Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.00 (97), Volume 32 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 32 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 32 (16 Jun 2020 -- 28 Dec 2021 ) (NOTE: This summary is archived in ftp file risks-32.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/32.00.html.) ---------------------------------------------------------------------- Date: Wed, 17 Aug 2016 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 32.00 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 32 (ongoing) (archived in ftp file risks-32.00) RISKS 32.01 Tuesday 16 June 2020 Russia Exploits Conspiracy Mill Americans Built (Nicole Perlroth) Fox News runs digitally altered images in coverage of Seattle's protests in the Capitol Hill Autonomous Zone (sundry sources) Harassment and cyberstalking (Travis Andersen) Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found (WashPost) Digitality, Personal Security & Privacy Risks (Robert Mathews) South African bank to replace 12M cards after employees stole master key (ZDNet) Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room (The Hacker News) Feds allege eBay terror campaign against Natick publishers of articles the company didn't like (Universal Hub) USA T-Mobile Hit by Widespread Voice and Data Outage (jonathan spira) Google is messing with the address bar again -- new experiment hides URL path (Ars Technica) 30,000 Unsuspecting Rose Bowl Attendees Were Scooped Up in a Facial Recognition Test (Medium) Joanna Hoffman: Facebook is peddling 'an addictive drug called anger' (CNBC) Why jK8v!ge4D isn't a good password (Toward Data Science) IoT Nutrition Labels (Keith Medcalf) What Zebra Mussels Can Tell Us About Errors In Coronavirus Tests (npr.org) Re: Election fiasco: Georgia on my mind (Bob Brown) Re: Multiple US agencies have purchased this mysterious mobile (Steve Singer) RISKS 32.02 Sunday 21 June 2020 TikTok Teens and K-Pop Fans Say They Sank Trump Rally (The New York Times) Widespread VSAP failures in California March 2020 primary (LA County) China Reports Progress in Ultra-Secure Satellite Transmission (NYTimes) U.S. blacklists 'China's MIT' as tech war enters new phase (Nikkei Asian Review) French Court Strikes Down Most of Online Hate Speech Law (NYTimes) Who's a Bot? Who's Not? (NYTimes) Microsoft 365 Security vulnerability (Forbers) Russia to install Orwellian facial recognition ... (Moscow Times) Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes (CNN) Mild virus cases may bestow far lower immunity (AFP) Contact Tracing (Lauren Weinstein) RISKS 32.03 Wednesday 24 June 2020 Vehicle Attacks Rise As Extremists Target Protesters (npr.org) Chrome extensions with 33 million downloads slurped sensitive user data (Ars Technica) Millions of documents from >200 US police agencies published in BlueLeaks trove (Ars Technica) Wrongfully Accused by an Algorithm (NYTimes) If T-Mobile's giant outage affected you, now's your chance to tell the FCC (Ars Technica) This sneaky malware goes to unusual lengths to cover its tracks (ZDNet) Masked arsonist might've gotten away with it if she hadn't left Etsy review (Jon Brodkin) Crooks abuse Google Analytics to conceal theft of payment card data (Ars Technica) Bot mafias have wreaked havoc in World of Warcraft Classic (WiReD) The Pentagon's Bottomless Money Pit (RollingStone) Testing, testing, testing (Rob Slade) Coronavirus misinformation, and how scientists can help to fight it (Dave Farber) Wirecard, a Payments Firm, Is Rocked by a Report of Missing $2B (NYTimes) Social Media Giants Support Racial Justice. Their Products Undermine It. (NYTimes) Square, Jack Dorsey's Pay Service, Is Withholding Money Merchants Say They Need (NYTimes) Many Medical Decision Tools Disadvantage Black Patients Why Obsessive K-Pop Fans Are Turning Toward Political Activism (NYTimes) Re: TikTok Teens and K-Pop Fans Say They Sank Trump Rally (William Bader) Re: Silicon Valley Can't Be Neutral (John Levine) RISKS 32.04 Friday 26 June 2020 The Army will soon allow users to access classified info from home (Army Times via Gene Spafford + PGN) CRISPR gene editing in human embryos wreaks chromosomal mayhem (Nature) More than 1 million coronavirus stimulus checks went to dead people according to the GAO (WashPost) How Thousands of Misplaced Emails Took Over This Engineer's Inbox (WiReD) Demographic report on protests shows how much info our phones give away (Engadget) FBI warns K12 schools of ransomware attacks via RDP (ZDNet) Hidden Back Door Embedded in Chinese Tax Software, Firm Says (Bloomberg) 80,000 printers are exposing their IPP port online (ZDNet) FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy (Krebs) The US-China Battle Over the Internet Goes Under the Sea (WiReD) Google Will Delete Your Data by Default in 18 Months (WiReD) Re: Medical decision tools (Dr. Robert R. Fenichel) Re: Only Sort of Wrongfully Accused by an Algorithm (John Levine) Risks for charities, non-profits, small group (Rob Slade) AI Ethics: IP Protection for AI-generated and AI-assisted works (Eventbrite/Wipo via Gabe Goldberg) RISKS 32.05 Saturday 27 June 2020 A New Normal: Siberian heat wave is a 'warning cry' from the Arctic, climate scientists say (Reuters) `PizzaGate' Conspiracy Theory Thrives Anew in the TikTok Era (NYTimes) EBay's Critics Faced an Extreme Case of an Old Silicon Valley Habit (NYTimes) Physicists Just Quantum Teleported Information Between Particles of Matter (Science Alert) Apple Watch Quote/Thread of The Day (Casey Newton) California University Paid $1.14 Million After Ransomware Attack (Bloomberg) Russian Criminal Group Finds New Target: Americans Working at Home (NYTimes) Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (Yeshiva World, Geoff Kuenning) Re: The Army will soon allow users to access classified info from home (Bob Wilson) Re: How Thousands of Misplaced Emails Took Over This Engineer's Inbox (Paul Wexelblat) Re: IP Protection for AI-generated and AI-assisted works (Henry Baker) Re: Wrongfully Accused by an Algorithm (Bella, Michael Bacon) Scientists just beginning to understand the many health problems caused by COVID-19 (Reuters) The number of new cases of COVID-19 is misleading (Mark Thorson) Re: 0.5% of coronavirus stimulus checks went to dead people (John Levine, Gabe Goldberg, John Levine, Gabe Goldberg) RISKS 32.06 Monday 29 June 2020 Man Dies after Relatives Unplug Ventilator for Air Conditioner Unit (Chuck Petras) 76-year-old American jailed in Spain was unwitting drug mule, U.S. says (The Boston Globe) Ripple20 IP stack vulnerability may affect literally billion devices (Chiaki Ishikawa) Security breach impacts Maine State Police database (BostonGlobe) How a Good Scam Can Bypass Our Defences (Bruce Grierson) E-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata (The Hacker News) Moroccan Journalist Targeted With Network Injection Attacks Using NSO Groups Tools (Amnesty International) Netgear moves to plug vulnerability in routers after researchers find zero-day (Sean Lyngaas) TikTok and 53 other iOS apps STILL snoop