The RISKS Digest
Volume 28 Issue 55

Tuesday, 10th March 2015

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


E-voting in Australia
Dave Horsfall
FAA Needs to Address Weaknesses in Air Traffic Control Systems
Gabe Goldberg
Smart house DoS-ed by light bulb
Prashanth Mundkur
Tech Blog GigaOm Abruptly Shuts Down
Monty Solomon
Cybersecurity and the Age of Privateering: A Historical Analogy
Florian Egloff via Prashanth Mundkur
Tor-pedo project?
Henry Baker
Facebook rant lands U.S. man in UAE jail
Amos Shapir
Risks of committing a crime while carrying a cell phone
David Tarabar
Cell phone user arrested at border
Who Spewed That Abuse? Anonymous Yik Yak App Isn't Telling
The NYTimes
Florida moving to unmask anonymous websites to combat online piracy
Ars via Lauren Weinstein
China Blocks Web Access to 'Under the Dome' Pollution Documentary
The NYTimes via NNSquad
Don't trust timestamps
Dan Jacobson
DDR3 modules found to be vulnerable to designed intensive memory accesses; alter other contents
Bob Gezelter
India Censors a Rape Documentary; the Streisand Effect Goes Nuclear
Lauren Weinstein
'FREAK' Flaw Undermines Security for Apple and Google Users, Researchers Discover
Craig Timberg
Re: FREAK attack
To locate bank robber, FBI unusually asked for warrant to use stingray
Monty Solomon
Re: Trojaned blackmails from PCs. Japanese Police arrested PC owners
Chiaki Ishikawa
Re: Japanese Satellite Broadcasting scramble protection cracked
Chiaki Ishikawa
Hillary's Secret Email Was a Cyberspy's Dream Weapon
Henry Baker
Re: Jeb Bush publishes e-mail personal info of Florida residents online
John Levine
John Levine
Re: Belarus bans Tor and all anonymising Internet technologies
Dan Jacobson
Re: Internet of Obnoxious Things
R. G. Newbury
Re: When Driver Error Becomes Programming Error
John Levine
Info on RISKS (comp.risks)

E-voting in Australia

Dave Horsfall <>
Sun, 8 Mar 2015 11:27:34 +1100 (EST)
On 28 March, New South Wales goes to the polls.  This is notable for two
reasons: not only is it expected to be a tight contest, with two
conservative governments in two other states falling after just one term in
several months, but it also sees the introduction of e-voting.

It's not available to all, but merely to those who cannot attend a polling
place on the day, due to sickness, absence, disability, etc.  As an aside,
despite what you may hear otherwise, Australia does *not* have compulsory
voting, but compulsory *attendance* (and I think I've broken the law merely
by reporting that).

Being somewhat disabled myself (the nearest polling place is further away
than I care to walk), I registered online, proved my identity (name, DOB,
address, driver's licence number etc), made up a 6-digit PIN, and received
an authorisation token via SMS for subsequent use.

There is a demonstration page, and whoever designed it has a wicked sense of
humour.   (the demo page is under there).

In the lower house, for the seat of Sydney Harbour (known for its large
floating population) we have the "Khaki Party" (a take on The Greens), the
"Workers Party" (ditto Labor Party), etc; in the upper house we have e.g.
"Australians for Advancement" (our anthem is "Advance Australia Fair"),
"City Life Party (Spencer Davis Group)" (and please don't tell me that I
need to explain that), etc.

The e-voting polls open a few days earlier; a receipt code will be issued,
which can be used to verify that your vote has been recorded as cast, and
after the close of polls that it was included in the count.

I'll report on my subsequent experiences.

Who said that bureaucrats don't have a sense of humour?

Dave Horsfall DTM (VK2KFU), North Gosford NSW 2250, Australia (and check the home page whilst you're there)

FAA Needs to Address Weaknesses in Air Traffic Control Systems

Gabe Goldberg <>
Fri, 06 Mar 2015 18:10:31 -0500
What the GAO Found

While the Federal Aviation Administration (FAA) has taken steps to protect
its air traffic control systems from cyber-based and other threats,
significant security control weaknesses remain, threatening the agency's
ability to ensure the safe and uninterrupted operation of the national
airspace system (NAS). These include weaknesses in controls intended to
prevent, limit, and detect unauthorized access to computer resources, such
as controls for protecting system boundaries, identifying and authenticating
users, authorizing users to access systems, encrypting sensitive data, and
auditing and monitoring activity on FAA's systems. Additionally,
shortcomings in boundary protection controls between less-secure systems and
the operational NAS environment increase the risk from these weaknesses.

