mailing list archives
Risks Digest 28.05
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 26 Jun 2014 19:16:05 PDT
RISKS-LIST: Risks-Forum Digest Thursday 26 June 2014 Volume 28 : Issue 05
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at
Norway abandons Internet voting experiments (PGN)
Re: Hong Kong electronic voting system cyber-attacked (Steve Lamont)
Major Ruling Shields Privacy of Cellphones (Adam Liptak)
High Court Ruling On Search Warrants Is Broader Than Cellphones (NPR
Researchers Find/Decode Spy Tools Governments Use to Hijack Phones
(Kim Zetter via Dewayne Hendricks)
"Foolproof" system to authenticate bank customers by their voice
Did you know Equifax buys and sells real-time employment data?
"Privacy concerns loom over 'new' Google domain registration service"
(Woody Leonhard via Gene Wirchenko)
"Two months later, 300K servers still vulnerable to Heartbleed" (Ian Paul
via Gene Wirchenko)
Google Glass Snoopers Can Steal Your Passcode With a Glance (Andy Greenberg)
"Researchers expect large wave of rootkits targeting 64-bit systems"
Re: Trouble with firefox updates (Dimitri Maziuk)
Abridged info on RISKS (comp.risks)
Date: Thu, 26 Jun 2014 10:16:26 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Norway abandons Internet voting experiments
The Norwegian goverment is ceasing their experiments to conduct elections
using the Internet. Apparently they have realized that security and privacy
are inadequate. Earlier experiments have shown major flaws in cryptographic
implementations, poor software engineering (e.g., `spaghetti code', which
was noted as a problem in a voting machine by Eva Waskell in 1986!!!), lack
of contemporary system security/integrity evaluations, and more -- in the
[In this URL, I removed the `3D' used to encode the equal sign, but I have
no idea what the `%5B' and `%5D' might be encoding in Norwegian. Sorry.
Date: Tue, 24 Jun 2014 14:26:37 -0700
From: spl () tirebiter org (Steve Lamont)
Subject: Re: Hong Kong electronic voting system cyber-attacked
The FATAL flaw of online voting systems (and one for which there is *no*
technological solution whatsoever) isn't DDoS, identification, or
communications security. it's very simply that there is *no* way to
ensure that the voter isn't voting under duress... with a gun held to
their head (figuratively, or even literally). . . .
One has to wonder real a threat this might be. Yes, it's a nice movie of
the week plot but it really doesn't make a lot of sense in that it
influences exactly one vote which would rarely be decisive. I suppose an
employer might use coercion to force their entire workplace to vote one way
or another but, again, can it be done in numbers significant enough to
influence even a middling size election? I rather doubt it.
No way to make sure the voter isn't selling their vote (drugs, sex,
alcohol, money...). . . .
While this is certainly execrable, again, can it be done on a large enough
scale to dictate a result?
It makes more sense to simply control the way the votes are counted or the
machines which record them.
That seems like a more clear and present danger than influencing votes in
onesies and twosies.
And that's a RISK that's not necessarily restricted to online or
Date: Wed, 25 Jun 2014 17:33:47 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Major Ruling Shields Privacy of Cellphones (Adam Liptak)
Adam Liptak, *The New York Times*, 25 Jun 2014
Supreme Court Says Phones Can't Be Searched Without a Warrant
Washington -- In a major statement on privacy rights in the digital age, the
Supreme Court on Wednesday unanimously ruled that the police need warrants
to search the cellphones of people they arrest.
Chief Justice John G. Roberts Jr., writing for the court, said the vast
amount of data contained on modern cellphones must be protected from routine
The old rules, Chief Justice Roberts said, cannot be applied to ``modern
cellphones, which are now such a pervasive and insistent part of daily life
that the proverbial visitor from Mars might conclude they were an important
feature of human anatomy.''
The courts have long allowed warrantless searches in connection with
arrests, saying they are justified by the need to protect police officers
and to prevent the destruction of evidence.
But Chief Justice Roberts said neither justification made much sense in the
context of cellphones. On the other side of the balance, he said, is the
data contained on the typical cellphone. Ninety percent of Americans have
them, he wrote, and they contain ``a digital record of nearly every aspect
of their lives -- from the mundane to the intimate.''
Even the word `cellphone' is a misnomer, he said. ``They could just as
easily be called cameras, video players, Rolodexes, calendars, tape
recorders, libraries, diaries, albums, televisions, maps or newspapers,'' he
Chief Justice Roberts acknowledged that the decision would make law
enforcement more difficult.
``Cellphones have become important tools in facilitating coordination and
communication among members of criminal enterprises, and can provide
valuable incriminating information about dangerous criminals. Privacy comes
at a cost.''
The court heard arguments in April in two cases on the issue, but issued a
The first case, Riley v. California, No. 13-132, arose from the arrest of
David L. Riley, who was pulled over in San Diego in 2009 for having an
expired auto registration. The police found loaded guns in his car and, on
inspecting Mr. Riley's smartphone, entries they associated with a street
A more comprehensive search of the phone led to information that linked
Mr. Riley to a shooting. He was later convicted of attempted murder and
sentenced to 15 years to life in prison. A California appeals court said
neither search had required a warrant.
