Search RISKS

The RISKS Digest

Volume 25 Issue 50

Sunday, 4th January 2009

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information features enabled by clicking the flashlight icon above. They are described in the news page. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Sunrise on the post-leap-second era

<Tony Finch <dot@dotat.at>>

Just before the start of this year there was a leap second, and I am looking forward to reading the usual collection of stories about the problems it caused. Over the last several years there has been discussion about abolishing leap seconds, to eliminate the glitches they cause and simplify standard time so that it agrees with the naive model built in to much software and many API and protocol standards. For a recent update on the discussion, see the following slides. http://www.navcen.uscg.gov/cgsic/meetings/48thmeeting/Reports/Timing%20Subcommittee/48-LS%2020080916.pdf The disadvantage is that atomic time has a different length of day to the Earth, and this difference is increasing more and more rapidly. Some people object strongly to the idea of decoupling civil time from the rotation of the Earth, and the break with historical ways of measuring time that this implies. The problem is how to reconcile the simple uniformity of atomic time with the erratic deceleration of the Earth. I believe that my proposal for a rational replacement for daylight saving time also provides an answer to the leap second question. http://catless.ncl.ac.uk/Risks/25.10.html#subj1 The essence of sunrise time is that we reset our clocks each day (by slightly adjusting their timezone) to a fixed time when the sun rises at a benchmark location. For the UK, the benchmark location would be where the Greenwich meridian crosses the Tropic of Cancer. This simple mechanism makes even more daylight available when people are awake than conventional DST, and eliminates political argument. If you are setting civil time according to when the sun rises, then it is by definition coupled to the rotation of the Earth, and there can be no accelerating difference between them. This is true even if the underlying time scale does diverge in this way because it uses fixed-length SI seconds. This mechanism even lasts beyond the time when the current leap second rules become unworkable because we need more than 12 each year. Our systems would only have to know about atomic time and local time, translating between them using the existing time zone mechanism. There would no longer be any need for complicated and unpredictable UTC. Instead we'd gain straight-forward compatibility between the most modern way of keeping time - the atomic clock - and the most ancient - getting up when the sun rises! f.anthony.n.finch <dot@dotat.at> http://dotat.at/

Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance

<"Peter G. Neumann" <neumann@csl.sri.com>>

Starting at midnight on 30 December 2008, the 366th day of the year, Zunes (Microsoft's portable media players) displayed only a frozen start-up screen. [Source: Jenna Wortham, A Year Ticks Over, and Zunes Get Hiccups, *The New York Times*, 1 Jan 2009, National Edition B9; PGN-ed] The most logical cause of this bug would seem to be a programmer forgetting that not all years have 365 days. [This risk was also noted by Martyn Thomas, Martin Ward, and Peter Gregory -- who added this comment: Microsoft is yearning to expand its market space into embedded systems in automobiles, military systems, and other areas. Am I being overly fearful of the consequences of a Microsoft whose products are even more deeply embedded into the machinery of our lives? Today is one of those days when I am distrustful of technology as a path for an easier life. PG See also the following follow-up item from David Magda. PGN] This is of course reminiscent of numerous previous leap-year fiascos previously reported in RISKS. For leap-year historians, do a search on "leap" (year and day help narrow it a little). Even apart from the leap-year digital watch problems noted repeatedly over the years by Mark Brader (see RISKS-25.07), the number of RISKS items is quite large -- particularly in volume 6 (1988), 13 (1992), 17 (1996), 20 (2000), and 25 (2008).

Zounds! Zinger: Zune Zapped Zealously with Zero-tolerance

<David Magda <dmagda@ee.ryerson.ca>>

On Dec 31, 2008, at 20:36, David Magda wrote: > People still can't get leap years right even though they've been > around since Pope Gregory XIII's decree in 1582: > Q: Why did this occur at precisely 12:01 a.m. on December 31, 2008? > A: There is a bug in the internal clock driver causing the 30GB device > to improperly handle the last day of a leap year. > http://forums.zune.net/412486/ShowPost.aspx The issue is an infinite loop: > while (days > 365) { > if (IsLeapYear(year)) { > if (days > 366) { > days -= 366; > year += 1; > } > } else { > days -= 365; > year += 1; > } > } > Under normal circumstances, this works just fine. The function keeps > subtracting either 365 or 366 until it gets down to less than a year's > worth of days, which it then turns into the month and day of month. Thing > is, in the case of the last day of a leap year, it keeps going until it > hits 366. Thanks to the if (days > 366), it stops subtracting anything if > the loop happens to be on a leap year. But 366 is too large to break out > of the main loop, meaning that the Zune keeps looping forever and doesn't > do anything else. http://www.zuneboards.com/forums/349447-post1.html

