The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 26 Issue 84

Wednesday 16 May 2012

Contents

City Misses $1.6M in Parking Tickets Because of Computer Glitch
Monty Solomon
Computer Glitch Forces Johnson County Motor Vehicle Offices to Close
Sarah Clark via Monty
Computer Glitch Gave Free Education To College Students
Phil Yacuboski via Monty
Computer glitch hampers Alaska deer hunt reporting
via Monty
Computer glitch means NC jobless can't collect
via Monty
Hundreds of potential jurors mistakenly head to Placer County courthouse
Ed Fletcher via Monty
NJ toddler on no-fly list was mistakenly pulled from JetBlue flight
via Monty
Risks of financial models being gamed
Bob Frankston
Top judge: ditching software patents a "bad solution"
Lauren Weinstein
Computerized prescriptions to stop fraud—what could go wrong?
Rex Sanders
Facebook Shares More About How It Uses Your Data
Somini Sengupta via Monty
Microsoft Funded Startup Aims to Kill BitTorrent Traffic
Ernesto via Dewayne Hendricks
Comcast Wants You to Watch Commercials
Swanni via Dewayne Hendricks
Slick new type of "password"
Al Stangenberger
Paging George Orwell ...
Matthew Kruk
Researcher runs IP network over xylophones
Lauren Weinstein
Fiat Hacks Google Street View
Steven J. Greenwald
Software Engineer: 2012's Top Job
Cindy Waxer
Re: Humorous Doctor Office Interaction?
Rebecca Mercuri
Re: USPS curtailing international lithium battery shipments
Martin Ward
JC Cantrell
Never Trust a Robot, take 2
Arnt Gulbrandsen
Re: Power of Individual Voters
Mark E. Smith
Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone
Geoff Kuenning
Info on RISKS (comp.risks)

City Misses $1.6M in Parking Tickets Because of Computer Glitch

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400

JACKSONVILLE, Fla.—Thousands of first coast drivers are just now getting
parking tickets from years ago.

Last week, Lisa Crawford received a $63 bill for an unpaid $20 parking
ticket - dated September 2011.

"It was very frightening because it said it could impound my car, and I look
at September and I'm like, oh my God I'm on borrowed time," Crawford said.

The notice Crawford received from the City of Jacksonville's collection
agency was one of 24,000 sent out in the past few weeks, according to the
city's public parking officer Jack Shad.

Crawford's bill was a tiny part of $1.6 million in fines the city hadn't
reported to the collection agency because they didn't realize they were
missing. ...

http://www.firstcoastnews.com/news/article/256684/483/City-Misses-16-Million-in-Parking-Tickets-Because-of-Computer-Glitch   16 May 2012


Computer Glitch Forces Johnson County Motor Vehicle Offices to Close

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400
  (Sarah Clark)

Sarah Clark, 8 May 2012

JOHNSON COUNTY, Kan. - Oh, the joys of making a trip to the DMV, or the
motor vehicle offices, as they're called in Kansas.

Drivers in Johnson County, Kan., were turned away after a computer glitch
forced offices to close on Tuesday. A message on the Johnson County
government website read:

"The Johnson County Motor Vehicle Offices located at 782 N. Ridgeview Road
in Olathe and 6000 Lamar in Mission are closed due to technical issues with
the new MOVRS computer system, Tuesday, May 8."

Other offices in Kansas outside of Johnson County remained open.

Tuesday was the first day for the new motor vehicle system after a week-long
shutdown of all Kansas Vehicle Offices. FOX 4 talked to taxpayers on Tuesday
who feel the upgrade is not making it easier to get licenses and
registrations.

Several people waited for more than two hours on Tuesday as they tried to
renew a license or get a car registered. Daniel Corney says he was told he'd
have to wait over three hours to register his motorcycle. ...
http://fox4kc.com/2012/05/08/computer-glitch-forces-johnson-county-motor-vehicle-offices-to-close/


Computer Glitch Gave Free Education To College Students

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400
  (Phil Yacuboski)

Phil Yacuboski and WBAL-TV, 15 May 2012

Four students at the University of Maryland, Baltimore County got a free
ride, according to a state audit released Tuesday.  "A student received a
refund but had not been charged tuition for that semester," said Bruce
Myers, legislative auditor.

The errors are the result of a computer glitch.