your sensitive clipboard data (Ars Technica) Zoom chats short circuit a brain function essential for trust -- and that's bad for business (Don Pittis) EFF & Heavyweight Legal Team Will Defend Internet Archive's Digital Library Against Publishers (Andy Maxwell) Re: 40 milliseconds to go halfway around the Earth? *NOT* (Fred Cohen) Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (James Cloos) Re: Smells Fishy? The Fish That Prevent Iran From Hacking (Michael Grant, Phil Nasadowski) Quote of The Day (George Orwell, 1984) RISKS 32.07 Friday 3 July 2020 A Doctor Confronts Medical Errors -- And Flaws In The System That Create Mistakes (npr.org) U.S. Watchdog's Report Faults Boeing's Disclosures on 737 Max Software (NYTimes) U.S. Cyber-Command says foreign hackers will most likely exploit new PAN-OS security bug (ZDNet) Education Dept. left Social Security numbers of thousands of borrowers exposed for months (WashPost) China's Software Stalked Uighurs Earlier and More Widely (NYTimes) A New Ransomware Targeting Apple macOS Users Through Pirated Apps (The Hacker News) Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers (BishopFox) When speech assistants listen even though they shouldn't (Julia Weiler) Over 400 Advertisers Hit Pause On Facebook, Threatening $70 Billion Juggernaut (NPR) How Police Secretly Took Over a Global Phone Network for Organized Crime (Irish News) Your next BMW might only have heated seats for 3 months (CNET) Microsoft releases emergency security update to fix two bugs in Windows codecs (ZDNet) Mr Potato Head sales problem (mykawartha) Deepfake Technology Enters the Documentary World (NYTimes) Fake 5G coronavirus theories have real-world consequences (WashPost) How automation is growing amid coronavirus outbreak and beyond (Orange County Register) Schools already struggled with cybersecurity. Then came COVID-19 (WiReD) Scary New Coronavirus is Now Infecting Millions, Study Says (CNN) Barbara Simons Receives 2019 ACM Policy Award (ACM) Re: Ripple20 IP stack vulnerability may affect literally billion devices (Brian Inglis) Re: Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (David E. Ross) Re: 40 msecs to go halfway around the Earth? (Henry Baker, Michael Bacon) Re: Quote of The Day (Henry Baker) RISKS 32.08 Tuesday 7 July 2020 No Injuries In Red Line Metro Derailment Outside Silver Spring (DCist) In Hong Kong, a Proxy Battle Over Internet Freedom Begins (NYTimes) Looks Like Russian Hackers Are on an Email Scam Spree (WiReD) Supreme Court bans debt collection robocalling to cellphones (TypePad) Goodbye to the Wild Wild Web (NYTimes) Encrypted Phone Network of Mob is Hacked in Europe (Adam Nossiter) Risks of Editing Wikipedia (Aida Chavez) Not so random acts: Science finds that being kind pays off (APNews) How my dad got scammed for $3,000 worth of gift cards (Zachary Crockett) Japanese startup creates 'connected' face mask for coronavirus new normal (Reuters) What we need is social-media distancing (Spectator) Early Covid-19 tracking apps easy prey for hackers, and it might get worse before it gets better (Jumbo Privacy) Re: Breaking HTTPS in the IoT: Practical Attacks For Reverse (Keith Medcalf) Re: Jane Goodall on conservation, climate change and COVID-19 (CBS News, (Dennis Allison) Re: A Doctor Confronts Medical Errors (Amos Shapir) Re: Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (Bill Matthews) Quote of The Day (Calvin Coolidge) RISKS 32.09 Monday 13 July 2020 24-Year-Old Australian Man Spent $2 Million After a Bank Glitch (Esquire) A Marine called customer service when his M107 failed during gunfight (Business Insider) Microsoft neuters Office 365 account attacks that used clever ruse (Ars Technica) How Universities Can Keep Foreign Governments from Stealingo Intellectual Capital (Scientific American) Poochin' Mnuchin? (Michael LeVine) Mental health, stress, and moral injury (Rob Slade) Home Security Camera Wi-Fi Signals Can be Hacked to Tell When People Are Home (Jonathan Chadwick) Uncovered: 1,000 Phrases That Incorrectly Trigger Alexa, Siri, and Google Assistant (Dan Goodin) Can an Algorithm Predict the Pandemic's Next Moves? (Benedict Carey) Supreme Court Preserves Limits on Autodialed Calls to Cell Phones, Overturns Government Debt Collection Exception (Cooley) Re: Not so random acts: Science finds that being kind pays off (Neil Youngman) RISKS 32.10 Tuesday 14 July 2020 Judge denies Harris County TX request to allow email voting for those infected with COVID-19 (Zach Despart, Houston Chronicle) Why Some Birds Are Likely To Hit Buildings (Scientific American) Microsoft Warns of a 17-Year-Old 'Wormable' Bug (WiReD) Risk Management (Rob Slade) Re: How Universities Can Keep Foreign Governments from Stealing Intellectual Capital (Amos Shapir) Re: Can an Algorithm Predict the Pandemic's Next Moves? (Jim Geissman) RISKS 32.11 Thursday 16 July 2020 High-profile Twitter accounts hacked (Sundry sources) Russian Hackers Trying to Steal Coronavirus Vaccine Research Intelligence Agencies Say (NYTimes) Iranian Spies Accidentally Leaked Videos of Themselves Hacking (WiReD) NOAA storm-spotting app was suspended after being overrun with false and hateful reports (WashPost) An invisible hand: Patients aren't being told about the AI systems advising their care (StatNews) CJEU rejects EU-US Privacy Shield (EAID-Berlin) EU court rules U.S. servers not private enough for its citizens' data (WashPost) When tax prep is free, you may be paying with your privacy (WashPost) Re: Why Some Birds Are Likely To Hit Buildings (Keith Medcalf) Re: 24-Year-Old Australian Man Spent $2 Million After a Bank Glitch (Martin Ward) RISKS 32.12 Monday 20 July 2020 `Friendliest,' not fittest, is key to evolutionary survival, scientists argue in their new book (The Hour) Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say intelligence agencies (CBC) Cloudflare DNS goes down, taking a large piece of the Internet with it (TechCrunch) Boeing's future is cloudy as it tries to restore credibility (WashPost) Seven 'no log' VPN providers accused of leaking -- yup, you guessed it -- 1.2TB of user logs onto the Internet (The Register) Outlook Woes: I have no email and I must scream (Computerworld) The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD) Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) The Role of Cognitive Dissonance in the Pandemic (The Atlantic) Machine Learning (MIT Tech Review) Re: The Dark Secret at the Heart of AI (Matthew Kruk) Re: An invisible hand: Patients aren't being told about the AI systems advising their care (Amos Shapir) Re: When tax prep is free, you may be paying with your privacy (Amos Shapir, Chris Drewe) Re: Why Some Birds Are Likely To Hit Buildings (Richard Stein, Craig S. Cottingham) RISKS 32.13 Thursday 23 July 2020 Russia report reveals UK government failed to investigate Kremlin (WashPost) Iranian state hackers caught with their pants down in intercepted videos (Ars Technica) Crooks have acquired proprietary Diebold software to jackpot ATMs (Ars Technica) Major new climate study rules out less-severe global warming