info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 30.29
124 views
Skip to first unread message
RISKS List Owner
May 14, 2017, 1:50:52 AM5/14/17
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Saturday 13 May 2017 Volume 30 : Issue 29
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.29>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Fiat Chrysler Recalls 1.2 Million Ram Pickups Over Faulty Software
(Bill Vlasic and Neal E. Boudette)
Today's Massive Ransomware Attack Was Mostly Preventable -- Here's How To
Avoid It (Gizmodo)
Dozens of countries hit by huge cyberextortion attack (McClatchy)
A British researcher says he found a kill switch for the malware
crippling computers worldwide (The Washington Post)
Hackers Use Tool Taken from NSA in Global Attack
(Nicole Perlroth and Davide E. Sanger)
Indicators Associated With WannaCry Ransomware (US-CERT)
WARNING: Antivirus sites may be helping to SPREAD the current global
malware ransomware WannaCry attack! (Lauren Weinstein)
Global 'Wana' Ransomware Outbreak Earned Perpetrators $26,000 So Far
(Krebs)
The Joy of Tech comic: The Internet of ransomware things! (GeekCulture)
Vehicle lien recorded in name of cartoon characters (Mark Brader)
Cochrane Report on IHealth EHR: Lessons for engaging users to provide QA
feedback (Island Health via Kelly Bert Manning)
Microsoft patches Windows XP to fight 'WannaCrypt' attacks (Engadget
via LW)
Malware and The Cloud (Lauren Weinstein)
"How the Macron campaign slowed cyberattackers" (Fahmida Y. Rashid)
Counter intelligence in the French elections - this changes cybersecurity
forever. (Gadi Evron)
Facebook takes to newspapers to teach UK users how to spot "fake news"
(Ars Technica)
"HP computer owners: Check for the MicTray Conexant keylogger"
(Woody Leonhard via Gene Wirchenko)
MUST READ "Open MIC" report: Corporate responsibility in an age of
alternative facts -- with emphasis on Facebook and Google
(Lauren Weinstein)
China Is on Track to Fully Phase Out Cash (Motherboard)
Sony PlayStation leads to the arrest of 15 member gang (Diomidis Spinellis)
UK Telecomms Service Stopped by Bureaucracy (Chris Drewe)
Crash with Impact (The New York Times)
NYU Accidentally Exposed Military Code-Breaking Computer Project to
Entire Internet (Sam Biddle)
Confidential patient data breach at NYC's Bronx Leb Hospital (Data Breaches
via danny burstein)
Security Alert from Intel concerning Business-grade Processors with
detection tool -- followup (Bob Gezelter)
"Supply chain attack on HandBrake video converter app hits Mac users"
(Lucian Constantin)
The FCC says an attack -- not John Oliver -- hampered its website
(The Washington Post)
U.S. military cyber operation to attack ISIS last year sparked heated
debate over alerting allies (The Washington Post)
Re: Someone hacked every tornado siren in Dallas. It was loud.
(Jim Reisert)
Progress To Date on Deepwater Horizon (Earl Boebert)
Re: The Lost Picture Show (Dimitri Maziuk, Gabe Goldberg, Brian Inglis,
Jeff Jonas)
Re: Man gets fined for discovering an engineering flaw (John Levine)
Re: Senseless Government Rules Could Cripple the Robo-Car Revolution
(Mike Spencer)
Re: Bobby Tables and electoral fraud (Dave Horsfall, Kelly Bert Manning)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 13 May 2017 08:13:18 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Fiat Chrysler Recalls 1.2 Million Ram Pickups Over Faulty Software
(Bill Vlasic and Neal E. Boudette)
*The New York Times*, 13 May 2017
After one death and two injuries, the recall is intended to fix faulty
software that can disable airbags and seatbelt tension devices.
Reportedly, "normal restraint-system function may be restored" by
turning the ignition off and on again.
------------------------------
Date: Fri, 12 May 2017 16:27:31 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Today's Massive Ransomware Attack Was Mostly Preventable -- Here's
How To Avoid It (Gizmodo)
NNSquad
http://gizmodo.com/today-s-massive-ransomware-attack-was-mostly-preventabl-1795179984
Here's what happened: Unknown attackers deployed a virus targeting
Microsoft servers running the file sharing protocol Server Message Block
(SMB). Only servers that weren't updated after March 14 with the MS17-010
patch were affected; this patch resolved an exploit known as ExternalBlue,
once a closely guarded secret of the National Security Agent, which was
leaked last month by ShadowBrokers, a hacker group that first revealed
itself last summer. The ransomware, aptly named WannaCry, did not spread
because of people clicking on bad links. The only way to prevent this
attack was to have already installed the update.
------------------------------
Date: Fri, 12 May 2017 15:10:41 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Dozens of countries hit by huge cyberextortion attack (McClatchy)
via NNSquad
http://www.mcclatchydc.com/news/politics-government/national-politics/article150231887.html
Dozens of countries were hit with a huge cyberextortion attack Friday that
locked up computers and held users' files for ransom at a multitude of
hospitals, companies and government agencies. The attack appeared to
exploit a vulnerability that was purportedly identified by the U.S.
National Security Agency for its own intelligence-gathering purposes and
was later leaked to the Internet. Britain's national health service was
hit hard, its hospitals forced to close wards and emergency rooms. Spain,
Portugal and Russia were also struck. Several cybersecurity firms said
they had identified the malicious software behind the attack in upward of
60 countries, with Russia apparently the hardest hit.
[On the UK NHS danny burstein burstein noted
UK hospital system suffering nationwide computer issues
(The Guardian):
NHS hospitals across England hit by large-scale cyber-attack
Immediately on discovery of the problem, the trust acted to protect
its IT systems by shutting them down; it also meant that the trust's
telephone system is not able to accept incoming calls.
https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack
See Also
http://www.bbc.co.uk/news/health-39899646
PGN]
------------------------------
Date: Sat, 13 May 2017 07:50:05 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: A British researcher says he found a kill switch for the malware
crippling computers worldwide (The Washington Post)
via NNSquad
https://www.washingtonpost.com/news/worldviews/wp/2017/05/13/a-british-researcher-says-he-found-a-kill-switch-for-the-malware-crippling-computers-worldwide/
By purchasing the domain name and registering a website, the cybersecurity
researcher claims that he activated a kill switch. It immediately slowed
the spread of the malware and could ultimately stop its current version,
cybersecurity experts said Saturday ... About 3 p.m. Eastern time, the
specialist with U.S. cybersecurity enterprise Kryptos Logic bought an
unusually long and nonsensical domain name ending with "gwea.com." The
22-year-old says he paid $10.69, but his purchase might have saved
companies and governmental institutions around the world billions of
dollars.
------------------------------
Date: Sat, 13 May 2017 08:20:04 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Hackers Use Tool Taken from NSA in Global Attack
(Nicole Perlroth and Davide E. Sanger)
*The New York Times*, 13 May 2017 (front page)
A digital `perfect storm' hits hospitals, businesses, and a Russian ministry
on 12 May 2017. By the end of the day, the attack had spread to more than
74 countries. According to Kaspersky Lab (a Russian cybersecurity company),
Russia was the worst-hit, then Ukraine, India, and Taiwan. This seems to
have been the largest ransomware attack to date. It was triggered by a
simple phishing attack, and is believed to have exploited a vulnerability
with a method developed -- and leaked from or stolen from -- NSA. [PGN-ed]
------------------------------
Date: Sat, 13 May 2017 08:39:09 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Indicators Associated With WannaCry Ransomware (US-CERT)
via NNSquad
https://www.us-cert.gov/ncas/alerts/TA17-132A
According to numerous open-source reports, a widespread ransomware
campaign is affecting various organizations with reports of tens of
thousands of infections in as many as 74 countries, including the United
States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The
software can run in as many as 27 different languages. The latest version
of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor,
was discovered the morning of May 12, 2017, by an independent security
researcher and has spread rapidly over several hours, with initial reports
beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting
indicates a requested ransom of .1781 bitcoins, roughly $300 U.S. This
Alert is the result of efforts between the Department of Homeland Security
(DHS) National Cybersecurity and Communications Integration Center (NCCIC)
and the Federal Bureau of Investigation (FBI) to highlight known cyber
threats. DHS and the FBI continue to pursue related information of threats
to federal, state, and local government systems and as such, further
releases of technical information may be forthcoming.
------------------------------
Date: Sat, 13 May 2017 09:08:37 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: WARNING: Antivirus sites may be helping to SPREAD the current
global malware ransomware WannaCry attack!
Lauren's Blog
https://lauren.vortex.com/2017/05/13/warning-antivirus-sites-may-be-helping-to-spread-the-current-global-malware-ransomware-wannacry-attack
It has been reported that a researcher discovered that spread of the current
worldwide ransomware attack can be halted after he registered the domain:
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
and built a sinkhole website that the malware could check. Reportedly
the malware does not continue spreading if it can reach this site.
HOWEVER, various antivirus websites/services are now reportedly adding
that domain to their "bad domain" lists! If sites infected with this
malware are unable to reach that domain due to their firewalls
incorporating rules from antivirus sites that include a block for that
domain, the malware will likely continue spreading across their
machines. Your systems MUST be able to access the domain above if this
malware blocking trigger is to be effective, according to the current
reports that I'm receiving!
