RISKS-LIST: Risks-Forum Digest  Friday 16 September 2016  Volume 29 : Issue 77

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can also be found at

Tesla fatal crash in Baarn, The Netherlands (Erling Kristiansen)
Self-driving cars would cause 4.1 million jobs to disappear (PGN)
Modern healthcare commentary on medical device security (Kevin Fu)
Colin Powell, in Hacked Emails, Shows Scorn for Trump and Irritation at
  Clinton (NYTimes)
After Colin Powell's Hacked Emails, am I Next? (Shear/Fandossept via
  Henry Baker)
Russian Hackers Leak U.S. Star Athletes' Medical Information (NYTimes)
New Documents Released From Hack of Democratic Party (NYTimes)
Sowing Doubt Is Seen as Prime Danger in Hacking Voting System (NYTimes)
Fire drill knocks ING bank's data centre offline (paul cornish)
Data center crippled by loud noise (BBC via Mark Trumpler)
Free Wi-Fi Kiosks Were to Aid New Yorkers. An Unsavory Side Has Spurred a
  Retreat (NYTimes)
'Command and Control': Common Errors, Nuclear Arms and Consequences
  (NYTimes via Monty Solomon)
Bloomberg: This Loophole Ends the Privacy of SSNs (Gabe Goldberg)
Re: Dangerous Galaxy Note 7 & AirAsia X flight from Sydney to Malaysia ends
  up in Melbourne (PGN)
Re: PC without OS (Dimitri Maziuk)
Re: How One GMO Nearly Took Down the Planet (Chris Drewe)
Abridged info on RISKS (comp.risks)


Date: Tue, 13 Sep 2016 10:21:06 +0200
From: Erling Kristiansen <erling.kristian...@xs4all.nl>
Subject: Tesla fatal crash in Baarn, The Netherlands

A Tesla model-S car crashed into a tree at high speed on 7 September in
Baarn, The Netherlands, killing the driver. The impact caused parts of the
battery to be scattered around, causing small fires that were difficult to
extinguish.  The car itself also caught fire after some time.  The rescue
team did not dare approach the wreckage for fear of electrocution.

The driver was already dead (did the rescue workers know for sure?), but
what if there had been survivors inside the wreck?

Tesla stated within a day that telemetry showed that the speed at impact was
155 km/h (about 95 mph) and that the "autopilot" mode was not enabled.

I want to make two points:

1. The battery of electric cars, not only Tesla's, presents a hazard in case
   of a violent accident that is only starting to be realized. In particular
   if the battery is severely damaged.

2. The fact that Tesla was able to provide detailed data from telemetry
   shows the extent to which they are following their cars.  This should
   raise serious privacy concerns.  And, of course, what guarantees are
   there that the manufacturer is telling the truth?  If the car is somehow
   to blame, would they tell?

  [A little browsing turned up somewhat diverse reports.  In any event, If
  the "autopilot" was not involved, this might reinforce Don Norman's
  argument that semi-automated cars are inherently dangerous, and that total
  automation is ultimately necessary.  PGN]


Date: Fri, 16 Sep 2016 11:22:29 PDT
From: "Peter G. Neumann" <neum...@csl.sri.com>
Subject: Self-driving cars would cause 4.1 million jobs to disappear

In a paper in which very large bold-faced article titles can sometimes take
up as much space than the article, the front page of today's Palo Alto and
Mid-Peninsula *Daily Post* has this squib in The Update section:

  SELF-DRIVING CARS: When the self-driving car revolution takes hold, 4.1
  million jobs will disappear, according to Wolf Richter of the Wolf of Wall
  Street blog, citing government statistics.  Among the jobs to go will be
  those of chauffeurs, truck drivers and bus drivers.  He said the jobs will
  go away faster than society is prepared to deal with it.


Date: Wed, 14 Sep 2016 15:55:25 -0400
From: Kevin Fu <kevi...@umich.edu>
Subject: Modern healthcare commentary on medical device security

Commentary: Hospitals need better cybersecurity, not more fear

Kevin Fu, EECS Department, The U. of Mich.  web.eecs.umich.edu/~kevinfu/


Date: Thu, 15 Sep 2016 20:13:01 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Colin Powell, in Hacked Emails, Shows Scorn for Trump and
  Irritation at Clinton

The disclosures ripped away the diplomatic jargon and political niceties of
a former secretary of state with a sober and thoughtful reputation.



