The RISKS Digest
Volume 27 Issue 25

Friday, 19th April 2013

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The Boston Marathon bomber: Caught on film?
Kate Dailey via Monty Solomon
How the Internet Accused a High School Student of Terrorism
Citizen Surveillance Helps Officials Put Pieces Together
The Shame of Boston's Wireless Woes
Dewayne Hendricks
American Airlines computer glitch grounds flights
Venezuela constitution bans recounting of votes ...
Bob Heuman
Reclaiming the American Republic from the corruption of election funding
KurzweilAI via Michael Cheponis via Dewayne Hendricks
Reinhart and Rogoff: 'Full Stop,' We Made A Microsoft Excel Blunder In Our Debt Study, And It Makes A Difference
Joe Weisenthal via Geoff Goodfellow
Economic policy decisions may be affected by spreadsheet errors
Jeremy Epstein
Buggy spreadsheets and the economy
Valdis Kletnieks
The risks of/when not releasing your code & data
Paul Nash
Vint Cerf Explains How to Make SDN as Successful as the Internet
Stacey Higginbotham via ACM TechNews
Video: "The Internet: A Warning From History"
Lauren Weinstein
DDoS Attack Bandwidth Jumps 718%
Geoff Goodfellow
Laptop goes up in flames
Jordan Graham via Monty Solomon
How do you code a secure system?
Earl Boebert
Fake Twitter accounts earn real money
Mark Thorson
Lauren Weinstein <>
French homeland intelligence threatens a volunteer sysop to delete Wikipedia Article
Lauren Weinstein
An English language version of the Wikipedia article
American Express Australia Mail Merge Stuff-up
Don Gingrich
Info on RISKS (comp.risks)

The Boston Marathon bomber: Caught on film? (Kate Dailey)

Monty Solomon <>
Wed, 17 Apr 2013 23:38:20 -0400
Kate Dailey, BBC News Magazine, 17 April 2013

More personal videos are being shot now than ever before, and such footage
could help identify the Boston Marathon bomber[s]. But how is that footage
processed - and could civilians really solve the crime?

There was the marathon runner closing in on the finish line, and the
businessman with offices in a prime position over Boylston Street.

And there were thousands of others crowding the last stretch of the Boston
Marathon, all capturing the events before and after the bombs exploded.

"The reality is with the number of people who are carrying with them the
equivalent of video camera, history is being documented by millions of
people every day," says Karen North, director of University of Southern
California's Annenberg Program on online communities.

Infusing video

In just over a decade, she says, the amount of video being shot by amateurs
has increased dramatically - and so too, has the evidence available to law
enforcement officials. ...

How the Internet Accused a High School Student of Terrorism

"Peter G. Neumann" <>
Thu, 18 Apr 2013 16:12:10 PDT
Online morons nearly ruin innocent lives after Boston bombings
(*New York Post*, 18 Apr 2013)

How the Internet Accused a High School Student of Terrorism
Online sleuths thought they nailed two suspects in the Boston bombing—and
there they were on the cover of the *New York Post* the next day. But now
everyone's backpedaling in a big way." (Daily Beast)

  [Paul Saffo noted to me some remarkable annotated by-stander footage
  before and after the Boston Marathon bombing:
  He later noted that "Now people are photoshopping pics with the FBI's
  suspects in them..."  PGN]

Citizen Surveillance Helps Officials Put Pieces Together (WSJ)

ACM TechNews <technews@HQ.ACM.ORG>
Fri, 19 Apr 2013 11:39:20 -0400
*Wall Street Journal*, 17 Apr 2013, Geoffrey A. Fowler, Joel Schectman
[via ACM TechNews, 19 Apr 2013]

The proliferation of surveillance technology to popular commercial products
such as smartphones is proving to be a boon for criminal investigations, as
evidenced by the U.S. Federal Bureau of Investigation using video
surveillance from department store and restaurant cameras, along with photos
from citizens, news organizations, and others, to help identify a suspicious
individual at the Boston Marathon.  Forrester Research says video
surveillance technologies have been adopted by 68 percent of public-sector
and 59 percent of private-sector companies, with another 9 percent planning
to adopt them in the next two years.  Furthermore, more than 1 billion
people now own camera-equipped, Web-linked smartphones.  Integrating
forensic data from professional and personal sources has helped with earlier
investigations, although a lack of full-frontal images makes facial
recognition problematic in large probes.  Moreover, collecting and sifting
through the data is a major challenge, as Boston has one of 77 nationwide
intelligence fusion centers used to pool data and conduct analysis, notes
the Northern California Regional Intelligence Center's Mike Sena.
Meanwhile, researchers at Boston's Northeastern University have organized a
10-person social media research team to run a project that would let people
upload video from the marathon bombing to tag clues.

