The RISKS Digest
Volume 29 Issue 35

Wednesday, 16th March 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Apple's Brief Hits the FBI With a Withering Fact Check
Apple and Justice Dept. Trade Barbs in iPhone Privacy Case
Spontaneous Windows 10 Upgrade
Martin Fong
City's Public Wi-Fi Raises Privacy Concerns
Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank ...
Yet another reason why expiring and reusing domain names is a really bad idea
Heat Scanning vs. Privacy
ICANN—"Time for America to relinquish custody of the Internet"
James Titcomb
Internet mismanagement
The Independent
Stealing Nude Pics From iCloud Requires Zero Hacking Skills— Just Some YouTube Guides
"YOGA* - A Software Development Process Based On Ancient Principles"
ACM Learning Center
Threat Intelligence & AI
Business Wire
Re: Florida Senate endorses making computer coding a foreign language
Dan Geer
Re: President Obama at SXSW
Mark E. Smith
Re: Skype Co-Founder Launches End-To-End Encrypted 'Wire' App
John Levine
Re: Why no secure architectures in commodity systems?
Dick Mills
Henry Baker
Info on RISKS (comp.risks)

Apple's Brief Hits the FBI With a Withering Fact Check

PRIVACY Forum mailing list <>
Wed, 16 Mar 2016 11:27:23 -0700

  APPLE'S LATEST BRIEF in its battle with the FBI over the San Bernardino
  iPhone offered the tech company an opportunity to school the Feds over
  their misinterpretation and misquotations of a number of statutes and
  legal cases they cited as precedent in their own brief last week. Many
  viewed Apple's arguments as a withering commentary on the government's
  poor legal acumen.

Apple and Justice Dept. Trade Barbs in iPhone Privacy Case

Monty Solomon <>
Tue, 15 Mar 2016 23:04:15 -0400
Apple and Justice Dept. Trade Barbs in iPhone Privacy Case

The company said a ruling on unlocking the phone of a gunman in a mass
shooting had to take into account the national debate over data privacy.

Spontaneous Windows 10 Upgrade

Martin Fong <>
Tue, 15 Mar 2016 16:40:08 -0700
Yesterday morning a coworker mentioned that his mother had called him and
said that her Windows 7 desktop spontaneously updated to Windows 10.
Skeptical, he asked if she had inadvertently clicked "Yes" on an "Accept
Upgrade" dialog, but she replied that there wasn't one.  Unfortunately,
because her Windows 7 computer was configured to perform an auto-login, she
did not know or have her login credentials now required by the Windows 10
login dialog.  (This morning she called MicroSoft support and was told she
needed to create a MicroSoft account from a different computer and use that
to log into her machine; this procedure worked.)  However, starting
yesterday, other users have complained about their Windows 7 machines being
forcibly upgraded to Windows 10 without their approval.  It appears that
MicroSoft changed the Windows 10 upgrade from "optional" to "recommended",
and that this upgrade preemptively installs without explicit user approval,
something that MicroSoft has denied.  For more info, see

City's Public Wi-Fi Raises Privacy Concerns (NYCLU)

Lauren Weinstein <>
Wed, 16 Mar 2016 09:29:49 -0700
NYCLU via NNSquad: City's Public Wi-Fi Raises Privacy Concerns

  The city's new public Wi-Fi network LinkNYC raises several privacy
  concerns for users, the New York Civil Liberties Union announced today
  after sending a letter to the Office of the Mayor on Tuesday.  CityBridge,
  the company behind the LinkNYC kiosks that have begun replacing phone
  booths in Manhattan, retains a vast amount of information about users -
  often indefinitely - building a massive database that carries a risk of
  security breaches and unwarranted NYPD surveillance.

Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank ... (WashPo)

Gabe Goldberg <>
Tue, 15 Mar 2016 16:25:41 -0400

... demonstrating that not all typos are bad! The risk? Bad guys knowing how
to spell.

Yet another reason why expiring and reusing domain names is a really bad idea (ZDNet)

"Bob Frankston" <>
16 Mar 2016 15:44:19 -0400
Malvertising campaign strikes top websites worldwide

"According to Trustwave, the cyberattacker behind this malvertising campaign
"acquired an expired domain of a small but probably legitimate advertising
company in order to utilize this for malicious purposes," providing them
with the avenue to exploit high-ranking websites through"

Heat Scanning vs. Privacy (Harper's)

"Alister Wm Macintyre \(Wow\)" <>
Tue, 15 Mar 2016 16:19:00 -0500
April 2016 Harper's Magazine has a short photographic essay on the NYC PD
"Domain Awareness System," which has:

* 8,300 cameras
* 500 license plate readers
* An unspecified volume of thermal imaging.  NYPD claims to have canceled
  the heat scanning.

