Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
(Kim Severson) [Source: Kim Severson, *The New York Times*, 29 Dec 2010] http://www.nytimes.com/2010/12/30/us/30airlines.html Atlanta - Some travelers stranded by the great snowstorm of 2010 discovered a new lifeline for help. When all else fails, Twitter might be the best way to book a seat home. While the airlines' reservation lines required hours of waiting - if people could get through at all - savvy travelers were able to book new reservations, get flight information and track lost luggage. And they could complain, too. Since [30 Dec 2010], nine Delta Air Lines agents with special Twitter training have been rotating shifts to help travelers wired enough to know how to "dm," or send a direct message. Many other airlines are doing the same as a way to help travelers cut through the confusion of a storm that has grounded thousands of flights this week. But not all travelers, of course. People who could not send a Twitter message if their life depended on it found themselves with that familiar feeling that often comes with air travel - being left out of yet another inside track to get the best information. For those in the digital fast lane, however, the online help was a godsend.
The following report here states that unprotected SIM cards are part of traffic lights in Johannesburg. http://www.joburg.org.za/index.php?option=com_content&view=article&id=6068&catid=88&Itemid=266 No surprises when thieves stole them to make free anonymous calls. So which part of the risk assessment of this design ignored the fact that if the SIM was removed it could be used in any phone to make free calls? The mind boggles.
[Source: Virginia Heffernan, *The New York Times*, 7 Jan 2011] http://www.nytimes.com/2011/01/09/magazine/09FOB-medium-t.html One in five teenagers in America can't hear rustles or whispers, according to a study published in August in The Journal of the American Medical Association. These teenagers exhibit what's known as slight hearing loss, which means they often can't make out consonants like T's or K's, or the plinking of raindrops. The word "talk" can sound like "aw." The number of teenagers with hearing loss - from slight to severe - has jumped 33 percent since 1994. Given the current ubiquity of personal media players - the iPod appeared almost a decade ago - many researchers attribute this widespread hearing loss to exposure to sound played loudly and regularly through headphones. (Earbuds, in particular, don't cancel as much noise from outside as do headphones that rest on or around the ear, so earbud users typically listen at higher volume to drown out interference.) Indeed, the August report reinforces the findings of a 2008 European study of people who habitually blast MP3 players, including iPods and smartphones. According to that report, headphone users who listen to music at high volumes for more than an hour a day risk permanent hearing loss after five years. Maybe the danger of digital culture to young people is not that they have hummingbird attention spans but that they are going deaf. ...
"The problem is that nothing works 100%. GPS is very close, but for some users under some circumstances, "very close" is not good enough" Feb 2009 B0x00D6RJE FORSSELL http://mycoordinates.org/the-dangers-of-gpsgnss/
Noted by Lauren Weinstein: http://bit.ly/gV2NbK (SFGate)
http://news.cnet.com/8301-27080_3-20025957-245.html "Another potential problem for Web sites is that an outage at Facebook could affect the ability for people to log in on the other sites using Login for Facebook." "Facebook advises people to make sure that when they are signing up via Login for Facebook on a site that a window pops up in a new browser and that it includes a legitimate Facebook.com Web address. Otherwise, the user could fall prey to a scam that looks like a legitimate Login for Facebook implementation but is instead a ruse to steal log in information."
I have tried this on my own phone (a Samsung C3053); since the police emergency number in Israel is 100 rather than 911, I assumed I would not be calling them by mistake—which the phone promptly did. It seems that the local vendor had pre-programmed the phone to dial 100 as the default emergency number; this number can be dialed by choosing "emergency" from the menu, or by dialing the international emergency code 112 (which is defined to work even if the phone is off). Apparently, dialing 911 also triggers this function, although this is not documented anywhere. In the case described in the referenced article, the phone's default emergency number could have been programmed to a number different than 911 (or not initialized at all), which is where the phone was redirected to when actual 911 code was pressed.
The White House has long required SSNs from visitors, presumably to facilitate background checks. The problem, of course, is society's penchant for using the SSN both for identification (OK, though a number with some sort of checksum would be better) and authentication (bad.) The best way to end the later would be to follow Marcus Ranum's suggestion of some years ago and make all SSNs public.=20 Check out my new blog at swildstrom.wordpress.com Steve Wildstrom email@example.com Twitter: www.twitter.com/swildstrom Swildstrom on Facebook & LinkedIn www.wildstrom.com/steve
A sensible approach is to consider first, the likelihood of disclosure, and second, the costs if data are disclosed. For the first, the chances of some random bad guy reading e-mail in transit is very low. This concern seems to be left over from the era when coax Ethernet cables snaked through the utility closets of college dormitories. How often do you hear about a bunch of e-mail in transit getting published by mistake? For the second, SSNs are about the least confidential pieces of data around. Every bank, credit card, employer, and landlord has your SSN. In crimeware carder forums, you can buy data dumps with SSN for a dollar or so apiece. The real risk is the fiction that someone who presents your SSN has established that he is you. From a security viewpoint, we'd all be better off if our SSNs were tattooed on our foreheads so nobody thought they were secret. You can certainly argue the the SSN is a lousy identifier, but it's silly to niggle about how it might be transmitted from one place to another. John Levine, firstname.lastname@example.org, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly PS: Yeah, but what if the GOVERNMENT is spying on the White House?
