Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: RISKS List Owner (riskocsl.sri.com)
Date: Mon Jan 07 2008 - 18:59:23 CST
RISKS-LIST: Risks-Forum Digest Monday 7 January 2008 Volume 25 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Fire! Works! oops, too slow (Mark Brader)
Boeing 787 networking issues (Martyn Thomas)
Feds Release Pass Card details (Brock N. Meeks via David Farber)
Has chip-and-pin failed to foil fraudsters? (Pere Camps)
Sears exposes customers' information via its web site (Rich Kulawiec via IP)
User Data Stolen From Pornographic Web Sites (David Lesher)
Election Computers Stolen in Tennessee (David Lesher)
Er, Airline Captains Do What, Again? (Rick Moen)
Mercedes console display with conflicting information (Henry Baker)
Mac Quickbooks update deletes user desktop (Bonnie Packert)
No more loose lithium batteries in checked luggage (Peter Gregory)
Risks of believing what you see on the WayBack Machine (Fred Cohen)
Re: Computer Failure Causes Closure of Seattle Downtown Transit Tunnel
Re: Satnav: Nope, you can't get there from here. (Craig DeForest)
Re: Satnav (Martyn Thomas)
Re: Drunk a better guide than sat nav (Ross Younger)
Passing of Computing and Information Security Pioneer: Jim Anderson
Abridged info on RISKS (comp.risks)
Date: Wed, 2 Jan 2008 13:33:53 -0500 (EST)
From: msbvex.net (Mark Brader)
Subject: Fire! Works! oops, too slow
Due to "a corrupted computer file", a New Year's fireworks show in Seattle
had to be set off manually. Not only did that mean that the technicians had
to *press all the buttons themselves*, but the display was *not properly
synchronized* with the music that accompanied it! What a horrible fiasco!
Oh the humanity!
[I suppose Manual-ed Fire could have been accompanied by Manuel De Falla.
I defy-ya' to play Noches en los jardines de Seattle as accompaniment.
On the other hand, if the manual operation had misfired, they might have
been sheepless in Seattle. PGN]
Date: Sun, 06 Jan 2008 09:56:56 +0000
From: Martyn Thomas <martynthomas-associates.co.uk>
Subject: Boeing 787 networking issues
The FAA has issued "special conditions" for certification of the Boeing 787.
(mirrored at http://cryptome.org/faa010208.htm).
In part, these state:
"Novel or Unusual Design Features
The digital systems architecture for the 787 consists of several
networks connected by electronics and embedded software. This proposed
network architecture is used for a diverse set of functions, including the
following: 1. Flight-safety-related control and navigation and required
systems (Aircraft Control Domain). 2. Airline business and administrative
support (Airline Information Domain). 3. Passenger entertainment,
information, and Internet services (Passenger Information and Entertainment
Domain). The proposed architecture of the 787 is different from that of
existing production (and retrofitted) airplanes. It allows new kinds of
passenger connectivity to previously isolated data networks connected to
systems that perform functions required for the safe operation of the
airplane. Because of this new passenger connectivity, the proposed data
network design and integration may result in security vulnerabilities from
intentional or unintentional corruption of data and systems critical to the
safety and maintenance of the airplane. The existing regulations and
guidance material did not anticipate this type of system architecture or
electronic access to aircraft systems that provide flight critical
functions. Furthermore, 14 CFR regulations and current system safety
assessment policy and techniques do not address potential security
vulnerabilities that could be caused by unauthorized access to aircraft data
buses and servers. Therefore, special conditions are imposed to ensure that
security, integrity, and availability of the aircraft systems and data
networks are not compromised by certain wired or wireless electronic
connections between airplane data buses and networks."
According the the story in Wired
"Boeing spokeswoman Lori Gunter said the wording of the FAA document is
misleading, and that the plane's networks don't completely connect. Gunter
wouldn't go into detail about how Boeing is tackling the issue but says it
is employing a combination of solutions that involves some physical
separation of the networks, known as "air gaps," and software
firewalls. Gunter also mentioned other technical solutions, which she said
are proprietary and didn't want to discuss in public. "There are places
where the networks are not touching, and there are places where they are,"
she said. Gunter added that although data can pass between the networks,
"there are protections in place" to ensure that the passenger Internet
service doesn't access the maintenance data or the navigation system "under
any circumstance." She said the safeguards protect the critical networks
from unauthorized access, but the company still needs to conduct lab and
in-flight testing to ensure that they work. This will occur in March when
the first Dreamliner is ready for a test flight."
So that's all right, then. After all, no security problem has ever shown up
after testing, has it?
