Risks Digest 33.21

31 views
Skip to first unread message

RISKS List Owner

unread,
May 16, 2022, 7:58:04 PMMay 16
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Monday 16 May 2022 Volume 33 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.21>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The dangerous business of dismantling America's aging nuclear plants
(WashPost)
Crypto is dead (Spectator)
Phishing attack pop-up targets MetaMask users visiting popular crypto sites
(The Verge)
The COVID Testing Company That Missed 96% of Cases (Propublica)
Everything is somehow interrelated, redux (PGN)
The Man Who Controls Computers with His Mind (Ferris Jabr)
Some Top 100,000 Websites Collect Everything You Type -- Before You Hit
Submit (Lily Hay Newman)
Sad delivery robot gets lost in the woods (Futurism)
Estimated $163 billion from pandemic unemployment benefits were misspent or
stolen (WashPost)
AI Employment Systems may reflect various forms of bias (EEOC Warning)
Russians plunder $5M farm vehicles from Ukraine -- to find they've been
remotely disabled (CNN)
Russian troops are tracking Ukrainians' Chinese drones (CNN)
Flytrex expands drone delivery into Texas (TechCrunch)
Finding it hard to get a new job? Robot recruiters might be to blame
(The Guardian)
Radical Ruling Lets Texas Ban Social Media Moderation (WiReD)
A magnet for rip-off artists: Fraud siphoned billions from pandemic
unemployment benefits (WashPost)
He gave Instagram photos of his baby. Instagram returned fear. (WashPost)
Re: Companies envision taxis flying above jammed traffic (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 14 May 2022 15:00:11 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The dangerous business of dismantling America's aging nuclear
plants (WashPost)

Accidents at New Jersey's Oyster Creek power plant have spurred calls for
stricter oversight of the burgeoning nuclear decommissioning industry.

Joseph Delmar, a spokesman for Holtec, defended the company's record, saying
it takes safety and security seriously. The recent incidents ``are not
reflective of the organization's culture,'' he said, adding that the worker
who knocked down the power line ``did not follow the proper safety
protocols.'' Delmar said the company has decades of experience building
equipment to store nuclear waste and employs veteran plant workers to
dismantle reactor sites.

``While the decommissioning organization may seem new, the professionals
staffing the company are experienced nuclear professionals with intimate
knowledge of the plants they work at,'' Delmar said in an emailed statement.

Accelerated decommissioning

Founded and wholly owned by Kris Singh, an inventor and entrepreneur, Holtec
says it is pioneering a new model of accelerated decommissioning. At the
24 U.S. reactors currently undergoing decommissioning, over half are
expected to take two decades or more to complete the process, NRC data
shows; Holtec pledges to return nuclear sites to safe, clean usable land in
as few as eight years. Singh did not respond to requests for comment, and
Holtec did not make him available for an interview. [...]

``I went from a staff of six to a staff of two, all having extra
responsibilities, doubling our workload and learning new criteria of the
positions,' the manager said in the letter, which was posted on the NRC's
website.

In a settlement with the NRC announced this year, Holtec agreed to pay a
$50,000 civil penalty, hire a new corporate security director and conduct
external security assessments. [...]

In 2017, Holtec opened the doors of a stately new manufacturing center in
Camden, N.J., that showcases Singh's accomplishments. Employees arriving at
the main office building on the Krishna P. Singh Technology Campus walk by a
parking space reserved for the CEO's chauffeured Rolls-Royce and into an
atrium where more than 100 patents bearing Singh's name are on display.

https://www.washingtonpost.com/business/2022/05/13/holtec-oyster-creek-nuclear-plant-cleanup/

[In "only" eight years? PGN]

------------------------------

Date: Mon, 16 May 2022 06:25:56 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Crypto is dead (Spectator)

https://www.spectator.co.uk/article/crypto-is-dead

When Britain voted for Brexit, Macron boasted that Paris would eat the City
of London's lunch. It didn't quite work out that way, with most league
tables continuing to put London as the number one or two financial centre,
with not a single EU city in the top ten. Emmanuel Macron's government has
now announced that it has invited Binance, a crypto-currency exchange site,
to set up a European HQ in Paris. You have to ask: has Macron leaped onto a
bandwagon that has already started to lose its wheels? [...]

[The rest of this duplicates Yaffe-Bellany et al. in RISKS-33.20. PGN]

------------------------------

Date: Mon, 16 May 2022 17:11:22 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Phishing attack pop-up targets MetaMask users visiting popular
crypto sites (The Verge)

https://www.theverge.com/2022/5/13/23071786/etherscan-coingecko-crypto-phishing-ad-popup-coinzilla-metamask

------------------------------

Date: Mon, 16 May 2022 18:07:53 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: The COVID Testing Company That Missed 96% of Cases (Propublica)

State and local officials across Nevada signed agreements with Northshore
Clinical Labs, a COVID testing laboratory run by men with local political
connections. There was only one problem: Its tests didn't work.

https://www.propublica.org/article/covid-testing-nevada-false-negatives-northshore

------------------------------

Date: Sun, 15 May 2022 12:03:51 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: Everything is somehow interrelated, redux

Today's Earthweek diary of the planet in today's *San Francisco Chronicle":

* Warming threshold: 50% chance the world will exceed the 1.5-degree
Celsius goal by 2026 (UN weather agency). A harbinger?

