Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.17 RISKS-LIST: Risks-Forum Digest Saturday 1 August 2020 Volume 32 : Issue 17 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: Florida Teen Arrested in Twitter Hack (The New York Times) How self-driving cars can alter consumer morality (JCR) PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget) Data isn't just being collected from your phone. It's being used to score you. (WashPost) Google accused by developer of retaliation for cooperating with House antitrust investigation (WashPost) Twitter hackers used "phone spear phishing" in mass account takeover (Ars Technica) MRI study reveals all mammals, including humans, share equal brain connectivity (StudyFinds) Global methane emissions soar to record high (Stanford) A concert is being held to learn how COVID-19 spreads at large events. Here's how? (Miami Herald) The "Cubic Model" (Martin Ward) Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades (Amos Shapir) Re: Let a thousand poppies bloom, thanks to cheap solar power (Scott Dorsey) Re: When tax prep is free, you may be paying with your privacy (Scott Dorsey) Re: Darwin's tautology? (Amos Shapir) Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (Al Stangenberger, John Levine) Photo Deposit (xkcd) Quote of The Day (Thomas Sowell) Quote of The Day (Sven Henrich) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 31 Jul 2020 18:09:47 -0400 From: Gabe Goldberg Subject: Florida Teen Arrested in Twitter Hack (The New York Times) The authorities arrested a 17-year-old who they said ran a scheme that targeted the accounts of celebrities, including former President Barack Obama and Elon Musk. Two others were also charged. OAKLAND, Calif. The authorities said on Friday that a Florida teenager was the *mastermind* of a recent high-profile hack of 130 Twitter accounts, including the accounts of celebrities like former Vice President Joseph R. Biden Jr. and the Silicon Valley mogul Elon Musk. Graham Ivan Clark, 17, was arrested in his Tampa home early Friday, state officials said. He is believed to be the linchpin of a hack that turned into an embarrassment for Twitter and called into question the security measures of a range of tech companies. Two other people were also charged with taking part in the hack. [...] The hackers tweeted from 45 of the accounts, gained access to the direct messages of 36 accounts, and downloaded full information from seven accounts. They gained access to internal Twitter systems by stealing login information from employees, then used their access to reset passwords on the accounts. https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html Where to start? Employees losing internal system credentials, Twitter not validating login location or requiring VPN, and people responding to tweets offering to double their bitcoins. Comments are interesting -- half condemning the kid, half praising him and suggesting he work as IT/security consultant. ------------------------------ Date: Fri, 31 Jul 2020 12:35:54 -0400 From: George Mannes Subject: How self-driving cars can alter consumer morality (JCR) A paper by Tripat Gill in the August 2020 issue of *Journal of Consumer Research* addresses how people in an autonomous vehicle might resolve the dilemma of harm to themselves vs. harm to a pedestrian. From the abstract: ...participants considered harm to a pedestrian more permissible with an AV as compared to self as the decision agent in a regular car. This shift in moral judgments was driven by the attribution of responsibility to the AV and was observed for both severe and moderate harm.... However, the effect was attenuated when five pedestrians or a child could be harmed. These findings suggest that AVs can change prevailing moral norms.... https://doi.org/10.1093/jcr/ucaa018 Note to self: When the glorious age of self-driving cars arrives, be sure to walk around in large groups...or dress in a onesie. Maybe then the "driver" will grab the wheel. ------------------------------ Date: Fri, 31 Jul 2020 12:58:51 -0400 From: Monty Solomon Subject: PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget) CVS pharmacies will soon let you do touch-free payments using your PayPal or Venmo accounts by using PayPal's QR code payment system, PayPal has announced. The system will let shoppers ``securely pay for their items without needing to touch a keypad or sign a receipt,'' according to PayPal. PayPal supports various means of payment, including stored debit or credit cards, bank accounts, a PayPal balance or a PayPal credit. On Venmo (which is owned by PayPal), ``customers can pay using their stored debit or credit cards, bank account, Venmo balance or