The article shares some pictures of what we can see with the latter, at
various ambient temperatures.  Interesting . I see a cop with a spare gun by
his knee.

To see this, you have to either be a subscriber, or pick it up at the

ICANN—"Time for America to relinquish custody of the Internet" (James Titcomb)

Chris Drewe <>
Wed, 16 Mar 2016 16:58:53 +0000
James Titcomb, *The Telegraph*, 14 Mar 2016
Why it's time for America to relinquish custody of the Internet

  The World Wide Web can often seem like a lawless place; free and open and
  beyond the control of any one government or censor. It has been one of the
  basic principles of the web in the three decades since it was invented.
  But in one way, America does control the Internet. It has had ultimate
  control over the Internet Corporation for Assigned Names and Numbers,
  better known as ICANN, since it was formed in 1998.  That was until last
  Thursday, when the organisation submitted long-awaited proposals to the US
  Government that would see it made independent.

No idea if this is a risk or not, but looks like it could be important.

  [In this case, please remember that risks involve many people, many
  nations, many corporations, many institutions, and so on, possibly in
  different ways.  PGN]

Internet mismanagement

"Alister Wm Macintyre \(Wow\)" <>
Tue, 15 Mar 2016 16:39:32 -0500
Misleading headlines say the US gov is giving up control of the Internet.

The truth is that ICANN was in charge of the Internet, but was doing such a
bad job, that a handful of domain registrars make their money by enabling
criminals responsible for 90% of the spam, hacker-cracker activities,
phishing, sales of phony & illegal products, etc., while ICANN was taking
forever to act on reports of this digital-mafia support.

While ICANN incorporated in California, and thus theoretically under some
kind of US oversight regulation, reality has been clueless oversight.

What will we be getting in place of ICANN?  Seems to me a dramatic increase
in anarchy.

Stealing Nude Pics From iCloud Requires Zero Hacking Skills—Just Some YouTube Guides (Forbes)

"Bob Frankston" <>
16 Mar 2016 08:38:14 -0400
Amid the worries about the backdoor, a reminder that the front door is
easily pried open.

"YOGA* - A Software Development Process Based On Ancient Principles"

"ACM Learning Center" <>
Tue, 15 Mar 2016 16:47:19 -0400 (EDT)
Register for a Special April 1 Webcast: "YOGA*—A Software Development
Process Based On Ancient Principles"

Register for the next free ACM Learning Webinar:±

"YOGA*--A Software Development Process Based On Ancient Principles,"
presented on Friday, April 1 at 12 pm ET by Seth Winis, Software Development
Guru and YOGA Expert (at the encouragement of David Weiss, longtime
researcher in software engineering and IEEE Fellow). Will Tracz, Lockheed
Martin Fellow Emeritus and Past Chair of ACM SIGSOFT, moderates the
questions and answers session.

(If you'd like to attend but can't make it to the virtual event, you still
need to register to receive a recording of the webinar when it becomes

Note: You can stream this and all ACM Learning Webinars on your mobile
device, including smartphones and tablets.

YOGA* is a software development process based on ancient principles and
derived from many years of experience with software production and
introspective research into and measurement of software production. I thank
the guru Fapsan Rat for his many hours of discussion and joint meditation
with me concerning these principles.

YOGA stands for You Only Go Ahead and its theme is to be forward looking. It
consists of 10 basic commandments such as:

-Ignore the past and only look ahead. Don't worry about repeating past
-Don't try to be rational. There is substantial evidence that there's no
 such thing as a rational software production process. Think of yourselves
 as artists, free to create.
-Each team member should meditate on his/her code for an hour every day. The
 purpose of the meditation is to become more enlightened about the code and
 coding. The goal should be to find a place in the code that the team member
 can modify today.
-Strengthen your core. Your core developers are the ones who make 80% of the
 changes. Give them coding exercises to do and hold an occasional
 refactoring contest to see who can refactor fastest.

Duration: 60 minutes (including audience Q&A)

Presenter: Seth Winis, Software Development Guru, YOGA Expert Seth Winis has
many years of development experience at places such as AS&T, Lucid,
Motovola, The Software Feasibility Consortium, The Numerical Research
Laboratory, and Howaya. He has also spent time in academia as a professor of
software reengineering at Moo U. and others. David Weiss, long time
researcher in software engineering and IEEE Fellow, encouraged Seth to
publish his ideas on YOGA. David has worked in industry, such as Bell Labs,
Avaya Labs, the Software Productivity Consortium, Computer Sciences Corp.,
in government, such as the Naval Research Laboratory and the Office of
Technology Assessment, and in academia, where he was professor of software
engineering at Iowa State University. He is now retired, with time to step
back and inject some humor into his history in software engineering.


