jm + risks   9

How Space Weather Can Influence Elections on Earth - Motherboard
oh, god -- I'm not keen on this take: how's about designing systems that recognise the risks?
"Everything was going fine, but then suddenly, there were an additional 4,000 votes cast. Because it was a local election, which are normally very small, people were surprised and asked, 'how did this happen?'"

The culprit was not voter fraud or hacked machines. It was a single event upset (SEU), a term describing the fallout of an ionizing particle bouncing off a vulnerable node in the machine's register, causing it to flip a bit, and log the additional votes. The Sun may not have been the direct source of the particle—cosmic rays from outside the solar system are also in the mix—but solar-influenced space weather certainly contributes to these SEUs.
bit-flips  science  elections  voting-machines  vvat  belgium  bugs  risks  cosmic-rays 
5 weeks ago by jm
Instapaper Outage Cause & Recovery
Hard to see this as anything other than a pretty awful documentation fail by the AWS RDS service:
Without knowledge of the pre-April 2014 file size limit, it was difficult to foresee and prevent this issue. As far as we can tell, there’s no information in the RDS console in the form of monitoring, alerts or logging that would have let us know we were approaching the 2TB file size limit, or that we were subject to it in the first place. Even now, there’s nothing to indicate that our hosted database has a critical issue.
limits  aws  rds  databases  mysql  filesystems  ops  instapaper  risks 
6 weeks ago by jm
background doc on the Jeep hack
"Remote Exploitation of an Unaltered Passenger Vehicle", by Dr. Charlie Miller (cmiller@openrce.org) and Chris Valasek (cvalasek@gmail.com). QNX, unauthenticated D-Bus, etc.

'Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require any user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles, etc. This is really interesting and scary. Please don’t do this. Please.'
jeep  hacks  exploits  d-bus  qnx  cars  safety  risks 
august 2015 by jm
Amazon sellers hit by nightmare before Christmas as glitch cuts prices to 1p | Technology | The Guardian
From 7-8pm on Friday, [RepricerExpress] software, used by third-party sellers to ensure their products are the cheapest on the market, went a bit haywire and reduced prices to as little as 1p.
1p  amazon  resellers  repricer-express  fail  price-cutting  automation  risks  undercutting 
december 2014 by jm
The boss has malware, again... : talesfromtechsupport
Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answer “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”. And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system. Moral of the story is have you ever question the legitimacy of the $5 dollar EBay made in China USB item that you just plugged into your computer? Because you should, you damn well should.


(Via Elliot)
via:elliot  malware  e-cigarettes  cigarettes  smoking  china  risks 
november 2014 by jm
Biometric authentication failing in Mysore
Biometrics was rolled out for food distribution in order to cut down on fraud, but it's now resulting in a subset of users being unable to authenticate:
The biometric authentication system installed at the PDS outlets fails to establish the identity of many genuine beneficiaries, mostly workers, as their daily grind in the agricultural fields, construction sites or as domestic help have eroded the lines on their thumb resulting in distorted impressions.
fail  risks  biometrics  authentication  mysore  security  india  fingerprinting 
september 2013 by jm
KDE's brush with git repository corruption: post-mortem
a barely-averted disaster... phew.

while we planned for the case of the server losing a disk or entirely biting the dust, or the total loss of the VM’s filesystem, we didn’t plan for the case of filesystem corruption, and the way the corruption affected our mirroring system triggered some very unforeseen and pathological conditions. [...] the corruption was perfectly mirrored... or rather, due to its nature, imperfectly mirrored. And all data on the anongit [mirrors] was lost.

One risk demonstrated: by trusting in mirroring, rather than a schedule of snapshot backups covering a wide time range, they nearly had a major outage. Silent data corruption, and code bugs, happen -- backups protect against this, but RAID, replication, and mirrors do not.

Another risk: they didn't have a rate limit on project-deletion, which resulted in the "anongit" mirrors deleting their (safe) data copies in response to the upstream corruption. Rate limiting to sanity-check automated changes is vital. What they should have had in place was described by the fix: 'If a new projects file is generated and is more than 1% different than the previous file, the previous file is kept intact (at 1500 repositories, that means 15 repositories would have to be created or deleted in the span of three minutes, which is extremely unlikely).'
rate-limiting  case-studies  post-mortems  kde  git  data-corruption  risks  mirroring  replication  raid  bugs  backups  snapshots  sanity-checks  automation  ops 
march 2013 by jm
Air France 447 Flight-Data Recorder Transcript - What Really Happened Aboard Air France 447 - Popular Mechanics
The (comp.)risks of overautomation strike again. "When trouble suddenly springs up and the computer decides that it can no longer cope—on a dark night, perhaps, in turbulence, far from land -- the humans might find themselves with a very incomplete notion of what's going on. They'll wonder: What instruments are reliable, and which can't be trusted?"
aviation  crash  flight  flying  autopilot  stalls  warnings  alarms  ui  af447  risks  automation 
december 2011 by jm
Security Fix - Clampi Trojan: The Rise of Matryoshka Malware
'[Joe] Stewart said the sophistication and stealth of this malware strain has become so bad that it's time for Windows users to start thinking of doing their banking and other sensitive transactions on a dedicated system that is not used for everyday Web surfing.' it's that bad
joe-stewart  secureworks  malware  reverse-engineering  clampi  trojans  banking  security  danger  risks  windows  microsoft  fraud 
august 2009 by jm

Copy this bookmark:



description:


tags: