Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Jonah Lehrer, Trials and Errors: Why Science is Failing Us, *WiReD* Jan 2012 http://www.wired.com/magazine/2011/12/ff_causation/all/1 Thanks to Kenneth Olthoff for spotting this one. He commented "on how assumptions about our ability to deduce causality sometimes lead to poor outcomes." Jonah Lehrer's article says that "The story of torcetrapib is a tale of mistaken causation" relating to basing analysis on significantly incorrect assumptions about the effects of raising HDL and lowering LDL. "Because scientists understood the individual steps of the cholesterol pathway at such a precise level, they assumed they also understood how it worked as a whole." The article suggests many broader implications relating to modern science overall. This may seem far afield from computer-related risks, but it is exactly the type of problem with emergent properties that result from compositions of subsystems. The results are not "side-effects", but rather "effects" that must be understood systemically, exactly as is the case with pharmaceuticals.
Fukushima radiation spreads worldwide * The University of California at Berkeley detected cesium levels in San Francisco area milk above over [sic] EPA limits ... and even higher than they were 6 months ago. * Finnish public television says that cesium from Fukushima has been detected in lichens, fungi and elk and reindeer meat in Finland. * The Australian Radiation Protection and Nuclear Safety Agency confirmed a radiation cloud over the East Coast of Australia. * The West Coast of Canada is getting hit by debris from Japan, and at least some of it is likely radioactive. The authors of the controversial study claiming 14,000 deaths in the U.S. so far from Fukushima are now upping their figure to 20,000. [Source: author unspecified, WashingtonsBlog, 18 Jan 2012] http://www.washingtonsblog.com/2012/01/fukushima-radiation-spreads-worldwide.html
On Point with Tom Ashbrook, 12 Jan 2012 Detroit wants to turn your car into a rolling internet connection. We'll look at cars as the Web on wheels. You may think your car has enough bells and whistles. Detroit and the rest of the auto-making world do not. The Detroit Auto Show this week is brimming with roll-outs and announcements and hints of a super high tech future for cars. Cars that are one with the Internet and GPS and your home computer and the e-cosmos in the cloud. Cars that watch the road, watch you, watch your Facebook page, your heart rate, your smart phone. Cars that watch each other, like a flock of birds. This hour, On Point: Ready or not, cars that are the "Web on wheels," and more. -Tom Ashbrook Guests * Michelle Krebs, senior analyst at Edmunds.com. * Hiawatha Bray, tech reporter and columnist for the Boston Globe. * Doug Newcomb, senior editor of the Technology section at Edmunds.com. * Jim Buczkowski, director of Research and Advanced Engineering at Ford Motor Company. http://onpoint.wbur.org/2012/01/12/the-wired-car http://onpoint.wbur.org/media-player?url=http://onpoint.wbur.org/2012/01/12/the-wired-car&title=The+Wired+Car&pubdate=2012-01-12&segment=1&source=onpoint http://audio.wbur.org/storage/2012/01/onpoint_0112_1.mp3
A "Sports Illustrated" article, "New IndyCar race director ready to rewrite rules" caught my eye. Radios are currently used at the Indianapolis Motor Speedway to communicate with drivers and their pit crews. http://sportsillustrated.cnn.com/2012/racing/01/04/beaux.barfield.indycar.ap/index.html The new race director, Beaux Barfield, will propose using the track's Internet system to send instant messages instead to communicate between the pit crews and the control tower. Barfield believes that if instant messaging had been in use in a recent controversial race, "All those messages would have popped right up on my screen, and I would have seen them light up." Instant messaging for communication during events that happen quickly and at high speed. Hmmm, I hope they can type fast, and that their network doesn't have problems during the race. What could go wrong? [Get SIRI-ous? Voice-operated messages might be a little better, but still rather distracting for the driver. PGN]
