The RISKS Digest
Volume 28 Issue 85

Wednesday, 12th August 2015

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Why `Smart' Objects May Be a Bad Idea
Zeynep Tufekci
Web's Random Numbers Are Too Weak, Researchers Warn
Mark Ward
Widespread voting machine election fraud?
Google's Search Algorithm Could Steal the Presidency
Adam Rogers
Algorithms and Bias: Q&A With Cynthia Dwork
Claire Cain Miller
What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft's New Privacy Policies
Corhon Law
A key reason the new Microsoft Windows 10 privacy policies are so problematic for existing Windows 7 users
Nine Charged in Insider Trading Case Tied to Hackers
BMW servers overloaded by Google's ALPHABET Inc. announcement
Russian Cyberattack Targets Pentagon E-mail Systems
ICANN hacked—again!
Researchers find major security flaw with ZigBee smarthome devices
DefCon ProxyHam Talk Disappears but Technology is No Secret
Sean Michael Kerner
'Santa Ana police officers sue to quash video of pot shop raid'
Scott Schwebke
Facebook and Twitter accounts seen as property
IBM Locks Up Cloud Processes With [Obvious] Patents
Code 'transplant' could revolutionise programming
How to make a possible break-in worse: Rover rolls over
David Lesher
Mobile phone security moves in slow motion
Beta Boston
Deterrence Considered Harmful
John Arquilla via Henry Baker
An AT&T problem allegedly caused outage on Verizon, Sprint, T-Mobile
Under Pressure, Google Promises To Update Android Security Regularly
Controversial cybersecurity bill would do little to stop hackers
The Guardian
Self-driving cars
xkcd 1559 via Gene Wirchenko
Among the States, Self-Driving Cars Have Ignited a Gold Rush
Re: Fiat Chrysler Issues Recall Over Hacking
Ivan Jager
Re: Space Ship Two crash investigation results
Don Norman
Re: Windows 10 and Wifi Sense
Bob Frankston
Re: Siri's new voice, new name: Comey
Jeremy Epstein
Info on RISKS (comp.risks)

Why `Smart' Objects May Be a Bad Idea (Zeynep Tufekci)

"Peter G. Neumann" <>
Tue, 11 Aug 2015 9:06:39 PDT
  [This is a lovely and quite incisive op-ed piece, and totally relevant for

Zeynep Tufekci, Why `Smart' Objects May Be a Bad Idea, *The New York Times*
op-ed, 11 Aug 2015

A FRIDGE that puts milk on your shopping list when you run low. A safe that
tallies the cash that is placed in it. A sniper rifle equipped with advanced
computer technology for improved accuracy. A car that lets you stream music
from the Internet.

All of these innovations sound great, until you learn the risks that this
type of connectivity carries. ...

Hackers can empty the smart safe with a single USB stick, while erasing
  activity logs...

Researchers managed to remotely manipulate a high-tech rifle, unbeknownst
  to the shooter...

The Internet of Hacked Things ...

Web's Random Numbers Are Too Weak, Researchers Warn (Mark Ward)

"ACM TechNews" <>
Wed, 12 Aug 2015 13:23:21 -0400 (EDT)
Mark Ward, BBC News, 9 Aug 2015 via ACM TechNews Wednesday, August 12, 2015

The Linux-based Web server software that generates random numbers used to
scramble or encrypt data should be stronger, suggests a study presented at
the Black Hat security event in Las Vegas.  The sources of data that some
computers call on to generate random numbers often run dry, according to
security analyst Bruce Potter and researcher Sasha Wood.  The software
generates strings of data used as "seed" for random numbers, and ideally the
pool of data would possess a high degree of "entropy."  However, Potter and
Wood found the entropy of the data streams is often very low because the
machines are not generating enough raw information for them.  Moreover, the
researchers warn the server security software does little to check whether a
data stream has high or low entropy.  The research exposed unknown aspects
of encryption on millions of widely used servers.  Potter and Wood describe
the finding as "scary," and caution it could mean random numbers are more
susceptible to well-known, brute-force attacks that leave personal data

Widespread voting machine election fraud?

