The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 17

Sunday 24 February 2013


Rush Holt on the Oscar Voting
NASA loses, then restores contact with space station
Jim Reisert
London Underground blacked out in 2003
Chris Drewe
English Closed Captions of a speech given in spanish
David Tarabar
The Long or Short of the TESLA Tale
Broder vs Musk via PGN
Electronic health records: teething problems?
Gaming the System
Catherine Rampell
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
“Malicious Mandiant Security Report in Circulation''
Joji Hamada via Jim Reisert
VERY Cold boot attacks on Androids
Anthony Thorn
"Why Java APIs aren't the same as a Harry Potter novel"
Gene Wirchenko
YouTube restores video of crash blocked by NASCAR
Lauren Weinstein
ISP six-strikes starts tomorrow, and the expected results are ...
Lauren Weinstein
IEEE: Can You Trust an Amazon Review?
Lauren Weinstein
"Nowhere to hide: Video location tech has arrived"
Bill Snyder via Gene Wirchenko
Bad idea: Firefox Will Soon Block Third-Party Cookies
Lauren Weinstein
Re: Infiltrate anybody, one-click easy
Al Macintyre
Tom Van Vleck
Microsoft seeks patent for spy tech for Skype
Lauren Weinstein
Dossy Shiobara
David Pollak
18th International Workshop on Formal Methods for Industrial Critical Systems: FMICS 2013, Call for papers
Diego Latella
Info on RISKS (comp.risks)

Rush Holt on the Oscar Voting

"Peter G. Neumann" <>
Sat, 23 Feb 2013 15:40:58 PST
Rush Holt, Star-Ledger Guest Columnist, 22 Feb 2013
Oscars put online voting problems back in the spotlight: Opinion

Unfortunately, it went poorly, for reasons that shed light on the inherent
difficulty of conducting secure, accessible, credible elections online.

Problems for Oscar voters began at the beginning: logging in. Voters were
required to create special, complex passwords, but when they tried to log in
to the Oscar website, many found their passwords rejected.  After
re-entering passwords several times, voters were locked out of the site
entirely and forced to call a help line. Many then had to wait for new
passwords, delivered by snail-mail.

Even relatively young and tech-savvy voters weren't immune. As 42-year-old
documentarian Morgan Spurloch told the Hollywood Reporter, “There's even
some young farts like myself that are having problems.''

These problems should sound familiar in New Jersey. Our state just conducted
its own ad hoc experiment with online voting: Days before November's
election, as many of us struggled to recover from Hurricane Sandy, voters
displaced by the storm were told they could vote by e-mail.

The result was chaos. Election clerks reported e-mail systems that were
overwhelmed. In one county, voters were instructed to e-mail ballot requests
to a Hotmail account. Many didn't know that, by law, their e-mail vote was
only a place-holder and that they also had to mail a paper ballot. Others
didn't fully understand that, because their ballot needed to be linked to
their e-mail address to verify eligibility, voting online meant sacrificing
the right to a private ballot. Ultimately, election officials postponed the
voting deadline beyond Election Day to give voters time to overcome
unpredicted obstacles.

  [Rush Holt has been one of the most vocal members of Congress on the
  issues relating to voting system integrity, security, privacy, and so on.
  However, to RISKS readers, voting by e-mail should seem to be one of the
  worst possible alternatives, irrespective of how much is riding on any
  particular election.  You have to trust too many parts of the overall
  process, too many people with insider opportunities for rigging,
  compromised servers, too many opportunities for mistakes, hardships,
  failures, denial of service and man-in-the-middle attacks, and much more.

NASA loses, then restores contact with space station

Jim Reisert AD1C <>
Tue, 19 Feb 2013 14:03:22 -0700
Another relay malfunction.  First New Orleans, now space!