The second case, United States v. Wurie, No. 13-212, involved a search of
the call log of the flip phone of Brima Wurie, who was arrested in 2007 in
Boston and charged with gun and drug crimes. The federal appeals court in
Boston last year threw out the evidence found on Mr. Wurie's phone.
News organizations, including The New York Times, filed a brief supporting
Mr. Riley and Mr. Wurie in which they argued that cellphone searches can
compromise news gathering.
The Justice Department, in its Supreme Court briefs, said cellphones are not
materially different from wallets, purses and address books. Chief Justice
Roberts disagreed: ``That is like saying a ride on horseback is not
materially indistinguishable from a flight to the moon.''
Date: Wed, 25 Jun 2014 18:05:35 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: High Court Ruling On Search Warrants Is Broader Than Cellphones
NPR via NNSquad
"This is not just a phone case," said Mark Eckenwiler, former deputy chief
of the Computer Crime Section at the Department of Justice. "This is
really a digital evidence case." The decision applies to laptops, tablets
and all manner of electronic devices. This was a pretty sweeping decision,
leaving little wiggle room for law enforcement. "There's not a lot of
ambiguity there," he said.
Date: June 24, 2014 at 11:27:04 AM EDT
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Researchers Find/Decode Spy Tools Governments Use to Hijack Phones
Kim Zetter, *WiReD*, Jun 24 2014 (via Dave Farber)
Newly uncovered components of a digital surveillance tool used by more than
60 governments worldwide provide a rare glimpse at the extensive ways law
enforcement and intelligence agencies use the tool to surreptitiously record
and steal data from mobile phones.
The modules, made by the Italian company Hacking Team, were uncovered by
researchers working independently of each other at Kaspersky Lab in Russia
and the Citizen Lab in Canada, who say the findings provide great insight
into the trade craft behind Hacking Team's tools.
The new components target Android, iOS, Windows Mobile, and BlackBerry users
and are part of Hacking Team's larger suite of tools used for targeting
desktop computers and laptops. But the iOS and Android modules provide cops
and spooks with a robust menu of features to give them complete dominion
over targeted phones.
They allow, for example, for covert collection of emails, text messages,
call history and address books, and they can be used to log keystrokes and
obtain search history data. They can take screenshots, record audio from the
phones to monitor calls or ambient conversations, hijack the phone's camera
to snap pictures or piggyback on the phone's GPS system to monitor the
user's location. The Android version can qlso enable the phone's Wi-Fi
function to siphon data from the phone wirelessly instead of using the cell
network to transmit it. The latter would incur data charges and raise the
phone owner's suspicion.
``Secretly activating the microphone and taking regular camera shots
provides constant surveillance of the target -- which is much more powerful
than traditional cloak and dagger operations,'' notes Kaspersky researcher
Sergey Golovanov in a blog post about the findings.
It's long been known that law enforcement and intelligence agencies world
wide use Hacking Team's tools to spy on computer and mobile phone users --
including, in some countries, to spy on political dissidents, journalist s
and human rights advocates. This is the first time, however, that the
modules used to spy on mobile phone users have been uncovered in the wild
Kaspersky and Citizens Lab discovered them after developing new methods to
search for code fragments and digital certificates used by Hacking Team's
The modules work in conjunction with Hacking Team's core surveillance tool,
known as the Remote Control System, which the company markets under the
names Da Vinci and Galileo. [...]
Date: Tue, 24 Jun 2014 17:23:07 +0100
From: Michael Bacon <michaelbacon () tiscali co uk>
Subject: "Foolproof" system to authenticate bank customers by their voice
Barclays Bank is rolling out voice biometrics technology at its call centres
that recognises customers when they start talking. Customers who call
Barclays currently have to share their passcodes or 16-digit debit card
numbers in order to verify themselves.
With the new system, customers can choose to have their voice recorded and
held on file by the bank. Then, when the call to access their account, they
engage in a few seconds of conversation with a staffer.
During that time, Nuance FreeSpeech voice biometrics technology is used to
compare the customer's voice to their unique voiceprint on file, and
silently signals to the employee when the customer's identity has been
Barclays began using the Nuance system at its wealth management arm last
year but is set to introduce it for normal retail customers early next year.
Ashok Vaswani, chief executive, Barclays personal and corporate banking,
told the Sunday Telegraph that the technology is "foolproof" and cuts the
time it takes to verify customers from 90 seconds to 10 seconds.
"Foolproof", eh? So that's all right, then. Being a fool, I can trust it
implicitly. Odd, though, that my Nuance Dragon system still fails to
recognise common words when I have been using it almost daily for nigh on
two years. Barclays' system must be far, far superior.
Date: Tue, 24 Jun 2014 22:45:19 +0000
From: "Dr. Deborah Peel" <dpeelmd () patientprivacyrights org>
Subject: Did you know Equifax buys and sells real-time employment data?
How does Equifax obtain this sensitive and secret information?
