Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 26.71
18 views
Skip to first unread message
RISKS List Owner
Jan 26, 2012, 6:19:26 PM1/26/12
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Thursday 26 January 2012 Volume 26 : Issue 71
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.71.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Deducing causality? (Jonah Lehrer via PGN)
More on total-system issues; We are all interconnected (PGN)
The Wired Car (Tom Ashbrook via Monty Solomon)
Risks of Instant Messaging in Indy Racing (MLCook)
Passengers on British Airways warned of crash landing (Jim Reisert)
Lawyer Demands Pacemaker Vendor Supply Source Code (Werner U)
$44 million bill from Bronx-Lebanon Hospital (Jim Reisert)
Cameras may open up the board room to hackers (PGN via Nicole Perlroth)
Belarus Is Now Home to the Internet's Most Insane Law (Sam Biddle via LW)
Top 1% NYT Readers are Consuming 50% of the text! (Kevin J. O'Brien via
Bob Frankston)
``Internet Access Is Not a Human Right'' (Vint Cerf via LW)
"Megaupload file seizure shows why many cautious about the cloud"
(Ian Paul via Gene Wirchenko)
Con-men set up face Facebook site asking for donations (Jim Reisert)
Hi-tech heist takes millions from South African Postbank (Jim Reisert)
Hackers post 1000s of Israeli credit card numbers (Danny Burstein)
Viruses stole City College of S.F. data for years (Nanette Asimov via
Jim Reisert)
Thieves steal debit-card PIN keypads (Mark Brader)
Pocket-dialed 911 calls increasingly common (Mark Brader)
Who Is Flying Unmanned Aircraft in the U.S.? (EFF)
Nancy G. Leveson: Engineering a Safer World (PGN)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 9 Jan 2012 10:02:02 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Deducing causality? (Jonah Lehrer)
Jonah Lehrer, Trials and Errors: Why Science is Failing Us, *WiReD* Jan 2012
http://www.wired.com/magazine/2011/12/ff_causation/all/1
Thanks to Kenneth Olthoff for spotting this one. He commented "on how
assumptions about our ability to deduce causality sometimes lead to poor
outcomes." Jonah Lehrer's article says that "The story of torcetrapib is a
tale of mistaken causation" relating to basing analysis on significantly
incorrect assumptions about the effects of raising HDL and lowering LDL.
"Because scientists understood the individual steps of the cholesterol
pathway at such a precise level, they assumed they also understood how it
worked as a whole." The article suggests many broader implications relating
to modern science overall.
This may seem far afield from computer-related risks, but it is exactly the
type of problem with emergent properties that result from compositions of
subsystems. The results are not "side-effects", but rather "effects" that
must be understood systemically, exactly as is the case with pharmaceuticals.
------------------------------
Date: Sat, 21 Jan 2012 9:37:47 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: More on total-system issues; We are all interconnected
Fukushima radiation spreads worldwide
* The University of California at Berkeley detected cesium levels in
San Francisco area milk above over [sic] EPA limits ... and even higher
than they were 6 months ago.
* Finnish public television says that cesium from Fukushima has been
detected in lichens, fungi and elk and reindeer meat in Finland.
* The Australian Radiation Protection and Nuclear Safety Agency
confirmed a radiation cloud over the East Coast of Australia.
* The West Coast of Canada is getting hit by debris from Japan, and
at least some of it is likely radioactive.
The authors of the controversial study claiming 14,000 deaths in the U.S. so
far from Fukushima are now upping their figure to 20,000. [Source: author
unspecified, WashingtonsBlog, 18 Jan 2012]
http://www.washingtonsblog.com/2012/01/fukushima-radiation-spreads-worldwide.html
------------------------------
Date: Tue, 24 Jan 2012 22:28:54 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: The Wired Car (Tom Ashbrook)
On Point with Tom Ashbrook, 12 Jan 2012
Detroit wants to turn your car into a rolling internet connection. We'll
look at cars as the Web on wheels.
You may think your car has enough bells and whistles. Detroit and the rest
of the auto-making world do not. The Detroit Auto Show this week is brimming
with roll-outs and announcements and hints of a super high tech future for
cars.
Cars that are one with the Internet and GPS and your home computer and the
e-cosmos in the cloud. Cars that watch the road, watch you, watch your
Facebook page, your heart rate, your smart phone. Cars that watch each
other, like a flock of birds.
This hour, On Point: Ready or not, cars that are the "Web on wheels," and
more.
-Tom Ashbrook
Guests
* Michelle Krebs, senior analyst at Edmunds.com.
* Hiawatha Bray, tech reporter and columnist for the Boston Globe.
* Doug Newcomb, senior editor of the Technology section at Edmunds.com.
* Jim Buczkowski, director of Research and Advanced Engineering at Ford
Motor Company.
http://onpoint.wbur.org/2012/01/12/the-wired-car
http://onpoint.wbur.org/media-player?url=http://onpoint.wbur.org/2012/01/12/the-wired-car&title=The+Wired+Car&pubdate=2012-01-12&segment=1&source=onpoint
http://audio.wbur.org/storage/2012/01/onpoint_0112_1.mp3
------------------------------
Date: Thu, 5 Jan 2012 08:49:42 -0500
From: <mlc...@wabtec.com>
Subject: Risks of Instant Messaging in Indy Racing
A "Sports Illustrated" article, "New IndyCar race director ready to rewrite
rules" caught my eye. Radios are currently used at the Indianapolis Motor
Speedway to communicate with drivers and their pit crews.
http://sportsillustrated.cnn.com/2012/racing/01/04/beaux.barfield.indycar.ap/index.html
The new race director, Beaux Barfield, will propose using the track's
Internet system to send instant messages instead to communicate between the
pit crews and the control tower.
