The RISKS Digest
Volume 26 Issue 68

Wednesday, 28th December 2011

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Botched elevator maintenance?
James Barron via PGN
Single point of failure in the Berlin Train System
Debora Weber-Wulff
Report on Queen Mary 2 Dead in the Water
Earl Boebert
"Why Ford Just Became A Software Company"
Chris Murphy via Gabe Goldberg
The False Promise of Biometrics
Aman Sethi via Gene Spafford
EFF reverse engineers Carrier IQ
Sebastian Anthony via Monty Solomon
In tests, LightSquared disrupts 75% of GPS receivers
Lauren Weinstein
Internet of things
David Magda
Risks of focusing on risks
Bob Frankston
Hollywood's pirate cure is worse than the disease
Jack Shafer via LW
ACMA: Facebook photos are not private, even with "privacy" enabled
Peter Houppermans
When Facebook really became a liability
Peter Houppermans
Facebook agrees to a dozen recommendations by Irish data protection authority
Jeremy Kirk via Gene Wirchenko
James Fallows via Monty Solomon
Stratfor security breach
Huffington Post via Lauren Weinstein
Stratfor hacking victims targeted after comments
Eileen Aj Connelly
Microsoft will push IE auto-updates
Gregg Keizer
Re: Internet Hysteria ...
Henry Baker
Re: Robot prison wardens - with guns?
Paul Robinson
Re: Qantas Terror Blamed on computer
Peter Bernard Ladkin
Robert Meineke
Diego Latella
Info on RISKS (comp.risks)

Botched elevator maintenance?

"Peter G. Neumann" <>
Wed, 28 Dec 2011 9:51:56 PST

Suzanne Hart was crushed to death in an elevator in the Young and Rubicam
building in Manhattan.  As she stepped into the elevator on the ground
floor, it shot to the second floor with the door open, and she was trapped
between floors.  The elevator had just undergone electrical maintenance a
few hours before.  [Source: James Barron, Tracing the ARc of a Life Cut
Short by an Elevator Malfunction, *The New York Times*, 20 Dec, A26
(National Edition); PGN-ed.  James Barron's article is a lovely homage to
her life.]

Single point of failure in the Berlin Train System

weberwu <>
Fri, 16 Dec 2011 00:21:23 +0100

The Berlin light rail train system, plagued by problems for years,
demonstrated today that it can, indeed get worse. Many cars have been taken
out of service for all sorts of ailments, and having pruned the maintenance
shops and the drivers to a bare minimum, there is no room for dealing with
problems. And there have been problems galore.

Berliners joked that it could not possibly get worse, but today (15 Dec
2011) the S-Bahn proved that it could, indeed, because it has a single point
of failure. All switches, all electronic signals, all information is
centralized in one station in Halensee. And the electricity went out during
a routine test of the emergency electrical system today, according to RBB
[1], a local news station.  The emergency system did not kick in - and then
nothing worked.

Only two train lines that still have analogue signals and switches were in
operation, the rest was out - and the central operations was also
affected. They had no information on where the trains were.

Many people were trapped in trains stranded between stations.  Angry
passengers opened the doors, got out and walked the tracks to the nearest
station, continuing by bus, subway, or taxi.

It took about 3 hours after electricity was restored to have some sort of
traffic running. The Internet information page by the S-Bahn was down, the
server was not able to cope with the traffic.  Customers used Twitter to
announce trains in motion, helping people to find some way to get to work or


Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin Tel:

Report on Queen Mary 2 Dead in the Water

Earl Boebert <>
Tue, 27 Dec 2011 11:27:02 -0700

This seems to be a good time of the year for those of us who study failure
modes.  On the night of 23 September 2010 the cruise ship Queen Mary 2 lost
propulsion for an hour outside Barcelona. As the official report puts it,
"Losing control of a large cruise liner due to an electrical blackout, with
3,823 people on board, is a serious concern."

