Home page logo

risks logo RISKS Forum mailing list archives

Risks Digest 27.74
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 15 Feb 2014 15:38:42 PST

RISKS-LIST: Risks-Forum Digest  Saturday 15 February 2014  Volume 27 : Issue 74

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

RAF Voyager Grounded (Andy Cole)
NSF: 1/4 of Americans think sun goes 'round the earth... (Paul Saffo)
Your Air Traffic Controller May No Longer Be Required to Have a High School
  Diploma (via Glenn S. Tenney)
Iron Mountain fire in Argentina destroys bank archives (AP via Jim Reisert)
Heat System Called Door to Target for Hackers (NYTimes.com via Bob Frankston)
Auto battery death by improper charging (Monty Solomon)
Israeli combat pilots stored top-secret info on smartphones (Steven J Klein)
FBI Checks Wrong Box, Places Student on No-Fly List (David Kravets with
  comments from Chris Beck)
EU has secret plan for police to 'remote stop' cars (Henry Baker)
When teaching, you should know your subject (Paul Robinson)
Bad Domain Registrar Security Leads to Loss of Valuable Twitter Handle
  (Chuck Weinstock)
Altcoins will DESTROY the IT industry and spawn an infosec NIGHTMARE
  (Matthew Kruk)
GPS pioneer warns on network's security (Jones/Hoyos via Henry Baker)
"NSA-GCHQ Allegedly Hack Cryptographer Quisquater" (Jean-Jacques Quisquater)
Book announcement: "Threat Modeling: Designing for Security" (Adam Shostack)
Abridged info on RISKS (comp.risks)


Date: Fri, 14 Feb 2014 16:27:01 +0000
From: Andy Cole <andyjcole65 () gmail com>
Subject: RAF Voyager Grounded

It has been reported that the RAF have grounded their fleet of Voyager
aircraft after an 'in flight issue' that caused it to suddenly lose altitude
on a flight from Afghanistan. This rather bland description appears to
understate the actual events. The aircraft lost altitude very rapidly
leading to serious injuries. The crew were unable to stop this descent until
they 'pulled the fuse' on the autopilot.


Date: Sat, 15 Feb 2014 03:02:06 -0800
From: Paul Saffo <paul () saffo com>
Subject: NSF: 1/4 of Americans think sun goes 'round the earth...

26% of Americans think Sun revolves around the Earth, according to a
National Science Foundation survey.


Date: Monday, February 10, 2014
From: *Glenn S. Tenney* <tenney () think org>
Subject: Your Air Traffic Controller May No Longer Be Required to Have a
      High School Diploma (via Dave Farber)


The FAA has considered itself to be highly budget-constrained for years, and
in 1997 found a way to reduce its training costs -- encouraging college air
traffic control programs so that they could hire new controllers that were
effectively already trained.

There's a wait list of over 3000 air traffic control college graduates in
line for FAA positions.

The FAA is killing off that wait list and, according to transportation
researcher Bob Poole in the February Air Traffic Control Reform News will be
announcing plans to 'hire off the street' with a requirement only of a high
school degree or three years of work experience.

This is apparently a move driven by the FAA's HR department to improve

But it would mean less qualified candidates, it would mean higher training
costs, and it would mean that students who invested in degrees that had been
encouraged by the FAA will find those investments devalued.

Air traffic control graduates will still be able to re-apply for these
positions, of course, alongside folks without a high school diploma or
specialized training.

  [For more detailed information, and the source of the above:]

    [Perhaps the qualifications also include conviction that the Sun
    revolves around the Earth, and that global warming and evolution are
    only would-be theories.  Belief in Gravity and the Second Law of
    Thermodynamics would clearly be optional.  PGN]


Date: Wed, 5 Feb 2014 18:05:01 -0700
From: Jim Reisert AD1C <jjreisert () alum mit edu>
Subject: Iron Mountain fire in Argentina destroys bank archives (AP)

By Associated Press, Updated: Wednesday, February 5, 12:17 PM

Buenos Aires, Argentina -- Nine first-responders were killed and seven
others injured as they battled a fire of unknown origin that destroyed an
archive of corporate and banking industry documents in Argentina's capital
on Wednesday.



