Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: RISKS List Owner (riskocsl.sri.com)
Date: Tue Jan 26 2010 - 18:38:04 CST
RISKS-LIST: Risks-Forum Digest Tuesday 26 January 2010 Volume 25 : Issue 92
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
*NY Times* expose on medical radiation overexposure (Jeremy Epstein)
Air-traffic control glitch due to the installation of new software
Extending TCP/IP into space (Randall Webmail)
Y2K+10 and SMS (Richard Gadsden)
Bodyscanners that don't work (Peter Houppermans)
Corporate espionage in the news: Hilton and the Oil industry (Gadi Evron)
Have the Chinese Really Hacked into MSN's DB? (Chris J Brady)
Cyberattacks on Google in China (PGN)
Unsearchable stores (Mark Brader)
ICSI claims "effectively perfect" spam blocking method (Lauren Weinstein)
LORAN being retired (David Magda)
PROVINCE OF CHI (jidanni)
Google Maps won't be taking my address for a ride (jidanni)
Upgrading a World of Warcraft account ends in tears (Turgut Kalfaoglu)
Unique PINs (Dag-Erling Smørgrav)
Re: Offensive shutting down of botnets (Dick Mills)
Cloud Computing Security (Ivan Arce)
Abridged info on RISKS (comp.risks)
Date: Sat, 23 Jan 2010 23:25:21 -0500
From: Jeremy Epstein <jeremy.j.epsteingmail.com>
Subject: NY Times expose on medical radiation overexposure
There's nothing here that's akin to the infamous Therac disasters where
interactions of hardware and software caused unexpected results, but more
examples of how wrong configurations lead to dramatic radiation
overexposures. "The Times found that on 133 occasions, devices used to
shape or modulate radiation beams [...] were left out, wrongly positioned or
otherwise misused." But there were also software errors - crashes that lost
portions of the programming for the radiation beams. "as [the medical
physicist] was trying to save her work, the computer began seizing up,
displaying an error message. The hospital would later say that similar
system crashes 'are not uncommon with the Varian software, and these issues
have been communicated to Varian on numerous occasions.' [...] At 12:57
p.m. -- six minutes after yet another computer crash -- the first of several
radioactive beams was turned on." In another case, "One therapist
mistakenly programmed the computer for 'wedge out' rather than 'wedge in,'
as the plan required. Another therapist failed to catch the error. And the
physics staff repeatedly failed to notice it during their weekly checks of
treatment records. Even worse, therapists failed to notice that during
treatment, their computer screen clearly showed that the wedge was
missing. Only weeks earlier, state health officials had sent a notice,
reminding hospitals that therapists 'must closely monitor' their computer
The problem was lack of fail-safe processes. "The software required
that three essential programming instructions be saved in sequence:
first, the quantity or dose of radiation in the beam; then a digital
image of the treatment area; and finally, instructions that guide the
multileaf collimator. When the computer kept crashing, [...] the
medical physicist, did not realize that her instructions for the
collimator had not been saved, state records show. She proceeded as
though the problem had been fixed. "
It's a pretty frightening article.
[The article spans the middle of the front page and three inside pages.
It's well worth reading in its entirety. I also received comments on this
from Jared Gottlieb, Harry Hochheiser, Matthew Kruk, Nancy Leveson, Martyn
Thomas, and others. See recent harbingers (RISKS-25.81,82) of the current
round of events, as well as the earlier items on the Therac-25 problems
(RISKS-8.5, 12.50, 14.04). PGN]
Date: Thu, 21 Jan 2010 18:19:59 +0900
From: ishikawa <ishikawayk.rim.or.jp>
Subject: Air-traffic control glitch due to the installation of new software
Air-traffic control glitch due to the installation of new software
Air-traffic control software problem (airplane positions could not be
identified in a timely manner) caused the disruption of air flights in Japan
on 14 Jan 2010.
This happened after the installation of new software that consolidated the
air-traffic control operations of two large and busy airports, Haneda and
Narita. The program controls the radar screen displays for the
controllers. Due to a software problem, the display on the screen got
sluggish to the point that the operators switched to a backup system and
operators diverted to traffic to other airports and such.
On 15 Jan 2010, the official announcement was made by the Ministry of Land,
Transport, Infrastructure and Tourism that the climate information,
especially bad weather, was mistakenly fed to the module of the control
program that display the positions of airplanes in this new software
setup. This caused overload of processing, and thus the failure to keep
track of the airplanes timely.
