mailing list archives
Risks Digest 27.57
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 23 Oct 2013 20:25:19 PDT
RISKS-LIST: Risks-Forum Digest Wednesday 23 October 2013 Volume 27 : Issue 57
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Wall Street software failure & relationship to voting
SecureDrop Project Will Pay To Install Media Outlets' WikiLeaks-Style
Submission Systems (Andy Greenberg via Gabe Goldberg)
Authors Accept Censors' Rules to Sell in China (Andrew Jacobs via
MIT Tech Review: The Decline of Wikipedia (Tom Simonite via
`Hacker' --> `criminality' ??? (Robert Schaefer)
Re: France summons US ambassador to answer allegations of widespread
NSA surveillance (Richard A. O'Keefe)
Re: Americans Are Way Behind in Math, Vocabulary, and Technology
(Richard S. Russell)
Re: GPS map leads to border crossing and shooting (Scott Nicol)
Unauthorized Access: The Crisis in Online Privacy and Security, by
Sloan and Warner (PGN)
Abridged info on RISKS (comp.risks)
Date: Wed, 23 Oct 2013 21:51:42 -0400
From: Jeremy Epstein <jeremy.j.epstein () gmail com>
Subject: Wall Street software failure & relationship to voting
[Also posted to Freedom to Tinker, slightly PGN-ed for RISKS.]
An article in *The Register* explains what happened in the 1 Aug 2012 Wall
Street glitch that cost Knight Capital $440M, resulted in a $12M fine, and
nearly bankrupted Knight Capital (forcing them to merge with someone
else). In short, there were 8 servers that handled trades; 7 of them were
correctly upgraded with new software, but the 8th was not. A particular
type of transaction triggered the updated code, which worked properly on the
upgraded servers. On the non-upgraded server, the transaction triggered an
obsolete piece of software, which behaved altogether differently. The
result was large numbers of incorrect "buy" transactions.
The bottom line is that the cause of the failure was lack of careful
procedures in how the software was deployed, coupled with a poor design
choice that allowed a new feature to reuse a previously used obsolete
option, which meant that the trigger caused an unanticipated result (instead
of being ignored of causing an error).
So, what does this have to do voting? It's not hard to imagine an Internet
voting scheme using 8 servers, and even if the software doesn't have
security flaws per se, a botched upgrade like this might work just fine for
7/8 of the voters, and silently fail for the 1/8. If the procedures aren't
in place to check all of the systems (and such procedures apparently didn't
exist at Knight Capital), a functional check might not detect a mismatch.
This experience emphasizes that proper operation isn't *just* having the
software itself being built correctly -- it's also having it fielded
properly. In a way, this is similar to the DC Internet voting experiment --
in that case, there was a bug in the software, but that particular bug
wouldn't have been exploitable if it hadn't been for a mistake in how the
software was fielded, replacing one version of a software library with a
different version that had an exploitable bug. [This is not to suggest that
this was the only bug in the DC voting software, or that Internet voting is
safe, just tying to the particular exploit that happened.]
Date: Wed, 23 Oct 2013 12:01:20 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: SecureDrop Project Will Pay To Install Media Outlets' WikiLeaks-Style
Submission Systems (Andy Greenberg)
Andy Greenberg, *Forbes*, 15 Oct 2013
The non-profit Freedom of the Press Foundation (FPF) announced the launch of
SecureDrop, a piece of open-source software designed to serve as an
anonymous submission systems for media organizations. And to encourage news
outlets to install it, the Foundation has offered to send one of
SecureDrop's creators, security consultant James Dolan, to willing news
outlets to help install it, in some cases even paying for the necessary
SecureDrop, which like WikiLeaks depends on the anonymity software Tor to
hide leakers' identities, was developed from the open-source software
DeadDrop, initially created by the late coder and activist Aaron Swartz
along with Dolan and Wired editor Kevin Poulsen.
Date: Tue, 22 Oct 2013 21:58:40 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Authors Accept Censors' Rules to Sell in China (Andrew Jacobs)
"Foreign writers who agree to submit their books to China's fickle
censorship regime say the experience can be frustrating. Qiu Xiaolong, a
St. Louis-based novelist whose mystery thrillers are set in Shanghai, said
Chinese publishers who bought the first three books in his Inspector Chen
series altered the identity of pivotal characters and rewrote plot lines
they deemed unflattering to the Communist Party. Most egregiously, he
said, publishers insisted on removing any references to Shanghai,
replacing it with an imaginary Chinese metropolis called H city because
they thought an association with violent crime, albeit fictional, might
tarnish the city's image."