Date: 6 Feb 2014 14:23:20 -0500
From: "Bob Frankston" <Bob19-0501 () bobf frankston com>
Subject: Heat System Called Door to Target for Hackers (NYTimes.com)

A reminder of the risks of perimeter security


If I understand this right the real problem is perimeter security as in
"hackers used a vendor's stolen credentials to get inside its corporate
network". The idea of a "corporate network" is the pipe meme for networks.
The HVAC system may use the wires in a building as a means of exchanging
packets but that shouldn't mean it's in the corporate network any more than
two people on the same sidewalks are in the same social network.


Date: Wed, 29 Jan 2014 11:08:04 -0500
From: Monty Solomon <monty () roscom com>
Subject: Auto battery death by improper charging

The battery died prematurely in our vehicle and it appears that the charging
mode programming had an error.

According to Honda Service Bulletin 12-041:

Possible Cause

The vehicle's battery sensor monitors battery condition and the PCM
determines charging mode. Based on the sulfation of the battery and customer
driving habits, the PCM may not select the correct charge mode.

Corrective Action

Update the PGM-FI software.


Date: Wed, 5 Feb 2014 16:13:42 -0500
From: Steven J Klein <steven () klein us>
Subject: Israeli combat pilots stored top-secret info on smartphones

Two Israeli Air Force combat pilots were were jailed for five days and =
12 others were disciplined after it was learned they stored maps, =
documents and other sensitive material on their smartphones.

"The security breach came to light after one of the pilots lost his =
cellphone and reported what was contained on it to the military. The =
phone was found."



Date: Thursday, February 6, 2014
From: *Chris Beck* <cbeck () pacanukeha net>
Subject: FBI Checks Wrong Box, Places Student on No-Fly List

  [Via Dave Farber]

Obviously people make mistakes. Seems to me that the cover up and
obfuscation need to be tried as well, and costs awarded to the pro bono
lawyers. Seems to me that anyone who tries to invoke state secrets on such
an obvious ploy to conceal incompetence ... anyone - lawyers, agents, or
any employee - needs to have their clearance revoked, all of their
assertions revisited and obviously their permission to classify or invoke

Date: February 6, 2014 at 5:46:31 PM EST
From: Dewayne Hendricks>
Subject: [Dewayne-Net] FBI Checks Wrong Box, Places Student on No-Fly List

FBI Checks Wrong Box, Places Student on No-Fly List

The government contested a former Stanford University student's assertion
that she was wrongly placed on a no-fly list for seven years in court
despite knowing an FBI official put her on the list by mistake because he
checked the "wrong boxes" on a form, a federal judge wrote today.

The agent, Michael Kelly, based in San Jose, misunderstood the directions
on the form and "erroneously nominated" Rahinah Ibrahim to the list in
2004, the judge wrote.

"He checked the wrong boxes, filling out the form exactly the opposite way
from the instructions on the form," U.S. District Judge William Alsup wrote
(.pdf) today.

The decision makes Ibrahim, 48, the first person to successfully
challenge placement on a government watch list.

Much of the federal court trial, in which the woman sought only to clear
her name, was conducted in secret after U.S. officials repeatedly invoked
the state secrets privilege and sought to have the case dismissed.

Attorneys working pro bono spent as much as $300,000 litigating the case.

The judge issued a brief ruling last month declaring that the Malaysian
woman was a victim of a bureaucratic "mistake." The judge's full opinion
was released today.

Ibrahim's saga began in December 2005 when she was a visiting doctoral
student in architecture and design from Malaysia. On her way to Kona,
Hawaii to present a paper on affordable housing, Ibrahim was told she was
on a watch list, detained, handcuffed and questioned for two hours at San
Francisco International Airport.

She sued and federal authorities fought her all the way.

The December 5-day trial was shrouded in extraordinary secrecy, with
closed court hearings and non-public classified exhibits.

The agent testified to his bungle in closed court.

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>


Date: Thu, 30 Jan 2014 07:27:40 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: EU has secret plan for police to 'remote stop' cars

FYI -- What could possibly go wrong with this technology?

* Once this technology is installed in EU cars, it will likely be in _all_
  cars world-wide, but merely 'disabled', so that it still provides
  additional attack surface even _outside the EU_.

* Hackers/criminals can disable your car remotely -- e.g., to rob or kidnap.

* Governments can disable cars of the press, dissidents, activists, etc.

* Governments can disable cars during 'emergencies' to allow 'prioritized'
  traffic.  (Remember US air traffic control after 911, when certain special
  civilian flights were still allowed ?)

* Govt employees can disable cars of ex-spouses, ex-lovers, etc.

