precedence: bulk Subject: Risks Digest 27.00 (27.97), Volume 27 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 27 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 27 (30 Aug 2012 - 6 Jun 2014) (NOTE: This summary is archived in ftp file risks-27.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/27.00.html.) ---------------------------------------------------------------------- Date: 17 Oct 2007 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 27.00 SUMMARY OF RISKS VOLUME 27 (ongoing) (archived in ftp file risks-27.00) RISKS 27.01 Thursday 30 August 2012 United Airlines Network Outage (Jonathan B Spira) Observation Deck: What Happens When Cars Start Talking to Each Other? (Gabe Goldberg) The Cadillac Your Livery Driver Has Been Dreaming Of (John Pearley Huffman via Monty Solomon) Study says drivers, not cellphones, pose the accident risk (Hiawatha Bray via Monty Solomon) New malware infects VMware VMs (Bob DeSilets) Shared private key can apparently compromise RuggedComSCADA gear (Digital Bond via NNSquad) "How to Secure Data by Addressing the Human Element" (Thor Olavsrud via Gene Wirchenko) "Your car, tracked: the rapid rise of license plate readers" (Cyrus Farivar via Monty Solomon) Data so secure even you can't read it (Ben Moore) I've Got That Syncing Feeling (Craig Forman via Monty Solomon) How to Hack your own Hotmail account (Jeremy Ardley) Don't download that app: US presidential candidates will STALK you with it (John Leyden via Monty Solomon) "Buying Their Way to Twitter Fame" (Austin Considine via Lauren Weinstein) "Twitter's fake followers: Influence for sale" (Bill Snyder via Gene Wirchenko) 5 Design Tricks Facebook Uses To Affect Your Privacy Decisions (Techcrunch) Doug Jones: guest editorial on voter registration (PGN) Re: "How to avoid an Elections-Ontario-style data-breach fiasco" (Gene Wirchenko) Spyware Matching FinFisher Can Take Over IPhone and BlackBerry (Dave Farber, John Fricker) Re: Knight Capital software upgrade costs $440m (Amos Shapir) Re: NYPD unveils new $40 million super computer system (Raj Mathur) Re: Announcement of civil timekeeping meeting (mathew) RISKS 27.02 Thursday 6 September 2012 Hantavirus warning e-mails and letters (Monty Solomon) Lockheed Air-Traffic Upgrade Now on Track, FAA Chief Says (Dave Farber) United Airlines Investigates Network Failure Delaying 580 Flights (Gabe Goldberg) Hack on Saudi Aramco hit 30,000 workstations, oil firm admits (John Leyden via Monty Solomon) Thousands fall victim to utility payment scam (Scott Bauer via Monty Solomon) Can YOU crack the Gauss uber-virus encryption? (John Leyden via Monty Solomon) Harvard Students in Cheating Scandal Say Collaboration Was Accepted (PGN) "Automated DRM keeps spoiling the show, from the DNC to Mars" (Phipps-Samson via Gene Wirchenko) Ustream continues to attempt explaining Hugo Awards stream blackout (Lauren Weinstein) Did YouTube Really Block Michelle Obama's DNC Speech for Copyright Infringement? (Lauren Weinstein) 1 million iOS device IDs leaked after alleged FBI laptop hack (ars technica via Lauren Weinstein) FBI Says Laptop Wasn't Hacked; never possessed Apple device ID file (WiReD via Lauren Weinstein) "When virtualization becomes your worst enemy" (Gene Wirchenko) When GPS Confuses, You May Be to Blame (Randall Stross via Matthew Kruk) 'first ever' Linux, Mac OS X-only password sniffing Trojan spotted (John Leyden via Monty Solomon) Apple patent would disable phone based on location (NBC via Lauren Weinstein) Smartphone apps track users even when shut down (Richard M. Smith) Honeytrap reveals mass monitoring of downloaders (Paul Marks via Dewayne Hendricks) Firefox, Opera allow crooks to hide an entire phish site in a link (John Leyden via Monty Solomon) Test Mercenaries: Quality at Google, 2006-2011 (Mike Bland via jidanni) Re: The Cadillac Your Livery Driver Has Been Dreaming Of (Joel Garry) Re: ... civil timekeeping meeting (Steve Allen) RISKS 27.03 Saturday 29 September 2012 Fake sign causes real outage (John Carr) Healthwatch: RCN subscribers in greater NYC area (Danny Burstein) GAO recommendations on medical device security (Kevin Fu) The disappearing web: Information decay is eating away our history (Gigaom via NNSquad) Double Payments Bedevil Veterans' Pension System (James Dao via Monty Solomon) Joint Typhoon Warning Center blocked for non-US users (jidanni) New Jersey bans smiling in license photos (Mark Thorson) "Major banks hit with biggest cyberattacks in history" (David Goldman via Gene Wirchenko) Cyber Attacks on Banks Expose U.S. Infrastructure Vulnerability (Debra L Tekavec) Using a rental computer? There's a spy-app with that ... (Danny Burstein) Rented Computers Captured Customers Having Sex, F.T.C. Says (Matthew Kruk) The Anti-Cloud? (Mark Thorson) Remote wipe attack not limited to Samsung phones! (Bob Frankston) Hackers Breached Adobe Server in Order to Sign Their Malware (Kim Zetter via Monty Solomon) "Adobe confirms Windows 8 users vulnerable to active Flash exploits" (Gregg Keizer via Gene Wirchenko) Two men admit to $10 million hacking spree on Subway sandwich shops (Dan Goodin via Monty Solomon) Millions of Virgin Mobile accounts at risk of password attacks (Dan Goodin via Monty Solomon) Oracle Database suffers from "stealth password cracking vulnerability" (Lauren Weinstein) Hidden web code means hackers 'can wipe Samsung Galaxy S3' (Bob Frankston) Security experts not understanding security risks (Ars technica via Jeremy Epstein) "Do Not Call List doesn't apply for home business lines: CRTC" (Brian Jackson via Gene Wirchenko) Your Ballot is Now Available (Wendy M. Grossman) No Fundamental Right to a Secret Ballot (Jonathan S. Shapiro) "One poor security choice results in $250,000 Bitcoin heist" (Gene Wirchenko) SPAM with Calendar invites risks... (George Michaelson) Authentication monoculture (Dag-Erling Sm?rgrav) Data breach at IEEE.org: 100k plaintext passwords (Jeffrey Walton) Risks of linking information from Facebook leads to bigamy charges (Thomas Dzubin) Facebook wants you to snitch on your friends not using their real names (Paul Bernal via Lauren Weinstein) "Facebook reveals its evil plans" (Robert X. Cringely via Gene Wirchenko) A new nasty virus and an excellent tool to counter it and others (Paul Robinson) 20% of new PCs in China come with malware pre-installed (Wolfgang Gruener via Jim Reisert) Hidden web code means hackers 'can wipe Samsung Galaxy S3' (Lauren Weinstein) Leaked Apple IDs ... (Gene Wirchenko) Re: When GPS Confuses, You May Be to Blame (Henry Baker) RISKS 27.04 Wednesday 24 October 2012 Alaska Airlines: Operations returning to normal (Doug Esser via Paul Saffo) Apps Alert the Doctor When Trouble Looms (John Karabaic) Error and Fraud at Issue as Absentee Voting Rises (Adam Liptak via PGN) Online schools face backlash as states question results (Stephanie Simon via Monty Solomon) A network scientist examines the lifespan of a fact (Slate via Lauren Weinstein) UK launching "virtual ID card" system / critics fear it's an instant target (Lauren Weinstein) Microsoft robo-DMCA takedown orders run amok (Torrent Freak via LW) Cyberattacks continue to affect U.S. banks (Nicole Perlroth via LW) DDoS attacks on major US banks are no Stuxnet: here's why (ars technica) Another bank software problem (Martyn Thomas) McAfee, Trust Guard certifications can make websites *less* safe (ars technica via LW) The Risks of Bad Mapping (Gene Wirchenko) Support your right to own a 3D printer! (Mark Thorson) Don't just throw your old hard drives into the trash (Jim Reisert) "Phony Facebook application security tests? Say it ain't so, Zuckerberg (Gene Wirchenko) "Windows 8 pirates: No noose is good noose" (Cringely via Gene Wirchenko) "Hackers exploit Skype API to infect Windows PCs" (Ted Samson via GW) Misconduct Widespread in Retracted Science Papers, Study Finds (Carl Zimmer via Monty Solomon) Penn -- Hackers leak personal info of students, employees and alums (Dave Farber) Re: Risks of linking information from Facebook leads to bigamy charges (Amos Shapir) Re: The Anti-Cloud? (Scott Miller) Re: Security experts not understanding security risks (Neil McKellar) Re: "Fake sign causes real outage" (Gene Wirchenko) Re: Mac calendar spam invites (Ed Ravin) REVIEW: "Learning from the Octopus", Rafe Sagarin (Rob Slade) RISKS 27.05 Monday 29 October 2012 NY Times article on changing voter registration addresses in WA and MD (Jeremy Epstein) Numerous voting machines... that count the wrong candidate (Danny Burstein) Paper prophets: Why e-voting is on the decline in the U.S. (Timothy B. Lee via Monty Solomon) "What's in a vote? Only your entire personal profile" (Cringely via Gene Wirchenko) Nissan steer-by-wire cars set for showrooms by 2013 (Martyn Thomas) Mercedes-Benz concerned that car safety laws will crimp in-car apps, Internet connectivity, etc. (Lauren Weinstein) Texas schools punish students refusing to be tracked with microchips (Monty Solomon) Textbook publisher Pearson takes down 1.5M teacher and student blogs With A Single DMCA Notice (Robert Schaefer) Cancel your service? Certainly, ma'am; 11.7 quadrillion euros, please. (Mark Brader) Computer Viruses Are "Rampant" on Medical Devices in Hospitals (David Talbot via Jim Reisert) The Internet isn't the only modern convenience that can get backhoed (Dave Crooke) Credit Card Data Breach at Barnes & Noble Stores (Schmidt/Perlroth via Monty Solomon) "Amazon's DRM drama: Whose Kindle is it anyway?" (R.X.Cringely via Gene Wirchenko) Android apps used by millions vulnerable to password, e-mail theft (Lauren Weinstein) "Legit Android apps rendered unsafe by poor programming, SSL misuse" (Ted Samson via Gene Wirchenko) "Google, Microsoft, and Yahoo fix serious e-mail weakness" (Jeremy Kirk via Gene Wirchenko) How a Google Headhunter's E-Mail Unraveled Massive Net Security Hole (Lauren Weinstein) "What can be learned from the government's cybersecurity bungling" (Christine Wong via Gene Wirchenko) Pakistan to monitor all phone calls, e-mail, other Internet traffic (Lauren Weinstein) Re: "Hackers exploit Skype API to infect Windows PCs" (David Damerell) Re: Hotmail Password Length (Dennis E. Hamilton) Re: ACSAC 2012 early registration deadline is 12 Nov (Robert H'obbes' Zakon) RISKS 27.06 Sunday 4 November 2012 Roles of governments in election oversight and accountability (PGN) NJ e-mail voting article on Freedom-to-Tinker (Andrew W. Appel) Comments on Andrew Appel's blog item (Penny Venetis via PGN) Fiddling voting machines in Ohio (Doug McIlroy) A Huffington Post blog on Recount Roulette (Barbara Simons) Charlie Rose show on elections (Barbara Simons) Excerpt from 0ct 2012 CACM article by Simons and Jones (PGN) Romney and Obama campaign websites leak PII (Jeremy Epstein) Sandy wreaks havoc on Internet infrastructure (Lauren Weinstein) Hurricane Sandy knocked out a phone line 3000+ miles away (John Pettitt) Restoring wired service after Sandy may take 2 weeks, Verizon says (Stephen Lawson via Monty Solomon) Hurricane Sandy also disrupts cellular networks and wired Internet (Jon Brodkin via Monty Solomon) In Sandy's Wake, Cellphone Users Steaming at Hit-or-Miss Service (Lauren Weinstein) RISKS 27.07 Monday 5 November 2012 Ohio -- ES&S's "experimental" patches (Bello/Fitrakis) South Carolina didn't encrypt hacked social security numbers ... (Jeffrey Collins via Lauren Weinstein) FCC Describes 911 and Cellphone Problems (Edward Wyatt and Brian X Chen via NNSquad) Russia launches massive Internet censorship list (Iain Thomson via NNSquad) "What to look for onsite when choosing a colo facility" (Matt Prigge via NNSquad) After Sandy, wired New Yorkers get reconnected with pay phones (Ben Cohen) After Hurricane Sandy: Lessons for the data center" (Paul Venezia via Gene Wirchenko) When your fuel pumps are below sea level... (Danny Burstein) NYU Hospital's Backup System Undone by Key Part in Flooded Basement (Monty Solomon) Why Do Hospital Generators Keep Failing? (Monty Solomon) Re: In Sandy's Wake... (Dimitri Maziuk) Re: Internet Voting in the U.S. (Monty Solomon) Re: Risks in Internet Voting (Joly MacFie) WEIS 2013 Washington DC June 11-12 - Call for Papers (Allan Friedman) RISKS 27.08 Sunday 11 November 2012 Elections and Hurricanes: After the Aftermath of the Math (PGN) Summary of my experiences on the election (Douglas W Jones) My election day reports (Jeremy Epstein) Virginia city's ballot listing Obama as republican, Romney as democrat (Jeremy Epstein) Unusual risk for US voting machines: a spider (Valdis Kletnieks) Covington anomaly: mistaken attribution (PGN) Another misguided call for online voting (Lauren Weinstein) "Estonia gets to vote online. Why can't America?" (Lauren Weinstein) Security Researchers Warn New Jersey's Emergency E-mail Voting Could Be An Insecure, Illegal Nightmare (Matt Blaze via LW) Another article on evoting (Ezra Klein via LW) Government Services in Clouds (Chris Drewe) BGP error in Indonesia blocks Google in other areas (Lauren Weinstein) Did Skype Give a Private Company Data on Teen WikiLeaks Supporter Without a Warrant? (Ryan Gallagher via Monty Solomon) Creative Disruption: Sandy Tells Us, *Let's Start Over* (John F. McMullen) Sandy: NYU hospital power outage... may have been from safety sensors (Danny Burstein) Re: Verizon FIOS phone service (Bill Hopkins) Re: When your fuel pumps are below sea level... (Simson Garfinkel) RISKS 27.09 Wednesday 21 November 2012 Future of Federal Cybersecurity R&D Strategies Webcast (Jeremy Epstein) Largest identity theft ever? (Mark Thorson) Largest U.S. identity theft ever? (Mark Thorson) Two items of potential interest on the 2012 election (Thom Hartmann and Sam Sacks) ORCA, Mitt Romney's high-tech get-out-the-vote program, crashed on Election Day (Michael Kranish via Monty Solomon) "Unleashed! Project Orca, the campaign killer whale" (Robert X. Cringely via Gene Wirchenko) Security issues threaten to derail tablet voting (Rebecca Mercuri) Estonia: WNYC's On the Media (E. John Sebes) Scientists Find Cheaper Way to Ensure Internet Security (John Markoff) Consequences of Facebook photo misidentification (Ken Olthoff via PGN) Android flaw blocks December dates (Mark J Bennison) Big Data and Europe's "Right to be Forgotten" (Lauren Weinstein) Bloomberg news: Why Cell Phones Went Dead After Hurricane Sandy (Susan Crawford via Dave Farber) Less privacy protection for IMAP users (Steven J Klein) Privacy and surveillance (Steve Summit) "Unlocking the brilliance in high tech" (Gene Wirchenko) Re: Summary of my experiences on the election (Richard S. Russell) 2012 Layered Assurance Workshop (LAW) Final Program (Rance DeLong) RISKS 27.10 Thursday 29 November 2012 Commentary on L'Aquila earthquake verdict (Rob Seaman) Drivers adapt to red-light cameras (Jim Reisert) Close margin in Alaska senate race prompts recount (PGN) Skunk knocks Colorado TV station off air (Monty Solomon) Cambridge to Study Technology's Risk to Humans (Sylvia Hui via ACM TechNews) U.S. Congress considers mandating smart cards for Medicare beneficiaries and providers (Kevin Fu) How least-cost routing slams rural telephone service, getting worse (Lauren Weinstein) "Skype vulnerability may have exposed your messages" (Woody Leonhard via Gene Wirchenko) SEC Employees Brought Sensitive Data to Black