Home page logo
/

risks logo RISKS Forum mailing list archives

Risks Digest 28.03
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 17 Jun 2014 20:00:21 PDT

RISKS-LIST: Risks-Forum Digest  Tuesday 17 June 2014  Volume 28 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/28.03.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Danger: Robots Working (John Markoff and Claire Cain Miller)
Yet another EMR debacle (Robert L Wears)
AT&T: We need to buy DirecTV because U-verse TV is a failure (Ars Technica)
"Woman creates fake Facebook profile, discovers niece wants to kill her"
  (Review Journal via Gene Wirchenko)
"Google Chrome's experiment with killing URLs appears to be on hold"
  (Ian Paul)
Losing the Key (Steven Kurutz via Monty Solomon)
P.F. Chang's turns to vintage 1970s tech after credit card breach (Ars
  via Sean Peisert)
"Apple devices held hostage using Find My iPhone" (Loek Essers)
"Evernote hit by denial-of-service attack" (Tim Hornyak)
"Tech giants finally grow a spine and resist NSA spying" (Bill Snyder)
Sign of the Times: The Intimacy of Anonymity (Tim Wum)
The Privacy Paradox, a Challenge for Business (Steve Lohr)
Web Site with no Password Change Option (Richard Karash)
Ars tests Internet surveillance-by spying on an NPR reporter
  (Sean Gallagher)
"Here's One Big Way Your Mobile Phone Could Be Open To Hackers"
  (Steve Henn)
Court Rules Warrantless Cell Tracking Unconstitutional (HuffPost via
  Dave Farber)
Re: You shouldn't use a spreadsheet for important work (Bob Frankston,
  Walter Bushell)
Re: Would a Google car sacrifice you for the sake of the many? (fred)
Re: Turning everyone's home router into a WiFi hotspot (Anthonys Lists,
  Bill Gunshannon, John R. Levine, Bob Frankston, Chris Drewe)
Re: Renewable energy and electricity storage (Chris Drewe)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 17 Jun 2014
From: Peter Neumann
Subject: Danger: Robots Working (John Markoff and Claire Cain Miller)

John Markoff and Claire Cain Miller, *The New York Times*,
17 Jun 2014 (begins front page of Science Times in the National Edition)
Smarter machines will be freer to interact with people, making safety
a bigger concern

The article lists a bunch of cases of serious industrial accidents involving
robots, cited from OSHA data:

* Bakery, Aug 2011

* Plastics factory, May 2011

* Metal factory, Jul 2006

* Car factory, Mar 2006

* Car factory, Dec 2001

* Metal factory, Aug 1999

* Meatpacking plant, Jun 1999

* Sporting goods manufacturer, Nov 1996

* Aluminum factory, Feb 1996

The article notes that ``Many were a result of human error; others were
caused by robots' unexpected behavior.''  Each case involved a death, except
for the sporting goods one.

If you seriously believe in the infallibility of smart robots and their
ability to prevent accidental misuse, you might want to read this article,
and perhaps dig into the OSHA data.  Also, when we combine robots with the
Internet of Things, we must also address the reality that robots could be
hacked remotely by malfeasers.  The same considerations should also apply to
Automated Highways, and perhaps even Free Flight (the FAA's notion that we
can get rid of air-traffic controllers and have all the smarts in the
cockpit computers -- which may mercifully have fallen by the wayside), Once
again, the lessons from the Risks Forum leap to the forefront.

------------------------------

Date: Fri, 13 Jun 2014 13:22:21 -0400
From: "Robert L Wears, MD, MS, PhD" <wears () ufl edu>
Subject: Yet another EMR debacle

A province-wide EMR system in Alberta, Canada, collapsed Monday, making it
impossible to see test results, medical histories, medications, etc for
several hours.  The system has a history of previous difficulties (202
clinics lost access for roughly one day a year ago; a major slowdown
occurred last week, requiring about 15 minutes for simple tasks such as
prescription renewals).  The vendor reported the problem was "a technical
issue that was difficult to find and address."

