The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 26 Issue 96

Wednesday 1 August 2012

Contents

More on election risks: Brennan Center study
PGN
Internet Voting Systems at Risk
Martha T
Moore via ACM TechNews
Oakland police radios fail during Obama visit
Jaxon Van Derbeken via Paul Saffo
Startup claims 80% of its Facebook clicks are bots, not people
Mark Thorson
Dropbox confirms it got hacked, will offer two-factor authentication
Jon Brodkin via Monty Solomon
Attack against Microsoft scheme puts hundreds of crypto apps at risk
Dan Goodin via Monty Solomon
"Microsoft hits Java where it hurts"
Woody Leonhard via Gene Wirchenko
Attack against Microsoft scheme puts hundreds of crypto apps at risk
ars technica via Lauren Weinstein
Google Failed to Delete All Street View Data, Drawing U.K. Ire
Monty Solomon
Chief developer quits OAuth2.0: I failed, We failed
jidanni
Hacking attacks on printers still not being taken seriously
Mark Piesing via Monty Solomon
General warns of dramatic increase in cyber-attacks on U.S. firms
Lauren Weinstein
Don't believe the Skype: it may not be as private as you might think
Dan Gillmor via Lauren Weinstein
Is This Anonymous Group Behind the New York Times WikiLeaks Hoax?
Lauren Weinstein
"First strain on Olympic networks seen"
Brandon Butler via Gene Wirchenko
Don't tweet if you want TV, London fans told
Reuters
Re: Olympics security poster 'gibberish'
Jeremy Epstein
World Wide Web - Inventor
Chris J Brady
Re: Who Really Invented the Internet?
Larry Press
Info on RISKS (comp.risks)

More on election risks: Brennan Center study

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 1 Aug 2012 9:20:19 PDT

New Brennan Center study outlines how officials can cure election design
defects, save votes
Several hundred thousand votes lost from design flaws in recent elections:
http://www.brennancenter.org/content/resource/study-design-flaws-contribute-to-hundreds-of-thousands-of-lost-votes-in-recent-elections.html
BrennanCenter study http://ow.ly/cBYyB #votingrights

DESIGN FLAWS CONTRIBUTE TO HUNDREDS OF THOUSANDS OF LOST VOTES IN RECENT
ELECTIONS

Report Details Major Ballot Design Problems, Proposes Non-Partisan Solutions
Contact: Erik Opsal, erik.opsal@nyu.edu  1-646-292-8356

Design defects in ballots, voter instructions, and voting machines
contributed to the loss of several hundred thousand votes in the most recent
national elections, a new Brennan Center for Justice study found.
http://www.brennancenter.org/content/resource/better_design_better_elections

In addition, the report notes that in the 2008 and 2010 general elections
combined, as many as 400,000 people had their absentee or provisional ballot
rejected because they made technical mistakes completing forms or preparing
and returning the envelope. Poor design increases the risk of lost or
misrecorded votes among all voters, but the risk is even greater for
particular groups, including low-income voters, and the elderly.

The comprehensive study outlines simple measures election officials can take
before November to cure design defects and ensure every voter can cast a
ballot that counts. View a
slideshow of design flaws and solutions in recent national elections.
http://www.brennancenter.org/page/-/Democracy/VRE/Better_Design_Slideshow.pdf

"In the age of smartphones and tablets, many have realized the importance of
good design and usability, but American elections are still marred by major
design problems, " said Lawrence Norden, deputy director of the Center's
Democracy Program and co-author of Better Design, Better Elections. "The
rise of absentee and provisional voting since 2000 has made ballot design in
our elections even more important. If a voter takes the responsibility to
vote, election officials must do everything in their power to make sure that
vote counts."

The Brennan Center's report details four design and usability problems in
2008 and 2010. Here are a few select examples:

Problem 1: Ballot Layouts that Invite Overvotes or Undervotes

* In East St. Louis, IL in 2008, the ballot design led 1 in 10 voters to
  skip the U.S. Senate contest by mistake because of an inadequate header
  identifying the race. More than twice as many votes were lost in East
  St. Louis than the rest of the state. The Brennan Center's revised ballot
  (page 17) could have saved many hundred votes.