Lauren Weinstein <>
Thu, 6 Aug 2015 14:00:28 -0700

Google's Search Algorithm Could Steal the Presidency (Adam Rogers)

Henry Baker <>
Fri, 07 Aug 2015 08:03:12 -0700
Adam Rogers, *WiReD*, 6 Aug 2015

Imagine an election—a close one.  You're undecided.  So you type the name
of one of the candidates into your search engine of choice.  (Actually,
let's not be coy here.  In most of the world, one search engine dominates;
in Europe and North America, it's Google.)  And Google coughs up, in
fractions of a second, articles and facts about that candidate.  Great!  Now
you are an informed voter, right?  But a study published this week says that
the order of those results, the ranking of positive or negative stories on
the screen, can have an enormous influence on the way you vote.  And if the
election is close enough, the effect could be profound enough to change the

[Apparently paywalled.]

In other words: Google's ranking algorithm for search results could
accidentally steal the presidency.  “We estimate, based on win margins in
national elections around the world,'' says Robert Epstein, a psychologist
at the American Institute for Behavioral Research and Technology and one of
the study's authors, “that Google could determine the outcome of upwards of
25 percent of all national elections.''

Epstein's paper combines a few years' worth of experiments in which Epstein
and his colleague Ronald Robertson gave people access to information about
the race for prime minister in Australia in 2010, two years prior, and then
let the mock-voters learn about the candidates via a simulated search engine
that displayed real articles.

One group saw positive articles about one candidate first; the other saw
positive articles about the other candidate.  (A control group saw a random
assortment.)  The result: Whichever side people saw the positive results
for, they were more likely to vote for—by more than 48 percent.  The team
calls that number the `vote manipulation power', or VMP.  The effect held --
strengthened, even—when the researchers swapped in a single negative
story into the number-four and number-three spots.  Apparently it made the
results seem even more neutral and therefore more trustworthy.

Algorithms and Bias: Q&A With Cynthia Dwork (Claire Cain Miller)

"ACM TechNews" <>
Wed, 12 Aug 2015 13:23:21 -0400 (EDT)
Claire Cain Miller, *The New York Times*, 10 Aug 2015

In an interview, Microsoft Research scientist Cynthia Dwork describes how
algorithms can learn to discriminate because they are programmed by coders
who incorporate their biases.  In addition, she says they are patterned on
human behavior, so they reflect human biases.  Dwork defines her research as
"finding a mathematically rigorous definition of fairness and developing
computational methods--algorithms--that guarantee fairness."  She notes a
study she co-authored found that "sometimes, in order to be fair, it is
important to make use of sensitive information while carrying out the
classification task.  This may be a little counterintuitive: the instinct
might be to hide information that could be the basis of discrimination."
Dwork says fairness entails similar people are treated in a similar manner.
"A true understanding of who should be considered similar for a particular
classification task requires knowledge of sensitive attributes, and removing
those attributes from consideration can introduce unfairness and harm
utility," she notes.  The development of a fairer algorithm would involve
serious consideration about who should be treated similarly to whom,
according to Dwork.  She says the push to train algorithms to protect
certain groups from discrimination is relatively young, but the Fairness,
Accountability, and Transparency in Machine Learning workshop is a promising
research area.

What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft's New Privacy Policies

Lauren Weinstein <>
Tue, 11 Aug 2015 10:43:16 -0700
Corhon Law via NNSquad

  In addition [to] killing what remained of privacy on the Internet,
  Microsoft also purports to require its users to give up important
  intellectual property rights: When you share Your Content with other
  people, you expressly agree that anyone you've shared Your Content with
  may, for free and worldwide, use, save, record, reproduce, transmit,
  display, communicate ...  Your Content. If you do not want others to have
  that ability, do not use the Services to share Your Content." I have
  serious doubts about the enforceability of this provision - but users
  should be aware of it.

A key reason the new Microsoft Windows 10 privacy policies are so problematic for existing Windows 7 users

Lauren Weinstein <>
Tue, 11 Aug 2015 12:08:40 -0700

The key factor is the change from expected state prior to the upgrade.  When
people bump up to W10, the default info sharing is utterly different --
vastly expanded—from what they consider normal under W7.  And even more
to the point, now involves all manner of data that has traditionally been
local under Windows. When you use a cloud-based service, you normally have
made a conscious decision to do so, and then a variety of boilerplate comes
into play to permit processing. But the 180 done by MS is dramatic. A law
firm that may in the past have chosen to keep their data all local—for
whatever reason—now would be in a very different ecosystem simply by
accepting the W10 upgrade with its defaults. Very bad.

