info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 31.43
55 views
Skip to first unread message
RISKS List Owner
Sep 25, 2019, 10:25:03 AM9/25/19
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Wednesday 25 Sept 2019 Volume 31 : Issue 43
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.43>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Saudi Arabia oil output takes major hit after apparent drone attacks
claimed by Yemen rebels (The WashPost)
Exclusive: Russia carried out a 'stunning' breach of FBI
communications system, escalating the spy game on U.S. soil (Cryptography)
Google CEO Warns of Deepfakes Detection Challenges Ahead (Politico)
125 New Flaws Found in Routers and NAS Devices from Popular Brands
(TheHackerNews)
How Hackers Could Break Into the Smart City (James Rundle)
Chicago Man Fraudulently Accrued 42 Million Delta SkyBonus Points
(The NYTimes)
I create fake videos. Here's why people believe even the obvious ones
(Fast Company)
I am awesome': How a millennial built a fentanyl empire (WashPost)
There Is No Tech Backlash; Worse, we think there is one. (Rob Walker)
Your Car. Your Data. (via Gabe Goldberg)
When `collect all the data' misses the important data (Arthur T.)
Get popcorn for iOS 13's privacy pop-ups of creepy Facebook data grabs
(TechCrunch)
The children of Donor H898 (WashPost)
The man-made 'stars' changing the night sky (bbc.com)
What Really Brought Down the Boeing 737 Max? (The NYTimes)
You watch TV. Your TV watches back. (The Washington Post)
Single drivers are taking over Massachusetts carpool lanes
False emergency alarms set off in Hawaii, again. (NBC News)
Global Preparedness Monitoring Board (Fortune)
Instigator of fatal Kansas swatting receives prison sentence (Ars Technica)
IoT Security: Now Dark Web Hackers are Targeting Internet-Connected Gas
Pumps (Danny Palmer)
'Security' Cameras Are Dry Powder for Hackers. Here's Why (Fortune)
The iOS 13 Privacy and Security Features You Should Know (WiReD)
Two years later, hackers are still breaching local government payment
portals (Catalin Cimpanu)
Man allegedly used drone to pelt ex-girlfriend's home with bombs
(Charlie Osborne)
Apple Watch helps save motorcyclist's life (Adiran Kingsley-Hughes)
Good Quote from 'The Handmaid's Tale' Author (Chris Drewe)
Stanislav Petrov, `The Man Who Saved The World', Dies At 77 (NPR)
Too Many VPNs Put Our Privacy And Security At Risk (Forbes)
Two articles by Bruce Schneier on supply-chain security threats (PGN)
Re: Alabama is penalizing students for leaving football games early
(Arthur T.)
Re: Why a cup of coffee forced a plane to make an unplanned landing
(Mark Brader)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 14 Sep 2019 22:19:24 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Saudi Arabia oil output takes major hit after apparent drone attacks
claimed by Yemen rebels (The WashPost)
https://www.washingtonpost.com/world/drone-attacks-on-saudi-oil-facilities-spark-explosions-and-fires/2019/09/14/b6fab6d0-d6b9-11e9-ab26-e6dbebac45d3_story.html
------------------------------
Date: Mon, 16 Sep 2019 14:31:37 -0400
From: Jerry Leichter <leic...@lrw.com>
Subject: Exclusive: Russia carried out a 'stunning' breach of FBI
communications system, escalating the spy game on U.S. soil (Cryptography)
From the Cryptography Mailing List <crypto...@metzdowd.com>
Too long to try to summarize. It looks as if the Russians, starting in
roughly 2010, managed to crack the encryption used on FBI tactical radios.
``A former senior counterintelligence official blamed the compromises on a
`hodgepodge of systems' ineffective beyond the line of sight. The
infrastructure that was supposed to be built, they never followed up, or
gave us the money for it. The intelligence community has never gotten an
integrated system.''
https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html
------------------------------
Date: Wed, 18 Sep 2019 10:11:16 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Google CEO Warns of Deepfakes Detection Challenges Ahead (Politico)
Google CEO Sundar Pichai warned on Tuesday that "detecting deepfakes is one
of the most important challenges ahead of us," and announced the search
giant had released a massive trove of such videos. The goal: to use those
deepfakes as a dataset for researchers working on tools and techniques to
detect these AI-altered, doctored clips. (Earlier this year, Google also
released a dataset of synthetic speech
<https://www.blog.google/outreach-initiatives/google-news-initiative/advancing-research-fake-audio-detection/>
to help researchers working on detecting fake audio.) Google said a blog
post that it has plans to add to the dataset -- which is made up of both
real and fake videos produced through deepfake generation methods available
to the public -- as the technology becomes more sophisticated. "We firmly
believe in supporting a thriving research community around mitigating
potential harms from misuses of synthetic media," the company said.
Researchers have warned that the volume and sophistication of deepfakes will
continue to climb as the 2020 election approaches, but some are wary that
government regulation of deepfakes would raise First Amendment concerns. "I
don't think [legislation's] a good way to go," Paul Barrett, deputy director
of NYU's Stern Center for Business and Human Rights and the researcher
behind a new report on 2020 disinformation, told your MT host. "The better
alternative is for the companies themselves to devise technology that can
flag potential deepfakes. ... It's incumbent on the companies to invest more
and work harder to make the kind of distinctions that need to be made."
------------------------------
Date: Tue, 17 Sep 2019 09:00:31 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: 125 New Flaws Found in Routers and NAS Devices from Popular Brands
(TheHackerNews)
EXCERPT:
The world of connected consumer electronics, IoT, and smart devices
<https://thehackernews.com/2017/08/hacking-track-movements.html> is growing
faster than ever with tens of billions of connected devices streaming and
sharing data wirelessly over the Internet, but how secure is it?
As we connect everything from coffee maker to front-door locks and cars to
the Internet, we're creating more potential -- and possibly more dangerous
-- ways for hackers to wreak havoc.
Believe me, there are over 100 ways a hacker can ruin your life just by
compromising your wireless router -- a device that controls the traffic
between your local network and the Internet, threatening the security and
privacy of a wide range of wireless devices, from computers and phones to IP
Cameras, smart TVs and connected appliances.
<https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html>
In its latest study titled SOHOpelessly Broken 2.0,
<https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/>
Independent Security Evaluators (ISE) discovered a total of 125 different
security vulnerabilities across 13 small office/home office (SOHO) routers
and Network Attached Storage
<https://thehackernews.com/2019/07/ransomware-nas-devices.html> (NAS)
devices, likely affecting millions.
``Today, we show that security controls put in place by device manufacturers
are insufficient against attacks carried out by remote adversaries. This
research project aimed to uncover and leverage new techniques to circumvent
these new security controls in embedded devices,'' the researchers said.
List of Affected Router Vendors...
https://thehackernews.com/2019/09/hacking-soho-routers.html
------------------------------
Date: Wed, 18 Sep 2019 9:29:35 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: How Hackers Could Break Into the Smart City (James Rundle)
James Rundle, *The Wall Street Journal*, 12 Sep 2019
via ACM TechNews, 18 Sep 2019
The more connected a smart city is, the greater its vulnerability to
cyberattack, with sensors collecting data from streetlights and buildings
one likely attack vector. Connections to smart grids and water-supply
systems also could be exploited and hijacked, as could connections to
autonomous vehicles. Suggested prevention and mediation strategies include
encrypting data being transmitted over smart city networks, and ensuring
everything is not on the same network. Portland, OR, keeps its sensors
separate from wider urban networks as much as possible; that city also
anonymizes its data and deletes collected video footage immediately after
analysis, under the aegis of the city's Smart City PDX program. Meanwhile,
officials in New York have established a testing laboratory for Internet of
Things devices, which has completed examinations of more than a dozen
devices for performance and vulnerabilities. Said Cesar Cerrudo, founder of
Securing Smart Cities, ``If you don't cover security from the very
beginning, then it becomes very difficult to protect it.''
------------------------------
Date: Sat, 14 Sep 2019 23:05:38 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Chicago Man Fraudulently Accrued 42 Million Delta SkyBonus Points
(The NYTimes)
https://www.nytimes.com/2019/09/13/travel/delta-skybonus-fraud.html
Gennady Podolsky used his position as a travel agent to cheat Delta Air Lines out of $1.75 million worth of loyalty points, according to an indictment.
------------------------------
Date: September 15, 2019 6:27:47 JST
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: I create fake videos. Here's why people believe even the obvious ones
(Fast Company)
People will accept anything as true if it confirms their beliefs --
regardless of whether a video or image has obviously been manipulated
EXCERPT:
Lots of people -- including Congress -- are worried about fake videos and
imagery distorting the truth, purporting to show people saying and doing
things they never said or did.
I'm part of a larger U.S. government project that is working on developing
ways to detect images and videos that have been manipulated. My team's work,
though, is to play the role of the bad guy. We develop increasingly devious,
and convincing, ways to generate fakes -- in hopes of giving other
researchers a good challenge when they're testing their detection methods.