[The planned test flight should be interesting. Where can you get a
plane-load of suicide hackers at short notice? MT]
[This risk also spotted by Edwin Slonim
and Ric Steinberger. PGN]
Date: December 31, 2007 4:13:01 PM EST
From: "Brock N. Meeks" <bmeekscox.net>
Subject: Feds Release Pass Card details [from David Farber's IP]
The government has dragged its feet in releasing the final details about its
Pass Card technology, and now they dump it into the Federal Register on the
last day of the year. The government has decided to go with a technology
that is more suited to tracking inventory and can be read from up to 20 feet
away. Govt. officials counter by saying privacy protections will be built
into the cards.
Passport cards for Americans who travel to Canada, Mexico, Bermuda and the
Caribbean will be equipped with technology that allows information on the
card to be read from a distance. The technology was approved on 30 Dec 2007
by the U.S. State Department. Privacy advocates were quick to criticize the
Department for not doing more to protect information on the card, which can
be used by U.S. citizens instead of a passport when traveling to other
countries in the western hemisphere. The technology would allow the cards
to be read from up to 20 feet away. The technology is "inherently insecure
and poses threats to personal privacy, including identity theft," said Ari
Schwartz of the Center for Democracy and Technology. [Source: Eileen
Sullivan, Passport card technology criticized, Associated Press; from the
Ft. Worth Star-Telegram; PGN-ed]
Date: Thu, 03 Jan 2008 10:31:22 +0100
From: Pere Camps <perepere.net>
Subject: Has chip-and-pin failed to foil fraudsters?
Interesting Chip-and-PIN article by the Guardian here:
[Purveyors and law enforcement folks say crime is down.
The article says maybe not. (Starkly PGN-ed)]
Date: Fri, 4 Jan 04 2008 1:26 PM
From: Rich Kulawiec [rskgsp.org]
Subject: Sears exposes customers' information via its web site (via IP)
[From David Farber's IP group]
Summary: if you know someone's name, address and phone number, you can
retrieve their purchase history from Sears' web site.
This is an interesting follow-on to the recent discovery that Sears is
Date: Sun, 6 Jan 2008 21:39:13 -0500 (EST)
From: "David Lesher" <wb8fozpanix.com>
Subject: User Data Stolen From Pornographic Web Sites
Consumers of Internet pornography who secretly signed up for memberships on
adult-oriented Web sites in the past few months may be in for a shock --
some of their personal information, including e-mail addresses, may have
been compromised by a security breach. .... The breach has raised serious
alarm in the world of adult-oriented Web sites, with many concerned about
the effect on customers if they learn that their most secret transactions
are not so secret after all. [Source: *The Washington Post, 3 Jan 2008]
[This gives new meaning to "Porn site exposes ... PGN]
Date: Fri, 28 Dec 2007 21:21:09 -0500
From: David Lesher <wb8foznrk.com>
Subject: Election Computers Stolen in Tennessee
Thieves stole laptop computers containing the names and social security
numbers of every registered voter in the city from election commission
offices over the Christmas holiday. The computers also contain voters'
addresses and phone numbers. [Associated Press, 28 Dec 2007]
[In David Farber's IP, Brad Malin noted an article by Michael Cass in the
*Tennesseean*, 3 Jan 2008. The building had weekend 12-hour periods
without guards, and had no alarms or video surveillance. PGN]
Date: Sun, 30 Dec 2007 18:25:15 -0800
From: ricklinuxmafia.com (Rick Moen)
Subject: Er, Airline Captains Do What, Again?
A nicely articulate Blog piece of *The New York Times* about TSA-screening
absurdities drew the usual litany of wry anecdotes and complaints, but this
one stood out for its peerless irony value:
#61. 29 Dec 2007
About two years after 9/11 I was selected at random by a TSA agent for
additional security screening at an airport checkpoint. I was asked to
remove my hat, shoes, belt, and jacket, after which I was told to spread
my arms and legs for electronic "wanding".
When I asked why I had been chosen for the extra attention, two more
agents quickly appeared, and their unsmiling faces emphasized that airport
security was, indeed, very serious business. "We need to be sure you
don't have anything you can use to take control of an aircraft", the
screener told me. I will never forget the absurdity of his words.
You see, I was, in fact, about to take control of an aircraft, an Airbus
A320 to be precise, and fly it up the Potomac River to LaGuardia. That's
what airline Captains like me get paid to do. That's why I had showed up
at the airport in full uniform, properly credentialed and ready to go.
Security was then, and remains now, largely a sham. It's all about
politics and the appearance of vigilance. It's about collecting pocket
knives from forgetful, but otherwise law-abiding people.
