The RISKS Digest
Volume 29 Issue 87

Friday, 21st October 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Internet DDoS attacks
The NYTimes
Blame The Internet of Things for today's Web blackout
Trove of Stolen Data Is Said to Include Top-Secret U.S. Hacking Tools
The NYTimes
9-year old Linux Kernel race condition creates Copy-on-Write Privilege Escalation Hazard
Ars Technica via Bob Gezelter
Blame the computer: Italian Space Agency
Roberto Bagnara
Private security group says Russia was behind John Podesta email hack
The NYTimes
Whoever Wins the White House, This Year's Big Loser Is Email
The NYTimes
Obama administration unveils new rules to protect air travelers
The WashPost
Samsung exploding washing machines
CBS Boston
Samsung exploding phone issue extends past Note 7, lawsuit says
The Guardian
Re: Samsung discontinues Galaxy Note 7 after battery debacle
Al Mac
Re: Galaxy note 7 battery
Dimitri Maziuk
Stop talking about the trolley problem
Ian Jackson
The Trolley Problem and altruism
John Sebes
Re: Self-driving Cars and the Trolley Problem
Peter Bernard Ladkin
Re: Self-driving cars shouldn't have to choose who[m] to protect in a crash
David Damerell
Election rigging?
The Hill
Re: Undetectable election hacking?
Mark E. Smith
Mark Kramer
Michael Kohne
Chris Drewe
Re: E-mail Security
Chris Drewe
Info on RISKS (comp.risks)

Internet DDoS attacks

"Peter G. Neumann" <>
Fri, 21 Oct 2016 11:13:59 PDT

Major websites were temporarily inaccessible to many users in the United
States on Friday, after a major domain host reported two large
distributed-denial-of-service attacks on its servers.  Though the initial
problems appeared to be resolved in just over two hours, they had resumed by
the afternoon.  Users initially reported problems
<> with Twitter, Netflix, Spotify, Reddit,
Etsy, SoundCloud, The New York Times and others.

A global event is affecting an upstream DNS provider. GitHub services may be
intermittently available at this time.

GitHub Status (@githubstatus) Oct. 21, 2016

Dyn, a domain name system host that monitors and reroutes Internet traffic,
said it began experiencing an attack just after 7 a.m. Friday that affected
mostly users on the East Coast. Around 9:30 a.m., it said it had been
restored to normal.
<>statement that service

Just after noon, however, Dyn announced that it was again experiencing an
attack, and, once again, users of sites including Twitter and Spotify
reported more problems. The new outage appeared to affect West Coast cities
like Los Angeles, as well.

“Our engineers are continuing to work on mitigating this issue,'' Dyn said
in a statement on its site.

Blame The Internet of Things for today's Web blackout

Lauren Weinstein <>
Fri, 21 Oct 2016 13:49:05 -0700

  Today's nation-wide Internet outage was enabled thanks to a Mirai botnet
  that hacked into connected home devices, according to security
  intelligence company Flashpoint. The distributed denial of service attack
  targeted Dyn, a large domain name server, and took down Twitter, Spotify,
  Reddit, The New York Times, Pinterest, PayPal and other major websites.

Trove of Stolen Data Is Said to Include Top-Secret U.S. Hacking Tools (Re: NSA Contractor Arrested, RISKS-29.82)

Monty Solomon <>
Wed, 19 Oct 2016 23:14:35 -0400

Investigators found that stolen documents in the possession of Harold T.
Martin III included top-secret NSA hacking tools that two months ago were
offered for sale on the Internet.

9-year old Linux Kernel race condition creates Copy-on-Write Privilege Escalation Hazard

"Bob Gezelter" <>
Fri, 21 Oct 2016 05:52:40 -0700
A nine-year old race condition has been discovered in the Linux Kernel,
involving "Copy-on-write". This race condition can lead to an escalation
of privilege.

>From the article:

"While CVE-2016-5195, as the bug is cataloged, amounts to a mere
privilege-escalation vulnerability rather than a more serious code-execution
vulnerability, there are several reasons many researchers are taking it
extremely seriously. For one thing, it's not hard to develop exploits that
work reliably. For another, the flaw is located in a section of the Linux
kernel that's a part of virtually every distribution of the open-source OS
released for almost a decade. What's more, researchers have discovered
attack code that indicates the vulnerability is being actively and
maliciously exploited in the wild."

