Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 26.68
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 28 Dec 2011 12:31:02 PST

RISKS-LIST: Risks-Forum Digest  Weds 28 December 2011  Volume 26 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.68.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Botched elevator maintenance? (James Barron via PGN)
Single point of failure in the Berlin Train System (Debora Weber-Wulff)
Report on Queen Mary 2 Dead in the Water (Earl Boebert)
"Why Ford Just Became A Software Company" (Chris Murphy via Gabe Goldberg)
The False Promise of Biometrics (Aman Sethi via Gene Spafford)
EFF reverse engineers Carrier IQ (Sebastian Anthony via Monty Solomon)
In tests, LightSquared disrupts 75% of GPS receivers (Lauren Weinstein)
Internet of things (David Magda)
Risks of focusing on risks (Bob Frankston)
Hollywood's pirate cure is worse than the disease (Jack Shafer via LW)
ACMA: Facebook photos are not private, even with "privacy" enabled
  (Peter Houppermans)
When Facebook really became a liability (Peter Houppermans)
Facebook agrees to a dozen recommendations by Irish data protection
  authority (Jeremy Kirk via Gene Wirchenko)
Hacked! (James Fallows via Monty Solomon)
Stratfor security breach (Huffington Post via Lauren Weinstein)
Stratfor hacking victims targeted after comments (Eileen Aj Connelly)
Microsoft will push IE auto-updates (Gregg Keizer)
Re: Internet Hysteria ... (Henry Baker)
Re: Robot prison wardens - with guns? (Paul Robinson)
Re: Qantas Terror Blamed on computer (Peter Bernard Ladkin, Robert Meineke)
REMINDER - iFM 2012 CfP - DEADLINE APPROACHING (Diego Latella)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 28 Dec 2011 9:51:56 PST
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Botched elevator maintenance?

Suzanne Hart was crushed to death in an elevator in the Young and Rubicam
building in Manhattan.  As she stepped into the elevator on the ground
floor, it shot to the second floor with the door open, and she was trapped
between floors.  The elevator had just undergone electrical maintenance a
few hours before.  [Source: James Barron, Tracing the ARc of a Life Cut
Short by an Elevator Malfunction, *The New York Times*, 20 Dec, A26
(National Edition); PGN-ed.  James Barron's article is a lovely homage to
her life.]

------------------------------

Date: Fri, 16 Dec 2011 00:21:23 +0100
From: weberwu <weberwu () htw-berlin de>
Subject: Single point of failure in the Berlin Train System

The Berlin light rail train system, plagued by problems for years,
demonstrated today that it can, indeed get worse. Many cars have been taken
out of service for all sorts of ailments, and having pruned the maintenance
shops and the drivers to a bare minimum, there is no room for dealing with
problems. And there have been problems galore.

Berliners joked that it could not possibly get worse, but today (15 Dec
2011) the S-Bahn proved that it could, indeed, because it has a single point
of failure. All switches, all electronic signals, all information is
centralized in one station in Halensee. And the electricity went out during
a routine test of the emergency electrical system today, according to RBB
[1], a local news station.  The emergency system did not kick in - and then
nothing worked.

Only two train lines that still have analogue signals and switches were in
operation, the rest was out - and the central operations was also
affected. They had no information on where the trains were.

Many people were trapped in trains stranded between stations.  Angry
passengers opened the doors, got out and walked the tracks to the nearest
station, continuing by bus, subway, or taxi.

It took about 3 hours after electricity was restored to have some sort of
traffic running. The Internet information page by the S-Bahn was down, the
server was not able to cope with the traffic.  Customers used Twitter to
announce trains in motion, helping people to find some way to get to work or
school.

