The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 29 Issue 50

Tuesday 3 May 2016

Contents

Scary wifi SSID clears Qantas plane
The Telegraph via Henry Baker
Snowden on encryption: Without it everything stops!
Slashdot
RNC eschews use of electronic voting at their convention
Politico
Dilbert and voting machines
Donald B. Wagner
20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption
Motherboard
FBI granted federal court warrant forcing suspect to unlock iPhone using Touch ID
Ben Lovejoy
Risks of doing live TV without the most recent Windows upgrade
YouTube via David Tarabar
The last non-Internet Generation
Paul Robinson
Autonomous cat-killer robot
Mark Thorson
Re: If Emoji Are the Future of Communication Then We're Screwed
Gene Wirchenko
Info on RISKS (comp.risks)

Scary wifi SSID clears Qantas plane

Henry Baker <hbaker1@pipeline.com>
Mon, 02 May 2016 16:44:29 -0700
FYI—Qantas flight QF481 is an Airbus A330-200.

Just wondering if SSID's like 'Airbus A330 Navigation' or 'Airbus A330
Maintenance' would have cleared the plane; they certainly would have scared
me a lot more.

http://www.telegraph.co.uk/news/2016/05/02/wi-fi-hotspot-named-detonation-device-causes-bomb-scare-at-melbo/

Wi-Fi hotspot named 'detonation device' causes bomb scare at Melbourne airport
The Qantas flight was due to fly to Perth

Jonathan Pearlman, *The Telegraph*, Sydney, 2 May 2016

A poorly-named Wi-Fi hotspot sparked a security scare on a Qantas flight and
prompted about 50 terrified passengers to refuse to fly.  The hotspot name
-- Mobile Detonation Device—was spotted by a female passenger who saw it
on her phone's Wi-Fi menu before the plane left Melbourne airport.
She alerted the crew who notified the pilot and security officials.

Passengers aboard the flight said the pilot asked the person responsible for
the Wi-Fi name to come forward but no one did.  The passengers were then
asked to leave the plane, which was due to fly to Perth.

Security officials checked the plane but were unable to find a threat and
cleared the flight to leave.  "The pilot said a particular passenger had
gone to log on and a hotspot name has come up with one which was a scare to
Qantas and passengers," a passenger told Channel Seven.  "The pilot made us
aware and said they were going to take proper security precautions... After
half an hour no one came forward, the Wi-Fi covered a fair distance so [it]
could have been someone in the terminal."

Qantas offered to transfer concerned passengers to alternative flights.
An estimated fifty passengers—about half of those on board—opted to
take a different flight.

Qantas said there had been no risk to the flight, which was delayed by two
hours.  "Some passengers elected not to travel so there was a delay as bags
were taken off and those passengers disembarked," said a Qantas
spokesperson.

The passenger said he believed the scare was caused by "some immature
person, possibly in the terminal".


Snowden on encryption: Without it everything stops!

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 2 May 2016 14:51:38 PDT
https://yro.slashdot.org/story/16/05/02/1755200/without-encryption-everything-stops-says-snowden


RNC eschews use of electronic voting at their convention (Politico)

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 2 May 2016 12:59:13 PDT
Politico, 2 May 2016

SECURITY FEARS EQUAL PAPER BALLOTS: The Republican National Convention is
shunning electronic voting, because: cybersecurity. And other things.
"Senior party officials - worried about hacking and Internet reliability in
the overcrowded Cleveland arena and eager to preserve the live television
drama surrounding a drawn-out roll call - are ruling out a change to
convention bylaws that would allow for electronic voting on the ballots to
select the GOP's presidential and vice presidential nominees," POLITICO's
Darren Samuelsohn reports. On the cybersecurity side of it specifically,
Indiana RNC member John Hammond said about the possibility of an attack:
"You certainly wouldn't want it to happen under those circumstances when the
entire world is watching."
<http://go.politicoemail.com/?qs=db12ef29fba0aff9aff27d9b4eefc021b7057b09faf1a9899d0e36cebbf7e5de>


Dilbert and voting machines

"Donald B. Wagner" <zapkatakonk1943.6.22@gmail.com>
Sun, 1 May 2016 09:25:24 +0200
http://dilbert.com/strip/2016-05-01


20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption (Motherboard)

"Dave Farber" <farber@gmail.com>
Mon, 2 May 2016 19:54:06 -0400
https://motherboard.vice.com/read/senator-patrick-leahy-pgp-encryption-letter-20-years

In 2016 some senators are trying to limit encryption, the technology that
keeps your messages and personal data safe from prying eyes, with a bill
that's so bad, one expert called it the most "ludicrous, dangerous,
technically illiterate tech policy proposal of the 21st century."

Two decades ago, some senators were fighting to make encryption more
widespread. As part of that fight, which some call the first Crypto War,
Sen. Patrick Leahy (D-VT) decided to make a statement about the importance
of crypto by using it himself. ....


FBI granted federal court warrant forcing suspect to unlock iPhone using Touch ID (Ben Lovejoy)

the keyboard of geoff goodfellow <geoff@iconia.com>
May 2, 2016 at 4:25:30 PM EDT
Ben Lovejoy,  9to5mac.com

For the first time in a federal case, a suspect has been ordered to use her
fingerprint to unlock her iPhone using Touch ID. The LA Times reports that a
federal judge signed a warrant allowing the FBI to compel a suspect in an
identity theft case to to unlock the phone just 45 minutes after her arrest.

