Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Source: Excerpt from Randall Stross, *The New York Times*, 9 Dec 2012] "Signs that such comprehensive change could not, in fact, be done "at once" were visible last spring. Last April, Jamie M. Morin, assistant secretary of the Air Force, testified before a subcommittee of the Senate's Armed Services Committee about E.C.S.S.: "The total cost on the system is now over $1 billion," he said, adding, "I am personally appalled at the limited capabilities that program has produced relative to that amount of investment." With the cancellation of the system last month, a spokeswoman said that the Air Force would continue to rely on its legacy logistics systems, some of which have been in use since the 1970s." http://j.mp/1211Ul0
Iranian oil tankers are sending incorrect satellite signals that confuse global tracking systems and appear to conceal voyages made by other ships to Syria, which, like Iran, is subject to international sanctions. ... "It is of course possible to manipulate or falsify information in these messages," said Richard Hurley, a senior analyst at IHS Fairplay, a maritime intelligence publisher. At least three Iranian oil tankers are transmitting such false signals, effectively taking over the identity of Syrian-owned vessels traveling between Syria, Libya and Turkey. All the vessels in question were registered in Tanzania. [Source: Reuters Exclusive item, Jessica Donati and Daniel Fineren, with additional reporting by Jonathan Saul, Amena Bakr and Fumbuka Ng'wanakilala; Editing by Will Waterman; starkly PGN-ed] http://www.reuters.com/article/2012/12/06/us-syria-iran-tracking-idUSBRE8B50KX20121206
Syria and as many as 60 other countries are at a severe risk of being disconnected from the Internet because of lack of redundancy in their telecommunications connections to the outside world, according to a recent Renesys report. However, the report rated the United States, Canada, and many Western European nations as "resistant to risk," while other countries were rated at "significant" or "low risk" or being disconnected. The analysis found that concerns that an Internet "kill switch" could cut people off are unwarranted in the United States, says Renesys' Earl Zmijewski. "Syria is not the U.S., it is not Canada, and it's not Western Europe," Zmijewski says. "There is no way to simply shut down connectivity." The analysis of the relative resistance of a country's network to disconnection is based on the number of providers that connect to the outside world, not the number of physical connections. Renesys' James Cowie notes that comments on the study indicate that most people were concerned about their country's vulnerability to being disconnected. "It's interesting that most people who are suggesting modifications to (our) model believe that their country is much more vulnerable to disconnection," Cowie says. [Source: Robert Lemos, eWeek, 5 Dec 2012] http://www.eweek.com/security/syria-outage-sheds-light-on-u.s.-kill-switch-concerns/
"The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 95^8 combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm-which many organizations enable for compatibility with older Windows versions-will fall in just six minutes." http://j.mp/12hTcy0 (ars technica via NNSquad) - - - Of course, you need access to the hashes to do this. If sites didn't make stupid errors that exposed their hash files, this approach would not be particularly useful in most cases.
Inaccurate Apple Maps directions causes 'life threatening issue' for travelers, says Australian police http://macnn.com/rd/275064 http://appleinsider.com/articles/12/12/10/inaccurate-apple-maps-directions-causing-life-threatening-issue-for-travelers-says-australian-police Apple redraws maps after Australian drivers led astray in the bush http://www.guardian.co.uk/technology/2012/dec/10/apple-maps-life-threatening-australian-police
[Monty excerpted this paragraph from a fascinating article by Jeff Wise on a very strange case involving WiReD's Rocco Castoro and Robert King traveling with John McAfee traveling in Belize, and a mysterious death. PGN] http://www.nytimes.com/2012/12/10/business/media/in-pursuit-of-john-mcafee-media-are-part-of-story.html ... The gloating was short-lived, however. Within minutes, a reader noticed that the photograph posted with the story still contained GPS location data embedded by the iPhone 4S that took it, and sent out a message via Twitter: "Check the metadata in the photo. Oooops ..." Vice quickly replaced the image, but it was too late. "Oops! Did Vice Just Give Away John McAfee's Location With Photo Metadata?" a Wired.com headline asked. The article included a Google Earth view of the exact spot the picture had been taken - poolside at the Hotel & Marina Nana Juana in Izabal, Guatemala. ...