scenarios (MSN) Is it time to reassess our relationship with nature? (BBC) European Public Sphere Towards Digital Sovereignty for Europe (ACATech) How Berkshire Hathaway May Have Been Snookered in Germany (NYTimes) Ongoing Meow attack has nuked >1,000 databases without telling anyone why (Ars Technica) Corporate giants shut down Trump texting program (Politico) Thieves Are Emptying ATMs Using a New Form of Jackpotting (WIRED) AT&T tells customers to change their phones or they won't work anymore (Android Police) CBP does end run around warrants, simply buys license plate-reader data (Ars Technica) Wattpad warns of data breach that stole user info (CBC-CA) There's a reason your inbox has more malicious spam -- Emotet is back (Ars Technica) Hackers use recycled backdoor to keep a hold on hacked e-commerce server (Ars Technica) Uber helping public health officials contact-trace riders and drivers for Covid-19 (Forbes) Banks' unique pandemic problem: Now everyone is wearing a mask (WashPost) The Spanish government prepares to implement facial recognition tech (Voz Populi) Phone carriers that profit from robocalls could have all calls blocked (FCC) CBP does end run around warrants, simply buys license-plate reader data (Ars Technica) Hackers Tell the Story of the Twitter Attack From the Inside (NYTimes) Re: The Dark Secret at the Heart of AI (Amos Shapir) Re: When tax prep is free, you may be paying with your privacy (David E. Ross, Pete Resiak) Re: Boeing's future is cloudy as it tries to restore credibility (Martin Ward, Gabe Goldberg, Martin Ward) Re: Darwin's tautology? (John Harper) RISKS 32.14 Sunday 26 July 2020 Anatomy of an Election `Meltdown' in Georgia (NYTimes) Intel's Stunning Failure Heralds End of Era for U.S. Chip Sector (Bloomberg) Russia's GRU hackers hit U.S. government and energy targets (Ars Technica) Unsolicited Chinese seeds? (Washington State Dept of Agriculture) Homeland in Portland? No, USAF. (The Intercept) Finally there's a handbook on voting (Kimberly Wehle) Conflict Over a Rental Car Leads to Elusive ATM Skimming Suspect (NYTimes) Letting Your Insurer Ride Shotgun, for a Discounted Rate (NYTimes) The three worst things about email, and how to fix them (WashPost) PDF signatures useless (ZDNet) Google is aware of 'w5' Wi-Fi failures on some Nest thermostats and providing replacements (Android Police) Re: Boeing's future is cloudy as it tries to restore credibility (Joseph Gwinn) Re: European Public Sphere Towards Digital Sovereignty for Europe (Drew Dean) RISKS 32.15 Tuesday 28 July 2020 EncroChat (ZDNet) China's Huawei holds a 5G trump card (Reuters) Elon and Jeff are brilliant! Surely *they* can solve our broadband issues. (Amitel) Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics) Coronavirus misinformation goes wild again (NYTimes Tech) The dishonest reporting on the riots is breathtaking. The crisis in our media deepens... (Twitter) NIST study finds that masks defeat most facial recognition algorithms Only those with plastic visors were infected: Swiss government warns against face shields (TheLocal.ch) Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (Rebecca Mercuri via PGN) PDF signatures *worse than* useless (Anthony Thorn) Re: Darwin's tautology? (Martin Ward) Re: The three worst things about email (Dmitri Maziuk) Re: Unsolicited Chinese seeds? (Devon McCormick) RISKS 32.16 Thursday 30 July 2020 Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades (VICE) The Panopticon Is Already Here: Chinese AI Creating Axis of Autocracy (The Atlantic) Let a thousand poppies bloom, thanks to cheap solar power (Areu) Hackers broke into real news sites to plant fake stories (WiReD) How Government Entities Use Geolocation Data To Identify Everyone (Shtfplan) Scientists Goofed and Accidentally Created a New Kind of Fish (Popular Mechanics) Apple's CEO Just Made This Extraordinary Statement About the Company's Most Important Product (INC) An unprecedented Nintendo leak turns into a moral dilemma for archivists (The Verge) Hospital lab tests delayed by "Twilight Zone" births (Paul Eggert) In Portland, getting out of jail requires relinquishing constitutional rights (ProPublica) Here's Trump's Plan To Regulate Social Media (Forbes) Trump's ... new Postmaster General wants your mail to be late or lost ... (NPR) America's *Frontlline Doctors*? (Gizmodo) Re: When tax prep is free, you may be paying with your privacy (Greg Searle) Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (Bob Wilson) Re: Darwin's tautology? (Henry Baker, Bob Wilson, Martin Ward) CFIA investigating mysterious shipments of seeds landing in mailboxes (CBC) RISKS 32.17 Saturday 1 August 2020 Florida Teen Arrested in Twitter Hack (The New York Times) How self-driving cars can alter consumer morality (JCR) PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget) Data isn't just being collected from your phone. It's being used to score you. (WashPost) Google accused by developer of retaliation for cooperating with House antitrust investigation (WashPost) Twitter hackers used "phone spear phishing" in mass account takeover (Ars Technica) MRI study reveals all mammals, including humans, share equal brain connectivity (StudyFinds) Global methane emissions soar to record high (Stanford) A concert is being held to learn how COVID-19 spreads at large events. Here's how? (Miami Herald) The "Cubic Model" (Martin Ward) Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades (Amos Shapir) Re: Let a thousand poppies bloom, thanks to cheap solar power (Scott Dorsey) Re: When tax prep is free, you may be paying with your privacy (Scott Dorsey) Re: Darwin's tautology? (Amos Shapir) Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (Al Stangenberger, John Levine) Photo Deposit (xkcd) Quote of The Day (Thomas Sowell) Quote of The Day (Sven Henrich) RISKS 32.18 Friday 7 August 2020 Omniviolence Is Coming and the World Isn't Ready (Nautilus) Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors (Intel Responds) Cyberattack causes Lafayette, CO city computer outage (Jim Reisert) Gabrmin reportedly paid multimillion-dollar ransom after suffering cyberattack (The Verge) U.S. FAA proposes requiring key Boeing 737 MAX design changes (Reuters) Beirut explosion (Lauren Weinstein) NSA Warns Cellphone Location Data Could Pose National-Security Threat (WSJ) Dickson Yeo and spying in the time of social networking (Straits Times) Coleorado police apologize over viral video of officers handcuffing Black girls in a mistaken stop (WashPost) Measure twice, sculpt once. (Atlas Obscura) Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD) Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in Jail (WiReD) Inaccurate Mailing Sent To Fairfax County Voters (Patch) WHO just gave us the worst possible coronavirus prediction (BGR) California virus-fighting efforts hampered by data delays (sfgate.com) Do Animals Really Anticipate Earthquakes? Sensors Hint They Do (Scientific American) Despite an unexpected monkey wrench, now is the time to install the July Wirndows and Office patches (Computerworld) Adapting