Backward Hebrew writing on iPhone calendar

<"Steven M. Bellovin" <smb@cs.columbia.edu>>

I recently succumbed to the reality distortion field and bought myself an iPhone. To make sure I have Jewish holidays on my calendar, I used a Mac to subscribe to a web-based calendar; this particular one will, on request, include the name of the holiday in Hebrew as well as in English transliteration. The result was amusing: the Hebrew words are written left-to-right, rather than the proper right-to-left. It's a display problem on the iPhone itself; my Mac's iCal program (from which the iPhone got the data) and the open source Sunbird calendar both display the text correctly. The iPhone's web browser is even more amusing. It displays the text of Hebrew language web pages correctly; however, the characters in the title bar are reversed. Again, Safari on MacOS gets it all right (or, rather, gets it right-to-left). Ah, well — at least it's not a 30GB Zune on December 31 of a leap year.... (http://www.nytimes.com/2009/01/01/technology/personaltech/01zune.html) Steve Bellovin, http://www.cs.columbia.edu/~smb

We can't stop the train because our GPS is broken

<Hawkins Dale <hawkins@hawkinsdale.com>>

http://new.dailyexpress.co.uk/posts/view/77987/ "Passengers on a Southern [England] service from East Croydon were stunned when they were told that their stopping train would skip six stations and go direct to the end of the line in Caterham, Surrey. When they got there the driver said the reason was that the train had lost its satellite link. Apparently the GPS isn't there to determine where to line up the train with the platform. Instead, it senses which station the train's in, so that it knows not to open doors that may not be lined up with the platform, since some stations have short platforms. Other methods, such as having the driver look out the window at the sign, have apparently been discarded in favor of these more modern techniques. There'll always be a Nengland, I guess. [I cannot res-train myself from chuckling. PGN]

Medical devices lag in iPod age; Patients' safety is at risk

<Monty Solomon <monty@roscom.com>>

[Source: Carolyn Y. Johnson, *The Boston Globe*, 29 Dec 2008] A 32-year-old woman was on the operating table for routine gall bladder surgery, and doctors needed a quick X-ray. To keep her chest still while the image was shot, her ventilator was switched off. But the anesthesiologist, distracted by another problem, forgot to turn the breathing machine back on. The woman died. The case is an extreme example of the kind of error that could be prevented if medical devices were designed to talk to each other, says Dr. Julian Goldman, a Massachusetts General Hospital anesthesiologist who has compiled such instances from across the United States to highlight the need for medical device "connectivity." In this case, he says, synchronizing the X-ray machine with the ventilator, so the image was automatically timed to a natural pause in breathing, would have made it unnecessary to turn it off. As technology moves forward, people expect the electronic devices of everyday life to work together, from cellphones that can call or text-message other phones, to computers that interconnect with a slew of gadgets. But in the medical world, where the stakes are higher, such flexible interconnection is rare. Each device operates in its own silo. "It is really unacceptable, and it's one of the reasons we're unable to make dramatic improvements in patient safety," said Goldman, a leader in calling for a new generation of medical devices that talk to each other. Now the push for greater connectedness in hospital electronics is gaining momentum. The goal is devices that can not only plug into one another, but can also "understand" each other and automatically identify potential life-threatening problems sooner than they would have been caught by busy nurses and doctors. In October, a task force — including Partners HealthCare, Mass. General, Johns Hopkins Medicine, Kaiser Permanente, and the Boston-based Center for Integration of Medicine and Innovative Technology — released sample language that hospitals can incorporate into contracts with vendors of medical devices, requiring that manufacturers create products capable of communicating with other devices using agreed-upon standards. ... http://www.boston.com/news/science/articles/2008/12/29/medical_devices_lag_in_ipod_age/

JournalSpace wiped out; no backups

<Lindsay Marshall <Lindsay.Marshall@newcastle.ac.uk>>

Blogging service JournalSpace has been completely wiped out after the drives that housed their entire database were overwritten. The problem was that their backups weren't actually backups at all. The servers were set up with a mirrored RAID system so that if the primary drive should fail, the secondary drive would be used to recover the primary. As a result, when the data was overwritten on one drive, the other followed suit and cleared itself. A data recovery team was unable to retrieve the database. http://lifehacker.com/5122848/hard-lessons-in-the-importance-of-backups-journalspace-wiped-out

Some *digital* reception will go black in February!