Hat... (PGN) NASA Suffers Large Data Breach Affecting Employees, Contractors, ... (Bob Charette via Ed Levinson) "Public clouds; risky business for MSPs" (Gene Wirchenko) Hotel room door locks vulnerable to hacking (Mark Thorson) RFID used to track school students (Nick Brown) More on suspended student refusing to wear tracking device (Tim Cushing via Monty Solomon) Barnes & Noble Ebooks expire with your credit card! (Tim Cushing via Monty Solomon) Syria blacks out the Internet (Paul Saffo) Excellent article on Chinese censorhip (Philipp Winter/Jedidiah Crandall via PGN) When It Comes to Security, We're Back to Feudalism (WiReD via Dave Farber) "Malware uses Google Docs as proxy to command and control server" (Lucian Constantin via Gene Wirchenko) Trojan sent blackmails from PCs. Japanese Police arrested PC owners (Chiaki Ishikawa) Cyber Security and Information Intelligence Research Workshop (Frederick T. Sheldon) RISKS 27.11 Tuesday 11 December 2012 How the US Air Force flushed a $1B software project down the drain (Randall Stross via Lauren Weinstein) Iran shipping signals conceal Syria ship movements (Danny Burstein) Syria outage sheds light on U.S. Kill Switch concerns (Robert Lemos via ACM TechNews) 25-GPU cluster cracks every standard Windows password in <6 hours (ars technica via Lauren Weinstein) Inaccurate Apple Maps directions causes 'life threatening issue' for travelers in Australia (Monty Solomon) In Pursuit of McAfee, Media Are Part of Story (Jeff Wise via Monty Solomon) The Illusion Of Online Security (The Diane Rehm Show via Monty Solomon) High-Speed Traders Profit at Expense of Ordinary Investors (Nathaniel Popper and Christopher Leonard) UN Internet regulation talks in Dubai threaten Web freedom (Dan Gillmor via Dave Farber) Lord Leveson calls for curbs on Internet 'mob rule' (Chris Drewe) National Network for First Responders Won't Happen for Years ... (Edward Wyatt via Lauren Weinstein) How Smartphones Are Making Wallets Obsolete (Gabe Goldberg) "A Step Toward E-Mail Privacy" (NYTimes editorial via PGN) Lock Firm Onity Starts To Shell Out For Security Fixes To Hotels' Hackable Locks (Andy Greenberg via Jim Reisert) Mobile Browsers Fail Georgia Tech Safety Test (Michael Terrazas via ACM TechNews) A letter to the President about e-voting (Barbara Simons) 10th International Conference on integrated Formal Methods iFM 2013 (Diego Latella) RISKS 27.12 Monday 24 December 2012 "Kempsey flood defence failure due to waterlogged sensor" (David J Taylor) Zeno proven correct, after all: motionless car speeding! (Henry Baker) Wells Fargo's website buckles under flood of traffic (Monty Solomon) Facebook and Gmail Have Outages (Jonathan B Spira) What Instagram's New Terms of Service Mean for You (Wortham/Bilton via Monty Solomon) Instagram Does an About-Face (Perlroth/Wortham via Monty Solomon) Instagram: 'Wait, Wait! That's Not What We Meant!' (Mike Masnick via Monty Solomon) Stabuniq malware found on servers at U.S. financial institutions (Monty Solomon) "Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents" (J-F Blanchette via Lauren Weinstein) NSA document on iOS security (Gabe Goldberg) NSA targeting domestic computer systems in secret test (Declan McCullagh) How To Pirate Windows 8 Metro Apps, Bypass In-app Purchases (Slashdot via Lauren Weinstein) "You're not anonymous. I know your name, email, and company." (Darren Nix via Lauren Weinstein) 3D-Printing Firm Makerbot Cracks Down On Printable Guns (Henry Baker) Morgan Freeman Viral Newtown Quote Was Fake (Lauren Weinstein) Customer Service Social Engineering Scam on Amazon (Chris Cardinal via Lauren Weinstein) Iranian data-wiper (PGN) Feudal Security (Bruce Schneier) Book Review: Harvey Molotch, "Against Security" (Bruce Schneier) RISKS 27.13 Saturday 12 January 2013 Oscar's E-Voting Problems Worse Than Feared (Hollywood Reporter) Abelson/Creswell: EHRs may add to, not reduce, the cost of health care (David Lesher, Lauren Weinstein) Cox cable e-mail storage failure (James Paul) Browser's break pedal changes into gas pedal once fully stopped (jidanni) Tech Problems Plague Exchanges (Nathan Popper via Dave Farber) IBM's Watson Gets a Swear Filter (Robert Schaefer) Newspaper on Cape Cod Apologizes for a Veteran Reporter's Fabrications (Katharine Q. Seelye via Monty Solomon) Hoax article detailing fake war stayed up on Wikipedia for five years (Lauren Weinstein) Why I never use a non-gas credit card at gas stations... (Paul Saffo) "Instagram debacle shows the user agreement process needs fixing" (Gene Wirchenko) A Chinese Web censor snaps, goes on public rant (Lauren Weinstein) You better brush up on airport security (Peter Houppermans) Online Banking Attacks Were Work of Iran, U.S. Officials Say (David J Farber) "U.S. bank cyber attacks reflect 'frightening' new era" (Antone Gonsalves via Gene Wirchenko) "Microsoft kicks off 2013 with clutch of critical Windows updates" (Gregg Keizer via Gene Wirchenko) "Ruby on Rails patches more critical vulnerabilities" (Jeremy Kirk via Gene Wirchenko) Hackable office phones (PGN) Disney to roll out RFID-enabled 'MagicBand' to guests (Jim Reisert) RISKS 27.14 Tuesday 22 January 2013 Jim Horning, 24 Aug 1942 -- 18 Jan 2013 (PGN) Luther Weeks: Voting Requires Vigilance. Popular Isn't Always Prudent (PGN) Internet resources allow identification of personal genomes via (Lauren Weinstein) France wants to tax Google/Facebook based on users/data collected (Lauren Weinstein) Under pressure, Journal News withdraws gun database, but the mirrors are everywhere ... (Lauren Weinstein) These People Are Now Sharing Horrible Things About Themselves Thanks to Facebook Search (Lauren Weinstein) "Distracted driver hits senior while using her iPod" (Gene Wirchenko) "Facebook Graph Search may be a social engineering nightmare" (Ted Samson via Gene Wirchenko) Risks of inaccurate cellphone tracking info (David Tarabar) Ahmed Al-Khabaz expelled from Dawson College after finding security flaw (David J. Farber, Suresh Ramasubramanian, Steve Crocker) "Red October relied on Java exploit to infect PCs" (Gene Wirchenko) Subject: "how Oracle installs deceptive software with Java updates" (Ed Bott via Gene Wirchenko) "Disabling Java in Internet Explorer: No easy task" (Woody Leonhard via Gene Wirchenko) Just How Dumb Is It For CBS To Block CNET From Giving Dish An Award? (Mike Masnick) The 2013 Best of CES Awards: CNET's story (Lindsey Turrentine via Monty Solomon) Re: EHRs may add to, not reduce, the cost of health care (Dave Parnas) Course announcement: SecAppDev 2013, 4-8 March, Leuven, Belgium (Lieven Desmet) RISKS 27.15 Tuesday 29 January 2013 Digital Map Error May Have Led To Minesweeper Grounding (Paul Saffo) U-verse back up after outage hit thousands (Lauren Weinstein) $180M case management system for social workers may have to be abandoned (Jonathan Thornburg) How AT&T used to put service during emergencies at top priorities (Lauren Weinstein) "Skin cancer apps 'dangerous'" (Robyn Preston via Gene Wirchenko) Grammar badness makes cracking harder the long password (Dan Goodin via Monty Solomon) Student's Expulsion Exposes Computer Science Culture Gap (Robert Schaefer) School that expelled student hacker may have ignored old flaw (Ted Samson via Gene Wirchenko) Man outsources his own job to China (Robert Schaefer) MIT hacked again, URLs redirected (Joanna Kao via Monty Solomon) Mathematicians aim to take publishers out of publishing (Richard van Noorden via Dewayne Hendricks via Dave Farber) Cyber Security in 2013: How Vulnerable to Attack Is U.S. Now? (ACM TechNews) Red October (Peter G. Neumann) Major vulnerabilities in Cisco VoIP phones (Lauren Weinstein) "Twitter flaw gave third-party apps unauthorized access to private messages, researcher says" (Lucian Contstantin via Gene Wirchenko) "Tweeted photos not free to publish, judge rules" (Goyal/MacKenzie via Gene Wirchenko) "World's first 'tax' on Microsoft's Internet Explorer 7" (Gene Wirchenko) 12 Common Election Security Myths (R.G. Johnston via PGN) 12 survival tips from the spouse of a serial startup executive (Jeff Jedras via Gene Wirchenko) Exposure of files on unsecured wireless no excuse to search ... (Jaikumar Vijayan via Monty Solomon) Great blog posting in Scientific American re Comment Moderation (Lauren Weinstein) RISKS 27.16 Thursday 14 February 2013 Super Bowl blackout was caused by electrical relay (Kevin McGill via Henry Baker) Safety investigators identify origin of Boeing 787 battery fire (Jim Reisert) Jared Diamond on risk assessment (Paul Edwards) Man allegedly follows GPS directions to wrong house; shot dead (Chris Matyszczyk via Monty Solomon) Hackers in China Attacked The New York Times for Last 4 Months (Nicole Perlroth) Infiltrate anybody, one-click easy (Steve Summit) "U.S. Said to Be Target of Massive Cyber-Espionage Campaign" (Ellen Nakashima via ACM TechNews) Visa suspicious activity (Leslie Maltz) Password Cracking AES-256 DMGs and Epic Self-Pwnage (Jeremiah Grossman via Monty Solomon) Subject: Security Firm Bit9 Hacked, Used to Spread Malware Security Firm Bit9 Hacked, Used to Spread Malware (Lauren Weinstein) "Researchers devise new attack techniques against SSL" (Lucian Constantin via Gene Wirchenko) Deloitte predicts that in 2013 more than 90 percent of user-generated passwords will be vulnerable to hacking (Jim Reisert) "Canadian business and technology associations oppose anti-spam regulations" (Gene Wirchenko) "Data breach exposes Energy Department's 'continuing story of negligence'" (Gene Wirchenko) "9 iPhone and iPad apps that invade your privacy, and 1 that doesn't" (Tom Kaneshige via Gene Wirchenko) Mandatory Black Boxes in Cars (Nate Cardozo EFF Press) Apparent issue with Facebook Connect is dragging people from around the Web to a moot error page (The Next Web via NNSquad) Did Facebook Just Break Half the Internet? (Gawker via NNSquad) "How Facebook Connect took down the Web" (Peter Wayner via Gene Wirchenko) Read this book by Ross Anderson. It's free. (Rob Slade) FOSE 2013 (Sarah Kneip) RISKS 27.17 Sunday 24 February 2013 Rush Holt on the Oscar Voting (PGN) NASA loses, then restores contact with space station (Jim Reisert) London Underground blacked out in 2003 (Chris Drewe) English Closed Captions of a speech given in spanish (David Tarabar) The Long or Short of the TESLA Tale (Broder vs Musk via PGN) Electronic health records: teething problems? (DKross) Gaming the System (Catherine Rampell) Chinese Army Unit Is Seen as Tied to Hacking Against U.S. (NYTimes) ``Malicious Mandiant Security Report in Circulation'' (Joji Hamada via Jim Reisert) VERY Cold boot attacks on Androids (Anthony Thorn) "Why Java APIs aren't the same as a Harry Potter novel" (Gene Wirchenko) YouTube restores video of crash blocked by NASCAR (Lauren Weinstein) ISP six-strikes starts tomorrow, and the expected results are ... (Lauren Weinstein) IEEE: Can You Trust an Amazon Review? (Lauren Weinstein) "Nowhere to hide: Video location tech has arrived" (Bill Snyder via Gene Wirchenko) Bad idea: Firefox Will Soon Block Third-Party Cookies (Lauren Weinstein) Re: Infiltrate anybody, one-click easy (Al Macintyre, Tom Van Vleck) Microsoft seeks patent for spy tech for Skype (Lauren Weinstein, Dossy Shiobara, David Pollak) 18th International Workshop on Formal Methods for Industrial Critical Systems: FMICS 2013, Call for papers (Diego Latella) RISKS 27.18 Wednesday 6 March 2013 Hyundai controller failure? (PGN) How much does a botnet cost? and Internet voting? (E. John Sebes) Major crash at Yahoo Mail de-activates millions of accounts (Chris J Brady) Re: Yahoo Fails to Restore Millions of Deleted E-Mails (Chris J Brady, Tricia Cole) Yahoo Mail Hack Sending E-mails With Single Link To Rogue Websites (Chris J Brady) Adi Shamir says prepare for "post-crypto" world (Lauren Weinstein) "Are you leaking too much of your real life online?" (Roger A. Grimes via Gene Wirchenko) Users happy to allow strangers to read their e-mail (Paul Saffo) How SSD power faults scramble your data (Lauren Weinstein) "Test your SSDs or risk massive data loss, researchers warn" (Ted Samson) Suit: 185K Spyware Images Sent from Rental Computers (Joe Mandak via Jim Reisert) Evernote hacked: E-mails encrypted passwords stolen (Lauren Weinstein) "Oracle releases emergency fix for Java zero-day exploit" (Lucian Constantin via Gene Wirchenko) "Java zero-day holes appearing at the rate of one a day" (Woody Leonhard via Gene Wirchenko) "Researchers link latest Java zero-day exploit to Bit9 hack" (Lucian Constantin via Gene Wirchenko) First government-sanctioned Japanese hacking contest (Mark Thorson) "Facebook said to fix OAuth-based account hijacking flaw" (Lucian Constantin via Gene Wirchenko) Many companies likely affected by hack of iOS developer forum (Lucian Constantin via Gene Wirchenko) "DNA Gun Tags Rioters for Future Arrest" (Gene Wirchenko) "Researchers discover new global cyber-espionage campaign" (Lucian Constantin via Gene Wirchenko) "Researchers find loophole in Google's two-factor authentication" (Lucian Constantin via Gene Wirchenko) Re: Electronic health records: teething problems? (E. John Sebes, Gene Wirchenko) RISKS 27.19 Monday 11 March 2013 Boeing 787s to create half a terabyte of data per flight (Dag-Erling Smorgrav) Shaw Internet customers up in arms over lost e-mails during 'interruption' (Lauren Weinstein) Radio controlled clocks misinterpret daylight saving time warning bit (Joe Loughry) Tor Exit Nodes Located and Mapped (Steve Schear via Dewayne Hendricks) 9th Circuit Appeals Court: 4th Amendment Applies At The Border; Also: Password Protected Files Shouldn't Arouse Suspicion (Lauren Weinstein) "Facebook does damage control after claims of rigged News Feed" (Zach Miners via Gene Wirchenko) Seattle bar bans Google Glass over privacy concerns (Mark Thorson) "When is your data not your data? When it's in the cloud" (Bill Snyder via Gene Wirchenko) "Maybe, just maybe, users can win the privacy war" (Galen Gruman via Gene Wirchenko) Skype's Been Hijacked in China, and Microsoft Is O.K. With It (Businessweek via David J. Farber) Harvard e-mail spying story (Lauren Weinstein) Harvard's e-mail intrusion explanation fails the smell test (Lauren Weinstein) Re: How SSD power faults scramble your data (Geoff Kuenning) Re: Electronic health records: teething problems? (Arnold Weissberg) Re: Yahoo Mail Hack Sending E-mails With Single Link To Rogue Websites (Chris Drewe, Martyn Thomas) Re: Major crash at Yahoo Mail de-activates millions of accounts (Jonathan Kamens, Chris J Brady, Jonathan Kamens) Re: Trojaned blackmails from PCs. Japanese Police arrested PC owners (Chiaki Ishikawa) RISKS 27.20 Monday 18 March 2013 Election screw-ups in Kenyan election (PGN) Hacking the Papal Election (Bruce Schneier) Replacing car keys with smartphone apps (Arthur T.) Hyundai car controller failure? (PGN) When being a "self starter" isn't a good thing (Jeremy Epstein) Hiding Secret Messages in E-mail Jokes (Lauren Weinstein) Fake silicone fingers strike again (Charles C. Mann) The Internet is a surveillance state (Bruce Schneier) More bad news for RC4 crypto (Lauren Weinstein) "Researchers resurrect and improve CRIME attack against SSL" (Gene Wirchenko) Warning About the Thrift Savings Plan iPhone App (Gabe Goldberg) "Attorney