A single system for an entire province -- what could go wrong?

Details at:

http://medicinehatnews.com/news/local-news/2014/06/10/system-failure-has-docs-patients-upset/

Robert L Wears, University of Florida, wears () ufl edu 1-904-244-4405 (ass't)
Imperial College London r.wears () imperial ac uk +44 (0)791 015 2219

------------------------------

Date: Thu, 12 Jun 2014 12:03:23 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: AT&T: We need to buy DirecTV because U-verse TV is a failure

Ars Technica via NNSquad
http://arstechnica.com/business/2014/06/att-we-need-to-buy-directv-because-u-verse-tv-is-a-failure/

  "AT&T has world-class wireline and wireless broadband facilities, but its
  video service, which is available in only a minority of customer locations
  within AT&T's 22-state incumbent local exchange carrier ('ILEC') region,
  is uneconomic and not fully competitive with cable providers," the company
  said.  AT&T only provides U-verse video where it has fiber-to-the-node or
  fiber-to-the-premises, the company said.  "As a result of its relatively
  limited video footprint, AT&T is far smaller than Comcast and Time Warner
  Cable, its principal competitors," it said. "Lack of scale particularly
  hinders AT&T with respect to content acquisition, which is by far the
  largest variable cost of MVPD [multichannel video programming distributor]
  service.  AT&T therefore faces challenges selling competitive
  broadband/video bundles even inside its U-verse video footprint."
  Although AT&T lags behind Comcast in Internet and video subscribers, it
  has double Comcast's overall revenue. AT&T made $128.8 billion in revenue
  last year compared to Comcast's $64.7 billion. Left unsaid is that AT&T
  bears responsibility for making U-verse available only in "a minority of
  customer locations," by choosing to slow down and limit its fiber
  deployment, until AT&T announced a recent expansion.

------------------------------

Date: Sat, 14 Jun 2014 22:17:55 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Woman creates fake Facebook profile, discovers niece wants to
  kill her"

      [We can argue risk for whom if you would like!]

*Review Journal*, Jun 12 2014
http://www.reviewjournal.com/trending/woman-creates-fake-facebook-profile-discovers-niece-wants-kill-her

------------------------------

Date: Thu, 12 Jun 2014 12:42:54 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Google Chrome's experiment with killing URLs appears to be on hold"
  (Ian Paul)

Ian Paul | PC World, 11 Jun 2014
For several months, Google toyed with the idea of hiding full Web
addresses from users in Chrome
http://www.infoworld.com/d/applications/google-chromes-experiment-killing-urls-appears-be-hold-244145

------------------------------

Date: Thu, 12 Jun 2014 21:35:01 -0400
From: Monty Solomon <monty () roscom com>
Subject: Losing the Key (Steven Kurutz)

Steven Kurutz, *The New York Times*, 11 Jun 2014

In this age of rapid transformation, the house key has been surprisingly
resistant to change. Cars have mostly switched to key fobs. Hotels and
office buildings favor the pass card. And yet the little metal keys we carry
around -- part security device, part domestic totem -- aren't that different
from the ones carried by our parents, their parents or their parents, going
back to the Civil War, when Linus Yale Jr. invented the cylinder lock,
modifying an ancient Egyptian design.

That was before the Internet of Things, an approach to life in which every
household fixture, no matter how unsexy or long neglected by designers, can
be rewired for digital living. And now, like the thermostat and the slow
cooker, the house key and its mate, the front-door lock, are going "smart"
too.

