The RISKS Digest
Volume 24 Issue 12

Monday, 12th December 2005

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Unmanned shuttle system suspended after collision
Gerrit Muller
EFF sues North Carolina over electronic voting-machine certification
Peter Ludemann
A Little Sleuthing Unmasks Writer of Wikipedia Prank
Katharine Seelye via PGN
False WHOIS Data Still Bedevils
Jim Wagner
Miniature Golf Course on Terror Target List
Paul Saffo
Trouble for LAPD computer system
Dan Laidman via PGN
Trading Error Leads to $225 Million Loss for Japanese Firm
Bulls or bears? Depends on parameter order
Jeremy Epstein
Anti-piracy gone awry in MacInTouch
Monty Solomon
Electronic Switch Fire Exits / Uniform Fire Code
Daniel Norton
Privacy implications of Microsoft's Windows Live Local
David Pescovitz via Monty Solomon
Live Tracking of Mobile Phones Prompts Court Fights on Privacy
Matt Richtel
Letter to Employees about Benefits from Meijer
James Bauman
Re: In-car GPS navigation
William Ehrich
Re: Y2K++
Paul E. Ford
Info on RISKS (comp.risks)

Unmanned shuttle system suspended after collision

<Gerrit Muller <>>
Thu, 08 Dec 2005 21:30:00 +0100

(From NRC handelsblad, Tuesday December 6, my translation)

The fully automatic, unmanned public transport system Parkshuttle in
Rotterdam and Capelle aan den Ijssel (in The Netherlands) has been suspended
this morning. Two vehicles collided and were severely damaged.  According to
a spokesman of Connexxion no passengers were present in the
shuttles. Connexxion does not have any clue about the cause of the
collision. "As long as we don't know that, the shuttles won't ride",
according the spokesman. The shuttles are unmanned. They ride on demand and
bring passengers from the metrostation Kralingsezoom in Rotterdam to the
business park Rivium in Capelle aan den Ijssel. Prime minister Balkenende
formally started the system last Thursday. The system appeared to have a
second youth after a trial period between 1999 and 2001.

Gerrit Muller   System Architecting

EFF sues North Carolina over electronic voting-machine certification

<Peter Ludemann <>>
Fri, 09 Dec 2005 15:25:06 -0800

So by "independent" you mean "independent of any public oversight," right?

North Carolina is being called to account for its decision to certify
electronic voting machines made by three companies that refused to
comply with the state's election transparency rules. The Electronic
Frontier Foundation (EFF) on Thursday filed a complaint
against the North Carolina Board of Elections and the North Carolina Office
of Information Technology Services, asking the Superior Court to void the
recent "immaculate certifications" they awarded last week
North Carolina law requires the Board of Elections to rigorously review all
voting system code "prior to certification." But last week the state's Board
of Elections certified voting systems from Diebold Election Systems, Sequoia
Voting Systems, and Election Systems and Software without bothering to do so
(see "Election transparency law damn near invisible
"This is about the rule of law," said EFF Staff Attorney Matt Zimmerman
"The Board of Elections has simply ignored its mandatory obligations under
North Carolina election law. This statute was enacted to require election
officials to investigate the quality and security of voting systems before
approval, and only approve those that are safe and secure. By certifying
without a full review of all relevant code, the Board of Elections has now
opened the door for North Carolina counties to purchase untested and
potentially insecure voting equipment." Keith Long, a North Carolina voting
systems manager, defended the state's decision, telling that
reports from "independent testing authorities" were sufficient for

But that comes as poor reassurance. Because if the "independent testing
authorities" to which Mr. Long refers are as impartial as he is, North
Carolina is in big trouble. Long, you see, worked for Diebold Election
Systems as recently as Oct. 1, 2004. And between 1983 and 1992 he worked for

Posted by John Paczkowski on 06:46 AM December 09, 2005

A Little Sleuthing Unmasks Writer of Wikipedia Prank

<"Peter G. Neumann" <>>
Sun, 11 Dec 2005 17:59:31 PST

John Seigenthaler Sr. (a former editor of *The Tennessean* in Nashville, and
founder of the First Amendment Center) was startled to find an entry on
himself in Wikipedia that included defamatory false personal information
about him — for example, suggesting that Mr. Seigenthaler had been involved
in the assassinations of John and Robert Kennedy.  Mr. Seigenthaler then
wrote an op-ed article in *USA Today*, noting among other things that he was
especially annoyed that he could not track down the perpetrator because of
Internet privacy laws.

