Risks Digest 33.27

37 views
Skip to first unread message

RISKS List Owner

unread,
Jun 10, 2022, 7:14:12 PMJun 10
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Friday 10 June 2022 Volume 33 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.27>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
AI Translates Math Problems into Code to Make Them Easier to Solve
(Alex Wilkins)
Making Blockchain Stop Wasting Energy by Getting It to Manage Energy
(John Timmer)
Hole in the ISS made by a meteorite the size of a grain of sand
(geoff goodfellow)
Tesla Employees' Cars Will Now Drive Them To Work Against Their Will
(Babylon Bee)
Meta Facing 8 Lawsuits That Allege Its Addictive Algorithms Harm Young Users
(CNET)
How Safe Are Systems Like Tesla's Autopilot. No One Knows. (NYTimes)
Fraud and Identity Theft Trial to Test American Anti-Hacking Law (NYTimes)
SSNDOB Marketplace Seized And Dismantled In International Operation (DOJ)
The next step in a long march: Expanding mobile voting in WashDC (WashPost)
Canada's favorite coffee chain was covertly data mining the sh*t out of
people who just wanted cheap coffee, and they got outed by the government
(twitter item via geoff goodfellow)
Superworms Eat -- and --Survive on Polystyrene (Scientific American)
Re: WashDC stop-sign camera brought in $1.3 million in tickets in 2 years
(Steve Bacher)
The Evolution of Money: Cryptocurrency Regulation (WashPost)
The History of Information Security the Computer Age (Andrew J, Stewart,
reviewed by Sven Dietrich)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 8 Jun 2022 12:59:51 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: AI Translates Math Problems into Code to Make Them Easier to Solve
(Alex Wilkins)

Alex Wilkins, New Scientist, 6 June 2021, via ACM TechNews 8 Jun 2022

Google's Yuhuai Wu and colleagues used the Codex neural network of
artificial intelligence (AI) research company OpenAI to translate
mathematical problems from plain English into formal code. Codex correctly
translated 25% of 12,500 secondary-school math competition problems into a
format compatible with a formal proof-solver program called Isabelle. Wu
said the system's inability to understand certain mathematical concepts was
responsible for many of the unsuccessful translations. The team then tested
the process by applying Codex to problems pre-formalized by humans. The
network produced its own formal versions, and the researchers used the
MiniF2F AI to solve both versions; the auto-formalized versions raised
MiniF2F's success rate from 29% to 35%, suggesting Codex's formalization was
superior to that of humans.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ec22x23445dx070666&

[Perhaps this is a case in which formal methods might be used to prove --
or disprove -- that nondeterministic AI generates code that is both
deterministic and correct (or not)! PGN]

------------------------------

Date: Wed, 8 Jun 2022 12:59:51 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Making Blockchain Stop Wasting Energy by Getting It to Manage
Energy (John Timmer)

John Timmer, *Ars Technica*, 5 Jun 2022, via ACM TechNews 8 Jun 2022

A group of researchers from China's Shanghai Jiao Tong and Tsinghua
universities identified an optimization calculation that could make
blockchain systems more energy-efficient. The researchers concentrated on
the energy supply other blockchains consume, noting optimization is needed
in instances like matching supply with demand, and formulating the most
economic mix of generating sources. They also proposed small sub-grids could
self-manage through proof-of-solution (PoSo)-based optimizations, and used
energy systems at the U.K.'s University of Manchester and the city of
Suzhou, China, to test the concept. In both cases, the system quickly
produced optimal solutions for resource distribution, which competed with
centralized management. Although the system still demands multiple computers
to execute calculations and verification, the researchers contend the PoSo
blockchain solution is tougher to manipulate.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ec22x234456x070666&

------------------------------

Date: Thu, 9 Jun 2022 20:06:14 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Hole in the ISS made by a meteorite the size of a grain of sand

https://twitter.com/WorldAndScience/status/1534688766455173121

[This one is ominous. It ruins the meaning of the expression "Take this
with a grain of salt. PGN

------------------------------

Date: Wed, 8 Jun 2022 15:20:49 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Tesla Employees' Cars Will Now Drive Them To Work Against Their Will

[However, please read this one with a grain of salt on its tale. PGN]

STARBASE, TX -- After some employee outcry against Elon Musk's announcement
that remote workers must return to the office, Musk was reported to have
sent a follow-up memo. Sources forwarded the internal email detailing a
software update that will override employee Teslas and deliver its driver to
the office for working hours.