We have been lead to believe that we now have the best secured aviation
system in the world. And if success is measured with flow-charts, color
codes, and administrative name changes, maybe we do.
In truth, we have all been let down by the very people in charge. They
would have us believe that they are actually addressing security issues,
when in fact they are doing little more than staging public relations
Posted by Rick Reahr
Plus ša change.... My father, Pan Am Captain Arthur Moen always marveled at
the foolishness of taking pocket knives from airline pilots, and tried
fruitlessly for decades to get the airlines and FAA to install
intrusion-resistant cabin doors, something they did only three decades after
his death (by defective jet).
Date: Mon, 07 Jan 2008 10:57:08 -0500
From: Paul Wallich <pwpanix.com>
This one is old, but I bet it still bites plenty of people who would know
better if they gave it a thought. Last night I was configuring a new
wireless access point, and after some gymnastics getting it to show up on my
wired network (it comes hard-coded to an inconvenient IP address) I got
ready to configure the password, same as the old one. So I clicked on the
setup page of the browser-based configuration program, and nothing. WEP, but
no WPA. I checked the package; it claimed to do WPA. I read the
instructions; there was the part about setting WPA encryption and a screen
shot that looked nothing like the one in front of me.
Then I remembered that my browser is set by default to disallow
a whole raft of new options and menus appeared on my screen. Obviously it's
tech-savvy (and slightly paranoid) rather than a luddite with an outdated
browser. (This in turn leads to an unlikely but attractive risk scenario
where an attacker embeds browser-eating malware in one of the myriad
software libraries that the typical widget designer pulls together to make a
working machine; if you can't trust your access point, whom can you trust?)
Date: Fri, 14 Dec 2007 10:48:39 -0800
From: Henry Baker <hbaker1pipeline.com>
Subject: Mercedes console display with conflicting information
[Henry sent me a photo that he might have taken himself. PGN]
The console display says "check engine" & "no malfunction" at the same time!
It is supposed to say "check engine" & "1 malfunction", if "check engine" is
the only malfunction being reported.
BTW, my ever-lying Verizon DSL line finally got fixed after replacing about
4 bad splices. (The computer kept calling me to tell me that the
malfunction in my phone line had been fixed, but since it hadn't, the good
news rolled over into voice mail!) I think that the old-style POTS phone
system is now in its state of "graceful decline", and will join the
hand-cranked phone on the dustbin of history within 15 years.
Date: Mon, 31 Dec 2007 12:50:41 -0800
From: Bonnie Packert <bpsubs943hyperlogic.com>
Subject: Mac Quickbooks update deletes user desktop
On Sunday 16 Dec 2007, I ran Quickbooks 2006 on my Mac. I got an error that
said there was not enough room to download an update, that it needed 100
bytes (!). I thought it was likely a bad error message because I do not
normally use an account that has administrator access, so it probably was
unprepared for some protection violation and gave a bad error message. I
logged in as admin to try to get the updated but got the same error. I
checked the Inuit Quickbooks web site and found that I already had the
latest version available. When I logged back into my regular account, I
discovered my desktop was empty, that the folders and files had
disappeared. Using a shell I saw that the Desktop directory was now a
regular file with 0 bytes. After some disk integrity checks and cleanup
that failed to pinpoint a problem, I later ran Quickbooks again and realized
that my Desktop had ben trashed again. Searching online, I discovered a
number of Quickbooks Mac users had been similarly afflicted.
By 9am PST Monday morning, Intuit had corrected the problem on their server.
Unfortunately, this was after a large number of users had lost files. A
representative from the company called to collect information about my
situation and explained that it had been a scripting problem in the server,
which incorrectly deleted user information after no update had been found.
I was surprised that I never saw anything about it in mainstream press. Here
are some links about the issue from the Quickbooks community web site. More
is available by googling "Quickbooks deletes desktop".
Date: Mon, 31 Dec 2007 15:03:07 -0800 (PST)
From: Peter Gregory <petergregoryyahoo.com>
Subject: No more loose lithium batteries in checked luggage
In a move to prevent lithium battery fires on commercial aircraft, U.S.
airline passengers will no longer be able to pack loose lithium batteries in
checked luggage beginning 1 Jan 2008 once new federal safety rules take
effect. The new regulation, designed to reduce the risk of lithium battery
fires, will continue to allow lithium batteries in checked baggage if they
are installed in electronic devices, or in carry-on baggage if stored in
Common consumer electronics such as travel cameras, cell phones, and most
laptop computers are still allowed in carry-on and checked luggage.
