|Main Archive Page > Month Archives > risks-info archives|
RISKS-LIST: Risks-Forum Digest Monday 1 August 2011 Volume 26 : Issue 51
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
China train crash explanation raises more public doubts (Jim Reisert)
Study Faults Approval Process for Medical Devices (Barry Meier)
Counterfeit driver's licenses (Ashley Halsey III)
High-rolling gamblers are exploiting a quirk in Cash WinFall (Jim Reisert)
FaceBook + Facial Recognition software = Increase Privacy Risks
(Steven J Klein)
"FaceBook Founder's Sister says Kill Internet Anonymity" + Counterarguments
Remote access to cars, water plants, etc. (Dennis Fisher)
Risks of verbose automated e-mail (Paul Wallich)
Google+ and Names (Gene Wirchenko)
Re: Don't throw away Grandma's wind-up desk clock (Ted Lee)
Re: Patient alleges Tufts breached privacy (Chris D.)
Re: Empowering Evil Through Search and Surveillance (Chris D.)
Re: The British Phone Hacking Scandal (Chris D.)
Abridged info on RISKS (comp.risks)
Date: Sat, 30 Jul 2011 10:26:14 -0600
From: Jim Reisert AD1C <firstname.lastname@example.org>
Subject: China train crash explanation raises more public doubts
Wang Xiuqiong, Wang Yaguang and Chen Yongrong, Xinhua, 29 Jul 2011
An explanation by railway authorities for last Saturday's deadly high-speed
train crash has raised even more public doubts about what had actually
happened to the accident and to the government investigation itself.
A high-speed train rammed into a stalled train near the city of Wenzhou in
east China's Zhejiang Province on Saturday, leaving 40 people dead and 191
injured. The accident was caused by "serious design flaws" in railway
signaling equipment, an official from the Shanghai Railway Bureau said
Thursday morning. A lightning strike triggered the malfunction, which
resulted in a green alert light failing to turn red, leaving railway
personnel unaware of the stalled train ...
The *Beijing Youth Daily* newspaper posed several as-yet unanswered
questions in a Friday report on the accident. "Why was such seriously flawed
equipment in use for nearly two years without being detected? Why was it
installed in as many as 76 rail stations across the country? Are there other
problems with the railway apart from equipment flaws?" the report asked.
Date: Sun, 31 Jul 2011 20:03:13 PDT
From: "Peter G. Neumann" <email@example.com>
Subject: Study Faults Approval Process for Medical Devices (Barry Meier)
[Source: Barry Meier, Study Faults Approval Process for Medical Devices,
*The New York Times*, 29 Jul 2011; PGN-ed; thanks to dkross.]
`If you want to make sure that a product is safe and effective, you have to
start by asking the question whether it is safe and effective.''
The government's system for regulating many medical devices like artificial
hips should be abandoned and replaced because it fails to examine their
safety and effectiveness before sale, according to a report released Friday
by one of the nation's top scientific groups. The report's unequivocal
recommendation to scrap the current system was unexpected, and it unleashed
reactions ranging from outright rejection by industry officials, an embrace
by patient groups and seeming disbelief from federal regulators, who had
commissioned the review. The report by the Institute of Medicine follows
several recalls of medical devices in recent years, like one involving
so-called metal-on-metal hip replacements used in thousands of patients,
crippling some of them. In its report, the panel found that existing rules
used to approve many devices were never intended to play the critical role
of screening out dangerous or ineffective products. The panel urged the
Food and Drug Administration to devise a new approval system for so-called
moderate-risk devices -- a category that now includes artificial hips,
external heart defibrillators and hospital pumps -- concluding that the
current one was not fixable. ``If you want to make sure that a product is
safe and effective, you have to start by asking the question whether it is
safe and effective,'' said William Vodra, a member of the 12-person panel
assembled by the Institute of Medicine and a lawyer who has worked closely
with device producers. ...
The panel also concluded in its report that the F.D.A. should act quickly to
determine whether artificial joints, like hips, which are currently approved
through the 510(k) process, should have to undergo the type of rigorous
scrutiny that high-risk devices now go through before sale. In other
recommendations, the report urged the F.D.A. to quickly tighten the way it
tracked the performance of devices once they are on the market, and said the
agency needed to move more rapidly to stop the sales of harmful ones.
In many ways, the report is a rebuke to the medical device industry and its
allies, who have been waging a campaign over the last year to dispute the
need for any new regulations.