The report is here:

Details of interest to the volts and amps types (a capacitor exploded) are

Rule, Britannia :-)

  [The URLs fixed, removing the superfluous 3D.  I occasionally miss ONE
  (or in this case TWO!).  PGN]

"Why Ford Just Became A Software Company"

Gabe Goldberg <>
Tue, 27 Dec 2011 14:28:45 -0500

Ford is upgrading its in-vehicle software on a huge scale, embracing all the
customer expectations and headaches that come with the development lifecycle
[Source: Chris Murphy <>, InformationWeek, 14 Nov 2011]

Sometime early next year, Ford will mail USB sticks to about 250,000 owners
of vehicles with its advanced touchscreen control panel. The stick will
contain a major upgrade to the software for that screen. With it, Ford is
breaking from a history as old as the auto industry, one in which the
technology in a car essentially stayed unchanged from assembly line to junk

Ford is significantly changing what a driver or passenger experiences in its
cars years after they're built. And with it, Ford becomes a software company
-- with all the associated high customer expectations and headaches.

Gabriel Goldberg, Computers and Publishing, Inc.
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433

  ["Just became"? I remember in the early 1980s when the Ford Aerospace
  computer security folks in Palo Alto were working with Ford headquarters
  in Detroit to help them understand the implications of computer technology
 —and security.  It takes a long time for technology to emerge, and then
 —unfortunately—often with inadequate security.  PGN]

The False Promise of Biometrics (Aman Sethi)

Gene Spafford <>
Thu, 22 Dec 2011 21:05:42 -0500

Although this is about India, the bits about biometric failures and what is
happening to people missing in the database should resonate with some of our
own efforts.

Aman Sethi, The False Promise of Biometrics,
*The New York Times* blogs, Latitude, 22 Dec 2011

India's ambitions to help the poor secure government benefits by creating
the world's largest personal database could do them much harm.

EFF reverse engineers Carrier IQ (Sebastian Anthony)

Monty Solomon <>
Fri, 23 Dec 2011 11:01:03 -0500

Sebastian Anthony, 22 Dec 2011:

At this point we have a fairly good idea of what Carrier IQ is, and which
manufacturers and carriers see fit to install it on their phones, but the
Electronic Frontier Foundation (EFF) - the preeminent protector of your
digital rights - has taken it one step further and reverse engineered some
of the program's code to work out what's actually going on.

Analyzing Carrier IQ Profiles

Some Facts About Carrier IQ

In tests, LightSquared disrupts 75% of GPS receivers

Lauren Weinstein <>
Sat, 10 Dec 2011 21:09:33 -0800

  "Philip Falcone's proposed LightSquared Inc. wireless service caused
  interference to 75 percent of global-positioning system receivers examined
  in a U.S. government test, according to a draft summary of results."  (Business Week)  [NNSquad]

Internet of things

David Magda <>
Wed, 21 Dec 2011 17:19:32 -0500

The more things are connected, the more they need protecting:

> In one instance, a thermostat at a town house the Chamber [of Commerce]
> owns on Capitol Hill was communicating with an Internet address in China.  (via)

There are some quite sophisticated thermostat designs being designed nowadays:

With quite capable processors:

No mention of the specific product used in the attack though.

Risks of focusing on risks

"Bob Frankston" <>
Sun, 25 Dec 2011 11:11:38 -0500

There are all sorts of articles about the risks of talking on a cell phone
while driving—even hands free—in a car and an effort to ban them.

The problem is that these processes seem to focus primarily on risks.  Have
these studies looked at the benefits of not being isolated while driving?
The reports do make an exception for navigation systems even though they can
be very distracting. That's a case where the benefits are, perhaps, too
obvious to ignore.

