The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 30 Issue 34

Saturday 24 June 2017


U.S., Russia, and Kaspersky
The Washington Post
Researcher finds Georgia voter records exposed on the Internet
Seattle Times
European Parliament Committee Recommends End-To-End Encryption For All Electronic Communications
FCC makes net neutrality commenters' e-mail addresses public
Ars Technica
News Corp CEO attacks Google and more
Fox News
Hong Kong privacy watchdog blasts electoral office for massive data breach
How hackers can steal your 2FA email account by getting you to sign up for another website
Espionage suspect totally thought messages to Chinese intel were deleted
Ars Technica
Risks of Overflow Department
Slashdot via Chuck Weinstock
Y2K problem causes earthquake aftershock 92 years later
Henry Baker
Sundry items
Monty Solomon
Re: The tech world is rallying around a young developer who made a huge embarrassing mistake
Amos Shapir
Re: Voice synthesis
Richard Bos
David Owen: Air Accident Investigation: How science is making flying safer
Robert Dorsett
Info on RISKS (comp.risks)

U.S., Russia, and Kaspersky

"Peter G. Neumann" <>
Thu, 15 Jun 2017 11:30:50 PDT
In an era of Russian Hacks, the US is still installing Russian Software on
Government Systems.

This is the basic paradox: On one hand, top intelligence officials at the
FBI, CIA and the National Security Agency tell members of Congress that
Kaspersky Lab can't be trusted, that they wouldn't put its products on their
personal computers, let alone the nation's. On the other hand, federal
agencies still use the Moscow-headquartered anti-virus software.  During the
past decade, it's plugged into systems at the Consumer Product Safety
Commission, the Treasury Department, the National Institutes of Health and
U.S. embassies, among other locations, contracting data shows.

Kaspersky anti-virus also frequently protects state, local and tribal
government computers, former officials told *Nextgov*.

It may even be on some non-national security systems at the Homeland
Security Department, according to testimony from Homeland Security Secretary
John Kelly, though it's generally barred from intelligence and national
security systems throughout government, according to official testimony.

Researcher finds Georgia voter records exposed on the Internet

Lauren Weinstein <>
Thu, 15 Jun 2017 07:14:45 -0700

  A security researcher disclosed a gaping security hole at the outfit that
  manages Georgia's election technology, days before the state holds a
  closely watched congressional runoff vote on June 20.  The security
  failure left the state's 6.7 million voter records and other sensitive
  files exposed to hackers, and may have been left unpatched for seven
  months.  The revealed files might have allowed attackers to plant malware
  and possibly rig votes or wreak chaos with voter rolls during elections.
  Georgia is especially vulnerable to such disruption, as the entire state
  relies on antiquated touchscreen voting machines that provide no hardcopy
  record of votes, making it all but impossible to tell if anyone has
  manipulated the tallies.

European Parliament Committee Recommends End-To-End Encryption For All Electronic Communications (TomsHardware)

Lauren Weinstein <>
Fri, 16 Jun 2017 10:45:15 -0700

  The European Parliament's (EP's) Committee on Civil Liberties, Justice,
  and Home Affairs released a draft proposal for a new Regulation on Privacy
  and Electronic Communications.  The draft recommends a regulation that
  will enforce end-to-end encryption on all communications to protect
  European Union citizens' fundamental privacy rights. The committee also
  recommended a ban on backdoors.

Hilarious—meanwhile, EU governments are moving to demand bans on strong
crypto—and requiring backdoors! Which shows you what a paper tiger this
EU committee is.

FCC makes net neutrality commenters' e-mail addresses public through API

Lauren Weinstein <>
Thu, 15 Jun 2017 10:56:13 -0700

  If you're one of the many people filing comments on the Federal
  Communications Commission plan to gut net neutrality rules, be aware that
  your e-mail address and any other information you submit could be made

News Corp CEO attacks Google and more

Lauren Weinstein <>
Thu, 15 Jun 2017 15:25:00 -0700
News Corp. CEO: The Almighty Algorithm

  We are here to pay homage to the almighty algorithm.  Algorithmic alchemy
  is redefining our commercial and social experiences, turning base matter
  into noble metals. But like the alchemists of old, algorithms are also a
  charlatan's charter, allowing claims of pure science when human
  intervention is clearly doctoring results to suit either commercial
  imperatives or political agendas.

