Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
German national electricity network officials issued a formal statement on Sunday morning, in order to announce that a massive power outage that occurred at about 9.30 p.m. on Saturday in the northwestern part of the country, created a domino-like effect in other Western countries as well, such as France, Italy, Austria, some parts of Spain, Portugal, the Netherlands, Belgium and Morocco, immediately after it occurred in Germany. Officials stated that no less than 82 million German citizens were left without power for almost an hour, while electricity cuts affected around five million French inhabitants as well as the entire northern part of Italy. We weren't very far from a European blackout, one of the managers of a French power company called RTE, highlighted, adding that the failure of two German high-voltage lines, stretched over a river in north-western Germany - which had been shut down by German utility company E.O.N. in order to let a ship pass through - bear the entire responsibility for the house of cards style European blackouts. In addition to this, the Deutsche Bahn, the national rail company in Germany, announced that 100 regional trains were disrupted by the blackout. In the past, these operations were often performed with no problems, E.O.N. officials declared in great surprise, while Michael Glos, the German Economy Minister announced the fact that a thorough investigation into the circumstances of this terrible incident is already being conducted: We will examine this report quickly so that together with the companies we can ensure that, if at all possible, such events are not repeated, he stated. Apart from blaming the Germans for the outage, Italian Prime Minister Romano Prodi stressed upon a more important fact, the need for a stronger electricity policy in Europe legitimated by a powerful authority: It's a rich contradiction that we depend on each other, but we can't help each other without a common authority. Source: Ruxandra Adam, Softpedia News, 12 Nov 2006 http://news.softpedia.com/news/Power-Outage-in-Germany-Sparks-Electricity-Collapses-in-Other-Countries-39426.shtml
A small fire led to a power outage at a telephone exchange in St. John's, Newfoundland, Canada on October 20. This lead to all phone service in the St. John's region being lost for 5 hours Friday night and Saturday morning. The outage included: 911 service, land lines, Internet, cellular, automated tellers, and point of sale by bank cards and credit cards. Ambulances were dispatched to George St. (the drinking district), "just in case". The loss of 911 service meant that a small child who had stopped breathing had to be transported to the hospital at high speed by her caregivers rather than receiving paramedical attention. Air traffic control at YYT continued to land planes, but could not communicate with ATC elsewhere. Phone service and Internet service is said to have been restored, but my own home phone is no longer working properly. Those of us who are not familiar with the phone system (and perhaps some who are) are left wondering why a power failure at a single exchange leads to a communications blackout in an entire metropolitan region, and also why all back-up systems failed. Phone service in St. John's is usually quite reliable, even though power failures are quite common in the region, where we get a fair bit of ice, snow, and wind, often all at once. However, this power cut was inside the phone company's building, where it was presumably downstream of the the back-up generators, but upstream of the back-up computers. http://www.cbc.ca/canada/newfoundland-labrador/story/2006/10/23/aliant-fire.html Dr. Theodore Norvell, Memorial University of Newfoundland St. John's, NL, Canada, A1B 3X5 +1 709 737-8962 http://www.engr.mun.ca/~theo
^ [ Plus ca change, plus c'est la meme chose. ] ) 'Critical error' led to radiation overdoses, scotsman.com http://news.scotsman.com/scotland.cfm?id=1596402006 "...Dr Arthur Johnston, who outlined the devastating chain of events that led to the overdose. His 100-page report pointed out that the Beatson unit had upgraded the computer system it used to calculate radiation doses in May 2005. For the most complex treatment plans, data from the system were transferred to paper forms, as happened in Lisa's case. The report said that the "critical error" occurred when the treatment planner - referred to as Planner B - transcribed the data from the computer to paper, but was unaware of the changes to the system which meant the data were incorrectly written down. 