The complete Ars Technica article can be found at:

Bob Gezelter,

Blame the computer

Roberto Bagnara <>
Fri, 21 Oct 2016 21:56:19 +0200

For those who do not read Italian, the article cites statements attributed
to Roberto Battiston, the president of ASI, the Italian Space Agency.  Here
is the translation of a few sentences, appearing in quotes also in the

  "If the computer did not make a mistake, we would have had the icing on
  the cake, but we do have the cake.  In this case it was a fault of the
  computer, but nothing was wrong from the technical point of view."  He
  concludes with: "Sure, without the error made by the computer everything
  would have been perfect, but I think we can be really happy."

Applied Formal Methods Laboratory - University of Parma, Italy

Private security group says Russia was behind John Podesta email hack

Monty Solomon <>
Thu, 20 Oct 2016 23:09:27 -0400

The security group concluded that Hillary Clinton's campaign chairman was
hacked by the same Russian foreign intelligence service that hacked the

Whoever Wins the White House, This Year's Big Loser Is Email

Monty Solomon <>
Thu, 20 Oct 2016 23:17:44 -0400

The exposure of the Clinton campaign's internal emails shows that a
ubiquitous, and vulnerable, communication tool is ready for the scrap heap.

Obama administration unveils new rules to protect air travelers

Monty Solomon <>
Fri, 21 Oct 2016 09:46:08 -0400

  [Corrected URL thanks to Bob Gezelter.  PGN]

Samsung exploding washing machines (Re: RISKS-29.85)

"Peter G. Neumann" <>
Thu, 20 Oct 2016 12:02:41 PDT
More on Galaxy Note 7 Is Not Samsung's Only Problematic Product (RISKS-29.85):

[...] The affected washing machines have not been recalled even after a
handful of washers have broken apart during the spin cycle.  A federal class
action lawsuit claims Samsung has known about the issue for years.  Samsung
says the potential safety issues are related to certain top-loading machines
made between March 2011 and April 2016.  They are now working with the
Consumer Product Safety Commission to address the safety issue.

  [noted by Geoff Goodfellow, among others]

    [In the interim, Samsung recommends using the "delicate" cycle, which
    may or may not ease the problem.  However, this does not seem to be a
    delicate issue, and it is difficult to separate fact from spin!  PGN]

Samsung exploding phone issue extends past Note 7, lawsuit says

Geoff Goodfellow <>
Thu, 20 Oct 2016 14:40:42 -1000
Complaint alleges that Samsung knew for years its technology was hazardous,
saying a Galaxy S6 Active shot out 5-inch flames and left a user with
melted flesh

Re: Samsung discontinues Galaxy Note 7 after battery debacle (Al Mac, RISKS-29.86)

Scott Dorsey
Thu, 20 Oct 2016 09:43:39 -0400 (EDT)
> St. Louis MO has an underground fire thanks to improper disposal of US
> government Manhattan Project era radioactive materials.  This news from a
> year ago.)

No.  Not at all.  St. Louis has an underground landfill fire, the sort of
fire that seems to occur frequently and may be due to battery disposal or
other ignition sources.

It happens to be near a different landfill which has no barrier, where
uranium processing waste which is slightly radioactive was disposed of.

The low-level radioactivities have nothing to do with the fire other than
possibly being threatened by it.

Re: Galaxy note 7 battery (Al Mac, RISKS-29.86)

Dimitri Maziuk <>
Wed, 19 Oct 2016 18:09:09 -0500
There was that (fake of course) story of Brandy Bridges of Ellsworth,
Maine and a $2,004.28 compact fluorescent lightbulb.

We do have the "batteries" bin at work, so for me it's actually easier to
properly dispose of batteries than of CFLs.

Where I live CFL disposal locations are nowhere near where I live or work,
and their started fees range from "Charge" to "Charge. Free for CFLs. Call
for more information" to "Not specified. Call for more information."

So we're selling people hazardous waste as next best thing since sliced
bread, we don't tell them it's hazardous waste, and we don't provide the
facilities for safe and convenient disposal of said hazardous waste.  What
could possibly go wrong.

PS. one has to wonder what's inside the LED lightbulbs: gallium arsenide?

Dimitri Maziuk  BioMagResBank, UW-Madison—

Stop talking about the trolley problem (Re: RISKS-29.86)

Ian Jackson <>
Thu, 20 Oct 2016 12:47:34 +0100
A much better and more entertaining critique of this "trolley problem"
discourse is this piece by Kate Griffin:

  What troubles me deeply here is how limited and loaded the "choices" are.
  As the website tells, "From self-driving cars on public roads to
  self-piloting reusable rockets landing on self-sailing ships, machine
  intelligence is supporting or entirely taking over ever more complex human
  activities at an ever increasing pace".