  [This morning's news media report the seemingly definitive identification
  of the two suspected brothers, the shooting of one, and the manhunt in
  progress for the other.  Not quite incidentally, some analysts report a
  considerable increase in popular acceptance of ubiquitous surveillance --
  despite the privacy implications frequently discussed in RISKS.  PGN]

The Shame of Boston's Wireless Woes

<*Dewayne Hendricks*>
Wednesday, April 17, 2013
The Shame of Boston's Wireless Woes
Anthony Townsend, The Atlantic Cities, 17 Apr 2013

Almost immediately after Monday's tragic bombings at the Boston Marathon,
the city's cellular networks collapsed. The Associated Press initially
reported what many of us suspected, that law enforcement officials had
requested a communications blackout to prevent the remote detonation of
additional explosives. But the claim was soon redacted as the truth became
clear. It didn't take government fiat to shut down the cellular networks.
They fell apart all on their own.

As cell service sputtered under a surge of calls, runners were left in the
dark, families couldn't reach loved ones, and even investigators were
stymied in making calls related to their pursuit of suspects. Admirably,
Boston residents and businesses responded quickly by opening up Wi-Fi
hotspots to help evacuees communicate with loved ones.

The same thing happens every time there is a crisis in a large city.

But most, even the super-connected elite, were knocked offline. As his
Twitter followers know, it took Dennis Crowley, a Massachusetts native and
CEO of New York City-based social network Foursquare, an hour to reunite
with his fiance and family, who were scattered around the finish line as the
bombs went off. Their reunion was coordinated by a handful of SMS messages
he was able to squeeze through the crippled network. He also reported
helping several stunned senior citizens discover the value of their own
phones' texting functions for the first time.

We shouldn't be surprised by the collapse of Boston's cellular networks.
The same thing happens every time there is a crisis in a large city. On an
average day, Americans make nearly 400,000 emergency 911 calls on their
mobile phones. Yet during large-scale crises this vital lifeline is
all-too-frequently cut off.

The culprit is usually congestion. During a disaster, call volumes spike
and overwhelm the over-subscribed capacity of wireless carriers' networks.
On September 11, 2001, fewer than 1 in 20 mobile phone calls in New York
City was connected. The same thing happened after the August 2011
earthquake that shook the East Coast. And on Monday, in Boston.

But, as we learned in the aftermath of Hurricane Sandy, wireless carriers
have also neglected to harden their networks against extended losses of
electrical power. Thousands of towers were knocked offline in the New York
region alone when backup batteries failed. Yet as a member of Governor
Andrew Cuomo's NYS Ready Commission this fall, I was stunned to learn that
wireless carriers had never formally discussed plans with the region's
electric utilities to restore power to cell sites after a major disaster.

The loss of vital wireless communications during disasters is all the more
dismaying because it is largely preventable. After 9/11 a system was put in
place to give government officials priority access to cellular channels
during periods of high demand. (Though it requires pre-registration and a
special code be used when dialing). In the wake of Sandy, New York Senator
Charles Schumer called for stricter federal oversight of backup power and
landline network connections for cell sites. Yet these reforms have been
stalled by industry lobbying. Lacking a redundant cellular system,
Americans will continue to resort to the century-old technology of amateur
radio for lifeline communications during and after large disasters. In
Boston, this technology is still widely used during the marathon because of
past experience with cellular traffic jams.