Barfield believes that if instant messaging had been in use in a recent
controversial race, "All those messages would have popped right up on my
screen, and I would have seen them light up."
Instant messaging for communication during events that happen quickly and at
high speed. Hmmm, I hope they can type fast, and that their network doesn't
have problems during the race.
What could go wrong?
[Get SIRI-ous? Voice-operated messages might be a little better, but
still rather distracting for the driver. PGN]
------------------------------
Date: Fri, 20 Jan 2012 15:28:10 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Passengers on British Airways warned of crash landing
The overnight British Airways trip from Miami to London's Heathrow Airport
was thrown into panic after a recorded message mistakenly announced their
plane was about to crash in the ocean. Thirty seconds later, a crew member
casually announced that the prerecorded announcement was played accidentally
and there was no risk.
http://www.nydailynews.com/news/world/passengers-british-airways-flight-terrified-message-warns-crash-landing-article-1.1007868
Jim Reisert AD1C, <jjre...@alum.mit.edu>, http://www.ad1c.us
[Also noted by ABCNEWS. PGN]
http://abcnews.go.com/blogs/headlines/2012/01/british-airways-errs-in-crash-warning-to-passengers/
------------------------------
Date: Wed, 25 Jan 2012 02:48:52 +0100
From: Werner U <wer...@gmail.com>
Subject: Lawyer Demands Pacemaker Vendor Supply Source Code
https://science.slashdot.org/story/12/01/21/1345247/lawyer-demands-pacemaker-vendor-supply-source-code
oztiks writes "Lawyer Karen Sandler's heart condition means she needs a
pacemaker to ward off sudden death. Instead of trusting that the vendor will
create a flawless platform for the device to operate, Sandler has demanded
to see the device's source code. Sandler's reasoning brings into question
the device's reliably, stability, and oddly enough, security."
http://www.zdnet.com.au/cyborg-lawyer-demands-software-source-339330089.htm
------------------------------
Date: Fri, 20 Jan 2012 15:38:19 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: $44 million bill from Bronx-Lebanon Hospital
Unemployed doorman Alexis Rodriguez couldn't believe his eyes when he opened
an envelope from Bronx-Lebanon Hospital last week and saw what he appeared
to owe. His amount due was $44,776,587 for outpatient services that in
reality amounted to no more than $300.
The billing firm, PHY Services, said it was a simple mistake: The
subcontractor that prints the bills put the invoice number into the *amount
due* field.
https://www.nydailynews.com/life-style/health/44-million-bill-bronx-lebanon-hospital-article-1.1006744
------------------------------
Date: Mon, 23 Jan 2012 9:11:09 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Cameras may open up the board room to hackers (Nicole Perlroth)
One afternoon this month, a hacker took a tour of a dozen conference rooms
around the globe via equipment that most every company has in those rooms;
videoconferencing equipment. With the move of a mouse, he steered a camera
around each room, occasionally zooming in with such precision that he could
discern grooves in the wood and paint flecks on the wall. In one room, he
zoomed out through a window, across a parking lot and into shrubbery some 50
yards away where a small animal could be seen burrowing underneath a
bush. With such equipment, the hacker could have easily eavesdropped on
privileged attorney-client conversations or read trade secrets on a report
lying on the conference room table.
In this case, the hacker was HD Moore, a chief security officer at Rapid7, a
Boston based company that looks for security holes in computer systems that
are used in devices like toaster ovens and Mars landing equipment. His
latest find: videoconferencing equipment is often left vulnerable to
hackers. [...]
[Source: Nicole Perlroth, *The New York Times*, 22 Jan 2012]
http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html?_r=1&partner=rss&emc=rss&pagewanted=all
------------------------------
Date: Tue, 3 Jan 2012 09:54:22 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Belarus Is Now Home to the Internet's Most Insane Law
"Belarus: small. Proud. Kvass-drinking. A long history of dubious human
rights and piddling dictatorship. And now, bound to a law that makes it
illegal to browse foreign websites." ...
http://j.mp/xIK0Vk (Sam Biddle, Gizmodo)
------------------------------
Date: Sat, Jan 7, 2012 at 9:14 PM
From: Bob Frankston <Bob19...@bobf.frankston.com>
Subject: Top 1% NYT Readers are Consuming 50% of the text! (Kevin J. O'Brien)
"The world's congested mobile airwaves are being divided in a lopsided
manner, with 1 percent of consumers generating half of all traffic. The
top 10 percent of users, meanwhile, are consuming 90 percent of wireless
bandwidth." http://j.mp/ybfqiA (Kevin J. O'Brien, *The New York Times*)
Once again we get a story warning us that the bad people are using up the
Internet. It was in both the NYT and Macworld:
http://www.arieso.com/news-article.html?id=3D89
http://www.nytimes.com/2012/01/06/technology/top-1-of-mobile-users-use-half-of-worlds-wireless-bandwidth.html
http://www.macworld.com/article/164665/2012/01/study_iphone_4s_users_consume_the_most_data.html
What makes this version particularly odious is that it plays upon the 1%
meme. I'm well-practiced in debunking this kind of story by comparing it the
modem crisis in the 1990's when we were warned that bad people were using
modems to destroy the phone network so grandma can't make calls. This is
part of a PR offensive by the cellular industry -- look at those interviewed
and all of those unnecessarily loaded words.
I know I'm not alone in this understanding but where is the critical
reporting on this subject? Typically when the press reports biased stories
in politics the politicians are supposed to defend themselves by saying the
other candidates should spend money to counter the stories. (Not a great
system but that's another subject)
In this case what is the constituency that pushes back on this story? I did
post http://rmf.vc/Plight. Where are others?
Of course it would be nice if reporters were more knowledgeable but that may
be expecting too much. There are knowledgeable reporters but they aren=92t
necessarily the ones assigned to dealing with this "story".
