mailing list archives
Risks Digest 27.59
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 5 Nov 2013 14:41:22 PST
RISKS-LIST: Risks-Forum Digest Tuesday 5 November 2013 Volume 27 : Issue 59
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Honda recalls 344,000 Odyssey vans for software glitch (David Undercoffler
via Monty Solomon)
Opinion: Don't Gerrymander the Internet! (Joseph Lorenzo Hall with
No Morsel Too Minuscule for All-Consuming NSA (Scott Shane via
U.S. Postal Service Logging All Mail for Law Enforcement (Ron Nixon via
Perhaps "Air Gaps" Need to be "Opaque Vacuums": The dangers of software
controlled embedded devices (Bob Gezelter on Dan Goodin)
Why The Attack on Buffer Was A Serious Wake-Up Call (David Berlind via
Shut Down the Internet? (Steven J. Greenwald)
Adobe: Hackers stole account info of 38 million users, not 3 million
(Salvador Rodriguez via Monty Solomon)
Re: Metric System and Math (Henry Baker, Amos Shapir)
Re: Utility network protection? No. (Dick Mills)
Re: An App That Saved 10,000 Lives (Bruce Horrocks)
Abridged info on RISKS (comp.risks)
Date: Tue, 5 Nov 2013 10:18:03 -0400
From: Monty Solomon <monty () roscom com>
Subject: Honda recalls 344,000 Odyssey vans for software glitch
David Undercoffler, *Los Angeles Times*, 4 Nov 2013
Honda Motor Co. has announced it is voluntarily recalling more than 344,000
Odyssey minivans to correct a problem with the vehicles' stability control
The recall affects 344,187 Odyssey vans from the 2007 and 2008 model
years. In certain circumstances, an error in the software can prevent the
system from calibrating correctly, leading to pressure building up in the
braking system, the National Highway Traffic Safety Administration said.
If pressure builds to a certain point, "the vehicle may suddenly and
unexpectedly brake hard, and without illuminating the brake lights,
increasing the risk of a crash from behind," the NHTSA said. ...
Date: Mon, Nov 4, 2013 at 1:30 PM
From: Joseph Lorenzo Hall <joehall () gmail com>
Subject: Opinion: Don't Gerrymander the Internet! (with Leslie Harris)
Leslie Harris and Joseph Lorenzo Hall
Don't gerrymander the Internet
We can partially blame gerrymandering for the current gridlock in the
U.S. Congress. By shaping the electoral map to create politically safe
spaces, we have generated a fractious body that often clashes rather than
collaborates, limiting our chances of resolving the country's toughest
challenges. Unfortunately, revelations about the global reach of American
security surveillance programs under the National Security Agency (NSA) are
leading some to propose what amounts to gerrymandering for the Internet in
order to route around NSA spying. This will shackle the Internet,
inherently change its technical infrastructure, throttle innovation, and
likely lead to far more dangerous privacy violations around the globe.
Nations are rightly upset that the communications of their citizens are
swept up in the National Security Agency's pervasive surveillance dragnet.
There is no question the United States has overreached and violated human
rights in its collection of communications information on innocent people
around the globe; however, the solution to this problem should not, and
truly cannot, be data localization mandates that restrict data storage and
The calls for greater localization of data are not new, but the recent
efforts of Brazil's President, Dilma Rousseff, to protect Brazilians from
NSA spying reflected the view of many countries suddenly faced with a new
threat to the privacy of the communications of their citizens. Rousseff has
been an advocate for Internet freedom, so undoubtedly her proposal is well
intentioned, though the potential unintended repercussions are alarming.
First, it's important to consider the technical reasons why data location
requirements are a really bad idea. The Internet developed in a widely
organic manner, creating a network that allowed data to flow from all
corners of the world -- regardless of political boundaries, residing
everywhere and nowhere at the same time. This has helped increase the
resilience of the Internet and it has promoted significant efficiencies in
data flow. As is, the network routes around damage, and data can be wherever
it best makes sense and take an optimal route for delivery.
Data localization mandates would turn the Internet on its head. Instead of
a unified Internet, we would have a fractured Internet that may or may not
work seamlessly. We would instead see districts of communications that cater
to specific needs and interests -- essentially we would see Internet
gerrymandering at its finest. Countries and regions would develop localized
regulations and rules for the Internet to benefit them in theory, and would
certainly aim to disadvantage competitors. The potential for serious winners
and losers is huge. Certainly the hope for an Internet that promotes global
equality would be lost.