This incorporation of the bad weather is a new feature according to the
short announcement made by the minister in charge.
Usual risk. But I really wonder why this was not caught in advance testing.
The unwanted climate data by the position display module was silently thrown
away without no logging? If the bad weather was properly reflected on the
screen by the feed to the proper module (assuming the testing was done for
the display of bad weather condition on radar), then the data was duplicated
by mistake and fed to the airplane position display module, also? Why and
Inquiring minds want to know more.
I really wish that there is a public database of software bugs that caused
social glitches like this one and that record details for posterity for the
benefit of future programmers, etc. I suspect such a database will be a
loath to parties in the legal tangling as the result of such bugs, but the
society needs such a database, I think. We need better foundation and not
try to build sand castles from scratch again and again with similar mistakes
in the foundation.
(This incident has nothing to do with the bankruptcy filing of Japan Air
Date: January 22, 2010 11:16:07 AM EST
From: Randall Webmail <rvh40insightbb.com>
Subject: Extending TCP/IP into space (From Dave Farber's IP)
NASA EXTENDS THE WORLD WIDE WEB OUT INTO SPACE
Astronauts aboard the International Space Station received a special
software upgrade this week - personal access to the Internet and the World
Wide Web via the ultimate wireless connection.
Expedition 22 Flight Engineer T.J. Creamer made first use of the new system
[on 22 Jan 2010], when he posted the first unassisted update to his Twitter
account, Astro_TJ, from the space station. Previous tweets from space had
to be e-mailed to the ground where support personnel posted them to the
astronaut's Twitter account.
"Hello Twitterverse! We r now LIVE tweeting from the International
Space Station -- the 1st live tweet from Space! :) More soon, send
This personal Web access, called the Crew Support LAN, takes advantage of
existing communication links to and from the station and gives astronauts
the ability to browse and use the Web. The system will provide astronauts
with direct private communications to enhance their quality of life during
long-duration missions by helping to ease the isolation associated with life
in a closed environment.
During periods when the station is actively communicating with the ground
using high-speed Ku-band communications, the crew will have remote access to
the Internet via a ground computer. The crew will view the desktop of the
ground computer using an onboard laptop and interact remotely with their
Astronauts will be subject to the same computer use guidelines as government
employees on Earth. In addition to this new capability, the crew will
continue to have official e-mail, Internet Protocol telephone and limited
To follow Twitter updates from Creamer and two of his crewmates, ISS
Commander Jeff Williams and Soichi Noguchi, visit:
For more information about the space station, visit:
[Well, that may be just a little more secure than an early desire for the
space station that I heard when I visited Johnson Space Center long ago,
which was that researchers should be able to uplink over the Internet to
the Space Station control computer and monitor and guide their own
experiments in real time. PGN]
Date: Thu, 21 Jan 2010 14:21:01 +0000
From: Richard Gadsden <richardgadsden.name>
Subject: Y2K+10 and SMS
The timestamp on SMS messages (known as TP-SCTS) stores the year in two
nibbles in a binary-coded decimal representation with the nibbles swapped.
Aside from the known risks of using a two-digit year, this is about as bad a
representation as can be imagined. 2009 is represented as 1001 0000 in BCD
swapped-nibble (i.e., as 09, decimal). 2010 (decimal) is represented as 0000
A number of telephone SMS programs, generally those that don't inherit a
code-base from pre-Y2K systems, have misread the spec, and are interpreting
it as swapped-nibble binary, rather than BCD, so are interpreting 0000 0001
as 00010000, i.e., as 0x10 or 16 instead of 10. This is why some phones
(notably Windows Mobiles) are displaying text messages as having been sent
in 2016, rather than 2010.
It's worthy of note that these systems would not have worked correctly in
1999 either - they would have interpreted 0x99 as 153 (decimal) - and may
have displayed either 19153 or 2053.
In the specific case of Windows Mobile, the text message database stores two
dates, the TP-SCTS date and an internal datestamp applied to the text when
received by the phone. There is a setting in the firmware that allows the
internal datestamp to be shown in preference to the TP-SCTS date, so some
phones are showing the correct information and some are not. This setting
is set by the firmware programmer, normally being either the manufacturer or
the network operator.
Date code written after 2000 may display Y2K-like bugs, by making
assumptions that all dates are post-2000.
