The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 49

Friday 27 September 2013


NHS IT system one of 'worst fiascos ever', say MPs
Richard Irvin Cook
Why Whistleblowers Should Be Listened To
M. Heffernan via Sharon Kramer
L.A. School District's Expensive iPad Program Already in Trouble
Howard Blume via Lauren Weinstein
IBM's Watson computer has parts of its memory cleared after developing an acute case of potty mouth
George Dvorsky via Randall
Supreme Court Weighs When Online Speech Becomes an Illegal Threat
David Kravets via Lauren Weinstein
"Internet threat level rises on expanded IE attacks"
Gregg Keizer via Gene Wirchenko
EU+ trying to use NSA stories as excuse to kill the open Internet
Tech Freedom via Lauren Weinstein
"Nirvanix shutdown has cloud users wondering who's next"
David Linthicum via Gene Wirchenko
"Dropbox takes a peek at files"
Jeremy Kirk via Gene Wirchenko
FTC vs Marketer of Internet-Connected Home Security Video Cameras
Gabe Goldberg
"Identity theft service planted botnets in LexisNexis, other data providers"
Serdar Yegulalp via Gene Wirchenko
Re: EZ-Pass being read all over
Ed Ravin
Re: Verizon's diabolical plan to turn the Web into pay-per-view
Arthur T.
FAA preparing to remove restrictions on in-flight electronic devices
Serdar Yegulalp via Gene Wirchenko
Defeating Apple's Touch ID: It's easier than you may think
Dan Goodin via Dewayne Hendricks
Re: Wired: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth'
Ivan Jager
*TNY* review by Louis Menand of 'Command and Control', Eric Schlosser
Prashanth Mundkur
Opinion: Neglecting our nukes - Eric Schlosser -
Gabe Goldberg
Info on RISKS (comp.risks)

NHS IT system one of 'worst fiascos ever', say MPs

Richard Irvin Cook <>
Wed, 18 Sep 2013 05:46:45 +0000
  [This is an update to Richard's item in RISKS-25.44, 8 Nov 2008.  PGN]

Caveat emptor!  [RIC]

BBC News UK Politics, 18 September 2013

Taxpayers face a rising, multi-billion pound bill for a failed government IT
project, MPs have said.  A report by the influential Public Accounts
Committee (PAC) concluded an attempt to upgrade NHS computer systems in
England ended up becoming one of the "worst and most expensive contracting
fiascos" in public sector history.

The final bill for abandoning the plan is still uncertain, the committee
said.  Ministers initially put the costs of the NHS scheme's failure at
6.4bn pounds.  Officials later revised the total to 9.8bn, but the PAC said
this latest estimate failed to include a price for terminating a contract
with Fujitsu to provide care records systems and other future costs.


The project was launched in 2002, with the aim of revolutionising the way
technology is used in the health service by paving the way for electronic
records, digital scanning and integrated IT systems across hospitals and
community care.  Hit by technical problems and contractual wrangling, it was
effectively disbanded by the government two years ago.

MPs on the PAC said some outstanding costs remain and committee member
Richard Bacon said: "The taxpayer is continuing to pay the price for the
ill-fated national programme for IT in the NHS.  "Although officially
dismantled (it) continues in the form of separate component programmes which
are still racking up big costs."  He highlighted a government decision to
renegotiate 3.1bn worth of contracts with outsourcing company CSC, charged
with setting up a care records system known as Lorenzo in the North,
Midlands and east of England.  "Despite the contractor's weak performance,
the Department of Health is itself in a weak position in its attempts to
renegotiate the contracts," Mr Bacon said.

"The department's latest estimate of 9.8bn leaves out the future costs of
Lorenzo or the potential large future costs arising from the department's
termination of Fujitsu's contract for care records systems in the south of
England."  The report added that delays and problems with changes to benefit
payments - another huge government IT project - showed ministers had not
"learned and applied lessons" from the fallout.  "This saga is one of the
worst and most expensive contracting fiascos in the history of the public
sector," Mr Bacon added.