[1]
http://www.rbb-online.de/nachrichten/vermischtes/2011_12/komplett_ausfall_bei.html

Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin Tel:
+49-30-5019-2440 http://www.f4.htw-berlin.de/people/weberwu/

------------------------------

Date: Tue, 27 Dec 2011 11:27:02 -0700
From: Earl Boebert <boebert () swcp com>
Subject: Report on Queen Mary 2 Dead in the Water

This seems to be a good time of the year for those of us who study failure
modes.  On the night of 23 September 2010 the cruise ship Queen Mary 2 lost
propulsion for an hour outside Barcelona. As the official report puts it,
"Losing control of a large cruise liner due to an electrical blackout, with
3,823 people on board, is a serious concern."

The report is here:
  http://www.maib.gov.uk/cms_resources.cfm?file=3D/QM2Webreport.pdf

Details of interest to the volts and amps types (a capacitor exploded) are
here:
  http://www.maib.gov.uk/cms_resources.cfm?file=3D/QM2_CombinedAnnexes.pdf

Rule, Britannia :-)

------------------------------

Date: Tue, 27 Dec 2011 14:28:45 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: "Why Ford Just Became A Software Company"

Ford is upgrading its in-vehicle software on a huge scale, embracing all the
customer expectations and headaches that come with the development lifecycle
[Source: Chris Murphy <Mcjmurphy () techweb com>, InformationWeek, 14 Nov 2011]
<http://www.informationweek.com/authors/1115>

Sometime early next year, Ford will mail USB sticks to about 250,000 owners
of vehicles with its advanced touchscreen control panel. The stick will
contain a major upgrade to the software for that screen. With it, Ford is
breaking from a history as old as the auto industry, one in which the
technology in a car essentially stayed unchanged from assembly line to junk
yard.

Ford is significantly changing what a driver or passenger experiences in its
cars years after they're built. And with it, Ford becomes a software company
-- with all the associated high customer expectations and headaches.

http://www.informationweek.com/news/global-cio/interviews/231902920?

Gabriel Goldberg, Computers and Publishing, Inc.       gabe () gabegold com
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433

  ["Just became"? I remember in the early 1980s when the Ford Aerospace
  computer security folks in Palo Alto were working with Ford headquarters
  in Detroit to help them understand the implications of computer technology
  -- and security.  It takes a long time for technology to emerge, and then
  -- unfortunately -- often with inadequate security.  PGN]

------------------------------

Date: Thu, 22 Dec 2011 21:05:42 -0500
From: Gene Spafford <spaf () cerias purdue edu>
Subject: The False Promise of Biometrics (Aman Sethi)

Although this is about India, the bits about biometric failures and what is
happening to people missing in the database should resonate with some of our
own efforts.

Aman Sethi, The False Promise of Biometrics,
*The New York Times* blogs, Latitude, 22 Dec 2011

India's ambitions to help the poor secure government benefits by creating
the world's largest personal database could do them much harm.
http://latitude.blogs.nytimes.com/2011/12/22/the-false-promise-of-biometrics-in-india/?emc=eta1

------------------------------

Date: Fri, 23 Dec 2011 11:01:03 -0500
From: Monty Solomon <monty () roscom com>
Subject: EFF reverse engineers Carrier IQ (Sebastian Anthony)

Sebastian Anthony, 22 Dec 2011:

At this point we have a fairly good idea of what Carrier IQ is, and which
manufacturers and carriers see fit to install it on their phones, but the
Electronic Frontier Foundation (EFF) - the preeminent protector of your
digital rights - has taken it one step further and reverse engineered some
of the program's code to work out what's actually going on.
  http://www.extremetech.com/computing/110061-eff-reverse-engineers-carrier-iq

Analyzing Carrier IQ Profiles
  https://www.eff.org/deeplinks/2011/12/analyzing-carrier-iq-profiles

Some Facts About Carrier IQ
  https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture

------------------------------

Date: Sat, 10 Dec 2011 21:09:33 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: In tests, LightSquared disrupts 75% of GPS receivers

  "Philip Falcone's proposed LightSquared Inc. wireless service caused
  interference to 75 percent of global-positioning system receivers examined
  in a U.S. government test, according to a draft summary of results."
  http://j.mp/vcHiAA  (Business Week)  [NNSquad]

