info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 32.01
37 views
Skip to first unread message
RISKS List Owner
Jun 16, 2020, 3:53:31 PM6/16/20
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Tuesday 16 June 2020 Volume 32 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.01>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Russia Exploits Conspiracy Mill Americans Built (Nicole Perlroth)
Fox News runs digitally altered images in coverage of Seattle's
protests in the Capitol Hill Autonomous Zone (sundry sources)
Harassment and cyberstalking (Travis Andersen)
Elite CIA unit that developed hacking tools failed to secure its own
systems, allowing massive leak, an internal report found (WashPost)
Digitality, Personal Security & Privacy Risks (Robert Mathews)
South African bank to replace 12M cards after employees stole master key
(ZDNet)
Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room
(The Hacker News)
Feds allege eBay terror campaign against Natick publishers of articles the
company didn't like (Universal Hub)
USA T-Mobile Hit by Widespread Voice and Data Outage (jonathan spira)
Google is messing with the address bar again -- new experiment hides URL
path (Ars Technica)
30,000 Unsuspecting Rose Bowl Attendees Were Scooped Up in a Facial
Recognition Test (Medium)
Joanna Hoffman: Facebook is peddling 'an addictive drug called anger' (CNBC)
Why jK8v!ge4D isn't a good password (Toward Data Science)
IoT Nutrition Labels (Keith Medcalf)
What Zebra Mussels Can Tell Us About Errors In Coronavirus Tests (npr.org)
Re: Election fiasco: Georgia on my mind (Bob Brown)
Re: Multiple US agencies have purchased this mysterious mobile
(Steve Singer)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 16 Jun 2020 11:55:14 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Russia Exploits Conspiracy Mill Americans Built (Nicole Perlroth)
*The New York Times* front page today 16 Jun 2020 [PGN-ed]
This is a remarkably comprehensive take on the saga that began in the Iowa
caucuses in February 2016, Robby Mook (who was falsely accused of developing
the app that came from Shadow Inc.), the Kremlin-backed Russian Internet
Research Agency, and more that continues today.
Clint Watts, former FBI special agent: "The Kremlin doesn't need to make
fake news any more. It's all American made."
Russians have concluded that it is easier to identify divisive content from
real Americans [rather than masquerading as real Americans] and help it
spread through low-profile networks of social media accounts.
Cindy Otis, former CIA analyst: "Russia's trolls learned it is far more
effective to find the sore spots and amplify content by native English
speakers than it is to spin out their own wackadoodle conspiracy theories."
@DanRadov [who had earlier promulgated various Russian fake news as formerly
@DanWals83975326, and who is still active]: "U.S. has long been in the
position when one spark can burn the whole country down and all of the
United West for that matter. Buckle your seatbelts people. We are up for a
rough ride."
------------------------------
Date: Mon, 15 Jun 2020 19:19:11 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Fox News runs digitally altered images in coverage of Seattle's
protests in the Capitol Hill Autonomous Zone (sundry sources)
Fox News published digitally altered and misleading photos on stories about
Seattle's Capitol Hill Autonomous Zone (CHAZ) in what photojournalism
experts called a clear violation of ethical standards for news
organizations.
As part of a package of stories Friday about the zone, where demonstrators
have taken over several city blocks on Capitol Hill after Seattle police
abandoned the East Precinct, Fox's website for much of the day featured a
photo of a man standing with a military-style rifle in front of what
appeared to be a smashed retail storefront.
