Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Investigators call on Airbus to again tell operators to ensure essential safety checks are made on cowl closures, a known safety risk After a British Airways A319 made an emergency landing at Heathrow on 24 May 2013, it was photographically evident that the cowls were not properly shut -- causing the 40kg metal coverings to fly loose during takeoff on what would have been a flight to Oslo. The right-hand engine caught fire, and the plane had to be landed on one engine. [Source: Gwyn Topham, *The Guardian*, 31 May 2013; PGN-ed] http://gu.com/p/3g929
John Lichfield, Fake votes mar France's first electronic election, *The Independent* via NNSquad http://j.mp/17hqQcj “What was already shaping up as a tense and close election was thrown into utter confusion at the weekend. Journalists from the news site Metronews proved that it was easy to breach the allegedly strict security of the election and vote several times using different names. To register their vote on-line, Parisians were supposed to make a credit-card payment of 3 euros and give the name and address of someone on the city's electoral roll. Metronews said that one of its journalists had managed to vote five times, paying with the same credit card, using names, including that of Nicolas Sarkozy.''
More from the same article: This `electronic' election had been touted as "fraud-proof" and "ultra-secure", but apparently permitted multiple voting and fraudulent voting for other people, with little difficulty. Journalists turned into whistle-blowers. http://www.independent.co.uk/news/world/europe/fake-votes-mar-frances-first-electronic-election-8641345.html
Alison Langley, UK considers stepping up Internet blocking, *Columbia Journalism Review* (via NNSquad) http://j.mp/18K4eiI Her suggested remedy is a three-pronged approach: ban more organizations and Muslim schools that the government believes are inciting hate; block extremist websites, and revive the Communications Data Bill, which would which would require Internet service providers and mobile companies to keep records of every user's browsing activities, email correspondences, and texts for 12 months. Phone companies in the UK already are required to retain email and telephone contact data. Some filters against extremist websites have been in place since 2010, [Home Secretary Theresa] May told the BBC. Since then, police have gotten more than 5,500 postings deleted from the Internet, she added. Police and governments routinely request that Internet companies and Web hosts take down, block, or filter content they deem to be offensive or illegal. Companies can voluntarily comply or wait for a court order to do so. Now May would like to examine whether officials should have broader power to demand that content be removed. Home Office spokeswoman Sally Henfield said in a telephone interview that the examination will be part of the government's Extremist and Radicalization Task Force, established this week in the aftermath of the Woolwich stabbing. Further details have yet to be decided. The conservative government's coalition partner, the Liberal Democrats, said that in the wake of the Woolwich murder, they would agree to some parts of the draft Communications Data Bill, which they blocked in April over privacy concerns. - - - The UK is declining into true police state status faster than anywhere else in the world that I know of. How long before they try to ban VPNs and proxies?
Ted Samson, InfoWorld, 31 May 2013 Bruce Schneier says 'eavesdroppable' Internet communication products would hurt innocent users and tech companies http://www.infoworld.com/t/internet-privacy/security-guru-fbi-internet-tapping-good-criminals-bad-everyone-else-219727
http://qz.com/89410/google-moto-x-smartphone-will-spy-on-you-247-and-youll-like-it/ [via Dave Farber's IP] Dennis Woodside, CEO of Motorola, Google's wholly owned phone-making subsidiary, walked onto a stage yesterday with the company's rumored new superphone and while he refused to take it out of his pocket, he confirmed that it's real and that it's launching in October of this year. <http://qz.com/46411/google-x-phone-with-long-battery-life-wireless-charging-and-an-unbreakable-case/>, <http://allthingsd.com/20130529/moto-x-coming-out-by-october-and-its-all-about-sensors-and-will-be-built-in-texas/>, He also dropped a number of technical details about the phone, known as the Moto X, which indicate that, essentially, it's the world's most sophisticated cluster of sensors you can wear on your person, and it's going to know every single thing you do, whether it's driving, sleeping or taking a walk around the block. Google is betting that you will love your pocket Stasi so much you'll never want to be without it—and Google is right. Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com http://punkcast.com VP (Admin) ISOC-NY http://isoc-ny.org
Google discovers many bugs in other companies software, and previously allowed them 60 days to roll out a fix before making the exploit known to third parties. Now, that period is reduced to 7 days. http://siliconangle.com/blog/2013/05/31/google-gives-companies-just-seven-days-to-fix-security-exploits/
Android users now tired of having their information and credit stolen can now fight back! With a free Android app, they can now read the credit card information of other people, provided their cards have an embedded NFC chip. Even better, CBC News has done the QA and confirmed that this works. http://www.cbc.ca/news/canada/manitoba/story/2013/04/23/mb-smartphones-skimmer-credit-card-winnipeg.html The next time I'm in a checkout line, I'm going to be wondering how many people are secretly stealing each other's credit card info ...
