Risk Factor iconRisk Factor

Air Canada Computer Problems

Air Canada said there was a communications error between the airline's central reservation and check-in system affecting airports across Canada beginning at 0430 Friday morning. The system-wide problem affected both international and domestic flights with the worst delays experienced during the peak morning travel hours.

The delays weren't as bad as the recent problems at LAX.

Scarce Computer Science Students at Cambridge

A small news item appeared in the London Guardian this past week about how Cambridge University in England is desperate for computer science applicants. Cambridge is receiving only 40% as many applicants that it did in 2000. Professors there blame the drop on the perception that computer science students are "geeky" and that the best jobs are being outsourced to India and China.

FBI Virtual Case File Opportunity Cost?

A Lebanese-born CIA officer and former FBI agent Nada Nadim Prouty pleaded guilty this week to charges that, among other things (like submitting forged documents to obtain American citizenship) she illegally sought classified information from FBI computers in September 2002 and June 2003 concerning the Islamic group Hezbollah.

According to the New York Times, the agent's sister and brother-in-law "attended a fund-raising event in Lebanon in August 2002 at which the keynote speaker was Sheikh Muhammed Hussein Fadlallah, the spiritual leader of Hezbollah. Sheikh Fadlallah has been designated by the United States government as a terrorist leader." She checked the FBI computers to see what information law enforcement had on relatives, as well as herself.

It is interesting to speculate whether Prouty would have dared to check the FBI files in June 2003 if the Virtual Case File was visibly on track to be completed on-time (December 2003 or June 2004, take your pick), and or whether her 2002 or 2003 snooping would have also been discovered in 2004 before she went to the CIA, not 2007.

Just Some Neat Earth Rise/Set Pictures

If you haven't seen them yet, the Japan Aerospace Exploration Agency (JAXA) released some great HD pictures of earth rise and earth set as seen from the moon.

Back to Future - A Bit Faster Now

The British press (here and here) is reporting on Gordon Brown's government desire for building "Fortress Britain" after it "unveiled a succession of security measures at airports, railway stations, sports venues and other public places."

By summer 2009, the UK government wants every person entering or leaving Britain to provide 53 pieces of travel information, including credit card information, travel contact numbers of where you are staying, travel plans, email addresses, car registrations being used in travel, the number of pieces of luggage taken, baggage tag numbers, all changes to the travel itinerary, etc.

Furthermore, passengers will have the privilege of paying a fee to the travel organizations who are going to collect and send all of this information to the UK government, and a UK government surtax to pay for its use and storage. But what price is your security, eh?

The UK government hasn't decided (yet) to require that the travel information be provided three days before the intended date of travel, like the US is contemplating. It does appear, however, that both the US and Britain are in a competition to discouraging foreigners from visiting and their own citizens from leaving.

Given the amount of information planned to be captured and stored indefinitely via this scheme and all the others in Big Brother Britain, maybe the smart thing to do is to start buying stock in database, data storage, and business continuity management companies.

Australian Super Seasprite Software Problems - A Record?

Australian pals of mine clued me in on the latest program problems with the Australian Department of Defence's Super Seasprite upgrade program. Begun in 1997, the program was meant to upgrade the electronics and some other bits of 11 of these 1960s-era helicopters (Defence calls them "mature helicopters") over five years for an original cost of AU$745 million; the cost to complete is now estimated to range around AU$1.5 billion. Up until a few weeks ago, the Australian Defence Department said their Super Seasprites would become operational in 2008, but that date has now been slipped to 2011.

Software problems related to the Seasprite's avionics and flight control software have been at the root of many of the delays and cost overruns. The problems have been so severe that last year the helo was grounded because, according to Defence Minister Brendan Nelson, "You could not have 100 per cent confidence in the software program that supports the pilot flying the helicopter to 100 per cent safety."

According to Department of Defence's Portfolio Budget Statement 2007-2008, "The main sustainment risks to the Super Seasprite include the automatic flight control system issue, mission computer shortcomings, and a lack of customer confidence in the platform brought about by the extended flight suspension and ongoing technical issues." Oh, that's all?

The latest schedule slip was due to software testing and integration problems to the helo's mission system software. IT mercy rule, anyone?

I don't recall any other defense program of any nation being delivered 9 years late due mostly to software problems (other than maybe the Strategic Defense Initiative). Anyone have some other candidates?

Change Definition of Privacy: Government Official

The Principal Deputy Director of National Intelligence, Dr. Donald Kerr, thinks, "Too often, privacy has been equated with anonymity; and itâ''s an idea that is deeply rooted in American culture."

That's apparently no longer a valid or reasonable idea. "In our interconnected and wireless world, anonymity â'' or the appearance of anonymity â'' is quickly becoming a thing of the past. ... Protecting anonymity isnâ''t a fight that can be won."

In addition, "We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment...Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured."

So privacy means faith in government bureaucracy.

Except, of course, when these privacy laws, rules and customs get in the way of safety. Then privacy must give way.

But not to worry for, "Our commitment to safety and privacy are nothing new to us and they are values that we must continue to protect as we learn to do our intelligence job better."

In other words, the intelligence community is committed to protecting us and our way of life - which just needs to change to make it easier for them to get information on us to protect us from - us?

Sounds logical to me.

More on this can be read here.

Executives Being Targeted for Scams

A story in the Wall Street Journal last week describes a highly sophisticated scam making the rounds of corporate executive offices.

Using information apparently found on Linked-in, Facebook or other websites where detailed personal information can be found, scammers are sending highly personalized and convincing phishing emails to senior company executives, saying for instance, that there has been a Better Business Bureau or Equal Employment Opportunity Commission complaint (along with a case number) filed against their company, and asking the executive to respond to it. Once they do by clicking on the convenient link provided, the executive's computer is immediately compromised with software that logs all activity and send the information to the scammer. More than one executive has been torched.

I guess that we are still a ways away from 2006, you know, the year that Bill Gates said,"Spam will be solved.â'' I wonder if someone has tried to spoof him recently.

Anyway, Part 2 of the San Jose Mercury News series on hacking is now available. The article starts off with the stats that 50% of the IRS employees who received phone calls in an audit test earlier this year, purportedly from the computer help desk, requesting their user names and suggesting they adopt a new password, provided the requested information. This was up from the 35% who did so in a similar test in 2004, and down from the 71% who did so in 2001.

Zombie Master Zapped

The LA Times reported yesterday that John Kenneth Schiefer, a 26-year-old computer security consultant from LA, admitted to hacking into a host of personal computers "to create a rogue network of as many as a quarter-million PCs, which he used to steal money and identities."

Schiefer used botnets to steal "user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases. He also passed the stolen account information on to others." He faces up to 60 years in prison and a $1.75-million fine.

It is bad enough that one has to guard against outside hackers - having to worry about IT security folks burning you from the inside just adds to irritation. If we need to hire someone to watch over the IT security personnel, do we need someone to watch over this person as well? And how many watch-watchers are sufficient?

Hmm, sounds like it may be time to revisit the classic cat and rat problem.

Most Commented Posts

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement
Load More