Risk Factor iconRisk Factor

Parking In Trondheim Norway? Bring Lots of Money

parking-meter.gif The AP wire service reported yesterday that last Wednesday a computer problem caused a parking machine dispensing windshield parking permits to multiply the amount of time a motorist bought using their bank debit cards by 10,000, and automatically deducted it from their bank accounts. At least 26 motorists in the central Norwegian city of Trondheim were affected.

Motorists who parked were charged between $37,000 and $148,000, which resulted in over-drawn and frozen bank accounts.

City and bank officials said that they are trying to clear the accounts by the end of this weekend.

The parking company offered no explanation on why the error occurred only on this one machine.

UK Data Protection Rules: Too Sensitive to Share

Top-Secret.gif The Guardian newspaper is reporting today that there is an official HM Revenue and Customs (HMRC) manual describing official, strict instructions on how to share confidential information with other government departments. Unfortunately, the information contained within the manual was thought to be too sensitive to share will the staff at HMRC so instead only a few senior civil servants had access to it.

As you may recall, when the loss of the data was first announced by the UK government, it blamed junior civil servants for not following the rules. Now it appears the junior staff are not trusted with knowing what the rules are, but they will be help liable if they violate them. Sounds a little Kafkaesque.

The Guardian also reports that it has cost £2m in postage alone to send letters warning those whose data was lost that they should consider changing their bank passwords and pin numbers to prevent fraud.

Yes, Virginia: IT Security Does Seem to Be Getting Worse

USA Today reported this week that more than 162 million personal records have been reported lost or stolen in 2007, triple the 49.7 million that were reported missing in 2006.

The story notes that: "Volunteers at Attrition.org keep track of incidents, mostly in the USA, many of which are made public to meet new data-loss-disclosure laws. Of more than 300 cases tracked in 2007, 261 were reported in the USA, 16 in Great Britain, 15 in Canada, six in Japan, two in Australia, and one each in Denmark, Ireland, Sweden and Norway."

This is likely an undercount, since when the story was written, the latest cases in the Canada and the UK were not yet reported.

The story also noted that arrests or prosecutions have been reported in just 19 cases.

Okay, there is just a little under three weeks until 2008. Any guess for the final 2007 tally as provided by Attrition.org? I figure it will be around 170 million - I'm counting on the good folks in the UK government to help make the number.

Grab the Waders: UK Flood of Lost Personal Info

wading-boots-2.gif The Driver and Vehicle Agency in Coleraine, Co Derry has admitted Tuesday that two unencrypted computer discs containing the names and addresses of over 6 000 motorists in Northern Ireland have been lost in the post.

Separately, the HM Prison Service disclosed that confidential personal details of dozens of prisoners intended to be sent to Norfolk police were instead delivered to a private company. The letters gave names, criminal histories and addresses of more than 40 serious offenders that were being released - including pedophiles.

Similarly, the National Health Service (NHS) that Sefton Primary Care Trust has sent thousands of staff records to four private companies by mistake. The personal details included dates of birth, national insurance numbers, pensions and salary details.

Then yesterday, the NHS also confirmed that a computer disc containing the names, dates of birth and addresses of 160,000 children data was sent to St Leonard's Hospital in Hackney but failed to reach the right department - even though it was signed for by hospital staff. At least in this case, the data was encrypted using a 256 bit cipher.

UK Data Loss: No Harm, No Foul

CD_Object.gif UK Prime Minister Gordon Brown was asked MP Edward Leigh during a meeting with the Parliamentary IT body Pitcom about the IT security issues at HM Revenue and Customs (HMRC) and whether they represented a systemic failure. According to the Register, Brown said there was a difference between rules not being followed and failure of procedures and systems. (True, but irrelevant.)

Brown also added that no one had lost any money.

Right then, no harm, no foul. Play on!

Déjà vu - Sensitive Canadian Data Missing in Post

It is being reported by CTV.CA that private medical information on 140 British Columbia and 480 New Brunswick residents contained on four unencrypted magnetic tapes disappeared. Information on the tapes includes names, Medical Services Plan numbers, birth dates and possibly some description of services rendered and the costs of those services.

The information was "misplaced" on October 5, but New Brunswick medicare authorities were not made aware of the loss until Oct. 25. The province's director of medicare operations did not know about the vanished information until Nov. 29.