------------------------------

Date: Wed, 21 Dec 2011 17:19:32 -0500
From: David Magda <dmagda () ee ryerson ca>
Subject: Internet of things

The more things are connected, the more they need protecting:

In one instance, a thermostat at a town house the Chamber [of Commerce]
owns on Capitol Hill was communicating with an Internet address in China.

http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html
http://www.thestar.com/news/world/article/1105272
http://it.slashdot.org/story/11/12/21/1321238/  (via)

There are some quite sophisticated thermostat designs being designed nowadays:

  http://www.sparkfun.com/tutorials/334
  http://www.nest.com/

With quite capable processors:

  http://www.ti.com/product/am3703

No mention of the specific product used in the attack though.

------------------------------

Date: Sun, 25 Dec 2011 11:11:38 -0500
From: "Bob Frankston" <Bob19-0501 () bobf frankston com>
Subject: Risks of focusing on risks

There are all sorts of articles about the risks of talking on a cell phone while driving -- even hands free -- in a car 
and an effort to ban them.

The problem is that these processes seem to focus primarily on risks.  Have
these studies looked at the benefits of not being isolated while driving?
The reports do make an exception for navigation systems even though they can
be very distracting. That's a case where the benefits are, perhaps, too
obvious to ignore.

Yet if we remove all distractions driving becomes very dangerous -- that's
why roads are now designed with curves rather than being straight for many
miles.

How do we get balanced policies rather than policies focused on eliminating
risks? And without taking risks how do we advance understanding and
technology?

There's also another issue -- the policymakers seem to assume that a GPS
navigator is a device. But today it's just an app and a cell phone is just a
generic communicating platform. So, inevitably, in a software-defined world
the efforts to ban devices become commingled with attempts to control
behavior.

------------------------------

Date: Sun, 18 Dec 2011 20:57:09 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Hollywood's pirate cure is worse than the disease (Jack Shafer)

  "So grand is the entertainment complex's umbrage that I half expect its
  next move will be to petition the Department of Justice for the authority
  to shut down the electric utilities that provide power to any and all
  computers it suspects are pinching its intellectual property."
  Jack Shafer, Reuters blog, 16 Dec 2011  http://j.mp/w1Ja2U

NNSquad: http://lists.nnsquad.org/mailman/listinfo/nnsquad

------------------------------

Date: Mon, 19 Dec 2011 15:07:50 +0100
From: Peter Houppermans <peter () houppermans com>
Subject: ACMA: Facebook photos are not private, even with "privacy" enabled

OK, the concept of "privacy" and the whole raison d'ĂȘtre for Facebook are
diametrically opposed, but you would have hoped that a regulator would put
at least *some* effort into protecting the innocent.

http://www.itnews.com.au/News/284896,acma-finds-facebook-photos-are-not-private.aspx

  "Australia's communications regulator has ruled that television networks
  are not breaking the industry's code of practice when publishing photos
  lifted from a public Facebook profile."

OK, I can sort of follow that one - it's freely accessible. There looms
the eternal copyright question, though, but OK - but worse was to come.

  "Channel Seven did not breach the Commercial Television Industry Code of
  Practice when it accessed and broadcast photographs -- specifically in
  the case of a deceased person lifted from a Facebook tribute page, and
  another which broadcast the name, photograph and comments penned by a
  14-year old boy."

OK, this was enough to hit the buffers for me. The former is a matter of
public decency (I know, I know, I'm old fashioned), but the latter throws up
a thoroughly evil question that I will post in a minute as a separate
message.

Now for the killer:

  "The ACMA was begrudgingly unable to guarantee that users marking content
  as `private' on a social network could be safe guarded from broadcasters
  and publishers making it public, at least under the industry code of
  practice."