------------------------------
Date: Wed, 4 Jan 2012 22:10:37 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Vint Cerf: "Internet Access Is Not a Human Right"
Vint Cerf op-ed in *The New York Times*
http://j.mp/wwL9Ip (New York Times)
"Improving the Internet is just one means, albeit an important one, by
which to improve the human condition. It must be done with an appreciation
for the civil and human rights that deserve protection - without
pretending that access itself is such a right."
------------------------------
Date: Mon, 23 Jan 2012 10:41:44 -0800
From: Gene Wirchenko <ge...@ocis.net>
Subject: "Megaupload file seizure shows why many cautious about the cloud"
(Ian Paul)
Ian Paul, Megaupload file seizure shows why many cautious about the cloud
The takedown of the file-sharing site over copyright violations provides a
warning about being careful where you store stuff. *ITBusiness*, 21 Jan 2011
http://www.itbusiness.ca/it/client/en/home/News.asp?id=65749
Megaupload users are crying foul after their personal files, not necessarily
copyright-infringing material, stored with the file-sharing service was
seized on Thursday along with a trove of illegally distributed copyrighted
works.
Some of those users took to Twitter complaining about the loss of their
files, as first reported by TorrentFreak. "I had files up there...gone
forever..and they were personal recordings! No copyright infringement!" said
Twitter user J. Amir. Another user complained that her work files were now
gone, and others used more colorful language to describe their predicament.
See also Nancy Gohring, IDG News Service, *InfoWorld*, 20 Jan 2012:
Fake Megaupload sites pose a security risk; Some sites that could be
phishing operations claim to be the relaunched Megaupload
http://www.infoworld.com/d/security/fake-megaupload-sites-pose-security-risk-184680
------------------------------
Date: Fri, 20 Jan 2012 15:24:41 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Con-men set up face Facebook site asking for donations
A grieving mother has told how Internet scammers set up a Facebook site
asking for donations to help fund a heart transplant - for her dead
daughter. The fraudster was asking Facebook users to 'share' a link,
claiming that if 1,000 people do so, Zoe would get a free heart transplant.
Further links were placed in the captions, which directed users to a
counterfeit donation page, and then the donations were routed to the
false charity bank account via PayPal.
http://www.dailymail.co.uk/news/article-2088292/Conmen-set-Facebook-site-asking-donations-help-fund-heart-transplant-dead-toddler.html
This could have been done without Facebook, it just would have been harder.
Jim Reisert AD1C, <jjre...@alum.mit.edu>, http://www.ad1c.us
------------------------------
Date: Fri, 20 Jan 2012 15:35:12 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Hi-tech heist takes millions from South African Postbank
A brazen hi-tech heist over three days has left Postbank, part of the South
African Post Office, out of pocket to the tune of 42 million Rand ($5.2M).
A senior IT and banking security expert said yesterday: "The Postbank
network and security systems are shocking and in desperate need of an
overhaul. This [theft ] was always going to be a very real possibility."
http://www.timeslive.co.za/local/2012/01/15/it-was-a-happy-new-year-s-day-for-gang-who-pulled-off...r42m-postbank-heist
[See also John E. Dunn, Gang pulls off $5.2 million bank job via remote access
Glaring IT weaknesses scupper South African bank, *IT Business*, 19 Jan
2012; PGN]
http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=65721
------------------------------
Date: Mon, 2 Jan 2012 22:15:00 -0500 (EST)
From: danny burstein <dan...@panix.com>
Subject: Hackers post 1000s of Israeli credit card numbers
Saudi hackers claimed to have published the credit card details of 400,000
Israelis.
Credit card companies say only hundreds of authentic card numbers were
published in reality. A representative from Visa told Israel Radio it would
call customers in the morning to update them on the status of their
accounts.
The hackers published the list of cards, names and other personal details on
the One sports website, which was hacked...
http://www.jpost.com/International/Article.aspx?id=251943
[Also reported by Isabel Kershner in *The New York Times*, 7 Jan 2012,
Cyberattack Exposes 20,000 Israeli Credit Card Numbers and Details About Users
PGN]
http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html
------------------------------
Date: Fri, 13 Jan 2012 19:52:57 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Viruses stole City College of S.F. data for years (Nanette Asimov)
Nanette Asimov, *San Francisco Chronicle*, 13 Jan 2012
Personal banking information and other data from perhaps tens of thousands
of students, faculty and administrators at City College of San Francisco
have been stolen in what is being called "an infestation" of computer
viruses with origins in criminal networks in Russia, China and other
countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after
Thanksgiving, when the college's data security monitoring service detected
an unusual pattern of computer traffic, flagging trouble.
http://bit.ly/xIsyh9
This is the scary part:
"It's likely that personal computers belonging to anyone who used a flash
drive during the past decade to carry information home were also affected."
------------------------------
Date: Mon, 9 Jan 2012 14:55:51 -0500 (EST)
From: m...@vex.net (Mark Brader)
Subject: Thieves steal debit-card PIN keypads
Tim Hortons is a major Canadian chain of coffee-and-doughnut shops, many of
which have drive-up windows. According to police, two thieves in Toronto
(now arrested) committed a series of thefts as follows. They would drive to
a Tim Hortons drive-up window, order something, and ask to pay by debit.
When the clerk handed out the portable keypad for the driver to enter his
PIN, he would take out a wire cutter, cut the keypad free, and drive off
with it.
