info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 30.75
82 views
Skip to first unread message
RISKS List Owner
Jul 14, 2018, 5:48:40 PM7/14/18
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Saturday 14 July 2018 Volume 30 : Issue 75
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> and
<http://catless.ncl.ac.uk/Risks/30.75>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The return of Spectre (ZDNet)
Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU
(Colyer)
Now-fixed iOS 11.3 bug reveals how Apple censors the Taiwanese
flag on Chinese iPhones (9to5Mac)
FAA pushes back on Boeing exemption for 787 safety flaw (FlightGlobal)
Regulation of facial-recognition software? (WashPo)
FACEPTION (Facial Personality Analytics)
How Smart TVs in Millions of Homes Track More Than What's Onoo Tonight
(NYTimes)
Meet Scrub 50, the robot cleaner (StraitsTimes)
Video: Gavin Williamson hilariously interrupted by Siri during
statement to Parliament (9to5Mac)
How Voice-Activated Assistants Pose Security Threats in Home, Office
(EWeek)
A Revised View of the IoT Ecosystem (Vinton Cerf, Computing Edge)
Plan to use AI to help emergency call operators (The Straits Times)
Hamas uses fake Facebook friends to dupe 100 soldiers into
downloading spyware (The Times of Israel)
Chinese hackers infiltrate systems at Australian National University
(John Colville)
Data encryption: How to avoid common workarounds (HPE)
CRTC levies fines against two companies under Canada's anti-spam law
(Kelly Bert Manning)
Cameras to be deployed to detect illegal smoking (The Straits Times)
PayPal Apologizes for Letter Demanding Payment From Woman Who Died
of Cancer (NYTimes)
ExxonMobil Bungles Rewards Card Debut (Krebs on Security)
This keyboard attack steals passwords by reading heat from your
fingers (Charlie Osborne)
iOS 11.4 seems to have a battery drain problem (ZDNet)
Watch that keyboard! (Web Informant)
How the Pentagon Keeps Its App Store Secure (WiReD)
Inside China Dystopian Dreams (NYTimes)
Egypt Sentences Lebanese Tourist to 8 Years in Prison for Facebook
Video (NYTimes)
The Complexity of Simply Searching For Medical Advice (WiReD)
According to Apple's digital assistant Siri, Marvel comic book legend
Stan Lee had apparently died on Monday (Business Insider Singapore)
Risk and cost/benefit ... *Rob Slade)
Employees as subjects in clinical trials (Bob Fenichel)
Re: Google is training machines to predict when a patient will die
(John R. Levine, Richard M Stein, John R. Levine)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 12 Jul 2018 00:13:36 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The return of Spectre (ZDNet)
Two new ways to assault computers using Spectre-style attacks have been
discovered. These can be used against any operating system running on AMD,
ARM, and Intel processors.
http://www.zdnet.com/article/the-return-of-spectre/
------------------------------
Date: Wed, 4 Jul 2018 18:23:00 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Grand Pwning Unit: Accelerating microarchitectural attacks with
the GPU (Colyer)
http://blog.acolyer.org/2018/07/04/grand-pwning-unit-accelerating-microarchitectural-attacks-with-the-gpu/
------------------------------
Date: Thu, 12 Jul 2018 00:00:23 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Now-fixed iOS 11.3 bug reveals how Apple censors the Taiwanese
flag on Chinese iPhones (9to5Mac)
A bug in iOS 11.3 --- fixed in iOS 11.4.1 --- revealed that Apple
censors the Taiwanese flag on iPhones whose region is set to China
The bug came to light when security researcher Patrick Wardle received a
message from a Taiwanese friend, reporting that iMessage, WhatsApp and
Facebook Messenger all crashed when she typed the word `Taiwan' or received
a message containing the emoji for the Taiwanese flag.
He was initially skeptical, but was able to verify the claim and --- by a
somewhat tortuous process --- work out what was causing it.
On an iOS device with CN (China) set as the language/locale, iOS is looking
for the Taiwanese flag emoji and then removing it. That code was buggy,
which was what caused the crash.
http://9to5mac.com/2018/07/11/apple-china-taiwan-flag/
------------------------------
Date: Fri, 6 Jul 2018 20:44:05 +0100
From: <ric...@hesketh.org.uk>
Subject: FAA pushes back on Boeing exemption for 787 safety flaw
(FlightGlobal)
http://www.flightglobal.com/news/articles/faa-pushes-back-on-boeing-exemption-for-787-safety-f-449263/
Exec summary: In order to meet a delivery schedule, Boeing would like the
FAA to trust that some software which may contain bugs will provide a safety
net in the event that other software containing a known defect causes an
engine shutdown.
------------------------------
Date: Sat, 14 Jul 2018 08:46:31 -0700
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Regulation of facial-recognition software? (WashPo)
Microsoft is calling for government regulation on facial-recognition
software, one of its key technologies, saying such artificial
intelligence is too important and potentially dangerous for tech
giants to police themselves.
https://www.washingtonpost.com/technology/2018/07/13/microsoft-calls-regulation-facial-recognition-saying-its-too-risky-leave-tech-industry-alone/
------------------------------
Date: Sun, 8 Jul 2018 13:45:07 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: FACEPTION (Facial Personality Analytics)
FACEPTION IS A FACIAL PERSONALITY ANALYTICS TECHNOLOGY COMPANY
We reveal personality from facial images at scale to revolutionize how
companies, organizations and even robots understand people and dramatically
improve public safety, communications, decision-making, and experiences.
http://www.faception.com/
------------------------------
Date: Fri, 06 Jul 2018 13:15:22 -0400
From: José María Mateos <ch...@rinzewind.org>
Subject: How Smart TVs in Millions of Homes Track More Than What's On
Tonight (NYTimes)
http://mobile.nytimes.com/2018/07/05/business/media/tv-viewer-tracking.html
The growing concern over online data and user privacy has been focused on
tech giants like Facebook and devices like smartphones. But people's data is
also increasingly being vacuumed right out of their living rooms via their
televisions, sometimes without their knowledge. [...]
Once enabled, Samba TV can track nearly everything that appears on the TV on
a second-by-second basis, essentially reading pixels to identify network
shows and ads, as well as programs on Netflix and HBO and even video games
played on the TV. Samba TV has even offered advertisers the ability to base
their targeting on whether people watch conservative or liberal media
outlets and which party's presidential debate they watched.
------------------------------
Date: Fri, 06 Jul 2018 08:33:48 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Meet Scrub 50, the robot cleaner (StraitsTimes)
http://www.straitstimes.com/singapore/meet-scrub-50-the-robot-cleaner
Visitors to Singapore, a city-state of ~5.6m citizens and expatriates, often
note the gumblob-free sidewalks, garbage-free streets, and spotless trains.
In truth, Singapore is cleaned daily by an army of mop and broom-wielding
custodians estimated to top ~70K in 2016
http://www.straitstimes.com/singapore/environment/liak-teng-lit-5-million-people-70000-cleanersthats-ridiculous).
Many are senior citizens earning minimum wages to supplement their
retirement. Demographically, custodians are diminishing, and few young
people wish to pursue this career path.
Enter Scrub 50, which aspires to replace these workers and fill the human
deficit.
``For example, daily scrubbing of 5,000 sq m over a one-month period would
require a cleaner to put in 300 hours of work, but the robot takes 130
hours, its developers claim.''
Advocates of universal income guarantees should take note of any trial
deployment and outcome, including robo-mopping incidents.
