info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 33.49
36 views
Skip to first unread message
RISKS List Owner
Oct 26, 2022, 12:26:42 AM10/26/22
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2022 Volume 33 : Issue 49
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.49>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Nuclear War Simulator Creator Says Public Must Know Potential Destruction
(Aristos Georgiou)
Climate Change Threatens Supercomputers (Jacklin Kwan)
The computer errors from outer space (bbc.com)
NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ... (danny burstein)
AI Language Models Show Bias Against People with Disabilities, Study Finds
(Penn State)
A new AI model can accurately predict human response to novel drug compounds
(phys.org)
We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Alternatives to Twitter (Lauren Weinstein)
A prudent approach to Musk and Twitter (Lauren Weinstein)
Twitter reportedly has a user retention problem (Lauren Weinstein)
TikTok and Facebook fail to detect election disinformation in the U.S.,
while YouTube succeeds (Global Witness)
Behind TikTok's Boom: A legion of traumatised, $10-a-day content moderators
(The Bureau Investigates)
ACM Highlights Underuse of Risk-Limiting Audits in Confirming Accuracy of
Election Results (ACM)
Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Internet Of Dangerous Things (Henry Baker)
In the ultimate Amazon smart home, each device collects your data (WashPost)
GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Cuban Defector Flies Stolen An-2 To Florida (AVweb)
How to miss potentially important Google Chat notifications (LW)
Police Are Using DNA to Generate 3D Images of Suspects They've Never Seen
(Vice)
Even After $100 Billion, Self-Driving Cars Are Going Nowhere (Bloomberg)
Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
Heat from fingertips can be used to crack passwords, researchers find
(Yahoo! News)
Zillow bug (Jan Woliltzky)
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
Google drops Chrome support for Windows 7 (Lauren Weinstein)
Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
(Car and Driver)
Planned cuts at Twitter likely to hurt content moderation, user security
(WashPost)
Devastating Report: Twitter may fire 75% of workers, gut content moderation
and decimate infrastructure (WashPost)
The vulnerability of transformers-based malware detectors to adversarial
attacks (techxplore.com)
Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware
(Bill Toulas)
How a Microsoft blunder opened millions of PCs to potent malware attacks
(Ars Technica)
Microsoft Office 365 email encryption could expose message content
(Bleeping Computer)
Google's "passkey" effort (Twitter)
How Your Shadow Credit Score Could Decide Whether You Get an Apartment
(ProPublica)
U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD)
The danger of advanced artificial intelligence controlling its own feedback
(techxplore.com)
Toyota exposed 300,000 customer email addresses for 5 years (Techcrunch)
Parler leaked email addresses for Ivanka Trump, other 'VIPs' in Kanye West
announcement (Mashable)
Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers
(Matthew Sparkes)
Deception Detection (RAND)
Re: AI-driven 'thermal attack' system reveals computer and smartphone
passwords in seconds (Steve Bacher)
Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked Bags
(Jan Wolitzky)
Re: Not a physical DDoS attack on the Australian Postal system (John Levine)
Re: Automatic emergency braking is not great at preventing crashes. at
normal speeds (Martin Ward)
Article about CHERI (Rik Farrow)
U.S. National Security Strategy report (The White House)
Book on Digital Ethics (Christian Fuchs)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 24 Oct 2022 11:59:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Nuclear War Simulator Creator Says Public Must Know Potential
Destruction (Aristos Georgiou)
Aristos Georgiou, *Newsweek*, 19 0ct 2022, via ACM TechNews, 24 Oct 2022
A computer scientist created a nuclear war simulator to demonstrate atomic
weapons' destructive potential to the public. Christopher Minson said
Russia's war in Ukraine has elevated traffic to his website, which hosts a
map tool for modeling an attack on the U.S. involving approximately 1,200
nuclear warheads. Minson based the tool on databases of warhead yields and
targets derived from declassified information; he then compiled a database
of census data, and mapped populations to target sites. Minson said the
system correlates this data and executes a two-hour attack, calculating
casualties from known impact and population size, and modeling the spread of
fallout. "It is critical that the public understands this threat," he said.
"They need to see, clearly and viscerally, just how universal and
destructive a nuclear war would be."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx23708fx072432&
------------------------------
Date: Wed, 12 Oct 2022 15:16:14 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Climate Change Threatens Supercomputers (Jacklin Kwan)
Jacklin Kwan, *Science*, 11 Oct 2022, via ACM TechNews, 12 Oct 2022
Climate change is jeopardizing the operation of high-performance computing
(HPC) facilities. Natalie Bates at the U.S. Department of Energy's Lawrence
Livermore National Laboratory (LLNL) said such facilities, which include
supercomputers and data centers, are vulnerable due to their high cooling
demands and massive energy use. Increased humidity driven by climate change
can reduce the efficiency of the evaporative coolers many HPC centers depend
on, and also can threaten the systems with blowouts. Hewlett Packard
Enterprise's Nicolas Dub=C8 said the high cost of upgrades to adapt to such
changes has driven some HPC centers to cooler and drier locations like
Canada and Finland. LLNL's Anna-Maria Bailey said the cost of relocation may
be unaffordable, so the California facility is considering moving its
computers underground.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f638x236c48x071990&
------------------------------
Date: Thu, 13 Oct 2022 00:26:49 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The computer errors from outer space (bbc.com)
https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors
"When computers go wrong, we tend to assume it's just some software hiccup,
a bit of bad programming. But ionising radiation, including rays of protons
blasted towards us by the sun, can also be the cause. These incidents,
called single-event upsets, are rare and it can be impossible to be sure
that cosmic rays were involved in a specific malfunction because they leave
no trace behind them."
As silicon features reduce to near atomic dimensions (approaching 1
nanometer == 10), these events are likely increase their frequency. The
biggest supercomputers contain very high-density physical memory pools.
Administrators and reliability engineers battle with row-level memory
failures constantly.
See https://catless.ncl.ac.uk/Risks/30/15#subj6.1. There are at least 10
prior comp.risks posts containing the term "cosmic ray."
------------------------------
Date: Sat, 15 Oct 2022 23:25:02 +0000 ()
From: danny burstein <dan...@panix.com>
Subject: NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ...
In NYC, the "911" calls come into a central "public safety answering
position" ("psap"). If the emergency required EMS or fire response, it's
transferred to the fire dep't center and then dispatched from there.
The FDNY dispatch and control system was crippled for half a day earlier
this week because...
... a contractor, thinking he was pushing an "open the door, Hal", button,
lifted the cover on a button labeled "EPO"...
Which stood for... "emergency power off".
Ok, everyone, start cringing... Including asking why, in addition to not
having a secondary "hot standby" system, it took *hours* to bring this back
up.
[NY Post]
Oops! FDNY contractor presses wrong button, shuts down NYC's emergency
dispatch system
An outside contractor making repairs at the FDNY's emergency dispatch
center in downtown Brooklyn pressed the wrong button to open a door -- and
shut down the agency's communications system, triggering an hours-long
citywide crisis.
Wednesday's snafu at the FDNY's MetroTech Center facility forced staffers
to rely on ancient methods - pens, paper and telephones rather than
digital systems -- to gather facts and get word to first responders as 911
calls came in, officials for unions representing the agency's dispatchers
and medics told The Post.
Delays responding to emergency calls ranged from a few minutes to more
than an hour, said Oren Barzilay, president of Local 2507, which
represents city EMTs and paramedics. [...]
The shutdown occurred around 11 a.m. when a repairman from communications
company Lightpath responded to a report of an earlier glitch at the data
center. [...]
The repairman mistook a glass-enclosed button, marked "EPO" for "emergency
power off," for an electronic door release button, so he opened the lid and
accidentally shut down the system, workers recalled. [...[
The agency's radio systems were down until 2:30 p.m., and mobile data
terminals out in the field weren't fully operational until 6 p.m., Smyth
and Barzilay said.
https://nypost.com/2022/10/15/fdny-contractor-presses-wrong-button-shuts-down-emergency-dispatch-system/
------------------------------
Date: Wed, 19 Oct 2022 12:21:15 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: AI Language Models Show Bias Against People with Disabilities,
Study Finds (Penn State)
Jessica Hallman, Penn State News, 13 Oct 2022, via ACM TechNews, 19 Oct 2022
Pennsylvania State University (Penn State) researchers found that natural
language processing models often are biased against people with
disabilities. The researchers studied 13 popular machine learning models
trained to generate sequences of words, and tested over 15,000 unique
sentences on each model to produce word associations for over 600 adjectives
that could be associated with individuals with or without disabilities. The
researchers assessed the sentiment of each adjective generated as positive,
negative, or neutral, finding that sentences with disability-related words
scored more negatively than sentences lacking them. Penn State's Pranav
Venkit said the work demonstrates "that people need to care about what sort
of models they are using and what the repercussions are that could affect
real people in their everyday lives."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f706x236eaex072403&
------------------------------
Date: Tue, 18 Oct 2022 12:39:57 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: A new AI model can accurately predict human response to novel drug
compounds (phys.org)
https://phys.org/news/2022-10-ai-accurately-human-response-drug.html
"The journey between identifying a potential therapeutic compound and Food
and Drug Administration approval of a new drug can take well over a decade
and cost upward of a billion dollars. A research team at the CUNY Graduate
Center has created an artificial intelligence model that could significantly
improve the accuracy and reduce the time and cost of the drug development
process."
The AI yields a number that supposedly determines the outcome from
swallowing a pill or undergoing IV infusion.
Reduce pharmaceutical company operating and R&D expenses for drug approval:
substitute machine decisions for double-blind random control trials and
other FDA-mandated processes. Regulatory processes safeguard public health
and safety.