Reports say that the keypads could have been reinstalled in retail locations
after being modified into Trojan horses to capture debit card numbers and
PINs.
http://www.cbc.ca/news/canada/toronto/story/2012/01/09/hortons-pin-machines-stolen.html
http://news.nationalpost.com/2012/01/09/a-double-double-a-doughnut-and-your-pin-pad-two-charged-in-tim-hortons-thefts/
Mark Brader, Toronto | "Every new technology carries with it an opportunity
m...@vex.net | to invent a new crime" -- Laurence A. Urgenson
------------------------------
Date: Mon, 9 Jan 2012 19:11:27 -0500 (EST)
From: m...@vex.net (Mark Brader)
Subject: Pocket-dialed 911 calls increasingly common
Police here in Ontario, Canada, have been seeing a substantial increase in
the number of false-alarm calls to the emergency phone number 911 when no
call was intended at all -- "pocket dialing" or "butt dialing". Since a
call with no one talking might still be a real emergency, this ties up
police resources.
In Toronto, about 10% of 911 calls in 2011 were pocket-dialed calls. One of
them came from the acting deputy police chief while he was playing golf;
another caller said "I call you guys, like, every day... if you see my
number, it's an accident". The statistics are even worse in some outer
parts of the Greater Toronto Area, which I suppose have fewer genuine
emergencies per capita: 14% in Halton Region, 33% in Peel Region, and 37% in
York Region!
Police are now campaigning to ask cellphone users to "lock it before you
pocket", but some smartphones can dial 911 even when the phone is locked.
* http://news.nationalpost.com/2012/01/09/ontarios-911-lines-being-smothered-by-pocket-dials/
* http://www.thestar.com/news/article/1112495--any
* http://www.yorkregion.com/news/article/1276413--any
* http://www.torontosun.com/2012/01/08/cops-concerned-about-mistaken-911-call
Mark Brader, Toronto | Subway Emergency Instructions...
m...@vex.net | * Do not pull the emergency cord. -- MTA, NYC
------------------------------
Date: Tue, Jan 10, 2012 at 7:33 PM
From: EFF Press <pr...@eff.org>
Subject: EFF: Who Is Flying Unmanned Aircraft in the U.S.?
Government Withholds Information on Drone Flight Authorizations
San Francisco - The Electronic Frontier Foundation (EFF) filed suit today
against the U.S. Department of Transportation (DOT), demanding data on
certifications and authorizations the agency has issued for the operation of
unmanned aircraft, also known as drones.
Drones are designed to carry surveillance equipment -- including video
cameras, infrared cameras and heat sensors, and radar -- that can allow for
sophisticated and almost constant surveillance. They can also carry
weapons. Traditionally, drones have been used almost exclusively by
military and security organizations. However, the U.S. Customs and Border
Protection uses drones inside the United States to patrol the U.S. borders,
and state and local law enforcement are increasingly using unmanned aircraft
for investigations into things like cattle rustling, drug dealing, and the
search for missing persons.
Any drone flying over 400 feet needs a certification or authorization from
the Federal Aviation Administration, part of the DOT. But there is
currently no information available to the public about who specifically has
obtained these authorizations or for what purposes. EFF filed a Freedom of
Information Act request in April of 2011 for records of unmanned aircraft
activities, but the DOT so far has failed to provide the information.
"Drones give the government and other unmanned aircraft operators a powerful
new surveillance tool to gather extensive and intrusive data on Americans'
movements and activities," said EFF Staff Attorney Jennifer Lynch. "As the
government begins to make policy decisions about the use of these aircraft,
the public needs to know more about how and why these drones are being used
to surveil United States citizens."
Dozens of companies and research organizations are working to develop even
more sophisticated drones, so their use is poised for a dramatic expansion
in the coming years. Meanwhile, news reports indicate that the FAA is
studying ways to integrate more drones into the national airspace because of
increased demand from federal, state, and local governments. EFF's lawsuit
asks for immediate response to our FOIA request, including the release of
data on any certificates and authorizations issued for unmanned aircraft
flights, expired authorizations, and any applications that have been denied.
"The use of drones in American airspace could dramatically increase the
physical tracking of citizens =96 tracking that can reveal deeply personal
details about our private lives," said Lynch. "We're asking the DOT to
follow the law and respond to our FOIA request so we can learn more about
who is flying the drones and why."
Jennifer Lynch, Staff Attorney, Electronic Frontier Foundation
jly...@eff.org +1 415-436-9333 x136
For the full complaint:
https://www.eff.org/sites/default/files/filenode/EFFDroneComplaint.pdf
For more on this case:
https://www.eff.org/deeplinks/2012/01/drones-are-watching-you
Find out more at https://www.eff.org.
------------------------------
Date: Mon, 23 Jan 2012 16:27:59 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Nancy G. Leveson: Engineering a Safer World
This book presents an approach to the design and development of systems with
stringent safety requirements. It is based on Nancy's STAMP model for
safety, which she has been developing and applying for the past decade. The
book is counter-cultural in many respects, and may be of significant
interest to some of you particularly involved in system safety. It is by no
means a complete approach to developing safe systems, but it may have
considerable merit as one more structured approach.
Nancy G. Leveson
Engineering a Safer World:
Systems Thinking Applied to Safety
MIT Press, 2011, xx+534
A brief overview of the Table of Contents gives you an idea of the scope of
the book.
Foundations:
Why Do We Need Something Different?