For the past three years, we've been having a bit of fun dreaming up new
ways to try to change the meaning of images and video. We've created some
scenarios ourselves, but we've also had plenty of inspiration from current
events and circumstances of actual bad guys trying to twist public opinion.
I'm proud of the work we've done, and hope it will help people keep track of
the truth in a media-flooded world. But we've found that a key element of
the battle between truth and propaganda has nothing to do with
technology. It has to do with how people are much more likely to accept
something if it confirms their beliefs.
FINDING, AND PUSHING, TECHNICAL BOUNDARIES
When we make our fakes, we start by collecting original, undoctored images
and videos. Those not only offer raw material for us to manipulate the
images but also include the data stored in authentic media files -- sort of
like a technical fingerprint that accompanies every piece of media that
describes how and when it was taken, and with what tools...
https://www.fastcompany.com/90404007/i-create-fake-videos-heres-why-people-believe-even-the-obvious-ones
------------------------------
Date: Sun, 15 Sep 2019 18:39:57 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: I am awesome': How a millennial built a fentanyl empire (WashPost)
https://www.washingtonpost.com/national/health-science/the-fool-that-fentanyl-made-into-a-millionaire/2019/09/14/dcb696ec-d6f9-11e9-8924-1db7dac797fb_story.html
------------------------------
Date: September 15, 2019 22:36:48 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: There Is No Tech Backlash; Worse, we think there is one. (Rob Walker)
Rob Walker, TheNYTimes, 14 Sep 2019
https://www.nytimes.com/2019/09/14/opinion/tech-backlash.html
It's fun, and increasingly fashionable, to complain about technology. Our
own devices distract us, others' devices spy on us, social media companies
poison public discourse, new wired objects violate our privacy, and all of
this contributes to a general sense of runaway change careening beyond our
control. No wonder there's a tech backlash.
But, really, is there? There certainly has been talk of a backlash, for a
couple of years now. Politicians have discussed regulating big tech
companies more tightly. Fines have been issued, breakups called for. A tech
press once dedicated almost exclusively to gadget lust and organizing
conferences that trot out tech lords for the rest of us to worship has taken
on a more critical tone; a drumbeat of exposes reveal ethically and legally
dubious corporate behavior. Novels and movies paint a skeptical or even
dystopian picture of where tech is taking us. We all know people who have
theatrically quit this or that social media service, or announced digital
sabbaticals. And, of course, everybody kvetches, all the time.
However, there is the matter of our actual behavior in the real-world
marketplace. The evidence there suggests that, in fact, we love our devices
as much as ever. There is no tech backlash.
Consider Facebook: It's hard to imagine a more backlashable company.
Facebook is widely associated with data breaches, the spread of dubious
information and a basic deterioration of interpersonal communication. It was
recently fined nearly $5 billion by the Federal Trade Commission for
mishandling its customers' data. And, given its ubiquity, it's also a handy
stand-in for the corporatization of online life in general. If you're going
to make a show of quitting a tech service, Facebook may be your best choice.
But according to its most recent quarterly report, the number of Facebook
accounts used daily (1.59 billion) and monthly (2.4 billion) each increased
by 8 percent over the prior quarter. Despite all the anecdotes you've heard
about people deleting their accounts, the company's flagship app added about
a million new daily users in the United States alone. Revenue was up 28%.
Even factoring in the F.T.C. fine, Facebook recorded a profit of $2.6B.
Facebook is not the only demonized tech platform; social media companies in
general are routinely criticized as toxic swamps full of trolls, liars and
bots. But again, there's no evidence of any exodus. In the same
quarter, Twitter addedfive million new daily users, and Snap reported that
the daily user base of its flagship Snapchat app grew 7 percent, its
best-ever performance as a public company. According to the Pew Research
Center, 72 percent of Americans usesome form of social media, a percentage
that has risen steadily for years and shows no sign of flagging. (The people
I know who quit Facebook all use Facebook-owned Instagram, WhatsApp, or
both.)
Habits die hard. But even more remarkable than our apparent reluctance to
ditch the technologies we love to dis is a fervent embrace of newer new
things that seem, at the very least, worth approaching with caution.
Take smart speakers -- the kind that respond to vocal prompts and
questions -- as an example. It's exactly the sort of
technology that gives people pause. Is this thing listening to me all the
time? What about these weird stories of smart speakers laughing or cursing,
or randomly recording a conversation and sending it to the owners'
contacts? The tech press has gotten better and better at chronicling the
latest troubling answers -- for instance, people may in fact listen
to your voice activations as part of the process of refining the
device's functionality -- and detailing what, if anything,
you can do about it.
Nevertheless: As of last year, a little more than a quarter of American
households owned a smart speaker, according to one estimate. The category
leader is the Amazon Echo, equipped with the Alexa voice-recognition
software; Amazon says it has sold more than 100 million Alexa devices.
Certain tech-use indicators have in fact leveled off in recent years, but
that's mostly because they correspond with categories that are already
thoroughly established and widespread: Around 95 percent of consumers in the
United States say they have or use a cellphone, and 89 percent have or use
the Internet, according to Pew. But dig a little deeper into that data, and
it turns out that *new connected devices continue to emerge* and we continue
to embrace them. In addition to voice assistants, smart TVs and wearable
devices are growing in popularity.
Perhaps most remarkable, if you think we're in the midst of tech backlash,
is the traction of the aggressively hyped smart-home trend, encouraging you
to link your locks and lights and other household infrastructure to the
Internet. Amazon(which intuitively ought to be suffering in a
tech-backlashed environment) recently announced that the record sales on its
most recent Prime Day promotion included ``millions of smart home devices.''
------------------------------
Date: Mon, 16 Sep 2019 22:15:20 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Your Car. Your Data.
Your Car. Your Data. Your Choice. is an Auto Care Association education
initiative created to engage car owners, policymakers and other stakeholders
on car data– What is it, why it matters, and its implications for consumer
choice.
https://yourcaryourdata.org/
------------------------------
Date: Sat, 14 Sep 2019 21:51:01 -0400
From: "Arthur T." <Risks20190...@xoxy.net>
Subject: When `collect all the data' misses the important data
Pennsylvania has recent infestations of an invasive insect species (the
spotted lanternfly). It has given a grant to a state university to track
sightings of them, and they're publicizing the tracking very aggressively.
But they won't accept a sighting report unless you first give them your name
and telephone number. There's no indication as to who will have access to
that data, which is especially concerning as it's a government-affiliated
university and possibly susceptible to FOIA requests.
That data would be a major boon for certain vendors and fund-raisers. Who is
paying attention to the environment? Where do they travel and when? Etc.
So, by collecting data they don't need, they're missing the dozen or so
reports I would have made, and there are probably other non-reports by other
privacy-minded people.
------------------------------
Date: September 17, 2019 0:22:22 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: Get popcorn for iOS 13's privacy pop-ups of creepy Facebook data grabs
(TechCrunch)
Privacy-minded changes to smartphone operating systems which foreground the
background activity of third party apps are helping to spotlight more of the
surveillance infrastructure deployed by adtech giants to track and profile
human eyeballs for profit.
To wit: iOS 13, which will be generally released later this week, has
already been spotted catching Facebook's app trying to use Bluetooth
to track nearby users.....
https://techcrunch.com/2019/09/16/get-popcorn-for-ios-13s-privacy-pop-ups-of-creepy-facebook-data-grabs/
------------------------------
Date: Mon, 16 Sep 2019 21:04:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The children of Donor H898 (WashPost)
At least a dozen children diagnosed with autism were conceived with
sperm from the same donor.
https://www.washingtonpost.com/health/the-children-of-donor-h898/2019/09/14/dcc191d8-86da-11e9-a491-25df61c78dc4_story.html
------------------------------
Date: Thu, 19 Sep 2019 11:37:05 +0800
From: Richard Stein <rms...@ieee.org>
Subject: The man-made 'stars' changing the night sky (bbc.com)
http://www.bbc.com/future/story/20190918-is-humanity-changing-the-night-sky-with-artificial-stars
There is already around 8,400 tonnes of debris and junk currently racing
around the Earth as speeds of up to 18,000mph (28,800km/h). This hail of
debris can damage and even destroy satellites if they collide -- in 2009, a
defunct Russian satellite smashed into a functioning US commercial
satellite, breaking both spacecraft into at least 2,000 pieces, dramatically
increasing the amount of debris in orbit in the process.
``Nasa currently tracks thousands of pieces of debris down to the size of a
marble and regularly performs avoidance maneuvers to keep its satellites
safe. The International Space Station has also had to make several maneuvers
to avoid debris during its 20 years in orbit.''
With a deployed 'man-mad space shield' of this magnitude already
operational, but not readily controllable, there's no need to build a
dedicated space force to defend the planet against extraterrestrial
invasion!