The News Corp CEO slamming Google, etc., is like Adolph Hitler ranting
about people who eat meat.

Hong Kong privacy watchdog blasts electoral office for massive data breach (SCMP)

"Peter G. Neumann" <>
Thu, 15 Jun 2017 16:58:18 PDT
"Officials under fire for keeping details of all city's 3.78 million on
voters on laptop that was stolen the day after chief executive election"

How hackers can steal your 2FA email account by getting you to sign up for another website (BoingBoing)

Lauren Weinstein <>
Thu, 22 Jun 2017 10:33:39 -0700

  In a paper for IEEE Security, researchers from Cyberpion and Israel's
  College of Management Academic Studies describe a "Password Reset
  Man-in-the-Middle Attack" that leverages a bunch of clever insights into
  how password resets work to steal your email account (and other kinds of
  accounts), even when it's protected by two-factor authentication.

    [Also noted by Gabe Goldberg.  PGN]

Espionage suspect totally thought messages to Chinese intel were deleted (Ars Technica)

Dan Jacobson <>
Sat, 24 Jun 2017 22:26:31 +0800
Mallory, a 60-year-old former Central Intelligence Agency employee living in
Leesburg, Virginia, had thought the documents were in messages that had been
deleted automatically from the device.  Mallory faces life in prison if

Risks of Overflow Department (Slashdot)

Chuck Weinstock <>
Thu, 15 Jun 2017 13:12:40 +0000
I guess it's futile to expect things to change, but this particular problem
is so old that one would hope that it would. It seems that no
longer works in 32-bit iPads because their game-id overflowed a 32-bit
field.  The following was on Slashdot today (italics mine):

  The reason that some iOS devices are unable to connect to live chess games
  is because of a limit in 32-bit devices, which cannot handle gameIDs above
  2,147,483,647.  So, literally, once we hit more than 2 billion games,
  older iOS devices fail to interpret that number! This was *obviously an
  unforeseen bug* that was nearly impossible to anticipate and we apologize
  for the frustration. We are currently working on a fix and should have it
  resolved within 48 hours. (Italics mine.)

One of the places we've seen this bug before is when Comair (the no longer
extant Delta airlines commuter operation) was unable to schedule flights
towards the end of December 2004 because, due to bad weather they had
already had to make 32,767 crew changes during the month.

Y2K problem causes earthquake aftershock 92 years later

Henry Baker <>
Thu, 22 Jun 2017 20:38:02 -0700
This story has it all: Y2K bugs create fake news that is distributed by
automated alert systems, and picked up by robot news readers.  The only
thing missing: this "fake earthquake alert" *could have* tripped a large
number of remotely-triggered "Seismic Gas Shutoff Valves", many of which
must be reset manually at the shutoff valve itself.

Heisenberg's Uncertainty principle at work: making the location more precise
by 6 miles increased the uncertainty of the time by 92 years. :-)

An ordinance amending section 94.1219 of the Los Angeles Municipal Code
relating to the installation of seismic gas shutoff valves in new
construction and existing buildings"

Revenge of Y2K?  A software bug might have caused false alert for big (and
very old) earthquake

The error happened when someone tried to correct the exact location of the
earthquake. (June 22, 2017)

By Rong-Gong Lin II

Remember Y2K, that hyped computer bug and harbinger of digital apocalypse
that never happened when the year 2000 arrived?

Well, 17 years later, it appears something like a Y2K bug played a role in a
mistaken alert sent out Wednesday about a magnitude 6.8 earthquake off the
Santa Barbara coast ­ back in 1925.

The error happened when someone at Caltech tried to correct the exact
location recorded for the Prohibition-era Santa Barbara earthquake, which
happened 92 years ago.

The erroneous report was issued around 4:49 p.m., according to the
U.S. Geological Survey, and began arriving in quake-trackers' email in-boxes
around 4:51 p.m.  A closer look at the alert, however, would have shown that
something was amiss.  The time of the alert was dated June 29, 2025, at 7:42
a.m.  But it corresponds with a real earthquake that occurred a century

The false alert also did not show up on the USGS website that maps new

"That's a mistake.  It's not real," said Caltech seismologist Egill Hauksson.