The image was actually a mashup of photos from different days, taken by
different photographers — it was done by splicing a Getty Images photo of an
armed man, who had been at the protest zone June 10, with other images from
May 30 of smashed windows in downtown Seattle. Another altered image
combined the gunman photo with yet another image, making it appear as though
he was standing in front of a sign declaring “You are now entering Free Cap
Hill.”
https://www.seattletimes.com/seattle-news/politics/fox-news-runs-digitally-altered-images-in-coverage-of-seattles-protests-capitol-hill-autonomous-zone/
Fox News Removes a Digitally Altered Image of Seattle Protests Fox News
acknowledged that one photo was a combination of several images, and a
second was taken in a different city.
https://www.nytimes.com/2020/06/13/business/media/fox-news-george-floyd-protests-seattle.html
Fox News Removes Digitally Altered, Misleading Photos of Seattle 'Autonomous Zone' From Website
https://time.com/5853408/fox-news-altered-photo-seattle/
Fox News removes altered images from Seattle protest
https://www.axios.com/fox-news-removes-seattle-protest-altered-images-dfad3cf6-3784-4eaf-89e8-896705387d64.html
------------------------------
Date: Mon, 15 Jun 2020 14:30:48 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Harassment and cyberstalking (Travis Andersen)
`We are going to crush this lady': Six former eBay employees charged in
federal cyberstalking case targeting Natick couple
Travis Andersen, *The Boston Globe*, 15 Jun 2020
Six eBay employees including a former police captain in California last year
engaged in a relentless campaign of harassment and cyberstalking of a Natick
couple that published a newsletter critical of the online retailer, sending
items including fly larvae, live spiders, and a bloody pig mask to their
home and traveling to Massachusetts to conduct surveillance of the victims
in an effort to get them to stop publishing, authorities alleged Monday.
https://www.bostonglobe.com/2020/06/15/metro/six-former-ebay-employees-charged-federal-cyberstalking-case-targeting-natick-couple/
------------------------------
Date: Tue, 16 Jun 2020 10:33:59 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Elite CIA unit that developed hacking tools failed to secure its
own systems, allowing massive leak, an internal report found (WashPost)
The publication of ‘Vault 7’ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.
https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html
------------------------------
Date: Fri, 12 Jun 2020 17:20:10 -0700 (PDT)
From: "Robert Mathews (OSIA)" <mat...@hawaii.edu>
Subject: Digitality, Personal Security & Privacy Risks (sundry sources)
Who are their targets? NGOs, Journalists, Activists for now.... but,
literally, ANYONE and EVERYONE are at risk ..... Immediately following are
TWO VERY different reports that represent TWO very DIFFERENT angles and
hazards to personal safety, personal security and personal privacy in the
digital universe.
John Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena
Anstis, and Ron Deibert, *Dark Basin*, Uncovering a Massive Hack-For-Hire
Operation, *THE CITIZEN LAB*, 9 Jun 2020
https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
and... "The thrill of the hunt"..... except, in this case.... the fox
may not have a tail, be red... or even be a fox! ...
MISTAKEN IDENTITY
Olivia Nuzzi, *New York Magazine - Intelligencer*, 8 Jun 2020
*What It's Like to Get Doxed for Taking a Bike Ride*
https://nymag.com/intelligencer/2020/06/what-its-like-to-get-doxed-for-taking-a-bike-ride.html
Sasha Ingber, *Newsy, 11 Jun 2020
Former Air Force Officer Fears Intelligence Collected On Protesters
https://www.newsy.com/stories/surveillance-planes-above-floyd-protests/
[Nuzzi is Newsy!!! PGN]
------------------------------
Date: Mon, 15 Jun 2020 10:33:31 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: South African bank to replace 12M cards after employees stole
master key (ZDNet)
[Thanks to Gene Spafford]
https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/
[Risks of all the nest-eggs in one basket. PGN]
------------------------------
Date: Sun, 14 Jun 2020 11:04:02 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Spies Can Listen to Your Conversations by Watching a Light Bulb in
the Room (The Hacker News)
You might not believe it, but it's possible to spy on secret conversations
happening in a room from a nearby remote location just by observing a light
bulb hanging in there -- visible from a window -- and measuring the amount
of light it emits.
A team of cybersecurity researchers has developed and demonstrated a novel
side-channel attacking technique that can be applied by eavesdroppers to
recover full sound from a victim's room that contains an overhead hanging
bulb.