[Can we learn anything from this relating to computer systems being
trustworthy and effective? PGN]
Date: Mon, 1 Aug 2011 9:00:15 PDT
From: "Peter G. Neumann" <firstname.lastname@example.org>
Subject: Counterfeit driver's licenses (Ashley Halsey III)
Ashley Halsey III, Latest counterfeit IDs are so good they're dangerous,
30 Jul 2011, http://wapo.st/nxiKY1 [Long item, PGN-ed]
When the fleeing motorcycle hit the curb, scraped past a utility pole and
hurled 20-year-old Craig Eney to his death, a bogus South Carolina driver's
license was in the hip pocket of his jeans. He spent the final hours of his
life trading on that phony license to buy shots for his buddies at two
downtown Annapolis bars, places so popular among underage drinkers that
bouncers are stationed outside to check everyone's ID. Yet scores of young
people flash fake driver's licenses and waltz on by to the bar.
The days when faking driver's licenses was a cottage industry -- often
practiced in college dorm rooms by a computer geek with a laminating machine
-- have given way to far more sophisticated and prolific practitioners who
operate outside the reach of U.S. law enforcement. In an era when terrorism
and illegal immigration have transformed driver's licenses into
sophisticated mini-documents festooned with holograms and bar codes, beating
the system has never been easier.
Just wire money to the `Chinese guy' [a Chinese company that has created
thousands of bogus licenses in the U.S.]
To the naked eye -- even the practiced eye of most bartenders and police
officers -- the counterfeits look perfect. The photo and physical
description are real. So is the signature. The address may be, too. The
holograms are exact copies, and even the bar code can pass unsophisticated
scans. ... The IDs have shown up in various states, each license carrying a
mysterious hidden tip-off in the bar code that points directly to the same
Date: Mon, 1 Aug 2011 14:05:58 -0600
From: Jim Reisert AD1C <email@example.com>
Subject: High-rolling gamblers are exploiting a quirk in Cash WinFall
and raking in huge profits
"For a few days about every three months, Cash WinFall may be the most
reliably lucrative lottery game in the country. Because of a quirk in the
rules, when the jackpot reaches roughly $2 million and no one wins, payoffs
for smaller prizes swell dramatically, which statisticians say practically
assures a profit to anyone who buys at least $100,000 worth of tickets."
Date: Mon, 1 Aug 2011 11:28:32 -0400
From: Steven J Klein <firstname.lastname@example.org>
Subject: FaceBook + Facial Recognition software = Increase Privacy Risks
About one third of of people randomly photographed on the campus of Carnegie
Mellon University could later be identified by name using a combination of
FaceBook and pittpatt facial recognition software, according to professor
Alessandro Acquisti. About 27% of those identified had enough information
on their FaceBook profiles (place and date of birth) to allow him to
correctly predict the first five digits of their Social Security numbers.
Excerpted from the CMU press release:
In one experiment, Acquisti's team identified individuals on a popular
online dating site where members protect their privacy through
pseudonyms. In a second experiment, they identified students walking on
campus -- based on their profile photos on FaceBook. In a third
experiment, the research team predicted personal interests and, in some
cases, even the Social Security numbers of the students, beginning with
only a photo of their faces.
Carnegie Mellon researchers also built a smartphone application to
demonstrate the ability of making the same sensitive inferences in
real-time. In an example of "augmented reality," the application uses
offline and online data to overlay personal and private information over
the target's face on the device's screen.
More information is available in the *Wall Street Journal*.
As if the above isn't sufficiently disturbing on its own, Google just
purchased pittpatt, the developer of the facial recognition used for this
Steven J Klein (248) 968-7622
Date: Wed, 27 Jul 2011 15:47:30 -0700
From: Lauren Weinstein <email@example.com>
Subject: "FaceBook Founder's Sister says Kill Internet Anonymity" + Counterarguments
[From Network Neutrality Squad]
"I think anonymity on the Internet has to go away. People behave a lot
better when they have their real names down. I think people hide behind
anonymity and they feel like they can say whatever they want behind closed
doors." -- Randi Zuckerberg, FaceBook's marketing director
- - -
Counterarguments: "Real Names, Guilt, Self-Censorship, and the Identity War":
http://j.mp/poYMC0 (Lauren's Blog)
Addendum: I've received many positive comments related to my suggestion that
we consider an "escrow" system for holding people's "real names" in certain
situations, so that they would not normally be publicly viewable. As I've
noted, we're talking here about innocent, good players in this case, not
"bad guy" users who will find a way to subvert any system. I should add
that this escrowing arrangement could be through a separate, trusted,
third-party organization, to eliminate concerns that one company could
unilaterally later decide to change the way they were handling these names.