[Heuristic, perhaps nondeterministic, no need for testing, expensive
controlled trials, long delays, and regulation, what could possibly go
wrong? PGN]
------------------------------
Date: Sun, 16 Oct 2022 12:32:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Zeynep Tufekci, The New York Times, 16 Oct 2022
We Should Try to Prevent Another Alex Jones
https://www.nytimes.com/2022/10/16/opinion/alex-jones-sandy-hook.html
PGN notes: Zeynep comments on her own article:
On the Alex Jones Verdict: The Very, Very Lucrative World of Lying
https://www.theinsight.org/p/on-the-alex-jones-verdict-the-very
My latest piece for *The New York Times* returns to a key question: how
should we grapple with the current historic transformation of the public
sphere? I focus on the Alex Jones trial and verdict, but my question is
about the future: what can we do, what should we do, to prevent future
cases?
I suggest that we take a closer look at money as an incentive, and also
focus on friction as an answer. [...] ZT
------------------------------
Date: Fri, 21 Oct 2022 15:42:41 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Alternatives to Twitter
Starting to see articles pushing for the creation of an alternative to
Twitter for people who aren't horrible. Not a new idea. Let's see if anyone
with money puts it where their mouths are. Not holding my breath. -L
------------------------------
Date: Sun, 23 Oct 2022 17:13:33 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: A prudent approach to Musk and Twitter
It would be prudent for @Twitter users *right now* to start planning how
they would deal with a return of mass hate speech and disinformation to
TWitter, and how they will hold @Twitter, @Apple, @Google and other related
ecosystem stakeholders responsible. -L
------------------------------
Date: Tue, 25 Oct 2022 15:05:08 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Twitter reportedly has a user retention problem
So apparently @Twitter has a problem with retaining "power users". Could
be. ProTip: Flooding Twitter with hate speech and disinformation a la Musk's
Twitter isn't likely to help those retention metrics at all. Quite the
opposite.
And creating a firestorm of negative media and regulator (e.g., EU)
attention by embracing hate speech and disinformation isn't gonna help the
business stuff either. All the oxygen will be sucked out of the room. -L
------------------------------
Date: Fri, 21 Oct 2022 10:36:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: TikTok and Facebook fail to detect election disinformation in the
U.S., while YouTube succeeds (Global Witness)
https://www.globalwitness.org/en/campaigns/digital-threats/tiktok-and-facebook-f
ail-detect-election-disinformation-us-while-youtube-succeeds/
------------------------------
Date: Sun, 23 Oct 2022 20:34:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Behind TikTok's Boom: A legion of traumatised, $10-a-day content
moderators (The Bureau Investigates)
https://www.thebureauinvestigates.com/stories/2022-10-20/behind-tiktoks-boom-a-legion-of-traumatised-10-a-day-content-moderators
------------------------------
Date: Fri, 14 Oct 2022 12:10:42 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: ACM Highlights Underuse of Risk-Limiting Audits in Confirming
Accuracy of Election Results
Association for Computing Machinery, 13 Oct 2022,
via ACM TechNews, October 14, 2022
Despite their efficiency in confirming the accuracy of election results,
risk-limiting audits (RLAs) are underused, according to a new TechBrief from
ACM's global Technology Policy Council. The authors found only five
U.S. states will require then in the upcoming November elections, while just
10 additional states either have RLA pilot programs or allow their
use. Meanwhile, Denmark is the only other country to have performed an RLA
of an election. "RLAs give us the best of both worlds: a high degree of
accuracy and transparency without the enormous undertaking that is counting
every contest on every ballot by hand," said TechBrief co-lead author
Matthew Bernhard.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f684x236d1fx072707&
[Risks? If you don't believe in science and technology, you most
likely won't believe in RLAs. See the CACM Inside Risks article:
Rebecca T. Mercuri and Peter G. Neumann,
The Risks of Election Believability (or Lack Thereof),
CACM June 2021:
http://www.csl.sri.com/neumann/cacm251.pdf
What can be done to get more people understanding science and tech?
PGN]
------------------------------
Date: Sat, 22 Oct 2022 21:12:52 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Emennet Pasargad, the Iranian cyberthreat actors behind an attempt to
disrupt the U.S. presidential election in 2020, remain active, warns
the FBI.
https://www.govinfosecurity.com/iran-hackers-behind-attempt-on-us-election-are-still-active-a-20310
www.govinfosecurity.com
------------------------------
Date: Thu, 20 Oct 2022 18:51:16 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Internet Of Dangerous Things -- IoDT
I recently stayed in a brand new hotel in the Bay Area, and it had a
*Bluetooth Mirror* in the bathroom.
For the life of me, I can't imagine what geek's bright idea this
Bluetooth-enabled mirror was, but it's right up there with 'smart rocks'
(wifi-enabled boulders???).
The *misuses* of this idea far exceed the *uses*, by many orders of
magnitude.
[NOT] Attached is a screenshot of my phone after pairing with this dumbest
of all ideas. The mirror apparently has the same SW as a BT boombox, so you
can call your phone on the throne? [Hone alone?]
Notice that I didn't allow this mirror to access my *contacts*, but if I
had, it would have downloaded all 2000+ of them, I presume.
I don't think that this mirror had a camera, but in today's world, I
wouldn't be too sure.
[I understand that some hotel rooms now come complete with either Amazon's
*Alexa* or Google's *OK Google*, so you're now under 24x7 surveillance.]
------------------------------
Date: Tue, 18 Oct 2022 17:20:18 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: In the ultimate Amazon smart home, each device collects your data
(WashPost)
Here's everything Amazon learns about your family, your home and you.
https://www.washingtonpost.com/technology/interactive/2022/amazon-smart-home
Toilet, garage, car, doorbell, Roomba, TV, lights/switches/shades, exercise
band, router, soap dispenser (!), medicines, pantry, Whole Foods, air
quality, thermostat, more.
------------------------------
Date: Fri, 21 Oct 2022 10:31:23 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Episode lasting almost 2 days prompted the closure of a runway at Dallas
airport.
The Federal Aviation Administration is investigating the cause of mysterious
GPS interference that, over the past few days, has closed one runway at the
Dallas-Fort Worth International Airport and prompted some aircraft in the
region to be rerouted to areas where signals were working properly.
The interference first came to light on Monday afternoon when the FAA issued
an advisory over ATIS (Automatic Terminal Information Service). It warned
flight personnel and air traffic controllers of GPS interference over a
40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory
read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF
DFW. [...]
https://arstechnica.com/information-technology/2022/10/cause-is-unknown-for-mysterious-gps-outage-that-rerouted-texas-air-traffic/
"This week's event appears similar to one that, according to GPSWorld,
played out in Denver last January. In the January episode, aircraft in a
50-nautical-mile swath of airspace around the airport reported unreliable
GPS for more than 33 hours."
https://www.gpsworld.com/what-happened-to-gps-in-denver/
------------------------------
Date: Mon, 24 Oct 2022 14:49:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Cuban Defector Flies Stolen An-2 To Florida (AVweb)
A Cuban pilot defected to Florida on Friday but there won't be much
intelligence to be gleaned from the government aircraft he stole. The pilot,
identified by a Spanish publication as Ruben Martinez, flew an ancient
Antonov An-2 single-engine biplane at wavetop level before landing at
Dade-Collier Training and Transition Airport in the Everglades.
The TSA and Customs and Border Protection are, of course, interested in how
the school-bus sized relic of the Soviet era was able to sneak through one
of the most surveilled coastlines in the country.
https://www.avweb.com/aviation-news/cuban-defector-flies-stolen-an-2-to-florida/
------------------------------
Date: Thu, 20 Oct 2022 12:46:56 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: How to miss potentially important Google Chat notifications
There appears to be a significant flaw in the Google Chat notification model
that can easily cause desktop users to be unaware of important chat replies
for hours, days -- or indefinitely. It happened to me.
These notification issues may relate to the hangouts->chat migration. On
(linux) desktops, there's no longer a native official Google Chat app, so if
Chrome isn't running there are apparently no related desktop notifications.
The desktop notification that Chrome throws when running (even when not
showing Gmail) is momentary, if you're not around at the moment it pops you
won't see or hear it.
------------------------------
Date: Thu, 13 Oct 2022 11:55:30 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Police Are Using DNA to Generate 3D Images of Suspects They've
Never Seen (Vice)
Releasing one of these Parabon images to the public like the Edmonton Police
did recently, is dangerous and irresponsible, especially when that image
implicates a Black person and an immigrant.
On Tuesday, the Edmonton Police Service (EPS) shared a computer generated
image of a suspect
<https://www.edmontonpolice.ca/News/MediaReleases/DNAPhenotypeOct4> they
created with DNA phenotyping, which it used for the first time in hopes of
identifying a suspect from a 2019 sexual assault case. Using DNA evidence
from the case, a company called Parabon NanoLabs created the image of a
young Black man. The composite image did not factor in the suspect's age,
BMI, or environmental factors, such as facial hair, tattoos, and scars. The
EPS then released this image to the public, both on its website and on
social media platforms including its Twitter, claiming it to be ``a last
resort after all investigative avenues have been exhausted.'' The EPS's
decision to produce and share this image is extremely harmful, according to
privacy experts, raising questions about the racial biases in DNA
phenotyping for forensic investigations and the privacy violations of DNA
databases that investigators are able to search through.
