RISKS-LIST: Risks-Forum Digest Thursday 17 October 2013 Volume 27 : Issue 55 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.55.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: GPS map leads to border crossing and shooting (Scott Nicol) "The shutdown gets real for science and high tech" (Robert X. Cringely via Gene Wirchenko) "How federal cronies built -- and botched -- Healthcare.gov" (Serdar Yegulalp via Gene Wirchenko) Health care exchange still plagued by problems (Kelly Kennedy via Monty Solomon) How applying to college just got a lot harder (David Strom via Gabe Goldberg) Food Stamp Debit Cards Failing To Work In 17 States (Monty Solomon) Majority of Brits fail to back up their important data (Monty Solomon) "Web sites tracking users using fonts, Belgian researchers find" (Candice So via Gene Wirchenko) Smart meter deployments to double market revenue of wireless modules (Bob Frankston) "Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk via Gene Wirchenko) Re: "We can't let the Internet become Balkanized" (Sam Steingold) Re: Founding Fathers (Richard A. O'Keefe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 17 Oct 2013 15:18:58 -0400 From: Scott Nicol <scott.nicol@gmail.com> Subject: GPS map leads to border crossing and shooting A 16-year old boy from a small town in eastern Ontario stole a car, picked up his girlfriend and headed east. A few police chases and stolen cars later they ended up in Sherbrooke Quebec, where they stole another car. Not far from Sherbrooke is the US border, which they promptly crashed through and were shot at. http://www.ottawasun.com/2013/10/15/ontario-runaways-nabbed-in-maine http://www.ottawasun.com/2013/10/16/wrong-turn-at-border-maine-cops-probe-ot... Speculation as to why the kids entered the US points towards a GPS map routing. Apparently they were headed for the Maritimes, which are the eastern-most provinces of Canada. If you go to google maps and ask for a routing from Sherbrooke, QC to St John, NB, all of the options go through the US. There is a small yellow banner at the top of the directions that reads "This route crosses through the United States". http://goo.gl/maps/n5b0I On an android phone the warning is in small print with a yellow triangle to the left of it. This is the same yellow triangle you see when maps warns about tolls on a route. Once you enter navigation there appears to be no warning at all. If you're on the run you probably won't notice the warning regardless. But even if you aren't on the run, it's easy enough to just click "navigate" and then any warning disappears. ------------------------------ Date: Tue, 15 Oct 2013 13:33:48 -0700 From: Gene Wirchenko <genew@telus.net> Subject: "The shutdown gets real for science and high tech" (Robert X. Cringely) Robert X. Cringely | InfoWorld, 14 Oct 2013 Think the shutdown only hits panda cams and national parks? Hardly -- scientific research will feel impact for years to come http://www.infoworld.com/t/cringely/the-shutdown-gets-real-science-and-high-... ------------------------------ Date: Tue, 15 Oct 2013 13:31:23 -0700 From: Gene Wirchenko <genew@telus.net> Subject: "How federal cronies built -- and botched -- Healthcare.gov" (Serdar Yegulalp) Serdar Yegulalp | InfoWorld, 14 Oct 2013 Many contractors for Healthcare.gov site seem to have been picked based on past government work rather than IT expertise http://www.infoworld.com/t/e-government/how-federal-cronies-built-and-botche... ------------------------------ Date: Wed, 16 Oct 2013 23:35:41 -0400 From: Monty Solomon <monty@roscom.com> Subject: Health care exchange still plagued by problems (Kelly Kennedy) Kelly Kennedy, *USA Today*, 16 Oct 2013 http://www.usatoday.com/story/news/nation/2013/10/16/exchanges-two-weeks-in/... Cloud devs: We could have saved buggy HealthCare.gov Christina Farr, VentureBeat Oct 14 2013 http://venturebeat.com/2013/10/14/cloud-devs-we-could-have-saved-buggy-healt... Why healthcare.gov has so many problems Steven Bellovin, Special to CNN, 15 Oct 2013 http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/ ------------------------------ Date: Tue, 15 Oct 2013 16:31:09 -0400 From: Gabe Goldberg <gabe@gabegold.com> Subject: How applying to college just got a lot harder (David Strom) New software version flawed. Imagine! - - ------ Original Message -------- Date: Tue, 15 Oct 2013 07:43:45 -0500 From: David Strom <david@strom.com> Subject: David Strom's Web Informant: How applying to college just got a lot harder To: webinformant@list.webinformant.tv Web Informant, 15 Oct 2013 We've all heard the stories about a broken website that was overwhelmed with visitors and was inadequately tested. But unless you have a high school senior in your home, you may not have heard about another website besides the much-flogged HealthCare.gov (that I and many others wrote about). I am talking about the common application website for college