Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The review board has concluded that an errant computer command five months earlier had been placed in the wrong memory location, which acted as a time bomb that effectively disabled a safety feature intended to keep the solar panels from rotating too far, ultimately hindering communications. In its final 13 minutes, Global Surveyor reported various alarms. In attempting to recover, the sun-oriented battery overheated, the resulting signal was misinterpreted by the software, which stopped charging the OTHER battery. Because of the earlier error, controllers could no longer control the spacecraft. Launched in 1996, and taking 10 months to reach Mars, Global Surveyor sent back 240,000 images, lsating much longer than originally intended. [Source: Kenneth Chang, *The New York Times*, 14 Apr 2007; PGN-ed]
http://www.passablynews.com/index.php?subaction=showfull&id=1175830780&archive=&start_from=&ucat=& In a nutshell: on 11 Mar 2007, a school received a bomb threat and through their phone logs traced the call back to a 15-year-old boy, who was arrested and incarcerated for twelve days despite the fact that the boy's voice sounded nothing like the voice on the tape. Of course the authorities had forgotten about the early onset of daylight savings time, and the boy had actually called the school *an hour before* the bomb threat. Aside from the scary fact that it took twelve days for the authorities to sort this out, the account contains this precious little burn-the-witch moment: "After he protested his innocence, ... the principal said: 'Well, why should we believe you? You're a [terrorist]. [Terrorist]s lie all the time.' " All this would be more amusing if we hadn't been doing more or less the same thing on an epic scale for over five years now.
During the week beginning with April Fools' Day, the Caltrain time display has been one hour *ahead* of PDT. I presume that a manual change was inserted at the time of the US cutover to DST, and that the subsequent preprogrammed change was not disabled. It is utterly amazing how complicated clock arithmetic management seems to be for developers and users.
Here in Florida, the voting screw-up capital of the world, our legislatures are being bombarded by both "sides" of the voting machine debate. Amazingly, there is a well funded and vocal group that doesn't care about voting integrity, and are working to convince the legislature that the lack of touch screen machines is an infringement on the rights of the disabled. [*] Their logic is that since the disabled (usually blind or physically impaired) folks cannot enter the polling place and cast their vote without some extra help, that their voting rights are being denied. Their quote is at the end of this article; http://www.news-journalonline.com/NewsJournalOnline/News/Politics/LocalGov/evlHEAD01POL032107.htm The folks looking for a paper trail are considered the enemy of the disabled since there is not yet a certified touch screen machine with a paper trail, in Florida. Worse yet, there is a subset of folks who have latched onto the paper trail fight who erroneously believe that the voter will get a copy of the submitted paper, so that they can verify that the vote they cast, was properly recorded. In my communications with these folks, I have found that the vote buying that could occur, never crossed their mind. The sad part about all this is that the lobby for the disabled has stated that they don't care about the integrity of the system, and that their only goal is to make sure that there members can vote. During the time that this debate was at its peak, they had many of their members from out of state, call Florida radio talk shows, using pre-scripted speeches, stating that they felt that their voting rights were being limited. Luckily, there members were honest, (even if their lobbyists are not) and when asked where they were located, and if they ever voted in Florida, would answer truthfully. (Radio talk shows are the grass roots leaders in many parts of Florida.) Almost no one in politics has enough understanding of the technology to see the pit falls of a virtual voting system. And almost no politician has the backbone to stand up against a lobby claiming to be helping disabled folks. It is hard to understand, especially in a state that is forever tainted by the largest election upset in recent US history, why any resident would even consider a system that has questionable output, that is not recountable. (The paper votes from the 2000 election were each recounted, by an independent group of Newspapers, and the results were correct, but that was not front page news...) Greetings from Flori-duh, Arthur [* Actually, there are also some very articulate statements from within the visually impaired community that counter this argument, for example, Noel Runyan's report, "Improving Access to Voting"; see www.demos.org and www.voteraction.org . Noel is exceptionally well qualified in this regard: "Noel Runyan became a critic of voting machines after his own experience with the Sequoia Edge II and subsequently became an expert witness in three separate lawsuits brought by Voter Action alleging that the machines were inadequate and therefore unlawful. He has worked with advocates to promote accessibility and security in voting systems as mutually attainable goals." PGN]