Gabriel Goldberg, Computers and Publishing, Inc.
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433

Smart house DoS-ed by light bulb

Prashanth Mundkur <>
Tue, 3 Mar 2015 18:02:55 -0800
This person's light bulb performed a DoS attack on his entire smart house.
Kashmir Hill, Fusion, March 3, 2015

  The light was performing a DoS attack on the smart home to say,
  `Change me'.

     [That is reVOLTing.  WATT are the other risks with smart systems?  PGN]

Tech Blog GigaOm Abruptly Shuts Down

Monty Solomon <>
Tue, 10 Mar 2015 07:49:41 -0400
Ravi Somaiya, 9 MAR 2015

Gigaom, a pioneering technology blog that became a fixture in Silicon Valley
and claimed 6.4 million monthly readers, abruptly announced on Monday that
it would shut down.

The site, which was founded in 2006, seemed to have been stopped dead in its
tracks; earlier Monday, it had been posting articles, most recently on
Apple.  News of its closure was first broken on Twitter by those connected
with it, but was confirmed shortly afterward by its founder, the tech
journalist and venture capitalist Om Malik.

Cybersecurity and the Age of Privateering: A Historical Analogy (Florian Egloff)

Prashanth Mundkur <>
Fri, 6 Mar 2015 10:45:49 -0800
Interesting working paper by Florian Egloff:


  Policy literature on the insecurity of cyberspace frequently invokes
  comparisons to Cold War security strategy, thereby neglecting the
  fundamental differences between contemporary and Cold War security
  environments. This article develops an alternative viewpoint, exploring
  the analogy between cyberspace and another largely ungoverned space: the
  sea in the age of privateering. This comparison enables us to incorporate
  into cybersecurity thinking the complex interactions between state and
  nonstate actors, including entities such as navies, mercantile companies,
  pirates, and privateers.  The paper provides a short historical overview
  of privateering and cybersecurity and compares the two by identifying
  state actors, semi-state actors, and criminal actors in each historical
  context. The paper identifies the limitations of Cold War analogies and
  presents the analogy of privateering as a superior conceptual benchmark
  for future policy guidance on cybersecurity. The paper makes three main
  arguments. First, cyber actors are comparable to the actors of maritime
  warfare in the sixteenth and seventeenth centuries. Second, the
  militarisation of cyberspace resembles the situation in the sixteenth
  century, when states transitioned from a reliance on privateers to
  dependence on professional navies. Third, as with privateering, the use of
  non-state actors by states in cyberspace has produced unintended harmful
  consequences; the emergence of a regime against privateering provides
  potentially fruitful lessons for international cooperation and the
  management of these consequences.

Florian Egloff, Clarendon Scholar, University of Oxford

Tor-pedo project?

Henry Baker <>
Fri, 06 Mar 2015 16:19:49 -0800
FYI—Be careful out there... (from Hill Street Blues)

On 4 Mar 2015, we found a tracking device inside of the wheel well of a car
belonging to an attendee of the Circumvention Tech Festival in Valencia,
Spain.  This was reported in the local media.

If you have information about this device - please send information to jacob
at appelbaum dot net using gpg.

The device was magnetically mounted inside of the left wheel well of the
car.  The battery is attached by cable to the tracking device.  The battery
was magnetically mounted to the frame of the car.  The tracking device was
similarly magnetically mounted. The device itself has an external
magnetically mounted GPS antenna.  It has a very simple free hanging GSM
antenna.  The device included a Movistar SIM card for GSM network access.
The entire device was wrapped in black tape.

+ more pix.

Facebook rant lands U.S. man in UAE jail

Amos Shapir <>
Sat, 7 Mar 2015 08:59:24 +0200
A U.S. citizen is jailed in the UAE for a Facebook article he posted in the
USA.  Full story at:

There seems to be a growing problem of defining limits of jurisdictions for
actions on the web.

Risks of committing a crime while carrying a cell phone

David Tarabar <>
Fri, 6 Mar 2015 08:38:53 -0500
Former NFL player Aaron Hernandez is currently on trial for murder. The
investigation and trial testimony was largely based on evidence that was
derived from cell phone records.

Authorities created a detailed time line of Hernandez leaving his suburban
home, driving to Boston where he picked up the victim, driving to a deserted
industrial park where the murder occurred and then returning home.  This was
based on text messages and cell tower pings from both Hernandez and the
victim.This time line also led to surveillance video of the car on route.