------------------------------
Date: Sat, 13 May 2017 16:11:39 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Global 'Wana' Ransomware Outbreak Earned Perpetrators $26,000 So
Far
NNSquad
https://krebsonsecurity.com/2017/05/global-wana-ransomware-outbreak-earned-perpetrators-26000-so-far/
As thousands of organizations work to contain and clean up the mess from
this week's devastating Wana ransomware attack, the fraudsters responsible
for releasing the digital contagion are no doubt counting their earnings
and congratulating themselves on a job well done. But according to a
review of the Bitcoin addresses hard-coded into Wana, it appears the
perpetrators of what's being called the worst ransomware outbreak ever
have made little more than USD $26,000 so far from the scam.
------------------------------
Date: Sat, 13 May 2017 11:32:42 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: The Joy of Tech comic: The Internet of ransomware things!
via NNSquad
http://www.geekculture.com/joyoftech/joyarchives/2340.html
------------------------------
Date: Thu, 11 May 2017 15:13:01 -0400 (EDT)
From: m...@vex.net (Mark Brader)
Subject: Vehicle lien recorded in name of cartoon characters
Apparently, some time ago someone in the Ontario provincial government's
computer systems was running a test simulating the addition of a lien to the
information record about someone's vehicle. For the lienholder's name they
used fictional characters from the old animated TV show "The Flintstones" --
but for the vehicle they used a real VIN.
Result: the 75-year-old woman who owned the vehicle found herself
blocked from selling it until the bogus lien was cleared. Apparently
this took 9 months, but the matter only became public this week.
Naturally, the government is saying this was the only such case and
it won't happen again, while the opposition takes a different view...
http://www.cbc.ca/news/anykey-1.4109296
------------------------------
Date: Mon, 8 May 2017 12:02:38 -0400 (EDT)
From: Kelly Bert Manning <Kelly....@ncf.ca>
Subject: Cochrane Report on IHealth EHR: Lessons for engaging users to
provide QA feedback (Island Health)
http://ihealth.islandhealth.ca/2016/11/the-cochrane-report/
http://ihealth.islandhealth.ca/wp-content/uploads/2016/11/Summary-of-Recommendations.pdf
http://ihealth.islandhealth.ca/wp-content/uploads/2016/11/ihealth-review-2017.pdf
http://vancouverisland.ctvnews.ca/video?clipId=1115112
"Issue reporting and resolution
At roll out, when users were highly supportive and enthusiastic, they
actively engaged in reporting issues of performance, usability and
safety. At the time, reporting was accepted through multiple sources
including the Patient Safety Learning System (PSLS), health
informaticists, the Help Desk, emails, red dot reports and meetings. Peer
mentors and informaticists were actively engaged in addressing issues as
they arose.
Unfortunately, follow up with users that had reported a concern was
inconsistent. Many users reported an absence of feedback. The reasons for
the lack of feedback are not clear but may relate to the volume of issues
being reported and Island Health's capacity to address them. As a result,
from the users' perspective, many issues remained unexplained and
unresolved, undermining confidence in the safety of the system and the
effectiveness of the reporting systems. Users stopped reporting because of
fatigue and the lack of feedback.
Some individuals who provided reports perceived that those responding to
issues were transferring responsibility to the users. Explanations for
issues included user error, bad habits, and users failing to remember.
Island Health's reactions were described by interviewees as punitive and
involved public shaming and bullying (see emotional responses below). It
was claimed that there were no gaps in education or training, but rather
gaps in remembering and a lack of engagement of staff for voluntary
learning.
In a previous job a "Creating Satisfied Customers" course taught that a lack
of problem reports indicates a failed system for users to report concerns,
get status updates and see that concerns are addressed and resolved in a
timely fashion.
Many customers will choose another service provider or product if one is
available, and they keep encountering issues.
A minority of users will try to follow the problem reporting process. Most
will give up if they find it too much bother to complete and they keep
encountering issues.
Most will not bother to continue to report issues if they get no resolution
to the initial issue reports.
Very few will persist in requesting follow up status reports, particularly
if there is no regular feed back or perceived resolution. They just give up.
------------------------------
Date: Sat, 13 May 2017 08:22:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Microsoft patches Windows XP to fight 'WannaCrypt' attacks
(Engadget)
via NNSquad
https://www.engadget.com/2017/05/13/Microsoft-WindowsXP-WannaCrypt-NHS-patch/
Microsoft officially ended its support for most Windows XP computers back
in 2014, but today it's delivering one more public patch for the
16-year-old OS. As described in a post on its Windows Security blog, it's
taking this "highly unusual" step after customers worldwide including
England's National Health Service suffered a hit from "WannaCrypt"
ransomware. Microsoft patched all of its currently supported systems to
fix the flaw back in March, but now there's an update available for
unsupported systems too, including Windows XP, Windows 8 and Windows
Server 2003, which you can grab here (note: if that link isn't working
then there are direct download links available in the Security blog post).
Sure, now that the spread has apparently been largely contained through
other means, Microsoft shows up, a day late and a dollar short, as usual.
------------------------------
Date: Sat, 13 May 2017 13:31:04 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Malware and The Cloud
via NNSquad
https://plus.google.com/+LaurenWeinstein/posts/cMA7HsuR7UC
I might note that there's a strong argument to be made that many of these
systems crippled by the current malware epidemic by all rights should have
instead had their data in the cloud, where professionals are able to keep
security and privacy parameters up to date. Successful attacks are becoming
more common with virtually every OS. And most systems in homes and offices
are not adequately backed up -- if they're backed up at all. Fundamentally,
this tech has become too integral to society and too complex for amateurs to
maintain by themselves in the long run.
[On the other hand, RISKS readers understand the the "cloud" is not all
that secure, and still entails [I originally wrote entrails] many risks,
even though many cloud providers might have better security than small
institutions, and a very large one -- evidently, most of the
U.S. Government! PGN]
------------------------------
Date: Tue, 09 May 2017 10:12:57 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "How the Macron campaign slowed cyberattackers" (Fahmida Y. Rashid)
Fahmida Y. Rashid, InfoWorld, 9 May 2017
Did the French president-elect's security team use cyberdeception techniques
to fight off phishing attacks? Submitting fake credentials definitely
qualifies
http://www.infoworld.com/article/3195018/security/how-the-macron-campaign-slowed-cyber-attackers.html
opening text:
In the wake of French president-elect Emmanuel Macron's victory over Marine
Le Pen, IT armchair quarterbacks should look at the Macron campaign's
security playbook for ideas on how to fight off targeted phishing and other
attacks.
------------------------------
Date: Tue, 9 May 2017 21:33:09 +0300
From: Gadi Evron <gev...@gmail.com>
Subject: Counter intelligence in the French elections - this changes
cybersecurity forever.
I'm extremely excited about what happened at the French elections. Up until
today, when it comes to information operations, I could only look up to
Russia. What (supposedly, we don't really know too much yet) in France
changes all that.
Add supposedly and likely to every sentence:
1. They seeded attack attempts with data that will slow them down.
Sending credentials to phishing attempts.
2. They created a few fake documents, which allowed them when the time
came to cast doubt on the entire data dump.
I wrote a full analysis based on what is currently known here, I hope you
enjoy it:
https://hackernoon.com/analyzing-a-counter-intelligence-cyber-operation-how-macron-just-changed-cyber-security-forever-22553abb038b
I am so excited a public case exists that shows thinking of the type I love
and live. With cyberdeception they have essentially shown they can increase
the economic costs of the attackers to shift the burden of anomaly detection
to them. I've bet my career and life on starting Cymmetria to do this, and
now -- finally, someone else is thinking the same way I do, and more than
that, actively working on cyberdeception to control the battle ground and
act dynamically.
Interesting side-note:
Late last year the various French political parties were summoned to a
government brief on phishing attacks. All but one came to the meeting.
------------------------------
Date: Mon, 8 May 2017 08:07:02 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Facebook takes to newspapers to teach UK users how to spot
"fake news" (Ars Technica)
via NNSquad
https://arstechnica.com/business/2017/05/facebook-fake-news-newspaper-ad/
Facebook has attempted to lightly rein in the spread of misinformation on
the free content ad network by taking out full-page adverts in UK
newspapers with "tips for spotting false news" ahead of next month's
General Election. The Mark Zuckerberg-run company, which has long-swerved
any suggestion that it is the publisher of content that is shared on its
site by nearly two billion people worldwide, makes it clear in its press
ad that the onus is on its users to police dodgy-looking posts. "Be
skeptical of headlines," it warned. Apparently, "catchy headlines in all
caps with exclamation marks" could contain false news and users should be
wary of clicking on clickbaity, screeching claims.
------------------------------
Date: Thu, 11 May 2017 15:27:19 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "HP computer owners: Check for the MicTray Conexant keylogger"
Woody Leonhard, InfoWorld, 11 May 2017
The Conexant audio driver logs all keystrokes on certain HP machines and
publishes them to a file in the Public folder
http://www.infoworld.com/article/3196125/data-security/on-hp-computers-check-for-the-conexant-keylogger-called-mictray.html
selected text:
Swiss security firm modzero AG released a white paper (PDF) that contains
details about a keylogger in certain HP audio drivers. The keylogger stores
records of all of your keystrokes in a file located in the public folder
C:\Users\Public\MicTray.log.
