All right now, how many people reading this:  saw a previous version of this message in RISKS-6.34, 13.21, 17.81, 20.83, and/or 23.24?  have watches that need to be set back a day because (unlike the smarter kind of digital watch) they went directly from February 28 to March 1? and  *hadn't realized it yet*? Personally, I first remembered it was time for my quadrennial posting and only then that I therefore needed to reset my own watch... Mark Brader, Toronto, firstname.lastname@example.org
Passengers using United Airlines' Easy Check-In were unable to print out boarding passes for several hours on Friday 29 Feb 2008. This was not a problem four years ago, and apparently came as a surprise to UAL. [Source: A short AP item spotted in the *San Francisco Chronicle* this morning. PGN-ed]
There is something deeply obscene about the idea of a $1.2 billion plane to begin with, but the thought of it burning up only brings to mind what myriad other, better purposes that money could have been put to... p B-2 Stealth Bomber Crashes on Guam, The Associated Press, 23 Feb 2008 A B-2 stealth bomber crashed [on 23 Feb 2008] at an air base on Guam, but both pilots ejected safely and were in good condition, the Air Force said. It was the first crash of a B-2 bomber. The accident occurred 11 days after a Navy plane crashed into the ocean about 20 miles northeast of Guam's Ritidian Point. Four aircrew members ejected from the EA-6B Prowler electronic warfare aircraft and were rescued by helicopter.
PGN asked me to write up something regarding the Southeast Florida power outage because of my location (North Miami). I don't really know much more than what the new media have reported, but I can give some local anecdotal accounts. According to my UPS software, power failed today (February 26, 2008) at 13:09:12. This jibes with news media accounts of power failing at 9 minutes after 1pm. Million of people lost power (I heard 2.3 million at one point). I first heard that the two Turkey Point nuclear reactors just south of Miami (Key Biscayne National Park area) shut down as well as the two coal plants at the same site. This peaked my interest, especially because we have no coal powered plants at that site (we do have two gas powered plants at that site, in addition to the two nuclear reactors). I have yet to get in touch with a contact that works for Florida Power & Light (FPL) at that site (he monitors the endangered salt water crocodile population that thrives at the Turkey Point site). Later reports stated that a total of 8 power plants shut down. I don't know specifics, but heard that the other 3 nuclear plants in the state did not shut down (Crystal River (1), and Port Saint Lucie (2)). Miami's mayor reported "It was not sabotage" early on (I congratulate him on his technical expertise). Recently (approximately 17:10) FPL has reported that the failure got caused by a substation equipment failure in the western part of Miami-Dade county (the Everglades?). Huge sections of Miami-Dade county endured long blackouts (as I write this about 800,000 "customers" still have no power). Broward county (just north of us) endured many surges, and outages occurred as far north as Daytona (according to the news media) and as far south as the Florida Keys. Many people evacuated high-rise office buildings in downtown Miami. The Wachovia building (44 stories) currently serves as the news media focus, as people had to walk down 44 flights of stairs (some in high heels; office workers in tall buildings might want to keep backup sneakers by their workstations). Why a building like that does not have backup power remains a great mystery to me. Many felt thankful they did not get stuck in elevators. Traffic lights went out across the country causing massive traffic problems that still have not gotten resolved as I write this (17:25). Again, I wonder why the traffic lights do not have backup power. Most businesses gave employees the rest of the day off, which I suppose just exacerbated the traffic snarls. The county schools kept students on-site. Our train system failed, and the country has finally sent school buses to the stations to move the people. Many people eating lunch had problems paying, and many restaurants had to add up bills manually, which evidently caused some problems due to innumeracy and computer issues. My fiancee, Laura Corriss, who works at Barry University (Miami Shores), reports that they never lost power and did not suspend classes. Her brother Michael reported that power went out on Miami Beach. Our friend Myfanwy James who works at a law office on the 14th floor of a building in the Brickell area (near downtown Miami) reports that they lost power so she took the emergency elevator down (the building has a generator) and went home. She reported a lot of traffic snarls, but nothing else. Another friend, Vivian Marthell (a local artist specializing in the intersection of art and technology/science), reports that in her area (downtown Miami) the expressway appeared totally backed up. expressway totally backed up. Vivian, an all-around smart person, asked me, "You know the old Emergency Broadcast System? Why can that get done using wireless technology so that we could find out about these things faster, and get updates?" I must give Viv total credit for this idea (I have not heard it before); if anyone wishes to contact her feel free to send me a note and I will put you in touch. Another contact reports that school children in a South Miami school got evacuated because their classrooms had no windows (no light, air, etc.). I have nothing else to report, but now it starts to get dark.