------------------------------
Date: Thu, 5 Jul 2018 19:37:19 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Video: Gavin Williamson hilariously interrupted by Siri during
statement to Parliament (9to5Mac)
We've all had it happen before, Siri going off when your iPhone thinks it
heard the *Hey Siri* command when nothing remotely close was mentioned.
Well, today this happened in a public environment and it was
absolutely hilarious. As tweeted by BBC Parliament, Siri made a brief
interruption while Gavin Williamson was making a statement.
http://twitter.com/BBCParliament/status/1014136145989513218
From what we can hear, it sounds like surrounding areas triggered the
Hey Siri command on the phone, which prompted Siri to respond on the
iPhone.
False positives with voice assistants are always fun, especially when it
falsely catches the trigger phrase, but gets every word after that
verbatim. We can only hope for Apple to keep improving its machine learning
so things like this won't happen in the future.
Check out the full clip below.
http://9to5mac.com/2018/07/03/siri-hijacks-bbc-parliament-statement/
Only today, I commanded my iPad -- which ignored me, but my wife's nearby
iPhone responded.
------------------------------
Date: Fri, 6 Jul 2018 11:44:49 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How Voice-Activated Assistants Pose Security Threats in Home, Office
(EWeek)
http://www.eweek.com/security/five-ways-digital-assistants-pose-security-threats-in-home-office
What a surprise, hmmm?
------------------------------
Date: Thu, 5 Jul 2018 09:16:46 -0400
From: George Sherwood <sher...@transedge.com>
Subject: A Revised View of the IoT Ecosystem (Vinton Cerf, Computing Edge)
An IoT ensemble must actually be in a kind of continuous configuration
mode, anticipating the arrival and departure of all manner of
Internet-enabled devices. Among the implications is the notion that
the local IoT management system needs to expect that new devices will
need to be configured into the system and others to depart - it needs
to sense their arrivals and departures and to react accordingly.
Here's a scary thought: what if a device is adopted that's corrupted, and it
has a backdoor allowing remote access to a residential network of devices?
http://www.computer.org/csdl/mags/ic/2017/05/mic2017050072.pdf
------------------------------
Date: Thu, 12 Jul 2018 12:18:35 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Plan to use AI to help emergency call operators (The Straits Times)
http://www.straitstimes.com/singapore/plan-to-use-ai-to-help-emergency-call-operators
``With Singapore's emergency dispatch phone operators receiving almost
200,000 calls for assistance a year, every minute is vital. In an effort
to ease their workload, the Singapore Civil Defence Force (SCDF) and four
other government agencies are turning to artificial intelligence (AI),
using a speech recognition system developed to transcribe and log each
call received in real time - even if it is in Singlish.''
The Straits Times article states the platform possesses a 90% speech-to-text
recognition accuracy rate based on a 80Kword Mandarin & English dictionary.
The dictionary was constructed manually from YouTube, SoundCloud and
Singapore radio programs where mixed language (Malay, Hokkien, Mandarin, and
English) conversations are routine among Singaporeans.
A high incidence of emergency operator post-traumatic stress disorder
and critical incident stress syndrome is reported from the field (see h
ttps://www.factretriever.com/911-emergency-call-facts, retrieved on
12JUL2018).
http://www.nena.org/page/911Statistics
estimates ~240M emergency (911) calls per year in the US, with ~15-20%
identified as non-emergencies. ~80% estimated from mobile devices. In
Singapore, mobile devices dominate; this figure is probably much
higher. Landline v. mobile emergency call statistics are not readily
available in Singapore.
Given a 15-20% non-emergency usage of 911 (999 in Singapore), ~30-40K
calls/year of a non-emergency basis in Singapore might accidentally arise.
The risk is that automatic speech-to-text transcription does not suppress
false emergency dispatch incident density based on the logged
content. Unclear from the article if there's a human involved to inspect the
transcription and arbitrate dispatch.
[1] Jesse Jarnow, Why Our Crazy-Smart AI Still Sucks at Transcribing
Speech, claims ~12% speech-to-text error rate
http://www.wired.com/2016/04/long-form-voice-transcription/
[2] Laim Tung, Microsoft's newest milestone? World's lowest error rate
in speech recognition
http://www.zdnet.com/article/microsofts-newest-milestone-worlds-lowest-error-rate-in-speech-recognition/
------------------------------
Date: Thu, 5 Jul 2018 15:11:49 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hamas uses fake Facebook friends to dupe 100 soldiers into
downloading spyware (The Times of Israel)
Military intelligence officers say no damage to security after soldiers fall
for terror group cyberplot, sign up for fake World Cup and dating apps
http://www.timesofisrael.com/idf-warns-soldiers-hamas-trying-to-spy-on-them-with-fake-dating-world-cup-apps/
------------------------------
Date: Sat, 7 Jul 2018 07:25:17 +0000
From: John Colville <John.C...@uts.edu.au>
Subject: Chinese hackers infiltrate systems at Australian National University
Australian National University is one of Australia's top research
universities
http://www.abc.net.au/news/2018-07-06/chinese-hackers-infilitrate-anu-it-systems/9951210%3FWT.ac%3Dstatenews_act
Hackers based in China have infiltrated one of Australia's most prestigious
universities, and the threat is yet to be shut down. The ABC has been told
the Australian National University (ANU) system was first compromised last
year. In a statement, the ANU said it had been working with intelligence
agencies for several months to minimise the impact of the threat.
------------------------------
Date: Mon, 9 Jul 2018 23:34:52 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Data encryption: How to avoid common workarounds (HPE)
Sloppy practice by data security personnel can, and often does, allow clever
hackers to gain access to the data without actually defeating the encryption
algorithms. Learn what measures to take to prevent such security breaches.
http://www.hpe.com/us/en/insights/articles/data-encryption-how-to-avoid-common-workarounds-1807.html
------------------------------
Date: Thu, 12 Jul 2018 11:25:53 -0400
From: Kelly Bert Manning <bo...@freenet.carleton.ca>
Subject: CRTC levies fines against two companies under Canada's anti-spam
law
The companies involved did not send spam themselves, they provided ISP
services for malware spreaders and ``accepted unverified and anonymous
customers''.
``Our enforcement actions send a clear message to companies whose business
models may enable these types of activities,'' said Steven Harroun, the
CRTC's chief compliance and enforcement officer. Through their actions
and omissions, Datablocks and Sunlight Media aided in the commission of
acts contrary to section 8 of the Act.
http://crtc.gc.ca/eng/archive/2018/vt180711.htmh
http://www.timescolonist.com/crtc-levies-fines-against-two-companies-under-canada-s-anti-spam-law-1.23365348
------------------------------
Date: Tue, 10 Jul 2018 10:04:29 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Cameras to be deployed to detect illegal smoking
(The Straits Times)
http://www.straitstimes.com/singapore/cameras-to-be-deployed-to-detect-illegal-smoking
``As smoking curbs are extended, the number of offenders has increased. The
NEA [National Environment Agency] issued about 22,000 tickets last year to
people smoking at prohibited areas, compared with 19,000 in 2016.''
High-resolution IR cameras positioned to detect smokers in prohibited areas
supplemented with visual facial recognition matching to ID
offenders. Another example of surveillance sensor fusion to find and fine
scofflaws.
Singapore's governance model, an example of *benign* authoritarianism,
emphasizes civil order. Suppressing second-hand smoke exposure is a hot
enforcement priority for public health initiatives.
The CDC estimates that ~41K US citizens die annually from secondhand smoke-
related diseases (principally heart and lung diseases). Assuming US
population of 340m, and Singapore's is ~5.6m, the arithmetic gives:
5.6m/340m * 41Kcitizens ~= 675 annual deaths per year in Singapore
attributed to secondhand smoke-related diseases.