Cell phone user arrested at border

"Labmanager" <>
Mar 7, 2015 2:54 PM
  [via Dave Farber];subj=news&amp;tag=link

Who Spewed That Abuse? Anonymous Yik Yak App Isn't Telling

Monty Solomon <>
Tue, 10 Mar 2015 08:45:33 -0400

Florida moving to unmask anonymous websites to combat online piracy

Lauren Weinstein <>
Tue, 3 Mar 2015 10:17:21 -0800
Ars via NNSquad

  The bill, which landed on the state's House and Senate floors Tuesday,
  requires websites to display a "correct name, physical address, and
  telephone number or e-mail address" of the owner if they play a
  "substantial part in the electronic dissemination of commercial recordings
  or audiovisual works, directly or indirectly." The disclosure is required
  even if all the recordings or audiovisual works disseminated by the
  website are owned by the website owner.

 - - -

Typical nonsense from Florida. Good luck with that, boys.

China Blocks Web Access to 'Under the Dome' Pollution Documentary

Lauren Weinstein <>
Fri, 6 Mar 2015 18:59:04 -0800
*The New York Times* via NNSquad

  "Then on Friday afternoon, the momentum over the video came to an abrupt
  halt, as major Chinese video websites deleted it under orders from the
  Communist Party's central propaganda department.  The startling phenomenon
  of the video, the national debate it set off and the official attempts to
  quash it reflect the deep political sensitivities in the struggle within
  the Chinese bureaucracy to reverse China's environmental degradation,
  among the worst in the world. The drama over the video has ignited
  speculation over which political groups were its supporters and which
  sought to kill it, and whether party leaders will tolerate the civic
  conversation and grass-roots activism that in other countries have been
  necessary to curbing rampant pollution."

Don't trust timestamps

Dan Jacobson <>
Tue, 10 Mar 2015 04:17:24 +0800
One day in a court of law, the log files of a computer system will be
used to prove that some incident happened at some certain time.

Let's have a look.

journalctl says
Mar 10 03:14:32 jidanni2 kernel: sd 2:0:0:0: [sdb] Attached SCSI
Mar 10 03:14:32 jidanni2 kernel: EXT4-fs (sda8): mounted filesys

/var/log/kern.log says
Mar 10 03:14:47 jidanni2 kernel: [    4.000166] sd 2:0:0:0: [sdb
Mar 10 03:14:47 jidanni2 kernel: [   62.534080] EXT4-fs (sda8):

So did this happen at 03:14:32 or 03:14:47 or is all we in fact really
know was that there was an entire (62 - 4 =) 58 second gap between the
two lines?

The latter: my screen froze for a minute.

DDR3 modules found to be vulnerable to designed intensive memory accesses; alter other contents

"Bob Gezelter" <>
Tue, 10 Mar 2015 03:42:53 -0700
For years, I have believed that the ever increasing lack of ECC was a
serious flaw. My main concern was and is that memory capacities have
increased far faster than reliability. The danger of a spontaneous bit
failure at a random location in a multi-gigabyte memory is a matter for
concern.  However, it has not been reported by Ars Technica that a team has
announced an escalation of privilege exploit achieved exploiting the
underlying packaging and physics of DRAM memory, particularly, DDR3 (without
ECC). This experimental work raises the level of concern from the
theoretical to the (somewhat) practical.  While certainly arcane, the fact
that some memory assemblies display sensitivity to reference patterns and
affect the contents of cells other than those intended is a severe problem,
which undermines ALL of the presumptions inherent in the design of all
operating systems.  The complete Ars Technica article is at:

Bob Gezelter,

India Censors a Rape Documentary; the Streisand Effect Goes Nuclear

Lauren Weinstein <>
Fri, 6 Mar 2015 11:27:08 -0800

We get a lot of laughs out of the so-called "Streisand Effect"—the
phenomenon of someone trying to cover up or otherwise limit public knowledge
of some already public aspect of their life, and in the process drawing far
more attention to the situation than would have been the case if they'd just
kept quiet in the first place. When we're talking about a wealthy celebrity
trying to suppress photos of their Malibu mansion—that's what the
Streisand Effect is named for, by the way—at least a few chuckles seem
entirely understandable.

But when governments unwittingly invoke the Streisand Effect via
shortsighted, misguided, hamfisted attempts at censorship of important
issues, it's difficult to find any humor on the stage.

