RISKS Forum mailing list archives
Risks Digest 27.23
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 30 Mar 2013 16:57:32 PDT
RISKS-LIST: Risks-Forum Digest Saturday 30 March 2013 Volume 27 : Issue 23 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.23.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: IRS: Tax glitch affects about 660K returns (Heather Hollingsworth via Monty Solomon) Panama Canal Railway hit after upgrade (Bob Heuman) Online Dispute Becomes Internet-Snarling Attack (Markoff/Perlroth via Monty Solomon) More on Spamhaus et al. (sender anonymized by request) More cyberscares from our governments (Lauren Weinstein) SSL, RC4, and Site Administrators (Steve Bellovin) Microwave oven interference robustness mode (jidanni) Saudi Arabia 'threatens Skype ban' (Lauren Weinstein) FBI wants real-time access to ... well ... pretty much everything (LW) NYPD Facial Recog Unit Uses Facebook, Instagram To Track Down Suspects (LW) Big Data and a Renewed Debate Over Privacy (Steve Lohr via Monty Solomon) Database Is Shut Down by NASA for a Review (Mark Mazzetti via Monty Solomon) "12 hard truths about cloud computing" (Peter Wayner via Gene Wirchenko) "One in six Amazon S3 storage buckets are ripe for data-plundering" (Ted Samson via Gene Wirchenko) Some digital cameras easily turned into spying devices (Lauren Weinstein) Google offers *offline* language translation support for Android (LW) Risks of using other people's libraries (Phil Nasadowski) 25,000 could be affected by data breach at Salem State University (Monty Solomon) "Twitter-shaming can cost you your job" (Ted Samson via Gene Wirchenko) "Cisco inadvertently weakens password encryption in IOS (Lucian Constantin via Gene Wirchenko) Password must contain multiple character classes... (jidanni) "Microsoft Employee Info Being Hacked Through Xbox Live" (Chris Paoli via Gene Wirchenko) "Updated Windows 8 apps not in sync with Google Calendar" (Woody Leonhard via Gene Wirchenko) Re: Small furry animals ... (jericho) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 25 Mar 2013 01:03:46 -0400 From: Monty Solomon <monty () roscom com> Subject: IRS: Tax glitch affects about 660K returns (Heather Hollingsworth) Heather Hollingsworth, AP, 13 Mar 2013 KANSAS CITY, Mo. (AP) - A tax-preparation glitch affecting about 660,000 tax returns will delay refunds by as long as six weeks, with customers of the nation's largest tax preparer among those affected. The Internal Revenue Service said in a statement that a problem with a ''limited number of software company products'' affected some taxpayers filing a form used to claim educational credits between 14 and 22 Feb 2013. The agency didn't name any companies in the statement, which it released Tuesday, but Kansas City-based H&R Block has been informing customers about problems. H&R Block spokesman Gene King said Wednesday that the company isn't saying how many of its customers were affected by the problems with Form 8863. ... http://www.boston.com/news/education/2013/03/13/irs-tax-glitch-affects-about-returns/2RStz826IfaP2YS5fFILsK/story.html ------------------------------ Date: Sat, 23 Mar 2013 19:38:20 -0400 From: Bob Heuman <robert.heuman () alumni monmouth edu> Subject: Panama Canal Railway hit after upgrade Reuters, 22 Mar 2013 http://www.reuters.com/article/2013/03/23/us-panama-canal-idUSBRE92L19120130323 Thousands of containers have been stuck at Panamanian ports after a computer glitch hampered communication with the railway, causing significant delays, officials said on Friday. The Panama Canal Railway Co transports about 1,500 containers daily between the only port on the Pacific entrance to the Panama Canal and three ports on the Atlantic, said Thomas Kenna, director of operations for the railway. But a computer upgrade on 20 Mar 2013 by Panama Ports Co (which manages two of those ports) caused severe lags, Kenna said. Since then, the railway has moved only about 350 containers a day. Traffic picked up on Friday, and the system should be operating normally by Monday, Kenna added. ------------------------------ Date: Wed, 27 Mar 2013 14:01:57 -0400 From: Monty Solomon <monty () roscom com> Subject: Online Dispute Becomes Internet-Snarling Attack (Markoff/Perlroth) John Markoff and Nicole Perlroth, *The New York Times*, 26 Mar 2013 Firm Is Accused of Sending Spam, and Fight Jams Internet A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, like e-mail and online banking. The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Cyberbunker, named for its headquarters, a five-story former NATO bunker, offers