The ACMA made it clear that while it considers the use of privacy settings
an important consideration when assessing material obtained from social
networking sites, the actual settings are not determinative, the regulator
noted.

Instead, the regulator will determine matters taken before it on a
case-by-case basis."

Let me see if I get this correctly: even when a user has flagged the
explicit WITHHOLDING of consent for public use by marking something private
(which suggests an access control mechanism of some sorts which requires
breaching either by password hacks, or by asking a "friend" (cough) to get
at the data, the use of such material is perfectly OK?  Excuse me?

Words fail me. And privacy in Australia, apparently.

------------------------------

Date: Sun, 25 Dec 2011 22:06:14 +0100
From: Peter Houppermans <peter () houppermans com>
Subject: When Facebook really became a liability

  "Facebook will begin adding photos of its users to third-party adverts
  appearing in users' news feeds come early next year, so if you're the sort
  who's a bit free with your thumbs-up button, there's no way out of being
  featured alongside a tin of baked beans or a pair of knickers on the
  social network."
  http://www.theregister.co.uk/2011/12/21/facebook_sponsored_stories/

I'm not quite sure what exactly they are smoking at Facebook HQ, but I would
advise to avoid it at all costs, zap any image which features your face and
start warming up your lawyers.

What Facebook is planning to do appears to me principally deceptive
marketing.  If your face is somehow associated with a product it will appear
as an endorsement - and endorsement you didn't intend, most likely would not
consent to if you were aware of it (which you won't), and may associate you
with any problems the product may have.  In other words, Facebook is about
to use your credibility and reputation for free, leaving you with the
liability and representational loss if the product isn't up to scratch.
Absolutely *great* for double-glazing selling..

Well, that's the end of profile pictures, I think.  Even more fun will be
the abuse of publicity images as used by fake profiles - as far as I can
see, the only people winning here are lawyers.

Am I missing something or have they really come off the rails now?

------------------------------

Date: Thu, 22 Dec 2011 11:32:22 -0800
From: Gene Wirchenko <genew () ocis net>
Subject: "Facebook agrees to a dozen recommendations by Irish data
  protection authority" (Jeremy Kirk)

Deal comes just a month after the U.S. Federal Trade Commission ruled
Facebook made deceptive claims about data sharing.  Jeremy Kirk, *ITBusiness*
http://www.itbusiness.ca/it/client/en/home/News.asp?id=65451 12/22/2011

------------------------------

Date: Sun, 25 Dec 2011 2:33 PM
From: Monty Solomon <monty () roscom com>
Subject: Hacked! (James Fallows)

As e-mail, documents, and almost every aspect of our professional and
personal lives moves onto the "cloud"-remote servers we rely on to store,
guard, and make available all of our data whenever and from wherever we want
them, all the time and into eternity-a brush with disaster reminds the
author and his wife just how vulnerable those data can be. A trip to the
inner fortress of Gmail, where Google developers recovered six years' worth
of hacked and deleted e-mail, provides specific advice on protecting and
backing up data now-and gives a picture both consoling and unsettling of the
vulnerabilities we can all expect to face in the future.

James Fallows, *The Atlantic*, Nov 2011
http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/?single_page

------------------------------

Date: Sun, 25 Dec 2011 10:27:04 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Stratfor security breach (Huffington Post via NNSquad)

  "LONDON - Hackers on Sunday claimed to have stolen a raft of e-mails and
  credit card data from U.S.-based security think tank Stratfor, promising
  it was just the start of a weeklong Christmas-inspired assault on a long
  list of targets.  One alleged hacker said the goal was to use the credit
  data to steal a million dollars and give it away as Christmas donations."
  http://j.mp/sZ21Qj  (Huffington)

 - - -

This is the text of the message Stratfor has been sending out, though it has
been received by various parties without a known relationship to Stratfor,
at least directly:

Dear Stratfor Member,

We have learned that Stratfor's web site was hacked by an unauthorized
party. As a result of this incident the operation of Stratfor's
servers and e-mail have been suspended.