Yet if we remove all distractions driving becomes very dangerous—that's
why roads are now designed with curves rather than being straight for many

How do we get balanced policies rather than policies focused on eliminating
risks? And without taking risks how do we advance understanding and

There's also another issue—the policymakers seem to assume that a GPS
navigator is a device. But today it's just an app and a cell phone is just a
generic communicating platform. So, inevitably, in a software-defined world
the efforts to ban devices become commingled with attempts to control

Hollywood's pirate cure is worse than the disease (Jack Shafer)

Lauren Weinstein <>
Sun, 18 Dec 2011 20:57:09 -0800

  "So grand is the entertainment complex's umbrage that I half expect its
  next move will be to petition the Department of Justice for the authority
  to shut down the electric utilities that provide power to any and all
  computers it suspects are pinching its intellectual property."
  Jack Shafer, Reuters blog, 16 Dec 2011


ACMA: Facebook photos are not private, even with "privacy" enabled

Peter Houppermans <>
Mon, 19 Dec 2011 15:07:50 +0100

OK, the concept of "privacy" and the whole raison d'Ítre for Facebook are
diametrically opposed, but you would have hoped that a regulator would put
at least *some* effort into protecting the innocent.,acma-finds-facebook-photos-are-not-private.aspx

  "Australia's communications regulator has ruled that television networks
  are not breaking the industry's code of practice when publishing photos
  lifted from a public Facebook profile."

OK, I can sort of follow that one - it's freely accessible. There looms
the eternal copyright question, though, but OK - but worse was to come.

  "Channel Seven did not breach the Commercial Television Industry Code of
  Practice when it accessed and broadcast photographs—specifically in
  the case of a deceased person lifted from a Facebook tribute page, and
  another which broadcast the name, photograph and comments penned by a
  14-year old boy."

OK, this was enough to hit the buffers for me. The former is a matter of
public decency (I know, I know, I'm old fashioned), but the latter throws up
a thoroughly evil question that I will post in a minute as a separate

Now for the killer:

  "The ACMA was begrudgingly unable to guarantee that users marking content
  as `private' on a social network could be safe guarded from broadcasters
  and publishers making it public, at least under the industry code of

The ACMA made it clear that while it considers the use of privacy settings
an important consideration when assessing material obtained from social
networking sites, the actual settings are not determinative, the regulator

Instead, the regulator will determine matters taken before it on a
case-by-case basis."

Let me see if I get this correctly: even when a user has flagged the
explicit WITHHOLDING of consent for public use by marking something private
(which suggests an access control mechanism of some sorts which requires
breaching either by password hacks, or by asking a "friend" (cough) to get
at the data, the use of such material is perfectly OK?  Excuse me?

Words fail me. And privacy in Australia, apparently.

When Facebook really became a liability

Peter Houppermans <>
Sun, 25 Dec 2011 22:06:14 +0100

  "Facebook will begin adding photos of its users to third-party adverts
  appearing in users' news feeds come early next year, so if you're the sort
  who's a bit free with your thumbs-up button, there's no way out of being
  featured alongside a tin of baked beans or a pair of knickers on the
  social network."

I'm not quite sure what exactly they are smoking at Facebook HQ, but I would
advise to avoid it at all costs, zap any image which features your face and
start warming up your lawyers.

What Facebook is planning to do appears to me principally deceptive
marketing.  If your face is somehow associated with a product it will appear
as an endorsement - and endorsement you didn't intend, most likely would not
consent to if you were aware of it (which you won't), and may associate you
with any problems the product may have.  In other words, Facebook is about
to use your credibility and reputation for free, leaving you with the
liability and representational loss if the product isn't up to scratch.
Absolutely *great* for double-glazing selling..

Well, that's the end of profile pictures, I think.  Even more fun will be
the abuse of publicity images as used by fake profiles - as far as I can
see, the only people winning here are lawyers.

Am I missing something or have they really come off the rails now?