Problem 2: Poor Voter Instructions

* In the governor's contest in Ohio in 2010, several counties reported
  unusually high numbers of voters selecting more than one candidate. The
  culprit appears to be the instructions, which state "select the set of
  joint candidates of your choice." In Cuyahoga County alone, more than
  2,000 voters did not have their vote for governor counted because they
  selected more than one gubernatorial candidate. The Brennan Center's
  suggestion for revising the instruction appears on page 25.

Problem 3: Unclear Voting Machine Messages

* Tens of thousands of votes were not counted in 13 Florida counties in 2008
  and in New York State in 2010 because of ineffective overvote warnings. If
  a voter selected too many candidates in a race, a confusing error message
  appeared. If the voter pressed the green "Accept" button, marked with a
  check, the ballot would be cast with the overvote, and the vote would be
  lost. The Brennan Center's suggested fixes appear on pages 27 and 28.

Problem 4: Difficult Absentee and Provisional Ballot Envelopes

* In Minnesota in 2008, nearly 4,000 absentee ballots were not counted
  because the envelope was not signed. Recognizing the problem, the
  Minnesota Secretary of State's office worked with design, usability, and
  plain language experts in 2009 and 2011 to improve the ballot envelope.
  The changes made to the envelope can be found on pages 31 and 33.

"The design flaws that this report documents are not difficult or unknown
problems," said Whitney Quesenbery, co-author of the report and a user
experience researcher. "I hope that this stark evidence of lost votes
inspires every election official to follow good design principles, and test
their work to be sure that voters understand how to fill out forms and mark
their ballots so their votes will be counted."

As election officials finalize ballots and other election forms in the next
several weeks, the Brennan Center's report recommends several simple
measures that can be taken to ensure votes are counted accurately. Election
officials should:

1.  Review data on lost votes to determine what problems they may encounter
    in November.

2.  Create a checklist of design best practices to make ballots and other
    election materials better organized and easily comprehensible.

3.  Conduct usability testing to uncover potential problems that may arise.

4.  Make voters aware of potential problems if those issues cannot be
    addressed before the election.

The Center's study provides four case studies that demonstrate the powerful
impact usability testing, voter education, and other corrective action
before an election can have in reducing voter error in elections (beginning
on page 36).

For all the latest voting rights news, view the Brennan Center's Election
2012 page <http://www.brennancenter.org/content/election2012>.

Brennan Center for Justice at NYU School of Law | 161 Avenue of the
Americas, 12th Floor | New York, NY 10013 | 646.292.8310 phone |
212.463.7308 fax  brennancenter@nyu.edu
Erik Opsal at erik.opsal@nyu.edu  646-292-8356.

  [See also
http://www.nytimes.com/2012/08/01/us/voting-systems-plagues-go-far-beyond-identification.html]


Internet Voting Systems at Risk (Martha T. Moore)

ACM TechNews <technews@HQ.ACM.ORG>
Wed, 25 Jul 2012 12:17:14 -0400

Martha T. Moore, *USA Today*, 25 Jul 2012, via ACM TechNews

Online voting systems set up by many states are vulnerable to hacking when
they allow voters to return ballots online, via email, or Internet fax,
according to a new report from the Verified Voting Foundation and Common
Cause Education Fund.  The report says all states should require overseas
ballots to be mailed in because even faxed ballots cannot be independently
audited.  The report also rates states based on their ability to accurately
count votes.  The report found that Colorado, Delaware, Kansas, Louisiana,
Mississippi, and South Carolina are the least prepared in terms of handling
voter problems, while Minnesota, New Hampshire, Ohio, Vermont, and Wisconsin
are the most prepared.  "The security environment is not what it needs to be
to cast ballots over the Internet," says the Common Cause's Voting Integrity
Campaign's Sussanah Goodman.  West Virginia launched a pilot program in 2010
to enable troops overseas to vote via a secure Web site.  The program
boosted voter participation for absentee ballots from 58 percent to 76
percent.
http://www.usatoday.com/NEWS/usaedition/2012-07-25-State-Voting-study_ST_U.htm


Oakland police radios fail during Obama visit (Jaxon Van Derbeken)

Paul Saffo <paul@saffo.com>
Thu, 26 Jul 2012 17:09:20 -0700

Oakland's system is a special case because of bad design, but this points up
the risks of all of the new digital trunked systems.