------------------------------
Date: Wed, 18 Sep 2019 23:58:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: What Really Brought Down the Boeing 737 Max? (The NYTimes)
https://www.nytimes.com/2019/09/18/magazine/boeing-737-max-crashes.html
------------------------------
Date: Thu, 19 Sep 2019 00:06:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: You watch TV. Your TV watches back. (The Washington Post)
In our latest privacy experiment, we tracked how four of the most popular TV
brands record everything we watch.
https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/
I've had a *smart* TV for almost a year; it's not online and I watch cable
TV, DVDs, Roku (channels, Netflix, Amazon prime) just fine.
I ignore its occasional pleas to connect it to the outside world.
------------------------------
Date: Thu, 19 Sep 2019 08:07:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Single drivers are taking over Massachusetts carpool lanes
(The Boston Globe)
https://www.bostonglobe.com/metro/2019/09/11/single-drivers-are-taking-over-mass-carpool-lanes/a32bKhXxoZNygjnPPjgKvO/story.html
------------------------------
Date: Thu, 19 Sep 2019 09:12:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: False emergency alarms set off in Hawaii, again. (NBC News)
https://www.nbcnews.com/news/us-news/false-emergency-alarms-set-hawaii-again-n1056281
------------------------------
Date: Thu, 19 Sep 2019 19:05:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Global Preparedness Monitoring Board (Fortune)
What does a worst case scenario look like in public health? If we went the
Hollywood route, you could envision all sorts of disasters. A lone patient
spreading a deadly bug via international travel; a contamination in the food
supply; heck, maybe just the emergence of a superbug resistant to existing
treatments (a potential $100 trillion risk
<https://click.newsletters.fortune.com/?qs=01edd9ca5e91c9d2cacdcadafa419ed0a96e80a0929024416654b57725ebd5101975ad65d20cb5f9b2631e012684a701c448d5f090da8e07>
by some accounts).
The thing is, any sort of pandemic could be catastrophic – and the world
simply isn't prepared to deal with such an outbreak, according to a
first-of-its-kind report
<https://click.newsletters.fortune.com/?qs=04a8392c00f77920cdb333607274ba4cc389753f201ffb5a822ce09f3d46b8e9f458bab130eb0bab31838c7fec525c8775fa8fd2a5b83d64>
from the Global Preparedness Monitoring Board (GPMB). In fact, as many as 80
million people could die in an outbreak within 36 hours, the authors say, if
an airborne pathogen were to make its way around the globe.
The GPMB was convened by the World Health Organization (WHO) and the World
Bank to investigate these exact kinds of issues. And the initial prognosis
is grim (the report itself is frighteningly titled, `A World At Risk').
Here's just a snippet of what the group had to say: “The central finding of
the report is that the world needs to proactively establish the systems
needed to detect and control potential disease outbreaks. These acts of
preparedness are a global public good that must meaningfully engage
communities, from the local to the international, in preparedness,
detection, response and recovery.”
The report outlines the many failures of international governments, from
lackluster public health systems to lapses in communication to a dearth of
drug and vaccine development, to prepare for a major pandemic. (The issue is
serious enough that the World Bank created the first-ever global insurance
market
<https://click.newsletters.fortune.com/?qs=116f9e6ffa6b24f0c4888644a1e6141dfd41b7deeee304c6c77370d904d6564557f54c276ee97bc36a76975bf4152c7e38097a3477c4428d>
for pandemics back in 2016.)
But GPMB also offers some practical solutions. “Investing in health
emergency preparedness will improve health outcomes, build community trust
and reduce poverty, thereby also contributing to efforts to achieve the
United Nations Sustainable Development Goals,” the authors wrote.
/From the foreword by Co-Chairs H.E. Dr Gro Harlem Brundtland and Mr Elhadj
As Sy/: “For its first report, the Global Preparedness Monitoring Board
reviewed recommendations from previous high-level panels and commissions
following the 2009 H1N1 influenza pandemic and the 2014-2016 Ebola outbreak,
along with its own commissioned reports and other data. The result is a
snapshot of where the world stands in its ability to prevent and contain a
global health threat. Many of the recommendations reviewed were poorly
implemented, or not implemented at all, and serious gaps persist. For too
long, we have allowed a cycle of panic and neglect when it comes to
pandemics: we ran.
http://apps.who.int/gpmb/annual_report.html
Plus: We Are All Pawns in a Mosquito's World
https://www.sierraclub.org/sierra/we-are-all-pawns-mosquitos-world
------------------------------
Date: Fri, 20 Sep 2019 11:14:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Instigator of fatal Kansas swatting receives prison sentence
(Ars Technica)
https://arstechnica.com/tech-policy/2019/09/man-behind-deadly-kansas-swatting-sentenced-to-15-months-in-prison/
------------------------------
Date: Sat, 21 Sep 2019 2:20:36 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: IoT Security: Now Dark Web Hackers are Targeting Internet-Connected
Gas Pumps (Danny Palmer)
Danny Palmer, ZDNet, 10 Sep 2019
Researchers at Trend Micro have found that cyber criminals are increasingly
focusing their attention on hacking Internet of Things (IoT) devices. While
routers remain the top target for IoT-based attacks, Internet-connected gas
pumps are becoming a focal point as well. The researchers came to this
conclusion after examining Dark Web marketplaces in five different
languages: Russian, Portuguese, English, Arabic, and Spanish. They found the
Russian market is the most sophisticated of the underground communities,
with cyber criminals there ready to make money from attacks and exploits.
Trend Micro's Bharat Mistry said operators of Internet-connected gas pumps
and similar devices should have their default passwords changed, and
``should also think about using features such as VPNs to encrypt the
traffic, and mutual authentication, whereby both the device and the user
validate one other before continuing.''
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-219dax21dd15x069949&
------------------------------
Date: Sat, 21 Sep 2019 19:50:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: 'Security' Cameras Are Dry Powder for Hackers. Here's Why (Fortune)
https://fortune.com/2019/09/19/security-cameras-are-dry-powder-for-hackers-heres-why/
------------------------------
Date: Sun, 22 Sep 2019 23:38:29 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The iOS 13 Privacy and Security Features You Should Know (WiReD)
Your iPhone just got a major security upgrade. Here are all the ins and
outs.
If you own a relatively new iPhone
<https://www.wired.com/review/apple-iphone-11/>, this week you should have
received a notification that the latest iOS 13 update
<https://www.wired.com/story/apple-ios-13-arrives/> is ready to
download. Besides the more obvious additions -- like the introduction of
dark mode, and the unexpected joys of Apple Arcade
<https://www.wired.com/story/apple-arcade-reshape-mobile-gaming/> -- it also
features a raft of security and privacy enhancements.
The reputation of iOS security may have taken some dings
<https://www.wired.com/story/ios-security-imessage-safari/> of late, but
it's still one of the most secure consumer operating systems available.
Here are all the ways the latest version keeps you even more protected.
https://www.wired.com/story/ios-13-security-privacy-features-settings/
...complicated, sigh.
------------------------------
Date: Mon, 23 Sep 2019 11:49:42 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Two years later, hackers are still breaching local government
payment portals (Catalin Cimpany)
Catalin Cimpanu for Zero Day | 19 Sep 2019
New 20,000 batch of payment card details found on the dark web and traced
back to new Click2Gov hacks.
https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/
opening text:
Two years after hackers first started targeting local government payment
portals, attacks are still going on, with eight cities having had their
Click2Gov payment portals compromised in the last month alone, security
researchers from Gemini Advisory have revealed in a report shared with ZDNet
today.
These new hacks have allowed hackers to get their hands on over 20,000
payment card details belonging to US citizens, which are now being traded on
the dark web, the cyber-security firm said.
------------------------------
Date: Mon, 23 Sep 2019 11:53:51 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Man allegedly used drone to pelt ex-girlfriend's home with bombs
(Charlie Osborne)
Charlie Osborne for Zero Day | 20 Sep 2019
Charges now include unregistered drone operation, meth use, and unlawfully
owning firearms.
https://www.zdnet.com/article/man-allegedly-used-drones-to-pelt-ex-girlfriends-home-with-bombs/
In the aftermath of a breakup, people can lose all reason and taking
irresponsible action -- whether it be cutting up an ex-partner's clothes,
throwing out their possessions, or scratching their car.
In extreme cases, drones, otherwise known as unmanned aerial vehicles
(UAVs), may also allegedly become weaponized.
According to US prosecutors, a 43-year-man used a DJI Phantom 3 drone to
drop homemade bombs on a previous girlfriend's property.
------------------------------
Date: Mon, 23 Sep 2019 12:12:42 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Apple Watch helps save motorcyclist's life (Adiran Kingsley-Hughes)
Adrian Kingsley-Hughes for Hardware 2.0 | 23 Sep 2019
A Washington man credits the Apple Watch with helping to save his father's
life following a biking accident that left him unconscious.
https://www.zdnet.com/article/apple-watch-helps-save-motorcyclists-life/
The Apple Watch 4 and later contains a sensor that is continually looking
out for the wearer suffering a hard fall that could render them unconscious
and summon emergency help. This is exactly what happened to Gabe Burdett's
father.
------------------------------
Date: Mon, 23 Sep 2019 22:28:28 +0100
From: Chris Drewe <e76...@yahoo.co.uk>
Subject: Good Quote from 'The Handmaid's Tale' Author
Last Saturday's newspaper featured an interview (couldn't find it on-line)
with Margaret Atwood, author of `The Handmaid's Tale' and more recently `The
Testaments'. This included her saying: ``Like any human technology, there's
a plus side, a minus side, and a stupid side that you didn't anticipate.
Pick out any technology, it's true of them all.''
So it looks unlikely for RISKS to run short of source material any time
soon...
------------------------------
Date: September 24, 2019 6:23:18 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: Stanislav Petrov, `The Man Who Saved The World', Dies At 77 (NPR)
[via Dave Farber]
Greg Myre Facebook Twitter
https://www.npr.org/sections/thetwo-way/2017/09/18/551792129/stanislav-petrov-the-man-who-saved-the-world-dies-at-77
Stanislav Petrov, a former Soviet military officer, poses at his home in
2015 near Moscow. In 1983, he was on duty when the Soviet Union's early
warning satellite indicated the U.S. had fired nuclear weapons at his
country. He suspected, correctly, it was a false alarm and did not
immediately send the report up the chain of command. Petrov died at age 77.
Stanislav Petrov was a lieutenant colonel in the Soviet Union's Air Defense
Forces, and his job was to monitor his country's satellite system, which was
looking for any possible nuclear weapons launches by the United States.
He was on the overnight shift in the early morning hours of 26 Sep 1983,
when the computers sounded an alarm, indicating that the U.S. had launched
five nuclear-armed intercontinental ballistic missiles. ``The siren howled,
but I just sat there for a few seconds, staring at the big, back-lit, red
screen with the word 'launch' on it,'' Petrov told the BBC in 2013.
It was already a moment of extreme tension in the Cold War. On Sept. 1 of
that year, the Soviet Union shot down a Korean Air Lines plane that had
drifted into Soviet airspace, killing all 269 people on board, including a
U.S. congressman. The episode led the U.S. and the Soviets to exchange
warnings and threats.
Petrov had to act quickly. U.S. missiles could reach the Soviet Union in
just over 20 minutes. ``There was no rule about how long we were allowed to
think before we reported a strike,'' Petrov told the BBC. ``But we knew
that every second of procrastination took away valuable time, that the
Soviet Union's military and political leadership needed to be informed
without delay. All I had to do was to reach for the phone; to raise the
direct line to our top commanders -- but I couldn't move. I felt like I was
sitting on a hot frying pan.''
Petrov sensed something wasn't adding up. He had been trained to expect an
all-out nuclear assault from the U.S., so it seemed strange that the
satellite system was detecting only a few missiles being launched. And the
system itself was fairly new. He didn't completely trust it.
Arms control expert Jeffrey Lewis recalled the episode in an interview last
December on NPR:
``[Petrov] just had this feeling in his gut that it wasn't right. It was
five missiles. It didn't seem like enough. So even though by all of the
protocols he had been trained to follow, he should absolutely have
reported that up the chain of command and, you know, we should be talking
about the great nuclear war of 1983 if any of us survived.''
After several nerve-jangling minutes, Petrov didn't send the computer
warning to his superiors. He checked to see if there had been a computer
malfunction.
He had guessed correctly. ``Twenty-three minutes later I realized that
nothing had happened,'' he said in 2013. ``If there had been a real strike,
then I would already know about it. It was such a relief.''
That episode and the 1962 Cuban Missile Crisis are considered to be the
closest the U.S. and the Soviets came to a nuclear exchange. And while the
Cuban Missile Crisis has been widely examined, Petrov's actions have
received much less attention.
Petrov died on 19 May 2019, at age 77, in a suburb outside Moscow, according
to news reports Monday. He had long since retired and was living alone. News
of his death apparently went unrecognized at the time.
Karl Schumacher, a German political activist who had highlighted Petrov's
actions in recent years, tried to contact Petrov earlier this month to wish
him a happy birthday. Instead, he reached Petrov's son, Dmitri, who said his
father had died in May.
Petrov said he received an official reprimand for making mistakes in his
logbook on Sept. 26, 1983.
His story was not publicized at the time, but it did emerge after the Soviet
Union collapsed. He received a number of international awards during the
final years of his life. In 2015, a docudrama about him featuring Kevin
Costner was called The Man Who Saved The World.
But he never considered himself a hero.
``That was my job. But they were lucky it was me on shift that night.''
Greg Myre is a national security correspondent. Follow him @gregmyre1.
------------------------------
Date: Mon, 23 Sep 2019 14:14:05 -1000
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: Too Many VPNs Put Our Privacy And Security At Risk (Forbes)
Virtual private networks: they help you sidestep geographical media
restrictions, and they keep your web browsing private, right? Well, not
always, because even if the best VPNs add a welcome layer of security to our
web setups, cybersecurity experts are warning that there are just as many
VPN applications that expose their trusting users to surveillance and
cyberattacks.
According to a broad range of specialists, many free and mobile VPNs on the
market use unsafe protocols and log user activity, while even good virtual
private networks can't always guarantee to protect their users from the
prying eyes of a jealous government or its intelligence agencies. That's why
it's vitally important that we not only choose the most reliable and robust
VPNs available, but that we also learn how to configure and run them to
their full potential. Otherwise, we may find ourselves in a similar
situation to users of Fortigate and Pulse Secure, two VPNs which were
targeted by cyberattackers last month.
Normally, VPNs are very useful and dependable tools, with 30% of all
Internet users employing a VPN at least once a month. ``Generally speaking,
a modern online VPN is a service that is designed to encrypt your entire
computer's traffic and at the same time hide your identity by routing your
(now encrypted) traffic through one or more anonymous routers,'' explains
Yaniv Balmas, the head of cyber research at Check Point. ``Assuming that
the VPN provider uses up-to-date encryption methods and frequently changes
its routing points, this service should provide a secure and robust
service.''
However, Balmas adds that ``the devil lies in the details,'' with poorly
implemented virtual private networks causing ``more harm than good for its
users.'' In fact, the scale of the problem is actually more extensive than
most people realise, because in many cases VPNs -- and particularly free
and/or mobile VPNs -- not only don't work as advertised, but also leave
users open to viruses and privacy violations.
``We tested the top 150 free VPN Android apps and found that many had
serious security flaws and performance issues,'' warns Callum Tennent, a VPN
expert and the site editor at Top10VPN.com. Referring to a study his website
conducted in February, Tennent alarmingly reveals that 18% of the tested
VPNs contained potential malware or viruses, 85% featured excessive
permissions or functions that could put a user's privacy at risk, and 25%
exposed a user's traffic to DNS leaks and other leaks...
https://www.forbes.com/sites/simonchandler/2019/09/23/too-many-vpns-put-our-privacy-and-security-at-risk/
------------------------------
Date: Wed, 25 Sep 2019 2:59:40 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Two articles by Bruce Schneier on supply-chain security threats
https://www.nytimes.com/2019/09/25/opinion/huawei-internet-security.html
https://edition.cnn.com/2019/09/21/opinions/chinese-spy-trains-are-not-a-credible-threat-schneier/index.html
------------------------------
Date: Fri, 13 Sep 2019 20:31:50 -0400
From: "Arthur T." <Risks20190...@xoxy.net>
Subject: Re: Alabama is penalizing students for leaving football games early
(RISKS-31.42)
The Washington Post's headline is seriously misleading. The story text says
that students ``earn 100 points for attending a home game and then get an
additional 250 if they're still in attendance by the fourth quarter.'' To
me, not rewarding someone is very different from penalizing them. The story
(as opposed to the headline) implies that a student is always better off
attending a game, even if the student leaves early.
------------------------------
Date: Fri, 13 Sep 2019 19:20:45 -0400
From: Mark Brader <m...@vex.net>
Subject: Re: Why a cup of coffee forced a plane to make an unplanned landing
(WashPost via Solomon, RISKS-31.42)
> A new safety bulletin from the British government shows that an unplanned
> landing in Ireland was caused by coffee that spilled on a control panel in
> the cockpit.
Life imitates fiction! This is exactly the cause identified for a plane
crash in the movie *Fate is the Hunter* -- in 1964.
[There's no crying over spilled milk, but spilled coffee is different.