Nine Charged in Insider Trading Case Tied to Hackers

Monty Solomon <>
Tue, 11 Aug 2015 19:14:06 -0400

The international scheme generated more than $100 million in illegal
profits, and the S.E.C. is bringing a parallel lawsuit in the case.

BMW servers overloaded by Google's ALPHABET Inc. announcement

Lauren Weinstein <>
Tue, 11 Aug 2015 13:18:14 -0700

BMW reports that their site is overloaded (testing shows it to
be currently unreachable) since Google's ALPHABET, Inc. announcement.  BMW
has asserted that not only do they not want to relinquish that domain, which
they say is an active part of a subsidiary, but that they were not
approached by Google to sell the domain or pre-informed in any way of the
Google announcement. If BMW's statements in these regards are true, it
strikes me as impolite and uncaring at best for Google to have not given BMW
some sort of warning—issues of wanting to surprise the world
notwithstanding—given that it was entirely predictable that an
announcement like this would cause activity that would likely overwhelm
BMW's servers unless proactive action were taken.

Russian Cyberattack Targets Pentagon E-mail Systems

"Peter G. Neumann" <>
Fri, 7 Aug 2015 11:53:19 PDT
NBCNews, August 7, 2015

The Pentagon took its Joint Staff unclassified email system offline nearly
two weeks ago, after detecting a "sophisticated cyberattack" by alleged
Russian hackers, U.S. officials told NBC News on Thursday.

According to the officials, the intrusion occurred sometime around July 25
and affected about 4,000 military and civilian personnel who work for the
Joint Chiefs of Staff. ...

ICANN hacked—again!

Lauren Weinstein <>
Thu, 6 Aug 2015 13:30:36 -0700
The Hacker News via  NNSquad

  ICANN (Internet Corporation for Assigned Names and Numbers) - the
  organisation responsible for allocating domain names and IP addresses for
  the Internet - has been hacked, potentially compromising its customers'
  names, email addresses, hashed passwords, and more.  The US-administered
  non-profit corporation admitted on Wednesday that its server security was
  breached within the past week and that ... an "unauthorised person" gained
  access to usernames, email addresses, and encrypted passwords for profile
  accounts on public website.

  The organisation believes that the leaked information includes harmless
  information such as user preferences, public biographies, interests,
  newsletters, and subscriptions.

"Fool me once, shame on you—fool me twice, shame on me."

Researchers find major security flaw with ZigBee smart home devices

Lauren Weinstein <>
Fri, 7 Aug 2015 19:59:03 -0700
Engadget via NNSquad

  Manufacturers of smart home devices using the ZigBee standard are aiming
  for convenience at the expense of security, according to researchers from
  the Austrian security firm Cognosec. By making it easier to have smart
  home devices talk to each other, many companies also open up a major
  vulnerability with ZigBeee that could allow hackers to control your smart
  devices. And that could be a problem if you rely on things like smart
  locks or a connected alarm system for home security.  Specifically,
  Cognosec found that ZigBee's reliance on an insecure key link with smart
  devices opens the door for hackers to spoof those devices and potentially
  gain control of your connected home.

Every morning it's "I Got You Babe" on the radio. This is getting tiresome.

DefCon ProxyHam Talk Disappears but Technology is No Secret

"Hendricks Dewayne" <>
Aug 7, 2015 8:54 PM
  [Note:  This item comes from friend Mike Cheponis.  DLH]<via Dave Farber>

Sean Michael Kerner, E-Week, 7 Aug 2015

LAS VEGAS—Part of the drama at any Black Hat or DefCon security
conaference in any given year usually revolves around a talk that is
canceled for some mysterious reason, typically over fears that it could
reveal something truly disruptive. Such is the case in 2015 at DefCon with a
talk called ProxyHam, which was supposed to reveal technology that could
enable an attacker to wireless proxy traffic over long distances, hiding
their true location.