With over 320 million active wireless subscriber connections, Americans are
a fully untethered people. Our smart phones keep our complicated lives
choreographed across the sprawling metropolitan areas we inhabit.
Psychologists and sociologists have found that we think of these devices as
extensions of our bodies and minds. In Boston, this was all too apparent.
Even when runners, whose mobile batteries were drained after the long run,
could locate a phone, they couldn't recall what numbers to dial, having
long ago given up memorizing phone numbers in favor of their smart phone's
electronic address book. [snip]

Dewayne-Net RSS Feed: <>

American Airlines computer glitch grounds flights

IBM-360/44 running OS/360 <>
Wed, 17 Apr 2013 06:20:09 +0200
American Airlines had to ground all its flights across the US for several
hours on Tuesday due to a fault with its computerized reservation system.
The carrier halted all departures from about 13:30 ET (18:30 GMT), saying
that it was working ""to resolve this issue as quickly as we can".
  [Source: BBC News Business: 17 Apr 2013]

  [Gene Wirchenko noted an article by Ashley Halsey III in *The Washington
  Post* giving the number 900 for flights grounded.  PGN]

  [Bob Heuman noted a Fox News report that “American Airlines has fixed the
  computer glitch but not told anyone precisely what happened.''  PGN]

Venezuela constitution bans recounting of votes ...

RsH <>
Thu, 18 Apr 2013 21:18:01 -0400
The Constitution forbids manual recounting of votes in a Presidential Election

You can read the full article, but the following is a quick summary of what
I consider a risk we have discussed forever and a load of bull....  if they
have really implemented a system that makes manual checking impossible.

CARACAS, 17 Apr 2013 (Xinhua)—Manual vote counting is not possible in
Venezuela, the president of the Supreme Court said Wednesday amid
opposition's request for an audit.  "The electoral system is fully
automated, so there is no manual counting. Anyone who thought that could
really happen has been deceived," Luisa Estella Morales said at a press
conference.  Manual counting was canceled in Venezuela by the 1999
constitution, she said, adding [that] the majority of those asking for a
manual count know it.

R. S. (Bob) Heuman  North York, ON, Canada

Reclaiming the American Republic from the corruption of election funding (KurzweilAI, to risks via Dewayne Hendricks)

Michael Cheponis <>
April 4, 2013 1:29:22 PM PDT
Reclaiming the American Republic from the corruption of election funding
April 3, 2013

There is a corruption at the heart of American politics, caused by the
dependence of Congressional candidates on funding from the tiniest
percentage of citizens That's the argument at the core of a new just-posted
TED talk by legal scholar Lawrence Lessig...  “He shows how the funding
process weakens the Republic in the most fundamental way, and issues a
rallying bipartisan cry that will resonate with many in the U.S. and
beyond,'' says TED Curator Chris Anderson.

Lawrence Lessig has already transformed intellectual-property law with his
Creative Commons innovation. Now he's focused on an even bigger problem:
The U.S.'s broken political system.

TED is also introducing a media innovation, simultaneously launching a
TED-talk video and accompanying TED Book.LESTERLAND: The Corruption of
Congress and How To End It, which outlines the path to a solution in much
greater detail.

Dewayne-Net RSS Feed: <>

Reinhart and Rogoff: 'Full Stop,' We Made A Microsoft Excel Blunder In Our Debt Study, And It Makes A Difference (Joe Weisenthal)

Geoff Goodfellow <>
Wednesday, April 17, 2013
Joe Weisenthal, *Business Insider*, 17 Apr 2013

The big talk in the world of economics continues to be the famous study by
Carmen Reinhart and Ken Rogoff, which claimed that as countries see debt/GDP
going above 90%, growth slows dramatically.

Economists have always been skeptical of the correlation/causality on this.

But yesterday, a new study emerged which claimed that Reinhart and Rogoff
used a faulty dataset to make that claim and (most stunningly) had an excel
error that exacerbated the growth dropoff for countries with debt/GDP higher
than 90%.

After the report dropped (and proceeded to blow up the Internet), Reinhart
and Rogoff rushed out a quick statement claiming that the new study (which
was done by some UMass professors) supported their thesis that growth slowed
as debt to GDP got higher. And Reinhart and Rogoff were quick to reiterate
that even they weren't necessarily implying causation on this (which may be
true, but the fact that they say this is not well known to the politicians
who are always citing the dreaded 90% level).

But in a new response, Reinhart and Rogoff admit they did make an Excel
blunder, and that it mattered!

