Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.48 RISKS-LIST: Risks-Forum Digest Friday 5 February 2021 Volume 32 : Issue 48 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: The Cyberweapons Arms Race (Nicole Perlroth) Google uncovers new iOS security feature Apple quietly added after zero-day attacks (geoff goodfellow) Killed by Google - the Google graveyard (Dan Jacobson) Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices (The Hacker News) NASA's space junk problem (Axios) AI Can Tell What Song You Are Listening to From Your Brainwaves (Matthew Sparkes) The iPhone's Face ID Will Soon Work With a Mask -- if You Have an Apple Watch (WiReD) How Google Searches Reveal the Hidden Cost of Lockdown (U.Warwick) F-35's Buggy Software Prompts Pentagon to Call in Universities (Bloomberg) Ford cuts F-150 pickup truck production due to semiconductor chip shortage (CNBC) Amazon Netradyne Driver Information on Vimeo (Gabe Goldberg) The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks (NYTimes) A Vast Web of Vengeance (NYTimes) Will Australia ban VPNs? (Lauren Weinstein) Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be Inactive (DCist) Ballot-Marking Devices in Georgia (Andrew Appel) No Flash, no trains (Apple Daily) Re: The `Dumb Money' Outfoxing Wall Street Titans (Henry Baker) Re: The Creeping Normalization of Robotic Police Officers (Amos Shapir) Re: An old arrest can follow you forever online... (Henry Baker) Re: Company name could lead to security xss attack? (Eli the Bearded) Re: The World Is Dangerously Dependent on Taiwan for Semiconductors (Dan Jacobson) Re: With Online Terms of Service, What Happens When You Click 'Agree'? (Dan Jacobson) Re: The calculus really is complex (Anthony Thorn) Risk analysis and CoVID variants (Rob Slade) Novel of the Next World War (Jan Wolitzky) A new bio-inspired joint model to design robotic exoskeletons (Richard Stein) Series of security lectures (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 5 Feb 2021 14:21:50 PST From: Peter Neumann Subject: The Cyberweapons Arms Race (Nicole Perlroth) Nicole Perlroth This Is How They Tell Me the World Ends: The Cyberweapons Arms Race Bloomsbury, 2021 This book is "The untold story of the cyberweapons market -- the most secretive, invisible, government-backed market on earth -- and a terrifying first look at a new kind of global warfare." Nicole Perlroth's new book will be a treasure chest for many RISKS readers. Although it focuses on information warfare, it does so in the context of much deeper issues relating to computer security and privacy. It includes details of many topics that have appeared here -- as well as in-depth coverage of many nevertheless RISKS-relevant items that have not. The title might seem a little presumptuous at first glance, but the book lives up to the title's expectations, and is right on the button (no pun intended). Indeed, considering its publication date (next Tuesday), it is amazingly up-to-date -- including some recent events earlier this year. She has wisely used her role of pursuing these topics for *The New York Times* in recent years, and has written a far-reaching book that digs deeply into its sources. I'm sure it will inspire some considerable further discussion for those of you who read it. Jill Lepore has written an outstanding four-page review: *Zero Day: Hacking the Whole World*, which appears in the current *The New Yorker*, 8 Feb 2021, pp. 55--58. I commend to you both Nicole Perlroth's book https://www.amazon.com/This-They-Tell-World-Ends/dp/1635576059 and Jill Lepore's analysis of it: https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way ------------------------------ Date: Sun, 31 Jan 2021 13:48:57 -1000 From: geoff goodfellow Subject: Google uncovers new iOS security feature Apple quietly added after zero-day attacks Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Gro=C3=9F, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Gro=C3=9F said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a *zero-click exploit that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year. [...] https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html ------------------------------ Date: Sun, 31 Jan 2021 07:36:55 +0800 From: Dan Jacobson Subject: Killed by Google - the Google graveyard Hey kids, before you get started on that new Google API, check out: https://killedbygoogle.com/ Killed by Google is the Google graveyard; a free and open source list of discontinued Google services, products, devices, and apps. We aim to be a source of factual information about the history surrounding Google's dead projects. Contributors from around the world help compile, research, and maintain the information about dying and dead Google products. You can join the discussion on GitHub, or follow us on Twitter. A project by Cody Ogden. Press inquiries and other assorted death threats... ------------------------------ Date: Thu, 4 Feb 2021 11:03:32 -1000 From: geoff goodfellow Subject: Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices (The Hacker News) The second can be exploited without requiring Wi-Fi #password, and the other allows exploitation of Wi-Fi client and full takeover. Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors. [...] https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html ------------------------------ Date: Thu, 4 Feb 2021 11:05:56 -1000 From: geoff goodfellow Subject: NASA's space junk problem (Axios) NASA needs to do more to understand the risks posed to spacecraft by space junk and find new ways to mitigate the threat, according to a report last week from the Office of Inspector General. Why it matters: Some see space junk as an environmental crisis in orbit. Millions of pieces of space debris speed around Earth at more than 17,000 mph, putting spacecraft and sometimes people in harm=99s way. Driving the news: The new OIG report suggests that while NASA has done a good job of deorbiting its own spacecraft and rocket bodies, many other nations haven't been as proactive, launching spacecraft and rockets that stay in orbit longer than the 25 years recommended. - Now experts warn the space agency will need to both mitigate the junk already in space and prevent future junk from being created to keep spacecraft safe in the future. - "Despite presidential and congressional directives to NASA over the past decade to develop active debris removal technologies, the Agency ha= s made little to no progress on such efforts," the OIG wrote. - The OIG also recommended NASA should develop a better means of tracking and understanding the nature of space junk in orbit to more effectively protect its spacecraft. The catch: Nations and private companies are working to find ways to effectively clean up space , but those technologies are still early in development. https://www.axios.com/nasa-protect-satellites-space-junk-89818dfe-1be3-48bc= -8d79-811d93528b83.html ------------------------------ Date: Mon, 1 Feb 2021 11:50:56 -0500 (EST) From: ACM TechNews Subject: AI Can Tell What Song You Are Listening to From Your Brainwaves (Matthew Sparkes) Matthew Sparkes, *New Scientist* 26 Jan 2021, via ACM TechNews, 1 Feb 2021 Artificial intelligence (AI) developed by researchers at Delft University of Technology in the Netherlands can identify the songs a person is listening to by examining their brainwaves. The researchers used an electroencephalography (EEG) cap that detects the brain's electrical activity to record the brainwaves of 20 test subjects as they listened to 12 songs through headphones while blindfolded in a dimly lit room. The AI was trained using short segments of each person's EEG readings along with the matching music clip to identify patterns, and identified the songs with 85% accuracy in tests on unseen portions of the data. However, accuracy fell below 10% when the AI was trained on EEG data from one person and then sought to identify a song when a different person listened to it. Said Delft's Derek Lomas, music is "just voltage fluctuations. And it's the same with the EEG." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-293a4x227ec3x071236 [One man's beat is another man's noise,n? PGN] ------------------------------ Date: Thu, 4 Feb 2021 18:20:45 -0500 From: Gabe Goldberg Subject: The iPhone's Face ID Will Soon Work With a Mask -- if You Have an Apple Watch (WiReD) Recognizing you while your face is covered is still pretty tough for a computer. Apple is facing our face-masked future. This week, the company started testing some new software for the iPhone that will let device owners unlock the handset while wearing a face covering. There's a catch, though, one that lines up with Apple's strategy of locking people in to different Apple products, and it highlights how challenging it can be to develop accurate facial recognition technology: The new face-unlock feature requires an Apple Watch. The first developer beta of iOS 14.5 includes updates to app tracking controls and Siri alongside the face-mask function. App-makers typically get early access to the newest version of iOS in order to launch or retool their apps well in advance of the formal software release. (Brave souls who don't mind the risk of potentially bricking their iPhones can also enroll in public beta releases.) The fully baked version of the software is expected to be made available to the general public this spring. https://www.wired.com/story/iphone-face-id-mask-ios-beta/ ------------------------------ Date: Wed, 3 Feb 2021 12:09:23 -0500 (EST) From: ACM TechNews Subject: How Google Searches Reveal the Hidden Cost of Lockdown (U.Warwick) University of Warwick (UK), 27 Jan 2021 via ACM TechNews 3 Feb 2021 Researchers at the U.K.'s University of Warwick, Canada's University of Ottawa, and France's Paris School of Economics and Aix-Marseille University found that Google Trends data from 10 countries across Europe and the U.S. between January 2019 and April 2020 demonstrated the impact of pandemic lockdowns on mental health. The researchers observed a sharp increase in the number of people searching on Google for terms related to boredom, loneliness, and worry at the beginning of the first lockdown. Said the University of Warwick's Nick Powdthavee, "Our findings indicate that people's mental health may have been severely affected by the pandemic and lockdown." Powdthavee added, "It may be necessary to make sure support is provided to help those struggling most with lockdown." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806bx068373& ------------------------------ Date: Wed, 3 Feb 2021 12:09:23 -0500 (EST) From: ACM TechNews Subject: F-35's Buggy Software Prompts Pentagon to Call in Universities (Bloomberg) Anthony Capaccio, *Bloomberg*, 2 Feb 2021 via ACM TechNews 3 Feb 2021 The Pentagon is consulting with U.S. universities to evaluate software on aerospace company Lockheed Martin's F-35 fighter jet, in the hope of correcting the buggy system. The F-35 program's Laura Seal said software experts at the Johns Hopkins University Applied Physics Laboratory, the Carnegie Mellon University Software Engineering Institute, and the Georgia Institute of Technology Research Institute are conducting an independent technical assessment. The $398-billion F-35 program involves Lockheed fighter jets equipped with more than 8 million lines of code each. Seal said the program office will analyze the assessment as part of "a broad range of information," then announce dates for program milestones, including simulated combat testing to rate the F-35's performance against the latest Russian and Chinese aircraft and air defenses. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806cx068373& ------------------------------ Date: Thu, 4 Feb 2021 16:03:33 -0500 From: Gabe Goldberg Subject: Ford cuts F-150 pickup truck production due to semiconductor chip shortage (CNBC) ...again. https://www.cnbc.com/2021/02/04/ford-forced-to-cut-pickup-production-due-to-semiconductor-shortage-.html ------------------------------ Date: Thu, 4 Feb 2021 20:58:11 -0500 From: Gabe Goldberg Subject: Amazon Netradyne Driver Information on Vimeo https://vimeo.com/504570835/e80ee265bc Snoopervision. As if driving/delivering isn't already stressful. ------------------------------ Date: Thu, 4 Feb 2021 00:24:43 -0500 From: Gabe Goldberg Subject: The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks (NYTimes) 432 Park, one of the wealthiest addresses in the world, faces some significant design problems, and other luxury high-rises may share its fate. The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks https://www.nytimes.com/2021/02/03/realestate/luxury-high-rise-432-park.html ------------------------------ Date: Thu, 4 Feb 2021 00:27:08 -0500 From: Gabe Goldberg Subject: A Vast Web of Vengeance (NYTimes) Outrageous lies destroyed Guy Babcock's online reputation. When he went hunting for their source, what he discovered was worse than he could have imagined. Author writes: Ms. Atas's victims spent years begging Google, Pinterest and WordPress to take down the slanderous posts or at least make them harder to find. The companies rarely did so, until I contacted them to request comment for this article. Pinterest then removed photos linked to Ms. Atas. Automattic, which owns WordPress, deleted her blogs. A Vast Web of Vengeance https://www.nytimes.com/2021/01/30/technology/change-my-google-results.html ------------------------------ Date: Thu, 4 Feb 2021 09:32:15 -0800 From: Lauren Weinstein Subject: Will Australia ban VPNs? Thought Experiment: Will the Australian government try to "do a China" and ban VPNs, when Aussies start using VPNs to access Google, if Google pulls out of Oz in justified response to the government there behaving like idiots who don't understand how the Internet works? ------------------------------ Date: Tue, 2 Feb 2021 19:32:20 -0500 From: Gabe Goldberg Subject: Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be Inactive (DCist) The commonwealth is one of two states (New Hampshire is the other) that deactivates drivers' passes and closes their accounts after a year of inactivity. This is due to the requirements of the state's unclaimed property regulations. With routines upended, many commuters would likely see their passes approach expiration come mid-March. But now, drivers have until the summer to avoid losing their pass's functionality. The Virginia Treasury Department has given the Virginia Department of Transportation (VDOT) a one-time, six-month moratorium on the deactivation rule because of the pandemic. https://dcist.com/story/21/02/02/virginias-e-z-pass-has-one-odd-rule-you-need-to-know/ Deactivate account, forfeit account balance, get sudden no-plate toll bill. Brilliant. ------------------------------ Date: Mon, 1 Feb 2021 13:16:59 PST From: Peter Neumann Subject: Ballot-Marking Devices in