The culprit's IP address led to his employer by Daniel Brandt of San Antonio
-- who has been a frequent critic of Wikipedia after reading false
information about himself!  See his

This led Brian Chase in Nashville to admit having written the offensive
material as a joke, stating that he thought that Wikipedia was a "gag" Web
site!  [Source: Katharine Q. Seelye, *The New York Times*, 11 Dec 2005;

  Coincidentally, that story broke on about the same day that the December
  2005 issue of the *Communications of the ACM* came out, the inside back
  cover Inside Risks column of which is ``Wikipedia Risks''
  — written by four long-time RISKS contributors, Peter Denning, Jim
  Horning, David Parnas, and Lauren Weinstein who are on my ACM Committee on
  Computers and Public Policy.  This case points up just one of the risks
  associated with Wikipedia noted in the Inside Risks article, namely that
  of having an encyclopedia contributed by thousands of volunteers, with few
  controls on content.  PGN

False WHOIS Data Still Bedevils (Jim Wagner)

<"Peter G. Neumann" <>>
Sun, 11 Dec 2005 16:23:31 PST

A U.S. Government Accountability Office (GAO) report in Nov 2005 says that
there are roughly 2,310,000 Web addresses for which the owner or contact
information is unknown.  That represents 5% of all .com, .net, and .org
domain names.  This provides anonymity for spammers, scammers, phishers, and
other illegal activities, and untraceability for malware-containing sites.
[Source: Jim Wagner, *Internet News*, 8 Dec 2005; PGN-ed]

Miniature Golf Course on Terror Target List

<Paul Saffo <>>
Sat, 10 Dec 2005 18:17:29 -0800

Emerald Hills Golfland, in San Jose, California, is a theme park with two
miniature golf courses.  It was discovered by San Jose Police to be on a
Homeland Security watch list (to prevent it from boarding planes?).  Of
course, the list is secret.  [Source: AP item, 9 Dec 2005; PGN-ed]

Trouble for LAPD computer system

<"Peter G. Neumann" <>>
Wed, 30 Nov 2005 6:47:36 PST

A software glitch has interrupted the sweeping overhaul of city emergency
communications, which could delay the upgrade of police car computer systems
by up to two years, officials said Monday.  News about the glitch in the
city's $15 million contract with Northrop Grumman Information Technology
drew a strong reaction from the City Council's Public Safety Committee.
[Source: Dan Laidman, Glitch triggers outcry on panel; Woes may delay police
car computer upgrade, *Los Angeles Daily News*, 29 Nov 2005; PGN-ed; thanks
to Lauren Weinstein for contributing this item.]

Trading Error Leads to $225 Million Loss for Japanese Firm

<"Peter G. Neumann" <>>
Thu, 1 Dec 2005 13:47:36 PST

Japanese financial-services firm Mizuho Securities Co. said Thursday it
erroneously placed sell orders because of a simple human data-input mistake
that apparently ignored an error warning.  This cost Mizuho at least 27
billion yen ($225 million).  The company mistakenly sold 610,000 shares of
J-Com Co. at 1 yen (less than 1 cent) per share, instead of the request to
sell just one share at 610,000 yen ($5,080).  The mishap sent the benchmark
Nikkei 225 index down 1.95 percent on the Tokyo Stock Exchange.  Mizuho
Financial Group dropped 3.4 percent to 890,000 yen ($7,416.67).  [Source: AP
item, 8 Dec 2005; PGN-ed],,3-1917093,00.html

  [Many thanks to Chuck Weinstock, George Mannes, FJReinke, and Tomas
  Uribe, all of whom sent in the full item.  Tomas commented:
    One would think that "money-critical" systems would have more stringent
    safeguards against this type of thing. Also, someone must have made
    $225 million as well---who might have been the lucky ones who bought
    the discounted shares?