"A main data relay system malfunctioned, and the computer that controls the
station's critical functions switched to a backup, NASA officials said in a
statement. However, the station was still was unable to communicate with the
Tracking and Data Relay satellite network that serves as the outpost's link
to NASA's Mission Control center on the ground."

Jim Reisert AD1C, <>,

London Underground blacked out in 2003

"Chris Drewe" <>
Sun, 17 Feb 2013 21:50:27 +0000
  [Re: Super Bowl Blackout (McGill, RISKS-27.16)]

On 28 Aug 2003, parts of London, UK, had a power outage which affected much
of the Underground (subway) during the evening rush-hour (a Google search
for "2003 London blackout" produces loads of info); various factors appeared
to be involved, but the direct cause was reported as a 1 Amp over-current
relay being erroneously fitted instead of a 5 Amp one two years before (via
a current-scaling transformer, of course).  I'm not sure if there are any
similarities with the Super Bowl event, but as someone said, the usual
non-expert comment was "why wasn't it tested thoroughly?", to which the
answer is: how do you rig up a multi-megawatt load bank to a public
electricity supply..?

  [Note: This outage is noted by Phil Thornley in RISKS-22.91 London
  blackout caused by incorrect relay fitting, and subsequently by Peter Amey
  in RISKS-22.97.  I include Chris's item here as another reminder of the
  importance of remembering history in RISKS.  PGN]

English Closed Captions of a speech given in spanish

David Tarabar <>
Thu, 14 Feb 2013 18:11:26 -0500
Marco Rubio gave a live response to the President's State of the Union
Address on 12-Feb. He also taped a Spanish translation of the speech that
was released to the media. posted the Spanish language version and
enabled Closed Captioning (CC). The CC was obviously automated, because the
resulting 'translation' was a garbled mess of English words.

Stephen Colbert—a comedian who plays a political pundit on TV—used
these captions as the basis for a segment of the Colbert Report.

(As of the morning 14-Feb, still enabled CC on the speech, but
as of this evening the CC option had been removed.)

The Long or Short of the TESLA Tale?

"Peter G. Neumann" <>
Thu, 14 Feb 2013 19:37:30 PST
In *The New York Times*, John M. Broder reported that that the Tesla Model S
electric car he was test-driving repeatedly ran out of juice, partly because
cold weather reduces the battery's range by about 10 percent.

Charles Lane, The electric car mistake, *The Washington Post*, 11 Feb 2013
quotes Tesla chief executive Elon Musk, claiming that Broder's report is a
fake, and that the vehicle log showed Broder didn't charge fully, and took
an [unmentioned] long detour.

*The Times* stands by Broder.

Electronic health records: teething problems?

"Peter G. Neumann" <>
Mon, 18 Feb 2013 9:34:43 PST
  [With thanks to Dr. D. Kross.  PGN]

"Everyone knew there would be teething problems the first few weeks, but
they've never stopped. We've started scheduling fewer patients because of
the time they take to process. The air can turn blue when a senior
consultant finds himself fiddling with a computer instead of seeing

Gaming the System (Catherine Rampell)

"Peter G. Neumann" <>
Sun, 17 Feb 2013 10:18:48 PST
  [Sometimes it pays to read the fine print.  A loophole in the professor's
  grading system lead an entire class to skip the final, guaranteeing
  them all A's.  People are wily!  Dan Farmer]

Catherine Rampell, *The New York Times*, 14 Feb 2013 [Valentine's Day]

Dollars to doughnuts.

*Inside Higher Ed* had a fascinating article a couple days ago about some
college students who unanimously boycotted their final exam and all got A
[grades] under a grading curve loophole. It's a great example of game theory
at work.

In several computer science courses at Johns Hopkins University, the grading
curve was set by giving the highest score on the final an A, and then
adjusting all lower scores accordingly. The students determined that if they
collectively boycotted, then the highest score would be a zero, and so
everyone would get an A. Amazingly, the students pulled it off.

