[Another 1 April item, not received in time for RISKS-25.98. PGN] Last week, I served as a guest judge of American Idol for Newsweek.com (see article). If you watched the show, you know how pathetic Tim Urban was, and as I stated in my judging comments, he deserved to be eliminated. However, to my great frustration, Paige Miles, who actually has some serious vocal chops was sent home instead, thrusting the hapless Tim Urban upon us. I am so sick and tired of America getting the results wrong on Idol, that I've finally decided to do something about it. A couple of years ago, I noted in my blog a vulnerability in the American Idol voting system. There is a memory leak in the server that they use to tally votes, and the phone system they have implemented is vulnerable to dialer spoofing and scripted dialing attacks. I have studied electronic voting security for several years, and using my experience, I spent the last several days developing a hack to basically control the voting on American Idol. Now all I need is a distributed launch pad for what is in a sense a computer virus. This is where you come in. I assure you that the virus does nothing bad. I promise it will not delete any of your files or corrupt your hard drive, and I virtually guarantee you that it will not get you into trouble if you download it. If you are using Windows and you are reading this message, you are already infected, and you don't need to do anything. If you are lucky enough not to be using Windows, I have created custom installers for Mac, Linux, OpenBSD, and the iPhone to make things as easy as possible for you to install. Once you have the installer, just double click on it, and my software will take care of the rest. The virus will propagate to any computer that you send email to or with whom you share files. Again, I give you my word that it will not do too much harm to those systems. All that will happen (hopefully) is that when it's time for American Idol voting next week, all of the "infected" systems will exploit the vulnerability on the American Idol server and change the votes ensuring that the singers who I like will make it and the ones who I don't like will be eliminated. I really, really appreciate your help in this project, and I assure you that it is totally legal and that you will not get into too much trouble. It is extremely unlikely that your computer will suffer any damage. Here are the packed installer files: Mac: http://avirubin.com/Idol.virus/Mac.html Linux: http://avirubin.com/Idol.virus/Linux.html Open BSD: http://avirubin.com/Idol.virus/openBSD.html iPhone: http://avirubin.com/Idol.virus/iPhone.html It is time to take control of American Idol. Thanks for you help!!
[Another 1 April item, not received in time for RISKS-25.98. PGN] Microsoft to Transition Corporate IT to Google Apps http://lauren.vortex.com/archive/000701.html REDMOND, Wash., April 1 /PRNewzwire/ — In a move that may surprise some industry onlookers, but that is being described by a company spokesman as "making incredible sense at the bottom line," Microsoft Corporation announced today that it will begin migrating its corporate information technology operations to arch-rival Google's "Google Apps" Internet "cloud"-based services environment by the start of the second quarter this year. "We've gone over the numbers more ways than you can crash Vista, said Hymie Morander of the newly formed "Microogly" working group at the software giant's Washington State headquarters. "We're going to save millions -- maybe billions! — by moving most of our employees over to free Google Apps services like Gmail. Plus we'll be freeing up resources here to concentrate on our core competencies like Flight Simulator and stylus-based mobile phone operating systems." Asked if the $50/user/year "Google Apps for Business" services tier might be more appropriate for Microsoft's use, Morander noted that, "Some of our top executives' needs will likely justify that level of expenditure, but most of us will be able to do just fine with the very generous allotments in the free versions of Google Apps. Seven gigs of storage is more than enough to hold all of my Microsoft internal correspondence, plus most of my uuencoded porn collection! Every Microsoft employee will be assigned a nondescript alias for Gmail use to avoid attracting Google's attention — for instance, I'm firstname.lastname@example.org." Microsoft CEO Steve Ballmer emphasized that Microsoft's move to Google Apps only involved Microsoft's internal global corporate operations, and would not in any way impact customer-facing services such as Microsoft's popular "Bing" decision engine. "Given Microsoft's intense desire to enthusiastically embrace the diverse and expansive censorship requirements of our partners in the Chinese government, and Google's apparent reluctance to meet those same requirements, we'll definitely be keeping our Bing and other related public-use servers running on their current CP/M Windows 98 secure clusters into the foreseeable future," Ballmer promised. Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. SOURCE Microsoft Corp. Lauren Weinstein, +1 (818) 225-2800, http://www.pfir.org/lauren NNSquad Network Neutrality Squad - http://www.nnsquad.org Global Coalition for Transparent Internet Performance - http://www.gctip.org PRIVACY Forum - http://www.vortex.com Lauren's Blog: http://lauren.vortex.com