Jaxon Van Derbeken <jvanderbeken@sfchronicle.com>,
*San Francisco Chronicle*, 25 Jul 2012

A major portion of Oakland's troubled police radio system failed shortly
after President Obama's visit on 23 Jul 2012, leaving many of the 100
officers assigned to handle presidential security unable to communicate as
protesters roamed the streets.  "The guys downtown couldn't talk to one
another," said Barry Donelan, head of the Oakland Police Officers
Association.  "It was a train wreck," said Lt. Fred Mestas, who was on duty
downtown during and after Obama's speech at a fundraiser at the Fox Theater.

Police said officers were suffering sporadic communications problems
throughout the time Obama was inside the Fox on Telegraph Avenue, as well as
before and afterward.  At one point, Mestas said, officers couldn't talk to
the Police Department's dispatch center.  "That lasted about 30 minutes,"
Mestas said. "When you have the president there, 30 seconds is too long."

Problems worsen

The communications issues became severe around 10 p.m., about an hour after
Obama left Oakland, city officials said. At that point, police were keeping
an eye on demonstrators who had protested during Obama's visit and lingered
after he left, occasionally blocking streets. The protests proved to be
largely peaceful.  "Any radio failure puts officers at risk, but this was a
critical situation to provide safety and security for the president and the
public," said Donelan, whose union has been outspoken about the radio
system's problems.

The year-old system has been plagued by breakdowns and dead zones that have
left officers' digital radios prone to blackouts across the city and in most
commercial buildings, including the basement of police headquarters. A
city-hired consultant said last week that the system was not up to urban
standards.

Regional option

The city has so far rejected joining forces with an Alameda-Contra Costa
counties regional authority composed of 40 other police and firefighting
agencies that is building its own radio system. City Administrator Deanna
Santana said she needs to know more about the costs and benefits of the
regional network before recommending to the City Council whether to drop
Oakland's system.

Oakland paid $18 million for the radio system when it became operational
last year, largely using grant money. The city built it in consultation with
the Richmond office of Dailey and Wells, the local representative for the
radio system manufacturer, Harris Corp. of Florida.

According to city officials, the problems Monday night were caused by the
failure of a cooling unit used on a transmission tower at Gwin Reservoir in
the Oakland hills. The tower overheated, causing "severe" communications
problems after 10 p.m., said Sgt. Chris Bolton, chief of staff for Police
Chief Howard Jordan. The problem was diagnosed by about 12:30 a.m. Tuesday.

Fixed next day Karen Boyd, spokeswoman for the city, said the unit was less
than 6 months old and that the vendor, Emerson Network Systems, "took full
responsibility" for the breakdown.

The cooling unit was replaced by midday, but service was not fully restored
until about 6 p.m. Tuesday, Bolton said. In the meantime, officers in and
around downtown continued to have communications problems.

Bolton said he was on duty Monday night and was among those who had trouble
contacting fellow officers. "Obviously, we want a reliable radio system," he
said.

Donelan called the police radio network "inadequate."

"It's touch and go every day with this system," Donelan said. "It just
happened that one of the antennas went down when the president of the United
States was here."

Regional system

Bill McCammon, executive director of the regional authority building its own
network, said city officials reached out to him the day after Obama's visit
and want to meet next week about the interagency system, which will be fully
functional in September.

"We're eager to work with them," McCammon said.

Pleasant Hill Police Chief Pete Dunbar, a former Oakland police officer who
is on the regional system's board, said he hopes the episode will help
persuade the city to join its neighbors' transmission network.

"When you have the president of the United States in town and your system
goes down," he said, "you wonder what could happen next."

Dunbar added, "These stories (about failures) go on and on. But for the
grace of God, nobody has gotten hurt. But if you keep this up, it's just a
matter of time."

http://www.sfgate.com/default/article/Oakland-police-radios-fail-during-Obama-visit-3736022.php


Startup claims 80% of its Facebook clicks are bots, not people

Mark Thorson <eee@sonic.net>
Tue, 31 Jul 2012 18:46:34 -0700

A startup instrumented their website to determine why only about 20% of
visitors from Facebook clicks had javascript turned on.  They claim to have
determined that the other 80% appear to be bots.  They were being charged
for these clicks, so they've decided to leave Facebook.

http://techcrunch.com/2012/07/30/startup-claims-80-of-its-facebook-ad-clicks-are-coming-from-bots


Dropbox confirms it got hacked, will offer two-factor authentication

Monty Solomon <monty@roscom.com>
Wed, 1 Aug 2012 09:28:08 -0400
  (Jon Brodkin)

Spammers used stolen password to access list of Dropbox user e-mails.