The diverted aircraft resulted in a new form of diverticulitis for every
passenger and crew member. PGN]
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.43
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.43>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Saudi Arabia oil output takes major hit after apparent drone attacks
claimed by Yemen rebels (The WashPost)
Exclusive: Russia carried out a 'stunning' breach of FBI
communications system, escalating the spy game on U.S. soil (Cryptography)
Google CEO Warns of Deepfakes Detection Challenges Ahead (Politico)
125 New Flaws Found in Routers and NAS Devices from Popular Brands
(TheHackerNews)
How Hackers Could Break Into the Smart City (James Rundle)
Chicago Man Fraudulently Accrued 42 Million Delta SkyBonus Points
(The NYTimes)
I create fake videos. Here's why people believe even the obvious ones
(Fast Company)
I am awesome': How a millennial built a fentanyl empire (WashPost)
There Is No Tech Backlash; Worse, we think there is one. (Rob Walker)
Your Car. Your Data. (via Gabe Goldberg)
When `collect all the data' misses the important data (Arthur T.)
Get popcorn for iOS 13's privacy pop-ups of creepy Facebook data grabs
(TechCrunch)
The children of Donor H898 (WashPost)
The man-made 'stars' changing the night sky (bbc.com)
What Really Brought Down the Boeing 737 Max? (The NYTimes)
You watch TV. Your TV watches back. (The Washington Post)
Single drivers are taking over Massachusetts carpool lanes
False emergency alarms set off in Hawaii, again. (NBC News)
Global Preparedness Monitoring Board (Fortune)
Instigator of fatal Kansas swatting receives prison sentence (Ars Technica)
IoT Security: Now Dark Web Hackers are Targeting Internet-Connected Gas
Pumps (Danny Palmer)
'Security' Cameras Are Dry Powder for Hackers. Here's Why (Fortune)
The iOS 13 Privacy and Security Features You Should Know (WiReD)
Two years later, hackers are still breaching local government payment
portals (Catalin Cimpanu)
Man allegedly used drone to pelt ex-girlfriend's home with bombs
(Charlie Osborne)
Apple Watch helps save motorcyclist's life (Adiran Kingsley-Hughes)
Good Quote from 'The Handmaid's Tale' Author (Chris Drewe)
Stanislav Petrov, `The Man Who Saved The World', Dies At 77 (NPR)
Too Many VPNs Put Our Privacy And Security At Risk (Forbes)
Two articles by Bruce Schneier on supply-chain security threats (PGN)
Re: Alabama is penalizing students for leaving football games early
(Arthur T.)
Re: Why a cup of coffee forced a plane to make an unplanned landing
(Mark Brader)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 14 Sep 2019 22:19:24 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Saudi Arabia oil output takes major hit after apparent drone attacks
claimed by Yemen rebels (The WashPost)
https://www.washingtonpost.com/world/drone-attacks-on-saudi-oil-facilities-spark-explosions-and-fires/2019/09/14/b6fab6d0-d6b9-11e9-ab26-e6dbebac45d3_story.html
------------------------------
Date: Mon, 16 Sep 2019 14:31:37 -0400
From: Jerry Leichter <leic...@lrw.com>
Subject: Exclusive: Russia carried out a 'stunning' breach of FBI
communications system, escalating the spy game on U.S. soil (Cryptography)
From the Cryptography Mailing List <crypto...@metzdowd.com>
Too long to try to summarize. It looks as if the Russians, starting in
roughly 2010, managed to crack the encryption used on FBI tactical radios.
``A former senior counterintelligence official blamed the compromises on a
`hodgepodge of systems' ineffective beyond the line of sight. The
infrastructure that was supposed to be built, they never followed up, or
gave us the money for it. The intelligence community has never gotten an
integrated system.''
https://news.yahoo.com/exclusive-russia-carried-out-a-stunning-breach-of-fbi-communications-system-escalating-the-spy-game-on-us-soil-090024212.html
------------------------------
Date: Wed, 18 Sep 2019 10:11:16 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Google CEO Warns of Deepfakes Detection Challenges Ahead (Politico)
Google CEO Sundar Pichai warned on Tuesday that "detecting deepfakes is one
of the most important challenges ahead of us," and announced the search
giant had released a massive trove of such videos. The goal: to use those
deepfakes as a dataset for researchers working on tools and techniques to
detect these AI-altered, doctored clips. (Earlier this year, Google also
released a dataset of synthetic speech
<https://www.blog.google/outreach-initiatives/google-news-initiative/advancing-research-fake-audio-detection/>
to help researchers working on detecting fake audio.) Google said a blog
post that it has plans to add to the dataset -- which is made up of both
real and fake videos produced through deepfake generation methods available
to the public -- as the technology becomes more sophisticated. "We firmly
believe in supporting a thriving research community around mitigating
potential harms from misuses of synthetic media," the company said.
Researchers have warned that the volume and sophistication of deepfakes will
continue to climb as the 2020 election approaches, but some are wary that
government regulation of deepfakes would raise First Amendment concerns. "I
don't think [legislation's] a good way to go," Paul Barrett, deputy director
of NYU's Stern Center for Business and Human Rights and the researcher
behind a new report on 2020 disinformation, told your MT host. "The better
alternative is for the companies themselves to devise technology that can
flag potential deepfakes. ... It's incumbent on the companies to invest more
and work harder to make the kind of distinctions that need to be made."
------------------------------
Date: Tue, 17 Sep 2019 09:00:31 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: 125 New Flaws Found in Routers and NAS Devices from Popular Brands
(TheHackerNews)
EXCERPT:
The world of connected consumer electronics, IoT, and smart devices
<https://thehackernews.com/2017/08/hacking-track-movements.html> is growing
faster than ever with tens of billions of connected devices streaming and
sharing data wirelessly over the Internet, but how secure is it?
As we connect everything from coffee maker to front-door locks and cars to
the Internet, we're creating more potential -- and possibly more dangerous
-- ways for hackers to wreak havoc.
Believe me, there are over 100 ways a hacker can ruin your life just by
compromising your wireless router -- a device that controls the traffic
between your local network and the Internet, threatening the security and
privacy of a wide range of wireless devices, from computers and phones to IP
Cameras, smart TVs and connected appliances.
<https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html>
In its latest study titled SOHOpelessly Broken 2.0,
<https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/>
Independent Security Evaluators (ISE) discovered a total of 125 different
security vulnerabilities across 13 small office/home office (SOHO) routers
and Network Attached Storage
<https://thehackernews.com/2019/07/ransomware-nas-devices.html> (NAS)
devices, likely affecting millions.
``Today, we show that security controls put in place by device manufacturers
are insufficient against attacks carried out by remote adversaries. This
research project aimed to uncover and leverage new techniques to circumvent
these new security controls in embedded devices,'' the researchers said.
List of Affected Router Vendors...
https://thehackernews.com/2019/09/hacking-soho-routers.html
------------------------------
Date: Wed, 18 Sep 2019 9:29:35 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: How Hackers Could Break Into the Smart City (James Rundle)
James Rundle, *The Wall Street Journal*, 12 Sep 2019
via ACM TechNews, 18 Sep 2019
The more connected a smart city is, the greater its vulnerability to
cyberattack, with sensors collecting data from streetlights and buildings
one likely attack vector. Connections to smart grids and water-supply
systems also could be exploited and hijacked, as could connections to
autonomous vehicles. Suggested prevention and mediation strategies include
encrypting data being transmitted over smart city networks, and ensuring
everything is not on the same network. Portland, OR, keeps its sensors
separate from wider urban networks as much as possible; that city also
anonymizes its data and deletes collected video footage immediately after
analysis, under the aegis of the city's Smart City PDX program. Meanwhile,
officials in New York have established a testing laboratory for Internet of
Things devices, which has completed examinations of more than a dozen
devices for performance and vulnerabilities. Said Cesar Cerrudo, founder of
Securing Smart Cities, ``If you don't cover security from the very
beginning, then it becomes very difficult to protect it.''
------------------------------
Date: Sat, 14 Sep 2019 23:05:38 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Chicago Man Fraudulently Accrued 42 Million Delta SkyBonus Points
(The NYTimes)
https://www.nytimes.com/2019/09/13/travel/delta-skybonus-fraud.html
Gennady Podolsky used his position as a travel agent to cheat Delta Air Lines out of $1.75 million worth of loyalty points, according to an indictment.
------------------------------
Date: September 15, 2019 6:27:47 JST
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: I create fake videos. Here's why people believe even the obvious ones
(Fast Company)
People will accept anything as true if it confirms their beliefs --
regardless of whether a video or image has obviously been manipulated
EXCERPT:
Lots of people -- including Congress -- are worried about fake videos and
imagery distorting the truth, purporting to show people saying and doing
things they never said or did.
I'm part of a larger U.S. government project that is working on developing
ways to detect images and videos that have been manipulated. My team's work,
though, is to play the role of the bad guy. We develop increasingly devious,
and convincing, ways to generate fakes -- in hopes of giving other
researchers a good challenge when they're testing their detection methods.