According to the Apple iTunes/App Store terms of agreement, if you use the Apple iTunes/App Store when you are traveling abroad, you are in violation of your contract. Here is the US version of the agreement, but it also applies to all the other national agreements I could check (and read). http://www.apple.com/legal/internet-services/itunes/us/terms.html > THE ITUNES STORE SERVICE [...] REQUIREMENTS FOR USE OF THE SERVICE > [...] > The iTunes Service is available to you only in the United States, its > territories, and possessions. You agree not to use or attempt to use the > iTunes Service from outside these locations. Apple may use technologies to > verify your compliance. So the global product is in fact a national product, available strictly within national boundaries, even in the case of EU countries where a common market is supposedly in effect. I think that somebody liked the DVD-style partitioning of the world into distinct markets (where a product purchased in one market cannot be used in another) so much that they decided to apply it to its extreme. What is coming next? having each state designated as a separate market, so that you can use your iphone in New Jersey, but not in New York? Vassilis Prevelakis, Institut fuer Datentechnik und Kommunikationsnetze Technische Universitaet Braunschweig Germany
Woody Leonhard, InfoWorld, 31 May 2013 After a decline in the capabilities of spam-catching software, it's heartening to see that the good guys are getting better http://www.infoworld.com/t/anti-spam/spam-catchers-catching-spammers-better-219760 selected text: "It would be natural to expect those sources all to be Internet service providers, with the top positions occupied by ISPs in developing countries, where many people run cracked and thus unpatched versions of Windows XP—a dream for botherers." But no, that isn't what Ken found. The No. 1 source of spam in Ken's study is The Planet, a Web service offered by SoftLayer, a Web hosting company with 436 employees and an active abuse team. Second was a German firm, STRATO, also known for Web hosting. Third was yet another Web hosting firm, of dubious pedigree. Of the top 25 spamming sources in the study, only six were ISPs.
When you get to the last sentence, keep in mind that UW-Madison, like many other places, has a searchable employee directory with work address, telephone numbers, and e-mail address. - - ------ Original Message -------- Date: Tue, 4 Jun 2013 16:29:05 -0500 Subject: Launch of OpenBook Wisconsin From: Vice Chancellor Darrell Bazzell <firstname.lastname@example.org> Date: June 4, 2013 To: All UW-Madison Employees From: Vice Chancellor for Finance and Administration Darrell Bazzell Re: Launch of OpenBook Wisconsin As some of you may know, the State of Wisconsin is preparing to launch a new expenditure website called OpenBook Wisconsin, <http://budget.wisc.edu/budget-news/state-to-launch-openbook-wisconsin-website/> The site is part of an ongoing effort to make state government more transparent for the citizens of Wisconsin. The site launch will be conducted in phases, but we cannot predict with certainty when OpenBook will go live. We are communicating now with the intent of giving employees as much notice and consideration of the site launch as possible. The OpenBook website stems from 2011 Wisconsin Act 32, s.16.413 of the Wisconsin Statutes, which requires the Department of Administration to create a searchable website with information about all state agency expenditures in excess of $100. For ease of administration, UW-Madison will report all expenditures, regardless of amount. The database will eventually include state and UW salaries and fringe benefits, grants paid by state agencies, and contract payments made by any agency or UW institutions. At this time, the university is taking steps to ensure that employees with legitimate personal safety needs that require removal of their name from the OpenBook database will be protected. Such legitimate personal safety concerns for removal from the OpenBook website would include having been the victim of a crime (e.g., domestic abuse) or circumstances involving court orders that would require the removal of the employee's name. In the event that an employee would like to request his or her name be redacted from this database, based on the stated safety concerns, they need to contact Zubin Mufti (e-mail: <email@example.com>, phone: (608) 262-4587) from the Office of Human Resources to discuss a possible redaction. If an employee has currently been removed from the university directory for a reason consistent with the above factors, the employee's name will also be removed from OpenBook. It must be emphasized that only the employee name will be removed. The expenses an employee submits and the payroll information will be included on the website, but the name will be withheld from the related expenditure. OpenBook will not post Social Security numbers, home addresses or home telephone numbers of any employee.