So we now have the sorry spectacle of the government of India—at least in
theory the world's largest democracy—petulantly and disastrously
attempting to suppress the viewing of a BBC documentary exposing a
nightmarish culture of rape within India itself.

That the situation has many complexities and subtleties is without
question. A confluence of historical, cultural, religious, caste, and
political forces are in play.

And while it's certainly true that problems with rape are not by any means
restricted to India, the unique character of the problem there, including
the bizarre twist of many government officials who apparently themselves
have had accusations lodged against them involving abuse of women, creates a
particularly convoluted tapestry.

It's into this sordid mix comes the new BBC documentary "India's
Daughter"—exploring in painfully but necessarily straightforward
detail many key aspects and circumstances of this problem.

The Indian government had three choices in the face of this incredibly
important film.

They could have ignored it. They could have embraced it as an element toward
helping to solve their endemic problems with the abuse of women.

Then there's the choice they actually made—the worst possible of them

The Indian government's choice was to attack the film, to attack the BBC, to
attack the filmmaker—then they acted as quickly as they could (but
ineffectually, as we'll see) to try prevent their own citizens from seeing
the documentary itself.

The actual visibility of the film in different parts of the world is tricky
to catalog since it's a moving target, but one thing is pretty clear --
anyone who really wants to see it can find a way to do so.

The original broadcast version was on BBC-controlled outlets, and the BBC
has followed its usual practice of asserting ownership rights to (try)
remove unauthorized copies from the Net (e.g., from YouTube).

But the proliferation of copies—both on YouTube and on other easily
accessible Net venues—has made that effort of limited success at best.

Of course since BBC does indeed control those rights, it's within their
purview to exercise them.

The behavior of the government of India regarding this film falls into an
entirely different category, however.

Variously asserting "risks to public order" and "damage to tourism"—among
other arguments—the Indian government not only filed blocking demands
with Google's YouTube—with which Google has been complying as per local
laws through geographical blocks --- but has also proclaimed the film a
"defamation" of India. They've even proclaimed, seemingly taking a page from
the EU's twisted sensibilities regarding "Right To Be Forgotten" censorship,
that they'd like to find a way to ban the film globally.

Not a chance, India. Ain't gonna happen.

You know where this story is going. The censorship demands of India have
vastly increased global awareness of "India's Daughter" and shot viewership
globally (and in India) through the roof, for the multiplicity of copies and
the relative ease of evading geo-blocks through a variety of technical means
have made a laughingstock of the Indian government's reaction.

The real tragedy though isn't what this means for inept Indian government
officials, but rather for the vast majority of people in India who are
decent, hardworking, and even more horrified about the abuse of women in
their country than are outside observers.

I've heard from a lot of them directly from India over the last couple of

Many heap criticism on their government, fearing that the government's
behavior may be viewed in some quarters as an attempt to "cover up" or
somehow justify abuse of women, and so reflect terribly on views of India

Most note that they have been able to see the film despite the government's
efforts to block it, and some are literally praying that the end result will
be positive for India and particularly for women, despite their government's
atrocious behavior.

Unfortunately and unsurprisingly, there are the vulgar trolls as well.  I've
been dealing with them on my Google+ threads on this topic—I keep the
"banhammer" on my belt right next to my phone, and the trapdoor lever is
always close at hand—and as usual these vermin have made their presence
known on YouTube video comments as well.

You never want to feed the trolls, and you can't let yourself be distracted
by them either.

Despite the immediate debacle of the Indian government's behavior regarding
"India's Daughter" and their attempts to suppress it, the power of the
Internet and yes, the Streisand Effect, will inevitably win the day in the

And regardless of angry machinations by Indian politicians against the best
interests of their own citizens, the Internet sunlight pouring in to
illuminate the specter of rape and other abuse of women in India is in the
end unstoppable.

Not just in India, but around the entire globe, no matter how politicians
pontificate and harass, ultimately the sands of censorship will still slip
through their fingers.

This has tended to be historically true in the long run even before the time
of the Internet, even before the coming of electronic communications in any

In the Internet age, it's even more of a truth that governments and
leaders can attempt to ignore only unsuccessfully, and only with the
most extreme of peril.