For the past three years, we've been having a bit of fun dreaming up new
ways to try to change the meaning of images and video. We've created some
scenarios ourselves, but we've also had plenty of inspiration from current
events and circumstances of actual bad guys trying to twist public opinion.
I'm proud of the work we've done, and hope it will help people keep track of
the truth in a media-flooded world. But we've found that a key element of
the battle between truth and propaganda has nothing to do with
technology. It has to do with how people are much more likely to accept
something if it confirms their beliefs.
FINDING, AND PUSHING, TECHNICAL BOUNDARIES
When we make our fakes, we start by collecting original, undoctored images
and videos. Those not only offer raw material for us to manipulate the
images but also include the data stored in authentic media files -- sort of
like a technical fingerprint that accompanies every piece of media that
describes how and when it was taken, and with what tools...
https://www.fastcompany.com/90404007/i-create-fake-videos-heres-why-people-believe-even-the-obvious-ones
------------------------------
Date: Sun, 15 Sep 2019 18:39:57 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: I am awesome': How a millennial built a fentanyl empire (WashPost)
https://www.washingtonpost.com/national/health-science/the-fool-that-fentanyl-made-into-a-millionaire/2019/09/14/dcb696ec-d6f9-11e9-8924-1db7dac797fb_story.html
------------------------------
Date: September 15, 2019 22:36:48 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: There Is No Tech Backlash; Worse, we think there is one. (Rob Walker)
Rob Walker, TheNYTimes, 14 Sep 2019
https://www.nytimes.com/2019/09/14/opinion/tech-backlash.html
It's fun, and increasingly fashionable, to complain about technology. Our
own devices distract us, others' devices spy on us, social media companies
poison public discourse, new wired objects violate our privacy, and all of
this contributes to a general sense of runaway change careening beyond our
control. No wonder there's a tech backlash.
But, really, is there? There certainly has been talk of a backlash, for a
couple of years now. Politicians have discussed regulating big tech
companies more tightly. Fines have been issued, breakups called for. A tech
press once dedicated almost exclusively to gadget lust and organizing
conferences that trot out tech lords for the rest of us to worship has taken
on a more critical tone; a drumbeat of exposes reveal ethically and legally
dubious corporate behavior. Novels and movies paint a skeptical or even
dystopian picture of where tech is taking us. We all know people who have
theatrically quit this or that social media service, or announced digital
sabbaticals. And, of course, everybody kvetches, all the time.
However, there is the matter of our actual behavior in the real-world
marketplace. The evidence there suggests that, in fact, we love our devices
as much as ever. There is no tech backlash.
Consider Facebook: It's hard to imagine a more backlashable company.
Facebook is widely associated with data breaches, the spread of dubious
information and a basic deterioration of interpersonal communication. It was
recently fined nearly $5 billion by the Federal Trade Commission for
mishandling its customers' data. And, given its ubiquity, it's also a handy
stand-in for the corporatization of online life in general. If you're going
to make a show of quitting a tech service, Facebook may be your best choice.
But according to its most recent quarterly report, the number of Facebook
accounts used daily (1.59 billion) and monthly (2.4 billion) each increased
by 8 percent over the prior quarter. Despite all the anecdotes you've heard
about people deleting their accounts, the company's flagship app added about
a million new daily users in the United States alone. Revenue was up 28%.
Even factoring in the F.T.C. fine, Facebook recorded a profit of $2.6B.
Facebook is not the only demonized tech platform; social media companies in
general are routinely criticized as toxic swamps full of trolls, liars and
bots. But again, there's no evidence of any exodus. In the same
quarter, Twitter addedfive million new daily users, and Snap reported that
the daily user base of its flagship Snapchat app grew 7 percent, its
best-ever performance as a public company. According to the Pew Research
Center, 72 percent of Americans usesome form of social media, a percentage
that has risen steadily for years and shows no sign of flagging. (The people
I know who quit Facebook all use Facebook-owned Instagram, WhatsApp, or
both.)
Habits die hard. But even more remarkable than our apparent reluctance to
ditch the technologies we love to dis is a fervent embrace of newer new
things that seem, at the very least, worth approaching with caution.
Take smart speakers -- the kind that respond to vocal prompts and
questions -- as an example. It's exactly the sort of
technology that gives people pause. Is this thing listening to me all the
time? What about these weird stories of smart speakers laughing or cursing,
or randomly recording a conversation and sending it to the owners'
contacts? The tech press has gotten better and better at chronicling the
latest troubling answers -- for instance, people may in fact listen
to your voice activations as part of the process of refining the
device's functionality -- and detailing what, if anything,
you can do about it.
Nevertheless: As of last year, a little more than a quarter of American
households owned a smart speaker, according to one estimate. The category
leader is the Amazon Echo, equipped with the Alexa voice-recognition
software; Amazon says it has sold more than 100 million Alexa devices.
Certain tech-use indicators have in fact leveled off in recent years, but
that's mostly because they correspond with categories that are already
thoroughly established and widespread: Around 95 percent of consumers in the
United States say they have or use a cellphone, and 89 percent have or use
the Internet, according to Pew. But dig a little deeper into that data, and
it turns out that *new connected devices continue to emerge* and we continue
to embrace them. In addition to voice assistants, smart TVs and wearable
devices are growing in popularity.
Perhaps most remarkable, if you think we're in the midst of tech backlash,
is the traction of the aggressively hyped smart-home trend, encouraging you
to link your locks and lights and other household infrastructure to the
Internet. Amazon(which intuitively ought to be suffering in a
tech-backlashed environment) recently announced that the record sales on its
most recent Prime Day promotion included ``millions of smart home devices.''
------------------------------
Date: Mon, 16 Sep 2019 22:15:20 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Your Car. Your Data.
Your Car. Your Data. Your Choice. is an Auto Care Association education
initiative created to engage car owners, policymakers and other stakeholders
on car data– What is it, why it matters, and its implications for consumer
choice.
https://yourcaryourdata.org/
------------------------------
Date: Sat, 14 Sep 2019 21:51:01 -0400
From: "Arthur T." <Risks20190...@xoxy.net>
Subject: When `collect all the data' misses the important data
Pennsylvania has recent infestations of an invasive insect species (the
spotted lanternfly). It has given a grant to a state university to track
sightings of them, and they're publicizing the tracking very aggressively.
But they won't accept a sighting report unless you first give them your name
and telephone number. There's no indication as to who will have access to
that data, which is especially concerning as it's a government-affiliated
university and possibly susceptible to FOIA requests.
That data would be a major boon for certain vendors and fund-raisers. Who is
paying attention to the environment? Where do they travel and when? Etc.
So, by collecting data they don't need, they're missing the dozen or so
reports I would have made, and there are probably other non-reports by other
privacy-minded people.
------------------------------
Date: September 17, 2019 0:22:22 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: Get popcorn for iOS 13's privacy pop-ups of creepy Facebook data grabs
(TechCrunch)
Privacy-minded changes to smartphone operating systems which foreground the
background activity of third party apps are helping to spotlight more of the
surveillance infrastructure deployed by adtech giants to track and profile
human eyeballs for profit.
To wit: iOS 13, which will be generally released later this week, has
already been spotted catching Facebook's app trying to use Bluetooth
to track nearby users.....
https://techcrunch.com/2019/09/16/get-popcorn-for-ios-13s-privacy-pop-ups-of-creepy-facebook-data-grabs/
------------------------------
Date: Mon, 16 Sep 2019 21:04:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The children of Donor H898 (WashPost)
At least a dozen children diagnosed with autism were conceived with
sperm from the same donor.
https://www.washingtonpost.com/health/the-children-of-donor-h898/2019/09/14/dcc191d8-86da-11e9-a491-25df61c78dc4_story.html
------------------------------
Date: Thu, 19 Sep 2019 11:37:05 +0800
From: Richard Stein <rms...@ieee.org>
Subject: The man-made 'stars' changing the night sky (bbc.com)
http://www.bbc.com/future/story/20190918-is-humanity-changing-the-night-sky-with-artificial-stars
There is already around 8,400 tonnes of debris and junk currently racing
around the Earth as speeds of up to 18,000mph (28,800km/h). This hail of
debris can damage and even destroy satellites if they collide -- in 2009, a
defunct Russian satellite smashed into a functioning US commercial
satellite, breaking both spacecraft into at least 2,000 pieces, dramatically
increasing the amount of debris in orbit in the process.
``Nasa currently tracks thousands of pieces of debris down to the size of a
marble and regularly performs avoidance maneuvers to keep its satellites
safe. The International Space Station has also had to make several maneuvers
to avoid debris during its 20 years in orbit.''
With a deployed 'man-mad space shield' of this magnitude already
operational, but not readily controllable, there's no need to build a
dedicated space force to defend the planet against extraterrestrial
invasion!