<https://www.cdc.gov/tobacco/data_statistics/fact_sheets/secondhand_smoke/general_facts/index.htm>
------------------------------
Date: Thu, 12 Jul 2018 09:44:08 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: PayPal Apologizes for Letter Demanding Payment From Woman Who Died
of Cancer (NYTimes)
http://www.nytimes.com/2018/07/11/business/paypal-dead-wife-husband-letter-nyt.html
``We have received notice that you are deceased,'' said the
letter, which threatened legal action over outstanding debt and left the
British woman's husband `incredulous'.
------------------------------
Date: Mon, 9 Jul 2018 17:00:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: ExxonMobil Bungles Rewards Card Debut (Krebs on Security)
Energy giant ExxonMobil recently sent snail mail letters to its Plenti
rewards card members stating that the points program was being replaced with
a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a
confusing toll-free number and directs customers to a parked page that tries
to foist Web browser extensions on visitors.
The mailer (the first page of which is screenshotted below) urges customers
to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to
call 1-888-REWARD with any questions. It may not be immediately obvious, but
that + sign is actually the same thing as a zero on the telephone keypad
(although I'm ashamed to say I had to look that up online to be sure).
http://krebsonsecurity.com/2018/07/exxonmobil-bungles-rewards-card-debut/
------------------------------
Date: Thu, 05 Jul 2018 18:30:17 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: This keyboard attack steals passwords by reading heat from your
fingers (Charlie Osborne)
Charlie Osborne for Zero Day, 5 Jul 2018
Thermanator harvests thermal energy to steal passwords directly from your
fingertips. A new attack has been presented by researchers which is able to
record thermal residue from keyboards in order to steal credentials.
http://www.zdnet.com/article/this-attack-steals-your-passwords-by-reading-keyboard-heat/
------------------------------
Date: Mon, 9 Jul 2018 16:45:04 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: iOS 11.4 seems to have a battery drain problem (ZDNet)
http://www.zdnet.com/article/ios-11-4-seems-to-have-a-battery-drain-problem/
Every iOS upgrade? I've deferred this one, in spite of advice given to
always upgrade quickly for security patches.
------------------------------
Date: Mon, 9 Jul 2018 16:42:50 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Watch that keyboard! (Web Informant)
Here is the thing. In order to install one of these keyboard apps, you have
to grant it access to your phone. This seems like common sense, but sadly,
this also grants the app access to pretty much everything you type, every
piece of data on your phone, and every contact of yours too. Apple calls
this full access, and they require these keyboards to ask explicitly for
this permission after they are installed and before you use them for the
first time. Many of us don't read the fine print and just click yes and go
about our merry way.
http://blog.strom.com/wp/%3Fp%3D6603
------------------------------
Date: Sun, 8 Jul 2018 23:37:27 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How the Pentagon Keeps Its App Store Secure (WiReD)
``NGA is kind of a unique combat-support agency,'' Saffel says. ``With the
GEOINT App Store we chose to go into a very risky new frontier for DOD and
the government in general, but I think we've demonstrated that we can do
things differently and still be secure and still control access. We're
supporting a lot of different mission sets, and I expect that the app store
will keep growing.''
http://www.wired.com/story/dod-app-store-does-this-one-crucial-thing-to-stay-secure
------------------------------
Date: Sun, 8 Jul 2018 18:54:40 -0400
From: José María Mateos <ch...@rinzewind.org>
Subject: Inside China Dystopian Dreams (NYTimes)
http://www.nytimes.com/2018/07/08/business/china-surveillance-technology.html
In the Chinese city of Zhengzhou, a police officer wearing facial
recognition glasses spotted a heroin smuggler at a train station.
In Qingdao, a city famous for its German colonial heritage, cameras powered
by artificial intelligence helped the police snatch two dozen criminal
suspects in the midst of a big annual beer festival.
In Wuhu, a fugitive murder suspect was identified by a camera as he bought
food from a street vendor.
With millions of cameras and billions of lines of code, China is building a
high-tech authoritarian future. Beijing is embracing technologies like
facial recognition and artificial intelligence to identify and track 1.4
billion people. It wants to assemble a vast and unprecedented national
surveillance system, with crucial help from its thriving technology
industry.
http://rinzewind.org/blog-es
[Also noted by Richard M Stein. PGN]
------------------------------
Date: Sun, 8 Jul 2018 08:53:51 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Egypt Sentences Lebanese Tourist to 8 Years in Prison for Facebook
Video (NYTimes)
via NNSquad
http://www.nytimes.com/2018/07/07/world/africa/egypt-sentences-lebanese-tourist.html%3Fpartner%3Drss%26emc%3Drss
An Egyptian court sentenced a Lebanese tourist to eight years in prison on
Saturday after she posted a video tirade on her Facebook page that
Egyptian authorities claimed had insulted the country and its leader. The
news website Ahram reported that Mona el-Mazbouh was initially handed an
11-year sentence and a fine after she was convicted of ``deliberately
broadcasting false rumors which aim to undermine society and attack
religions.
------------------------------
Date: Sun, 8 Jul 2018 23:34:51 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Complexity of Simply Searching For Medical Advice (WiReD)
As we increasingly rely on search and on social to answer questions that
have a profound impact on both individuals and society, especially where
health is concerned, this difficulty in discerning, and surfacing, sound
science from pseudo-science has alarming consequences. Will we have to fight
the battle of keyword voids at a grassroots level, wrangling with the
asymmetry of passion by tapping people to find these voids and create
counter-content? Do we need to organize counter-GoFundMe campaigns to pay
for ad campaigns that promote real science? Or will the tech platforms where
this is occurring begin to understand that giving legitimacy to health
misinformation via high search and social rankings is profoundly harmful?
Getting high-quality, fact-based health information shouldn't be dependent
on the outcome of SEO games, or on who has more resources for pay-to-play
content promotion.
Ultimately, the question is, how do we incorporate factual accuracy into
rankings when no one is willing to be the *arbiter of truth*.
Unfortunately, the answer is not easily Googled.
http://www.wired.com/story/the-complexity-of-simply-searching-for-medical-advice
The risk? Energetic advocates of nonsense.
------------------------------
Date: Fri, 6 Jul 2018 18:11:27 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: According to Apple's digital assistant Siri, Marvel comic book
legend Stan Lee had apparently died on Monday (Business Insider Singapore)
Comic book fans were in for a shock this week when they were told that
Marvel comic book legend Stan Lee, had passed away on Monday (July 2).
The `news' was broken by Apple's digital assistant Siri, as reported first
by CinemaBlend.
http://www.cinemablend.com/news/2444550/siri-is-telling-people-stan-lee-died-yesterday
While Stan Lee is still alive and well at the sprightly age of 95, it did
not stop Siri from telling users that he had *died* on July 2, 2018, when
asked how old he was.
Siri has since corrected the information, but it still raises questions as
to how the software got it wrong.
The problem can be traced back to Lee's Wikipedia page
http://en.wikipedia.org/wiki/Stan_Lee
http://io9.gizmodo.com/siri-erroneously-told-people-stan-lee-was-dead-1827322243
In the recent profile history of Lee, user `&beer&love' changed Lee's Wiki
data to include a `date of death', pronouncing him dead.
http://www.businessinsider.sg/siri-stan-lee-died-on-monday/
Siri relying for information on Wikipedia which can be changed by anyone,
even &beer&love. Sure beats those dusty encyclopedia volumes I grew up with.
------------------------------
Date: Thu, 5 Jul 2018 11:16:18 -0800
From: Rob Slade <rms...@shaw.ca>
Subject: Risk and cost/benefit ...