"Facebook agrees to a dozen recommendations by Irish data protection authority" (Jeremy Kirk)

Gene Wirchenko <>
Thu, 22 Dec 2011 11:32:22 -0800

Deal comes just a month after the U.S. Federal Trade Commission ruled
Facebook made deceptive claims about data sharing.  Jeremy Kirk, *ITBusiness* 12/22/2011

Hacked! (James Fallows)

Monty Solomon <>
Sun, 25 Dec 2011 2:33 PM

As e-mail, documents, and almost every aspect of our professional and
personal lives moves onto the "cloud"-remote servers we rely on to store,
guard, and make available all of our data whenever and from wherever we want
them, all the time and into eternity-a brush with disaster reminds the
author and his wife just how vulnerable those data can be. A trip to the
inner fortress of Gmail, where Google developers recovered six years' worth
of hacked and deleted e-mail, provides specific advice on protecting and
backing up data now-and gives a picture both consoling and unsettling of the
vulnerabilities we can all expect to face in the future.

James Fallows, *The Atlantic*, Nov 2011

Stratfor security breach (Huffington Post via NNSquad)

Lauren Weinstein <>
Sun, 25 Dec 2011 10:27:04 -0800

  "LONDON - Hackers on Sunday claimed to have stolen a raft of e-mails and
  credit card data from U.S.-based security think tank Stratfor, promising
  it was just the start of a weeklong Christmas-inspired assault on a long
  list of targets.  One alleged hacker said the goal was to use the credit
  data to steal a million dollars and give it away as Christmas donations."  (Huffington)

 - - -

This is the text of the message Stratfor has been sending out, though it has
been received by various parties without a known relationship to Stratfor,
at least directly:

Dear Stratfor Member,

We have learned that Stratfor's web site was hacked by an unauthorized
party. As a result of this incident the operation of Stratfor's
servers and e-mail have been suspended.

We have reason to believe that the names of our corporate subscribers
have been posted on other web sites. We are diligently investigating
the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor's
relationship with its members and, in particular, the confidentiality
of their subscriber information, are very important to Stratfor and
me. We are working closely with law enforcement in their investigation
and will assist them with the identification of the individual(s) who
are responsible.

Although we are still learning more and the law enforcement
investigation is active and ongoing, we wanted to provide you with
notice of this incident as quickly as possible. We will keep you
updated regarding these matters.

George Friedman

Stratfor hacking victims targeted after comments (Eileen Aj Connelly)

Monty Solomon <>
Mon, 26 Dec 2011 22:57:40 -0500

NEW YORK  Victims of a data breach at the security analysis firm Stratfor
apparently are being targeted a second time after speaking out about the
hacking.  Stratfor said on its Facebook page that some individuals who
offered public support for the company after it revealed it was hacked "may
be being targeted for doing so."

The loose-knit hacking movement "Anonymous" claimed Sunday through Twitter
that it had stolen thousands of credit card numbers and other personal
information belonging to the company's clients. Anonymous members posted
links to some of the information Sunday and more on Monday.

Stratfor, based in Austin, Texas, said its affected clients and its
supporters "are at risk of having sensitive information repeatedly published
on other websites." The company has resorted to communicating through
Facebook while its website remains down and its e-mail suspended. ...

Eileen Aj Connelly, AP Business Writer, *The Boston Globe*, 26 Dec 2011,

Microsoft will push IE auto-updates (Gregg Keizer)

Monty Solomon <>
Sun, 18 Dec 2011 18:06:04 -0500

Microsoft gets silent upgrade religion, will push IE auto-updates
Copies Chrome and follows Firefox to get users onto the newest browser
without asking permission

Microsoft today said it will silently upgrade Internet Explorer (IE)
starting next month, arguing that taking the responsibility out of the hands
of users will keep the Web safer.  The move is an acknowledgment by
Microsoft that Google's model—its Chrome browser has updated in the
background without user involvement since it debuted more than three years
ago—is the right one. ...  [Source: Gregg Keizer, *Computerworld*, Dec 15

Re: Internet Hysteria ... (Brett Glass, R-26.67)

Henry Baker <>
Wed, 21 Dec 2011 07:56:31 -0800

The inability to control volume is merely the tip of the iceberg when it
comes to the media consumer's lack of control.