The findings were published in a new paper by a team of academics -- en
Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov -- from the
Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of
Science, which will also be presented at the Black Hat USA 2020 conference
later this August.
<https://www.blackhat.com/us-20/briefings/schedule/index.html#lamphone-real-time-passive-reconstruction-of-speech-using-light-emitted-from-lamps-20599>
The technique for long-distance eavesdropping, called "Lamphone
<https://www.nassiben.com/lamphone>," works by capturing minuscule sound
waves optically through an electro-optical sensor directed at the bulb and
using it to recover speech and recognize music.
How Does the 'Lamphone Attack' Work?. [...]
https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html
------------------------------
Date: Mon, 15 Jun 2020 21:30:29 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Feds allege eBay terror campaign against Natick publishers of
articles the company didn't like (Universal Hub)
https://www.universalhub.com/2020/feds-allege-ebay-terror-campaign-against-natick
------------------------------
Date: June 16, 2020 at 10:07:52 GMT+9
From: jonatha...@accuramediagroup.com
Subject: USA T-Mobile Hit by Widespread Voice and Data Outage
This has been driving us crazy all day...
T-Mobile Hit by Widespread Voice and Data Outage
"T-Mobile customers across the country are reporting issues placing and
receiving calls as well as when using data services. The self-proclaimed
*Uncarrier* said it began to experience an unspecific network outage that is
impacting hundreds of thousands of customers starting in the early
afternoon.
``Our engineers are working to resolve the widespread voice and text
issue,'' the company said on its website. It went on to recommend that
customers use third-party messaging.
------------------------------
Date: Mon, 15 Jun 2020 11:44:50 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google is messing with the address bar again -- new experiment
hides URL path (Ars Technica)
[BAD IDEA!]
I've noted in the past why this is a TERRIBLE idea. Yes, URLs can be long
and messy, but they frequently provide *critical* cues that you're on the
correct pages. Further tampering with them is an invitation to new kinds of
confusion and hack attacks.
Google is messing with the address bar again--new experiment hides URL path
https://arstechnica.com/gadgets/2020/06/google-is-messing-with-the-address-bar-again-new-experiment-hides-url-path/
------------------------------
Date: Fri, 12 Jun 2020 16:49:18 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: 30,000 Unsuspecting Rose Bowl Attendees Were Scooped Up in a Facial
Recognition Test (Medium)
https://onezero.medium.com/90-000-unsuspecting-rose-bowl-attendees-were-scooped-up-in-a-facial-recognition-test-18c843909858
------------------------------
Date: Sat, 13 Jun 2020 17:23:32 +0900
From: Dave Farber <far...@gmail.com>
Subject: Joanna Hoffman: Facebook is peddling 'an addictive drug called
anger' (CNBC)
https://www.cnbc.com/2020/06/12/joanna-hoffman-facebook-is-peddling-an-addictive-drug-called-anger.html
------------------------------
Date: Sat, 13 Jun 2020 11:57:13 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Why jK8v!ge4D isn't a good password (Toward Data Science)
There's a fundamental issue with password validation
https://towardsdatascience.com/why-password-validation-is-garbage-56e0d766c12e
------------------------------
Date: Sat, 13 Jun 2020 08:33:52 -0600
From: "Keith Medcalf" <kmed...@dessus.com>
Subject: IoT Nutrition Labels
The major items missing from the "Nutrition Label" is whether or not the
"Thing" will still "Thing" when the "Internet" is not and never has been
present.
Without that information it is impossible for any rational decision to be made and one must assume that the "Thing" will not "Thing" and is therefore completely unsuitable for use.
------------------------------
Date: Tue, 16 Jun 2020 09:03:14 +0800
From: Richard Stein <rms...@ieee.org>
Subject: What Zebra Mussels Can Tell Us About Errors In Coronavirus Tests
(npr.org)
https://www.npr.org/sections/health-shots/2020/06/15/871186164/what-zebra-mussels-can-tell-us-about-errors-in-coronavirus-tests
Good discussion of false negative/positive outcomes for polymerase chain
reaction (PCR) diagnostic tests.