General's testimony on Aaron Swartz raises more questions than answers" (Ted Samson via Gene Wirchenko) Defense Companies Cash in on Gov't Hyped 'Cyber-Security' Threat (Lauren Weinstein) Microsoft: Botched firmware update set off Outlook.com outage (Tim Greene via Jim Reisert) Bloomberg: Hacker Attacks Top Latest U.S. List of Global Threats (Gabe Goldberg) "Mobile to the rescue when an airplane trip goes awry" (Galen Gruman via Gene Wirchenko) The end of Google Reader: Have I got news for you (G.F. via Dewayne Hendricks) Google offers help to attacked /"hacked"/ sites (Lauren Weinstein) Re: Boeing 787s to create half a terabyte of data per flight (Bob Frankston, Steve Loughran) Re: How SSD power faults scramble your data (Dimitri Maziuk) Harvard apologizes after secret e-mail search (Lauren Weinstein) RISKS 27.21 Thursday 21 March 2013 Mars Rover is Repaired, NASA Says (Henry Fountain) Weapons Experts Raise Doubts About Israel's Antimissile System (William J. Broad) Computer Networks in South Korea are Paralyzed in Cyberattack (Choe Sang-Hun) Hospital computer outage does not compromise patent safety (Richard Irvin Cook) Outage at Alchemy Communications data center in Irvine, California (Steve Golson) Cyberattack on Florida election raises questions (Lauren Weinstein) Details on the denial of service attack that targeted Ars Technica (Dewayne Hendricks) The ephemeral Internet (Bob Frankston) TSA tested program that tracked Bluetooth devices (Henry Baker) Tom Coburn Amendment Limiting National Science Foundation Research Funding Passes Senate (Lauren Weinstein) Re: Hacking the Papal Election (Sam Steingold, Neil Maller) Re: Boeing 787s to create half a terabyte of data per flight (PK, Dag-Erling Smorgrav) Re: "Attorney General's testimony on Aaron Swartz raises more questions than answers" (Jonathan Kamens) Sorry Google; you can Keep it to yourself (Joe Touch) RISKS 27.22 Saturday 23 March 2013 Small furry animals and slithering snakes vs Electric Utilities (Ishikawa) Panama Canal Railway upgrade problems (Robert Heuman) National Vulnerability Database is hacked! (Mark Thorson) Re: Weapons Experts Raise Doubts About Israel's Antimissile System (Amos Shapir) Feds announce massive scanning of private Internet communications (Lauren Weinstein) Google's trust problem (Ezra Klein via Dewayne Hendricks) "Smile, you're on Google Glass, whether you like it or not" (Caroline Craig via Gene Wirchenko) "Andrew Auernheimer joins growing list of so-called hackers facing harsh justice" (Ted Samson via Gene Wirchenko) Security hole lets Apple passwords be reset with e-mail addr, DoB (Chris Welch via Jim Reisert) Re: Electronic health records: teething problems?" (William Pociengel) Re: Mars Rover is Repaired, NASA Says (William Pociengel) Re: Fake silicone fingers strike again (Amos Shapir) Re: Attorney General's testimony on Aaron Swartz raises more ... (Wol) Microwave oven interference robustness mode (Jidanni) RISKS 27.23 Saturday 30 March 2013 IRS: Tax glitch affects about 660K returns (Heather Hollingsworth via Monty Solomon) Panama Canal Railway hit after upgrade (Bob Heuman) Online Dispute Becomes Internet-Snarling Attack (Markoff/Perlroth via Monty Solomon) More on Spamhaus et al. (sender anonymized by request) More cyberscares from our governments (Lauren Weinstein) SSL, RC4, and Site Administrators (Steve Bellovin) Microwave oven interference robustness mode (jidanni) Saudi Arabia 'threatens Skype ban' (Lauren Weinstein) FBI wants real-time access to ... well ... pretty much everything (LW) NYPD Facial Recog Unit Uses Facebook, Instagram To Track Down Suspects (LW) Big Data and a Renewed Debate Over Privacy (Steve Lohr via Monty Solomon) Database Is Shut Down by NASA for a Review (Mark Mazzetti via Monty Solomon) "12 hard truths about cloud computing" (Peter Wayner via Gene Wirchenko) "One in six Amazon S3 storage buckets are ripe for data-plundering" (Ted Samson via Gene Wirchenko) Some digital cameras easily turned into spying devices (Lauren Weinstein) Google offers *offline* language translation support for Android (LW) Risks of using other people's libraries (Phil Nasadowski) 25,000 could be affected by data breach at Salem State University (Monty Solomon) "Twitter-shaming can cost you your job" (Ted Samson via Gene Wirchenko) "Cisco inadvertently weakens password encryption in IOS (Lucian Constantin via Gene Wirchenko) Password must contain multiple character classes... (jidanni) "Microsoft Employee Info Being Hacked Through Xbox Live" (Chris Paoli via Gene Wirchenko) "Updated Windows 8 apps not in sync with Google Calendar" (Woody Leonhard via Gene Wirchenko) Re: Small furry animals ... (jericho) RISKS 27.24 Sunday 7 April 2013 Chinese Government To Buy Dell (Steven J. Greenwald) Deeper Meaning in a Live YouTube April Fools' Gag (Lauren Weinstein) New Test for Computers - Grading Essays at College Level (Gabe Goldberg) "Fix your DNS servers or risk aiding DDoS attacks" (Ted Samson via Gene Wirchenko) "Cyber criminals tying up emergency phone lines through TDoS attacks" (Ted Samson via Gene Wirchenko) Prenda Law's Attorneys Take The Fifth Rather Than Answer Judge Wright's Questions (Lauren Weinstein) "Firefox 20 ups HTML5 support, adds dev tools and per-tab Private Browsing" (Gene Wirchenko on Ted Samson) MS apologizes for employee's Xbox Durango 'always-online' tweets (Lauren Weinstein) "Ransomware uses victims' browser histories for increased credibility" (Lucian Constantin via Gene Wirchenko) ZIP Codes Are Definitely "Personal Identification Information" (Monty Solomon) Everything We Know About What Data Brokers Know About You (Monty Solomon) Mozilla Firefox CPU hog ?? (Henry Baker) `Massive' Cyberattack Wasn't Really So Massive (David Talbot) Risks of ASCII-formatting mathematics (Bill Stewart) Sears Discloses User-Selected PIN (Richard Karash) Online tax returns, You're Doing It Wrong... (Valdis Kletnieks) Wow! Are we still in the 1990s? (Gene Spafford) RISKS 27.25 Friday 19 April 2013 The Boston Marathon bomber: Caught on film? (Kate Dailey via Monty Solomon) How the Internet Accused a High School Student of Terrorism (PGN) Citizen Surveillance Helps Officials Put Pieces Together (Fowler/Schectman) The Shame of Boston's Wireless Woes (Dewayne Hendricks) American Airlines computer glitch grounds flights (ibm36044) Venezuela constitution bans recounting of votes ... (Bob Heuman) Reclaiming the American Republic from the corruption of election funding (KurzweilAI via Michael Cheponis via Dewayne Hendricks) Reinhart and Rogoff: 'Full Stop,' We Made A Microsoft Excel Blunder In Our Debt Study, And It Makes A Difference (Joe Weisenthal via Geoff Goodfellow) Economic policy decisions may be affected by spreadsheet errors (Jeremy Epstein) Buggy spreadsheets and the economy (Valdis Kletnieks) The risks of/when not releasing your code & data (Paul Nash) Vint Cerf Explains How to Make SDN as Successful as the Internet (Stacey Higginbotham via ACM TechNews) Video: "The Internet: A Warning From History" (Lauren Weinstein) DDoS Attack Bandwidth Jumps 718% (Geoff Goodfellow) Laptop goes up in flames (Jordan Graham via Monty Solomon) How do you code a secure system? (Earl Boebert) Fake Twitter accounts earn real money (Mark Thorson) French homeland intelligence threatens a volunteer sysop to delete Wikipedia Article (Lauren Weinstein) An English language version of the Wikipedia article (NNSquad) American Express Australia Mail Merge Stuff-up (Don Gingrich) RISKS 27.26 Tuesday 23 April 2013 LAX terminal signs hacked (Paul Saffo) AP fooled by phishing attack (Lauren Weinstein) Taiwan issues duplicate license plate numbers (jidanni) EU Car Type-Approval Awkwardness (Chris Drewe) FAA Approves Boeing 787 Battery Fix Allowing Flight Resumptions (Bloomberg) New lithium ion battery design (PGN) Two items on Internet use, etc. vs. distracted driving (Lauren Weinstein) More in New York City Qualify as Gifted After Error Is Fixed (Al Baker via Jim Reisert) Neil Richards on the Dangers of Surveillance (Lauren Weinstein) Crowdsourcing a lynch mob (Mark Thorson) Re: The Shame of Boston's Wireless Woes (Bob Frankston) Re: Economic policy decisions may be affected by spreadsheet errors (John Levine, Amos Shapir) Re: American Express Australia Mail Merge Stuff-up (John Levine) Churnalism: Discover When News Copies from Other Sources (Lauren Weinstein) RISKS 27.27 Saturday 4 May 2013 US election fraud (Gary Hinson) Computer Problems in Three States Hamper Student Proficiency Tests (AP item via Monty Solomon) "McAfee spots Adobe Reader PDF-tracking flaw" (Jeremy Kirk via Gene Wirchenko) Cellphone Thefts Grow, but the Industry Looks the Other Way (Monty Solomon) News on Lulszec hackers (PGN) Dutch cyberattack suspect arrested in Spain (Lauren Weinstein) This Powerful Spy Software Is Being Abused By Governments Around The World (Geoff Goodfellow) What happens when pirates play a game development simulator and then go bankrupt because of piracy? (Patrick via Richard Berlin via Dave Farber) "Malware hijacks Twitter accounts to send dangerous links" (Jeremy Kirk via Gene Wirchenko) "The taxman cometh for cloud services" (Caroline Craig via Gene Wirchenko) "Cloud computing gets CIA endorsement" (CDN Staff via Gene Wirchenko) Anyone can send private messages to the deceased person (jidanni) UK Gov passes Instagram Act: All your pics belong to everyone now (LW) U.S. Lawmaker Proposes New Criteria for Choosing NSF Grants (ScienceInsider via Dave Farber) Fake Post Erasing $136 Billion Shows Markets Need Humans (Monty Solomon) More on That Spreadsheet Error (James Madison via Richard S. Russell) Microsoft re-releases botched patch as KB 2840149, but problems remain (Woody Leonhard via Gene Wirchenko) Shame on Verizon:: Some Customers in Manhattan, NYC Out Since Sandy -- 186 Days and Counting (Bruce Kushnick via Dewayne Hendricks via DF) "EFF reports reveals tech's loosest lips, tightest grips" (RXC via Gene Wirchenko) LAX sign story just gets better and better... (Brian Sumers via Paul Saffo) "The Delete Squad: Google, Twitter, Facebook and the new global battle over the future of free speech" (TNR via LW) Re: The Shame of Boston's Wireless Woes (Chris Drewe) Re: Economic policy decisions may be affected by spreadsheet errors (Michael Kohne, Amos Shapir) Re: Risks of ASCII-formatting mathematics (Steven Bellovin) Re: Taiwan issues duplicate license plate numbers (Bob Frankston) Two items on Internet use, etc. vs. distracted driving (Bob Frankston) Re: Laptop goes up in flames (David Tarabar) Re: New lithium ion battery design (Anthony Thorn) Call for Full Papers and Structured Abstracts - 2013 LASER Workshop: Learning from Authoritative Security Experiment Results (Ewdward Talbot) RISKS 27.28 Friday 17 May 2013 In Malaysia, online election battles take a nasty turn (Lauren Weinstein) Pilots communicate with ATC with text messages (Diomidis Spinellis) Flight cancelations: risk of a required printout (Jared Gottlieb) CPSR dissolution; Gary Chapman gets CPSR's Norbert Wiener Award (Doug Schuler) Cyberattacks Against U.S. Corporations Are on the Rise (NYTimes) In Hours, Thieves Took $45 Million in ATM Scheme (Marc Santoram) Theft of an iPhone Sets Off a Cinematic High-Speed Chase (Michael Wilson via Monty Solomon) "Android threats growing in number and complexity, report says" (Lucian Constantin) Privacy Breach on Bloomberg's Data Terminals (Chozick/Protess via Gene Wirchenko) "Microsoft Warns of Facebook Hijack via Browser Plugin" (Chris Paoli) "Microsoft admits zero-day bug in IE8, pledges patch" (Gregg Keizer via Gene Wirchenko) Schnucks supermarkets credit card data hacked & exposed (Paul Robinson) Man Messages Entire Internet (Chris J Brady) Woman uses Facebook to `stalk' herself and try frame ex-boyfriend (Lauren Weinstein) Name.com security breach: passwords reset; e-mail, credit info ... (Lauren Weinstein) How unique are you? (Martyn Thomas) More info about that recent bank/ATM international scam (Danny Burstein) "Exploiting a Bug in Google's Glass" (Gene Wirchenko) Google Glass Picks Up Early Signal: Keep Out (David Streitfeld via Monty Solomon) Re: Economic policy decisions may be affected by spreadsheet errors (Don Hacherl, Dennis F. Hamilton, Chris Drewe) Re: McAfee spots Adobe Reader PDF-tracking flaw (Henry Baker) Re: LAX sign story just gets better and better... (Anthony Thorn, Eric Ferguson) RISKS 27.29 Saturday 25 May 2013 CPSR's demise (Rebecca Mercuri) World's largest "agile" software project close to failure (Lauren Weinstein) "New Spear-Phishing Campaign Infects 12,000 Worldwide" (Chris Paoli via Gene Wirchenko) Is IT the only place having estimate problems? (Paul Robinson) Google indexes Greek IRS database of companies registered in Greece. (Vassilis Prevelakis) PCMag: How to Hack Twitter's Two-Factor Authentication (Lauren Weinstein) Curious press release from phone encryption service (Mark Frauenfelder via Dewayne Hendricks) Smartphone Wi-Fi client security weakness (Lauren Weinstein) "Growing mobile malware threat swirls mostly around Android" (Stephen Lawson via Gene Wirchenko) Skype scans all your messages: Heise reports (Peter Houppermans) Skype spying (Mark Thorson) "Is Microsoft peeking into your Skype messages?" (John P, Mello Jr. via Gene Wirchenko) Cyber Attack Affects Thousands of Akron Taxpayers (Danny Burstein) Making Quantum Encryption Practical (Larry Hardesty) Phone Firms Sell Data on Customers (Anton Troianovski via Monty Solomon) Re: Pilots communicate with ATC with text messages (Peter Bernard Ladkin, Diomidis Spinellis, John Levine, PBL, DDS) USA Intellectual Property Theft Commission Recommends Malware! (Lauren Weinstein) Re: Cell phone tracking -- an example (Tony Rajakumar responding to others) RISKS 27.30 Wednesday 29 May 2013 Resolved: The Internet is no place for Critical Infrastructure (Dan Geer) Online Currency Exchange Accused of Laundering $6 Billion (Santora et al. via Monty Solomon) The hazards of gambling (Stephen Unger) Employees clueless on cyber security (Chris J Brady) "Researchers find more versions of digitally signed Mac OS X spyware" (Lucian Constantin via Gene Wirchenko) "U.S. power companies under frequent cyber attack" (Jeremy Kirk via Gene Wirchenko) Disruptions: At Odds Over Privacy Challenges of Wearable Computing (Nick Bilton via Monty Solomon) Risks of reporting a bug to the wrong place (Paul Robinson) Fed. Appeals Court Says Police Need Warrant to Search Phone (Slashdot) Anti-Risk? Google Maps updates bridge outage in map mode (Gene Wirchenko) Reporters use Google, find breach, get branded as "hackers" (Lauren Weinstein) Current disruptions of traffic to Google products and services (jidanni) Google announces open access to its research publications, now that ACM will permit it (Lauren Weinstein) Re: Curious press release (Peter Houppermans) Risks of spreadsheets (Steve Loughran) Re: spreadsheet errors (Dimitri Maziuk) Re: "Economic policy decisions may be affected by spreadsheet errors" (Gene Wirchenko) REVIEW: "The CERT Guide to Insider Threats" by Dawn Cappelli, Andrew Moore, and Randall Trzeciak (Richard Austin) RISKS 27.31 Friday 31 May 2013 Captcha fail leaves blind people unable to sign petition (Drew Guarini via Jim Reisert) Ruby on Rails vulnerability to compromise servers, create botnet (Lucian Constantin via Gene Wirchenko) "Twitter's two-factor authentication can be abused" (Lucian Constantin via Gene Wirchenko) From Bad to Worse: Online Repression in the Gulf (EFF via Lauren Weinstein) Browser 'Back' button may cause student loan application to fail (John Standen) EFF: Computer Scientists Urge Court to Block Copyright Claims in Oracle v. Google API Fight (Lauren Weinstein) The risks of Public Wi-Fi [sic] (Bob Frankston) Re: Risks of reporting a bug to the wrong place (Paul Robinson) Re: The Internet is no place for Critical Infrastructure (Bob Frankston) Re: Risks of spreadsheets (Bob Frankston) Re: The Hazards of Gambling (Martin Ward) Die Passwords! Die! (Lauren Weinstein) RISKS 27.32 Tuesday 4 June 2013 BA plane's emergency landing at LHR caused by maintenance error (Gwyn Topham via PGN) `Ultra-secure' online primary in France disrupted by multiple and fake voting (John Lichfield via NNSquad) Public Internet election in France marred by vulnerabilities that were demonstrated by journalists (PGN) UK takes more moves toward true police state status (Alison Langley via NNSquad) "FBI Internet-tapping good for criminals, bad for everyone else" (Ted Samson via Gene Wirchenko) Google's new Moto X superphone will spy on you 24/7, and you'll like it (Joly MacFie) Google cuts grace period on exploits from 60 days to 7 (Mark Thorson) Free Android app to skim credit cards (Prashanth Mundkur) Apple says you can't use the iTunes/App Store when you travel abroad (Vassilis Prevelakis) "Spam catchers catching spammers better" (Woody Leonhard via Gene Wirchenko) Launch of OpenBook Wisconsin -- One for targeted advertisers (Dimitri Maziuk) I thought it was a fake Flickr message (jidanni) NFP regarding the "blind captcha" problem (Danny Burstein) Re: The Hazards of Gambling (Chris Drewe) Re: The Internet is no place for Critical Infrastructure (Chris Drewe) Re: Risks of spreadsheets (Pete Kaiser) RISKS 27.33 Thursday 6 June 2013 Re: BA plane's emergency landing at LHR caused by maintenance error (Clive Page) Data protection in the EU: the certainty of uncertainty (Cory Doctorow) NSA collecting phone records of millions of Americans daily (Paul Owen via Dave Farber) "In digital era, privacy must be a priority. Is it just me, or is secret blanket surveillance obscenely outrageous" (Al Gore) "The BYOD Mobile Security Threat Is Real" (Tom Kaneshige via Gene Wirchenko) Re: The Hazards of Gambling (FriedBadger) Re: Risks of spreadsheets -- and leap seconds (Bob Frankston) Re: Apple says you can't use the iTunes/App Store ... abroad (Steve Wildstrom) RISKS 27.34 Wednesday 12 June 2013 NSA, FBI collecting content from Google, Facebook, other services (Stephen Lawson via Gene Wirchenko) "NSA to everyone: Take your PRISM, it's good for you" (R.X.Cringely via Gene Wirchenko) On PRISM and admins (PGN) New Xbox by NSA partner Microsoft will watch you 24/7 (William Green via Henry Baker) Government wants to block much cell phone, etc. use in cars (WiReD via Lauren Weinstein) Yet another Google Update affecting many sites... (Paul Wilcock) Robbing a Gas Station: The Hacker Way (Nicole Perlroth via Matthew Kruk) Peninsula woman battles DMV over alleged false conviction (Paul Saffo) "Patients' Medical Info Left on Bus" (Gene Wirchenko) Energy-efficient lighting may worsen sleep deficiencies (Johnson/Greenhouse via Monty Solomon) Risks of spreadsheets -- and leap seconds (Gene Wirchenko) Re: BA plane's emergency landing at LHR caused by maintenance error (Phil Smith III, Andy Cole, Dag-Erling Smorgrav, Jim Geissman) Re: Cowlings Coming Loose from Engines - Human Factors at Work? (John C. Bauer) Re: The Hazards of Gambling (Martin Ward) Risks 27.35 Tuesday 18 June 2013 Metacharacters bite again (Jeremy Epstein) Online ballot fraud in Miami (Marc Caputo and Patricia Mazzei) Accidental bank transfer (Gunnar Peterson via Jeremy Epstein) FDA issues draft guidance on cybersecurity for medical devices (Kevin Fu) Static electricity in clothes ignites carpet (Martyn Thomas) Found a home via wifi (jidanni) Attacks coming from Amazon Web services (Geoff Kuenning) An Innovative Inno/Vention (Gabe Goldberg) Hard to get that much out of the ATM (Paul Robinson) NSA et al.: it started well before "1984"... (Peter Houppermans) Richard Clarke: Why you should worry about the NSA (Richard Forno) Ray Ozzie on Spying (David Farber) More Intrusive Than Eavesdropping? NSA Collection of Metadata ... Personal Info ... (Dewayne Hendricks via Dave Farber) Outsourced: How the FBI and CIA Use Private Contractors to Monitor (Stephen Benavides) Government Secrets and the Need for Whistleblowers (Bruce Schneier) T-Mobile, Verizon Wireless not under U.S. data watch: foreign ties (Lauren Weinstein) RISKS 27.36 Saturday 6 July 2013 Risks related to RISKS during my Seasonal Slowdown Chrysler to recall 840,000 vehicles (Amos Shapir) Switching away from the PSTN on Fire Island (Paul Alan Levy) Switching away from the PSTN on Fire Island: NY AttyGen responds (Lauren Weinstein) What's good for the goose is good for the gander (Bob Sullivan via Henry Baker) Skype has been intercepted from before 2009 (Peter Houppermans) License-plate readers let police collect millions of driver records (Henry Baker) Social engineering... Lowe's employees got fooled... (Danny Burstein) "Ransomware on Android: It was only a matter of time" (Ted Samson via Gene Wirchenko) Eager beaver blamed for killing Internet, cell service" (Gene Wirchenko) How innocent man's DNA got to crime scene (Henry K. Lee via Paul Saffo) Attackers sign malware using stolen Opera Software crypto certificate (Lauren Weinstein) *Newsweek* cover story: ``Is Privacy Dead?'' -- 27 July 1970 (Lauren Weinstein) WashDC Metro Identifies Problem With Emergency Call Buttons on Trains (Gabe Goldberg) Double generator failure takes out two campuses (Richard A. O'Keefe) Novopay Ministerial Inquiry Report available (Richard A. O'Keefe) Why are software development task estimations regularly so far off? (Paul Robinson) Identity theft treasure trove (Henry Baker) Re: Cowlings Coming Loose from Engines: Human Factors at Work? (Craig Burton) RISKS 27.37 Monday 22 July 2013 UK flights affected by computer problems (Martyn Thomas) Parts installed upside-down caused Russian rocket to explode (Doug Hosking) PayPal giveth US$92 Quadrillion in error and taketh away (Bob Gezelter) PayPal 'credits' US man $92 quadrillion in error (Amos Shapir) Government Destroys $170k of Hardware in Absurd Effort to Stop Malware (David Farber) UBS fined $30,000 for a typing error (Lothar Kimmeringer) How the Pentagon's payroll quagmire traps soldiers (Paltrow/Carr via Jim Reisert) UK Post office software bug leads to wrongful prosecutions (Robert Lister) Sony drops appeal and pays 250,000 pounds UK fine ... data lost in 2011 PlayStation Network hack (Jon Russell via Gene Wirchenko) Insider Threats, FBI NCIC and elsewhere (PGN) The dangers of insufficient granularity in access control (Mark Radon) Florida Accidentally Banned All Computers, Smart Phones In The State Through Internet Cafe Ban: Lawsuit (Rick Scott via David Farber) Risks to NYC Bike Share (George Neville-Neil) "How Microsoft handed the NSA access to encrypted messages" (Glenn Greenwald via Gene Wirchenko) "Microsoft's Prism Involvement Detailed in Recently Leaked Documents" (Chris Paoli via Gene Wirchenko) "HP admits to undocumented backdoors in two separate storage lines" Ted Samson via Gene Wirchenko) Universities Face a Rising Barrage of Cyberattacks (Richard Perez-Pedia via Monty Solomon) Nations Buying as Hackers Sell Flaws in Computer Code (Perlroth/Sanger via Monty Solomon) Telemarketers call in reinforcements as they ignore do-not-call list (David Lazarus via Monty Solomon) "Google patches a gap in security on Android -- finally" (DH Kass via Gene Wirchenko) "Alternative fixes released for Android 'master key' vulnerability" (Jeremy Kirk via Gene Wirchenko) "Most enterprise networks riddled with vulnerable Java installations" (Lucian Constantin via Gene Wirchenko) "New Mac malware confuses users with right-to-left file name tricks" (Lucian Constantin via Gene Wirchenko) VoIP phone hackers pose public safety threat (Lauren Weinstein) How to Build Versatile and Reusable Software (Paul Robinson) Designing Dashboards With Fewer Distractions (Bill Vlasic via Monty Solomon) Re: WashDC Metro Identifies Problem With Emergency Call Buttons on Trains (Gene Wirchenko) Re: Why are software development task estimations regularly so far off? (Gene Wirchenko) Millions of US license plates tracked and stored (ACLU report via Ed Pilkington via Monty Solomon) Re: License-plate readers let police collect millions of driver records (David Alexander) Another method to read RISKS online: Google Groups (Paul Robinson) RISKS 27.38 Friday 26 July 2013 Star Wars Redux (Peter G. Neumann) Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Andy Greenberg via Steve Goldstein via Dewayne Hendricks) The risks of DNA "Certainty" (Bob Frankston) Cybersecurity hacking estimates exaggerated for profit (Lauren Weinstein) PIN-Punching Robot Cracks Phone's Security Code In 24 Hours (Andy Greenberg via Henry Baker) "Researchers spot new breed of infected Android apps in the wild" (Ted Samson via Gene Wirchenko) "SIM cards vulnerable to hacking, says researcher" (Jeremy Kirk via Gene Wirchenko) Citi Bike Accidentally Exposes Customer Credit Card Information (Ted Mann via Jim Reisert) Re: PayPal 'credits' US man $92 quadrillion in error (Mark Brader, Bill Stewart, Chris Drewe) Fool proofs? (Re: UBS fined $30,000 for a typing error, Bertrand Meyer) Re: Government Destroys $170k of Hardware ... (Rob Slade) Hardware destruction in perspective (Steve Lamont) Re: "How the Pentagon's payroll quagmire traps soldiers (Gene Wirchenko) Re: "How to Build Versatile and Reusable Software" (Gene Wirchenko) REVIEW: "Intelligent Internal Control and Risk Management", Leitch (Rob Slade) RISKS 27.39 Monday 29 July 2013 First-hand report from Philadelphia Airport shutdown (Dave Farber) Jurors jailed for contempt of court over Internet use (George Ross) And now, from the country that brought you INCIS and Novopay... (Richard A. O'Keefe) Information is Beautiful: relative sizes of data losses (Nico Chart) "Information Consumerism: The Price of Hypocrisy" (Evgeny Morozov via Prashanth Mundkur) "Scientist banned from revealing codes used to start luxury cars" (Lisa O'Carroll via Gene Wirchenko) "What else can Congress bungle? Their passwords, for starters" (Robert X. Cringely via Gene Wirchenko) Is your computer spying on you? (Henry Baker) Is Your Cable Box Spying On You? (Christopher Zara via Henry Baker) "Feds Indict 5 in Largest Hacking, Data Theft Ring in U.S. History" (ABC via Gene Wirchenko) "U.S. agents 'got lucky' pursuing accused Russia master hackers" (Gene Wirchenko) "Apple's developer site overhaul continues following breach" (Jeremy Kirk via Gene Wirchenko) If you have a rooted Android device, don't rush to install 4.3 (Lauren Weinstein) NASDAQ's Sloppy, After-hack, Phishing-like password reset message (Lauren Weinstein) RISKS 27.40 Wednesday 31 July 2013 Surviving the blame game (Michelle Singletary via PGN) Smart Houses that are not so smart (Barry Gold) The risks of measuring progress by more of the same (Bob Frankston) Stanford University passwords compromised -- again (PGN) Download manager takes Web site down (Geoff Kuenning) "Microsoft and FBI take down malware, housed on 1.9 million computers" (Lucian Constantin via Gene Wirchenko) "Cloud adoption suffers in the wake of NSA snooping" (David Linthicum via Gene Wirchenko) A Blow for the Press, and for Democracy (Margaret Sullivan via Monty Solomon) 4 Russians, 1 Ukrainian charged in massive hacking (Samantha Henry via Monty Solomon) Re: Is Your Cable Box Spying On You? (F. Barry Mulligan) Re: License-plate readers let police collect millions of driver records (Geoff Kuenning) Re: And now, from the country that brought you INCIS and Novopay... (Nick Brown) RISKS 27.41 Sunday 18 August 2013 Computer outage meets uninspected meat with no mete-outs (Doug McIlroy) Separate errors bring down NYTimes site and .gov TLD (Lauren Weinstein) Civilian GPS is vulnerable to being spoofed (Suzanne Johnson) Xerox scanners/photocopiers randomly alter numbers in scanned documents (Robert Schaefer, Glynn Clements) Easter Eggs in Infrastructure Software (Paul Fenimore) NSA to cut sys admins by 90% (Lauren Weinstein) Remotely hacking/hijacking the camera on Samsung Smart TV (Lauren Weinstein) DC, Maryland: Speed Camera Firms Move To Hide Evidence (Richard Forno) The Public/Private Surveillance Partnership (Dewayne Hendricks) ISOC: Stand Together to Support Open Internet Access, Freedom, and Privacy (David J. Farber) Lavabit, email service Snowden reportedly used, abruptly shuts down (Dewayne Hendricks) "Lavabit shutdown marks another costly blemish for U.S. tech companies" (Ted Samson via Gene Wirchenko) "Lavabit founder says he can't legally explain why he shut down email service" (Ted Samson via Gene Wirchenko) Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service (Randall) Subverting BIND's SRTT Algorithm: Derandomizing NS Selection (Roee Hay via Lauren Weinstein) Re: Hackers Reveal Nasty New Car Attacks (Amos Shapir) Digital Crossroads: Telecommunications Law and Policy ... (PGN) RISKS 27.42 Sunday 18 August 2013 Lamp-post lamp-oon (Gary Hinson) Online search for pressure cooker leads to police visit (Peter Houppermans) Four people can cut off a whole city from the railways: Getting sick (Lothar Kimmeringer) ReKords of the Keystone Kops (Richard A. O'Keefe) You can't make up the solution (Jeremy Epstein) Boston Public Schools lose flash drive with data on 21,000 students (Jonathan Kamens) Don't charge to see the last few lines of an obituary (jidanni) Researchers reveal how to hack an iPhone in 60 seconds (Violet Blue via Monty Solomon) Android one-click Google authentication method puts users, businesses at risk (Lucian Constantin via Monty Solomon) Wolf in sheep's clothing at Black Hat: Getting pwn'd by innocent looking devices (Darlene Storm via Monty Solomon) The devil is in the subscription-licensing details" (Robert L. Mitchell via Gene Wirchenko) "Outsourced software project with 6,000 pages of specs ends badly" (Patrick Thibodeau via Gene Wirchenko) "What's worse than a system failure? What you say about it" (Matt Prigge via Gene Wirchenko) "Dangerous Linux Trojan could be sign of things to come" (Jon Gold via Gene Wirchenko) "Anonymous is not anonymous" (Roger A. Grimes via Gene Wirchenko) "AARP website hacked" (Woody Leonhard via Gene Wirchenko) "Video: Watch what happens when a Prius gets hacked" (Pete Babb via Gene Wirchenko) Re: Xerox scanners/photocopiers randomly alter numbers (T Byfield) Re: The Public/Private Surveillance Partnership (Kelly Bert Manning) Re: DC, Maryland: Speed Camera Firms Move To Hide Evidence (Danny Burstein) Re: Download manager takes Web site down (Chris Adams) Re: How a Misplaced Reef on a Digital Chart Destroyed a Minesweeper (Jeffrey Alexander) RISKS 27.43 Tuesday 27 August 2013 Nasdaq Market Overcomes Trading Failure (Nathaniel Popper) NZ Inland Revenue system: Watch this space (Richard A. O'Keefe) Key emergency notification system, NOAA's "All Hazards