In the last year or so, several electronic door locks from industry bigwigs
like Schlage and Kwikset have hit the market, making it possible to unlock
your home using a smartphone, tablet or computer.  And two new locks created
by tech start-ups, which are forthcoming, promise the hands-free ease of
unlocking the door automatically as you approach it. ...

http://www.nytimes.com/2014/06/12/garden/losing-the-key.html

  [I guess that RISKS may soon have to spawn an offspring, called
  Smart RISKS!  (or perhaps RISKS of Trying to Be *Too Smart*!)  PGN]

------------------------------

Date: Fri, 13 Jun 2014 11:07:21 -0700
From: Sean Peisert <speisert () ucdavis edu>
Subject: P.F. Chang's turns to vintage 1970s tech after credit card breach

http://arstechnica.com/security/2014/06/pf-chang-turns-to-vintage-1970s-tech-after-credit-card-breach/

US restaurant chain P.F. Chang's China Bistro plans to temporarily bring
back manual credit card imprinting while it investigates a security breach
that allowed hackers to steal customer payment card data from multiple
stores.

The old-school manual system has already been spotted by people affiliated
with Sans, a computer security training institute. Readers may remember the
system from decades ago, when eight-track tapes and, later, Betamax video,
were still the rage. P.F. Chang's servers will be retaining carbon copies of
the transactions, according to KrebsOnSecurity reporter Brian Krebs, who
first reported the breach three days ago after finding that thousands of
newly stolen credit and debit cards for sale in underground forums were all
used at the chain.

"At P.F. Chang's, the safety and security of our guests' payment information
is a top priority," a statement posted on the chain's website
stated. "Therefore, we have moved to a manual credit card imprinting system
for all P.F. Chang's China Bistro branded restaurants located in the
continental United States. This ensures our guests can still use their
credit and debit cards safely in our restaurants as our investigation
continues."

The statement went on to advise customers to monitor their credit card and
bank statements and to report any suspicious activity to their card issuers.

According to Krebs, P.F. Chang's is also deploying dial-up card readers that
will be plugged in to old-fashioned phone lines and used to process the
imprint slips. The chain's shift to a manual system is already prompting
jokes that rib a security-through-obscurity approach. In fairness, manual
imprints are probably more secure. Just as they are harder for merchants to
quickly process in large numbers, they probably are similarly harder for
digital thieves to siphon up wholesale.

P.F. Chang's is the latest nationwide chain to be hit by an embarrassing
hack that compromised its customers' sensitive data. In November, retailer
Target suffered a breach that compromised credit card and personal data for
as many as 110 million customers. Like P.F. Chang's, Target has been working
with law enforcement agencies to investigate the hack. Unlike P.F. Chang's,
Target has continued to process payment card transactions electronically.

------------------------------

Date: Tue, 27 May 2014 15:01:59 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Apple devices held hostage using Find My iPhone" (Loek Essers)

Loek Essers, InfoWorld Home, 27 May 2014
Hackers are demanding ransoms to unlock devices that were locked with
the Find My iPhone tool, according to forum posts
http://www.infoworld.com/d/mobile-technology/apple-devices-held-hostage-using-find-my-iphone-243133

------------------------------

Date: Thu, 12 Jun 2014 12:40:19 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Evernote hit by denial-of-service attack" (Tim Hornyak)

Tim Hornyak, InfoWorld, 11 Jun 2014
The attack temporarily shut down Evernote, which now has over 100 million users
http://www.infoworld.com/d/security/evernote-hit-denial-of-service-attack-244124

------------------------------

Date: Thu, 12 Jun 2014 12:38:41 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Tech giants finally grow a spine and resist NSA spying"
  (Bill Snyder)

Bill Snyder, InfoWorld, 12 Jun 2014
Microsoft, Google, even Facebook are protecting their bottom lines --
and you -- by fighting outrageous court orders and encrypting user content
http://www.infoworld.com/d/the-industry-standard/tech-giants-finally-grow-spine-and-resist-nsa-spying-244174

------------------------------

Date: Thu, 12 Jun 2014 21:17:52 -0400
From: Monty Solomon <monty () roscom com>
Subject: Sign of the Times: The Intimacy of Anonymity (Tim Wum)

Tim Wum, *The New York Times*, 3 Jun 2014

Thanks to Facebook and Instagram, oversharing one's personal life feels as
authentic as reality TV. Right now anonymous posts hold the key to the
truth.