He said that a seismologist at UC Santa Barbara had recently complained to
the USGS National Earthquake Information Center that the precise location of
Santa Barbara's 1925 earthquake was not correct and about 6 miles off from
where records actually indicated.

Hauksson's team was asked by the National Earthquake Information Center to
update the location of the historic event in the Advanced National Seismic
System database.  Someone on Hauksson's team did so. If everything had gone
right, almost no one should have noticed the change.

The USGS Web pages were updated correctly.  But in the USGS email
notification system, the year got changed from 1925 to 2025, which caused an
email to be sent from the server that typically distributes alerts of new

"Apparently, there is a software bug around somewhere," a summary of the
incident provided by Hauksson said.

The bug was related to something called "Unix epoch time," which starts in
1970, Hauksson said in an email.  "The year of 1925 wrapped around in the
software and became 2025," he said.

In a statement posted on Twitter, the USGS said the revision of the 1925
earthquake was "misinterpreted by software as a current event.  We are
working to resolve the issue."

As to whether an earthquake off the Santa Barbara coast of that magnitude
would have been felt in downtown L.A., Hauksson said: "Yes, it would have
been very lightly felt.  Particularly, people in high-rises would have felt
swaying back and forth for a while."

If the quake had just occurred, the L.A. area would have felt the shaking
before the USGS alert arrived in local email boxes, Hauksson said.  For
instance, Pasadena, which is about 96 miles from the origin of the 1925
Santa Barbara earthquake, would be expected to feel shaking about 40 seconds
after the earthquake would have begun in the Santa Barbara Channel ­ fast
enough to outpace the existing USGS email alert system.

The expected intensity in Pasadena for a magnitude 6.8 quake that originated
96 miles away would be a 3.3 on the Modified Mercalli Intensity scale.

Here is what intensity 3 and intensity 4 quakes feel like, according to the

Intensity 3: "Felt quite noticeably by persons indoors, especially on upper
floors of buildings.  Many people do not recognize it as an earthquake.
Standing motor cars may rock slightly.  Vibrations similar to the passing of
a truck."

Intensity 4: "Felt indoors by many, outdoors by few during the day.  At
night, some awakened.  Dishes, windows, doors disturbed; walls make cracking
sound.  Sensation like heavy truck striking building.  Standing motor cars
rocked noticeably."

11:55 a.m.: This article was updated with additional details about the
  software bug and how, if there had been a quake, the Los Angeles area
  would have felt shaking before the the USGS notifications arrived in email
10:10 a.m., June 22: This article was updated with more information about
  the origin of the error, involving USGS email notification.
7:35 p.m.: This article was updated with information on what showed up on
  the USGS website.
5:55 p.m.: This article was updated with a statement from the USGS.
4:55 p.m.: This article was updated with information that the report was

Sundry items (PGN culled)

Monty Solomon <>
Wed, 14 Jun 2017 23:53:35 -0700
* The driver who died in a Tesla crash using Autopilot ignored at least 7
  safety warnings

* Obama's secret struggle to retaliate against Putin

* Homeland Security official: Russian government actors potentially tried to
  hack election systems in 21 states.  Most of the hacking was just scanning
  for vulnerabilities, though a few were successfully exploited.

* Under pressure, Western tech firms bow to Russian demands to share

* How the CIA infects air-gapped networks

* Found: "Crash Override" malware that triggered Ukrainian power outage

* Using Texts as Lures, Government Spyware Targets Mexican Journalists and
  Their Families

* Computational Propaganda Worldwide: Executive Summary

* Move Over, Bitcoin. Ether Is the Digital Currency of the Moment.

* U.S. Tech Firm The Bitfury Group in Blockchain Tie-Up With Insurance
  Advisory Firm

* Scammer who made 96 million robocalls should pay $120M fine, FCC says

* AES-256 keys sniffed in seconds using EU200 of kit a few inches away,
  covertly stealing keys for 200 euros.

Re: The tech world is rallying around a young developer who made a huge embarrassing mistake (RISKS-30.33)

Amos Shapir <>
Sat, 17 Jun 2017 11:00:57 +0300
Every Risks reader should see the original note of this incident, and post
it on every wall (

---Quote ---

  I was basically given a document detailing how to setup my local
  development environment. Which involves run a small script to create my
  own personal DB instance from some test data. After running the command i
  was supposed to copy the database url/password/username outputted by the
  command and configure my dev environment to point to that database.
  Unfortunately instead of copying the values outputted by the tool, i
  instead for whatever reason used the values the document had.
  Unfortunately apparently those values were actually for the production
  database (why they are documented in the dev setup guide i have no idea).
  Then from my understanding that the tests add fake data, and clear
  existing data between test runs which basically cleared all the data from
  the production database...

