evil
2   0   Chaotic Good
2   1   Chaotic Neutral
2   2   Chaotic Evil

The mechanism for enforcement is trivial, and thus left to the indvidual
student - but does involve the classic die-rolling algorithm.

We now return you to our scheduled programming.

Ben Okopnik  443-250-7895   http://okopnik.com   http://twitter.com/okopnik

Tacocopters delivering hot tacos on the fly

Peter Bernard Ladkin <ladkin@rvs.uni-bielefeld.de>

Wed, 04 Apr 2012 22:06:33 +0200

  [See Peter Ladkin's blog on the risks involved in a proposed effort
  summarized by the subject line above.  PGN]

http://www.abnormaldistribution.org/2012/03/24/drones-in-civil-airspace-again-bringing-gifts-of-tacos/

Peter Bernard Ladkin, Professor of Computer Networks and Distributed Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany

  [PBL's blog item is serious, although the concept of remotely programmable
  special-purpose drones for public use opens up quite a few foolish but
  not-so-Aprilly possibilities.  However, it also reminded me a little of
  when I was in the Computer Science Lab at Bell Labs in Murray Hill in the
  1960s: Vic Vyssotsky came up with the concept of a programmable
  cable-laying satellite, complete with calculations on how to manage smooth
  payout despite would-be obstructions and how to avoid snapback when the
  cable was cut.  Vic was also the ghost author of the wonderful article on
  The Chaostron: An Important Advance in Learning Machine, an AI spoof
  attributed to J.B. Cadwallader-Cohen, W.W. Zysiczk and R.B. Donnelly --
  which was reprinted in a special foolish section that I edited for the
  April 1984 issue of the ACM Communications, pp. 356--357, a sort of 25th
  anniversary collection of computer-related humor and whimsey that also
  included among other contributions Lawrence Clark's COME-FROM statement in
  response to the GO-TO controversy, Don Knuth's delicious analysis of the
  Complexity of Songs, and a delightfully self-referential heavily annotated
  item on an Ada package for automatic footnote generation written by a
  long-time RISKS contributor (see volume 1 number 1 at www.risks.org) under
  the anagrammatic pen-name of Preet J Nedginn along with Trebor L. Bworn
  (whose last name was rather unfortunately and somewhat surprisingly
  msicorekted to Brown in the table of contents of the issue by the editor
  (who must have thought it was a typo!).  PGN]

The Addictiveness of Games (Sam Anderson via PGN)

"Peter G. Neumann" <neumann@csl.sri.com>

Mon, 9 Apr 2012 10:05:17 PDT

The front page of *The New York Times Magazine* on 8 Apr 2012 had this text
in a very large font (with interspersed small graphics of birds, a pig, and
a monkey):

  The Hyperaddictive, Time-Sucking, Relationship-Busting, Mind-Crushing
  Power and Allure of Silly Digital Games

Below that, in a much smaller font, is this text:

  (Which is not to say we don't love them too.)  By Sam Anderson

On page 28 of the magazine, the cover article begins with the caption

  Just One More Game ...
  How time-wasting vidoe games escaped the arcade, jumped
  into our pockets, and took over our lives.

This is a remarkably well-conceived article about computer-related
addictions, spanning not only Tetris to Angry Birds (which moved from
iPhones to everywhere else), but also Zynga (Draw Something), Frank Lantz's
Drop7, Facebook, and much more.

The article ends with a discussion with Lantz talking about his relationship
with poker:

  “It was like a tightrope walk between this transcendently beautiful and
  cerebral thing that gave you all kinds of opportunities to improve
  yourself—through study and self-discipline, making your mind stronger
  like a muscle—and at the same time it was pure self-destruction."

This is a really important article for game creators, gamers, psychologists,
and people trying to understand erratic behaviors of their loved ones.

Voting machine flaw (via Dave Farber's IP)

"Joseph Lorenzo Hall" <joehall@gmail.com>

Apr 5, 2012 4:00 PM

As far as we've been able to understand it, this "flaw" in the voting system
back-end software occurs when someone edits the database after having
already printed the ballots.  That can knock the contests on a ballot out of
sync, which can mean that totals for one contest are assigned to
another... unfortunately, it requires that someone detect the error and that
a recount or risk-limiting audit be performed to correct this kind of error.
One would think that such voting system databases should refuse to allow
edits after ballot printing, but apparently that's not the case!

Joseph Lorenzo Hall, Postdoctoral Research Fellow, Media, Culture and
Communication, New York University  https://josephhall.org/

  http://www.computerworld.com/s/article/9225816
  E-voting system awards election to wrong candidates in Florida village
  Analysts warn that same Dominion Sequoia machines are used in nearly 300
  U.S. municipalities

  Dominion Voting Inc.'s Sequoia Voting Systems device mistakenly awarded
  two Wellington Village Council seats to candidates who were found in a
  post-election audit to have lost their races.  The results were officially
  changed last weekend after a court-sanctioned public hand count of the
  votes.