Data localization may only be a first step. Countries seeking to keep data
out of the United States or that want to exert more control over the
Internet may also mandate restrictions on how data flows and how it is
routed. This is not far-fetched. Countries such as Russia, the United Arab
Emirates, and China have already proposed this at last year's World
Conference on International Telecommunications.
As Internet traffic begins to demand more bandwidth, especially as we
witness more real-time multimedia applications, efficient routing is
essential to advance new Internet services. High capacity applications like
Apple's FaceTime may slow to the painful crawl reminiscent of the dial-up
days of the Internet.
This only begins to illustrate the challenges Internet innovators would
face, but big established players like Facebook, Google and Microsoft, would
potentially have the resources to abide by localization mandates -- of
course, only if the business case supports working in particular locales.
Some countries with local storage rules may be bypassed altogether. For
small or emerging businesses, data localization requirements would be a
greater challenge. It would build barriers to markets and shut off channels
for innovation. Few emerging businesses could afford to locate servers in
every new market, and if local data server requirements become ubiquitous,
it will be businesses in emerging markets that are most disadvantaged. The
reality for developing nations is that protectionist measures such as data
localization will further isolate local business from the global market,
depriving them of the advantages for growth that are provided by the
Most important though, is the potential for fundamental harm to human rights
due to data localization mandates. We recognize that this is a difficult
argument to accept in the wake of the revelations about NSA surveillance,
but data localization requirements are a double-edged sword. It is important
to remember that human rights and civil liberties groups have long been
opposed to data localization requirements because if used inappropriately,
such requirements can become powerful tools of control, intimidation and
When companies were under intense criticism for turning over the data of
Chinese activists to China, Internet freedom activists were united in theirs
calls to keep user data out of the country. When Yahoo! entered the
Vietnamese market, it placed its servers out of the country in order to
better protect the rights of its Vietnamese users. And the dust up between
the governments of the United Arab Emirates, Saudi Arabia, India, and
Indonesia, among others, demanding local servers for storage of BlackBerry
messages in order to ensure legal accountability and meet national security
concerns, was met with widespread condemnation. Now with democratic
governments such as Brazil and some in Europe touting data localization as a
response to American surveillance revelations, these oppressive regimes have
new, albeit inadvertent, allies. While some countries will in fact store,
use and protect data responsibly, the validation of data localization will
unquestionably lead to many regimes abusing it to silence critics and spy on
citizens. Beyond this, data server localization requirements are unlikely to
prevent the NSA from accessing the data. U.S. companies and those with a
U.S. presence will be compelled to meet NSA orders, and there appear to be
NSA access points around the world.
Data localization is a proposed solution that is distracting from the
important work needed to improve the Internet's core infrastructural
elements to make it more secure, resilient and accessible to all. This work
includes expanding the number of routes, such as more undersea cables and
fiber runs, and exchange points, so that much more of the world has
convenient and fast Internet access. If less data is routed through the
U.S., let it be for the right reason: that it makes the Internet stronger
and more accessible for people worldwide. We also need to work to develop
better Internet standards that provide usable privacy and security by
default, and encourage broad adoption.
Protecting privacy rights in an era of transborder surveillance won't be
solved by ring fencing the Internet. It requires countries, including the
U.S., to commit to the exceedingly tough work of coming to the negotiating
table to work out agreements that set standards on surveillance practices
and provide protections for the rights of privacy and free expression for
people. Germany and France have just called for just such an agreement with
the U.S. This is the right way forward.
In the U.S., we must reform our surveillance laws, adopt a warrant
requirement for stored email and other digital data, and implement a
consumer privacy law. The standards for government access to online data in
all countries must likewise be raised. These measures are of course much
more difficult in the short run that than data localization requirements,
but they are forward-looking, long-term solutions that can advance a free
and open Internet that benefits us all.
Date: Sat, 2 Nov 2013 15:30:49 -0400
From: Monty Solomon <monty () roscom com>
Subject: No Morsel Too Minuscule for All-Consuming NSA (Scott Shane)
*The New York Times*, 2 Nov 2013
When Ban Ki-moon, the United Nations secretary general, sat down with
President Obama at the White House in April to discuss Syrian chemical
weapons, Israeli-Palestinian peace talks and climate change, it was a
cordial, routine exchange.