This is certainly not the only case of software causing a physical problem, but it's one of the more unusual ones I've run across. Metro (Washington DC's subway system) is one of the more automated subway systems around. The key to the problem seems to be as follows: "The fire [on Easter Sunday] started after a sensor underneath the rail car failed, causing the voltage in the car to rise. At the same time, the software designed to monitor the flow of electricity also failed, causing overheating in the resistor grid, an electrical component under the car that absorbs excess energy, officials said. A Metro official said the software was not designed to take into account the failure of the voltage sensor. A check of all affected rail cars found no other bad sensors, officials said." As I've been spending a lot of time working on electronic voting issues, I thought about how a few simple word changes might explain some of the voting system failures we've seen - perhaps failures of sensors on touch screens are causing unexpected interactions. This is just an hypothesis - but shows that just as Metro undoubtedly spent millions of dollars testing the rail cars without finding this problem (until a serious fire brought it to their attention), so too might similar problems occur in voting systems. The difference is that in today's paperless voting systems, the fire is smoldering quietly and unseen - but still doing damage. http://www.washingtonpost.com/wp-dyn/content/article/2007/04/12/AR2007041202061_pf.html
A friend of mine had an interesting banking experience with Citibank this weekend. She wrote a check for $990 on Friday expecting it to take at least two days to clear. On Saturday she was surprised to see a negative $300 balance. No problem, she transfered $1500 from another account at the same bank via an ATM. A subsequent check on line later that day showed the new money in her account, a positive balance and the universe back in harmony. Then things got weird. On Monday Citibank credited back the $990 check as a returned check and debited a $30 fee for doing it. The end of day balance for Monday was over $2200. We both went into the branch today, and the manager couldn't give a rational explanation as to how a check that appeared to have cleared in real time and caused an overdraft (for which they charged interest) had in fact not cleared and how a $1500 transfer that was available in real time (she took some of it out at an ATM which also showed the check as cleared) was now only showing as credited on Monday. As best I can figure out the system only appears to effect transfers and clear checks in real time when, in fact it's still happening on an end of business day basis. The result is what you see on the screen is not really what you get. The manager credited the $30 and my friend smoothed things over with the recipient of the bounced check but I will now be much more skeptical of what Citibank's computer is saying to me. John Pettitt (who in another life wrote credit card processing software)
I just returned home from staying at hotel, part of a major chain I won't embarrass by naming. It uses one of the now almost ubiquitous mag-stripe room keys. I returned to my room the second day and discovered the key wasn't working. I walked over to a nearby house phone and called the front desk to report my trouble. The clerk apologized for whatever trouble I was having and promised to send a new key right up. She then started to say something about my cell phone and I thought maybe she wanted to be able to call me back and then I realized she'd been asking if I'd carried the key next to my phone. (yes, I had been — I gather now that's an easy way to erase them.) Apart from that useful piece of information which I'd probably read before but never noticed (since I only recently joined the 21st century and got a cellphone) that's not the point. I waited awhile and somebody did show up and handed me a new key — I did give him my old one, although he didn't ask for it. Nowhere in any of this process did anyone ask for any identification — I'm not even sure I identified myself when I called the front desk. Need I say any more?