  [Foreshortened for RISKS, but the last paragraph is worth noting, quoting
  the Professor, Peter Froehlich:]

“I have changed my grading scheme to include that everybody has 0 points
means that everybody gets 0 percent, and I also added a clause stating that
I reserve the right to give everybody 0 percent if I get the impression that
the students are trying to `game' the system again.''

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

"Peter G. Neumann" <>
Tue, 19 Feb 2013 9:54:35 PST
David E. Sanger, David Barboza, Nicole Perlroth, *The New York Times*

  "The building off Datong Road, surrounded by restaurants, massage parlors
  and a wine importer, is the headquarters of P.L.A. Unit 61398.  A growing
  body of digital forensic evidence - confirmed by American intelligence
  officials who say they have tapped into the activity of the army unit for
  years - leaves little doubt that an overwhelming percentage of the attacks
  on American corporations, organizations and government agencies originate
  in and around the white tower."

“Malicious Mandiant Security Report in Circulation'' (Joji Hamada)

Jim Reisert AD1C <>
Thu, 21 Feb 2013 23:22:01 -0700
Written by Joji Hamada, Symantec Employee

  "The report, APT1: Exposing One of China's Cyber Espionage Units,
  published by Mandiant earlier this week has drawn worldwide attention by
  both the security world and the general public. This interest is due to
  the conclusion the report has drawn regarding the origin of targeted
  attacks, using advanced persistent threats (APT), performed by a certain
  group of attackers dubbed the Comment Crew. You can read Symantec's
  response to the report here."

  "Today, Symantec has discovered someone performing targeted attacks is
  using the report as bait in an attempt to infect those who might be
  interested in reading it."

  [This might be somewhat self-serving, especially if Symantec's business is
  booming as a result of many prominent companies coming out of the closet
  to admit that they too were victims...  PGN]

VERY Cold boot attacks on Androids

Anthony Thorn <>
Tue, 19 Feb 2013 09:26:24 +0100
Thilo Mueller and Michael Spreitzenbarth at Uni Erlangen have published a
report and tools to perform cold boot attacks on Android smartphones.

They describe ( cooling the
phone in a freezer for an hour before proceeding.  Freezing RAM chips to
read their content is not new, nor are cold boot attacks; here a concept has
been proved and the tools made available.

FROST illustrates that attacks (threats) that appeared very difficult and
expensive and hence impracticable and negligible can suddenly become
practical and real risks.

My conclusion is that attacks which are logically possible must be taken
seriously as risks - even if they are currently difficult.

Last but not least, I found the pun irresistible, and in the spirit of

"Why Java APIs aren't the same as a Harry Potter novel"

Gene Wirchenko <>
Fri, 15 Feb 2013 09:57:44 -0800
Oracle seeks to convince appeals court that Google's use of 37 lines of code
is akin to plagiarizing a blockbuster literary work.  InfoWorld, 14 Feb 2013

YouTube restores video of crash blocked by NASCAR

Lauren Weinstein <>
Sat, 23 Feb 2013 20:05:02 -0800  (*The Washington Post* via NNSquad)

  "Our partners and users do not have the right to take down videos from
  YouTube unless they contain content which is copyright infringing, which
  is why we have reinstated the videos."

YouTube has reinstated the video(s) [which I mentioned earlier today] noting
that NASCAR did not have the right to remove them on copyright infringement
grounds.  Good work by the YouTube team.

ISP six-strikes starts tomorrow, and the expected results are ...

Lauren Weinstein <>
Sun, 24 Feb 2013 13:15:28 -0800
ISP six-strikes starts tomorrow, and the expected results are ...  (Torrent Freak via NNSquad)

  "The much-discussed U.S. six strikes anti-piracy scheme is expected to go
  live on Monday. The start date hasn't been announced officially by the CCI
  but a source close to the scheme confirmed the plans."

Expected results:

1) Legit users are harassed due to IP address mix-ups, etc.  Remember
   you must pay to file an appeal.

