info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 33.04
58 views
Skip to first unread message
RISKS List Owner
Jan 27, 2022, 7:56:09 PM1/27/22
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Thursday 27 January 2022 Volume 33 : Issue 04
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.04>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
First Felony Charges in Fatal Crash Involving Autopilot (AP)
When Mind Melds With Machine, Who's in Control? (WiReD)
Why the Belarus Railways Hack Marks a First for Ransomware (WiReD)
Patched Safari Flaws Exposed Webcams, Online Accounts, and More (WiReD)
Backdoor Found in Themes and Plugins from AccessPress Themes (Jetpack)
A bug lurking for 12 years gives attackers root on every major Linux distro
(Ars Technica)
Automation Could Make 12 Million Jobs in Europe Redundant (ZDNet)
AI's Potential Boon to Businesses (USC)
Manufacturers have less than five days' supply of some computer chips,
Commerce Department says (WashPost)
High number of Omicron mutations render antibodies ineffective (JPost)
Is the Media Doomed? (Politico)
UK's Telecomm Provider(s) Switching to Digital Phone Lines (paul cornish)
Google Assistant will now stop talking if you just say STOP!
(Lauren Weinstein)
Re: Spam, spam, spam, spam .... (Amos Shapir)
Re: Alexa tells 10-year-old girl to touch live plug with penny (John Levine)
Re: Fake QR Codes on Parking Meters (Bernie Cosell)
Re: maybe not such a big crisis, was U.S. airline officials warn of crisis
in aviation with new 5G service (John Levine)
The 5G Airline Controversy: What Is It About? (James Fallows)
Is 5G More Important Than Aircraft Safety? (Jon Nash)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: First Felony Charges in Fatal Crash Involving Autopilot (AP)
Stefanie Dazio and Tom Krisher, Associated Press, 18 Jan 2022
The driver of a Tesla on Autopilot that ran a red light and killed two
people in another car in 2019 faces two counts of vehicular manslaughter.
Kevin George Aziz Riad, who has pleaded not guilty, appears to be the first
person in the U.S. to be charged with a felony for a fatal crash involving
the use of a partially automated driving system. Charges were filed by
prosecutors in Los Angeles County, CA, in October, as the National Highway
Traffic Safety Administration and the National Transportation Safety Board
continues to investigate the widespread misuse of Autopilot. The University
of South Carolina's Bryant Walker Smith said Tesla could be "criminally,
civilly, or morally culpable" if courts determine it put a dangerous
technology on the road.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b21x074088&
------------------------------
Date: Sun, 23 Jan 2022 17:32:35 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: When Mind Melds With Machine, Who's in Control? (WiReD)
These aren't hypothetical questions for a distant future. We're wrestling
with them today. How do we assign responsibility when self-driving cars hit
pedestrians, or when passenger planes crash on autopilot? In the Air France
447 and Boeing 737 Max crashes, the autonomous systems got confused by
faulty sensor information and the pilots couldn;t recover from the
malfunction. This belies the promise, touted by many corporations, that
keeping humans in the loop will prevent things from spiraling out of
control. It may, in fact, just be a legal sleight of hand to pin liability
on an entity that courts are already equipped to hold responsible. A key
difference, however, is that a brain interface is part of the body, which
makes responsibility harder to demarcate.
There are also, of course, major privacy and security questions with brain
interfaces. By virtue of the fact that many signals are globally available
throughout the brain, a recording device could be picking up signals about
your sensory experience, your perceptual processes, your conscious
cognition, your emotional states. Ads could be targeted not to your clicks
but to your thoughts and feelings. These signals could even potentially be
used for surveillance. Ten years ago, members of Jack Gallant's lab at UC
Berkeley were able to hazily reconstruct visual scenes from the brain
activity of people watching video clips. The technique has gotten better
with time. If, one day in the far future, someone tapped into your wireless
neural receiver, imagine what they could see and hear. Certainly a lot more
than if they hacked your webcam or smart speaker. Through our own eyes and
ears, we might become the unwitting operatives of a distributed panopticon.
Direct brain-to-brain communication is just as ethically fraught. It's a
beautiful, utopian impulse -- the sense that if only we could fully see
what's inside one another contentions would cease. Should it prove
technically possible, however, the question of privacy becomes all the more
salient. In the same way that social media companies must grapple with
content moderation, brain devices would need to filter inter-brain
communication for harmful, hateful, or violent thoughts. There might even be
patterns of problematic neural activity that can be passed between people
like computer viruses. Epileptic seizures, for example, can be learned by
the brain in a process known as *kindling*. Like arsonists setting fire to a
city, malicious actors might seek to inject such maladaptive brain activity
in a bid to harm other users.
The history of technology, the history of humankind, is one of relentlessly
extended agency -- exerting control over materials, plants, animals, and
perhaps, one day, minds. The invention of computers has transmuted that
agency to a programmable realm, wherein a hand can control a mouse that is
by turns a digital paintbrush, a text cursor, or a drone's gun sight. While
I’m still hopeful about what brain-machine interfaces will be able to do for
people with impaired motor function, we should acknowledge where good
intentions might be obfuscating a potential ethical catastrophe. We've got
to reckon with the implications of agency and privacy as they pertain to AI
today, before they’re interfaced with our bodies and minds. We’re being
promised new avenues of human control, when it is precisely control we’d be
ceding in what could be the largest deprivatization of thought since the
invention of language.
https://www.wired.com/story/when-mind-melds-machine-whos-in-control-brain-computer-interface/
------------------------------
Date: Wed, 26 Jan 2022 20:08:25 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Why the Belarus Railways Hack Marks a First for Ransomware (WiReD)
The politically motivated attack represents a new frontier for hacktivists
-- and won't be the last of its kind.
https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/
------------------------------
Date: Wed, 26 Jan 2022 20:14:07 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Patched Safari Flaws Exposed Webcams, Online Accounts, and More |
(WiReD)
Apple awarded a $100,500 bug bounty to the researcher who discovered the
latest major vulnerability in its browser.
In October, Apple patched the vulnerability in Safari's WebKit engine and
made revisions in iCloud. And in December it patched a related
vulnerability in its Script Editor code automation and editing tool.
https://www.wired.com/story/safari-flaws-webcam-online-accounts-mic/
Another good reason to install updates.
------------------------------
Date: Tue, 25 Jan 2022 23:16:21 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Backdoor Found in Themes and Plugins from AccessPress Themes
(Jetpack)
While investigating a compromised site we discovered some suspicious code in
a theme by AccessPress Themes (aka Access Keys), a vendor with a large
number of popular themes and plugins. On further investigation, we found
that all the themes and most plugins from the vendor contained this
suspicious code, but only if downloaded from their own website. The same
extensions were fine if downloaded or installed directly from the
WordPress.org directory.
Due to the way the extensions were compromised, we suspected an external
attacker had breached the website of AccessPress Themes in an attempt to use
their extensions to infect further sites.
We contacted the vendor immediately, but at first we did not receive a
response. After escalating it to the WordPress.org plugin team, our
suspicions were confirmed. AccessPress Themes websites were breached in the
first half of September 2021, and the extensions available for download on
their site were injected with a backdoor.
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
------------------------------
Date: Wed, 26 Jan 2022 11:08:40 PST
From: Peter Neumann <neu...@csl.sri.com>
Subject: A bug lurking for 12 years gives attackers root on every major Linux
distro (Ars Technica)
[Collected from various sources... PGN]
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/
This highlights a problem with running old versions of OSes that aren't
getting software updates. (Ubuntu Advantage has patches in 14.04 and 16.04
for subscribers.
https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html
proof-of-concept code is available:
https://packetstormsecurity.com/files/165728/cve-2021-4043-poc.c
------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Automation Could Make 12 Million Jobs in Europe Redundant (ZDNet)
Owen Hughes, ZDNet, 20 Jan 2022, via ACM TechNews, Monday, January 24, 2022
Automation could render up to 12 million jobs in Europe superfluous over the
next 20 years as companies compete to boost productivity and fill skills
gaps amid an aging workforce, reports research company Forrester. Retail,
food services, and leisure and hospitality occupations could face the
largest losses, with mid-labor jobs involving simple, routine tasks most
vulnerable. A total of 49 million jobs in France, Germany, Italy, Spain, and
Britain could potentially be automated by 2040, imperiling casual work and
low-paid, part-time labor. Pandemic-reduced productivity is prompting
organizations to consider automation to restore efficiency, while sectors
that were already using automation have increased investment to grow service
delivery and mitigate pandemic constraints. Academic forecasts of jobs
potentially lost to automation vary, with Forrester noting machine learning
experts "imagine future computer capabilities without understanding
enterprise technology adoption constraints and the cultural barriers within
an organization that resist change."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b1fx074088&
------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: AI's Potential Boon to Businesses (USC)
Greg Hardesty, USC Viterbi School of Engineering, 19 Jan 2022
E-commerce companies can more efficiently organize products and help
customers find what they want with artificial intelligence created by
researchers at Yahoo and the University of Southern California's Viterbi
School of Engineering (USC Viterbi). USC Viterbi's Mayank Kejriwal said the
Taxonomy Induction over Concept Labels (TICL) algorithm enables Web-based
companies to quickly and inexpensively build a customizable taxonomy
(classifying data into tree-like structures) from thousands of product
labels "in seconds," and these trees "are of similar quality to any that you
might be able to build." Said Kejriwal, "Systems like TICL do the drudgery
of organizing our information for us so we can focus on creative and
strategic tasks that are, frankly, more fun," he said.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b22x074088&
[He said, she said. PGN said "Trusting untrustworthy AI is always scary.
However, it is often the *creativity* of amateur/undisciplined programmers
and developers that causes unneeded risks in critical systems." PGN]
------------------------------
Date: Wed, 26 Jan 2022 20:10:27 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Manufacturers have less than five days' supply of some computer
chips, Commerce Department says (WashPost)
Wafer-thin inventories leave factories vulnerable to shutdowns if their chip
deliveries are interrupted by weather or covid-19
https://www.washingtonpost.com/technology/2022/01/25/semiconductor-shortage-inventory-2022-chips/
------------------------------
Date: Sat, 22 Jan 2022 10:09:28 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: High number of Omicron mutations render antibodies ineffective
(JPost)
*New research indicates the 46 mutations found in the COVID-19 Omicron
variant have rendered antibodies ineffective, accounting for the high
number of re-infections and breakthrough cases*. [...]
https://www.jpost.com/health-and-wellness/coronavirus/article-694237
------------------------------
Date: Sat, 22 Jan 2022 10:42:16 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Is the Media Doomed?
*From a Big Tech crackdown to the rebirth of local news, 16 future-minded
thinkers predict where journalism will be in 15 years...*
It's almost conventional wisdom right now that the news media is in a
fast-moving crisis, with mainstream news sources collapsing and Americans
increasingly divided not only in what they read, but even what facts they
choose to believe. How much worse will it get? Or is there a way out?
The changes in the media industry make it nearly impossible to guess. When
POLITICO was born 15 years ago, a digital-first politics site was considered
downright disruptive in Washington, D.C. Today, that sounds almost quaint
compared to what was on the way: Facebook was a baby, and Instagram was just
a twinkle in a code developer's eye. *Pandemic* meant the Spanish Flu of
1918 -- and Zoom was a kids' show from the '70s
<https://www.youtube.com/watch?v=X6KsYM_peVk>. Information now flows in ways
nobody was even considering in 2007, and over the next decade and a half,
media is poised to change even more dramatically.
