info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 31.24
37 views
Skip to first unread message
RISKS List Owner
May 14, 2019, 8:52:34 PM5/14/19
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Tuesday 14 May 2019 Volume 31 : Issue 24
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.24>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Silicon Valley makes everything worse: Four industries that Big Tech has
ruined (Salon)
"Do we need 6G wireless already? 5G engineers debate" (ZDNet via GeneW)
"Over 25,000 smart Linksys routers are leaking sensitive data"
(Charlie Osborne)
The Future Is Here, and It Features Hackers Getting Bombed
(Foreign Policy)
Ford to expand medical transport service (Detroit News)
Australian $50 note typo: spelling mistake printed 46 million times
(The Guardian)
SHA-1 collision attacks are now actually practical and a looming danger
(Catalin Cimpanu)
TOCTOU Attacks Against BootGuard (PGN via sundry sources)
Sharp increase in ransomware attacks on Swiss SMEs (GovCert via
Peter Houppermans)
AI Can Now Defend Itself Against Malicious Messages Hidden in Speech
(Matthew Hutson)
Singlish also can, for this AI call system (The Straits Times)
Special issue: The global competition for AI dominance
Bulletin of the Atomic Scientists: Vol 75, No 3
Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com)
What Sony's robot dog teaches us about biometric data privacy (CNET)
New e-voting support system by Microsoft (via Diego Latella)
Boeing Knew About Safety-Alert Problem for a Year Before Telling FAA,
Airlines (WSJ)
Unless you want your payment card data skimmed, avoid these commerce sites
(Ars Technica)
Hey, Alexa: Stop recording me (WashPost)
"RobbinHood" ransomware takes down Baltimore City government networks
(Ars Technica)
Buying a replacement iPhone battery? Be careful you don't get ripped off
(ZDNet)
Software update crashes police ankle monitors in the Netherlands
(Catalin Cimpanu)
Tenants win as settlement orders landlords give physical keys over
smart locks (CNET)
Re: The Fight for the Right to Drive (Dan Jacobson)
Re: Drug names (Robert R. Fenichel)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 13 May 2019 19:35:01 -0700
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: Silicon Valley makes everything worse: Four industries that Big
Tech has ruined (Salon)
*The tech industry sells itself as improving our lives. So why does it seem
to always do the opposite?*
EXCERPT:
Adapted from *A People's History of Silicon Valley: How the Tech Industry
Exploits Workers, Erodes Privacy and Undermines Democracy*, by Keith A.
Spencer, on sale now from major booksellers. Eyewear Publishing, 2018.
Excerpted with permission.
The word `innovation' has become synonymous with Silicon Valley to the point
of absurdity. Indeed, the tech industry's entrepreneurs and
"thoughtfluencers" throw it around as casually as a dodgeball in a
middle-school P.E. class; what it really means is perpetually unclear and
purposefully hazy. It is vague enough to be suitable in nearly any situation
where a new product, service or "thing" is advertised as superior to the old
-- never mind if the so-called "old" thing has some distinct advantages, or
if the new thing's superiority is solely that it makes more money than the
old thing, or if there are other old things that are actually superior yet
which won't make anyone rich. (Consider Apple removing the headphone jack
from its new phones to be Exhibit A.)
That summary may sound flippant, but it is a good explication of the path of
the tech industry over the past two decades: Some venture capital-backed
entrepreneurs jackhammer their way into a new industry, "tech"-ify it in
some way, undermine the competition and declare their new way superior once
the old is bankrupted.
Thus, rather than confine themselves to operating systems and PC software
like they did in the 1980s and 1990s, the tech industry has figured out
that the real money lies in being a middleman. By that I mean serving as
the in-between point for, say, web traffic to newspapers and magazines
(like this one); or being the go-between for taxi services, coordinating
drivers and passengers through apps. In both of these examples, the
original product isn't that different from the pre-tech world: a taxi ride,
in the latter case, a news article in the former. The difference is that a
tech behemoth takes a cut of the transaction. And also in many cases, the
labor -- the people making and producing and doing the things the tech
industry takes a slice from -- is more precarious, less well-remunerated,
and less safe than it was in the pre-tech era.
Looking at it this way, the tech industry doesn't really seem innovative at
all. Or rather, its sole innovation seems to be exploiting workers with more
cruelty, and positioning itself in the middle of more transactions.
Granted, there are certain services that have become more convenient because
of apps and smartphones -- but there is no reason that convenience must come
at the high cost that it does, besides the tech industry's insatiable lust
for profit. Here are but a few examples of how our livelihoods and our
societies have been worsened by Silicon Valley as it sinks its talons into
new industries.
Taxis
Public transit was never great in the United States, with the exception of a
few big cities like New York, and thus private taxi services were around to
supplement. Being a taxi driver was once a much-vaunted job, so much so that
a taxi medallion was perceived of as a ticket to the middle class.
Then came Uber and Lyft, who flooded the market for private transit and
undercut the taxi industry by de-skilling the industry and paying their
workers far, far less. Driving a taxi is no longer a middle class job;
once-valuable taxi medallions have become burdens for some taxi drivers.
The outlook for career taxi drivers is so dismal that an alarming number of
taxi drivers have been committing suicide.
Meanwhile, because of the precarious nature of Lyft and Uber jobs, those
drivers are frequently not vetted or under-vetted -- resulting in
significant safety concerns for passengers. And unlike a taxi back in the
old days, being a rideshare driver isn't a ticket to the middle-class at
all: a recent study of such employees revealed that most contractors use
these kinds of jobs not as their sole source of income, but as supplementary
jobs to make ends meet.
Richard D. Wolff, an economics professor at the New School in New York
City, describes gig economy companies like Uber as "winning the
competition" by taking shortcuts that "frequently endanger the public."
Regulatory agencies for taxis were created in most countries, Wolff says,
because taxi companies were historically unsafe. "Taxi companies are
required now to have insurance, training for drivers, well-inspected cars,
and other safeguards to protect the public. The cost of riding in a taxi
reflects those safeguards," Wolff said, adding:
...there's always the incentive for somebody to come in and operate, once
again, inadequately insured, inadequately maintained, inadequately vetted
drivers -- to come in with a cheaper cab service [that is] unregulated by
the taxi commission. That's all that Uber and Lyft [are]... they undercut
the old arrangement and offer cheaper and more competitive services by
cutting corners.