I live in Vancouver, British Columbia, Canada. We have an abundance of
natural beauty. Therefore, we also have an abundance of tourists.
I was born here. (So were my parents. And 75% of my grandparents.) Those
of us who are long time residents know that the natural beauty comes with
some natural dangers.
A lot of the tourists don't seem to realize that. In our social media
intense and almost virtual world, people don't seem to realize that you
can't just press *undo* or *reload* when you do something stupid in the real
world.
http://vancouversun.com/news/local-news/rugged-b-c-locales-are-a-magnet-for-selfie-seekers
or http://is.gd/C1rOty
And we also seem to have a society that idolizes risk-taking. You've got to
live `on the edge'. You've got to get closer to the edge than anyone else.
Well, sometimes when you get to close to the edge, you fall off.
http://vancouversun.com/news/local-news/underwater-camera-added-to-search-for-trio-missing-near-squamishs-shannon-falls or
http://is.gd/qolaca
We've got a big tourist industry in BC. (No, it's not just a business here,
it's an industry.) We've got lots of companies that spend time and money
taking people out into the wild. In a (reasonably) safe way. But, for
some, that isn't enough. They've got to go beyond the bounds. And then
they get into trouble.
I live near Lynn Canyon. I live between the fire station and Lynn Canyon.
We hear the sirens all the time, indicating that some tourist has decided
that he's (it's usually he, or her, when some idiot convinces his girlfriend
to accompany him) smarter then the locals who posted all the ``don't jump off
dangerous areas'' signs. We heard them again last night. It was late last
night, so I assume that whoever killed himself last night hasn't made the
news sites yet.
http://vancouversun.com/news/local-news/social-media-driving-risky-behaviour-in-lynn-canyon-north-shore-mountains or
http://is.gd/ghM3w2
For the reasons stated above, we have some of the best search and rescue
volunteers in the world in our neck of the woods. They are, unfortunately,
extremely experienced. We have, also unfortunately, a bunch of helicopter
pilots who have lots of experience in trying to put a helicopter into deep
canyons, or very close to waterfalls, or rock faces. It's dangerous work.
Forced upon us by tourists who want the ultimate selfie ...
------------------------------
Date: Thu, 5 Jul 2018 16:18:16 -0700
From: "Robert R. Fenichel" <b...@fenichel.net>
Subject: Employees as subjects in clinical trials (Re: Stein, RISKS-30.74)
Richard M. Stein suggests that when AI-based diagnostic programs are
tested in randomized clinical trials (RCTs), the affected patients
should be the vendor's employees and their families. This is
problematic.
In evaluating diagnostic methods, several different sorts of RCTs
can be contemplated. A trial might demonstrate that the new method
(a) provided the same information as old methods, perhaps more
quickly or at lower cost; or
(b) provided new information that was of interest, but did not alter
patient or physician behavior; or
(c) provided new information that changed patient or physician behavior; or
(d) changed patient-perceived outcome (feeling better or living longer).
At the upper end of this scale (certainly (d), probably (c)), some of the
patients in a given RCT will be winners, and some will be losers. Some
people want to play this game, and some don't.
Recruitment into RCTs is generally considered unethical.when the recruited
patients are not fully at liberty to decline participation. This generally
excludes prisoners and employees. Even when consent can be freely given
(say, by an academic researcher experimenting on himself or herself*),
trials in developed countries are subject to vetting by outside arbiters to
be sure that the investigators are not, perhaps out of honest enthusiasm,
inadvertently exposing subjects (even if the subjects are themselves) to
unnecessary risks.
Independent of the problem of obtaining freely-given consent from employees,
there are potential problems of bias. As Stein notes, any such trial would
need to be evaluated by non-conflicted reviewers. Similarly, patients with
conflicts of interest** can lead to doubt about the soundness of a trial's
results, depending on the credibility of the blinding, which is rarely
perfect.
* There is of course a long history of that, notably including the
first cardiac catheterization.
** Wanting to be successfully treated is not a conflict of interest,
but wanting one treatment or diagnostic process to work better than
another might be.
------------------------------
Date: 5 Jul 2018 22:05:17 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Google is training machines to predict when a patient will die
(Stein and LA Times, R 30 74)
I looked at the article you linked to, and I'm pretty sure that you sent the
wrong link since there is nothing in the article even vaguely like *death
panels*. It's about diagnosis based on a wider than usual range of patient
data.
The closest thing was a paragraph in which a hospital's system looked at
very sick patient and estimated she had a 9% chance of dying during her
stay, Google's AI thought it was 19% and she indeed died a few days later.
That tells us she was sicker than she looked but nothing about whether her
treatment was appropriate for her condition.
On the other hand, we have a lot of work to do with or without machines to
manage treatment of people who are terminally ill. Americans spend vast
amounts on futile care in the last few weeks or days of life of people who
will die no matter what we do. I expect that computers can be of some use
figuring out what treatments might help and which are just painful and
pointless.
------------------------------
Date: Fri, 6 Jul 2018 14:11:49 +0800
From: Richard M Stein <rmste...@gmail.com>
Subject: Re: Google is training machines to predict when a patient will die
(Levine, R 30 75)
John -- Agreed about end of life healthcare expenditures; they are often
onerous.
My extrapolation of Medical Brain (MB) AI as a *death panel* proxy is
premature, given state of readiness to deploy. I chose the label based on
former Gov. Palin's campaign hyperbole to emphasize potential adoption and
deployment of MB's predictive diagnostic capability. Clearly, connecting MB
to a patient's IV infusion pump, respirator, or other life support device
would be unwise and inhumane.
When I read the LA Times piece, I imagined a hospital or hospice-bound
patient with a `Do Not Resuscitate' (DNR) order tied to their health records
under continuous MB monitoring near end of life (EOL).
As a hypothetical, suppose MB EOL initiation was an opt-in choice? I asked
myself, ``What MB outcome would trigger the live/die threshold: 50.1% or 22%
or 90%?'' In light of MB diagnostic prediction, should DNRs have an extra
field to specify an MB live/die outcome threshold that automates end of life
sequence initiation - perhaps a morphine drip.
A dystopian expectation, based on pure economic and business prerogatives,
suggests that delegation of automated live/die choices will emerge. The
nefarious intrusion of technology into life and death decisions promotes
choice acceleration over deliberation; MB deployment demotes human sympathy
to insignificance by pure computation. Some people might prefer a Magic
8-ball to decide, not a stack of software toxicwaste.
------------------------------
Date: 6 Jul 2018 11:45:18 -0400
From: "John R. Levine" <jo...@iecc.com>
Subject: Re: Google is training machines to predict when a patient will die
(Stein, R 30 75)
> My extrapolation of Medical Brain (MB) AI as a *death panel* proxy is
> premature, given state of readiness to deploy.
It's not premature, it's just silly. There is a great deal of work around
the world looking at what treatment is cost-effective under what conditions.
This is not exactly a new frontier of inquiry.
One of the best-known is NICE, the National Institute for Health and Care
Excellence in the UK. It is a major reason that even though the NHS spends
less than half per person what we do in the US, and has well known funding
and management problems, people in the UK are nonetheless about as healthy
as in the US.
