|Main Archive Page > Month Archives > risks-info archives|
RISKS-LIST: Risks-Forum Digest Monday 19 September 2011 Volume 26 : Issue 57
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Redundancy is always a good idea, when it exists (David Lesher)
EFF Heads Back to Court to Fight Warrantless Wiretapping (EFF)
Re: United Airlines uses 11,000 iPads to take planes paperless
Re: Air France 447 (Peter Houppermans)
Re: United Airlines uses 11,000 iPads to take planes paperless (John Stanley)
Pakistan orders ISPs to block VPNs and other encryption? (NNSquad)
Supercookie (Bill Snyder via Gene Wirchenko)
Re: "Why Governments Are Terrified of Social Media" (Chris D)
Re: Zombie Cookies won't die (Chris Jewell)
Re: Risks in Google, specifically Gmail (John Fouhy, Joseph Brennan)
Re: Don't throw away Grandma's wind-up desk clock (Martin Ward)
Re: Transaction without a password is more secure? (Wayne Mesard)
Re: Researchers' Typo-squatting Stole 20 GB of E-Mail (Lauren Weinstein)
Re: $100 Bill: The Fed Has a $110 Billion Problem ... (Nick Laflamme)
Re: Yet another incident of over-reliance on GPS navigation (Paul Wallich)
Re: Man unable to open car from the inside and dies of dehydration
Online risks for a power of attorney (Jared Gottlieb)
Abridged info on RISKS (comp.risks)
Date: Thu, 15 Sep 2011 00:30:25 -0400
FSrom: David Lesher <email@example.com>
Subject: Redundancy is always a good idea, when it exists
Nonredundancy is a perennial RISKS favorite (e.g., RISKS-6.93 and 7-05, to
name just a few telecom items, with lots more not telecom related.)
I've just become aware of an older event than most discussed here. At 04:42
AM on November 24, 1961, SAC Headquarters [then at Ent Air Force Base] lost
all communications with the BMEWS ("Dew Line") radars, AND also with NORAD
at Colorado Springs.
CINCSAC Gen. Thomas Power, fearing an attack in progress, ordered all SAC
bombers to immediate alert; but he did hold them at the end of their
He soon managed to establish HF SSB radio contact with a watch aircraft, a
B-52 over Thule AFB in Greenland, reassuring him.
The cause was all those "redundant" links went through one AT&T Long-Lines
microwave tower at Black Forest, near Colorado Springs. A technician there
was running a routine maintenance test on some other circuits, but left out
<http://goo.gl/TawMZ> ISBN: 978-0691021010 The limits of safety:
organizations, accidents, and nuclear weapons; By Scott Douglas Sagan
We now have MANY more suppliers of bit transport, with diverse glass buried
hither and yon; but do we yet have really independent, redundant, systems?
[As we've noted here many times, we have often seen belief in the
importance of redundancy, but with weak implementation. But we also
recall that the management of redundancy itself tends to considerably
increase complexity. PGN]
Date: August 29, 2011 4:00:29 PM
From: EFFector List <Editor@eff.org>
Subject: EFF Heads Back to Court to Fight Warrantless Wiretapping
EFFector Vol. 24, No. 29 Monday August 29, 2011 firstname.lastname@example.org
A Publication of the Electronic Frontier Foundation
effector: n, Computer Sci. A device for producing a desired change.
: . : . : . : . : . : . : . : . : . : . : . : . : . : . :
* EFF Heads Back to Court to Fight Warrantless Wiretapping
More than five years ago, EFF filed the first lawsuit aimed at stopping the
government's illegal mass surveillance of millions of ordinary Americans'
private communications. Whistleblower evidence combined with news reports
and Congressional admissions revealed that the National Security Agency
(NSA) was tapped into AT&T's domestic network and databases, sweeping up
Americans' emails, phone calls and communications records in bulk and
without court approval. On August 31, 2011, the Ninth Circuit Court of
Appeals will hear a warrantless wiretapping double-feature to decide whether
EFF's two cases can proceed. At stake will be whether the courts can
consider the legality and constitutionality of the National Security
Agency's mass interception of Americans' Internet traffic, phone calls, and
* Why IP Addresses Alone Don't Identify Criminals
This spring, agents from Immigration and Customs Enforcement (ICE) executed
a search warrant at the home of Nolan King and seized six computer hard
drives in connection with a criminal investigation. The warrant was issued
on the basis of an Internet Protocol (IP) address that traced back to an
account connected to Mr. King's home, where he was operating a Tor exit
relay. While we think it's important to let the public know about this
unfortunate event, it doesn't change our belief that running a Tor exit
relay is legal. And it's worth highlighting the fact that these unnecessary
incidents are avoidable. Law enforcement needs to understand that an IP
address doesn't automatically identify a criminal suspect.
