Home page logo

risks logo RISKS Forum mailing list archives

Risks Digest 27.54
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 16 Oct 2013 17:14:31 PDT

RISKS-LIST: Risks-Forum Digest  Wednesday 16 October 2013  Volume 27 : Issue 54

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

Adi Shamir Prevented from Attending Crypto and Cryptology Conferences (PGN)
An App That Saved 10,000 Lives (Amy O'Leary via Monty Solomon)
From the Start, Signs of Trouble at Health Portal (Pear et al. via
  Monty Solomon)
Deloitte IT projects plagued with troubles around the country
  (Woolhouse and Healy via Monty Solomon)
Online Application Woes Make Students Anxious and Put Colleges  Behind
  Schedule (Lauren Weinstein)
Deutsche Telekom hopes to hide German Internet traffic from spies
  (Lauren Weinstein)
"We can't let the Internet become Balkanized"  (Sascha Meinrath via
"Risk considerations: Tracking services monitor your every move"
  (Steve Ragan via Gene Wirchenko)
Abridged info on RISKS (comp.risks)


Date: Wed, 16 Oct 2013 9:43:36 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Adi Shamir Prevented from Attending Crypto and Cryptology Conferences

Adi Shamir applied for a J1 visa at the beginning of June 2013, two and
one-half months early, so that he could attend the annual Crypto Conference
in Santa Barbara in mid-August (which he has almost always attend for the
past 32 years) and a subsequent NSA-affiliated History of Cryptography
Conference -- at which he was to present his paper, The Cryptology of John
Nash from a Modern Perspective.  As the S in RSA, and one of the most
important cryptographers in the world, it would seem to be a no-brainer that
he should be present for both conferences.  However, he was unable to attend
either, because the U.S. took exactly *four* months to send him his new
visa.  In his apology <http://www.fas.org/sgp/news/2013/10/shamir.html>
(dated 15 Oct 2013) for not being able to attend the History of Cryptography
conference, Adi notes that "I am not alone, and many foreign scientists are
now facing the same situation."

Because of the delay, his paper was removed from the program for the History
conference.  Even though his visa has now arrived long after Crypto 2013, he
was reinvited to give the talk at the Cryptology History conference, it is
apparently no longer possible due to other commitments.

This could be some sort of egregious combination of incredible arrogance,
ignorance, stupidity, personal vendetta, diplomatic blunder, and misguided
attitude to International scientific collaboration, or possibly just
attributable to a serious miscarriage of innate bureaucracy.  In any case,
the injustice is really sad, because four months for the simple nth renewal
of a visa seems outrageous.  Indeed, public-key cryptography might not even
be with us today if Adi had not been involved with Ron Rivest and Leonard
Adleman so long ago.  [PGN's personal opinion]


Date: Mon, 14 Oct 2013 10:11:16 -0400
From: Monty Solomon <monty () roscom com>
Subject: An App That Saved 10,000 Lives (Amy O'Leary)

  [Note: RISKS always solicits success stories, particularly those that
  result from foresight, long-term planning, intelligent software
  development and software engineering practices, and so on.  Here's one.
  Unfortunately, the norm seems to be that we generally run items on actual
  cases were the risks are either exacerbated or evidently present, as more
  or less dominated by the rest of this issue -- because they are
  predominant.  PGN]

[Source: Amy O'Leary, *The New York Times*, 5 Oct 2013]

While most start-ups feverishly track figures like the total number of
users, Ron Gutman, the founder and chief executive of the health information
start-up, HealthTap, is more interested in a different data point.

This week, the start-up heard from its 10,000th user who said the site saved
her life.

"My local doctor brushed me off and told me it was anxiety without doing any
tests at all," wrote one woman who turned to HealthTap after seeing her
doctor. After spending two hours on HealthTap, she was told by a doctor who
contributes to the site that her condition sounded like a blocked artery.
She soon saw a cardiology specialist who later inserted a coronary stent.

Since its founding in 2012, the site has logged nearly a billion questions
and answers, from simple queries about headaches or the flu, to more
complicated ones, like whether mechlorethamine is a cancer medication.
Questions are then routed to a physician who is both an expert in that
particular field of medicine, and who is determined by an algorithm to be
likely to respond fast, Mr. Gutman said.

None of that would be possible without the participation of nearly 50,000
doctors who contribute their advice free. (Every page on the site has a
disclaimer saying that the site "does not provide medical advice, diagnosis
or treatment.") ...



Date: Sun, 13 Oct 2013 23:16:39 -0400
From: Monty Solomon <monty () roscom com>
Subject: From the Start, Signs of Trouble at Health Portal (Pear et al.)