  We get to play God and choose whether the self-driving car kills three
  teachers or a beautician and a penguin.  But we don't get to ask why
  self-driving cars have to be allowed on the public roads to kill people at
  all.  And we certainly don't get to ask why cars in general get to take up
  so much public space.  [...]

The Trolley Problem and altruism

John Sebes <>
Fri, 21 Oct 2016 10:31:16 -0700
Regarding the idea of a customer-controlled setting for "altruism level",
why in the world would anybody believe that such a setting would have any
effect on how the autonomous vehicle operates? This is proprietary code that
could have even simple bugs that accidentally invert settings. And no public
view on how much effort the manufacturer put into physical tests of the
safety algorithms. This just sounds like wishful thinking.

  [It seems more like Steve Bellovin's Security Flag and Drew Dean's ANGELIC
  bit—the dual of the EVIL bit.  These were the lead items in the 2003
  April Fool's issue, RISKS-22.66.  PGN]

Re: Self-driving Cars and the Trolley Problem (Pasquale, RISKS-29.86)

Peter Bernard Ladkin <>
Thu, 20 Oct 2016 09:22:43 +0200
Frank Pasquale in his Slate article cites Judith Jarvis Thomson as an origin
of the trolley problem.  I recently read another article which cited a young
contemporary philosopher. I think it's important to assign credit correctly.

The trolley problem originated with the great Philippa Foot. Wikipedia cites
1967, but I haven't checked the original reference:

The first article I have found by Jarvis Thomson which mentions it appeared
in The Monist in 1976, pp204-217, and is available at
Jarvis Thomson cites Philippa Foot's discussion of the trolley problem, on
p206.  This shows that Foot's discussion predates Jarvis Thomson's deservedly
highly-regarded contributions.

Peter Bernard Ladkin, Bielefeld, Germany

Re: Self-driving Cars and the Trolley Problem (Pasquale, RISKS-29.86)

"3daygoaty ." <>
Thu, 20 Oct 2016 09:54:56 +1100
> Imagine you are driving down a two-lane road at about 45 miles per hour...

This trolley problem is too erudite!  Surely there must be at least two
other more realistic considerations:

* That just about all collisions will not present this black and white
  ethical decision.

* That the car being supposedly autonomous can decide itself over and above
  what its programmers have told it to do.

The first one is simply the reality that no two accidents are the same and
not many will fit the Trolley Dilemma well.  So they won't fit a sacrificial
or selfish decision very well.  For example, the car has airbags inside it
not outside it.  So it's going to injure those it hits more likely than
those inside it.  This and many other considerations make it harder to weigh
up what to do even in "Ideal Trolley".

The second one suggests that free will exists where there is enough
complexity.  This is Daniel C. Dennett's idea.  Since car accidents are
going to be complex situations with many variables, in fact programming hard
and fast rules is not going to be optimal.  Also, the simple interaction of
even a small number of rules can bring about highly unexpected outcomes.
The car in the accident is in the best position to call it!  So I'm now
wondering if only in retrospect will we be able say the car acted in a
utilitarian manner or not: we can't direct this.

Re: Self-driving cars shouldn't have to choose who[m] to protect in a crash (RISKS-29.86)

David Damerell <>
Thu, 20 Oct 2016 14:21:43 +0100
I did the MIT "Moral Machine" survey mentioned in RISKS recently (which
attempts to assess how self-driving cars should respond to 'trolley

It struck me predominantly as an example of the risks of survey design --
that of hidden assumptions in the questions you ask.

At the end of the survey your supposed preferences are presented as a series
of sliders. Most of these sliders pertain to the gender, age, and perceived
social value of the victims - none of which influenced my answers at all

One of them pertains to whether or not the victims were jaywalking.  (As it
happens I live in an enlightened jurisdiction where there is no such
offence.) This is described in the questions, consistently, as "flouting the
law". This is of course gratuitously leading the witness; an automated car
cannot possibly tell if someone has made a conscious decision to flout the
law or has made an honest mistake. It is also particularly ironic since in
all these hypothetical cases the automated car was flouting the law by
driving too fast to stop in the distance it could see to be clear.

One of them pertains to whether one prefers to save the lives of pedestrians
or motorists. In spite of the fact that that was my sole basis for
preference, preferring to save any number of pedestrians over any number of
motorists, I only got a result about 2/3 of the way along that slider - in
spite of getting maximum results from some of the gender/age/etc sliders
which I hadn't had any preference on at all.

Clearly the survey design was extremely bad at elucidating my preferences.