The National Security Agency nonetheless went to work in advance and
intercepted Mr. Ban's talking points for the meeting, a feat the agency
later reported as an "operational highlight" in a weekly internal brag
sheet. It is hard to imagine what edge this could have given Mr. Obama in a
friendly chat, if he even saw the N.S.A.'s modest scoop. (The White House
But it was emblematic of an agency that for decades has operated on the
principle that any eavesdropping that can be done on a foreign target of any
conceivable interest - now or in the future - should be done. After all,
American intelligence officials reasoned, who's going to find out?
From thousands of classified documents, the National Security Agency
emerges as an electronic omnivore of staggering capabilities, eavesdropping
and hacking its way around the world to strip governments and other targets
of their secrets, all the while enforcing the utmost secrecy about its own
operations. It spies routinely on friends as well as foes, as has become
obvious in recent weeks; the agency's official mission list includes using
its surveillance powers to achieve "diplomatic advantage" over such allies
as France and Germany and "economic advantage" over Japan and Brazil, among
Mr. Obama found himself in September standing uncomfortably beside the
president of Brazil, Dilma Rousseff, who was furious at being named as a
target of N.S.A. eavesdropping. Since then, there has been a parade of such
protests, from the European Union, Mexico, France, Germany and
Spain. Chagrined American officials joke that soon there will be complaints
from foreign leaders feeling slighted because the agency had not targeted
James R. Clapper Jr., the director of national intelligence, has repeatedly
dismissed such objections as brazen hypocrisy from countries that do their
own share of spying. But in a recent interview, he acknowledged that the
scale of eavesdropping by the N.S.A., with 35,000 workers and $10.8 billion
a year, sets it apart. "There's no question that from a capability
standpoint we probably dwarf everybody on the planet, just about, with
perhaps the exception of Russia and China," he said.
Since Edward J. Snowden began releasing the agency's documents in June, the
unrelenting stream of disclosures has opened the most extended debate on the
agency's mission since its creation in 1952. The scrutiny has ignited a
crisis of purpose and legitimacy for the N.S.A., the nation's largest
intelligence agency, and the White House has ordered a review of both its
domestic and its foreign intelligence collection. While much of the focus
has been on whether the agency violates Americans' privacy, an issue under
examination by Congress and two review panels, the anger expressed around
the world about American surveillance has prompted far broader questions.
If secrecy can no longer be taken for granted, when does the political risk
of eavesdropping overseas outweigh its intelligence benefits? Should foreign
citizens, many of whom now rely on American companies for email and Internet
services, have any privacy protections from the N.S.A.? Will the American
Internet giants' collaboration with the agency, voluntary or otherwise,
damage them in international markets? And are the agency's clandestine
efforts to weaken encryption making the Internet less secure for everyone?
Matthew M. Aid, an intelligence historian and author of a 2009 book on the
N.S.A., said there is no precedent for the hostile questions coming at the
agency from all directions. ...
Date: Sun, 3 Nov 2013 17:13:19 -0400
From: Monty Solomon <monty () roscom com>
Subject: U.S. Postal Service Logging All Mail for Law Enforcement (Ron Nixon)
Ron Nixon, *The New York Times*, 3 Jul 2013
WASHINGTON - Leslie James Pickering noticed something odd in his mail last
September: a handwritten card, apparently delivered by mistake, with
instructions for postal workers to pay special attention to the letters and
packages sent to his home.
"Show all mail to supv" - supervisor - "for copying prior to going out on
the street," read the card. It included Mr. Pickering's name, address and
the type of mail that needed to be monitored. The word "confidential" was
highlighted in green.
"It was a bit of a shock to see it," said Mr. Pickering, who with his wife
owns a small bookstore in Buffalo. More than a decade ago, he was a
spokesman for the Earth Liberation Front, a radical environmental group
labeled eco-terrorists by the Federal Bureau of Investigation. Postal
officials subsequently confirmed they were indeed tracking Mr. Pickering's
mail but told him nothing else.
As the world focuses on the high-tech spying of the National Security
Agency, the misplaced card offers a rare glimpse inside the seemingly
low-tech but prevalent snooping of the United States Postal Service.
Mr. Pickering was targeted by a longtime surveillance system called mail
covers, a forerunner of a vastly more expansive effort, the Mail Isolation
Control and Tracking program, in which Postal Service computers photograph
the exterior of every piece of paper mail that is processed in the United
States - about 160 billion pieces last year. It is not known how long the
government saves the images.
Together, the two programs show that postal mail is subject to the same kind
of scrutiny that the National Security Agency has given to telephone calls
and e-mail. ...