------------------------------
Date: Wed, 18 Sep 2019 23:58:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: What Really Brought Down the Boeing 737 Max? (The NYTimes)
https://www.nytimes.com/2019/09/18/magazine/boeing-737-max-crashes.html
------------------------------
Date: Thu, 19 Sep 2019 00:06:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: You watch TV. Your TV watches back. (The Washington Post)
In our latest privacy experiment, we tracked how four of the most popular TV
brands record everything we watch.
https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/
I've had a *smart* TV for almost a year; it's not online and I watch cable
TV, DVDs, Roku (channels, Netflix, Amazon prime) just fine.
I ignore its occasional pleas to connect it to the outside world.
------------------------------
Date: Thu, 19 Sep 2019 08:07:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Single drivers are taking over Massachusetts carpool lanes
(The Boston Globe)
https://www.bostonglobe.com/metro/2019/09/11/single-drivers-are-taking-over-mass-carpool-lanes/a32bKhXxoZNygjnPPjgKvO/story.html
------------------------------
Date: Thu, 19 Sep 2019 09:12:45 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: False emergency alarms set off in Hawaii, again. (NBC News)
https://www.nbcnews.com/news/us-news/false-emergency-alarms-set-hawaii-again-n1056281
------------------------------
Date: Thu, 19 Sep 2019 19:05:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Global Preparedness Monitoring Board (Fortune)
What does a worst case scenario look like in public health? If we went the
Hollywood route, you could envision all sorts of disasters. A lone patient
spreading a deadly bug via international travel; a contamination in the food
supply; heck, maybe just the emergence of a superbug resistant to existing
treatments (a potential $100 trillion risk
<https://click.newsletters.fortune.com/?qs=01edd9ca5e91c9d2cacdcadafa419ed0a96e80a0929024416654b57725ebd5101975ad65d20cb5f9b2631e012684a701c448d5f090da8e07>
by some accounts).
The thing is, any sort of pandemic could be catastrophic – and the world
simply isn't prepared to deal with such an outbreak, according to a
first-of-its-kind report
<https://click.newsletters.fortune.com/?qs=04a8392c00f77920cdb333607274ba4cc389753f201ffb5a822ce09f3d46b8e9f458bab130eb0bab31838c7fec525c8775fa8fd2a5b83d64>
from the Global Preparedness Monitoring Board (GPMB). In fact, as many as 80
million people could die in an outbreak within 36 hours, the authors say, if
an airborne pathogen were to make its way around the globe.
The GPMB was convened by the World Health Organization (WHO) and the World
Bank to investigate these exact kinds of issues. And the initial prognosis
is grim (the report itself is frighteningly titled, `A World At Risk').
Here's just a snippet of what the group had to say: “The central finding of
the report is that the world needs to proactively establish the systems
needed to detect and control potential disease outbreaks. These acts of
preparedness are a global public good that must meaningfully engage
communities, from the local to the international, in preparedness,
detection, response and recovery.”
The report outlines the many failures of international governments, from
lackluster public health systems to lapses in communication to a dearth of
drug and vaccine development, to prepare for a major pandemic. (The issue is
serious enough that the World Bank created the first-ever global insurance
market
<https://click.newsletters.fortune.com/?qs=116f9e6ffa6b24f0c4888644a1e6141dfd41b7deeee304c6c77370d904d6564557f54c276ee97bc36a76975bf4152c7e38097a3477c4428d>
for pandemics back in 2016.)
But GPMB also offers some practical solutions. “Investing in health
emergency preparedness will improve health outcomes, build community trust
and reduce poverty, thereby also contributing to efforts to achieve the
United Nations Sustainable Development Goals,” the authors wrote.
/From the foreword by Co-Chairs H.E. Dr Gro Harlem Brundtland and Mr Elhadj
As Sy/: “For its first report, the Global Preparedness Monitoring Board
reviewed recommendations from previous high-level panels and commissions
following the 2009 H1N1 influenza pandemic and the 2014-2016 Ebola outbreak,
along with its own commissioned reports and other data. The result is a
snapshot of where the world stands in its ability to prevent and contain a
global health threat. Many of the recommendations reviewed were poorly
implemented, or not implemented at all, and serious gaps persist. For too
long, we have allowed a cycle of panic and neglect when it comes to
pandemics: we ran.
http://apps.who.int/gpmb/annual_report.html
Plus: We Are All Pawns in a Mosquito's World
https://www.sierraclub.org/sierra/we-are-all-pawns-mosquitos-world
------------------------------
Date: Fri, 20 Sep 2019 11:14:12 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Instigator of fatal Kansas swatting receives prison sentence
(Ars Technica)
https://arstechnica.com/tech-policy/2019/09/man-behind-deadly-kansas-swatting-sentenced-to-15-months-in-prison/
------------------------------
Date: Sat, 21 Sep 2019 2:20:36 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: IoT Security: Now Dark Web Hackers are Targeting Internet-Connected
Gas Pumps (Danny Palmer)
Danny Palmer, ZDNet, 10 Sep 2019
Researchers at Trend Micro have found that cyber criminals are increasingly
focusing their attention on hacking Internet of Things (IoT) devices. While
routers remain the top target for IoT-based attacks, Internet-connected gas
pumps are becoming a focal point as well. The researchers came to this
conclusion after examining Dark Web marketplaces in five different
languages: Russian, Portuguese, English, Arabic, and Spanish. They found the
Russian market is the most sophisticated of the underground communities,
with cyber criminals there ready to make money from attacks and exploits.
Trend Micro's Bharat Mistry said operators of Internet-connected gas pumps
and similar devices should have their default passwords changed, and
``should also think about using features such as VPNs to encrypt the
traffic, and mutual authentication, whereby both the device and the user
validate one other before continuing.''
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-219dax21dd15x069949&
------------------------------
Date: Sat, 21 Sep 2019 19:50:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: 'Security' Cameras Are Dry Powder for Hackers. Here's Why (Fortune)
https://fortune.com/2019/09/19/security-cameras-are-dry-powder-for-hackers-heres-why/
------------------------------
Date: Sun, 22 Sep 2019 23:38:29 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The iOS 13 Privacy and Security Features You Should Know (WiReD)
Your iPhone just got a major security upgrade. Here are all the ins and
outs.
If you own a relatively new iPhone
<https://www.wired.com/review/apple-iphone-11/>, this week you should have
received a notification that the latest iOS 13 update
<https://www.wired.com/story/apple-ios-13-arrives/> is ready to
download. Besides the more obvious additions -- like the introduction of
dark mode, and the unexpected joys of Apple Arcade
<https://www.wired.com/story/apple-arcade-reshape-mobile-gaming/> -- it also
features a raft of security and privacy enhancements.
The reputation of iOS security may have taken some dings
<https://www.wired.com/story/ios-security-imessage-safari/> of late, but
it's still one of the most secure consumer operating systems available.
Here are all the ways the latest version keeps you even more protected.
https://www.wired.com/story/ios-13-security-privacy-features-settings/
...complicated, sigh.
------------------------------
Date: Mon, 23 Sep 2019 11:49:42 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Two years later, hackers are still breaching local government
payment portals (Catalin Cimpany)
Catalin Cimpanu for Zero Day | 19 Sep 2019
New 20,000 batch of payment card details found on the dark web and traced
back to new Click2Gov hacks.
https://www.zdnet.com/article/two-years-later-hackers-are-still-breaching-local-government-payment-portals/
opening text:
Two years after hackers first started targeting local government payment
portals, attacks are still going on, with eight cities having had their
Click2Gov payment portals compromised in the last month alone, security
researchers from Gemini Advisory have revealed in a report shared with ZDNet
today.
These new hacks have allowed hackers to get their hands on over 20,000
payment card details belonging to US citizens, which are now being traded on
the dark web, the cyber-security firm said.
------------------------------
Date: Mon, 23 Sep 2019 11:53:51 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Man allegedly used drone to pelt ex-girlfriend's home with bombs
(Charlie Osborne)
Charlie Osborne for Zero Day | 20 Sep 2019
Charges now include unregistered drone operation, meth use, and unlawfully
owning firearms.
https://www.zdnet.com/article/man-allegedly-used-drones-to-pelt-ex-girlfriends-home-with-bombs/
In the aftermath of a breakup, people can lose all reason and taking
irresponsible action -- whether it be cutting up an ex-partner's clothes,
throwing out their possessions, or scratching their car.
In extreme cases, drones, otherwise known as unmanned aerial vehicles
(UAVs), may also allegedly become weaponized.
According to US prosecutors, a 43-year-man used a DJI Phantom 3 drone to
drop homemade bombs on a previous girlfriend's property.