At midnight on June 8, your vehicle will automatically install a mandatory
software update. Expect bug fixes, stability improvements, and your vehicle
driving you to your workspace to begin your 8-14 hour work day, the email
reportedly stated.

Tesla executive Jared Fields took to Twitter around 11am on Tuesday from the
produce section of his local Whole Foods to share his response:

This is ridiculous -- the power has gone to his head. I'm just as
productive working from home as I am working in the office! Other Tesla
employees were reported to have been shocked at the notice, as was the
case with Shelby Burkhead, an HR manager who explained over brunch with
her boyfriend during work hours that she needed an additional "Employee
Mental Health Day" this week to recover from the news.

At publishing time, Elon sent a follow-up internal email explaining measures
that would be taken to make the transition back to office life easier on his
employees. The new and improved office space will now have rotating "Home
Sounds" audio playing overhead -- crying babies, landscaping equipment, fire
truck sirens, and the soft lull of a neighborhood chihuahua in heat.

https://babylonbee.com/news/tesla-employees-cars-will-now-drive-them-to-wor=
k-against-their-will

------------------------------

Date: Thu, 9 Jun 2022 10:34:21 +0900
From: David Farber <far...@keio.jp>
Subject: Meta Facing 8 Lawsuits That Allege Its Addictive Algorithms Harm
Young Users (CNET)

Meta, the parent company of Facebook and Instagram, is facing a slew of
lawsuits alleging the company hasn't done enough to prevent psychological
harm to its young users and is exploiting them for profit.

The lawsuits filed this week allege that the social media sites deliberately
design and use addictive psychological tactics to hook young and vulnerable
users, despite "extensive insider knowledge" that their products are causing
serious damage to young people's mental health.

https://www.cnet.com/news/social-media/meta-facing-8-lawsuits-that-allege-its-addictive-algorithms-harm-young-users/

------------------------------

Date: Wed, 8 Jun 2022 07:22:56 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: How Safe Are Systems Like Tesla's Autopilot. No One Knows.
(NYTimes)

Automakers and technology companies say they are making driving safer, but
verifying these claims is difficult.

https://www.nytimes.com/2022/06/08/technology/tesla-autopilot-safety-data.html

------------------------------

Date: Wed, 8 Jun 2022 07:25:11 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Fraud and Identity Theft Trial to Test American Anti-Hacking Law
(NYTimes)

A woman is accused of downloading data of more than 100 million Capital One
customers. Her lawyers argue a conviction would criminalize legitimate
research practices.

https://www.nytimes.com/2022/06/08/technology/capital-one-hacker-trial.html

------------------------------

Date: Wed, 8 Jun 2022 10:51:46 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: SSNDOB Marketplace Seized And Dismantled In International Operation
(DOJ)

Department of Justice, U.S. Attorney's Office, Middle District of Florida
Tuesday, June 7, 2022

Tampa, Florida -- United States Attorney Roger B. Handberg, along with
Special Agent in Charge Darrell Waldon for the IRS -- Criminal Investigation
Washington D.C. Field Office, and Special Agent in Charge David Walker for
the FBI -- Tampa Division, today announced the seizure of the SSNDOB
Marketplace, a series of websites that operated for years and were used to
sell personal information, including the names, dates of birth, and Social
Security numbers belonging to individuals in the United States. The SSNDOB
Marketplace has listed the personal information for approximately 24 million
individuals in the United States, generating more than $19 million USD in
sales revenue.

https://www.justice.gov/usao-mdfl/pr/ssndob-marketplace-series-websites-listed-more-20-million-social-security-numbers-sale

------------------------------

Date: Wed, 8 Jun 2022 00:28:27 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The next step in a long march: Expanding mobile voting in WashDC
(WashPost)

Martin Luther King III is a global human rights activist and chairman of the
Drum Major Institute.