Georgia (Andrew Appel) https://freedom-to-tinker.com/2021/02/01/georgias-election-certification-avoided-an-even-worse-nightmare-thats-just-waiting-to-happen-next-time/ ------------------------------ Date: Sat, 30 Jan 2021 17:06:05 +0000 From: "Clive D.W. Feather" Subject: No Flash, no trains When Flash stopped working at the start of the year, it wasn't just online games that were affected. It turns out that a railway in China was running its systems using Flash. Their solution? To install a pirated version. https://hk.appledaily.com/news/20210117/FLXATT4LKVBGVEBRLAECJPTCHM/ https://jalopnik.com/any-1846109630 ------------------------------ Date: Fri, 29 Jan 2021 13:58:00 -0800 From: Henry Baker Subject: Re: The `Dumb Money' Outfoxing Wall Street Titans (NYTimes) There is a serious problem with the regulation of short selling, which has been going on for most of my 70+ years: you're not allowed to sell short shares that you haven't *borrowed*. This keeps the total number of shares shorted at less than the total number of shares in the public market (the "float"). However, some of the companies mentioned in these articles have had total shorted shares substantially greater than the total number of shares in the company, which proves that someone (actually, a large # of someone's) have been illegally rigging the system. The SEC claims to be looking into this whole situation, but I'm not holding my breath waiting for any fines or jail sentences. ------------------------------ Date: Sat, 30 Jan 2021 18:43:48 +0200 From: Amos Shapir Subject: Re: The Creeping Normalization of Robotic Police Officers (RISKS-32.47) This is not the future, it's the present. This might already happen with current surveillance cameras and face-recognition software, no need for robocops patrolling the streets. If that happens to anyone, they'd better keep themselves under house arrest, because this situation might happen again each time they step out -- until someone takes care to update the algorithms. ------------------------------ Date: Sat, 30 Jan 2021 18:20:25 -0800 From: Henry Baker Subject: Re: An old arrest can follow you forever online... (RISKS-32.47) What's good for the goose is good for the gander: Steve Bannon, Roger Stone, Rod Blagojevich, Tony Levandowski, Paul Manafort, Michael Flynn, Joe Arpaio, etc. will all want the same treatment. The phony "right to be forgotten" has to have some limits -- e.g., shouldn't those who run for office be required to disclose any legal troubles? What happens if someone runs for office and loses? Does the Internet now have to scrub itself of any of these disclosures made while they ran? The silly thing is that anyone who really cares -- e.g., a potential employer, a bank, an insurance company, etc., can easily find out all these things w/o any hindrance from *The Boston Globe*. Only you, as a woman attending a first date, won't be able to Google about your upcoming date without paying a hefty sum. ------------------------------ Date: Tue, 2 Feb 2021 17:08:01 -0500 (EST) From: Eli the Bearded <*@eli.users.panix.com> Subject: Re: Company name could lead to security xss attack? (Levine, RISKS-32.47) More recently the (now ex-)commissioner of the Department of Building Inspection (DBI) in San Francisco, Rodrigo Santos was regularly pocketing checks made out to DBI and changing the payee to RODBIGO SANTOS to cash them. The FBI published an example of such late last year. https://missionlocal.org/2020/09/rodrigo-santos-dbi/ I have to suspect automated check processing made this easier, as humans would likely scrutinize the change in handwriting better. The payers might not have looked closely so long as they got their building permits. Unfortunately for Rodrigo Santos, the computers also keep copies of the checks for police to subpoena. ------------------------------ Date: Sun, 31 Jan 2021 12:44:23 +0800 From: Dan Jacobson Subject: Re: The World Is Dangerously Dependent on Taiwan for Semiconductors (Bloomberg) And, we got the chips. So, World, how about some vaccines? https://www.qatar-tribune.com/news-details/id/206745/taiwan-to-germany-can-we-trade-semiconductor-chips-for-vaccine- https://focustaiwan.tw/politics/202101290021 https://www.taiwannews.com.tw/en/news/4113126 ------------------------------ Date: Sun, 31 Jan 2021 12:07:45 +0800 From: Dan Jacobson Subject: Re: With Online Terms of Service, What Happens When You Click 'Agree'? (The New York Times) And what happens when you try sending an email to one of those addresses in those Terms of Service? A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: legal@godaddy.com ------------------------------ Date: Sat, 30 Jan 2021 11:34:37 +0100 From: Anthony Thorn Subject: Re: The calculus really is complex (RISKS-32.46) I was of the same opinion as WOL along the lines that IF the first dose of the Pfizer/Biontech vaccine provides 60% protection (for twice as many people) and 100% protection against serious illness, it's