Will Tracz, Lockheed Martin Fellow Emeritus; Past Chair, ACM SIGSOFT When he
retired in 2012, Will Tracz was a principal software engineer/application
architect for the Global Combat Support System - Air Force program. He is
Past Chair of the ACM Special Interest Group on Software Engineering
(SIGSOFT) and a member of the ACM Professional Development Committee. He was
the editor of the ACM SIGSOFT Software Engineering Notes (1994-2012), 2002
chairman of the International Conference on Software Engineering, and 2012
chairman of the ACM Foundations of Software Engineering.

Visit for our full archive of past webinars

Applicative 2016 (June 1-2, New York City) brings together researchers and
practitioners to share the latest emerging technologies and trends in
software development.

We computer scientists take our profession very seriously and sometimes
partition ourselves along dogmatic, almost religious lines. Perhaps every
once in a while we need to to step back and inject some humor into our
arguments. April Fool's Day seems like a good time to practice some
well-grounded satire.

Threat Intelligence & AI

"Alister Wm Macintyre \(Wow\)" <>
Wed, 16 Mar 2016 01:58:37 -0500
Drowning in Threat Intelligence: National Security, and Cyber Security,
workers have a similar set of challenges.

They are overwhelmed with clues, without adequate resources to deal with
them all effectively, or identify which are the most critical.

National Security looks for a needle, not in a haystack of needles, but a
Grand Canyon of them, finding they did have the relevant data after many
successful terrorist attacks.  In my opinion, This may be partly their
fault, for: scooping up masses of info on people who are unlikely to be a
terrorist threat; not fixing the ICANN corruption where a handful of rogue
registrars are responsible for enabling the vast majority of cyber crime;
not figuring out how to stop terrorist funding; not evacuating US weaponry,
now in ISIS and alQ hands, when pulling out of various theaters.

Some IT workers lack the corporate funding support to work smart with cyber
warnings.  Fire-Eye has a white paper with guidelines to help manage
tradeoff between alerts and risk. (registration required)

Several breaches, of Mega-corps, had the clues that could have been acted
upon to stop the breach, but they were buried in a deluge of clues.

Maybe AI could help? Check out the story on Dark Trace in March 20 BBW.
This British startup is run by ex-spies using AI to detect network breaches,
with color coded alerts.  It first watches the systems in place for standard
patterns, then reports on irregularities.

This sounds like the same technique that UPI's Needle in Haystack uses to
detect embezzlement and stupid errors in ERP management.

Artificial Intelligence (AI) stories cropping up  many places.

Here is an article on Hardware Evolution.

Re: Florida Senate endorses making computer coding a foreign language (RISKS-29.33)

Tue, 15 Mar 2016 19:01:00 -0400
In many settings where a degree in some aspect of social service (broadly
defined) is to be awarded, American Sign Language satisfies the language

Re: President Obama at SXSW (Baker, RISKS-29.34)

"Mark E. Smith" <>
Wed, 16 Mar 2016 03:59:51 +0800
> "Weak encryption + voting apps = GAME OVER for democracy."

Elections are irrelevant to democracy. Free, fair, open, and honest
elections can be held for a dictator, but that doesn't make a dictatorship
into a democracy.

It was "game over" for democracy in the USA when the counterrevolutionary
Constitution betrayed the American revolution by establishing neither a
democracy nor a republic, but a plutocracy in which all men were not equal,
the votes of some (Electors) counted more than the votes of others, not
everyone was allowed to vote, those who could vote were not allowed to vote
directly for the highest office in the land, and rather than vesting supreme
power in the hands of the people, supreme power was vested in the hands of
an unelected Supreme Court. To further ensure inequality and an undemocratic
form of government, there was no right of recall at the federal level so
that constituents could not hold their elected officials accountable during
their terms of office, which is the only time they hold power, the only time
they are supposed to represent their constituents, and the only time that
they might need to be held directly and immediately accountable to prevent
permanent damage to the nation.

Tweaks like mandatory or online registration (it is extremely difficult not
to get caught rigging elections when there are more votes than there are
registered voters, so corrupt elections officials are always looking for
ways to add phantom voters to the rolls to facilitate the creation of
phantom votes), and online voting, merely make our corporate-controlled,
unverifiable, undemocratic elections easier to manipulate.

Re: Skype Co-Founder Launches End-To-End Encrypted 'Wire' App

"John Levine" <>
15 Mar 2016 21:11:51 -0000
The good news is that Wire is technically very sophisticated and if their
white paper is to be believed, the crypto is very strong.