The Security Advisory goes on to list almost 30 HP machines known to use the
bad drivers, ... including many current models.
Modzero says it found evidence of the problematic behavior going all the way
back to December 2015. It's still there today with driver Version 1.0.0.46.
If the logfile does not exist or the setting is not yet available in Windows
registry, all keystrokes are passed to the OutputDebugString API, which
enables any process in the current user-context to capture keystrokes
without exposing malicious behavior.
I have no idea how the driver passed Microsoft certification, but apparently
it has.
Modzero isn't happy with the runaround it's getting from HP. The group says
it discovered the keylogger in MicTray 1.0.0.31 back on April 28. Modzero
contacted Conexant the same day, and when the keylogger was found in the
latest audio drivers, it contacted HP Enterprise on May 1. Then on May 5,
modzero got a response from HP Enterprise, which ``tried to reach for
security folks at HP Inc. to gain attention.'' Looks like HP Enterprise and
HP Inc. aren't talking to each other -- I bet they start talking now.
[Also noted by Al Mac;
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://consumerist.com/2017/05/12/keylogging-spyware-found-on-dozens-of-hp-laptop-models/
https://thenextweb.com/insider/2017/05/11/hp-is-shipping-audio-drivers-with-a-built-in-keylogger/#.tnw_OV69vf8G
HP list of their models affected:
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
... and Bob Gezelter:
https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/
PGN]
------------------------------
Date: Tue, 9 May 2017 10:40:40 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: MUST READ "Open MIC" report: Corporate responsibility in an age of
alternative facts -- with emphasis on Facebook and Google
NNSquad
http://fakenews.openmic.org/
Among the recommendations discussed in this report:
To avoid government regulation and/or corporate censorship of information,
tech companies should carry out impact assessments on their information
policies that are transparent, accountable, and provide an avenue for
remedy for those affected by corporate actions.
Tech companies should appoint ombudspersons to assess the impact of their
content algorithms on the public interest.
Tech companies should report at least annually on the impact their
policies and practices are having on fake news, disinformation campaigns
and hate speech. Reports should include definitions of these terms;
metrics; the role of algorithms; the extent to which staff or
third-parties evaluate fabricated content claims; and strategies and
policies to appropriately manage the issues without negative impact on
free speech.
------------------------------
Date: Fri, 12 May 2017 21:06:29 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: China Is on Track to Fully Phase Out Cash (Motherboard)
via NNSquad
https://motherboard.vice.com/en_us/article/china-cashless
Experts believe it won't be long before China, the first country to
introduce paper money, becomes the first to go totally cashless.
The better to track you by, my dear.
------------------------------
Date: Tue, 9 May 2017 12:19:48 +0300
From: Diomidis Spinellis <d...@aueb.gr>
Subject: Sony PlayStation leads to the arrest of 15 member gang
A Sony PlayStation helped the police arrest 15 members of a gang that
specialized in stealing company safes in Greece last week. According to the
police's press release [1], the gang members were involved in 145 cases,
including 58 armed robberies, 52 burglaries, and 24 car thefts. In order to
evade detectives, the gang used hundreds of cellphones, stolen cars, fake
license plates, and diverse hideouts. The "Kathimerini" daily newspaper
reports [2] that one of the leads that helped the police to narrow down on
the gang's members was a Sony PlayStation. In December 2016 the gang stole
from a company 700 euros and a truck with 2179 PlayStation consoles. The
police, in cooperation with Sony and the local ISPs, found that one of the
stolen consoles was used the next day at the house of one of the gang
members.
[1]
http://www.astynomia.gr/index.php?option=ozo_content&lang=%27..%27&perform=view&id=71085&Itemid=1883&lang
[2]
http://www.kathimerini.gr/908617/article/epikairothta/ellada/lhstes-twn-xrhmatokivwtiwn-to-krhsfygeto-sto-menidi-o-arravwnas-kai-to-klemmeno-playstation
Diomidis Spinellis - https://www.spinellis.gr/
------------------------------
Date: Thu, 11 May 2017 21:26:23 +0100
From: Chris Drewe <e76...@yahoo.co.uk>
Subject: UK Telecomms Service Stopped by Bureaucracy
RISKS has featured telecomms services stopped by hack attacks, software
faults, infrastructure failures, and so forth, but one UK network has been
disabled by officialdom, according to reports in a couple of newspapers.
Years ago, pagers were widely used to keep in contact with people on the
move, but their use has greatly declined with the popularity of cellphones,
and the UK currently only has two service providers, PageOne, owned by
Capita, and Vodafone. Vodafone wanted to transfer its 1,000 users to
PageOne, but the UK Competition and Markets Authority objected and wanted a
full investigation, which Vodafone didn't want to get involved with for such
a tiny market, so announced that it will simply close its service...
------------------------------
Date: Sat, 13 May 2017 12:36:24 -0700
From: Bob Gonsalves <pink...@me.com>
Subject: Crash with Impact
https://www.nytimes.com/2017/04/22/us/politics/james-comey-election.html
FBI agents in New York seized Mr. Weiner's laptop in early October. The
investigation was just one of many in the New York office and was not
treated with great urgency, officials said. Further slowing the
investigation, the F.B.I. software used to catalog the computer files kept
crashing.
------------------------------
Date: Thu, 11 May 2017 11:22:31 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: NYU Accidentally Exposed Military Code-Breaking Computer Project to
Entire Internet (Sam Biddle)
Sam Biddle, The Intercept, 11 May 2017
https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/
In early December 2016, Adam was doing what he's always doing, somewhere
between hobby and profession: looking for things that are on the Internet
that shouldn't be. That week, he came across a server inside New York
University's famed Institute for Mathematics and Advanced Supercomputing,
headed by the brilliant Chudnovsky brothers, David and Gregory. The server
appeared to be an Internet-connected backup drive. But instead of being
filled with family photos and spreadsheets, this drive held confidential
information on an advanced code-breaking machine that had never before been
described in public. Dozens of documents spanning hundreds of pages detailed
the project, a joint supercomputing initiative administered by NYU, the
Department of Defense, and IBM. And they were available for the entire world
to download. [...]
------------------------------
Date: Wed, 10 May 2017 21:36:36 -0400 (EDT)
From: danny burstein <dan...@panix.com>
Subject: Confidential patient data breach at NYC's Bronx Leb Hospital
Third party vendor, rsync backups...
https://www.databreaches.net/confidential-medical-records-from-bronx-lebanon-hospital-exposed-online-by-vendors-error/
------------------------------
Date: Mon, 08 May 2017 09:30:25 -0700
From: "Bob Gezelter" <geze...@rlgsc.com>
Subject: Security Alert from Intel concerning Business-grade Processors with
detection tool -- followup (downloadcenter)
The security vulnerability involving Intel involves more than servers,
business laptops are also vulnerable. Advice is to run the Intel tool to
determine vulnerability, then get the update from the manufacturer. The
Intel article also includes interim mitigation information.
Intel has released detailed notes on checking for the vulnerability. See
https://downloadcenter.intel.com/download/26755
An extensive article also appeared in The Register at:
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/
------------------------------
Date: Mon, 08 May 2017 11:41:55 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Supply chain attack on HandBrake video converter app hits Mac
users" (Lucian Constantin)
Lucian Constantin, ComputerWorld, 8 May 2017
Mac users who downloaded the app earlier this month may have their
computers infected with the Proton Trojan program
http://www.computerworld.com/article/3194935/security/supply-chain-attack-on-handbrake-video-converter-app-hits-mac-users.html
selected text:
Hackers compromised a download server for HandBrake, a popular open-source
program for converting video files, and used it to distribute a macOS
version of the application that contained malware.
The HandBrake development team posted a security warning on the project's
website and support forum on Saturday, alerting Mac users who downloaded and
installed the program from May 2 to May 6 to check their computers for
malware.
This is just the latest in a growing string of attacks over the past few
years in which attackers compromised software update or distribution
mechanisms.
Last week Microsoft warned of a software supply-chain attack in which a
group of hackers compromised the software update infrastructure of an
unnamed editing tool and used it to distribute malware to select victims:
mainly organizations from the financial and payment processing industries.
This is not the first time Mac users have been targeted through such attacks
either. The macOS version of the popular Transmission BitTorrent client
distributed from the project's official website was found to contain malware
on two separate occasions last year.
------------------------------
Date: Mon, 8 May 2017 22:09:58 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The FCC says an attack -- not John Oliver -- hampered its website
The FCC says an attack -- not John Oliver -- hampered its website. John
Oliver renewed a call asking his viewers to support net neutrality rules.
https://www.washingtonpost.com/news/the-switch/wp/2017/05/08/the-fcc-says-an-attack-not-john-oliver-hampered-its-website/
------------------------------
Date: Tue, 9 May 2017 09:40:03 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: U.S. military cyber operation to attack ISIS last year sparked
heated debate over alerting allies
The Pentagon wanted to target servers in allied countries, but CIA, State
and FBI said those nations had to be notified.
https://www.washingtonpost.com/world/national-security/us-military-cyber-operation-to-attack-isis-last-year-sparked-heated-debate-over-alerting-allies/2017/05/08/93a120a2-30d5-11e7-9dec-764dc781686f_story.html
------------------------------
Date: Wed, 10 May 2017 11:24:41 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Re: Someone hacked every tornado siren in Dallas. It was loud.