a no-brainer from the epidemiological standpoint- if not for those individuals who would otherwise receive their second dose after 3 weeks. However Dr Fauci's statement that providing 60% protection to a large population would/could select for mutations with immunity to the vaccine adds a new level of complexity. https://www.businessinsider.com/fauci-coronavirus-variant-mutation-2nd-vaccine-dose-covid-2021-1 Fauci, speaking on a virtual World Economic Forum panel: "You don't get full efficacy until you get the second dose, and if you allow suboptimal efficacy, you can actually immunologically select for mutations," But England's chief medical officer Professor Chris Whitty: a "real worry but quite a small real worry". https://news.sky.com/story/covid-19-extending-gap-between-coronavirus-jab-doses-creates-small-risk-of-escaped-mutant-variant-whitty-12180180 I do not envy the politicians or even the scientific advisors their responsibility. ------------------------------ Date: Tue, 2 Feb 2021 09:35:47 -0800 From: Rob Slade Subject: Risk analysis and CoVID variants Right now, people are in a major panic about CoVID variants. B1.1.7 (aka UK), B1.351 (aka South Africa), CAL20C, and at least one from Brazil. By the time you read this, there will likely be others. CoVID is a really classic example of risk because so much probability is involved. As Donn Parker has famously said, there is no risk of encountering malware because, in the current computing environment there is no probability of encountering malware: it's a certainty. Almost none of the CoVID risk is binary. If you leave your house, you don't necessarily immediately get CoVID, it just increases the probability of your risk of getting infected. If you fail to wash your hands, you don't immediately get CoVID, it just increases the probability of your risk of getting infected. If you stand less than two metres away from someone, you don't immediately get CoVID, it just increases the probability of your risk of getting infected. If you don't wear a mask when you go out, you don't immediately get CoVID, it just increases the probability of your risk of getting infected. And, if you do get infected, there is probability involved again. You may never show any symptoms. Or you may have something like a mild case of the flu. Or you may die. Or you may just become really, really sick, and, for a month or so, *wish* you would die. Or you may become one of the long-haulers with some weird respiratory or neurological deficit that never goes away. It's a fairly random outcome, as far as we can tell at the moment. But there's more probability involved, and almost nobody is talking about it. Each time the virus reproduces, there is a chance of an error. Those errors become mutations. Most of the time, the mutation simply fails. The error causes the virus to fail to reproduce, or sometimes to fall apart. (Those mutations just disappear.) Sometimes the error doesn't really change much of anything, and it just makes it possible for us humans to do full genome sequencing and figure out where this particular case of CoVID came from. But sometimes, say once in 85.4 trillion times, the error produces something that will make the virus work slightly better than it did before. It may bind more tightly to human cells, or hide a bit better from antibodies. It'll be more successful. A more successful virus will tend to have an advantage, and will therefore sort of take over the niche that the viruses are trying to occupy, just like any other evolutionary population dynamics. If the new mutation is more successful because it infects faster or easier, then the variant will spread faster, and the new variant will be more infectious than the old variant, thus increasing the reproductive number and increasing the number of cases per day. But that's ironic, because each new case provides more opportunity for mutation. Each time the virus reproduces there is room for that error, and so each and every new case means a greater risk of more variants. Which means that every time you go out when you don't need to, or fail to wash your hands, or fail to distance, or fail to wear a mask, you not only risk getting infected, or giving the infection to your friends and family, or increasing the spread in your neighbour, but you also risk making a new variant, each one closer to the ultimate aim of the viruses to become something that infects everyone it contacts immediately, spreads via tiny aerosols that go right through filters, completely spreads through the entire organism, and then sits and does nothing and produces no detectable symptoms until a month after infection when it kills everyone. Now, lest you think that is too dark a thought in regard to virus variants, note that, right now, even with the variants that we have encountered, we *do* know how to deal with them. We need to do exactly what we have been told all along, only more so. Stay home if you can. Wash