The bad news is that since it lets anyone sign up with no ID beyond an
e-mail address and start calling anyone else in the Wire phonebook for free,
you get a lot of spam.  Within hours of signing up, my phone was beeping
with calls from random people I'm quite sure I do not want to talk to.

It's surprising that people who ran Skype don't remember that problem and
what they did to deal with it.

Re: Why no secure architectures in commodity systems? (Sizemore, RISKS-29.34)

Dick Mills <>
Wed, 16 Mar 2016 09:58:10 -0400
Nick Sizemore did a good job of surveying the subject.  But there's one
glaring omission IMO.

Governments, including but not limited to the USA, are opposing true
security as a matter of policy.

Any truly secure system or technology could get into the hands of criminals,
terrorists, or foreign states.  They could use it to shield themselves from
law enforcement, intelligence gatherings, or the attacks of US Cyber
Command.  Is it not the duty of Cyber Command to have the ability to
successfully defeat any cyber security anywhere at any time?

Any secure organization can be infiltrated by bad people.  Not only single
actors like Manning, but even groups who might use the facilities to
communicate securely among themselves about their criminal plans not related
to the organization's mission.

Before addressing *how* to make things secure, we need clarity on the issue
of *whether* secure computing or secure communications will be tolerated in
any context.

Re: Why no secure architectures in commodity systems? (Sizemore, RISKS-29.34)

Henry Baker <>
Tue, 15 Mar 2016 13:54:54 -0700
Thanks, Nick, for a terrific summary status report.

Even though I'm a formalist by nature & training, I can see that formal
methods are not going to be sufficient to solve most of the problems in
computer security today.

Part/most of the reasons have to do with the fact that we're trying to
replace the engine & wings on a plane that's already flying with billions of
folks aboard.  For example, we jumped into e-commerce before we even knew
how to build safe & secure crypto systems.  We still don't, but we're a lot
better than we used to be; unfortunately, we're still putting out crypto
fires that started 25 years ago.

I've come around to Dan Geer's way of thinking: look to biological systems.
They've been dealing with "security" problems for perhaps 2 billion years,
so there's some chance that they have some tricks up their microscopic

For example, it would seem that cell "suicide" is a lot more common than
previously thought.  If a cell determines that it has been overwhelmed by
forces that it cannot control, and this is a threat that can overwhelm other
cells, as well, it will commit suicide in an attempt to stop a pathogen from
spreading.  Ditto for individual plants and animals; the survival of the
species is more important than the survival of the individual.

As IoT computers become cheaper than the postage it costs to mail them, it
is no longer necessary to "save" the computer or even "reprogram" it.  Throw
it away—or better yet, grind it to dust.  (Note to E.E.'s: we need cheap
chips which can self-destruct rather than disclose priceless information.)

Since it's "turtles all the way down", and since turtles can't be trusted,
we need to *build distrust* into all of our systems.  We can no longer take
a NAND gate at face value & trust that it computes correctly.  Yes, the vast
majority of faulty NAND gates will be due to the usual manufacturing
defects, but some will be due to *faulty design*, and some will be due to
*malicious behavior* on the part of some criminal or state (but I might be
repeating myself).

We now build *distributed* power supplies into all of our electronic
components, because it's far more robust than attempting to guarantee a
sufficiently smooth source of power from the higher-level subsystem.  We
didn't do this out of a lack of trust in power supplies, but perhaps we
should attribute "distributed" to "distrustful".

We now build *error correcting codes* into nearly every subsystem, because
1) it's relatively cheap; and 2) because the cost of attempting to debug
every single type of signal propagation error is prohibitive.  We may not
have considered trust when incorporating ECC, but nowadays we might
seriously consider using SHA256 instead of (or in addition to) traditional

For all of these reasons, we need to build distributed *distrust* into every

Another inspiration from biology: embrace randomness.  We've gone to every
conceivable effort to eliminate randomness from our electronic systems, yet
every IoT device *requires* randomness in order to properly generate the
random crypto *keys* it will need in order to communicate with other
components *securely*.

Furthermore, this exquisite *cleanliness* of component power supplies and
signals means that it is almost trivial to snoop on these subsystems to
determine when they are computing with crypto keys and then to extract those

There has got to be a new type of computer design in which the randomness is
not only not extinguished, but embraced, so that computations are inherently
far more random (and hence can't be easily snooped), and randomness for
crypto keys is trivially available.

I don't have the solutions, but I'm afraid that we've only been looking near
the lampposts where the light is the brightest.  We need to move away from
the lampposts & look further afield.

Please report problems with the web pages to the maintainer