Date: Fri, 01 Nov 2013 00:46:20 -0700
From: "Bob Gezelter" <gezelter () rlgsc com>
Subject: Perhaps "Air Gaps" Need to be "Opaque Vacuums": The dangers of
software controlled embedded devices (Re: Dan Goodin article)
"Airgaps" are a long-accepted precaution. In principle, an isolated system
cannot be contaminated or compromised by way of its network connections. A
report in Ars Technica discusses how this long-accepted wisdom may be
somewhat incomplete in the age of audio-visual enabled devices. The affair
at a Philadelphia-area school, where IT technical staff remotely enabled
student's integral laptop cameras demonstrated the dangers of remotely
enabled cameras; we now have a preliminary report of malware communicating
with other infected systems via integral speakers and microphones. Besides
the tongue in cheek renaming of "air gaps" as "opaque vacuums", perhaps
physical (non-software intermediated) On/Off switches on integral devices
would be a good privacy feature. The original article [* by Dan Goodin] is at:
Bob Gezelter, http://www.rlgsc.com
[* Note: Don Goodin's article is a really fascinating one, and worth a
careful read. The website also includes a response to questioning
comments from readers, saying that as a journalist for more than 17 years,
he has never written a spoof story, and it is completely coincidental that
this one ran on Hallow'en. PGN]
Date: Mon, Nov 4, 2013 at 6:41 PM
From: Lauren Weinstein <lauren () vortex com>
Subject: Why The Attack on Buffer Was A Serious Wake-Up Call (David Berlind)
"End-users must also recognize that, despite the best intentions of those
stakeholders and the imprimaturs of widely-used federated credentialing
technologies like OAuth, there's no guarantee that their identities cannot
be stolen and abused for impersonation. Vulnerabilities exist, especially
as a result of the implementation decisions that vary from developer to
developer and API provider to API provider."
http://j.mp/HwYZdY (Programmable Web via NNSquad)
[Also noted by Prashanth Mundkur. PGN]
Date: Mon, 4 Nov 2013 18:17:59 -0500 (GMT-05:00)
From: "Steven J. Greenwald" <sjg6 () gate net>
Subject: Shut Down the Internet?
My physicians expect me to sleep at night without drugs.
I tried to pay my property taxes on-line. It didn't work. I got an error
message of "unknown." So I e-mailed them. I got the following response.
Do not read with liquid in mouth. Please.
- - - -
We apologize for the inconvenience you're getting with our new system.
Please try again to submit your payment by following the instructions below:
* Clear browsing history. Go to the Tools Option on the top of the page,
delete browsing history.
* Shut down the Internet.
During the time of transaction, do not use the back arrow key.
Thank you for contacting us,
Miami-Dade Tax Collection <Proptax () miamidade gov>
"Delivering Excellence Every Day"
[Lovely follow-up to this message omitted by Steve, including discussion
of the implications of someone actually shutting down the Internet! PGN]
Date: Tue, 5 Nov 2013 10:18:03 -0400
From: Monty Solomon <monty () roscom com>
Subject: Adobe: Hackers stole account info of 38 million users, not 3 million
Salvador Rodriguez, *Los Angeles Times*, 30 Oct 2013
After originally saying that fewer than 3 million users had been affected by
a cyber security breach earlier this month, Adobe is now saying that at
least 38 million users' accounts were compromised. The software company,
known for Photoshop and other programs, said hackers were able to obtain the
Adobe IDs and encrypted passwords for about 38 million users who are active
with their accounts. ...
Date: Fri, 01 Nov 2013 14:52:36 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: Metric System and Math (Jansen, RISKS-27.58)
The denigration of degrees as a measure of angles is a particularly
unfortunate example, as the various units are far more complex, and far less
standard, than might have been imagined. In particular, in countries close
to Finland--e.g., Sweden & Russia--local standards were traditionally
different, and it took NATO (?!?) to standardize the "mil":
"Note: Do not confuse the angular mil with the minute of arc (MOA).
1 trigonometric milliradian (mrad) 3.43774677078493 MOA.
1 NATO mil = 3.375 MOA (exactly)."
The risk here is in using the wrong unit of angle to aim your artillery.
Date: Sun, 3 Nov 2013 00:52:21 +0200
From: Amos Shapir <amos083 () gmail com>
Subject: Re: Metric System and Math (Jansen, RISKS-27.58)
In my school days, I don't recall ever seeing non-metric measures in the
lab, and they ended before 1975.