Here's the key part:...  * <javascript:;>

Economic policy decisions may be affected by spreadsheet errors

Jeremy Epstein <>
Wed, 17 Apr 2013 09:11:30 -0400
An error in a formula in an Excel spreadsheet seems to have led to some
incorrect results about the effects of government debt, and thereby may have
affected economic policy.  The error, which was in a formula developed by
the authors of a key paper and not in the Excel software itself, was that a
cell contained the formula AVERAGE(L30:L44) where it should have said

The error led to a small but significant discrepancy in conclusions,
although the authors of the original paper are disputing how important the
error is.

Perhaps we need methods for spreadsheet assurance, just as we need methods
for assuring the security and reliability of our operating systems and

WashPost: "The paper in question is Carmen Reinhart and Kenneth Rogoff's
famous 2010 study—Growth in a Time of Debt—which found that economic
growth severely suffers when a country's public debt level reaches 90
percent of GDP. "

A further description and a rebuttal by Reinhart & Rogoff can be found at

Another article
notes "Reinhart and Rogoff are not the only people to have difficulty
navigating the Microsoft product. One of the reasons behind the
so-called London Whale incident at J.P. Morgan, in which the bank took
a $6.2 billion trading loss, was a spreadsheet error in their model."

Buggy spreadsheets and the economy

Valdis Kletnieks <>
Thu, 18 Apr 2013 19:26:20 -0400
In today's *New York Magazine*, Thomas Herndon explains how he found a
problem with Reinhart and Rogoff's work that has been used as a basis for
austerity spending by governments.

"I clicked on cell L51, and saw that they had only averaged rows 30 through
44, instead of rows 30 through 49."

Given the economic damage done by austerity spending over the past few
years, this is quite likely by far the most expensive programming error ever

The risks of/when not releasing your code & data

<*Paul Nash*>
Friday, April 19, 2013
Quite apart from being "clumsy" with their Excel model, they forgot the
first rule of research:  correlation does not imply causation.

So when are they going to resign, and when are the various central bankers
who used their model to impose austerity going to change tack?  Or will
they just brush it aside and get on with screwing the working man?

Vint Cerf Explains How to Make SDN as Successful as the Internet

ACM TechNews <technews@HQ.ACM.ORG>
Fri, 19 Apr 2013 11:39:20 -0400
Stacey Higginbotham, Google's Vint Cerf Explains How to Make SDN as
Successful as the Internet ( 16 Apr 2013

Google chief Internet evangelist and ACM president Vint Cerf believes that
software defined networking (SDN) could benefit from some of the Internet's
design flaws and lessons learned in creating the Internet.  For example,
open standards should be implemented, with differentiation stemming from
branded versions of standard protocols rather than from patented protocols.
Interoperability is essential for stable networks, and that requires
standards, notes Cerf.  As companies create SDNs, they also should take into
account the successful design features of the Internet, including the loose
pairing of underlying equipment instead of a heavily integrated solution,
the modular approach, and open source technologies.  However, he says SDNs
can improve on the Internet's traffic routing, which now relies on sending
packets to a physical port.  Instead of this physical port, the OpenFlow
protocol changes the destination address to a table entry, enabling a new
type of networking that is better suited to the collaborative Web of the
future.  Another option could be content-based routing, in which the content
of a packet determines its destiny.  SDN's basic principal, dividing the
control plane and the data plane, should have been incorporated into the
Internet's design, Cerf notes.  In the future, SDN could improve controlled
access to intellectual property to help prevent piracy, and could bring
together various existing networks.

Video: "The Internet: A Warning From History"

Lauren Weinstein <>
Thu, 18 Apr 2013 16:19:28 -0700
  "The Internet was one of the greatest disasters to befall mankind.  Now
  its survivors share their experiences of the tragedy." (YouTube via NNSquad)

    [Caution: Grain of Salt required.  PGN]

DDoS Attack Bandwidth Jumps 718% (via Dave Farber's IP)

Geoff Goodfellow <>
Apr 18, 2013 4:44 PM
The average bandwidth seen in distributed denial-of-service (DDoS) attacks
has recently increased by a factor of seven, jumping from 6 Gbps to 48 Gbps.
Furthermore, 10% of DDoS attacks now exceed 60 Gbps.