The audit, conducted between 2008 and 2011, showed that one student was not
charged up to $8,000 in tuition and fees, but that same student also got a
financial aid refund of more than $10,000.  A second UMBC student got almost
$10,000 in financial aid and never had to pay tuition and fees. ...

http://wbal.com/article/89941/3/template-story/Computer-Glitch-Gave-Free-Education-To-College-Students


Computer glitch hampers Alaska deer hunt reporting

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400

KODIAK, Alaska (AP, 1 May 2012) - A computer glitch has resulted in
incomplete totals from data submitted online by Sitka blacktail deer hunters
around Alaska, according to state officials.

The Kodiak Daily Mirror says that hunter Joseph Mauer of Kodiak was
surprised to receive a reminder letter from the state Department of Fish and
Game asking that he resubmit his deer hunt totals from last season.

Mauer said he had already submitted his data at the end of last season using
the department's new online harvest reporting system for deer. ...

http://www.necn.com/05/01/12/Computer-glitch-hampers-Alaska-deer-hunt/landing_scitech.html?&apID=d6469ba90f4a405b8fc1feabc1bff07a


Computer glitch means NC jobless can't collect

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400

RALEIGH, N.C. - The Division of Employment Security website has been down
since late Thursday, locking out those who log on to update their benefits.

Spokesman Larry Parker said the division's web and phone services were
offline as the result of a mainframe problem, but that people could update
their files by visiting a local DES office. However, visits and calls to
offices in Raleigh, Smithfield, Durham and Cary showed computers there were
offline as well.

"They said everything was down all across the state," said Kwame Manigault.
He was trying to update his banking information at the Raleigh DES office.

  http://www.wral.com/business/story/11063925/  4 May 2012


Hundreds of potential jurors mistakenly head to Placer County

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 09:57:18 -0400
  courthouse (Ed Fletcher)

Ed Fletcher, 2 May 2012

A snafu with Placer County's automated jury notification system caused a
major traffic jam Tuesday morning for the city of Auburn and a major
headache for 600 potential jurors who arrived at the county's historic
courthouse.

The court didn't actually need any jurors Tuesday, but the automated system
told all 1,000 potential jurors that the court will need over the entire
week that they were all needed at the courthouse Tuesday, said Geoff Brandt,
assistant court executive officer for Placer County. ...
  http://www.sacbee.com/2012/05/02/4458649/hundreds-of-potential-jurors-mistakenly.html


Computer Glitch Summons Too Many Jurors, NPR, 3 May 2012

In California, the Placer County Courthouse accidentally summoned 1,200
people to jury duty on the same morning.  Taking their duty seriously,
residents tried to be on time but the traffic jam was too much.
http://www.npr.org/2012/05/03/151919620/computer-glitch-summons-too-many-jurors


NJ toddler on no-fly list was mistakenly pulled from JetBlue flight

Monty Solomon <monty@roscom.com>
Wed, 16 May 2012 08:17:56 -0400

11 May 2012, *The Star-Ledger* Continuous News Desk
http://www.nj.com/news/index.ssf/2012/05/nj_toddler_on_no_fly_list_was.html

FORT LAUDERDALE, Fla. - The 18-month-old 'no-fly-list' toddler from New
Jersey who was mistakenly removed from a flight earlier this week has
JetBlue officials scrambling this morning to cover their tracks as the story
rattles around the globe. ...

Officials confirmed an 18-month-old girl was mistakenly pulled off a JetBlue
flight before it left Fort Lauderdale because airline employees thought her
name was on the U.S. no-fly list. According to the Associated Press, a
JetBlue representative told the family their toddler was on the federal list
that includes thousands of known or suspected terrorists.

On Thursday, JetBlue said a computer glitch caused the confusion and their
employees were simply doing their jobs. The U.S. Transportation Security
Administration says the girl never was flagged by the agency.  ...


Risks of financial models being gamed

"Bob Frankston" <Bob19-0501@bobf.frankston.com>
Sun, 13 May 2012 15:16:33 -0400

More reminders with the limits on our ability to avoid risk:

http://www.nytimes.com/interactive/2012/05/12/business/at-jpmorgan-chase-a-complex-strategy-that-backfired.html

  “This strategy 2 and 3 grew so large that it became obvious to other
  investors who then saw an opportunity to bet against JPMorgan, which they
  viewed as cornered.''

This is a classic example of hubris in assuming we can triumph over risk by
being smart. Even if the financial models themselves are correct the world
is constantly reinventing itself around us. This example is especially
telling since models themselves can be gamed.