Radio" DOWN (Danny Burstein) Zuckerberg's Facebook page hacked to prove security flaw (Lauren Weinstein) Facebook: Governments Demanded Data on 38K Users (Matt Apuzzo via Dewayne Hendricks) Feds Back Away From Forced Decryption -- For Now (David Kravets via Dewayne Hendricks) China suffers 'largest' cyberattack; Censorship makes it difficult to gauge attack scope (Lauren Weinstein) "Zombie scripts can attack at any time" (Paul Venezia via Gene Wirchenko) Novopay subcontractor bought by reviewer (Richard A. O'Keefe) "'Jekyll' test attack sneaks through Apple App Store, wreaks havoc on iOS" (John Cox via Gene Wirchenko) "The devil is in the subscription-licensing details" (RL Mitchell via GW) "Ramnit Financial Malware Now Aimed at Steam Gamers" (Chris Paoli via GW) "Don't fall prey to ad networks peddling dicey links" (Roger A. Grimes via GW) "Would Transparency by Feds Ease Fears Over Cloud Surveillance?" (GW) Re: Xerox scanners/photocopiers randomly alter numbers in scanned documents (David Lesher, Carlos G Mendioroz) Re: Risks to NYC Bike Share (George Neville-Neil) Re: Easter Eggs in Infrastructure Software (David A. Lyons) RISKS 27.44 Wednesday 28 August 2013 *NY Times* Site is Disrupted in Attack by Hackers (Haughney/Perlroth via Dewayne Hendricks) NSA intimidation expanding surveillance state (Bruce Schneier via Dewayne Hendricks) In ACLU lawsuit, scientist demolishes NSA's `It's just metadata' (Joe Mullin via Dewayne Hendricks) In ACLU lawsuit, scientist demolishes NSA's `It's just metadata' (Emin Gun Sirer) Cry wolf: Early warning for an earthquake (ishikawa) More risks of CableWiFi (Bob Frankston) REVIEW: Hacking Exposed Mobile: Security Secrets & Solutions (Ben Rothke) RISKS 27.45 Friday 30 August 2013 Super Puma helicopter endured rapid dive before crash (PGN) Shutdown at Nasdaq Is Traced to Software (Michael J. de la Merced via Matthew Kruk) Text a driver in New Jersey, and you could see your day in court (Lauren Weinstein) Why the children of tomorrow are the NSA's biggest nightmare (Charles Stross via Paul Saffo) iOS and Android Weaknesses Allow Stealthy Pilfering of Web Credentials (Dan Goodin via ACM TechNews) "Android random number flaw implicated in Bitcoin thefts" (Paul Ducklin via Gene Wirchenko) Sensitive data left on hard drives (Richard A. O'Keefe) "Report: NSA broke into UN video teleconferencing system" (Lucian Constantin via Gene Wirchenko) Facebook considers adding profile photos to facial recognition database (Lauren Weinstein) More garbage from Facebook (Vindu Goel via Matthew Kruk) "The end of Groklaw and our online privacy?" (Pamela Jones via Monica Goyal via Gene Wirchenko) HuffPo Edward Snowden Impersonated NSA Officials: Report (Sharon Kramer via Dave Farber) It's just Metadata? But it may be wrongly interpreted! (Donald B. Wagner) Re: In ACLU lawsuit, scientist demolishes NSA's `It's just metadata' (Marshall Clow) RISKS 27.46 Wednesday 4 September 2013 Our Newfound Fear of Risk (Bruce Schneier) 'Walkie-Talkie' skyscraper melts Jaguar car parts (Martyn Thomas) How the "Internet of Things" May Change the World (Matthew Kruk) "Video: PostgreSQL succeeds where MySQL fails" (Pete Babb via Gene Wirchenko) "Developers hack Dropbox and show how to access user data" (Lucas Mearian via Gene Wirchenko) No password is safe from new breed of cracking software (Salon.com via David Farber) Windows 8 Picture Passwords Easily Cracked (ACM TechNews) Password must be 10 characters and begin and end with a number (jidanni) Test 'reveals Facebook, Twitter and Google snoop on e-mails' (Martin Delgado via Henry Baker) "IBM starts restricting hardware patches to paying customers" (Joab Jackson via Gene Wirchenko) The Ghost Messages of Yahoo's Recycled IDs (Lauren Weinstein) "Report: NSA pays millions for US telecom access" (Joab Jackson via Gene Wirchenko) Re: HuffPo Edward Snowden Impersonated NSA Officials (Dimitri Maziuk, Paul Schreiber) Re: In ACLU lawsuit, scientist demolishes NSA's `It's just metadata' (Amos Shapir) Re: Sensitive data left on hard drives (David Alexander) Re: Text a driver in New Jersey, and you could see your day in court (B.J. Herbison, Larry Sheldon, Paul Robinson) Re: DC, Maryland: Speed Camera Firms Move To Hide Evidence (Paul Robinson) RISKS 27.47 Wednesday 11 September 2013 On the NSA (Matthew Green via David Rosenthal and Dewayne Hendricks) Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server (Mike Masnick via Dewayne Hendricks) Crypto prof asked to remove NSA-related blog post (Nate Anderson via Dewayne Hendricks) Government Announces Steps to Restore Confidence on Encryption Standards (Nicole Perlroth) "NSA Officers Spy on Love Interests" (Siobhan Gorman via Gene Wirchenko) "NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds" (Tom Simonite) UK Internet Filter Blocks VPNs, Australia to Follow Soon? (Torrent Freak via Lauren Weinstein) FTC Says Webcam's Flaw Put Users' Lives on Display (Edward Wyatt via Jim Reisert) The Steely, Headless King of Texas Hold 'Em (Michael Kaplan via Monty Solomon) American Fantasy Football app lets hackers change team rosters (Monty Solomon) How an Austrian Used Legos to Hack Amazon's Kindle E-Book Security (Arik Hesseldahl via Monty Solomon) Review Group on Global Signals Intelligence Collection and Communications Technologies Seeks Public Comment (Lauren Weinstein) Trouble with Red Light Cameras (Ben Moore) "World's most secure smartphone" looks like snake oil, experts say (Jon Brodkin) Tiny screens spill the beans (jidanni) Re: Test 'reveals Facebook, Twitter and Google snoop on e-mails' (Geoff Kuenning) Re: HuffPo Edward Snowden Impersonated NSA Officials (Amos Shapir) Re: 'Walkie-Talkie' skyscraper melts Jaguar car parts (Martyn Thomas, Glynn Clements, Steve Loughran) RISKS 27.48 Tuesday 24 September 2013 Girl's Suicide Points to Rise in Apps Used by Cyberbullies (Lizette Alvarez via Monty Solomon) Police: BMW Door Locks Contributed To 14-Year-Old Girl's Death (Erik Rosales via Lauren Weinstein) Another major government IT failure (Peter Bernard Ladkin) United Airlines Agrees to Honor Accidental $0 Tickets (Joshua Freed via Monty Solomon) Million Second Quiz gets overloaded (Paul Robinson) Fake online reviews crackdown in New York sees 19 companies fined (Lauren Weinstein) "Verizon's diabolical plan to turn the Web into pay-per-view" (Bill Snyder via Gene Wirchenko) Freedom and the Social Contract (Vint Cerf via Dave Farber) WiReD: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth' (Marcia Hoffman via Lauren Weinstein) The US government has betrayed the Internet. We need to take it back (Bruce Schneier via Matthew Kruk) FBI Admits It Controlled Tor Servers Behind Mass Malware Attack (Kevin Poulsen via Monty Solomon) Gov't standards agency "strongly" discourages use of NSA-influenced algorithm (Larson and Elliott via Monty Solomon) *The New York Times* provides new details about NSA backdoor (Ars Technica via David Farber) Malware Mining Civil Aviation Data - AVweb flash Article (Gabe Goldberg) E-ZPasses Get Read All Over New York, Not Just At Toll Booths (Kashmir Hill via Henry Baker) "Adobe issues critical security updates for Flash Player, Reader and Shockwave Player" (Lucian Constantin via Gene Wirchenko) "Microsoft pulls botched KB 2871630, while many Office patch problems remain" (Woody Leonhard via Gene Wirchenko) Sharing due to phone failure (Karl Goetz) HuffPost Essay by Charles Perrow on Fukushima (John Bosley via Dave Farber) BOOK: Rebecca Slayton, Arguments that Count (PGN) RISKS 27.49 Friday 27 September 2013 NHS IT system one of 'worst fiascos ever', say MPs (Richard Irvin Cook) Why Whistleblowers Should Be Listened To (M. Heffernan via Sharon Kramer) L.A. School District's Expensive iPad Program Already in Trouble (Howard Blume via Lauren Weinstein) IBM's Watson computer has parts of its memory cleared after developing an acute case of potty mouth (George Dvorsky via Randall) Supreme Court Weighs When Online Speech Becomes an Illegal Threat (David Kravets via Lauren Weinstein) "Internet threat level rises on expanded IE attacks" (Gregg Keizer via Gene Wirchenko) EU+ trying to use NSA stories as excuse to kill the open Internet (Tech Freedom via Lauren Weinstein) "Nirvanix shutdown has cloud users wondering who's next" (David Linthicum via Gene Wirchenko) "Dropbox takes a peek at files" (Jeremy Kirk via Gene Wirchenko) FTC vs Marketer of Internet-Connected Home Security Video Cameras (Gabe Goldberg) "Identity theft service planted botnets in LexisNexis, other data providers" (Serdar Yegulalp via Gene Wirchenko) Re: EZ-Pass being read all over (Ed Ravin) Re: Verizon's diabolical plan to turn the Web into pay-per-view (Arthur T.) FAA preparing to remove restrictions on in-flight electronic devices (Serdar Yegulalp via Gene Wirchenko) Defeating Apple's Touch ID: It's easier than you may think (Dan Goodin via Dewayne Hendricks) Re: Wired: Apple's Fingerprint ID May Mean You Can't 'Take the Fifth' (Ivan Jager) *TNY* review by Louis Menand of 'Command and Control', Eric Schlosser (Prashanth Mundkur) Opinion: Neglecting our nukes - Eric Schlosser - POLITICO.com (Gabe Goldberg) Risks 27.50 Tuesday 1 October 2013 Cybersecurity should be seen as an occupation, not a profession (Steve Ragan) Cost and Responsibility for Snowden's Breaches (Jonathan S. Shapiro) What Facebook, Twitter, Tinder, Instagram, and Internet Porn Are Doing to America's Teenage Girls (Nancy Jo Sales via Monty Solomon) LAUSD halts home use of iPads for students after devices hacked (Re: Blume, RISKS-27.49) RISKS 27.51 Tuesday 8 October 2013 Cyber Schools Fleece Taxpayers for Phantom Students and Failing Grades (Mary Bottari) Our Founding Fathers wisely recognized the risks in voting (Paul Robinson) "Beyond the bottom line: The true cost of patent trolls" (Serdar Yegulalp via Gene Wirchenko) Risks of politics (Chris Adams) Lowering Your Standards: DRM and the Future of the W3C (Danny O'Brien via Dewayne Hendricks) Why you can't stop checking your phone (Monty Solomon) Silk Road's founder arrested (PGN) Technologists' Comment to the NSA Review Group (Joseph Lorenzo Hall) Re: Cost and Responsibility for Snowden's Breaches (Robert R. Fenichel) Bruce Schneier: NSA attacks Internet (via Steven J. Greenwald) Mugged by a Mug Shot Online (David Segal via Matthew Kruk) Adobe Announces Security Breach (David Kocieniewski via Matthew Kruk) Notarizations Go Digital in North Carolina (Gabe Goldberg) RISKS 27.52 Wednesday 9 October 2013 Let's Build a More Secure Internet (Eli Dourado via Matthew Kruk) CMU Researchers Claim To Have Created Messaging App Even NSA Can't Crack (Geoff Goodfellow) NSA data center 'meltdowns' force year-long delay (James Niccolai via Paul Saffo) Hundreds of US companies make false Data Protection claims (Nikolaj Nielsen via Peter Houppermans) Re: Lowering Your Standards: DRM and the Future of the W3C (Jeff Jonas) RISKS 27.53 Tuesday 15 October 2013 Azerbaijan releases election results -- before the election started (PGN) Computer Failure Cuts off Access to Food Benefits (PGN) Another botched Black Tuesday for MS (Woody Leonhard via Gene Wirchenko) D-Link SOHO Routers reported to contain backdoor (Bob Gezelter) Russian government's political comment trolling operation exposed (Lauren Weinstein) EFF Resigns from Global Network Initiative (EFF) Re: "Let's build a more secure Internet" (Peter Houppermans, Bob Frankston, Fred Cohen) Re: Why the NSA's attacks on the Internet must be made public (Fred Cohen) Re: NSA data center 'meltdowns' force year-long delay (Paul Saffo) Correction re: Cyber Schools Fleece Taxpayers (Gene Wirchenko) Re: Our Founding Fathers ... (Thor Lancelot Simon) RISKS 27.54 Wednesday 16 October 2013 Adi Shamir Prevented from Attending Crypto and Cryptology Conferences (PGN) An App That Saved 10,000 Lives (Amy O'Leary via Monty Solomon) From the Start, Signs of Trouble at Health Portal (Pear et al. via Monty Solomon) Deloitte IT projects plagued with troubles around the country (Woolhouse and Healy via Monty Solomon) Online Application Woes Make Students Anxious and Put Colleges Behind Schedule (Lauren Weinstein) Deutsche Telekom hopes to hide German Internet traffic from spies (Lauren Weinstein) "We can't let the Internet become Balkanized" (Sascha Meinrath via NNSquad) "Risk considerations: Tracking services monitor your every move" (Steve Ragan via Gene Wirchenko) RISKS 27.55 Thursday 17 October 2013 GPS map leads to border crossing and shooting (Scott Nicol) "The shutdown gets real for science and high tech" (Robert X. Cringely via Gene Wirchenko) "How federal cronies built -- and botched -- Healthcare.gov" (Serdar Yegulalp via Gene Wirchenko) Health care exchange still plagued by problems (Kelly Kennedy via Monty Solomon) How applying to college just got a lot harder (David Strom via Gabe Goldberg) Food Stamp Debit Cards Failing To Work In 17 States (Monty Solomon) Majority of Brits fail to back up their important data (Monty Solomon) "Web sites tracking users using fonts, Belgian researchers find" (Candice So via Gene Wirchenko) Smart meter deployments to double market revenue of wireless modules (Bob Frankston) "Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk via Gene Wirchenko) Re: "We can't let the Internet become Balkanized" (Sam Steingold) Re: Founding Fathers (Richard A. O'Keefe) RISKS 27.56 Monday 21 October 2013 Harry Lewis's blog on Harvard's Gov 1310 (PGN) Dick Cheney Said He Disabled Heart Device to Avoid Terrorist Threats (Gabe Goldberg) Judge Posner recants his previous ruling on Voter ID (NYT via PGN) Virginia Voter Purge List (PGN) Ship Tracking Hack Makes Tankers Vanish from View (Suzanne Johnson) Crooks 'stole' Experian data the old-fashioned way: They bought it! (Serdar Yegulalp via Gene Wirchenko) "Is Wikipedia for Sale?" (Lauren Weinstein) NSA Surveillance: The 21st-Century Panopticon (Bruce Schneier) France summons US ambassador to answer allegations of widespread NSA surveillance (Amar Toor via Dewayne Hendricks) Americans Are Way Behind in Math, Vocabulary, and Technology (Roberto A. Ferdman via Allan Davidson) Google Unveils Technology Tools for Digital Rebels (*Time* via Lauren Weinstein) More on "online schools" fleecing taxpayers (Ed Ravin) Re: GPS map leads to border crossing and shooting (Anthony DeRobertis) Re: "We can't let the Internet become Balkanized" (Amos Shapir) "Users hit by Blue Screen, 0xC1900101 - 0x40017 error with Windows 8.1 update" (Woody Leonhard via Gene Wirchenko) "Resurrected KB 951847 'zombie' patch fixed -- but now has new problem" (Woody Leonhard via Gene Wirchenko) "Problems remain after Microsoft yanks Windows RT 8.1 update" (Woody Leonhard via Gene Wirchenko) Microsoft ``Still Working'' on KB2862330 Windows 7 Update Fix (Henry Baker) GCHQ spooks update PC and mobile security advice for public sector (Nap van Zuuren) REVIEW: Craig P. Bauer, Secret History: The Story of Cryptology (Ben Rothke) RISKS 27.57 Wednesday 23 October 2013 Wall Street software failure & relationship to voting (Jeremy Epstein) SecureDrop Project Will Pay To Install Media Outlets' WikiLeaks-Style Submission Systems (Andy Greenberg via Gabe Goldberg) Authors Accept Censors' Rules to Sell in China (Andrew Jacobs via Lauren Weinstein) MIT Tech Review: The Decline of Wikipedia (Tom Simonite via Lauren