http://j.mp/1dh4BGA (New York Times via NNSquad)
[The article also notes the extensive redaction of a biography of
reformist leader Deng Xiaoping written by Ezra F. Vogel. I presume
this issue of RISKS will also be censored or redacted in China. PGN]
Date: Tue, 22 Oct 2013 22:22:59 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: MIT Tech Review: The Decline of Wikipedia (Tom Simonite)
"Yet Wikipedia and its stated ambition to "compile the sum of all human
knowledge" are in trouble. The volunteer workforce that built the
project's flagship, the English-language Wikipedia-and must defend it
against vandalism, hoaxes, and manipulation-has shrunk by more than a
third since 2007 and is still shrinking. Those participants left seem
incapable of fixing the flaws that keep Wikipedia from becoming a
high-quality encyclopedia by any standard, including the project's
own. Among the significant problems that aren't getting resolved is the
site's skewed coverage: its entries on Pokemon and female porn stars are
comprehensive, but its pages on female novelists or places in sub-Saharan
Africa are sketchy. Authoritative entries remain elusive. Of the 1,000
articles that the project's own volunteers have tagged as forming the core
of a good encyclopedia, most don't earn even Wikipedia's own
middle-ranking quality scores. The main source of those problems is not
mysterious. The loose collective running the site today, estimated to be
90 percent male, operates a crushing bureaucracy with an often abrasive
atmosphere that deters newcomers who might increase participation in
Wikipedia and broaden its coverage."
http://j.mp/1a6l6UL (MIT via NNSquad)
Date: Tue, 22 Oct 2013 13:32:54 -0400
From: Robert Schaefer <rps () haystack mit edu>
Subject: `Hacker' --> `criminality' ???
In the eyes of the court, calling yourself a hacker is equivalent to
robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford, MA 01886 781-981-5767 http://www.haystack.mit.edu
Date: Wed, 23 Oct 2013 18:18:14 +1300
From: "Richard A. O'Keefe" <ok () cs otago ac nz>
Subject: Re: France summons US ambassador to answer allegations of
widespread NSA surveillance
http://catless.ncl.ac.uk/Risks/27.56.html#subj9 tells us that the French
government are unhappy about the NSA. Let's see where the logic takes us.
1. Blowing up a vehicle in a foreign city and killing an unarmed civilian is
a terrorist act.
2. An organisation that trains, equips, and commands such an act is a
3. Anyone who contributes to the funding of such an organisation is
supporting a terrorist organisation.
4. Anyone who supports a terrorist organisation is a legitimate target of
surveillance in the war against terror.
5. In 1985, the French government carried out such a terrorist act in the
largest city of my country.
6. Therefore every French taxpayer is a legitimate target of surveillance
and the French government have no grounds for complaint.
Of *course* there are flaws in this (except for 5, which is a legally
established fact). But it's frighteningly plausible if you don't stop
to think. And it's exactly the kind of "reasoning" that is easy to
embody in computer software. (Maybe I should have written these claims
using OWL...) Is there anyone, other perhaps than the inhabitants of a
few villages in PNG and Vanuatu, that we _can't_ cover this way?
Date: Mon, 21 Oct 2013 22:08:47 -0500
From: "Richard S. Russell" <richardsrussell () tds net>
Subject: Re: Americans Are Way Behind in Math, Vocabulary, and Technology
If American kids had to take their reading and writing tests in Spanish
rather than English, we wouldn't expect them to do very well, since Spanish
isn't the first language for most of them.
Yet we expect them to take science and math tests which are written using
metric units -- the international "language" of technology. And we SHOULD
expect this! The sad part is that, while metric units are the first language
of measurement for 95% of the world's population, they remain a foreign
tongue to almost every American, with commensurate results.
Ben Franklin advocated the metric system. Congress adopted the Metric
Conversion Act of 1975, and it looked as if we were finally on our way. But
then Ronald Reagan was elected president, took the solar panels off the
White House roof, and declared that there was no way any government
reporting to him was going to dictate measurement rules to business. "Let
the free market decide", he insisted. And metrication came to a dead halt.
We continue to pay the price today, not only in substandard education but
also in failure to manufacture to the kind of international standards that
might earn us foreign markets. Plus which, ACHU* makes us dumber, almost as
if we had to do all our math using Roman numerals.
* Accidental Collection of Heterogeneous Units -- don't mislabel it the
"English system". First off, it's not a system (no design), it's an
accident. 2nd, the English have come to their senses and metricated
decades ago. And for gosh sake don't call it the "American system",
because then all the super-patriots will insist that it's a matter of
national honor to stick to it.
Richard S. Russell, 2642 Kendall Av. #2, Madison WI 53705-3736 608+233-5640
http://richardsrussell.livejournal.com/ If God had wanted us to use the
metric system, he would have given us 10 fingers. Ashleigh Brilliant
Date: Tue, 22 Oct 2013 10:53:33 -0400
From: Scott Nicol <scott.nicol () gmail com>
Subject: Re: GPS map leads to border crossing and shooting (DeRobertis,
In RISKS-27.56, Anthony DeRobertis writes:
This is the most misleading Subject: line I can remember having appeared in
Hyperbole in RISKS subject lines? Inconceivable!