Quote: "With the willing aid of thousands of U.S. businesses, including many
of the Fortune 500. Government agencies -- representing 85 percent of the
federal civilian population, including workers at the Department of Defense,
according to Equifax -- and schools also work with The Work Number. Many of
them let Equifax tap directly into their data so the credit bureau can
always have the latest employment information. In fact, these organizations
actually pay Equifax for the privilege of giving away their employees'
The story claims: "It's the biggest privacy breach in our time, and it's
legal and no one knows it's going on," said Robert Mather, who runs a small
employment background company named Pre-Employ.com. "It's like a secret
BUT the story is wrong: the greatest privacy breach of our time is the
collection, aggregation and sale of ALL health data (inside and outside the
healthcare system by companies like IMS Health Holdings.
IMS Health Holdings buys sells and trades personal health data of 500
million people (including electronic health records, prescriptions, claims
data and health info in social media) with "100,00 health data suppliers
covering 780,000 daily data feeds" to create "anonymous" longitudinal,
real-time profiles it sells to "5,000 customers" including the US
The health data broker industry sells far more damaging personal data than
Deborah C. Peel, MD, Founder and Chair, Patient Privacy Rights
http://patientprivacyrights.org/trust-framework/ (512) 732-0033
Date: Tue, 24 Jun 2014 14:06:01 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Privacy concerns loom over 'new' Google domain registration service"
Woody Leonhard | InfoWorld, 24 Jun 2014
Google's invitation-only Domains name registration service works a
lot like the old one but raises new questions about privacy and ad scraping
Date: Tue, 24 Jun 2014 11:28:48 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Two months later, 300K servers still vulnerable to Heartbleed"
Ian Paul, PC World/InfoWorld, 23 Jun 2014
A large number of websites are still vulnerable to the OpenSSL flaw,
but it's unlikely they'll be patched anytime soon.
Currently, there are about 309,197 systems still vulnerable to Heartbleed,
which is a slight drop from the 318,239 Graham discovered in early May. The
slow drop indicates that Heartbleed patching has more or less ended.
As widespread and devastating as Heartbleed is, it's easily one of the
scariest security stories of 2014 -- and doubly so if hundreds of thousands
of servers are likely to remain vulnerable for the foreseeable future.
Date: Wed, 25 Jun 2014 12:07:50 -0400 (EDT)
From: "ACM TechNews" <technews () hq acm org>
Subject: Google Glass Snoopers Can Steal Your Passcode With a Glance
Andy Greenberg, *WiReD News* 24 Jun 2014, via ACM TechNews, June 25, 2014
University of Massachusetts (UMass) Lowell researchers have developed
software that uses video from wearable devices such as Google Glass and
smartwatches to read four-digit PIN codes typed onto an iPad from almost 10
feet away, and from almost 150 feet with a high-definition camcorder. The
software involves a custom-coded video-recognition algorithm that tracks the
shadows from finger taps and could recognize the codes even when the video
did not capture any images on the target devices' displays. "I think of
this as a kind of alert about Google Glass, smartwatches, all these
devices," says UMass Lowell professor Xinwen Fu. "If someone can take a
video of you typing on the screen, you lose everything." The researchers
found that Google Glass identified the four-digit PIN from three meters away
with 83 percent accuracy, while webcam video revealed the code 92 percent of
the time. The software also can identify passcodes even when the screen is
unreadable based on the iPad's geometry and the position of the user's
fingers. The software maps an image of the angled iPad onto a "reference"
image of the device, then looks for the abrupt down and up movements of the
dark crescents that represent the fingers' shadows. Fu plans to present the
findings with his students at the Black Hat security conference in August.
Date: Tue, 24 Jun 2014 14:15:04 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Researchers expect large wave of rootkits targeting 64-bit systems"
Following a downward trend during the past two years, the number of new
rootkit samples rose in the first quarter of this year to a level not seen
since 2011, according to statistics from security vendor McAfee.
"The roadblocks set in place by 64-bit systems now appear to be mere speed
bumps for well-organized attackers, who have already found ways to gain
entry at the kernel level," the McAfee researchers said.
Date: Tue, 24 Jun 2014 14:47:13 -0500
From: Dimitri Maziuk <dmaziuk () bmrb wisc edu>
Subject: Re: Trouble with firefox updates (Durusau, RISKS-28.04)
A more definitive way of customizing Firefox is to simply download the
source code from ftp.mozilla.org, and change it however you wish.
I find this mantra in the Open Sores sales pitch particularly annoying:
everyone capable of actually doing that knows that
a) The amount of effort required to understand (and subsequently change
in a meaningful and non-disruptive way) somebody else's code is 80% of
that of writing your own from scratch. With a codebase size of mozilla's
that a plain crack pipe dream.
b) Even if you can fix the code, you'll still have to build it. With
something size and complexity of firefox I bet it's not entirely trivial
even on freenix where you can fetch the "source package" and all its
pre-requisites. On systems without source package management, with
for-pay development tools, etc., it's basically not worth the trouble.
So who are you preaching to: those who can't do it or those who know why
they can't do it?
Dimitri Maziuk, Programmer/sysadmin BioMagResBank, UW-Madison
Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
End of RISKS-FORUM Digest 28.05
- Risks Digest 28.05 RISKS List Owner (Jun 27)