How? We at POLITICO Magazine decided to take advantage of our milestone --
our 15th birthday -- to press some experts and media thinkers on what media
will look like in the next 15 years. What will be the biggest
transformations -- and how will they affect our public life? Are you
optimistic? If so, how do we get to the good part? If you're concerned, what
can we do to avoid the worst outcomes?
Here's what they had to say. [...]
https://www.politico.com/news/magazine/2022/01/21/media-journalism-future-527294
------------------------------
Date: Tue, 25 Jan 2022 11:27:26 -0000
From: "paul cornish" <paul.a....@googlemail.com>
Subject: UK's Telecomm Provider(s) Switching to Digital Phone Lines
Openreach the provider of the UK's telecomm's infrastructure is switching to
'Digital Voice' which appears to be replacing the copper wired analogue
exchange to residence connection with one based on broadband technology.
See https://www.bt.com/help/landline/digital-voice-migration. The
changeover will be done by 2025. It looks like they are migrating the
entire country onto VOIP. Also, the way handsets connect to the service
inside the house is changing to one using DECT.
The consequences include:
1. Householders having to re-arrange their domestic phone systems -- to
establish a connection to their router. Or replace their handsets with a
Digital Voice compatible one.
2. However, BT Digital Voice appears to only work with the routers (Smart
Hub 2) they provide!
3. BT state that if consumers have a monitored alarm that's connected to
their landline (like a health pendant or monitored burglar alarm) they'll
need to speak to their alarm provider before moving to Digital Voice.
Apparently these systems will stop working.
4. Oh and if there's a power cut or your broadband fails, you'll be unable
to make calls using Digital Voice, including calls to 999
5. Some areas have no broadband services / or they fail often
Risks: very limited news / announcements about the programme, issues over
requiring householders to change their equipment / undertake technical
re-configuration with limited / little support. Elderly / vulnerable
residents a risk.
------------------------------
Date: Wed, 26 Jan 2022 09:33:58 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google Assistant will now stop talking if you just say STOP!
Google Assistant will now stop talking if you just say STOP!
Super! Google Assistant will now stop talking if you just say STOP. No need
to do the "Hey Google" first. Yeah, just say STOP -- just like on Star Trek!
------------------------------
Date: Wed, 26 Jan 2022 12:09:00 +0200
From: Amos Shapir <amo...@gmail.com>
Subject: Re: Spam, spam, spam, spam .... (Rob Slade, RISKS-33.03)
> Anybody else getting lots of Media Message Service messages, ostensibly
from twelve-digit phone numbers?
Maybe it's because of this:
https://www.howtogeek.com/781083/apple-needs-to-fix-its-group-texting-abuse-problem/
It seems that when a message is sent from an Apple device to multiple
recipients, it's sent to Android devices using SMS / MMS protocol. What's
worse, this creates an ad hoc text message group which includes all
recipients -- but Android users have no way to leave the group, so they keep
receiving these messages whenever anyone replies to the group.
------------------------------
Date: 23 Jan 2022 13:35:26 -0500
From: "John Levine" <jo...@iecc.com>
Subject: Re: Alexa tells 10-year-old girl to touch live plug with penny
(Sudia, RISKS-33.01)
> Aren't these so-called smart speakers really driven by humans in the back
> room, pretending to be AI?
No, they're computers, but in many cases they record the interactions and
have humans later listen and annotate them so they can improve the voice
recognition software, which I suppose in some sense is the worst of both
worlds.
Amazon does have Mechanical Turk in which you can pay people small amounts
of money to do online tasks, but that's different.
------------------------------
Date: Sat, 22 Jan 2022 20:25:39 -0500
From: "Bernie Cosell" <ber...@fantasyfarm.com>
Subject: Re: Fake QR Codes on Parking Meters (Leichter, RISKS-33.03)
How does the attack work? I have a Samsung tablet that doesn't do QR codes
natively and so I installed one and I've tried it on a bunch of different QR
codes and all it does is show me what the QR code resolves to and,
basically, asks me what to do. Granted that it takes some smarts to
recognize a bogus URL but the same risk happens with URLs in email
messages..
Do some QR-capable devices really just go to the url they scan without
giving you a chance to intervene? If so that strikes me as the bigger risk,
rather than the bogus QR codes...
------------------------------
Date: 22 Jan 2022 23:03:41 -0500
From: "John Levine" <jo...@iecc.com>
Subject: Re: maybe not such a big crisis, was U.S. airline officials warn of
crisis in aviation with new 5G service (Cornish, RISKS-33.03)
This week's update: the FAA has what's known as an AMOC (Alternative Means
Of Compliance) which means that certain altimeters have adequate filters to
deal with 5G signals.
By Thursday, Jan 20, they'd issued AMOCs for 13 kinds of altimeter which
include all of the mainline jets used in the US and most of the regional
jets, for 78% of the fleet.
More details here, including the possibility that the FAA will rerun this fiasco
in July:
http://tmfassociates.com/blog/2022/01/18/failing-at-analysis/
------------------------------
Date: January 27, 2022 18:47:32 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The 5G Airline Controversy: What Is It About?
James Fallows, Jan 20 2022
It could be an issue. But it will probably be resolved soon. What to know
the next time you hear it come up.
https://fallows.substack.com/p/the-5g-airline-controversy-what-is
This post is a basic who-what-why primer on the controversy involving new 5G
wireless networks, and airline operations at major U.S. airports. It's not
meant to be conclusive but instead an introduction, with links to more
detailed discussions.
Update January 21 10am ET: Please see additional links, new information, and answers to some reader queries at bottom of this post.