<"Daniel P. B. Smith" <usenet2006@dpbsmith.com>>

I'm pretty sure I'm right about this, but I haven't succeeded in getting a clear answer from anyone. It isn't discussed in any FAQ I've seen. On 17Feb 2009, some of the people most surprised by the transition will be those who carefully prepared in advance and are happily watching digital TV over the air with an "HDTV antenna." Because, on February 17th, some of the stations they are watching in _digital_ now will effectively go black. The reason is that the antennas that have been sold for years as "HDTV antennas" or "digital antennas" are UHF-only antennas. This made sense, because VHF antennas are large, bulky, expensive, and difficult to install, and because _currently_ all digital television frequency assignments are in the UHF band. The problem is that on 17 Feb 2009, when the transition occurs, some stations will be moving their signals from the UHF band to the VHF band, to take advantage of VHF spectrum that has been freed up by the cessation of analog broadcasting. For example, according to antennaweb.org, WHDH-DT in Boston, which is currently broadcasting on UHF channel 42, will move to VHF channel 7. However, you will not find any discussion of this on WHDH's website, which contains the stock DTV advice and says nothing about any special considerations in receiving WHDH-DT. Like other FAQs, it refers vaguely to antennas and does not emphasize any need to be sure that your antenna includes VHF capability if you want to receive all stations after February 17th. Not very many people will be affected by this problem. Only those who actually prepared! Another issue is that digital television receivers and converter boxes generally set themselves up automatically when first powered on, scanning through the channels and identifying and marking those where digital signals were found. It is a one-time process and people can forget that it ever took place. I wonder how many DTV receivers will handle the channel reassignments automatically and gracefully? I suspect many people, even if their antennas receive VHF, will simply lose the reassigned channels, perhaps for weeks... until they figure out that they need to initiate a manual rescan and can remember how to do it.

Digital photo frames: risks of infecting PCs

<"Peter G. Neumann" <neumann@csl.sri.com>>

More than 7 million digital frames were sold in 2008, with expectations that perhaps 10 million more might be sold in 2009. However, the 2008 holiday sales included a Samsung 8-inch frame sold by Amazon.com, a 9-inch Element frame sold by Circuit City and a 1.5-inch Mercury frame sold by Wal-Mart -- all of which were infected with malware. [Source: Deborah Gage, *San Francisco Chronicle*, 2 Jan 2009, C1-C2, in a long article, PGN-ed here] Those of you with good memories may recall this as another example of an old problem that keeps recurring: similar infections were experienced during the 2007 holiday sales in frames sold by Sam's Club, Best Buy, Target, and Costco, as reported by Deborah Gage, 15 Feb 2008 and noted in RISKS-25.13. [Thanks to Deborah and the *Chronicle* for the intellectual history as well as the new report.]

Risks of Australians shouting at your hard drive?

<Alec Muffett <Alec.Muffett@Sun.COM>>

ObDisclaimer: I work for Sun, but this is really *neat*: it's a demonstration of what happens when you shout at hard disks / other loud noises, visualised as performance impact — watch the latency spikes: http://uk.youtube.com/watch?v=tDacjrSCeq4 It makes you think.... maybe "audio tempest" next? A sort of inverse of http://www.vimeo.com/1109226?pg=embed ? :-)

Firewall product uses man-in-the-middle attack to defeat SSL crypto

<"Mike Coleman" <tutufan@gmail.com>>

Here's a new wrinkle on man-in-the-middle attacks I'd not seen before. Palo Alto Networks' PA-4000 transparent firewall claims to decrypt SSL traffic passing through it, so that organizations call apply tracking and blocking to HTTPS traffic. As explained in the review (link), users' browsers are configured to trust a new root CA that the PA-4000 itself has the private key for. It then interposes itself into HTTPS requests (and other SSL requests?) by automatically generating a masquerading certificate for the site the user is trying to connect to, decrypting the traffic so that it can be scanned in plaintext on the PA-4000, and finally re-encrypting the traffic with a second HTTPS connection to the true site. I invite my fellow RISKS readers to contemplate the technical, legal, business, and ethical implications of this approach. http://www.informationweek.com/news/hardware/reviews/showArticle.jhtml?articleID=206904763