The Diane Rehm Show, December 5, 2012 http://thedianerehmshow.org/shows/2012-12-05/illusion-online-security The age of passwords is over. That's the claim made in this month's "Wired" magazine. Most of us trust that a string of letters, numbers and characters is enough to protect our bank accounts, e-mail and credit cards. But hackers are breaking into computer systems and hosts of user names and passwords on the Web with increasing regularity. And because so much of our personal information is stored in the cloud, hackers can trick customer service agents into resetting passwords. Some Internet companies say the trade-offs -- convenience and privacy—are necessary to protect our data. Privacy advocates say that price is too high. Diane and her guests discuss the illusion of online security and whether you can make your accounts harder to crack. Guests Simon Davies founder of Privacy International. Cecilia Kang technology reporter for the Washington Post. Kevin Mitnick information security expert and former hacker. http://thedianerehmshow.org/shows/2012-12-05/illusion-online-security
Nathaniel Popper and Christopher Leonard, *The New York Times*, 3 Dec 2012 High-Speed Traders Profit at Expense of Ordinary Investors, a Study Says [PGN-ed; lots more to read] http://www.nytimes.com/2012/12/04/business/high-speed-trades-hurt-investors-a-study-says.html A top government economist has concluded that the high-speed trading firms that have come to dominate the nation's financial markets are taking significant profits from traditional investors. The chief economist at the Commodity Futures Trading Commission, Andrei Kirilenko, reports in a coming study that high-frequency traders make an average profit of as much as $5.05 each time they go up against small traders buying and selling one of the most widely used financial contracts.
http://www.guardian.co.uk/commentisfree/2012/dec/04/un-internet-regulation-dubai-web-freedom "The very idea that the ITU could obtain and exert major regulatory powers over the Internet is a happy one only to dictators and others who believe the Internet needs to be controlled. We've seen again and again what nation states like Syria, China, Saudi Arabia and others do when they are unhappy with online content or conversations. Even a hint that such censorship could spread should be, and is, anathema to people who believe in fundamental free speech rights. Russia, in particular, has proposed regulations that the United States ambassador to the meeting called "the most shocking and most disappointing" of any he'd seen." [Dan Gilmore in *The Guardian*. Web URLs deleted by PGN]
Apologies if this is Leveson overload, but he's made some, um, interesting comments in Australia, reported by Jonathan Pearlman, in Sydney in the *Daily Telegraph*, 8 Dec 2012: http://www.telegraph.co.uk/news/uknews/leveson-inquiry/9728803/Lord-Justice-Leveson-calls-for-new-laws-to-curb-mob-rule-on-the-internet.html Hmmmm... Lord Justice Leveson has called for new laws to curb the rise of "mob rule" on the Internet and says he is keenly watching the aftermath of his report into media ethics. He was "concerned" about the debate that had followed his 2000-page report [Long copyrighted article PGN-ed.]
Edward Wyatt, *The New York Times*, 7 Dec 2012, http://j.mp/TN9CsQ ... Hurricane Sandy also exposed a significant flaw in the initial design of the emergency system. It would rely greatly on commercial cellphone networks, the same networks that failed during the storm when cell towers blew down, power equipment failed and backup batteries or generators were flooded. "To think that you can build a network that can withstand anything and everything that Mother Nature throws at it is a bit unrealistic," said Bill Smith, president of AT&T Network Operations. "It's not impossible, but it would be incredibly expensive." ... Basing the emergency network on the fragile commercial wireless systems, What could go wrong?
Some people might cringe at the thought of putting a picture of an insurance card on their phone, but if I lose my phone, there is a password to stop someone from opening it. My wallet never came with a password. There are a couple of things I still carry in my pocket, held together with a money clip: the debit card and my driver's license. But I'm confident that those, too, will someday disappear. Soon enough, my phone will become my sole credit card, and the only thing left in my pocket will be my driver's license. And at some point, the government will enter the 21st century and offer a digital alternative for that. Or maybe I won't need a driver's license at all: when cars drive themselves in the not-too-distant future, I'll be taking a nap while my car takes me to work. http://bits.blogs.nytimes.com/2012/12/09/disruptions-how-my-smartphone-emptied-my-pockets/?hp What could go wrong?
[Very nice editorial in *The New York Times*, 9 Dec 2012, PGN-ed and truncated for RISKS.] http://www.nytimes.com/2012/12/09/opinion/sunday/a-step-toward-e-mail-privacy.html The growth of the Internet, social networking and mobile technologies has transformed how Americans communicate and exchange information, but Congress has lagged in updating federal privacy laws to safeguard digital communications from inappropriate prying. Late last month, the Senate Judiciary Committee approved a measure, proposed by Patrick Leahy, that would significantly enhance the privacy protection given to e-mails. The bill, an amendment to the outdated 1986 law that now governs e-mail access, the Electronic Communications Privacy Act, would require law enforcement agents to get a search warrant from a judge in order to obtain e-mail content from a communications service provider that holds private electronic messages, photos and other personal records, like Gmail or Facebook.