admissions. About 500 out of the nation's several thousand colleges and universities support this site, which allows them to eliminate paper student admissions applications. The idea dates back to when I was applying for college, when a common paper-based application was put in use. Later it went digital. Trouble is, the latest version of the common app is seriously broken and has prevented many kids from applying to the colleges of their choice. Given the high stakes involved, it is a serious problem. The best press coverage about the breakdown has been from Nancy Griesemer in examiner.com <http://examiner.com> where she lists work-arounds for the students and chronicles the troubles of CommonApp, as it is known, has gone through since they did a major overhaul this past summer. "The implementation has been terrible," one college admissions IT director told me. "Applicants have had difficulties in creating and completing their application, school officials have had problems in submitting transcripts and recommendations, and major changes in how the information is delivered to colleges have happened without sufficient time for schools to adapt and test their systems. We needed more lead time." This director isn't alone: many college admissions officers vented their frustrations at their annual meeting last month in Toronto, where some said they couldn't get satisfactory answers from the CommonApp staff. There were lots of things that should have been caught before being implemented. For example, a payment processor routine that takes two days to send a confirmation receipt, so many kids are paying multiple times. Or a signature page that is so well hidden that students didn't find it to sign their apps. As a result, their apps are never delivered to the college. Or those all-important student essays turn into gibberish under some circumstances, due to a faulty text import routine. Supposedly, these issues are being fixed literally right now. It makes the HealthCare.gov site look like a well-run place. The CommonApp processes more than a million applications a year, and is the only application method for about 300 schools. If you are applying early decision to one of these, you are in a tough situation as the decision deadlines are approaching. Some 50 others are using another online process called the Universal College App, including most recently Princeton. This process hasn't been plagued with problems. It is hard enough for high school seniors to figure out the college game without having to become unwitting software UI and QC testers. CommonApp needs to fix its code fast, and be more transparent about its problems in the future. Your comments are always welcome: http://strom.wordpress.com/2013/10/15/college/ [See also http://www.nytimes.com/2013/10/13/education/online-application-woes-make-stu... Noted by Monty Solomon. PGN] ------------------------------ Date: Wed, 16 Oct 2013 23:32:13 -0400 From: Monty Solomon <monty@roscom.com> Subject: Food Stamp Debit Cards Failing To Work In 17 States Walmart, Xerox Point Fingers, The Associated Press, 12 Oct 2013 People in Ohio, Michigan and 15 other states found themselves temporarily unable to use their food stamp debit-style cards on Saturday, after a routine test of backup systems by vendor Xerox Corp. resulted in a system failure. Xerox announced late in the evening that access has been restored for users in the 17 states affected by the outage, hours after the first problems were reported. ... http://www.huffingtonpost.com/2013/10/12/food-stamp-debit-cards_n_4090647.ht... Walmart, Xerox Point Fingers After Food Stamp Card Glitch Leads To Wild Shopping Spree, Reuters, 14 Oct 2013 updated 16 Oct 2013 http://www.huffingtonpost.com/2013/10/15/walmart-xerox_n_4099207.html [See also "Food stamp recipients flood Louisiana Wal-Marts after EBT glitch" Jessica Chasmar, *The Washington Times*, 14 Oct 2013 http://www.washingtontimes.com/news/2013/oct/14/food-stamp-recipients-flood-... Noted by Gene Wirchenko. PGN] ------------------------------ Date: Wed, 16 Oct 2013 23:26:27 -0400 From: Monty Solomon <monty@roscom.com> Subject: Majority of Brits fail to back up their important data Computer Business Review, 4 Oct 2013 Tons of individuals admitted to not storing an additional copy of digital files. The majority of individuals in the UK do not back up their data, leaving themselves vulnerable to loss of important files and digital photographs. A new research commissioned by digital storage firm WD revealed that many of Brits admitted to not storing an additional copy of digital files, with most of them saying they simply are not concerned or were unaware of how it could be done. ... http://www.cbronline.com/news/tech/hardware/storage/majority-of-brits-fail-t... ------------------------------ Date: Tue, 15 Oct 2013 13:44:04 -0700 From: Gene Wirchenko <genew@telus.net> Subject: "Web sites tracking