Federal investigators concluded that alarm fatigue experienced by nurses working among constantly beeping monitors contributed to the death of a heart patient at Massachusetts General Hospital in January 2010. In a report released on 2 Apr 2010, the investigators said 10 nurses on duty that morning could not recall hearing the beeps at the central nurses station or seeing scrolling tickertape messages on three hallway signs that would have warned them as the patient's heart rate fell and finally stopped over a 20-minute span. But an audible crisis alarm had apparently been turned off the night before. The ECRI Institute listed alarms on patient monitoring devices as number two on its top-ten list of health technology hazards in 2009. [Source: Liz Kowalczyk, *The Boston Globe*, 3 Apr 2010. Thanks to dkross for noting this item. PGN-ed] http://www.boston.com/news/local/massachusetts/articles/2010/04/03/alarm_fatigue_linked_to_heart_patients_death_at_mass_general/
A perspective article in the *New England Journal of Medicine* highlights the importance of improving the security and privacy of implantable medical devices. The article draws on historical events such as the Tylenol cyanide poisonings of 1982, sabotage of a web site for an epilepsy support group, and the damage caused by the first Internet worms. The risks should resonate with the readers of this forum. [Sorry, the abstract is free, but the NEJM implements a paywall for the full 3-page article.] http://content.nejm.org/cgi/content/short/362/13/1164
The following is based on a report issued by the UK's Rail Accident Investigation Board (RAIB) but heavily paraphrased by the author. Details have been taken from:- http://www.raib.gov.uk/publications/investigation_reports/reports_2010/report032010.cfm http://www.raib.gov.uk/cms_resources/20100304_R032010_West%20India%20Quay.pdf (RAIB Report 03/2010 issued March 2010) Background Docklands Light Railway (DLR) is an off-street rapid transit light railway system in London England (it is different from the London Underground or 'Tube' system). DLR trains are normally run under remote automatic computer control (monitored by controllers) but from time to time are controlled by a passenger service agent onboard, at times of so called degraded working. At the time of the derailment on 10 March 2009 this was the case, as the automatic signaling had failed at a complex three way intersection. The person driving (for simplicity referred to as 'the driver' from now on) was being given instructions by a controller in a control room by radio. When being manually driven trains can only be driven at a very restricted speed. There are very few colour light signals on this railway since they are not needed when trains are being driven automatically. Points (US: switches) where lines diverge (or converge as in this case) have Point Position Indicator (PPI) display lights (at ground level) to indicate their setting. Such setting can also, of course, be confirmed by the position of the point/switch blades themselves. In this accident the train ran through a set of trailing points at low speed and was derailed. There were no injuries and passengers were detrained rapidly to an adjacent station platform. Why did it happen? The interest to RISKS readers lie in the mix of factors that led to the incident, a mix of technical and human problems, including these: * Major long term upgrade work on the whole railway caused the signaling in this complex trackwork area to fail for long periods thus needing trains to be driven from onboard under manual control (giving a heavy sustained workload on controllers). * A software change in the behaviour of interlocking of signaling and these points, by the upgrade contractors had not been communicated by the upgrade contractor to the controllers. * The controller did not fully follow correct procedure in authorising the train forward. * The controller did not monitor progress of the train (controller was busy elsewhere) (their screen was switched to a different type of display). * The driver did not check the position of the points/switches for their intended route. * that type of Point Position Indicator was hard to see by the driver (management had postponed replacement of them as not being urgent). * The bulb in the PPI had failed (replacement of failed light bulbs in PPIs wasn't considered urgent). * The driver should not have crossed points without correct PPI showing (driver didn't notice that no indication was showing). MESSAGES TO TAKE AWAY: * Equipment that might not be safety critical in 'normal usage' becomes so in 'abnormal/degraded' working conditions * People's workloads that might not be safety critical in 'normal usage' becomes so in 'abnormal/degraded' working conditions * If it takes a lot of simultaneous failures for an accident to happen, then it will happen, sooner or later. Robert (Bob) Waixel, MBCS, CITP, MCInstM, FHEA, Cambridge, CB4 1JL, UK