Bulls or bears? Depends on parameter order

<Jeremy Epstein <>>
Mon, 12 Dec 2005 14:21:45 -0500

Seems that we don't learn from mistakes (as if that should be a revelation
to readers of this list)!

    Trouble began Thursday morning, when Mizuho Securities tried to sell
    610,000 shares at 1 yen (less than a penny) apiece in a job recruiting
    firm called J-Com Co., which was having its public debut on the
    exchange.  It had actually intended to sell 1 share at 610,000 yen
Also at
and many other places.

As this problem sounded rather familiar, I searched the RISKS archive, and
found it in RISKS-21.81.  That posting, almost exactly four years ago,
included the following excerpt:

  Before the Tokyo market opened Friday, a UBS Warburg trader entered what
  was intended to be an order to sell 16 Dentsu shares at 610,000 yen
  ($4,924.53) each or above.  Instead, the trader keyed in an order to sell
  610,000 Dentsu shares at 16 yen apiece ...

That was also on the day of a "public debut" (aka IPO).  However, it was a
bargain - it cost UBS Warburg about $100M vs. about $235M for Mizuho

I assume it's just coincidence that these two failures were both on the
Tokyo Stock market.

  [I knew the new case sounded familiar!  Perhaps the 610,000 is a default
  number for an erroneous field?  That's quite a coincidence.  PGN]

Anti-piracy gone awry in MacInTouch

<Monty Solomon <>>
Thu, 8 Dec 2005 01:27:21 -0500

Found on MacInTouch

We received an unconfirmed report that Printer Setup Repair 5.0.3
incorporates a hidden and dangerous anti-copying mechanism, and the company
responded to our follow-up with an explanation:

  [MacInTouch Reader]
  Printer Setup Repair, the widely-used utility for Mac OS X printers, has
  taken a malicious approach to combatting software piracy. With version
  5.0.3 for Mac OS X Tiger, if the user enters a pirated serial number known
  to the program, the program will immediately and without any warning
  remove all user preferences and the user keychain, and possibly do other
  unknown damage to the user's system. [...]

  [John Goodchild, President, Fixamac Software, Inc]
  Thank you for bringing this to our attention. We have examined our code
  and discovered an error in the area that rejects pirated registration
  codes. The original objective was to delete the Printer Setup Repair
  preferences but a misplaced space in the code allowed the entire user
  preferences folder to be erased. This would only occur if a pirated code
  was used. The error was probably overlooked since there was a need to
  block a new batch of pirated codes quickly.  There was no such error in
  the area that handles legitimate registration codes and in no way can
  occur if a legitimate registration code is entered incorrectly since the
  user name is also a part of our internal tests. We have fixed the problem
  and posted an update.  This was not a malicious act on our part, rather an
  effort to protect our product from software pirates, and we regret any
  damage that may have been caused by the use of pirated registration codes.
  Anyone who downloaded Printer Setup Repair 5.0.3 between 11-05-05 and
  12-06-05 should download the current release from our web site.

Electronic Switch Fire Exits / Uniform Fire Code

<"Daniel Norton" <>>
9 Dec 2005 09:39:22 -0800

Is there something in the Uniform Fire Code that addresses electronic
switches on exit doors?  I work in a building that has two sets of doors
towards the exit that both have electronic switches that have failed in
several instances.

The first set of doors has a capacitance touch switch which won't work
if one is wearing gloves or has a prosthesis.  The second set of doors
uses a motion detector, which fails if you stand too close to the doors
for more than five seconds (you have to subsequently wave at the
detector to trigger it).

This seems fundamentally flawed and hazardous.  I've just learned that my
employer was informed by the Austin Fire Department that touch switches are
specifically allowed and they're preferred over motion sensors (which are no
longer allowed in new installations).

It doesn't seem to me that someone would naturally know that they need to
actually touch a metal bar with their skin in order to exit a door and there
have been several instances of fellow employees stalled at the door waiting
from someone else to come along and "magically" open the door.

Privacy implications of Microsoft's Windows Live Local

<Monty Solomon <>>
Sat, 10 Dec 2005 22:29:20 -0500

Privacy implications of Microsoft's Windows Live Local
David Pescovitz, 9 Dec 2005

Mike Liebhold, my colleague at the Institute for the Future, is deep into
the geohacking scene. He just took a look at Microsoft's new Virtual Earth
incarnation, Windows Live Local and found some big privacy concerns

  [Mike's entire post to the Geowanking listserv on Microsoft's "Location
  Finder" is online:

Live Tracking of Mobile Phones Prompts Court Fights on Privacy

<"Peter G. Neumann" <>>
Sun, 11 Dec 2005 19:55:01 PST
  (Matt Richtel)

Cellular operators know, within about 300 yards, the location of their
subscribers whenever a phone is turned on.  The operators have said that
they turn over location information when presented with a court order to do
so.  However, in the last four months, three federal judges have denied
prosecutors the right to get cellphone tracking information from wireless
companies without first showing "probable cause" to believe that a crime has
been or is being committed.  That is the same standard applied to requests
for search warrants.  [Source: Matt Richtel, *The New York Times*, 10 Dec
2005; PGN-ed]

  [Note: Missouri has granted a contract for statewide cell-phone tracking.]

Letter to Employees about Benefits from Meijer

<"Bauman, James" <>>
Thu, 8 Dec 2005 15:03:23 -0500

My teenaged-daughter works at a Meijer store ( — they
have retail superstores in Ohio, Illinois, Indiana, Michigan and Kentucky)
near us, and she'd waived any health insurance benefits, because she's
covered under my plan.

Recently, she received a letter about the benefit's choices that she'd made.
On the first side of the letter is a standard form letter with her name and
address and employee number.  On the other side of the letter is a detailed
accounting of her benefits package.  The only problem is that the name on
this other side is not hers, and it lists the benefits chosen by another
employee from another state with an employee number two digits before hers.

The benefits side of the letter listed the other person's name, address,
employee number, home phone, and date of birth, but not a social security
number.  Because the other person had waived his benefits like my daughter
had, there was little information.  But, if the person had chosen a benefits
package and had decided to cover their dependents, then the following
information for the dependents would have been listed: names, relationship,
birth date, sex, and social security number.

I called the 1-800 number on the letter about the mistake, and the person
that answered immediately said that there's a message about that.  I was
transferred to a pre-recording.  It said that the company was aware that
this had affected a lot of their employees, and that employees who'd receive
someone else's information are asked to destroy the letters.

I hope their employees do the right and honorable thing, and do not use the
identifying information for nefarious purposes, but we all know that the
lamp of Diogenes would go out when within a mile of a few people...the ones
we all worry about.

Jim Bauman, S-K Lotus Notes Group, 1-847-468-3014

Re: In-car GPS navigation (Scott, RISKS-24.10)

<William Ehrich <>>
Thu, 8 Dec 2005 12:07:15 -0600

The GPS algorithms include measures of the accuracy and reliability
of the current solution. These should be displayed, for instance with
an appropriately large fuzz ball on a map display.

Re: Y2K++ (Horning, RISKS-24.11)

<Paul E. Ford <>>
Wednesday, December 07, 2005 2:57 PM

I would conjecture that the list of dates you present are poorly formatted,
but correct.  Given the rising sequence in the last 2 digits and selective
set in the first digit, I would surmise that these represent some sort of
quarter data.  So, 98Q4 through 05Q3.  [...]

Any possibility the second position 0s are actually Qs?

>  4098 3099 2000 1001 4001 4002 2003 1004 4004 3005

  [Jim responded:
    Paul, What sharp eyes you have!  You could see those Qs even when I
    transcribed the data by hand.  I can barely see them as Qs on the
    original, even given your helpful suggestion, but I do believe that you
    are correct.  Jim H.]

  [Also noted by Amos Shapir, who observed that the date labels are placed
  three quarters apart.  But that still does not explain the "4002", which
  looks as if it should have been "3002".  Before running Jim's item in
  RISKS-24.11, I explicitly asked him to check whether the "4002" was
  accurately represented by him, and he did verify that.  So, I suspect
  that the "4002" may have been a recording error in the original,
  or else a lapse in the reporting schedule.  PGN]

Please report problems with the web pages to the maintainer