users using fonts, Belgian researchers find" (Candice So) Candice So, *IT Business*, 11 Oct 2013 Web sites tracking users using fonts, Belgian researchers find http://www.itbusiness.ca/news/44120/44120 ------------------------------ Date: October 16, 2013 at 6:02:53 PM PDT From: "Bob Frankston" <Bob19-0501@bobf.frankston.com> Subject: Smart meter deployments to double market revenue of wireless modules [from Dewayne Hendricks via Dave Farber's IP] I can't help but worry when I read a quote like ``The preference for wireless [cellular] communication modules over wired technology is also owed to their incredibly secured network.'' Trusting the cellular network to be secure (whatever that means) is a problem in itself -- not only are there issues with the cellular protocols but what happens once the bits get past the towers? Depending on perimeter security is risky in that there is no protection once there is a breach. Of course the motivation is clear as the article states -- the cellular carriers stand to make a lot of money by charging for using their network. Even if one doesn't depend on cellular there is the cost and complexity of maintaining a parallel network. All that protects content are protocols and encryption. There is nothing magic about RF bits -- any approach that can be used for wireless bits can be used for bits over IP. Not only would using existing connectivity be far simpler and provide us with immediate benefits, the protocols would also offer the potential for users to have access to the data for their own use such as managing the power usage within their homes. Bob Frankston Smart meter deployments to double market revenue of wireless modules By Esme Vos Oct 16 2013 < http://www.muniwireless.com/2013/10/16/smart-meter-deployments-double-market...

An increase in smart meter deployments will see the global market for wireless communication modules approximately double in value over the coming years, jumping from $532m in 2012 to $1.3 billion in 2020, at a compound annual growth rate (CAGR) of 12 percent, according to a new report from research and consulting firm GlobalData. The company's latest report states that North America, currently the dominant player in the market for global wireless communication modules for smart meters, will be a key driver behind the leap, with its own market revenue expected to climb steadily from $379m in 2012 to $433.7m in 2020. Europe will also continue to account for a considerable share of the global market, thanks to a significant number of pilot-scale projects getting underway across the region. The uptake of wireless communication modules in the UK, Denmark and Ireland in particular looks promising, according to GlobalData, and these countries are predicted to occupy an even larger share of Europe's wireless smart meter communication market by the end of 2020. Cellular and Radio Frequency (RF) communication modules are the two key technologies used in smart meters for two-way data transmission. RF modules account for an 85 percent share of the North American market, thanks to their low cost, high bandwidth and efficient performance in industrial areas. Ginni Hima Bindu, GlobalData's Analyst covering Smart Grid, says: ``The preference for wireless communication modules over wired technology is also owed to their incredibly secured network, and as a result, we expect to see an increased take-up of wireless technology for smart meter deployments across North America, the UK and Japan, which will continue to drive the market over the forecast period.'' However, while the outlook for the wireless communication modules market is largely positive, a number of challenges remain that may prevent any further growth in global revenue. ``The problem of coverage is one of the major restraints of the market for cellular communication modules,'' says Bindu. ``For an indoor electric meter, GPRS technology provides just 80--85 percent coverage, if the electric meter, or other grid device, is not moved accordingly.'' ... Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/> ------------------------------ Date: Thu, 17 Oct 2013 14:04:51 -0700 From: Gene Wirchenko <genew@telus.net> Subject: "Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk) Jeremy Kirk, InfoWorld, 17 Oct 2013 A famed iPhone jailbreak software developer says Apple could easily decrypt iMessages, despite the company's claims http://www.infoworld.com/d/security/apples-claim-of-unbreakable-imessage-enc... ------------------------------ Date: Thu, 17 Oct 2013 14:13:44 -0400 From: Sam Steingold <sds@gnu.org> Subject: Re: "We can't let the Internet become Balkanized" (Sascha Meinrath) I keep wondering what is wrong with what NSA is doing. They are a spy agency. They have been created to spy on everyone in the world, whether a declared enemy or a professed "ally" (alliances do shift, so not spying on an ally is a liability no nation