Questioning the Foundations of Traditional Safety Engineering
System Theory and its Relationship to Safety
STAMP: An Accident Model Based on System Theory
A Systems-Theoretic View of Causality
A Friendly Fire Accident
Using STAMP
Engineering and Operating Safer Systems using STAMP
Fundamentals
STPA: A New Hazard Analysis Technique
Safety-Guided Design
Integrating Safety into System Engineering
Analyzing Accidents and Incidents (CAST)
Controlling Safety during Operations
Managing Safety and the Safety Culture
SUBSAFE: An Example of a Successful Safety Program
Four Appendices:
Definitions
The Loss of a Satellite
A Bacterial Contamination of a Public Water Supply
A Brief Introduction to System Dynamics Modeling
References
Index
------------------------------
Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-...@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-s...@csl.sri.com or risks-un...@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay....@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 26.71
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.71.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Deducing causality? (Jonah Lehrer via PGN)
More on total-system issues; We are all interconnected (PGN)
The Wired Car (Tom Ashbrook via Monty Solomon)
Risks of Instant Messaging in Indy Racing (MLCook)
Passengers on British Airways warned of crash landing (Jim Reisert)
Lawyer Demands Pacemaker Vendor Supply Source Code (Werner U)
$44 million bill from Bronx-Lebanon Hospital (Jim Reisert)
Cameras may open up the board room to hackers (PGN via Nicole Perlroth)
Belarus Is Now Home to the Internet's Most Insane Law (Sam Biddle via LW)
Top 1% NYT Readers are Consuming 50% of the text! (Kevin J. O'Brien via
Bob Frankston)
``Internet Access Is Not a Human Right'' (Vint Cerf via LW)
"Megaupload file seizure shows why many cautious about the cloud"
(Ian Paul via Gene Wirchenko)
Con-men set up face Facebook site asking for donations (Jim Reisert)
Hi-tech heist takes millions from South African Postbank (Jim Reisert)
Hackers post 1000s of Israeli credit card numbers (Danny Burstein)
Viruses stole City College of S.F. data for years (Nanette Asimov via
Jim Reisert)
Thieves steal debit-card PIN keypads (Mark Brader)
Pocket-dialed 911 calls increasingly common (Mark Brader)
Who Is Flying Unmanned Aircraft in the U.S.? (EFF)
Nancy G. Leveson: Engineering a Safer World (PGN)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 9 Jan 2012 10:02:02 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Deducing causality? (Jonah Lehrer)
Jonah Lehrer, Trials and Errors: Why Science is Failing Us, *WiReD* Jan 2012
http://www.wired.com/magazine/2011/12/ff_causation/all/1
Thanks to Kenneth Olthoff for spotting this one. He commented "on how
assumptions about our ability to deduce causality sometimes lead to poor
outcomes." Jonah Lehrer's article says that "The story of torcetrapib is a
tale of mistaken causation" relating to basing analysis on significantly
incorrect assumptions about the effects of raising HDL and lowering LDL.
"Because scientists understood the individual steps of the cholesterol
pathway at such a precise level, they assumed they also understood how it
worked as a whole." The article suggests many broader implications relating
to modern science overall.
This may seem far afield from computer-related risks, but it is exactly the
type of problem with emergent properties that result from compositions of
subsystems. The results are not "side-effects", but rather "effects" that
must be understood systemically, exactly as is the case with pharmaceuticals.
------------------------------
Date: Sat, 21 Jan 2012 9:37:47 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: More on total-system issues; We are all interconnected
Fukushima radiation spreads worldwide
* The University of California at Berkeley detected cesium levels in
San Francisco area milk above over [sic] EPA limits ... and even higher
than they were 6 months ago.
* Finnish public television says that cesium from Fukushima has been
detected in lichens, fungi and elk and reindeer meat in Finland.
* The Australian Radiation Protection and Nuclear Safety Agency
confirmed a radiation cloud over the East Coast of Australia.
* The West Coast of Canada is getting hit by debris from Japan, and
at least some of it is likely radioactive.
The authors of the controversial study claiming 14,000 deaths in the U.S. so
far from Fukushima are now upping their figure to 20,000. [Source: author
unspecified, WashingtonsBlog, 18 Jan 2012]
http://www.washingtonsblog.com/2012/01/fukushima-radiation-spreads-worldwide.html
------------------------------
Date: Tue, 24 Jan 2012 22:28:54 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: The Wired Car (Tom Ashbrook)
On Point with Tom Ashbrook, 12 Jan 2012
Detroit wants to turn your car into a rolling internet connection. We'll
look at cars as the Web on wheels.
You may think your car has enough bells and whistles. Detroit and the rest
of the auto-making world do not. The Detroit Auto Show this week is brimming
with roll-outs and announcements and hints of a super high tech future for
cars.
Cars that are one with the Internet and GPS and your home computer and the
e-cosmos in the cloud. Cars that watch the road, watch you, watch your
Facebook page, your heart rate, your smart phone. Cars that watch each
other, like a flock of birds.
This hour, On Point: Ready or not, cars that are the "Web on wheels," and
more.
-Tom Ashbrook
Guests
* Michelle Krebs, senior analyst at Edmunds.com.
* Hiawatha Bray, tech reporter and columnist for the Boston Globe.
* Doug Newcomb, senior editor of the Technology section at Edmunds.com.
* Jim Buczkowski, director of Research and Advanced Engineering at Ford
Motor Company.
http://onpoint.wbur.org/2012/01/12/the-wired-car
http://onpoint.wbur.org/media-player?url=http://onpoint.wbur.org/2012/01/12/the-wired-car&title=The+Wired+Car&pubdate=2012-01-12&segment=1&source=onpoint
http://audio.wbur.org/storage/2012/01/onpoint_0112_1.mp3
------------------------------
Date: Thu, 5 Jan 2012 08:49:42 -0500
From: <mlc...@wabtec.com>
Subject: Risks of Instant Messaging in Indy Racing
A "Sports Illustrated" article, "New IndyCar race director ready to rewrite
rules" caught my eye. Radios are currently used at the Indianapolis Motor
Speedway to communicate with drivers and their pit crews.
http://sportsillustrated.cnn.com/2012/racing/01/04/beaux.barfield.indycar.ap/index.html
The new race director, Beaux Barfield, will propose using the track's
Internet system to send instant messages instead to communicate between the
pit crews and the control tower.
Barfield believes that if instant messaging had been in use in a recent
controversial race, "All those messages would have popped right up on my
screen, and I would have seen them light up."
Instant messaging for communication during events that happen quickly and at
high speed. Hmmm, I hope they can type fast, and that their network doesn't
have problems during the race.