B.C. Information and Privacy Commissioner David Loukidelis who is investigating the loss said that he was "appalled that health information is being transmitted in such an insecure way."

Who Speaks For Humans?

alien-mask-3.gif In today's Wall Street Journal, there was a note regarding a story that is in Seed science magazine regarding the question:

"If aliens are out there, how should Earthlings go about getting in touch with them?"

"The question has provoked arcane but furious debate among scientists searching for extraterrestrials. Because scientists haven't picked up signs of alien life near Earth, the debate is essentially philosophical, revolving around such issues as who rightly speaks for humanity and whether humans want to draw the attention of possibly hostile life forms."

"A dispute erupted recently among scientists over an effort to draft a protocol for messages going from Earth into space, reports David Grinspoon in Seed, a science magazine. Several scientists who believe that governments and other scientists should be consulted prior to any space-bound communications resigned in protest from a prominent study group on extraterrestrial intelligence."

This got me to thinking about my earlier post on Microsoft's error reporting, and my joking reference about it possibility being a search for artificial intelligence. However, what happens if a computer does indeed become self aware? Who speaks for the human race, and does the first self-aware computer speak for ones that come after it?

UK Data Scandal Was Predicted Years Ago

CD_Object.gif Last week, Forbes reported that Prime Minister Gordon Brown disagreed with the acting chairman of the HM Revenue and Customs (HMRC) David Hartnett's portrayal that the numerous HMRC data breaches over the past few years "may well" indicate a systemic operational failure.

"I don't accept that that is what the chairman ...said," said Brown.

Okay, I guess he didn't say it.

Over the weekend, the Sunday Telegraph published a story that said senior HMRC officials were warned by auditors in March 2004 that, ".. letting junior staff have access to the entire system was a recipe for disaster." The auditors also said, "... mistakes would not be detected and that the system was open to fraud."

Hmm, again I am left to wonder what actually does constitute a systemic operational failure in the eyes of senior UK government officials?

Phishing for Cyberlove with Robo-Lovers

heart.gif According to the London Telegraph, "flirting robots" are invading Russian dating websites with the aim of gaining personal information from unsuspecting victims. CyberLover is one such robot that masquerades as a person seeking love on-line, according to the story. It interacts with a potential victim asking questions like, "When's your birthday? Where can I send you a Valentine's Day card?" and so on. The fear is that these robo-lovers could soon be invading popular social networks phishing for information.

I wonder what happens when one robo-lover encounters another on-line? Do they exchange code words so they know that the other is one of their own? Or do they just keep chatting one another up forever?

Microsoft Error Reporting: Really A Search for Artificial Life?

In historian Felipe Fernández-Armesto's survey book Ideas that Changed the World, there is a section entitled "Impossibilism." In it, he reviews some of the paradoxes that philosophers like William of Ockhamâ''s raised for contentious debate in the 14th century, such as â''God can order you to commit murderâ'' or â''God can reward good with evil.â''

If William of Ockham were alive today, he would probably coin something appropriate about Microsoftâ''s problem reporting.

As I noted a few weeks ago, Microsoft captures and analyzes those errors that unfortunately but not unexpectedly pop up every so often, which on some days provides Microsoft with 50 gigabytes worth of problem data.

I was recently sent a link to a screen shot of an error message that I have never encountered:

Windows Problem Reporting Has Stopped Working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

As the comments at the link note, this error message poses some very interesting philosophical paradoxes and implications. For instance, how can a solution be sent if the problem reporting scheme is not working? How can a solution even be available if the problem is not reported? Or does it really indicate that Windows has developed HAL-like self-awareness? This could help explain Microsoft's Potty Mouth Santa.

All this made me wonder whether:

a) Microsoft has another error monitoring program to watch for when its Windowâ''s Problem Reporting code has an error, and whether there is another one to watch for that one to have an error, and so on: all this watch watching might explain why its operating systems are so large, and;

b) if (a) above is not true, does the Microsoft error analyst team have a category for this specific types of error, waiting in hopes of an error turning up some day indicating that in fact Windows is now self-aware, kind of like the SETI folks do in waiting for that special signal from space to appear?


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More