We have reason to believe that the names of our corporate subscribers
have been posted on other web sites. We are diligently investigating
the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor's
relationship with its members and, in particular, the confidentiality
of their subscriber information, are very important to Stratfor and
me. We are working closely with law enforcement in their investigation
and will assist them with the identification of the individual(s) who
are responsible.

Although we are still learning more and the law enforcement
investigation is active and ongoing, we wanted to provide you with
notice of this incident as quickly as possible. We will keep you
updated regarding these matters.

George Friedman

------------------------------

Date: Mon, 26 Dec 2011 22:57:40 -0500
From: Monty Solomon <monty () roscom com>
Subject: Stratfor hacking victims targeted after comments (Eileen Aj Connelly)

NEW YORK  Victims of a data breach at the security analysis firm Stratfor
apparently are being targeted a second time after speaking out about the
hacking.  Stratfor said on its Facebook page that some individuals who
offered public support for the company after it revealed it was hacked "may
be being targeted for doing so."

The loose-knit hacking movement "Anonymous" claimed Sunday through Twitter
that it had stolen thousands of credit card numbers and other personal
information belonging to the company's clients. Anonymous members posted
links to some of the information Sunday and more on Monday.

Stratfor, based in Austin, Texas, said its affected clients and its
supporters "are at risk of having sensitive information repeatedly published
on other websites." The company has resorted to communicating through
Facebook while its website remains down and its e-mail suspended. ...

Eileen Aj Connelly, AP Business Writer, *The Boston Globe*, 26 Dec 2011,
http://www.boston.com/business/technology/articles/2011/12/26/think_tank_hacking_victims_targeted_after_comments/

------------------------------

Date: Sun, 18 Dec 2011 18:06:04 -0500
From: Monty Solomon <monty () roscom com>
Subject: Microsoft will push IE auto-updates (Gregg Keizer)

Microsoft gets silent upgrade religion, will push IE auto-updates
Copies Chrome and follows Firefox to get users onto the newest browser
without asking permission

Microsoft today said it will silently upgrade Internet Explorer (IE)
starting next month, arguing that taking the responsibility out of the hands
of users will keep the Web safer.  The move is an acknowledgment by
Microsoft that Google's model -- its Chrome browser has updated in the
background without user involvement since it debuted more than three years
ago -- is the right one. ...  [Source: Gregg Keizer, *Computerworld*, Dec 15
2011]

http://www.computerworld.com/s/article/9222690/Microsoft_gets_silent_upgrade_religion_will_push_IE_auto_updates

------------------------------

Date: Wed, 21 Dec 2011 07:56:31 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: Internet Hysteria ... (Brett Glass, R-26.67)

The inability to control volume is merely the tip of the iceberg when it
comes to the media consumer's lack of control.

However, thanks to the wonders of modern computers & digital signal
processing, those persons consuming their media via a _computer_, rather
than a consumer electronic device, finally have significantly more control.

"MP3Gain" and its competitors allows the user to pre-process the audio gain
of mp3 files so that even when played back on "dumb" mp3 devices, the sound
volume will be within the range selected by the user.  I have used these
types of programs for years to enable me to be able to hear mp3's on
airplanes where the ambient noise is simply too high.

If you are utilizing the outstanding "VLC" media player on your laptop
computer, you have even greater control.  For example, the VLC player can
play back at speeds significantly greater than normal, but _without changing
the pitch_, so that you can zoom through boring podcasts & videos at 1.5x or
greater speeds.

The VLC player also has a "Volume Normalizer", which provides "dynamic volume compression" for noisy environments.  See 
below.

It is essential that digital media consumers be allowed to digitally
remaster their content to tailor it for their own consumption.  In some
cases, this can be an advantage for the content creators: e.g., when I set
VLC playback to 1.5x, I can consume 50% more content!

http://www.ab9il.net/digital-audio/vlc-audio-dynamics.html

"Effective Audio compression for Loud or Sensitive Environments.