Denver, CO has upgraded their tornado warning system:
http://www.thedenverchannel.com/news/local-news/tornado-warning-system-in-denver-upgraded-after-dallas-hacking-incident
I love this paragraph:
"The sirens in Denver can be activated from the OEM, Denver 911, or at
DIA. The city holds 86 sirens. Each of them received new hardware, making
it impossible for anyone to take over the system."
I wonder who will consider this a challenge?
------------------------------
Date: Mon, 8 May 2017 14:36:50 -0600
From: Earl Boebert <bitsmas...@gmail.com>
Subject: Re: Progress To Date
[This is a follow-up to earlier items on the book by Earl Boebert and
James Blossom (RISKS-29.80), at my request. PGN]
It's always a tense situation when you release a complex technical analysis
like our Deepwater Horizon book, one that I am familiar with from the many
National Academies studies I've been on: Is somebody going to appear from
nowhere and invalidate one of your main conclusions? The book came out in
October and so far the answer is, "not yet, anyway." Reviews have been
sparse but good, and our informal working group has been joined by readers,
including the person who ran the simulations for the Chemical Safety Board
report. As a result of his work, the group thinks we have a plausible theory
for what failed down in the well. We'll be writing this up and adding it to
the website soon. It suggests an answer to the last outstanding question,
but doesn't invalidate any of the conclusions in the book.
------------------------------
Date: Tue, 9 May 2017 14:05:50 -0500
From: Dimitri Maziuk <dma...@bmrb.wisc.edu>
Subject: Re: The Lost Picture Show (DeMattia, RISKS-30.28)
We have a couple of obsolete drives sitting on the shelf in a server
room. At this point
a) I don't know what interface they have (some flavour of scsi I expect) but
I'm certain we don't have a computer with that kind of interface card and
b) I am fairly certain the lubricants have solidified and rubber belts, if
any, will either crack and turn into black dust, or ooze into a sticky
black goo, the moment one tries to use them.
In theory you could retain the hardware indefinitely, but you have to choose
that hardware very carefully first.
------------------------------
Date: Sat, 13 May 2017 11:29:23 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (IEEE Spectrum)
Hardware deteriorates (bearings, lubrication, plastics, connections, etc.).
I wouldn't trust a ten-year old drive to reliably spin up, let alone one
reaching back far further to read irreplaceable/historical archive
tapes. Since it'll be hard to acquire spare parts, how many copies of each
data generation's hardware would be needed? Then there's needing people
experienced in servicing them, plus manuals and schematics. And needing
computers capable of connecting to and driving them. And, of course, tapes
themselves deteriorate too.
------------------------------
Date: Wed, 10 May 2017 21:31:38 -0600
From: Brian Inglis <Brian....@systematicsw.ab.ca>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (DeMattia, RISKS-30.28)
> It most certainly does *not* mean that. It might mean that film
> archivists must retain hardware capable of reading the obsolescent
> tapes.
In order to do that, film archivists must have the capability to: archive
the tapes in readable condition; maintain hardware and their interfaces, and
spares for those; software to use those interfaces; documentation and media
for the hardware, software, operation, and maintenance; and retain staff
able to use and maintain those; to read the tapes, recover data going bad,
and write the contents to new media.
A rather larger set of requirements and risks to manage. The biggest risk
is probably retention of tech staff interested in and capable of maintaining
obsolescent hardware and software for years.
Organizations may weight the risks and costs differently to choose their
most effective approach.
------------------------------
Date: Wed, 10 May 2017 02:31:31 -0400 (EDT)
From: Jeff Jonas <je...@panix.com>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (IEEE Spectrum)
I'd say it goes both ways.
Libraries are digitizing cylinder recordings to make them available, but
they keep the original recordings, particularly as new developments allow
for more faithful recreation of the sound. But there's a video of a fellow
holding a priceless cylinder recording that shatters. Multiple copies on
various media guard against that, particularly if at various locations.
I'm keeping my LPs because I have turntables, but they're useful only to
folks with turntables.
But magtape, 8" floppy disks, QIC tapes and other computer media are
problematic because few drives are available to read them. Even drives in
storage self-destruct as rubber parts either dry up and crack, or turn to
chewing-gum. So then the problem becomes preserving the drives to preserve
the ability to read archives, vs. copying up to current media readable by
just about anyone.
[Overlapping comments from Erling Kristiansen. PGN]
------------------------------
Date: 9 May 2017 19:38:42 -0000
From: "John Levine" <jo...@iecc.com>
Subject: Re: Man gets fined for discovering an engineering flaw (RISKS-30.26)
It's true that they fined him for calling himself an Engineer, and
these days, that is ridiculous. It is also clear from the context
that they did so out of malice, because they didn't like what he said
about red light cameras that generate ticket revenue.
In Oregon, the semi-independent Board of Examiners for Engineering and
Land Surveying licenses professional engineers and has for a long
time. PEs sign blueprints and similar safety critical documents.
Every state has a similar PE licensing system, and it's an important
part of what keeps our roads and bridges and oil refineries and other
construction projects safe. Some engineering grads do the extra work
to get a PE license, some don't, depending on whether they plan a
career that involves stuff that PEs have to sign.
For example, my father has two engineering degrees but never got a PE
license because he designed and built airplane fuel gauges and other
electronic instruments for which the license isn't relevant. He has
never called himself a PE because he isn't one. Nonetheless he is a
life member of the IEEE (and before that a member of the ISA and IRE.)
In sensible places, which I think includes the other 49 states, they
regulate the term Professional Engineer. When I look at the Oregon
law, it is ambiguously written, about whether the regulated term is
professional engineer or plain engineer, and it was a mistake not to
challenge the $500 ticket in the first place. Given the wide usage of
the term engineer to refer to people who don't have a license, I
expect courts would throw it out on first amendment grounds. Perhaps
the IEEE, which welcomes both licensed and unlicensed engineers, would
offer an amicus brief.
PS: I agree that calling people "Software Engineers" is an egregious
misuse of language. So-called software engineers don't have any of
the training that actual engineers do, other than perhaps taking a few
of the same courses in school.
I realize the software engineer horse has long left the barn, there
is a fairly well agreed definition of what such a person does, and
no sensible person confuses us with a licensed PE.
------------------------------
Date: Tue, 9 May 2017 17:51:39 -0300
From: mspe...@tallships.ca (Mike Spencer)
Subject: Re: Senseless Government Rules Could Cripple the Robo-Car
Revolution (Youngman, RISKS-30.28)
If vehicles are to have minds of their own, maybe it's time for everyone to
re-read Valentino Braitenberg's Vehicles -- Experiments in Synthetic
Psychology. (MIT Press, 1984).
------------------------------
Date: Wed, 10 May 2017 07:14:36 +1000 (EST)
From: Dave Horsfall <da...@horsfall.org>
Subject: Re: Bobby Tables and electoral fraud
Jeremy Epstein wrote:
> Not disputing that it's a potential threat; just for the record it
> appears to have been unsuccessful.
No claim was made that it was successful; in fact, upon studying the item
again it was clearly intended as a joke (the SQL appears to be preceded by
"pwn", which is of course cracker slang for "broke into".
But yes, that was seven years ago, and as Bruce Schneier is always saying,
attacks only get better over time...
------------------------------
Date: Tue, 9 May 2017 18:17:42 -0400 (EDT)
From: Kelly Bert Manning <Kelly....@ncf.ca>
Subject: Re: Bobby Tables ... SQL injection
"(Basically it injects a "DROP TABLE" command.)"
And?
In DB2 the running process would have to be authorised for the DROP Table
action in that particular named Tablespace.
How common is that? Is Drop Table less Restricted in other Relation DB
Management Systems?
I will concede that my experience has been that a number of IMS and CICS
developers GRANT EXECUTE on DB2 Plans to PUBLIC, even though they have the
option to restrict that GRANT to a particular named CICS or IMS
subsystem. Even then, CREATE and DROP tablespace should involve scratch pad
or work tablespaces which are intended to be used for transient data, not
the same tablespaces used for long term data. The running process should not
be using a DB Admin or Developer ID.
I pointed out to Security Admins and Sys Admins that a GRANT to PUBLIC
without limiting the scope to a named subsystem meant that programmers with
a screw loose or axe to grind could invoke the program from batch,
TSO... They told me that I was being too paranoid, so I applied that
restriction to my own work and didn't pursue it for the entire server.
My 1st 1979 IMS project involved a contractor who inspired a policy that a
tape should never be sent offsite without a Group Data Security Admin
signature. Years later I saw him in the middle of a Group Photo when I
started a new job and asked "Oh, Does first name last name work here?".
That was met with a sudden silence. I told the story of my interaction with
him and was told that the 1st time he had been on the overnight on call
support rotation the phone number he had given turned out to be for "Dial a
Prayer".
My new manager took to having me vet the names of potential hires. If I
didn't recognise the name I could often dig up work related comments such as
showing up after office hours when a manager was working alone, with a
shotgun, to dispute work assignments.
As I wrote, some folks just have a screw loose, no matter how technically
brilliant they may be.