Venmo rewards'' without any user fees, according to PayPal. [...] https://www.engadget.com/pay-pal-and-venmo-payments-are-coming-to-cvs-pharmacies-124500145.html ------------------------------ Date: Sat, 1 Aug 2020 02:04:14 -0400 From: Monty Solomon Subject: Data isn't just being collected from your phone. It's being used to score you. (WashPost) It's called surveillance scoring. And everybody's doing it. https://www.washingtonpost.com/opinions/2020/07/31/data-isnt-just-being-collected-your-phone-its-being-used-score-you/ ------------------------------ Date: Sat, 1 Aug 2020 02:08:35 -0400 From: Monty Solomon Subject: Google accused by developer of retaliation for cooperating with House antitrust investigation (WashPost) Blix, Inc., the maker of an email app, has been on Google's Play Store for six years. On Friday, just two days after a Capitol Hill hearing on antitrust issues, Google kicked the app off the store. Blix says it's because the company cooperated with lawmakers. https://www.washingtonpost.com/technology/2020/07/31/google-accused-antitrust-retaliation/ ------------------------------ Date: Fri, 31 Jul 2020 10:26:34 -0400 From: Monty Solomon Subject: Twitter hackers used "phone spear phishing" in mass account takeover (Ars Technica) The hackers behind this month's epic Twitter breach targeted a small number of employees through a *phone spear phishing attack*, the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools. [...] https://arstechnica.com/information-technology/2020/07/twitter-hackers-used-phone-spear-phishing-in-mass-account-takeover/ ------------------------------ Date: Sat, 1 Aug 2020 01:14:00 -1000 From: geoff goodfellow Subject: MRI study reveals all mammals, including humans, share equal brain connectivity (StudyFinds) Mankind's collective ego may be about to take a big hit. Humans have always reigned supreme on planet Earth when it comes to intelligence. Indeed, it's our intellect and capacity for critical thinking that primarily separates us from the rest of this planet's inhabitants. That's why the findings of a new study are so surprising. Researchers from Tel Aviv University, after examining and comparing brain connectivity across 130 different mammalian species (including humans), conclude that brain connectivity is equal among *all* mammals. These findings, reached via MRI brain scans, oppose long-standing beliefs and assumptions among medical and scientific professionals . ``We discovered that brain connectivity -- namely the efficiency of information transfer through the neural network -- does not depend on either the size or structure of any specific brain,'' says Professor Yaniv Assaf, of the School of Neurobiology, Biochemistry and Biophysics, in a release. In other words, the brains of all mammals, from tiny mice through humans to large bulls and dolphins, exhibit equal connectivity, and information travels with the same efficiency within them. We also found that the brain preserves this balance via a special compensation mechanism: when connectivity between the hemispheres is high, connectivity within each hemisphere is relatively low, and vice versa.'' Brain connectivity compared via MRI scans. [...] https://www.studyfinds.org/mri-study-reveals-all-mammals-including-humans-share-equal-brain-connectivity/ ------------------------------ Date: Sat, 1 Aug 2020 01:13:00 -1000 From: geoff goodfellow Subject: Global methane emissions soar to record high (Stanford) *The pandemic has tugged carbon emissions down, temporarily. But levels of the powerful heat-trapping gas methane continue to climb, dragging the world further away from a path that skirts the worst effects of global warming.* Global emissions of methane have reached the highest levels on record. Increases are being driven primarily by growth of emissions from coal mining, oil and natural gas production, cattle and sheep ranching, and landfills. Between 2000 and 2017, levels of the potent greenhouse gas barreled up toward pathways that climate models suggest will lead to 3-4 degrees Celsius of warming before the end of this century. This is a dangerous temperature threshold at which scientists warn that natural disasters, including wildfires, droughts and floods, and social disruptions such as famines and mass migrations become almost commonplace. The findings are outlined in two papers published July 14 in *Earth System Science Data* and *Environmental Research Letters* by researchers with the Global Carbon Project , an initiative led by Stanford University scientist Rob Jackson . In 2017, the last year when complete global methane data are available, Earth's atmosphere absorbed nearly 600 million tons of the colorless, odorless gas