Woman fools Japan's airport security fingerprint system

<"Peter G. Neumann" <neumann@csl.sri.com>>

[Source: 2 Jan 2009, PGN-ed; thanks to Keith Schwalm] http://www.smh.com.au/travel/woman-fools-japans-airport-security-fingerprint-system-20090102-78rv.html A South Korean woman barred from entering Japan last year has reportedly passed through its immigration screening system by using tape on her fingers to fool a fingerprint reading machine. She told investigators that she placed special tapes on her fingers to pass through a fingerprint reader. (She had been deported in July 2007 for illegally staying in Japan after she worked as a bar hostess in Nagano. She was not allowed to re-enter Japan for five years after deportation but the Tokyo immigration bureau found her in August 2008 again in Nagano.) The biometric system was installed in 30 airports in 2007 to improve security and prevent terrorists from entering into Japan. Japan spent more than Y4 billion ($A64 million) to install the system, which reads the index fingerprints of visitors and instantly cross-checks them with a database of international fugitives and foreigners with deportation records.

The danger of DNA: It isn't foolproof forensics (Dolan/Felch)

<Monty Solomon <monty@roscom.com>>

[Source: Maura Dolan and Jason Felch, *Los Angeles Times*, 1 Jan 2009] In 2004, a New Jersey prosecutor announced that DNA had solved the mystery of who killed Jane Durrua, an eighth-grader who was raped, beaten, and strangled 36 years earlier. "Through DNA, we put a face to the killer of Jane Durrua, and that face belongs to Jerry Bellamy," prosecutor John Kaye said. The killer, however, turned out to be someone else. Two years after Bellamy's arrest, investigators discovered that evidence from the murder scene had been contaminated by DNA from Bellamy, whose genetic sample was being tested at the same lab in an unrelated case. He was freed. Another man ultimately was arrested. DNA has proved itself by far the most effective and reliable forensic science. Over the past two decades, it has solved crimes once thought unsolvable, brought elusive murderers and rapists to justice years after their misdeeds, and exonerated innocent people. In courtrooms and in the popular imagination, it often is seen as unassailable. But as the United States rushes to take advantage of DNA's powers, it is becoming clear that genetic sleuthing has significant limitations: Although best known for clearing the wrongfully convicted, DNA evidence has linked innocent people to crimes. In the lab, it can be contaminated or mislabeled; samples can be switched. In the courtroom, its significance has been overstated by lawyers or misunderstood by jurors. The rush to collect DNA and build databases has in some cases overwhelmed the ability of investigators to process the evidence and follow up on promising leads. Some crime labs have huge backlogs of untested evidence, including thousands of rape evidence kits. In some cases, criminals who might have been caught have offended again. ... http://www.boston.com/news/nation/articles/2009/01/01/the_danger_of_dna_it_isnt_foolproof_forensics/

Phishing Scam Spreading on Twitter

<David Farber <dave@farber.net>>

[From Dave Farber's IP distribution] [Chris Pirillo suggests that you really shouldn't click on the Twitter phishing URL he exhibits. You certainly don't want to sass pirillo [!], because he does show you what would happen. PGN] http://chris.pirillo.com/2009/01/03/phishing-scam-spreading-on-twitter/

Domain registrar hacked; numerous repointings...