---End Quote ---

The young developer's mistake was actually small and entirely predictable --
note that the only clear credentials given were those of the production DB!
In a document intended for first day rookies!

Then they made the poor guy believe it was his fault.  They should have
fired instead those responsible for the document, and everyone on their
chain of command...

Re: Voice synthesis (Brader, RISKS-30.32)

Richard Bos
Sun, 18 Jun 2017 11:09:32 GMT
The risk goes the other way, too: your voice might not sound like your
voice. Mine, for instance, sounds deeper the more alcohol I've had this
evening... Not being allowed into your bank account when you're sloshed
might sound like a good idea, but being locked out because you have the
'flu wouldn't make anyone happier.

Air Accident Investigation: How science is making flying safer. (David Owen)

Robert Dorsett <>
Fri, 23 Jun 2017 17:40:00 -0500
David Owen
Air Accident Investigation: How science is making flying safer.
Patrick Stephens Ltd, 1998
ISBN: 1-85260-583-9
Paperback, 194 pages

Air Accident Investigation is a collection of horror stories, a recounting
of several dozen airliner crashes.  It seeks to illustrate each crash
significantly affected the evolution of safety in the air transport system.
It necessarily focuses on many crashes in the distant past, and has a
somewhat refreshing UK-centric bent to it all.

Thematically, it's split into broad causal factors:

- Metal fatigue
- CAT and mountain waves.
- Windshear
- Freezing weather
- Mid-Airs
- Pilot Error
- Human error
- Systems Failures
- Terrorism

The metal fatigue section focuses on the Comet disasters: how the rollout of
the airplane happened, when the crashes happened, and how the root causes
were eventually discovered.  It also touches on the 1985 JAL 747 crash
resulting from the failure of the aft pressure bulkhead.  It also discusses
the Aloha convertible.  Basic results: increased focus and competence in

The CAT section has some eye-openers.  Owen briefly touches on a Comet crash
in 1953, in an airplane departing Calcutta, which apparently involved
overstressing the airplane to fight turbulence. The 1966 BOAC 911 707 crash
near Mt. Fuji is covered in detail.  Also a 1966 Braniff BAC-111 crash, from
Kansas City to Minneapolis.  Both were victims of extremely strong lateral
wind loads, causing tail empennage separation and engine separation and
failure.  The author also touches on a BA 747 volcanic ash incident, near
Java.  Basic result: control authority modifications and better weather
forecasting and understanding of meteorology.

The windshear section touches on the physics of microbursts, a 1975 EAL 727
crash at JFK on approach and a PAA 727 crash on takeoff from New Orleans.
This chapter also covers a southern Airways DC-9 crash in 1977, resulting
from dual flameouts. It wraps up with the Delta L-1011 crash at DFW in 1985.
Basic result: forecasting, windshear technology, appreciation of limitations
of weather radar.

The freezing weather section focuses on a Capital Airlines Viscount 746D,
which experienced in-flight icing.  Most of the chapter deals with a BEA
Airspeed Ambassador, which crashed on takeoff from Munich in 1958, carrying
the Manchester United football team.  There was deep slush on the runway,
which the crew tried to muscle through, while dealing with a temperamental
engine.  After the third try, they overran the runway.  When the
investigators arrived, they discovered ice on the wings, which was likely
due to snow contacting the warm wing after the crash, then freezing.  They
blamed the pilots, but the Brits blamed the slush.  The captain was fired,
then eventually exonerated.  We then go on to the Air Florida 737 crash in
1982.  The author wraps up with the 1974 crash of a Northwest Orient 727,
which was likely due to icing over of the pitot-static system, due to
failure to engage the probe heat. Basic results: refinement of anti-icing
procedures; understanding of effects of slush on performance.