'FREAK' Flaw Undermines Security for Apple and Google Users, Researchers Discover (Craig Timberg)

"ACM TechNews" <>
Wed, 4 Mar 2015 11:41:58 -0500 (EST)
ACM TechNews, Wednesday, March 4, 2015
Read the TechNews Online at:

Craig Timberg, *The Washington Post* (03/03/15)

Companies and government agencies are scrambling to correct a major security
flaw revealed this week that has left users of Apple and Google devices and
users of million of websites vulnerable to man-in-the-middle attacks for
more than a decade.  Dubbed FREAK, the vulnerability is the result of
1990s-era government policy that restricted the export of strong encryption
techniques, which resulted in what is now considerably weak 512-bit
encryption being coded into numerous software products that have since
proliferated around the world.  The flaw was discovered by French computer
science lab INRIA during tests of encryption systems and took everyone by
surprise as 512-bit encryption has been considered obsolete for more than a
decade.  University of Pennsylvania cryptographer Nadia Heninger was able to
crack the vulnerable encryption in about seven hours by renting time on
Amazon Web Services servers.  Hackers could exploit this method to steal
passwords and personal information and potentially launch broader attacks on
affected websites.  The University of Michigan estimates almost a third of
all "secure" websites are affected by FREAK, with about 5 million encrypted
websites still vulnerable as of Tuesday morning.  Governments and businesses
were working behind the scenes to address FREAK before it became public
knowledge on Monday, and both Apple and Google are working on patches for
computers and mobile devices.

Re: FREAK attack

"Peter G. Neumann" <>
Wed, 4 Mar 2015 9:23:01 PST
[From the FREAK researchers]

On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability
- the FREAK attack. The vulnerability allows attackers to intercept HTTPS
connections between vulnerable clients and servers and force them to use
'export-grade' cryptography, which can then be decrypted or altered. There
are several posts that discuss the attack in detail:

Ed Felten:

Matt Green:

The Washington Post:

Tracking the FREAK Attack

What You Need To Know

To locate bank robber, FBI unusually asked for warrant to use stingray

Monty Solomon <>
Wed, 4 Mar 2015 09:45:28 -0500
To locate bank robber, FBI unusually asked for warrant to use stingray

Re: Trojaned blackmails from PCs. Japanese Police arrested PC owners

"ISHIKAWA,chiaki" <>
Wed, 04 Mar 2015 04:49:35 +0900
  I reported earlier about the ordeal of a few people who were arrested by
  the police in Japan because the computer trojan/virus they somehow
  downloaded sent threatening notes to various services.  The police thought
  these people were the real perpetrators.  But the real party behind the
  bot/virus and the blackmails sent a revealing e-mail to a lawyer, and
  demanded the wrongly arrested people be freed. The e-mail contains
  information that was only available to the person sending the original
  black mails. As a result of this e-mail, and as the result of a local
  Police who found the trace of suspected unknown virus-like activity on one
  of the computers of the arrested men, the charges were dropped for all the
  falsely arrested people, and freed.  [ Trojan sent blackmails from
  PCs. Japanese Police arrested PC owners 27.10]

In my post that started with the above paragraph (in Risks 27.10), I
followed up on this earlier report by the news that a man was arrested
on a few flimsy (to my eyes) evidences that

 - a surveillance camera caught the man padding a stray cat in an
   island with a neck collar in which a SD media that described
   somethings only the real perpetrator could know was found later.
   (A couple of mysterious e-mails had arrived at a few news media
   companies telling them to look for the media that contains the
   information that shows the arrest of earlier people could be proved
   all wrong and how inept the police was when it comes to
   cybercrime. Police with the presence of press reporters found the
   cat and collected the SD media.)

 - the virus/trojan seemed to have been created on an HP computer and
   this man's PC was made by HP (!?).

 - his PC's log showed that this PC connected to Tor network
   previously. The police had found that some earlier "bait" posts to
   popular BBS to solicit unsuspected readers to download a free
   software infected with the trojan program were posted from Tor
   network and the timing of connection was about right.

I then wondered aloud whether this man was a real culprit or another victim
portrayed by the real perpetrator of the series of crimes as a falsified
suspect to show the ineptness of the police again.  (I learned today that
during the subsequent court proceedings, that a few more "supporting"
evidences were provided, but they all seemed to my eyes not strong enough to
invalidate the "benefit of doubt".)

Well, today I am reporting that the verdict is finally in.

This man *WAS* guilty and he *ADMITTED* it.

He was sentenced to 10 years in prison on February 4th.  He did not appeal
the decision to the higher court within two weeks. So the verdict is final
and I am reporting it.

Scary thing is that his guilty verdict came only because (in my mind anyway)
he made a crucial blunder during the trial.