In the seminal 1999 cultural manifesto "No Logo," the writer Naomi Klein
pronounced that corporations were now in the business of selling brands,
rather than products. Whoever "produces the most powerful images, as opposed
to products," she wrote, "wins the race."  At the time, it was a shocking
message; little did she realize that by 2014 it would not just be companies,
but also people, who would be caught up in a branding race through social
media, and one directed not just at customers, but relatives and friends.

The euphemism is "sharing," but Klein would probably just call it selling a
personal brand, whether you consider yourself the pretty young thing with
literary tastes and a traditional side, the family man who brews his own
beer or the tough lawyer with a sense of humor.  It can be nice to share,
but brand maintenance takes constant work and demands consistency. A serious
self-brand should have some presence on Facebook, Twitter, LinkedIn,
Instagram, Foursquare, Google+ and Tumblr; keeping it all up can feel like
working as an unpaid intern for a Z-list celebrity known as Oneself.

In light of this, the recent comeback of online anonymity seems entirely
predictable. Two popular smartphone apps, Secret and Whisper, took off this
spring, especially in the tech communities, offering users the opportunity
to speak to their friends and a broader audience, anonymously, on just about
any subject. Reddit, an anonymous discussion and linking site, has recently
witnessed a traffic explosion; with more than 110 million unique monthly
visitors, it has more traffic than Netflix or any American newspaper.  Users
of these anonymous outlets make it clear they're looking for a break from
Facebook and other social media. One comment: "Maybe the reason Secret is
... interesting ... is because it doesn't have to be happy all the time."
...

http://tmagazine.blogs.nytimes.com/2014/06/03/oversharing-facebook-instagram-whisper-secret/

------------------------------

Date: Thu, 12 Jun 2014 21:47:56 -0400
From: Monty Solomon <monty () roscom com>
Subject: The Privacy Paradox, a Challenge for Business (Steve Lohr)

Steve Lohr, *The New York Times*, 12 Jun 2014

People around the world are thrilled by the ease and convenience of their
smartphones and Internet services, but they aren't willing to trade their
privacy to get more of it.

That is the top-line finding of a new study of 15,000 consumers in 15
countries. The privacy paradox was surfaced most directly in one question:
Would you be willing to trade some privacy for greater convenience and ease?

Worldwide, 51 percent replied no, and 27 percent said yes. (The remainder
had no opinion or didn't know.) There were country-by-country differences,
but there was a consistency to the results, especially in the developed
nations. The United States was 56 percent no and 21 percent yes. Britain was
almost identical -- 55 percent no, 18 percent yes. Germany was most privacy
protective -- 71 percent no, and 12 percent yes. India, by contrast, had the
highest yes percentage -- 48 percent, to 40 percent no. ...

http://bits.blogs.nytimes.com/2014/06/12/the-privacy-paradox-a-challenge-for-business/

------------------------------

Date: Fri, 13 Jun 2014 10:36:51 -0400
From: Richard Karash <richard () karash com>
Subject: Web Site with no Password Change Option

Among the many password traps: You have used the same password at multiple
sites and now you want to clean things up.

You go to one of these websites and find there is no option to change your
password.

Worse: The only option available is to request they send you your (precious)
password in open e-mail.

Hard to believe this could happen in 2014?  Here it is:
http://checkinsooner.com

Implication:  more important day by day, do not re-use passwords.

Richard Karash, Karash Associates LLC  +1 617-308-4750  http://Karash.com

------------------------------

Date: Thu, 12 Jun 2014 21:53:36 -0400
From: Monty Solomon <monty () roscom com>
Subject: Ars tests Internet surveillance-by spying on an NPR reporter
  (Sean Gallagher)

Sean Gallagher, Ars Technica, 10 Jun 2014
A week spent playing NSA reveals just how much data we leak online.

On a bright April morning in Menlo Park, California, I became an Internet
spy.

This was easier than it sounds because I had a willing target. I had
partnered with National Public Radio (NPR) tech correspondent Steve Henn for
an experiment in Internet surveillance. For one week, while Henn researched
a story, he allowed himself to be watched-acting as a stand-in, in effect,
for everyone who uses Internet-connected devices. How much of our lives do
we really reveal simply by going online?