the user to the software (The Verge) The case for banning law enforcement from using facial recognition technology (TJCI) Why a Data Breach at a Genealogy Site Has Privacy Experts Worried (NYTimes) Computers on verge of designing their own programs (Techxplore) AI bias detection; aka the fate of our data-driven world (ZDNet) The Truth Is Paywalled But The Lies Are Free (Current Affairs) A very good fake message from Facebook (Mike Alexander) Job-related scams and frauds (CBC) Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD) Blackbaud breach (Gabe Goldberg) Ajit Pai calls for vigorous debate on Trump's social media crackdown (Ars Technica) Sensitive to claims of bias, Facebook relaxed misinformation rules for conservative pages (NBC News) A Bug In Instagram's Hashtag Has Been Favoring Donald Trump (BuzzfeedNews) Big Problem: Twitter users attempting to expose @realDonaldTrump lies are being blocked for surfacing his lies! (CNN) From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled Online Path (NYTimes) FBI Used Information From An Online Forum Hacking To Track Down One Of The Hackers Behind The Massive Twitter Attack (TechDirt) Pranksters Stream Porn During Zoom Hearing for Alleged 17-Year-Old Twitter Hacker (gizmodo) Re: Darwin's tautology? (Peter Bernard Ladkin, PGN) Re: When tax prep is free, you may be paying with your privacy (Douglas Lucas, Chris Drewe) Bill English (Matthew Kruk) RISKS 32.19 Friday 14 August 2020 The Iconic Arecibo Telescope Goes Quiet After Major Damage (WiReD) The Tragic Physics of the Deadly Explosion in Beirut (WiReD) North Korean Hacking Group Attacks Israeli Defense Industry (NYTimes) Researchers discovered significant vulnerability in Amazon's Alexa (The Hill) Bald eagle attacks government drone and sends it to bottom of Lake Michigan (The Guardian) Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks (You Tube) Snapdragon chip flaws put >1 billion Android phones at risk of data theft (Ars Techica) Flaws in Samsung Phones Exposed Android Users to Remote Attacks (The Hacker News) Microsoft plugs at least 120 Windows security holes (Krebs on Security) Coming Next: The Greater Recession (Paul Krugman via Randall Head) Social media and misinformation (Rob Slade) Deepfakes or not??? (Mark Thorson) A protester tried to ID a police officer on Twitter. Now he faces a felony -- along with four who retweeted him. (WashPost) Scientists rename human genes to stop Microsoft Excel from misreading them as dates (The Verge) You do know you are being tracked, right? (WSJ) Thousands of cases went unreported in California when a computer server failed (NYTimes) Blackstone to acquire Ancestry.com for $4.7 billion (Oguh) USG Contractor Embedded Software in Apps to Track Phones (WSJ) Illiterate cell phone user experience (Dan Jacobson) Photoshop Will Help ID Images That Have Been Photoshopped (WiReD) Is it the AI That's Racist, or is it the Humans That Create the AI? (AI Daily) AI bias detection ... (PGN) Leaked Documents Reveal What TikTok Shares with Authorities -- in the U.S. (The Intercept via Richard Forno) Why & Where You Should You Plant Your Flag (Krebs on Security) Postal Service warns 46 states their voters could be disenfranchised by delayed mail-in ballots (WashPost) Mailer To DC Voters Prompts Widespread Confusion (DCist) Trump's lapdog Postmaster General wants to more than double costs for states to mail ballots to voters! Crooked through and through. (Law and Crime) Unwanted Truths: Inside Trump's Battles With U.S. Intelligence Agencies (NYTimes) The quest to liberate $300,000 of bitcoin from an old ZIP file (Ars Technica) Risk of driving while Black in conjunction with computer risks (anon) Why climate change is about to make your bad commute worse (WashPost) Chrome will start hiding most of URLs, but you can opt-out -- AND YOU SHOULD! (Lauren Weinstein) How romance scams are thriving during quarantine. (The Verge) No to Blockchain Credentials of COVID-19 Test Results for Entry to Public Spaces (EFF) Virginia launches contact-tracing app COVIDWISE using Apple, Google technology (WashPost) The nuclear mistakes that could have ended civilisation (bbc.com) Re: Omniviolence Is Coming and the World Isn't Ready (Eric Sosman) Re: Blackbaud breach (A Michael W Bacon) Re: City outage (A Michael W Bacon) Re: Beirut explosion (A Michael W Bacon) Re: Beirut Blast (3daygoaty) Re: Tom's Hardware goes dark/side/ (Steve Singer) Re: When tax prep is free, you may be paying with your privacy (David Damerell) RISKS 32.20 Monday 17 August 2020 Cops tap smart streetlights sparking controversy and legislation (IEEE Spectrum) NSA, FBI Expose Russian Intelligence Hacking Tool (Christopher Bing) New attack lets hackers decrypt VoLTE encryption to spy on phone calls (The Hacker News) Can police demand you unlock your phone? NJ court says yes. (Apple News) FDA Inspector FTE and Product Recalls 2008-2019 (Richard Stein) Feds are treating BlueLeaks organization as ‘a criminal hacker group,’ documents show (The Verge) New Hampshire passes "Jetson law" to allow some flying vehicles (Axios) Greenland's ice sheet has melted to a point of no return, according to new study (CTV News) Trump's attacks on Postal Service could kill more Americans than COVID-19 (Lauren Weinstein) Machine learning-based COVID-19 voice detection (Times of Israel) Expired certificate contributed to undercounting of Calif. COVID cases (SC Magazine) 'A national crisis': As coronavirus forces many schools online this fall, millions of disconnected students are being left behind (WasPost) Re: Beirut blast: The other countries with dangerous dumps of explosives (Richard Stein) Re: The nuclear mistakes that could have ended civilization (Amos Shapir) Re: Apple stumbled into a war with the gaming industry, and the future of iOS is at stake (The Verge via Monty Solomon) Re: Is it the AI That's Racist, or is it the Humans That Create the AI? (Amos Shapir) Re: Deepfakes or not??? (John Ballman, John Levine) Re: When tax prep is free, you may be paying with your privacy (Wol) Re: Tom's hardware NOSCRIPT (Dmitri Maziuk) Re: Why & Where You Should You Plant Your Flag (Henry Baker) Quote of The Day (George Bernard Shaw) RISKS 32.21 Friday 21 August 2020 Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' (The Independent) What would happen to Earth if humans went extinct? (Live Science) Would you like to live forever? (The Sun) A typo created a 212-story monolith in Microsoft Flight Simulator (Engadget) Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security) "Driverless cars are coming soon." (The Telegraph) How Your Phone Is Used to Track You, and What You Can Do About It (NYTimes) Tokyo's latest attraction: Transparent public toilets (cnn.com) DC No Longer Has Online Voter Registration (DCist) GOP-led Senate panel details ties between 2016 Trump campaign and Russian interference (NYTimes) Trump's 2016 campaign chair was a 'grave counterintelligence threat' (WashPost) Postal Service backs down on changes as at least 20 states sue over potential mail delays ahead of election (CNN) America Has Two Feet. It’s About to Lose One of Them. (NYTimes) U.S. Secret Service buys location data that would otherwise need a warrant (Ars Technica) Booze and cruise providers are the latest to be hit by ransomware scourge (Ars Technica) Researchers Can Duplicate Keys from the Sounds They Make (Kottke) Bluetooth update could turn wearables into COVID-19 trackers (Engadget) USPS filed a patent for Blockchain voting system (Decrypt) Russian opposition leader Alexei Navalny 'poisoned' (BBC) Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) U.S. COVID-19 and World War 2 mortality rates, interim comparison (Richard Stein) Israeli gargle trial gives COVID results in 1 sec., 95% accuracy (Henry Crun) RISKS 32.22 Monday 24 August 2020 Why Does California Have So Many Wildfires? (NYTimes) Lithium-ion battery caused Loudoun Co. house fire, nearly $1M in damages (WTOP) Depth of White House tampering with Postal Service revealed (NYTimes) Washington Postal workers defy USPS orders and re-install mail sorting machines (Forbes) Windows 10 v.2004 messes with Windows Credentials Manager (Gabe Goldberg) On-line banking errors revisited (Jared Gottlieb) How One Man Broke Through Google's Election Ad Defenses (WiReD) Google also blurs power tower ID plate (Dan Jacobson) Date and time synchronization (Paul Robinson) DiceKeys Creates a Master Password for Life With One Roll (WiReD) Re: Driverless cars are coming soon (A Michael W Bacon, Bob Wilson) Re: Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' (Richard Stein) Re: How Your phone is used to track you, and what you can do about (Amos Shapir) Re: Saliva Test for Covid-19 (Peter Bernard Ladkin) Re: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy (John Levine) Re: U.S. COVID-19 and World War 2 mortality rates, interim comparison (Henry Baker, Richard Stein) RISKS 32.23 Tuesday 25 August 2020 Grading by algorithm results in UK debacle (Adam Satariano) Surge staff and electronic records (Health in AU) Commissioner of FDA admits he provided false information about COVID-19 treatment (MedicalXpress) Profs and loss - China is killing academic freedom in Hong Kong China (The Economist) A Chrome feature is creating enormous load on global root DNS servers (Ars Technica) Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over His TikTok Executive Order (Reason.com) COVID-19 When Less is More (The Atlantic) Re: Fiddling with the environment (A Michael W Bacon) Re: Driverless cars are coming soon followup (Peter Houppermans) Re: Date and time synchronization (Terje Mathisen) Re: Washington Postal workers defy USPS orders and re-install mail, sorting machines (Jack Christensen) Re: Dicekeys (Arthur T.) Re: Why Does California Have So Many Wildfires? (Henry Baker) RISKS 32.24 Saturday 29 August 2020 Cosmic rays may soon stymie quantum computing (phys.org) Tesla with Autopilot hits cop car; driver admits he was watching a movie (ArsTechnica) A Tesla Employee Thwarted an Alleged Ransomware Plot (WiReD) Ransomware Has Gone Corporate -- and Gotten More Cruel (WiReD) Sendgrid Under Siege from Hacked Accounts (Krebs on Security) A bug in Windows 10 could be slowly wrecking your SSD (PC Gamer) Ambulance won't find mislocated addresses (Dan Jacobson) How algorithms keep workers in the dark (bbc.com) The risks of supply chain threat sharing (Federal Computer Week) Re: Driverless cars are coming soon followup (Wol, Michael Bacon, Chris Drewe) Re: Very old news. A Chrome feature is creating enormous load on global root DNS servers (John Levine) Re: Washington Postal workers defy USPS orders (Peter Houppermans) Re: Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over His TikTok Executive Order (Amos Shapir) For Election Administrators, Death Threats Have Become Part of the Job (ProPublica) Viral pro-Trump tweets came from fake African American spam accounts, Twitter says (NBC News) USPS is telling people their mail is being held 'at the request of the customer.' It isn't true. Re: Fiddling with the environment (John Levine) Re: What would happen to Earth if humans went extinct? (Paul Robinson) Re: Greenland glacier melt (R. G. Newbury) Re: Date and time synchronization (John Harper, David Halliwell) Re: Dicekeys, an additional risk (Bart Z. Lederman) RISKS 32.25 Monday 7 September 2020 Blistering Consumer Reports review of Tesla's $8000 full self-driving package, including some serious safety concerns (Twitter) Research questions (Gene Spafford) Apple Accidentally Approved Malware to Run on MacOS (WiReD) Parents Face Tech Issues On First Day Of School In Wash DC and Maryland (DCist) Man blows up part of house while chasing fly (bbc.com) The surprising secret hidden in a pregnancy test (bbc.com) It Has Come to This: Ignore the CDC (NYTimes OpEd) Intel Slips, and a High-Profile Supercomputer Is Delayed (NYTimes) Amazon Drivers Are Hanging Smartphones in Trees to Get More Work (Bloomberg) Russians Again Targeting Americans With Disinformation, Facebook and Twitter Say (NYTimes) FBI worried that Ring doorbells are spying on police (bbc.com) The Subtle Tricks Shopping Sites Use to Make You Spend More (WiReD) A Saudi Prince's Attempt to Silence Critics on Twitter (WiReD) California: Tell Your Senators That Ill-Conceived Immunity Passports Won't Help Us (EFF) Online Voting Company Pushes to Make It Harder for Researchers to Find Security Flaws (Alfred Ng) Russian election interference continues (NYTimes) "Vote early, vote often?" Happy National Poll Worker Recruitment Day (Rebecca Mercuri) Re: For Election Administrators, Death Threats Have Become Part of the Job (Malcolm) Court Approves Warrantless Surveillance Rules While Scolding FBI (NYTimes) Blanked-Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps (Buzzfeed) How Four Brothers Allegedly Fleeced $19 Million From Amazon (WiReD) A critical flaw is affecting thousands of WordPress sites (WiReD) Is Your Chip Card Secure? Much Depends on Where You Bank (EPAM) The Brain Implants That Could Change Humanity (NYTimes) Neuralink: Elon Musk unveils pig he claims has computer implant in brain (The Guardian) New parking technology aims to manage curb space virtually (WashPost) The Pod People Campaign: Driving User Traffic via Social Networks (Courtney Falk via Gene Spafford) Re: Humans Take a Step Closer to Flying Car (geoff goodfellow) Re: Driverless cars are coming soon followup (Martin Ward) Re: Tesla with Autopilot hits cop car; driver admits he was watching a movie (Barry Gold) Re: Date and time synchronization (David E. Ross, Terje Mathisen)a Re: Dicekeys, an additional risk (Craig S. Cottingham, Bob Wilson) Re: Greenland glacier melt (Amos Shapir, David Damerell) Re: Grading by algorithm results in UK debacle (John Murrell) RISKS 32 26 Sunday 13 September 2020 Insecure satellite Internet is threatening ship and plane safety (Ars Technica) The Hubble Space Telescope Still Works Great, Except When It Doesn't (npr.org) SpaceX's Dark Satellites Are Still Too Bright for Astronomers (Scientific American) Man vs. machine: Pentagon plans 2024 dogfight between human pilot, artificial