Details how he was caught red-handed, so to speak:

In my eyes, the "evidences" collected by the police and presented by the
prosecutor were so fragile and so the verdict could go either way As far as
the crime went, the perpetrator hid his/her track rather well and unless NSA
or somebody like that is cooperating, any national police would have
difficulty. But ARRESTING WRONG PEOPLE *was* the making of Japanese police.

The crucial blunder he committed was this. During the court proceeding, this
man sent a few e-mails from a mobile phone to media companies claiming that
the man was innocent and the e-mail was sent from the real perpetrator. He
sent the e-mails out by a calendar feature so that the e-mails would be sent
on May 16, 2014 when he would attend the court proceeding. Now, these
e-mails would have raised the level of doubt in media and society if it had
not been known that these came out from the same man.  And this news of
e-mails actually did raise my doubt in the police for a day or two.  But, he
buried the live mobile phone in a river bank around the sunset of May 15 so
that e-mails would be sent from the hidden unit.  But he *WAS SEEN* burying
something in the river bank by a plain cloth policeman nearby. After the
e-mails reached the news media on 16th, the buried object was dug out by the
police, and was found to be a phone, and the e-mails sent were recorded
intact in the unit.  After it was revealed to him that his deed was seen on
the spot and the phone with incriminating evidence was found, he finally
admitted that he *IS* the real perpetrator on May 19th.  [I have no idea
whether the police intentionally tailed him. Quite likely. But I could not
find any mention of the fact about this. Anyone seeing somebody burying a
small object in the river bank would get curious. And it is possible that
the burying was considered an exchange of illegal drug by a peddler to the
buyer or something.]

So, the real perpetrator was caught this time around, but it was not due to
the skill of digital sleuths so much, but to the criminal's blunder :-(

The police and prosecutor may not have been able to catch this man without
his strange habit of trying to send out e-mails to news media at crucial
times, which eventually led to his demise. (The mind of criminals is hard to
fathom.)  Also, if he had been careful enough to hide this in a closed place
not viewable from the distance, the police and prosecutor may not have been
this lucky.  [OK, I am not suggesting this to would-be criminals :-) ] To be
honest, it is quite likely that this man came out of the court proceedings
found not guilty with the set of evidences alone.

I have concerns about the level of digital-readiness of the police and
prosecution offices in Japan although at the national level, efforts are
under way to modernize the skill and investigation method.

I bet to the readers that the people who were arrested incorrectly and
*GRILLED* by clueless police investigators are still fuming.  And it seems
this sort of ordeal can happen to ANYBODY from the way this crime was
handled by the Japanese police and prosecution office.

Don't we live in interesting times?

Re: Japanese Satellite Broadcasting scramble protection cracked

"ISHIKAWA,chiaki" <>
Wed, 04 Mar 2015 05:00:01 +0900
In "Japanese Satellite Broadcasting scramble protection cracked" (Risks
Volume 26: Issue 85), I reported the following story of a fight between a
cracker community and paid broadcasting companies.

  It has been widely reported in many blogs in Japan that a widely used
  scramble protection system for satellite broadcasting (and for that matter
  some ground-based broadcasting) in Japan called B-CAS (BS Conditional
  Access System) has been compromised.

  Basically, satellite broadcasting relies on an IC card supplied by B-CAS
  company limited, to handle the management of subscription and duration
  (and presumably key handling for descrambling).  In Japan, TV tuners on
  the market have the card slot where the card is inserted "

       [... description of how the internal password, keys for
       descrambling was cracked. ...]

However, the operator of the paid-channel can not sit idle and must have
been pushing B-CAS company to do something in the last few days.
--- end quote ---

That day of reckoning for the users of modified cards to view the paid
channel without proper subscription finally came this month.

According a comment from a friend who brought this news to me, WOWOW,
one of the satellite broadcasting companies that use this BCAS service
has finally changed the internal keys for descrambling WOWOW
channel. BCAS card and the TV tuners are so designed that the dynamic
update of the stored key is possible by suitable authorization key and
this is exactly what they did if I understand my friend's comment correctly.

Why didn't they change the key as quickly as two years ago when the
news of compromise was announced?

The reason cited by my friend is as follows.

WOWOW allows a free trial subscription of two weeks to anyone for
asking.  And the key for this trial is one of the keys that was
compromised during cracking in 2012.  Only the expiration date is
modified when a new user asks for a free subscription: I think the
usage of the key and the starting date is activated on the first
use/access to the channel AUTOMATICALLY and the remaining days is
decremented each day.
The user can view the TV for two weeks using the key for
descrambling. Once the expiration day comes, the card cannot
provide the key for descrambling to TV tuner any more.
If the user wants to continue seeing the channel, he/she will contact
WOWOW for official subscription. I think this free trial period without
manual intervention is very important marketing-wise.

