Risk Factor iconRisk Factor

Geeks.com Geeked

ComputerWeekly reported today that the Geeks.com, the computer equipment seller, has been hacked, with customer credit card information, phone numbers and e-mail addresses stolen. The site shows a banner from McAfee's ScanAlert service showing that it is "hacker-safe."

Of course, the very small print


says, "This information is intended as a relative indication of the security efforts of this website and its operators. While this, or any other, vulnerability testing cannot and does not guarantee security, it does show that this site meets meets all payment card industry guidelines for remote web server vulnerability testing to help protect your personal information from hackers: HACKER SAFE does not mean hacker proof. ..."

I guess that is a reminder to us all.

Holes in Illinois Automatic Highway Toll System


This week the Chicago Daily Herald ran a three-part series called "Toll Gridlock" that reported on the problems with the Illinois State Toll Highway Authority's collection system. The series found that the toll authority is often "sending violation notices to the wrong addresses, leaving some drivers to miss out on chances to pay up before fines skyrocket or their driver's licenses are suspended."

In one case, a driver didn't know her I-PASS (electronic toll payment transponder) ran out of money and accumulated $179.50 in owed tolls. She was sent a letter saying she now owes $4,619, and had better pay up in two weeks, or owe the tollway $15,739 and eventually lose her driver's license.

The series also notes that "tollway officials say their license plate image readers have trouble discerning differences among the myriad of plate varieties, affecting about 25 percent of all plates on the road. This may result in fines being leveled against law-abiding motorists."

In addition, the series states that the toll authority doesn't know how many are cheating or how many motorists are being fined unfairly.

Finally, the series notes that the toll authority's management thinks all of the problems are minor, and that the way fines are assessed is "fair."

Glad I don't drive in Illinois.

UK Cancels $750 million Prison IT Project


In an unsurprising move, the UK government has put the kibosh on its Custody-National Offender Management Service Information System (C-NOMIS) that was intended to keep close track of the 330,000 prisoners and those serving their probation. The cost of the development, originally estimated at â'¿240 million has jumped to an estimated â'¿950 million, and sparked a government review of the project in August.

About â'¿155 million has been spent so far, and cancellation the program is likely to cost â'¿50 million in cancellation fees. The government said that it will try to salvage part of the system to track prisoners in prisons.

On the C-NOMIS website, it says, "The new Offender Management Model introduces the four Cs:

* continuity

* consistency

* commitment

* consolidation."

I guess a fifth C for cock-up, needs to be added to the list, which is better I guess than the other C, conspiracy. Its too bad too, since as the website says, "The concept of end-to-end offender management ensures that offenders are offered the best possible opportunity to change their offending behaviour." I guess it is going to take awhile before that opportunity comes again.

Irrelevant But Amusing Anyway

This story has nothing to do with information technology, but I can't resist anyway. The New York Times published a story today about 2 men who tried to cash a $355 Social Security check that wasn't theirs at a local check cashing company. It belonged, instead, to a friend/roommate of theirs who had died from natural causes the day before, and was "waiting" outside, Bernie-style.

As the Times writes, "Two men were arrested on Tuesday after pushing a corpse, seated in an office chair, along the sidewalk to a check-cashing store to cash the dead manâ''s Social Security check."

The story goes on to say that the 2 men placed their roommate's body in the chair and wheeled it around the corner, then parked the chair with the corpse in front of a Pay-O-Matic at 763 Ninth Avenue, a check-cashing business that the deceased had used.

The two went inside to present the check, but a clerk said the dead man would have to cash it himself, and asked where he was.

"He is outside," one of the men said, indicating the body in the chair. The two began to wheel the chair into the Pay-O-Matic (how he was going to sign the check is a bit of a mystery), but by then, a small crowd and a police detective had noticed the dead body in the chair.

The best-laid plans of mice and men often go awry.

Congress Poses a "Challenge" to the Census Bureau


A few days ago, I wrote about the Government Executive story about the problems that the Census Bureau appears to be having with its plans to use hand-held computers instead of paper to conduct the 2010 census.

Well, the story sparked more than a bit of Congressional interest. Representatives Tom Davis (R -Virginia) and Mike Turner (R-Ohio) sent a letter (posted at Federal Computer Week who have a story on the letter) yesterday to their Democratic counter-parts Representatives Henry Waxman (D-California) and William Clay (D-Missouri) to schedule a hearing of the Committee on Oversight and Government Reform Committee to look into issues raised by MITRE, especially the allegation that the hand-held project is in "serious trouble" and a contingency plan is required.

What really seems to have irritated Davis and Turner, and as it most likely will Waxman and Clay as well, is that when the Census Bureau Director Louis Kincannon testified to Congress on the 11th of December 2007, he never mentioned any meeting with MITRE, nor did he mention MITRE's concerns, which he supposedly heard on the 29th of November. According to the Davis and Turner letter, "Instead, Mr. Kincannon, in his written statement, offered a brief picture of the FDCA program, acknowledged some 'challenges,' but in general gave the impression that nothing was wrong."

You know, it always brings a hearty chuckle when I read or hear that a high risk IT project situation is euphemistically called a "challenge." You just know that when someone uses that word, they are scared-xxxxless.