Date: Thu, 15 Sep 2011 07:21:03 +0200
From: "Alistair McDonald" <email@example.com>
Subject: Re: United Airlines uses 11,000 iPads to take planes paperless
In Risks Digest 26.56, Geoff Kuenning says:
>>But of course passengers will still be prohibited from using those
>> same devices while the pilots have them turned on...
I think many people misunderstand why devices are banned on landing. The
reason is that the landing is, relatively speaking, one of the riskier
parts of flight, and so there more likely to be an accident. The advice we
get in the UK is to put your seat back upright, open the window blinds,
and stop using portable electronic devices.
Upright seat backs are easier for evacuation, especially for those behind
By opening window blinds, no-one will be blinking in unfamiliar light if
they have to evacuate (or the plane is torn in half, I suppose, in a
By making sure everyone can hear any cockpit announcements, there will be
less chance of someone being unaware of what any incidents and evacuation
plans are. I notice that these days, although I can't use my own portable
mp3 or DVD player, I can still watch movies via the on-board entertainment
all the way down to the gate - because any cockpit announcements pause the
movie and come through my headphones. This can't be guaranteed if I'm
trying to damage my own hearing by listening to heavy metal at excessive
volume on my iPod.
Alistair McDonald UK: +44 7833 461 587 Lux: +352 661 832 898
Author of the SpamAssassin book: (http://www.packtpub.com/spamassassin/)
Date: Thu, 15 Sep 2011 09:51:12 +0200
From: Peter Houppermans <firstname.lastname@example.org>
Subject: Re: Air France 447 (Norman, RISKS-26.56)
> Readers of RISKS should be sophisticated enough not to jump on the
> "human error" bandwagon every time it seems convenient
Hmm, So jumping on the "human error" bandwagon is, umm - a human error?
I'll go and hide now :-).
On the serious side, though, your observation goes deeper and wider than
just this topic. I am presently busy upsetting security "professionals" by
telling them they have turned into mere administrators - especially people
with a technical background get so wrapped up in policy setting and gadget
management that they tend to overlook the human in the chain. You can't
just throw that out with a label "weakest part" - that's not addressing the
issue, that's avoiding it. Using the label "weakest link" is maintaining
that status instead of doing something about it.
Especially in my privacy protection work, the humans are my starting point -
because they are what I protect. They present you with a rich picture of
psychology, social circumstances and behaviour, wants, likes, weaknesses but
also strengths, and it is especially on the latter you build. Only after
that you look at technology and how it is used. You'll need the same
approach at board level, those people have a way of working which you need
to roll with.
In addition, even people which one could call "intellectually challenged"
(to use the politically correct term) are still *WAY* more sophisticated
than any computer I can buy or build. Somehow we have to find a way to make
that work for us.
Peter Houppermans, Private & Confidential Group, http://pncg.ch
Date: Fri, 16 Sep 2011 11:43:52 -0700 (PDT)
From: John Stanley <email@example.com>
Subject: Re: United Airlines uses 11,000 iPads to take planes paperless
Geoff Kuenning: But of course passengers will still be prohibited from
using those same devices while the pilots have them turned on...
Of course. The pilot's iPads have been tested in the exact environment they
will be used in, properly configured to disable any radio functions (WiFi,
3g, etc), and most important, will be immediately and directly accessible to
the pilots so they can be shut down in the event of any perceived
interference with critical flight operations.
The passenger's iPads (and other iPad-like devices too numerous to count)
will have none of that. And most of what they will have won't be iPads.
Suppose you decide to allow people to use iPads because of this. Do you
think the cabin crew has the time or knowledge to differentiate between true
iPads (which you assume have met all Part 15 unintentional radiator
standards and are thus safe, a questionable assumption to start with) and
the iPad knock-offs from China (where you can't assume the the manufacturer
knows what "Part 15" is, much less can meet the standards)?