'The outcome was that the figure entered on the planning form for one of the critical treatment delivery parameters was significantly higher than the figure that should have been used,' the report said. However, the error was not spotted during the checking process and the incorrect dosing information was passed to the radiographer who gave Lisa her treatment. The error came to light only because the same planner made the same mistake in the next plan for a different patient, and this time it was identified by a colleague. An investigation was launched which found that, apart from Lisa, no other patient had been affected. Dr Johnston said Planner B had 'limited experience' and had been under the supervision of an experienced colleague - Principal Planner A - who failed to pick up the error." Full report available at: http://www.scotland.gov.uk/Publications/2006/10/27084909/22 Dr. Richard I. Cook, Associate Professor, Department of Anesthesia and Critical Care, University of Chicago, Chicago, IL, 60637 1-773-702-4890
124 railroad passenger cars of the Metro-North Railroad Harlem and Hudson lines are out of service for at least two weeks. Each fall, oily leaf residue on the tracks tends to cause wheel slippage. Perhaps a la Rube Goldberg, this is interpreted by the circuitry as excessive speed, which causes the brakes to be applied, which causes the wheels to skid, which flattens them out, which affects performance, which causes the cars to be sidelined for wheel truing. The rail yards in New Haven and Harmon can re-true only 9 cars per day, so it is going to take a while to catch up. The newest cars (M-7s) are the ones with the most flat wheels, and operate in pairs, so that one bad wheel takes down both cars. NJ Transit and the LIRR are having similar problems, with the LIRR having to fix 20% of its cars. [This might inspire a step-kick slip-slide in Chorus Line?] [Source: Caren Halbfinger, 'Flat wheels' deflate train commuters, *The Journal News*, 21 Nov 2006; PGN-ed] http://www.thejournalnews.com/apps/pbcs.dll/article?AID=20061121063 [See RISKS-7.22 and 7.23 for flat wheels at Colwich Junction in 1986, and RISKS-12.62,66,67,73 for the effects of leaves on train tracks in 1991. PGN]
Some of Melbourne's newest passenger trains have had to be withdrawn from service after a spate of braking failures. Connex, the operator of the suburban rail network, has reported 15 incidents involving trains overshooting platforms since 13 Nov 2006 and is at a loss to explain the problem. The most serious incident occurred on Tuesday night when a train failed to stop at Brighton Beach station and traveled into the level crossing at South Road. The boom gates still had not been lowered as the train came to rest in the middle of the intersection. A rail system source said cars were forced to break to avoid colliding with the train. The problems involve a fleet of 72 German-built trains that were introduced to the suburban network in 2003. Fourteen three-carriage trains have been removed from service following emergency talks between Connex and the trains manufacturer, Siemens. The withdrawal of the trains is expected to cause some disruption to services, particularly on the Pakenham and Cranbourne lines, until the problems can be fixed. The source said the problems were connected to the trains' computerised braking system. In several incidents, drivers were forced to apply emergency brakes, push emergency stop buttons and activate handbrakes to bring the trains to a halt. But even after activation of all manual braking systems, some trains continued moving. One incident occurred while a driver was undergoing assessment by a transport official. [...] Since its introduction in April 2003, the Siemens fleet has been plagued with controversy. The trains were initially too wide for suburban tracks and have recently been repaired to fix faulty wiring. They have also been criticised for having only two sets of doors on each side of each carriage, causing bottlenecks for passengers. http://www.theage.com.au/news/national/brake-woes-sideline-trains/2006/11/15/1163266640138.html
The BBC reports http://news.bbc.co.uk/1/hi/business/6084454.stm that after four years of development, the UK government has suspended its plans for an Internet retirement planner. No date has been set to restart work on the proposed service, which was aimed at people on low to middle incomes. The online planner was intended to give help to those without easy access to financial advice. It would have provided them with individualised state and private pension forecasts, and offered advice on how to boost their pensions. Although 11m pounds had been spent on the website, halting the work will save the government an estimated 14m pounds. According to the Minister for Pensions Reform, James Purnell, the work on the site was halted when the Department for Work and Pensions realised that "delivering accurate online information about state pensions would become increasingly difficult, given the uncertainty about the exact shape of future pension provision". 11m pounds wasted because no-one did a decent requirements analysis?