Those findings come from a new report released Wednesday by DDoS mitigation
service provider Prolexic Technologies, which saw across-the-board increases
in DDoS attack metrics involving the company's customers... *

Laptop goes up in flames (Jordan Graham)

Monty Solomon <>
Sun, 7 Apr 2013 15:21:58 -0400
Jordan Graham, *Boston Herald*, 7 Apr 2013
90 Framingham students displaced

An overheated laptop burst into flames inside a Framingham State University
dorm room Friday in what officials warn is the latest in a string of
computer-related fires.

Firefighters also were called to a blaze caused by a laptop in Western
Massachusetts several weeks ago, and crews declared a Milford home a total
loss two weeks ago after an unattended laptop left on some cardboard sparked
an inferno, State Fire Marshal Stephen D. Coan said. ...

How do you code a secure system?

Earl Boebert <>
Wed, 3 Apr 2013 13:36:28 -0600
Here's a screed I wrote for a journalist who asked "how do you code a secure

First, you don't code secure systems, you design them. All the important
stuff takes place at a level of abstraction above that of coding. Once you
have a design you have internalized both your problem and your
solution. Coding is then mechanical, and code verification will be
straightforward. So how do you get a design?  Start by studying exploits
that have defeated the kinds of systems you're interested in.

The various development life cycles attempt to sanitize the inherently dirty
and reactive business of secure systems design. The late Rick Proto, who
retired as the director of research for the National Security Agency said it
best: "Theories of Security come from Theories of Insecurity." Or, in my
favorite quote from Seneca, "There is a great deal of difference between a
person who chooses not to sin and one who doesn't know how." Your goal in
this phase is to become like Sherlock Holmes and have a first-class criminal
mind without a criminal temperament. Being a good guy who thinks like a bad
guy lets you have all the intellectual fun without running the risk of
coming to a sticky end.

Your study of exploits should focus on forming Theories of Insecurity,
factors that are common to whole classes of exploits. Stack games are a well
known example. A good approach is to analyze exploits using the "bindings
model." A binding is an important association between two values. For
example, a system may maintain a binding between a user name and a set of
privileges. A second binding may be between that user name and a human
being. Important systems decisions may assume that both bindings are
valuable, i.e., my access to my files. Exploits then can be characterized as
breaking or forging significant bindings. Looking at things this way will
get you familiar with two valuable concepts: bindings and dependencies.

After you've developed your Theories of Insecurity you then invert them to
form your Theories of Security. If you're up on your systems engineering
(which you should be) then the Theories of Security are, in effect, the
specifications of the desired emergent properties of your system. They will
almost all expressed as negatives, that is, things that aren't supposed to
happen. As such they will not be testable and must be verified (as far as
possible) by analytic methods. What you've done so far will provide the
basis for your analysis plan. Your object, and the best you can probably do,
is to force attackers to expend the resources to come up with a new class of
exploit, instead of sticking it to you by putting a systems-specific spin on
something they already know how to do. And of course you have to do the
functional requirements, the stuff that pays the rent, whatever problem your
system is supposed to solve while being secure.

Then you go through the design process du jour and come up with a modular
decomposition in the descriptive notation du jour and submit progress
reports in the life cycle process du jour to keep the marketeers and
spreadsheet jockeys happy. To keep yourself up on progress I strongly
recommend the use of Earned Value Management, which you can implement with a
sheet of graph paper you keep up on a nearby bulletin board. Within all this
you submit your design to an intensive analysis from every direction you can
think of. As a minimum you should understand how it enforces critical
bindings and you should also construct a dependency diagram. This is a tree
based on the "uses" concept Dave Parnas came up with 40 years ago or
so. Module A "uses" Module B if the correctness of A depends on the
correctness of B. Modules at the bottom (those that lots of things depend
on) should be scheduled for extra scrutiny in the implementation
stage. Circularities in the diagram are deadly. These are spots where A
depends on B and B depends on A. A circularity means your modularity is an
illusion, A and B are actually one "blob."