------------------------------
Date: Mon, 23 Sep 2019 12:12:42 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Apple Watch helps save motorcyclist's life (Adiran Kingsley-Hughes)
Adrian Kingsley-Hughes for Hardware 2.0 | 23 Sep 2019
A Washington man credits the Apple Watch with helping to save his father's
life following a biking accident that left him unconscious.
https://www.zdnet.com/article/apple-watch-helps-save-motorcyclists-life/
The Apple Watch 4 and later contains a sensor that is continually looking
out for the wearer suffering a hard fall that could render them unconscious
and summon emergency help. This is exactly what happened to Gabe Burdett's
father.
------------------------------
Date: Mon, 23 Sep 2019 22:28:28 +0100
From: Chris Drewe <e76...@yahoo.co.uk>
Subject: Good Quote from 'The Handmaid's Tale' Author
Last Saturday's newspaper featured an interview (couldn't find it on-line)
with Margaret Atwood, author of `The Handmaid's Tale' and more recently `The
Testaments'. This included her saying: ``Like any human technology, there's
a plus side, a minus side, and a stupid side that you didn't anticipate.
Pick out any technology, it's true of them all.''
So it looks unlikely for RISKS to run short of source material any time
soon...
------------------------------
Date: September 24, 2019 6:23:18 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: Stanislav Petrov, `The Man Who Saved The World', Dies At 77 (NPR)
[via Dave Farber]
Greg Myre Facebook Twitter
https://www.npr.org/sections/thetwo-way/2017/09/18/551792129/stanislav-petrov-the-man-who-saved-the-world-dies-at-77
Stanislav Petrov, a former Soviet military officer, poses at his home in
2015 near Moscow. In 1983, he was on duty when the Soviet Union's early
warning satellite indicated the U.S. had fired nuclear weapons at his
country. He suspected, correctly, it was a false alarm and did not
immediately send the report up the chain of command. Petrov died at age 77.
Stanislav Petrov was a lieutenant colonel in the Soviet Union's Air Defense
Forces, and his job was to monitor his country's satellite system, which was
looking for any possible nuclear weapons launches by the United States.
He was on the overnight shift in the early morning hours of 26 Sep 1983,
when the computers sounded an alarm, indicating that the U.S. had launched
five nuclear-armed intercontinental ballistic missiles. ``The siren howled,
but I just sat there for a few seconds, staring at the big, back-lit, red
screen with the word 'launch' on it,'' Petrov told the BBC in 2013.
It was already a moment of extreme tension in the Cold War. On Sept. 1 of
that year, the Soviet Union shot down a Korean Air Lines plane that had
drifted into Soviet airspace, killing all 269 people on board, including a
U.S. congressman. The episode led the U.S. and the Soviets to exchange
warnings and threats.
Petrov had to act quickly. U.S. missiles could reach the Soviet Union in
just over 20 minutes. ``There was no rule about how long we were allowed to
think before we reported a strike,'' Petrov told the BBC. ``But we knew
that every second of procrastination took away valuable time, that the
Soviet Union's military and political leadership needed to be informed
without delay. All I had to do was to reach for the phone; to raise the
direct line to our top commanders -- but I couldn't move. I felt like I was
sitting on a hot frying pan.''
Petrov sensed something wasn't adding up. He had been trained to expect an
all-out nuclear assault from the U.S., so it seemed strange that the
satellite system was detecting only a few missiles being launched. And the
system itself was fairly new. He didn't completely trust it.
Arms control expert Jeffrey Lewis recalled the episode in an interview last
December on NPR:
``[Petrov] just had this feeling in his gut that it wasn't right. It was
five missiles. It didn't seem like enough. So even though by all of the
protocols he had been trained to follow, he should absolutely have
reported that up the chain of command and, you know, we should be talking
about the great nuclear war of 1983 if any of us survived.''
After several nerve-jangling minutes, Petrov didn't send the computer
warning to his superiors. He checked to see if there had been a computer
malfunction.
He had guessed correctly. ``Twenty-three minutes later I realized that
nothing had happened,'' he said in 2013. ``If there had been a real strike,
then I would already know about it. It was such a relief.''
That episode and the 1962 Cuban Missile Crisis are considered to be the
closest the U.S. and the Soviets came to a nuclear exchange. And while the
Cuban Missile Crisis has been widely examined, Petrov's actions have
received much less attention.
Petrov died on 19 May 2019, at age 77, in a suburb outside Moscow, according
to news reports Monday. He had long since retired and was living alone. News
of his death apparently went unrecognized at the time.
Karl Schumacher, a German political activist who had highlighted Petrov's
actions in recent years, tried to contact Petrov earlier this month to wish
him a happy birthday. Instead, he reached Petrov's son, Dmitri, who said his
father had died in May.
Petrov said he received an official reprimand for making mistakes in his
logbook on Sept. 26, 1983.
His story was not publicized at the time, but it did emerge after the Soviet
Union collapsed. He received a number of international awards during the
final years of his life. In 2015, a docudrama about him featuring Kevin
Costner was called The Man Who Saved The World.
But he never considered himself a hero.
``That was my job. But they were lucky it was me on shift that night.''
Greg Myre is a national security correspondent. Follow him @gregmyre1.
------------------------------
Date: Mon, 23 Sep 2019 14:14:05 -1000
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: Too Many VPNs Put Our Privacy And Security At Risk (Forbes)
Virtual private networks: they help you sidestep geographical media
restrictions, and they keep your web browsing private, right? Well, not
always, because even if the best VPNs add a welcome layer of security to our
web setups, cybersecurity experts are warning that there are just as many
VPN applications that expose their trusting users to surveillance and
cyberattacks.
According to a broad range of specialists, many free and mobile VPNs on the
market use unsafe protocols and log user activity, while even good virtual
private networks can't always guarantee to protect their users from the
prying eyes of a jealous government or its intelligence agencies. That's why
it's vitally important that we not only choose the most reliable and robust
VPNs available, but that we also learn how to configure and run them to
their full potential. Otherwise, we may find ourselves in a similar
situation to users of Fortigate and Pulse Secure, two VPNs which were
targeted by cyberattackers last month.
Normally, VPNs are very useful and dependable tools, with 30% of all
Internet users employing a VPN at least once a month. ``Generally speaking,
a modern online VPN is a service that is designed to encrypt your entire
computer's traffic and at the same time hide your identity by routing your
(now encrypted) traffic through one or more anonymous routers,'' explains
Yaniv Balmas, the head of cyber research at Check Point. ``Assuming that
the VPN provider uses up-to-date encryption methods and frequently changes
its routing points, this service should provide a secure and robust
service.''
However, Balmas adds that ``the devil lies in the details,'' with poorly
implemented virtual private networks causing ``more harm than good for its
users.'' In fact, the scale of the problem is actually more extensive than
most people realise, because in many cases VPNs -- and particularly free
and/or mobile VPNs -- not only don't work as advertised, but also leave
users open to viruses and privacy violations.
``We tested the top 150 free VPN Android apps and found that many had
serious security flaws and performance issues,'' warns Callum Tennent, a VPN
expert and the site editor at Top10VPN.com. Referring to a study his website
conducted in February, Tennent alarmingly reveals that 18% of the tested
VPNs contained potential malware or viruses, 85% featured excessive
permissions or functions that could put a user's privacy at risk, and 25%
exposed a user's traffic to DNS leaks and other leaks...
https://www.forbes.com/sites/simonchandler/2019/09/23/too-many-vpns-put-our-privacy-and-security-at-risk/
------------------------------
Date: Wed, 25 Sep 2019 2:59:40 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Two articles by Bruce Schneier on supply-chain security threats
https://www.nytimes.com/2019/09/25/opinion/huawei-internet-security.html
https://edition.cnn.com/2019/09/21/opinions/chinese-spy-trains-are-not-a-credible-threat-schneier/index.html
------------------------------
Date: Fri, 13 Sep 2019 20:31:50 -0400
From: "Arthur T." <Risks20190...@xoxy.net>
Subject: Re: Alabama is penalizing students for leaving football games early
(RISKS-31.42)
The Washington Post's headline is seriously misleading. The story text says
that students ``earn 100 points for attending a home game and then get an
additional 250 if they're still in attendance by the fourth quarter.'' To
me, not rewarding someone is very different from penalizing them. The story
(as opposed to the headline) implies that a student is always better off
attending a game, even if the student leaves early.
------------------------------
Date: Fri, 13 Sep 2019 19:20:45 -0400
From: Mark Brader <m...@vex.net>
Subject: Re: Why a cup of coffee forced a plane to make an unplanned landing
(WashPost via Solomon, RISKS-31.42)
> A new safety bulletin from the British government shows that an unplanned
> landing in Ireland was caused by coffee that spilled on a control panel in
> the cockpit.
Life imitates fiction! This is exactly the cause identified for a plane
crash in the movie *Fate is the Hunter* -- in 1964.
[There's no crying over spilled milk, but spilled coffee is different.
The diverted aircraft resulted in a new form of diverticulitis for every
passenger and crew member. PGN]
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.43
************************
0 new messages