NICE really is a death panel, and sometimes turns down treatments that might
hypothetically extend someone's life, because the cost is too far out of
line with the potential benefit. I'd rather a death panel run transparently
with a goal of improving the country's health to ones we have in the US, run
in secret with a goal of maximizing my insurance company's dividends.
http://www.nice.org.uk/
obRisks: shiny new technical things can be very distracting
------------------------------
Date: Tue, 5 May 2018 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks have done to URLs. I have
tried to extract the essence.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 30.75
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> and
<http://catless.ncl.ac.uk/Risks/30.75>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The return of Spectre (ZDNet)
Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU
(Colyer)
Now-fixed iOS 11.3 bug reveals how Apple censors the Taiwanese
flag on Chinese iPhones (9to5Mac)
FAA pushes back on Boeing exemption for 787 safety flaw (FlightGlobal)
Regulation of facial-recognition software? (WashPo)
FACEPTION (Facial Personality Analytics)
How Smart TVs in Millions of Homes Track More Than What's Onoo Tonight
(NYTimes)
Meet Scrub 50, the robot cleaner (StraitsTimes)
Video: Gavin Williamson hilariously interrupted by Siri during
statement to Parliament (9to5Mac)
How Voice-Activated Assistants Pose Security Threats in Home, Office
(EWeek)
A Revised View of the IoT Ecosystem (Vinton Cerf, Computing Edge)
Plan to use AI to help emergency call operators (The Straits Times)
Hamas uses fake Facebook friends to dupe 100 soldiers into
downloading spyware (The Times of Israel)
Chinese hackers infiltrate systems at Australian National University
(John Colville)
Data encryption: How to avoid common workarounds (HPE)
CRTC levies fines against two companies under Canada's anti-spam law
(Kelly Bert Manning)
Cameras to be deployed to detect illegal smoking (The Straits Times)
PayPal Apologizes for Letter Demanding Payment From Woman Who Died
of Cancer (NYTimes)
ExxonMobil Bungles Rewards Card Debut (Krebs on Security)
This keyboard attack steals passwords by reading heat from your
fingers (Charlie Osborne)
iOS 11.4 seems to have a battery drain problem (ZDNet)
Watch that keyboard! (Web Informant)
How the Pentagon Keeps Its App Store Secure (WiReD)
Inside China Dystopian Dreams (NYTimes)
Egypt Sentences Lebanese Tourist to 8 Years in Prison for Facebook
Video (NYTimes)
The Complexity of Simply Searching For Medical Advice (WiReD)
According to Apple's digital assistant Siri, Marvel comic book legend
Stan Lee had apparently died on Monday (Business Insider Singapore)
Risk and cost/benefit ... *Rob Slade)
Employees as subjects in clinical trials (Bob Fenichel)
Re: Google is training machines to predict when a patient will die
(John R. Levine, Richard M Stein, John R. Levine)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 12 Jul 2018 00:13:36 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The return of Spectre (ZDNet)
Two new ways to assault computers using Spectre-style attacks have been
discovered. These can be used against any operating system running on AMD,
ARM, and Intel processors.
http://www.zdnet.com/article/the-return-of-spectre/
------------------------------
Date: Wed, 4 Jul 2018 18:23:00 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Grand Pwning Unit: Accelerating microarchitectural attacks with
the GPU (Colyer)
http://blog.acolyer.org/2018/07/04/grand-pwning-unit-accelerating-microarchitectural-attacks-with-the-gpu/
------------------------------
Date: Thu, 12 Jul 2018 00:00:23 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Now-fixed iOS 11.3 bug reveals how Apple censors the Taiwanese
flag on Chinese iPhones (9to5Mac)
A bug in iOS 11.3 --- fixed in iOS 11.4.1 --- revealed that Apple
censors the Taiwanese flag on iPhones whose region is set to China
The bug came to light when security researcher Patrick Wardle received a
message from a Taiwanese friend, reporting that iMessage, WhatsApp and
Facebook Messenger all crashed when she typed the word `Taiwan' or received
a message containing the emoji for the Taiwanese flag.
He was initially skeptical, but was able to verify the claim and --- by a
somewhat tortuous process --- work out what was causing it.
On an iOS device with CN (China) set as the language/locale, iOS is looking
for the Taiwanese flag emoji and then removing it. That code was buggy,
which was what caused the crash.
http://9to5mac.com/2018/07/11/apple-china-taiwan-flag/
------------------------------
Date: Fri, 6 Jul 2018 20:44:05 +0100
From: <ric...@hesketh.org.uk>
Subject: FAA pushes back on Boeing exemption for 787 safety flaw
(FlightGlobal)
http://www.flightglobal.com/news/articles/faa-pushes-back-on-boeing-exemption-for-787-safety-f-449263/
Exec summary: In order to meet a delivery schedule, Boeing would like the
FAA to trust that some software which may contain bugs will provide a safety
net in the event that other software containing a known defect causes an
engine shutdown.
------------------------------
Date: Sat, 14 Jul 2018 08:46:31 -0700
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Regulation of facial-recognition software? (WashPo)
Microsoft is calling for government regulation on facial-recognition
software, one of its key technologies, saying such artificial
intelligence is too important and potentially dangerous for tech
giants to police themselves.
https://www.washingtonpost.com/technology/2018/07/13/microsoft-calls-regulation-facial-recognition-saying-its-too-risky-leave-tech-industry-alone/
------------------------------
Date: Sun, 8 Jul 2018 13:45:07 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: FACEPTION (Facial Personality Analytics)
FACEPTION IS A FACIAL PERSONALITY ANALYTICS TECHNOLOGY COMPANY
We reveal personality from facial images at scale to revolutionize how
companies, organizations and even robots understand people and dramatically
improve public safety, communications, decision-making, and experiences.
http://www.faception.com/
------------------------------
Date: Fri, 06 Jul 2018 13:15:22 -0400
From: José María Mateos <ch...@rinzewind.org>
Subject: How Smart TVs in Millions of Homes Track More Than What's On
Tonight (NYTimes)
http://mobile.nytimes.com/2018/07/05/business/media/tv-viewer-tracking.html
The growing concern over online data and user privacy has been focused on
tech giants like Facebook and devices like smartphones. But people's data is
also increasingly being vacuumed right out of their living rooms via their
televisions, sometimes without their knowledge. [...]
Once enabled, Samba TV can track nearly everything that appears on the TV on
a second-by-second basis, essentially reading pixels to identify network
shows and ads, as well as programs on Netflix and HBO and even video games
played on the TV. Samba TV has even offered advertisers the ability to base
their targeting on whether people watch conservative or liberal media
outlets and which party's presidential debate they watched.
------------------------------
Date: Fri, 06 Jul 2018 08:33:48 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Meet Scrub 50, the robot cleaner (StraitsTimes)
http://www.straitstimes.com/singapore/meet-scrub-50-the-robot-cleaner
Visitors to Singapore, a city-state of ~5.6m citizens and expatriates, often
note the gumblob-free sidewalks, garbage-free streets, and spotless trains.
In truth, Singapore is cleaned daily by an army of mop and broom-wielding
custodians estimated to top ~70K in 2016
http://www.straitstimes.com/singapore/environment/liak-teng-lit-5-million-people-70000-cleanersthats-ridiculous).
Many are senior citizens earning minimum wages to supplement their
retirement. Demographically, custodians are diminishing, and few young
people wish to pursue this career path.
Enter Scrub 50, which aspires to replace these workers and fill the human
deficit.
``For example, daily scrubbing of 5,000 sq m over a one-month period would
require a cleaner to put in 300 hours of work, but the robot takes 130
hours, its developers claim.''
Advocates of universal income guarantees should take note of any trial
deployment and outcome, including robo-mopping incidents.
------------------------------
Date: Thu, 5 Jul 2018 19:37:19 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Video: Gavin Williamson hilariously interrupted by Siri during
statement to Parliament (9to5Mac)
We've all had it happen before, Siri going off when your iPhone thinks it
heard the *Hey Siri* command when nothing remotely close was mentioned.