However, the rule limits individuals to bringing only two extended-life
spare rechargeable lithium batteries, such as laptop and professional
audio/video/camera equipment lithium batteries in carry-on baggage - but
none in checked baggage.
Entire press release here: http://tinyurl.com/29fnue
Peter Gregory, CISA, CISSP | petergregoryyahoo.com | www.isecbooks.com
Skypeid peterhgregory | Join InfraGard
Date: Mon, 31 Dec 2007 06:56:36 -0800
From: Fred Cohen <fred.cohenall.net>
Subject: Risks of believing what you see on the WayBack Machine (archive.org)
I have now encountered 2 legal cases in 3 months in which a plaintiff saw
images on the WayBack Machine (www.archive.org) and believed that they
indicated events in the past that never happened. To provide some insight
into the problem, and to provide proof to our legal system, I arranged a
small demonstration that risks readers might want to take a look at:
Goto the URL http://www.archive.org/.
Enter "http://all.net/" into the WayBack Machine (and click as appropriate).
Select the entry from 1997.
At this point, you will see what all.net looked like in 1977 - or so you
would think. But look at the picture on the right side of the page about
half-way down. You might want to open that picture in a new window to get a
clear look at it.
I think you will agree that the WayBack Machine cannot always be counted on
for digital forensic evidence. This demonstration has now been used in a US
Federal Court case.
Fred Cohen & Associates tel/fax: 925-454-0171
http://all.net/ 572 Leona Drive Livermore, CA 94550
Join http://tech.groups.yahoo.com/group/FCA-announce/join for our mailing list
Date: Sun, 06 Jan 2008 11:23:53 +0100
From: Stanislav Meduna <stanomeduna.org>
Subject: Re: Computer Failure Causes Closure of Seattle Downtown Transit Tunnel
> Who would have thought a tunnel would be subject to a computer
> failure? ... Too many eggs in one basket...
Sometimes you only have one basket...
I worked on SCADA software that runs in quite a few tunnels in Europe.
A modern tunnel is a complex system where the subsystems are connected in
ways that require to be controlled by a (logically) single computer
system. E.g. a fire event starts a sequence where everything is involved -
sensors spot the gases, signs switch to red on the entry, fans switch to a
mode sucking out the smoke, staff is alerted etc. Everything has to be
logged (preferably tamper-resistantly) so that there is evidence what
happened and how the staff reacted. Surely the lower level systems will go
to sane failsafe values in the case of problems, but nobody will risk to
operate such system in full traffic with major subsystems disabled.
This application is normally redundant so there is no hardware single point
of failure, but this of course does not guard against programming errors,
inadequate testing an other things well-known to the RISKS reader.
Tunnel retrofitting is not an easy task, normally much worse than building
one from scratch - the main problem is that you have to interface things you
are probably not familiar with that are given and the number of interfaces
And let me tell you, when there was a real fire in a tunnel controlled by
our software, we were very relieved that everything worked as expected. One
is never sure that the tests caught everything...
Date: Mon, 31 Dec 2007 12:48:18 -0700
From: Craig DeForest <deforestboulder.swri.edu>
Subject: Re: Satnav: Nope, you can't get there from here.
Reading the various satnav articles (Shapir, RISKS-24.91, Jacobson,
RISKS-24.92) reminds me of my own favorite satnav folly.
My 2007 Prius has a satnav. Recently, I tried to navigate from Boulder,
Colorado to Sunspot, New Mexico (Google directions:
"http://tinyurl.com/ywwbvz ") for an observing run at the National Solar
Observatory. The nav system found Sunspot OK, and the onscreen map showed
the dedicated state highway (NM 6563) but asserted that there was no route
there from here.
Likewise, once I was at the observatory, the system wouldn't let me navigate
to practically anywhere else in the U.S.! I played with it a bit and found
the key -- force it to route through the nearby town of Cloudcroft.
I believe Toyota's nav system uses a regress-to-the-nearest-highway
algorithm, which fails spectacularly for Sunspot: the nearest U.S. highway
(US54) is only about 7 horizontal miles away at closest approach, but nearly
a mile down in altitude. To get to the observatory you have to take a much
longer, windier route through Cloudcroft -- it's nearly 40 miles (as the car
winds) from the closest approach point.
Google Maps finds the route perfectly.