The original ProxyHam talk was also set to be accompanied by the sale of
ProxyHam devices that could have enabled purchasers to conduct the wireless
proxy attack at their leisure. Speculation around why the ProxyHam talk was
canceled involved theories that the Federal Communications Commission got
the talk canceled, though that has never officially been confirmed or

While the ProxyHam talk was canceled, it has been replaced, by a talk set
to be delivered at 4 p.m. PT at DefCon and titled "HamSammich—long-distance
proxying over radio" in which security researchers Robert Graham, CEO of
Errata Security, and David Maynor, chief scientist at Bastille Networks,
will reveal how ProxyHam works and how it can be built using off-the-shelf
technology today.

In an exclusive video interview with eWEEKprior to the talk, Graham and
Maynor detail the technology and its shortcomings, as well as suggestions
for how an organization can attempt to protect itself from a ProxyHam-type
risk."With ProxyHam, the idea was to take a little box, hide in a bar or a
Starbucks, tap into their WiFi and then use a long-distance point-to-point
link in order to tap in remotely from many miles away to the bar's WiFi
network," Graham told eWEEK. The technique that ProxyHam uses involves the
use of a Raspberry Pi device and a large antenna. The HamSammich approach
does the same thing in terms of long-distance proxy, but with an
off-the-shelf WiFi router and a 900MHz radio transmitter that, according to
Graham and Maynor, can be used legally within the confines of FCC
regulations. The promise of using 900MHz is that it's a piece of radio
spectrum that is typically not monitored by organization. The challenge is
that it generally requires line of sight, meaning that a proxied attacker
could likely be easily located as well.

Maynor noted that there was a backlash on social media when the original
ProxyHam talk was canceled.

"Our goal is to show that ProxyHam did not actually enhance security,"
Maynor said. "It does the exact opposite, causing more trouble than you can

Watch the full video discussion of how ProxyHam works with Graham and Maynor

'Santa Ana police officers sue to quash video of pot shop raid' (Scott Schwebke)

Prashanth Mundkur <>
Mon, 10 Aug 2015 10:34:25 -0700
Santa Ana police officers sue to quash video of pot shop raid
Scott Schwebke, OC Register, 3 Aug 2015

  SANTA ANA—Three Santa Ana police officers want to quash a surveillance
  video that shows officers making derogatory comments about a disabled
  woman and possibly snacking on pot edibles during a recent raid of a
  medical marijuana dispensary.

  A lawsuit, filed last week in Orange County Superior Court by three
  unidentified police officers and the Santa Ana Police Officers
  Association, seeks to prevent Santa Ana Police Department internal affairs
  investigators from using the video as they sort out what happened during
  the May 26 raid of Sky High Collective. [...]

  Matthew Pappas, a lawyer for Sky High, pointed to the irony of police
  seeking to shoot down the use of video as evidence in an investigation
  when they routinely use videos to investigate other crimes. [...]

  The lawsuit argues that the video doesn't paint a fair version of
  events. The suit also claims the video shouldn't be used as evidence
  because, among other things, the police didn't know they were on camera.

    “All police personnel present had a reasonable expectation that their
    conversations were no longer being recorded and the undercover officers,
    feeling that they were safe to do so, removed their masks.''  The
    dispensary also did not obtain consent of any officer to record them.
    “Without the illegal recordings, there would have been no internal
    investigation of any officer.''

    Pappas counters that the suit is baseless because the officers were
    aware the dispensary had video cameras and managed to disable most of
    them.  “They knew they were on video. ... Just because they missed one
    camera doesn't make it illegal.'' [...]

       [Is the pot calling the fettle back?  PGN]

Facebook and Twitter accounts seen as property (ABQ)