This sounds like a case for "watermarking", "stenography", or a good old fashioned notary? I am surprised that the concept of a "digital notary" has not taken off for just such situations. (Maybe there's a web20 application for me make into the next google? I could be rich! And, get a life, instead of reading ezines, blogging, and commenting.) Maybe it has and I just haven't heard of it! While the Internet Archive is a good idea, one has to wonder if push came to shove (i.e., think RIAA as the model for a Pyrrhic victory) if that would be acceptable evidence in a legal proceeding. I'd envision the digital notary as a website that: CASE#1 — takes an url, "photographs" it, computers a digital signature, saves and encrypted copy, sends you a receipt, and publishes the checksums. The disadvantage is that you have exposed your content on the web. CASE#2 — takes anything you send it and do the same. The disadvantage is you've shown it to a nosy notary like me. CASE#3 — takes a file from you that you want to keep secret and "seals" it as well in a similar fashion. [NOTE: I need two key pairs. Call them FERDINAND and REINKE. I'd envision that I'd take my secret treasure map (MAP) to the Lost Treasure of the Sierra Madre and encrypt it with my REINKE private key. WORK1=ENCRYPT(MAP,REINKEPRIVATE) Anyone who had that file could read the map using REINKEPUBLIC. Then, I'd encrypt it with my FERDINAND private key. WORK2=(WORK1,FERDINANDPRIVATE) Anyone who had this file would know there was a file and it was mine by using FERDINANDPUBLIC. Then, WORK2 goes to the notary. The notary decrypts WORK2 with FERDINANDPUBLIC, and ENCRYPTS with NOTARYPRIVATE and returns it to me. Then, since I am getting old I promptly forget all my passwords, lose the keys, and the LOST TREASURE stays lost.] The digital notary would seem to be a useful service for such disputes. Now all I need is a PowerPoint deck and some VCs. And a spare checkbook to put all the money in. Ferdinand J. Reinke, Kendall Park, NJ 08824 http://www.reinke.cc/ blog: http://www.reinkefaceslife.com/
Support Intelligence releases daily reports on different fortune 500 companies which are heavily affected by the botnet problem, with many compromised machines on their networks. You can find more information on their blog: http://blog.support-intelligence.com/ They are good people, and they know botnets.
Recently I was trying to book an internal flight on Brazilian airline TAM, I made my ebooking OK, and then went on to the VISA payment stage (not via PayPal). I typed in my country address as UK. It also wanted my date of birth. All OK so far. But then it also wanted a CPF number. I phoned VISA (on a premium rate phone no.) and after being on hold for a long while, a call agent then admitted that she hadn't a clue what a CPF no. was. A search of the newgroups elicited that this was a Brazilian citizenship no. for tax and social security purposes. I obviously did not have such a no. And so TAM lost its online booking. Time wasted - one hour. The TAM web site was stupid enough to think that just because I wanted to book a flight online that I was a Brazilian citizen not a tourist from the UK. The risk? Due to the poor design of its booking and payment system TAM lost an online booking for the want of an 11-digit no. which I did not have. I wonder how many other online bookings it has lost because of this?