A field engineer was diagnosing a switch that had malfunctioned. Without authorization, he disabled two levels of relay protection. This affected 26 transmission lines and 38 substations. [PGN-ed] http://www.cnn.com/2008/US/02/29/florida.outage/index.html?iref=mpstoryview
A former White House technology manager told the committee that the Bush administration's e-mail system "was primitive and the risk that data would be lost was high." More than 1000 days worth of e-mail has vanished. [PGN-ed] [Try http://horning.blogspot.com. The *WashPost* URL moved.]
http://blog.dreamhosters.com/2008/01/15/dreamhost-accidently-bills-customers-7500000/ The billing glitch happened when Josh was manually running the billing script for the last two weeks. Instead of inputting the billing date as 2007-12-31, he ran the script for 2008-12-31...
Michael Krigsman maintains a blog on ZDNet summarizing a wide range of IT project failures: http://blogs.zdnet.com/projectfailures/
The blog http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic says that badly written software which doesn't cache, or work out what it doesn't need, is fetching the DTD reference that everyone points at the W3C, around 130,000,000 times a day, or 350Mbps of resources. Does this remind anyone of the time the home-box vendors put a university's NTP server address in firmware? except this time, (and I don't really mean this, but it is in my mind...) the W3C sort-of did it to themselves.. The blogs mention remediation such as relocating the URL to paths more ameanable to anycast or other distribution methods. Doubtless this will solve itself in time.
[From Network Neutrality Squad (www.nnsquad.org)] The Pakistan/YouTube story brings together a number of different elements that touch on Network Neutrality (and what I might call "content neutrality") in various ways that are useful to examine further, even though we may stray away from the central network neutrality focus momentarily. First, I'll offer a comment regarding my use of the term "religious zealots" relating to take-down demands at YouTube. No quibbling—as far as I'm concerned anyone who wishes to block the entire planet from seeing material that one religious group feels is distasteful or blasphemous (for religious reasons) is a zealot. It makes no difference if we're talking about any of the world's major religions or the "Slackers" at the Church of the SubGenius -- the same standards apply. Now, if a country wants to *try* block their population from certain Internet materials, that may be their right, however ineffective such efforts will ultimately be ( http://lauren.vortex.com/archive/000229.html ). But when those efforts impinge on the rights and access of everyone else, we enter an unacceptable situation. In the case of Pakistan's disrupting YouTube routes globally, I'm perfectly willing to accept the explanation that this was a combination of error and fundamental routing vulnerabilities. The latter in particular is a topic for another time. But the fact that Google reportedly pulled down the video in question that triggered this entire situation is of much greater concern. The fact that this video could be seen as violating particular YouTube rules is notable, but questions of the equality, "neutrality," and global impact of those very rules are of even more import. I appreciate—in fact I applaud—the need for Google to be responsible with their sites' contents. But we repeatedly see a double standard in this regard that is increasingly difficult to fathom. If you show up at Google with a DMCA take down order, you generally get a rapid response. This is understandable—DMCA is the law—at least at the moment. But it's far less clear why Google should permit religious demands to (attempt) to censor material globally as reportedly occurred in this situation. Pakistan's laws and religious sensibilities don't trump the rest of the world's rights, nor should any country have a veto over what other countries' populations can access. This situation is made all the more perplexing by Google's routine refusal in most cases to act in instances of *individuals* being defamed or otherwise damaged by Web sites that prosper solely on the basis of high-ranking Google search results. I've made a number of past proposals relating to this area (e.g. "Search Engine Dispute Notifications: Request For Comments" - ( http://lauren.vortex.com/archive/000253.html and linked items), plus I've previously discussed how Google has made an initial step in a relevant positive direction relating to news sources ("Google Takes First Key Step Toward Search Dispute Resolutions" - http://lauren.vortex.com/archive/000267.html ). However, for the vast majority of conventional (non-news source) Web pages in Google search result listings, concerned parties have no effective mechanism to comment or otherwise flag results to