The overnight British Airways trip from Miami to London's Heathrow Airport was thrown into panic after a recorded message mistakenly announced their plane was about to crash in the ocean. Thirty seconds later, a crew member casually announced that the prerecorded announcement was played accidentally and there was no risk. http://www.nydailynews.com/news/world/passengers-british-airways-flight-terrified-message-warns-crash-landing-article-1.1007868 Jim Reisert AD1C, <jjreisert@alum.mit.edu>, http://www.ad1c.us [Also noted by ABCNEWS. PGN] http://abcnews.go.com/blogs/headlines/2012/01/british-airways-errs-in-crash-warning-to-passengers/
https://science.slashdot.org/story/12/01/21/1345247/lawyer-demands-pacemaker-vendor-supply-source-code oztiks writes "Lawyer Karen Sandler's heart condition means she needs a pacemaker to ward off sudden death. Instead of trusting that the vendor will create a flawless platform for the device to operate, Sandler has demanded to see the device's source code. Sandler's reasoning brings into question the device's reliably, stability, and oddly enough, security." http://www.zdnet.com.au/cyborg-lawyer-demands-software-source-339330089.htm
Unemployed doorman Alexis Rodriguez couldn't believe his eyes when he opened an envelope from Bronx-Lebanon Hospital last week and saw what he appeared to owe. His amount due was $44,776,587 for outpatient services that in reality amounted to no more than $300. The billing firm, PHY Services, said it was a simple mistake: The subcontractor that prints the bills put the invoice number into the *amount due* field. https://www.nydailynews.com/life-style/health/44-million-bill-bronx-lebanon-hospital-article-1.1006744
One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table. In this case, the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers. [...] [Source: Nicole Perlroth, *The New York Times*, 22 Jan 2012] http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html?_r=1&partner=rss&emc=rss&pagewanted=all
"Belarus: small. Proud. Kvass-drinking. A long history of dubious human rights and piddling dictatorship. And now, bound to a law that makes it illegal to browse foreign websites." ... http://j.mp/xIK0Vk (Sam Biddle, Gizmodo)
"The world's congested mobile airwaves are being divided in a lopsided manner, with 1 percent of consumers generating half of all traffic. The top 10 percent of users, meanwhile, are consuming 90 percent of wireless bandwidth." http://j.mp/ybfqiA (Kevin J. O'Brien, *The New York Times*) Once again we get a story warning us that the bad people are using up the Internet. It was in both the NYT and Macworld: http://www.arieso.com/news-article.html?id=3D89 http://www.nytimes.com/2012/01/06/technology/top-1-of-mobile-users-use-half-of-worlds-wireless-bandwidth.html http://www.macworld.com/article/164665/2012/01/study_iphone_4s_users_consume_the_most_data.html What makes this version particularly odious is that it plays upon the 1% meme. I'm well-practiced in debunking this kind of story by comparing it the modem crisis in the 1990's when we were warned that bad people were using modems to destroy the phone network so grandma can't make calls. This is part of a PR offensive by the cellular industry—look at those interviewed and all of those unnecessarily loaded words. I know I'm not alone in this understanding but where is the critical reporting on this subject? Typically when the press reports biased stories in politics the politicians are supposed to defend themselves by saying the other candidates should spend money to counter the stories. (Not a great system but that's another subject) In this case what is the constituency that pushes back on this story? I did post http://rmf.vc/Plight. Where are others? Of course it would be nice if reporters were more knowledgeable but that may be expecting too much. There are knowledgeable reporters but they aren=92t necessarily the ones assigned to dealing with this "story".
Vint Cerf op-ed in *The New York Times* http://j.mp/wwL9Ip (New York Times) "Improving the Internet is just one means, albeit an important one, by which to improve the human condition. It must be done with an appreciation for the civil and human rights that deserve protection - without pretending that access itself is such a right."