In response to the EPS's tweet of the image, many privacy and criminal
justice experts replied with indignation at the irresponsibility of the
police department. Callie Schroeder, the Global Privacy Counsel at the
Electronic Privacy Information Center, retweeted the tweet, questioning the
usefulness of the image: ``Even if it is a new piece of information, what
are you going to do with this? Question every approximately 5'4" black man
you see? ...that is not a suggestion, absolutely do not do that.'' [...]
https://www.vice.com/en/article/pkgma8/police-are-using-dna-to-generate-3d-images-of-suspects-theyve-never-seen
------------------------------
Date: Thu, 13 Oct 2022 00:23:25 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Even After $100 Billion, Self-Driving Cars Are Going Nowhere
(Bloomberg)
They were supposed to be the future. But prominent detractors -- including
Anthony Levandowski, who pioneered the industry -- are getting louder as the
losses get bigger.
https://www.bloomberg.com/news/features/2022-10-06/even-after-100-billion-self-driving-cars-are-going-nowhere
------------------------------
Date: Tue, 25 Oct 2022 13:46:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
Eleven people were killed in U.S. crashes involving vehicles that were using
automated driving systems during a four-month period earlier this year,
according to newly released government data, part of an alarming pattern of
incidents linked to the technology.
https://www.autosafety.org/11-more-crash-deaths-are-linked-to-automated-tech-vehicles
11 people in four months? Out of how many total killed on roads in that
time?
More meaningful would be deaths/miles driven with and without automated
technologies.
------------------------------
Date: Sat, 22 Oct 2022 10:15:48 +0900
From: David Farber <far...@keio.jp>
Subject: High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
https://www.wired.com/story/high-tech-cars-killing-the-traditional-auto-repair-shop/
[PGN Note: This reminds me of the wonderful old Alex Guiness film:
The Man in The White Suit, 1951
Sidney ("Sid") Stratton, a brilliant young research chemist and former
Cambridge scholarship recipient, has been dismissed from jobs at several
textile mills in the north of England because of his demands for expensive
facilities and his obsession with inventing an everlasting fibre. Whilst
working as a labourer at the Birnley Mills, he accidentally becomes an
unpaid researcher and invents an incredibly strong fibre which repels dirt
and never wears out. From this fabric, a suit is made-which is brilliant
white because it cannot absorb dye and slightly luminous because it
includes radioactive elements.
Stratton is lauded as a genius until both management and the trade unions
realise the consequence of his invention; once consumers have purchased
enough cloth, demand will drop precipitously and put the textile industry
out of business. The managers try to trick and bribe Stratton into signing
away the rights to his invention but he refuses. Managers and workers each
try to shut him away, but he escapes. Wikipedia]
[Perhaps fortunately for the mechanics, self-driving cars are still a
long way from trustworthy. The diagnostic tools are good enough that
they can quickly identify which chip to replace, the tools are
presumably proprietary so it is more difficult for you to do your own
maintenance, and mechanics can probably charge you large rates for
maintenance even though it becomes trivial to change the part.
Furthermore, there still seems to be business for mechanics and body
shops (legal or otherwise), from accidents. Also, in that California's
Governor Newsom has made it illegal in California to buy a
stolen/stripped catalyic convertor, that has apparently not stopped the
thieves and the blackmarket for precious metals. PGN]
------------------------------
Date: Thu, 13 Oct 2022 11:51:37 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Heat from fingertips can be used to crack passwords, researchers
find (Yahoo! News)
Heat-detecting cameras can help crack passwords up to a minute after typing
them, researchers have found, as they warn similar systems could be
developed by criminals to break into computers and smartphones.
Heat from people's fingertips can be detected on recently-used keyboards
and, when thermal images were combined with the help of artificial
intelligence, informed guesses of what the password could be were made by a
tool developed by researchers at the University of Glasgow.
Some 86% of passwords were cracked when thermal images were taken within 20
seconds of typing in the secret code and put through their ThermoSecure
system, and 76% when within 30 seconds. Success dropped to 62% after 60
seconds of entry.
They also found within 20 seconds, the system was capable of successfully
attacking even long passwords of 16 characters, with a rate of up to 67%
correct attempts.
It's important that computer security research keeps pace with these
developments to find new ways to mitigate risk, and we will continue to
develop our technology to try to stay one step ahead of attackers. [...]
https://news.yahoo.com/heat-fingertips-used-crack-passwords-102357016.html
------------------------------
Date: Wed, 19 Oct 2022 08:56:47 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Zillow bug
Q: What's wrong with these Cambridge, MA, listings?
https://www.zillow.com/homedetails/21-Day-St-Cambridge-MA-02140/2061016351_zpid/
https://www.zillow.com/homedetails/3-Jarvis-St-Cambridge-MA-02138/2061087683_zpid/
https://www.zillow.com/homedetails/6607-Bellis-Ct-Cambridge-MA-02140/2061083868_zpid/
https://www.zillow.com/homedetails/56-Scott-St-Cambridge-MA-02138/2061087954_zpid/
https://www.zillow.com/homedetails/14-Alpine-St-Cambridge-MA-02138/2061083680_zp
id/
A: They're all really in Cambridge ON (Ontario), Canada. (In some cases,
the street names are a bit off. Usually, "street" instead of "road", but
"Bellis" is actually "Ellis".)
I don't know what's gotten into Zillow, but they seem to have a problem!
------------------------------
Date: Thu, 13 Oct 2022 12:04:38 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
The attacks showcase broader security concerns as phishing grows in volume
and sophistication, especially given that Windows Defender's Safe Links
feature for identifying malicious links in emails completely failed in the
campaign.
https://www.darkreading.com/attacks-breaches/real-estate-phish-1000s-credentials-escalating-cyber-risk
------------------------------
Date: Tue, 25 Oct 2022 12:34:07 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google drops Chrome support for Windows 7
So @googlechrome is apparently dropping updates for Windows 7 early next
year. From a purely logical standpoint for @Google this makes complete and
utter sense. However, given the VERY high number of people still using
Windows 7 for important applications, there's a real risk. -L
------------------------------
Date: Thu, 20 Oct 2022 16:33:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
https://www.caranddriver.com/news/a41710516/driver-safety-abuse-semi-autonomous-technology-insurance-institute/
[But not if they have been reading RISKS? PGN]
------------------------------
Date: Thu, 20 Oct 2022 19:38:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Planned cuts at Twitter likely to hurt content moderation, user
security (WashPost)
Previously unreported details shed new light on Twitter's motivations for
selling the company -- and Elon Musk's plans to transform it.
Twitter's workforce is likely to be hit with massive cuts in the coming
months, no matter who owns the company, interviews and documents obtained by
*The Washington Post* show, a change likely to have major impact on its
ability to control harmful content and prevent data security crises.
Elon Musk told prospective investors in his deal to buy the company that he
planned to get rid of nearly 75 percent of Twitter's 7,500 workers,
whittling the company down to a skeleton staff of just over 2,000.
------------------------------
Date: Thu, 20 Oct 2022 14:57:22 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Devastating Report: Twitter may fire 75% of workers, gut content
moderation and decimate infrastructure (WashPost)
https://www.washingtonpost.com/technology/2022/10/20/musk-twitter-acquisition-staff-cuts/
------------------------------
Date: Wed, 19 Oct 2022 00:25:20 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The vulnerability of transformers-based malware detectors to
adversarial attacks (techxplore.com)
https://techxplore.com/news/2022-10-vulnerability-transformers-based-malware-detectors-adversarial.html
Malware detection techniques are challenged by hackers, APTs, etc. who
adjust payload signatures that avoid detection. The arms race continues.
------------------------------
Date: Mon, 24 Oct 2022 11:59:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Thousands of GitHub Repositories Deliver Fake PoC Exploits
with Malware (Bill Toulas)
Bill Toulas, *BleepingComputer*, 23 Oct 2022,
via ACM TechNews, 24 Oct 2022
Researchers at the Leiden Institute of Advanced Computer Science in the
Netherlands discovered thousands of GitHub repositories offering fake
proof-of-concept (PoC) exploits for various vulnerabilities, including
malware. The researchers analyzed slightly more than 47,300 repositories
promoting exploits for vulnerabilities disclosed between 2017 and 2021 using
Internet Protocol (IP) address analysis, binary analysis, and hexadecimal
and Base64 analysis. Over 2,800 of 150,734 unique IPs extracted matched
blocklist entries, 1,522 were labeled malicious in antivirus scans on Virus
Total, and 1,069 of them were in the AbuseIPDB database. The researchers
designated 4,893 of 47,313 tested repositories malicious, with most focusing
on vulnerabilities from 2020. The researchers advised software testers to
thoroughly vet the PoCs they download, and to run as many checks as possible
before execution.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx237093x072432&
------------------------------
Date: Tue, 18 Oct 2022 01:20:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How a Microsoft blunder opened millions of PCs to potent malware
attacks (Ars Technica)
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#windows-security-app
------------------------------
Date: Fri, 14 Oct 2022 10:39:13 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Microsoft Office 365 email encryption could expose message content
(Bleeping Computer)
Doing encryption well ain't easy. -L
https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryp
tion-could-expose-message-content/
------------------------------
Date: Sat, 15 Oct 2022 09:52:42 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google's "passkey" effort
https://twitter.com/laurenweinstein/status/1581325271810027523
I have long advocated for FIDO U2F security keys as the preferred multiple
factor authentication model, and have suggested explicitly that "passwords
must die". So it's natural that I'm being asked about the @google "passkey"
initiative.
There are multiple aspects to this. An obvious one is how rapidly sites will
implement this method. Given the glacial speed with which many financial
institutions have implemented crude 2-factor like text messaging and have
delayed U2F key implementations, I am not optimistic.