indicate that serious disputes are in progress, so they effectively have no recourse. This then is the dichotomy. Certain classes of content and complaints result in action from Google, and others simply do not. What's particularly depressing about this situation is that—in my opinion -- Google appreciates that this is a problem, but feels that they can't risk really dealing with it. In fact, I've discussed some of these issues face-to-face with various Google folks (especially in the context of my "Urgent Call For a Google At-Large Public Ombudsman" - ( http://lauren.vortex.com/archive/000251.html ) and I've come away with the strong impression that they felt both sympathetic and impotent in this instance. Google impotent? A contradiction in terms? Not really. My sense is that they are very concerned that if they opened the door broadly to these kinds of complaints, they'd be flooded with aggrieved parties and be essentially paralyzed as a result. I definitely do agree that there are serious scalability issues that impact on these matters, but I don't feel that these issues present intractable problems, and I don't consider the alternative of the status quo to be acceptable. However, these are all of course decisions for Google to make, and my effective influence over events up at the Googleplex is nil. What this all boils down to is that these are complex situations with few clear-cut, off-the-shelf answers waiting to be plucked. But we can try to work our way through them to the best of our abilities, and ideally with as little animosity and as much good will as possible. Lauren Weinstein, NNSquad Moderator
It was a local route leaked into the global BGP mesh. AS 17557 (PKTELECOM-AS-AP Pakistan Telecom) announced a route for the netblock YouTube is in and was sinking the traffic locally. Except that the BGP announcement of the routes "leaked" out to their upstream provider, PCCW. From PCCW, it spread, and therefore lots of places saw that as a shorter route to the YouTube servers than the legitimate announcement. According to reports I've seen, the YouTube/Google engineering staff tried to override the announcement on that netblock by announcing a pair of specific (/25) routes for the same block. That didn't work out because most network providers filter out announcements for space smaller than a /24. The risk and lesson? "Trust, but verify," of course. Had PCCW implemented filters on inbound BGP announcements and limited it's downstreams to only those netblocks it has, this wouldn't have happened. The network of networks is built on trust; it has to be, because the whole point to the thing is to push management out toward the edges and decentralize the system. But there +are+ safety valves—places you can examine the incoming data and sanity check it. PCCW didn't. How many other's don't either? And how many of them are having engineering conferences right now trying to make sure they aren't the next cause of a high profile outage like this one? Only time will tell. [Noted by others. For example, Anthony DeRobertis suggested "A quick visit to routeviews.org's bgplay shows the mistake fairly clearly." http://bgplay.routeviews.org/bgplay/ Andrew Pam cited http://arstechnica.com/news.ars/post/20080225-insecure-routing-redirects-youtube-to-pakistan.html Tore A. Klock recommended a writeup by Danny McPherson here on what (most likely) happened: http://asert.arbornetworks.com/2008/02/internet-routing-insecuritypakistan-nukes-youtube/ PGN]
The referenced story http://news.bbc.co.uk/1/hi/technology/7262071.stm says "The government has valid reason for that, but they have to find a better way of doing it. If we continue blocking popular websites, people will stop using the Internet." Perhaps that is the real agenda. Block all the good sites, and the people will give up using the Internet. [Fat chance. PGN]
The Pakistani PTT was *apparently* using BGP advertisements to hijack YouTube's IP address range, and redirect it to some in-country machines that displayed a message saying that YouTube was Baaaaad. Alas, those announcements, which shouldn't have been leaked *out* of the Pakistani Autonomous System (AS 17557), and then shouldn't have been permitted to leak *into* any of their upstreams... did. Here's regular RISKS contributor Steve Bellovin's take on it: http://www.cs.columbia.edu/~smb/blog/2008-02/2008-02-24.html It has a link at the very bottom to a much more in-depth treatment from BGP-watchers Renesys: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube.shtml RISKS? Well, the top one I see is people saying "oh, it's just YouTube." What happens next time, when it's not YouTube, it's eTrade? This one was very probably just sloppy network engineering. That doesn't mean the next one *won't* be an attack. Just because hoofbeats usually mean horses, don't forget that there *are* zebras out there. (That is the original intent of the medical quote, in case you ever wondered...) Jay R. Ashworth, Ashworth & Associates, St Petersburg FL email@example.com http://baylink.pitas.com http://photo.imageinc.us +1 727 647 1274