[1] I ensured there was no risk of unconscious bias by selecting an answer
at random when I had no preference based on my actual, clearly defined,

Election rigging? (The Hill)

"Peter G. Neumann" <>
Wed, 19 Oct 2016 22:44:34 PDT

Re: Undetectable election hacking? (Youngman, RISKS-29.86)

Mark Kramer <>
Wed, 19 Oct 2016 23:33:37 -0400
Anthony Youngman <>:

  But how can an election be legitimate if OVER HALF the voters select party
  A, and yet party B wins?

In the US Presidential elections people are not voting for parties. They are
not even voting for the people named on the ballot. There is no "popular
vote total" in the Presidential elections. Statements like "A got over half
the popular vote" are completely meaningless.

In the US, people are actually voting state-by-state for people called
"electors", who are appointed by each state to participate in the Electoral
College. Those electors actually cast the final votes for the President.
They are supposed to be sworn to vote for the person (not the party) who won
the state-wide popular vote, but I believe there have been cases of
defection in the past. And even though the official "election" is assumed by
many to close at 8PM local time and all the hoopla starts over who won and
lost, it truly doesn't even take place until December when the Electoral
College meets to cast their ballots.

This system was designed and described in the US Constitution when it was
first written. It was intended to help alleviate the fears that large states
would have complete control over the federal elections by giving a bit more
say to the smaller states. That's part of being the "United States", not
"One Large Undifferentiated Country". Each state gets two electors just for
existing, and one elector for each U.S. Senator.

The population disparity has grown so much that this benefit to small states
isn't much of a benefit anymore, but switching to a pure popular vote system
will not help resolve that, it will only make it worse.

This is supposed to be taught to everyone as part of their civics classes in
grade school. It was in mine, but apparently not so much elsewhere.  That's
why we have so many people complaining that "A got more than 50% of the
popular vote for President and didn't win!"

  Why should I bother, if my vote is so unlikely to make a
  difference? What's the point?

Could I point out that in an election where 100 million people cast ballots,
your vote will ALWAYS be unlikely to make a difference. When voting for the
local dog catcher in a tiny village where only 37 people are registered and
nobody filed for the position, your one write-in vote may very well make all
the difference. As soon as the difference between candidates reaches three,
your vote didn't make a difference. It is a disingenuous excuse for laziness
and apathy to cry "my vote doesn't matter".

How do we fix that? We *cannot*.  Unless you can find a way that MY vote
makes some specific, measurable change in the outcome then my vote
individually will never make a difference. It is, and always will be, the
combination of everyone's votes that make a difference.

Re: Undetectable election hacking? (Youngman, RISKS-29.86)

Michael Kohne <>
Thu, 20 Oct 2016 07:31:08 -0400
> But how can an election be legitimate if OVER HALF the voters select
> party A, and yet party B wins?

Because that's the electoral process that's in place. While debating whether
it's a good one is certainly valid, saying it's not legitimate is entirely
inappropriate and insulting. For us in the US it's a bizarre relic of a time
when we couldn't logistically have a direct election in any kind of sensible

Just because it's representational democracy instead of direct democracy
doesn't mean it's not legitimate.

Said another way: Just because it's not how you'd like things to be
organized, doesn't mean it's inherently wrong.

Re: Undetectable election hacking? (Smith, RISKS-29.86)

"3daygoaty." <>
Thu, 20 Oct 2016 10:35:23 +1100
> Anyone following this discussion would be aware that when I wrote "whoever
> takes office," the risk is that due to the potential for hacking,
> unverifiable results, and Constitutional constraints, the person who takes
> office might not be the person who was elected.

Yes you are right: it is an important discussion.

> When the only viable choices are two evils, voting for a nonviable choice,
> casting an informal ballot, or choosing what an individual may consider to
> the be lesser of the two evils, is not for the good of anyone else, it is
> for evil anyway you look at it.

I think I'll stick my neck out and say that I suspect but cannot prove that
when more people vote, the choices get better.  It's probably easier to
believe that with declining turnout and disinterest in general, the choices
get worse.  I'll acknowledge that in compulsory voting, the choices (the
candidates) are forced in to the centre of the political spectrum since they
each seek to reach the largest audience: the left candidate will go for the
entire left and the right candidate the whole right, so they end up back to
back in the middle.  So when everyone votes, it may be harder to discern the
major candidates.  But then the candidates have to work harder to
differentiate their policies.

> In Australia, the losers have a minority voice in government, in the US
> losers—like third parties—have no seats and no voice whatsoever.