Home appliances
Lightbulbs have existed for around 140 years, and home refrigerators for
about 100. In that span, they haven't changed too much, besides getting more
energy-efficient, mostly because they haven't really needed to: we need to
keep food cold, and we need light. The appliances that do these things don't
really need to do much else.
Now, tech companies are putting wi-fi and Bluetooth chips in all kinds of
things that didn't used to be Internet-connected. They call it the "smart
home," and while the word is open-ended, the common thread with smart home
devices is that they can generally be monitored via an app...
https://www.salon.com/2019/05/12/silicon-valley-makes-everything-worse-four-industries-that-big-tech-has-ruined/
------------------------------
Date: Tue, 14 May 2019 10:12:10 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: "Do we need 6G wireless already? 5G engineers debate"
[On the part about standards being too early or late, early in my career,
I worked with CP/M on 8-bit micros. The version that was most widely used
was 2.2. 3.0 came out later, but too late. How many ever used it? It
had some nice features that should have been in 2.2 but were not.
However, it was late in the life of CP/M, and it was unlikely programs
would be rewritten to take advantage of the features.]
https://www.zdnet.com/article/do-we-need-6g-wireless-already-5g-engineers-debate/
The race to 6G has already begun, according to a certain head of state. This
while 5G firms in China may be helping other countries to race ahead. What
if a "6G" isn't such a good idea? By Scott Fulton III | April 25, 2019 --
12:57 GMT (05:57 PDT) | Topic: 5G 5G will be popularized via telecom
carriers and the marketing of wire-cutting services, but the biggest impact
and returns will come from connecting the Internet of things, edge computing
and analytics infrastructure with minimal latency.
selected text:
It was a minefield that attendees of the first day of sessions at Brooklyn
5G Summit 2019 on Wednesday maneuvered through: The topic of whether the
world's governmental policy makers have blown 5G wireless all out of
proportion. Representatives of the world's three principal
telecommunications equipment suppliers -- Huawei, Ericsson, and Nokia --
took the stage at NYU's Tandon School of Engineering, along with other
stakeholders in the 5G global standard.
At issue: Have the expectations of both policy makers and wireless customers
been raised so high that the development of "6G Wireless" -- until now
merely a placeholder for future discussion -- actually begins now?
"Let's be fair. Presidents of countries are saying, 'My country's going to
be the first to deploy.' The UK prime minister at the time, [David]
Cameron, said the UK is going to be the first country in Europe to deploy
5G. (He's now an ex-prime minister, but that's for a different reason.) My
point is, standardization takes time. It takes several years to write a
generation of standards. When we set about this process in 2015, there were
many, many operators saying, 'We don't need this right now. Please slow down
the standardization process! We don't need 5G, because LTE's doing fine.'
And yet when we started the three- or four-year program of writing these
standards, during that process, there was this massive acceleration, and the
political push that said, 'We want these standards right now! Why are you
so slow, 3GPP? You need to speed up!'
"My point is," Scrase wrapped up, "standards historically are either too
early or too late. It's very difficult to have standards that are perfectly
on-time. It's even more difficult when the timeline keeps shifting forwards
and backwards."
------------------------------
Date: Tue, 14 May 2019 10:29:04 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: "Over 25,000 smart Linksys routers are leaking sensitive data"
(Charlie Osborne)
Charlie Osborne for Zero Day | 14 May 2019
A security flaw grants remote access to router information.
https://www.zdnet.com/article/over-2500-smart-linksys-routers-may-leak-owners-sensitive-data/
Over 25,000 Linksys Smart Wi-Fi routers are believed to be vulnerable to
remote exploit by attackers, leading to the leak of sensitive information.
[Note that this article is about Linksys routers. The word "Huawei" does
not occur in the text. Nonetheless, if you check the article, you will
see a Huawei picture. Is this a simple mistake or propaganda? (Huawei
has been attacked by the USA, and I have not seen much evidence.) The
risks of the Web.]
------------------------------
Date: Wed, 8 May 2019 12:05:02 +0800
From: Richard Stein <rms...@ieee.org>
Subject: The Future Is Here, and It Features Hackers Getting Bombed
(Foreign Policy)
https://foreignpolicy.com/2019/05/06/the-future-is-here-and-it-features-hackers-getting-bombed/
A pinpoint accuracy, drone-delivered incentive and deterrent against hacking
Israeli infrastructure.
Only a matter of time before an equivalent commercial capability can be
purchased using virtual currency.
Risks: Target selection error, munition guidance compromise.
------------------------------
Date: Wed, 8 May 2019 12:24:39 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Ford to expand medical transport service (Detroit News)
https://www.detroitnews.com/story/business/autos/ford/2019/05/07/ford-expand-medical-transport-service/1128517001/
"Despite a critical and growing need across our country, most patients are
unable to find reliable transportation and drivers who understand their
needs. GoRide Health can fill that gap."
Well I'll be darned...silicon-driven wheels that "understands their
[patients] needs." Good spin for self-driving wheel promotion.
Risk: Without a carbon-backup driver, patient safety and evacuation assist
during an accident.
------------------------------
Date: Thu, 9 May 2019 08:54:49 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Australian $50 note typo: spelling mistake printed 46 million times
(The Guardian)
https://www.theguardian.com/australia-news/2019/may/09/australian-50-note-typo-spelling-mistake-printed-46-million-times
------------------------------
Date: Mon, 13 May 2019 08:45:38 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: SHA-1 collision attacks are now actually practical and a looming
danger (Catalin Cimpanu)
Catalin Cimpanu for Zero Day | 13 May 2019
Research duo showcases first-ever SHA-1 chosen-prefix collision attack.
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
opening text:
Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last
week with the discovery of the first-ever "chosen-prefix collision attack,"
a more practical version of the SHA-1 collision attack first carried out by
Google two years ago.
What this means is that SHA-1 collision attacks can now be carried out with
custom inputs, and they're not just accidental mishaps anymore, allowing
attackers to target certain files to duplicate and forge.