Authorities obtained a search warrant compelling the girlfriend of an
alleged Armenian gang member to press her finger against an iPhone that had
been seized from a Glendale home.

In the Glendale case, the FBI wanted the fingerprint of Paytsar
Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal
convictions who pleaded no contest to a felony count of identity theft.

The warrant is consistent with a 2014 case where a Virginia District Court
ruled that while passcodes are protected by the 5th Amendment right against
self-incrimination, fingerprints are not. Legal experts, however, have
differing views.  [...]

http://9to5mac.com/2016/05/02/federal-court-touch-id-fingerprint/


Risks of doing live TV without the most recent Windows upgrade

David Tarabar <dtarabar@acm.org>
Mon, 2 May 2016 13:31:14 -0400
During a live TV weather report, the map display was obscured by a dialog
box saying that Microsoft recommended upgrading to Windows 10. See the video
below.

https://www.youtube.com/watch?v=VMPeTrHNX1U&feature=share


The last non-Internet Generation

Paul Robinson <paul@paul-robinson.us>
Tue, 3 May 2016 01:09:43 +0000 (UTC)
This year effectively ends the last non-Internet generation. Every person
born since 1995 has lived in a world where the Internet has always been
generally available to almost everyone in the first world, and over about
the last ten years, it's been fairly fast broadband.

Think about this. Anyone born prior to 1995 has memories of a time when
Internet access was not ubiquitous, was often unavailable in some areas or
was very expensive, and in most cases was slow, and when I say slow, in 1988
the most common modem speed was still 2400 baud. That's 240 characters per
second.

When I first got into computers back in 1978, you had mainframes, which
served lots of users but was expensive. Our computer at Orange Coast College
in Costa Mesa, CA, served about 100 terminals on two campuses from three
computers, and, as one of our professors told us, cost "a megabuck," that
is, over a million 1978 dollars. And they weren't even all IBM, one was from
Magnuson, the other from Amdahl but all ran IBM's OS/VS1 operating system
and later VM hypervisor.  The open source emulator Hercules can run that
operating system in simulation on a PC probably faster than it ran on the
original big iron.

You also had minicomputers, Long Beach City College, Long Beach, CA had in
its Math department a PDP-11/03 that had 56K of memory - and that is not a
mistype, it had 56K, not 56 meg - had three CRT and one typewriter-style
terminal, used two 256K 8" floppy disks, and cost $20,000. You probably have
more capability now, in your hand, if you own an Android tablet or phone
that costs about $50.

So people born before about 1980 can remember when we didn't have quite
powerful computers in our homes. And those who were at least teenagers in
1995 can remember when we didn't have Internet even if we did have a
computer. But the kids that are just turning adults this year have no memory
of a world without cell phones, computers and the Internet.

The proliferation of apps for handheld computers, I think, has barely
scratched the surface, and as near-universal wi-fi and connectivity become
more common, I suspect we will see new developments that will change the
world again. The availability of the PC starting in the early 1980s and the
even less expensive availability in the late 1990s as well as what they
became capable of doing for us, or allowing us to do with them, changed so
many things in so many ways it's hard to believe how different this world is
from say, 1987.

Compare 1964 ro 1984 and the differences are not that significant. Color TV
was crisper, microwave ovens and VCRs were around, but the way we interacted
with people was similar to that of perhaps 10 years earlier (except phones
were more common).

Now look back on 1996 and now, cell phones are everywhere and cheap, most
cell phones are actually computers, all have either local or
carrier-provided Internet, and what we can do with systems rivals what
required supercomputers twenty years ago, or might not even have been
possible - like 3D printing of objects - and yet, again, we are just now
entering a world where every child has lived in a country that has always
had Internet connectivity.

Now the only question is, will we have the ingenuity to use the power we
have to do great accomplishments, or will we suffer from a lack of vision
and foresight to think about new things and improvements?

As the group Asia put it, "Only Time Will Tell."

Paul Robinson <paul@paul-robinson.us> - http://paul-robinson.us (My blog)


Autonomous cat-killer robot

Mark Thorson <eee@sonic.net>
Sat, 30 Apr 2016 23:47:34 -0700
Lindsay Marshall and the other cat-haters should be pleased by this
development, currently undergoing testing in anticipation of widespread
deployment.

http://www.theguardian.com/environment/2016/apr/17/robots-lasers-poison-the-high-tech-bid-to-cull-wild-cats-in-the-outback


Re: If Emoji Are the Future of Communication Then We're Screwed (Ward, RISKS-29.49)

Gene Wirchenko <genew@telus.net>
Fri, 29 Apr 2016 21:38:42 -0700
>  "There are (at least) two causes for the huge potential for
>  miscommunication using emoji:"

I have a third: not being able to figure what is meant by the itty bitty
facial expression.  I gave up *years* ago.

  [BTW, catless is catless now because of a broken watermain.  Many cats do
  not like water?  How could you miss such an excellent cheap shot?  Maybe,
  you think that catless and PiGeoNs do not belong together.]

    [BTW, our friends at Newcastle will be attempting to reboot catless,
    perhaps today.  PGN]

Please report problems with the web pages to the maintainer

Top