Henn let me into his Silicon Valley home and ushered me into his office with
a cup of coffee. Waiting for me there was the key tool of my new trade: a
metal-and-plastic box that resembled nothing more threatening than an
unlabeled Wi-Fi router. This was the PwnPlug R2, a piece of professional
penetration testing gear designed by Pwnie Express CTO Dave Porcello and his
team and on loan to us for this project.

The box would soon sink its teeth into the Internet traffic from Henn's home
computer and smartphone, silently gobbling up every morsel of data and
spitting it surreptitiously out of Henn's home network for our later
analysis. With its help, we would create a pint-sized version of the
Internet surveillance infrastructure used by the National Security
Agency. Henn would serve as a proxy for Internet users, Porcello would
become our one-man equivalent of the NSA's Special Source Operations
department, and I would become Henn's personal NSA analyst. ...

http://arstechnica.com/security/2014/06/what-the-nsa-or-anyone-can-learn-about-you-from-internet-traffic/

------------------------------

Date: Fri, 13 Jun 2014 18:14:22 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Here's One Big Way Your Mobile Phone Could Be Open To Hackers"
  (Steve Henn)

Steve Henn, NPR, 13 Jun 2014
http://www.npr.org/blogs/alltechconsidered/2014/06/13/321389989/heres-one-big-way-your-mobile-phone-could-be-open-to-hackers

selected text:

Earlier this spring, when I conducted an experiment tapping my own Internet
traffic, Sean Gallagher, a reporter from the tech news site Ars Technica,
came to my house, and we connected a little device called a Pwn Plug --
invented by computer security expert Dave Porcello -- to my network.

Seeing just how much data streamed out of my phone the second I connected
was a big surprise.  My phone pinged Apple, Google and Yahoo. Then apps like
Twitter and Facebook connected to the Internet. This all happened in just
seconds of it simply sitting on my desk. I hadn't touched the phone.

If Porcello had been a hacker, those few seconds could have been a gold mine.

------------------------------

Date: Wed, 11 Jun 2014 21:02:43 -0400
From: "David Farber via ip" <ip () listbox com>
Subject: Court Rules Warrantless Cell Tracking Unconstitutional

http://www.huffingtonpost.com/2014/06/11/cell-tracking-unconstitutional_n_5486458.html

------------------------------

Date: Sun, 15 Jun 2014 15:19:27 -0400
From: "Bob Frankston" <bob2 () bob ma>
Subject: Re: You shouldn't use a spreadsheet for important work (RISKS-28.02)

"Simply put, spreadsheets are good for quick and dirty work, but they are
not designed for serious and reliable work." Sez who? Let me state
authoritatively that statement is simply not true.

You'd think after all these years we'd be past "who needs spreadsheets when
you have Fortran (or, for Lemire, C)". There is a reason why spreadsheets
are valuable tool -- they give you the ability to work with the numbers.
It's like complaining about those new-fangled typewriters because writing
should be done at a leisurely pace using a ballpoint pen or maybe quill and
ink.

What we should be concerned with is the interpretation of the data and the
tendency to treat number as supporting whatever meaning we project on them .
It reminds me of another personal experience when I was at Interactive Data
Corporation and we introduced Black-Scholes (option pricing) numbers. Naive
people on Wall St used as the foundation for derivatives even though they
had little intrinsic meaning.

It's easy to see that wealth is increasingly concentrated -- the question is
why does it take precise calculations based on guesstimates to "prove" that
is happening? One risk is that we'll approach this as a problem of numbers
rather than recognizing we have a structural problem.

Spreadsheets are useful way to provide insight as long as we don't confuse
the numbers with their meaning.

We see this again in the spectrum auction which is backed by lots of
analyses premised the idea that faux wires is the right way to communicate
in the absence of wires thus maximizing the local value to the owners while
minimizing the global value to society.