I know that anecdotal evidence doesn't mean anything to anyone who wants to
play Angry Birds during landing, but here it is anyway. Even FCC
certificated radio systems are not immune from interfering with aircraft
communications. During a flight in New York Center airspace, as co-pilot, at
night, IFR, we started getting interference on the assigned FAA operating
frequency. We couldn't hear them. I knew what caused it -- I had just tuned
another radio to a different channel. I turned the offending radio off;
problem solved. Imagine if that radio had been in the hands of a passenger
in the middle of a 747 during landing.
There is a significant difference between allowing pilots to do something in
an airplane and allowing every passenger aboard to do the same thing.
Date: Thu, 15 Sep 2011 22:46:40 -0700
From: Lauren Weinstein <firstname.lastname@example.org>
Subject: FTC proposes stricter Net access rules for children under 13 (NNSquad)
"The Federal Trade Commission proposed Thursday to revamp its online child
privacy rules to reflect the ubiquity of smartphones and geolocation
services. The proposed updates (.pdf) to the Children's Online Privacy
Protection Act of 1998 were welcomed by many in the privacy community.
They see the new proposal as a means to combat behavioral advertising
targeting America's youth. By contrast, Facebook, Microsoft, the
Entertainment Software Association, the Toy Industry Association and
others are arguing for self-regulation when it comes to targeted, online
- - -
At least the FTC is explicitly not proposing that Congress require sites
that don't cater to children to collect age-related identity information.
On the other hand, some of the verification techniques being proposed seem
intrusive, others seem -- well -- rather weird. In particular, finding
someone to be "your parent" for a video-conference check probably won't be a
stretch for the average intelligent kid:
http://j.mp/oBtUFk ("Yep! That's my Bobby!" [Picasa])
This is not to suggest that I'm unsympathetic to concerns of parents
and their children's Internet use. But I discern some potential
"slippery slopes" in various of these proposals, of significant
concern relating ultimately to adults' use of the Net, and I believe
that some of these proposals will be mainly effective at scoring
Date: Tue, 30 Aug 2011 09:24:39 -0700
From: Lauren Weinstein <email@example.com>
Subject: Pakistan orders ISPs to block VPNs and other encryption? (NNSquad)
"According to a PTA spokesman the directive was intended only to stop
militants from using secure Internet connections to communicate with each
other. However he admitted that this was only possible by preventing all
Internet users in Pakistan from using virtual private networks (VPNs),
according to the *Express Tribune* newspaper."
Date: Fri, 02 Sep 2011 09:49:32 -0700
From: Gene Wirchenko <firstname.lastname@example.org>
Subject: Supercookie (Bill Snyder)
Bill Snyder, 22 Aug 2011, Browsing and Privacy: How to Not Get Tracked
All modern browsers have built-in tools and add-ons to protect users from having
their Web behavior tracked. But regardless, some sites still find ways to
track you. Here are tips for taking matters into your own hands.
two nasty bits:
A researcher at Stanford University recently found that Microsoft (MSFT) has
been using an online tracking technology that allowed the company to
sneakily track users on MSN.com even though it had used some of the standard
techniques developed to avoid tracking.
Another group of researchers found that other sites, including Hulu.com,
employed super cookie techniques to track users for advertising
purposes. They wrote: "We found two sites that were respawning cookies,
including one site -- Hulu.com -- where both flash and cache cookies were
employed to make identifiers more persistent. The cache cookie method used
Etags, and is capable of unique tracking <bold>even where all cookies are
blocked by the user and 'private browsing mode' is enabled.</bold>" (The
authors are from The University of California at Berkeley, Worcester
Polytechnic and the University of Wyoming. The emphasis is mine.)
Date: Sun, 18 Sep 2011 22:15:11 +0100
From: "Chris D." <email@example.com>
Subject: Re: "Why Governments Are Terrified of Social Media" (RISKS-26.55)
In the UK, politicians are pushing ahead with plans requiring ISPs to block
pornography unless subscribers specifically request access to it, to protect
children. I have no idea if this really is a problem, or parents and
politicians looking for something to worry about (I'm not a parent myself),
but newspaper headlines like "Parents Will Get Power To Stop The Internet
Porn Invasion" don't help a balanced debate. Allegedly most children claim
to have viewed Internet porn, but I suspect an element of schoolyard
bragging here... Another proposal is to `encourage' Google and other search
sites to `remove from their search results content that beaches copyright'.