------------------------------
Date: Mon, 13 May 2019 21:37:04 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: TOCTOU Attacks Against BootGuard
Now You See It... TOCTOU Attacks Against BootGuard
"malicious and unsigned code is executed successfully, something that Boot
Guard was designed to prevent."
https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%2520-%2520Toctou%2520Attacks%20Against%20Secure%20Boot%20-%20Trammell%20Hudson%20
https://bugzilla.tianocore.org/show_bug.cgi%3Fid%3D1614
https://github.com/tianocore/edk2-staging/blob/BootGuardTocTouVulnerabilityMitigation/Readme.md
------------------------------
Date: Thu, 9 May 2019 21:50:55 +0200
From: <not.fo...@houppermans.net>
Subject: Sharp increase in ransomware attacks on Swiss SMEs
I suspect this is not a uniquely Swiss situation, but the size of the nation
makes for a better signal-to-noise ratio: it takes fewer attacks for it to
pop up on the radar.
Attacking SMEs is a fairly standard approach - they're the weak underbelly
of commerce as their size typically makes for less process driven security,
and they serve as a possible entry point to bigger fish as part of a supply
chain.
Swiss government agencies GovCERT and MELANI already have analysis online:
https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes
------------------------------
Date: Mon, 13 May 2019 12:08:45 -0400
From: ACM TechNews <technew...@acm.org>
Subject: AI Can Now Defend Itself Against Malicious Messages Hidden in Speech
(Matthew Hutson)
Matthew Hutson, *Nature*, 10 May 2019 via ACM TechNews, Monday, May 13, 2019
University of Illinois at Urbana-Champaign researchers have developed a
technique to protect artificial intelligence (AI) against deception by
adversarial examples, like audio clips. The researchers created an algorithm
that transcribes a full audio clip, as well as an independent segment of it;
the program flagged a clip as potentially compromised if transcription of
that segment did not closely correspond to the transcription of the complete
audio file. Testing revealed that the algorithm always spotted meddling in
several attack scenarios, even when the attacker was aware of the
countermeasures.
https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1fc39x21c22bx068806%26
------------------------------
Date: Sat, 11 May 2019 10:36:10 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Singlish also can, for this AI call system (The Straits Times)
https://www.straitstimes.com/singapore/singlish-also-can-for-this-ai-call-system
When traveling internationally, one is likely to encounter English spoken
with unique accents and semantic features. One example being Singapore's
Singlish. One overheard Singlish sentence at Changi Airport: "Everything so
blur" means "I am confused."
The government is developing, and will eventually deploy, a speech
recognition system that performs speech-to-text (STT) translation to assist
Singapore's civil defense force dispatchers. Singapore's four official
languages are: Mandarin, Tamil, Malay, and English.
Adding Singlish into the interpretative voice space, given 4 predecessor
languages, enlarges the STT test space. While unlikely to encounter an
emergency call that simultaneously combines words and semantics from 5
distinct languages (save for a lively UN debate), one might want to test the
STT platform with certain concurrently mixed language tuples to assess
translation outcome.
Public interest can be served by determining and disclosing how well an STT
platform responds during a cacophonous call for emergency assistance.
An AUCROC assessment -- area under curve/radar operating characteristic --
can provide a telling measure of concurrent, multi-lingual STT effectiveness
in terms of false positive/negative determinations.
Note: Thanks to Chris Elsaesser for pointing out the importance of AUCROC
measures to characterize and quantify AI platform discrimination
capabilities and limits.
------------------------------
Date: Mon, 13 May 2019 09:16:24 +0900
From: Dave Farber <far...@gmail.com>
Subject: Special issue: The global competition for AI dominance
(Bulletin of the Atomic Scientists: Vol 75, No 3)
https://ip.topicbox.com/groups/ip/Tbfe9f494f555d523-M2e1a2d75fe3cde319f025550
------------------------------
Date: Sun, 12 May 2019 16:55:38 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com)
https://www.bloomberg.com/news/articles/2019-05-06/who-to-sue-when-a-robot-loses-your-fortune
"The legal battle is a sign of what's in store as AI is incorporated into
all facets of life, from self-driving cars to virtual assistants. When the
technology misfires, where the blame lies is open to interpretation."
Risk: Overtrust (see
http://catless.ncl.ac.uk/Risks/30/94%23subj3.1
in an AI-driven, equity trading platform to out-perform market indices.
UNIX message of the day: "The way to make a small fortune in the commodities
market is to start with a large fortune."
------------------------------
Date: Fri, 10 May 2019 22:41:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: What Sony's robot dog teaches us about biometric data privacy
(CNET)
The state's Biometric Information Privacy Act prevents Sony from selling it
there.
https://www.cnet.com/news/what-sonys-robot-dog-teaches-us-about-biometric-data-privacy/
------------------------------
Date: Mon, 13 May 2019 10:57:51 +0200
From: Diego Latella <Diego....@isti.cnr.it>
Subject: New e-voting support system by Microsoft
https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting-democratic-elections-through-secure-verifiable-voting/
ElectionGuard can be used to build systems with five major benefits that
will protect the vote against tampering by anyone, and improve the voting
process for citizens and officials:
Verifiable: Allowing voters and third-party organizations to verify
election results.
Secure: Built with advanced encryption techniques developed by
Microsoft Research.
Auditable: Supporting risk-limiting audits that help assure the
accuracy of elections.
Open source: Free and flexible with the ability to be used with
off-the-shelf hardware.
Make voting better: Supporting standard accessibility tools and
improving the voting experience.
[...]
The ElectionGuard SDK will be available through GitHub beginning this
summer. We encourage the election technology community to begin building
offerings based on this technology and expect early prototypes using
ElectionGuard will be ready for piloting during the 2020 elections in the
United States, with significant deployments for subsequent election cycles.
Over time we will seek to update and improve the SDK to support additional
voting scenarios such as mail-in ballots and ranked choice voting.
Microsoft will not charge for using ElectionGuard and will not profit from
partnering with election technology suppliers that incorporate it into their
products.
------------------------------
Date: Thu, 9 May 2019 09:23:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Boeing Knew About Safety-Alert Problem for a Year Before Telling
FAA, Airlines (WSJ)
https://www.wsj.com/articles/boeing-knew-about-safety-alert-problem-for-a-year-before-telling-faa-airlines-11557087129
------------------------------
Date: Thu, 9 May 2019 09:40:46 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Unless you want your payment card data skimmed, avoid these
commerce sites (Ars Technica)
https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/
------------------------------
Date: Thu, 9 May 2019 19:45:12 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hey, Alexa: Stop recording me (WashPost)
When Alexa runs your home, Amazon tracks you in more ways than you might
want.
https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/
------------------------------
Date: Thu, 9 May 2019 09:41:33 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: "RobbinHood" ransomware takes down Baltimore City government networks
(Ars Technica)
https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/
------------------------------
Date: Fri, 10 May 2019 09:53:11 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Buying a replacement iPhone battery? Be careful you don't get
ripped off (ZDNet)
Adrian Kingsley-Hughes for Hardware 2.0 | 10 May 2019
Buying a replacement iPhone battery? Be careful you don't get ripped off
Just because you're told that the replacement iPhone battery you're buying
is new doesn't mean that it is. It could be old and worn out.
https://www.zdnet.com/article/buying-a-replacement-iphone-battery-be-careful-you-dont-get-ripped-off/
selected text:
For example, eBay is awash with iPhone battery testers that allow the
recharge cycle count to be cleared or set to a low level (and tools that can
read the recharge cycles, such as Coconut Battery, cannot tell that this
figure has been reset). Other than duping people, I'm having a hard time
coming up with a legitimate use for this feature, especially since you have
to physically remove the battery from the iPhone to do it.
------------------------------
Date: Fri, 10 May 2019 09:59:32 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Software update crashes police ankle monitors in the Netherlands
(Catalin Cimpanu)
Catalin Cimpanu for Zero Day | 10 May 2019
Borked update prevents ankle monitors from sending data back to police
control rooms.
https://www.zdnet.com/article/software-update-crashes-police-ankle-monitors-in-the-netherlands/
selected text:
A borked software update has crashed hundreds of ankle monitoring devices
used by Dutch police, Dutch government officials said today.
The issue was fixed later in the day, on Thursday; however, the Dutch
Ministry of Justice and Security had to step in and preemptively arrest and
jail some of its most high-risk suspects.
[I find this bit darkly amusing. "You're under arrest for our ankle
monitoring system crashing."?]
------------------------------
Date: Fri, 10 May 2019 14:52:03 -0400
From: =?UTF-8?Q?Jos=C3=A9_Mar=C3=ADa_Mateos?= <ch...@rinzewind.org>
Subject: Tenants win as settlement orders landlords give physical keys over
smart locks (CNET)
https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/
The physical key has prevailed over the smart lock for a group of tenants
with privacy concerns.
In a settlement released Tuesday, a judge ordered landlords of an apartment
building in New York to provide physical keys to any tenants who don't want
to use the Latch smart locks installed on the building last September.
The settlement is a first, as there's no legal precedent or legislation
deciding how landlords can use smart home technology. Since the technology
is relatively new, lawmakers haven't had time to catch up with smart home
devices, and this case in New York is one of the few legal challenges to
appear in court. It won't set a legal precedent because it's a settlement,
but it represents a win for tenants who had issues with smart locks and
landlords installing them against their will.
"This is a huge victory for these tenants and tenants throughout New York
City. These types of systems, which landlords have used to surveil, track
and intimidate tenants, have been used frequently in New York City," Michael
Kozek, the attorney representing the tenants in Manhattan, said in a
statement. "These tenants refused to accept the system, and the negative
impact it had on their lives. Hopefully they will be an inspiration for
other tenants to fight back."
------------------------------
Date: Fri, 10 May 2019 10:54:53 +0800
From: Dan Jacobson <jid...@jidanni.org>
Subject: Re: The Fight for the Right to Drive (The New Yorker via Stein)
RS> companies might require you to ... watch commercial messages displayed
on the vehicles windows."
They already do, but it is on the outside, not the inside, and it make it
tough to look out, almost impossible on rainy days etc.
https://www.brisbanetimes.com.au/national/queensland/major-security-risk-call-for-advertising-wraps-to-be-removed-from-buses-20161221-gtfvz3.html
------------------------------
Date: Thu, 9 May 2019 13:42:40 -0700
From: "Robert R. Fenichel" <b...@fenichel.net>
Subject: Re: Drug names (RISKS-31.23)
There's another level to the drug-name issue raised by Craig Burton. Each
brand-name drug you receive has three different names, not just two. [*]
First, there is the chemical _structural name_, constructed according to
strict, non-contentious international conventions. Given, for example, the
structural name (S)-1- [N 2-(1-carboxy-3- phenylpropyl)-L-lysyl]-L-proline
dihydrate, anyone with basic chemical training could draw a diagram of the
molecule..
This example, like the one given by Burton, exemplifies the ponderous nature
of structural names, so WHO has a means of assigning pronounceable _generic
names_. Generic names draw upon a growing suffix vocabulary ("vir" for
antivirals, "pine" for dihydropyridine calcium-channel blockers, "olol" for
beta-blockers, "pril" for ACE inhibitors, and so on) and then WHO tries to
coordinate generic names (for example, benazepril, captopril, enalapril,
fosinopril, lisinopril, moexipril, perindopril, quinapril, ramipril,
trandolapril are all ACE inhibitors) to minimize confusion. Some older
drugs have different generic names in different parts of the world
(adrenaline/epinephrine, meperidine/pethidine, acetaminophen/paracetamol),
but new examples of that sort are not appearing, thanks to WHO.
It doesn't stop there. The structural name that I gave above is that of
lisinopril. In North America, lisinopril is available as generic
lisinopril, as Prinivil(R), and as Zestril(R). The assignment of _brand
names_ is regulated nationally (in the US by the FDA). There is a committee
at FDA that passes on proposed names, trying to head off aural confusion.
Sometimes they turn out to have got it wrong: Omeprazole was originally
(1996) allowed to use the brand name Losec(R), but there were persistent
reports of mixups with the much-older brand name Lasix(R) (furosemide), so
approval for "Losec" was withdrawn, and Astra Zeneca had to reissue
omeprazole under another name (Prilosec(R)).
I have been out of FDA since before machine interpretation of speech became
important, but I'd be surprised to hear that the brand-name committee at FDA
is not now worrying about computer errors as well as human errors.
[* Old Possum's Book of Practical Cats: The naming of cats is a difficult
matter, for a cat must have three different names. PGN]
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.24
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.24>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Silicon Valley makes everything worse: Four industries that Big Tech has
ruined (Salon)
"Do we need 6G wireless already? 5G engineers debate" (ZDNet via GeneW)
"Over 25,000 smart Linksys routers are leaking sensitive data"
(Charlie Osborne)
The Future Is Here, and It Features Hackers Getting Bombed
(Foreign Policy)
Ford to expand medical transport service (Detroit News)
Australian $50 note typo: spelling mistake printed 46 million times
(The Guardian)
SHA-1 collision attacks are now actually practical and a looming danger
(Catalin Cimpanu)
TOCTOU Attacks Against BootGuard (PGN via sundry sources)
Sharp increase in ransomware attacks on Swiss SMEs (GovCert via
Peter Houppermans)
AI Can Now Defend Itself Against Malicious Messages Hidden in Speech
(Matthew Hutson)
Singlish also can, for this AI call system (The Straits Times)
Special issue: The global competition for AI dominance
Bulletin of the Atomic Scientists: Vol 75, No 3
Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com)
What Sony's robot dog teaches us about biometric data privacy (CNET)
New e-voting support system by Microsoft (via Diego Latella)
Boeing Knew About Safety-Alert Problem for a Year Before Telling FAA,
Airlines (WSJ)
Unless you want your payment card data skimmed, avoid these commerce sites
(Ars Technica)
Hey, Alexa: Stop recording me (WashPost)
"RobbinHood" ransomware takes down Baltimore City government networks
(Ars Technica)
Buying a replacement iPhone battery? Be careful you don't get ripped off
(ZDNet)
Software update crashes police ankle monitors in the Netherlands
(Catalin Cimpanu)
Tenants win as settlement orders landlords give physical keys over
smart locks (CNET)
Re: The Fight for the Right to Drive (Dan Jacobson)
Re: Drug names (Robert R. Fenichel)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 13 May 2019 19:35:01 -0700
From: the keyboard of geoff goodfellow <ge...@iconia.com>
Subject: Silicon Valley makes everything worse: Four industries that Big
Tech has ruined (Salon)
*The tech industry sells itself as improving our lives. So why does it seem
to always do the opposite?*
EXCERPT:
Adapted from *A People's History of Silicon Valley: How the Tech Industry
Exploits Workers, Erodes Privacy and Undermines Democracy*, by Keith A.
Spencer, on sale now from major booksellers. Eyewear Publishing, 2018.
Excerpted with permission.
The word `innovation' has become synonymous with Silicon Valley to the point
of absurdity. Indeed, the tech industry's entrepreneurs and
"thoughtfluencers" throw it around as casually as a dodgeball in a
middle-school P.E. class; what it really means is perpetually unclear and
purposefully hazy. It is vague enough to be suitable in nearly any situation
where a new product, service or "thing" is advertised as superior to the old
-- never mind if the so-called "old" thing has some distinct advantages, or
if the new thing's superiority is solely that it makes more money than the
old thing, or if there are other old things that are actually superior yet
which won't make anyone rich. (Consider Apple removing the headphone jack
from its new phones to be Exhibit A.)
That summary may sound flippant, but it is a good explication of the path of
the tech industry over the past two decades: Some venture capital-backed
entrepreneurs jackhammer their way into a new industry, "tech"-ify it in
some way, undermine the competition and declare their new way superior once
the old is bankrupted.
Thus, rather than confine themselves to operating systems and PC software
like they did in the 1980s and 1990s, the tech industry has figured out
that the real money lies in being a middleman. By that I mean serving as
the in-between point for, say, web traffic to newspapers and magazines
(like this one); or being the go-between for taxi services, coordinating
drivers and passengers through apps. In both of these examples, the
original product isn't that different from the pre-tech world: a taxi ride,
in the latter case, a news article in the former. The difference is that a
tech behemoth takes a cut of the transaction. And also in many cases, the
labor -- the people making and producing and doing the things the tech
industry takes a slice from -- is more precarious, less well-remunerated,
and less safe than it was in the pre-tech era.
Looking at it this way, the tech industry doesn't really seem innovative at
all. Or rather, its sole innovation seems to be exploiting workers with more
cruelty, and positioning itself in the middle of more transactions.
Granted, there are certain services that have become more convenient because
of apps and smartphones -- but there is no reason that convenience must come
at the high cost that it does, besides the tech industry's insatiable lust
for profit. Here are but a few examples of how our livelihoods and our
societies have been worsened by Silicon Valley as it sinks its talons into
new industries.
Taxis
Public transit was never great in the United States, with the exception of a
few big cities like New York, and thus private taxi services were around to
supplement. Being a taxi driver was once a much-vaunted job, so much so that
a taxi medallion was perceived of as a ticket to the middle class.
Then came Uber and Lyft, who flooded the market for private transit and
undercut the taxi industry by de-skilling the industry and paying their
workers far, far less. Driving a taxi is no longer a middle class job;
once-valuable taxi medallions have become burdens for some taxi drivers.
The outlook for career taxi drivers is so dismal that an alarming number of
taxi drivers have been committing suicide.
Meanwhile, because of the precarious nature of Lyft and Uber jobs, those
drivers are frequently not vetted or under-vetted -- resulting in
significant safety concerns for passengers. And unlike a taxi back in the
old days, being a rideshare driver isn't a ticket to the middle-class at
all: a recent study of such employees revealed that most contractors use
these kinds of jobs not as their sole source of income, but as supplementary
jobs to make ends meet.
Richard D. Wolff, an economics professor at the New School in New York
City, describes gig economy companies like Uber as "winning the
competition" by taking shortcuts that "frequently endanger the public."
Regulatory agencies for taxis were created in most countries, Wolff says,
because taxi companies were historically unsafe. "Taxi companies are
required now to have insurance, training for drivers, well-inspected cars,
and other safeguards to protect the public. The cost of riding in a taxi
reflects those safeguards," Wolff said, adding:
...there's always the incentive for somebody to come in and operate, once
again, inadequately insured, inadequately maintained, inadequately vetted
drivers -- to come in with a cheaper cab service [that is] unregulated by
the taxi commission. That's all that Uber and Lyft [are]... they undercut
the old arrangement and offer cheaper and more competitive services by
cutting corners.
Home appliances
Lightbulbs have existed for around 140 years, and home refrigerators for
about 100. In that span, they haven't changed too much, besides getting more
energy-efficient, mostly because they haven't really needed to: we need to
keep food cold, and we need light. The appliances that do these things don't
really need to do much else.
Now, tech companies are putting wi-fi and Bluetooth chips in all kinds of
things that didn't used to be Internet-connected. They call it the "smart
home," and while the word is open-ended, the common thread with smart home
devices is that they can generally be monitored via an app...
https://www.salon.com/2019/05/12/silicon-valley-makes-everything-worse-four-industries-that-big-tech-has-ruined/
------------------------------
Date: Tue, 14 May 2019 10:12:10 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: "Do we need 6G wireless already? 5G engineers debate"
[On the part about standards being too early or late, early in my career,
I worked with CP/M on 8-bit micros. The version that was most widely used
was 2.2. 3.0 came out later, but too late. How many ever used it? It
had some nice features that should have been in 2.2 but were not.
However, it was late in the life of CP/M, and it was unlikely programs
would be rewritten to take advantage of the features.]
https://www.zdnet.com/article/do-we-need-6g-wireless-already-5g-engineers-debate/
The race to 6G has already begun, according to a certain head of state. This
while 5G firms in China may be helping other countries to race ahead. What
if a "6G" isn't such a good idea? By Scott Fulton III | April 25, 2019 --
12:57 GMT (05:57 PDT) | Topic: 5G 5G will be popularized via telecom
carriers and the marketing of wire-cutting services, but the biggest impact
and returns will come from connecting the Internet of things, edge computing
and analytics infrastructure with minimal latency.
selected text:
It was a minefield that attendees of the first day of sessions at Brooklyn
5G Summit 2019 on Wednesday maneuvered through: The topic of whether the
world's governmental policy makers have blown 5G wireless all out of
proportion. Representatives of the world's three principal
telecommunications equipment suppliers -- Huawei, Ericsson, and Nokia --
took the stage at NYU's Tandon School of Engineering, along with other
stakeholders in the 5G global standard.
At issue: Have the expectations of both policy makers and wireless customers
been raised so high that the development of "6G Wireless" -- until now
merely a placeholder for future discussion -- actually begins now?
"Let's be fair. Presidents of countries are saying, 'My country's going to
be the first to deploy.' The UK prime minister at the time, [David]
Cameron, said the UK is going to be the first country in Europe to deploy
5G. (He's now an ex-prime minister, but that's for a different reason.) My
point is, standardization takes time. It takes several years to write a
generation of standards. When we set about this process in 2015, there were
many, many operators saying, 'We don't need this right now. Please slow down
the standardization process! We don't need 5G, because LTE's doing fine.'
And yet when we started the three- or four-year program of writing these
standards, during that process, there was this massive acceleration, and the
political push that said, 'We want these standards right now! Why are you
so slow, 3GPP? You need to speed up!'
"My point is," Scrase wrapped up, "standards historically are either too
early or too late. It's very difficult to have standards that are perfectly
on-time. It's even more difficult when the timeline keeps shifting forwards
and backwards."
------------------------------
Date: Tue, 14 May 2019 10:29:04 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: "Over 25,000 smart Linksys routers are leaking sensitive data"
(Charlie Osborne)
Charlie Osborne for Zero Day | 14 May 2019
A security flaw grants remote access to router information.
https://www.zdnet.com/article/over-2500-smart-linksys-routers-may-leak-owners-sensitive-data/
Over 25,000 Linksys Smart Wi-Fi routers are believed to be vulnerable to
remote exploit by attackers, leading to the leak of sensitive information.
[Note that this article is about Linksys routers. The word "Huawei" does
not occur in the text. Nonetheless, if you check the article, you will
see a Huawei picture. Is this a simple mistake or propaganda? (Huawei
has been attacked by the USA, and I have not seen much evidence.) The
risks of the Web.]
------------------------------
Date: Wed, 8 May 2019 12:05:02 +0800
From: Richard Stein <rms...@ieee.org>
Subject: The Future Is Here, and It Features Hackers Getting Bombed
(Foreign Policy)
https://foreignpolicy.com/2019/05/06/the-future-is-here-and-it-features-hackers-getting-bombed/
A pinpoint accuracy, drone-delivered incentive and deterrent against hacking
Israeli infrastructure.
Only a matter of time before an equivalent commercial capability can be
purchased using virtual currency.
Risks: Target selection error, munition guidance compromise.
------------------------------
Date: Wed, 8 May 2019 12:24:39 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Ford to expand medical transport service (Detroit News)
https://www.detroitnews.com/story/business/autos/ford/2019/05/07/ford-expand-medical-transport-service/1128517001/
"Despite a critical and growing need across our country, most patients are
unable to find reliable transportation and drivers who understand their
needs. GoRide Health can fill that gap."
Well I'll be darned...silicon-driven wheels that "understands their
[patients] needs." Good spin for self-driving wheel promotion.
Risk: Without a carbon-backup driver, patient safety and evacuation assist
during an accident.
------------------------------
Date: Thu, 9 May 2019 08:54:49 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Australian $50 note typo: spelling mistake printed 46 million times
(The Guardian)
https://www.theguardian.com/australia-news/2019/may/09/australian-50-note-typo-spelling-mistake-printed-46-million-times
------------------------------
Date: Mon, 13 May 2019 08:45:38 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: SHA-1 collision attacks are now actually practical and a looming
danger (Catalin Cimpanu)
Catalin Cimpanu for Zero Day | 13 May 2019
Research duo showcases first-ever SHA-1 chosen-prefix collision attack.
https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
opening text:
Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last
week with the discovery of the first-ever "chosen-prefix collision attack,"
a more practical version of the SHA-1 collision attack first carried out by
Google two years ago.
What this means is that SHA-1 collision attacks can now be carried out with
custom inputs, and they're not just accidental mishaps anymore, allowing
attackers to target certain files to duplicate and forge.
------------------------------
Date: Mon, 13 May 2019 21:37:04 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: TOCTOU Attacks Against BootGuard
Now You See It... TOCTOU Attacks Against BootGuard
"malicious and unsigned code is executed successfully, something that Boot
Guard was designed to prevent."
https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%2520-%2520Toctou%2520Attacks%20Against%20Secure%20Boot%20-%20Trammell%20Hudson%20
https://bugzilla.tianocore.org/show_bug.cgi%3Fid%3D1614
https://github.com/tianocore/edk2-staging/blob/BootGuardTocTouVulnerabilityMitigation/Readme.md
------------------------------
Date: Thu, 9 May 2019 21:50:55 +0200
From: <not.fo...@houppermans.net>
Subject: Sharp increase in ransomware attacks on Swiss SMEs
I suspect this is not a uniquely Swiss situation, but the size of the nation
makes for a better signal-to-noise ratio: it takes fewer attacks for it to
pop up on the radar.
Attacking SMEs is a fairly standard approach - they're the weak underbelly
of commerce as their size typically makes for less process driven security,
and they serve as a possible entry point to bigger fish as part of a supply
chain.
Swiss government agencies GovCERT and MELANI already have analysis online:
https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes
------------------------------
Date: Mon, 13 May 2019 12:08:45 -0400
From: ACM TechNews <technew...@acm.org>
Subject: AI Can Now Defend Itself Against Malicious Messages Hidden in Speech
(Matthew Hutson)
Matthew Hutson, *Nature*, 10 May 2019 via ACM TechNews, Monday, May 13, 2019
University of Illinois at Urbana-Champaign researchers have developed a
technique to protect artificial intelligence (AI) against deception by
adversarial examples, like audio clips. The researchers created an algorithm
that transcribes a full audio clip, as well as an independent segment of it;
the program flagged a clip as potentially compromised if transcription of
that segment did not closely correspond to the transcription of the complete
audio file. Testing revealed that the algorithm always spotted meddling in
several attack scenarios, even when the attacker was aware of the
countermeasures.
https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1fc39x21c22bx068806%26
------------------------------
Date: Sat, 11 May 2019 10:36:10 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Singlish also can, for this AI call system (The Straits Times)
https://www.straitstimes.com/singapore/singlish-also-can-for-this-ai-call-system
When traveling internationally, one is likely to encounter English spoken
with unique accents and semantic features. One example being Singapore's
Singlish. One overheard Singlish sentence at Changi Airport: "Everything so
blur" means "I am confused."
The government is developing, and will eventually deploy, a speech
recognition system that performs speech-to-text (STT) translation to assist
Singapore's civil defense force dispatchers. Singapore's four official
languages are: Mandarin, Tamil, Malay, and English.
Adding Singlish into the interpretative voice space, given 4 predecessor
languages, enlarges the STT test space. While unlikely to encounter an
emergency call that simultaneously combines words and semantics from 5
distinct languages (save for a lively UN debate), one might want to test the
STT platform with certain concurrently mixed language tuples to assess
translation outcome.
Public interest can be served by determining and disclosing how well an STT
platform responds during a cacophonous call for emergency assistance.
An AUCROC assessment -- area under curve/radar operating characteristic --
can provide a telling measure of concurrent, multi-lingual STT effectiveness
in terms of false positive/negative determinations.
Note: Thanks to Chris Elsaesser for pointing out the importance of AUCROC
measures to characterize and quantify AI platform discrimination
capabilities and limits.
------------------------------
Date: Mon, 13 May 2019 09:16:24 +0900
From: Dave Farber <far...@gmail.com>
Subject: Special issue: The global competition for AI dominance
(Bulletin of the Atomic Scientists: Vol 75, No 3)
https://ip.topicbox.com/groups/ip/Tbfe9f494f555d523-M2e1a2d75fe3cde319f025550
------------------------------
Date: Sun, 12 May 2019 16:55:38 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com)
https://www.bloomberg.com/news/articles/2019-05-06/who-to-sue-when-a-robot-loses-your-fortune
"The legal battle is a sign of what's in store as AI is incorporated into
all facets of life, from self-driving cars to virtual assistants. When the
technology misfires, where the blame lies is open to interpretation."
Risk: Overtrust (see
http://catless.ncl.ac.uk/Risks/30/94%23subj3.1
in an AI-driven, equity trading platform to out-perform market indices.
UNIX message of the day: "The way to make a small fortune in the commodities
market is to start with a large fortune."
------------------------------
Date: Fri, 10 May 2019 22:41:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: What Sony's robot dog teaches us about biometric data privacy
(CNET)
The state's Biometric Information Privacy Act prevents Sony from selling it
there.
https://www.cnet.com/news/what-sonys-robot-dog-teaches-us-about-biometric-data-privacy/
------------------------------
Date: Mon, 13 May 2019 10:57:51 +0200
From: Diego Latella <Diego....@isti.cnr.it>
Subject: New e-voting support system by Microsoft
https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting-democratic-elections-through-secure-verifiable-voting/
ElectionGuard can be used to build systems with five major benefits that
will protect the vote against tampering by anyone, and improve the voting
process for citizens and officials:
Verifiable: Allowing voters and third-party organizations to verify
election results.
Secure: Built with advanced encryption techniques developed by
Microsoft Research.
Auditable: Supporting risk-limiting audits that help assure the
accuracy of elections.
Open source: Free and flexible with the ability to be used with
off-the-shelf hardware.
Make voting better: Supporting standard accessibility tools and
improving the voting experience.
[...]
The ElectionGuard SDK will be available through GitHub beginning this
summer. We encourage the election technology community to begin building
offerings based on this technology and expect early prototypes using
ElectionGuard will be ready for piloting during the 2020 elections in the
United States, with significant deployments for subsequent election cycles.
Over time we will seek to update and improve the SDK to support additional
voting scenarios such as mail-in ballots and ranked choice voting.
Microsoft will not charge for using ElectionGuard and will not profit from
partnering with election technology suppliers that incorporate it into their
products.