Of even more concern is the sense that the methodology of passkeys will
appeal mainly to the tech-savvy, and will be understandably resisted by many
everyday users, who will find the model overly complex and difficult to
trust for that reason.
This presents a familiar dilemma: persons who already are careful with their
authentication security will benefit but the users most in need of improved
security and who are most vulnerable largely will not -- especially if they
don't use multiple devices and 24/7 smartphones.
The upshot isn't that passkeys won't have a place -- they will -- but that I
suspect they will not be accepted by a significant proportion of sites and
users, keeping in mind that many people even refuse to use ordinary
autofill, especially for passwords or payment methods.
I have pointed out this problem with @google outreach to users many times
over the years, and again, while there have been some improvements, many
users are still being left behind, and that's very unfortunate indeed.
------------------------------
Date: Sun, 16 Oct 2022 22:27:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How Your Shadow Credit Score Could Decide Whether You Get an
Apartment (ProPublica)
Fuller learned her rental application had been screened by RentGrow, one of
more than a dozen companies that mine consumer databases to perform
background checks on tenants. A form emailed to her said RentGrow determined
she didn't meet applicant screening requirements, highlighting in yellow the
box labeled *credit history*.
The letter provided no further explanation. A RentGrow representative,
through an executive at its parent company, declined to comment. Habitat
America declined to respond to questions about Fuller's application from
ProPublica, citing privacy concerns.
You don't know why you got denied or if you were ever considered. It's
really murky out there.
------------------------------
Date: Thu, 13 Oct 2022 23:53:32 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD)
The toughest export restrictions yet cut off AI hardware and chip-making
tools crucial to China's commercial and military ambitions.
https://www.wired.com/story/us-chip-sanctions-kneecap-chinas-tech-industry
------------------------------
Date: Tue, 25 Oct 2022 06:41:49 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The danger of advanced artificial intelligence controlling its own
feedback (techxplore.com)
https://techxplore.com/news/2022-10-danger-advanced-artificial-intelligence-feed
back.html
"What we now call the reinforcement learning problem was first considered in
1933 by the pathologist William Thompson. He wondered: if I have two
untested treatments and a population of patients, how should I assign
treatments in succession to cure the most patients?
"More generally, the reinforcement learning problem is about how to plan
your actions to best accrue rewards over the long term. The hitch is that,
to begin with, you're not sure how your actions affect rewards, but over
time you can observe the dependence. For Thompson, an action was the
selection of a treatment, and a reward corresponded to a patient being
cured."
Without human oversight, a generalized superintelligence might be a "no
brainer" waiting to happen. Good script kiddie experiment.
------------------------------
Date: Wed, 12 Oct 2022 14:17:30 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Toyota exposed 300,000 customer email addresses for 5 years
(Techcrunch)
https://techcrunch.com/2022/10/12/toyota-customer-email-addresses-exposed/
------------------------------
Date: Tue, 18 Oct 2022 21:13:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Parler leaked email addresses for Ivanka Trump, other 'VIPs' in
Kanye West announcement (Mashable)
https://mashable.com/article/parler-leaks-vip-emails-kanye-west-ivanka-trump
------------------------------
Date: Mon, 17 Oct 2022 11:55:31 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers
(Matthew Sparkes)
Matthew Sparkes, *New Scientist*, 13 Oct 2022, via ACM TechNews, 17 Oct 2022
Jakob Moosbauer and Manuel Kauers at Austria's Johannes Kepler University
Linz bested an algorithm developed by artificial intelligence company
DeepMind with a program that can perform matrix multiplication more
efficiently. Earlier this month, DeepMind unveiled a method for multiplying
two five-by-five matrices in just 96 multiplications, out-performing a
more-than-50-year-old record. Moosbauer and Kauers reduced the process to 95
multiplications by testing multiple steps in multiplication algorithms to
see if they could be combined. Said Moosbauer, "We take an existing
algorithm and apply a sequence of transformations that at some point can
lead to an improvement. Our technique works for any known algorithm, and if
we are lucky, then [the results] need one multiplication less than before."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f6b4x236dbax072760&
------------------------------
Date: Thu, 20 Oct 2022 16:31:43 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Deception Detection (RAND)
A group of RAND Corporation researchers found that machine-learning (ML)
models can identify signs of deception during national security background
check interviews. The most accurate approach for detecting deception is an
ML model that counts the number of times that interviewees use common words.
https://www.rand.org/pubs/research_briefs/RBA873-1.html
[The? Er? Um? You-know? Well? PGN]
------------------------------
Date: Thu, 13 Oct 2022 15:28:45 -0700
From: Steve Bacher <seb...@verizon.net>
Subject: Re: AI-driven 'thermal attack' system reveals computer and
smartphone passwords in seconds (Techxplore)
This suggests to me that a good strategy to confound the thermal detectors
would be to use repeated characters in passwords. I doubt that the thermal
detection would be able to tell how many times a key was pressed, rather
than just the recency of a given key press. That would go against the common
assumption that repeated characters in passwords are a Bad Thing.
------------------------------
Date: Wed, 12 Oct 2022 17:49:13 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked
Bags (RISKS-33.48)
Never mind!
The airline reversed itself Wednesday, saying it had consulted with German
aviation authorities, who agreed that Bluetooth trackers were safe for
passengers to use.
https://www.nytimes.com/2022/10/12/travel/lufthansa-apple-airtags-luggage.html
------------------------------
Date: 12 Oct 2022 18:10:15 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Not a physical DDoS attack on the Australian Postal system
(Auspost)
If you read the reasons they give, I wouldn't call it a DoS attack but
rather yet another fragile supply chain. COVID caused a lot of mail that
would have normally been sent by air to be sent by sea, and it appears that
the places they inspect airmail are not the ones where they inspect sea
mail, what with airports and seaports being different.
It's like the Great Toilet Paper Shortage which turned out not to be that
there wasn't enough, but that there are different kinds for homes and
institutions. When everyone started staying home, it was not easy to
repackage and redirect the institutional kind for home use.
------------------------------
Date: Thu, 13 Oct 2022 10:41:00 +0100
From: Martin Ward <mar...@gkc.org.uk>
Subject: Re: Automatic emergency braking is not great at preventing crashes.
at normal speeds (RISKS-33.48)
Naturally, I would like more research into why so many cars are crashing
into the chicane (a large, clearly marked, immobile structure): but this is
not necessarily a bad thing. Crashing into a chicane is better than mowing
down a child. The chicane is, presumably, better signposted and more visible
than any small child, so any driver who crashed into the chicane is
presumably a risk to children, not just in the road but also on the
pavement: since the chicane hitter obviously has difficulty in keeping to
the road! Perhaps it is just as well that they are taken out of action
before they can do more serious harm?
------------------------------
Date: Thu, 13 Oct 2022 14:06:52 -0700
From: Rik Farrow <r...@rikfarrow.com>
Subject: Article about CHERI
I have long been interested in technology that might make computers more
secure, and have been watching one such project for over a decade. CHERI, a
combined software and hardware project, has now reached the
implemented-in-silicon stage: https://www.arm.com/architecture/cpu/morello.
I have written an article explaining the thinking behind CHERI and how
Microsoft engineers using CHERI believe that they can eliminate as much two
thirds of vulnerabilities in software that uses C or C++:
https://www.usenix.org/publications/loginonline/redesigning-hardware-support-sec
urity-cheri
CHERI provides hardware support for limiting the range of pointers as well
as support for mechanisms to prevent use-after-free bugs. CHERI provides
scalable compartmentalization, meaning that operating systems themselves can
be partitioned on memory boundaries without the performance expense of
changing context or flushing page caches. Overall, CHERI is a project that
may prove to be the most significant change in architecture in decades.
[Rik Farrow is the Editor of ;login: PGN]
------------------------------
Date: Thu, 13 Oct 2022 10:22:43 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: U.S. National Security Strategy report
The White House has released its National Security Strategy report,
The full report is at
https://www.whitehouse.gov/wp-content/uploads/2022/10/Biden-Harris-Administrations-National-Security-Strategy-10.2022.pdf
A summary is at
https://www.whitehouse.gov/briefing-room/speeches-remarks/2022/10/13/remarks-by-national-security-advisor-jake-sullivan-on-the-biden-harris-administrations-national-security-strategy/
------------------------------
Date: Fri, 21 Oct 2022 10:42:15 +0200
From: Christian Fuchs via iacap-announce <iacap-a...@iacap.org>
Subject: Book on Digital Ethics (Christian Fuchs)
Christian Fuchs. 2023/. //Digital Ethics. Media, Communication and
Society Volume Five//. /New York: Routledge. ISBN 9781032246161.
More infos and sample chapter:
https://fuchsc.uti.at/books/digital-ethics/
This fifth volume in Christian Fuchs, Media, Communication and Society
series, presents an approach to critical digital ethics. It develops
foundations and applications of digital ethics based on critical theory. It
applies a critical approach to ethics within the realm of digital
technology.
Based on the notions of alienation, communication (in)justice, media
(in)justice, and digital (in)justice, it analyses ethics in the context of
digital labour and the surveillance-industrial complex; social media
research ethics; privacy on Facebook; participation, co-operation, and
sustainability in the information society; the digital commons; the digital
public sphere; and digital democracy. The book consists of three arts. Part
I presents some of the philosophical foundations of critical, humanist
digital ethics. Part II applies these foundations to concrete digital ethics
case studies. Part III presents broad conclusions about how to advance the
digital commons, the digital public sphere, and digital democracy, which is
the ultimate goal of critical digital ethics. [...]