Main RISKs here seems to be: (a) politicians legislating for the desired
results and leaving others with the problem of figuring out how to achieve
them (and assuming that anything can be done easily with computers by
pressing a few buttons, or setting check boxes nowadays), and (b) legally
requiring ISPs to monitor subscribers' usage, and make value judgments as
to what the heck is "pornography" or other potentially-objectionable
material. Like 1970s East Germany, it's easy to imagine a future when half
of the population are employed to watch over the other half, with huge
Internet bills to pay for it, of course.
In any case, presumably juveniles who really want to seek out pornography
will know where to find it, so it's just the rest of us will be
inconvenienced; I can imagine seniors having to get their grandkids to
disable the parental locks on their laptops.
Date: 19 Sep 2011 00:15:38 -0000
From: Chris Jewell <firstname.lastname@example.org>
Subject: Re: Zombie Cookies won't die (RISKS-26.55)
rm -rf ~/.mozilla/"Default User"/Cache/*
chmod a-w ~/.mozilla/"Default User"/Cache
I haven't noticed that my browsing is any slower.
I assume that Windows/NT supports something similar (and I'm sure Mac
OS 10 does), though many users may not know how.
Date: Thu, 15 Sep 2011 22:29:15 +1200
From: John Fouhy <email@example.com>
Subject: Re: Risks in Google, specifically Gmail (Robinson, RISKS-26.56)
Paul Robinson unfairly maligns Gmail. I have my own domain, registered
through misk.com, and backed by a Gmail account. It works flawlessly, and
has done so for a number of years.
[well, almost flawlessly -- Gmail puts my @gmail address in the Sender:
header which causes some undesirable behaviour, notably with Outlook]
Date: Mon, 19 Sep 2011 09:46:09 -0400
From: Joseph Brennan <firstname.lastname@example.org>
Subject: Re: Risks in Google, specifically Gmail (Robinson, RISKS-26.56)
> The same is not true with Gmail. There is a weird technical problem with
> Gmail, if a Gmail client sends mail to a domain that redirects its mail -
> like mine - and the terminating address that the redirection goes to is a
> Gmail account, Gmail discards the message.
Better described: If you send mail from a Gmail account, and delivery
ends up forwarding back to the same Gmail account, Gmail does not add
an inbox tag to the message. It's not actually discarded, since you do
have the message, tagged as sent mail. That's their logic anyway.
The incoming message is considered a duplicate, based (I think) on the
Message-ID. The catch is that people testing delivery want to see the
almost-duplicate that has different headers showing delivery through
the forwarding routing. I think Gmail is the only system that does
duplicate suppression between incoming and sent mail. While I like to
be open to new concepts, this seems like a bug to me.
Our helpdesk has had probably over one hundred tickets reporting that
forwarding an account to Gmail does not work.
Joseph Brennan, Lead Email Systems Engineer
Columbia University Information Technology
Date: Fri, 16 Sep 2011 10:29:41 +0100
From: Martin Ward <email@example.com>
Subject: Re: Don't throw away Grandma's wind-up desk clock (Lee, RISKS-26.49)
When I want the *exact* time I depend on one of our radio-controlled
clocks: which I don't even need to reset twice a year when British Summertime
starts or ends, or my solar-powered radio-controlled watch: which doesn't
even need the battery changing.
There used to be a saying: "A man with one watch knows what time it is;
a man with two watches is never quite sure." This problem disappears
with my radio-controlled clocks since they all show exactly the same time!
Date: Wed, 31 Aug 2011 09:55:20 -0400
From: Wayne Mesard <firstname.lastname@example.org>
Subject: Re: Transaction without a password is more secure? (RISKS-26.54)
> * THERE'S NO NEED TO USE YOUR PIN, SO YOUR TRANSACTIONS ARE EVEN
> MORE SECURE
> Can somebody please explain to me how it's "more secure"...
The wording isn't the best, but they are making a legitimate point. While
it may be the case that many ATMs are not appropriately secured, it is
*certainly* the case that the majority of point-of-sale terminals are less
secure than even a fairly weakly-protected ATM. This makes them much more
attractive targets for skimmers.
If I enter my PIN at a compromised POS terminal, then the evil-doer has my
PIN and can go to any ATM and clean me out. If he doesn't have my PIN, then
he can only access my compromised account from other POS terminals. Still
bad, but not as bad.