A Usenet poster related that several years ago, for 10 days, an Aegis-class cruiser in the Gulf was crippled by the failure of both of its INS system, and its GPS. But navigation was not the only issue. It seems virtually all the weapons systems on board require the INS to provide them data on the ships [roll/pitch] attitude to aim/fire. Without such, they are no longer weapons.... Eggs several, baskets one... Source: Teacher Adam Hilliker gives kid detention for being right http://groups.google.com/group/alt.folklore.urban/msg/d8d6c50ef2037625?hl=en FoG7h.29214$nG1.email@example.com
Election Problems, What Election Problems? Bo Lipari <firstname.lastname@example.org> Friday, November 10, 2006 The Media Narrative and Public Perception If you watched the cable news coverage on Election Night, it was easy to come away with the impression that few problems were experienced with electronic voting - the predicted "train wreck" had not materialized. But out in the real world, the HAVA mandated changeover of voting systems resulted in real failures <http://www.votersunite.org/electionproblems.asp> that resulted in long lines and lost votes. Just like the fancy new high tech voting machines, the mainstream media has failed us yet again. That there were widespread problems with electronic voting equipment all around the country is well documented. Thousands of citizens took part in a first time nation-wide effort monitoring polling sites and reporting problems. The reports are still coming in, but it's clear that hundreds and hundreds of problems occurred. But the mainstream media has thus far barely mentioned this, leading one to ask what vast scale of voting disaster would it actually take for the media to report on it? http://www.votetrustusa.org/index.php?option=com_content&task=view&id=2017&Itemid=26 The Election Night Narrative News organizations used to report the news, but nowadays they're more concerned with telling their viewers a story. This story, the theme of the day as it were, is called the ``narrative''. On Election Night 2006, the media narrative was ``The Great Tsunami''. The story was about the Democratic tide as it moved from East to West, sweeping away Congress in its path. As soon as the first totals started coming in from the East Coast the news networks started framing everything solely in the context of this narrative. There was no room here for voting machines failures, long lines of voters, or anything else. The story was about the horse race, about devastating loss, about the great wave sweeping across the nation. Voting machine problems had no place here as they would distract from the narrative, even worse, maybe even undermine it. Raising the possibility that votes were lost? How are you going to sell soap with that? The Unspoken Narrative Underlying the Great Tsunami story was a subtler narrative, one that the media has consistently fed us on Election Nights for years. This narrative is expressed by the often repeated mantra ``Even if there were problems, it wasn't enough to affect the outcome of the election.'' It seems vitally important to the media that the public believe that no matter what, no matter how bad the problems, no matter how many lost votes and machine breakdowns, the results are still basically correct, your vote still counts, or at least close enough. We've been told this story before, in 2000, in 2004, and now again in 2006. Nothing to worry about folks, just a little glitch, pay no attention to the man behind the curtain. This seems to be an essential narrative for the media, one that we must be told and reminded of each and every Election Day. Because imagine what would happen if the media told the public the real story, and showed the real impact on real voters. Why, you might not have just thousands of activists around the country demanding change, you might have hundreds of thousands. If the real story about broken voting machines and lost votes got out, you might even have millions. Imagine, millions of citizens demanding that their right to vote is sacred and not for sale to voting machine vendors, demanding real accountability, demanding accurate elections with results that we can have real confidence in. Now that would be a tsunami. <http://nyvv.org/blog/2006/11/election-problems-what-election.html>
At least five U.S. House races are apparently still unresolved or in question two weeks after the election. I have been waiting for someone else to come up with a retrospective summary and objective analysis of the voting machine problems. Not having found one, I mention just a few of the close races of interest in which the investigation of any of various irregularities could reverse the results. * Florida 3rd Congressional district, with the peculiarly large (18,300) undervote for the Sarasota Congressional race in touch-screen machines that do not permit a meaningful recount (without a new election), with a computer-reported spread of just a few hundred votes. This is receiving significant media coverage. Also, see David Dill, "Is Florida Ready for Democracy?" http://www.huffingtonpost.com/david-dill/is-florida-ready-for-demo_b_34458.html [This reminds us of the 210,000 undervotes in the four punch-card counties in the 1988 Florida Senate race.] * New Mexico 1st Congressional district, with a .5% difference * North Carolina 8th Congressional district, with a .025% difference * North Carolina Court of Appeals, with a .24% difference [Three other NC elections had very small margins as well.] * Williamson County, Texas, the votes cast and counted electronically were each recorded THREE times. (This was detected primarily because the total number of votes cast exceeded the number of voters.)
17 Nov 2006, http://lauren.vortex.com/archive/000200.html Greetings. Google has made available a new "Click-to-Call" service that will automatically connect users to business phone listings found via Google search results. In order for this feature to function, the user must provide their telephone number so that Google can bridge the free call between the business and the user (including long distance calls). An obvious issue with such a service is that there is no reasonable way to validate the user phone number that is provided. Google says that they have mechanisms in place to try avoid repeated prank calls, but the potential for abuse is obvious. Of even greater concern is that Google says that it will manipulate the caller-ID on the calls made to the user-provided number, to match that of the business being called. This is extremely problematic, since it could be used to try to convince a prank target that they were being called directly by the business in question, and so cause that target to direct their anger at the innocent business. In the case of targets who are on do-not-call lists, it is possible to imagine legal action being taken by callers upset that the business in question called them "illegally," though in fact the call had been made by the Google system. Google's explanation for this caller-ID manipulation is that it would be handy to have the called business number in your caller-ID for future calls. That may be true, but the abuse potential is way too high. Caller-ID should never be falsified. I've written many times about how caller-ID can be manipulated to display false or misleading information, why this should be prevented, and how the telcos have shown little interest in fixing caller-ID or informing their customers about the problem (caller-ID is a cash cow for the telcos whether it is accurate or not). Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for largescale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters. Google has not vetted this caller-ID feature sufficiently, and I urge its immediate reconsideration.