Well, today this happened in a public environment and it was
absolutely hilarious. As tweeted by BBC Parliament, Siri made a brief
interruption while Gavin Williamson was making a statement.
http://twitter.com/BBCParliament/status/1014136145989513218
From what we can hear, it sounds like surrounding areas triggered the
Hey Siri command on the phone, which prompted Siri to respond on the
iPhone.
False positives with voice assistants are always fun, especially when it
falsely catches the trigger phrase, but gets every word after that
verbatim. We can only hope for Apple to keep improving its machine learning
so things like this won't happen in the future.
Check out the full clip below.
http://9to5mac.com/2018/07/03/siri-hijacks-bbc-parliament-statement/
Only today, I commanded my iPad -- which ignored me, but my wife's nearby
iPhone responded.
------------------------------
Date: Fri, 6 Jul 2018 11:44:49 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How Voice-Activated Assistants Pose Security Threats in Home, Office
(EWeek)
http://www.eweek.com/security/five-ways-digital-assistants-pose-security-threats-in-home-office
What a surprise, hmmm?
------------------------------
Date: Thu, 5 Jul 2018 09:16:46 -0400
From: George Sherwood <sher...@transedge.com>
Subject: A Revised View of the IoT Ecosystem (Vinton Cerf, Computing Edge)
An IoT ensemble must actually be in a kind of continuous configuration
mode, anticipating the arrival and departure of all manner of
Internet-enabled devices. Among the implications is the notion that
the local IoT management system needs to expect that new devices will
need to be configured into the system and others to depart - it needs
to sense their arrivals and departures and to react accordingly.
Here's a scary thought: what if a device is adopted that's corrupted, and it
has a backdoor allowing remote access to a residential network of devices?
http://www.computer.org/csdl/mags/ic/2017/05/mic2017050072.pdf
------------------------------
Date: Thu, 12 Jul 2018 12:18:35 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Plan to use AI to help emergency call operators (The Straits Times)
http://www.straitstimes.com/singapore/plan-to-use-ai-to-help-emergency-call-operators
``With Singapore's emergency dispatch phone operators receiving almost
200,000 calls for assistance a year, every minute is vital. In an effort
to ease their workload, the Singapore Civil Defence Force (SCDF) and four
other government agencies are turning to artificial intelligence (AI),
using a speech recognition system developed to transcribe and log each
call received in real time - even if it is in Singlish.''
The Straits Times article states the platform possesses a 90% speech-to-text
recognition accuracy rate based on a 80Kword Mandarin & English dictionary.
The dictionary was constructed manually from YouTube, SoundCloud and
Singapore radio programs where mixed language (Malay, Hokkien, Mandarin, and
English) conversations are routine among Singaporeans.
A high incidence of emergency operator post-traumatic stress disorder
and critical incident stress syndrome is reported from the field (see h
ttps://www.factretriever.com/911-emergency-call-facts, retrieved on
12JUL2018).
http://www.nena.org/page/911Statistics
estimates ~240M emergency (911) calls per year in the US, with ~15-20%
identified as non-emergencies. ~80% estimated from mobile devices. In
Singapore, mobile devices dominate; this figure is probably much
higher. Landline v. mobile emergency call statistics are not readily
available in Singapore.
Given a 15-20% non-emergency usage of 911 (999 in Singapore), ~30-40K
calls/year of a non-emergency basis in Singapore might accidentally arise.
The risk is that automatic speech-to-text transcription does not suppress
false emergency dispatch incident density based on the logged
content. Unclear from the article if there's a human involved to inspect the
transcription and arbitrate dispatch.
[1] Jesse Jarnow, Why Our Crazy-Smart AI Still Sucks at Transcribing
Speech, claims ~12% speech-to-text error rate
http://www.wired.com/2016/04/long-form-voice-transcription/
[2] Laim Tung, Microsoft's newest milestone? World's lowest error rate
in speech recognition
http://www.zdnet.com/article/microsofts-newest-milestone-worlds-lowest-error-rate-in-speech-recognition/
------------------------------
Date: Thu, 5 Jul 2018 15:11:49 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hamas uses fake Facebook friends to dupe 100 soldiers into
downloading spyware (The Times of Israel)
Military intelligence officers say no damage to security after soldiers fall
for terror group cyberplot, sign up for fake World Cup and dating apps
http://www.timesofisrael.com/idf-warns-soldiers-hamas-trying-to-spy-on-them-with-fake-dating-world-cup-apps/
------------------------------
Date: Sat, 7 Jul 2018 07:25:17 +0000
From: John Colville <John.C...@uts.edu.au>
Subject: Chinese hackers infiltrate systems at Australian National University
Australian National University is one of Australia's top research
universities
http://www.abc.net.au/news/2018-07-06/chinese-hackers-infilitrate-anu-it-systems/9951210%3FWT.ac%3Dstatenews_act
Hackers based in China have infiltrated one of Australia's most prestigious
universities, and the threat is yet to be shut down. The ABC has been told
the Australian National University (ANU) system was first compromised last
year. In a statement, the ANU said it had been working with intelligence
agencies for several months to minimise the impact of the threat.
------------------------------
Date: Mon, 9 Jul 2018 23:34:52 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Data encryption: How to avoid common workarounds (HPE)
Sloppy practice by data security personnel can, and often does, allow clever
hackers to gain access to the data without actually defeating the encryption
algorithms. Learn what measures to take to prevent such security breaches.
http://www.hpe.com/us/en/insights/articles/data-encryption-how-to-avoid-common-workarounds-1807.html
------------------------------
Date: Thu, 12 Jul 2018 11:25:53 -0400
From: Kelly Bert Manning <bo...@freenet.carleton.ca>
Subject: CRTC levies fines against two companies under Canada's anti-spam
law
The companies involved did not send spam themselves, they provided ISP
services for malware spreaders and ``accepted unverified and anonymous
customers''.
``Our enforcement actions send a clear message to companies whose business
models may enable these types of activities,'' said Steven Harroun, the
CRTC's chief compliance and enforcement officer. Through their actions
and omissions, Datablocks and Sunlight Media aided in the commission of
acts contrary to section 8 of the Act.
http://crtc.gc.ca/eng/archive/2018/vt180711.htmh
http://www.timescolonist.com/crtc-levies-fines-against-two-companies-under-canada-s-anti-spam-law-1.23365348
------------------------------
Date: Tue, 10 Jul 2018 10:04:29 +0800
From: Richard M Stein <rms...@ieee.org>
Subject: Cameras to be deployed to detect illegal smoking
(The Straits Times)
http://www.straitstimes.com/singapore/cameras-to-be-deployed-to-detect-illegal-smoking
``As smoking curbs are extended, the number of offenders has increased. The
NEA [National Environment Agency] issued about 22,000 tickets last year to
people smoking at prohibited areas, compared with 19,000 in 2016.''
High-resolution IR cameras positioned to detect smokers in prohibited areas
supplemented with visual facial recognition matching to ID
offenders. Another example of surveillance sensor fusion to find and fine
scofflaws.
Singapore's governance model, an example of *benign* authoritarianism,
emphasizes civil order. Suppressing second-hand smoke exposure is a hot
enforcement priority for public health initiatives.
The CDC estimates that ~41K US citizens die annually from secondhand smoke-
related diseases (principally heart and lung diseases). Assuming US
population of 340m, and Singapore's is ~5.6m, the arithmetic gives:
5.6m/340m * 41Kcitizens ~= 675 annual deaths per year in Singapore
attributed to secondhand smoke-related diseases.
<https://www.cdc.gov/tobacco/data_statistics/fact_sheets/secondhand_smoke/general_facts/index.htm>
------------------------------
Date: Thu, 12 Jul 2018 09:44:08 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: PayPal Apologizes for Letter Demanding Payment From Woman Who Died
of Cancer (NYTimes)
http://www.nytimes.com/2018/07/11/business/paypal-dead-wife-husband-letter-nyt.html
``We have received notice that you are deceased,'' said the
letter, which threatened legal action over outstanding debt and left the
British woman's husband `incredulous'.
------------------------------
Date: Mon, 9 Jul 2018 17:00:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: ExxonMobil Bungles Rewards Card Debut (Krebs on Security)
Energy giant ExxonMobil recently sent snail mail letters to its Plenti
rewards card members stating that the points program was being replaced with
a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a
confusing toll-free number and directs customers to a parked page that tries
to foist Web browser extensions on visitors.
The mailer (the first page of which is screenshotted below) urges customers
to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to
call 1-888-REWARD with any questions. It may not be immediately obvious, but
that + sign is actually the same thing as a zero on the telephone keypad
(although I'm ashamed to say I had to look that up online to be sure).
http://krebsonsecurity.com/2018/07/exxonmobil-bungles-rewards-card-debut/
------------------------------
Date: Thu, 05 Jul 2018 18:30:17 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: This keyboard attack steals passwords by reading heat from your
fingers (Charlie Osborne)
Charlie Osborne for Zero Day, 5 Jul 2018
Thermanator harvests thermal energy to steal passwords directly from your
fingertips. A new attack has been presented by researchers which is able to
record thermal residue from keyboards in order to steal credentials.
http://www.zdnet.com/article/this-attack-steals-your-passwords-by-reading-keyboard-heat/
------------------------------
Date: Mon, 9 Jul 2018 16:45:04 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: iOS 11.4 seems to have a battery drain problem (ZDNet)
http://www.zdnet.com/article/ios-11-4-seems-to-have-a-battery-drain-problem/
Every iOS upgrade? I've deferred this one, in spite of advice given to
always upgrade quickly for security patches.
------------------------------
Date: Mon, 9 Jul 2018 16:42:50 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Watch that keyboard! (Web Informant)
Here is the thing. In order to install one of these keyboard apps, you have
to grant it access to your phone. This seems like common sense, but sadly,
this also grants the app access to pretty much everything you type, every
piece of data on your phone, and every contact of yours too. Apple calls
this full access, and they require these keyboards to ask explicitly for
this permission after they are installed and before you use them for the
first time. Many of us don't read the fine print and just click yes and go
about our merry way.
http://blog.strom.com/wp/%3Fp%3D6603
------------------------------
Date: Sun, 8 Jul 2018 23:37:27 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How the Pentagon Keeps Its App Store Secure (WiReD)
``NGA is kind of a unique combat-support agency,'' Saffel says. ``With the
GEOINT App Store we chose to go into a very risky new frontier for DOD and
the government in general, but I think we've demonstrated that we can do
things differently and still be secure and still control access. We're
supporting a lot of different mission sets, and I expect that the app store
will keep growing.''
http://www.wired.com/story/dod-app-store-does-this-one-crucial-thing-to-stay-secure
------------------------------
Date: Sun, 8 Jul 2018 18:54:40 -0400
From: José María Mateos <ch...@rinzewind.org>
Subject: Inside China Dystopian Dreams (NYTimes)
http://www.nytimes.com/2018/07/08/business/china-surveillance-technology.html
In the Chinese city of Zhengzhou, a police officer wearing facial
recognition glasses spotted a heroin smuggler at a train station.
In Qingdao, a city famous for its German colonial heritage, cameras powered
by artificial intelligence helped the police snatch two dozen criminal
suspects in the midst of a big annual beer festival.
In Wuhu, a fugitive murder suspect was identified by a camera as he bought
food from a street vendor.
With millions of cameras and billions of lines of code, China is building a
high-tech authoritarian future. Beijing is embracing technologies like
facial recognition and artificial intelligence to identify and track 1.4
billion people. It wants to assemble a vast and unprecedented national
surveillance system, with crucial help from its thriving technology
industry.
http://rinzewind.org/blog-es
[Also noted by Richard M Stein. PGN]
------------------------------
Date: Sun, 8 Jul 2018 08:53:51 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Egypt Sentences Lebanese Tourist to 8 Years in Prison for Facebook
Video (NYTimes)
via NNSquad
http://www.nytimes.com/2018/07/07/world/africa/egypt-sentences-lebanese-tourist.html%3Fpartner%3Drss%26emc%3Drss
An Egyptian court sentenced a Lebanese tourist to eight years in prison on
Saturday after she posted a video tirade on her Facebook page that
Egyptian authorities claimed had insulted the country and its leader. The
news website Ahram reported that Mona el-Mazbouh was initially handed an
11-year sentence and a fine after she was convicted of ``deliberately
broadcasting false rumors which aim to undermine society and attack
religions.
------------------------------
Date: Sun, 8 Jul 2018 23:34:51 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Complexity of Simply Searching For Medical Advice (WiReD)
As we increasingly rely on search and on social to answer questions that
have a profound impact on both individuals and society, especially where
health is concerned, this difficulty in discerning, and surfacing, sound
science from pseudo-science has alarming consequences. Will we have to fight
the battle of keyword voids at a grassroots level, wrangling with the
asymmetry of passion by tapping people to find these voids and create
counter-content? Do we need to organize counter-GoFundMe campaigns to pay
for ad campaigns that promote real science? Or will the tech platforms where
this is occurring begin to understand that giving legitimacy to health
misinformation via high search and social rankings is profoundly harmful?
Getting high-quality, fact-based health information shouldn't be dependent
on the outcome of SEO games, or on who has more resources for pay-to-play
content promotion.
Ultimately, the question is, how do we incorporate factual accuracy into
rankings when no one is willing to be the *arbiter of truth*.
Unfortunately, the answer is not easily Googled.
http://www.wired.com/story/the-complexity-of-simply-searching-for-medical-advice
The risk? Energetic advocates of nonsense.
------------------------------
Date: Fri, 6 Jul 2018 18:11:27 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: According to Apple's digital assistant Siri, Marvel comic book
legend Stan Lee had apparently died on Monday (Business Insider Singapore)
Comic book fans were in for a shock this week when they were told that
Marvel comic book legend Stan Lee, had passed away on Monday (July 2).
The `news' was broken by Apple's digital assistant Siri, as reported first
by CinemaBlend.
http://www.cinemablend.com/news/2444550/siri-is-telling-people-stan-lee-died-yesterday
While Stan Lee is still alive and well at the sprightly age of 95, it did
not stop Siri from telling users that he had *died* on July 2, 2018, when
asked how old he was.
Siri has since corrected the information, but it still raises questions as
to how the software got it wrong.
The problem can be traced back to Lee's Wikipedia page
http://en.wikipedia.org/wiki/Stan_Lee
http://io9.gizmodo.com/siri-erroneously-told-people-stan-lee-was-dead-1827322243
In the recent profile history of Lee, user `&beer&love' changed Lee's Wiki
data to include a `date of death', pronouncing him dead.
http://www.businessinsider.sg/siri-stan-lee-died-on-monday/
Siri relying for information on Wikipedia which can be changed by anyone,
even &beer&love. Sure beats those dusty encyclopedia volumes I grew up with.
------------------------------
Date: Thu, 5 Jul 2018 11:16:18 -0800
From: Rob Slade <rms...@shaw.ca>
Subject: Risk and cost/benefit ...