(Ian Paul) Ian Paul, Megaupload file seizure shows why many cautious about the cloud The takedown of the file-sharing site over copyright violations provides a warning about being careful where you store stuff. *ITBusiness*, 21 Jan 2011 http://www.itbusiness.ca/it/client/en/home/News.asp?id=65749 Megaupload users are crying foul after their personal files, not necessarily copyright-infringing material, stored with the file-sharing service was seized on Thursday along with a trove of illegally distributed copyrighted works. Some of those users took to Twitter complaining about the loss of their files, as first reported by TorrentFreak. "I had files up there...gone forever..and they were personal recordings! No copyright infringement!" said Twitter user J. Amir. Another user complained that her work files were now gone, and others used more colorful language to describe their predicament. See also Nancy Gohring, IDG News Service, *InfoWorld*, 20 Jan 2012: Fake Megaupload sites pose a security risk; Some sites that could be phishing operations claim to be the relaunched Megaupload http://www.infoworld.com/d/security/fake-megaupload-sites-pose-security-risk-184680
A grieving mother has told how Internet scammers set up a Facebook site asking for donations to help fund a heart transplant - for her dead daughter. The fraudster was asking Facebook users to 'share' a link, claiming that if 1,000 people do so, Zoe would get a free heart transplant. Further links were placed in the captions, which directed users to a counterfeit donation page, and then the donations were routed to the false charity bank account via PayPal. http://www.dailymail.co.uk/news/article-2088292/Conmen-set-Facebook-site-asking-donations-help-fund-heart-transplant-dead-toddler.html This could have been done without Facebook, it just would have been harder. Jim Reisert AD1C, <jjreisert@alum.mit.edu>, http://www.ad1c.us
A brazen hi-tech heist over three days has left Postbank, part of the South African Post Office, out of pocket to the tune of 42 million Rand ($5.2M). A senior IT and banking security expert said yesterday: "The Postbank network and security systems are shocking and in desperate need of an overhaul. This [theft ] was always going to be a very real possibility." http://www.timeslive.co.za/local/2012/01/15/it-was-a-happy-new-year-s-day-for-gang-who-pulled-off...r42m-postbank-heist [See also John E. Dunn, Gang pulls off $5.2 million bank job via remote access Glaring IT weaknesses scupper South African bank, *IT Business*, 19 Jan 2012; PGN] http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=65721
Saudi hackers claimed to have published the credit card details of 400,000 Israelis. Credit card companies say only hundreds of authentic card numbers were published in reality. A representative from Visa told Israel Radio it would call customers in the morning to update them on the status of their accounts. The hackers published the list of cards, names and other personal details on the One sports website, which was hacked... http://www.jpost.com/International/Article.aspx?id=251943 [Also reported by Isabel Kershner in *The New York Times*, 7 Jan 2012, Cyberattack Exposes 20,000 Israeli Credit Card Numbers and Details About Users PGN] http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html
Nanette Asimov, *San Francisco Chronicle*, 13 Jan 2012
Personal banking information and other data from perhaps tens of thousands
of students, faculty and administrators at City College of San Francisco
have been stolen in what is being called "an infestation" of computer
viruses with origins in criminal networks in Russia, China and other
countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after
Thanksgiving, when the college's data security monitoring service detected
an unusual pattern of computer traffic, flagging trouble.
http://bit.ly/xIsyh9
This is the scary part:
"It's likely that personal computers belonging to anyone who used a flash
drive during the past decade to carry information home were also affected."
Tim Hortons is a major Canadian chain of coffee-and-doughnut shops, many of which have drive-up windows. According to police, two thieves in Toronto (now arrested) committed a series of thefts as follows. They would drive to a Tim Hortons drive-up window, order something, and ask to pay by debit. When the clerk handed out the portable keypad for the driver to enter his PIN, he would take out a wire cutter, cut the keypad free, and drive off with it. Reports say that the keypads could have been reinstalled in retail locations after being modified into Trojan horses to capture debit card numbers and PINs. http://www.cbc.ca/news/canada/toronto/story/2012/01/09/hortons-pin-machines-stolen.html http://news.nationalpost.com/2012/01/09/a-double-double-a-doughnut-and-your-pin-pad-two-charged-in-tim-hortons-thefts/ Mark Brader, Toronto | "Every new technology carries with it an opportunity msb@vex.net | to invent a new crime" —Laurence A. Urgenson