As Canada prepares to roll out new electronic passports next year, experts warn the technology is far from perfect and will do little to deter terrorists from crossing our borders. Adam Laurie, a British computer security researcher, has been pointing to the flaws in ePassport technologies for the past five years. The new passports use Radio Frequency ID (RFID) microchips to store personal information about the traveler that can be used by border officials to help verify the person's identity. In one of his more famous demonstrations, Laurie in 2008 created a passport for Elvis Presley, and scanned the document at an automated passport scanner in an airport in Amsterdam. The passport was accepted by the machine and a smiling picture of Presley was displayed on the screen. "I think adding the biometric chip to the passport doesn't make them any more secure," said Laurie, who is also the director of Aperture Labs Ltd., a security consultancy. "I would say they (governments) should look very carefully at their deployment . . . the implementation of the system is poor and that means that the security of it is completely undermined." [...] [Source: Vito Pilieci, Canada's planned electronic passports easy to hack, expert warns *Ottawa Citizen*, 3 Apr 2010; PGN-ed. This is a very informative item. Browsing on Pilieci and the Subject: line above readily finds the full article, which is well worth reading.]
Computer screens in Sweden faded to black in October 2009 when the entire country lost its Internet connection, due to a missing period (in ".se"?). It took almost 24 hours to get things working again. [Thanks to Eugene Miya for spotting this terse/cryptic item, albeit with source unknown! Swedening the pot? PGN-ed]
According to U.S. Transportation Secretary Ray LaHood, nine NASA scientists with expertise in electronics, electromagnetic interference, software integrity, and complex problem solving will contribute to the the National Highway Traffic Safety Administration's review of Toyota's unintended acceleration problems — in response to suggestions that evidently emerged during Congressional hearings. [Source: John Crawley and Chang-Ran Kim, Reuters, 30 Mar 2010. PGN-ed] http://www.msnbc.msn.com/id/36092407/ns/business-autos/
(Savage/Risen) A federal judge ruled on 31 Mar 2010 that the National Security Agency's program of surveillance without warrants was illegal, rejecting the Obama administration's effort to keep shrouded in secrecy one of the most disputed counterterrorism policies of former President George W. Bush. In a 45-page opinion, Judge Vaughn R. Walker ruled that the government had violated a 1978 federal statute requiring court approval for domestic surveillance when it intercepted phone calls of Al Haramain, a now-defunct Islamic charity in Oregon, and of two lawyers representing it in 2004. Declaring that the plaintiffs had been “subjected to unlawful surveillance,” the judge said that the government was liable to pay them damages. [...] [Source: Charlie Savage and James Risen, *The New York Times*, 31 Mar 2010; PGN-ed] http://www.nytimes.com/2010/04/01/us/01nsa.html?hp
"It was also apparent that some locals were fed up with wayward tourists and developed a simple solution - large hand-painted signs stating `YOUR SAT NAV IS WRONG - GO BACK!'." http://www.stuff.co.nz/timaru-herald/news/3509311/Tourists-expect-GPS-not-maps
It appears the iPad has been jailbroken... in something like 24 hours. http://is.gd/bedl5 (youtube.com) [From Dave Farber's IP distribution. Monty Solomon noted this as well. PGN] http://www.youtube.com/watch?v=dgHNayVtHkQ
In light of all this Toyota talk, *WiReD* posted a story (and video) about Stanford and Audi teaming up to build a self-driving car--that can follow the course of the Pike's Peak rally race: It's a mix of pavement, dirt and gravel that rises 4,721 feet at an average grade of 7 percent. The current record for a production- based all-wheel-drive car stands at 11:48.434. No one expects the TTS to hit that mark, and it won't achieve the kind of speeds rally driver Marcus Gronhölm or four-time winner Nobuhiro Tajima have, but it will make the run faster than you ever could. “I want to go up the mountain much faster than anyone with any sense of self-preservation would go,” [director of the Center for Automotive Research Chris] Gerdes said. http://www.wired.com/autopia/2010/03/audi-autonomous-tts-pikes-peak/ The car has hit 130 mph (208 km/h) at the Bonneville Salt Flats.
Some of these risks have been covered in RISKS before, but this is a nice, compact package: Dan Tynan, 21 hidden tech threats and how to handle them, 31 Mar 2010 http://www.itbusiness.ca/it/client/en/home/news.asp?id=57013 Here are 21 dangers that the industry is hiding from you. But fear not, we also offer you a fix or a way to work around them.
For many years, our college dining hall has offered a "to-go" option for those who lack the time to sit down to a meal. Recently, they have become concerned about the ecological impact of the "to-go" containers, and so they are experimenting with reusable packaging. Since the new containers are more expensive and reusable, to-go diners are expected to return old containers before checking out a new one. The problem, of course, is that there needs to be way to track who has yet to return their last container. There's an obvious solution, too: simply charge people for the container, preferably at a rate exceeding the replacement cost. But apparently that idea never occurred to those in charge. Instead, they chose a Boolean flag: true if you're OK to check out a container, false otherwise. But their computer system is set up to track only one thing: money. So somebody came up with a clever solution (not). From a recent campus-wide e-mail: > Essentially, the Blackboard system is set up to ask the question: Is > this account eligible for container checkout? The $1.00 that may > show up on your account under the line item *clam shell* should be > interpreted as a *true* or *yes* answer to that question, and, if the > $1.00 is not present, its absence should be interpreted as a *false* > or *no* answer to the question. Thus, when your card is swiped when > you initially check out a container, your account goes from showing > $1.00 under *clam shell* to not showing the $1.00 at all, and when you > return a used container, your card will be swiped to update your > account to show the $1.00 under *clam shell* once again. > > If your account does not show the $1.00 under *clam shell* and you > want to check out a container, you will not be able to do so until you > pay a $5.00 lost/stolen/destroyed container fee. Otherwise (if your > container is never lost, stolen or destroyed) there is no charge for > using the eco-friendly to-go containers. Let me get this straight: if my account has been charged $1.00, I don't owe $1.00. If it hasn't been charged $1.00, I owe $5.00. Huh? Geoff Kuenning email@example.com http://www.cs.hmc.edu/~geoff/ A programmer who can't write readable prose is as incompetent as one who can't produce working code.
I recently refinanced my mortgage; it happened that the best rate was offered by our current mortgage holder, Citimortgage. (Slogan: "Citi never sleeps"...recording: "We are open 7 AM to 12 midnight Eastern time.") In an attempt to resolve some problems, I went to the online account I established well over a year ago. It wouldn't let me in, asking me to call Customer Service instead. Knowing what that would lead to, I decided that I'd first explore options such as recreating the account; that allowed me to prove that my account does still exist but didn't resolve anything. Fine. Approximately four calls and 2.5 hours on hold later, I finally talked to a very friendly human. She immediately confirmed my guess: when your account number changes as a side effect of refinancing, the online account is deactivated. The only cure is to create a new account with a new user name! The RISK, of course, is that they are polluting their database with thousands of unnecessary accounts, increasing the risk that an "old" account (with private information) will be compromised. Geoff Kuenning firstname.lastname@example.org http://www.cs.hmc.edu/~geoff/
My Mom passed. That's not the story. (Please, no need to express your sympathy. Unless it's for having to clear an estate through the gooferment bureaucrats. Argh!) I was ASTONISHED that I could put in a USPS Change of Address for her. Stunning! I'm sure no one can imagine anything that could go wrong with that. Just pick up your new credit card in Lagos Nigeria! Argh! Convenient, but imho fraught with "possibilities". fjohn
The April 1st RISKS edition made me think that it may not be unreasonable to remind folks of The Government's favorite joke, the Security and Secrecy of the Social Security Number. I, myself, was reminded just yesterday when I used my Medicare card at a doctor's office. In its wisdom, one's Medicare number — available to any/every person in any/every medical facility or pharmacy used by any Medicare recipient — is the person's SSN. These facilities almost certainly have addresses, and a host of other personal information, to go with the SSN's. Anyhow, the receptionist asked the person in front of me for her Medicare number (which that person read out, aloud). When it came my turn, I asked the receptionist if she wanted my Social Security Number, she replied - No, certainly not, she just needed my Medicare number. I handed her the card. Moral: Don't turn 65
[Pretty amazing... the foresight needed to plan how to handle deteriorating circumstances...] http://spaceflightnow.com/news/n1003/31spirit/ [PGN notes: See earlier mesages in RISKS, e.g., beginning with 23.15, and Jim Griffith's comment (RISKS-23.17) I'm so disappointed that PGN didn't go with the obvious pun -- that Spirit was willing, but its flash was weak...]