Jon Brodkin, Ars Technica, 31 Jul 2012

A couple of weeks ago Dropbox hired some "outside experts" to investigate
why a bunch of users were getting spam at e-mail addresses used only for
Dropbox storage accounts. The results of the investigation are in, and it
turns out a Dropbox employee's account was hacked, allowing access to user
e-mail addresses.

In an explanatory blog post, Dropbox today said a stolen password was "used
to access an employee Dropbox account containing a project document with
user email addresses." Hackers apparently started spamming those addresses,
although there's no indication that user passwords were revealed as
well. Some Dropbox customer accounts were hacked too, but this was
apparently an unrelated matter. "Our investigation found that usernames and
passwords recently stolen from other websites were used to sign in to a
small number of Dropbox accounts," the company said.

Dropbox noted that users should set up different passwords for different
sites. The site is also upping its own security measures.  In a few weeks,
Dropbox said it will start offering an optional two-factor authentication
service. This could involve users logging in with a password as well as a
temporary code sent to their phones. ...

http://arstechnica.com/security/2012/07/dropbox-confirms-it-got-hacked-will-offer-two-factor-authentication/


Attack against Microsoft scheme puts hundreds of crypto apps at risk

Monty Solomon <monty@roscom.com>
Wed, 1 Aug 2012 09:28:08 -0400
  (Dan Goodin)

Dan Goodin, Ars Technica, 31 Jul 2012
Cloud-based service requires an average of 12 hours to decrypt VPN traffic.

Researchers have devised an attack against a Microsoft-developed
authentication scheme that makes it trivial to break the encryption used by
hundreds of anonymity and security services, including the iPredator virtual
private network offered to users of The Pirate Bay.

The attack, unveiled by Moxie Marlinspike and David Hulton, takes on average
just 12 hours to recover the secret key that iPredator and more than 100
other VPN and wireless products use to encrypt sensitive data. The
technique, which has been folded into Marlinspike's CloudCracker service,
exploits weaknesses in version 2 of a Microsoft technology known as MS-CHAP,
short for Microsoft challenge-handshake authentication protocol. It's widely
used to log users into VPN and WPA2 networks and is built into a variety of
operating systems, including Windows and Ubuntu. ...

http://arstechnica.com/security/2012/07/broken-microsoft-sheme-exposes-traffic/


"Microsoft hits Java where it hurts" (Woody Leonhard)

Gene Wirchenko <genew@ocis.net>
Mon, 30 Jul 2012 10:57:51 -0700

Woody Leonhard, *InfoWorld*, 30 Jul 2012
Microsoft hits Java where it hurts
Microsoft security researcher warns of deteriorating situation with
Java—and not just on Windows. Continuing to use Java puts your
company and clients at risk
http://www.infoworld.com/t/java-programming/microsoft-hits-java-where-it-hurts-198936


Attack against Microsoft scheme puts hundreds of crypto apps at risk

Lauren Weinstein <lauren@vortex.com>
Tue, 31 Jul 2012 16:21:14 -0700

  "Researchers have devised an attack against a Microsoft-developed
  authentication scheme that makes it trivial to break the encryption used
  by hundreds of anonymity and security services, including the iPredator
  virtual private network offered to users of The Pirate Bay.  The attack,
  unveiled by Moxie Marlinspike and David Hulton, takes on average just 12
  hours to recover the secret key that iPredator and more than 100 other VPN
  and wireless products use to encrypt sensitive data. The technique, which
  has been folded into Marlinspike's CloudCracker service, exploits
  weaknesses in version 2 of a Microsoft technology known as MS-CHAP, short
  for Microsoft challenge-handshake authentication protocol. It's widely
  used to log users into VPN and WPA2 networks and is built into a variety
  of operating systems, including Windows and Ubuntu."
  http://j.mp/NHKPb0  (ars technica via NNSquad)


