Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
http://www.latimes.com/local/lanow/la-me-ln-hacker-lax-flight-boards-20130422,0,6739919.story LAX flight status boards hacked, telling passengers to exit terminal Andrew Blankstein and Robert J. Lopez, latimes.com, 22 Apr 2013 Authorities were searching the Tom Bradley International Terminal at Los Angeles International Airport on Monday night for someone who hacked into multiple flight status boards to write: "Emergency Leave the Terminal," law enforcement authorities told *The Times*. The rogue message was changed about five minutes after it was noticed about 10 p.m., authorities said. It was unclear whether any passengers had left the terminal. Multiple travelers reported the message to airport police. The status boards are located in the B aisle area of the terminal. Additional officers were dispatched to the terminal while LAX officials investigated who was responsible for the hacking. Earlier this month, an electronic sign near USC was apparently hacked to display inappropriate messages about the Los Angeles Police Department. [That should be known as REALLY LAX security! PGN]
http://j.mp/13XGzfH (Techcrunch via NNSquad) The AP Twitter hack which sent the stock market briefly crashing was caused by a phishing attack, according to the AP. The news organization now says the attack on Twitter was "preceded by a phishing attempt on AP's corporate network." [Lots to choose from: lame passwords, cross-site scripting, compromised insider access routes, whatever. CNN suggests “social engineering''. PGN]
The legislator held out two license plates—one in green and one in red -- that were both labeled "AB-123," and asked the premier if he could tell the difference between them. When the premier said he could not, lawmaker Yeh noted that they were from two different types of vehicles yet have the same number. http://www.chinapost.com.tw/taiwan/national/national-news/2013/04/10/375627/Govt-made.htm
In the cars section of last Saturday's newspaper (April 20th), there was a letter from a reader with a new Audi R8 V8 with manual transmission. Complaint was very sluggish acceleration from 30mph (50km/hr) in 3rd gear; interrogating the OBD-II port showed a temporary throttle part-closure, which turned out to be programmed in to get good figures in the drive- by noise test required for EU Type Approval. It's good to have cars that aren't too loud, but awkward to discover this in the middle of a tricky passing manoeuvre...
http://www.bloomberg.com/news/2013-04-19/faa-approves-boeing-787-battery-fix-allowing-flight-resumptions.html Boeing' 787 Dreamliner won U.S. approval to return to service with a redesigned lithium-ion battery, more than three months into the government's longest grounding of a commercial model in the jet age. Restoring the 787 to flight status will allow the eight current operators to end the use of temporary replacements and start routes that had been put on hold with the Dreamliners unavailable. Chicago-based Boeing will be able to resume deliveries, a pivotal step because it gets bulk payments when aircraft are handed over. The plane will continue to have permission to fly as far as 180 minutes from an airport, FAA spokeswoman Laura Brown said in response to questions. That is the same as the plane was originally certified to fly. That allows it to fly across oceans, mountain ranges or the poles. “A team of FAA certification specialists observed rigorous tests we required Boeing to perform and devoted weeks to reviewing detailed analysis of the design changes to reach this decision,'' FAA Administrator Michael Huerta said in a statement. Next week the FAA will publish regulations on how to alter the batteries in the U.S. Federal Register, allowing Boeing and airlines to proceed with the fixes. Boeing has sent teams around the world to help fit new battery kits into the 49 Dreamliners in airline fleets. Each installation will take four to five days, Boeing has said. Once those jets are fixed, work will turn to dozens of 787s stored around Boeing factories. To contact the reporter on this story: Alan Levin in Washington -- alevin24@bloomberg.net
http://bit.ly/11gIo1S, noted by Marv Schaefer New lithium-ion battery design that's 2,000 times more powerful, recharges 1,000 times faster Researchers at the University of Illinois at Urbana-Champaign have developed a new lithium-ion battery technology that is 2,000 times more powerful than comparable batteries. According to the researchers, this is not simply an evolutionary step in battery tech, “It's a new enabling technology: it breaks the normal paradigms of energy sources. It's allowing us to do different, new things.'' [Lots of new risks as well, much faster and with lower power? PGN]
Two items on Internet use, etc. vs. distracted driving How Federal Distracted-Driving Guidelines Will Shape Your Next Phone http://j.mp/15F5EMF (Wired via NNSquad) Study: Voice-activated texting while driving no safer than typing http://j.mp/15F5tRA (Washington Post via NNSquad) It seems clear that regulators are focusing not only on built-in but also portable devices. It seems inevitable that they will also direct attention to "wearable" devices as well at some stage.
Al Baker, *The New York Times, 19 Apr 2013 Nearly 2,700 New York City students were wrongly told in recent weeks they were not eligible for seats in public school gifted and talented programs because of errors in scoring the tests used for admission, the Education Department said on Friday. ... According to Pearson, three mistakes were made. Students' ages, which are used to calculate their percentile ranking against students of similar age, were recorded in years and months, but should also have counted days to be precise. Incorrect scoring tables were used. And the formula used to combine the two test parts into one percentile ranking contained an error. https://www.nytimes.com/2013/04/20/education/score-corrections-qualify-nearly-2700-more-pupils-for-gifted-programs.html
Law professor makes a case for legally recognizing the Dangers of Surveillance http://j.mp/ZNfh3H (Network World via NNSquad) The Dangers of Surveillance, written by Neil M. Richards, Professor of Law at Washington University in St. Louis, was recently published on the Social Science Research Network. In it, Richards proposed "four principles that should guide the future development of surveillance law." Yet he said we must first recognize that: "Surveillance transcends the public-private divide;" that "secret surveillance is illegitimate;" that "total surveillance is illegitimate" and that "surveillance is harmful." The courts may understand that surveillance could be potentially harmful, but "have struggled to clearly understand why."
In the confusion surrounding the Boston Marathon bombings, some users of the popular Reddit site misidentified a missing Brown University student as the bomber. http://usnews.nbcnews.com/_news/2013/04/19/17826915-missing-brown-university-students-family-dragged-into-virally-fueled-false-accusation-in-boston This event seems to be first demonstration of the collision between mass data available over the Internet and the echo chamber of blogs, comments, and social media for spawning and amplifying spurious identifications of the perpetrators of high-profile criminal acts. If we stay on the current trajectory (as we most certainly will) the data will become ever more prompt and detailed. "The bomber is Mark Thorson and Google says he's at his mother's house at 1505 Spruce St. right now! Let's go get him!"
There is a real risk in confusing technical and economic problems. Focusing on problem of "congestion" as cited in the Atlantic City cities misses the point because that congestion is a necessary consequence of the economic architecture of today's telecommunications system. The alternative is simple—don't do that. As a common infrastructure we could use Wi-Fi (for starters) to make the vast existing capacity of the common infrastructure immediately available. The idea of trying to make our ability to communicate a profit center is foolish at best—it's akin to shutting down public transportation systems if they are not profitable in themselves. Doing so would cause severe harm to society. The business of providing telecommunications at a profit requires limiting capacity and funneling traveling through billing points (AKA cell towers). Until we understand the interplay of technology and economics we are likely to work at cross-purposes with ourselves. I'm not an expert on the story of the closing of the Los Angeles trolley system but when the New York subways failed to turn a profit the system took responsibility for them rather than shutting it down.
>Perhaps we need methods for spreadsheet assurance, just as we need methods >for assuring the security and reliability of our operating systems and >applications? Back in the 1980s I was one of the authors of a program called Javelin, a time series modeling package that you could use to do a lot of the same stuff that people do with spreadsheets. One of our selling points was that Javelin models were a lot more reliable than 1-2-3 or Excel models. Data were stored in named variables each of which could be a time series, which largely prevented the kind of error that R+R made, since if you said A=SUM(B), it automatically summed up all of B. We had spreadsheet-like editing, but you were editing a view of the underlying model, not anonymous cells. In marketing focus groups, we learned two things: a) any spreadsheet large enough to be interesting had bugs, and b) nobody cared. One telling comment was "it's my manager's job to check that my spreadsheet is correct."
They used cell L44 instead of L49?? Come on, meaningful symbolic names for variables have been around at least since IBM's RPG language (introduced in 1959)! No wonder almost all Excel spreadsheets contain errors; this sort of programming simply guarantees that. http://www.marketwatch.com/story/88-of-spreadsheets-have-errors-2013-04-17) I'm not surprised that Microsoft would force such antediluvian practices upon all of us; but I am surprised that there is still no prevalent alternative.
>I just received an e-mail on 11 April from AMEX touting a few current >offers, but the name in the message was not mine—luckily the final digits >*were* from my card, though it could also have been his ... I have two Amex cards. Both have the same last five digits, which is a pain in the patoot when I'm trying to figure out which account I used for a charge slip or online purchase. How likely is it that? 1/100,000? Not by a long shot. Credit card numbers from a particular issuer all have the same structure. In Amex's case, the first two digits are always 37, the next two are the currency (with many different digit pairs for common currencies like US dollars), then there's the account number, a three digit card number, and a check digit. The card number for the primary cardholder on each account is card number 100, which only changes if the card is lost or stolen and reissued. So in fact, nearly all account numbers end with X100Y where X is the last digit of the account number, and Y is the check digit. The check digit is computed from the rest of the number using the Luhn "mod 10" algorithm which is intended to detect digit transpositions and to be easy to compute, not to be cryptographically secure. Since the other digits in the number are not very random, the check digit isn't either. If the X and Y were random, the chances of those five digits being the same would be a little under 1%, but since the check digit isn't random, it's a little more than that. So anyway, partial credit card numbers are only arguably adequate for showing that a message is from your bank and not a phish, and useless for anything stronger.
Churnalism: Discover When News Copies from Other Sources http://j.mp/ZNeRdy (Sunlight Foundation via NNSquad) "Churnalism US is a new web tool and browser extension that allows anyone to compare the news you read against existing content to uncover possible instances of plagiarism. It is a joint project with the Media Standards Trust."
Please report problems with the web pages to the maintainer