What could go wrong?
[Get SIRI-ous? Voice-operated messages might be a little better, but
still rather distracting for the driver. PGN]
------------------------------
Date: Fri, 20 Jan 2012 15:28:10 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Passengers on British Airways warned of crash landing
The overnight British Airways trip from Miami to London's Heathrow Airport
was thrown into panic after a recorded message mistakenly announced their
plane was about to crash in the ocean. Thirty seconds later, a crew member
casually announced that the prerecorded announcement was played accidentally
and there was no risk.
http://www.nydailynews.com/news/world/passengers-british-airways-flight-terrified-message-warns-crash-landing-article-1.1007868
Jim Reisert AD1C, <jjre...@alum.mit.edu>, http://www.ad1c.us
[Also noted by ABCNEWS. PGN]
http://abcnews.go.com/blogs/headlines/2012/01/british-airways-errs-in-crash-warning-to-passengers/
------------------------------
Date: Wed, 25 Jan 2012 02:48:52 +0100
From: Werner U <wer...@gmail.com>
Subject: Lawyer Demands Pacemaker Vendor Supply Source Code
https://science.slashdot.org/story/12/01/21/1345247/lawyer-demands-pacemaker-vendor-supply-source-code
oztiks writes "Lawyer Karen Sandler's heart condition means she needs a
pacemaker to ward off sudden death. Instead of trusting that the vendor will
create a flawless platform for the device to operate, Sandler has demanded
to see the device's source code. Sandler's reasoning brings into question
the device's reliably, stability, and oddly enough, security."
http://www.zdnet.com.au/cyborg-lawyer-demands-software-source-339330089.htm
------------------------------
Date: Fri, 20 Jan 2012 15:38:19 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: $44 million bill from Bronx-Lebanon Hospital
Unemployed doorman Alexis Rodriguez couldn't believe his eyes when he opened
an envelope from Bronx-Lebanon Hospital last week and saw what he appeared
to owe. His amount due was $44,776,587 for outpatient services that in
reality amounted to no more than $300.
The billing firm, PHY Services, said it was a simple mistake: The
subcontractor that prints the bills put the invoice number into the *amount
due* field.
https://www.nydailynews.com/life-style/health/44-million-bill-bronx-lebanon-hospital-article-1.1006744
------------------------------
Date: Mon, 23 Jan 2012 9:11:09 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Cameras may open up the board room to hackers (Nicole Perlroth)
One afternoon this month, a hacker took a tour of a dozen conference rooms
around the globe via equipment that most every company has in those rooms;
videoconferencing equipment. With the move of a mouse, he steered a camera
around each room, occasionally zooming in with such precision that he could
discern grooves in the wood and paint flecks on the wall. In one room, he
zoomed out through a window, across a parking lot and into shrubbery some 50
yards away where a small animal could be seen burrowing underneath a
bush. With such equipment, the hacker could have easily eavesdropped on
privileged attorney-client conversations or read trade secrets on a report
lying on the conference room table.
In this case, the hacker was HD Moore, a chief security officer at Rapid7, a
Boston based company that looks for security holes in computer systems that
are used in devices like toaster ovens and Mars landing equipment. His
latest find: videoconferencing equipment is often left vulnerable to
hackers. [...]
[Source: Nicole Perlroth, *The New York Times*, 22 Jan 2012]
http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html?_r=1&partner=rss&emc=rss&pagewanted=all
------------------------------
Date: Tue, 3 Jan 2012 09:54:22 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Belarus Is Now Home to the Internet's Most Insane Law
"Belarus: small. Proud. Kvass-drinking. A long history of dubious human
rights and piddling dictatorship. And now, bound to a law that makes it
illegal to browse foreign websites." ...
http://j.mp/xIK0Vk (Sam Biddle, Gizmodo)
------------------------------
Date: Sat, Jan 7, 2012 at 9:14 PM
From: Bob Frankston <Bob19...@bobf.frankston.com>
Subject: Top 1% NYT Readers are Consuming 50% of the text! (Kevin J. O'Brien)
"The world's congested mobile airwaves are being divided in a lopsided
manner, with 1 percent of consumers generating half of all traffic. The
top 10 percent of users, meanwhile, are consuming 90 percent of wireless
bandwidth." http://j.mp/ybfqiA (Kevin J. O'Brien, *The New York Times*)
Once again we get a story warning us that the bad people are using up the
Internet. It was in both the NYT and Macworld:
http://www.arieso.com/news-article.html?id=3D89
http://www.nytimes.com/2012/01/06/technology/top-1-of-mobile-users-use-half-of-worlds-wireless-bandwidth.html
http://www.macworld.com/article/164665/2012/01/study_iphone_4s_users_consume_the_most_data.html
What makes this version particularly odious is that it plays upon the 1%
meme. I'm well-practiced in debunking this kind of story by comparing it the
modem crisis in the 1990's when we were warned that bad people were using
modems to destroy the phone network so grandma can't make calls. This is
part of a PR offensive by the cellular industry -- look at those interviewed
and all of those unnecessarily loaded words.
I know I'm not alone in this understanding but where is the critical
reporting on this subject? Typically when the press reports biased stories
in politics the politicians are supposed to defend themselves by saying the
other candidates should spend money to counter the stories. (Not a great
system but that's another subject)
In this case what is the constituency that pushes back on this story? I did
post http://rmf.vc/Plight. Where are others?
Of course it would be nice if reporters were more knowledgeable but that may
be expecting too much. There are knowledgeable reporters but they aren=92t
necessarily the ones assigned to dealing with this "story".