Short version: 5G versus the airlines is potentially a real issue, rather
than a bogus threat. But it's likely that the parties involved will work out
adjustments soon. Which is a good thing.
Now, the longer version, Q-and-A style:
Could cell phones really affect airline safety?
The new ones, yes.
(And to be clear, I'm referring not to individual phones but to the
transmission systems and new broadcast towers that enable very high-speed 5G
data speeds.)
We've all become numbed to routine, never-enforced warnings to turn off cell
phones on takeoff and landing aboard airlines. They have seemed like
security theater, and in practical terms the goal might have been mainly to
pry people's attention away from their phones during important phases of a
flight.
The new 5G networks, which were activated yesterday, are different. That is
because the part of the broadcast spectrum they use is
closer-than-comfortable to a part used by a specific aviation device, called
a radio altimeter. (Also radar altimeter or radalt. They all refer to the
same thing; I'll use radio.) The chart below, from a technical report that's
been the basis of recent controversy, introduces the overall idea.
The central question is: could transmissions and emissions on the newly
authorized 5G part of the spectrum overlap and interfere with the signals
that an airliner's radio altimeter relies on, for safe guidance of a plane?
Especially if the transmission towers are directly along the landing paths
that aircraft follow?
The aviation world says: maybe they could, so let's be careful before taking
the risk.
What is a radio altimeter?
If you've seen an airplane cockpit in photos or in real life, you have seen
a regular (or barometric) altimeter. It's the device that looks like a clock
dial, with a hand indicating the plane's altitude. In the shot below, of a
pre-GPS-era cockpit, it's the dial at top center (showing an altitude of 700
feet).
A radio altimeter works on an entirely different principle. A barometric
altimeter gauges the plane's altitude by comparing air pressure outside the
plane (which goes down, as the plane goes up) with sea-level pressure. It's
indispensable but is not a high-precision instrument.
A radio altimeter gives much more exact, moment-by-moment readings of the
plane's distance from the ground. It does so by transmitting signals
downward and measuring how long it takes them to bounce back. Let's say the
Denver airport has an elevation of 5,500 feet. If a plane were 500 feet up,
on final approach to land, the barometric altimeter would show 6,000 feet
above sea level. The radio altimeter would say 500 feet above the ground,
and it would keep ticking off the exact distance as the plane glided down.1
Why does a radio altimeter matter?
In clear weather, a flight crew could get a plane safely on the ground even
if both kinds of altimeters had failed. You wouldn't want that, but pilots
are trained to use countless visual cues to judge their height above the
runway and the path down to a landing. Nearly every airport big enough to
handle airline flights has runways with visual *glideslope indicators* -- a
combination of red and white lights to show continuous guidance on whether
you're high, low, or on the right vertical path down.
It's different in bad weather. Everything complicated in aviation involves
guiding planes from takeoff to touchdown if the pilots can't see where they
are going.
A big step in modern, high-volume, all-weather airline travel is equipping
airplanes to land safely even if fog or clouds block the pilots' view. That
is where the radio altimeters crucially come in. With their very accurate
second-by-second, foot-by-foot measurements of the plane's distance above
the runway, they can in principle allow a plane to land itself.
The aviation term for this kind of procedure is a *Cat III ILS landing*.
The YouTube video below, by a Boeing 777 pilot named Juan Browne, gives a
professional pilot's view of the whole situation. The first two minutes
distill what these landings are like, and the role a radio altimeter
plays. In essence, the radalt is how the plane knows how far away the ground
is, and how it can safely touch down.
As the Juan Browne video develops at length, the concern is that 5G
transmitters near airports could block, scramble, or distort the radio
altimeter signals. This could, in turn, interfere with operations where
radio altimeters are crucial -- namely, approaches in low visibility and bad
weather.
And it could matter more broadly. John Herron, a former naval aviator who is
now an airline pilot, sent me an email today on the larger importance of
radio altimeter signals:
It's difficult for lay people to grasp the importance of radio altimeters to
modern commercial aircraft. Many think, what's the big deal? After all, the
pilots have a barometric altimeter too?
Well, the big deal is this gem of an instrument gives pilots the real
precise distance from the ground at the precise moment in time, and has been
incorporated into so many systems that have been developed and evolved to
improve safety for everyone - the pilots, travelers and those who reside
below. This is not just an issue of low visibility approaches.
Share
What, exactly, is the airlines' concern about 5G?
It is that the new ground-station transmitters for 5G are so much more
powerful than the radio-altimeter transmitters aboard airplanes, and have
been located so close to major runways and on approach paths, that
interference is possible. And that it's better to recognize this problem
before a close call (or worse), rather than after.
In the meantime, *better safe than sorry( flight cancellations have ripple
effects through an air-travel industry that has relentlessly boiled away
excess capacity and slack. A disruption anywhere becomes congestion
everywhere.
Below you see an illustration from a 2020 report by the technical group RTCA
on possibilities for 5G interference with aviation. The red and yellow lines
are an aircraft's approach path to Runway 27L at O'Hare airport. The blue
markers are cell phone transmission stations. The point of the illustration
is how closely they match up. [...]
------------------------------
Date: Sun, 23 Jan 2022 09:31:15 -0500
From: "Jon Nash" <jnashf...@gmail.com>
Subject: Is 5G More Important Than Aircraft Safety?
The greed and stupidity of the big telecoms knows no bounds .
Good discussions by Juan Brown, who is an airline pilot.
In Europe the 5G frequencies are a bit farther away from the radar
frequency and and not as powerful. Also they kept the 5G towers at least 2
miles from certain airports .