------------------------------

Date: Fri, 13 Jun 2014 21:00:15 -0400
From: Walter Bushell <proto () panix com>
Subject: Re: You shouldn't use a spreadsheet for important work (RISKS-28.02)

I've been saying this for years. Just to easy to hide mistakes either by
accident or on purpose to make a point. Hundred or thousands or more
programming statements scattered all over the sheets and linked perhaps to
other sheets that the author has not reviewed in detail.

------------------------------

Date: Thu, 12 Jun 2014 14:34:20 -0700
From: <fred () crystallake name>
Subject: Re: Would a Google car sacrifice you for the sake of the many?

In RISKS there was some interesting commentary on Google's self-driving cars
and the possible rules under which the software would decide who gets to
live and who gets to die in the presence of a pending `exchange of inertia',
one might call it, when vehicles and/or pedestrians collide out in the real
world and smart cars have time to crunch software to evaluate least-harm
consequences of possible defensive measures the cars may take.  What I
haven't seen mentioned in either David Weinberger's original article
(https://medium.com/@dweinberger/would-a-google-car-sacrifice-you-for-the-sake-of-the-many-e9d6abcf6fed
) or the follow-up commentary to Risks is the most probable over-riding
datum which smart cars will retrieve from their on-line databases and
evaluate milliseconds before making defensive (or even offensive) actions:
Smart cars will determine there is a threat to human life, talk among
themselves to retrieve and weigh each threatened occupant's and pedestrian's
financial wealth and social standing, and the priority for survival will be
meted out to the wealthiest with us 99%ers peasants fully expected to die
first.  Let's be realistic, okay? Google is evil, ergo its cars will be
evil. These corporate Oligarchs don't care about human life unless it's
wrapped around a limo wearing a tuxedo on its way to a Wall Street
meet-and-greet with lobbyists and politicians, and the software in their
cars can be expected to have all the ethics and morals of a Mitt Romney or a
Donald Trump.

------------------------------

Date: Fri, 13 Jun 2014 00:35:07 +0100
From: Anthonys Lists <antlists () youngman org uk>
Subject: Re: Turning everyone's home router into a WiFi hotspot

This sounds exactly like the BT Home Hub, which has been pretty much
standard fare for British Telecom customers for many years. As I remember
it, in order to sign up for roaming wi-fi, I had to enable my router as a
hot-spot, but it was opt-in.

So now, if I'm away from home and there is a BT customer nearby I will see a
"BT wifi" router which I can sign in on using my home credentials.
Hopefully that is configured to just provide a bridge directly to the BT
master router in the exchange.

I agree that if the router can be compromised, there is a risk that the
user's home network will be hijacked but I suspect routers are vulnerable
enough that the added attack surface isn't that important.

------------------------------

Date: Fri, 13 Jun 2014 08:35:03 -0400
From: "Bill Gunshannon" <bill () cs uofs edu>
Subject: Re: Turning your home router into a public WiFi hotspot (RISKS-28.02)

I especially liked the part about "people using the Internet via
the hotspot won't slow down Internet access on the home network.

Let me see if I understand this.  The four guys sitting at my neighbor's
pool all streaming a playoff game of their favorite team to their iPads
are not going to use up any of the RF bandwidth of my local Access Point?
Anyone care to explain that one to me?

Bill Gunshannon, University of Scranton, Scranton, Pennsylvania

------------------------------

Date: 14 Jun 2014 15:47:08 -0400
From: "John R. Levine" <johnl () iecc com>
Subject: Re: Turning everyone's home router into a WiFi hotspot

Thanks for sharing that.  So long a the router doesn't have any flaws, and
no one uses the guest access for nefarious purposes, what could go wrong?

Plenty, but no more than what's already wrong with any other public hotspots.

I don't recall any disaster stories, although I haven't particularly
been looking for them.

http://www.btwifi.com/find/uk/

John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies",

------------------------------

Date: Sun, 15 Jun 2014 15:37:56 -0400
From: "Bob Frankston" <bob2 () bob ma>
Subject: Re: Turning everyone's home router into a WiFi hotspot (RISKS-28.02)

How do we get past the fear of contribute to the public good?