"After four months, countless hacking embarrassments and a string of hotel burglaries, the maker of one of the world'2s most common hotel keycard locks is finally owning up to the cost of an epic—and expensive—security mess." "Onity, the company whose locks protect 4 million or more hotel rooms around the world, has agreed to reimburse at least some fraction of its hotel customers for the cost of fixing a security flaw exposed in July that allows any hacker with a $50 homemade device to open its locks in seconds, according to written agreements between the company and several of its largest buyers." http://www.forbes.com/sites/andygreenberg/2012/12/06/lock-firm-onity-starts-to-shell-out-for-security-fixes-to-hotels-hackable-locks/ Jim Reisert AD1C, <jjreisert@alum.mit.edu>, http://www.ad1c.us
Michael Terrazas, *Georgia Tech News* (5 Dec 2012) [via ACM TechNews, 7 Dec 2012] Georgia Tech researchers have found that mobile Web browsers are so unsafe that even cybersecurity experts cannot detect when their smartphone browsers have landed on dangerous Web sites. "We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States," says Georgia Tech professor Patrick Traynor. The main issue is graphic icons known as secure sockets layer (SSL) or transport layer security (TLS) indicators, which alert users when their connection to the destination Web site is secure and that the Web site they see is actually the site they intended to visit. Due to the small screen associated with most mobile browsers, there is not enough room to incorporate SSL indicators as with desktop browsers. Displaying a graphical indicator that a site is secure in a Web browser's URL field is on the security guidelines recommended by the World Wide Web Consortium for browser safety. "Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers," says Georgia Tech researcher Chaitrali Amrutkar. http://www.gatech.edu/research/news/mobile-browsers-fail-georgia-tech-safety-test
Election, Tech Experts to Obama: Yes, “We Need to Fix That,'' But E-Voting Not the Answer Source: Verified Voting, Dated: Dec 06, 2012 In a letter delivered to President Obama and congressional leaders this week, experts including congressional representatives, elections officers and cyber-security experts, urged the president to reject any calls for Internet voting. CONTACT: Barbara Simons, Chair of Board, Verified Voting, Coauthor, Broken Ballots: Will Your Vote Count? - simons@acm.org, 650-328-8730 Jordana Merran - jordana@newheightscommunications.com, 301-873-4484 Groups Warn Against Hasty Action on Internet Voting in Response to Long Lines, Technical Glitches in November 2012 Washington, DC, In a letter delivered to President Obama and congressional leaders this week, a broad coalition of experts, including congressional representatives, elections officers and cyber security experts, is urging the president and Congress to reject any calls for Internet voting. They are warning officials that Internet voting remains a highly insecure option that leaves our systems vulnerable to cyber-attacks and technical failures. After voters across the country waited as long as seven hours to cast their ballots and Hurricane Sandy wreaked havoc on East Coast election systems last November, lawmakers in Congress are introducing legislation to facilitate the voting process in federal elections, and some parties have expressed Interest in online voting. “Internet voting seems like a great solution. But relying on the Internet to transmit a vote means not only opening the election up to hackers and malicious forces, but also giving up the right to vote anonymously,'' said Barbara Simons, former president of the Association for Computing Machinery and chair of the board of the nonpartisan Verified Voting. Instead, Simons and dozens of other leaders in their fields are urging Congress to use scanned-in paper ballots in federal elections. “The lack of accountability in our election processes has put our democracy at risk. That's why we urge Congress to adopt scanned paper ballots. They are inexpensive, they can eliminate long lines because many voters can vote simultaneously, and most importantly, they provide a paper trail that can be verified, especially in the event that an election result is called into question,'' [quoting Peter G Neumann] The letter to the President notes that, had elections been too close to call in the November contest, many jurisdictions that rely on electronic voting machines would have had no way to verify whether their results were correct. The text of the letter can be found at http://www.verifiedvoting.org/wp-content/uploads/2012/12/PresidentLetter.pdf. Signatories include: [AFFILIATIONS ARE FOR IDENTIFICATION PURPOSES ONLY] Andrew W. Appel, Eugene Higgins Professor of Computer Science, Princeton Univ. Matt Blaze, Assoc. Professor, Computer & Information Science, Univ. of Pennsylvania Harvie Branscomb, Colorado Voter Group Duncan A. Buell, Computer Science and Engineering Professor, Univ. of South Carolina David Dill, Computer Science Professor, Stanford Univ.; Board of Directors, Verified Voting Susan Dzieduszycka-Suinat, Overseas