Top judge: ditching software patents a "bad solution"

Lauren Weinstein <lauren@vortex.com>
Sun, 13 May 2012 12:52:19 -0700

  Judge Michel seemed unaware of the depth of the software industry's
  dissatisfaction with the patent system. He suggested the patent system's
  critics were relatively marginal figures not representative of the views
  of the broader technology industry. And he didn't seem to understand the
  dynamics of the patent arms race currently affecting the software
  industry.  "If software is less dependent on patents, fine then. Let
  software use patents less as they choose," Michel said.  "If other
  industries are terribly dependent on patents, then let's not wreck the
  system just because software people are unhappy."
    http://j.mp/KV8TAp  (ars technica via NNSquad)

On balance, I'd ditch software patents from the system in a heartbeat.


Computerized prescriptions to stop fraud—what could go wrong?

Rex Sanders <rsanders@usgs.gov>
Sun, 13 May 2012 08:50:37 -0700

A long Associated Press story by Greg Risling describes big problems with
fraudulent drug prescriptions written on traditional prescription pads.
http://www.mercurynews.com/breaking-news/ci_20609779/prescription-pad-fraud-plays-role-abuse-surge

The solution: prescriptions sent by computer.

The very last line of the article contains this prophetic quote: "As more
(doctors) go electronic I think it will solve some problems but may create
some others."


Facebook Shares More About How It Uses Your Data (Somini Sengupta)

Monty Solomon <monty@roscom.com>
Sun, 13 May 2012 00:18:55 -0400

Somini Sengupta, *The New York Times* Blogs, 11 May 2012

How does Facebook use all the words, pictures and clicks of its 901 million
users?

A group of European college students first raised that question last
year. The Irish Data Protection Office, which regulates all of Facebook's
European data policies, took it up. On Friday, Facebook shared a bit more.

"We're adding more examples and detailed explanations to help you understand
our policies," Facebook's new chief privacy officer, Erin Egan, a veteran
privacy lawyer in Washington, wrote, in a blog post.  Facebook users can
give feedback and talk to Ms. Egan on Monday in a video chat.

The new explanations, available by clicking on the Help tab on the bottom of
the Facebook home page, include one on how cookies work on the site and what
information application developers receive when you download an app on the
Facebook platform. The explanations also inform users about who can see what
kinds of posts on their timelines. ...

http://bits.blogs.nytimes.com/2012/05/11/facebook-shares-more-about-how-it-uses-your-data/


Microsoft Funded Startup Aims to Kill BitTorrent Traffic

Dewayne Hendricks <dewayne@warpspeed.com>
Sun, May 13, 2012 at 9:08 AM

Ernesto, TorrentFreak, 13 May 2012 [via Dave Farber's IP]
http://torrentfreak.com/microsoft-funded-startup-aims-to-kill-bittorrent-traffic-120513/

The Russian based Pirate Pay startup is promising the entertainment
industry a pirate-free future. With help from Microsoft, the developers
have built a system that claims to track and shut down the distribution of
copyrighted works on BitTorrent. Their first project, carried out in
collaboration with Walt Disney Studios and Sony Pictures, successfully
stopped tens of thousands of downloads.

Hollywood, software giants and the major music labels see BitTorrent as one
of the largest threats to their business.

Billions in revenue are lost each year, they claim. But not for long if the
Russian based startup Pirate Pay has its way. The company has developed a
technology which allows them to attack existing BitTorrent swarms, making it
impossible for people to share files.

The idea started three years ago when the developers were building a
traffic management solution for Internet providers. The technology worked
well. It was able to stop BitTorrent traffic if needed, which made the
developers realize that they might have built the holy anti-piracy grail.

“After creating the prototype, we realized we could more generally prevent
files from being downloaded, which meant that the program had great promise
in combatting the spread of pirated content,'' Pirate Pay CEO Andrei Klimenko
says. ...


Comcast Wants You to Watch Commercials (Swanni)

Dewayne Hendricks <dewayne@warpspeed.com>
Tue, May 15, 2012 at 7:57 AM

<http://www.tvpredictions.com/comcast051512.htm>

Swanni, Washington, D.C. (15 May 2012)—Comcast has filed for a patent
for a new technology that would force viewers to watch ads even when they
try to skip them on their Digital Video Recorders.

That's according to an article by FierceCable.

The cable operator's move is in sharp contrast to Dish Network's new Auto
Hop DVR feature that allows viewers to watch recorded shows on the four
major broadcast networks without ever seeing a commercial.  Network
executives blasted Dish's new feature yesterday, but the satcaster said it
wants to "champion" the interests of subscribers, not advertisers or
networks.