"Computer Science for the Rest of Us" (Randall Stross via IP)

Erwin Gianchandani <erwin@cra.org>

Sun, Apr 1, 2012 at 11:12 AM

http://www.cccblog.org/2012/04/01/computer-science-for-the-rest-of-us/

An article in *The New York Times* (1 Apr 2012) [is] making the rounds --
written by Randall Stross, an author and professor of business at San Jose
State University: READING, writing and—refactoring code?

Many professors of computer science say college graduates in every major
should understand software fundamentals. They don't argue that everyone
needs to be a skilled programmer. Rather, they seek to teach "computational
thinking"—the general concepts programming languages employ.

In 2006, Jeannette M. Wing, head of the computer science department at
Carnegie Mellon University, wrote a manifesto arguing that basic literacy
should be redefined to include understanding of computer
processes. "Computational thinking is a fundamental skill for everyone, not
just for computer scientists," she wrote. "To reading, writing and
arithmetic, we should add computational thinking to every child's analytical
ability."

There is little agreement within the field, however, about what exactly are
the core elements of computational thinking. Nor is there agreement about
how much programming students must do, if any, in order to understand it.

Most important, the need for teaching computational thinking to all students
remains vague [more after the jump].

Erwin Gianchandani <erwin@cra.org>

"Facial recognition tech could help stop drunk drivers"

Gene Wirchenko <genew@ocis.net>

Wed, 04 Apr 2012 08:36:22 -0700

  (Nestor E. Arellano)

Nestor E. Arellano, *IT Business*, 3 Apr 2012
Facial recognition tech could help stop drunk drivers
The face recognition software developed by University of Windsor
students will prevent drivers from circumventing a vehicle-interlock
system which immobilizes a car when its driver is drunk.
http://www.itbusiness.ca/it/client/en/Home/News.asp?id=66852&cid=99

selected text:

The face recognition system developed by Ray and Saha is designed to
authenticate the identity of the driver. Driver ID will take pictures of
authorized drivers and store them in the system's database. Only drivers
whose photos are in the database can operate the car. A small onboard
infrared camera will snap a photo of whoever is on the driver's seat and
compare that photo with the image stored in the database.

The author expresses concern about how the system could be fooled, but there
are other risks.  1) False negatives could be nasty.  2) Going on a picnic
or going camping at a remote location could be a real bother if one's host
has a heart attack.  How do you get him out if you are not on the authorised
driver list?

NIST ISPAB recommendation about cybersecurity risks of medical devices

Kevin Fu <kevinfu@cs.umass.edu>

Mon, 9 Apr 2012 10:57:36 -0400

The NIST Information Security & Privacy Advisory Board made the following
recommendation about the issue of maintaining security in medical devices.
The letter paints a somewhat grim future if the forces at play remain
unchecked, but the Board made several recommendations to better manage and
mitigate the risks.

http://csrc.nist.gov/groups/SMA/ispab/documents/correspondence/ispab-ltr-to-omb_med_device.pdf
http://csrc.nist.gov/groups/SMA/ispab/

An audio webcast of the panel appears on
http://blog.secure-medicine.org/2012/02/nist-explores-economic-incentives-for.html

Hacking medical devices

Jack Holleran <jcholleran@verizon.net>

Tue, 10 Apr 2012 10:43:13 -0400

At Defcon 2011, Jay Radcliffe looked at the ethics that his insulin pump
could be hacked to give too much or too little insulin when needed, possibly
causing death.  He demonstrated the possibility on stage.

  [Jack's message is in response to a note from Kenneth Olthoff:

    Those of us in the security business have speculated for years about how
    pacemakers and other medical devices could be hacked or attacked, but
    the BBC today has the first article that I recall seeing in the popular
    press covering that issue. I'm sure there probably been others that I
    didn't see or don't recall, but FWIW...
    http://www.bbc.com/news/technology-17623948
  PGN]

Updating auto software over the Internet

Robert Schaefer <rps@haystack.mit.edu>

Mon, 9 Apr 2012 07:49:01 -0400

This new system upgrades on the fly, he said, the first such in-car
application to do so. It's seamless to the customer,'' Link said.  “I have
a friend who was excited about his system upgrade, which required him to
plug in his stick and leave his car running for 45 minutes. Who wants to do
that? In a process called reflashing, the Mercedes system can turn on the
car operating system (CU), download the new application, then cut itself
off. It doesn't require you to do anything at all.''
http://www.txchnologist.com/2012/new-york-auto-show-upgrading-auto-software-in-a-flash

It seems so easy, what can go wrong?