However, thanks to the wonders of modern computers & digital signal
processing, those persons consuming their media via a _computer_, rather
than a consumer electronic device, finally have significantly more control.

"MP3Gain" and its competitors allows the user to pre-process the audio gain
of mp3 files so that even when played back on "dumb" mp3 devices, the sound
volume will be within the range selected by the user.  I have used these
types of programs for years to enable me to be able to hear mp3's on
airplanes where the ambient noise is simply too high.

If you are utilizing the outstanding "VLC" media player on your laptop
computer, you have even greater control.  For example, the VLC player can
play back at speeds significantly greater than normal, but _without changing
the pitch_, so that you can zoom through boring podcasts & videos at 1.5x or
greater speeds.

The VLC player also has a "Volume Normalizer", which provides "dynamic volume compression" for noisy environments.  See below.

It is essential that digital media consumers be allowed to digitally
remaster their content to tailor it for their own consumption.  In some
cases, this can be an advantage for the content creators: e.g., when I set
VLC playback to 1.5x, I can consume 50% more content!

"Effective Audio compression for Loud or Sensitive Environments.

"The VLC media player, short for VideoLan, is a very versatile player for
nearly any audio or video format.  It is an excellent application for home
theater computers, laptops, netbooks, tablet computers, or any Mac, Linux,
or Windows device used for multimedia playback.  It can even stream media
over a local or global network.  VLC is the media player of choice due in
part to its ease of use on the popular operating systems and its many useful

"One aspect of its flexibility that is not well utilized by many VLC users
is its ability to manipulate the audio dynamics of the media it is playing.
In other words, the Volume Normalizer can be configured to compensate for
loud and quiet variations of a movie, podcast, or segment of music.  Such a
feature is very useful when using VLC in a loud environment: on an airplane,
in a busy cafe, in an office area, or on a street.  Some VLC users in
schools, watching pre-recorded lectures, may need the audio dynamics set to
provide clarity in a sound sensitive environment.  The audio compression
then automatically controls loudness to prevent distraction to others who
may be nearby."

Re: Robot prison wardens - with guns? (Houppermans, RISKS-26.64)

Paul Robinson <>
Sat, 24 Dec 2011 11:18:13 -0800 (PST)

> Oh yeah, you want those turrets on that robot in a prison.  New, untried
> OS, vendor under competitive pressure, gun with real bullets and a high
> likelihood of this thing having some form of remote management.  What
> could possible go wrong?

Or as they said in the movie "Westworld", "Nothing can possibly go worng, go
worng, go worng..."

I was thinking about this when I saw the first "Robocop" movie, when the
ED-209 defense drone shoots an executive of the company, my thought was,
what kind of brain-dead moron actually loads ordnance into a machine
undergoing a test in a civilian environment?  Of course it would have made
the story fail, but Dick Jones, as head of the ED-209 project should have
been fired on the spot for incompetence, and whoever ordered actual
ammunition put into the thing should have been prosecuted at least for
involuntary manslaughter.  This was inexcusable negligence beyond mere
incompetence or even stupidity, it borders on arrogant willful misconduct.

Even if you don't give one damn about human life, killing corporate
executives is unacceptable because it's very expensive over some schlub on
the shop floor in a factory: you have to pay their death benefits from
worker's comp based on their income which is a lot higher, you have to cash
out their remaining contract, and possibly other benefits have to be paid,
plus a dead-bang winner of a juicy high-dollar suit by their survivors for
negligence.  Not to mention the bad press in the newspapers might cause the
stock price to go down.  Killing director-level or corporate officer
executives is going to be a lot more expensive than just having some factory
worker killed, say in a disaster because your maintenance is sub-par (like
BP and the Deepwater Horizon disaster in the Exxon of Mexico, err I mean
Gulf of Mexico.)