------------------------------
Date: Wed, 4 Jan 2012 22:10:37 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Vint Cerf: "Internet Access Is Not a Human Right"
Vint Cerf op-ed in *The New York Times*
http://j.mp/wwL9Ip (New York Times)
"Improving the Internet is just one means, albeit an important one, by
which to improve the human condition. It must be done with an appreciation
for the civil and human rights that deserve protection - without
pretending that access itself is such a right."
------------------------------
Date: Mon, 23 Jan 2012 10:41:44 -0800
From: Gene Wirchenko <ge...@ocis.net>
Subject: "Megaupload file seizure shows why many cautious about the cloud"
(Ian Paul)
Ian Paul, Megaupload file seizure shows why many cautious about the cloud
The takedown of the file-sharing site over copyright violations provides a
warning about being careful where you store stuff. *ITBusiness*, 21 Jan 2011
http://www.itbusiness.ca/it/client/en/home/News.asp?id=65749
Megaupload users are crying foul after their personal files, not necessarily
copyright-infringing material, stored with the file-sharing service was
seized on Thursday along with a trove of illegally distributed copyrighted
works.
Some of those users took to Twitter complaining about the loss of their
files, as first reported by TorrentFreak. "I had files up there...gone
forever..and they were personal recordings! No copyright infringement!" said
Twitter user J. Amir. Another user complained that her work files were now
gone, and others used more colorful language to describe their predicament.
See also Nancy Gohring, IDG News Service, *InfoWorld*, 20 Jan 2012:
Fake Megaupload sites pose a security risk; Some sites that could be
phishing operations claim to be the relaunched Megaupload
http://www.infoworld.com/d/security/fake-megaupload-sites-pose-security-risk-184680
------------------------------
Date: Fri, 20 Jan 2012 15:24:41 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Con-men set up face Facebook site asking for donations
A grieving mother has told how Internet scammers set up a Facebook site
asking for donations to help fund a heart transplant - for her dead
daughter. The fraudster was asking Facebook users to 'share' a link,
claiming that if 1,000 people do so, Zoe would get a free heart transplant.
Further links were placed in the captions, which directed users to a
counterfeit donation page, and then the donations were routed to the
false charity bank account via PayPal.
http://www.dailymail.co.uk/news/article-2088292/Conmen-set-Facebook-site-asking-donations-help-fund-heart-transplant-dead-toddler.html
This could have been done without Facebook, it just would have been harder.
Jim Reisert AD1C, <jjre...@alum.mit.edu>, http://www.ad1c.us
------------------------------
Date: Fri, 20 Jan 2012 15:35:12 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Hi-tech heist takes millions from South African Postbank
A brazen hi-tech heist over three days has left Postbank, part of the South
African Post Office, out of pocket to the tune of 42 million Rand ($5.2M).
A senior IT and banking security expert said yesterday: "The Postbank
network and security systems are shocking and in desperate need of an
overhaul. This [theft ] was always going to be a very real possibility."
http://www.timeslive.co.za/local/2012/01/15/it-was-a-happy-new-year-s-day-for-gang-who-pulled-off...r42m-postbank-heist
[See also John E. Dunn, Gang pulls off $5.2 million bank job via remote access
Glaring IT weaknesses scupper South African bank, *IT Business*, 19 Jan
2012; PGN]
http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=65721
------------------------------
Date: Mon, 2 Jan 2012 22:15:00 -0500 (EST)
From: danny burstein <dan...@panix.com>
Subject: Hackers post 1000s of Israeli credit card numbers
Saudi hackers claimed to have published the credit card details of 400,000
Israelis.
Credit card companies say only hundreds of authentic card numbers were
published in reality. A representative from Visa told Israel Radio it would
call customers in the morning to update them on the status of their
accounts.
The hackers published the list of cards, names and other personal details on
the One sports website, which was hacked...
http://www.jpost.com/International/Article.aspx?id=251943
[Also reported by Isabel Kershner in *The New York Times*, 7 Jan 2012,
Cyberattack Exposes 20,000 Israeli Credit Card Numbers and Details About Users
PGN]
http://www.nytimes.com/2012/01/07/world/middleeast/cyberattack-exposes-20000-israeli-credit-card-numbers.html
------------------------------
Date: Fri, 13 Jan 2012 19:52:57 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Viruses stole City College of S.F. data for years (Nanette Asimov)
Nanette Asimov, *San Francisco Chronicle*, 13 Jan 2012
Personal banking information and other data from perhaps tens of thousands
of students, faculty and administrators at City College of San Francisco
have been stolen in what is being called "an infestation" of computer
viruses with origins in criminal networks in Russia, China and other
countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after
Thanksgiving, when the college's data security monitoring service detected
an unusual pattern of computer traffic, flagging trouble.
http://bit.ly/xIsyh9
This is the scary part:
"It's likely that personal computers belonging to anyone who used a flash
drive during the past decade to carry information home were also affected."
------------------------------
Date: Mon, 9 Jan 2012 14:55:51 -0500 (EST)
From: m...@vex.net (Mark Brader)
Subject: Thieves steal debit-card PIN keypads
Tim Hortons is a major Canadian chain of coffee-and-doughnut shops, many of
which have drive-up windows. According to police, two thieves in Toronto
(now arrested) committed a series of thefts as follows. They would drive to
a Tim Hortons drive-up window, order something, and ask to pay by debit.
When the clerk handed out the portable keypad for the driver to enter his
PIN, he would take out a wire cutter, cut the keypad free, and drive off
with it.