that is 28 times more powerful than carbon dioxide at trapping heat over a 100-year span. More than half of all methane emissions now come from human activities. Annual methane emissions are up 9 percent, or 50 million tons per year, from the early 2000s, when methane concentrations in the atmosphere were relatively stable. In terms of warming potential, adding this much extra methane to the atmosphere since 2000 is akin to putting 350 million more cars on the world's roads or doubling the total emissions of Germany or France. ``We still haven't turned the corner on methane,'' said Jackson, a professor of Earth system science in Stanford's School of Earth, Energy & Environmental Sciences (Stanford Earth). *Growing sources of methane*. [...] https://earth.stanford.edu/news/global-methane-emissions-soar-record-high ------------------------------ Date: Sat, 1 Aug 2020 01:12:00 -1000 From: geoff goodfellow Subject: A concert is being held to learn how COVID-19 spreads at large events. Here's how? (Miami Herald) One of the worst activities you can do in the middle of a pandemic is attend a large gathering with thousands of attendees -- but researchers in Germany want people to do just that. It's not for recreation: The goal is to examine just how dangerous those events really are, especially as parts of the world prepare to return to normalcy. For a project called *RESTART-19*, scientists with the University Medical Center Halle (Saale) plan on throwing a concert with 4,000 fans and a German music artist in an indoor arena to simulate how people move, gather and spread potentially coronavirus-infected germs. But there's a catch: participants must test negative for SARS-CoV-2, the virus driving the pandemic, and wear a mask at all times aside from snack and outdoor breaks, according to their website. The team says data on how respiratory diseases spread in large events is ``sparse overall and practically nonexistent for COVID-19,'' so they want to fill in the gaps. ``The corona pandemic paralyzes the event industry. As long as there is a risk of contagion, no major concerts and trade fairs or sports events are allowed to take place.'' Dr. Armin Willingmann, minister of economics for the German state of Saxony-Anhalt and a science professor, said in a news release. ``That is why it is so important to find out which technical or organizational framework can effectively minimize the risk of infection.'' [...] https://www.miamiherald.com/news/coronavirus/article244375897.html ------------------------------ Date: Fri, 31 Jul 2020 13:18:08 +0100 From: Martin Ward Subject: The "Cubic Model" Do you remember the Trump administration's "cubic model" of coronavirus deaths? On 4th May a Washington Post report said "people with knowledge of that model say it shows deaths dropping precipitously in May -- and essentially going to zero by May 15". The "model" turned out to be a stock Excel function, which fits a cubic polynomial to the data (hence the name "cubic model"). With the data at the time, the best fitting cubic model has a negative coefficient for x^3: meaning that the model will show deaths rapidly dropping the zero. (Note that you have to avoid plotting the model *beyond* that date since the number of deaths then rapidly goes negative as the model predicts a huge Zombie Apocalypse, or something!) But now look at today's figures, e.g., here: https://ourworldindata.org/grapher/daily-covid-deaths-per-million-7-day-average or here (scroll down for graphs): https://www.worldometers.info/coronavirus/country/us/ I haven't run the model, but I am pretty sure that the uptick in deaths over the last month or so means that the best fit cubic will now have a *positive* x^3 coefficient: meaning that the model will predict deaths rapidly rising with a quadratically increasing slope. I would be interested to know the exact date when the cubic model predicts the death of the last remaining person in the USA. I wonder if the Trump administration is still using their "cubic model"? ------------------------------ Date: Sat, 1 Aug 2020 12:22:24 +0300 From: Amos Shapir Subject: Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades (RISKS-32.16) This prediction sounds like those made during the 1890's, predicting precisely when civilization is going to collapse because of excess accumulation of horses dung on the streets... It's rather easy to extrapolate current trends, but it's obvious that in matters of human welfare and survival, it's safe to assume that people are going to intervene to change such trends. I suspect however that a prediction of collapse within a 100 years might delay intervention to no earlier than 90 years later. ------------------------------ Date: 31 Jul 2020 14:43:37 -0000 From: kludge@panix.com (Scott Dorsey) Subject: Re: Let a thousand poppies bloom, thanks to cheap solar power (Baker, RISKS-32.16) > BTW, a similar-sized solar system installed at my home in California would > cost $40,000 instead of $4,000 (including the Taliban tax). Perhaps I > need to bring over some Afghan solar installers to the U.S.? Perhaps this is because the writers of the original article appear to have confused amps and watts. A 1.50-meter solar panel is apt to be 150 watts, not 150 amps. ------------------------------ Date: 31 Jul 2020 14:43:37 -0000 From: kludge@panix.com (Scott Dorsey) Subject: Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11) I don't get this. The IRS guarantees anyone can file their taxes for free on paper. I don't know anyone who has ever paid a fee to the IRS for submitting their taxes... only people who have paid a fee to the IRS because they did not submit them. You fill out the forms, you put them in the mail, it costs maybe a dollar in stamps. I do not understand why people are willing to pay any money to do it online when doing it by hand is simple and cheap unless you have a lot of income or very complex deductions. ------------------------------ Date: Sat, 1 Aug 2020 13:23:08 +0300 From: Amos Shapir Subject: Re: Darwin's tautology? (Ward, Risks 32.16) Tautology is a term in logic defined as a statement which is true unconditionally, determined just by its formulation, e.g., "A or not A". Thus when a statement is a tautology, its truthfulness requires no proof. A statement cannot "become a tautology" by a proof. > The statement "God exists" is (with a suitably precise definition of > "God") a meaningful statement. Let's not step into this quagmire, which stems mainly from the fact that what constitutes a "suitably precise" definition of God depends a lot on whether the person making the definition believes in God or not. ------------------------------ Date: Thu, 30 Jul 2020 22:51:25 -0700 From: Al Stangenberger Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (RISKS-32.15) All Berkeley dissertations are now filed electronically as PDF's. https://grad.berkeley.edu/academic-progress/dissertation/#formatting-your-manuscript ------------------------------ Date: 31 Jul 2020 16:03:59 -0400 From: "John Levine" Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (RISKS-32.15) I think it was required at Harvard. The story says the issue was that Ritchie wasn't willing to pay to have a copy bound for the library. I would be surprised if they didn't also have the usual form allowing them to provide a copy to University Microfilms. When I got my PhD from Yale in 1984 I was living in Cambridge, so I took my thesis to the bindery that was probably the same place that Ritchie didn't take his. I submitted my thesis to Yale, who rejected it because (inevitably) it was bound according to Harvard rules which were different from Yale rules. Fortunately, the difference boiled down to Harvard wanted only the author's last name on the spine while Yale wanted initials before the name. So I got a gold ink pen at the stationery store, carefully added my initials, and now I have my PhD. Ritchie's approach to day to day life was famously flaky and it is not out of the question that he just never got around to going to the bindery. At Bell Labs he chronically failed to cash his paychecks. I talked to someone who told me a story that one time they voided all the uncashed checks, wrote him a check for something like $20,000 (a lot of money in the 1970s), and personally walked him to the bank to deposit it. ------------------------------ Date: Fri, 31 Jul 2020 20:26:57 -0400 From: Monty Solomon Subject: xkcd: Photo Deposit https://xkcd.com/2335/ ------------------------------ Date: Fri, 31 Jul 2020 12:04:20 -1000 From: geoff goodfellow Subject: Quote of The Day (Thomas Sowell) *"The first lesson of economics is scarcity: there is never enough of anything to fully satisfy all those who want it. The first lesson of politics is to disregard the first lesson of economics."* https://twitter.com/ThomasSowell/status/1288471114038022144 ------------------------------ Date: Sat, 1 Aug 2020 01:11:00 -1000 From: geoff goodfellow Subject: Quote of The Day (Sven Henrich) *"Can't wait to take a vaccine that's been rushed through the system with none of the established safety protocols in place that require years of peer review and testing for side effects knowing that big pharma companies stand to make huge profits from it in a race to be first."* https://twitter.com/NorthmanTrader/status/1284925040862076928 ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.17 ************************