Someone pointed out that the heads of the FCC recently have been lawyers ,
not engineers who would have better understood this situation.
https://youtu.be/942KXXmMJdY
https://youtu.be/s8J2j2PJi1o
https://youtu.be/aHIFs4EkA0k
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.04
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.04>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
First Felony Charges in Fatal Crash Involving Autopilot (AP)
When Mind Melds With Machine, Who's in Control? (WiReD)
Why the Belarus Railways Hack Marks a First for Ransomware (WiReD)
Patched Safari Flaws Exposed Webcams, Online Accounts, and More (WiReD)
Backdoor Found in Themes and Plugins from AccessPress Themes (Jetpack)
A bug lurking for 12 years gives attackers root on every major Linux distro
(Ars Technica)
Automation Could Make 12 Million Jobs in Europe Redundant (ZDNet)
AI's Potential Boon to Businesses (USC)
Manufacturers have less than five days' supply of some computer chips,
Commerce Department says (WashPost)
High number of Omicron mutations render antibodies ineffective (JPost)
Is the Media Doomed? (Politico)
UK's Telecomm Provider(s) Switching to Digital Phone Lines (paul cornish)
Google Assistant will now stop talking if you just say STOP!
(Lauren Weinstein)
Re: Spam, spam, spam, spam .... (Amos Shapir)
Re: Alexa tells 10-year-old girl to touch live plug with penny (John Levine)
Re: Fake QR Codes on Parking Meters (Bernie Cosell)
Re: maybe not such a big crisis, was U.S. airline officials warn of crisis
in aviation with new 5G service (John Levine)
The 5G Airline Controversy: What Is It About? (James Fallows)
Is 5G More Important Than Aircraft Safety? (Jon Nash)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: First Felony Charges in Fatal Crash Involving Autopilot (AP)
Stefanie Dazio and Tom Krisher, Associated Press, 18 Jan 2022
The driver of a Tesla on Autopilot that ran a red light and killed two
people in another car in 2019 faces two counts of vehicular manslaughter.
Kevin George Aziz Riad, who has pleaded not guilty, appears to be the first
person in the U.S. to be charged with a felony for a fatal crash involving
the use of a partially automated driving system. Charges were filed by
prosecutors in Los Angeles County, CA, in October, as the National Highway
Traffic Safety Administration and the National Transportation Safety Board
continues to investigate the widespread misuse of Autopilot. The University
of South Carolina's Bryant Walker Smith said Tesla could be "criminally,
civilly, or morally culpable" if courts determine it put a dangerous
technology on the road.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b21x074088&
------------------------------
Date: Sun, 23 Jan 2022 17:32:35 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: When Mind Melds With Machine, Who's in Control? (WiReD)
These aren't hypothetical questions for a distant future. We're wrestling
with them today. How do we assign responsibility when self-driving cars hit
pedestrians, or when passenger planes crash on autopilot? In the Air France
447 and Boeing 737 Max crashes, the autonomous systems got confused by
faulty sensor information and the pilots couldn;t recover from the
malfunction. This belies the promise, touted by many corporations, that
keeping humans in the loop will prevent things from spiraling out of
control. It may, in fact, just be a legal sleight of hand to pin liability
on an entity that courts are already equipped to hold responsible. A key
difference, however, is that a brain interface is part of the body, which
makes responsibility harder to demarcate.
There are also, of course, major privacy and security questions with brain
interfaces. By virtue of the fact that many signals are globally available
throughout the brain, a recording device could be picking up signals about
your sensory experience, your perceptual processes, your conscious
cognition, your emotional states. Ads could be targeted not to your clicks
but to your thoughts and feelings. These signals could even potentially be
used for surveillance. Ten years ago, members of Jack Gallant's lab at UC
Berkeley were able to hazily reconstruct visual scenes from the brain
activity of people watching video clips. The technique has gotten better
with time. If, one day in the far future, someone tapped into your wireless
neural receiver, imagine what they could see and hear. Certainly a lot more
than if they hacked your webcam or smart speaker. Through our own eyes and
ears, we might become the unwitting operatives of a distributed panopticon.
Direct brain-to-brain communication is just as ethically fraught. It's a
beautiful, utopian impulse -- the sense that if only we could fully see
what's inside one another contentions would cease. Should it prove
technically possible, however, the question of privacy becomes all the more
salient. In the same way that social media companies must grapple with
content moderation, brain devices would need to filter inter-brain
communication for harmful, hateful, or violent thoughts. There might even be
patterns of problematic neural activity that can be passed between people
like computer viruses. Epileptic seizures, for example, can be learned by
the brain in a process known as *kindling*. Like arsonists setting fire to a
city, malicious actors might seek to inject such maladaptive brain activity
in a bid to harm other users.
The history of technology, the history of humankind, is one of relentlessly
extended agency -- exerting control over materials, plants, animals, and
perhaps, one day, minds. The invention of computers has transmuted that
agency to a programmable realm, wherein a hand can control a mouse that is
by turns a digital paintbrush, a text cursor, or a drone's gun sight. While
I’m still hopeful about what brain-machine interfaces will be able to do for
people with impaired motor function, we should acknowledge where good
intentions might be obfuscating a potential ethical catastrophe. We've got
to reckon with the implications of agency and privacy as they pertain to AI
today, before they’re interfaced with our bodies and minds. We’re being
promised new avenues of human control, when it is precisely control we’d be
ceding in what could be the largest deprivatization of thought since the
invention of language.
https://www.wired.com/story/when-mind-melds-machine-whos-in-control-brain-computer-interface/
------------------------------
Date: Wed, 26 Jan 2022 20:08:25 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Why the Belarus Railways Hack Marks a First for Ransomware (WiReD)
The politically motivated attack represents a new frontier for hacktivists
-- and won't be the last of its kind.
https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/
------------------------------
Date: Wed, 26 Jan 2022 20:14:07 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Patched Safari Flaws Exposed Webcams, Online Accounts, and More |
(WiReD)
Apple awarded a $100,500 bug bounty to the researcher who discovered the
latest major vulnerability in its browser.