My point was actually more basic than that: how much the winner wins by is
important.  Whether runoff or simple majority makes no difference.  Those
who expect their candidate to lose and don't support him/her anyway send no
signal to the winner (and everyone else watching) about the mandate the
winner receives.  If he/she wins by a huge landslide it's going to be easier
to make changes.  If they win by a tiny margin, then the climate for change
is different.

The remainder of this email reply is interesting cultural comment, but I've
commented on what I know.

Re: Undetectable election hacking? (Re: Sebes, RISKS-29.86)

Chris Drewe <>
Thu, 20 Oct 2016 22:07:38 +0100
> But how can an election be legitimate if OVER HALF the voters select
> party A, and yet party B wins?

> If you want people to vote, you need to convince them that the person they
> *want* to vote for, stands a *decent* chance. As it stands, most people vote
> for the "least worst" candidate, and too many people take the attitude "a
> plague on ALL your houses!".

Response from a Brit: but we don't actually vote for governments, we vote
for who we want to be our representative (Member of Parliament), and the
party with most MPs forms the government (maybe in coalition with other
parties if no majority), leading to possibly contrary results as said.
There's probably some way of voting for parties on a national basis, but
this leaves the problem of choosing a representative for each constituency
(voter area)—party lists?  Personally I'm somewhat prejudiced against
proportional representation as we had a horrendously complicated system at
college for Students' Union representatives, typically requiring over 20
candidates to be listed in order of preference (awkward if you'd never heard
of 18 of them), usually resulting in the complete unknown who hardly anybody
voted for winning as a result of the distribution of the 2nd, 3rd, 4th, 5th,
etc.  choice votes.  There are various ways of voting, each with their good
and bad points, and it's certainly worth debating, but probably outside the
scope of RISKS.  At least we in the UK don't have to worry about electronic
voting... yet.  (There was a proposal for compulsory postal voting, but that
was dropped after some scandals.)

Re: E-mail Security (Re: RISKS-29.86) ?????

Chris Drewe <>
Thu, 20 Oct 2016 22:07:38 +0100
"Determine if you're using outdated or less secure sign-in"?

I've recently had slightly strange warnings from Yahoo! about e-mail access
-- the help page says:

>     Chris
>     e767pmk
>>   App access and security
> Yahoo has a variety of ways for you to maintain your account security.
> Some third party email applications use an older security protocol to
> sign in to your account. Find out if you're using an app that fits this
> description and how to improve your app security.
>     Determine if you're using outdated or less secure sign in
>   * *Blocked access* - We may block sign in attempts from older apps and
>     you won't be able to access your Yahoo Mail.
>   * *Email notices *- You may receive emails from Yahoo if we detect
>     sign in attempts from apps with outdated sign in security. If you
>     don't update your security, you'll continue to receive these notices.
>   * *Common email apps using older security protocols for sign
>     in* - You're using the following:
>       o and Outlook desktop app for Windows and Mac
>       o Apple Mail on Mac OS 10.9 or lower
>       o Apple Mail on iOS 8 or lower
>       o Outlook Express
>     More securely access Yahoo Mail and stop email notices
>   * *Use our app* - Use the Yahoo Mail app for Android and iOS or
>   * *Use a third party email app with modern sign in security* - Like
>     the Mail app on iOS 9 or above for iPhone, or the newest, verified
>     Gmail or Outlook mobile apps.
>   * *Review email applications that access Yahoo Mail on your computer
>     and mobile devices, and remove any saved Yahoo Mail passwords from
>     apps you no longer use* - Email apps that save your passwords may
>     regularly fetch new email data, which can trigger the email notice.
>     Temporarily allow or deny access to apps using older security sign in
> While we don't recommend granting access to apps that use a less secure
> sign in method, you can temporarily choose to allow access to them for
> the time being.

In my case, I use a desk-top e-mail client and AVG anti-virus with POP3/SMTP
-- it's AVG which handles the interface to the mail servers, which I've set
for 'secure connection'.  Is this the 'older security protocol', that Yahoo!
is objecting to?

A friend of mine pointed me to this URL:

I also remembered an item in a newspaper back in May this year about how
some security software (including AVG, of course!)  increases the
possibility of man-in-the-middle attacks due to how they work.

So the question is: what happens next?  Will new software be available to
allow POP3/SMTP access as now but with better security, or will it require
whole new e-mail applications?  Personally I find e-mail web access rather
clunky to use and prefer the desk-top client; one advantage is that I can
read incoming mails offline and thus avoid them calling home when opened, so
senders of spam/junk mails won't have any receipt confirmation.  (And I
don't want to have to change to a smartphone.)

Please report problems with the web pages to the maintainer