your hands. If you need to go out, keep your distance. If you need to go out, wear a mask. Don't go to parties. Don't hold parties. No, not even SuperBowl parties. Don't merge bubbles. This is not rocket science. And it works. ------------------------------ Date: Tue, 2 Feb 2021 19:53:09 -0500 From: Jan Wolitzky Subject: Novel of the Next World War Wired magazine is publishing a 6-part, serialized novel, by Elliot Ackerman and Admiral James Stavridis, about a near-future war between the U.S. and China that turns on innovations in artificial intelligence, quantum computing, and cyberweapons. ------------------------------ Date: Wed, 3 Feb 2021 20:59:24 +0800 From: Richard Stein Subject: A new bio-inspired joint model to design robotic exoskeletons (Techxplore.com) https://techxplore.com/news/2021-02-bio-inspired-joint-robotic-exoskeletons.html "Recent advances in the field of robotics have enabled the fabrication of increasingly sophisticated robotic limbs and exoskeletons. Robotic exoskeletons are essentially wearable 'shells' made of different robotic parts. Exoskeletons can improve the strength, capabilities and stability of users, helping them to tackle heavy physical tasks with less effort or aiding their rehabilitation after accidents." A fascinating field ripe for innovation. No ready means to determine the deployed product population. See some exoskeleton models: https://www.digitaltrends.com/cool-tech/robot-exosuit-roundup/ These systems can enable a paraplegic to ambulate. However, the limb motion control systems can injure human anatomy. The FDA's TPLC platform lists one product code, PHL, that categorizes regulations for powered exoskeletons, specifically "powered lower extremity exoskeleton." See https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=3931&min_report_year=2016. There are 20 medical device reports listed between 2016-2020. The key patient problem reported is bone fracture. The top-10 device problems attributed to the MDRs, in CSV format: Device Problems,MDRs with this Device Problem,Events in those MDRs Adverse Event Without Identified Device or Use Problem,6,6 Human-Device Interface Problem,5,5 Insufficient Information,2,2 Fracture,2,2 Component Missing,1,1 Break,1,1 Crack,1,1 Appropriate Term/Code Not Available,1,1 Noise, Audible,1,1 Detachment Of Device Component,1,1 The top-10 patient problems, attributed to the MDRs, in CSV format: Patient Problems,MDRs with this Patient Problem,Events in those MDRs Bone Fracture(s),14,14 Swelling,5,5 Bruise/Contusion,2,2 Edema,1,1 Head Injury,1,1 Joint Swelling,1,1 No Code Available,1,1 No Consequences Or Impact To Patient,1,1 Spinal Cord Injury,1,1 No Known Impact Or Consequence To Patient,1,1 ------------------------------ Date: Mon, 1 Feb 2021 08:43:47 -0800 From: Rob Slade Subject: Series of security lectures Oh, my brothers and only friends: I have been presented with an opportunity to give a whole series of presentations to a *non*-security group. We, as security people, always complain that nobody in tech ever wants to listen to us, so I am not about to turn down an opportunity for an eight-month gig to evangelize our non-security bretheren. VanTUG ( http://vantug.com/ ) started life as a Microsoft user group, so they want me to use Microsoft Teams, which I never have. I am still learning. Some things I like, and some I don't. The VanTUG President has told me that they are willing to have non-members attend the "meetings"/lectures, or to join the group. There is no charge for either membership or attendance. You can join the VanTUG "Team" at https://teams.microsoft.com/join/r7slh6566c60. It is not necessary to join in order to attend the "meetings"/lectures, but joining gets you announcements about the meetings. Or you can view the postings I'm making at https://community.isc2.org/t5/C/V/m-p/42919 or follow my Twitter feed at https://twitter.com/rslade The first of these presentations is going to be on this Tuesday, February 2nd, and the first and third Tuesdays of the month thereafter, currently slated to run until September. The meetings are from 7 pm to 8:30 pm ET: Vancouver). A (rough) list of topics can be found at the posting at https://community.isc2.org/t5/C/V/m-p/42919 The link for the first "meeting" is: https://teams.microsoft.com/l/meetup-join/19%3ameeting_MGNlNjNhMGItNzVjNC00NDk3LThmNDUtNDE3MjZlN2RmOTVh%40thread.v2/0?context=%7b%22Tid%22%3a%228d3d8493-09a7-43f8-97e6-9423036fdf31%22%2c%22Oid%22%3a%22055a3565-22c2-4d78-a9f2-e72f723df6ef%22%7d It might be easier to get it off the posting at https://community.isc2.org/t5/C/V/m-p/42919 or my Twitter feed at https://twitter.com/rslade So, if you are interested, or if you want to see "Teams" in action, or if you have any non-security friends that you want to be evangelized into security, or want to attend and heckle me when I make a mistake in what I tell them ... ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.48 ************************