Everything my father, the Rev. Martin Luther King Jr., fought for is under
attack. By some counts, things have gotten worse since my daughter was born
than they were when Dad was alive. Rights that Americans hold dear are under
assault across the country. Reproductive rights, the ability to be our full
selves and the very pillars of our democracy are growing weaker every single
day.

It's no accident that the erosion of our civil liberties has coincided with
the rolling back of voting rights in states across the country. When my
father marched for equality decades ago, he understood that voting rights
were a necessary part of the struggle for freedom and equality. Those on the
other side know it, too, which is why they've systematically made it harder
for Americans to vote. Eligibility requirements, polling locations and open
hours at the polls have all been manipulated to keep too many Americans from
being able to vote. In my home state of Georgia, they've even made it a
crime to give water to people standing in line to vote.

Our democracy is in crisis. That's why we mobilized this year to press for
new federal voting rights legislation to ensure that the right to vote is
not merely an aspiration but a reality, and to guarantee that every eligible
voter, regardless of race, ethnicity or location, can access and cast a
ballot knowing that it counts. But we don’t need to wait on Congress to take
action. There are efforts across the country to expand access to the ballot,
including in our nation's capital.

The D.C. Council is considering legislation to make voting easier and more
accessible by adding a mobile voting option for all voters. This bill would
tear down barriers to access and make it dramatically easier for everyone to
participate fully in our democratic process by allowing voting from
smartphones, tablets or computers.

https://www.washingtonpost.com/opinions/2022/06/03/next-step-long-march-expanding-mobile-voting-dc/

[Well, RISKS readers should know this violates the Einstein Principle.
This is TOO SIMPLE, because all of the computer systems and networks
involved can be hacked externally or manipulated by untrustworthy
insiders, or perhaps both at the same time -- concurrent rigging and
counterrigging. That's another intesting twist on which side can
counterrig the other side's riggings, and then do its own rigging. I
don't think you can Wriggle out of that one, but I regret that I have to
keep bringing it up. PGN]

------------------------------

Date: Tue, 7 Jun 2022 13:26:59 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Canada's favorite coffee chain was covertly data mining the
sh*t out of people who just wanted cheap coffee, and they got outed
by the government twitter)

https://twitter.com/internetofshit/status/1533517593637662720

------------------------------

Date: Fri, 10 Jun 2022 10:37:29 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Superworms Eat -- and --Survive on Polystyrene
(Scientific American)

[Not computer risks-related, but a notable story on plastic recycling.]

https://www.scientificamerican.com/article/superworms-eat-and-survive-on-polystyrene/

These worms consume polystrene with microbiomes tuned for purpose. That's
great news for those with a need to breakdown and dispose of a normally
non-recycled modern packaging material.

What to do with the worms after their buffet? Feed them to farmed fish?

An unenviable destiny awaits these beneficial lifeforms.

------------------------------

Date: Thu, 9 Jun 2022 13:03:11 -0700
From: Steve Bacher <seb...@verizon.net>
Subject: Re: WashDC stop-sign camera brought in $1.3 million in tickets in 2
years (RISKS-33:25)

I realize that this item is not RISKS material, but I couldn't help reacting
as the story appeared within a day after my RISKS comment showed up in the
digest. It illustrates so remarkably the point I was making.

https://www.latimes.com/california/story/2022-06-08/cancer-groups-raise-alarm-about-losing-funds-to-track-california-cases

Cancer researchers fear that**shrinking**funding for a program that tracks
cancer cases across California could threaten its future. [...] The
program has relied in part on state tax revenue from cigarette sales under
Proposition 99, a 1988 ballot measure that boosted taxes by 25 cents per
pack. As that revenue has fallen, the cancer registry program is expected
to see a budget decrease of $1.6 million, driven largely by the decline in
tobacco sales, according to figures provided by the California Department
of Finance.

------------------------------

Date: Wed, 8 Jun 2022 17:35:47 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: The Evolution of Money: Cryptocurrency Regulation (WashPost)

With Rostin Behnam, Dante Disparte, Sens. Kirsten Gillibrand (D-N.Y.),
Cynthia Lummis (R-Wyo.) & Tomicah Tillemann

https://www.washingtonpost.com/washington-post-live/2022/06/08/evolution-money-cryptocurrency-regulation/

This was MUCH more interesting than I expected -- and longer, too. About 90
minutes, with Grayscale commercial blather in the middle.