Vote Foundation Jeremy Epstein, Senior Computer Scientist, SRI International David J. Farber, Distinguished Professor of Computer Science & Public Policy, Carnegie Mellon Univ. Lowell Finley, Member, EAC Standards Board Irene Etkin Goldman, Voting Rights Advocate, Board Chair, Coalition for Peace Action, Princeton, N.J. Mary Ann Gould, Co-Founder, Executive Director, Coalition for Voting Integrity J. Alex Halderman, Assistant Professor of Computer Science & Technology Joseph Lorenzo Hall, Senior Staff Technologist, Center for Democracy & Technology Mark Halvorson, Founder and Former Director, Citizens for Election Integrity Minnesota Candice Hoke, Director, Public Monitor of Cuyahoga Election Reform; Law professor, Cleveland State Univ. Representative Rush Holt, Member of Congress Harri Hursti, Security Researcher, CTO SafelyLocked Holly Jacobson, Co-Founder, Voter Action David Jefferson, Computer Scientist, Lawrence Livermore National Laboratory; Board of Directors, California Voter Foundation; Board of Directors, Verified Voting Douglas W. Jones, Associate Professor of Computer Science, Univ. of Iowa; Coauthor, Broken Ballots: Will Your Vote Count Earl Katz, Public Interest Pictures Douglas A. Kellner, Co-Chair, New York State Board of Elections Marybeth Kuznik, Executive Director, VotePA; Judge of Elections, Penn Township, Westmoreland County, PA Mark Lindeman, Adjunct Assistant Professor of Political Science, Columbia Univ. Collin Lynch, Intelligent Systems Program, Univ. of Pittsburgh; Past President, VoteAllegheny; Member, VotePA; Past Co-Chair, Allegheny County Citizen's Advisory Panel on Election Systems Margaret MacAlpine, Advisory Comm. Member, California Post Election Risk-Limiting Audit Pilot Program Neal McBurnett, ElectionAudits (the open source project) John McCarthy, Lawrence Berkeley National Laboratory Computer Scientist (retired); Verified Voting volunteer Dan McCrea, President and Co-Founder, Florida Voters Foundation Walter Mebane, Professor of Political Science and Professor of Statistics, Univ. of Michigan Justin Moore, Board of Advisors, Verified Voting Foundation Michelle Mulder, Consultant, Verified Voting Foundation Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab; Moderator, ACM Risks Forum Ronald L. Rivest, Viterbi Professor of Computer Science, MIT Lida Rodriguez-Taseff, Miami-Dade Election Reform Coalition Aviel D. Rubin, Professor of Computer Science and Technical Director of the Information Security Institute, Johns Hopkins Univ. Noel Runyan, President of Personal Data Systems, Campbell, CA. Ion Sancho, Leon County Supervisor of Elections Bruce Schneier, Chief Security Technology Officer, BT; Security technologist and author Kevin Shelley, Former California Secretary of State Barbara Simons, IBM Research (retired); member, EAC Board of Advisors; Chair, Board of Directors, Verified Voting; Former President, ACM; Coauthor, Broken Ballots: Will Your Vote Count? Stephanie Singer, Philadelphia City Commissioner Pamela Smith, President, Verified Voting Howard Stanislevic, Founder, E-Voter Education Project, NY, NY Philip B. Stark, Professor and Chair, Department of Statistics, Univ. of California, Berkeley Paul Stokes, United Voters of New Mexico Penny M. Venetis, Clinical Prof. of Law, Judge Dickinson R. Debevoise Scholar; Co-Director, Constitutional Litigation Clinic, Rutgers School of Law-Newark David Wagner, Professor of Computer Science, Univ. of California, Berkeley Luther Weeks, CTVotersCount Rebecca Wilson, Co-Director, SAVE our Votes: Secure, Accessible, Verifiable Elections for Maryland
June 10 - 14, 2013 - Turku, Finland http://www.it.abo.fi/iFM2013/ OBJECTIVES AND SCOPE Applying formal methods may involve modeling different aspects of a system which are best expressed using different formalisms. Correspondingly, different analysis techniques may be used to examine different system views, different kinds of properties, or simply in order to cope with the sheer complexity of the system. The iFM conference series seeks to further research into hybrid approaches to formal modeling and analysis; i.e., the combination of (formal and semi-formal) methods for system development, regarding modeling and analysis, and covering all aspects from language design through verification and analysis techniques to tools and their integration into software engineering practice. Areas of interest include but are not limited to: - Formal and semiformal modeling notations - Integration of formal methods into software engineering practice - Refinement - Theorem proving - Tools; - Logics - Model checking - Model transformations - Semantics - Static Analysis - Type Systems - Verification - Case Studies - Experience reports INVITED SPEAKERS include - Jean-Raymond Abrial, Marseille, France - Cosimo Laneve, University of Bologna, Italy - Susanne Graf, VERIMAG, France - Kim Larsen, Aalborg University, Denmark This call for papers and additional information about the conference can be found at http://www.it.abo.fi/iFM2013 For information regarding the conference you can contact: ifm2013@abo.fi
Please report problems with the web pages to the maintainer