Paul Saffo <>
Wed, 12 Aug 2015 08:50:36 -0700


A Texas man used social media to promote his gun store, posting politically
charged messages that criticized the president and promoted Second Amendment
rights.  But after losing ownership of his suburban Houston store in
bankruptcy, Jeremy Alcede spent nearly seven weeks in jail for refusing a
federal judge's order to share with the new owner the passwords of the
business's Facebook and Twitter accounts, which the judge had declared
property.  Alcede's ultimately failed stand charts new territory in awarding
property in bankruptcy proceedings and points to the growing importance of
social media accounts as business assets. Legal experts say it also provides
a lesson for all business owners who are active on social media. Bankruptcy
Judge Jeff Bohm, who handled Alcede's case, acknowledged “the landscape of
social media is yet mostly uncharted in bankruptcy,'' and cited a 2011 New
York bankruptcy court case that treated such accounts like subscriber lists,
which “provide valuable access to customers and potential customers.''
Villanova University School of Law professor Michael Risch said Facebook and
Twitter accounts, among other social media platforms, are now seen as
property by companies. “I suspect that's what the judge was looking at, is
this primarily an asset being used for business advertising to get customers
to talk about what is going on with the company,'' said Risch, who
specializes in Internet law.

IBM Locks Up Cloud Processes With [Obvious] Patents

"Lauren Weinstein" <>
Aug 4, 2015 7:59 PM
Information Week via NNSquad

  One is about scaling down a virtual machine as its traffic recedes,
  another deploys sensitive data to a secure server, and a third creates
  snapshots of virtual machines for rapid recovery in the event of a failed
  workload.  These examples don't necessarily bring to mind a sense of
  blinding brilliance or original innovation, but these cloud operations can
  be patented.

Code 'transplant' could revolutionise programming (WiReD)

Martin Ward <>
Tue, 11 Aug 2015 16:36:32 +0100
A team of researchers have been able to automate "cargo cult programming":

"Code has been automatically "transplanted" from one piece of software to
another for the first time, with researchers claiming the breakthrough could
radically change how computer programs are created.

"The process, demonstrated by researchers at University College London, has
been likened to organ transplantation in humans. Known as MuScalpel, it
works by isolating the code of a useful feature in a 'donor' program and
transplanting this "organ" to the right "vein" in software lacking the
feature. Almost all of the transplant is automated, with minimal human
involvement.  ...  "Like an organ that has been translated, there's a chance
that features could be rejected by the new host. But when a code transplant
fails the system can simply try again, potentially hundreds or even
thousands of times." —*WiReD*, Programming, 30 July 2015.

Poor programmers have always written programs by chopping out bits of old
programs and smooshing them together, fiddling with the result until it
"sort of works" and then calling it "done".  And creating a huge mess of
security holes in the process!

Now that this process can be automated, good programmers (who actually try
to control complexity) will never be able to compete with the "productivity"
of the computer-assisted cut-and-paste brigade.

Dr Martin Ward STRL Principal Lecturer & Reader in Software Engineering

  [Can you spell `malware'?  PGN]

How to make a possible break-in worse: Rover rolls over (David Lesher)

David <>
Wed, 05 Aug 2015 21:37:55 -0400
Rover, the registrar run by Tucows had an event: i.e., "... there appears to
have been a brief period of time when unauthorized access to one of our
systems could have occurred."

So they reset all the user account passwords & sent a note around.


They sent the letter from a totally unrelated domain: <>
It appears to belong to something called "".

Plus the URL's embedded in that mail are from elsewhere:

And while their webpage is responding at, there is no
note on the site's pages mentioning the break-in & mailing.

And this is NOT a "too clueless to fail" multinational bank or such.  A
register's *whole existence* is to sell you on the personalization owning
your domain brings you. Too bad they don't practice what they preach.

When I reached them by phone, at a number I had in my records, the poor
representative admitted she had *many* callers say just what I did.

Mobile phone security moves in slow motion (Beta Boston)

Monty Solomon <>
Thu, 6 Aug 2015 17:33:56 -0400

Deterrence Considered Harmful (on John Arquilla)

Henry Baker <>
Wed, 05 Aug 2015 09:04:53 -0700
FYI—Finally, a cyberwar expert who admits that "deterrence" is a bankrupt
strategy for stopping cyberattacks.  However, Arquilla doesn't understand
what "defense" is required in this case; he thinks the fighter pilots of the
Battle of Britain will save the day in today's cyberwars.

Nevertheless, perhaps Arquilla can stop the U.S. from hurling invectives
that only underline the impotence of U.S. cyberstrategy and significantly
destabilize the world's security.