Google Failed to Delete All Street View Data, Drawing U.K. Ire

Monty Solomon <monty@roscom.com>
Sat, 28 Jul 2012 13:49:54 -0400

http://www.eweek.com/c/a/Data-Storage/Google-Failed-to-Delete-All-Street-View-Data-Drawing-UK-Ire-347724/


Chief developer quits OAuth2.0: I failed, We failed

<jidanni@jidanni.org>
Sun, 29 Jul 2012 14:49:03 +0800

http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

"Last month I reached the painful conclusion that I can no longer be
associated with the OAuth 2.0 standard. I resigned my role as lead author
and editor, withdraw my name from the specification, and left the working
group. Removing my name from a document I have painstakingly labored over
for three years and over two dozen drafts was not easy.  Deciding to move on
from an effort I have led for over five years was agonizing...

The web does not need yet another security framework. It needs simple,
well-defined, and narrowly suited protocols that will lead to improved
security and increased interoperability. OAuth 2.0 fails to accomplish
anything meaningful over the protocol it seeks to replace...

I failed.

We failed."


Hacking attacks on printers still not being taken seriously

Monty Solomon <monty@roscom.com>
Thu, 26 Jul 2012 10:11:31 -0400
  (Mark Piesing)

Despite staged malware attack seven months ago, one in four HP laser
jet printers still have default password settings

Mark Piesing, guardian.co.uk, 23 July 2012
http://www.guardian.co.uk/technology/2012/jul/23/hacking-attack-printers


General warns of dramatic increase in cyber-attacks on U.S. firms

Lauren Weinstein <lauren@vortex.com>
Fri, 27 Jul 2012 18:05:53 -0700

General warns of dramatic increase in cyber-attacks on U.S. firms
http://j.mp/MKPKbt  (L.A. Times via NNSquad)

  "Alexander said the military had yet to work out rules of engagement for
  responding to cyber-attacks, and he pointed out that neither of his
  agencies have the authority to defend against a cyber-attack on a private
  company, even if that company owns crucial infrastructure.  The pending
  bill would fix that, he said.  Some business groups oppose the bill as
  intrusive, and some civil liberties groups say it compromises privacy.
  Alexander pointedly refused to comment on Stuxnet, a cyber-attack on
  Iran's nuclear enrichment facilities that has been reported to have been
  the work of the U.S. and Israeli intelligence.  He also pushed back
  against the notion that the uptick in attacks on the U.S. is related to
  Stuxnet, which was first discovered in June 2010."

There are indeed genuine cybersecurity concerns.
But this legislative campaign by Alexander et al. is mostly F.U.D.


Don't believe the Skype: it may not be as private as you might think

Lauren Weinstein <lauren@vortex.com>
Sat, 28 Jul 2012 14:46:08 -0700
  (Dan Gillmor)

  "When Skype became popular just under a decade ago, I repeatedly asked the
  company a question that I considered crucial. The online calling and
  messaging service encrypted users' communications, and it was based
  outside the United States. But the encryption methods were kept secret, so
  outside researchers couldn't verify their quality - a technique that
  experts in the field sometimes deride as "security through obscurity" -
  and I wanted to know whether Skype had a software backdoor that it or
  anyone else could use to listen into users' calls."
  http://j.mp/OnbREn  (Dan Gillmor, Guardian via NNSquad)

    [Skype Hype abounds hyperbolically, especially where host systems
    are compromisable.  PGN]


Is This Anonymous Group Behind the New York Times WikiLeaks Hoax?

Lauren Weinstein <lauren@vortex.com>
Sun, 29 Jul 2012 10:23:18 -0700

http://j.mp/PWZC09  (BetaBeat via NNSquad)

  "Early this morning, a pro-WikiLeaks op-ed purporting to be penned by
  former *New York Times* executive editor Bill Keller cropped up online.
  It was a stunningly convincing piece of web fraud, its design practically
  identical to the New York Times's own homepage, with every link leading to
  an actual Times article or section. The only hint that it wasn't real was
  the URL: instead of showing as nytimes.com/pages/opinion, it read
  "opinion-nytimes.com." It's a tiny difference, but a monumentally
  important one."