Date: Fri, 16 Sep 2016 08:11:43 -0700
From: Henry Baker <hbak...@pipeline.com>
Subject: After Colin Powell's Hacked Emails, am I Next?

What's good for the goose is good for the gander; what took YOU
Congresspeople so long to wake up?

"There but for the grace of God go all of us"

"In Pakistan, politicians often agree to speak to reporters in person only
after removing phone batteries"

The good news: expect quick action on an email security bill without back

The bad news: expect an all-out attack on FOIA, which requires saving govt
emails for all time.


Michael D. Shear and Nicholas Fandossept. *The New York Times*, 15 Sep 2016
Concern Over Colin Powell's Hacked Emails Becomes a Fear of Being Next

A panicked network anchor went home and deleted his entire personal Gmail
account.  A Democratic senator began rethinking the virtues of a flip phone.
And a former national security official gave silent thanks that he is now
living on the West Coast.

The digital queasiness has settled heavily on the nation's capital and its
secretive political combatants this week as yet another victim, former
Secretary of State Colin L. Powell, fell prey to the embarrassment of seeing
his personal musings distributed on The Internet and highlighted in news

"There but for the grace of God go all of us," said Tommy Vietor, a former
National Security Council spokesman for President Obama who now works in San
Francisco.  He said thinking about his own email exchanges in Washington
made him cringe, even now.  "Sometimes we're snarky, sometimes we are rude,"
Mr. Vietor said, recalling a few such moments during his time at the White
House.  "The volume of hacking is a moment we all have to do a little soul

The Powell hack, which may have been conducted by a group with ties to the
Russian government, echoed the awkwardness of previous leaks of emails from
Democratic National Committee officials and the C.I.A. director, John
O. Brennan.  The messages exposed this week revealed that Mr. Powell
considered Donald J. Trump a "national disgrace," Hillary Clinton "greedy"
and former Vice President Dick Cheney an "idiot."

The latest hack could well spur a new rash of email deletions across the
country as millions of people scan their sent mail for anything
compromising, humiliating or career-destroying.  It adds to the sense that
everyone is vulnerable.

The soul searching is happening with a special urgency in Washington, where
email accounts burst with strategies, delicate political proposals, gossipy
whispers and banal details of girlfriends, husbands, bank accounts and
shopping lists.  [Long item truncated for RISKS.  PGN]


Date: Tue, 13 Sep 2016 22:12:58 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Russian Hackers Leak U.S. Star Athletes' Medical Information

Documents, published this week, showed Simone Biles and Serena and Venus
Williams received exemptions to use banned drugs.


Date: Thu, 15 Sep 2016 12:34:55 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: New Documents Released From Hack of Democratic Party

New Documents Released From Hack of Democratic Party

A hacker known as Guccifer 2.0, who American officials believe has ties to
Russia, released a second batch of documents purportedly stolen from the
Democratic National Committee.


Date: Thu, 15 Sep 2016 12:34:48 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Sowing Doubt Is Seen as Prime Danger in Hacking Voting System



Date: Tue, 13 Sep 2016 12:59:03 +0100
From: paul cornish <paul.a.corn...@googlemail.com>
Subject: Fire drill knocks ING bank's data centre offline

Apparently the nozzles used in the fire suppression systems create sound
with enough volume to damage hard disks!


Date: Mon, 12 Sep 2016 20:04:32 -0400
From: Mark Trumpler <mtrump...@alum.syracuse.edu>
Subject: Data center crippled by loud noise (BBC)

The BBC reports that the test of a fire suppression system in the Romanian
data center of ING caused many of its systems to fail, resulting in outages
of ATM and other services.  The root cause is thought to be the loud noise
(about 130 dB) emitted by the high pressure gas discharge.