>[...] the social element of the sociotechnical system that is a >hospital was able to quickly reorganize in multiple ways and >keep essential services operating in at least some fashion for >the duration. Many of these adaptations were made "on the fly" [...] I consider this an example of one of the primary technology (esp. computers) risks to society: When an organization needs to spontaneously reorganize (on the fly or otherwise), and its operations are closely tied into its computer systems, changing the behavior of the organization becomes difficult and sluggish, as it requires the involvement and full cooperation of the relatively few people in the world who know how to change the computer systems, and the skill to do so without breaking them. A relatively large number of people in any given organization know how to reorganize people and systems on the fly. But it's not usually many at all who have the skills to reshape the computer systems behind them. In this story, some computer systems had failed, and one reason the medical center could manage its disaster was because it was temporarily no longer tied to those systems, and it could thusly experience the fluid changes its staff could envision. In a normal course of operations, bypassing the computer systems isn't an option, which makes change that could otherwise be performed by many people expensive and error prone. This is a large societal problem, created by the widespread shift to computer dependency in an era when it's still the case that relatively few people are able to program computers.
In RISKS-26.28, I told how I stupidly knocked over an external USB drive, and it won't work. A reader here made a suggestion: buy a duplicate, try disassembling the old drive, then put the components into a replacement long enough to recover the files to a third unit. Not a bad idea since the files are effectively lost anyway and I can't afford $1100 to have the drive recovered. As I said I'm stupid. I also realized I ran a duplicate file finder a month ago on this drive and it had deleted some 12,000 duplicates, and I didn't even notice anything gone. Therefore my collection of just my lost music files, not counting anything else on the drive, probably isn't a mere 4,000 files, it's probably more like 14,000. It's a Buffalo HB250U2, an external powered USB 2.0 drive and it's so "small" at 250GB they stopped selling them in 2007! So I used a screwdriver and opened it. It's effectively a USB hard drive adapter, and it contains a Western Digital WD250BB standard 3.5" hard drive with a 40-pin ATA (or SATA, I don't know which) adapter and 4-pin power cable. When it's powered up Windows "pings" to indicate it does see a good USB connection but the drive itself just makes a lot of clicks. It could also be that the USB -> ATA conversion circuits are damaged. If another drive would work here, then that's not the case. I really do suspect the drive is damaged rather than the converter circuit but it's worth a try. If the platters are not broken and if it's merely the head unable to move and not platter/spindle damage, then a move to a drive with an undamaged head might work. If I can figure a way to disassemble the drive, then move the old platters into a duplicate drive, I might be able to read the old drive contents onto a new drive. I don't even need a jury-rigged contraption like that to work for a long time; I only have to get it to work long enough to read the old platters. These drives can still be bought now for about $65. So I might be able to solve my problem if two things are true: the old platters themselves are undamaged and I can move them to a duplicate of this drive. Worst case scenario is I waste $65 and find out I can't. So it will still hurt but at least there is a chance. Also, I could try hooking this drive directly to an ATA cable and see if a utility program like Spinrite (that talks to the drive directly) can read it then I don't even have to open it. So I have options. We shall see.
I just recently wrote an article that Paul's submission completely supports. http://www.garnercitizen.com/2011/01/11/technology-corner-this-year-back-up- your-pc/ "This is by far the greatest computer-ownership failing I encounter, namely that PC owners do not back up their machines or critical data. It's almost like not changing the oil in your car - you can only get away with that for so long." "When I am called on a more catastrophic service call ("Cannot boot up," "So virus-infected, I cannot get to the Internet at all"), I always ask, "Do you have any critical data on the machine, and do you have a backup of it?" The answers for those two questions range from yes/no to yes/sort-of to yes/I've-always-meant-to. If they have a backup, I ask if they have ever tested it or tried to restore from it. Invariably the answer is negative." Paul's experience was my third category of catastrophic failure. The other two were Fire and Theft. George Adomavicius, Cary NC Lanzena Computer & Consulting Services, email@example.com 919-413-1922 http://www.lanzenaccs.com
> [Also noted by Charlie Shub. citing the author of the 1961 movie > Ernest K. Gann, and the Glenn Ford movie (1964). PGN] Ernest K. Gann wrote the 1961 *book* "Fate is the Hunter". Harold Medford wrote the movie starring Glenn Ford. By all accounts has little to do with the book; as far as I know, the coffee incident was invented for the movie.
Please report problems with the web pages to the maintainer