Why Whistleblowers Should Be Listened To (M. Heffernan)

Sharon Kramer <>
September 26, 2013 2:20:37 PM EDT
M Heffernan, *The Guardian* UK

  [via Dave Farber]

  [... profound words of wisdom published today in the GuardianUK.   SNK]

What the recent scandals have shown us is that no management or monitoring
system will catch every problem breeding inside an organisation. But its
employees could: they are an institution's best early warning system...

Whistleblowers are rare and misunderstood. Popularly portrayed as marginal
figures, eccentric if not downright mad, they always come across as
irritable malcontents. Nothing could be further from the truth...  By the
time a whistleblower is frustrated enough to go public, managers have lost
the battle. Not only do they now have a public relations crisis to manage
but they've lost the chance to solve a problem while it was still small and
private. The defensiveness that inevitably ensues drives truth-telling
further underground and makes it less likely that anyone will speak up early
enough next time....

The management of whistleblowers, therefore, requires real courage on the
part of managers. They need to be unafraid when someone shines light on a
problem and to recognise that the people who do so are their source of

The overwhelming majority of whistleblowers are deeply loyal, committed
employees who have high expectations of their organisations. It's when those
institutions fail to meet high standards that the nascent whistleblower
becomes distraught, frustrated and sounds the alarm. Only when they find --
to their mounting disappointment—that they are ignored or rejected do
they go outside the organisation to draw attention to their grievances...

The challenge for local authorities, therefore, is to create the culture and
the systems that make it easy and attractive for anyone with a concern to
articulate it early, when the issue is still easy to fix...

L.A. School District's Expensive iPad Program Already in Trouble (Howard Blume)

Lauren Weinstein <>
Wed, 25 Sep 2013 10:49:25 -0700
  By Tuesday afternoon, L.A. Unified officials were weighing potential
  solutions. One would limit the tablets, when taken home, to curricular
  materials from the Pearson corporation, which are already installed.  All
  other applications and Internet access would be turned off, according to a
  district "action plan."  A second approach would be to buy and install a
  new security application.  Apple's just-released new operating system
  might help, but not the current iteration, according to the district. A
  fix from Apple is not likely to be available before late December.  The
  devices should work normally at school, although even that has been
  problematic. Teacher Robert Penuela said his use of the tablets has been
  limited because he can't get them to work for all students at once.
  Roosevelt freshman Alan Munoz said that, so far, he was using his iPad
  only during free time.  The excitement of receiving the device quickly
  wore off for senior Kimberly Ramirez when she realized it was for
  schoolwork only.  "You can't do nothing with them," she said. "You just
  carry them around."  (Howard Blume, *L.A. Times* via NNSquad)

When this program (which basically was pushed through in secret) was
announced, I was critical of its cost (sweetheart deal with Apple and
Pearson for expensive iPads rather than alternatives) in a time when the
LAUSD really needs more teachers. And I noted that if the district really
thought they were going to restrict what students did with these things
(liability issues, huh?) they were fooling themselves.  Well ...

IBM's Watson computer has parts of its memory cleared after developing an acute case of potty mouth (George Dvorsky)

Randall Webmail <>
September 26, 2013 8:13:11 AM PDT
George Dvorsky, io9, 11 Jan 2013
    [From Dewayne Hendricks via Dave Farber.  Thanks!  PGN]

It all started a couple of years ago when IBM's Watson, the computer voted
most likely to destroy us when the technological Singularity strikes, was
given access to the Urban Dictionary. In an attempt to help Watson learn
slang—and thus be more amenable to conversational language—the
machine subsequently picked up such phrases as OMG and "hot mess." But at
the same time it also picked up some words fit only for a sailor.

Watson, you'll no doubt remember, completely trounced its opponents on
Jeopardy! back in 2011. The expert learning-system is no longer wasting its
time on game shows, and is currently being used in the medical sciences to
help researchers scour enormous reams of information and serve as a
diagnostic tool.  ...

Supreme Court Weighs When Online Speech Becomes an Illegal Threat (David Kravets)

Lauren Weinstein <>
Tue, 17 Sep 2013 09:20:28 -0700  (David Kravets, *WiReD* via NNSquad)

  "The Supreme Court is being asked to decide when an online threat becomes
  worthy of prosecution, in what could be the first Internet speech case to
  reach the high court's docket for the 2013-2104 term beginning next month.
  The justices are weighing whether to review the prosecution of an Iraq war
  veteran handed 18 months (.pdf) in prison for singing in a 2010 YouTube
  video that he would kill a local Tennessee judge if the judge did not
  grant him visitation rights to his young daughter."