Back in 2012, the thinking of the broadcasting station seemed as follows.
Since there have been many legitimate BCAS cards in the distribution
channel with
the compromised key, if WOWOW decides to change the key stored in the
card for trial viewing, the users who buy the tuners with BCAS card with
old key will no longer be able to
experience the free trial. (WOWOW could theoretically allow
2-weeks free trial by using the normal billing system, but I don't
think their system allows such flexible usage: their billing works
only at the resolution level of calendar months as far as I could
Also, *even if* such usage of billing system was possible, the cost of
telephone support for free-trial would be huge and not attractive and
increasing the support staff will dampen the subsequent marketing
success. After all, the beauty of free trial seems to be there is no
human intervention at all to start it. WOWOW, even during normal time,
is understaffed as far as new subscription goes: it had to go way out
of ordinary business practice just before a few big sport events in
the last 12 months (such as soccer world cup, and Nishigori tennis
match) so that a new subscriber's tuner is given a
descrambling key first for viewing before the paper processing on the
account side is finished completely.  (The key is sent via
broadcasting signal and one has to wait for 30 minutes by tuning into
WOWOW channel before the key is received and stored properly in the
BCAS card for descrambling in the unit.)
Adding more workload on the telephone support to handle manual
intervention for every free trial request would have been
unthinkable for it.

Anyway, after two years from the news of compromise, WOWOW now seems
to think the virtually no BCAS cards with compromised keys inside are
still in the distribution channel. Old cards supplied with TV tuners
have been sold. So they can effectively change the keys used both for
free viewing (with limited duration that decreases each day) and
descrambling of normal broadcast (with duration that seems to be
extended each month based on subscription). They figure virtually
nobody will be inconvenienced by this arrangement. New BCAS cards in the
distribution channel come with new keys and legitimate existing users
have their keys changed by signals from broadcast. Those who get
unlucky to use old BCAS card (with the old key) to access WOWOW for
the first time after the key is changed, and told on the screen that
free trial is no longer possible can call customer support: but number
of such users will be very small as WOWOW correctly figures.

*BUT*, no basic hardware modification was attempted after all due to
the large cost such a move will necessitate. At $5 a card, and
reportedly close to 100 million cards in Japan, who will bear the
So, WOWOW took the least expensive solution although it is not bullet-proof.

Even though the WOWOW key has been changed this way, my friend told me
that some souls already figured out the new key and posted the key to
underground BBSes (!)  I wondered how it is possible, but it seems
that some people bought paid subscription to WOWOW using the BCAS card
with compromised backdoor so that they can monitor the content of the
keys inside. Once they noticed the change of the keys early February
and the figured the intention of WOWOW, at least some souls posted the
changed keys to the BBSes.
The revealed keys will enable the use of modifiable BCAS card, and
those who use "soft" BCAS emulator to descramble the recorded
scrambled signal afterward using their PCs.

The act of posting such key is amazing since the police after the
plodding of the broadcasters arrested a few people in the last couple
of years:
 - one posted the source code with detailed explanation of how
   the BCAS card could be modified for free viewing until 2038 [YES,
   it has the 32 bit wrap around time issue :-) ]
 - and a few others who obtained these modifiable cards and sold them
   at auctions for profits.

These arrests and sentencing handed out to the people who have been
caught have made the crackers hide into underground and so I could not
learn much technologically from public BBSs as I could in 2012.  But I
found these public BBSs are full of cries from people who seemed to
have bought "black" BCAS cards from the shady dealers to ask if
further modification is possible to cope with the new key. (The posts
are anonymous superficially although ISP will keep the log for three

At least one other broadcaster seems to follow the track of
WOWOW and change the key shortly according to my friend's guess.

Because the new key is already publicized in underground BBSs, people
who are savvy enough to modify the cards in the first place probably
can do so again. But these people are really minority.  I think WOWOW
wants to weed out the general consumer-types who bought the shady
"black" BCAS cards from dubious sources. I think WOWOW has been
successful. After a few more such key changes in the next few
years, the "black" BCAS cards may not look so cheap any more (they
commanded a hefty price, but will be less inexpensive than the paid
subscriptions to the all the paid channels it covers for a year or

So, from the viewpoint of WOWOW, a little deterrence goes a long way.
It and other broadcasters probably don't care if a small minority
of technically-savvy crackers are enjoying the free ride as long as
the general consumers stay away from "black" BCAS cards from shady
(Oh, I should mention that the high percentage of spams I receive
since 2012 is related to the "black" BCAS cards. So there *IS* a
demand and supply.)