* Record swarms: Namibia's worst brown locust invasion in history,
while still recovering from a 6-year drought ending in 2019. Fodder
for livestock is rapidly vanishing.

* Huge South Asia heat: Falling birds dehydrated and exhausted in Gujarat.

* Eruption repercussions: The cataclysmic eruption of Tonga-Hunga Ha'apai
volcano brought hurricane-force winds and unusual electric currents to the
ionosphere. Satellites detected giant plumes of gases, water vapor, and
dust.

* Collateral damage: Beyond casualties and destruction in Ukraine, Turkish
marine-life experts say the war is causing a sharp rise in dolphin deaths
along the Black Sea coast, due to underwater noise pollution from 20
Russian navy vessels, driving dolphins ashore or into fish nets. Bulgaria
has similar reports.

------------------------------

Date: Mon, 16 May 2022 12:21:25 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: The Man Who Controls Computers with His Mind (Ferris Jabr)

Ferris Jabr, *The New York Times* Magazine, 15 May 2022,
via ACM TechNews, 16 May 2022

Paralyzed since 2006, Dennis DeGray has regained a semblance of control over
his body via a brain-computer interface (BCI) developed by Stanford
University researchers. Implanted in him in 2016, the BCI enables DeGray to
move a cursor on a computer screen by thought, using machine learning
algorithms that associate different neural activity patterns with different
intended hand movements. DeGray has learned to control various technologies
with his mind, including videogames, robotic limbs, and a simulated aerial
drone. BCI advancements to date have relied on a combination of invasive and
noninvasive technologies. Thomas Oxley at BCI developer Synchron believes
future models will help physically disabled people re-engage with physical
and digital environments.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ea22x233cdcx071866&

[This is really seminal work, and opens up many opportunities. There are
many potential risks -- security, reliability, denials of service attacks,
and more. However, for some reason it reminded me of a book I read in
1978 when it first appeared, which might seem timely now:

Ingo Swann, Star Fire: The War To End All Wars Has Begun --
Rock superstar-composer Dan Merriweather is the world's first true
megapsychic. And when he discovers the true extent of his extraordinary
powers, and his out-of-body voyages reveal the existence of top-secret
U.S. and Russian installations for the development of psychic weapons
more frightening than any nuclear or bacteriological hardware, he
evolves an astounding plan to transform the world. [...]

Note: Ingo was a subject for the SRI team on psychic experiments back
then. PGN]

------------------------------

Date: Mon, 16 May 2022 12:21:25 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Some Top 100,000 Websites Collect Everything You Type -- Before
You Hit Submit (Lily Hay Newman)

via ACM TechNews, 16 May 2022
Lily Hay Newman, *Ars Technica*, 14 May 2022

Researchers at Belgium's Katholieke Universiteit Leuven, Radboud University
in the Netherlands, and Switzerland's University of Lausanne analyzed the
top 100,000 websites and found a significant number record some or all of
visitors' typewritten data. The researchers estimated 1,844 sites gathered a
European Union user's email address without consent, while 2,950 logged a
U.S. user's email. Many sites incorporate third-party marketing and
analytics services that perform data-logging. After crawling sites for
password leaks last May, the researchers found 52 sites in which third
parties, including Russian technology company Yandex, were incidentally
collecting password data prior to submission.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ea22x233ce3x071866&

------------------------------

Date: Mon, 16 May 2022 12:57:11 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Sad delivery robot gets lost in the woods (Futurism)

The Internet was delighted over the weekend when British history professor
Matthew McCormack made a hilarious discovery during his morning bike ride: a
six-wheeled delivery robot, driving by its lonesome self along a forested
path, in a rather adorable reminder of the helplessness of increasingly
ubiquitous autonomous machines.

<https://futurism.com/the-byte/delivery-robot-lost-woods>

------------------------------

Date: Mon, 16 May 2022 00:30:56 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Estimated $163 billion from pandemic unemployment benefits were
misspent or stolen (WashPost)

https://www.washingtonpost.com/us-policy/2022/05/15/unemployment-pandemic-fraud-identity-theft

------------------------------

Date: Sat, 14 May 2022 12:42:17 -0400
From: Bob Gezelter <geze...@rlgsc.com>
Subject: AI Employment Systems may reflect various forms of bias
(EEOC Warning)

Better now than later.