Lauren Weinstein (lauren_at_vortex.com): http://www.vortex.com/lauren
People For Internet Responsibility: http://www.pfir.org
- Network Neutrality Squad: http://www.nnsquad.org http://lauren.vortex.com
- PRIVACY Forum: http://www.vortex.com +1 (818) 225-2800
Google+: http://vortex.com/g+lauren Twitter: https://twitter.com/laurenweinstein
Date: Thu, 28 Jul 2011 15:59:22 PDT
From: "Peter G. Neumann" <firstname.lastname@example.org>
Subject: Remote access to cars, water plants, etc. (Dennis Fisher)
Dennis Fisher, Wide Range of GSM Modules, SCADA Systems Vulnerable to Remote
Control, *ThreatPost.com*, 27 Jul 2011 [Thanks to Jeremy Epstein]
If you think your car is safe and secure sitting in your driveway at night
with its fancy alarm system enabled, Don Bailey has some bad news for you:
he can unlock it and turn it on. Whenever he wants. From the other side of
the country. Bailey, a senior security consultant at iSEC Partners known
for his work on hacking GSM and embedded systems, has found a method that
enables him to not only identify certain kinds of GSM modules over the
mobile network, but also to tell him exactly where they're located via GPS
coordinates. He also discovered that he could send his own commands to the
modules and essentially have them do whatever he likes.
Bailey will demonstrate his attack next week at Black Hat, showing a video
of him remotely unlocking and starting a vehicle without the key in the
ignition. "I had been doing some research on this GPS locator called the
Zoombak and I figured out that it's basically just a microcontroller with a
baseband," Bailey said. "So I devised a method for finding these things over
the GSM network and started sending them messages. I can send it an SMS
message and get it to upload data to a random IP address, tell it to send me
its GPS location every so often, whatever I want."
Bailey used a variety of methods to fingerprint the devices over the GSM
network, building on work that he and Nick DePetrillo had done
previously. He knew that the Zoombak, for example, was only on the T-Mobile
network and that the billing address for the phone number associated with
the devices was the company's, not each individual owner's. Those numbers
all show up as unknown in the caller ID database, which reduced the number
of possibilities for the device he's trying to find by a lot. Eventually, he
found that he could identify GSM devices with a success rate of about 86
Interestingly, the same architecture that's used in the Zoombak is also used
in a wide range of other devices, including car security systems, security
systems at water treatment facilities and in industrial control systems, as
well. That means that the same weaknesses also affect all of those systems,
making them susceptible to simple attacks that are quite easy to implement,
Bailey said. "This is not technologically advanced. The fact is, you can
own these kinds of systems in under a couple of hours," he said. "It's easy.
There's no confidentiality or integrity built into the systems. We shouldn't
have the equivalent of SQL injection in hardware, and that's what this
is. That's the danger. It shouldn't be possible for any fly-by-night
12-year-old to do this."
Bailey has been working on the project for some time, along with his
colleague Matt Solnik, also of iSEC. After discovering the weakness of the
architecture used in the GSM modules, the pair started looking around for
other systems to hack that had the same poor security design. It didn't
take long for them to have their hands full.
"I knew this was in car alarms, so I went and bought one and within two
hours of purchasing the device, we had it owned," he said. "Not only is the
architecture ubiquitous, no one understands that the module is so weak in
its inherent design that I can completely own not just that device, but all
the devices attached to it. There are lots of places that security and
integrity could have been introduced, but they're not. And it's mostly
because of money."
Bailey said that as he and Solnik got down into the weeds on their research,
they discovered that the auto makers and alarm-manufacturers--which he and
Solnik are not naming yet--didn't even try to make it difficult to reverse
engineer the systems.
"They didn't even go so far as obfuscating the kinds of chips they use as
the microcontrollers," Bailey said. "I literally just opened the box and it
said it was XYZ chip and in two minutes I had the data sheet and I knew what
ports to tap and what to do."
As easy as this was for Bailey and Solnik to exploit, it will be equally
difficult for manufacturers to fix.