Weinstein) `Hacker' --> `criminality' ??? (Robert Schaefer) Re: France summons US ambassador to answer allegations of widespread NSA surveillance (Richard A. O'Keefe) Re: Americans Are Way Behind in Math, Vocabulary, and Technology (Richard S. Russell) Re: GPS map leads to border crossing and shooting (Scott Nicol) Unauthorized Access: The Crisis in Online Privacy and Security, by Sloan and Warner (PGN) RISKS 27.58 Friday 1 November 2013 Healthcare.gov (Rebecca Mercuri) Mother Jones: How Healthcare.gov Could Be Hacked (Dana Liebelson via David Bolduc) Healthcare.gov security assessment not complete before rollout (CNN via Jeremy Epstein) Single Point of Failure impacts ACA Exchanges (Bob Gezelter) Critical embedded software bugs responsible in Toyota unintended acceleration case (Prashanth Mundkur) Toyota's killer firmware: Bad design and its consequences (Tod Hagan) Toyota unintended acceleration case (Martyn Thomas) Diebold Charged With Bribery, Falsifying Docs, 'Worldwide Pattern of Criminal Conduct' (Shannon McElyea) Re: Diebold Charged With Bribery, Falsifying Docs, 'Worldwide Pattern of Criminal Conduct' (Jonathan S. Shapiro) Carmel Tunnels in Israel shut by a cyberattack -- or was it? (Jeremy Epstein) Self-Driving Cars Could Save More Than 21,700 Lives, $450B a Year (Lucas Mearian) Warily, Schools Watch Students on the Internet (Somini Sengupta via Dewayne Hendricks) EFF: "Lavabit encryption key ruling threatens Internet privacy (Jeremy Kirk via Gene Wirchenko) Hey Germany, remember this story? -- 2008: German Authorities Raiding Homes To Find Skype Tapping Whistleblower (Lauren Weinstein) NSA surveillance: Merkel's phone may have been monitored 'for over 10 years' (*The Guardian* via David J. Farber) Russia 'spied on G20 leaders with USB sticks' (Henry Baker) 2009: Britain under attack from 20 foreign spy agencies including France and Germany (Lauren Weinstein) IBM: Analyzing fake content on Twitter during real world events: Boston Marathon bombing (Lauren Weinstein) "There's more than one way to uncover state secrets" (Robert X. Cringely via Gene Wirchenko) "LinkedIn's Intro tool for iPhones could be a juicy target for attackers" (Zach Miners via Gene Wirchenko) "PHP.net compromised and used to attack visitors" (Lucian Constantin via Gene Wirchenko) The risk of trusting Internet security software makers to maintain safe websites (Michael Weiner) Metric System and Math (George Jansen) "Biology's Brave New World" by Laurie Garrett in "Foreign Affairs" (Prashanth Mundkur) RISKS 27.59 Tuesday 5 November 2013 Honda recalls 344,000 Odyssey vans for software glitch (David Undercoffler via Monty Solomon) Opinion: Don't Gerrymander the Internet! (Joseph Lorenzo Hall with Leslie Harris) No Morsel Too Minuscule for All-Consuming NSA (Scott Shane via Monty Solomon) U.S. Postal Service Logging All Mail for Law Enforcement (Ron Nixon via Monty Solomon) Perhaps "Air Gaps" Need to be "Opaque Vacuums": The dangers of software controlled embedded devices (Bob Gezelter on Dan Goodin) Why The Attack on Buffer Was A Serious Wake-Up Call (David Berlind via Lauren Weinstein) Shut Down the Internet? (Steven J. Greenwald) Adobe: Hackers stole account info of 38 million users, not 3 million (Salvador Rodriguez via Monty Solomon) Re: Metric System and Math (Henry Baker, Amos Shapir) Re: Utility network protection? No. (Dick Mills) Re: An App That Saved 10,000 Lives (Bruce Horrocks) RISKS 27.60 Monday 18 November 2013 Protecting Data Privacy (Marc Rotenberg) What happens in Vegas DOESN'T stay in Vegas with new street lights that can record your conversations (Randall Head via Dewayne Hendricks) The Surveillance State Puts U.S. Elections at Risk of Manipulation (Conor Friedersdorf via Henry Baker) "Internet gambling: Play at your own risk" (Monica Goya via Gene Wirchenko) My Latest Essay on the "Public/Private Surveillance Partnership" (Bruce Schneier) Snowden persuaded other NSA workers to give up passwords - sources (Hosenball and Strobel via David Farber) Eben Moglen: Snowden and the Future (David S. Isenberg via Dewayne Hendricks) TA13-309A: CryptoLocker Ransomware Infections (US-CERT) "4 reasons BadBIOS isn't real" (Roger A. Grimes via Gene Wirchenko) RISKS 27.61 Tuesday 19 November 2013 GIGO cholesterol, but is it a bug or specifications failure? (Jeremy Epstein) Voter ID laws and voter suppression (Richard L. Hasen) Vendors Liable under No Surreptitious Code Warranties? (Henry Baker) Fined For Posting A Negative Review Online (Lauren Weinstein) Riders double-charged after transit card rollout (Kurt Sheffer) Technological Due Process (Danielle Keats Citron via Robert Schaefer) UK conservatives attempting to erase their Internet history (Lauren Weinstein) NSA Admits That Edward Snowden Stole Up to 200,000 Documents (David Farber) Hack of MacRumors forums exposes password data for 860,000 users (Dan Goodin via Monty Solomon) "Facebook forces some users to reset passwords because of Adobe data breach" (Lucian Constantin via Gene Wirchenko) Apple takes strong privacy stance in new report, publishes rare 'warrant canary' (Cyrus Farivar via Dewayne Hendricks) EFF Files 22 Firsthand Accounts of How NSA Surveillance Chilled the Right to Association (David Farber) LexisNexis helping police stake out social media (Lauren Weinstein) FBI deems PhD thesis a national security concern (Richard Forno) LG Smart TV logging everything to a website (Eli the Bearded) Hoping to avert "collision" with disaster, Microsoft retires SHA1 (Monty Solomon) "Adobe patches critical vulnerabilities in Flash Player, ColdFusion" (Lucian Constantin via Gene Wirchenko) "'Blurry fonts' bug KB 2670838 persists with IE11 and Windows 7" (Woody Leonhard via Gene Wirchenko) Re: An App That Saved 10,000 Lives (Geoff Kuenning) Clifford Nass: Obituary (Chris Drewe) RISKS 27.62 Monday 25 November 2013 Massive cargo plane that landed at wrong Kansas airport finally makes it to right one (Dylan Stableford) Repeated attacks hijack huge chunks of Internet traffic (Dan Goodin) Subject: Sweden to give police and others realtime access to citizens' phone, e-mail, more (NNSquad) US and UK struck secret deal to allow NSA to 'unmask' Britons' personal data (*The Guardian*) US senators say there's 'no evidence' bulk metadata surveillance is useful (Cyrus Farivar via Dewayne Hendricks) As if there weren't enough reasons to hate the wireless carriers (DV Henkel-Wallace) Op-ed: Lavabit's founder responds to cryptographer's criticism (Ladar Levison) "Jailbreak a phone, go to jail: Copyright law, the TPP way" (Robert X. Cringely via Gene Wirchenko) Computer Scientists Not Totally Clueless About Passwords (Dan Goodin) "GitHub bans weak passwords after brute-force attack results in compromised accounts" (Lucian Constantin) Web Companies Slam Ruling In Libel Case [as well they should (Lauren Weinstein) Hackers actively exploiting JBoss vulnerability to compromise servers (Lucian Constantin via Gene Wirchenko) Germany threatens to fine and/or jail Carl Malamud for doing his usual thing (Lauren Weinstein) Metadata vs. data: the real issue (Geoff Kuenning) HP sending *styrofoam* junk mail (Joe Touch via Dave Farber) Alternate definition of GIGO (Paul Wexelblat) Re: UK conservatives attempting to erase their Internet history (Scott Miller) RISKS 27.63 Wednesday 4 December 2013 Jury: Newegg infringes Spangenberg patent, must pay $2.3 million (Lauren Weinstein, PGN) Amazon Air Prime and the Labor Question (Andrew Russell) "Stuxnet's Secret Twin", by Ralph Langner at Foreign Policy (via Prashanth Mundkur) Dial 00000000 for Armageddon (Henry Baker) Monday meltdown (Gary Hinson) "Million-dollar robbery rocks bitcoin exchange" (Jon Gold via Gene Wirchenko) Bitcoin Miners being planted in programs being surreptitiously installed on users' computers (Techienews via Lauren Weinstein) Why Comcast and other cable ISPs aren't selling you gigabit Internet (ArsTechnica via Lauren Weinstein) Dutch intelligence agency AIVD hacks Internet forums (NRC via LW) Snowden claims... NSA used lots of spyware (Danny Burstein) UK ministers will order ISPs to block terrorist and extremist websites (Lauren Weinstein) New FCC Chairman appears to simultaneously endorse NetNeutrality and letting ISPs crush Net services and consumers (Public Knowledge) "Malice or mistake? Cyber sleuths weigh in on Internet hijack attack" (Serdar Yegulalp via Gene Wirchenko) A spurned techie's revenge: Locking down his ex's digital life (Sean Gallagher via Monty Solomon) Facebook Vulnerability Discloses Friends Lists Defined as Private (Quotium) Surveilling the police! (Prashanth Mundkur) Couchsurfing - The Crash - Montreal 2006 (jidanni) Re: A joke that went wrong (Brian Randell) Willis Ware (PGN) The Spyware That Enables Mobile-Phone Snooping (Susan Crawford via Robert Schaefer) Healthcare IT (IEEE S&P) Digital Outcasts: Moving Technology Forward without Leaving People Behind (Ben Rothke) RISKS 27.64 Wednesday 18 December 2013 Chinese hackers attacked crucial government election website (CNN) The latest example of a large, failed British government IT system (Peter Bernard Ladkin) Taiwanese tourist walks off Australia pier while checking Facebook (Mark Brader) Confirming the MOOC Myth (Carl Straumsheim via ACM TechNews) After Setbacks, Online Courses Are Rethought (Tamar Lewin via ACM TechNews) RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (Genkin/Shamir/Tromer via Lauren Weinstein) Snowden ``stole everything -- literally everything'' (Henry Baker) NSA Uses Google Cookies to Pinpoint Targets for Hacking (Soltani/Peterson/ Gellman) MacBook webcams vs. spying (Lauren Weinstein) "Two million log-ins stolen from Facebook, Google, ADP payroll processor" (Jeremy Kirk via Gene Wirchenko) French cybersecurity agency says they forged Google certificates due to ... "human error" (ANSSI via Lauren Weinstein) The Mission to De-Centralize the Internet (Joshua Kopstein) The Dumbest Privacy Case of the Year (Stewart Baker) "Where pass-the-hash attacks could be hiding" (Roger Grimes via Gene Wirchenko) Re: New FCC Chairman appears to simultaneously endorse Net Neutrality and letting ISPs crush Net services and consumers (Bob Frankston) RISKS 27.65 Thursday 19 December 2013 Harvard Student Charged In Bomb Hoax (CBS via Monty Solomon) Harvard student tried to dodge exam with bomb hoax (Bob Frankston) Keeping my front door off the Internet (Pertti Huuskonen) Do Google Glass users violate state laws against recording conversations permission? (Paul Alan Levy) UPS program delivers unnerving surprise (David Lazarus via Mark Brader) Brokers Trade on Sensitive Medical Data with Little Oversight, Senate Says (Elizabeth Dwoskin via Jim Reisert) Officials Say U.S. May Never Know Extent of Snowden's Leaks (Mazzetti/Schmidt via Matthew Kruk) Subject: 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say (Dan Goodin via Dewayne Hendricks) Someone's Been Siphoning Data Through a Huge Security Hole in the Internet (Kim Zetter via Dewayne Hendricks) "Trolls, orcs, and spooks: The breaching of World of Warcraft" (Robert X. Cringely via Gene Wirchenko) GCHQ Forced Secure Email Service PrivateSky to Shut Down (Dan Raywood via Dewayne Hendricks) "Adobe patches critical vulnerabilities in Flash Player, Shockwave" (Lucian Constantin via Gene Wirchenko) `Revenge porn' operator arrested, charged with ID theft (Joe Mullin via Lauren Weinstein) AOL/Facebook/Google/LinkedIn/Microsoft/Twitter/Yahoo (Reform Government Surveillance) Bots now running the Internet with 61 percent of Web traffic (Dara Kerr via Dewayne Hendricks) "Greed isn't good: 3 reasons not to bite on the bitcoin" (Robert X. Cringely via Gene Wirchenko) "Botched Black Tuesday patch KB 2887069 freezes, fails to configure, triggers a BSoD, and/or zaps sound drivers" (Woody Leonhard via Gene W.) Re: Confirming the MOOC Myth (Dennis E. Hamilton) RISKS 27.66 Thursday 26 December 2013 Belgian card payment network crashes two days after record usage (Peter Sayer via Jim Reisert) Programmed Interlocks remain a hazard (Bob Gezelter) Cryptolocker ransomware has 'infected about 250,000 PCs' (Leo Kelion, Brian Randell, Eric Burger) Target leaks credit card stripe data during Black Friday rush (Bob Gezelter) Security versus Countersecurity (Dick Mills) Secret contract tied NSA and RSA (Joseph Menn) Data brokers won't even tell the government how it uses, sells your data (Casey Johnston via Dewayne Hendricks) NSA oversight panel recommends more privatization of spying (Eli the Bearded) AT&T follows Verizon's lead, will start publishing law enforcement request data in early 2014 (Verge via Lauren Weinstein) Re: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (Henry Baker) Silver Bullet 93: Yoshi Kohno (Gary McGraw) RISKS 27.67 Wednesday 1 January 2014 Where are the 1984 Rose Bowl kids now? (PGN) Hackers target cash machines with USB sticks (Henry Baker) Matt Blaze on the `Alleged' RSA-NSA Scheming? (Dewayne Hendricks via Dave Farber) Daunting Mathematical Puzzle Solved, Enables Unlimited Analysis of Encrypted Data (Scientific Computing) IBM Earns Patent for 'Encrypted Blobs' (Ellen Messmer) Vint Cerf and Robert Kahn on the future of the Internet (John Markoff) On Security Architecture, The Panopticon, and "The Law" (arxlight via John Gilmore via Dave Farber) "The Real Purpose of Oakland's Surveillance Center" (Prashanth Mundkur) More on NSA surveillance (Henry Baker) Surveillance leads to censorship? (Robert Schaefer) Science humour that may disappear? (Martyn Thomas) REVIEW: Digital Archaeology: The Art and Science of Digital Forensics (Ben Rothke) RISKS 27.68 Friday 3 January 2014 Searching the Internet for evidence of time travelers (Robert J. Nemiroff via Dave Farber, Lauren Weinstein) Apple, Cisco, Dell unhappy over alleged NSA back doors in their gear (Gene Wirchenko) Apple Says It Is 'Unaware' of N.S.A. iPhone Hack Program (Nicole Perlroth) Backdoor in popular wireless routers/DSL modems (Lauren Weinstein) TA14-002A: Malware Targeting Point of Sale Systems (US-CERT) 4.6 million Snapchat phone numbers and usernames leaked (Lauren Weinstein) Local restaurant chain source of data breach that compromised card info of conventioneers (Deirdre Fernandes) Researchers Hack Webcam While Disabling Warning Lights (Nick Bilton) Edward Snowden, Whistle-Blower (NYT Editorial via Dewayne Hendricks) Recent *Der Spiegel* coverage about the NSA and GCHQ (Jacob Appelbaum) Court Rules No Suspicion Needed for Laptop Searches at Border (ACLU via Richard Forno) Re: Hackers target cash machines with USB sticks (David Alexander) Re: Data brokers won't even tell the government how it ... your data (Matthew Kruk) Internet citizen mobilization and the law (Gary T Marx) RISKS 27.69 IMS Health files for IPO (Deborah Peel) I Had My DNA Picture Taken, With Varying Results (Kira Peikoff via Monty Solomon) Study documents dangers of texting, dialing while driving (Marilynn Marchione via Monty Solomon) Distracted Driving and Risk of Road Crashes among Novice and Experienced Drivers (NEJM via Monty Solomon) Brainlike Computers, Learning From Experience (John Markoff via jidanni) Re: Time Travel (Gene Spafford) Prison Locker Ransomware, an upcoming malware threat in 2014 (PGN) The dangers of showing your Bitcoins on TV (Danny Burstein) Through a PRISM, Darkly - Everything