intelligence (WashTimes) Weakened Encryption: The Threat to America's National Security (Third Way) Why Do Voting Machines Break on Election Day? (The Markup) Why human brains are bad at assessing the risks of pandemics (WashPost) First Pandemic, Now Ransomware: Attack Forces Hartford to Postpone School (NYTimes) Website Crashes and Cyberattacks Welcome Students Back to School (NYTimes) 44 Square Feet: A School-Reopening Detective Story (WiReD) Creepy Geofence Finds Anyone Who Went Near a Crime Scene (WiReD) Apple postpones iOS 14 privacy update following Facebook uproar (Business Insider) How Big Oil Misled The Public Into Believing Plastic Would Be Recycled (npr.org) New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption (The Hacker News) Ericsson spotlights open RAN security risks (MobileWorldLive) Re: Intel Slips, and a High-Profile Supercomputer Is Delayed (Phil Martel) Re: Humans Take a Step Closer to Flying Car (Amos Shapir) Re: Leap-seconds (John Stockton) Re: Happy National Poll Worker Recruitment Day (Richard A. DeMattia) RISKS 32.27 Friday 18 September 2020 PG&E error at power plant may help explain California's rolling blackouts (SFChronicle.com) Using information to cause a blackout (Crypto-gram) Small drink cup-holders lead to engine shutdowns on A350s (FlightGlobal) A Tesla driver was caught sleeping on Autopilot at high speed, police are charging him criminally (electrek}) University Ransomware Attack Exploits Citrix, Kills German Hospital Patient (Politico) Weakened Encryption: The Threat to America's National Security (ThirdWay) At this point, 5G is a bad joke (Computerworld) Mobile phone radiation may be killing insects: German study (phys.org) Listening To An IPhone With AM Radio (Hackaday) Is the Internet Conscious? If It Were, How Would We Know? (Vinton Cerf) Voatz letter published (Jack H Cable) A Quick Note on Voting Twice (Matt Bishop) How smart tech could help save the world's honey bees (cnn.com) The future is cyborg: Kaspersky study finds support for human augmentation (Reuters) Police Across Canada Are Using Predictive Policing Algorithms, Report Finds (Nathan Munn) The 20-Year Hunt for the Man Behind the Love Bug Virus (WiReD) Phone system cursed by magic words (Chicago Tribune) I Have Blood on My Hands: A Whistleblower Says Facebook Ignored Global Political Manipulation? (Buzzfeednews) How an Epic Series of Tech Errors Hobbled Miami' Schools (WiReD) Early research from 23andMe strengthens link between blood types and Covid-19 (Kate Sheridan) New Report Explains COVID-19's Impact on Cybersecurity (The Hacker News) Re: 44 Square Feet: A School-Reopening Detective Story (Brian Inglis) RISKS 32.28 Tuesday 22 September 2020 Boeing cuts flight training pilots, will outsource jobs overseas (The Stand) Deepfakes to turn world into 'sci-fi dystopia' as humans 'won't tell difference' (Daily Star) DARPA-funded implantable biochip to detect COVID-19 could hit markets by 2021 (ZeroHedge) Election systems already hacked? (Bob Woodward via Glenn Story) Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location (The Hacker News) Old TV caused village broadband outages for 18 months (BBC) The Fight Over the Fight Over California's Privacy Future (WiReD) Fake directors plan to combat money laundering (bbc.com) D.C.'s New Area Code Will Be... 771 (DCist) Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere (WiReD) New Covid-19 swab test robot offers safe, more comfortable procedure for patients (Straits Times) Re: The future is cyborg (George Sigut) Re: A Quick Note on Voting Twice (Andrew Appel via PGN) Re: The future is cyborg (Martyn Thomas) RISKS 32.29 Friday 25 September 2020 Tesla network outage -- massive (Electrek and The Sun) 5G Wireless May Lead to Inaccurate Weather Forecasts (Rutgers Today) Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone (The Hacker News) Tribune staff furious as cybersecurity test email makes cruel promises (WashPost) World's Biggest DataBreaches and Hacks (Information Is Beautiful) UK COVID-19 test booking website bugs tell some user no test slots are available (Schools Week) Pandemic spurs journalists to go it alone via email (Axios) Re: Old TV caused village broadband outages for 18 months (Attila the Hun) Re: Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location (paul wallich) Re: D.C.'s New Area Code Will Be... 771 (John Levine) Re: UK Companies House (Peter Bernard Ladkin) Re: Boeing cuts flight training pilots, will outsource jobs overseas: Link fix (Steve Klein) RISKS 32.30 Friday 2 October 2020 Microsoft says Russia behind most nation-state cyber-attacks (Bloomberg) Conservative operatives face felony charges in connection with robocalls seeking to mislead voters (WashPost) More on Cambridge Analytica (UK Channel 4) Error discovered on Georgia touchscreens in US Senate race (Mark Niesse) Maryland's web-delivered ballots must be hand-copied to be counted (WashPost) Tokyo Stock Market Halts Trading for a Day, Citing Glitch (NYTimes) Is The Internet falling apart? (The Hill) Apple marches to a different beat (Henry Baker) Robots smaller than the width of a hair (bbc.com) Could future AI turn animals against us? (The Next Web) This Is How Much Top Hackers Are Earning From Bug Bounties (Steve Ranger) Windows XP source code leaks online (The Verge) File under `feature interaction' (BBC) Third-Party Code Bug Left Instagram Users at Risk of Account Takeover (Alex Scroxton) MIT Media Lab develops sleep-tracking device that alters dreams to boost creativity (Science Times) Privacy of biometric data in DHS hands in doubt, IG says (RollCall) New homeowner 'freaked out' when stranger took control of her security system (CBC.CA) Alarm company "overlooked" change of home ownership (CBC.CA) Teacher saw a BB gun in 9-year-old's room during online class, who faced expulsion (WashPost) Using deep learning to control the unconsciousness level of patients in an anesthetic state (Techxplore.com) Re: A Tesla driver was caught sleeping on Autopilot (Martin Ward) Re: Tribune staff furious as cybersecurity test email makes cruel promises (John Beattie) Re: D.C.'s New Area Code Will Be... 771 (Wol) Re: Pandemic spurs journalists to go it alone via email (Steve and Micki Bacher) RISKS 32.31 Saturday 10 October 2020 Too many passengers at front of plane caused take-off issue at Luton Airport (BBC) Tesla owner says he butt-dialed a $4,280 Autopilot upgrade (CNBC) Why cars are more "fragile": more technology has reduced reobustness (Paul Robinson) Polestar 2 EV recalled over glitch that can cut power while driving (Engadget) Space is becoming too crowded, Rocket Lab CEO warns (CNN) Botched Excel import may have caused loss of 15,841 UK COVID-19 cases (Thomas Dzubin plus others) Psychology study indicates that narcissists are more involved in politics than the rest of us (SagePub) Doctor gave an inept diagnosis for a neurological problem (WashPost) Can AI Detect Disinformation? A New Special Operations Program May Find Out (Defense One) California bar exam has facial recognition problems (SanFranChronicle) Nuclear