Robert Schaefer Atmospheric Sciences Group MIT Haystack Observatory
Westford, MA 01886  1-781-981-5767 http://www.haystack.mit.edu

FBI: Smart Meter Hacks Likely to Spread

Robert Schaefer <rps@haystack.mit.edu>

Tue, 10 Apr 2012 07:43:42 -0400

"A series of hacks perpetrated against so-called `smart meter' installations
over the past several years may have cost a single U.S. electric utility
hundreds of millions of dollars annually, the FBI said in a cyber
intelligence bulletin obtained by KrebsOnSecurity."

http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/

Robert Schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford MA 01886 781-981-5767 http://www.haystack.mit.edu rps@haystack.mit.edu

US government hires company to hack into video game consoles

Robert Schaefer <rps@haystack.mit.edu>

Mon, 9 Apr 2012 07:51:55 -0400

The U.S. Navy says it is looking to hack into used consoles to extract any
sensitive information exchanged through their messaging services.  The
organization says it will only use the technology on consoles belonging to
nations overseas, because the law doesn't allow it to be used on any US
persons.

http://www.zdnet.com/blog/security/us-government-hires-company-to-hack-into-video-game-consoles/11395

"The computer did it"

Paul Wallich <pw@panix.com>

Mon, 09 Apr 2012 14:42:08 -0400

This story (and the judicial opinion linked from it) show what kinds of
trouble you can cause (and get into) when you code up financial-transaction
software without thinking about the law governing those transactions.

<http://www.nakedcapitalism.com/2012/04/judge-rules-wells-fargo-engages-in-reprehensible-systemic-accounting-abuses-on-mortgages-hit-with-3-1-million-punitive-damages-for-one-loan.html>

(Among other things, the company apparently wrote its software so that --
contrary to the loan contracts and the law—various fees were silently
deducted from payments before applying the payments to the outstanding
balance, thus generating additional fees and so on. Even after the loans in
question had become part of bankruptcy filings, which apparently bars such
fees from being applied.) Given the money to be made (in the no-litigation
case) by re-ordering transactions, it seems quite plausible to me that the
people familiar with the law and the contract text might have accidentally
failed to stress the importance of proper sequence to the people whom wrote
the code, or missed the legal implications on review. But with tens or
hundreds of thousands of cases nationwide, all presumably handled by the
same software, the liability starts adding up.

Nano Particles--Giga Benefits, Giga Risks

Stephen Unger <unger@cs.columbia.edu>

Wed, 4 Apr 2012 18:03:09 -0400 (EDT)

Uses of materials in a form consisting of particles with at least one
dimension less than 100 nanometers (a nanometer is a billionth of a meter)
are proliferating at a great rate. We are seeing this exciting new
technology applied to increasing numbers of consumer products, industrial
materials, and medical procedures. And it appears that this is just the
beginning. This is the good news. The bad news is that the same properties
that make nanoparticles so useful also make them potentially dangerous, both
to humans and to the general environment. What is being done to protect us
against us against such hazards?

My effort to explain the situation is accessible at:
http://www1.cs.columbia.edu/~unger/myBlog/endsandmeansblog.html

Stephen H. Unger, Professor Emeritus, Computer Science and Electrical
Engineering, Columbia University

"Flaw in popular mobile apps exposes users to identity theft"

Gene Wirchenko <genew@ocis.net>

Mon, 09 Apr 2012 20:09:40 -0700

  (Ted Samson)

Ted Samson, *InfoWorld*, 9 Apr 2012
Flawed mobile apps for Facebook, Dropbox, LinkedIn, and likely others
save user authentication data as easy-to-swipe plain text files
http://www.infoworld.com/t/mobile-security/flaw-in-popular-mobile-apps-exposes-users-identity-theft-190430

Police Are Using Phone Tracking as a Routine Tool (Eric Lichtblau)

"Matthew Kruk" <mkrukg@gmail.com>

Sun, 1 Apr 2012 02:16:29 -0600

[Source: Eric Lichtblau, *The New York Times*, 31 Mar 2012; PGN-ed]
http://www.nytimes.com/2012/04/01/us/police-tracking-of-cellphones-raises-privacy-fears.html?_r=1&nl=todaysheadlines&emc=tha2_20120401

Law enforcement tracking of cellphones, once the province mainly of federal
agents, has become a powerful and widely used surveillance tool for local
police officials, with hundreds of departments, large and small, often using
it aggressively with little or no court oversight, documents show.

The practice has become big business for cellphone companies, too, with a
handful of carriers marketing a catalog of "surveillance fees" to police
departments to determine a suspect's location, trace phone calls and texts
or provide other services. Some departments log dozens of traces a month for
both emergencies and routine investigations. ...