[From Ed Felten's blog 26th Feb 2008 http://www.freedom-to-tinker.com/?p=1258] (Re: RISKS-25.06) Our research on cold boot attacks on disk encryption has generated lots of interesting discussion. A few misconceptions seem to be floating around, though. I want to address one of them today. As we explain in our paper, laptops are vulnerable when they are "sleeping" or (usually) "hibernating". Frequently used laptops are almost always in these states when they're not in active use - when you just close the lid on your laptop and it quiets down, it's probably sleeping. When a laptop goes to sleep, all of the data that was in memory stays there, but the rest of the system is shut down. When you re-open the lid of the laptop, the rest of the system is activated, and the system goes on running, using the same memory contents as before. (Hibernating is similar, but the contents of memory are copied off to the hard drive instead, then brought back from the hard drive when you re-awaken the machine.) People put their laptops to sleep, rather than shutting them down entirely, because a sleeping machine can wake up in seconds with all of the programs still running, while a fully shut-down machine will take minutes to reboot. [...]
I just dug an e-mail from Citibank out of the Spam folder. I know it's really them because they have my full name and the last four digits of my card number listed inside. It was a very "Important Message": Dear Rich B. Astaird, As a current Citi Cardmember, you know your security is our top priority. But we also want to make sure you receive emails containing important information from us. Don't let Citi messages be filtered out by your e-mail provider - add our "from addresses" to your address book. Follow these 3 simple steps: 1. Open your e-mail address book 2. Add a contact or "add new contact" 3. Enter firstname.lastname@example.org and click Save As reported previously in RISKS, some banks don't seem to have a clue about how to use email securely. Or, in this case, how to keep their email out of the Spam folder. It's not: just ask Mr. SpamAssassin what not to do: > Content analysis details: (5.1 points, 5.0 required) > > pts rule name description > --- ---------------------- --------------------------------------------- > 3.1 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source > [184.108.40.206 listed in combined.njabl.org] > -0.0 SPF_HELO_PASS SPF: HELO matches SPF record > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily A quick check on the IP address (bigfootinteractive.com, a company known for its bulk mailings and spammer-like behavior), shows it is also listed in the SORBS and CSMA blacklists. Let's see, if I were Citibank, and wanted to stop my mail from getting flagged as spam, would I (a) stop outsourcing my email to a company with a reputation for spamming, or (b) send vaguely-worded email to my customers in the hope that it will convince them to whitelist my return address? The worst-case RISK is that people who use a provider where such instructions actually work will follow them, and then every phishing email trying to steal their Citibank credentials will sail right through. Way to go, Citibank! Very truly yours, (not) Rich B. Astaird
> I'm surprised that no mention has been made of one Jeremy Clarkson, ... Perhaps not mentioned because it bears no real relevance. The UK direct debit system is set up so that anybody who is empowered to create direct debits can do so with no more than the information that, as Clarkson originally said, is published on every cheque we write (among other places). The system is designed to make it easy for companies such as utilities to set up direct debits. The security is in the careful vetting by the banks of the companies so empowered, and the guarantee that the banks make to their customers: that if a direct debit is ever used to take money from your account without your permission, they will refund it without question. Clarkson could presumably avail himself of the benefit of this guarantee if he so chose. It probably serves him better not to do so in this case. What has happened here is that the charity which has received the money has either over-stepped the line of its own direct debit agreement with the bank, or has had its own security compromised in some way which has nothing to do with Clarkson's publication of his bank details (or, indeed, the loss of Child Benefit records). Under the circumstances I suppose it seems churlish to all concerned to go after the charity, as would otherwise normally happen. So Clarkson was right first time round and to have so publicly reversed his position does not seem well.