Reports say that the keypads could have been reinstalled in retail locations
after being modified into Trojan horses to capture debit card numbers and
PINs.
http://www.cbc.ca/news/canada/toronto/story/2012/01/09/hortons-pin-machines-stolen.html
http://news.nationalpost.com/2012/01/09/a-double-double-a-doughnut-and-your-pin-pad-two-charged-in-tim-hortons-thefts/
Mark Brader, Toronto | "Every new technology carries with it an opportunity
m...@vex.net | to invent a new crime" -- Laurence A. Urgenson
------------------------------
Date: Mon, 9 Jan 2012 19:11:27 -0500 (EST)
From: m...@vex.net (Mark Brader)
Subject: Pocket-dialed 911 calls increasingly common
Police here in Ontario, Canada, have been seeing a substantial increase in
the number of false-alarm calls to the emergency phone number 911 when no
call was intended at all -- "pocket dialing" or "butt dialing". Since a
call with no one talking might still be a real emergency, this ties up
police resources.
In Toronto, about 10% of 911 calls in 2011 were pocket-dialed calls. One of
them came from the acting deputy police chief while he was playing golf;
another caller said "I call you guys, like, every day... if you see my
number, it's an accident". The statistics are even worse in some outer
parts of the Greater Toronto Area, which I suppose have fewer genuine
emergencies per capita: 14% in Halton Region, 33% in Peel Region, and 37% in
York Region!
Police are now campaigning to ask cellphone users to "lock it before you
pocket", but some smartphones can dial 911 even when the phone is locked.
* http://news.nationalpost.com/2012/01/09/ontarios-911-lines-being-smothered-by-pocket-dials/
* http://www.thestar.com/news/article/1112495--any
* http://www.yorkregion.com/news/article/1276413--any
* http://www.torontosun.com/2012/01/08/cops-concerned-about-mistaken-911-call
Mark Brader, Toronto | Subway Emergency Instructions...
m...@vex.net | * Do not pull the emergency cord. -- MTA, NYC
------------------------------
Date: Tue, Jan 10, 2012 at 7:33 PM
From: EFF Press <pr...@eff.org>
Subject: EFF: Who Is Flying Unmanned Aircraft in the U.S.?
Government Withholds Information on Drone Flight Authorizations
San Francisco - The Electronic Frontier Foundation (EFF) filed suit today
against the U.S. Department of Transportation (DOT), demanding data on
certifications and authorizations the agency has issued for the operation of
unmanned aircraft, also known as drones.
Drones are designed to carry surveillance equipment -- including video
cameras, infrared cameras and heat sensors, and radar -- that can allow for
sophisticated and almost constant surveillance. They can also carry
weapons. Traditionally, drones have been used almost exclusively by
military and security organizations. However, the U.S. Customs and Border
Protection uses drones inside the United States to patrol the U.S. borders,
and state and local law enforcement are increasingly using unmanned aircraft
for investigations into things like cattle rustling, drug dealing, and the
search for missing persons.
Any drone flying over 400 feet needs a certification or authorization from
the Federal Aviation Administration, part of the DOT. But there is
currently no information available to the public about who specifically has
obtained these authorizations or for what purposes. EFF filed a Freedom of
Information Act request in April of 2011 for records of unmanned aircraft
activities, but the DOT so far has failed to provide the information.
"Drones give the government and other unmanned aircraft operators a powerful
new surveillance tool to gather extensive and intrusive data on Americans'
movements and activities," said EFF Staff Attorney Jennifer Lynch. "As the
government begins to make policy decisions about the use of these aircraft,
the public needs to know more about how and why these drones are being used
to surveil United States citizens."
Dozens of companies and research organizations are working to develop even
more sophisticated drones, so their use is poised for a dramatic expansion
in the coming years. Meanwhile, news reports indicate that the FAA is
studying ways to integrate more drones into the national airspace because of
increased demand from federal, state, and local governments. EFF's lawsuit
asks for immediate response to our FOIA request, including the release of
data on any certificates and authorizations issued for unmanned aircraft
flights, expired authorizations, and any applications that have been denied.
"The use of drones in American airspace could dramatically increase the
physical tracking of citizens =96 tracking that can reveal deeply personal
details about our private lives," said Lynch. "We're asking the DOT to
follow the law and respond to our FOIA request so we can learn more about
who is flying the drones and why."
Jennifer Lynch, Staff Attorney, Electronic Frontier Foundation
jly...@eff.org +1 415-436-9333 x136
For the full complaint:
https://www.eff.org/sites/default/files/filenode/EFFDroneComplaint.pdf
For more on this case:
https://www.eff.org/deeplinks/2012/01/drones-are-watching-you
Find out more at https://www.eff.org.
------------------------------
Date: Mon, 23 Jan 2012 16:27:59 PST
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Nancy G. Leveson: Engineering a Safer World
This book presents an approach to the design and development of systems with
stringent safety requirements. It is based on Nancy's STAMP model for
safety, which she has been developing and applying for the past decade. The
book is counter-cultural in many respects, and may be of significant
interest to some of you particularly involved in system safety. It is by no
means a complete approach to developing safe systems, but it may have
considerable merit as one more structured approach.
Nancy G. Leveson
Engineering a Safer World:
Systems Thinking Applied to Safety
MIT Press, 2011, xx+534
A brief overview of the Table of Contents gives you an idea of the scope of
the book.
Foundations:
Why Do We Need Something Different?
Questioning the Foundations of Traditional Safety Engineering
System Theory and its Relationship to Safety
STAMP: An Accident Model Based on System Theory
A Systems-Theoretic View of Causality
A Friendly Fire Accident
Using STAMP
Engineering and Operating Safer Systems using STAMP
Fundamentals
STPA: A New Hazard Analysis Technique
Safety-Guided Design
Integrating Safety into System Engineering
Analyzing Accidents and Incidents (CAST)
Controlling Safety during Operations
Managing Safety and the Safety Culture
SUBSAFE: An Example of a Successful Safety Program
Four Appendices:
Definitions
The Loss of a Satellite
A Bacterial Contamination of a Public Water Supply
A Brief Introduction to System Dynamics Modeling
References
Index
------------------------------
Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-...@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-s...@csl.sri.com or risks-un...@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay....@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 26.71
************************
0 new messages