* Together with real-time GPS tracking, selected cars can have an
  "electronic fence" like your dog's electronic fence.

The potential for mischief is unbounded.


EU has secret plan for police to 'remote stop' cars

The EU is developing a secret plan to give the police the power to control
cars by switching the engine off remotely

Bruno Waterfield and Matthew Day, 29 Jan 2014

The European Union is secretly developing a "remote stopping" device to be
fitted to all cars that would allow the police to disable vehicles at the
flick of a switch from a control room.

Confidential documents from a committee of senior EU police officers, who
hold their meetings in secret, have set out a plan entitled "remote stopping
vehicles" as part of wider law enforcement surveillance and tracking

"The project will work on a technological solution that can be a 'build in
standard' for all cars that enter the European market," said a restricted

The devices, which could be in all new cars by the end of the decade, would
be activated by a police officer working from a computer screen in a central

Once enabled the engine of a car used by a fugitive or other suspect would
stop, the supply of fuel would be cut and the ignition switched off.

The technology, scheduled for a six-year development timetable, is aimed at
bringing dangerous high-speed car chases to an end and to make redundant
current stopping techniques such as spiking a vehicle's tyres.

The proposal was outlined as part of the "key objectives" for the "European
Network of Law Enforcement Technologies", or Enlets, a secretive off-shoot
of a European "working party" aimed at enhancing police cooperation across
the EU.

Statewatch, a watchdog monitoring police powers, state surveillance and
civil liberties in the EU, have leaked the documents amid concerns the
technology poses a serious threat to civil liberties

"We all know about the problems surrounding police stop and searches, so why
will be these cars stopped in the first place," said Tony Bunyan, director
of Statewatch.

"We also need to know if there is any evidence that this is a widespread
problem. Let's have some evidence that this is a problem, and then let's
have some guidelines on how this would be used."

The remote stopping and other surveillance plans have been signed off by the
EU's Standing Committee on Operational Cooperation on Internal Security,
known as Cosi, meaning that the project has the support of senior British
Home Office civil servants and police officers.

Cosi, which also meets in secret, was set up by the Lisbon EU Treaty in 2010
to develop and implement what has emerged as a European internal security
policy without the oversight of MPs in the House of Commons.

Douglas Carswell, the Conservative MP for Clacton, attacked the plan for
threatening civil liberties and for bypassing the parliament.

"The price we pay for surrendering our democratic sovereignty is that we are
governed by an unaccountable secretive clique," he said.

Nigel Farage, the leader of Ukip, described the measure as "incredible" and
a "draconian imposition".

"It is appalling they are even thinking of it," he said. "People must
protest against this attack on their liberty and vote against an EU big
Brother state during the Euro election in May."

In 2012, Enlets received a £484,000 grant from the European Commission
for its declared mission to "support front line policing and the fight
against serious and organised crime by gathering user requirements, scanning
and raising awareness of new technology and best practices, benchmarking and
giving advice".

The six-year work programme for Enlets also includes improving automatic
number plate recognition technology and intelligence sharing. Although the
technology for police to stop a vehicle by remote control has still to be
developed, Enlets argues the merits of developing such a system.

"Cars on the run can be dangerous for citizens," said a document. "Criminal
offenders will take risks to escape after a crime. In most cases the police
are unable to chase the criminal due to a lack of efficient means to stop
the vehicle safely."

The introduction of stopping devices has raised questions of road
safety. David Davis, the Conservative MP for Haltemprice and Howden, warned
that the technology could pose a danger to all road users.

"I would be fascinated to know what the state's liability will be if they
put these devices in all vehicles and one went off by accident whilst a car
was doing 70mph on a motorway with a truck behind it resulting in loss of
life," he said.

"It is time legislators stopped believing technology is a form of magic and
realised that is fallible, and those failures do real harm."

  [Also noted by Gideon Yuval.  PGN]


Date: Tue, 11 Feb 2014 15:03:53 -0800 (PST)
From: Paul Robinson <paul () paul-robinson us>
Subject: When teaching, you should know your subject

This is one of those "technology gone bad" stories I found very funny.
Washington DC Cable TV News Channel 8 reported Monday that one of the
members of a Mideast terrorist group was teaching how to correctly build
pipe bombs in a safe manner when one of the completed bombs blew up, setting
off the rest, killing the instructor and 24 members of the group, and
injuring several others who were caught trying to escape by police.  The ri
sk here is that if you're going to teach people how to commit terrorist
acts, you should at least know how to handle explosives, and if you're
trying to commit them - even if you're planning to be a suicide bomber - you
have a better chance of injuring or killing people if you at least live long
enough to survive the training class.