Hillary's Secret Email Was a Cyberspy's Dream Weapon

Henry Baker <>
Tue, 10 Mar 2015 13:05:27 -0700
FYI—If you're a senior govt official, don't try this at home.

When a notorious online break-in artist got a hold of the Secretary of
State's now-infamous email address, he gave himself the power to use it to
target the global elite.

The private email address for Hillary Clinton, which became the talk of
Washington this week and created her first major speed bump on her road to
the White House, has actually been freely available on the Internet for a
year, thanks to a colorful Romanian hacker known as Guccifer.

On March 14, 2013, Guccifer—his real name is Marcel-Lehel Lazar—broke
into the AOL account of Sidney Blumenthal, a journalist, former White House
aide to Bill Clinton, and personal confidante of Hillary Clinton.  Lazar
crowed about his exploits to journalists, disclosing a set of memos
Blumenthal had written to Clinton in 2012, as well as the personal email
address and domain she's now known to have used exclusively for her personal
and official correspondence.  [...]

Re: Jeb Bush publishes e-mail personal info of Florida residents online (RISKS-28.51)

"John Levine" <>
3 Mar 2015 19:59:08 -0000
>Since the use was non-commercial, the public has a clear interest in Bush's
>correspondence since he was a government official at the time and a likely
>candidate for US President, and the commercial market of the e-mail is
>negligible, the argument for fair use in this case is very small.

Grr ... is very STRONG.  That is, it is very unlikely that should anyone
take this to court, that they would win.

Re: Jeb Bush publishes e-mail personal info of Florida residents online (RISKS-28.53)

"John Levine" <>
3 Mar 2015 20:57:46 -0000
>NOT! As a first order WAG, I would assume that the TOS involved in emailing
>the governor *in his official capacity as an elected public figure, cover
>that. And the FOIA would cover the publication.

TOS?  There are no terms of service on incoming e-mail.  Or if there are, in
return for the valuable information you have obtained by reading this
message you hereby agree to pay me $1,000 (CAD because I'm feeling
generous.)  Pay up.

FOIA is a Federal law, but Jeb was a state official.  Florida has what
is inevitably named the Sunshine Law that provides access to state
documents, and I agree that his mail would likely be included.

Re: Belarus bans Tor and all anonymising Internet technologies

Dan Jacobson <>
Tue, 03 Mar 2015 08:44:00 +0800

"Why can't I access Google Maps APIs from China?

The Google Maps APIs are served within China from the domain This domain does not support https. When making requests
to the Google Maps APIs from China, please replace with"

Re: Internet of Obnoxious Things (RISKS-28.54)

"R. G. Newbury" <>
Thu, 05 Mar 2015 12:13:43 -0500
{Security from attack] "Even if it is theoretically possible, it has been
demonstrated in the most compelling possible terms that it will not be done
for a host of reasons. The most benign fall under the rubric of "Never
ascribe to malice what is adequately explained by stupidity" while others
will be aggressively malicious.

Napoleon's aphorism brings to mind that the two increasing levels of attack
can most usefully be described by:

  Grey's Law (with apologies to one A.C.Clarke): Any sufficiently advanced
  incompetence is indistinguishable from malice.

  And what I call Machiavelli's corollary: Any sufficiently advanced malice
  is indistinguishable from incompetence.

Or: "They are so useless that you think they are doing it on purpose."
And: "They are so good at messing you over, that you have no idea it was
being done, on purpose."

And far too much of the future impact of 'Obnoxious Things' will look like
the latter.

R. Geoffrey Newbury, 150 Lakeshore Road West Mississauga, Ontario, L5H 3R2

Re: When Driver Error Becomes Programming Error (Joel Shurkin)

"John Levine" <>
3 Mar 2015 22:37:53 -0000
>If automated automobiles become practical and widely adopted, then car
>accidents will be the result of programming errors instead of driver errors,
>which makes the assignment of responsibility in litigation a challenge.

Gee, it's as though we haven't had operatorless transit vehicles for
decades.  Granted, they're not exactly the same since transit vehicles
usually run on a track, but people can get stuck in the doors or trespass on
the track, and somehow we've been able to deal with it.

Please report problems with the web pages to the maintainer