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.49
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.49>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Nuclear War Simulator Creator Says Public Must Know Potential Destruction
(Aristos Georgiou)
Climate Change Threatens Supercomputers (Jacklin Kwan)
The computer errors from outer space (bbc.com)
NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ... (danny burstein)
AI Language Models Show Bias Against People with Disabilities, Study Finds
(Penn State)
A new AI model can accurately predict human response to novel drug compounds
(phys.org)
We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Alternatives to Twitter (Lauren Weinstein)
A prudent approach to Musk and Twitter (Lauren Weinstein)
Twitter reportedly has a user retention problem (Lauren Weinstein)
TikTok and Facebook fail to detect election disinformation in the U.S.,
while YouTube succeeds (Global Witness)
Behind TikTok's Boom: A legion of traumatised, $10-a-day content moderators
(The Bureau Investigates)
ACM Highlights Underuse of Risk-Limiting Audits in Confirming Accuracy of
Election Results (ACM)
Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Internet Of Dangerous Things (Henry Baker)
In the ultimate Amazon smart home, each device collects your data (WashPost)
GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Cuban Defector Flies Stolen An-2 To Florida (AVweb)
How to miss potentially important Google Chat notifications (LW)
Police Are Using DNA to Generate 3D Images of Suspects They've Never Seen
(Vice)
Even After $100 Billion, Self-Driving Cars Are Going Nowhere (Bloomberg)
Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
Heat from fingertips can be used to crack passwords, researchers find
(Yahoo! News)
Zillow bug (Jan Woliltzky)
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
Google drops Chrome support for Windows 7 (Lauren Weinstein)
Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
(Car and Driver)
Planned cuts at Twitter likely to hurt content moderation, user security
(WashPost)
Devastating Report: Twitter may fire 75% of workers, gut content moderation
and decimate infrastructure (WashPost)
The vulnerability of transformers-based malware detectors to adversarial
attacks (techxplore.com)
Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware
(Bill Toulas)
How a Microsoft blunder opened millions of PCs to potent malware attacks
(Ars Technica)
Microsoft Office 365 email encryption could expose message content
(Bleeping Computer)
Google's "passkey" effort (Twitter)
How Your Shadow Credit Score Could Decide Whether You Get an Apartment
(ProPublica)
U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD)
The danger of advanced artificial intelligence controlling its own feedback
(techxplore.com)
Toyota exposed 300,000 customer email addresses for 5 years (Techcrunch)
Parler leaked email addresses for Ivanka Trump, other 'VIPs' in Kanye West
announcement (Mashable)
Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers
(Matthew Sparkes)
Deception Detection (RAND)
Re: AI-driven 'thermal attack' system reveals computer and smartphone
passwords in seconds (Steve Bacher)
Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked Bags
(Jan Wolitzky)
Re: Not a physical DDoS attack on the Australian Postal system (John Levine)
Re: Automatic emergency braking is not great at preventing crashes. at
normal speeds (Martin Ward)
Article about CHERI (Rik Farrow)
U.S. National Security Strategy report (The White House)
Book on Digital Ethics (Christian Fuchs)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 24 Oct 2022 11:59:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Nuclear War Simulator Creator Says Public Must Know Potential
Destruction (Aristos Georgiou)
Aristos Georgiou, *Newsweek*, 19 0ct 2022, via ACM TechNews, 24 Oct 2022
A computer scientist created a nuclear war simulator to demonstrate atomic
weapons' destructive potential to the public. Christopher Minson said
Russia's war in Ukraine has elevated traffic to his website, which hosts a
map tool for modeling an attack on the U.S. involving approximately 1,200
nuclear warheads. Minson based the tool on databases of warhead yields and
targets derived from declassified information; he then compiled a database
of census data, and mapped populations to target sites. Minson said the
system correlates this data and executes a two-hour attack, calculating
casualties from known impact and population size, and modeling the spread of
fallout. "It is critical that the public understands this threat," he said.
"They need to see, clearly and viscerally, just how universal and
destructive a nuclear war would be."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx23708fx072432&
------------------------------
Date: Wed, 12 Oct 2022 15:16:14 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Climate Change Threatens Supercomputers (Jacklin Kwan)
Jacklin Kwan, *Science*, 11 Oct 2022, via ACM TechNews, 12 Oct 2022
Climate change is jeopardizing the operation of high-performance computing
(HPC) facilities. Natalie Bates at the U.S. Department of Energy's Lawrence
Livermore National Laboratory (LLNL) said such facilities, which include
supercomputers and data centers, are vulnerable due to their high cooling
demands and massive energy use. Increased humidity driven by climate change
can reduce the efficiency of the evaporative coolers many HPC centers depend
on, and also can threaten the systems with blowouts. Hewlett Packard
Enterprise's Nicolas Dub=C8 said the high cost of upgrades to adapt to such
changes has driven some HPC centers to cooler and drier locations like
Canada and Finland. LLNL's Anna-Maria Bailey said the cost of relocation may
be unaffordable, so the California facility is considering moving its
computers underground.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f638x236c48x071990&
------------------------------
Date: Thu, 13 Oct 2022 00:26:49 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The computer errors from outer space (bbc.com)
https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors
"When computers go wrong, we tend to assume it's just some software hiccup,
a bit of bad programming. But ionising radiation, including rays of protons
blasted towards us by the sun, can also be the cause. These incidents,
called single-event upsets, are rare and it can be impossible to be sure
that cosmic rays were involved in a specific malfunction because they leave
no trace behind them."
As silicon features reduce to near atomic dimensions (approaching 1
nanometer == 10), these events are likely increase their frequency. The
biggest supercomputers contain very high-density physical memory pools.
Administrators and reliability engineers battle with row-level memory
failures constantly.
See https://catless.ncl.ac.uk/Risks/30/15#subj6.1. There are at least 10
prior comp.risks posts containing the term "cosmic ray."
------------------------------
Date: Sat, 15 Oct 2022 23:25:02 +0000 ()
From: danny burstein <dan...@panix.com>
Subject: NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ...
In NYC, the "911" calls come into a central "public safety answering
position" ("psap"). If the emergency required EMS or fire response, it's
transferred to the fire dep't center and then dispatched from there.
The FDNY dispatch and control system was crippled for half a day earlier
this week because...
... a contractor, thinking he was pushing an "open the door, Hal", button,
lifted the cover on a button labeled "EPO"...
Which stood for... "emergency power off".
Ok, everyone, start cringing... Including asking why, in addition to not
having a secondary "hot standby" system, it took *hours* to bring this back
up.
[NY Post]
Oops! FDNY contractor presses wrong button, shuts down NYC's emergency
dispatch system
An outside contractor making repairs at the FDNY's emergency dispatch
center in downtown Brooklyn pressed the wrong button to open a door -- and
shut down the agency's communications system, triggering an hours-long
citywide crisis.
Wednesday's snafu at the FDNY's MetroTech Center facility forced staffers
to rely on ancient methods - pens, paper and telephones rather than
digital systems -- to gather facts and get word to first responders as 911
calls came in, officials for unions representing the agency's dispatchers
and medics told The Post.
Delays responding to emergency calls ranged from a few minutes to more
than an hour, said Oren Barzilay, president of Local 2507, which
represents city EMTs and paramedics. [...]
The shutdown occurred around 11 a.m. when a repairman from communications
company Lightpath responded to a report of an earlier glitch at the data
center. [...]
The repairman mistook a glass-enclosed button, marked "EPO" for "emergency
power off," for an electronic door release button, so he opened the lid and
accidentally shut down the system, workers recalled. [...[
The agency's radio systems were down until 2:30 p.m., and mobile data
terminals out in the field weren't fully operational until 6 p.m., Smyth
and Barzilay said.
https://nypost.com/2022/10/15/fdny-contractor-presses-wrong-button-shuts-down-emergency-dispatch-system/
------------------------------
Date: Wed, 19 Oct 2022 12:21:15 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: AI Language Models Show Bias Against People with Disabilities,
Study Finds (Penn State)
Jessica Hallman, Penn State News, 13 Oct 2022, via ACM TechNews, 19 Oct 2022
Pennsylvania State University (Penn State) researchers found that natural
language processing models often are biased against people with
disabilities. The researchers studied 13 popular machine learning models
trained to generate sequences of words, and tested over 15,000 unique
sentences on each model to produce word associations for over 600 adjectives
that could be associated with individuals with or without disabilities. The
researchers assessed the sentiment of each adjective generated as positive,
negative, or neutral, finding that sentences with disability-related words
scored more negatively than sentences lacking them. Penn State's Pranav
Venkit said the work demonstrates "that people need to care about what sort
of models they are using and what the repercussions are that could affect
real people in their everyday lives."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f706x236eaex072403&
------------------------------
Date: Tue, 18 Oct 2022 12:39:57 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: A new AI model can accurately predict human response to novel drug
compounds (phys.org)
https://phys.org/news/2022-10-ai-accurately-human-response-drug.html
"The journey between identifying a potential therapeutic compound and Food
and Drug Administration approval of a new drug can take well over a decade
and cost upward of a billion dollars. A research team at the CUNY Graduate
Center has created an artificial intelligence model that could significantly
improve the accuracy and reduce the time and cost of the drug development
process."
The AI yields a number that supposedly determines the outcome from
swallowing a pill or undergoing IV infusion.
Reduce pharmaceutical company operating and R&D expenses for drug approval:
substitute machine decisions for double-blind random control trials and
other FDA-mandated processes. Regulatory processes safeguard public health
and safety.