That was exactly my point: that the metric system is presented as good for
use only by scientists, and has no bearing on everyday life. This is an
indicator of the general attitude against science in the US, which leads to
willful ignorance (of which Creationism is just one extreme example).
Date: Fri, 1 Nov 2013 19:01:04 -0400
From: Dick Mills <dickandlibbymills () gmail com>
Subject: Re: Utility network protection? No. (RISKS-26.86)
With what we know today, that utility network protection project may have
been killed at the order of NSA, because it was secure. It seems clear that
NSA feels that if anyone anywhere has a truly secure system that NSA can't
monitor, then terrorists could use it, and it must be corrupted or thwarted.
Who is to say that NSA is wrong? If anyone brags about having a really
secure system, they would become a target for terrorists who would like to
duplicate their system, or at least learn how they did it.
NSA's dual role to spy on foreigners and to help assure secure domestic
networking is hopelessly conflicted.
I was once an electric utility employee. Today, if I was really serious
about power grid security, I would be forced to reject anything recommended
or mandated by government, and to nix any cooperation or reporting of
security related information to government. But if I did so, then I become
even more a choice terrorist target. It is a lose lose situation.
That is the true extent of the damage caused by NSA's overreach.
[Killed "because it was secure"? Perhaps a little overstated, where "too
secure" might have been a little more realistic. As most RISKS readers
know, there is no such thing as a system that cannot be compromised
somehow, considering insiders, design flaws, and inherent practical
limitations. It's just a question of how much effort it might take. PGN]
Date: Sat, 2 Nov 2013 10:23:09 +0000
From: Bruce Horrocks <risks () scorecrow com>
Subject: Re: An App That Saved 10,000 Lives (O'Leary, RISKS-27.54)
Amy O'Leary's item was billed as a "success story". I don't dispute that --
it is a success story. However, the *article* as quoted, is worthy of a
Firstly, an ambiguity [* See PGN Note, below]:
This week, the start-up heard from its 10,000th user
who said the site saved her life.
So is that: 10,000 (female) users each say the site has saved her life, or
that the 10,000th user alone says the site saved her life?
If the former, then the app probably deserves a Nobel prize for medicine:
somehow it has identified a previously unknown, significant threat to female
health. If the latter, then one of those remarkable that only seem to happen
in press releases where [$convenient round number]th user has a major,
life-threatening condition rather than a bunion.
Let's assume the latter, on balance of probabilities.
So has that 10,000th user just recently visited the site?
Since its founding in 2012, the site has logged nearly a billion questions
and answers, from simple queries about headaches or the flu, to more
complicated ones, like whether mechlorethamine is a cancer medication.
Wow, that's... [gets out calculator to divide 1bn by 10k ;-) ]... 100,000
queries per user. Those people must be really sick!
Okay, so the site must clearly have had more than 10K visitors, and the
story is a follow-up on the 10,000th visited long after she visited the
So how many people do we think have visited the site?
Assuming 5 questions per user, a billion questions equates to 200m
users. Hmm, that's virtually all of the US population old enough to use a
computer. All using the site in the last year. It's all starting to look a
And then we are told:
None of that would be possible without the participation
of nearly 50,000 doctors who contribute their advice free
So 50k doctors answering a billion questions equals 20k questions each.
Assuming 5 mins per question to answer, and 8 hour days, that's 208 days of
full-time work *each* doctor has given free since the site was founded only
a year ago. However do they manage to find time to see their paying
Okay, so enough cheap shots at an over-inflated site usage figure.
The RISKS: Don't take a newspaper headline at face value (but you knew that
anyway). Web site statistics given out by the sites themselves need to be
independently verified (but you knew that anyway). Only in some dim, distant
past did journalists question or verify the information they were given.
Finally, this is absolutely not a shot at Monty Solomon nor PGN for raising
and including the item: I too would like to see more success stories -- I
just wish that journalists would write them better.
Bruce Horrocks, Hampshire, UK
[PGN notes, actually, there is no *ambiguity* as written.
Perhaps what Bruce is suggesting is that instead of
> This week, the start-up heard from its 10,000th user
> who said the site saved her life.
the author should have written
> This week, the start-up heard from its 10,000th user,
> who said the site saved her life.
Yes, the original could have been very sloppy writing, but it might even
be that the author may have actually written it correctly with the comma,
which got dropped by the editor. Also, in Bruce's second version, the
"alone" is clearly gratuitous, because some number of women less than
10,000 might have also noted that the site had saved her life. PGN]
Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 27.59
- Risks Digest 27.59 RISKS List Owner (Nov 05)