The RISKS Digest
Volume 28 Issue 61

Friday, 1st May 2015

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information features enabled by clicking the flashlight icon above. They are described in the news page. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


An iPad glitch grounded several dozen American Airlines planes
Adam Pasick via Jim Reisert
At least one American Airlines plane is grounded because the pilots' iPads crashed
Ben Moore
FAA Orders Fix for Possible Power Loss in Boeing 787
Jad Mouawad via Jan Wolitzky
Re: Software Overflow Could Cause Complete Power Loss in 787
Richard Karash
Congressman with computer science degree: Encryption back doors are “technologically stupid''
Andrea Peterson via Lauren Weinstein
Cybersecurity mandated by those who don't use it
*The Guardian via Devon McCormick
Public wifi & man-in-the-middle
Henry Baker
Preparing for Warfare in Cyberspace
*The New York Times* via Monty Solomon
All cars must have tracking devices to cut road deaths, says EU
Chris Drewe
Doctors don't like EHRs?
Now you can embed classic MS-DOS games in tweets
Ian Paul via Jim Reisert
Re: Iowa casino doesn't have to pay $41M jackpot error
Craig Burton
Re: Starbucks Outage
Clay Jackson
Info on RISKS (comp.risks)

: An iPad glitch grounded several dozen American Airlines planes (Adam Pasick)

Jim Reisert AD1C <>
Wed, 29 Apr 2015 07:42:38 -0600
American Airlines flights experienced significant delays this evening after
pilots' iPads--which the airline uses to distribute flight plans and other
information to the crew--abruptly crashed. "Several dozen" flights were
affected by the outage, according to a spokesperson for the airline.

"The pilot told us when they were getting ready to take off, the iPad
screens went blank, both for the captain and copilot, so they didn't have
the flight plan," Toni Jacaruso, a passenger on American flight #1654 from
Dallas to Austin, told Quartz.

"The pilot came on and said that his first mate's iPad powered down
unexpectedly, and his had too, and that the entire 737 fleet on American had
experienced the same behavior," said passenger Philip McRell, who was also
on flight #1654. "It seemed unprecedented and very unfamiliar to the

Other passengers in New York and Chicago also said they were being
affected by the outage.

At least one American Airlines plane is grounded because the pilots' iPads crashed

Ben Moore <>
Tue, 28 Apr 2015 22:03:36 -0500
Where's the backup system?

FAA Orders Fix for Possible Power Loss in Boeing 787 (Jad Mouawad)

Jan Wolitzky <>
Thu, 30 Apr 2015 21:08:16 -0400
Jad Mouawad, *The New York Times*, 30 Apr 2015

Federal regulators will order operators of Boeing 787 Dreamliners to shut
down the plane's electrical power periodically after Boeing discovered a
software error that could result in a total loss of power.

The Federal Aviation Administration said on Thursday that Boeing found
during laboratory testing that the plane's power control units could shut
down power generators if they were powered without interruption for 248
days, or about eight months. The findings were published in an airworthiness

Boeing said the problem had occurred only in lab simulation and no airplane
had experienced it. Boeing said that powering the airplane down would
eliminate the risk that all power generators would shut down at the same

The company said it was working on a software update that should be ready by
the fourth quarter this year.

The plane maker said that power was shut down in all airplanes in service in
the course of the regular maintenance schedule, and that it would be rare
for a plane to remain with power on without interruption for eight months.
[...  Truncated for RISKS.  PGN]

Re: Software Overflow Could Cause Complete Power Loss in 787

Richard Karash <>
Fri, 1 May 2015 09:41:01 -0400
It's not clear how likely it is that generator could be left on for eight
months.  Do they run between flights and over-night?  Only powered down at
maintenance checks?  Or go off when parked, like your car?  Nice to see this
was discovered in a lab simulation, not in mid-air.

Richard Karash  +1 617-308-4750 —

  [Also noted by Jeremy Epstein...  PGN]

Congressman with computer science degree: Encryption back doors are “technologically stupid''

Lauren Weinstein <>
Thu, 30 Apr 2015 17:03:40 -0700
*The Washington Post*, 30 Apr 2015, via NNSquad

  The debate over whether companies should be forced to build in ways for
  law enforcement to access communications protected by encryption took a
  tense turn this week in a congressional hearing.  On one side were law
  enforcement officials, including a high-ranking FBI official.  On the
  other were tech-savvy members of the House Government Oversight and Reform
  Committee's Information Technology subcommittee—two with computer
  science degrees.  "It is clear to me that creating a pathway for
  decryption only for good guys is technologically stupid," said Rep. Ted
  Lieu (D-Calif.), who has a bachelor's in computer science from Stanford
  University. "You just can't do that."

Cybersecurity mandated by those who don't use it

Devon McCormick <>
Tue, 28 Apr 2015 09:46:15 -0400
There's a good article in *The Guardian* pointing out that the members of
the U.S. Congress, who would legislate cybersecurity for all Americans, do
not themselves take the slightest security precautions - none of them
encourage (or, for the most part, use) encrypted communication and none of
their websites use https.

Public wifi & man-in-the-middle

hbaker1 <>
Tue, 28 Apr 2015 08:40:13 +0200 (GMT+02:00)
Public wifi networks in airports & hotels often utilize man-in-the-middle
techniques to require some sort of login—e.g., Ruckus Wireless.