"Internet threat level rises on expanded IE attacks" (Gregg Keizer)

Gene Wirchenko <>
Wed, 25 Sep 2013 10:10:51 -0700
Gregg Keizer | Computerworld, 23 Sep 2013
Gang responsible for Bit9 hack in February is responsible for latest
attacks exploiting IE 'zero-day,' says FireEye after threat level
moves to 'Yellow'

EU+ trying to use NSA stories as excuse to kill the open Internet,

Lauren Weinstein <>
Mon, 16 Sep 2013 18:21:54 -0700
... as they've wanted to do all along?  (Tech Freedom via NNSquad)

  "It would be a sad outcome of the surveillance disclosures if they led to
  an approach to Internet policy making and governance in which countries
  became a series of walled gardens with governments holding the keys to
  locked gates. But that is where we will end up if all data has to stay on
  servers located in the nation in which a citizen lives or where a device
  is located. The digital world does not need another Great Firewall - in
  Europe or anywhere else."

And given that EU and most other countries are engaging in similar
surveillance activities themselves to the extent of their technical
abilities, what we really have here is dissembling as the enemies of the
open Internet use this situation as an excuse to accomplish what they've
been hoping for all along.

"Nirvanix shutdown has cloud users wondering who's next" (David Linthicum)

Gene Wirchenko <>
Tue, 24 Sep 2013 11:21:05 -0700
David Linthicum, InfoWorld, 24 Sep 2013
Startups and small providers have the most to lose when one of their
own goes under

"Dropbox takes a peek at files" (Jeremy Kirk)

Gene Wirchenko <>
Tue, 17 Sep 2013 11:25:25 -0700
Jeremy Kirk, InfoWorld, 13 Sep 2013
The behavior was noticed after a file-tracking service was used to
watch several files uploaded to Dropbox

FTC vs Marketer of Internet-Connected Home Security Video Cameras

Gabe Goldberg <>
Tue, 17 Sep 2013 09:48:58 -0400
A company that markets video cameras designed to allow consumers to monitor
their homes remotely has settled Federal Trade Commission charges that its
lax security practices exposed the private lives of hundreds of consumers to
public viewing on the Internet. This is the agency's first action against a
marketer of an everyday product with interconnectivity to the Internet and
other mobile devices—commonly referred to as the "Internet of Things."

"Identity theft service planted botnets in LexisNexis, other data providers" (Serdar Yegulalp)

Gene Wirchenko <>
Thu, 26 Sep 2013 09:20:25 -0700
Serdar Yegulalp, InfoWorld, 25 Sep 2013
Russian hackers have been stealing personal and financial data
straight from information clearinghouses, reselling it in bulk

Re: EZ-Pass being read all over

Ed Ravin <>
Wed, 25 Sep 2013 01:13:47 -0400
This news is so old, the first time I heard about it, my computer was
running Windows 3.1.  It was the early 1990's, I was working for an online
service company, and we were looking into providing our customers with
traffic data from Transcom, a regional transportation alliance in the
Northeast.  The data they had was average speeds, picked up by EZ-Pass
readers installed on the roadsides of highways on Long Island.  Back in
those days, EZ-Pass users were few and far between, mostly truckers, but
there were apparently enough around to provide reliable information using
the roadside readers.

The Transcom people told us at the time that they did not keep the data
very long, and used it only to measure average speed on the highways, and
had rejected the idea of using the data for speeding tickets or the like
since doing things like that would discourage use of EZ-Pass.

Transcom's web site is, and they will let you see some of their
data at .

Re: Verizon's diabolical plan to turn the Web into pay-per-view

"Arthur T." <>
Wed, 25 Sep 2013 01:02:48 -0400
If Verizon gets its way, it will be making choices about what goes across
its line to its users.  Does that mean that it will no longer be able to
rely on the "safe harbor" provision of the DMCA?  Will that ability to
choose allow it to be sued for any copyright-infringing material that goes
across its network?  I'm not a lawyer and I don't know, but I'd very much
like to read opinions on this from IP lawyers.