Programs installed in firmware are much more difficult to correct for bugs,
so code quality for firmware is much more important.
Systems are frequently coded to a small set of sample data, rather than to
the actual specification. Checking against the specification rather than
unit testing with sample data is harder, but may be necessary, especially
for systems that are difficult to correct.
Richard Gadsden richardgadsden.name
[The authors of the post-Y2K phone software have obviously never heard The
Ring of the Nibble-Young-un (Wagner). It's worthy of a Ring-Tone-Poem
Date: Sun, 24 Jan 2010 14:22:55 +0100
From: Peter Houppermans <peterhouppermans.com>
Subject: Bodyscanners that don't work
Interesting article in The Register about a full body scanner demo on German
live TV demo. You guessed: it would not be news unless the thing had failed
to detect some Very Bad Stuff.
You may want to watch the video, it's in German but I think you will be able
to see that the key message is that the man scanned was carrying more than
what he originally mentioned:
Keep watching - he will use the stuff that wasn't picked up, just to prove
the point (notice that he almost ruins a camera when he stirs the remains).
I hope these scanners won't lure security staff into a false sense of
security, and wonder how the use of these expensive devices will pan out in
real life use. We'll soon see.
Speaking of pan - no idea of correlation between frying pan material and
what is used for a plane hull..
Date: Tue, 26 Jan 2010 08:53:07 +0200
From: Gadi Evron <gelinuxbox.org>
Subject: Corporate espionage in the news: Hilton and the Oil industry
Corporate espionage in the news, and not just because of Google: Hilton and
the Oil industry. Is anyone calling espionage by means of computers
cyber-espionage yet? I hope not. At least they shouldn't call it cyber war.
Two news stories of computerized espionage reached me today.
The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA
security mailing list we both read. The second, about the hotel industry,
was sent by Deb Geisler to science fiction convention runners (SMOFS)
mailing list we both read.
US oil industry hit by cyberattacks: Was China involved?
"At least three US oil companies were the target of a series of previously
undisclosed cyberattacks that may have originated in China and that
experts say highlight a new level of sophistication in the growing global
war of Internet espionage."
Starwood Charges That Top Hilton Execs Abetted Espionage
"Starwood's claim points to a "mountain of undisputed evidence," including
e-mails among Hilton senior management, that Klein and Lalvani worked with
others within Starwood to steal sensitive documents by sending them via
personal e-mail accounts, among other methods, and that such information
was shared and used by all of Hilton's luxury and lifestyle brands, as
well as in the development of Hilton's now-shelved Denizen brand. In the
new filing, Starwood says, "This case is extraordinary, and presents the
clearest imaginable case of corporate espionage, theft of trade secrets,
unfair competition and computer fraud...Hilton's conduct is outrageous.""
As to whether China is involved, maybe. But the automatic blaming has got to
stop. Many other countries have been known to be conducting corporate
espionage, such as France, and as the second story above shows, so do
[ Source on naming France: http://samvak.tripod.com/pp144.html ]
But.. here are a few questions:
- My dog barked, was China involved?
- The traffic light turned red, was China involved?
- I am tired. Is China involved?
Date: Wed, 20 Jan 2010 06:04:14 -0800 (PST)
From: Chris J Brady <chrisjbradyyahoo.com>
Subject: Have the Chinese Really Hacked into MSN's DB?
Seen in a forum on LoveMoney.com:
"There is a new scam today offering cheap goods from China. They probably
don't exist and they have hacked accounts, it appears they are in the MSN
database. Anyone with hotmail or live.com accounts should change their
passwords. This may be in the wrong thread. We are trying to figure out what
they are doing. It looks like a major operation hacking from China."
Is the risk believing that there is a risk here, or is there more of a risk
in ignoring it? Hmm ... but the Chinese do seem to be gaining a reputation
Date: Tue, 19 Jan 2010 16:21:02 PST
From: "Peter G. Neumann" <neumanncsl.sri.com>
Subject: Cyberattacks on Google in China
Google has uncovered a "highly sophisticated and targeted attack" coming from
China on its infrastructure that resulted in some of its intellectual
property being stolen. The cited article suggests that at least 20
technology companies were similarly targeted (and more than 30, according to
In addition, *The Jewish Chronicle* website (thejc.com) was recently
See also John Markoff, David E. Sanger, Thom Shanker, "In Digital Combat,
U.S. Finds No Easy Deterrent, *The New York Times*, 26 Jan 2010, A1/A6
today's National Edition.
Date: Sun, 24 Jan 2010 17:06:43 -0500 (EST)
From: msbvex.net (Mark Brader)
Subject: Unsearchable stores
Tangentially to recent thread in alt.usage.english, Cheryl Perkins
made a comment about how programmers dealing with addresses "don't
like apostrophes" and "don't allow for their existence". John Varela
then wrote this (quoted by permission) about his TomTom One 130:
| I ran into that today when I wanted the GPS to take me to a store
| called "Lowe's". There's no way to enter an apostrophe on the GPS.
| A search for "Lowe" found nothing and a search for "Lowes" found a
| store called "Lowest Price something-or-other". I had to find the
| place on my own. Doing so gave me a real feeling of independence
| and of superiority to technology.
Mark Brader, Toronto, msbvex.net | "Fast, cheap, good: choose any two."
[Lowe'stcommon denominator? PGN]
Date: January 25, 2010 6:51:19 PM EST
From: Lauren Weinstein <laurenvortex.com>
Subject: ICSI claims "effectively perfect" spam blocking method
``Researchers have now come up with a system that deciphers the templates a
botnet is using to create spam. These templates are then used to teach spam
filters what to look for.''
[Maybe "effectively perfect" against that specific type of attack *at this
point in the development of spam*. Just ask Darwin.]
http://bit.ly/7GwsVx (New Scientist)
[From the Network Neutrality Squad, http://www.nnsquad.org]
Date: Thu, 21 Jan 2010 09:00:27 -0500
From: David Magda <dmagdaee.ryerson.ca>
Subject: LORAN being retired
The U.S. Coast Guard has announced that it will begin turning off the
Loran-C navigation system on February 8, 2010, with a full decommissioning
by October 1, 2010:
While some people have said that GPS has made it redundant, critics of the
decision have said that having redundancy / backups is entirely the
point. The "Federal Register" statement implies that this concern is not
> The Loran-C system was not established as, nor was it intended to be, a
> viable systemic backup for GPS. Backups to GPS for safety-of-life
> navigation applications, or other critical applications, can be other
> radio-navigation systems, or operational procedures, or a combination of
> these systems and procedures. Backups to GPS for timing applications can
> be a highly accurate crystal oscillator or atomic clock and a
> communications link to a timing source that is traceable to Coordinated
> Universal Time.
Not sure what these other navigation systems would be (e.g., WAAS "augments"
GPS, not replaces it). For time a least, WWVB is available in large portion
of the continental U.S.
Other countries have their own LORAN towers, and it remains to be seen how
this will affect them:
Date: Mon, 11 Jan 2010 02:18:46 +0800
Subject: PROVINCE OF CHI
Fidelity.com is where I keep my retirement millions. A few days after a
cordial address update I double checked to find it had become a mangled
DONGSHI 42351 PROV-INCE OF CHI TAIWAN behind both my and staff's backs.
In order to please neighboring China, their run a batch job that alters
all Taiwan addresses. It then took much staff effort whack mine back
Jackson.com is where I keep my other millions. Foreign customers have a
pseudo-state of "OT" appended to their addresses. It used to be "OC" but
that probably landed mail into an even darker hole at the post office.
Date: Tue, 26 Jan 2010 07:30:24 +0800
Subject: Google Maps won't be taking my address for a ride
Ah, the amazing ability of http://maps.google.com/ to pinpoint
anything one tosses into its search box.
Let's just change this search string from house number 21, to e.g., 22:
Whammo... for #21 all along Google was merely matching a text string
attached to a story associated with a point in their database. For #22
etc. Google Maps says "We could not understand the location."
If one has a Facebook account, here I am telling the business owner their
new address finds a point (stuck to their old address (mentioning their new
Me? I'm at http://maps.google.com/maps?ll=24.181699,120.866261.
No text strings to get hijacked by pagerank.
Date: Wed, 20 Jan 2010 11:04:54 +0200
From: Turgut Kalfaoglu <turgutkalfaoglu.com>
Subject: Upgrading a World of Warcraft account ends in tears
My son and I have something in common: We love the online game Warcraft. We
are separated by a continent as he lives with his mother, but we still meet
online through this game.