hosting services to any Web site "except child porn and anything related to terrorism," according to its Web site. A spokesman for Spamhaus, which is based in Europe, said the attacks began on March 19, but had not stopped the group from distributing its blacklist. Patrick Gilmore, chief architect at Akamai Networks, a digital content provider, said Spamhaus's role was to generate a list of Internet spammers. Of Cyberbunker, he added: "These guys are just mad. To be frank, they got caught. They think they should be allowed to spam." ... http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html ------------------------------ Date: Wed, 27 Mar 2013 09:48:41 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: More on Spamhaus et al. (Another sender, anonymized by request) [I don't like sending out anonymized messages, but it appears that many legit users are simply terrified of upsetting Spamhaus. Via NNSquad. Lauren] Date: Wed, 27 Mar 2013 NN:09:11 -NNNN From: [] Subject: More on Spamhaus et al. [Another sender anonymized by request] On 27 Mar, [] wrote: Spamhaus has selected some of my IP addresses now and then for lock down as well -- even though they never demonstrated any proof of any sort that there was any good reason. Indeed there was none. Then I found out that they false positive list about 90,000 IPs a day -- according to them. And I found out what it takes to get removed -- which is excessive for the fact that they are acting without basis and from a location where class action suits are not going to work. They won't even reveal their real names. In any case, vigilante injustice is not what the Internet needs. ------------------------------ Date: Thu, 28 Mar 2013 19:38:03 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: More cyberscares from our governments "Cyberattacks Seem Meant to Destroy, Not Just Disrupt" http://j.mp/10eldVl (New York Times) Mr. Obama's goal was to erode the business community's intense opposition to federal legislation that would give the government oversight of how companies protect "critical infrastructure," like banking systems and energy and cellphone networks. That opposition killed a bill last year, prompting Mr. Obama to sign an executive order promoting increased information-sharing with businesses. "But I think we heard a new tone at this latest meeting," an Obama aide said later. "Six months of unrelenting attacks have changed some views." In a word regarding this entire article: bull. My bet is that most of this stuff is coming from the functional equivalent of pimple-faced kids in their parents' basements in Cleveland. Hell, sad to say, I wouldn't be all that surprised if our own governments are behind many of the attacks on our own companies. This is all about our own governments wanting to scare the hell out of us so that we'll let them and their cyberscare-industrial complex buddies get more and more powerful, richer and richer, and won't complain as they tap our networks just like they've wanted to do pretty much all along. And we're falling for it, boys and girls. ------------------------------ Date: Fri, Mar 29, 2013 at 3:38 PM From: Federal Trade Commission <subscribe () subscribe ftc gov> Subject: SSL, RC4, and Site Administrators [image: Tech@FTC Banner] <http://techatftc.wordpress.com/> Steve Bellovin SSL, RC4, and Site Administrators <http://techatftc.wordpress.com/2013/03/29/ssl-rc4-and-site-administrators/> There's been yet another report of security problems with SSL. <http://arstechnica.com/security/2013/03/new-attacks-on-ssl-decrypt-authentication-cookies/> If you run a website or mail server, you may be wondering what to do about it. For now, the answer is simple: nothing -- and don't worry about it. First of all, at the moment there's nothing to do. You can't invent your own cryptographic protocol; no one else would have a compatible browser. Besides, they're notoriously hard to get right. In the very first paper on the topic, Roger Needham and Michael Schroeder wrote ``Finally, protocols such as those developed here are prone to extremely subtle errors that are unlikely to be detected in normal operation. The need for techniques to verify the correctness of such protocols is great, and we encourage those interested in such problems to consider this area.'' Why do you think your design will be better than one that has been scrutinized for more than 15 years? Some of the trouble in this latest breach is due to weaknesses in the RC4 cipher algorithm. No one who works in cryptography was surprised by this report; it's been showing cracks since at