An interesting problem. There have been many well-documented cases of
scoring systems encapsulating pre-existing biases and gaps in understanding.

Twenty years ago, I spoke about the limitations of many analyses in "Les
Approximations Dangereaux: The Sorcerer's Apprentice and Other Dangerous
Approximations" at e_Protectit 2002.
(http://www.rlgsc.com/e-protectit/sorcerers.html)
A more extensive treatment is contained in Cathy O'Neil's 2016 book,
"Weapons of Math Destruction". Also relevant is Lawrence Lessig's 2000 book
"Code and Other Laws of Cyberspace".

Employment screening is no different than any other analysis. "Set", in
essence, seeing what one wants is a long-known danger in the Intelligence,
engineering, and other communities. Screening systems, whether for
employment, creditworthiness (e.g., red-lining), parole (see O'Neil), or
other uses, are no different.

The EEOC release is at:

https://www.eeoc.gov/newsroom/us-eeoc-and-us-department-justice-warn-against-disability-discrimination

------------------------------

Date: Mon, 16 May 2022 06:15:19 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Russians plunder $5M farm vehicles from Ukraine -- to find they've
been remotely disabled (CNN)

Russian troops in the occupied city of Melitopol have stolen all the
equipment from a farm equipment dealership - and shipped it to Chechnya,
according to a Ukrainian businessman in the area.

But after a journey of more than 700 miles, the thieves were unable to use
any of the equipment -- because it had been locked remotely.

https://www.cnn.com/2022/05/01/europe/russia-farm-vehicles-ukraine-disabled-melitopol-intl/

------------------------------

Date: Sun, 15 May 2022 12:24:03 +0300
From: Amos Shapir <amo...@gmail.com>
Subject: Russian troops are tracking Ukrainians' Chinese drones (CNN)

In this clip by CNN, an Ukrainian drone operator describes how Russian
troops were able to track the Ukrainians' off-the-shelf Chinese-made drones,
trying to destroy their operators.
https://www.youtube.com/watch?v=b166ecyNBCw&t=156s

In this situation, it's all incidental, as both sides are just using
whatever they can get; none of this was planned by the Chinese manufacturers
-- yet. But military systems everywhere contain thousands of electronic
components; I doubt their operators can even guess where every chip came
from.

------------------------------

Date: Fri, 13 May 2022 21:42:09 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Flytrex expands drone delivery into Texas (TechCrunch)

https://techcrunch.com/2022/03/29/flytrex-expands-drone-delivery-into-texas/

Will this "fly" with New York? What could go wrong?

------------------------------

Date: Sun, 15 May 2022 00:41:50 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Finding it hard to get a new job? Robot recruiters might
be to blame (The Guardian)

https://www.theguardian.com/us-news/2022/may/11/artitifical-intelligence-job-applications-screen-robot-recruiters

------------------------------

Date: Sat, 14 May 2022 23:01:07 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Radical Ruling Lets Texas Ban Social Media Moderation (WiReD)

https://www.wired.com/story/texas-social-media-moderation-ban/

Eventually he realized that if he wrote a version of Bitcoin that had a
Turing-complete programming language, the network could deliver every
imaginable digital service, right out of the box. It didn't even have to
stop at financial applications. You could replicate Facebook, reassemble the
stock market, or even build completely digital corporations and run them
beyond the jurisdiction of any government entity. Once placed on a
blockchain, they would exist in an environment where software, data, and
financial assets interact without friction.

https://www.wired.com/2016/06/the-uncanny-mind-that-built-ethereum

------------------------------

Date: Sun, 15 May 2022 13:40:28 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: A magnet for rip-off artists: Fraud siphoned billions from pandemic
unemployment benefits (WashPost)

Identity theft and sophisticated criminal schemes siphoned billions from
pandemic unemployment benefits while government officials were unprepared
to deploy relief aid.

https://www.washingtonpost.com/us-policy/2022/05/15/unemployment-pandemic-fr=
aud-identity-theft/

------------------------------

Date: Fri, 13 May 2022 21:25:35 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: He gave Instagram photos of his baby. Instagram returned fear.
(WashPost)

Have you ever felt like recommendations on Instagram, TikTok or YouTube are
dragging you down an unwanted rabbit hole? We the users need algorithm
transparency and control.

https://www.washingtonpost.com/technology/2022/05/12/instagram-algorithm/

------------------------------

Date: Sat, 14 May 2022 10:14:36 -0700
From: Steve Bacher <seb...@verizon.net>
Subject: Re: Companies envision taxis flying above jammed traffic
(RISKS-33.20)

Hasn't anyone considered that once flying cars/taxis are practical and
popularized, the traffic jams will simply migrate from the roads to the air?
You're not going to be able to just breeze through the sky when everyone
else has the same notion and capability.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.21
************************

Reply all
Reply to author
Forward
0 new messages