"The PCR tests, when done perfectly, do boast a very low false-positive
rate. But they're not always done perfectly.
"Certified labs like hers use procedures to reduce the risk of false test
results, since a false-positive test can lead to a medical misdiagnosis. But
slip-ups are inevitable.
"Most errors are caused by poor sample handling or other errors even before
a sample gets to the lab, she says.
"And PCR is so incredibly sensitive, contamination is a particular concern.
Even the tiniest amount of stray material in a lab can spell trouble, Pritt
says."
------------------------------
Date: Fri, 12 Jun 2020 21:19:33 -0400
From: Bob Brown <Bob....@EmoryCottage.net>
Subject: Re: Election fiasco: Georgia on my mind (RISKS-31.99)
Every registered voter in Georgia received an absentee ballot request form.
While the voter still had to return the form to receive an absentee ballot,
every Georgia voter had an opportunity to vote using an hand-marked paper
ballot submitted by postal mail.
------------------------------
Date: Sat, 13 Jun 2020 10:09:56 -0400
From: Steve Singer <s...@dedicatedresponse.com>
Subject: Re: Multiple US agencies have purchased this mysterious mobile
eavesdropping device (RISKS-31.98)
The only way to view site content is to disable ad blocking or more
generally, script blocking -- and I find that unappealing, even temporarily.
A business model apparently overrides any information-providing mission. My
personal vote is thumbs-down; others are free to choose differently.
- - - - -
"AD BLOCKER INTERFERENCE DETECTED
Thank you for visiting this site. Unfortunately we have detected that you
might be running custom adblocking scripts or installations that might
interfere with the running of the site.
We don't mind you running adblocker, but could you please either disable
these scripts or alternatively whitelist the site, in order to continue.
Thanks for your support"
------------------------------
Date: Mon, 1 Jun 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.01
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.01>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Russia Exploits Conspiracy Mill Americans Built (Nicole Perlroth)
Fox News runs digitally altered images in coverage of Seattle's
protests in the Capitol Hill Autonomous Zone (sundry sources)
Harassment and cyberstalking (Travis Andersen)
Elite CIA unit that developed hacking tools failed to secure its own
systems, allowing massive leak, an internal report found (WashPost)
Digitality, Personal Security & Privacy Risks (Robert Mathews)
South African bank to replace 12M cards after employees stole master key
(ZDNet)
Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room
(The Hacker News)
Feds allege eBay terror campaign against Natick publishers of articles the
company didn't like (Universal Hub)
USA T-Mobile Hit by Widespread Voice and Data Outage (jonathan spira)
Google is messing with the address bar again -- new experiment hides URL
path (Ars Technica)
30,000 Unsuspecting Rose Bowl Attendees Were Scooped Up in a Facial
Recognition Test (Medium)
Joanna Hoffman: Facebook is peddling 'an addictive drug called anger' (CNBC)
Why jK8v!ge4D isn't a good password (Toward Data Science)
IoT Nutrition Labels (Keith Medcalf)
What Zebra Mussels Can Tell Us About Errors In Coronavirus Tests (npr.org)
Re: Election fiasco: Georgia on my mind (Bob Brown)
Re: Multiple US agencies have purchased this mysterious mobile
(Steve Singer)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 16 Jun 2020 11:55:14 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Russia Exploits Conspiracy Mill Americans Built (Nicole Perlroth)
*The New York Times* front page today 16 Jun 2020 [PGN-ed]
This is a remarkably comprehensive take on the saga that began in the Iowa
caucuses in February 2016, Robby Mook (who was falsely accused of developing
the app that came from Shadow Inc.), the Kremlin-backed Russian Internet
Research Agency, and more that continues today.