least 1997. What's new is that someone has managed to turn the weaknesses into a real exploit, albeit one that needs at least 224 and preferably 230 encryptions of the same plaintext to work. (By the way, this is why cryptographers are so concerned about minor weaknesses: as Bruce Schneier is fond of noting, attacks always get better, they never get worse.) Besides, ciphers are even harder to get right than protocols are. <http://www.schneier.com/> The real reason not to worry, though, is that unless you're being targeted by a major intelligence agency, this sort of cryptanalytic attack is *very* far down on the risk scale. Virtually all attackers will look for unpatched holes, injection or cross-site scripting attacks, people who will fall for spear-phishing attacks, etc., long before they'll try something like this. The common attacks are a lot easier to launch; besides, the attackers understand them and know how to use them. In the long run, RC4 has to be phased out. I certainly wouldn't start any new designs that depended on RC4's characteristics or performance, but there are plenty of other algorithm possibilities today. Vendors do need to ship web browsers and servers that support newer versions of SSL (formally known as TLS); weaknesses at the protocol level can't always be fixed by patching code. For now, though, stay up to date with your patches and software, and practice good security hygiene. (And if you are being targeted by a major intelligence agency, you should talk to a major counterintelligence agency, not me!) Posted in Tech@FTC <http://techatftc.wordpress.com/category/techftc/> ------------------------------ Date: Sat, 23 Mar 2013 10:30:41 +0800 From: jidanni () jidanni org Subject: Microwave oven interference robustness mode The IEEE 802.11 committee that developed the Wi-Fi specification conducted an extensive investigation into the interference potential of microwave ovens. A typical microwave oven uses a self-oscillating vacuum power tube called a magnetron and a high voltage power supply with a half wave rectifier (often with voltage doubling) and no DC filtering. This produces an RF pulse train with a duty cycle below 50% as the tube is completely off for half of every AC mains cycle: 8.33 ms in 60 Hz countries and 10 ms in 50 Hz countries. This property gave rise to a Wi-Fi "microwave oven interference robustness" mode that segments larger data frames into fragments each small enough to fit into the oven's "off" periods. http://en.wikipedia.org/wiki/Electromagnetic_interference_at_2.4_GHz#Microwave_oven ------------------------------ Date: Mon, 25 Mar 2013 12:12:24 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Saudi Arabia 'threatens Skype ban' http://j.mp/16TWb2V (BBC via NNSquad) "Encrypted messaging services such as Skype, Viber and WhatsApp could be blocked in Saudi Arabia, the telecommunications regulator there is reported to have warned. It is demanding a means to monitor such applications, but Saudis say that would seriously inhibit their communications. Saudi newspapers are reporting that the companies behind the applications have been given a week to respond." ------------------------------ Date: Tue, 26 Mar 2013 22:27:27 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: FBI wants real-time access to ... well ... pretty much everything "FBI Pursuing Real-Time Gmail Spying Powers as 'Top Priority' for 2013" http://j.mp/11Kqi9d (Slate via NNSquad) "Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a "top priority" this year." Actually, what they want is real-time access to pretty much everything from everyone. If they could force hardware manufacturers to install keyloggers, screengrabbers, and audio/video siphons into every piece of telecom gear manufactured, they would. And at some point, they'll probably try. Could they catch more bad guys that way? Yeah. But they also could solve more crimes by installing government cameras and microphones in everyone's homes and businesses. At some point -- like now -- we simply have to say that civil liberties trump. ------------------------------ Date: Mon, 25 Mar 2013 21:11:43 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: NYPD Facial Recog Unit Uses Facebook, Instagram To Track Down Suspects "Police are searching for suspects' photos on Instagram and Facebook, then running them through the NYPD's new Facial Recognition Unit to put a face to a name, DNAinfo New York has learned. Detectives are now breaking cases across the city thanks to the futuristic technology that marries mug shots of known criminals with pictures gleaned