FWIW, I never enter my PIN anywhere except at ATMs located at reputable,
CCTV-monitored bank branches. (I also never use a debit card, and given the
RISKS and the fees, I don't understand why anyone does. Just use a credit
card and pay the full balance every month.)
Date: Thu, 8 Sep 2011 18:29:59 -0700
From: Lauren Weinstein <email@example.com>
Subject: Re: Researchers' Typo-squatting Stole 20 GB of E-Mail
(was Risks of Typos, RISKS-26.55)
http://j.mp/q7I3WX (Wired) [NNSquad]
"Two researchers who set up doppelganger domains to mimic legitimate
domains belonging to Fortune 500 companies say they managed to vacuum up
20 gigabytes of misaddressed e-mail over six months."
Date: Thu, 15 Sep 2011 17:10:12 -0500
From: Nick Laflamme <firstname.lastname@example.org>
Subject: Re: $100 Bill: The Fed Has a $110 Billion Problem with New Benjamins (26.56)
I'm surprised that neither Leonard Finegold, who submitted the item, nor
PGN, who read it and provided the excerpt, noted that the article cited is
nine months old. What's happened with this story since 7 Dec 2010? Has the
Bureau of Engraving pursued any of the solutions suggested? Have any of the
new currency started to circulate? And has anything made this article more
or less relevant now than it was nine months ago?
[I was hoping that item would provoke a follow-up as to what's new. PGN]
Date: Thu, 15 Sep 2011 09:48:02 -0400
From: Paul Wallich <email@example.com>
Subject: Re: Yet another incident of over-reliance on GPS navigation
In my (thank goodness limited) experience this is also an issue of
decision-making under short deadlines in the presence of (real or perceived)
peer pressure. When you see other drivers going around a road-closed sign,
or when you're following written directions from a local, it's easy to
assume that they have knowledge about the situation that goes beyond or
contradicts a terse road sign. (In my childhood home town, visitors used to
blench as we zipped right past the "Road Legally Closed" notice that
decorated the route to the nearest interstate for 10 years or so.)
What's difficult to calibrate is the amount of local knowledge needed to
traverse a "closed" or otherwise posted section of road safely -- locals can
typically drive back roads at least 20 km/h faster than visitors, and the
Dunning-Krueger effect is in full play.
(This also brings me to one of my pet peeves about GPS maps: they have
nowhere near the right level of discrimination among road types. Perhaps a
two or three-level classification was appropriate during the years of
expensive color printing or limited device memory, but today you could do
far more accurate and safer routing with more levels or even a continuous
distribution of road-quality classifications.)
Date: Thu, 15 Sep 2011 15:06:20 +0100
From: David Peverley <firstname.lastname@example.org>
Subject: Re: Man unable to open car from the inside and dies of dehydration
I find this particularly interesting in the context of my current car - it
is a twelve year old model with the same auto-lock if-not-opened
feature. I'd been ferrying bags from out of the boot and having returned
from one load to get the next found the door had blown shut with the keys
inside and the car had locked them in. The reason? The micro-switch in the
lock mechanism that senses lock opening / closing had failed and the
previous owner had not replaced it. This is understandable as you could only
replace the whole lock assembly for around £40 and is only available from
official dealers with the only obvious visible consequence being that the
courtesy light wouldn't turn on with the boot opening. A no-brainer not to
spend that much to turn a light on and off...
For cars that additionally disable internal opening mechanisms one might
reasonably predict that when a large number get to a decent second-hand age
and start being affected by long-term wear and tear, this may well happen a
lot more often if the designers haven't been able to recognise such sensor
Date: Sun, 18 Sep 2011 12:00:00 -0600
From: jared gottlieb <email@example.com>
Subject: Online risks for a power of attorney
The risk is some banks do not recognise the power of attorney for on-line
banking. This is a significant restriction to the the person with the
power-of-attorney, particularly when they live at a distance or simply want
to take advantage of tracking account transactions without delay.
The Guardian (guardian.co.uk) reports a study "... with some financial
institutions putting unnecessary restrictions on how an [individual with a
power of] attorney can access an account, and many refusing point blank to
allow attorneys to operate online accounts." and the Chicago Tribune
(chicagotribune.com) had a headline "Power of attorney powerless in online
banking Bank says caretaker spouse will have to rely on monthly statements"
Date: Mon, 6 Jun 2011 20:01:16 -0900
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
firstname.lastname@example.org or email@example.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 26.57