After you've got the cleanest design you can devise it's just a problem of
pounding code in the implementation language du jour and integrating. The
motto of the integration team should be "integrate early, integrate often."
Put stuff together as soon as it's ready and feed it test cases that only
touch the modules you have.

When it all works you have the victory celebration and deploy. Sooner or
later you're going to get whacked. First thing you do after rolling the
alert PR squadron is to analyze the exploit (which you should be good at by
now) and determine if it is a variation on a class you thought you handled
or something completely different. If it's a variation on a class you
thought you handled then the chances are good there's a low-level coding
flaw that can be patched. If it's something completely different then it's
time for Rev 2, starting with a rethink of your Theory of Security and going
all the way down to code.

And so it goes, round and round, white hats vs. black hats. Computer
security fits the description a diplomat once gave of diplomacy: all you do
is buy time, and if you buy enough time you get to die in bed and it becomes
somebody else's problem :-)

Fake Twitter accounts earn real money

Mark Thorson <>
Sun, 7 Apr 2013 13:25:39 -0700
Fake followers and fake retweets have become a large and growing market.

"There are now more than two dozen services that sell fake Twitter accounts,
but Mr. Stroppa and Mr. De Micheli said they limited themselves to the most
popular networks, forums and Web sites, which include Fiverr, SeoClerks,
InterTwitter, FanMeNow, LikedSocial, SocialPresence and Viral Media
Boost. Based on the number of accounts for sale through those services --
and eliminating overlapping accounts—they estimate that there are now as
many as 20 million fake follower accounts."

As the technology of software to create and manage large numbers of fake
entities is refined, how will people discern real from fake?  They won't,
and a putative Twitter follower will have as little value as a review on

French homeland intelligence threatens a volunteer sysop to delete a Wikipedia Article

Lauren Weinstein <>
Sat, 6 Apr 2013 12:08:59 -0700  (Wikimedia France)

  "Unhappy with the Foundation's answer, the DCRI summoned a Wikipedia
  volunteer in their offices on April 4th. This volunteer, which was one of
  those having access to the tools that allow the deletion of pages, was
  forced to delete the article while in the DCRI offices, on the
  understanding that he would have been held in custody and prosecuted if he
  did not comply. Under pressure, he had no other choice than to delete the
  article, despite explaining to the DCRI this is not how Wikipedia
  works. He warned the other sysops that trying to undelete the article
  would engage their responsibility before the law.  This volunteer had no
  link with that article, having never edited it and not even knowing of its
  existence before entering the DCRI offices. He was chosen and summoned
  because he was easily identifiable, given his regular promotional actions
  of Wikipedia and Wikimedia projects in France."

The return of "Vichy France" mentalities, apparently.

An English language version of the Wikipedia article (NNSquad)

Lauren Weinstein <>
Sat, 6 Apr 2013 12:30:40 -0700
Here is apparently an English language version of the article that France
attempted to censor with threats  (Google+)

This apparently is a newly translated version of the French Wikipedia
article that France attempted to censor by threatening a non-associated
Wikipedia volunteer in France.  And it wasn't lobbying—it was direct
threats.  (English and French material.)

"Streisand Effect" fully engaged.

American Express Australia Mail Merge Stuff-up

Don Gingrich <>
Wed, 17 Apr 2013 13:02:55 +1000
I just received an e-mail on 11 April from AMEX touting a few current
offers, but the name in the message was not mine—luckily the final digits
*were* from my card, though it could also have been his and, though
unlikely, just happened to be the same.

When I contacted AMEX about it I received the following:

  - ------

Dear Cardmember,

On the 11th April 2013 you received an e-mail from us entitled 'Enjoy more
rewards in more places'. Due to a technical issue this e-mail was
incorrectly addressed.

We confirm this e-mail and the offers enclosed were intended for you. We
would also like to assure you that your privacy and security has not been
compromised in any way.

We would like to sincerely apologise for any confusion this may have caused
to you.

Yours sincerely,

American Express Australia

  - ------

This apparently went out to everyone who received the original message.

The real problem for me was the lack of awareness on the part of the person
with whom I spoke at AMEX. It took a long time to convince them that this
sort of stuff-up is a real problem. I'm also not completely convinced of the
statements in the second paragraph.

Please report problems with the web pages to the maintainer