------------------------------
Date: Tue, 10 Jan 2017 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 30.29
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.29>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Fiat Chrysler Recalls 1.2 Million Ram Pickups Over Faulty Software
(Bill Vlasic and Neal E. Boudette)
Today's Massive Ransomware Attack Was Mostly Preventable -- Here's How To
Avoid It (Gizmodo)
Dozens of countries hit by huge cyberextortion attack (McClatchy)
A British researcher says he found a kill switch for the malware
crippling computers worldwide (The Washington Post)
Hackers Use Tool Taken from NSA in Global Attack
(Nicole Perlroth and Davide E. Sanger)
Indicators Associated With WannaCry Ransomware (US-CERT)
WARNING: Antivirus sites may be helping to SPREAD the current global
malware ransomware WannaCry attack! (Lauren Weinstein)
Global 'Wana' Ransomware Outbreak Earned Perpetrators $26,000 So Far
(Krebs)
The Joy of Tech comic: The Internet of ransomware things! (GeekCulture)
Vehicle lien recorded in name of cartoon characters (Mark Brader)
Cochrane Report on IHealth EHR: Lessons for engaging users to provide QA
feedback (Island Health via Kelly Bert Manning)
Microsoft patches Windows XP to fight 'WannaCrypt' attacks (Engadget
via LW)
Malware and The Cloud (Lauren Weinstein)
"How the Macron campaign slowed cyberattackers" (Fahmida Y. Rashid)
Counter intelligence in the French elections - this changes cybersecurity
forever. (Gadi Evron)
Facebook takes to newspapers to teach UK users how to spot "fake news"
(Ars Technica)
"HP computer owners: Check for the MicTray Conexant keylogger"
(Woody Leonhard via Gene Wirchenko)
MUST READ "Open MIC" report: Corporate responsibility in an age of
alternative facts -- with emphasis on Facebook and Google
(Lauren Weinstein)
China Is on Track to Fully Phase Out Cash (Motherboard)
Sony PlayStation leads to the arrest of 15 member gang (Diomidis Spinellis)
UK Telecomms Service Stopped by Bureaucracy (Chris Drewe)
Crash with Impact (The New York Times)
NYU Accidentally Exposed Military Code-Breaking Computer Project to
Entire Internet (Sam Biddle)
Confidential patient data breach at NYC's Bronx Leb Hospital (Data Breaches
via danny burstein)
Security Alert from Intel concerning Business-grade Processors with
detection tool -- followup (Bob Gezelter)
"Supply chain attack on HandBrake video converter app hits Mac users"
(Lucian Constantin)
The FCC says an attack -- not John Oliver -- hampered its website
(The Washington Post)
U.S. military cyber operation to attack ISIS last year sparked heated
debate over alerting allies (The Washington Post)
Re: Someone hacked every tornado siren in Dallas. It was loud.
(Jim Reisert)
Progress To Date on Deepwater Horizon (Earl Boebert)
Re: The Lost Picture Show (Dimitri Maziuk, Gabe Goldberg, Brian Inglis,
Jeff Jonas)
Re: Man gets fined for discovering an engineering flaw (John Levine)
Re: Senseless Government Rules Could Cripple the Robo-Car Revolution
(Mike Spencer)
Re: Bobby Tables and electoral fraud (Dave Horsfall, Kelly Bert Manning)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 13 May 2017 08:13:18 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Fiat Chrysler Recalls 1.2 Million Ram Pickups Over Faulty Software
(Bill Vlasic and Neal E. Boudette)
*The New York Times*, 13 May 2017
After one death and two injuries, the recall is intended to fix faulty
software that can disable airbags and seatbelt tension devices.
Reportedly, "normal restraint-system function may be restored" by
turning the ignition off and on again.
------------------------------
Date: Fri, 12 May 2017 16:27:31 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Today's Massive Ransomware Attack Was Mostly Preventable -- Here's
How To Avoid It (Gizmodo)
NNSquad
http://gizmodo.com/today-s-massive-ransomware-attack-was-mostly-preventabl-1795179984
Here's what happened: Unknown attackers deployed a virus targeting
Microsoft servers running the file sharing protocol Server Message Block
(SMB). Only servers that weren't updated after March 14 with the MS17-010
patch were affected; this patch resolved an exploit known as ExternalBlue,
once a closely guarded secret of the National Security Agent, which was
leaked last month by ShadowBrokers, a hacker group that first revealed
itself last summer. The ransomware, aptly named WannaCry, did not spread
because of people clicking on bad links. The only way to prevent this
attack was to have already installed the update.
------------------------------
Date: Fri, 12 May 2017 15:10:41 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Dozens of countries hit by huge cyberextortion attack (McClatchy)
via NNSquad
http://www.mcclatchydc.com/news/politics-government/national-politics/article150231887.html
Dozens of countries were hit with a huge cyberextortion attack Friday that
locked up computers and held users' files for ransom at a multitude of
hospitals, companies and government agencies. The attack appeared to
exploit a vulnerability that was purportedly identified by the U.S.
National Security Agency for its own intelligence-gathering purposes and
was later leaked to the Internet. Britain's national health service was
hit hard, its hospitals forced to close wards and emergency rooms. Spain,
Portugal and Russia were also struck. Several cybersecurity firms said
they had identified the malicious software behind the attack in upward of
60 countries, with Russia apparently the hardest hit.
[On the UK NHS danny burstein burstein noted
UK hospital system suffering nationwide computer issues
(The Guardian):
NHS hospitals across England hit by large-scale cyber-attack
Immediately on discovery of the problem, the trust acted to protect
its IT systems by shutting them down; it also meant that the trust's
telephone system is not able to accept incoming calls.
https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack
See Also
http://www.bbc.co.uk/news/health-39899646
PGN]
------------------------------
Date: Sat, 13 May 2017 07:50:05 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: A British researcher says he found a kill switch for the malware
crippling computers worldwide (The Washington Post)
via NNSquad
https://www.washingtonpost.com/news/worldviews/wp/2017/05/13/a-british-researcher-says-he-found-a-kill-switch-for-the-malware-crippling-computers-worldwide/
By purchasing the domain name and registering a website, the cybersecurity
researcher claims that he activated a kill switch. It immediately slowed
the spread of the malware and could ultimately stop its current version,
cybersecurity experts said Saturday ... About 3 p.m. Eastern time, the
specialist with U.S. cybersecurity enterprise Kryptos Logic bought an
unusually long and nonsensical domain name ending with "gwea.com." The
22-year-old says he paid $10.69, but his purchase might have saved
companies and governmental institutions around the world billions of
dollars.
------------------------------
Date: Sat, 13 May 2017 08:20:04 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Hackers Use Tool Taken from NSA in Global Attack
(Nicole Perlroth and Davide E. Sanger)
*The New York Times*, 13 May 2017 (front page)
A digital `perfect storm' hits hospitals, businesses, and a Russian ministry
on 12 May 2017. By the end of the day, the attack had spread to more than
74 countries. According to Kaspersky Lab (a Russian cybersecurity company),
Russia was the worst-hit, then Ukraine, India, and Taiwan. This seems to
have been the largest ransomware attack to date. It was triggered by a
simple phishing attack, and is believed to have exploited a vulnerability
with a method developed -- and leaked from or stolen from -- NSA. [PGN-ed]
------------------------------
Date: Sat, 13 May 2017 08:39:09 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Indicators Associated With WannaCry Ransomware (US-CERT)
via NNSquad
https://www.us-cert.gov/ncas/alerts/TA17-132A
According to numerous open-source reports, a widespread ransomware
campaign is affecting various organizations with reports of tens of
thousands of infections in as many as 74 countries, including the United
States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The
software can run in as many as 27 different languages. The latest version
of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor,
was discovered the morning of May 12, 2017, by an independent security
researcher and has spread rapidly over several hours, with initial reports
beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting
indicates a requested ransom of .1781 bitcoins, roughly $300 U.S. This
Alert is the result of efforts between the Department of Homeland Security
(DHS) National Cybersecurity and Communications Integration Center (NCCIC)
and the Federal Bureau of Investigation (FBI) to highlight known cyber
threats. DHS and the FBI continue to pursue related information of threats
to federal, state, and local government systems and as such, further
releases of technical information may be forthcoming.
------------------------------
Date: Sat, 13 May 2017 09:08:37 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: WARNING: Antivirus sites may be helping to SPREAD the current
global malware ransomware WannaCry attack!
Lauren's Blog
https://lauren.vortex.com/2017/05/13/warning-antivirus-sites-may-be-helping-to-spread-the-current-global-malware-ransomware-wannacry-attack
It has been reported that a researcher discovered that spread of the current
worldwide ransomware attack can be halted after he registered the domain:
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
and built a sinkhole website that the malware could check. Reportedly
the malware does not continue spreading if it can reach this site.
HOWEVER, various antivirus websites/services are now reportedly adding
that domain to their "bad domain" lists! If sites infected with this
malware are unable to reach that domain due to their firewalls
incorporating rules from antivirus sites that include a block for that
domain, the malware will likely continue spreading across their
machines. Your systems MUST be able to access the domain above if this
malware blocking trigger is to be effective, according to the current
reports that I'm receiving!