Robert Pear, Sharon LaFraniere and Ian Austen. *The New York Times*,
dated 12 Oct 2013, published 13 Oct 2013

WASHINGTON - In March, Henry Chao, the chief digital architect for the Obama
administration's new online insurance marketplace, told industry executives
that he was deeply worried about the Web site's debut. "Let's just make sure
it's not a third-world experience," he told them.

Two weeks after the rollout, few would say his hopes were realized.

For the past 12 days, a system costing more than $400 million and billed as
a one-stop click-and-go hub for citizens seeking health insurance has
thwarted the efforts of millions to simply log in. The growing national
outcry has deeply embarrassed the White House, which has refused to say how
many people have enrolled through the federal exchange.

Even some supporters of the Affordable Care Act worry that the flaws in the
system, if not quickly fixed, could threaten the fiscal health of the
insurance initiative, which depends on throngs of customers to spread the
risk and keep prices low. ...



Date: Mon, 14 Oct 2013 10:01:01 -0400
From: Monty Solomon <monty () roscom com>
Subject: Deloitte IT projects plagued with troubles around the country
  (Woolhouse and Healy)

6 Oct 2013

Mass. IT project is latest black eye for Deloitte
By Megan Woolhouse and Beth Healy |  GLOBE STAFF
07 Oct 2013

State senate committee to hold hearing on troubled Deloitte unemployment system contract
October 3, 2013

A thousand defects: DOR fired Deloitte in August
October 3, 2013

$54m later, state fired computer contractor
By Megan Woolhouse and Beth Healy |  GLOBE STAFF
04 Oct 2013

Massachusetts, California jobless benefit claim woes both tied to Deloitte Consulting of New York
24 Sep 2013

Mass., Calif. benefit claim woes tied to same firm
By Megan Woolhouse |  GLOBE STAFF
25 Sep 2013

Flawed contract for jobless claim system cost state millions
By Beth Healy and Megan Woolhouse |  GLOBE STAFF
19 Sep 2013


Date: Sun, 13 Oct 2013 09:43:32 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Online Application Woes Make Students Anxious and Put Colleges
   Behind Schedule

  With early admission deadlines looming for hundreds of thousands of
  students, the new version of the online Common Application shared by more
  than 500 colleges and universities has been plagued by numerous
  malfunctions, alarming students and parents and putting admissions offices
  weeks behind schedule "It's been a nightmare," Jason C. Locke, associate
  vice provost for enrollment at Cornell University. "I've been a supporter
  of the Common App, but in this case, they've really fallen down."
    http://j.mp/1bPUA3f  (*The New York Times* via NNSquad)

So, like, this is rocket science to do correctly at these volumes of
transactions for relatively straightforward applications? Uh, no.


Date: Sun, 13 Oct 2013 11:43:27 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Deutsche Telekom hopes to hide German Internet traffic from spies

  "One of Deutsche Telekom's competitors, Internet service provider QSC, had
  questioned the feasibility of its plan to shield Internet traffic, saying
  it was not possible to determine clearly whether data was being routed
  nationally or internationally, WirtschaftsWoche magazine reported."
    http://j.mp/1ajC10H  (Reuters via NNSquad)

What they really mean is foreign spies. Their own vast surveillance
apparatus of course would have full access. No matter, it's basically
impractical, as noted.


Date: Mon, 14 Oct 2013 08:28:54 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: "We can't let the Internet become Balkanized" (Sascha Meinrath)

http://j.mp/1elH7hh  (Slate via NNSquad)

  "Traditionally, that debate has featured America in the role as champion
  of a free and open Internet, one that guarantees the right of all people
  to freely express themselves. Arguing against that ideal: repressive
  regimes that have sought to limit connectivity and access to
  information. The NSA's actions have shifted that debate, alienating key
  Internet-freedom allies and emboldening some of the most repressive
  regimes on the planet. Think of it as an emerging coalition between
  countries that object to how the United States is going about upholding
  its avowed principles for a free Internet, and countries that have
  objected to those avowed principles all along."

 - - -

It is my personal belief that much of the breathless foreign government
hyperbole against the US relating to surveillance has little do with actual
surveillance (after all, many of these countries have their own major
surveillance systems, sometimes focused specifically inward to further
political repression and censorship) and everything to do with pushing the
abhorrent UN/ITU agenda (or similar agendas) for Internet control that would
codify censorship and heavy-handed government directed dictates over
Internet content and associated retribution against Internet users.  China's
and Russia's longstanding duplicity in these respects relating to Internet
governance and censorship is particularly noteworthy.


Date: Mon, 14 Oct 2013 13:16:24 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Risk considerations: Tracking services monitor your every move"
  (Steve Ragan)

Steve Ragan, CSO Online, 14 Oct 2013
Tracking services offer no real value to the business, but they exist on
networks both large and small, and administrators are often unaware of their


Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 27.54

  By Date           By Thread  

Current thread:
  • Risks Digest 27.54 RISKS List Owner (Oct 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]