"This is infrastructure and it's going to be there for a long time. It's
going to take them forever to alter this in a way that I can't fingerprint,"
Date: Thu, 28 Jul 2011 10:02:03 -0400
From: Paul Wallich <email@example.com>
Subject: Risks of verbose automated e-mail
(This is a sort of interacting-systems risk.)
The other day I was getting ready to go to the next town to pick someone up
at the airport when they called to let me know their flight (on Jetblue)
might be delayed. So I went to the company's web site to sign up for their
automated flight-status notification.
The choices were between voice message and e-mail, my mobile does not do
voicemail well, and the area around the airport doesn't have much wifi
coverage. So I entered my phone's SMS-gateway address and was quite proud of
myself for the workaround.
Until I got the first message, complete with GUID and corporate
identification, congratulating me on having subscribed to the automated
notification system for Flig. And there it ended. Which flight I was being
notified about or what had become of the schedule had been truncated by the
SMS gateway. Subsequent messages were similarly uninformative. (I finally
texted the traveler: "text me when you get off the plane, we may be a bit
Seems to me, with the widespread use of SMS gateways (almost all of my
texted conversations involve one person on a phone and the other at a PC),
that anyone designing an automated e-mail system like Jetblue's should take
care to get the essential information into the first 140 characters and let
the branding and GUID trail off the back. Because if you do it the other way
round, a lot of people will still be reminded of your company name, but not
in a good way.
Date: Fri, 29 Jul 2011 11:04:56 -0700
From: Gene Wirchenko <firstname.lastname@example.org>
Subject: Google+ and Names
There has been a big commotion over real names with Google+ with accounts
I wonder what they would do about me. My passport does not have my name on
it. I wanted it in the name "Gene Wirchenko" which is the form of my name
(full form: "Eugene Michael Wirchenko") that I use. It got messed up on the
passport as "Gene Eugene Michael Wirchenko" with no indication that any of
the names were of different statuses.
Date: Tue, 26 Jul 2011 14:06:45 -0500
From: Ted Lee <TMPLee@MR.Net>
Subject: Re: Don't throw away Grandma's wind-up desk clock (RISKS-26.49)
I've seen that report before and wonder if there simply isn't some lousy
reporting going on. (Rarely have I seen the press report accurately on
anything I know about -- always makes me wonder how they are doing on
everything else!) As I understand the current system, if, say, the
frequency is slow by some number of cycles over some period, they will speed
it up that number of cycles the next period, so it will average out to zero.
It sounds to me like the only change proposed is lengthening out the period
as well, perhaps, as allowing the error to accumulate further before it is
This particular sentence in the referenced article especially makes me
wonder if the press version is anything close to accurate: "If the grid
averages just over 60 cycles a second, clocks that rely on the grid will
gain 14 seconds per day, according to the company's presentation." Umm, how
much is "just over"?
Date: Thu, 28 Jul 2011 18:41:55 +0100
From: "Chris D." <email@example.com>
Subject: Re: Patient alleges Tufts breached privacy (RISKS-26.49)
> A patient has sued Tufts Medical Center and a primary care doctor there,
> alleging that documents including her medical history were sent to a fax
> machine at her workplace without her consent.
A friend who worked in an NHS hospital a couple of years ago complained that
she spent ages filling out lots of forms relating to patients, which were
then sent by fax. I asked why she didn't use e-mail like everyone else, and
she said that this was not allowed due to "not meeting requirements for
patient confidentiality"... Presumably a secure web server would be better,
to give password protection *and* an audit trail to see who had accessed
what, but as another friend in IT remarked, this would need $$$$s in set-up
and running costs for hardware and an administrator.
Date: Thu, 28 Jul 2011 18:41:55 +0100
From: "Chris D." <firstname.lastname@example.org>
Subject: Re: Empowering Evil Through Search and Surveillance: Why Corporate
Ethics Matter (Weinstein, RISKS-26.49)
> Yes, questions of ethics and business are complex, and different situations
> may be easily confused.