Proposed Solution For Google's "Click-to-Call" Caller-ID Problem, 19 Nov 2006 http://lauren.vortex.com/archive/000201.html Greetings. In a recent blog entry, I discussed my concerns about Google's new "Click-to-Call" service, especially key issues regarding Google's handling of caller-ID in this service. Now I'd like to propose a specific solution. I completely understand why Google likes their caller-ID feature. It's a cute hack (hack in the positive sense), and in the context of non-abusive use brings some value-added. But I really believe that this is one of those cases where somebody needed to get beyond the "gee-whiz isn't this nifty" factor and consider more carefully how it will be abused, particularly on the large free-access scale that Google provides. Even if the vast majority of the calls are legit, the absolute number of abuses is bound to be high, and it seems certain that innocents will be hurt in significant numbers -- there are a lot of jerks in the world who are going to take advantage of this service to get their jollies or take revenge on businesses that they have a gripe with, etc. However, there is indeed a simple solution in this case. If the caller-ID delivered to both sides of the bridged calls is set to indicate the true source of the calls (i.e., Google) the problem goes away. In fact, caller-ID could be used to further enhance the service by providing a true full point of contact. What I would do is set the caller-ID to display a Google phone number (ideally toll-free) that played a recorded announcement explaining that the call originated from Google Click-to-Call, and noting how to proceed (via a Web page, e-mail address, and/or specific phone number) if you felt that you were being targeted for abuse by a user of that system and wanted to file an associated report. This would be a win-win all around. Google would more rapidly get a handle on abusive users, and the service would be even more consumer friendly. Sometimes there can be a happy ending! Lauren Weinstein +1(818)225-2800 http://www.pfir.org/lauren PRIVACY Forum - http://www.vortex.com Lauren's Blog: http://lauren.vortex.com
"The biggest concern is that mobiles interfere with sensitive medical equipment. But a 1997 study from the UK's Medical Devices Agency showed that phones affected just 4% of devices at a distance of one metre, the researchers said." Who wouldn't want to allow something that affects *only* 4% of sensitive medical devices? The lack of common sense exhibited in the above sentences is mind-boggling. Also, apparently, the phones are classified as only "annoying" as long as they don't actually kill the patient (at least, not directly). The "sensible caution" paragraph is mildly reassuring, though somewhat contradictory to the parts quoted above: "Sensible caution regarding the proximity of mobile phones to medical equipment is thus warranted, but concerns about patient safety alone do not justify zealously enforced no-phone areas, which can cause arguments between staff, patients and visitors." [Source: Hospitals Urged to Ease Mobile Phone Rules, Reuters, 13 Oct 2006] http://www.medscape.com/viewarticle/546041
BKPRWAWA.RVW 20060913 "Preventing Web Attacks with Apache", Ryan C. Barnett, 2006, 0-321-32128-6, U$49.99/C$66.99 %A Ryan C. Barnett %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2006 %G 0-321-32128-6 %I Addison-Wesley Publishing Co. %O U$49.99/C$66.99 416-447-5101 fax: 416-443-0948 %O http://www.amazon.com/exec/obidos/ASIN/0321321286/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321321286/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321321286/robsladesin03-20 %O Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation) %P 582 p. %T "Preventing Web Attacks with Apache" Chapter one notes that there have been many attacks against Web servers and the applications running on them. It also lists the common excuses presented for a lack of security preparation (and assesses the weakness of those arguments). Hardening of the (UNIX) operating system, and network operating system, in order to establish a trusted computing base for the Web server application, are dealt with in chapter two. Initial installation of the Apache software is covered in chapter three. Chapter four reviews the configuration file, and properly secure settings and options. Security related modules in the Apache suite are discussed in chapter five. Chapter six reviews the Center for Internet Security Apache security benchmark tool. The Web Application Security Consortium (WASC) threat classification system is described, in chapter seven, with specific reference to Apache countermeasures against these attacks. (The material provides nice explanations and examples of a variety of exploits.) Buggy Bank, an intentionally flawed e-commerce application that provides practice in hardening a Web server, is outlined in chapter eight. Chapter nine looks at various countermeasures and controls that can be applied to Web servers and sites, noting strengths and weaknesses, and also noting which work most effectively, as well as which can be implemented via Apache functions. If you'd like to do primary research and gather information on attacks and the level of threat to Web servers, chapter ten details the settings and requirements for using Apache to set up a honeypot server. Chapter eleven finishes off with basic advice on issues such as patch management, and also broadens the discussion to some fundamental concerns in Internet security measures. A helpful guide for those using Apache. copyright Robert M. Slade, 2006 BKPRWAWA.RVW 20060913 email@example.com firstname.lastname@example.org email@example.com http://victoria.tc.ca/techrev/rms.htm
Please report problems with the web pages to the maintainer