With "HTTPS Everywhere" & other new browser techniques to stop MITM
techniques, it becomes almost impossible to use these networks.

I now have to use a "throwaway" Chrome browser on my laptop that I use
*only* for initial login to these networks with an HTTP throwaway home page.
Once logged in, I can then fire up a real, *locked-down* browser that uses
HTTPS Everywhere, NoScript, Tor, etc.

Since public wifi networks place computers *most* at risk, these public wifi
networks are going to have to find a better—i.e., more secure—way to
login, as MITM'ing an http request is perhaps the world's worst (i.e., most
insecure) idea ever invented.

Preparing for Warfare in Cyberspace

Monty Solomon <>
Tue, 28 Apr 2015 16:41:23 -0400

A new strategy begins to lay out the conditions under which America would
use cyberweapons.

All cars must have tracking devices to cut road deaths, says EU.

Chris Drewe <>
Wed, 29 Apr 2015 15:38:40 +0100
This idea has been around for a while, but the title says it all.

  All new cars will within three years contain tracking devices that alert
  the emergency services in the event of an accident.
  Under EU laws passed on Tuesday the technology will be compulsory from
  2018 and fitted as standard in every model of car and small van.

  A serious crash will prompt an automatic call to the nearest emergency
  centre. Even if nobody in the vehicle is able to speak, the device will
  still relay the exact location, time, direction of travel, the scale of
  the impact and whether airbags have been deployed.


Apart from the privacy concerns mentioned, a couple of queries occur to me,
assuming that this feature will use the regular public mobile telephone
(cellphone) network:

- If there's a multi-vehicle pile-up, could the cellphone network in the
  vicinity of the crash be overloaded by these automatically-generated
  calls, possibly blocking other urgent communications (as happened in the
  Boston Marathon bombing)?

- Presumably this will increase the call-handling load for the cellphone
  network, so who pays?  Do car owners have to take out a cellphone
  subscription, or will cellphone companies get some sort of Gov't funding,
  or will their other customers effectively subsidise the service?

Doctors don't like EHRs?

"Peter G. Neumann" <>
Wed, 29 Apr 2015 18:50:07 PDT
  [I think that they may be thinking about closing the gate (after the horses
  ran away) by putting in a few pieces of bamboo :-)   DKross]

Sen Lamar Alexander to HHS Secretary Burwell "... half of doctors don't like
their EHRs to the point that they'll accept Medicare penalties rather than
deal with workflow disruption..."

And added that the "...AMA found that 70 percent of doctors say their EHRs
weren't worth the cost and that EHRs are the leading cause of physician

: Now you can embed classic MS-DOS games in tweets (Ian Paul)

Jim Reisert AD1C <>
Thu, 30 Apr 2015 09:30:27 -0600
Ian Paul, PCWorld, 30 Apr 2015

Twitter Cards are cool for watching videos or listening to tunes without
leaving Twitter. But now the Internet Archive has the best use for Twitter's
rich media feature yet: old-school MS-DOS games that can be played right
inside a tweet.

I guess this is one way to find/fix security exploits, but probably not the
best way...

Re: Iowa casino doesn't have to pay $41M jackpot error (RISKS-28.60)

Craig Burton <>
Tue, 28 Apr 2015 10:17:10 +1000
A case came up in Australia in 2011 of scratch-off gambling cards showing a
winning match, and the winner got AUD100,000.  However, company sue and won
due to the code on the bottom of the card not being a "winning code".  I was
surprised the lotteries law allowed for this kind of opacity which could
presumably be abused.

Re: Starbucks Outage (RISKS-28.60)

"Clay Jackson" <>
Wed, 29 Apr 2015 08:58:10 -0700
I worked in IT for Starbucks the 1990s (1996-1999) and we had a VERY similar
(at least from what I can glean from the press reports of this one) failure
in 1998 (might have been '97).

Jeremy Epstein comments, "I don't know anything about running global IT
infrastructures, so perhaps I'm naive, but I would think that rollouts would
be done in a rolling fashion to avoid shutting down the entire company" - I
do know a bit about this, and I don't think I'd be violating any
non-disclosures by saying that even in the earlier failure, the updates
"pushed" to the stores were staggered (and I assume still are).  I'm sure
the "failure mode" was much more complex.  And, yeah, there probably is some
naiviety there, preventing ALL possible failure modes like this costs money
(at the very least, having onsite or rapidly available backups at every
store AND having at least 2 partners trained in how to perform the restore),
AND, even if that WAS a possibility, I can see how the "fog of the moment"
could make it difficult to implement ("Before we strike out on our own,
let's give corporate a chance to fix this", or "They told us they'd be back
up in 1 hour, and the recovery will take at least 2").  I also worked for
WaMu (another whole set of Risks:)); and I know the steps we took to ensure
"branch Independence" were pretty amazing and also VERY costly.

This is interesting from a number of standpoints - we now have 2 datapoints
from the same company; I would assume that the various systems have
changed/grown over the years (it would be REALLY interesting to have a
current or more recent Starbucks partner comment).   IMHO, 2 failures in 17
or 18 years is really not too bad.

Please report problems with the web pages to the maintainer