Slick new type of "password"

Al Stangenberger <forags@sbcglobal.net>
Tue, 15 May 2012 11:42:58 -0700

I'm surprised that this idea made it out of testing and into production.

> On the subject of mobile security, new device locking features bring up
> an interesting dilemma about how gesture-based "passwords" compare to
> standard character passwords. Which is probably not very good, unless
> you keep your screen very clean and avoid greasy foods:
>
> http://news.cnet.com/8301-30685_3-57377224-264/reverse-smudge-engineering-foils-android-unlock-security/


Paging George Orwell ...

"Matthew Kruk" <mkrukg@gmail.com>
Tue, 15 May 2012 12:38:26 -0600

Talking Surveillance Cameras Coming to U.S. Streets
'Intellistreets' system now being installed with DHS backing
Paul Joseph Watson, Infowars.com, 14 May 2012

Talking surveillance cameras that bark orders at passers-by and can also
record conversations are heading for U.S. streets, with manufacturer
Illuminating Concepts announcing the progress of its 'Intellistreets'
system.

http://www.infowars.com/talking-surveillance-cameras-coming-to-u-s-streets/


Researcher runs IP network over xylophones

Lauren Weinstein <lauren@vortex.com>
Sun, 13 May 2012 08:27:48 -0700

http://j.mp/JSkhxN   (*Network World* via NNSquad)

  "Vint Cerf once wore a shirt that read "IP on Everything," a wry comment
  on the versatility of the Internet Protocol he helped invent, a protocol
  that underlies all Internet communication.  Now a University of California
  Berkeley researcher [R. Stuart Geiger] has put Cerf's maxim to the test,
  running an IP network over a set of xylophones, played by human
  participants."

Wait until they hit their XSP (Xylophone Service Provider) bandwidth cap
and get throttled back to wood blocks.

Video of the "Xylophone Internet" in action:
  http://j.mp/JSp7Lq  (YouTube)


Fiat Hacks Google Street View

"Steven J. Greenwald" <sjg6@gate.net>
Wed, 16 May 2012 13:38:40 -0400 (GMT-04:00)

Fiat hacks Google Street View to spoof Volkswagen in Sweden.
You really have to see the photo to appreciate this.
http://jalopnik.com/5910448/fiat-photo-bombs-volkswagen-with-elaborate-street-view-prank
  [or google "Fiat Trolls Volkswagen via Street View", or perhaps
http://maps.google.com/maps?q=volkswagen+sweden&hl=en&ll=59.181714,17.586626&spn=0.00136,0.002097&sll=59.181551,17.586550&layer=c&cid=1362125120364416158&cbp=13,198.44,,1,2.22&cbll=59.181714,17.586626&hq=volkswagen+sweden&t=h&z=19&panoid=ebSs3p7LrFFximxEf76g2g
  PGN]


Software Engineer: 2012's Top Job (Cindy Waxer)

ACM TechNews <technews@HQ.ACM.ORG>
Wed, 16 May 2012 11:19:14 -0400

Cindy Waxer, *InformationWeek*, 15 May 2012, via ACM TechNews

A recent CareerCast.com study ranked software engineer as the top job for
2012 based on five criteria, including salary, stress levels, hiring
outlook, physical demands, and work environment.  Software engineer ranked
higher than doctor, Web developer, computer programmer, and financial
planner due to tremendous demand and outstanding salary.  The U.S. Bureau of
Labor Statistics recently found that the median pay for software engineers
was $90,530 per year in 2010.  In addition, the demand for software
engineers is on the rise, with an estimated growth rate of 30 percent
between 2010 and 2020.  "Over the last few years there's definitely been a
20 percent to 25 percent uptick in salary for software engineers," says
Monetate's Tom Janofsky.  "I feel like I live in a different economy.  We're
constantly hiring."  Other benefits for software engineers are
collaboration, creative thinking, and hands-on experimentation that can
support a career in a continuous state of evolution.  Software engineers
also enjoy a lot of flextime, interesting colleagues, and a collaborative,
team-oriented work environment.  "A lot of what we do is about failing,
doing something wrong, and then going back and looking at the problem
again," Janofsky says.
http://www.informationweek.com/news/global-cio/careers/240000347


Re: Humorous Doctor Office Interaction? (Nettesheim, RISKS-26.83)

Rebecca Mercuri <notable@mindspring.com>
Sun, 13 May 2012 11:14:40 -0400

The Patient Privacy Notice situation has been problematic for some
while. These agreements, created in order to comply with HIPAA regulations,
make it difficult (if not impossible) for the doctor to allow a relative to
received or review the patient files, even and especially if the person
becomes fully incapacitated, is unmarried (often only a spouse can gain
access, hence why there is such a debate over who can be married to whom),
and doesn't have a power of attorney or guardianship appointed.