In October, Apple patched the vulnerability in Safari's WebKit engine and
made revisions in iCloud. And in December it patched a related
vulnerability in its Script Editor code automation and editing tool.
https://www.wired.com/story/safari-flaws-webcam-online-accounts-mic/
Another good reason to install updates.
------------------------------
Date: Tue, 25 Jan 2022 23:16:21 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Backdoor Found in Themes and Plugins from AccessPress Themes
(Jetpack)
While investigating a compromised site we discovered some suspicious code in
a theme by AccessPress Themes (aka Access Keys), a vendor with a large
number of popular themes and plugins. On further investigation, we found
that all the themes and most plugins from the vendor contained this
suspicious code, but only if downloaded from their own website. The same
extensions were fine if downloaded or installed directly from the
WordPress.org directory.
Due to the way the extensions were compromised, we suspected an external
attacker had breached the website of AccessPress Themes in an attempt to use
their extensions to infect further sites.
We contacted the vendor immediately, but at first we did not receive a
response. After escalating it to the WordPress.org plugin team, our
suspicions were confirmed. AccessPress Themes websites were breached in the
first half of September 2021, and the extensions available for download on
their site were injected with a backdoor.
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
------------------------------
Date: Wed, 26 Jan 2022 11:08:40 PST
From: Peter Neumann <neu...@csl.sri.com>
Subject: A bug lurking for 12 years gives attackers root on every major Linux
distro (Ars Technica)
[Collected from various sources... PGN]
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/
This highlights a problem with running old versions of OSes that aren't
getting software updates. (Ubuntu Advantage has patches in 14.04 and 16.04
for subscribers.
https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html
proof-of-concept code is available:
https://packetstormsecurity.com/files/165728/cve-2021-4043-poc.c
------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Automation Could Make 12 Million Jobs in Europe Redundant (ZDNet)
Owen Hughes, ZDNet, 20 Jan 2022, via ACM TechNews, Monday, January 24, 2022
Automation could render up to 12 million jobs in Europe superfluous over the
next 20 years as companies compete to boost productivity and fill skills
gaps amid an aging workforce, reports research company Forrester. Retail,
food services, and leisure and hospitality occupations could face the
largest losses, with mid-labor jobs involving simple, routine tasks most
vulnerable. A total of 49 million jobs in France, Germany, Italy, Spain, and
Britain could potentially be automated by 2040, imperiling casual work and
low-paid, part-time labor. Pandemic-reduced productivity is prompting
organizations to consider automation to restore efficiency, while sectors
that were already using automation have increased investment to grow service
delivery and mitigate pandemic constraints. Academic forecasts of jobs
potentially lost to automation vary, with Forrester noting machine learning
experts "imagine future computer capabilities without understanding
enterprise technology adoption constraints and the cultural barriers within
an organization that resist change."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b1fx074088&
------------------------------
Date: Mon, 24 Jan 2022 12:11:58 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: AI's Potential Boon to Businesses (USC)
Greg Hardesty, USC Viterbi School of Engineering, 19 Jan 2022
E-commerce companies can more efficiently organize products and help
customers find what they want with artificial intelligence created by
researchers at Yahoo and the University of Southern California's Viterbi
School of Engineering (USC Viterbi). USC Viterbi's Mayank Kejriwal said the
Taxonomy Induction over Concept Labels (TICL) algorithm enables Web-based
companies to quickly and inexpensively build a customizable taxonomy
(classifying data into tree-like structures) from thousands of product
labels "in seconds," and these trees "are of similar quality to any that you
might be able to build." Said Kejriwal, "Systems like TICL do the drudgery
of organizing our information for us so we can focus on creative and
strategic tasks that are, frankly, more fun," he said.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dd58x230b22x074088&
[He said, she said. PGN said "Trusting untrustworthy AI is always scary.
However, it is often the *creativity* of amateur/undisciplined programmers
and developers that causes unneeded risks in critical systems." PGN]
------------------------------
Date: Wed, 26 Jan 2022 20:10:27 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Manufacturers have less than five days' supply of some computer
chips, Commerce Department says (WashPost)
Wafer-thin inventories leave factories vulnerable to shutdowns if their chip
deliveries are interrupted by weather or covid-19
https://www.washingtonpost.com/technology/2022/01/25/semiconductor-shortage-inventory-2022-chips/
------------------------------
Date: Sat, 22 Jan 2022 10:09:28 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: High number of Omicron mutations render antibodies ineffective
(JPost)
*New research indicates the 46 mutations found in the COVID-19 Omicron
variant have rendered antibodies ineffective, accounting for the high
number of re-infections and breakthrough cases*. [...]
https://www.jpost.com/health-and-wellness/coronavirus/article-694237
------------------------------
Date: Sat, 22 Jan 2022 10:42:16 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Is the Media Doomed?
*From a Big Tech crackdown to the rebirth of local news, 16 future-minded
thinkers predict where journalism will be in 15 years...*
It's almost conventional wisdom right now that the news media is in a
fast-moving crisis, with mainstream news sources collapsing and Americans
increasingly divided not only in what they read, but even what facts they
choose to believe. How much worse will it get? Or is there a way out?
The changes in the media industry make it nearly impossible to guess. When
POLITICO was born 15 years ago, a digital-first politics site was considered
downright disruptive in Washington, D.C. Today, that sounds almost quaint
compared to what was on the way: Facebook was a baby, and Instagram was just
a twinkle in a code developer's eye. *Pandemic* meant the Spanish Flu of
1918 -- and Zoom was a kids' show from the '70s
<https://www.youtube.com/watch?v=X6KsYM_peVk>. Information now flows in ways
nobody was even considering in 2007, and over the next decade and a half,
media is poised to change even more dramatically.