Date: Fri, 16 Sep 2016 09:49:01 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Free Wi-Fi Kiosks Were to Aid New Yorkers. An Unsavory Side Has
  Spurred a Retreat


The operator is shutting off the Internet browsers because they have drawn
people who linger for hours, sometimes drinking, using drugs or watching
pornography.   [Is this surprising?  PGN]


Date: Tue, 13 Sep 2016 22:20:03 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: 'Command and Control': Common Errors, Nuclear Arms and Consequences

The film documents a 1980 accident in a missile silo in Arkansas that showed
just how vulnerable the nation’s most fearsome weapons can be.



Date: Thu, 15 Sep 2016 22:24:06 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: Bloomberg: This Loophole Ends the Privacy of SSNs

  [Bloomberg, 15 Sep 2016]

Hold on tight to that number.

Federal law is supposed to protect the privacy of your Social Security
number from government inquiries -- but apparently that doesn't extend to a
check on whether you've paid back taxes and child support. In a decision
with worrying implications for those who oppose a single national
identification number, a divided federal appeals court has rejected a
lawyer's refusal to submit his Social Security number along with his renewal
of Maryland bar membership.

To read the entire article, go to http://bv.ms/2cLpZel

Of course, Medicare numbers have for years been SSNs. Camouflaged
wonderfully by addition of a tricky trailing letter.


Date: Fri, 16 Sep 2016 11:12:32 PDT
From: "Peter G. Neumann" <neum...@csl.sri.com>
Subject: Re: Dangerous Galaxy Note 7 & AirAsia X flight from Sydney to
  Malaysia ends up in Melbourne (RISKS-29.76)

,,, and U.S. safety regulators yesterday announced a formal recall of
Samsung's Galaxy Note 7 smartphone after a spate of fires led to injuries
and property damage ...

  [Here's why Samsung Note 7 phones are catching fire:]


Date: Mon, 12 Sep 2016 17:51:29 -0500
From: Dimitri Maziuk <dmaz...@bmrb.wisc.edu>
Subject: Re: PC without OS (Sayer, RISKS-29.76)

When one looks up non sequitur, one should find

> ... PC makers have no obligation to offer you a machine without an OS, the
> European Union's highest court has ruled.


> "Consumers have no right to buy a PC without an OS, European court rules"


Date: Mon, 12 Sep 2016 17:56:54 +0100
From: Chris Drewe <e767...@yahoo.co.uk>
Subject: Re: How One GMO Nearly Took Down the Planet (Goldberg, RISKS-29.75)

Difficult to disagree that GMOs are beyond the scope of RISKS, but I feel
that how these things are debated is very relevant.  Trouble is, people look
in terms of safe vs. dangerous, good vs. bad, wrong vs. right, etc. when of
course in real life it's risks vs. other risks, not quite safe vs. slight
danger, and possible conflicts between safety requirements and other

> Trade-offs are fine -- necessary to get anything done.


Big problem with contentious subjects like GMOs (banned in the EU anyway),
nuclear power, hydraulic fracturing for shale gas & oil, and so forth is
that the actual issues are swamped by hysteria and political posturing (and
any publicity document which starts with "let's look at the facts" is pretty
sure not to contain any facts...).

One example: in the UK, trains have a good safety record, but on the rare
occasions when something bad happens, there are demands to spend huge
amounts of money on improving safety.  The railways only have two sources of
money, fares and subsidies from taxes, so spending more money on train
safety either means more-expensive fares, which may mean people deciding to
travel by road instead, putting themselves at a much greater risk, or the
Government diverting money from other health/safety-related budgets.  But of
course road deaths are just one of those things, while train crashes are a
crime against humanity.  (Most rail-related deaths are trespassers and
suicides which are effectively intentional so difficult for railway
operators to prevent.)

Another point worth debating is "profit before safety", as however much is
spent on safety, it's always possible to spend more, but money is not
unlimited.  A commercial organisation has to make a profit or it goes bust,
but also has to avoid a poor safety reputation or customers will go
elsewhere, while prices must also be competitive to attract customers in the
first place.  A fine balancing act, and when something does go wrong it's
easy to be wise after the event.  At least commercial organisations do have
to worry about their reputations, which Government monopolies don't.

The relevance of all this to RISKS is that more and more safety-related
systems are becoming software-controlled, as well as Internet-linked, thus
interconnected and potentially hackable.


Date: Wed, 17 Aug 2016 11:11:11 -0800
From: risks-requ...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 29.77

Reply via email to