Indeed. One approach is to look at it from the other direction; if
Microsoft and Cisco *didn't* deal with China, would this benefit Chinese
people in general? I have no idea, but (without attempting to defend anyone
or take sides here) I suspect not. I'd also venture to suggest that many
people outside the US are more concerned with the ups and downs of everyday
living than the ideals of "life, liberty, and the pursuit of happiness" --
just getting reliable Internet access at an affordable cost would be quite
Date: Sat, 30 Jul 2011 23:29:56 +0100
From: "Chris D." <email@example.com>
Subject: Re: The British Phone Hacking Scandal: A Brit Replies (RISKS-26.50)
(1) Like most Western countries, the UK government in recent years has been
spending money like it's going out of fashion, because it keeps voters
happy. If/when the tax revenues fall short, just borrow the difference --
heck, governments have good credit ratings, and it will be someone else's
problem to pay it back. Thus we end up with the government absorbing 40-50%
of GDP and having debts of around 100% of GDP. Now that the Credit Crunch
has hit, the bills are still piling up, but the tax revenues are flat; some
countries are running out of credit, while attempts to reduce government
spending result in civil unrest and lost elections, and the stand-off
between Democrats and Republicans in Washington over raising the US's debt
ceiling is ongoing as I write.
The only thing that's kept the UK economy (and others) going for the last 10
years is individuals and the government spending borrowed money. This gave
the illusion of prosperity and gave Gordon Brown lots of tax revenues, which
he spent on pleasing voters, then his brilliant move was to lose the
election in 2010, thus leaving the task of paying off his overdraft to
someone else (e.g. me).
(2) The UK-specific aspects are (a) what someone called "the over-developed
British sense of fair play", which values equality and `fairness' over what
works, and (b) there's a strong tradition that "the gentlemen in Whitehall
[= government officials] know best", so Brits are prepared to let the
government run their lives probably more than people in other countries.
Not sure about "elites" (or the Bullingdon Club -- ever heard of "Tony's
cronies"?), but the problem is that most politicians enter politics straight
out of college, and can reach the highest positions in government without
any apparent talent apart from being good at politics, and without
experiencing the ups and downs of everyday life like us little people.
(Tony Blair used to hob-nob with rock stars, but to make him look cool and
hip, rather than to rub shoulders with the proletariat.)
The trouble with the NHS is that providing health care free on demand to
everyone was a mighty big ask in 1948, when people were grateful for
whatever they could get. Over 60 years later, we have an ageing population,
huge improvements in medical science, and loads of new medications, which
all costs big $$$$s, plus people are more knowledgeable and have higher
expectations, thus giving rapidly- increasing demand but static tax
In the case of education, in the Good Old Days there was the 11+ exam and
grammar/secondary modern set-up, with only about 10% of the population going
to university, giving a rigorous education system and degrees that actually
meant something. The 11+ was deemed to be discriminatory and thus unfair,
so was abolished, while increasing the proportion of schoolchildren going to
university to 50% looks good but simply dilutes the value of a degree while
hugely increasing the cost of running universities, so young people spend
loads of money on degrees that aren't worth much, but they have to have one
because everyone else does.
And because this is caring sharing Britain, you don't have any choice.
There are very small and very expensive paid-for schooling and healthcare
sectors, otherwise you have to wait in line for whatever service the
government deigns to provide. It's free, but if you want something else you
have no choice and you can't pay for it because that would be unfair and
> But the daily printed word seems to have become much less trustworthy in
> the UK in a way in which, for example, the best newspapers elsewhere have
> not. There just seems to be something about the British press in which I
> suspect Murdoch&family to have significant influence over content.
Obviously newspapers have to sell what people want to buy, or they go out of
business. Not (as far as I know) connected to Mr Murdoch is `The Daily
Telegraph', for an alternative view (http://www.telegraph.co.uk/). Of
course the other aspect -- and this *is* connected with RISKS -- is that
people have access to more alternative sources of information on the
> Maybe it's time to form a new political party for those who work hard, pay
> their taxes, and expect them to go somewhere useful like health care, care
> of the elderly, education, effective oversight of finance and critical
> infrastructure, public transportation, and effective urban reinvigoration.
Indeed, but how far should governments go? Obviously there has to be law &
order and defence, but loads of other nice things to have as well, and
however much governments spend, they can always spend more. Problems are
(1) that government spending is inherently inefficient as politicians and
government officials are spending other people's money (taxes) on other
people, and (2) there's the risk of those relying on government funding (for
welfare or employment) having more votes than the tax payers. As someone
said, a politician who robs Peter to pay Paul can usually rely on Paul's
vote. The US (as I understand it) is more of a stand-on- your-own-two-feet
country, where the government doesn't help much but doesn't get in the way
too much either, thus giving huge inequalities, but a very dynamic,
Chris Drewe, Essex County, UK (not a taxicab driver).
Date: Mon, 6 Jun 2011 20:01:16 -0900
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
firstname.lastname@example.org or email@example.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 26.51