How? We at POLITICO Magazine decided to take advantage of our milestone --
our 15th birthday -- to press some experts and media thinkers on what media
will look like in the next 15 years. What will be the biggest
transformations -- and how will they affect our public life? Are you
optimistic? If so, how do we get to the good part? If you're concerned, what
can we do to avoid the worst outcomes?
Here's what they had to say. [...]
https://www.politico.com/news/magazine/2022/01/21/media-journalism-future-527294
------------------------------
Date: Tue, 25 Jan 2022 11:27:26 -0000
From: "paul cornish" <paul.a....@googlemail.com>
Subject: UK's Telecomm Provider(s) Switching to Digital Phone Lines
Openreach the provider of the UK's telecomm's infrastructure is switching to
'Digital Voice' which appears to be replacing the copper wired analogue
exchange to residence connection with one based on broadband technology.
See https://www.bt.com/help/landline/digital-voice-migration. The
changeover will be done by 2025. It looks like they are migrating the
entire country onto VOIP. Also, the way handsets connect to the service
inside the house is changing to one using DECT.
The consequences include:
1. Householders having to re-arrange their domestic phone systems -- to
establish a connection to their router. Or replace their handsets with a
Digital Voice compatible one.
2. However, BT Digital Voice appears to only work with the routers (Smart
Hub 2) they provide!
3. BT state that if consumers have a monitored alarm that's connected to
their landline (like a health pendant or monitored burglar alarm) they'll
need to speak to their alarm provider before moving to Digital Voice.
Apparently these systems will stop working.
4. Oh and if there's a power cut or your broadband fails, you'll be unable
to make calls using Digital Voice, including calls to 999
5. Some areas have no broadband services / or they fail often
Risks: very limited news / announcements about the programme, issues over
requiring householders to change their equipment / undertake technical
re-configuration with limited / little support. Elderly / vulnerable
residents a risk.
------------------------------
Date: Wed, 26 Jan 2022 09:33:58 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google Assistant will now stop talking if you just say STOP!
Google Assistant will now stop talking if you just say STOP!
Super! Google Assistant will now stop talking if you just say STOP. No need
to do the "Hey Google" first. Yeah, just say STOP -- just like on Star Trek!
------------------------------
Date: Wed, 26 Jan 2022 12:09:00 +0200
From: Amos Shapir <amo...@gmail.com>
Subject: Re: Spam, spam, spam, spam .... (Rob Slade, RISKS-33.03)
> Anybody else getting lots of Media Message Service messages, ostensibly
from twelve-digit phone numbers?
Maybe it's because of this:
https://www.howtogeek.com/781083/apple-needs-to-fix-its-group-texting-abuse-problem/
It seems that when a message is sent from an Apple device to multiple
recipients, it's sent to Android devices using SMS / MMS protocol. What's
worse, this creates an ad hoc text message group which includes all
recipients -- but Android users have no way to leave the group, so they keep
receiving these messages whenever anyone replies to the group.
------------------------------
Date: 23 Jan 2022 13:35:26 -0500
From: "John Levine" <jo...@iecc.com>
Subject: Re: Alexa tells 10-year-old girl to touch live plug with penny
(Sudia, RISKS-33.01)
> Aren't these so-called smart speakers really driven by humans in the back
> room, pretending to be AI?
No, they're computers, but in many cases they record the interactions and
have humans later listen and annotate them so they can improve the voice
recognition software, which I suppose in some sense is the worst of both
worlds.
Amazon does have Mechanical Turk in which you can pay people small amounts
of money to do online tasks, but that's different.
------------------------------
Date: Sat, 22 Jan 2022 20:25:39 -0500
From: "Bernie Cosell" <ber...@fantasyfarm.com>
Subject: Re: Fake QR Codes on Parking Meters (Leichter, RISKS-33.03)
How does the attack work? I have a Samsung tablet that doesn't do QR codes
natively and so I installed one and I've tried it on a bunch of different QR
codes and all it does is show me what the QR code resolves to and,
basically, asks me what to do. Granted that it takes some smarts to
recognize a bogus URL but the same risk happens with URLs in email
messages..
Do some QR-capable devices really just go to the url they scan without
giving you a chance to intervene? If so that strikes me as the bigger risk,
rather than the bogus QR codes...
------------------------------
Date: 22 Jan 2022 23:03:41 -0500
From: "John Levine" <jo...@iecc.com>
Subject: Re: maybe not such a big crisis, was U.S. airline officials warn of
crisis in aviation with new 5G service (Cornish, RISKS-33.03)
This week's update: the FAA has what's known as an AMOC (Alternative Means
Of Compliance) which means that certain altimeters have adequate filters to
deal with 5G signals.
By Thursday, Jan 20, they'd issued AMOCs for 13 kinds of altimeter which
include all of the mainline jets used in the US and most of the regional
jets, for 78% of the fleet.
More details here, including the possibility that the FAA will rerun this fiasco
in July:
http://tmfassociates.com/blog/2022/01/18/failing-at-analysis/
------------------------------
Date: January 27, 2022 18:47:32 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The 5G Airline Controversy: What Is It About?
James Fallows, Jan 20 2022
It could be an issue. But it will probably be resolved soon. What to know
the next time you hear it come up.
https://fallows.substack.com/p/the-5g-airline-controversy-what-is
This post is a basic who-what-why primer on the controversy involving new 5G
wireless networks, and airline operations at major U.S. airports. It's not
meant to be conclusive but instead an introduction, with links to more
detailed discussions.
Update January 21 10am ET: Please see additional links, new information, and answers to some reader queries at bottom of this post.
Short version: 5G versus the airlines is potentially a real issue, rather
than a bogus threat. But it's likely that the parties involved will work out
adjustments soon. Which is a good thing.