I wrote at length about the computer security aspects of the HIPAA
legislation back in 2004—see:
  http://www.notablesoftware.com/Papers/HIPAA.html


Re: USPS curtailing international lithium battery shipments

Martin Ward <martin@gkc.org.uk>
Sun, 13 May 2012 09:02:44 +0100

On Sunday 13 May 2012 at 06:02, RISKS List Owner <risko@csl.sri.com> wrote:
> "Primary lithium metal or lithium alloy (non-rechargeable) cells and
> batteries, or secondary lithium-ion cells and batteries (rechargeable),
> regardless of quantity, size, or watt hours,

"regardless of watt hours"? What about the tiny batteries inside hearing aids?
A quick search found various lithium batteries with usual nominal 3 volt
rating and a capacity of just 15 mAh: these are used extensively in "blinkies"
http://en.wikipedia.org/wiki/Blinky_%28novelty%29
15 mAh at 3 volts is 0.045 watt hours, or 162 Joules or 40 calories
(0.04 food Calories).

This is enough energy to raise the temperature of 1Kg of water by 0.04
degrees C, or equivalently to raise the temperature of 10g of water by 4
degrees C.

And this is supposed to bring down an airplane?

About as likely as being able to do so with a 110 mL tube of toothpaste!

STRL Reader in Software Engineering and Royal Society Industry Fellow
martin@gkc.org.uk  http://www.cse.dmu.ac.uk/~mward/


Re: USPS curtailing international lithium battery shipments ...

JC Cantrell <jccant@pacbell.net>
Mon, 14 May 2012 11:15:36 -0700 (PDT)

"...hmm, wonder what's in my ultrasonic tapeless tape measure?"

I wonder what's in that musical Mother's Day card you just sent. And, how long before the Dept. of Homeland Security comes to visit?


Never Trust a Robot, take 2 (Re: RISKS-26.83)

Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
Mon, 14 May 2012 12:50:08 +0200

In RISKS-26.83, a note is forwarded from/via Steve Greenwald about a sailing
accident: Perhaps the crew "had the electronic chart zoomed out to a point
where the Coronado Islands no longer showed up, and so had no warning that
their track would take them straight into a rock".

The GPS car navigation systems I've seen all exaggerate the widths of roads
to make them clearly visible. Which has its risks, of course. But a zoom
function that deemphasizes reefs and islands and uses all of its pixes to
show deep blue sea seems worse.


Re: Power of Individual Voters (Rees, RISKS-26.83)

"Mark E. Smith" <mymark@gmail.com>
Sun, 13 May 2012 00:30:02 -0700

> "Those who control the processes control the declared result.  The blank
> votes, or refusal to vote, can be overcome just like the elections that
> declare 99% support for dictators."

Those elections assume everyone is registered and votes. Blank or protest
votes are easy to control, but it takes no special knowledge or access, is
easy to spot, and rarely escapes notice whenever a US voting district counts
a few thousand more votes than it has registered voters.

The real problem here is that when a district with say, 300 registered
voters, tallies 3,000 votes for the candidate who wins, elections officials
are not required to do anything at all except to state that the "computer
glitch" was harmless and did not change the results of the election.


Re: Disruptions: Indiscreet Photos, Glimpsed Then Gone: Nick Bilton

Geoff Kuenning <geoff@cs.hmc.edu>
Mon, 14 May 2012 18:06:30 -0700
  (RISKS-26.83)

> ... Snapchat allows a person to take and send a picture and control how
> long it is visible by the person who receives it, up to 10 seconds.  After
> that, the picture disappears and can't be seen again. If the person
> viewing the picture tries to use an iPhone feature that captures an image
> of whatever is on the screen, the sender is notified.

If they have a friend nearby during those ten seconds, is it also wiped from
the friend's mind?

And if the quick-witted friend uses their own phone to snap the screen...

Geoff Kuenning   geoff@cs.hmc.edu   http://www.cs.hmc.edu/~geoff/

Please report problems with the web pages to the maintainer

Top