Clint Watts, former FBI special agent: "The Kremlin doesn't need to make
fake news any more. It's all American made."
Russians have concluded that it is easier to identify divisive content from
real Americans [rather than masquerading as real Americans] and help it
spread through low-profile networks of social media accounts.
Cindy Otis, former CIA analyst: "Russia's trolls learned it is far more
effective to find the sore spots and amplify content by native English
speakers than it is to spin out their own wackadoodle conspiracy theories."
@DanRadov [who had earlier promulgated various Russian fake news as formerly
@DanWals83975326, and who is still active]: "U.S. has long been in the
position when one spark can burn the whole country down and all of the
United West for that matter. Buckle your seatbelts people. We are up for a
rough ride."
------------------------------
Date: Mon, 15 Jun 2020 19:19:11 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Fox News runs digitally altered images in coverage of Seattle's
protests in the Capitol Hill Autonomous Zone (sundry sources)
Fox News published digitally altered and misleading photos on stories about
Seattle's Capitol Hill Autonomous Zone (CHAZ) in what photojournalism
experts called a clear violation of ethical standards for news
organizations.
As part of a package of stories Friday about the zone, where demonstrators
have taken over several city blocks on Capitol Hill after Seattle police
abandoned the East Precinct, Fox's website for much of the day featured a
photo of a man standing with a military-style rifle in front of what
appeared to be a smashed retail storefront.
The image was actually a mashup of photos from different days, taken by
different photographers — it was done by splicing a Getty Images photo of an
armed man, who had been at the protest zone June 10, with other images from
May 30 of smashed windows in downtown Seattle. Another altered image
combined the gunman photo with yet another image, making it appear as though
he was standing in front of a sign declaring “You are now entering Free Cap
Hill.”
https://www.seattletimes.com/seattle-news/politics/fox-news-runs-digitally-altered-images-in-coverage-of-seattles-protests-capitol-hill-autonomous-zone/
Fox News Removes a Digitally Altered Image of Seattle Protests Fox News
acknowledged that one photo was a combination of several images, and a
second was taken in a different city.
https://www.nytimes.com/2020/06/13/business/media/fox-news-george-floyd-protests-seattle.html
Fox News Removes Digitally Altered, Misleading Photos of Seattle 'Autonomous Zone' From Website
https://time.com/5853408/fox-news-altered-photo-seattle/
Fox News removes altered images from Seattle protest
https://www.axios.com/fox-news-removes-seattle-protest-altered-images-dfad3cf6-3784-4eaf-89e8-896705387d64.html
------------------------------
Date: Mon, 15 Jun 2020 14:30:48 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Harassment and cyberstalking (Travis Andersen)
`We are going to crush this lady': Six former eBay employees charged in
federal cyberstalking case targeting Natick couple
Travis Andersen, *The Boston Globe*, 15 Jun 2020
Six eBay employees including a former police captain in California last year
engaged in a relentless campaign of harassment and cyberstalking of a Natick
couple that published a newsletter critical of the online retailer, sending
items including fly larvae, live spiders, and a bloody pig mask to their
home and traveling to Massachusetts to conduct surveillance of the victims
in an effort to get them to stop publishing, authorities alleged Monday.
https://www.bostonglobe.com/2020/06/15/metro/six-former-ebay-employees-charged-federal-cyberstalking-case-targeting-natick-couple/
------------------------------
Date: Tue, 16 Jun 2020 10:33:59 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Elite CIA unit that developed hacking tools failed to secure its
own systems, allowing massive leak, an internal report found (WashPost)
The publication of ‘Vault 7’ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.
https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html
------------------------------
Date: Fri, 12 Jun 2020 17:20:10 -0700 (PDT)
From: "Robert Mathews (OSIA)" <mat...@hawaii.edu>
Subject: Digitality, Personal Security & Privacy Risks (sundry sources)
Who are their targets? NGOs, Journalists, Activists for now.... but,
literally, ANYONE and EVERYONE are at risk ..... Immediately following are
TWO VERY different reports that represent TWO very DIFFERENT angles and
hazards to personal safety, personal security and personal privacy in the
digital universe.
John Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena
Anstis, and Ron Deibert, *Dark Basin*, Uncovering a Massive Hack-For-Hire
Operation, *THE CITIZEN LAB*, 9 Jun 2020
https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
and... "The thrill of the hunt"..... except, in this case.... the fox
may not have a tail, be red... or even be a fox! ...
MISTAKEN IDENTITY
Olivia Nuzzi, *New York Magazine - Intelligencer*, 8 Jun 2020
*What It's Like to Get Doxed for Taking a Bike Ride*
https://nymag.com/intelligencer/2020/06/what-its-like-to-get-doxed-for-taking-a-bike-ride.html
Sasha Ingber, *Newsy, 11 Jun 2020
Former Air Force Officer Fears Intelligence Collected On Protesters
https://www.newsy.com/stories/surveillance-planes-above-floyd-protests/
[Nuzzi is Newsy!!! PGN]
------------------------------
Date: Mon, 15 Jun 2020 10:33:31 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: South African bank to replace 12M cards after employees stole
master key (ZDNet)
[Thanks to Gene Spafford]
https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/
[Risks of all the nest-eggs in one basket. PGN]
------------------------------
Date: Sun, 14 Jun 2020 11:04:02 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Spies Can Listen to Your Conversations by Watching a Light Bulb in
the Room (The Hacker News)
You might not believe it, but it's possible to spy on secret conversations
happening in a room from a nearby remote location just by observing a light
bulb hanging in there -- visible from a window -- and measuring the amount
of light it emits.
A team of cybersecurity researchers has developed and demonstrated a novel
side-channel attacking technique that can be applied by eavesdroppers to
recover full sound from a victim's room that contains an overhead hanging
bulb.
The findings were published in a new paper by a team of academics -- en
Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov -- from the
Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of
Science, which will also be presented at the Black Hat USA 2020 conference
later this August.
<https://www.blackhat.com/us-20/briefings/schedule/index.html#lamphone-real-time-passive-reconstruction-of-speech-using-light-emitted-from-lamps-20599>
The technique for long-distance eavesdropping, called "Lamphone
<https://www.nassiben.com/lamphone>," works by capturing minuscule sound
waves optically through an electro-optical sensor directed at the bulb and
using it to recover speech and recognize music.
How Does the 'Lamphone Attack' Work?. [...]
https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html
------------------------------
Date: Mon, 15 Jun 2020 21:30:29 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Feds allege eBay terror campaign against Natick publishers of
articles the company didn't like (Universal Hub)
https://www.universalhub.com/2020/feds-allege-ebay-terror-campaign-against-natick
------------------------------
Date: June 16, 2020 at 10:07:52 GMT+9
From: jonatha...@accuramediagroup.com
Subject: USA T-Mobile Hit by Widespread Voice and Data Outage
This has been driving us crazy all day...
T-Mobile Hit by Widespread Voice and Data Outage
"T-Mobile customers across the country are reporting issues placing and
receiving calls as well as when using data services. The self-proclaimed
*Uncarrier* said it began to experience an unspecific network outage that is
impacting hundreds of thousands of customers starting in the early
afternoon.
``Our engineers are working to resolve the widespread voice and text
issue,'' the company said on its website. It went on to recommend that
customers use third-party messaging.
------------------------------
Date: Mon, 15 Jun 2020 11:44:50 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google is messing with the address bar again -- new experiment
hides URL path (Ars Technica)
[BAD IDEA!]
I've noted in the past why this is a TERRIBLE idea. Yes, URLs can be long
and messy, but they frequently provide *critical* cues that you're on the
correct pages. Further tampering with them is an invitation to new kinds of
confusion and hack attacks.