Date: Wed, 29 Jan 2014 15:30:20 +0000
From: Chuck Weinstock <weinstock () sei cmu edu>
Subject: Bad Domain Registrar Security Leads to Loss of Valuable Twitter Handle


Hero has a single character twitter handle (N). Villain wants it. Through
(mostly) social engineering villain is able to get control of the hero's
domain name. He changes the name servers and tries to get a password reset
email from twitter. Because of propagation delays the hero receives the
email and is able to stop the hijack by changing his email address on
twitter. But GoDaddy won't give him his domain back because he is not the
registrant according to their records. Villain threatens to destroy hero's
websites, etc. and successfully (for now) extorts the twitter handle from


Date: Wed, 29 Jan 2014 01:18:40 -0700
From: "Matthew Kruk" <mkrukg () gmail com>
Subject: Altcoins will DESTROY the IT industry and spawn an infosec NIGHTMARE



Date: Thu, 13 Feb 2014 14:27:45 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: GPS pioneer warns on network's security (Jones/Hoyos)

Sam Jones and Carola Hoyos, *Financial Times*, 13 Feb 2014, http://www.ft.com/

The Global Positioning System helps power everything from in-car satnavs and
smart bombs to bank security and flight control, but its founder has warned
that it is more vulnerable to sabotage or disruption than ever before --
and politicians and security chiefs are ignoring the risk.

Impairment of the system by hostile foreign governments, cyber criminals --
or even regular citizens -- has become ``a matter of national security,''
according to Colonel Bradford Parkinson, who is hailed as the architect of
modern navigation.

``If we don't watch out and we aren't prepared,'' then countries could be
denied everything from navigation to precision weapon delivery, Mr Parkinson
warned.  ``We have to make it more robust ... our cellphone towers are timed
with GPS. If they lose that time, they lose sync and pretty soon they don't
operate.  Our power grid is synchronised with GPS [and] our banking

Western governments are ``in their infancy in recognising the problem,''
Mr Parkinson told the *Financial Times* in an interview on the fringes of a
conference for government officials, academics and defence contractors at
the UK's National Physical Laboratory.

He said: ``[In the US] I don't know anyone that is really in charge of it.
The Department of Homeland Security should be [but] ... they don't have any
people that understand it very well.  They've got one person without any
budget to speak of.''

Mr Parkinson, now a professor at Stanford University, created GPS in the
1970s on behalf of the US military -- who still control the system of
satellites today.

Use of the system for civilian purposes has exploded with the development of
mobile technologies.

Though the US military has in place protection that could give its
navigation systems a high-degree of robustness, most civilian GPS systems
have none, Mr Parkinson said.  He also warned that the EU's new €5bn
Galileo satellite system, created as an alternative to the US-controlled
GPS, was equally at risk.

Richard Peckham, who helped develop the Galileo system, said that although
its public service was encrypted, making it more difficult to hack and more
secure for users such as the emergency services and public utilities, it was
still vulnerable to jamming and interference.

The US, which initially opposed the European satellite constellation, has
come around to supporting it, in part because Washington has realised it
needs a GPS back-up system that is neither Russian nor Chinese.

A report compiled for the UK government and released this week warned that
``the conditions are present for a catastrophic `Black Swan' event'' that
would knock out one or more critical GPS systems.  The report identified
thousands of instances of GPS jamming occurring annually.

Disruption of satellite navigation systems has so far remained a relatively
low-level problem for governments. Small-range jamming devices can be
acquired easily via the Internet.  However, more powerful jamming equipment
is becoming increasingly easy to acquire.

Over the past few years South Korea has witnessed huge jamming attacks
against its GPS systems, launched by North Korea.  The areas affected
stretch 100km into South Korean territory, and include major airports and
shipping lanes. More than 1,000 ships and 250 planes had their travel
disrupted by North Korean jamming attacks in 2012.

Seoul has responded by ordering the construction of a land-based antenna
array over more than 40 sites to provide a back-up system.