------------------------------
Date: Sat, 13 May 2017 16:11:39 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Global 'Wana' Ransomware Outbreak Earned Perpetrators $26,000 So
Far
NNSquad
https://krebsonsecurity.com/2017/05/global-wana-ransomware-outbreak-earned-perpetrators-26000-so-far/
As thousands of organizations work to contain and clean up the mess from
this week's devastating Wana ransomware attack, the fraudsters responsible
for releasing the digital contagion are no doubt counting their earnings
and congratulating themselves on a job well done. But according to a
review of the Bitcoin addresses hard-coded into Wana, it appears the
perpetrators of what's being called the worst ransomware outbreak ever
have made little more than USD $26,000 so far from the scam.
------------------------------
Date: Sat, 13 May 2017 11:32:42 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: The Joy of Tech comic: The Internet of ransomware things!
via NNSquad
http://www.geekculture.com/joyoftech/joyarchives/2340.html
------------------------------
Date: Thu, 11 May 2017 15:13:01 -0400 (EDT)
From: m...@vex.net (Mark Brader)
Subject: Vehicle lien recorded in name of cartoon characters
Apparently, some time ago someone in the Ontario provincial government's
computer systems was running a test simulating the addition of a lien to the
information record about someone's vehicle. For the lienholder's name they
used fictional characters from the old animated TV show "The Flintstones" --
but for the vehicle they used a real VIN.
Result: the 75-year-old woman who owned the vehicle found herself
blocked from selling it until the bogus lien was cleared. Apparently
this took 9 months, but the matter only became public this week.
Naturally, the government is saying this was the only such case and
it won't happen again, while the opposition takes a different view...
http://www.cbc.ca/news/anykey-1.4109296
------------------------------
Date: Mon, 8 May 2017 12:02:38 -0400 (EDT)
From: Kelly Bert Manning <Kelly....@ncf.ca>
Subject: Cochrane Report on IHealth EHR: Lessons for engaging users to
provide QA feedback (Island Health)
http://ihealth.islandhealth.ca/2016/11/the-cochrane-report/
http://ihealth.islandhealth.ca/wp-content/uploads/2016/11/Summary-of-Recommendations.pdf
http://ihealth.islandhealth.ca/wp-content/uploads/2016/11/ihealth-review-2017.pdf
http://vancouverisland.ctvnews.ca/video?clipId=1115112
"Issue reporting and resolution
At roll out, when users were highly supportive and enthusiastic, they
actively engaged in reporting issues of performance, usability and
safety. At the time, reporting was accepted through multiple sources
including the Patient Safety Learning System (PSLS), health
informaticists, the Help Desk, emails, red dot reports and meetings. Peer
mentors and informaticists were actively engaged in addressing issues as
they arose.
Unfortunately, follow up with users that had reported a concern was
inconsistent. Many users reported an absence of feedback. The reasons for
the lack of feedback are not clear but may relate to the volume of issues
being reported and Island Health's capacity to address them. As a result,
from the users' perspective, many issues remained unexplained and
unresolved, undermining confidence in the safety of the system and the
effectiveness of the reporting systems. Users stopped reporting because of
fatigue and the lack of feedback.
Some individuals who provided reports perceived that those responding to
issues were transferring responsibility to the users. Explanations for
issues included user error, bad habits, and users failing to remember.
Island Health's reactions were described by interviewees as punitive and
involved public shaming and bullying (see emotional responses below). It
was claimed that there were no gaps in education or training, but rather
gaps in remembering and a lack of engagement of staff for voluntary
learning.
In a previous job a "Creating Satisfied Customers" course taught that a lack
of problem reports indicates a failed system for users to report concerns,
get status updates and see that concerns are addressed and resolved in a
timely fashion.
Many customers will choose another service provider or product if one is
available, and they keep encountering issues.
A minority of users will try to follow the problem reporting process. Most
will give up if they find it too much bother to complete and they keep
encountering issues.
Most will not bother to continue to report issues if they get no resolution
to the initial issue reports.
Very few will persist in requesting follow up status reports, particularly
if there is no regular feed back or perceived resolution. They just give up.
------------------------------
Date: Sat, 13 May 2017 08:22:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Microsoft patches Windows XP to fight 'WannaCrypt' attacks
(Engadget)
via NNSquad
https://www.engadget.com/2017/05/13/Microsoft-WindowsXP-WannaCrypt-NHS-patch/
Microsoft officially ended its support for most Windows XP computers back
in 2014, but today it's delivering one more public patch for the
16-year-old OS. As described in a post on its Windows Security blog, it's
taking this "highly unusual" step after customers worldwide including
England's National Health Service suffered a hit from "WannaCrypt"
ransomware. Microsoft patched all of its currently supported systems to
fix the flaw back in March, but now there's an update available for
unsupported systems too, including Windows XP, Windows 8 and Windows
Server 2003, which you can grab here (note: if that link isn't working
then there are direct download links available in the Security blog post).
Sure, now that the spread has apparently been largely contained through
other means, Microsoft shows up, a day late and a dollar short, as usual.
------------------------------
Date: Sat, 13 May 2017 13:31:04 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Malware and The Cloud
via NNSquad
https://plus.google.com/+LaurenWeinstein/posts/cMA7HsuR7UC
I might note that there's a strong argument to be made that many of these
systems crippled by the current malware epidemic by all rights should have
instead had their data in the cloud, where professionals are able to keep
security and privacy parameters up to date. Successful attacks are becoming
more common with virtually every OS. And most systems in homes and offices
are not adequately backed up -- if they're backed up at all. Fundamentally,
this tech has become too integral to society and too complex for amateurs to
maintain by themselves in the long run.
[On the other hand, RISKS readers understand the the "cloud" is not all
that secure, and still entails [I originally wrote entrails] many risks,
even though many cloud providers might have better security than small
institutions, and a very large one -- evidently, most of the
U.S. Government! PGN]
------------------------------
Date: Tue, 09 May 2017 10:12:57 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "How the Macron campaign slowed cyberattackers" (Fahmida Y. Rashid)
Fahmida Y. Rashid, InfoWorld, 9 May 2017
Did the French president-elect's security team use cyberdeception techniques
to fight off phishing attacks? Submitting fake credentials definitely
qualifies
http://www.infoworld.com/article/3195018/security/how-the-macron-campaign-slowed-cyber-attackers.html
opening text:
In the wake of French president-elect Emmanuel Macron's victory over Marine
Le Pen, IT armchair quarterbacks should look at the Macron campaign's
security playbook for ideas on how to fight off targeted phishing and other
attacks.
------------------------------
Date: Tue, 9 May 2017 21:33:09 +0300
From: Gadi Evron <gev...@gmail.com>
Subject: Counter intelligence in the French elections - this changes
cybersecurity forever.
I'm extremely excited about what happened at the French elections. Up until
today, when it comes to information operations, I could only look up to
Russia. What (supposedly, we don't really know too much yet) in France
changes all that.
Add supposedly and likely to every sentence:
1. They seeded attack attempts with data that will slow them down.
Sending credentials to phishing attempts.
2. They created a few fake documents, which allowed them when the time
came to cast doubt on the entire data dump.
I wrote a full analysis based on what is currently known here, I hope you
enjoy it:
https://hackernoon.com/analyzing-a-counter-intelligence-cyber-operation-how-macron-just-changed-cyber-security-forever-22553abb038b
I am so excited a public case exists that shows thinking of the type I love
and live. With cyberdeception they have essentially shown they can increase
the economic costs of the attackers to shift the burden of anomaly detection
to them. I've bet my career and life on starting Cymmetria to do this, and
now -- finally, someone else is thinking the same way I do, and more than
that, actively working on cyberdeception to control the battle ground and
act dynamically.
Interesting side-note:
Late last year the various French political parties were summoned to a
government brief on phishing attacks. All but one came to the meeting.
------------------------------
Date: Mon, 8 May 2017 08:07:02 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Facebook takes to newspapers to teach UK users how to spot
"fake news" (Ars Technica)
via NNSquad
https://arstechnica.com/business/2017/05/facebook-fake-news-newspaper-ad/
Facebook has attempted to lightly rein in the spread of misinformation on
the free content ad network by taking out full-page adverts in UK
newspapers with "tips for spotting false news" ahead of next month's
General Election. The Mark Zuckerberg-run company, which has long-swerved
any suggestion that it is the publisher of content that is shared on its
site by nearly two billion people worldwide, makes it clear in its press
ad that the onus is on its users to police dodgy-looking posts. "Be
skeptical of headlines," it warned. Apparently, "catchy headlines in all
caps with exclamation marks" could contain false news and users should be
wary of clicking on clickbaity, screeching claims.
------------------------------
Date: Thu, 11 May 2017 15:27:19 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "HP computer owners: Check for the MicTray Conexant keylogger"
Woody Leonhard, InfoWorld, 11 May 2017
The Conexant audio driver logs all keystrokes on certain HP machines and
publishes them to a file in the Public folder
http://www.infoworld.com/article/3196125/data-security/on-hp-computers-check-for-the-conexant-keylogger-called-mictray.html
selected text:
Swiss security firm modzero AG released a white paper (PDF) that contains
details about a keylogger in certain HP audio drivers. The keylogger stores
records of all of your keystrokes in a file located in the public folder
C:\Users\Public\MicTray.log.
The Security Advisory goes on to list almost 30 HP machines known to use the
bad drivers, ... including many current models.