we know about NSA spying (Kurt Opsahl talk via Dewayne Hendricks) Snapchat will let users opt out of compromised feature (Zach Miners via Gene Wirchenko) "How did Snapchat get hacked?" (Candice So via Gene Wirchenko) "Do your PCs leak valuable intel with every Windows error report?" (Claudiu Popa via Gene Wirchenko) Re: Nuclear arming codes (John Gilmore, Doug Humphrey, PGN) RISKS 27.70 Tuesday 21 January 2014 Amazon is a hornet's nest of malware (Brian Fung via IEEE Cipher) CryptoLocker 2.0 turns into worm that spreads via USB drives (John E Dunn via Gene Wirchenko) China launches quantum computing effort (Mark Thorson) How to opt out of getting e-mails from any Google+ user (Brian Jackson via Gene Wirchenko) Bias in Forum Comment Voting (Gene Wirchenko) We were pressured to weaken mobile security (Arild Færaas via Prashanth Mundkur) Middle Ground on NSA (on Matt Blaze via Lauren Weinstein) NSA and GCHQ activities appear illegal: EU parliamentary inquiry (*The Guardian* via David Farber) "Costs of NSA phone records collection program outweigh the benefits" (Jaikumar Vijayan via Gene Wirchenko) Where do we *get* these people?! (Phil Smith) Re: How did we end up with a centralized Internet for the NSA to mine? (O'Reilly Radar via John Gilmore via Dave Farber) Re: Backdoor in popular wireless routers/DSL modems (Henry Baker) RISKS 27.71 Thursday 23 January 2014 Medical "scribes" ease doctor's data entry burden (Ed Ravin) No Girls, Blacks, or Hispanics Take AP Computer Science Exam in Some States (Liana Heiten) How the Chinese Internet ended up at a house in Cheyenne, Wyoming (Brian Fung) FBI snatches Google Glass off the face of innocent AMC movie-goer (Rob Jackson) Google Glass-wearing movie patron questioned by Homeland Security agents as potential pirate (Adi Robertson) 'Sex with Glass' is getting either sex or Glass wrong (Adi Robertson via Monty Solomon) `Smart' computer-based systems in your homes (Wendy M. Grossman) The Malware That Duped Target Has Been Found (Lauren Weinstein) Target Hackers Wrote Partly in Russian, Displayed High Skill (Danny Yadron Connect) Neiman Marcus stores reportedly hacked (Krebs via Bob Gezelter) White hat hacker says he found 70,000 records on Healthcare.gov through a Google search (Adrianne Jeffries via Monty Solomon) "NSA Devises Radio Pathway Into Computers" (Sanger/Shanker) And this time it was real SPAM? from Fridge! (Steve Lamont) Risks of the Internet of Things (Robert Schaefer) Mobile apps store credentials in the clear (Bob Gezelter) Software licensing as information leak? (Stuart Levy) What happens when your car comes pre-equipped with monitoring (Bob Gezelter) Warning: I recommend removing your credit/debit cards from NSI (Lauren Weinstein) Re: Backdoor in popular wireless routers/DSL modems (Martin Ward) USENIX Security submissions due 27 Feb 2014 (Kevin Fu) RISKS 27.72 Monday 27 January 2014 Signal Failure at Grand Central (Peter Wild) NEWS FLASH: Alarms are distracting! Turing off alarms is a priority! (Richard Irvin Cook) Hackers Steal Law Enforcement Inquiry Documents from Microsoft (Lauren Weinstein) Gmail glitches down worldwide; Hotmail hitches (Etherington/Perez) Stolen Laptops (Laura Corriss) Converting Google Chrome into a Bugging Device by exploiting Speech Recognition feature - The Hacker News (David Farber) "Google dismisses eavesdropping threat in Chrome" (Keremy Kirk via Gene Wirchenko) How Google Calendar can tip off your boss that you want a raise (Dan Goodin via Monty Solomon) Proofpoint Uncovers Internet of Things Cyberattack (Jim Reisert) Apple.com does more to protect your password ... (Dan Goodin via Monty Solomon) Snapchat's new "security" feature holds up about as long as a double cheeseburger (Lauren Weinstein) BYOD? Leaving a Job Can Mean Losing Pictures of Grandma (Lauren Weber Monty Solomon) You don't want your privacy: Disney and the meat space data race (John Foreman via Monty Solomon) Re: Risks-27.71: Medical "scribes" ease doctor's data entry burden (David Lesher) Re: Software licensing as information leak (Dimitri Maziuk) Name-collision risks (Burt Kaliski) 2nd Neuro-Inspired Computational Elements Workshop (Murat Okandan) RISKS 27.73 Tuesday 28 January 2014 Will non-profit foundations step up to save the Internet? (Dan Gillmor via Dewayne Hendricks) Coca-Cola laptop breach common failure of encryption/security basics Robert Westervelt via Monty Solomon) Why is the US a decade behind Europe on 'chip and pin' cards? (Heather Long via Dewayne Hendricks, DV Henkel-Wallace, Daniel Weitzner) Like mobsters dividing turf, the giant ISPs talk about dividing up the country into fiefdoms (Ars Technica via NNSquad) Re: Software licensing as information leak (Michael Black) STAMP Workshop 2014 Registration (Nancy Leveson) REVIEW: "Rainbows End", Vernor Vinge (Rob Slade) RISKS 27.74 Saturday 15 February 2014 RAF Voyager Grounded (Andy Cole) NSF: 1/4 of Americans think sun goes 'round the earth... (Paul Saffo) Your Air Traffic Controller May No Longer Be Required to Have a High School Diploma (via Glenn S. Tenney) Iron Mountain fire in Argentina destroys bank archives (AP via Jim Reisert) Heat System Called Door to Target for Hackers (NYTimes.com via Bob Frankston) Auto battery death by improper charging (Monty Solomon) Israeli combat pilots stored top-secret info on smartphones (Steven J Klein) FBI Checks Wrong Box, Places Student on No-Fly List (David Kravets with comments from Chris Beck) EU has secret plan for police to 'remote stop' cars (Henry Baker) When teaching, you should know your subject (Paul Robinson) Bad Domain Registrar Security Leads to Loss of Valuable Twitter Handle (Chuck Weinstock) Altcoins will DESTROY the IT industry and spawn an infosec NIGHTMARE (Matthew Kruk) GPS pioneer warns on network's security (Jones/Hoyos via Henry Baker) "NSA-GCHQ Allegedly Hack Cryptographer Quisquater" (Jean-Jacques Quisquater) Book announcement: "Threat Modeling: Designing for Security" (Adam Shostack) RISKS 27.75 Friday 21 February 2014 United Airlines Can't Seem to Keep Its Computers and Systems Running (Jonathan B Spira) Oregon voter registration database hacked, then offline for 10 days (Michael Lloyd and Yuxing Zheng) Legend EMR (Richard I Cook) The Snowden privacy panic has spread to medical research (Tom Gray) Spy Chief Says Snowden Took Advantage of Perfect Storm ... (David E. Sanger and Eric Schmitt) 'TheMoon' worm infects Linksys routers (Lucian Constantin via Gene Wirchenko) Well.ca loses customer credit card data in security breach" (Candice So) New Silk Road hit with $2.6 million heist due to known Bitcoin flaw (Cyrus Farivar) The furniture is watching you (Mark Thorson) Smarter caller-id spoofing (Tony Luck) Cryptography Breakthrough Could Make Software Unhackable (WiReD) Venezuela's Internet Crackdown Escalates into Regional Blackout (EFF) Bing censoring Chinese language search results for users in the US (*The Guardian*) Israel Electric Opens Cyber-War Room to Defend Against Power-Grid Hacks (Gwen Ackerman) DARPA Thinks the Future of Surveillance Looks Like Siri (Patrick Tucker via ACM TechNews) Because of DRM, The Entire Copyright Monopoly Legislation is a Lie (Rick Falkvinge via Dewayne Hendricks) Why is the US a decade behind Europe on 'chip & pin' cards? (Jeremy Ardley) Re: NSF: 1/4 of Americans think sun goes 'round the earth... (Andy Walker) American science education (Rich Schroeppel) Re: High School educated Air Traffic Controllers (Steve Lamont) David Cole: "Can Privacy Be Saved?" (Bruce Schneier) GPS / GNSS vulnerabilities (Martyn Thomas) Re: GPS pioneer warns on network's security (Bob Frankston) UK is expanding their screwed up mandated porn filters to include more topics they can screw up (Lauren Weinstein) RISKS 27.76 Tuesday 25 February 2014 Lawmakers consider broad safety exemptions to bypass FDA regulation (Kevin Fu) Backup botchup in library saved by friendly fired folks (Richard A. O'Keefe) UMD security breach exposes personal info of students, faculty, staff (WJLA via Jeremy Epstein) `The Wild West of Privacy' (Joe Nocera via PGN) One of the Most Alarming Internet Proposals I've Ever Seen (Lauren Weinstein) Glenn Greenwald: JTRIG psyops (Kurt Albershardt) Apparent Theft at Mt. Gox Shakes Bitcoin World - NYTimes.com (David Farber) iPhone's Critical Security Bug: a Single Bad `Goto' (Kevin Poulsen via Henry Baker) Apple's 'GotoFail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More (*Forbes* via Lauren Weinstein) On the Suspicious Timing of iOS's SSL Vulnerability (John Gruber via Henry Baker) LinkedIn agrees to obey Chinese masters' censorship demands (Lauren Weinstein) "Target contractor says it was victim of cyber attack" (Jeremy Kirk via Gene Wirchenko) RISKS 27.77 Friday 28 February 2014 Fake Computer Science Papers (Rebecca Mercuri) France's 'Anti-Amazon' law takes the wrong approach (Hugo Beniada via Gene Wirchenko) "Study: IRS exposing Social Security numbers online" (Tony Bradley via Gene Wirchenko) EFF: Bad Facts, Really Bad Law: Court Orders Google to Censor Controversial Video Based on Spurious Copyright Claim (Lauren Weinstein) "Pony malware targeting passwords and Bitcoins uncovered" (Candice So via Gene Wirchenko) Scholarship for Women Studying Information Security (Jeremy Epstein) Re: Lawmakers consider broad safety exemptions to bypass FDA (Robert L Wears) "New iOS flaw allows malicious apps to record touch screen presses" Lucian Constantin via Gene Wirchenko) "Apple's security flaws: Are you paranoid enough yet?" (Caroline Craig via Gene Wirchenko) Re: iPhone's Critical Security Bug: a Single Bad `Goto' (Chuck Petras, Dimitri Maziuk, David Hedley, Phil Smith) RISKS 27.78 Monday 3 March 2014 Startups don't realize the issue with security until it's too late (Jenna Wortham and Nicole Perlroth) Apple Rolls Out CarPlay (Apple Press Info via Monty Solomon) Keurig Will Use DRM In New Coffee Maker To Lock Out Refill Market (Karl Bode via Monty Solomon) "Yahoo breach exposes naked truth about online security" (Robert X. Cringely via Gene Wirchenko) Snowden made cyber-geek nightmares true. Can 'private' be normal again? (Dan Gillmor via Dewayne Hendricks) Ed Felten at TrustyCon (PGN) Apple's Serious Security Issue: Update Your iPhone or iPad Immediately (Molly Wood via Monty Solomon) The goto Squirrel (Dennis E. Hamilton) Re: iPhone's Critical Security Bug: a Single Bad `Goto' (Dimitri Maziuk, Henry Baker) RISKS 27.79 Thursday 6 March 2014 95% of bank ATMs face XP end of security support (Henry Baker) "7 hidden dangers of wearable computers" (Jaikumar Vijayan via Gene Wirchenko) "Techies: Take a congressman and a cop to work with you" (Bill Snyder via Gene Wirchenko) "Two more Bitcoin exchanges fall prey to alleged hacker theft" (Kevin Lee via Gene Wirchenko) "What Disney World teaches us about mobile payments" (Galen Gruman via Gene Wirchenko) Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping (Ars Technica via Lauren Weinstein) Linksys E1000, E1200, and E2400 routers reportedly have exploitable vulnerability (Bob Gezelter) Re: Apple Rolls Out CarPlay (Bob Frankston) TrustyCon and the RSA con NSA poll (Scott Miller) Re: Smarter caller-id spoofing (Chris Drewe) Apple security rules leave inherited iPad useless (Amos Shapir) Author Anne Rice has it dead wrong on comments and anonymity (Lauren Weinstein) Race To Stop 'Revenge Porn' Raises Free Speech Worries (Lauren Weinstein) Medtronic Carelink User Guide on passwords (Shawn Merdinger) Book review: Adam Shostack, Threat Modeling: Designing for Security (Ben Rothke) RISKS 27.80 Monday 17 March 2014 Malaysia Airlines Flight MH370 network hacked? (Andrew Douglass) As the Web Turns 25, Its Creator Talks About Its Future (Nick Bilton) What the Internet of 2025 Might Look Like (Brian R. Fitzgerald) Cyberattacks Could Paralyze U.S., Former Defense Chief Warns (Patrick Thibodeau) "The Future of Internet Freedom" (Eric E. Schmidt and Jared Cohen) Worrying about NSA? Concentrate on Experian instead (George Sadowsky) NSA wants to infect **millions** of computers (Dan Gillmor) Who watches the watchers? (Henry Baker) Governor Christie's New Scandal: Verizon's Fiber-Optic-"Digital Bridge" Gate (Bruce Kushnick) Man called Bitcoin's father denies ties, leads LA car chase (Lauren Weinstein) Re: Anne Rice (David E. Ross) Re: TrustyCon and the RSA con NSA poll (the wharf rat) Re: Apple's GotoFail Security Mess (John Beattie) Re: Applied Systems Theory (George Ledin) Re: Threat Modeling: Designing for Security (Paul Edwards) BOOK: Rebecca Slayton: Arguments That Count (PGN) RISKS 27.81 Saturday 22 March 2014 Turkish Censorship Increases (tkalama) ``We'll Eradicate Twitter,'' Turkey's Prime Minister Vows (NPR) Turkey Twitter users flout Erdogan ban on micro-blogging site (Brian Randell) Researchers discover credential-stealing Unix-based server botnet (Antone Gonsalves) Prominent security mailing list Full Disclosure shuts down indefinitely (Lucian Constantin) Snowden: Big revelations to come, reporting them is not a crime (David Rowan) Bloomberg: Adobe Gift of Solar Phone Chargers Prompts U.S. Inquiry (Gabe Goldberg) Pentagon Withholds Internal Report About Flawed $2.7 Billion Intel Program (Paul Saffo) L. Gordon Crovitz: America's Internet Surrender (John F. McMullen) Microsoft Leak and Privacy (Lauren Weinstein) Insider threat dynamics: "Ex-Microsoft employee arrested" (Alex Krutov) Dan Geer's brilliant talk at RSA (Mark Seiden) Integrated Formal Methods, iFM 2014 (Diego Latella) RISKS 27.82 Saturday 29 March 2014 Reconsidering Malaysian MH 370 (PGN) A prosecution trend to watch out for: liking a Facebook post (Privacy Surgeon) Smart key, pretty dumb: Chevy Volt (Tim Duncan) Carmaker Misled Grieving Families on a Lethal Flaw (NYT) CASL destined to be challenged on grounds it violates Charter rights: lawyers (Brian Jackson via Gene Wirchenko) NSA: Fixing Internet vulnerabilities compromises national security (Henry Baker) Police Keep Quiet About Cell-Tracking Technology (Jack Gillum via Monty Solomon) Can You Trust 'Secure' Messaging Apps? (Molly Wood via Monty Solomon) Previewing e-mail in Outlook can lead to malware infection (Lewis Morgan via Gene Wirchenko) Third-Party Hotel Booking Sites Can Mislead Consumers (Alina Tugend via Monty Solomon) Obama to Call for End to N.S.A.'s Bulk Data Collection (Charlie Savage via Monty Solomon) Turkey Moves To Block Twitter At The IP Level (Lauren Weinstein) Turkey blocks Google's DNSs (tkalama) Closing the Gap to Human-Level Performance in Face Verification (Taigman et al. via Monty Solomon) RISKS 27.83 Friday 11 April 2014 For once. a good-news story about social media (Mark Brader) Problems with Big Data (Gary Marcus and Ernest Davis) Clapper Acknowledges Backdoor Searches (Ellen Nakashima) "Beware: The cloud's Ponzi schemes are here" (David Linthicum via Gene Wirchenko) OpenSSL Heartbleed vulnerability (Alex Hern) TA14-098A: OpenSSL 'Heartbleed' vulnerability (US-CERT) Experts Find a Door Ajar in an Internet Security Method (Nicole Perlroth) "The Heartbleed OpenSSL flaw is worse than you think" (Roger A. Grimes via Gene Wirchenko) NSA monitors Wi-Fi on US planes 'in violation' of privacy laws (RT USA via Dewayne Hendricks) Yahoo breaks every mailing list in the world including the IETF's (John Levine via NNSquad) Technology's