BKBEETNO.RVW 20071118 "Better Ethics Now", Christopher Bauer, 2005, 978-0-9765863-3-3, U$21.99/C$29.99 %A Christopher Bauer email@example.com %C 1604 Burton Ave., Nashville, TN 37215 %D 2005 %G 0-9765863-3-9 978-0-9765863-3-3 %I Aab-Hill Business Books %O U$21.99/C$29.99 615-385-3523 %O http://www.amazon.com/exec/obidos/ASIN/0976586339/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0976586339/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0976586339/robsladesin03-20 %O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation) %P 171 p. %T "Better Ethics Now: How to Avoid the Ethics Disaster You Never Saw Coming" A note on the title page of the book states that the text is intended to educate and entertain in regard to ethics, and that the material is neither comprehensive nor tested. (It is ethical to let the reader know that, although my initial reaction was that the "entertain" aspect might have been a bit of an abdication of the author's responsibilities to the readers.) The introduction asserts that the focus of the work is on how a lack of personal responsibility creates the foundation for corporate ethical disasters, and that having individuals improve their own ethical standards will enhance the integrity of the company. There is, of course, something to this, although it does fly in the face of a great many studies identifying the "tone at the top" as the major determinant of corporate ethical standards. Chapter one notes that ethical breaches in companies have serious financial ramifications, and reiterates the position that assessing your own morals will improve those of the company, primarily by forcing you to determine if the normal business behaviour you are asked to follow is ethical. (This does tie back to the issue of "tone at the top": if your ethics stand up to scrutiny and you feel comfortable in your working environment, the tone is probably OK.) Ethics are guiding principles, chapter two tells us. It isn't just following (or even breaking) rules, says chapter three. Chapter four seems to repeat this last, in slightly different wording, properly taking issue with the subject of "compliance," which has become something of a buzzword and panacea in recent years. Using cute expansions of "ethics" as an acronym, chapter five tentatively introduces the idea of personal responsibility and decision. A simple tool for personal assessment is described in chapter six. Chapter seven examines the issues of reporting or otherwise dealing with ethical violations that you discover. Chapter eight moves the discussion to the corporate level, noting the importance of policy statements, processes, and procedures. Ethical behaviour involves achieving positive actions, we are told in chapter nine, rather than merely avoiding negative ones. Chapter ten does promote the importance of the "tone at the top," noting that sometimes you, as an employee, may need to walk away from an intolerable situation. Chapter eleven suggests that those in management and leadership need to communicate ethics directly and openly. The idea that the moral standards of each employee are important is again stressed in chapter twelve. Proper ethics are not always easy, says chapter thirteen. Chapter fourteen repeats encouragement to be proactive about promoting ethics, and suggests various procedures for the corporation. There are other books on ethics, and business ethics as well. Johnson's "Computer Ethics" (cf. BKCMPETH.RVW) is a classic and Tavani's "Ethics and Technology" (cf. BKETHTCH.RVW) adds depth and intellectual rigour. Bauer's work is very different: there is little academic or conceptual background, but the brevity and practicality of the work may make it more suitable for the general work environment. While it doesn't add much to the debate, it could certainly be used for training and the promotion of ethical standards, and is probably more accessible for the general population of employees and managers. copyright Robert M. Slade, 2007 BKBEETNO.RVW 20071118 firstname.lastname@example.org email@example.com firstname.lastname@example.org http://victoria.tc.ca/techrev/rms.htm
Please report problems with the web pages to the maintainer