Anyway, Davis and Turner want the hearing to clear things up, specifically asking for answers to four simple questions:

1. What is the true status of the FDCA program?

2. Given that the Information Policy, Census and the National Archives Subcommittee held a hearing on FDCA a full 12 days after Senior Bureau staff were reportedly briefed on MITRE's conclusions, why did the Bureau not divulge the FDCA information at that hearing?

3. Did the Bureau intentionally withhold information about MITRE's concerns?

4. Are there other technology programs, such as the Decennial Response Integration System (DRIS), about which the Bureau has received troubling reports?

It should be very simple for the Census Bureau to answer these four little questions and for Congress to get a good feel for the true state of the project: all it has to do is just count the number of times the word "challenge" is used in the testimony.

Declining Population? No Problem: Build Robots


In this morning's Washington Post, there is an interesting story on Japan's declining population. According to the Post, "population shrinkage began [in Japan] three years ago and is gathering pace. Within 50 years, the population, now 127 million, will fall by a third, the government projects. Within a century, two-thirds of the population will be gone. That would leave Japan, now the world's second-largest economy, with about 42 million people."

Rather than open its doors to immigrants or encourage larger families, the Japanese government in partnership with industry has decided to turn to robots.

According to the Post's story, Japanese engineers say it's "service robots" that can "bail out Japan, which has the world's largest proportion of residents over 65 and smallest proportion of children under 15. One such gizmo, on display at the [Great Robot Exhibition in Tokyo's National Museum of Nature and Science], can spoon-feed the elderly. Others are being designed to hoist them onto a toilet and phone a nurse when they won't take their pills."

Some critics in Japan, however, call the "robot cure for an aging society as little more than high-tech quackery."

I wonder if the future Japanese population demographics include the wide-spread creation of sex robots?

FAA to Boeing: Please Show that 787 Dreamliner Can't be Hacked

In a story that appeared last week in Flight International and then got legs via Wired, the Federal Aviation Administration (FAA) is going to require Boeing "to demonstrate that certain 787 flight critical domains - digital systems and networks that for the first time will be accessible externally via wireless and other links to airline operations and maintenance systems - cannot be tampered with."


The FAA Special Conditions Notice [Docket No. NM364 Special Conditions No. 25-356-SC] effective 1 February 2008 summary states:


"These special conditions are issued for the Boeing Model 787-8 airplane. This airplane will have novel or unusual design features when compared to the state of technology envisioned in the airworthiness standards for transport category airplanes. These novel or unusual design features are associated with connectivity of the passenger domain computer systems to the airplane critical systems and data networks. For these design features, the applicable airworthiness regulations do not contain adequate or appropriate safety standards for protection and security of airplane systems and data networks against unauthorized access. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing standards."

The Notice goes on to state (highlighting mine):


The proposed architecture of the 787 is different from that of existing production (and retrofitted) airplanes. It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."


Again, the upshot is that the FAA is worried that passengers (or aircraft maintainers) may intentionally or by accident interfere with 787 flight systems, and wants Boeing to prove otherwise.


According to Flight, "Boeing's network architecture for the 787 includes embedded software and electronics used for flight critical control and navigation systems, called the aircraft control domain, as well as for airline business and administrative support, known as the airline information domain."


I wonder if this connectivity issue is one of the reasons for the problems with 787 software that Boeing was having a few months ago.

AMT Patch Delays Tax Refunds as Expected

The IRS announced last week that because of the Congressional delay in the passage of the Alternative Minimum Tax (AMT) patch, it will take at least until the 13th of February before the AMT tax forms can be properly processed. According to Federal Computer Weekly, 13.5 million taxpayers who will use any of the five forms related to the AMT legislation will need to wait until then to begin submitting their returns, said Acting IRS Commissioner Linda Stiff.

Taxpayers affected are those using: Form 8863, Education Credits; Form 5695, Residential Energy Credits; Form 1040A's Schedule 2, Child and Dependent Care Expenses for Form 1040A Filers; Form 8396, Mortgage Interest Credit; and Form 8859, District of Columbia First-Time Homebuyer Credit. Once the tax forms are processed, refunds if any will take another 10 to 14 days to be sent out.

Porn Websites Get Hacked

The Boston Globe reported over the weekend that some porn sites have been hacked over the past few months. While it doesn't appear that credit card details have been compromised, personal information including email addresses of tens of thousands of customers appear to have been stolen.

This news has sent a wave of fear across the on-line adult entertainment business, since privacy is supposed to be guaranteed and is a sine qua non of the business. If hacking of adult web sites becomes "routine," the business might take a major financial hit.

Hmm, I wonder if this news will get some opposed to these sites to thinking.

LAUSD Payroll Fiasco Sparks Call for Payback


As I noted a few weeks back, the Los Angles Unified School District (LAUSD) now admits that its botched and blundered payroll system will likely cost upwards of $210 million when all is said and done. LAUSD school officials have said that they are considering litigation against the contractor, and have spent some $700,000 on two law firms to look into the matter, according to today's LA Daily News.

However, the Daily News says that California State Assemblyman Kevin de Leon is unhappy about what he sees as foot dragging by the LAUSD in pursuing damages, will introduce Assembly Bill 730 on 15 January, which would prevent any contractor found by a court liable for breach of an information-technology contract worth more than $1 million - and the judgment is greater than $250,000 - from bidding on any new business with the state or any local government for five years.

This might be an interesting approach that all government may want to consider, although $1 million may be a bit too low a threshold. I do suggest, however, the money spent on lawyers be considered as part of the overrun amount.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City
Load More