I apologize in advance for the (perhaps overly, but not completely for this situation) detailed nature of this submission. I've tried to edit it as best I can to keep the content strictly relevant. They stopped someone because the computer said the car was untaxed and uninsured and the driver tried to show them an insurance certificate. ... Looks as if the (rather familiar) risks here are (a) ambiguity as to what is regarded as the definitive record — in this case, computer database or paper insurance certificate? — and (b) how individuals can find themselves in trouble for others' errors and omissions, e.g. if your insurance company makes a mistake in updating the database. Presumably you could prove in court that you have a valid policy, but that's not much good if you're detained by police at the side of the road a long way from home. I can think of an analog situation in the U.S. that, while it admittedly affects a much smaller group of people, is far scarier in terms of its potential consequences. Under U.S. law (and few other than a rarefied group of collectors know this), it is legal to own certain rare and exotic small arms such as machine guns and firearm sound suppressors if properly registered. The Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATFE) is charged by the National Firearms Act of 1934, as amended (NFA), with maintaining the National Firearms Registry and Transaction Record (NFRTR). In short, all transfers of such firearms (to and between licensed dealers/manufacturers, individuals, law enforcement agencies, and corporations) are subject to a tax (waived in the case of government agencies and licensees), recording in the NFRTR, and in the case of individuals, very stringent background checks. Military organizations are the only entities exempt from these recording requirements. As an aside--and the reason for this will soon be demonstrated--collectors of NFA items are typically very detail-oriented when it comes to strict adherence to the law. When an individual transfer is initiated, the transferor and transferee fill out a paper document known as a Form 5320.4 (there are other forms and situations but I'm trying to keep this simple--the law sure doesn't) and submit it in duplicate , along with payment of the transfer tax, to the ATFE's NFA Branch, which investigates the item's history, if any, in the NFRTR. Upon successful completion of the necessary background checks, the ATFE approves the Form 4, updates the electronic NFRTR, and affixes and cancels a Tax Stamp bearing the item's serial number to each original paper document. ATF then keeps one original for government records and sends the other to the transferor, who gives it to the transferee, along with the firearm in question. As has been reported elsewhere, http://www.cs.cmu.edu/afs/cs.cmu.edu/user/wbardwel/public/nfalist/rip/index.html the NFRTR has been in deplorable condition for some time. Many registration documents have been lost by ATFE, and some were even willfully destroyed by ATFE contract employees in a well documented case. Furthermore, the electronic database that serves as the authoritative Registry is known to have serious flaws and inconsistencies. Due to various political and financial issues, the ATFE has been slow to rectify these problems with the NFRTR (although the pace seems to have picked up since a recent wholesale relocation and restaffing of the NFA Branch). Thomas Busey, who was the Chief of the NFA Branch for a period in the 1990s, admitted in a videotaped training session in 1995 that the NFRTR had a 49-50% error rate. Mr. Busey also stated in this session, "Let me say when we testify in court, we testify that the data base is 100 percent accurate. That's what we testify to, and we will always testify to that. As you probably well know, that may not be 100 percent true." In a 1998 letter to Chairman Dan Burton of the House Committee on Government Reform and Oversight http://www.cs.cmu.edu/afs/cs.cmu.edu/user/wbardwel/public/nfalist/rip/leasure_letter_re_nfa_destruction.txt pursuant to a conviction based on flawed NFRTR information, David Montague, an attorney for the defendant (whose convictions were previously overturned) wrote: "To make matters worse, Mr. Busey was summarily fired and the transcript of his remarks hushed up. His remarks did not become known to the world until obtained on an FOIA request from attorney James Jeffries, III, of Greensboro, N.C." Given the steep penalties for mere possession of an unregistered firearm regulated under the NFA (minimum sentence: up to 10 years' imprisonment and/or a fine of $10,000 for each violation), there is a high RISK to lawful transferees associated with the poor condition of the NFRTR brought about by neglect and/or willful violation of the law by the government agency charged with upholding this law. Thankfully, it is considered an affirmative defense for a person found in posession of an NFA-regulated item to produce their original approved registration document, complete with canceled tax stamp. This typically is enough to prevent any further legal action against the individual, presuming no other laws have been violated. However, it's no excuse for an agency not maintaining a correct record. Otherwise, as James Bardwell, a documentor of firearms law, and keeper of the NFA FAQ states: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/wbardwel/public/nfalist/nfa_faq.txt "If you don't have the paperwork, and it isn't in ATF's computer, (it is likely they will check, even though they don't have to prove non-registration, they don't want someone to wave a registration form in their face during a trial) you can have a serious problem." The RISKS? Having a government registry of items (cars, guns, whatever) that is inadequately maintained, poorly transcribed from paper to electronic database, and considered to be authoritative, without adequate assurance of accuracy. Potentially forcing, due to political realities, government agents to perjure themselves in court when questioned about the accuracy of the records in question. Endangering, by rendering government records unworthy of trust in court, legitimate cases against truly guilty defendants. In the special case of the UK's auto registry, the lack of recourse "at the curb" to paper documentation by the defendant is unnecessary and injurious. In any event, regardless of the stakes or whether the individual is innocent of wrongdoing, it can be prohibitively expensive (in time, money, reputation, and opportunity cost) to defend oneself when the big wheels start turning. And it seems especially unjust when the situation is initiated by "others' errors and omissions"--much less their willful violation of the law.