"First strain on Olympic networks seen" (Brandon Butler)

Gene Wirchenko <genew@ocis.net>
Tue, 31 Jul 2012 10:04:07 -0700

Brandon Butler, London Olympics could strain enterprise networks, 30 Jul 2012
http://www.itbusiness.ca/IT/client/en/CDN/News.asp?idh406

first and last paragraphs:

It didn't take long to see the first signs of strain on communication
networks at the Olympics when overloaded infrastructure on the first day of
competition caused organizers to request that spectators scale back their
use of Twitter for "non-urgent" messages, according to Reuters.

And finally, he says, a lesson from the Olympics issue is that you can't
blindly rely on your partners. The issue over the weekend, he notes, was
likely caused not only by the Olympics network infrastructure having issues,
but also from third-party telecommunications systems that may have been
overloaded. If an enterprise is relying on a partner or vendor to supply a
networking service, make sure the provider is putting controls into place to
handle unexpected issues that may arise as well.

  [Watch out when you out-source?]


Don't tweet if you want TV, London fans told

Lauren Weinstein <lauren@vortex.com>
Sun, 29 Jul 2012 17:42:12 -0700

http://j.mp/MNF2kh  (Reuters via NNSquad)

  "Sports fans attending the London Olympics were told on Sunday to avoid
  non-urgent text messages and tweets during events because overloading of
  data networks was affecting television coverage."


Re: Olympics security poster 'gibberish' (RISKS-26.95)

Jeremy Epstein <jeremy.j.epstein@gmail.com>
Wed, 25 Jul 2012 20:50:20 -0400

Such problems are not unique to Arabic signs on buses, of course.  A recent
TV show had a gravestone with the Hebrew letters arranged in reverse order
(the letters themselves were not mirror images).  The result of the
automated translation was a tombstone reading "pickled at great expense"
rather than "dearly missed".  If the producers of the show had checked with
a native speaker of the language, one would assume s/he would point out the
error.

As PGN might no doubt comment, this left viewers in a pickle as to the
message being sent.

http://www.guardian.co.uk/world/shortcuts/2012/jun/17/bbc-comedy-episodes-viral-in-israel


World Wide Web - Inventor

Chris J Brady <chrisjbrady@yahoo.com>
Sat, 28 Jul 2012 01:27:46 -0700 (PDT)

As was clearly depicted last night in the Opening Ceremony of the [...]
Olympics in London ...  "All partygoers were invited back to the house where
Tim Berners-Lee, the Briton who invented the World Wide Web, was at his
keyboard.  When the house was lifted there was the man himself. And a huge
illuminated black and white sign announced "This is for everyone."
http://www.dailymail.co.uk/news/article-2179920/Olympics-Opening-Ceremony-London-gets-2012-Games-way-Greatest-Show-On-Earth-rounded-Macca-course.html
End of argument.

  [NOTE: I DELETED the 3-X roman numerals of the Olympics to avoid
  this issue being filtered/blocked/censored.]


Re: Who Really Invented the Internet?

"Larry Press" <lpress@csudh.edu>
Jul 25, 2012 7:05 PM

  [via Dave Farber's IP distribution]

Government funded research and procurement played a major role before,
during and subsequent to the "invention" of the Internet.  Furthermore, we
got an incalculable return on a very small investment.

I summarized some of the background in a 1996 CACM article "Seeding
Networks: the Federal Role," (http://som.csudh.edu/fac/**
lpress/articles/govt.htm <http://som.csudh.edu/fac/lpress/articles/govt.htm>
).

Here are some costs from that article ($millions):

Morse Telegraph                    .03         Smithsonian
ARPANET                          25            [24]
CSNET                             5            [6]
NSFNET Backbone                  57.9          [8]
NSF Higher-ed connections        30            Dave Staudt, NSF
NSF International connections     6.6          Steve Goldstein, NSF

In a companion article, published in CACM in 1993, I talked about things
done at PARC and other places.  The article is called "Before the Altair --
the History of Personal Computing," and its at: http://som.csudh.edu/fac/**
lpress/articles/hist.htm <http://som.csudh.edu/fac/lpress/articles/hist.htm>

Please report problems with the web pages to the maintainer

Top