The UK has already begun to build a similar system, primarily to help
shipping in the event of GPS disruption.  The stretch of water between
Britain and France is one of the busiest shipping lanes in the world, but
navigation throughout it could be disrupted by a single portable jamming

``When a ship loses GPS, it isn't like a car satnav,'' said Professor
David Last, a consultant to the UK's General Lighthouse Authority.
``Multiple systems fail simultaneously.''

Prof Last cited a report into navigation vulnerabilities from the Royal
Academy of Engineering that found ``there was barely a single area of
commerce or industry in the UK that wasn't dependent on GPS in some way.''


Date: Thu, 06 Feb 2014 18:43:05 +0100
From: Jean-Jacques Quisquater - UCL Crypto Group <jjq () uclouvain be>
Subject: "NSA-GCHQ Allegedly Hack Cryptographer Quisquater"

Comments about "NSA-GCHQ Allegedly Hack Cryptographer Quisquater"
More info written by Jean-Jacques Quisquater.
This text was updated on February 8, 2014 in the morning (Belgian time).

Since 1 Feb 2014, many papers appeared in the newspapers and on Internet
concerning the hack of the personal portable computer of Jean-Jacques
Quisquater (JJQ). See


Unfortunately many of these papers suffer from approximations and
extrapolations and some of them are wrong.

The following text is intended to clarify the context of the attack as much
as possible as the investigations are not complete at this stage.

In short:

Facts: Yes, this portable computer was attacked. We don't know for sure the
vector of the attack in use. According to the Belgian Federal Police the
attack of this computer is strongly related to the attack of Belgacom in
Belgium allegedly hacked by NSA-GCHQ.

The only found vector of attack is related to an e-mail spoofing a linkedin
e-mail mentioning a name close to a name known by JJQ. From this e-mail, JJQ
opened a link to a profile of the mentioned person and JJQ immediately
understood it was a spoof and closed his computer in one second.  The
computer was later extensively scanned by several malware detectors without
result. Possibly another vector of attack was used but there is no trace of

* Data available on the computer: There was no sensitive data on the
computer.  The main part of the JJQ's work is the design of (formal) methods
related to cryptography and computer security and this activity is twofold:

  - Methods related to the academic world finally anyway published in
    conferences, journals, patents and standards. Privacy concerning reviews
    of scientific papers is important to write these reviews without
    external pressure, the content is nevertheless not critical.

  - Activities related to sensitive data of companies always follow a very
    strict procedure which lead to a very strong level of security (the use
    of safes, only in company rooms, dedicated computers without connection,
    destruction of all the data at the end of the study).  Therefore no
    sensitive information related to companies is available on this personal

Companies are only using the practical ideas of JJQ in the spirit of the
main principles of Kerckhoffs (``Only the key is secret.'') and Shannon
(``The enemy knows the system.'').

* The purpose of the attack: we don't know. Maybe the cryptography research
is under surveillance, maybe some people hope to find some interesting
information or contact, maybe there is another goal we will never know. [...]

  [PGN-truncated for RISKS.  Full text at
  Quite an item!  PGN]


Date: Sat, 15 Feb 2014 12:31:45 -0500
From: Adam Shostack <adam () homeport org>
Subject: Book announcement: "Threat Modeling: Designing for Security"

One of the the biggest threats to threat modeling is to believe it's a
mystical rite, or inborn skill which can never be taught.  Everyone
can threat model, and everyone should.  (If threat modeling is harder
than using git, whose fault is that?)  That requires recasting threat
modeling as a set of tasks which can be taught and integrated into the
engineering processes which deliver products or services.

Adam Shostack's Threat Modeling: Designing For Security (Wiley, 2014), is
focused on actionable threat modeling for everyone involved in building and
operating complex technology, in particular, developers, systems managers
and security professionals.  The book starts with a simple introduction
focused on four questions: (1) What are you building (2) What can go wrong?
(3) What are you going to do about it (4) Are you doing 1-3 sufficiently
well for your project?  From there, it covers finding threats (Part II),
processing and managing threats (Part III), threat modeling for specific
technologies and tricky areas (Part IV), and taking threat modeling to the
next level (Part V).

RISKS readers (especially those in security and other trustworthiness
issues) will particularly benefit from framing threat modeling as a deeply
practical, teachable discipline, and from having prescriptive guidance to
help experts in other domains better interface with security.

More information at http://threatmodelingbook.com, and available
wherever fine books are sold.


Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 27.74

  By Date           By Thread  

Current thread:
  • Risks Digest 27.74 RISKS List Owner (Feb 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]