Debate the Future at the 17th annual Computers Freedom and Privacy Conference, 1-4 May 2007 at the Hilton Bonaventure Hotel in Montreal, Quebec. WWW.CFP2007.ORG CFP is the conference where the inventors and innovators on the Internet met the industry, the regulators, and the creative community to talk about the new freedoms the net brought. Free speech, censorship, filtering spam, crypto controls, business security, dataveillance, were all meat for the all-night debates that took place at this annual gathering. There has never been a greater need to talk about these issues. This year's agenda is packed with plenaries and breakout sessions, and Birds of a Feather sessions that look at all aspects of the growing threats and opportunities for autonomy in cyberspace. Featured Speakers * Whitfield Diffie Sun Microsystems * Ron Rivest MIT * Simon Davies Privacy International * Michael Geist University of Ottawa * Bruce Schneier BT Counterpane * Kim Cameron Microsoft * 1 full day workshop * 8 half day tutorials * Topics include: * ID Management * Digital Divide * Surveillance * Stalking * Wiretap * War on drugs * Digital Millennium Copyright Act * Charter rights * RFIDs * Spyware * No Fly lists * Traffic analysis * Airline Passenger Data * Health Information * Censorship * Data Retention * Forensics * Security Information Management All this and lots more! Watch the program at www.cfp2007.org Simultaneous Translation throughout plenary sessions *Discounts for Students and ACM Members* Stephanie Perrin, Chair CFP2007, forge@ca.inter.net
Program Update and Call for Extended Abstracts
Joint Workshop On
High Confidence Medical Devices, Software, and Systems (HCMDSS)
and Medical Device Plug-and-Play (MD PnP) Interoperability
June 25-27, 2007
Boston, MA
http://www.cis.upenn.edu/hcmdss07
The program for the Joint Workshop on High Confidence Medical Devices,
Software, and Systems (HCMDSS) and Medical Device Plug-and-Play (MD PnP)
Interoperability will feature 2-3 keynote speakers, presentations of
selected technical papers, interactive panels of 3-4 speakers on
important topics that require invited experts, demonstrations, and
poster presentations. Papers for presentation are being selected that
outline current and future directions for the development of the HCMDSS
and MD PnP fields, as well as recent advances in the state of the art,
with perspectives from government, industry, and academia.
A competitive Call for Papers was issued in late December and early
January, and more than 30 submitted papers were received by the February
20th deadline. These were a mix of technical papers and position papers
or summaries of work-in-progress. The Program Committee has reviewed
these papers, and is contacting the submitters to either (1) accept the
paper for a full presentation (estimated at 20 minutes plus 5 minutes
for Q&A) or (2) request submission of an extended abstract (2-3 pages)
on the work, which will be presented more briefly through a poster
session, as a demonstration, or as part of a panel, as decided by the
workshop organizers. Submitters whose paper is accepted for a full
presentation may also elect to provide a poster or a demonstration.
Extended abstracts should not exceed 3 pages (750 words). PDF format is
preferred, but MS Word and PostScript are also acceptable.* The deadline
for extended abstracts for all submitters is April 20th .* Extended
abstracts should be submitted by e-mail to hcmdss@cis.upenn.edu .
Further information about the workshop can be found at the HCMDSS/MD PnP
workshop web site, _http://www.cis.upenn.edu/hcmdss07_.
Julian M. Goldman, Insup Lee, Oleg Sokolsky, and Sue Whitehead
HCMDSS and MD PnP Workshop Organizers
Please report problems with the web pages to the maintainer