FAA preparing to remove restrictions on in-flight electronic devices (Serdar Yegulalp)

Gene Wirchenko <>
Thu, 26 Sep 2013 09:28:05 -0700
Serdar Yegulalp | InfoWorld, 24 Sep 2013
Ban on device usage during takeoff and landing has long been believed
to be based more on anecdotes than actual data

Defeating Apple's Touch ID: It's easier than you may think (Dan Goodin)

Dewayne Hendricks <>
September 23, 2013 2:42:31 PM EDT
    [via Dave Farber]

[Note: Yet another article on Apple's Touch ID mess.  This one adds a bit of
info to the others that I've posted on this topic.  DLH]

Dan Goodin, *Ars Technica*, Sep 23 2013
The hack using lifted fingerprints is easy; here's how you can make it harder.

This weekend's decisive defeat of Touch ID is the most poignant reminder yet
of the significant limitations of using fingerprints, iris scans, and other
physical characteristics to prove our identities to computing devices. As
previously reported, a team of German hackers who have long criticized
biometrics-based authentication bypassed the new iPhone feature less than 48
hours after its debut.

Many security researchers and writers, yours truly included, predicted that
the ability of the high-definition scanner included in the iPhone 5S
wouldn't be fooled by attacks using scanned fingerprint smudges to
impersonate an already enrolled thumb or finger. It's now clear we were
wrong. Hacker Starbug overcame the purported ability of Touch ID to read
prints at a sub-epidermal level by using a slightly higher resolution camera
to generate a cloned fingerprint. The availability of a 3D printer also
seemed to help.

Some critics have castigated the technique as too difficult for the average
hacker. Others have argued that the hack has little significance in the real
world. They cite Apple talking points that the protection of Touch ID
represents a significant improvement over what many people have now, since a
large percentage of iPhone users currently use no PIN at all to lock their
phones. There's some merit in this second argument, since any protection, no
matter how flawed, is better than none at all. But as Rob Graham, CEO of
penetration testing firm Errata Security makes clear, Starbug's technique is
easy for many people to carry out.

"Just because it's too much trouble for you doesn't mean it's too much
trouble for a private investigator hired by your former husband," he wrote
in an e-mail to Ars. "Or the neighbor's kid. Or an FBI agent. As a kid, I
attended science fiction conventions in costume and had latex around the
house to get those Vulcan ears to look just right. As a kid, I etched
circuit boards. This sort of stuff is easy, easy, easy—you just need to

Graham later posted his comments on his blog.

As Ars pointed out last week, there's little we can do to keep our
fingerprints and other physical characteristics private. They leak every
time we touch a door knob, wine glass, or ATM. And that calls into question
whether Touch ID is a truly "secure" way to unlock phones, as Apple's own
press release announcing the new feature claimed. That's not to say there
aren't things people can do to limit the leakage, though.

Graham is one of the organizers behind istouchidhackedyet, a bounty program
that pledged cash bounties to the first person who could override the new
feature, which allows people to unlock their iPhones using one or more
fingerprints. He told Ars that he's still waiting to see a detailed video
that documents the hack from start to finish, but at this point he's
satisfied that Starbug has met the requirements for the cash prize. He
estimated the amount at about $10,000, after at least one of the people who
pledged a bounty reneged on the promise. [...]

  [PGN comments: RISKS noted the gummi-bear attack previously.  This newer
  incarnation is getting a lot of coverage.  Here are a few examples.

  Monty Solomon noted:
IOS 7 Lockscreen Bug Allows Anyone to Sidestep Passcode, Access Photos/Email
Tiffany Kaiser, 20 Sep 2013

  Gene Wirchenko noted three more:
Video: Watch this Siri hack bypass iOS 7's lock screen
Security vulnerability allows a third party to grab your iPhone and
tell Siri to perform various functions even when locked
Pete Babb, InfoWorld, 23 Sep 2013

"Show of hands: Who hasn't hacked Apple's Touch ID?",
Robert X. Cringely, InfoWorld, 25 Sep 2013

"German hackers say old technique can bypass Apple's Touch ID"
Jeremy Kirk, IDG News Service, InfoWorld, 23 Sep 2013

Re: Wired: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth' (Hoffman, RISKS-27.48

Ivan Jager <>
Thu, 26 Sep 2013 15:26:10 -0400
Fingerprint authentication has been available on computers for quite a
while. For example, my 6 year old laptop came with a fingerprint
reader. Apple may make them more ubiquitous, but I haven't heard of
them doing anything new with them.