from social media, surveillance cameras and anywhere else cops can find images." http://j.mp/XCVDrd (DNAinfo.com via NNSquad) Remember what I say, again and again: "Public Is Public!" ------------------------------ Date: Mon, 25 Mar 2013 00:31:06 -0400 From: Monty Solomon <monty () roscom com> Subject: Big Data and a Renewed Debate Over Privacy (Steve Lohr) Big Data Is Opening Doors, but Maybe Too Many Steve Lohr, *The New York Times*, 23 Mar 2013 In the 1960s, mainframe computers posed a significant technological challenge to common notions of privacy. That's when the federal government started putting tax returns into those giant machines, and consumer credit bureaus began building databases containing the personal financial information of millions of Americans. Many people feared that the new computerized databanks would be put in the service of an intrusive corporate or government Big Brother. "It really freaked people out," says Daniel J. Weitzner, a former senior Internet policy official in the Obama administration. "The people who cared about privacy were every bit as worried as we are now." Along with fueling privacy concerns, of course, the mainframes helped prompt the growth and innovation that we have come to associate with the computer age. Today, many experts predict that the next wave will be driven by technologies that fly under the banner of Big Data - data including Web pages, browsing habits, sensor signals, smartphone location trails and genomic information, combined with clever software to make sense of it all. Proponents of this new technology say it is allowing us to see and measure things as never before - much as the microscope allowed scientists to examine the mysteries of life at the cellular level. Big Data, they say, will open the door to making smarter decisions in every field from business and biology to public health and energy conservation. "This data is a new asset," says Alex Pentland, a computational social scientist and director of the Human Dynamics Lab at the M.I.T. "You want it to be liquid and to be used." But the latest leaps in data collection are raising new concern about infringements on privacy - an issue so crucial that it could trump all others and upset the Big Data bandwagon. Dr. Pentland is a champion of the Big Data vision and believes the future will be a data-driven society. Yet the surveillance possibilities of the technology, he acknowledges, could leave George Orwell in the dust. ... http://www.nytimes.com/2013/03/24/technology/big-data-and-a-renewed-debate-over-privacy.html ------------------------------ Date: Mon, 25 Mar 2013 00:34:11 -0400 From: Monty Solomon <monty () roscom com> Subject: Database Is Shut Down by NASA for a Review (Mark Mazzetti) Mark Mazzetti, *The New York Times*, 22 Mar 2013 WASHINGTON - NASA has shut down a large public database and is limiting access to agency facilities by foreign citizens as part of a broader investigation into efforts by China and other countries to get information about important technology. NASA announced the security procedures this week, after the F.B.I. arrested a Chinese citizen at Dulles International Airport in Virginia who had boarded a plane to Beijing. The man, Bo Jiang, had been working as a contractor at NASA's Langley Research Center in southern Virginia. According to an affidavit filed on Monday, Mr. Jiang is being charged with making false statements to federal agents - failing to disclose that he was carrying a laptop, hard drive and SIM card that were discovered after a search of his belongings. ... http://www.nytimes.com/2013/03/23/us/nasa-shuts-down-database-during-security-inquiry.html ------------------------------ Date: Mon, 25 Mar 2013 10:36:11 -0700 From: Gene Wirchenko <genew () telus net> Subject: "12 hard truths about cloud computing" (Peter Wayner) Peter Wayner, InfoWorld, Performance, security, cost -- here's what to really expect from the cloud http://www.infoworld.com/d/cloud-computing/12-hard-truths-about-cloud-computing-214920 ------------------------------ Date: Thu, 28 Mar 2013 10:43:30 -0700 From: Gene Wirchenko <genew () telus net> Subject: "One in six Amazon S3 storage buckets are ripe for data-plundering" (Ted Samson) Ted Samson, InfoWorld, 27 Mar 2013 Researchers discover nearly 2,000 Amazon Simple Storage Service buckets containing freely accessible sensitive data http://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buckets-are-ripe-data-plundering-215349 ------------------------------ Date: Tue, 26 Mar 2013 18:11:04 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Some digital cameras easily turned into spying devices http://j.mp/XaU20U (Net-Security [+video] via NNSquad) "Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with German-based IT consulting firm ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices. Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it." ------------------------------ Date: Wed, 27 Mar 2013 10:55:50 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Google offers *offline* language translation support for Android http://j.mp/Zq5Gzg (Google Translate Blog via NNSquad) Have you ever found yourself in a foreign country, wishing you knew how to say "I'm lost!" or "I'm allergic to peanuts"? The Internet and services like Google Translate can help-but what if you don't have a connection? Today we're launching offline language packages for Google Translate on Android (2.3 and above) with support for fifty languages, from French and Spanish to Chinese and Arabic. Seriously useful and cool. ------------------------------ Date: Mon, 25 Mar 2013 22:37:34 -0400 From: Phil Nasadowski <pnasadowski () pcsintegrators com> Subject: Risks of using other people's libraries We recently ran into a situation where I work, where a vendor's (a large, well-known, multinational company with a two letter abbreviation for it's name) piece of software was not fully compatible with Windows 7, 64bit. In particular, a portion of the UI that's very, very useful for looking at variables, is broken. Being that the software in question was a development package for their programmable logic controllers, and the widespread use of Windows 7 / 64 bit in our office, a call to the vendor was in order. The vendor replied that they were *not* going to update the package for 64 bit operating systems and there was *no* workaround. A bit of pressing and a few nasty emails later, we got the full story: Apparently the software uses a library developed by an outside firm. That firm went bankrupt and is no longer in business. There is no copy of the source code to the library. The library is not 64 bit compatible. Thus, the vendor is forced to rewrite a portion of his software in house. Or seek another library. Or something. We are stuck with a piece of broken software for the mean time. They say maybe 6 months to a year to fix it. I doubt we're alone. I'm sure this isn't the first time this has happened. I'm sure it won't be the last. It's a risk of relying on someone else's library to do something. If they go away, you may be stuck with incompatible software. And your customers won't be happy about it. Philip Nasadowski, Project Engineer, PCS Integrators ------------------------------ Date: Mon, 25 Mar 2013 00:19:47 -0400 From: Monty Solomon <monty () roscom com> Subject: 25,000 could be affected by data breach at Salem State University http://www.newburyportnews.com/local/x1533629801/25-000-could-be-affected-by-data-breach-at-SSU http://bostonglobe.com/metro/2013/03/15/virus-accesses-salem-state-university-database-containing-personal-information-for-thousands/S7AJvP1k7Zb7lLzSqhm7pN/story.html?s_campaign=8315 ------------------------------ Date: Mon, 25 Mar 2013 09:51:31 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Twitter-shaming can cost you your job" (Ted Samson) Ah, the wonders/blunders of modern communication. Ted Samson, InfoWorld, 21 Mar 2013 Complaint on Twitter about overheard off-color jokes ends up costing two techies their jobs http://www.infoworld.com/t/technology-business/twitter-shaming-can-cost-you-your-job-214956 ------------------------------ Date: Mon, 25 Mar 2013 10:00:24 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Cisco inadvertently weakens password encryption in IOS (Lucian Constantin) Lucian Constantin, IDG News Service, InfoWorld, 20 Mar 2013 http://www.infoworld.com/d/security/cisco-inadvertently-weakens-password-encryption-in-its-ios-operating-system-214907 Cisco inadvertently weakens password encryption in its IOS operating system The password encryption scheme used in newer Cisco IOS versions is weak, researchers find. ------------------------------ Date: Fri, 29 Mar 2013 19:39:17 +0800 From: jidanni () jidanni org Subject: Password must contain multiple character classes... I have just encountered the most clodsworthy... Lost Password Login https://savannah.gnu.org/ Welcome, jidanni. You may now change your password. New password / passphrase: (not too short, must contain multiple character classes: symbols, digits (0-9), upper and lower case letters) (for instance: Stigma5Brass3Status) New Password (repeat): 1. Why am I here? Because I always forget my password. 