I live in Vancouver, British Columbia, Canada. We have an abundance of
natural beauty. Therefore, we also have an abundance of tourists.
I was born here. (So were my parents. And 75% of my grandparents.) Those
of us who are long time residents know that the natural beauty comes with
some natural dangers.
A lot of the tourists don't seem to realize that. In our social media
intense and almost virtual world, people don't seem to realize that you
can't just press *undo* or *reload* when you do something stupid in the real
world.
http://vancouversun.com/news/local-news/rugged-b-c-locales-are-a-magnet-for-selfie-seekers
or http://is.gd/C1rOty
And we also seem to have a society that idolizes risk-taking. You've got to
live `on the edge'. You've got to get closer to the edge than anyone else.
Well, sometimes when you get to close to the edge, you fall off.
http://vancouversun.com/news/local-news/underwater-camera-added-to-search-for-trio-missing-near-squamishs-shannon-falls or
http://is.gd/qolaca
We've got a big tourist industry in BC. (No, it's not just a business here,
it's an industry.) We've got lots of companies that spend time and money
taking people out into the wild. In a (reasonably) safe way. But, for
some, that isn't enough. They've got to go beyond the bounds. And then
they get into trouble.
I live near Lynn Canyon. I live between the fire station and Lynn Canyon.
We hear the sirens all the time, indicating that some tourist has decided
that he's (it's usually he, or her, when some idiot convinces his girlfriend
to accompany him) smarter then the locals who posted all the ``don't jump off
dangerous areas'' signs. We heard them again last night. It was late last
night, so I assume that whoever killed himself last night hasn't made the
news sites yet.
http://vancouversun.com/news/local-news/social-media-driving-risky-behaviour-in-lynn-canyon-north-shore-mountains or
http://is.gd/ghM3w2
For the reasons stated above, we have some of the best search and rescue
volunteers in the world in our neck of the woods. They are, unfortunately,
extremely experienced. We have, also unfortunately, a bunch of helicopter
pilots who have lots of experience in trying to put a helicopter into deep
canyons, or very close to waterfalls, or rock faces. It's dangerous work.
Forced upon us by tourists who want the ultimate selfie ...
------------------------------
Date: Thu, 5 Jul 2018 16:18:16 -0700
From: "Robert R. Fenichel" <b...@fenichel.net>
Subject: Employees as subjects in clinical trials (Re: Stein, RISKS-30.74)
Richard M. Stein suggests that when AI-based diagnostic programs are
tested in randomized clinical trials (RCTs), the affected patients
should be the vendor's employees and their families. This is
problematic.
In evaluating diagnostic methods, several different sorts of RCTs
can be contemplated. A trial might demonstrate that the new method
(a) provided the same information as old methods, perhaps more
quickly or at lower cost; or
(b) provided new information that was of interest, but did not alter
patient or physician behavior; or
(c) provided new information that changed patient or physician behavior; or
(d) changed patient-perceived outcome (feeling better or living longer).
At the upper end of this scale (certainly (d), probably (c)), some of the
patients in a given RCT will be winners, and some will be losers. Some
people want to play this game, and some don't.
Recruitment into RCTs is generally considered unethical.when the recruited
patients are not fully at liberty to decline participation. This generally
excludes prisoners and employees. Even when consent can be freely given
(say, by an academic researcher experimenting on himself or herself*),
trials in developed countries are subject to vetting by outside arbiters to
be sure that the investigators are not, perhaps out of honest enthusiasm,
inadvertently exposing subjects (even if the subjects are themselves) to
unnecessary risks.
Independent of the problem of obtaining freely-given consent from employees,
there are potential problems of bias. As Stein notes, any such trial would
need to be evaluated by non-conflicted reviewers. Similarly, patients with
conflicts of interest** can lead to doubt about the soundness of a trial's
results, depending on the credibility of the blinding, which is rarely
perfect.
* There is of course a long history of that, notably including the
first cardiac catheterization.
** Wanting to be successfully treated is not a conflict of interest,
but wanting one treatment or diagnostic process to work better than
another might be.
------------------------------
Date: 5 Jul 2018 22:05:17 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Google is training machines to predict when a patient will die
(Stein and LA Times, R 30 74)
I looked at the article you linked to, and I'm pretty sure that you sent the
wrong link since there is nothing in the article even vaguely like *death
panels*. It's about diagnosis based on a wider than usual range of patient
data.
The closest thing was a paragraph in which a hospital's system looked at
very sick patient and estimated she had a 9% chance of dying during her
stay, Google's AI thought it was 19% and she indeed died a few days later.
That tells us she was sicker than she looked but nothing about whether her
treatment was appropriate for her condition.
On the other hand, we have a lot of work to do with or without machines to
manage treatment of people who are terminally ill. Americans spend vast
amounts on futile care in the last few weeks or days of life of people who
will die no matter what we do. I expect that computers can be of some use
figuring out what treatments might help and which are just painful and
pointless.
------------------------------
Date: Fri, 6 Jul 2018 14:11:49 +0800
From: Richard M Stein <rmste...@gmail.com>
Subject: Re: Google is training machines to predict when a patient will die
(Levine, R 30 75)
John -- Agreed about end of life healthcare expenditures; they are often
onerous.
My extrapolation of Medical Brain (MB) AI as a *death panel* proxy is
premature, given state of readiness to deploy. I chose the label based on
former Gov. Palin's campaign hyperbole to emphasize potential adoption and
deployment of MB's predictive diagnostic capability. Clearly, connecting MB
to a patient's IV infusion pump, respirator, or other life support device
would be unwise and inhumane.
When I read the LA Times piece, I imagined a hospital or hospice-bound
patient with a `Do Not Resuscitate' (DNR) order tied to their health records
under continuous MB monitoring near end of life (EOL).
As a hypothetical, suppose MB EOL initiation was an opt-in choice? I asked
myself, ``What MB outcome would trigger the live/die threshold: 50.1% or 22%
or 90%?'' In light of MB diagnostic prediction, should DNRs have an extra
field to specify an MB live/die outcome threshold that automates end of life
sequence initiation - perhaps a morphine drip.
A dystopian expectation, based on pure economic and business prerogatives,
suggests that delegation of automated live/die choices will emerge. The
nefarious intrusion of technology into life and death decisions promotes
choice acceleration over deliberation; MB deployment demotes human sympathy
to insignificance by pure computation. Some people might prefer a Magic
8-ball to decide, not a stack of software toxicwaste.
------------------------------
Date: 6 Jul 2018 11:45:18 -0400
From: "John R. Levine" <jo...@iecc.com>
Subject: Re: Google is training machines to predict when a patient will die
(Stein, R 30 75)
> My extrapolation of Medical Brain (MB) AI as a *death panel* proxy is
> premature, given state of readiness to deploy.
It's not premature, it's just silly. There is a great deal of work around
the world looking at what treatment is cost-effective under what conditions.
This is not exactly a new frontier of inquiry.
One of the best-known is NICE, the National Institute for Health and Care
Excellence in the UK. It is a major reason that even though the NHS spends
less than half per person what we do in the US, and has well known funding
and management problems, people in the UK are nonetheless about as healthy
as in the US.
NICE really is a death panel, and sometimes turns down treatments that might
hypothetically extend someone's life, because the cost is too far out of
line with the potential benefit. I'd rather a death panel run transparently
with a goal of improving the country's health to ones we have in the US, run
in secret with a goal of maximizing my insurance company's dividends.
http://www.nice.org.uk/
obRisks: shiny new technical things can be very distracting
------------------------------
Date: Tue, 5 May 2018 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks have done to URLs. I have
tried to extract the essence.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 30.75
************************
0 new messages