2) Proxy services see a massive up-tick in use.

3) Public Wi-Fi access points in small stores, etc. are decimated.

4) Relatively visible Torrent-based systems are even more rapidly
   replaced with completely underground and well-hidden systems.

5) In relatively short order, the MPAA et al. will be back with their
   Congressional supporters again demanding that the Internet be remade
   to protect their obsolete 20th century profit center models, no
   matter what the costs.

IEEE: Can You Trust an Amazon Review?

Lauren Weinstein <>
Sat, 23 Feb 2013 16:02:17 -0800  (*IEEE Spectrum* via NNSquad)

  "Reviewers are gaming the system at Amazon and elsewhere for mischief,
  politics, and profit."

"Nowhere to hide: Video location tech has arrived" (Bill Snyder)

Gene Wirchenko <>
Thu, 21 Feb 2013 10:18:00 -0800
Bill Snyder, *InfoWorld*, 21 Feb 2013
New technologies are turning Web videos and photos into tools that will
  destroy your privacy

Bad idea: Firefox Will Soon Block Third-Party Cookies

Lauren Weinstein <>
Sat, 23 Feb 2013 13:50:26 -0800
  "Stanford researcher Jonathan Mayer has contributed a Firefox patch that
  will block third-party cookies by default. It's now on track to land in
  version 22."  (Slashdot via NNSquad)

No meaningful privacy enhancements will be provided to users by this
change, but contrary to what Mozilla is saying, it *will* break many
standard functions of many standard Web sites.  Another "politically
correct" step by Mozilla that actually makes users' lives more

Re: Infiltrate anybody, one-click easy (Summit, RISKS-27.16)

"Al Mac Wow" <>
Thu, 14 Feb 2013 22:02:39 -0600
We customers, of anti-virus and other PC security software, we are sheep.
We buy whatever is offered, we do not make demands or even pretty please
requests that future editions of the protection provide specific
improvements.  Not enough of us ask for the same thing.

I want the code which I key in to activate this upgrade printed large enough
so I do not have to use a magnifying glass, or other aids, so the characters
are readable, for my aging eyes.

I want e-mail protection which says ... this hyper link is not what its text
claims to be.  This attachment saying it came from company-X or government
agency-X did not in fact come from that organization.

I want a browser click on ... this site is suspicious.  Then there is a pull
down options ... we select porn, hate site, selling clearly illegal product
or service, promoting assassination of our leaders, whatever the grievance,
or space to enter a comment if other than one of the above.  Then another
option, where we select who to report it to, such as local police, FBI, FTC,
our ISP, the ACLU, whatever.  When they get the "suspicious" reports, we
have already categorized for them, what we think the problem, our identity,
our GPS where we were when we saw it.

When we have a company network, the e-mail should go through a different
brand name anti-virus, anti-phishing protection than what is on the
individual PCs of the network, so one catches what the other protection

When individual PCs try to connect to the company network, run security
software check ... do you have the latest security?  Is it working?  Has it
been patched?  Do you have a virus?  If any answer wrong, then you are
disconnected from the network, your boss is notified, and a technician is
dispatched to your location to fix your PC.

Do you have the same company PC doing your company banking, and that PC
engaged in other Internet activity, like e-mail?  Fire the manager who
decided that was appropriate behavior.

Firewalls and anti-protection should check what's going out, as well as
what's coming in.  Here is confidential personal info going out.  Is it
going to a previously authorized location?

Al Mac (WOW) = Alister William Macintyre

Re: Infiltrate anybody, one-click easy (Summit, RISKS-27.16)

Tom Van Vleck <>
Fri, 15 Feb 2013 10:48:22 -0500
I heartily agree with Steve Summit's posting in RISKS 27:16.

I advise my friends and family "don't click on links in e-mail messages,"
but I know they do—because I see the results when they get hacked.