Re: Qantas Terror Blamed on computer (RISKS-26.67)

Peter Bernard Ladkin <>
Wed, 21 Dec 2011 12:10:07 +0100

The title of the note in RISKS-26.67 said the accident was "Blamed on
Software". I think this is misleading. The anomaly involved electronic data
generation and transmission engineering, nothing with which a software
engineer could be expected to have either experience or expertise.

Qantas Flight 72, flown by VH-QPA, an Airbus 330-303, suffered pitch
anomalies in cruise near Learmonth, Western Australia, in October 2008. It
pitched down suddenly, injuring some 106 passengers and 9 cabin crew, some
severely. An emergency was declared and the airplane landed at Learmonth,
Western Australia, to enable timely medical treatment for the injured.

It has been known for some time (and was published in the interim reports)
that the pitch-down was caused by data spikes in angle-of-attack data from
one air data computer (ADIRU), which were taken as veridical by the primary
flight control computers (FCPC or PRIM) because two similar spikes occurred
just outside the time window in the filtering algorithm. The reconciliation
between these values and those of the other two ADIRUs allowed this
anomalous value to prevail, and the aircraft accordingly pitched nose-down.

A blog post with more detail, including a link to the final report, as well
as discussion of the certification requirements as the ATSB sees them, may
be read at

Peter Bernard Ladkin, University of Bielefeld and Causalis Limited

  [See also
  courtesy of Earl Boebert, who noted this:
    [There's] an (unverified) assertion that the Airbus flight control
    system will exercise uncommanded changes to throttle settings *without*
    moving the throttle handles in the cockpit. If true: bad robot, bad, bad
    robot. (The Boeing system supposedly has actuators on the handles and
    moves them when it decides to take over throttle control.)]

Re: Qantas terror blamed on computer (RISKS-26.67)

Robert Meineke <>
Tue, 20 Dec 2011 23:18:05 -0800

The article notes that Airbus has since tweaked its algorithms and installed
the upgraded software.  The line in the article that caught my eye was the

  "As a result of this redesign, passengers, crew and operators can be
  confident that the same type of accident will not reoccur," investigators
  have concluded.

*Will not* reoccur?  That strikes me as awfully absolute.

  [A common comment in RISKS over the years, but seemingly particularly
  relevant here!  PGN]


Diego Latella <>
Fri, 16 Dec 2011 12:30:12 +0100


9th International Conference on Integrated Formal Methods (iFM 2012)
in conjunction with ABZ 2012, in honor of Egon Boerger's 65th birthday
for his contribution to state-based formal methods

  June 18 - 22, 2012 - CNR - Pisa - ITALY

Consiglio Nazionale delle Ricerche
Istituto di Scienza e Tecnologie dell'Informazione “A. Faedo''
Formal Methods && Tools Lab.
Via Moruzzi 1 - 56124 Pisa


Applying formal methods may involve the modeling of different aspects of a
system that are expressed through different paradigms.  Correspondingly,
different analysis techniques will be used to examine differently modeled
system views, different kinds of properties, or simply in order to cope with
the sheer complexity of the system.  The iFM conference series seeks to
further research into the combination of (formal and semi-formal) methods
for system development, regarding modeling and analysis, and covering all
aspects from language design through verification and analysis techniques to
tools and their integration into software engineering practice.

Egon Boerger, University of Pisa, Italy
Muffy Calder, University of Glasgow, United Kingdom
Ian J. Hayes, University of Queensland, Australia

John Derrick, University of Sheffield, United Kingdom
Stefania Gnesi, CNR-ISTI, Italy

Diego Latella, CNR-ISTI, Italy
Helen Treharne, University of Surrey, United Kingdom

Alessandro Fantechi, Universita' di Firenze, Italy

  [Large international organizing and program committees omitted here. PGN]

Please report problems with the web pages to the maintainer