AFAIK, fingerprint readers are only good for local authentication, and
are pretty much useless for encryption. Remote authentication doesn't
work well, because you need a reasonable degree of certainty that the
finger is in fact present, and hopefully even attached to a live body,
so the reader itself needs to be trusted. Encryption is problematic
because you don't get the exact same data each time you read a finger,
so it can't be used an an encryption key. (For those who don't see how
this could still be used for local authentication: The finger is
scanned a few times during setup. Some data derived from those scans
is stored on the device. Then during authentication, said data is used
to do a fuzzy comparison of the new scan to the original scans.)

So if I understand things correctly, yes a judge could order you to
produce your finger, but in the cases where that is useful he could
just as easily order the prosecution to purchase a screwdriver and
stop wasting his time. IANAL, etc, etc.


PS: Please let me know if there is some newfangled way of using
fingerprint readers for encryption that I have not heard about.

PPS: I don't actually use my fingerprint reader because I could not
find enough documentation to convince myself that it couldn't be
trivially defeated. (STMicroelectronics Fingerprint Reader)

*TNY* review by Louis Menand of 'Command and Control', Eric Schlosser

Prashanth Mundkur <>
Tue, 24 Sep 2013 21:12:03 -0700
Nuclear weapons were touched on in the Fukushima essay by Charles Perrow
noted in RISKS-27.48. There is a more explicit discussion of them in this
review in *The New Yorker*.

With numerous examples, the review explains that:

  But most of the danger that human beings faced from nuclear weapons after
  the destruction of Hiroshima and Nagasaki had to do with inadvertence --
  with bombs dropped by mistake, bombers catching on fire or crashing,
  missiles exploding, and computers miscalculating and people jumping to the
  wrong conclusion. On most days, the probability of a nuclear explosion
  happening by accident was far greater than the probability that someone
  would deliberately start a war.

Charles Perrow is acknowledged explicitly.

  Schlosser cites Charles Perrow's Normal Accidents (1984) as an inspiration
  for his book. Perrow argued that in systems characterized by complex
  interactions and by what he called `tight coupling'—that is, processes
  that cannot readily be modified or turned off—accidents are
  normal. They can be expected. And they don't lend themselves to very
  satisfying postmortems, since it is often difficult to explain just what
  stage it was in the cascade of bad events that made them irreversible.

    [Schlosser's long item in *TNY* includes quite a few cases long ago
    mentioned in RISKS.  He is also the source of the next item. PGN]

Opinion: Neglecting our nukes - Eric Schlosser -

Gabe Goldberg <>
Tue, 17 Sep 2013 09:35:32 -0400
On Oct. 23, 2010, at about 1:30 in the morning, the underground launch
control centers at F.E. Warren Air Force Base in Wyoming lost communication
with 50 Minuteman III intercontinental ballistic missiles.  Instead of
showing the status of the missiles, the computer screens in the control
centers displayed the acronym LFDN (Launch Facility Down).  Briefly
losing contact with a few missiles wasn't unusual. But having an entire
squadron go down, simultaneously, was extraordinary.  Closed-circuit
television images of the missile silos, which sit miles away from their
control centers, revealed that none of the Minuteman IIIs had lifted
off. Almost an hour after the problem suddenly appeared, communication was
re-established between the missiles and their launch crews. Nevertheless,
heavily armed Air Force security officers spent the next few hours visiting
all 50 silos, in the early morning darkness, to ensure that no security
breach had occurred.

The Air Force dismissed the possibility that the computer network
controlling its Minuteman IIIs had been hacked. The idea that a hacker could
somehow disable 50 ballistic missiles—each of them armed with a nuclear
warhead about seven times more powerful than the bomb that destroyed
Hiroshima—seemed like the improbable plot of a Hollywood thriller.

Please report problems with the web pages to the maintainer