"The VLC media player, short for VideoLan, is a very versatile player for
nearly any audio or video format.  It is an excellent application for home
theater computers, laptops, netbooks, tablet computers, or any Mac, Linux,
or Windows device used for multimedia playback.  It can even stream media
over a local or global network.  VLC is the media player of choice due in
part to its ease of use on the popular operating systems and its many useful
plugins.

"One aspect of its flexibility that is not well utilized by many VLC users
is its ability to manipulate the audio dynamics of the media it is playing.
In other words, the Volume Normalizer can be configured to compensate for
loud and quiet variations of a movie, podcast, or segment of music.  Such a
feature is very useful when using VLC in a loud environment: on an airplane,
in a busy cafe, in an office area, or on a street.  Some VLC users in
schools, watching pre-recorded lectures, may need the audio dynamics set to
provide clarity in a sound sensitive environment.  The audio compression
then automatically controls loudness to prevent distraction to others who
may be nearby."

------------------------------

Date: Sat, 24 Dec 2011 11:18:13 -0800 (PST)
From: Paul Robinson <paul () paul-robinson us>
Subject: Re: Robot prison wardens - with guns? (Houppermans, RISKS-26.64)

Oh yeah, you want those turrets on that robot in a prison.  New, untried
OS, vendor under competitive pressure, gun with real bullets and a high
likelihood of this thing having some form of remote management.  What
could possible go wrong?

Or as they said in the movie "Westworld", "Nothing can possibly go worng, go
worng, go worng..."

I was thinking about this when I saw the first "Robocop" movie, when the
ED-209 defense drone shoots an executive of the company, my thought was,
what kind of brain-dead moron actually loads ordnance into a machine
undergoing a test in a civilian environment?  Of course it would have made
the story fail, but Dick Jones, as head of the ED-209 project should have
been fired on the spot for incompetence, and whoever ordered actual
ammunition put into the thing should have been prosecuted at least for
involuntary manslaughter.  This was inexcusable negligence beyond mere
incompetence or even stupidity, it borders on arrogant willful misconduct.

Even if you don't give one damn about human life, killing corporate
executives is unacceptable because it's very expensive over some schlub on
the shop floor in a factory: you have to pay their death benefits from
worker's comp based on their income which is a lot higher, you have to cash
out their remaining contract, and possibly other benefits have to be paid,
plus a dead-bang winner of a juicy high-dollar suit by their survivors for
negligence.  Not to mention the bad press in the newspapers might cause the
stock price to go down.  Killing director-level or corporate officer
executives is going to be a lot more expensive than just having some factory
worker killed, say in a disaster because your maintenance is sub-par (like
BP and the Deepwater Horizon disaster in the Exxon of Mexico, err I mean
Gulf of Mexico.)

------------------------------

Date: Wed, 21 Dec 2011 12:10:07 +0100
From: Peter Bernard Ladkin <ladkin () rvs uni-bielefeld de>
Subject: Re: Qantas Terror Blamed on computer (RISKS-26.67)

The title of the note in RISKS-26.67 said the accident was "Blamed on
Software". I think this is misleading. The anomaly involved electronic data
generation and transmission engineering, nothing with which a software
engineer could be expected to have either experience or expertise.

Qantas Flight 72, flown by VH-QPA, an Airbus 330-303, suffered pitch
anomalies in cruise near Learmonth, Western Australia, in October 2008. It
pitched down suddenly, injuring some 106 passengers and 9 cabin crew, some
severely. An emergency was declared and the airplane landed at Learmonth,
Western Australia, to enable timely medical treatment for the injured.

It has been known for some time (and was published in the interim reports)
that the pitch-down was caused by data spikes in angle-of-attack data from
one air data computer (ADIRU), which were taken as veridical by the primary
flight control computers (FCPC or PRIM) because two similar spikes occurred
just outside the time window in the filtering algorithm. The reconciliation
between these values and those of the other two ADIRUs allowed this
anomalous value to prevail, and the aircraft accordingly pitched nose-down.