Modzero says it found evidence of the problematic behavior going all the way
back to December 2015. It's still there today with driver Version 1.0.0.46.
If the logfile does not exist or the setting is not yet available in Windows
registry, all keystrokes are passed to the OutputDebugString API, which
enables any process in the current user-context to capture keystrokes
without exposing malicious behavior.
I have no idea how the driver passed Microsoft certification, but apparently
it has.
Modzero isn't happy with the runaround it's getting from HP. The group says
it discovered the keylogger in MicTray 1.0.0.31 back on April 28. Modzero
contacted Conexant the same day, and when the keylogger was found in the
latest audio drivers, it contacted HP Enterprise on May 1. Then on May 5,
modzero got a response from HP Enterprise, which ``tried to reach for
security folks at HP Inc. to gain attention.'' Looks like HP Enterprise and
HP Inc. aren't talking to each other -- I bet they start talking now.
[Also noted by Al Mac;
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://consumerist.com/2017/05/12/keylogging-spyware-found-on-dozens-of-hp-laptop-models/
https://thenextweb.com/insider/2017/05/11/hp-is-shipping-audio-drivers-with-a-built-in-keylogger/#.tnw_OV69vf8G
HP list of their models affected:
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
... and Bob Gezelter:
https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/
PGN]
------------------------------
Date: Tue, 9 May 2017 10:40:40 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: MUST READ "Open MIC" report: Corporate responsibility in an age of
alternative facts -- with emphasis on Facebook and Google
NNSquad
http://fakenews.openmic.org/
Among the recommendations discussed in this report:
To avoid government regulation and/or corporate censorship of information,
tech companies should carry out impact assessments on their information
policies that are transparent, accountable, and provide an avenue for
remedy for those affected by corporate actions.
Tech companies should appoint ombudspersons to assess the impact of their
content algorithms on the public interest.
Tech companies should report at least annually on the impact their
policies and practices are having on fake news, disinformation campaigns
and hate speech. Reports should include definitions of these terms;
metrics; the role of algorithms; the extent to which staff or
third-parties evaluate fabricated content claims; and strategies and
policies to appropriately manage the issues without negative impact on
free speech.
------------------------------
Date: Fri, 12 May 2017 21:06:29 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: China Is on Track to Fully Phase Out Cash (Motherboard)
via NNSquad
https://motherboard.vice.com/en_us/article/china-cashless
Experts believe it won't be long before China, the first country to
introduce paper money, becomes the first to go totally cashless.
The better to track you by, my dear.
------------------------------
Date: Tue, 9 May 2017 12:19:48 +0300
From: Diomidis Spinellis <d...@aueb.gr>
Subject: Sony PlayStation leads to the arrest of 15 member gang
A Sony PlayStation helped the police arrest 15 members of a gang that
specialized in stealing company safes in Greece last week. According to the
police's press release [1], the gang members were involved in 145 cases,
including 58 armed robberies, 52 burglaries, and 24 car thefts. In order to
evade detectives, the gang used hundreds of cellphones, stolen cars, fake
license plates, and diverse hideouts. The "Kathimerini" daily newspaper
reports [2] that one of the leads that helped the police to narrow down on
the gang's members was a Sony PlayStation. In December 2016 the gang stole
from a company 700 euros and a truck with 2179 PlayStation consoles. The
police, in cooperation with Sony and the local ISPs, found that one of the
stolen consoles was used the next day at the house of one of the gang
members.
[1]
http://www.astynomia.gr/index.php?option=ozo_content&lang=%27..%27&perform=view&id=71085&Itemid=1883&lang
[2]
http://www.kathimerini.gr/908617/article/epikairothta/ellada/lhstes-twn-xrhmatokivwtiwn-to-krhsfygeto-sto-menidi-o-arravwnas-kai-to-klemmeno-playstation
Diomidis Spinellis - https://www.spinellis.gr/
------------------------------
Date: Thu, 11 May 2017 21:26:23 +0100
From: Chris Drewe <e76...@yahoo.co.uk>
Subject: UK Telecomms Service Stopped by Bureaucracy
RISKS has featured telecomms services stopped by hack attacks, software
faults, infrastructure failures, and so forth, but one UK network has been
disabled by officialdom, according to reports in a couple of newspapers.
Years ago, pagers were widely used to keep in contact with people on the
move, but their use has greatly declined with the popularity of cellphones,
and the UK currently only has two service providers, PageOne, owned by
Capita, and Vodafone. Vodafone wanted to transfer its 1,000 users to
PageOne, but the UK Competition and Markets Authority objected and wanted a
full investigation, which Vodafone didn't want to get involved with for such
a tiny market, so announced that it will simply close its service...
------------------------------
Date: Sat, 13 May 2017 12:36:24 -0700
From: Bob Gonsalves <pink...@me.com>
Subject: Crash with Impact
https://www.nytimes.com/2017/04/22/us/politics/james-comey-election.html
FBI agents in New York seized Mr. Weiner's laptop in early October. The
investigation was just one of many in the New York office and was not
treated with great urgency, officials said. Further slowing the
investigation, the F.B.I. software used to catalog the computer files kept
crashing.
------------------------------
Date: Thu, 11 May 2017 11:22:31 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: NYU Accidentally Exposed Military Code-Breaking Computer Project to
Entire Internet (Sam Biddle)
Sam Biddle, The Intercept, 11 May 2017
https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/
In early December 2016, Adam was doing what he's always doing, somewhere
between hobby and profession: looking for things that are on the Internet
that shouldn't be. That week, he came across a server inside New York
University's famed Institute for Mathematics and Advanced Supercomputing,
headed by the brilliant Chudnovsky brothers, David and Gregory. The server
appeared to be an Internet-connected backup drive. But instead of being
filled with family photos and spreadsheets, this drive held confidential
information on an advanced code-breaking machine that had never before been
described in public. Dozens of documents spanning hundreds of pages detailed
the project, a joint supercomputing initiative administered by NYU, the
Department of Defense, and IBM. And they were available for the entire world
to download. [...]
------------------------------
Date: Wed, 10 May 2017 21:36:36 -0400 (EDT)
From: danny burstein <dan...@panix.com>
Subject: Confidential patient data breach at NYC's Bronx Leb Hospital
Third party vendor, rsync backups...
https://www.databreaches.net/confidential-medical-records-from-bronx-lebanon-hospital-exposed-online-by-vendors-error/
------------------------------
Date: Mon, 08 May 2017 09:30:25 -0700
From: "Bob Gezelter" <geze...@rlgsc.com>
Subject: Security Alert from Intel concerning Business-grade Processors with
detection tool -- followup (downloadcenter)
The security vulnerability involving Intel involves more than servers,
business laptops are also vulnerable. Advice is to run the Intel tool to
determine vulnerability, then get the update from the manufacturer. The
Intel article also includes interim mitigation information.
Intel has released detailed notes on checking for the vulnerability. See
https://downloadcenter.intel.com/download/26755
An extensive article also appeared in The Register at:
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/
------------------------------
Date: Mon, 08 May 2017 11:41:55 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Supply chain attack on HandBrake video converter app hits Mac
users" (Lucian Constantin)
Lucian Constantin, ComputerWorld, 8 May 2017
Mac users who downloaded the app earlier this month may have their
computers infected with the Proton Trojan program
http://www.computerworld.com/article/3194935/security/supply-chain-attack-on-handbrake-video-converter-app-hits-mac-users.html
selected text:
Hackers compromised a download server for HandBrake, a popular open-source
program for converting video files, and used it to distribute a macOS
version of the application that contained malware.
The HandBrake development team posted a security warning on the project's
website and support forum on Saturday, alerting Mac users who downloaded and
installed the program from May 2 to May 6 to check their computers for
malware.
This is just the latest in a growing string of attacks over the past few
years in which attackers compromised software update or distribution
mechanisms.
Last week Microsoft warned of a software supply-chain attack in which a
group of hackers compromised the software update infrastructure of an
unnamed editing tool and used it to distribute malware to select victims:
mainly organizations from the financial and payment processing industries.
This is not the first time Mac users have been targeted through such attacks
either. The macOS version of the popular Transmission BitTorrent client
distributed from the project's official website was found to contain malware
on two separate occasions last year.
------------------------------
Date: Mon, 8 May 2017 22:09:58 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The FCC says an attack -- not John Oliver -- hampered its website
The FCC says an attack -- not John Oliver -- hampered its website. John
Oliver renewed a call asking his viewers to support net neutrality rules.
https://www.washingtonpost.com/news/the-switch/wp/2017/05/08/the-fcc-says-an-attack-not-john-oliver-hampered-its-website/
------------------------------
Date: Tue, 9 May 2017 09:40:03 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: U.S. military cyber operation to attack ISIS last year sparked
heated debate over alerting allies
The Pentagon wanted to target servers in allied countries, but CIA, State
and FBI said those nations had to be notified.
https://www.washingtonpost.com/world/national-security/us-military-cyber-operation-to-attack-isis-last-year-sparked-heated-debate-over-alerting-allies/2017/05/08/93a120a2-30d5-11e7-9dec-764dc781686f_story.html
------------------------------
Date: Wed, 10 May 2017 11:24:41 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Re: Someone hacked every tornado siren in Dallas. It was loud.