Waste and Nuclear Waste Management at the Hanford Site (ContentSharing) Charges filed in hack that caused NFL athlete's nude pics to be posted on Twitter (Ars Technica) A Literal Child and His Mom Sue Nintendo Over Joy-Con Drift' (WiReD) Eero for Service Providers: Eero Wi-Fi mesh targeted at ISPs (Ars Technica) DHS warns that Emotet malware is one of the most prevalent threats today (Ars Technica)) 'Smart' male chastity device vulnerable to locking by hackers: researchers (AFP) Hackers targeting IoT devices with a new P2P botnet malware (The Hacker News) Supreme Court takes on Google vs. Oracle: The biggest software development case ever (ZDNet) 55 New Security Flaws Reported in Apple Software and Services (The Hacker News) Researchers Find Vulnerabilities in Microsoft Azure Cloud Service (The Hacker News) Microsoft Office 365, Outlook down again (ZDNet) CyberCommand has sought to disrupt the world's largest botnet, hoping to reduce its potential impact on the election (WashPost) Pennsylvania voter services website crashes as 2020 election mail ballot deadlines loom (Inquirer) Clinical Trials Hit by Ransomware Attack on Health Tech Firm (Nicole Perlroth) Flawed Algorithm Used to Determine UK Welfare Payments Is 'Pushing People Into Poverty' (Thomas Macaulay) 'The Wire' inspired a fake turtle egg that spies on poachers (WiReD) The robot shop worker controlled by a faraway human (bbc.com) "A friend of a friend at Google interviewed at Facebook right as the virus hit" (unnamed via twitter) Documents Show How The LAPD Was Trained To Use Palantir (BuzzFeed) Meet the Customer Service Reps for Disney and Airbnb Who Have to Pay to Talk to You (ProPublica) Digital pioneer Geoff Huston apologises for bringing the Internet to Australia (ZDNet) Psychographic Profiling cartoon (Tom Fishburne -- Marketoonist) Re: Maryland's web-delivered ballots must be hand-copied to be counted (Amos Shapir) Re: Apple marches to a different beat (Steve Klein, John Levine, Alan Ralph, Craig S. Cottingham) RISKS 32.32 Thursday 15 October 2020 Various election shenanigans (PGN) Court Orders Seizure of Ransomware Botnet Controls as U.S. Election Nears (Reuters) Campaigns sidestep Cambridge Analytica crackdown with new methods (AFP) Severed cable takes out Virginia voter site on registration deadline (Ars Technica) A different way the news is dividing America (yahoo!) Inside the strange new world of being a deepfake actor (MIT Tech Review) From a small town in North Carolina to big-city hospitals, how software infuses racism into U.S. health care (Casey Ross) Split-Second `Phantom' Images Can Fool Tesla's Autopilot (WiReD) Car design about to change forever? (Fast Company) Cruise received a permit from the California DMV to remove human backup drivers from our self-driving cars (Twitter) This Ferrari got bricked because someone tried to upgrade it underground, where there's no cell reception. DRM in cars rules. (Twitter) Fifth of countries at risk of ecosystem collapse, analysis finds (The Guardian) The Man Who Speaks Softly -- and Commands a Big Cyber Army (WiReD) SpaceX Is Building a Military Rocket to Ship Weapons Anywhere in the World in 1 hour (Business Insider) Israel cyber watchdog rests on the sabbath (Israel Defense) Hacking a Coffee Maker (Bruce Schneier's CRYPTO-GRAM) Apple's T2 security chip has an unfixable flaw (Lily Hay Newman) Indian Police Accuse Popular TV Station of Ratings Fraud (NYTimes) Watch out for this green dot on your iPhone -- it means someone is watching (The Sun) Fairfax County Schools Employee Data Leaked On Dark Web: Report (Patch) A prison video visitation service exposed private calls between inmates and their attorneys (Tech Crunch) Herd immunity letter signed by fake experts including 'Dr Johnny Bananas (The Guardian) Updated Eusprig page (Patrick O'Beirne) 'I Feel Like I Have Dementia': Brain Fog Plagues Covid Survivors (NYTimes) International Statement: End-To-End Encryption and Public Safety (DoJ) Wearable tattoo: Scientists print sensors directly onto skin without heat (UPI) Continuous glucose monitoring/insulin dosing systems (NIH via Richard Stein) Onions too sexy for Facebook (BBC) Interview techniques and the "don't know" answer (Rob Slade) To my friends and colleagues in the U.S.: Be careful out there. (Rob Slade) Re: Why cars are more "fragile": more technology has reduced robustness (Chris Drewe) Re: Risks of Excel (Anthony Thorn) Re: Botched Excel import may have caused loss of 15,841 UK COVID-19 cases (A Michael W Bacon) Re: Apple marches to a different beat (Henry Baker) RISKS 32.33 Saturday 24 October 2020 Air Force updates code on plane mid-flight (The Aviationist) Alexa Causes Evacuation Panic in Boulder County, Colorado (William Kucharski) Experts: Florida Voting Machines Ripe for Foreign Hackers (John Pacenti) FDA Hid Names of Dietary Supplements Linked to Hundreds of Reports of Harm (Consumer Reports) Censorship or Sensibility? (The Intercept) Six Russians Tied to Hacks Aroound Globe (NYTimes) "We've collected tens of millions of posts to underground crime forums (Ross Anderson) Exponential growth in DDoS attack volumes (Google) The Contest to Protect Almost Everything on the Internet (Sara Castellanos) Researchers find huge, sophisticated black market for trade in online 'fingerprints' (techxplore.com) Annoying-as-hell ransomware attack in Finland (mikko) Adblockers installed 300,000 times are malicious and should be removed now (Ars Technica) POTUS Twitter account reportedly hacked by Dutch whitehat (Volkskrant) A shadowy AI service has transformed thousands of women's photos into fake nudes: ``Make fantasy a reality'' (WashPost) The AI that spots Alzheimer's from cookie drawing (bbc.com) Twitter is currently down, perhaps globally (Lauren Weinstein) How does Google's monopoly hurt you? (WashPost) DHS, USCIS to Modernize, Define the Collection of Biometrics (THomas Kuhn) Sony PS5 enables voice recording (The Verge) Paleontologists See Stars as Software Bleeps Scientific Terms (NYTimes) Ailments in Covid-19 Trials Raise Questions About Vaccine Method (Bloomberg) Networking Theory and Superspreader Events (Rob Slade) Some notes on publishing (Rob Slade) Cochlear and bone conduction implants to mitigate hearing (Richard Stein) 'E.T.' 1982 Atari Game: The True Story Behind the Worst Video Game Ever (MelMagazine) Re: Fifth of countries at risk of ecosystem collapse (Richard Stein) Re: Why cars are more "fragile": more technology has reduced robustness (Wol) Re: SpaceX Is Building a Military Rocket to Ship Weapons Anywhere in the World in 1 hour (David Alexander, Erling Kristiansen) Re: A different way the news is dividing America (John Levine, Richard Stein, John R. Levine, Steve Bacher) Re: Continuous glucose monitoring/insulin dosing systems (Richard Stein) RISKS 32.34 Tuesday 27 October 2020 14 minutes in a "Full Self Driving" #Tesla beta test results in *6* different problems (Twitter) UK national police computer down for 10 hours after engineer pulled the plug (Attila the Hun) State inspection report sheds additional light on deadly