"The innocent are held hostage by the threat of nuclear holocaust"
MAD = "mutual assured *disruption*" = "a less stable situation"
"deterrence becomes problematic"
"deterrence is in pretty poor shape"
"The threat of retaliation with virtual weapons of mass disruption probably
  won't deter"
"the virtual defenses of the leading cyberpowers puts the United States in
  last place"

John Arquilla, Deterrence after Stuxnet, CACM, 4 Aug 2015

An AT&T problem allegedly caused outage on Verizon, Sprint, T-Mobile (Ars Technica)

Lauren Weinstein <>
Wed, 5 Aug 2015 09:27:09 -0700
Ars via NNSquad

  The four major wireless carriers in the US had an outage lasting about
  five hours in several states last night, and a report from Re/code says it
  was all caused by a hardware problem in AT&T's network.  Although AT&T,
  Verizon Wireless, T-Mobile US, and Sprint each operate their own cell
  towers, in the states where the outage occurred they apparently all
  acquire backhaul from AT&T's network. Re/code reported that "several
  telecommunications industry sources" confirmed that AT&T's network caused
  the outage for all four carriers in parts of Tennessee, Alabama, Kentucky
  and Indiana. (Another report said Georgia was affected as well.)

Under Pressure, Google Promises To Update Android Security Regularly (NPR)

Lauren Weinstein <>
Wed, 5 Aug 2015 10:17:23 -0700
NPR via NNSquad

  Google is making big promises to fix its Android operating system. The
  company recently came under sharp criticism after researchers found a
  major flaw in Android would let hackers take over smartphones, with just a
  text message.  Now, Google tells NPR and writes in a blog post, it'll work
  with other phone makers to fix that bug. And, going one step further,
  Google is rolling out a brand new system to protect smartphones regularly
  (not just once in a while).

Very glad to see Google moving forward decisively in this direction.
Kudos to the teams.

Reference: "Lauren's Blog: When Google Leaves Users Behind" - (4/22/15)

Controversial cybersecurity bill would do little to stop hackers

Lauren Weinstein <>
Wed, 5 Aug 2015 14:00:13 -0700
*The Guardian* via NNSquad

  "Details are absolutely crucial especially when it comes to the sordid
  history the federal government has had protecting the kind of stuff you'd
  expect them to protect," Weinstein said.  "I mean, how many examples do
  you need to have of the basic inability of the government to protect what
  you'd think would be the most sensitive information out there? We had a
  young guy clean out NSA with a thumb drive. Then they say they're going to
  ask for all this additional information and we're supposed to believe
  they're going to protect that."

Self-driving cars (xkcd 1559)

Gene Wirchenko <>
Tue, 04 Aug 2015 20:19:37 -0700
Punch-line: “I love self-driving cars.''

Among the States, Self-Driving Cars Have Ignited a Gold Rush (NYT)

Monty Solomon <>
Wed, 12 Aug 2015 01:01:02 -0400
Whether it is fuel savings, safer commutes or freed-up time behind the
wheel, motorists have many reasons to embrace self-driving cars.

But another group is just as eager to see these vehicles on the road:

Lawmakers from California, Texas and Virginia are wooing the autonomous-car
industry, along with the jobs and tax revenue that come with it.

They are financing research centers, building fake suburbs for testing the
cars and, perhaps most important, going light on regulation, all in an
effort to attract a rapidly growing industry.

The prize: a piece of the estimated $20 billion automakers and other
companies will spend globally on development over the next five years,
according to an analysis by Gartner.

Re: Fiat Chrysler Issues Recall Over Hacking (Kessler, RISKS-28.84)

Ivan Jager <>
Thu, 6 Aug 2015 19:16:50 -0500
Surely I'm not the only one that realizes a software update is not going to
fix the fundamental problem that this recall is about.

The safety problem to be fixed is not that "someone found one of the
vulnerabilities in the entertainment system and is going public with it".
The problem is that someone put a wireless modem on the CAN bus, which is
safety critical.

Patching the one vulnerability in the entertainment system is not going to
solve the problem because there are almost certainly plenty of other
vulnerabilities in the entertainment system. People who write entertainment
systems tend to worry more about features, performance, and a pretty UI.
They were almost certainly not expecting anyone's life to depend on the
correctness of their code. It's kind of like they're saying, "See, your
colander has a hole in it here and your design depends on it not having any
holes." "Oh, OK, we'll just patch that one hole you pointed out."