Random notes I took:

Suggestion FDIC insure accounts.

19,000 coins exist.

Web 3 is wonderful.

SEC/CFTC disagree on who should regulate what.

I learned about this: https://www.investopedia.com/terms/h/howey-test.asp

KYC and AML were used without being defined (bad practice in
presentations/interviews); I knew KYC but looked up AML and then remembered.

U.S. sent big bucks to Ukraine via cryptocurrency.

Sen. Lummis is BIG Bitcoin fan, called it "solid value store"; she's a
HODLER.

Surprise, crypto correlates with stock market -- but might decouple someday.

Grayscale calls crypto "investable asset class".

Crypto needs new regulation.

Crypto has intrinsic value.

There's now a "Cambrian explosion" of coins -- and that's wonderful.

Not represented was the viewpoint that there's nothing there there.
[hear hear! PGN]

------------------------------

Date: Fri, 10 Jun 2022 11:51:37 -0600
From: "Cipher Editor" <cipher...@ieee-security.org>
Subject: The History of Information Security the Computer Age
(Andrew J, Stewart, reviewed by Sven Dietrich)

Cipher Newsletter: IEEE CIPHER, Issue 167, June 9, 2022

Book Review By Sven Dietrich
8 June 2022

"A Vulnerable System: The History of Information Security in the Computer Age"
by Andrew J. Stewart

Cornell University Press 2022, ISBN 978-1-5017-589-42 303 pages

Haven't you always wondered about the backstories and the anecdotes in the
history of information security? What were the early motivations of computer
security? How did all those concepts come about?

If that is what you are wondering about, you are in luck: Andrew J. Stewart
acts as a historian and digs into the history of information security in
this new book. While other writers have provided insights into the history
of cryptography, in this work we learn about the Orange Book, the early
attacks on computer systems, and how it all evolved to current times.

Andrew J. Stewart's book "A Vulnerable System: The History of Information
Security Age" takes a stab at shining light into the far and dark corners of
computer security. It mentions some names of early-day computer security
researchers that I had the honor of meeting in the Claremont Tower Suite
("606") at the Security and Privacy conference in the late 1990s. It
includes stories about the creation of the Internet as well.

The book is divided into several chapters and contains an extensive
bibliography from popular science sources and research articles in
supplement to the many contextual and chapter-related notes at the end of
the book. The introduction mentioning the "Three Stigmata" is followed by a
chapter on 'A "New Dimension" for the Security of Information', 'The
Promise, Success, and Failure of the Early Researchers', 'The Creation of
the Internet and the Web, and a Dark Portent', 'The Dot-Com Boom and the
Genesis of a Lucrative Feedback Loop', 'Software Security and the "Hamster
Wheel of Pain", 'Usable Security, Economics, and Psychology', 'Vulnerability
Disclosure, Bounties, and Markets', 'Data Breaches, Nation-State Hacking,
and Epistemic Closure', and 'The Wicked Nature of Information Security'.

The author writes in an easily accessible style, allowing the reader to gain
a good overview of computer security at various stages of development, from
the mid-20th-century events to the late 2010s, and to delve deeper either by
following the notes at the back of the book (there are over 70 pages of
them!), or even by reading the relevant research articles that are
referenced in the select (and somewhat short) bibliography. Most topics are
covered this way and this lends a curious reader to complement their
scientific knowledge with amusing or eye-opening anecdotes.

Some topics, such as vulnerability disclosure, are approached in a
controversial manner, but then again those topics are controversial in real
life. Also there are surprising shortcomings: while the book takes note of
cyberattacks, including general and nation-state ones, there is no mention
of distributed denial-of-service (DDoS) attacks for example, even though he
mentions the Morris worm attack from 1988.

I enjoyed reading this book: some of the anecdotes brought back fond (or not
so fond, depending on how you look at computer security events) memories for
me, spanning the last three decades or so. Perhaps it will intrigue you as
well.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.27
************************

Reply all
Reply to author
Forward
0 new messages