Police here in Ontario, Canada, have been seeing a substantial increase in the number of false-alarm calls to the emergency phone number 911 when no call was intended at all—"pocket dialing" or "butt dialing". Since a call with no one talking might still be a real emergency, this ties up police resources. In Toronto, about 10% of 911 calls in 2011 were pocket-dialed calls. One of them came from the acting deputy police chief while he was playing golf; another caller said "I call you guys, like, every day... if you see my number, it's an accident". The statistics are even worse in some outer parts of the Greater Toronto Area, which I suppose have fewer genuine emergencies per capita: 14% in Halton Region, 33% in Peel Region, and 37% in York Region! Police are now campaigning to ask cellphone users to "lock it before you pocket", but some smartphones can dial 911 even when the phone is locked. * http://news.nationalpost.com/2012/01/09/ontarios-911-lines-being-smothered-by-pocket-dials/ * http://www.thestar.com/news/article/1112495--any * http://www.yorkregion.com/news/article/1276413--any * http://www.torontosun.com/2012/01/08/cops-concerned-about-mistaken-911-call Mark Brader, Toronto | Subway Emergency Instructions... msb@vex.net | * Do not pull the emergency cord. —MTA, NYC
Government Withholds Information on Drone Flight Authorizations San Francisco - The Electronic Frontier Foundation (EFF) filed suit today against the U.S. Department of Transportation (DOT), demanding data on certifications and authorizations the agency has issued for the operation of unmanned aircraft, also known as drones. Drones are designed to carry surveillance equipment—including video cameras, infrared cameras and heat sensors, and radar—that can allow for sophisticated and almost constant surveillance. They can also carry weapons. Traditionally, drones have been used almost exclusively by military and security organizations. However, the U.S. Customs and Border Protection uses drones inside the United States to patrol the U.S. borders, and state and local law enforcement are increasingly using unmanned aircraft for investigations into things like cattle rustling, drug dealing, and the search for missing persons. Any drone flying over 400 feet needs a certification or authorization from the Federal Aviation Administration, part of the DOT. But there is currently no information available to the public about who specifically has obtained these authorizations or for what purposes. EFF filed a Freedom of Information Act request in April of 2011 for records of unmanned aircraft activities, but the DOT so far has failed to provide the information. "Drones give the government and other unmanned aircraft operators a powerful new surveillance tool to gather extensive and intrusive data on Americans' movements and activities," said EFF Staff Attorney Jennifer Lynch. "As the government begins to make policy decisions about the use of these aircraft, the public needs to know more about how and why these drones are being used to surveil United States citizens." Dozens of companies and research organizations are working to develop even more sophisticated drones, so their use is poised for a dramatic expansion in the coming years. Meanwhile, news reports indicate that the FAA is studying ways to integrate more drones into the national airspace because of increased demand from federal, state, and local governments. EFF's lawsuit asks for immediate response to our FOIA request, including the release of data on any certificates and authorizations issued for unmanned aircraft flights, expired authorizations, and any applications that have been denied. "The use of drones in American airspace could dramatically increase the physical tracking of citizens =96 tracking that can reveal deeply personal details about our private lives," said Lynch. "We're asking the DOT to follow the law and respond to our FOIA request so we can learn more about who is flying the drones and why." Jennifer Lynch, Staff Attorney, Electronic Frontier Foundation jlynch@eff.org +1 415-436-9333 x136 For the full complaint: https://www.eff.org/sites/default/files/filenode/EFFDroneComplaint.pdf For more on this case: https://www.eff.org/deeplinks/2012/01/drones-are-watching-you Find out more at https://www.eff.org.
This book presents an approach to the design and development of systems with stringent safety requirements. It is based on Nancy's STAMP model for safety, which she has been developing and applying for the past decade. The book is counter-cultural in many respects, and may be of significant interest to some of you particularly involved in system safety. It is by no means a complete approach to developing safe systems, but it may have considerable merit as one more structured approach. Nancy G. Leveson Engineering a Safer World: Systems Thinking Applied to Safety MIT Press, 2011, xx+534 A brief overview of the Table of Contents gives you an idea of the scope of the book. Foundations: Why Do We Need Something Different? Questioning the Foundations of Traditional Safety Engineering System Theory and its Relationship to Safety STAMP: An Accident Model Based on System Theory A Systems-Theoretic View of Causality A Friendly Fire Accident Using STAMP Engineering and Operating Safer Systems using STAMP Fundamentals STPA: A New Hazard Analysis Technique Safety-Guided Design Integrating Safety into System Engineering Analyzing Accidents and Incidents (CAST) Controlling Safety during Operations Managing Safety and the Safety Culture SUBSAFE: An Example of a Successful Safety Program Four Appendices: Definitions The Loss of a Satellite A Bacterial Contamination of a Public Water Supply A Brief Introduction to System Dynamics Modeling References Index
Please report problems with the web pages to the maintainer