Presentation is loading. Please wait.

Presentation is loading. Please wait.

“I am not in the office at the moment. Send any work to be translated.”

Published byOphelia Brooke Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "“I am not in the office at the moment. Send any work to be translated.”"— Presentation transcript:

1 “I am not in the office at the moment. Send any work to be translated.”

2 WinVote Security One of several systems built in response to Help America Vote Act of 2002 Based on Windows XP Uses Wi-Fi to program election details and download results In 2014 reports of crashing when a poll worker downloaded music on his iPhone Led to new assessment of the system

3 WinVote Security Results XP embedded not patched since 2004 Uses WEP, considered obsolete already in 2004 due to security flaws WEP key hardwired to “abcde” Disabling Wi-Fi disabled the WinVote app, left XP exposed Windows administrator password set to “admin” with no interface to change it No logs or checksums to detect tampering with system’s database “If system was not hacked it was only because nobody tried”

4 Apple Security Update iOS 7.0.6 Data Security Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

5 hashOut.data = hashes + SSL_MD5_DIGEST_LEN; hashOut.length = SSL_SHA1_DIGEST_LEN; if ((err = SSLFreeBuffer(&hashCtx)) != 0) goto fail; if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(...); fail:... Return(err);

6 In other cases it is not so funny.

7 Patriot Timing Glitch Loses Scud 25 Feb 1991 (Gulf War) Iraqi scud rocket hits American base in Saudia, killing 28 Patriot missile battery failed to track the scud Patriot keeps time using 0.1 sec clock Calculates seconds by multiplying by 1/10 Using 24-bit value for 1/10 lost 0.34 sec after 100 hours of operation Scud travels >500m in this time, and tracking failed

8 AA 965 Crash – 159 Dead 20 Dec 1995 flight from Miami to Colombia Pilots entered “R” for Rozo waypoint into navigational computer “R” also represented Romeo waypoint, which was somewhere else Romeo was more common, so it was the default Plane automatically turned towards Romeo Unfortunately there was a mountain in the way

9 Ariane 5 Explodes 4 Jun 1996, maiden flight of new launcher for placing satellites into orbit Destroyed after ~40 seconds due to obvious flight problems Primary cause: failure to convert a 64-bit value into 16-bits in inertial reference system (SRI) Secondary cause: diagnostic error data from SRI was interpreted as (extremely strange) flight data by main computer Trying to “correct” flight led to instability

10 Ariane 5 Irony The original 64-bit value is used only for alignment before launch, but left on for ~45 sec later as was desired in Ariane 4 Backup SRI ran identical software, had same failure – Assumes that errors are random and shutdown is a good solution Conversion was not checked because in Ariane 4 values were indeed much smaller

11 NASA Loses Mars Climate Orbiter Orbiter Launched in 1998, reached Mars in 1999 Supposed to orbit at 140-150 km, but went as low as 57km, causing excessive stress and friction Cause: computer controlling the thrusters underestimated their power by a factor of 4.45 Root cause: not converting metric units specified by NASA to Imperial units used by software

12 LA Air Traffic Loses Radio Contact 14 Sep 2004 afternoon Air traffic controllers lose radio contact with ~400 planes, backup fails within 1 minute System uses touch screen to create voice channels between controller and airplane or other controller Upon failure controllers couldn’t alert pilots about necessary course changes Several near collisions avoided by on-board collision avoidance systems that alerted pilots

13 LA Air Contact Lose Causes Technicians did not perform 30-day reboot – System looked OK Reboot regulation instated after previous failures occurred after 49.7 days Cause of failures is a 32-bit millisecond timer used for continuous self test (and other things) When counter reaches 0 system crashes

14 Knight Trading loses $440M 1 Aug 2012 at 9:30-10:15 AM Repeatedly trade about 140 securities, buying them at the (high) ask price and selling at the (low) bid price Repeat ~40 times per second for 45 minutes Example: in security where price difference is 15 cents/share, lose $6/sec = $360/min or $16,200 in the 45 minutes for each share This was part of testing new software

Download ppt "“I am not in the office at the moment. Send any work to be translated.”"

Similar presentations

Electronic Measure and Test Unit 53 Task 4 (P4).  A plan that clearly details the tests that will be performed  What to test  How to test (step by.

Electronic Measure and Test Unit 53 Task 4 (P4).  A plan that clearly details the tests that will be performed  What to test  How to test (step by.
CML CML CS 230: Computer Organization and Assembly Language Aviral Shrivastava Department of Computer Science and Engineering School of Computing and Informatics.

CML CML CS 230: Computer Organization and Assembly Language Aviral Shrivastava Department of Computer Science and Engineering School of Computing and Informatics.
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.

DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
Syllabus Case Histories WW III Almost Medical Killing Machine

Syllabus Case Histories WW III Almost Medical Killing Machine
Department of Informatics, UC Irvine SDCL Collaboration Laboratory Software Design and sdcl.ics.uci.edu 1 Informatics 121 Software Design I Lecture 5 Duplication.

Department of Informatics, UC Irvine SDCL Collaboration Laboratory Software Design and sdcl.ics.uci.edu 1 Informatics 121 Software Design I Lecture 5 Duplication.
CSC 4250 Computer Architectures September 12, 2006 Appendix H. Computer Arithmetic.

CSC 4250 Computer Architectures September 12, 2006 Appendix H. Computer Arithmetic.
WHY THEY FAILED AND LESSONS TO BE DRAWN Samuel Franklin G53QAT: Quality Assurance and Testing Famous Software Failures.

WHY THEY FAILED AND LESSONS TO BE DRAWN Samuel Franklin G53QAT: Quality Assurance and Testing Famous Software Failures.
Software Engineering Disasters

Software Engineering Disasters
What is Rounding Error? AiS Challenge STI 2003 Richard Allen.

What is Rounding Error? AiS Challenge STI 2003 Richard Allen.
Chapter 8 Representing Information Digitally.

Chapter 8 Representing Information Digitally.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.

1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun14205033 Wong Ngai Shan14203421 Wong Chi Ho12204501 Cheung Chun Kan12210390 Wong Yuet Hing14224089.

ICLOUD TECHNOLOGY WITH SECURITY ISSUES Group 4: Tse Shun Dun Wong Ngai Shan Wong Chi Ho Cheung Chun Kan Wong Yuet Hing
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
Modern Software Development Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Modern Software Development Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.

ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.
1 CMSC 132: Object-Oriented Programming II Software Development I Department of Computer Science University of Maryland, College Park.

1 CMSC 132: Object-Oriented Programming II Software Development I Department of Computer Science University of Maryland, College Park.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Changing the iPhone 5 from 3G mode to LTE mode. *IMPORTANT BEFORE YOU START!* iPhone MUST be charged and you MUST have access to iTunes.

Changing the iPhone 5 from 3G mode to LTE mode. *IMPORTANT BEFORE YOU START!* iPhone MUST be charged and you MUST have access to iTunes.

Similar presentations

Ads by Google