https://estoniaevoting.org/ [via NNSquad] (Re: second item in RISKS-27.90) "Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections—up to 25% of voters cast their ballots online. This makes the security of the system of interest to technologists and voters the world over. As international experts on e-voting security, we decided to perform an independent evaluation of the system, based on election observation, code review, and laboratory testing. What we found alarmed us. There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers, such as Russia. These attacks could alter votes or leave election outcomes in dispute. We have confirmed these attacks in our lab—they are real threats. We urgently recommend that Estonia discontinue use of the system."
FYI—Domestic U.S. Internet users shouldn't feel slighted, however; their ISP's have also pre-installed NSA-accessible backdoors into the routers supplied to them by their ISP's (Verizon, in my case). Needless to say, what's good for the goose is good for the gander; these ISP-supplied backdoors can be easily hacked by criminals. http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden/print Glenn Greenwald: how the NSA tampers with US-made Internet routers The NSA has been covertly implanting interception tools in US servers heading overseas—even though the US government has warned against using Chinese technology for the same reasons, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide. Glenn Greenwald, *The Guardian*, Monday 12 May 2014 For years, the US government loudly warned the world that Chinese routers and other Internet devices pose a "threat" because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing. The drumbeat of American accusations against Chinese Internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, "may be violating United States laws" and have "not followed United States legal obligations or international standards of business behaviour". The committee recommended that "the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies". The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no actual evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to cooperate and urged US firms to avoid purchasing their products: "Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. US network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems." The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: "'If Huawei gets in the middle of US-China relations,' and causes problems, 'it's not worth it'." But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives—or intercepts—routers, servers and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft is very hands-on (literally!).'' Eventually, the implanted device connects back to the NSA. The report continues: "In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network." It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same. Warning the world about Chinese surveillance could have been one of the motives behind the US government's claims that Chinese devices cannot be trusted. But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA's own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.
Woody Leonhard | InfoWorld, 12 May 2014 With one day to go before Black Tuesday patches, Microsoft didn't so much blink as bow to the reality that users have been unable to install Windows 8.1 Update. http://www.infoworld.com/t/microsoft-windows/microsoft-extends-windows-81-updatekb-2919355-deadline-242339
Andrew Brooks, *IT Business*, 12 May 2014 http://www.itbusiness.ca/news/government-agencies-still-vulnerable-to-heartbleed-study-says/48737 opening text: The Heartbleed OpenSSL bug just refuses to die. Now it looks as if the measures many web sites, including some belonging to Canadian provincial and federal governments, may still be at risk despite being "fixed." That's according to a new study published last Friday by Internet services company Netcraft Ltd. The study claims that while websites patched vulnerable OpenSSL installations after Heartbleed was exposed early in April, replacing their SSL certificates and revoking the old ones, some actually re-used the same potentially compromised private key in the new certificate.
FYI—While "memory shortage" was the presenting problem, apparently *no* amount of additional memory could have satisfied the search over an *infinite* number of altitudes, so the "cause" was an actual software _bug_, not merely "memory shortage", per se. An interesting question is: "what would have happened had this U-2 flight simply not been entered into the ERAM system in the first place?" Or did entering this additional data actually make things worse? The data-not-entered case would presumably be exercised for a rogue drone (perhaps a panga/smuggling drone if in the L.A. area) flight. http://www.reuters.com/article/2014/05/12/us-airtraffic-bug-exclusive-idUSBREA4B02320140512 Alwyn Scott and Joseph Menn, Reuters, 12 May 2014 Exclusive: Air traffic system failure caused by computer memory shortage A common design problem in the U.S. air traffic control system made it possible for a U-2 spy plane to spark a computer glitch that recently grounded or delayed hundreds of Los Angeles area flights, according to an inside account and security experts. In theory, the same vulnerability could have been used by an attacker in a deliberate shut-down, the experts said, though two people familiar with the incident said it would be difficult to replicate the exact conditions. The error blanked out a broad swath of the southwestern United States, from the West Coast to western Arizona and from southern Nevada to the Mexico border. As aircraft flew through the region, the $2.4 billion system made by Lockheed Martin Corp, cycled off and on trying to fix the error, triggered by a lack of altitude information in the U-2's flight plan, according to the sources, who were not authorized to speak publicly about the incident. No accidents or injuries were reported from the April 30 failure, though numerous flights were delayed or canceled. Lockheed Martin said it conducts "robust testing" on all its systems and referred further questions about the En Route Automation Modernization (ERAM) system to the Federal Aviation Administration. FAA spokeswoman Laura Brown said the computer had to examine a large number of air routes to "de-conflict the aircraft with lower-altitude flights". She said that process "used a large amount of available memory and interrupted the computer's other flight-processing functions". The FAA later set the system to require altitudes for every flight plan and added memory to the system, which should prevent such problems in the future, Brown said. COMPLEX FLIGHT PLAN When the system went out, air traffic controllers working in the regional center switched to a back-up system so they could see the planes on their screens, according to one of the sources. Paper slips and telephones were used to relay information about planes to other control centers. The ERAM system failed because it limits how much data each plane can send it, according to the sources. Most planes have simple flight plans, so they do not exceed that limit. But a U-2 operating at high altitude that day had a complex flight plan that put it close to the system's limit, the sources said. The plan showed the plane going in and out of the Los Angeles control area multiple times, not a simple point-to-point route like most flights, they said. The flight plan did not contain an altitude for the flight, one of the sources said. While a controller entered the usual altitude for a U-2 plane - about 60,000 feet - the system began to consider all altitudes between ground level and infinity. The conflict generated error messages and caused the system to begin cycling through restarts. "The system is only designed to take so much data per airplane," one of the sources said. "It keeps failing itself because it's exceeded the limit of what it can do." CYBER ATTACK CONCERN The sources said the circumstances would be difficult for an attacker to mimic, since they involved a complex flight plan, an altitude discrepancy and an input from the controller that added to the flight plan data. Former military and commercial pilots said flight plans are generally carefully checked and manually entered into the air traffic control computers, which are owned by the FAA. "It would be hard to replicate by a hostile government, but it shows a very basic limitation of the system," said a former military and commercial pilot. Cyber-attacks on aviation have been an area of increased concern for intelligence officials, who said earlier this year they will set up a new center in Maryland for sharing information on detected and possible threats. Security experts said that from the description by insiders, the failure appeared to have been made possible by the sort of routine programming mistake that should have been identified in testing before it was deployed. "That's when you put in values anywhere that a human could put in a number, like minus one feet, or a million feet, to see what that would do," said Jeff Moss, founder of the Black Hat and Def Con security conferences and an advisor to the Department of Homeland Security. While it might be logical to limit the amount of data associated with one flight plan, anything exceeding that amount should not be able to render the system useless, they said. Though they welcomed the FAA's assurance that a fix was being rolled out, they said the incident suggested that similar failures could be found. "If it's now understood that there are flight plans that cause the automated system to fail, then the flight plan is an 'attack surface,'" said Dan Kaminsky, co-founder of the White Ops security firm and an expert in attacks based on over-filling areas of computer memory. "It's certainly possible that there are other forms of flight plans that could cause similar or even worse effects," Kaminsky said. "This is part of the downside of automation." Moss said many hackers have been studying aspects of a new $40 billion air traffic control system, known as NextGen, which encompasses ERAM, including its reliance on Global Positioning System data that could be faked. At least two talks at this summer's Def Con will look at potential weaknesses in the system. "It's very over-budget and behind schedule, so it doesn't surprise me that it's got some bugs - it's the way it presented itself" that's alarming, Moss said. But air traffic controllers and pilots said ERAM is a vast improvement over past systems and that it is needed to fit growing plane traffic into the airspace safely. Nate Pair, president of the Los Angeles Center for the National Air Traffic Controllers Association, said it was remarkable that ERAM was restored less than an hour after the outage, limiting the effect on travelers. "We were completely shut down and 46 minutes later we were back up and running," Pair said. "That could have easily been several hours and then we would have been into flight delays for days because of the ripple effects." (Reporting by Alwyn Scott and Joseph Menn; Editing by John Pickering and Sophie Hares)
Jaikumar Vijayan | Computerworld, 13 May 2014 As buildings get more automated, they raise new security risks http://www.infoworld.com/d/security/the-internet-of-things-smart-buildings-pose-big-risk-242417 Interesting paragraph: "The massive data theft at Target for instance, started with someone finding a way into the company's network using the access credentials of a company that remotely maintained the retailer's heating, ventilation and air conditioning (HVAC) system. In Target's case, the breach appears to have happened because the company did not properly segmelol! nt its data network." Why interesting? 1) Building control systems can be used to make attacks on other systems. 2) Where did that "lol! " come from? (Is this a risk of keyboard macros?)
"Internet companies can be made to remove irrelevant or excessive personal information from search engine results, Europe's top court ruled on Tuesday in a case pitting privacy campaigners against Google. The Court of Justice of the European Union (ECJ) upheld the complaint of a Spanish man who objected to the fact that Google searches on his name threw up links to a 1998 newspaper article about the repossession of his home." (Reuters via NNSquad) http://www.reuters.com/article/2014/05/13/us-eu-google-dataprotection-idUSBREA4C07120140513 I can't begin to express what a bogus, inane, and utterly impractical decision this is. Beyond ludicrous. Luckily, it means very little without domestic government ratifications, and hopefully that won't happen. More info? - See: "The 'Right to Be Forgotten': A Threat We Dare Not Forget" - http://lauren.vortex.com/archive/000938.html. (I'm a consultant to Google. My postings are speaking only for myself, not for them.)
Essential references: http://www.fosspatents.com/2014/05/refresher-q-on-oracle-v-google-after.html Q&A from someone who has followed these cases carefully. http://cafc.uscourts.gov/images/stories/opinions-orders/13-1021.Opinion.5-7-2014.1.PDF Short appellate judgment followed by careful background analysis. By the numbers: 1. There is no new precedent here. The particular copyright condition at issue applies to all literary works, with no exception for software. 2. It is not about using (that is, exercising operations through) an API. It is about the definition of APIs and it is specific to the nature of what are called APIs for Java. The ruling navigates this very clearly. 3. It is not about implementations behind APIs, but the definitional material. Google had already been found to have infringed a particular little bit of an implementation, but that was not reversed. Google had also claimed, in the original trial, that having independent implementations provided a fair-use defense. The appellate court is none of that. 3. The court didn't overturn the decision so much as remand it for retrial based on an error of law made by the original judge. Only one part has been overturned. It is a material part, because it increase infringements that Google has been found to have made. 4. In the original trial, Google was found to have infringed the copyright on the Java API descriptions that they appropriated for Dalvek. This was not about individual method names or signatures. It was not about implementations behind the APIs. It was about the sequence, structure, and organization (SSO) of the full sets of definitions that were taken wholesale. 5. After the jury deliberations, the original judge ruled that copyright did not extend to the Java API SSO, so those infringements were irrelevant. In addition, the original jury, on finding, then deliberated on whether or not the Google infringement constituted fair use. The jury was hung on that matter. But, because of the elimination of any SSO copyright by judicial decree, there was no point in doing anything about it. 6. The appellate court ruled that the original ruling about SSO was in error. SSO is subject to copyright, even when the individual elements are not themselves copyrightable or the original creation of the creator the SSO. This is long-standing in copyright law and precedent. The decree from the appellate court explains all this in meticulous detail in the lengthy Background material. 7. Since infringement has already been determined at a jury trial, the reversal has that infringement stand and be material. Now the question is whether the infringement constitutes fair use. This will be determined at retrial unless the parties manage to settle in the meantime. 8. Important thing to always remember. 8.1 Fixations of original works of creation of their authors are automatically copyrighted. It subsists in the copyrightable subject matter whether claimed or not, whether the exclusive rights of copyright holders are exercised or not. (Copyright does not extend to portions that are not the creation of the author, and might be subject to copyright of others. Also, not everything in an original work is eligible for copyright. The details of all that are in the copyright code and the precedents around it.) 8.2 The fair use doctrine is more than a doctrine. It is a matter of law enshrined in the US Copyright Code. However, fair use is irrelevant except in the case of infringement. And fair use is determined only by a court after infringement is determined. The background material in the appellate ruling suggest that Google is on shaky ground with regard to passing unscathed through the litmus tests for fair use. But they did not rule on that. They left that to be settled at retrial. 8.3 It is important to appreciate that the copyright of software is subject to exactly the same conditions as literary works of any kind. The special treatment of software in copyright law has to do with backups, ephemeral copies, and perhaps DRM to the extent that it might be applicable. Also, the derived binaries, not just the source, are considered to be protected by the same copyright. Those are the only special cases that come to mind.
PGN wrote: > Computer literacy is essential, but once again we need to dust off the old > Einstein dictum: Everything should be made as simple as possible, but no > simpler. [...] This drives me mad where databases are concerned. I'm well known in certain theatres as being very anti RDBMSs. The problem is that relational theory is very helpful in data analysis. But it simplifies everything too much! When you look at things AS A MATHEMATICIAN, first normal form is chock full of duplication (isn't that forbidden by relational theory :-), and seriously muddles data and metadata. Given that most data comes as lists and, being set based, relational cannot store lists it's pretty easy to come up with an engineering proof that relational databases MUST, BY DESIGN, be horribly inefficient. It's unfortunately that typical human failing, that when people are confronted with evidence that maths and reality don't agree, they prefer to believe that it's reality that's wrong, not their theory. (Would YOU try to explain biology in terms of quarks and leptons? And yet, with first normal form, that's exactly equivalent to how relational proponents try and explain extremely complex computer systems!)