Date: Mon, 31 Dec 2007 10:03:08 +0000
From: Martyn Thomas <martynthomas-associates.co.uk>
Subject: Satnav (Ashworth, RISKS 24.93)
It's a little troubling to me that none of the articles that seem very
popular lately on "how dangerous it can be to depend entirely on your
satellite navigator" make clear the point that GPS is very susceptible to
in-band jamming (either accidental or deliberate) and that it is steadily
becoming a single point of failure for private transport, commercial
transport, and the emergency services.
Navigation systems based on the known location of cell-phone transmitters
would be more resilient.
Date: Thu, 3 Jan 2008 11:16:26 +0000
From: Ross Younger <crazyscotgmail.com>
Subject: Re: Drunk a better guide than sat nav (Ashworth, RISKS-24.93)
A friend of my father's drives a taxi for a living, and recently fitted a
satnav to it.
Now, whenever a customer gets in, he offers them a choice - do they want to
go by the satnav's directions, or by his idea of the best route?
Most people opt for the satnav. This makes him happy; he has been driving
for years and knows all the tricks for getting around town, whereas the
satnav - following its own idea of "best" - tends to get stuck in jams (with
the meter running, of course).
"Best" route for him, perhaps, not for his customers? Reportedly the satnav
paid for itself within a few weeks!
Date: Wed, 2 Jan 2008 20:08:22 -0500
From: Gene Spafford <spafcerias.purdue.edu>
Subject: Passing of Computing and Information Security Pioneer: Jim Anderson
On 18 Nov 2007, noted computer pioneer James P. Anderson, Jr., died at his
home in Pennsylvania. Jim, 77, had finally retired in August. Jim, born in
Easton, Pennsylvania, graduated from Penn State with a degree in
Meteorology. From 1953 to 1956 he served in the U.S. Navy as a Gunnery
Officer and later as a Radio Officer. This later service sparked his initial
interest in cryptography and information security.
Jim was unaware in 1956, when he took his first job at Univac Corporation,
that his career in computers had begun. Hired by John Mauchly to program
meteorological data, Dr. Mauchly soon became a family friend and mentor. In
1959, Jim went to Burroughs Corporation as manager of the Advanced Systems
Technology Department in the Research Division, where he explored issues of
compilation, parallel computing, and computer security. While there, he
conceived of and was one of the patent holders of one of the first
multiprocessor systems, the D-825. After being manager of Systems
Development at Auerbach Corporation from 1964 to 1966, Jim formed an
independent consulting firm, James P. Anderson Company, which he maintained
until his retirement.
Jim's contributions to information security involved both the abstract and
the practical. He is generally credited with the invention and explication
of the reference monitor (in 1972) and audit trail-based intrusion detection
(in 1980). He was involved in many broad studies in information security
needs and vulnerabilities. This included participation on the 1968 Defense
Science Board Task Force on Computer Security that produced the "Ware
Report", defining the technical challenges of computer security. He was then
the deputy chair and editor of a follow-on report to the U.S. Air Force in
1972. That report, widely known as "The Anderson Report", defined the
research agenda in information security for well over a decade. Jim was also
deeply involved in the development of a number of other seminal standards,
policies and over 200 reports including BLACKER, the TCSEC (aka "The Orange
Book"), TNI, and other documents in "The Rainbow Series".
Jim consulted for major corporations and government agencies, conducting
reviews of security policy and practice. He had long- standing consulting
arrangements with computer companies, defense and intelligence agencies and
telecommunication firms. He was a mentor and advisor to many in the
community who went on to prominence in the field of cyber security. Jim is
well remembered for his very practical and straightforward analyses,
especially in his insights about how operational security lapses could
negate strong computing safeguards, and about the poor quality design and
coding of most software products.
Jim eschewed public recognition of his many accomplishments, preferring that
his work speak for itself. His accomplishments have long been known within
the community, and in 1990 he was honored with the NIST/NCSC (NSA) National
Computer Systems Security Award, generally considered the most prestigious
award in the field. In his acceptance remarks Jim observed that success in
computer security design would be when its results were used with equal ease
and confidence by average people as well as security professionals - a state
we have yet to achieve.
Jim had broad interests, deep concerns, great insight and a rare willingness
to operate out of the spotlight. His sense of humor and patience with those
earnestly seeking knowledge were greatly admired, as were his candid
responses to the clueless and self-important.
With the passing of Jim Anderson the community has lost a friend, mentor and
colleague, and the field of cyber security has lost one of its founding
Jim is survived by his wife, Patty, his son Jay, daughter Beth and three
grandchildren. In lieu of other recognition, people may make donations to
their favorite charities in memory of Jim.
Date: 17 Oct 2007 (LAST-MODIFIED)
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribecsl.sri.com or risks-unsubscribecsl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshallnewcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risksCSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 25.01