For those who are not familiar, it consists of a 5GB game download, followed
by numerous similarly-sized updates, and finally being able to play (and pay
We recently attempted to upgrade our gaming accounts to their new "Wrath of
Leech King" expansion - it was suppose to be a Christmas present for him.
So I entered their web site, gave my credit card details, clicked
upgrade. It promptly said congratulations, and that the account was
A day later, we got another e-mail saying that the purchase was "undone" and
the game upgrade was rolled back. No details were given, but we were given a
hint that we should phone them. That simple task of phoning them took three
days of non-stop phoning from overseas: Their UK help desk was so
swamped/understaffed that I could not get in their waiting queue. When I
did, I was dropped off after waiting 9 minutes on the phone. It eventually
turned out that my security-conscious son had not entered his correct name
and address when signing up to the service some years back, and apparently
only during the upgrade that Blizzard bothers to check these things.
After a successful phone call to their help desk, we were sent a
questionnaire to fill out to correct the details. However, even after the
details were entered into their system, we were STILL denied the
upgrade. Reason? As far as I can tell, it was their security system again:
It will not let you "upgrade" twice from the same IP address!
Since according to their records, we had one "successfully" upgraded, we
were now denied an upgrade!
After numerous fruitless e-mails, I finally re-re-re-did the registration
from a work computer, and it went through, and it became a late new year
present for my son instead.
Moral of the story:
1) You must reveal your complete identity if you want to play games,
2) Your request must not look like it's coming from a sweatshop in China.
And you thought playing online games was all fun and games?
Turgut Kalfaoglu, Msc. Computer Engineering, Izmir Institute of Technology
Date: Wed, 20 Jan 2010 11:51:22 +0100
From: Dag-Erling Smørgrav <desdes.no>
Subject: Unique PINs
A number of municipal cinemas in larger Norwegian cities have a common
fidelity program called Kinosonen ("the cinema zone"). Amongst other
benefits, members get a card they can use to prepay tickets (at a discount,
A few days ago, two e-mails were sent out to program members. The first
e-mail enjoined all members to change their PIN as quickly as possible "for
security reasons". All well and good. The second... The second said,
We have been notified of a flaw in our procedures, and have asked all our
members to change their PIN. Several members have been issued the same
PIN for their membership cards. As many as 1200 cards may be affected.
This only applies to cards issued after 2007-11-25. We are in the process
of changing the PIN for those 1200 members. You will receive a new PIN by
So... am I to conclude that the security of their system depends on each
member's PIN being unique? The mind boggles. If so, why do they ask
members to select their own PIN? What happens if a member selects a PIN
that is already in use - does she get a message to that effect? So now she
knows that somebody else uses that PIN, can she take advantage of that
knowledge? If not, why are duplicate PINs a problem in the first place?
I'm not sure how long the PIN is, by the way, but my guess is four or five
digits. The total population of these cities and their suburbs is around
two million people. Even with conservative estimates of their membership
base, latecomers are going to have a hell of a time trying to find an unused
PIN. Even with six digits, the odds are that a lot of people are going to
use either their birth date or the last six digits of their 12-digit card
Date: Thu, 21 Jan 2010 09:14:38 -0500
From: Dick Mills <dickandlibbymillsgmail.com>
Subject: Re: Offensive shutting down of botnets
It seems foreseeable that someday a mass cutoff of botnet infected computers
will trigger some kind of disastrous side effect.
Of course, mission critical or life critical applications should never be
allowed to exists on unprotected net connected computers, especially those
infected by malware. Nevertheless, it would be foolish to presume that
nobody else is ever foolish.
Here's the risk. We may know that a mass collection of computers are
hosting malware, but we have no way of knowing what good and vital services
they may also be providing. Is it not true therefore, that any action to
remotely cut off a class of nodes is somewhat reckless by nature.
[Old whine in new bot-tles? PGN]
Date: Sat, 23 Jan 2010 18:24:12 -0200
From: Ivan Arce <ivan.arceCORESECURITY.COM>
Subject: Cloud Computing Security
We have a special issue on Security in Cloud Computing scheduled for
publication in Nov/Dec 2010. The final date for submissions is approaching
(5 Mar 2010). and The Call for Papers is here:
Date: Thu, 29 May 2008 07:53:46 -0900
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribecsl.sri.com or risks-unsubscribecsl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshallnewcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risksCSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 25.92