Denver, CO has upgraded their tornado warning system:
http://www.thedenverchannel.com/news/local-news/tornado-warning-system-in-denver-upgraded-after-dallas-hacking-incident
I love this paragraph:
"The sirens in Denver can be activated from the OEM, Denver 911, or at
DIA. The city holds 86 sirens. Each of them received new hardware, making
it impossible for anyone to take over the system."
I wonder who will consider this a challenge?
------------------------------
Date: Mon, 8 May 2017 14:36:50 -0600
From: Earl Boebert <bitsmas...@gmail.com>
Subject: Re: Progress To Date
[This is a follow-up to earlier items on the book by Earl Boebert and
James Blossom (RISKS-29.80), at my request. PGN]
It's always a tense situation when you release a complex technical analysis
like our Deepwater Horizon book, one that I am familiar with from the many
National Academies studies I've been on: Is somebody going to appear from
nowhere and invalidate one of your main conclusions? The book came out in
October and so far the answer is, "not yet, anyway." Reviews have been
sparse but good, and our informal working group has been joined by readers,
including the person who ran the simulations for the Chemical Safety Board
report. As a result of his work, the group thinks we have a plausible theory
for what failed down in the well. We'll be writing this up and adding it to
the website soon. It suggests an answer to the last outstanding question,
but doesn't invalidate any of the conclusions in the book.
------------------------------
Date: Tue, 9 May 2017 14:05:50 -0500
From: Dimitri Maziuk <dma...@bmrb.wisc.edu>
Subject: Re: The Lost Picture Show (DeMattia, RISKS-30.28)
We have a couple of obsolete drives sitting on the shelf in a server
room. At this point
a) I don't know what interface they have (some flavour of scsi I expect) but
I'm certain we don't have a computer with that kind of interface card and
b) I am fairly certain the lubricants have solidified and rubber belts, if
any, will either crack and turn into black dust, or ooze into a sticky
black goo, the moment one tries to use them.
In theory you could retain the hardware indefinitely, but you have to choose
that hardware very carefully first.
------------------------------
Date: Sat, 13 May 2017 11:29:23 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (IEEE Spectrum)
Hardware deteriorates (bearings, lubrication, plastics, connections, etc.).
I wouldn't trust a ten-year old drive to reliably spin up, let alone one
reaching back far further to read irreplaceable/historical archive
tapes. Since it'll be hard to acquire spare parts, how many copies of each
data generation's hardware would be needed? Then there's needing people
experienced in servicing them, plus manuals and schematics. And needing
computers capable of connecting to and driving them. And, of course, tapes
themselves deteriorate too.
------------------------------
Date: Wed, 10 May 2017 21:31:38 -0600
From: Brian Inglis <Brian....@systematicsw.ab.ca>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (DeMattia, RISKS-30.28)
> It most certainly does *not* mean that. It might mean that film
> archivists must retain hardware capable of reading the obsolescent
> tapes.
In order to do that, film archivists must have the capability to: archive
the tapes in readable condition; maintain hardware and their interfaces, and
spares for those; software to use those interfaces; documentation and media
for the hardware, software, operation, and maintenance; and retain staff
able to use and maintain those; to read the tapes, recover data going bad,
and write the contents to new media.
A rather larger set of requirements and risks to manage. The biggest risk
is probably retention of tech staff interested in and capable of maintaining
obsolescent hardware and software for years.
Organizations may weight the risks and costs differently to choose their
most effective approach.
------------------------------
Date: Wed, 10 May 2017 02:31:31 -0400 (EDT)
From: Jeff Jonas <je...@panix.com>
Subject: Re: The Lost Picture Show: Hollywood Archivists Can't Outpace
Obsolescence (IEEE Spectrum)
I'd say it goes both ways.
Libraries are digitizing cylinder recordings to make them available, but
they keep the original recordings, particularly as new developments allow
for more faithful recreation of the sound. But there's a video of a fellow
holding a priceless cylinder recording that shatters. Multiple copies on
various media guard against that, particularly if at various locations.
I'm keeping my LPs because I have turntables, but they're useful only to
folks with turntables.
But magtape, 8" floppy disks, QIC tapes and other computer media are
problematic because few drives are available to read them. Even drives in
storage self-destruct as rubber parts either dry up and crack, or turn to
chewing-gum. So then the problem becomes preserving the drives to preserve
the ability to read archives, vs. copying up to current media readable by
just about anyone.
[Overlapping comments from Erling Kristiansen. PGN]
------------------------------
Date: 9 May 2017 19:38:42 -0000
From: "John Levine" <jo...@iecc.com>
Subject: Re: Man gets fined for discovering an engineering flaw (RISKS-30.26)
It's true that they fined him for calling himself an Engineer, and
these days, that is ridiculous. It is also clear from the context
that they did so out of malice, because they didn't like what he said
about red light cameras that generate ticket revenue.
In Oregon, the semi-independent Board of Examiners for Engineering and
Land Surveying licenses professional engineers and has for a long
time. PEs sign blueprints and similar safety critical documents.
Every state has a similar PE licensing system, and it's an important
part of what keeps our roads and bridges and oil refineries and other
construction projects safe. Some engineering grads do the extra work
to get a PE license, some don't, depending on whether they plan a
career that involves stuff that PEs have to sign.
For example, my father has two engineering degrees but never got a PE
license because he designed and built airplane fuel gauges and other
electronic instruments for which the license isn't relevant. He has
never called himself a PE because he isn't one. Nonetheless he is a
life member of the IEEE (and before that a member of the ISA and IRE.)
In sensible places, which I think includes the other 49 states, they
regulate the term Professional Engineer. When I look at the Oregon
law, it is ambiguously written, about whether the regulated term is
professional engineer or plain engineer, and it was a mistake not to
challenge the $500 ticket in the first place. Given the wide usage of
the term engineer to refer to people who don't have a license, I
expect courts would throw it out on first amendment grounds. Perhaps
the IEEE, which welcomes both licensed and unlicensed engineers, would
offer an amicus brief.
PS: I agree that calling people "Software Engineers" is an egregious
misuse of language. So-called software engineers don't have any of
the training that actual engineers do, other than perhaps taking a few
of the same courses in school.
I realize the software engineer horse has long left the barn, there
is a fairly well agreed definition of what such a person does, and
no sensible person confuses us with a licensed PE.
------------------------------
Date: Tue, 9 May 2017 17:51:39 -0300
From: mspe...@tallships.ca (Mike Spencer)
Subject: Re: Senseless Government Rules Could Cripple the Robo-Car
Revolution (Youngman, RISKS-30.28)
If vehicles are to have minds of their own, maybe it's time for everyone to
re-read Valentino Braitenberg's Vehicles -- Experiments in Synthetic
Psychology. (MIT Press, 1984).
------------------------------
Date: Wed, 10 May 2017 07:14:36 +1000 (EST)
From: Dave Horsfall <da...@horsfall.org>
Subject: Re: Bobby Tables and electoral fraud
Jeremy Epstein wrote:
> Not disputing that it's a potential threat; just for the record it
> appears to have been unsuccessful.
No claim was made that it was successful; in fact, upon studying the item
again it was clearly intended as a joke (the SQL appears to be preceded by
"pwn", which is of course cracker slang for "broke into".
But yes, that was seven years ago, and as Bruce Schneier is always saying,
attacks only get better over time...
------------------------------
Date: Tue, 9 May 2017 18:17:42 -0400 (EDT)
From: Kelly Bert Manning <Kelly....@ncf.ca>
Subject: Re: Bobby Tables ... SQL injection
"(Basically it injects a "DROP TABLE" command.)"
And?
In DB2 the running process would have to be authorised for the DROP Table
action in that particular named Tablespace.
How common is that? Is Drop Table less Restricted in other Relation DB
Management Systems?
I will concede that my experience has been that a number of IMS and CICS
developers GRANT EXECUTE on DB2 Plans to PUBLIC, even though they have the
option to restrict that GRANT to a particular named CICS or IMS
subsystem. Even then, CREATE and DROP tablespace should involve scratch pad
or work tablespaces which are intended to be used for transient data, not
the same tablespaces used for long term data. The running process should not
be using a DB Admin or Developer ID.
I pointed out to Security Admins and Sys Admins that a GRANT to PUBLIC
without limiting the scope to a named subsystem meant that programmers with
a screw loose or axe to grind could invoke the program from batch,
TSO... They told me that I was being too paranoid, so I applied that
restriction to my own work and didn't pursue it for the entire server.
My 1st 1979 IMS project involved a contractor who inspired a policy that a
tape should never be sent offsite without a Group Data Security Admin
signature. Years later I saw him in the middle of a Group Photo when I
started a new job and asked "Oh, Does first name last name work here?".
That was met with a sudden silence. I told the story of my interaction with
him and was told that the 1st time he had been on the overnight on call
support rotation the phone number he had given turned out to be for "Dial a
Prayer".
My new manager took to having me vet the names of potential hires. If I
didn't recognise the name I could often dig up work related comments such as
showing up after office hours when a manager was working alone, with a
shotgun, to dispute work assignments.
As I wrote, some folks just have a screw loose, no matter how technically
brilliant they may be.
------------------------------
Date: Tue, 10 Jan 2017 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 30.29
************************
0 new messages