Man Problem (Claire Cain Miller via Lauren Weinstein) Details of how Turkey is intercepting Google Public DNS (Bortzmeyer via NNSquad) RISKS 27.84 Wednesday 16 April 2014 Spider threat fixed by software (Martyn Thomas) Whitehat hacker goes too far, gets raided by FBI, tells all (Sean Gallagher) OpenSSL Mallocware = Malware (Henry Baker) The Heartbleed Challenge (cloudflarechallenge via Monty Solomon) Re: How Heartbleed Broke the Internet, And Why It Can Happen Again (Jonathan S. Shapiro) "CRA loses 900 SIN numbers through Heartbleed bug" (Candice So via Gene Wirchenko) Vicious Heartbleed bug bites millions of Android phones, other devices (Dan Goodin) All sent and received e-mails in Gmail will be analyzed, says Google (Casey Johnston) "Digital Privacy Act allows companies to hand over customer information without warrant or consent" (Brian Jackson) Apple, Samsung, mobile carriers to debut anti-theft kill switch in 2015 (Cyrus Farivar) Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers (Dan Goodin) Unintended Denial of Service by Banking Security (Toby Douglass) "Microsoft confirms it's dropping Windows 8.1 support" (Woody Leonhard) RISKS 27.85 Friday 25 April 2014 Bug can cause deadly failures when anesthesia device is connected to cell phones (Dan Goodin via Jeremy Epstein) Another good-news story (Chiaki Ishikawa) Automated license plate reader mistake risks (Thomas Dzubin) "Task Force on Cyber Risk Formed to Advance Research" (Alex Krutov) "12 ethical dilemmas gnawing at developers today" (Peter Wayner via Gene Wirchenko) Dogs are genetically modified human babies? (Charles C. Mann) "Intuit's secret campaign to block free tax filing" (Bill Snyder via Gene Wirchenko) Mystery attack drops avalanche of malicious messages on Twitter (Dan Goodin via Monty Solomon) "Mysterious malware steals Apple credentials from jailbroken iOS devices" (Lucian Constantin via Gene Wirchenko) Citing fraud, Maine to put photos on EBT cards (Alanna Durkin via Monty Solomon) Credit card fraud detection Catch-22, and more (Rex Sanders) FBI Informant Is Tied to Cyberattacks Abroad (Mark Mazzetti via Monty Solomon) AP: Putin declares the Internet to be a "CIA Project" (Salon) Russia bans anonymous blogging, orders bloggers to register (TechDirt via NNSquad) "The sky is falling! Hackers target satellites" (Roger A. Grimes via The trouble with Canada's Digital Privacy Act (Tony Drake via Gene Wirchenko) How Urban Anonymity Disappears When All Data Is Tracked (NYT blog via Matthew Kruk) U.S. Promotes Network to Foil Digital Spying (NYTimes.com via Dave Farber) "Coding error protects some Android apps from Heartbleed" (Jeremy Kirk via Gene Wirchenko) Heartbleed hacker arrested, charged in connection to malicious bug exploit (David Kravets via Dewayne Hendricks) Heartbleed Highlights a Contradiction in the Web (Matthew Kruk) Re: Heartbleed (Dimitri Maziuk) RISKS 27.86 Tuesday 29 April 2014 Volume 27 : Issue 86 Health Care: Website Fails -- Oracle Blamed (Stephanie M. Lee) It's Insanely Easy to Hack Hospital Equipment (Henry Baker) Critical Care Medicine: Gorilla my dreams? (UPMC) EHR hazards (from DKross) Mobile payment systems fail to take off with consumers (Brian X. Chen via Monty Solomon) FBI Needs to See *Enemy of the State* (Marc Rotenberg) Global Entry and Company: Worth the Price? (Seth Kugel via Monty Solomon) Remote bicycle brakes (Charles P. Lamb) "5 takeaways from Verizon's 2014 Data Breach Investigations Report" (Roger A. Grimes via Gene Wirchenko) Microsoft injects code into files backed up on their cloud (Mark Thorson) "US CERT and KB 2963983: Don't use drive-by-enabled Internet Explorer" (Woody Leonhard via Gene Wirchenko) Stanford's password policy (David Magda) Re: The sky is falling! Hackers target satellites (Erling Kristiansen) Re: heartbleed (Henry Baker, Dimitri Maziuk) Book: Vulnerability in Technological Cultures (MIT Press) RISKS 27.87 Thursday 1 May 2014 LAX shut down because of "computer issues" (Paul Saffo) Computer fault causes delays at airports and sea ports (Chris J Brady) Consequences of privacy risks in social networks (Yvo Desmedt) Tax Fraud Gang Targeted Healthcare Firms (Jim Reisert) UPS hasn't found the package of clue yet (David Lesher) The risks of garbage collection delays (Steve Loughran) Re: Unintended Denial of Service by Banking Security (Toby Douglass) Re: It's Insanely Easy to Hack Hospital Equipment (Larry Sheldon) Re: Microsoft injects code into files backed up on their cloud (George Sicherman) When smart mail goes wrong ... (George Michaelson) Heartbleed as Metaphor (Dan Geer) Lessons from the ACM Risks Forum, Webinar with PGN (Yan Timanovsky) CfP: LASER 2014: Workshop on Learning from Authoritative Security Experiment Results (Jeremy Epstein) RISKS 27.88 Monday 5 May 2014 U-2 Fries Air Traffic Control Computers, Shuts Down LAX (Andrew Blankstein via Henry Baker) URL problem for IE users on "Lessons from the ACM Risks Forum? (Yan Timanovsky via PGN) A student data collector drops out (Marc Rotenberg & Khaliah Barnes via PGN) Tech companies get less silent about government data collection (Serdar Yegulalp via Gene Wirchenko) Everyone Is Under Surveillance Now (*The Guardian*) Get Ready for Regulators to Peer Into Your Portfolio (Jason Zweig via Henry Baker) "This is why companies are still afraid of the cloud" (David Linthicum via Gene Wirchenko) Eggs in one basket with a Three dongle (Chris J Brady) Danish gossip magazine steals credit-card transaction information (Donald B. Wagner) "Heartbleed postmortem: OpenSSL's license discouraged scrutiny" (Simon Phipps via Gene Wirchenko) Re: heartbleed (Ivan Jager) Re: credit card fraud (Dimitri Maziuk) Re: The risks of garbage collection delays (Henry Baker, Michael Kohne, David B. Horvath) RISKS Digest 27.89 Wednesday 7 May 2014 Target's Chief Resigns in Wake of Data Breach (Elizabeth A. Harris via Henry Baker) Recognizing risk is not the same as preventing it (Paul Robinson) Woman dies after Facebook post from behind the wheel (Ryan Gorman via Monty Solomon) Heartbleed and Formal Methods (David Wheeler via Henry Baker) Infecting DVRs with Bitcoin-mining malware even easier than you suspected (Dan Goodin) U.S. government to study Bitcoin as possible terrorist threat (Himanshu Arora via Dewayne Hendricks) Level 3 claims six ISPs dropping packets every day over money disputes (Jon Brodkin via Monty Solomon) Yahoo is the latest company ignoring Web users' requests for privacy (Jon Brodkin via Monty Solomon) Android-based Pwn Phone is prepared to do evil for your network's own good (Sean Gallagher via Monty Solomon) Internet of Things: The ghosts that haunt the machine (Tom Brewster via Gene Wirchenko) US to start testing universal Internet IDs to combat fraud (Lauren Weinstein) "The new KB 2919355 Windows 8.1 Update causes more problems than it fixes" (Woody Leonhard via Gene Wirchenko) Extensive U-2 Flight Plan Overtaxes ATC Computers; Shuts Down LAX for Hours (Bob Gezelter) Re: U-2 Fries Air Traffic Control Computers, Shuts Down LAX (Scott Miller, Martyn Thomas) Re: The risks of garbage collection delays (Leonard Finegold, Dimitri Maziuk, Glynn Clements) RISKS 27.90 Monday 12 May 2014 Jet Nearly Collided With Drone Over Florida (Channing Joseph via Prashanth Mundkur) Press conference on Estonian Internet voting system (Halderman et al.) Iowa parties ponder Internet voting (Fox via Lauren Weinstein) Federal Agents Seek to Loosen Rules on Hacking Computers (Chris Strohm via Henry Baker) "We are rate limiting the FCC to dialup modem speeds until they pay us for bandwidth" (Lauren Weinstein) "FCC chief to revise plan; won't let firms segregate Web traffic into fast and slow lanes" (Lauren Weinstein) Meet the Fed's First Line of Defense Against Cyber Attacks (Shane Harris via Prashanth Mundkur) "Uncle Sam's brilliant new idea: An online driver's license" (Robert X. Cringely via Gene Wirchenko) The perils of PayWave (Richard A. O'Keefe) E-mails shed light on Google's work with NSA (Jaikumar Vijayan via Gene Wirchenko) George Smiley is spinning in his grave (Henry Baker) Saudi blogger sentenced to 10 years in prison and 1000 lashes (BBC via Lauren Weinstein) Photo of fingers yields fingerprints, arrest (Rex Sanders) Snapchat: Off the Record in a Chat App? Don't Be Sure (Jenna Wortham via Monty Solomon) Careful With That Mouse, Eugene (Dan Jacobson) Federal court overturns Google v. Oracle decision, setting disastrous precedent (Russell Brandom via Dewayne Hendricks) Re: The risks of garbage collection delays (Richard A. O'Keefe, Dimitri Maziuk) RISKS 27.91 Monday 12 May 2014 NEWS FLASH: RISKS-27.90 caught by Spam Assassin (PGN) "Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel via Ed Lazowska, PGN) "The FCC has already started destroying the Internet" (Paul Venezia via Gene Wirchenko) "Security-vendor snake oil: 7 promises that don't deliver" (Roger A. Grimes via Gene Wirchenko) "Oracle's surprise win in Java API case could make it harder for developers" (Paul Krill via Gene Wirchenko) RISKS 27.92 Tuesday 13 May 2014 Analysis of Estonia's e-voting system reveals -- a mess (Lauren Weinstein) Greenwald: how the NSA tampers with US-made Internet routers (Henry Baker) "Microsoft extends Windows 8.1 Update/KB 2919355 deadline" (Woody Leonhard via Gene Wirchenko) "Government agencies still vulnerable to Heartbleed, study says" (Andrew Brooks via Gene Wirchenko) LAX ATC failure caused by memory shortage (Alwyn Scott and Joseph Menn) "With the Internet of things, smart buildings pose big risk" (Jaikumar Vijayan via Gene Wirchenko) European court says Google must respect 'right to be forgotten' (Reuters via Lauren Weinstein) Re: Federal court overturns Google v. Oracle decision (Dennis E. Hamilton) Re: Reading, Writing, Arithmetic -- and Coding (Wols) Re: Saudi blogger (Ian Halliday) Re: Federal Agents Seek to Loosen Rules on Hacking Computers (Alister Wm Macintyre) Re: The perils of PayWave (Joe Keane) Announcing ACM's new Special Interest Group on Logic and Computation: SIGLOG (Prakash Panangaden) RISKS 27.93 Friday 15 May 2014 Germany Sets New Record, Generating 74 Percent Of Energy Needs from Renewable Energy (Kiley Kroh) Who Watches the Watchers? *Beyond the NSA* (politico.com via Rebecca Mercuri) Dan Wallach's talk at NSF on STAR-Vote (Jeremy Epstein) Photo from san diego fire (Paul Saffo) Kansas muzzles academic tweets (Richard Forno) Forged SSL Certs (Chris Beck) EFF: Which Tech Companies Help Protect You From Government Data Demands? (Rebecca Jeschke) EFF: AT&T, Comcast, and Snapchat are laggards on privacy policies (Ars Technica) Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose (Danny O'Brien via Dewayne Hendricks via Dave Farber) Internet Subversion (Bruce Schneier) FCC votes to proceed with net neutrality rules (BBC) Here's that FCC net neutrality compromise everyone demanded. And here's the problem. (Stacey Higginbotham) A politician, paedophile and doctor have already asked Google ``to be forgotten'' (BBC) Glenn Greenwald: U.S. Corporate Media is ``Neutered, Impotent and Obsolete'' (Democracy Now) RISKS 27.94 Saturday 24 May 2014 Full Report on Estonian Internet voting (J. Alex Halderman) Voting in Australia (PGN) After you, my dear Alphonse: 2000 new French trains too large (Kim Willsher via Henry Baker) Faster, better, cheaper, redux: Federal Health IT safety? (Robert L Wears) Merits of effective disaster recovery -- or, Emory Univ wipes all Windows systems by accident (Jon Kuroda via Al Stangenberger) In the future, the robots may control you, and Silicon Valley will control them (Dan Gillmor via Dave Farber) Where did all the risk takers go? (Tony Wasserman) Stanford Engineer Invents a Way to Beam Power to Medical Chips Deep Inside the Body (Tom Abate) Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Cloning (David Farber) Sawing away on discrete logs (Henry Baker) TCAS Works as Intended; ATC not so much (Bob Gezelter) Inside the US government's war on tech support scammers (Ars Technica) Organic Cat Litter Chief Suspect In Nuclear Waste Accident (Doug Hosking) Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA (Klint Finley) The Most Interesting Revelations From Frontline's Powerful Expose of NSA (Paul Szoldra) Airbnb Will Hand Over Host Data to New York (Monty Solomon) Four Words Going Bye-Bye (Thomas Friedman via Monty Solomon) Re: Forged SSL Certs (Jonathan S. Shapiro) Re: German Green Energy, also Car 'Dash Cams' (Chris Drewe) Re: Germany Sets New Record ... (Thomas Brooks, Larry Sheldon) Remember to Forget (Maureen Dowd via Monty Solomon) Re: The 'right to be forgotten' (Peter Bernard Ladkin, Lauren Weinstein) More on the 'right to be forgotten' (Peter Bernard Ladkin) RISKS 27.95 Saturday 24 May 2014 "Adobe Creative Cloud crash shows that no cloud is too big to fail" (Serdar Yegulalp via Gene Wirchenko) Public utility compromised after brute-force attack, DHS says" (Jeremy Kirk via GW) "Microsoft acknowledges more errors, 80070371 and 80071A91, when installing Windows 8.1 Update/KB 2919355" (Woody Leonhard via GW) "Hackers hit eBay database containing personal info" (Loek Essers via GW) "'Do not track'? Oh what the heck, go ahead" (Zach Miners via GW) "Mozilla plans semi-silent updates to tug laggards onto the newest Firefox" (Gregg Keizer via GW) "What questions should we be asking about the eBay breach?" (Claudiu Popa via GW) "Firefox will get DRM copy protection despite Mozilla's concerns" (Jeremy Kirk via GW) "Privacy takes a beating in the FBI's kangaroo court" (Robert X. Cringely via GW) "U.S. charges Chinese Army members with cyber espionage" (Serdar Yegulalp via GW) "Another privacy threat: DNS logging and how to avoid it" (Woody Leonhard via GW) Use of license-plate photo databases is raising privacy concerns (Robert Faturechi via Jim Reisert) California approves test of self-driving cars on public roads (Megan Geuss) Comcast, Time Warner Cable still have the angriest customers (Ars Technica via NNSquad) Technocreep, by Thomas P. Keenan (PGN) RISKS 27.96 Friday 6 June 2014 CyberBerkut Attempt to Alter Ukrainian Election (Brian Yates) Hack the Vote: The Perils of the Online Ballot Box (Bruce McConnell and Pamela Smith) New bugs found in software that caused Heartbleed cyberthreat (Jim Finkle) Massive Baltimore speed camera system errors (Ken Shotting) Is Progress in Technology Always Beneficial? (Stephen Unger) Critical new bug in GnuTLS crypto library leaves Linux, apps open to drive-by attacks (Ars Technica via NNSquad) Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass (Ars Technica via NNSquad) Researchers find a global botnet of infected PoS systems (Lucian Constantin via Monty Solomon) New federal database will track Americans' credit ratings, other financial information (Henry Baker) How the NSA Could Bug Your Powered-Off iPhone, and How to Stop Them (Andy Greenberg) Snowden would not get a fair trial; Kerry is wrong (Daniel Ellsberg via Janos Gereben) NSA Collecting Millions of Faces From Web Images - NYTimes.com (David Farber) Re: How the NSA tampers with US-made Internet routers (Mike O'Dell) RISKS 27.97 and RISKS 27.00 9 June 2014 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 27 (8 April 2010 to 6 June 2014) ------------------------------ End of RISKS-FORUM Digest 27.00 (97) ************************