The programs now invoked by e-mail clients to display web pages and
attachments trust those items completely.  I wish we could introduce some
caution and intelligence into this path.

For display of links in messages, I'd like to use a specialized web
page mail-link browser that's passed information like "this obfuscated
URL came from a mail message, ostensibly from, sent via
a mail server in Russia."  (I got one of these recently.)  The browser
could consider multiple factors when deciding how to show the content.
It might, for example, display an alert border; disable Flash, Java,
Javascript; disable or indicate IFRAMEd content, etc.

Similarly, I'd like the option to send file attachments to a sandboxed
program that just displayed text contents.

Microsoft seeks patent for spy tech for Skype

Lauren Weinstein <>
Thu, 21 Feb 2013 09:05:51 -0800
   "A technology called Legal Intercept that Microsoft hopes to patent
    would allow the company to secretly intercept, monitor and record
    Skype calls. And it's stoking privacy concerns."
    (*Computerworld* via NNSquad)

Re: Microsoft Patents Skype Interception Tool (via Dave Farber)

"Dossy Shiobara" <>
Feb 21, 2013 10:37 AM
From an intellectual property perspective, wouldn't it make a lot of sense
for a company to patent or otherwise protect snooping and/or
security-related technology to prevent others (bad actors, competitors,
etc.) from implementing the functionality and using it?

While the chilling effect of the privacy implications are a concern, this
kind of patent seems like an obvious defensive strategy, as well?

Re Microsoft Patents Skype Interception Tool (via Dave Farber)

"David Pollak" <>
Feb 21, 2013 11:20 AM
FWIW, I described a Skype interception tool on this list 6+ years ago. I
wonder if my description counts as prior art to the patent.

18th International Workshop on Formal Methods for Industrial Critical Systems: FMICS 2013, Call for papers

Diego Latella <>
Fri, 15 Feb 2013 11:52:18 +0100
                           FMICS 2013
                  18th International Workshop on
          Formal Methods for Industrial Critical Systems
                      September 23-24, 2013
                          Madrid (Spain)
                    Co-located with SEFM 2013
    [truncated for RISKS; see the URL for the full announcement.  PGN]

Call for Papers

The aim of the FMICS workshop series is to provide a forum for researchers
who are interested in the development and application of formal methods in
industry.  In particular, FMICS brings together scientists and engineers who
are active in the area of formal methods and interested in exchanging their
experiences in the industrial usage of these methods. The FMICS workshop
series also strives to promote research and development for the improvement
of formal methods and tools for industrial applications.

Topics of interest include (but are not limited to):
* Design, specification,  code generation and testing  based on formal
* Methods,  techniques  and   tools  to  support  automated  analysis,
  certification, debugging,  learning, optimization and transformation
  of complex, distributed, real-time systems and embedded systems.
* Verification  and validation  methods that  address  shortcomings of
  existing  methods  with respect  to  their industrial  applicability
  (e.g., scalability and usability issues).
* Tools for the development of formal design descriptions.
* Case studies  and experience  reports on industrial  applications of
  formal methods, focusing on lessons learned or identification of new
  research directions.
* Impact of the adoption of  formal methods on the development process
  and associated costs.
* Application  of  formal methods  in  standardization and  industrial

Submissions must describe authors' original research work and their
results. Contributions should not exceed 15 pages formatted according to the
LNCS style (Springer), and should be submitted as Portable Document Format
(PDF) files using the EasyChair submission site:

Paper submissions by May 3rd.

Michael Dierkes (Rockwell Collins, France)
Charles Pecheur (Université catholique de Louvain, Belgium)

Dott. Diego Latella - Senior Researcher - CNR/ISTI, Via Moruzzi 1, 56124
Pisa, IT (
FM&&T Laboratory ( - phone: +39 0503152982 - mob:
+39 348 8283101 - fax +39 0503152040

Please report problems with the web pages to the maintainer