Unraveling a massive click fraud scheme (NNSquad)

Lauren Weinstein <lauren@vortex.com>

Tue, 10 Apr 2012 10:25:07 -0700

  "You have heard about fraud and online advertising. You may have seen the
  Wall Street Journal video "Porn Sites Scam Advertisers", or even read the
  story at today's Wall Street Journal about "Off Screen, Porn Sites Trick
  Advertisers" (Hint: to avoid the WSJ paywall, search the title of the
  article through Google News and click from there, to read the full
  article).  Since I am intimately familiar with the story covered by WSJ
  (i.e., I was part of the team at AdSafe that uncovered it), I thought it
  would be also good to cover the technical aspects in more detail,
  uncovering the way in which this advertising fraud scheme operated.  It is
  long but (I think) interesting. It is a story of a
  one-man-making-a-million-dollar-per-month fraud scheme. It shows how a
  moderately sophisticated advertising fraud scheme can generate very
  significant monetary benefits for the fraudster: Profits of millions of
  dollars per year."
   http://j.mp/HyfRhj  (A Computer Scientist in a Business School)

The Risks of Advertising

Gene Wirchenko <genew@ocis.net>

Tue, 10 Apr 2012 10:49:10 -0700

I listen to music off YouTube.  Lately, YouTube has changed my listening
experience.  Yes, advertisements.  Longer advertisements.

Well, it finally happened.  The full advertisement was 2:41 long.  The song
that I wanted to listen to was 2:33 long.  ("Skip Ad" is useful.)

I wonder what the advertisers who create these 2+ minute ads are thinking.

  ["Money?"  PGN]

DRM is crushing indie booksellers online

Lauren Weinstein <lauren@vortex.com>

Sat, 7 Apr 2012 10:33:25 -0700

  "DRM is supposed to prevent piracy and illegal file sharing. In order to
  provide DRM, you need at least $10,000 up front to cover software, server,
  and administration fees, plus ongoing expenses associated with the
  software. In other words, much bigger operating expenses than a small
  business can afford. By requiring retailers to encrypt e-books with DRM,
  big publishers are essentially banning indie retailers from the online
  marketplace.  DRM is like the anti-theft sensors by the doors at the
  drugstore. The sensors go off all the time, but they still can't stop a
  crafty teenager who knows how to remove a magnetic tag - nor can they stop
  criminals who break in and steal directly from the till."
  http://j.mp/Hqp35O  (paidContent, via NNSquad)

Hotspots using Deep Packet Inspection

Lauren Weinstein <lauren@vortex.com>

Sat, 7 Apr 2012 10:40:49 -0700

  "After some sleuthing, Mr. Watt, who has a background in developing Web
  advertising tools, realized that the quirk was not confined to his
  site. The hotel's Internet service was secretly injecting lines of code
  into every page he visited, code that could allow it to insert ads into
  any Web page without the knowledge of the site visitor or the page's
  creator."  http://j.mp/HqpLjf  (*The New York Times* via NNSquad)

Internet Use Promotes Democracy Best in Countries Already Partially

Lauren Weinstein <lauren@vortex.com>

Wed, 4 Apr 2012 21:16:26 -0700

  Free (via NNSquad)

  Researchers at Ohio State University found that the Internet spurs
  pro-democratic attitudes most in countries that already have introduced
  some reforms in that direction.  "Instead of the Internet promoting
  fundamental political change, it seems to reinforce political change in
  countries that already have at least some level of democratic freedoms
  ..."

Re: The Moral Network (Berninger, RISKS-26.76)

"Bob Frankston" <bob2-39@bobf.frankston.com>

Sun, 1 Apr 2012 19:00:14 -0400

I'm not sure if I understand Dan's concerns. Letting carriers just shut down
PSTN without assuring unfettered IP connectivity would be a disaster. That's
a reason to assure connectivity rather increasing our reliance on providers,
especially when that reliance is costing us $2 trillion dollars each year.

We need to be wary of using moral justifications to preserve the PSTN as an
artifact. Remember that many at ATT did indeed believe in the highest
traditions of serving the public good. The problem is that tradition allowed
for only one definition of "good".  The Internet is a very different concept
because it provides a way to have multiple definitions of "good". In place
of "reliability" we have "resilience"—an important concept for Risks
readers.

In a sense the net-heads and bell-heads are both trying to do us good by our
solving problems in the network. For example, moving 9-1-1 type services
outside a network would allow us to rapidly evolve alternatives such as
sending rich information directly to fire departments. With multiple
services coexisting we don't have to force a single interconnect. What does
it even mean to interconnect inside a network?

At the heart of the problem is the idea the services are provided by the
network operators rather than created using the network. It's that meme that
enables Telia to justify blocking VoIP (http://j.mp/H5Uq1T) and Brisbane's
police to think they need to protect networks (http://j.mp/GIuwRC).

Report problems with the web pages to the maintainer