What happens if someone uses your sidewalk or your porch light to conduct
criminal activity?

The Internet is about a big idea -- exchanging raw (best efforts) packets
apart from their meaning. Making people liable is the idea that we must
prevent all bits from flowing lest just in case someone may not understand
the concept of a bit is akin to requiring someone walk in front of a car
lest it go too fast and scare the horses.

The risk of doing harm is not just a risk but a reality. By making everyone
along the path a gatekeeper who must prevent all bits from passing we
prevent even the simplest applications such as connected healthcare from
happening and people die. I explain more in http://rmf.vc/BitsVsMessages and
in my next IEEE column.

We must educate lawyers and organizations like the ACLU about the importance
of understanding the concept of packets apart from their meaning and the
harm that comes from crippling our ability to communicate. As an added
benefit we would get "network neutrality" as byproduct of removing
gatekeepers from the role of second-guessing the meaning of bits.

As to the Xfinity problem -- I presume that using a different IP address is
a simple enough that we should instead concentrate on the value of increased
connectivity. There's a separate risk of compromised routers that totally
apart from the Xfinity effort.

------------------------------

Date: Sat, 14 Jun 2014 21:30:48 +0100
From: Chris Drewe <e767pmk () yahoo co uk>
Subject: Re: Using people's home broadband routers into WiFi hotspots
  (RISKS 28.02)

It's happening in the UK too -- this was included in a newspaper's computing
section, text saved *WITHOUT* permission (BT is my ISP but I don't know it
this applies to me, I don't use WiFi at all).  On the face of it a good
idea, as it allows ISPs to enhance their WiFi coverage with no extra
hardware; presumably legal liability should be shown in the ISP T&Cs, but is
it..?

Technology Advice <http://www.telegraph.co.uk/technology/advice/>
  Are curb crawlers piggybacking on my BT WiFi?
    Your Wi-Fi router is moonlighting as a part time public wireless
    hotspot, says Rick Maybury
By Rick Maybury <http://www.telegraph.co.uk/journalists/rick-maybury/>
<http://www.telegraph.co.uk/technology/advice/10805144/Are-curb-crawlers-piggybacking-on-my-BT-WiFi.html>

------------------------------

Date: Sat, 14 Jun 2014 21:30:48 +0100
From: "Chris D." <e767pmk () yahoo co uk>
Subject: Re: Renewable energy and electricity storage (RISKS 28.02)

Yes, I know about the Dinorwic pumped storage set-up in Wales, *however*
this is just used to give a little extra capacity to cover short-term peaks.
According to Wikipedia, the water can last for up to 6 hours, and the
installed generating capacity is 1.65GW.  Also according to Wikipedia, the
UK's electricity demand is 35.8GW on average and 57.5GW peak.  Therefore, 22
Dinorwics would be needed to meet the UK's average load, or 35 for peak
load, and that's just for a few hours.  Wikipedia gives the efficiency as
75% so getting 100% of power out means putting 133% in.

The problem with renewable electricity sources (at least for wind, solar,
and tidal) is that they only supply power in short bursts while it's needed
24/7, so if a country wanted to get all of its electricity from these
sources, it would have to have enough storage capacity to meet the country's
entire demand for quite long periods of time, and the renewable sources
would have to have enough capacity to replenish the storage facilities
(allowing for their inefficiencies) during the times when they do produce
power.  Other RISKS readers will probably have better information.

The other problems are (a) if electricity supplies become unreliable then
people may well use their own generators in preference to public supplies,
which defeats the object of 'green' energy sources, and (b) building all
those pumped storage projects and the transmission lines to them takes a lot
of steel, concrete, truck journeys, freight activity, etc. which has a big
environmental impact.

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string `notsp' at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 28.03
************************


  By Date           By Thread  

Current thread:
  • Risks Digest 28.03 RISKS List Owner (Jun 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]