[Heuristic, perhaps nondeterministic, no need for testing, expensive
controlled trials, long delays, and regulation, what could possibly go
wrong? PGN]
------------------------------
Date: Sun, 16 Oct 2022 12:32:40 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Zeynep Tufekci, The New York Times, 16 Oct 2022
We Should Try to Prevent Another Alex Jones
https://www.nytimes.com/2022/10/16/opinion/alex-jones-sandy-hook.html
PGN notes: Zeynep comments on her own article:
On the Alex Jones Verdict: The Very, Very Lucrative World of Lying
https://www.theinsight.org/p/on-the-alex-jones-verdict-the-very
My latest piece for *The New York Times* returns to a key question: how
should we grapple with the current historic transformation of the public
sphere? I focus on the Alex Jones trial and verdict, but my question is
about the future: what can we do, what should we do, to prevent future
cases?
I suggest that we take a closer look at money as an incentive, and also
focus on friction as an answer. [...] ZT
------------------------------
Date: Fri, 21 Oct 2022 15:42:41 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Alternatives to Twitter
Starting to see articles pushing for the creation of an alternative to
Twitter for people who aren't horrible. Not a new idea. Let's see if anyone
with money puts it where their mouths are. Not holding my breath. -L
------------------------------
Date: Sun, 23 Oct 2022 17:13:33 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: A prudent approach to Musk and Twitter
It would be prudent for @Twitter users *right now* to start planning how
they would deal with a return of mass hate speech and disinformation to
TWitter, and how they will hold @Twitter, @Apple, @Google and other related
ecosystem stakeholders responsible. -L
------------------------------
Date: Tue, 25 Oct 2022 15:05:08 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Twitter reportedly has a user retention problem
So apparently @Twitter has a problem with retaining "power users". Could
be. ProTip: Flooding Twitter with hate speech and disinformation a la Musk's
Twitter isn't likely to help those retention metrics at all. Quite the
opposite.
And creating a firestorm of negative media and regulator (e.g., EU)
attention by embracing hate speech and disinformation isn't gonna help the
business stuff either. All the oxygen will be sucked out of the room. -L
------------------------------
Date: Fri, 21 Oct 2022 10:36:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: TikTok and Facebook fail to detect election disinformation in the
U.S., while YouTube succeeds (Global Witness)
https://www.globalwitness.org/en/campaigns/digital-threats/tiktok-and-facebook-f
ail-detect-election-disinformation-us-while-youtube-succeeds/
------------------------------
Date: Sun, 23 Oct 2022 20:34:23 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Behind TikTok's Boom: A legion of traumatised, $10-a-day content
moderators (The Bureau Investigates)
https://www.thebureauinvestigates.com/stories/2022-10-20/behind-tiktoks-boom-a-legion-of-traumatised-10-a-day-content-moderators
------------------------------
Date: Fri, 14 Oct 2022 12:10:42 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: ACM Highlights Underuse of Risk-Limiting Audits in Confirming
Accuracy of Election Results
Association for Computing Machinery, 13 Oct 2022,
via ACM TechNews, October 14, 2022
Despite their efficiency in confirming the accuracy of election results,
risk-limiting audits (RLAs) are underused, according to a new TechBrief from
ACM's global Technology Policy Council. The authors found only five
U.S. states will require then in the upcoming November elections, while just
10 additional states either have RLA pilot programs or allow their
use. Meanwhile, Denmark is the only other country to have performed an RLA
of an election. "RLAs give us the best of both worlds: a high degree of
accuracy and transparency without the enormous undertaking that is counting
every contest on every ballot by hand," said TechBrief co-lead author
Matthew Bernhard.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f684x236d1fx072707&
[Risks? If you don't believe in science and technology, you most
likely won't believe in RLAs. See the CACM Inside Risks article:
Rebecca T. Mercuri and Peter G. Neumann,
The Risks of Election Believability (or Lack Thereof),
CACM June 2021:
http://www.csl.sri.com/neumann/cacm251.pdf
What can be done to get more people understanding science and tech?
PGN]
------------------------------
Date: Sat, 22 Oct 2022 21:12:52 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Emennet Pasargad, the Iranian cyberthreat actors behind an attempt to
disrupt the U.S. presidential election in 2020, remain active, warns
the FBI.
https://www.govinfosecurity.com/iran-hackers-behind-attempt-on-us-election-are-still-active-a-20310
www.govinfosecurity.com
------------------------------
Date: Thu, 20 Oct 2022 18:51:16 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Internet Of Dangerous Things -- IoDT
I recently stayed in a brand new hotel in the Bay Area, and it had a
*Bluetooth Mirror* in the bathroom.
For the life of me, I can't imagine what geek's bright idea this
Bluetooth-enabled mirror was, but it's right up there with 'smart rocks'
(wifi-enabled boulders???).
The *misuses* of this idea far exceed the *uses*, by many orders of
magnitude.
[NOT] Attached is a screenshot of my phone after pairing with this dumbest
of all ideas. The mirror apparently has the same SW as a BT boombox, so you
can call your phone on the throne? [Hone alone?]
Notice that I didn't allow this mirror to access my *contacts*, but if I
had, it would have downloaded all 2000+ of them, I presume.
I don't think that this mirror had a camera, but in today's world, I
wouldn't be too sure.
[I understand that some hotel rooms now come complete with either Amazon's
*Alexa* or Google's *OK Google*, so you're now under 24x7 surveillance.]
------------------------------
Date: Tue, 18 Oct 2022 17:20:18 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: In the ultimate Amazon smart home, each device collects your data
(WashPost)
Here's everything Amazon learns about your family, your home and you.
https://www.washingtonpost.com/technology/interactive/2022/amazon-smart-home
Toilet, garage, car, doorbell, Roomba, TV, lights/switches/shades, exercise
band, router, soap dispenser (!), medicines, pantry, Whole Foods, air
quality, thermostat, more.
------------------------------
Date: Fri, 21 Oct 2022 10:31:23 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Episode lasting almost 2 days prompted the closure of a runway at Dallas
airport.
The Federal Aviation Administration is investigating the cause of mysterious
GPS interference that, over the past few days, has closed one runway at the
Dallas-Fort Worth International Airport and prompted some aircraft in the
region to be rerouted to areas where signals were working properly.
The interference first came to light on Monday afternoon when the FAA issued
an advisory over ATIS (Automatic Terminal Information Service). It warned
flight personnel and air traffic controllers of GPS interference over a
40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory
read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF
DFW. [...]
https://arstechnica.com/information-technology/2022/10/cause-is-unknown-for-mysterious-gps-outage-that-rerouted-texas-air-traffic/
"This week's event appears similar to one that, according to GPSWorld,
played out in Denver last January. In the January episode, aircraft in a
50-nautical-mile swath of airspace around the airport reported unreliable
GPS for more than 33 hours."
https://www.gpsworld.com/what-happened-to-gps-in-denver/
------------------------------
Date: Mon, 24 Oct 2022 14:49:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Cuban Defector Flies Stolen An-2 To Florida (AVweb)
A Cuban pilot defected to Florida on Friday but there won't be much
intelligence to be gleaned from the government aircraft he stole. The pilot,
identified by a Spanish publication as Ruben Martinez, flew an ancient
Antonov An-2 single-engine biplane at wavetop level before landing at
Dade-Collier Training and Transition Airport in the Everglades.
The TSA and Customs and Border Protection are, of course, interested in how
the school-bus sized relic of the Soviet era was able to sneak through one
of the most surveilled coastlines in the country.
https://www.avweb.com/aviation-news/cuban-defector-flies-stolen-an-2-to-florida/
------------------------------
Date: Thu, 20 Oct 2022 12:46:56 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: How to miss potentially important Google Chat notifications
There appears to be a significant flaw in the Google Chat notification model
that can easily cause desktop users to be unaware of important chat replies
for hours, days -- or indefinitely. It happened to me.
These notification issues may relate to the hangouts->chat migration. On
(linux) desktops, there's no longer a native official Google Chat app, so if
Chrome isn't running there are apparently no related desktop notifications.
The desktop notification that Chrome throws when running (even when not
showing Gmail) is momentary, if you're not around at the moment it pops you
won't see or hear it.
------------------------------
Date: Thu, 13 Oct 2022 11:55:30 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Police Are Using DNA to Generate 3D Images of Suspects They've
Never Seen (Vice)
Releasing one of these Parabon images to the public like the Edmonton Police
did recently, is dangerous and irresponsible, especially when that image
implicates a Black person and an immigrant.
On Tuesday, the Edmonton Police Service (EPS) shared a computer generated
image of a suspect
<https://www.edmontonpolice.ca/News/MediaReleases/DNAPhenotypeOct4> they
created with DNA phenotyping, which it used for the first time in hopes of
identifying a suspect from a 2019 sexual assault case. Using DNA evidence
from the case, a company called Parabon NanoLabs created the image of a
young Black man. The composite image did not factor in the suspect's age,
BMI, or environmental factors, such as facial hair, tattoos, and scars. The
EPS then released this image to the public, both on its website and on
social media platforms including its Twitter, claiming it to be ``a last
resort after all investigative avenues have been exhausted.'' The EPS's
decision to produce and share this image is extremely harmful, according to
privacy experts, raising questions about the racial biases in DNA
phenotyping for forensic investigations and the privacy violations of DNA
databases that investigators are able to search through.