can afford). They "subverted the secure Internet protocols by inserting backdoors"? You mean the Internet servers run on closed-source software? Or pre-compiled binaries from open-source vendors which NSA compromised? Well, as a "netizen", I am delighted that those insecure practices will now cease. If an inept government bureaucracy could do that, I am sure it is being routinely done by the criminals and terrorists all over the world. So, now we at least have a chance to see this fixed. They spied on US citizens, thus violating their "foreign intelligence" charter? Yeah, this is no good. I would have felt much better if the same surveillance were conducted by the FBI, not the NSA. I actually welcome this scandal because it should bring home to people the fact that we have lost "the expectation of privacy" battle. Yes, we can legislate away the US government's ability to do surveillance - but how do you make sure that China/Russia/Iran will not do it? Sam Steingold (http://sds.podval.org/) ------------------------------ Date: Thu, 17 Oct 2013 18:33:20 +1300 From: "Richard A. O'Keefe" <ok@cs.otago.ac.nz> Subject: Re: Founding Fathers (Robinson, RISKS-27.51) In Risks 27.51 (http://catless.ncl.ac.uk/Risks/27.51.html#subj2), Paul Robinson stated or implied that 1. The US is exceptional in having a right to bear arms. 2. (The US founding fathers having been no dummies.) 3. Women habitually went armed in Wyoming. 4. Wyoming was the first state to give women the vote. 5. 2 caused 1, which enabled 3 which caused 4. Ad 1: The right to bear arms is in the British Bill of Rights, 1689. And that did not create the right, but reaffirmed it as an ancient right. It's noteworthy that the Bill of Rights affirms this as a right of *individual* self-defence. Ad 2: They certainly weren't. There are two caveats in the Bill of Rights which the framers of the second amendment carefully removed. However, the second amendment is famously difficult to interpret, and a case can be made that the people whose right to bear arms was affirmed was those who would have been called on to serve in the militia, namely (free, non-Amerind) men. Ad 3: That's an empirical question I have no evidence on. It's not clear that more women were armed in Wyoming than in say Arizona, where women didn't get the vote until 1912, or Texas, where they didn't get it until 1918. Ad 4: This is certainly false. Women in New Jersey had the right to vote since 1776. When Wyoming women got the vote, it was not a state. Women in Pitcairn Island got the vote in 1838, 31 years before women in Wyoming, and they had neither the protection of the US constitution nor the danger of rattlesnakes. Ad 5: If women having guns got them the vote, it would be difficult to understand how women with guns could ever _lose_ the vote. Yet they did. New Jersey: women got the right to vote in 1776, did vote from 1787, LOST the vote in 1807. Utah: women got the vote in 1870, and LOST the vote in 1887. Territory of Washington: women got the vote in 1883, and LOST the vote in 1887. Ohio: women got the vote in 1917 and LOST it later that year. We would also expect that countries that limited the right to bear arms would extend the vote to women later. Now the 1918 constitution of the USSR says (Article 2, paragraph 19): For the purpose of defending the victory of the great peasants' and workers' revolution, the Russian Socialist Federated Soviet Republic recognizes the duty of all citizens of the Republic to come to the defence of their socialist fatherland, and it therefore introduces universal military training. The honor of defending the revolution with arms is accorded only to the workers, and the non-working elements are charged with the performance of other military duties. This actually sounds a lot like the 2nd amendment, except for the restriction to "the workers". However, article 23 makes it clear that this has nothing to do with defence *from* the state: Being guided by the interests of the working class as a whole, the Russian Socialist Federated Soviet Republic deprives all individuals and groups of rights which could be utilized by them to the detriment of the socialist revolution. So you could carry a gun in the army, but not shoot a tax collector. Yet the USSR gave women the vote before Michigan or Oklahoma or South Dakota or Texas! Did women in Texas have no guns? My source for these dates is http://www.nzhistory.net.nz/politics/womens-suffrage/world-suffrage-timeline which cites C. Daley and M. Nolan (eds), Suffrage and beyond: international feminist perspectives, Auckland University Press, Auckland, 1994. The RISK? The truth is out there, but so is a whole lot of self-serving wishful thinking. (For example, the Pill had no detectable effect on birth rates in English-speaking countries, contra the popular mythology.) ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.55 ************************