<danny burstein <dannyb@panix.com>>

[This incident is related to the ongoing hostilities in the Mideast. I'm posting it here for the technical and security info value. Please keep this neighborhood in mind if following up.] Niv Lillian, Israeli domain registration server hacked, *Israel News*, 2 Jan 2009, from: ynetnews.com (an Israeli based web source) An Islamic group based on Morocco hacked into DomainTheNet's registration system server on Friday, effectively "highjacking" various prominent domain names, the likes of ynetnews.com and Bank Discount, and rerouting users to a page featuring anti-Israel messages. ... Appearing as a defacement attempt at first, the attack soon turned out to be more sophisticated: The hackers were able to obtain a password which granted them access to the server which updates and "translates" the websites' IP addresses into a Domain Name Service; and change the IP's numeral values, effectively rerouting users away from the original websites. ... The site formed by the group featured graphic images of dead bodies and abused Iraqi prisoners. ... http://www.ynetnews.com/articles/0,7340,L-3649281,00.html

Qwest cuts off Internet subs in NM, including government VoIP

<Lauren Weinstein <lauren@vortex.com>>

Apparently as a result of a billing dispute and related lawsuit, Qwest reportedly cut off Internet connectivity to ISP SkyWi in New Mexico, suddenly leaving some 13000 Internet subscribers and 5400 SkyWi VoIP phone subscribers without service. Some reports indicate that those VoIP subscribers suddenly without working phones included NM public safety entities. The NM Public Regulation Commission has now stepped in and ordered Qwest to restore service, but the process has been taking some time. Regardless of who is actually at fault in the billing matter, the behavior of both companies in this situation appears to have been anything but stellar, and again points to the need for a more proactive regulatory approach to Internet access service provisioning. http://tinyurl.com/qwest-cutoff Lauren Weinstein +1 (818) 225-2800 http://www.pfir.org/lauren Blog: http://lauren.vortex.com Network Neutrality Squad http://www.nnsquad.org

Computer vs. food and warmth

<jidanni@jidanni.org>

In order to use the computer, I cannot use the frying pan nor electric blanket. Their cheap circuits cause the computer's uninterruptible power supply to emit an awful whine: http://groups.google.com/groups/search?as_umsgid=87d4f8ow30.fsf%40jidanni.org [A fine example of the EXCLUSIVE OR operation. I hope you don't keep the awful w(h)ine in the refrigerator. PGN]

Yahoo tracking where you go - invasion of privacy

<jidanni@jidanni.org>

Intelligent Speed Adaptation (Re: Douglass, RISKS-25.49)

<Martin Ward <martin@gkc.org.uk>>

Re: Risks of excessive State data collection (Douglass, RISKS-25.49) Answers to many of the questions posed by Toby can be found in the original research paper: http://eprints.whiterose.ac.uk/archive/00002008/ The UK has reduced road deaths from 8,000 per year in 1964 to just over 3,000 per year in 2005: http://www.statistics.gov.uk/CCI/nugget.asp?ID=1208&Pos=&ColRank=1&Rank=374 Most of the reduction is due to "low tech" methods: repainting roads to create space between traffic lanes, speed bumps and other traffic calming methods in built up areas, more junctions controlled by lights, and so on. But the paper above makes a strong case for the "high tech" option. The savings may be overestimated: but every 1% reduction in fatal accidents would mean 30 lives saved each year. When 35 people were killed in the Clapham Junction rail crash, it was in the news for weeks and there was a public Inquiry which led to major changes in the operation of the railways. The inquiry recommended the introduction of an Automatic Train Protection System, at a cost of over £1 billion. Nobody pointed out that in the week of the crash, about 100 people died on the roads. And another 100 in the next week, and another 100 the week after... In the time between the crash and the publication of the report, nine months later, over 100 times as many people had died on the roads, as had died in the crash. martin@gkc.org.uk http://www.cse.dmu.ac.uk/~mward/

Re: License plate camera readers (Re: Arthur T., RISKS-25.49)

<danny burstein <dannyb@panix.com>>

> Fun with speed-trap cameras for revenge There's actually a very good reason why this won't work, at least in regards to making people pay up for the bad tickets. In fact, I've received one myself, which I got dismissed. The key point is that the digital image is NOT a perfectly cropped photograph of "just" the license plate. Rather, the picture (and often it's a sequence of them) includes a hefty portion of the rear of the car, and generally the sides and top as well. In my own case the interpreter of the original photograph, whether human or computer recognition, misread a "0" (the number zero) as an "8", and I received a ticket in the mail. I simply wrote back pointing out that the photo showed the license plate attached to the rear end of a BMW, and that my car was most certainly not from that line. The ticket was promptly dismissed. Annoying? Mildly. But far from critical. Now finding the "real speeder" is left as an exercise to the student...

Search RISKS

Please report problems with the web pages to the maintainer

Top