In response to the EPS's tweet of the image, many privacy and criminal
justice experts replied with indignation at the irresponsibility of the
police department. Callie Schroeder, the Global Privacy Counsel at the
Electronic Privacy Information Center, retweeted the tweet, questioning the
usefulness of the image: ``Even if it is a new piece of information, what
are you going to do with this? Question every approximately 5'4" black man
you see? ...that is not a suggestion, absolutely do not do that.'' [...]
https://www.vice.com/en/article/pkgma8/police-are-using-dna-to-generate-3d-images-of-suspects-theyve-never-seen
------------------------------
Date: Thu, 13 Oct 2022 00:23:25 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Even After $100 Billion, Self-Driving Cars Are Going Nowhere
(Bloomberg)
They were supposed to be the future. But prominent detractors -- including
Anthony Levandowski, who pioneered the industry -- are getting louder as the
losses get bigger.
https://www.bloomberg.com/news/features/2022-10-06/even-after-100-billion-self-driving-cars-are-going-nowhere
------------------------------
Date: Tue, 25 Oct 2022 13:46:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
Eleven people were killed in U.S. crashes involving vehicles that were using
automated driving systems during a four-month period earlier this year,
according to newly released government data, part of an alarming pattern of
incidents linked to the technology.
https://www.autosafety.org/11-more-crash-deaths-are-linked-to-automated-tech-vehicles
11 people in four months? Out of how many total killed on roads in that
time?
More meaningful would be deaths/miles driven with and without automated
technologies.
------------------------------
Date: Sat, 22 Oct 2022 10:15:48 +0900
From: David Farber <far...@keio.jp>
Subject: High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
https://www.wired.com/story/high-tech-cars-killing-the-traditional-auto-repair-shop/
[PGN Note: This reminds me of the wonderful old Alex Guiness film:
The Man in The White Suit, 1951
Sidney ("Sid") Stratton, a brilliant young research chemist and former
Cambridge scholarship recipient, has been dismissed from jobs at several
textile mills in the north of England because of his demands for expensive
facilities and his obsession with inventing an everlasting fibre. Whilst
working as a labourer at the Birnley Mills, he accidentally becomes an
unpaid researcher and invents an incredibly strong fibre which repels dirt
and never wears out. From this fabric, a suit is made-which is brilliant
white because it cannot absorb dye and slightly luminous because it
includes radioactive elements.
Stratton is lauded as a genius until both management and the trade unions
realise the consequence of his invention; once consumers have purchased
enough cloth, demand will drop precipitously and put the textile industry
out of business. The managers try to trick and bribe Stratton into signing
away the rights to his invention but he refuses. Managers and workers each
try to shut him away, but he escapes. Wikipedia]
[Perhaps fortunately for the mechanics, self-driving cars are still a
long way from trustworthy. The diagnostic tools are good enough that
they can quickly identify which chip to replace, the tools are
presumably proprietary so it is more difficult for you to do your own
maintenance, and mechanics can probably charge you large rates for
maintenance even though it becomes trivial to change the part.
Furthermore, there still seems to be business for mechanics and body
shops (legal or otherwise), from accidents. Also, in that California's
Governor Newsom has made it illegal in California to buy a
stolen/stripped catalyic convertor, that has apparently not stopped the
thieves and the blackmarket for precious metals. PGN]
------------------------------
Date: Thu, 13 Oct 2022 11:51:37 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Heat from fingertips can be used to crack passwords, researchers
find (Yahoo! News)
Heat-detecting cameras can help crack passwords up to a minute after typing
them, researchers have found, as they warn similar systems could be
developed by criminals to break into computers and smartphones.
Heat from people's fingertips can be detected on recently-used keyboards
and, when thermal images were combined with the help of artificial
intelligence, informed guesses of what the password could be were made by a
tool developed by researchers at the University of Glasgow.
Some 86% of passwords were cracked when thermal images were taken within 20
seconds of typing in the secret code and put through their ThermoSecure
system, and 76% when within 30 seconds. Success dropped to 62% after 60
seconds of entry.
They also found within 20 seconds, the system was capable of successfully
attacking even long passwords of 16 characters, with a rate of up to 67%
correct attempts.
It's important that computer security research keeps pace with these
developments to find new ways to mitigate risk, and we will continue to
develop our technology to try to stay one step ahead of attackers. [...]
https://news.yahoo.com/heat-fingertips-used-crack-passwords-102357016.html
------------------------------
Date: Wed, 19 Oct 2022 08:56:47 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Zillow bug
Q: What's wrong with these Cambridge, MA, listings?
https://www.zillow.com/homedetails/21-Day-St-Cambridge-MA-02140/2061016351_zpid/
https://www.zillow.com/homedetails/3-Jarvis-St-Cambridge-MA-02138/2061087683_zpid/
https://www.zillow.com/homedetails/6607-Bellis-Ct-Cambridge-MA-02140/2061083868_zpid/
https://www.zillow.com/homedetails/56-Scott-St-Cambridge-MA-02138/2061087954_zpid/
https://www.zillow.com/homedetails/14-Alpine-St-Cambridge-MA-02138/2061083680_zp
id/
A: They're all really in Cambridge ON (Ontario), Canada. (In some cases,
the street names are a bit off. Usually, "street" instead of "road", but
"Bellis" is actually "Ellis".)
I don't know what's gotten into Zillow, but they seem to have a problem!
------------------------------
Date: Thu, 13 Oct 2022 12:04:38 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
The attacks showcase broader security concerns as phishing grows in volume
and sophistication, especially given that Windows Defender's Safe Links
feature for identifying malicious links in emails completely failed in the
campaign.
https://www.darkreading.com/attacks-breaches/real-estate-phish-1000s-credentials-escalating-cyber-risk
------------------------------
Date: Tue, 25 Oct 2022 12:34:07 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google drops Chrome support for Windows 7
So @googlechrome is apparently dropping updates for Windows 7 early next
year. From a purely logical standpoint for @Google this makes complete and
utter sense. However, given the VERY high number of people still using
Windows 7 for important applications, there's a real risk. -L
------------------------------
Date: Thu, 20 Oct 2022 16:33:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
https://www.caranddriver.com/news/a41710516/driver-safety-abuse-semi-autonomous-technology-insurance-institute/
[But not if they have been reading RISKS? PGN]
------------------------------
Date: Thu, 20 Oct 2022 19:38:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Planned cuts at Twitter likely to hurt content moderation, user
security (WashPost)
Previously unreported details shed new light on Twitter's motivations for
selling the company -- and Elon Musk's plans to transform it.
Twitter's workforce is likely to be hit with massive cuts in the coming
months, no matter who owns the company, interviews and documents obtained by
*The Washington Post* show, a change likely to have major impact on its
ability to control harmful content and prevent data security crises.
Elon Musk told prospective investors in his deal to buy the company that he
planned to get rid of nearly 75 percent of Twitter's 7,500 workers,
whittling the company down to a skeleton staff of just over 2,000.
------------------------------
Date: Thu, 20 Oct 2022 14:57:22 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Devastating Report: Twitter may fire 75% of workers, gut content
moderation and decimate infrastructure (WashPost)
https://www.washingtonpost.com/technology/2022/10/20/musk-twitter-acquisition-staff-cuts/
------------------------------
Date: Wed, 19 Oct 2022 00:25:20 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The vulnerability of transformers-based malware detectors to
adversarial attacks (techxplore.com)
https://techxplore.com/news/2022-10-vulnerability-transformers-based-malware-detectors-adversarial.html
Malware detection techniques are challenged by hackers, APTs, etc. who
adjust payload signatures that avoid detection. The arms race continues.
------------------------------
Date: Mon, 24 Oct 2022 11:59:06 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Thousands of GitHub Repositories Deliver Fake PoC Exploits
with Malware (Bill Toulas)
Bill Toulas, *BleepingComputer*, 23 Oct 2022,
via ACM TechNews, 24 Oct 2022
Researchers at the Leiden Institute of Advanced Computer Science in the
Netherlands discovered thousands of GitHub repositories offering fake
proof-of-concept (PoC) exploits for various vulnerabilities, including
malware. The researchers analyzed slightly more than 47,300 repositories
promoting exploits for vulnerabilities disclosed between 2017 and 2021 using
Internet Protocol (IP) address analysis, binary analysis, and hexadecimal
and Base64 analysis. Over 2,800 of 150,734 unique IPs extracted matched
blocklist entries, 1,522 were labeled malicious in antivirus scans on Virus
Total, and 1,069 of them were in the AbuseIPDB database. The researchers
designated 4,893 of 47,313 tested repositories malicious, with most focusing
on vulnerabilities from 2020. The researchers advised software testers to
thoroughly vet the PoCs they download, and to run as many checks as possible
before execution.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx237093x072432&
------------------------------
Date: Tue, 18 Oct 2022 01:20:05 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How a Microsoft blunder opened millions of PCs to potent malware
attacks (Ars Technica)
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#windows-security-app
------------------------------
Date: Fri, 14 Oct 2022 10:39:13 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Microsoft Office 365 email encryption could expose message content
(Bleeping Computer)
Doing encryption well ain't easy. -L
https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryp
tion-could-expose-message-content/
------------------------------
Date: Sat, 15 Oct 2022 09:52:42 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Google's "passkey" effort
https://twitter.com/laurenweinstein/status/1581325271810027523
I have long advocated for FIDO U2F security keys as the preferred multiple
factor authentication model, and have suggested explicitly that "passwords
must die". So it's natural that I'm being asked about the @google "passkey"
initiative.
There are multiple aspects to this. An obvious one is how rapidly sites will
implement this method. Given the glacial speed with which many financial
institutions have implemented crude 2-factor like text messaging and have
delayed U2F key implementations, I am not optimistic.
Of even more concern is the sense that the methodology of passkeys will
appeal mainly to the tech-savvy, and will be understandably resisted by many
everyday users, who will find the model overly complex and difficult to
trust for that reason.