I cross borders often and it is never routine. I've been "delayed" 6 times
(that I recall) at the US/Canada border, even though I had my papers in
order. Some of those were probably due to fitting a profile, other times
because I won the let's-randomly-check-somebody lottery. If you come
without papers, you've won the lottery by default. Anything can happen once
they pull you aside and start digging.
The border crossing guard won't likely take your story at face value. Even
between friendly nations like Canada and the US, there are plenty of things
that could result in something much more serious than a delay when crossing
You look Mexican. Your last name is Mohammed. You look like a terrorist.
You don't sound or look like a Canadian. You are not a Canadian citizen,
where's your US visitor visa?
Or you have kids in your car. Where is the other parent? Why does that kid
not look like you? Is that baby really yours?
Perhaps you're carrying contraband? Cuban cigars? Kinder Eggs?
Drugs? Some medications with codeine are available over the counter in
Canada, but only legal with a prescription in the US. You are carrying
marijuana, or your buddy in the passenger seat is, or a friend stuffed some
under a seat cushion last week. The US will seize your car on the spot, but
you don't have to worry about transportation because you'll get a free ride
in the back seat of a government car.
You have a prior criminal record. You have been barred from entering the
US. You have a warrant in the US. You have too much beer in the trunk of
Regardless if they let you through or turn you around, you'll have to go
through customs on return to Canada and you can run into the same set of
problems, and even more because there are legal reasons why you may not be
allowed to leave (you are out on bail, probation, parole) or return
(single-entry visa) to Canada.
And yes turning around means going through Canadian customs, because the US
customs house is on US soil. What could possibly go wrong? What if you
aren't admissible to Canada or the US? How do you think people get stuck in
limbo in airport terminals?
Date: Tue, 22 Oct 2013 16:42:07 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Unauthorized Access: The Crisis in Online Privacy and Security
(Sloan and Warner)
Robert H. Sloan and Richard Warner
Unauthorized Access: The Crisis in Online Privacy and Security
CRC Press, 2014
Robert Sloan is a professor of computer science, and Richard Warner is a law
professor, which would seem to make a nice collaboration. However, this
book is explicitly aimed primarily at legal and policy folks, rather than
techies. The back jacket says that this book ``proposes specific solutions
to public policy issues pertaining to online privacy and security.'' It is
highly readable, and could be very helpful for those who are not yet aware
of the serious issues it raises and the remedies it proposes.
On the other hand, it seems much less specific in discussing the
implications of many of the security problems (such as pervasive
vulnerabilities and exploits) whose existence might make some of the legal
and policy issues less effective, or whose remediation might possibly make
the recommended fixes less necessary. Also, there seem to be many inherent
weaknesses in best practices (not just in those proposed), as well as likely
limitations in legal remedies that might still exist despite the authors'
recommendations. A second edition might dig further into some of these
additional considerations. However, their recommendations certainly deserve
serious consideration -- especially given the poor state of the technology
for security, integrity, reliability, and so on. Overall, policy and law
are important -- if properly enforced. At the same time, they are not
enough by themselves -- especially in the absence of meaningful
trustworthiness of systems, networks, and people.
I have a few quibbles with the title of the book that may be familiar to
long-time RISKS readers, first with `Unauthorized Access', and second with
`Online Privacy and Security'. As we should learn from studying exploits
such as the Internet Worm and the Snowden affair, many of our problems in
this area involve Authorized Access rather than Unauthorized Access,
especially relating to policies, ethics, and the law. For example, as I
noted in RISKS-12.15 relating to the Internet Worm, no authorization was
required to exploit the sendmail debug option, the finger daemon buffer
overflow, freely open-to-the-world .rhosts files, and explicitly readable
encrypted password files. This fact seriously muddied the waters in a
prosecution that was based on Exceeding Authority when no authority was
actually required. Similarly, denial-of-service attacks frequently require
no authority, even when they manage to exploit fundamental flaws in
security. Worse yet, privacy violations often exist outside the purview of
computer system authentication and access controls, in which case it is not
at all clear what is actually `unauthorized' once the information involved
has become extrinsic to the systems in which it originated. Thus, offline
privacy is perhaps just at least as problematic as online privacy, while
offline security seems to be more of a fantasy. Besides, as I noted in my
Inside Risks column, The Foresight Saga, Redux (Comm.ACM 55, 10, Oct 2012,
http://www.csl.sri.com/neumann/cacm228/pdf), although the best may be the
enemy of the good, the good may not be good enough.
Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 27.57
- Risks Digest 27.57 RISKS List Owner (Oct 24)