2. Why do I always forget my password? Because I am not allowed to use my much better password, but have to conform to some expert person's concept of what is a good password. ------------------------------ Date: Tue, 26 Mar 2013 10:37:42 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Microsoft Employee Info Being Hacked Through Xbox Live" Chris Paoli, 20 Mar 2013 And one security expert unravels the tangled web of related attacks. http://redmondmag.com/articles/2013/03/20/xbox-live-hack.aspx ------------------------------ Date: Wed, 27 Mar 2013 09:42:00 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Updated Windows 8 apps not in sync with Google Calendar" (Woody Leonhard) Users caught in the middle: Woody Leonhard, InfoWorld, 26 Mar 2013 http://www.infoworld.com/t/microsoft-windows/updated-windows-8-apps-not-in-sync-google-calendar-215225 Updated Windows 8 apps not in sync with Google Calendar Microsoft's new version of the Metro 'productivity' apps Mail, Calendar, and People refuses to sync with Google Calendar But it is not just Microsoft: "After you upgrade Mail, Calendar, and People (they all come together), the first time the Metro apps try to sync with a Google Calendar, you see this message: Reconnect this account / We can't connect to blahblah () gmail com because Google no longer supports ActiveSync. Reconnect to get your email and contacts using a different method. Cancel to save your email drafts and reconnect later." ------------------------------ Date: Sun, 24 Mar 2013 12:29:57 -0500 (CDT) From: security curmudgeon <jericho () attrition org> Subject: Re: Small furry animals ... (Re: Ishikawa, RISKS-27.22) [Ishikawa notes only] the tip of the iceberg. While doing research for a presentation, I focused only on squirrel-related outages of both power and communications. The presentation is available here: http://attrition.org/security/conferences/2012-BruCON-CyberWar-v18-FINAL03.pptx If you start at slide 33 and click through to slide 39, you will not only see my attempt at a humorous assertion that squirrels are a bigger threat than 'cyberwar', but in the notes below each side is extensive details of other incidents caused by squirrels. In some cases, I had to resort to (now shared) Google spreadsheets because there were so many incidents. In particular, look at the notes for Slide 34 which has one fascinating statistic: Squirrels caused 177 power outages in Lincoln, Nebraska, in 1980, which was 24% of all outages. Estimated annual costs were $23,364 for repairs, public relations, and lost revenue. In Omaha, in 1985, squirrels caused 332 outages costing at least $47,144. After squirrel guards were installed over pole-mounted transformers in Lincoln in 1985, annual costs were reduced 78% to $5,148. Another article tells us: In Georgia, squirrel-related outages more than tripled from 5,273 in 2005 to 16,750 in 2006. [..] Georgia Power officials estimate the rodents cost them $2 million last year. [..] It appears that the problem may in part be due to acorns. [..] PECO, which powers Philadelphia and its surrounding counties, spends $1 million a year on squirrel guards to stop outages from "those rascally little varmints," Engel said. Another reference in the presentation also gives us this: http://blog.level3.com/2011/08/04/the-10-most-bizarre-and-annoying-causes-of-fiber-cuts/ According to Level 3 Communications, Squirrel chews account for a whopping 17% of our damages so far this year! (2011) So, while a rat has the distinction of going after a nuclear power plant, that little critter is just the latest in a painfully long history of such incidents. [In addition to the SRI item that Ishikawa noted, I have probably previously noted in RISKS that SRI International has experienced at least 5 squirrelcides that brought down the entire institute's power -- despite our having created a co-generation plant in response to the first few. In http://www.csl.sri.com/neumann/illustrativerisks.html, search for "squirrel" gives those and others: * Squirrel arcs power, downs computers in Providence RI * SRI attacked by kamikaze squirrel who downs uninterruptible power * 4th SRI squirrelcide causes 8-hour outage, surges, system rebuild * 5th SRI squirrelcide causes 18.5-hour institute outage * Another squirrelcide: San Jose Airport power cut * Squirrel attack brings down Walla Walla * Squirrel knocked out Trumbull Connecticut infrastructure computer center PGN] ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.23 ************************
Current thread:
- Risks Digest 27.23 RISKS List Owner (Mar 30)