I realize Chrysler might want to receive telemetry from the ECU. I wouldn't
mind too much if there was a one way connection so safety critical
components could send information over the Internet, but there's no way
they should be able to accept commands over the Internet. Something as
simple as half an RS-232 interface should do to ensure one-way
communications. (Connect TX and GND but ground RX.)

Of course, that would cost a little more... I would say surely it would
cost less than the loss of confidence when people realize how poorly
designed the car is, but at this point I'm not sure consumers have much
confidence left to lose.

Re: Space Ship Two crash investigation results

Don Norman <>
Wed, 5 Aug 2015 09:27:39 -0700
Thanks to Peter Ladkin for his appropriate and well-reasoned disagreement
with Alister Macintyre's blame-finding description of the accident of
SpaceShip Two (RISKS-28.84 and 28.82, respectively).

Macintyre cast blame on people and organizations for the accident, but with
zero evidence. This should not be permitted within RISKs.

I was also sadly disappointed by *The NY Times* article about the report
from the U.S. National Transportation Safety Board's public session
(NTSB). NTSB clearly laid blame on the deficient human-factors design which
permitted a simple slip (the technical term for one class of human error) by
the co-pilot to lead to the tragedy.

As NTSB properly pointed out, safety systems should never have a single
point of failure. Where mechanical, electronic, or software systems are
involved, elaborate care is taken to avoid single points of failure: Why do
we allow it for human systems?

I've been arguing this point for years. I am delighted NTSB finally

But I have further cause for disappointment. Although the NY Times reported
the hearing fairly and accurately, they headlined it CCo-Pilot's Error Is
Blamed for Crash of Space Plane.

Here is what the Times reported that NTSB said:

“Would a single-point mechanical failure with catastrophic consequences be
acceptable?'' Robert L. Sumwalt, one of the safety board members, asked the
investigators Tuesday.

It would not, answered Michael Hauf, part of the investigation team that
spent nine months looking into the crash.

“So why would a single-point human failure be acceptable?'' Mr. Sumwalt
asked.  “And it really should not be acceptable. The fact is, if you put
all your eggs in the basket of a human to do it correctly—and I don't
mean this flippantly, because I've made plenty of mistakes—humans will
screw up anything if you give them enough opportunity. The mistake is often
a symptom of a flawed system.''

The safety board laid the primary blame on Scaled Composites, the company
that designed this part of the system, describing the probable cause as
Scaled Composites's failure to consider and protect against the possibility
that a single human error could result in a catastrophic hazard to the
SpaceShipTwo vehicle.

*The NY Times* article was excellent. But the headline writer ignored the
article and entitled the piece Co-Pilot's Error Is Blamed for Crash of Space

This propagates the myth that people are flawed, incompetent, etc. No folks,
it is bad design, design that ignores decades of research on proper human
factors.  It ignores the article itself where the blame was (properly) NOT
placed on the co-pilot but rather on the poor design.

NY Times: Shame on your headline writer.
Peter Ladkin: thank you.

Don Norman, Prof. and Director, DesignLab, UC San Diego  <>

Re: Windows 10 and Wifi Sense (RISKS-28.84)

"Bob Frankston" <>
4 Aug 2015 18:55:53 -0400
The real problem is that instead of coming to terms with the dangerous and
failed idea of perimeter security we see increasing efforts to work around
the borders only exacerbating problems.

The complex schemes for trading bandwidth are another face of this tendency
to pile on additional mechanisms rather than recognizing that bandwidth is a
construct. Bandwidth is a real technical term but billing for it is far
removed from the realities of a packet network.

Re: Siri's new voice, new name: Comey

Jeremy Epstein <>
Tue, 4 Aug 2015 19:24:35 -0400
Verizon has offered something very similar to the new Siri offering called
"Premium Visual Voice Mail".  It came bundled with my Samsung Galaxy 5 for a
couple months, and then switched to $2.99/month.  (I didn't take it.)

It describes the advantages as "Voice Mail to Text: Discreetly read voice
mails without listening to them".

See for a
comparison with the iPhone offering.

Not endorsing the product or minimizing the risk, just noting that it's not
really new.

Please report problems with the web pages to the maintainer