It's a fairly draconian punishment, but I was unconvinced that a million riyals was really worth $266,133,000. ... [Maybe $266,133?] Risk: journalists or risk people offering exchange rates without standing back and saying: does this sound right? Ian W Halliday, BA Hons, SA Fin, MBCS +44 772 546 2965 (GMT+1) [The original message was a week old. At the moment, 1 U.S. Dollar 3.75 Saudi Riyals, so 1M riyals are worth $266,666.666 (unrounded) today, roughly $533 more than a week ago. Perhaps announcement of the penalty is driving the Rial UP??? PGN]
Police violent raid-style break-ins, at wrong address of innocent people, are more frequent than many people realize. USA incidents are mapped at CATO's Police Misconduct site. <http://www.policemisconduct.net/> Select Maps > Botched Paramilitary Police Raids <http://www.cato.org/raidmap>. When they happen, authorities typically say it was a once in a million fluke accident. We have had thousands of these incidents. When crooks see the cops coming, they know how to react: surrender or die. When innocent homes are invaded, sometimes they think it is a home invasion by crooks, and they react in such a way that they can get seriously maimed by the police. These "accidents" indicate something is wrong with whatever systems are used to determine home or business of suspects. Opponents, of the latest schemes, could maybe use this evidence as part of the argument that the latest scheme is flawed, and thus shed more light on this scandal. <<FYI—These break-ins are the electronic equivalent of FBI raids lobbing tear gas and kicking down doors with automatic weapons drawn. Inevitably, there are some percentage of break-ins at the wrong address of innocent people.>> Alister William Macintyre (Al Mac)
This always baffles me, because it seems that the people are not considering that a person may have more than one card. such as * bank card, that debits your checking account * 'stupid' credit card, for buying lunch, et cetera * 'better' credit card, that you only use for big things * a card for Internet shopping, that you load up right before you use it * a card for things that you want to charge to your employer * a card for things you'd rather most people not know about (that must be buying drugs or hiring prostitutes) In the old days, you would put a card into a machine or even type in the numbers. If you used the wrong one, it is clearly your fault for being dumb. Now you don't know. What could go wrong?
I am delighted to announce the formation of a new special interest group focused on logic and computation. The new SIG will be called SIGLOG. The officers are: Luke Ong (vice-Chair), Natarajan Shankar (Treasurer), Alexandra Silva (Secretary) and I will serve as its first Chair. The officers will be assisted by an executive committee and an advisory committee. The formation of this SIG has taken a long time with a lot of effort put in by many people. The idea of such a SIG was first mooted in 2007 by Moshe Vardi and Dana Scott and the first draft proposals were written by Vardi with input from Martin Abadi, Rajeev Alur and Phokion Kolaitis. For a long time the logic and computation community has functioned without a unifying organization. It has, nevertheless, grown in numbers and diversity and there are now many conferences that testify to the vitality of the community. Indeed the FLoC cluster of conferences this Summer in Vienna is expected to attract 1500 participants. There are, however, many ways in which a community-wide organization can serve the community that a single-conference-based organization cannot. SIGLOG aims to serve a broad range of interests. The flagship conference will be the ACM-IEEE Symposium on Logic in Computer Science. SIGLOG will actively seek association agreements with other conferences in the field. A SIGLOG newsletter is planned to be published quarterly in an electronic format with community news, technical columns, members' feedback, conference reports, book reviews and other items of interest to the community. An important activity of SIGLOG will be advocating for the importance of logic in the undergraduate computer science curriculum. Another important activity will be the establishment of prizes to recognize the outstanding contributions made by leading members of the community. Several members of the community have won Turing prizes, but there is room for much more recognition, especially for younger researchers. SIGLOG will collaborate closely with EATCS and EACSL as well as other organizations, for example the Gödel Society. SIGLOG will maintain close ties with the ACM Transactions on Computational Logic. The upcoming Federated Logic Conferences in Vienna (part of the Vienna Summer of Logic) will feature a SIGLOG launch event. SIGLOG seeks to be an inclusive and diverse organization. We are committed to encouraging the participation of women in computing and are pleased to note that there are many outstanding women leaders in the research areas covered by SIGLOG. We actively seek members from all geographical regions and from a broad variety of research interests. It is possible to join SIGLOG as soon as today by filling the form at http://www.acm.org/membership/sig-pdfs/SIGLOG.pdf . One can join SIGLOG without joining ACM (the SIGLOG membership fee is $25 and $15 for students). Prakash Panangaden [This new ACM Special Interest Group could be of considerable value to RISKS readers with backgrounds or interest in formal methods. PGN]
Please report problems with the web pages to the maintainer