A blog post with more detail, including a link to the final report, as well
as discussion of the certification requirements as the ATSB sees them, may
be read at
http://www.abnormaldistribution.org/2011/12/21/the-accident-to-qantas-flight-72-vh-qpa-in-october-2008/

Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
www.rvs.uni-bielefeld.de www.causalis.com

  [See also
    http://www.atsb.gov.au/media/3532398/ao2008070.pdf
    http://it.slashdot.org/story/11/12/20/0127215/software-bug-caused-qantas-airbus-a330-to-nose-dive
  courtesy of Earl Boebert, who noted this:
    [There's] an (unverified) assertion that the Airbus flight control
    system will exercise uncommanded changes to throttle settings *without*
    moving the throttle handles in the cockpit. If true: bad robot, bad, bad
    robot. (The Boeing system supposedly has actuators on the handles and
    moves them when it decides to take over throttle control.)]
  PGN]

------------------------------

Date: Tue, 20 Dec 2011 23:18:05 -0800
From: Robert Meineke <rmeineke () gmail com>
Subject: Re: Qantas terror blamed on computer (RISKS-26.67)

http://www.stuff.co.nz/travel/australia/6163633/Qantas-terror-blamed-on-computer

The article notes that Airbus has since tweaked its algorithms and installed
the upgraded software.  The line in the article that caught my eye was the
following.

  "As a result of this redesign, passengers, crew and operators can be
  confident that the same type of accident will not reoccur," investigators
  have concluded.

*Will not* reoccur?  That strikes me as awfully absolute.

  [A common comment in RISKS over the years, but seemingly particularly
  relevant here!  PGN]

------------------------------

Date: Fri, 16 Dec 2011 12:30:12 +0100
From: Diego Latella <diego.latella () isti cnr it>
Subject: REMINDER - iFM 2012 CfP - DEADLINE APPROACHING

CALL FOR PAPERS - LAST WEEKS BEFORE DEADLINE Paper submission: 14 Jan 2012

9th International Conference on Integrated Formal Methods (iFM 2012)
in conjunction with ABZ 2012, in honor of Egon Boerger's 65th birthday
for his contribution to state-based formal methods

  June 18 - 22, 2012 - CNR - Pisa - ITALY        http://ifm.isti.cnr.it

Consiglio Nazionale delle Ricerche
Istituto di Scienza e Tecnologie dell'Informazione ``A. Faedo''
Formal Methods && Tools Lab.
Via Moruzzi 1 - 56124 Pisa

OBJECTIVES AND SCOPE

Applying formal methods may involve the modeling of different aspects of a
system that are expressed through different paradigms.  Correspondingly,
different analysis techniques will be used to examine differently modeled
system views, different kinds of properties, or simply in order to cope with
the sheer complexity of the system.  The iFM conference series seeks to
further research into the combination of (formal and semi-formal) methods
for system development, regarding modeling and analysis, and covering all
aspects from language design through verification and analysis techniques to
tools and their integration into software engineering practice.

INVITED SPEAKERS
Egon Boerger, University of Pisa, Italy
Muffy Calder, University of Glasgow, United Kingdom
Ian J. Hayes, University of Queensland, Australia

ABZ - iFM 2012 GENERAL CHAIRS
John Derrick, University of Sheffield, United Kingdom
Stefania Gnesi, CNR-ISTI, Italy

iFM PROGRAMME COMMITTEE CHAIRS:
Diego Latella, CNR-ISTI, Italy
Helen Treharne, University of Surrey, United Kingdom

ABZ - iFM 2012 FINANCE CHAIR
Alessandro Fantechi, Universita' di Firenze, Italy

  [Large international organizing and program committees omitted here. PGN]

------------------------------

Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.68
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 26.68 RISKS List Owner (Dec 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault