Risks Digest 33.10

Skip to first unread message

RISKS List Owner

Mar 21, 2022, 2:22:16 PMMar 21
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Monday 21 March 2022 Volume 33 : Issue 10

Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can also be found at

It's 70 degrees warmer than normal in eastern Antarctica. Scientists are
flabbergasted. (MSN)
Russia Faces IT Crisis with Just 2 Months of Data Storage Left (Bill Toulas)
Huge DDoS attack temporarily kicks Israeli government sites offline
(The Register)
Unix Rootkit Used to Steal ATM Banking Data (Two items combined)
Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the Wild
(Dan Goodin)
Legislation to require hand-counting of ballots? (Douglas W. Jones)
When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe)
The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD)
Find You: Building a stealth AirTag clone (Positive Security)
Tired of Waiting for Driverless Vehicles? Head to a Farm (Scott McFetridge)
*Time* Releases Full Magazine Issue as NFT on the Blockchain" (Time)
Beware of QR Code Scams (Heidi Mitchell)
Drone swarm forms clickable QR code (Hollywood Reporter)
Re: Senate passes permanent Daylight Saving Time (John Levine)
One problem with permanent daylight saving time: Geography
(Lauren Weinstein)
Re: MMS spam? (Jay Libove, Rob Slade)
Re: Farewell Honeychild (Charles Jackson)
Abridged info on RISKS (comp.risks)


Date: Sat, 19 Mar 2022 14:49:38 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: It's 70 degrees warmer than normal in eastern Antarctica.
Scientists are flabbergasted. (MSN)

The coldest location on the planet has experienced an episode of warm
weather this week unlike any ever observed, with temperatures over the
eastern Antarctic ice sheet soaring 50 to 90 degrees above normal. The
warmth has smashed records and shocked scientists.

This event is completely unprecedented and upended our expectations about
the Antarctic climate system, said Jonathan Wille, a researcher studying
polar meteorology at Universite Grenoble Alpes in France, in an email.

Antarctic climatology has been rewritten, tweeted Stefano Di Battista,
a researcher who has published studies on Antarctic temperatures. He
added that such temperature anomalies would have been considered
impossible and unthinkable before they actually occurred.

Parts of eastern Antarctica have seen temperatures hover 70 degrees
(40 Celsius) above normal for three days and counting, Wille said. He
likened the event to the June heat wave in the Pacific Northwest,
which scientists concluded would have been virtually impossible
without human-caused climate change.

What is considered warm over the frozen, barren confines of eastern
Antarctica is, of course, relative. Instead of temperatures being
minus-50 or minus-60 degrees (minus-45 or minus-51 Celsius), they've
been closer to zero or 10 degrees (minus-18 Celsius or minus-12
Celsius) -- but that's a massive heat wave by Antarctic standards. [...]



Date: Wed, 16 Mar 2022 12:08:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Russia Faces IT Crisis with Just 2 Months of Data Storage Left
(Bill Toulas)

Bill Toulas, BleepingComputer, Ides of March 2022,
via ACM TechNews, 16 Mar 2022

The withdrawal of Western cloud computing companies from Russia has left the
country with roughly two months of information technology (IT) data storage.
Russian news outlet *Kommersant* says the situation is compounded by
exponential growth of public Russian agencies' storage needs due to Smart
City projects entailing extensive video-surveillance and facial-recognition
systems. Options proposed at a meeting of the Ministry of Digital
Transformation Solutions include leasing all available domestic data storage
or mandating that Internet service providers ditch media streaming services
and other online entertainment platforms. Russia also could seize IT servers
and storage left behind by exiting businesses and incorporate them into
public infrastructure. The last option would be to use Chinese cloud service
providers and IT system sellers, although China has not yet decided how much
aid it is willing to provide.



Date: Wed, 16 Mar 2022 09:16:49 +0200
From: Mike Rechtman <mi...@rechtman.com>
Subject: Huge DDoS attack temporarily kicks Israeli government sites offline
(The Register)

A state of emergency is declared as officials assess the damage and look for
15 Mar 2022 // 17:12 UTC

A massive distributed denial-of-service (DDoS) attack forced Israeli
officials Monday to temporarily take down several government websites and to
declare a state of online emergency to assess the damage and begin
investigating who was behind the incident.

In a tweet, the Israel National Cyber Directorate said it had detected the
DDoS attack against a communications provider and that several websites had
been taken down, though all have since resumed normal activity.

According to Internet watchdog NetBlocks, the attacks targeted Israeli
telecom providers Bezeq and Cellcom and hit multiple networks run by the


Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Unix Rootkit Used to Steal ATM Banking Data (Two items combined)

Bill Toulas, BleepingComputer, 17 Mar 2022

Researchers at the cybersecurity firm Mandiant found that the LightBasin
hacking group is using a previously unknown Unix rootkit to steal ATM
banking data and make unauthorized cash withdrawals from ATM terminals at
several banks. The rootkit, a Unix kernel module called "Caketap," affects
servers running the Oracle Solaris operating system, hiding network
connections, processes, and files while installing several hooks into system
functions to receive remote commands and configurations. Caketap intercepts
messages sent to the Payment Hardware Security Module (HSM), used by the
banking industry to verify bank card information, to stop verification
messages that match fraudulent bank cards and instead generate a valid
response. It also internally saves valid messages that match non-fraudulent
primary account numbers and sends them to the HSM to avoid impacting routine
customer transactions and implant operations.

ALSO: Drew Harwell, *The Washington Post* 17 Mar 2022

Computer programmers and volunteer "information warriors" are attempting to
counter Russian propaganda and information suppression concerning the
Ukraine invasion. A Website built by the squad303 coder group shows a
randomly selected Russian citizen's email address and phone or WhatsApp
number, and provides a pre-written message visitors can send to engage in a
dialogue. A Polish programmer said he works with more than 100 volunteers
from the U.S., Estonia, France, Germany, and more, divided into teams
focused on software development, cyberdefense, social media, and a help desk
to onboard new messengers. Western social media companies and media outlets
also have started helping Russians bypass government censorship by using Tor
software, which directs online traffic through a scattered network of
servers, neutralizing Russia's Website blockade. Market research data
indicates virtual private network applications, which enable Russians to
access otherwise-banned sites, have been downloaded millions of times on the
Apple and Google app stores.


Date: Wed, 16 Mar 2022 12:08:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the
Wild (Dan Goodin)

Dan Goodin, Ars Technica, 14 Mar 2022,
via ACM TechNews, 16 Mar 2022

Researcher Hanno B=F6ck said he used a 379-year-old algorithm described by
French mathematician Pierre de Fermat to break a handful of weak
cryptographic keys found in the wild. The keys were generated with older
software owned by technology company Rambus, derived from a basic version of
the SafeZone Crypto Libraries. B=F6ck said the SafeZone library
insufficiently randomized the two prime numbers it used to generate RSA
keys, and Fermat's factorization method can crack such keys easily. The
algorithm was based on the fact that any odd number can be expressed as the
difference between two squares, and factors near that number's root are
easily and quickly calculable. B=F6ck thinks all the keys he found in the
wild were generated using software or methods unaffiliated with the SafeZone
library, which if true means the Fermat algorithm might easily break keys
crafted by other software.


[You gotta be very Ferm-at avoiding such primes. PGN]


Date: Sun, 20 Mar 2022 11:49:09 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: Legislation to require hand-counting of ballots? (Douglas W. Jones)

My long-time colleague (Prof.) Doug Jones (not the politician) has
published an op-ed relating to recent attempts to abandon ballot
scanners in favor of hand-counting ballots. It is in The Des Moines
Register. This is worth reading.


[Hand-counting is more easily rigged? PGN]


Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe)

Adam Zewe, MIT News, 15 Mar 2022

Massachusetts Institute of Technology (MIT) researchers have demonstrated
the use of a generative machine-learning model to produce synthetic data,
based on real data, to train another model for image classification.
Researchers showed the generative model millions of images containing
objects in a specific class, after which it learned those objects'
appearance in order to generate similar objects. MIT's Ali Jahanian said
generative models also learn how to transform underlying training data, and
connecting a pre-trained generative model to a contrastive learning model
enabled both models to work together automatically. The results show that a
contrastive representation learning model trained only on synthetic data can
learn visual representations that rival or top those learned from real
data. In analyzing how the number of samples influenced the model's
performance, researchers determined that, in some cases, generating larger
numbers of unique samples facilitated additional enhancements.

[RISKS: Is this just kicking the can down the road, because The
training-data model may be biased. PGN]


Date: Sun, 20 Mar 2022 21:57:26 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD)

The agreement may provoke a global data storage melee and more politically
motivated intervention in the tech sector.

In August 2020, President Donald Trump dropped a bombshell executive order
banning TikTok in the United States. Since then, as TikTok has competed
against other Big Tech companies -- growing among teen users while Facebook
and others have struggled -- its ability to survive in the United States has
remained under a cloud of uncertainty. Would regulators step in and kill off
a product that had become a staple form of communication for some 100
million Americans?

That cloud seemed to lift last week in the wake of reports that TikTok will
enter into a data storage deal with Oracle. In the short term, the agreement
would be good for U.S. users, enabling TikTok to invest more of its
resources and energy into improving its product, rather than wrestling with
the government.

But in the long run, the forecast looks bleaker. The deal would establish
precedents likely to harm technology companies and their users. [...]

However, the agreement is almost certain to provide momentum to foreign
governments who want to do exactly what the United States is doing: require
companies to store data within their borders. Numerous countries have pushed
these types of data localization requirements over the last decade,
including Russia, India, and France. In response, the tech sector has made
the case that this approach to data storage creates privacy risks, degrades
performance, and imposes compliance costs that make it harder for small
companies to compete.

If the U.S. government succeeds in forcing TikTok to enter this local
data-storing arrangement with Oracle, other governments will be more likely
to impose comparable requirements on U.S. companies operating within their
borders. A principle that might be appealing to TikTok’s critics in the
United States could seem much less desirable if it were applied to Apple,
Meta, or Snap in countries like China or Russia. The war in Ukraine has
highlighted why countries like Russia want to use localization to exert more
control over global tech companies, and also why it’s so important that
local data storage requirements remain the exception rather than the norm.



Date: Sun, 20 Mar 2022 22:11:15 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Find You: Building a stealth AirTag clone (Positive Security)

* After AirTags are reportedly used more and more frequently for malicious
purposes, Apple has published a statement that lists its current and
future efforts to prevent misuse.

* We built an AirTag clone that bypasses all those tracking protection
features and confirmed it working in a real-world experiment (source code
available here).

* We encourage Apple to include AirTag clones/modified AirTags into their
threat model when planning the next changes to the Find My ecosystem.



Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Tired of Waiting for Driverless Vehicles? Head to a Farm
(Scott McFetridge)

Scott McFetridge, Associated Press, 16 Mar 2022

Driverless vehicles are more abundant on farms than city streets, with John
Deere to start manufacturing autonomous tractors this fall after more than
10 years in development. The company intends to run the tractors on 10 to 50
farms by fall, before expanding to more farms in the coming years. Carnegie
Mellon University's Raj Rajkumar said autonomous tractors have no vehicles,
pedestrians, or intricacies of urban systems to deal with, and they can
employ consistent global-positioning system data. Farmers can hitch a plow
behind the driverless tractor, start it with a swipe of a smartphone, and
then leave it to travel the field on its own. The machine has six pairs of
cameras that can provide a 360-degree image, and computer algorithms help it
to navigate and stop before unfamiliar obstacles.

[If it its uses are off-road only, that means safety standards tend to be
considerably reduced? That's the way off-road equipment works now,
although it might need a trailer to go from one farm to another. PGN]


Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: *Time* Releases Full Magazine Issue as NFT on the Blockchain" (Time)

*Time*, 18 MAr 2022

*Time* magazine will publish the first fully decentralized magazine issue,
available on March 23 as a non-fungible token (NFT) on the blockchain.
Created in partnership with LITDAO, a Web3 cultural currency and NFT
project, the issue will be hosted through a decentralized protocol, with
readers accessing the magazine through an interactive NFT. With support from
the global Internet finance firm Circle, the issue, which will feature a
cover story on Ethereum's Vitalik Buterin, will be airdropped to certain
TIMEPiece and genesis LIT community wallet holders. "As *Time* continues to
push the boundaries as to what is possible within the Web3 ecosystem,
producing the first-ever full magazine on the blockchain seemed like a
natural extension for our brand, and we knew this issue, in particular,
would be cherished by our community," said *Time~'s Keith A. Grossman.


Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Beware of QR Code Scams (Heidi Mitchell)

Heidi Mitchell, *The Wall Street Journal*, 19 Mar 2022

Security researchers warn of the growing threat of fraudulent quick response
(QR) codes, including some affixed to parking meters in Texas cities that
tricked drivers into entering their credit-card data at a bogus Website.
Although the Better Business Bureau's Scam Tracker site lists just 46 QR
code-related attacks in the U.S. since March 2020, link-management service
Bit.ly has observed a 750% increase in QR-code downloads since then. Most
smartphones "just read the code and open the link without ensuring that it
is safe or that it is, in fact, what it says it is," said Justin Fier at
artificial intelligence cybersecurity firm Darktrace. Skilled attackers also
can use a QR code to send users to a spoof site, then hand over the
information they enter to the genuine site. Symantec's Eric Chien suggests
either avoiding QR codes that are stuck on devices or installing QR-code
scanner applications.

[See RISKS-33.02-04. PGN]


Date: Wed, 16 Mar 2022 17:47:35 +0200
From: Amos Shapir <amo...@gmail.com>
Subject: Drone swarm forms clickable QR code (Hollywood Reporter)

In a publicity stunt for a TV series, 400 drones formed a huge QR code
square in the sky over Austin, Texas, which linked to the series' trailer

Yet another way to make people click on links to sites they never intended
to visit.

Full story at:


Date: 16 Mar 2022 14:39:22 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Senate passes permanent Daylight Saving Time (RISKS-33.09)

There were claims that there might be more accidents, but no evidence that
there actually were.


Here in the frozen north, in January the sun rises at 7:30 or later so a lot
of kids wait for the bus in the dark with or without daylight time.


Date: Mon, 21 Mar 2022 09:48:13 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: One problem with permanent daylight saving time: Geography

It's pretty much always the case that anything Congress does in a
hurry hasn't been thought out. Often not thinking things through is
one of Congress' most obvious attributes. -L



Date: Wed, 16 Mar 2022 08:10:31 +0000
From: Jay Libove <lib...@felines.org>
Subject: Re: MMS spam?

In re: Rob Slade's question about MMS spam, I've seen some mobile phone
based messaging clients that, by default, "upgrade" messages which are too
long to fit in a single (or in a consecutive set of up to five) SMS text
messages, or which contain non-SMS-compatible content, to MMS. That is of
course a horrible default, because MMS messages tend to have ridiculous
costs, of which the user is unlikely to be consciously aware at the moment
that their messaging software "helpfully" ensures delivery .. at a cost of
$1.00 or so both to themself and probably also to each recipient. Rob, ask
your correspondent to take a look at the settings of their messaging app in
which the finally-resulted-as-MMS message was sent. -Jay


Date: Mon, 7 Mar 2022 07:21:29 -0800
From: Rob Slade <rsl...@gmail.com<mailto:rsl...@gmail.com>>
Subject: Re: MMS spam?

I have been receiving a lot of MMS (as opposed to SMS, normal text) messages
on my phones recently. One of the phones doesn't have a data plan, so I
don't get to see what the messages are. (Yes, yes, I *know* the cell
companies promise that their plans allow you unlimited voice, video, and
pictures "text" messages. They lie.) I have generally despaired of trying
to get people to realize the difference between SMS and MMS messages, and
the incompatibilities that make MMS messages unreliable even if you do have
the phone and cell/mobile data plan to support them.

However, a few days ago I got an MMS message from someone who *is*
technically competent, and, when I challenged him, he denied sending any
such message. Given that he would know, and the increase in numbers, I am
wondering if there is some new spamming campaign utilizing MMS messages.

Anybody heard/seen anything along these lines?


Date: Tue, 15 Mar 2022 21:15:11 -0400
From: Charles Jackson <c...@jacksons.net>
Subject: Re: Farewell Honeychild (PGN, RISKS-33.09)

Well, as I recall the story, it goes like this:

Honeywell and Fairchild have announced a merger. They also announced that
the merger would create substantial efficiencies by reducing expenses.
Substantial layoffs are expected. The merged firm will be called Farewell
Honeychild. [TNX for the rest of the story!!! PGN]


Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 33.10

Reply all
Reply to author
0 new messages