This story relates how man broke into the house of a woman with whom he was infatuated and downloaded child pornography onto her husband's computer in order to frame him and get him out of the way. The innocent husband was initially arrested although later cleared. Unfortunately, the article doesn't go into more detail about how the police eventually figured out it was a frame-up. http://www.timesonline.co.uk/tol/news/uk/article7081986.ece I bet many people don't consider how well their *home PC* should be secured. In this (admittedly bizarre) case, perhaps if the husband's PC were better protected (my speculation) the scheme wouldn't have been possible. Even in cases where people have passwords on their own accounts, what about "guest" accounts which, although they might have no access to your personal files, could still allow enough access to the PC to leave a trail of "evidence" of wrongdoing? I wonder what standards are used in law to determine that just because one's PC was used for something, the owner was responsible? If (say) there was no password on the machine, what proof is there of who was using it? This seems similar to how other types of electronic information are used in legal situations - eg, if an automatic camera shows your car was speeding, what standard is used to identify the driver? Is there legal consistency in these various areas? Whatever rules of inference are used, clearly they could be used to protect the innocent as well as to obscure the actions of the guilty, so balance has to be carefully set.
http://bit.ly/9j7zV8 (net-security.org) The obvious question — what's to stop this sort of scenario — or even more likely one conducted remotely via targeted malware, from destroying lives when there isn't such a "lucky" happenstance of evidence pointing to someone else?
No, this isn't an April Fools' joke. Gloria's driver's licence is up for renewal this year, so she was down to the DMV office about a week ago. Today her licence came. When she opened the mail this morning, she informed me that, apparently, I was gay, since the government had determined that she was male. It said so, on the licence that had just come. She was a little concerned with how she was going to have to get the government to admit that they had made a mistake (never an easy task). She was going prepped with birth certificate and passport, but wondered if she was going to have to go through some kind of medical exam. I thought of suggesting that she take our marriage licence, but I guess that doesn't prove anything in Canada, anymore. She got down to the office, and lined up at the reception desk, where you have to get your number. She was behind a young man who wanted some third party (who didn't speak English) to get a driver's licence, on the basis of some incomprehensible piece of paper. He wasn't about to take "you have to contact office A, and fill out form B" for an answer. The receptionist, the usual droid, was unable to get out of the loop and deal with the line that was forming. Another worker beckoned to my wife to come over. As Gloria started to leave the line, the receptionist got very agitated, calling out that she had to have a number. The other worker confirmed that Gloria should come over, so she did. (Possibly a mistake, since any government functionary who is willing to work outside the process has obviously not yet had their sense of humour surgically removed, as events will show.) Gloria laid out all the paper, and explained that the government had changed her into a man. The worker got the giggles. Gloria continued to explain the situation, including her comment to me that I had become gay. At that point the worker completely lost it, head in hands, face down over keyboard, howling with laughter. She finally composed herself, got her breath back, straightened up, took one look at Gloria and lost it again. Once the laughter subsided to intermittent giggles, Gloria continued explaining the documentation she had brought, including my suggestion about the marriage certificate, and the reason it wouldn't do any good. Which set the worker off again. The worker had to go through and check every field in order to make the correction. At the end of that process, she had to take another photo for the licence. The camera positions are separate stations. The one nearest Gloria was occupied by a very, very large person-of-colour (built like a football player), who had noticed the disturbance. As Gloria approached, he noted that she and the worker had been having *way* too much fun for anyone in a government office, and the situation was explained. As Gloria had to pass him in order to get to the other photo station he stepped out of the way, and said "Sorry ... Dude." So, Gloria is back to being a woman. Officially. I guess I can go back into the closet. (I suppose this can be filed under data integrity, verification, and identity theft.) (Hopefully this will not have offended anyone of any sexual orientation, skin colour, or data-entry classification.) victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade
I've been using bogofilter <http://www.bogofilter.org/>, a Bayesian <http://en.wikipedia.org/wiki/Bayesian_probability> spam filter, to filter email coming into my inbox for over seven years; I even wrote and maintain the Milter <https://www.milter.org/> that integrates bogofilter with sendmail <https://www.milter.org/milter/7>. Until quite recently, it has been remarkably effective. For example, in the past year, an average of 935 spam messages per day have passed through my bogofilter, and it successfully identified over 98% of them as spam, with very, very few false positives. All that changed on 10 Mar. Since then, the success rate of bogofilter has plummeted from over 98% to less than 85%. In real terms, this means I'm being forced to at least briefly eyeball well over 100 spam messages per day to confirm that they're spam so I can tell bogofilter to retrain them, whereas before I was seeing less than 20. Yowza! (You can see a 60-day history of my bogofilter stats showing this dramatic drop on my home page <http://stuff.mit.edu/%7Ejik/#spam>.) The cause of the success rate plunge appears to messages such as this one <http://jik3.kamens.brookline.ma.us/%7Ejik/sample-spam.eml>, each of which contains, below the actual spam payload, a sequence of random text snippets on many different topics. These messages are coming from many different IP addresses, so it would seem that they're being generated by a botnet. I did a quick statistical analysis of a small subset of these messages that I've received, 35 of them, and discovered that these 35 messages contained 10,860 unique words, of which over 68% appeared in only one of the messages, 81% appeared in one or two messages, 87% appeared in 1-3 messages, 90% appeared in 1-4 messages, and 98% appeared in less than half of the messages. This would seem to indicate that the text snippets being used by the spam generator vary widely and are thus likely to hit upon keywords that previously occurred in legitimate email. It would seem that somebody has figured out how to do a pretty good job of outsmarting Bayesian filters. Frankly, I'm rather surprised that it's taken this long. I've started a discussion about this on the bogofilter mailing list, which those of you who are curious can follow at http://thread.gmane.org/gmane.mail.bogofilter.general/11492.
Kalin Tyler posted an ad on Feb 18 in RISKS-25.95 encouraging those interested to pre-register for FOSE 2010 and get a discount to the conference and exhibits. Not a bad idea, but I had a better one, or at least, I thought it was, at first, anyway. I found an even cheaper way, with some drawbacks. Dice.Com was offering free admission to the exhibits if you pre-registered with them, supplying your resume. (Since they already have my resume on file it's not a big deal to do it again.) So I did, and got a confirmation page note saying I was registered. I go out to the exhibit, which is at the new Washington (DC) Convention Center. As the note said, I go to one of the self-check-in kiosks - in this case, a bunch of laptop computers - and try to get an admission. Asks for e-mail address and zip code. Doesn't work. Maybe I have the zip code wrong (my home is in one zip code and my office has a different one.) I'm trying several times and getting more and more unhappy at basically being called out on a fool's errand. (The exhibits are interesting but they're not worth paying to see, and I'm not going to.) By now I'm getting very frustrated, and, I guess, seeing a 6'2", 400 pound man in a power wheelchair getting very angry at one of their computers because it keeps telling me I'm not registered, scares some people, so one of the staff comes over to help me, then he directs me to a registration clerk and tells her to go ahead and register me manually. I'm not the only one they had to do this for. Apparently FOSE's computer systems weren't able to get registration data transferred from the other 3rd-party systems... [Ur efforts were REFOSED by Ur FOES? PGN]
Please report problems with the web pages to the maintainer