>>>>> "F" == Flickr <firstname.lastname@example.org> writes: F> Smile. Everyone now gets a free terabyte of space. That's an about face from the previous measly 200 picture allowance, plus there isn't a single link to Flickr.com in the message, but instead just links to "yahoo-email.com". SpamAssassin analysis gives: 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records -0.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_REMOTE_IMAGE Message contains an external image Ho hum, just another scam message. But wait, browsing Flickr.com shows it is real.
- Every so often, usually after numerous fails of trying to resolve a Google captcha, I ask it to kick over the audio. Fuggedabitit. Completely unusable. - Come to think of it, since the audio is meant to be heard and transcribed by a human, it might as well be a completely clear and simple word like "cat" or the number "123".
My favourite quote here is "a politician who robs Peter to pay Paul can probably rely on Paul's vote". If the Government takes money off rich people and gives it to poor people, this may seem to be "fairer" and reduce inequality, but it rewards people who rely on welfare and punishes those who provide for themselves (hence in the UK a lifetime on welfare is quite a popular career option). If Government spending rises faster that the general level of wealth in the country (GDP growth), then the Government will eventually run out of money; its only sources of income are taxes or borrowing, and if it tries to borrow too much, then either creditors stop lending (as in Greece), or the interest payments become crippling (as in the UK, which has to borrow to pay the interest on existing debt). Another favourite quote is from the obituary in the newspaper of an economist called Professor James Buchanan (1919-2013): In modern democracies, Buchanan argued, politicians and bureaucrats come under constant pressure to placate interest groups with subsidies, tax breaks, regulation and uneconomic public investment; to take on ever more responsibilities to show they are `doing something'; and to expand budget deficits because they cannot square competing demands to spend more and to tax less. Politicians tend to regard political decisions of this sort as somehow independent of the economy and therefore immune from the sort of cost-benefit approach applied in the private sector, justifying them with reference to concepts such as `public good' or the `public interest'. -- which in two sentences describes exactly why western countries are how they are now, though not how to improve things. The risk here looks like governments gambling on getting enough money from "the rich" to match their spending ambitions, and losing.
> This begs the question of what one means by "The Internet". ... It's not only critical infrastructure. Several recent criminal events in the UK are alleged to have been encouraged by the availability of "extreme" material on the internet, inevitably followed by demands for it to be made illegal, with ISPs, search engines, or whoever required to block it (Google has come in for particularly fierce criticism, as if web sites were only accessible via them). As Bob Frankston says, given the worldwide, amorphous nature of the internet and the huge volume of constantly-changing information in web sites, it's by no means clear who could be held liable or how effective blocking could be, or even what is and isn't unacceptable material, though of course that doesn't stop people from trying.
The discussion here centers, as does discussion in the European Spreadsheet Risks Interest Group (www.eusprig.org), on errors in creating spreadsheets. But spreadsheet programs are software and have bugs. It's quite possible to program a spreadsheet that's correct and appropriate in every way, but for the spreadsheet to deliver a wrong result. One can think of ways to mitigate that possibility, but they require effort, possibly lots of it. In the late 1980s I found a calculation bug in DEC's spreadsheet program for VAX/VMS; and since I was working there at the time, I reported it through the internal mechanism which should have given it elevated attention. I followed up and checked with the engineering group from time to time, and in fact nothing was done about the bug for years, during which the calculation engine—with the bug—became part of the workstation product. As new releases came out, they all still had the calculation bug. Several years after it was reported, the engineering group apparently made a sweep through as-yet unresolved problems and called me to ask if it had been fixed! When the young guy who called me heard it was still present, he followed it up, and it was finally diagnosed as a problem with the compiler used to compile the software. Final resolution: it was too much work to try to debug *that* problem, and the calculation bug was never fixed. Luckily by that time there was PC software to replace it. And we can be sure there are no problems there.
Please report problems with the web pages to the maintainer