Next up, mid-airs.  Grand Canyon crash of 1956, the 1960 crash of a Connie
and DC-8 over Staten Island.  The author also briefly discusses a 1965
midair between an PAA 707 Eastern DC-7B; and a F-4 Phantom and a DC-4.  It
wraps up with more in-depth treatment of the PSA/Cessna mid-air in 1978, and
the 1986 Aeromexico DC-9 crash. Results: positive radar control, ATC
improvements, navaid improvements, TCAS.

Pilot error: The next chapter is called CLosing the plot, and is also kind
of where the book loses the plot.  Up through this point, most of the crews
did their jobs correctly.  In this chapter, the author posits that accident
investigation was so effective in cleaning up the engineering landscape that
the only thing left is pilot error.  And this leads us to a series of CFIT,
fuel exhaustion accidents, get-there-itis, and poor CRM.  Owen also throws
in KAL 007 and the Erebus crash.  Results: CRM.

ATC: Another midair in 1967 (Piedmont 727 and a Cessna 310); the BEA/Inex
midair over Zagreb.  Tenerife.  These descriptions focus more on
ATC/systemic issues.

Human error: a Victor crash in 1959 (paint job caused a pitot tube failure
in weather); Kegworth.  The Kegworth discussion takes as a given the theory
that the captain confused air sources in his decision to shut down the wrong
engine. As I recall, this theory was eventually deprecated, and a quick
review of the accident report confirms this.  There is also one black hole
727 crash, though the author doesn't really connect the dots as to this
phenomenon.  Despite the weaknesses in this chapter, there is also an
interesting discussion of an uncontained engine failure on a National DC-10
in 1973, following the flight crew's in-flight experimentation with
circuit breakers. Apparently this caused an overspeed condition in the
engine, causing blade separation, explosive decompression, and a passenger
fatality.  The chapter concludes with the China Airlines flipover near Los
Angeles in 1985, an in-pattern wake turbulence accident between a DC-10 and
DC-9, and the crash of a Trident on takeoff, in 1972.

Systems: a 1964 crash of an EAL DC-8 in Lake Pontchartrain (autopilot pitch
trim/elevator problem); crash of an Argonaut in 1967 (engine failure
followed by control issues); the 737 disaster in Manchester in 1985 (engine
fire followed by bad evacuation procedures); the 1972 AA DC-10 cargo hold
door failure and decompression; subsequent Turkish Airlines DC-10 crash; the
1979 DC-10 crash at ORD; UAL 232.

Terrorism: bomb in the lav in a Continental 707 in 1962; cabin bomb in a
Comet in 1967; Lockerbie.


The book is an interesting technical summary of air accidents, but:

- It has the sense of an engineer's determinism.  There's barely anything on
human factors or training issues, or any of the myriad other soft, systemic
issues.  The risks of cockpit automation in the final chapter are merely
summarized as GIGO.

- There's not really much about the science of accident investigation.  The
opening chapter has a well-written summary of forensic clues and how they
might be interpreted, but we don't learn how crash investigations are
structured.  Instead, the crashes are presented as black-and-white, this
happened, this was discovered, this is reality.  There's little ambiguity.
Even the discussion of the Indian Airlines A320 crash at Bangalore is just a
couple of short paragraphs concluding the captain screwed up!  The book is
basically a collection of vignettes: this crash, and this is why.  Not a lot
about the process of discovery, with some good exceptions.

- There's similarly no sense of ambiguity in the political context.  Very
black and white, no hint of the negotiation that goes into the final
reports.  Manufacturer and airline input, political input.  The closest we
get is the Munich crash, where the Brits locked horns with the Germans over
their probable cause statement and findings.

- And needless to say, nothing at all on the legalities of accident
investigation.  Nothing on how the accident process should be used.

- Occasionally, the author writes strange things, like claiming the airplane
is moving at high velocity while simultaneously claiming it was in a flat
spin.  Or that an airplane at an airport used its radar to check out the
thunderstorm immediately above the airport.  This demonstrates a limit to
the author's familiarity with flight operations.

- There is a strange bibliography.  17 pop-market books, and doesn't cite
individual AARs.  I wonder if that contributed to the Kegworth description.

- Structurally, it shares the fundamental formatting issue of virtually all
niche-market books, namely full justification.  I just don't get it.

Overall, the book is kind of a distilled summary of a few dozen aircraft
accident reports, events all pilots should be familiar with.  I kind of
liked it.  It's an easy read.  A dark, disturbing read.

Please report problems with the web pages to the maintainer