Now, the longer version, Q-and-A style:
Could cell phones really affect airline safety?
The new ones, yes.
(And to be clear, I'm referring not to individual phones but to the
transmission systems and new broadcast towers that enable very high-speed 5G
data speeds.)
We've all become numbed to routine, never-enforced warnings to turn off cell
phones on takeoff and landing aboard airlines. They have seemed like
security theater, and in practical terms the goal might have been mainly to
pry people's attention away from their phones during important phases of a
flight.
The new 5G networks, which were activated yesterday, are different. That is
because the part of the broadcast spectrum they use is
closer-than-comfortable to a part used by a specific aviation device, called
a radio altimeter. (Also radar altimeter or radalt. They all refer to the
same thing; I'll use radio.) The chart below, from a technical report that's
been the basis of recent controversy, introduces the overall idea.
The central question is: could transmissions and emissions on the newly
authorized 5G part of the spectrum overlap and interfere with the signals
that an airliner's radio altimeter relies on, for safe guidance of a plane?
Especially if the transmission towers are directly along the landing paths
that aircraft follow?
The aviation world says: maybe they could, so let's be careful before taking
the risk.
What is a radio altimeter?
If you've seen an airplane cockpit in photos or in real life, you have seen
a regular (or barometric) altimeter. It's the device that looks like a clock
dial, with a hand indicating the plane's altitude. In the shot below, of a
pre-GPS-era cockpit, it's the dial at top center (showing an altitude of 700
feet).
A radio altimeter works on an entirely different principle. A barometric
altimeter gauges the plane's altitude by comparing air pressure outside the
plane (which goes down, as the plane goes up) with sea-level pressure. It's
indispensable but is not a high-precision instrument.
A radio altimeter gives much more exact, moment-by-moment readings of the
plane's distance from the ground. It does so by transmitting signals
downward and measuring how long it takes them to bounce back. Let's say the
Denver airport has an elevation of 5,500 feet. If a plane were 500 feet up,
on final approach to land, the barometric altimeter would show 6,000 feet
above sea level. The radio altimeter would say 500 feet above the ground,
and it would keep ticking off the exact distance as the plane glided down.1
Why does a radio altimeter matter?
In clear weather, a flight crew could get a plane safely on the ground even
if both kinds of altimeters had failed. You wouldn't want that, but pilots
are trained to use countless visual cues to judge their height above the
runway and the path down to a landing. Nearly every airport big enough to
handle airline flights has runways with visual *glideslope indicators* -- a
combination of red and white lights to show continuous guidance on whether
you're high, low, or on the right vertical path down.
It's different in bad weather. Everything complicated in aviation involves
guiding planes from takeoff to touchdown if the pilots can't see where they
are going.
A big step in modern, high-volume, all-weather airline travel is equipping
airplanes to land safely even if fog or clouds block the pilots' view. That
is where the radio altimeters crucially come in. With their very accurate
second-by-second, foot-by-foot measurements of the plane's distance above
the runway, they can in principle allow a plane to land itself.
The aviation term for this kind of procedure is a *Cat III ILS landing*.
The YouTube video below, by a Boeing 777 pilot named Juan Browne, gives a
professional pilot's view of the whole situation. The first two minutes
distill what these landings are like, and the role a radio altimeter
plays. In essence, the radalt is how the plane knows how far away the ground
is, and how it can safely touch down.
As the Juan Browne video develops at length, the concern is that 5G
transmitters near airports could block, scramble, or distort the radio
altimeter signals. This could, in turn, interfere with operations where
radio altimeters are crucial -- namely, approaches in low visibility and bad
weather.
And it could matter more broadly. John Herron, a former naval aviator who is
now an airline pilot, sent me an email today on the larger importance of
radio altimeter signals:
It's difficult for lay people to grasp the importance of radio altimeters to
modern commercial aircraft. Many think, what's the big deal? After all, the
pilots have a barometric altimeter too?
Well, the big deal is this gem of an instrument gives pilots the real
precise distance from the ground at the precise moment in time, and has been
incorporated into so many systems that have been developed and evolved to
improve safety for everyone - the pilots, travelers and those who reside
below. This is not just an issue of low visibility approaches.
Share
What, exactly, is the airlines' concern about 5G?
It is that the new ground-station transmitters for 5G are so much more
powerful than the radio-altimeter transmitters aboard airplanes, and have
been located so close to major runways and on approach paths, that
interference is possible. And that it's better to recognize this problem
before a close call (or worse), rather than after.
In the meantime, *better safe than sorry( flight cancellations have ripple
effects through an air-travel industry that has relentlessly boiled away
excess capacity and slack. A disruption anywhere becomes congestion
everywhere.
Below you see an illustration from a 2020 report by the technical group RTCA
on possibilities for 5G interference with aviation. The red and yellow lines
are an aircraft's approach path to Runway 27L at O'Hare airport. The blue
markers are cell phone transmission stations. The point of the illustration
is how closely they match up. [...]
------------------------------
Date: Sun, 23 Jan 2022 09:31:15 -0500
From: "Jon Nash" <jnashf...@gmail.com>
Subject: Is 5G More Important Than Aircraft Safety?
The greed and stupidity of the big telecoms knows no bounds .
Good discussions by Juan Brown, who is an airline pilot.
In Europe the 5G frequencies are a bit farther away from the radar
frequency and and not as powerful. Also they kept the 5G towers at least 2
miles from certain airports .
Someone pointed out that the heads of the FCC recently have been lawyers ,
not engineers who would have better understood this situation.
https://youtu.be/942KXXmMJdY
https://youtu.be/s8J2j2PJi1o
https://youtu.be/aHIFs4EkA0k
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.04
************************
0 new messages