This presents a familiar dilemma: persons who already are careful with their
authentication security will benefit but the users most in need of improved
security and who are most vulnerable largely will not -- especially if they
don't use multiple devices and 24/7 smartphones.
The upshot isn't that passkeys won't have a place -- they will -- but that I
suspect they will not be accepted by a significant proportion of sites and
users, keeping in mind that many people even refuse to use ordinary
autofill, especially for passwords or payment methods.
I have pointed out this problem with @google outreach to users many times
over the years, and again, while there have been some improvements, many
users are still being left behind, and that's very unfortunate indeed.
------------------------------
Date: Sun, 16 Oct 2022 22:27:03 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How Your Shadow Credit Score Could Decide Whether You Get an
Apartment (ProPublica)
Fuller learned her rental application had been screened by RentGrow, one of
more than a dozen companies that mine consumer databases to perform
background checks on tenants. A form emailed to her said RentGrow determined
she didn't meet applicant screening requirements, highlighting in yellow the
box labeled *credit history*.
The letter provided no further explanation. A RentGrow representative,
through an executive at its parent company, declined to comment. Habitat
America declined to respond to questions about Fuller's application from
ProPublica, citing privacy concerns.
You don't know why you got denied or if you were ever considered. It's
really murky out there.
------------------------------
Date: Thu, 13 Oct 2022 23:53:32 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD)
The toughest export restrictions yet cut off AI hardware and chip-making
tools crucial to China's commercial and military ambitions.
https://www.wired.com/story/us-chip-sanctions-kneecap-chinas-tech-industry
------------------------------
Date: Tue, 25 Oct 2022 06:41:49 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: The danger of advanced artificial intelligence controlling its own
feedback (techxplore.com)
https://techxplore.com/news/2022-10-danger-advanced-artificial-intelligence-feed
back.html
"What we now call the reinforcement learning problem was first considered in
1933 by the pathologist William Thompson. He wondered: if I have two
untested treatments and a population of patients, how should I assign
treatments in succession to cure the most patients?
"More generally, the reinforcement learning problem is about how to plan
your actions to best accrue rewards over the long term. The hitch is that,
to begin with, you're not sure how your actions affect rewards, but over
time you can observe the dependence. For Thompson, an action was the
selection of a treatment, and a reward corresponded to a patient being
cured."
Without human oversight, a generalized superintelligence might be a "no
brainer" waiting to happen. Good script kiddie experiment.
------------------------------
Date: Wed, 12 Oct 2022 14:17:30 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Toyota exposed 300,000 customer email addresses for 5 years
(Techcrunch)
https://techcrunch.com/2022/10/12/toyota-customer-email-addresses-exposed/
------------------------------
Date: Tue, 18 Oct 2022 21:13:10 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Parler leaked email addresses for Ivanka Trump, other 'VIPs' in
Kanye West announcement (Mashable)
https://mashable.com/article/parler-leaks-vip-emails-kanye-west-ivanka-trump
------------------------------
Date: Mon, 17 Oct 2022 11:55:31 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers
(Matthew Sparkes)
Matthew Sparkes, *New Scientist*, 13 Oct 2022, via ACM TechNews, 17 Oct 2022
Jakob Moosbauer and Manuel Kauers at Austria's Johannes Kepler University
Linz bested an algorithm developed by artificial intelligence company
DeepMind with a program that can perform matrix multiplication more
efficiently. Earlier this month, DeepMind unveiled a method for multiplying
two five-by-five matrices in just 96 multiplications, out-performing a
more-than-50-year-old record. Moosbauer and Kauers reduced the process to 95
multiplications by testing multiple steps in multiplication algorithms to
see if they could be combined. Said Moosbauer, "We take an existing
algorithm and apply a sequence of transformations that at some point can
lead to an improvement. Our technique works for any known algorithm, and if
we are lucky, then [the results] need one multiplication less than before."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f6b4x236dbax072760&
------------------------------
Date: Thu, 20 Oct 2022 16:31:43 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Deception Detection (RAND)
A group of RAND Corporation researchers found that machine-learning (ML)
models can identify signs of deception during national security background
check interviews. The most accurate approach for detecting deception is an
ML model that counts the number of times that interviewees use common words.
https://www.rand.org/pubs/research_briefs/RBA873-1.html
[The? Er? Um? You-know? Well? PGN]
------------------------------
Date: Thu, 13 Oct 2022 15:28:45 -0700
From: Steve Bacher <seb...@verizon.net>
Subject: Re: AI-driven 'thermal attack' system reveals computer and
smartphone passwords in seconds (Techxplore)
This suggests to me that a good strategy to confound the thermal detectors
would be to use repeated characters in passwords. I doubt that the thermal
detection would be able to tell how many times a key was pressed, rather
than just the recency of a given key press. That would go against the common
assumption that repeated characters in passwords are a Bad Thing.
------------------------------
Date: Wed, 12 Oct 2022 17:49:13 -0400
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked
Bags (RISKS-33.48)
Never mind!
The airline reversed itself Wednesday, saying it had consulted with German
aviation authorities, who agreed that Bluetooth trackers were safe for
passengers to use.
https://www.nytimes.com/2022/10/12/travel/lufthansa-apple-airtags-luggage.html
------------------------------
Date: 12 Oct 2022 18:10:15 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: Not a physical DDoS attack on the Australian Postal system
(Auspost)
If you read the reasons they give, I wouldn't call it a DoS attack but
rather yet another fragile supply chain. COVID caused a lot of mail that
would have normally been sent by air to be sent by sea, and it appears that
the places they inspect airmail are not the ones where they inspect sea
mail, what with airports and seaports being different.
It's like the Great Toilet Paper Shortage which turned out not to be that
there wasn't enough, but that there are different kinds for homes and
institutions. When everyone started staying home, it was not easy to
repackage and redirect the institutional kind for home use.
------------------------------
Date: Thu, 13 Oct 2022 10:41:00 +0100
From: Martin Ward <mar...@gkc.org.uk>
Subject: Re: Automatic emergency braking is not great at preventing crashes.
at normal speeds (RISKS-33.48)
Naturally, I would like more research into why so many cars are crashing
into the chicane (a large, clearly marked, immobile structure): but this is
not necessarily a bad thing. Crashing into a chicane is better than mowing
down a child. The chicane is, presumably, better signposted and more visible
than any small child, so any driver who crashed into the chicane is
presumably a risk to children, not just in the road but also on the
pavement: since the chicane hitter obviously has difficulty in keeping to
the road! Perhaps it is just as well that they are taken out of action
before they can do more serious harm?
------------------------------
Date: Thu, 13 Oct 2022 14:06:52 -0700
From: Rik Farrow <r...@rikfarrow.com>
Subject: Article about CHERI
I have long been interested in technology that might make computers more
secure, and have been watching one such project for over a decade. CHERI, a
combined software and hardware project, has now reached the
implemented-in-silicon stage: https://www.arm.com/architecture/cpu/morello.
I have written an article explaining the thinking behind CHERI and how
Microsoft engineers using CHERI believe that they can eliminate as much two
thirds of vulnerabilities in software that uses C or C++:
https://www.usenix.org/publications/loginonline/redesigning-hardware-support-sec
urity-cheri
CHERI provides hardware support for limiting the range of pointers as well
as support for mechanisms to prevent use-after-free bugs. CHERI provides
scalable compartmentalization, meaning that operating systems themselves can
be partitioned on memory boundaries without the performance expense of
changing context or flushing page caches. Overall, CHERI is a project that
may prove to be the most significant change in architecture in decades.
[Rik Farrow is the Editor of ;login: PGN]
------------------------------
Date: Thu, 13 Oct 2022 10:22:43 PDT
From: Peter Neumann <neu...@csl.sri.com>
Subject: U.S. National Security Strategy report
The White House has released its National Security Strategy report,
The full report is at
https://www.whitehouse.gov/wp-content/uploads/2022/10/Biden-Harris-Administrations-National-Security-Strategy-10.2022.pdf
A summary is at
https://www.whitehouse.gov/briefing-room/speeches-remarks/2022/10/13/remarks-by-national-security-advisor-jake-sullivan-on-the-biden-harris-administrations-national-security-strategy/
------------------------------
Date: Fri, 21 Oct 2022 10:42:15 +0200
From: Christian Fuchs via iacap-announce <iacap-a...@iacap.org>
Subject: Book on Digital Ethics (Christian Fuchs)
Christian Fuchs. 2023/. //Digital Ethics. Media, Communication and
Society Volume Five//. /New York: Routledge. ISBN 9781032246161.
More infos and sample chapter:
https://fuchsc.uti.at/books/digital-ethics/
This fifth volume in Christian Fuchs, Media, Communication and Society
series, presents an approach to critical digital ethics. It develops
foundations and applications of digital ethics based on critical theory. It
applies a critical approach to ethics within the realm of digital
technology.
Based on the notions of alienation, communication (in)justice, media
(in)justice, and digital (in)justice, it analyses ethics in the context of
digital labour and the surveillance-industrial complex; social media
research ethics; privacy on Facebook; participation, co-operation, and
sustainability in the information society; the digital commons; the digital
public sphere; and digital democracy. The book consists of three arts. Part
I presents some of the philosophical foundations of critical, humanist
digital ethics. Part II applies these foundations to concrete digital ethics
case studies. Part III presents broad conclusions about how to advance the
digital commons, the digital public sphere, and digital democracy, which is
the ultimate goal of critical digital ethics. [...]
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.49
************************
0 new messages