Google is messing with the address bar again--new experiment hides URL path
https://arstechnica.com/gadgets/2020/06/google-is-messing-with-the-address-bar-again-new-experiment-hides-url-path/
------------------------------
Date: Fri, 12 Jun 2020 16:49:18 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: 30,000 Unsuspecting Rose Bowl Attendees Were Scooped Up in a Facial
Recognition Test (Medium)
https://onezero.medium.com/90-000-unsuspecting-rose-bowl-attendees-were-scooped-up-in-a-facial-recognition-test-18c843909858
------------------------------
Date: Sat, 13 Jun 2020 17:23:32 +0900
From: Dave Farber <far...@gmail.com>
Subject: Joanna Hoffman: Facebook is peddling 'an addictive drug called
anger' (CNBC)
https://www.cnbc.com/2020/06/12/joanna-hoffman-facebook-is-peddling-an-addictive-drug-called-anger.html
------------------------------
Date: Sat, 13 Jun 2020 11:57:13 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Why jK8v!ge4D isn't a good password (Toward Data Science)
There's a fundamental issue with password validation
https://towardsdatascience.com/why-password-validation-is-garbage-56e0d766c12e
------------------------------
Date: Sat, 13 Jun 2020 08:33:52 -0600
From: "Keith Medcalf" <kmed...@dessus.com>
Subject: IoT Nutrition Labels
The major items missing from the "Nutrition Label" is whether or not the
"Thing" will still "Thing" when the "Internet" is not and never has been
present.
Without that information it is impossible for any rational decision to be made and one must assume that the "Thing" will not "Thing" and is therefore completely unsuitable for use.
------------------------------
Date: Tue, 16 Jun 2020 09:03:14 +0800
From: Richard Stein <rms...@ieee.org>
Subject: What Zebra Mussels Can Tell Us About Errors In Coronavirus Tests
(npr.org)
https://www.npr.org/sections/health-shots/2020/06/15/871186164/what-zebra-mussels-can-tell-us-about-errors-in-coronavirus-tests
Good discussion of false negative/positive outcomes for polymerase chain
reaction (PCR) diagnostic tests.
"The PCR tests, when done perfectly, do boast a very low false-positive
rate. But they're not always done perfectly.
"Certified labs like hers use procedures to reduce the risk of false test
results, since a false-positive test can lead to a medical misdiagnosis. But
slip-ups are inevitable.
"Most errors are caused by poor sample handling or other errors even before
a sample gets to the lab, she says.
"And PCR is so incredibly sensitive, contamination is a particular concern.
Even the tiniest amount of stray material in a lab can spell trouble, Pritt
says."
------------------------------
Date: Fri, 12 Jun 2020 21:19:33 -0400
From: Bob Brown <Bob....@EmoryCottage.net>
Subject: Re: Election fiasco: Georgia on my mind (RISKS-31.99)
Every registered voter in Georgia received an absentee ballot request form.
While the voter still had to return the form to receive an absentee ballot,
every Georgia voter had an opportunity to vote using an hand-marked paper
ballot submitted by postal mail.
------------------------------
Date: Sat, 13 Jun 2020 10:09:56 -0400
From: Steve Singer <s...@dedicatedresponse.com>
Subject: Re: Multiple US agencies have purchased this mysterious mobile
eavesdropping device (RISKS-31.98)
The only way to view site content is to disable ad blocking or more
generally, script blocking -- and I find that unappealing, even temporarily.
A business model apparently overrides any information-providing mission. My
personal vote is thumbs-down; others are free to choose differently.
- - - - -
"AD BLOCKER INTERFERENCE DETECTED
Thank you for visiting this site. Unfortunately we have detected that you
might be running custom adblocking scripts or installations that might
interfere with the running of the site.
We don't mind you running adblocker, but could you please either disable
these scripts or alternatively whitelist the site, in order to continue.
Thanks for your support"
------------------------------
Date: Mon, 1 Jun 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.01
************************
0 new messages