------------------------------
Date: Thu, 9 May 2019 09:23:56 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Boeing Knew About Safety-Alert Problem for a Year Before Telling
FAA, Airlines (WSJ)
https://www.wsj.com/articles/boeing-knew-about-safety-alert-problem-for-a-year-before-telling-faa-airlines-11557087129
------------------------------
Date: Thu, 9 May 2019 09:40:46 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Unless you want your payment card data skimmed, avoid these
commerce sites (Ars Technica)
https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/
------------------------------
Date: Thu, 9 May 2019 19:45:12 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Hey, Alexa: Stop recording me (WashPost)
When Alexa runs your home, Amazon tracks you in more ways than you might
want.
https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/
------------------------------
Date: Thu, 9 May 2019 09:41:33 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: "RobbinHood" ransomware takes down Baltimore City government networks
(Ars Technica)
https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/
------------------------------
Date: Fri, 10 May 2019 09:53:11 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Buying a replacement iPhone battery? Be careful you don't get
ripped off (ZDNet)
Adrian Kingsley-Hughes for Hardware 2.0 | 10 May 2019
Buying a replacement iPhone battery? Be careful you don't get ripped off
Just because you're told that the replacement iPhone battery you're buying
is new doesn't mean that it is. It could be old and worn out.
https://www.zdnet.com/article/buying-a-replacement-iphone-battery-be-careful-you-dont-get-ripped-off/
selected text:
For example, eBay is awash with iPhone battery testers that allow the
recharge cycle count to be cleared or set to a low level (and tools that can
read the recharge cycles, such as Coconut Battery, cannot tell that this
figure has been reset). Other than duping people, I'm having a hard time
coming up with a legitimate use for this feature, especially since you have
to physically remove the battery from the iPhone to do it.
------------------------------
Date: Fri, 10 May 2019 09:59:32 -0700
From: Gene Wirchenko <ge...@shaw.ca>
Subject: Software update crashes police ankle monitors in the Netherlands
(Catalin Cimpanu)
Catalin Cimpanu for Zero Day | 10 May 2019
Borked update prevents ankle monitors from sending data back to police
control rooms.
https://www.zdnet.com/article/software-update-crashes-police-ankle-monitors-in-the-netherlands/
selected text:
A borked software update has crashed hundreds of ankle monitoring devices
used by Dutch police, Dutch government officials said today.
The issue was fixed later in the day, on Thursday; however, the Dutch
Ministry of Justice and Security had to step in and preemptively arrest and
jail some of its most high-risk suspects.
[I find this bit darkly amusing. "You're under arrest for our ankle
monitoring system crashing."?]
------------------------------
Date: Fri, 10 May 2019 14:52:03 -0400
From: =?UTF-8?Q?Jos=C3=A9_Mar=C3=ADa_Mateos?= <ch...@rinzewind.org>
Subject: Tenants win as settlement orders landlords give physical keys over
smart locks (CNET)
https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/
The physical key has prevailed over the smart lock for a group of tenants
with privacy concerns.
In a settlement released Tuesday, a judge ordered landlords of an apartment
building in New York to provide physical keys to any tenants who don't want
to use the Latch smart locks installed on the building last September.
The settlement is a first, as there's no legal precedent or legislation
deciding how landlords can use smart home technology. Since the technology
is relatively new, lawmakers haven't had time to catch up with smart home
devices, and this case in New York is one of the few legal challenges to
appear in court. It won't set a legal precedent because it's a settlement,
but it represents a win for tenants who had issues with smart locks and
landlords installing them against their will.
"This is a huge victory for these tenants and tenants throughout New York
City. These types of systems, which landlords have used to surveil, track
and intimidate tenants, have been used frequently in New York City," Michael
Kozek, the attorney representing the tenants in Manhattan, said in a
statement. "These tenants refused to accept the system, and the negative
impact it had on their lives. Hopefully they will be an inspiration for
other tenants to fight back."
------------------------------
Date: Fri, 10 May 2019 10:54:53 +0800
From: Dan Jacobson <jid...@jidanni.org>
Subject: Re: The Fight for the Right to Drive (The New Yorker via Stein)
RS> companies might require you to ... watch commercial messages displayed
on the vehicles windows."
They already do, but it is on the outside, not the inside, and it make it
tough to look out, almost impossible on rainy days etc.
https://www.brisbanetimes.com.au/national/queensland/major-security-risk-call-for-advertising-wraps-to-be-removed-from-buses-20161221-gtfvz3.html
------------------------------
Date: Thu, 9 May 2019 13:42:40 -0700
From: "Robert R. Fenichel" <b...@fenichel.net>
Subject: Re: Drug names (RISKS-31.23)
There's another level to the drug-name issue raised by Craig Burton. Each
brand-name drug you receive has three different names, not just two. [*]
First, there is the chemical _structural name_, constructed according to
strict, non-contentious international conventions. Given, for example, the
structural name (S)-1- [N 2-(1-carboxy-3- phenylpropyl)-L-lysyl]-L-proline
dihydrate, anyone with basic chemical training could draw a diagram of the
molecule..
This example, like the one given by Burton, exemplifies the ponderous nature
of structural names, so WHO has a means of assigning pronounceable _generic
names_. Generic names draw upon a growing suffix vocabulary ("vir" for
antivirals, "pine" for dihydropyridine calcium-channel blockers, "olol" for
beta-blockers, "pril" for ACE inhibitors, and so on) and then WHO tries to
coordinate generic names (for example, benazepril, captopril, enalapril,
fosinopril, lisinopril, moexipril, perindopril, quinapril, ramipril,
trandolapril are all ACE inhibitors) to minimize confusion. Some older
drugs have different generic names in different parts of the world
(adrenaline/epinephrine, meperidine/pethidine, acetaminophen/paracetamol),
but new examples of that sort are not appearing, thanks to WHO.
It doesn't stop there. The structural name that I gave above is that of
lisinopril. In North America, lisinopril is available as generic
lisinopril, as Prinivil(R), and as Zestril(R). The assignment of _brand
names_ is regulated nationally (in the US by the FDA). There is a committee
at FDA that passes on proposed names, trying to head off aural confusion.
Sometimes they turn out to have got it wrong: Omeprazole was originally
(1996) allowed to use the brand name Losec(R), but there were persistent
reports of mixups with the much-older brand name Lasix(R) (furosemide), so
approval for "Losec" was withdrawn, and Astra Zeneca had to reissue
omeprazole under another name (Prilosec(R)).
I have been out of FDA since before machine interpretation of speech became
important, but I'd be surprised to hear that the brand-name committee at FDA
is not now worrying about computer errors as well as human errors.
[* Old Possum's Book of Practical Cats: The naming of cats is a difficult
matter, for a cat must have three different names. PGN]
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.24
************************
0 new messages