Allston elevator accident (The Boston Globe) More on erroneous Alexa/third-party data provider evacuation notices in Boulder County, Colorado (William Kucharski) Surveillance Startup Used Own Cameras to Harass Coworkers (Vice) Security Researchers Warn of Security and Privacy Risks Caused by Link Preview Feature in Popular Messaging Apps (The Hacker News) A nonprofit with ties to Democrats is sending out millions of ballot applications. Election officials wish it would stop. (ProPublica) Here's why residents of Boston just received a COVID-19 emergency alert (The Boston Globe) Re: How does Google's monopoly hurt you? (Jose Mateos)( Re: Air Force updates code on plane mid-flight (Henry baker) Re: POTUS Twitter account reportedly hacked by Dutch whitehat (Rob Slde) Re: Censorship or Sensibility? (Barry Gold) Re: Why cars are more "fragile" (Chris Drew) RISKS 32.35 Monday 2 November 2020 Defective Panels in Solar Arrays (Ben Heubl via Peter Bernard Ladkin) American Pilots To Reassure Passengers Before MAX Flights (avweb.com) Axios Navigate (Axios) U.S. hatches plan to build a quantum Internet that might be unhackable (WashPost) NASA’s new rocket would be the most powerful ever. But it’s the software that has some officials worried. (WashPost) Elon Musk's SpaceX says it will make its own laws on Mars (Independent) Robot Trained in Simulation Performs Better in Real Life (Chris Stokel-Walker) Using AI to control a camera at a sports event -- oops! (IFLScience) Four years since the Mirai-Dyn attack, is the Internet safer? (Techxplore.com) FBI warns of "imminent" ransomware attacks on hospital systems (CBS News) In a first, researchers extract secret key used to encrypt Intel (Dan Goodin) Marriott Hotels fined 18.4m pounds for data breach that hit millions (bbc.com) Two Former eBay Employees Plead Guilty to Aggressive Cyberstalking Campaign Targeting Natick Couple (DoJ) The Unsinkable Maddie Stone, Google's Bug-Hunting Badass (WiReD) Beware a New Google Drive Scam Landing in Inboxes (WiReD) Apple develops alternative to Google search (FT) Senator Brian Schatz of Hawaii calls sec.'s testimony what it really was (Amos Shapir) @Team_Trump45 and the Hazards of Online Sleuthing (WiReD) Wisconsin GOP Lost $2.3 Million in an Email Scam (WiReD) New ‘Media Manipulation Casebook’ from Harvard teaches how to detect misinformation campaigns (WashPost) How a fake persona laid the groundwork for a Hunter Biden conspiracy deluge (NBC News) NSA Pot calling Chinese Kettle Black (Joseph Menn via Henry Baker) Re: How does Google's monopoly hurt you? (Julian Bradfield) Re: Air Force updates code on plane mid-flight (David Alexander) Re: UK national police computer down for 10 hours after engineer pulled the plug (Dick Mills) Re: Censorship or Sensibility? (San Steingold) Re: More on erroneous Alexa/third-party data provider evacuation notices in Boulder County, Colorado (Dan Jacobson) Re: Why cars are more "fragile": more technology has reduced robustness (Martin Ward) Re: F-35s and Teslas? (3daygoaty) RISKS 32.36 Sunday 8 November 2020 Where are our self-driving cars? (Techxplore.com) Who's watching the legacy software systems? (James Paul) Whale Sculpture Stops Train From Plunge in the Netherlands (NYTimes) UK app failed to notify exposed citizens (The Guardian) Schools Adopt Face Recognition in the Name of Fighting Covid (WiReD) CoVID and security awareness training (Rob Slade) When algorithmic fairness fixes fail: The case for keeping humans in the loop (Techxplore.com) Facial recognition used to identify Lafayette Square protester accused of assault (WashPost) Driver prosecuted when relying on Tesla autopilot and collides with stationery object on motorway (Stephen Mason)) Microsoft Productivity Score and personalized experiences -- here's what's new to Microsoft 365 in October (Microsoft 365 Blog via Gabe Gpldberg) Feds Seize $1 Billion in Stolen Silk Road Bitcoins (WiReD) Clicked on a Malicious Mail, Fired, Charged with Fraud (Amos Shapir) What It's Like to Stress-Test Berlin's Brand New, Much Maligned Airport (Atlas Obscura) Company forced to change name that could be used to hack websites (The Guardian) Australia constructing giant 300-megawatt battery (Techxplore.com) Can robots help to save the ailing F&B industry? (Richard Stein) Responsible Military Use of Artificial Intelligence: Can the European Union Lead the Way in Developing Best Practice (SIPRI via Diego Latella) Re: Censorship or Sensibility? (John Levine and Sam Steingold) Re: Defective Panels in Solar Arrays (Henry Baker) Re: Using AI to control a camera at a sports event -- oops! (Erling Kristiansen) Re: UK national police computer down for 10 hours after engineer pulled the plug (Attila the Hun) Re: Elon Musk's SpaceX says it will make its own laws on Mars (Amos Shapir) Remember -- Remembrance, Thanksgiving, Armistice Day (Rob Slade) RISKS 32.37 Friday 13 November 2020 Moscow's facial recognition system can be hijacked for just $200 (The Verge) Facial-Recognition Technology Needs More Regulation (Scientific American) Dominion Voting Machines Glitches (Markotime via Geoff Goodfellow) Zoom lied to users about end-to-end encryption for years, FTC says (Ars Technica) Europe is adopting stricter rules on surveillance tech (MIT Tech Review) Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak (ThreatPost) Elon Musk Defends Neuralink Against Neuroscientist's Concerns of Chips Overheating (TechTimes) Apps Are Now Putting the Parole Agent in Your Pocket (WiReD) DNS Cache Poisoning Ready for Comeback (Holly Ober) The day the icons vanished! (Lindsay Marshall) Artificial intelligence model detects asymptomatic Covid-19 infections through cellphone-recorded coughs (MIT News) CPU-Heat Sink Thermal Paste Effectiveness (Richard Stein) Re: Algorithmic or Human fairness? (Anthony Thorn) Re: UK national police computer down for 10 hours after engineer pulled the plug (John Hall) Re: Whale Sculpture Stops Train From Plunge in the Netherlands (Jan Wolitzky) Re: Using AI to control a camera at a sports event -- oops (Erling Kristiansen) Re: Facial recognition used to identify Lafayette Square protester accused of assault (John Levine) Re: What It's Like to Stress-Test Berlin's Brand New, Much Maligned Airport (3daygoaty) Re: Australian 300 MW battery (3daygoaty) Risk assessment: still high (Rob Slade) Working Group on Infodemics Policy Framework, Nov. 2020 (Rob Slade) RISKS 32.38 Sunday 22 November 2020 State-sponsored actors 'very likely' looking to attack electricity supply, says intelligence agency (CBC) An Engineer Gets 9 Years for Stealing $10M From Microsoft (WiReD) Shoppers warned against buying cheap electronics online (BBC News) Technology To Catch HOV Lane Violators Is Coming To Virginia (Deist) Migration to new CMS can go embarrassingly wrong (BBC) Researchers hacked a robotic vacuum cleaner to record speech and music remotely (Techxplore.com) Microsoft Is Making a Secure PC Chip with Intel and AMD's Help (WiReD) Internet censorship report (Rob Slade) Online password '123456' more popular than ever and easy to crack (CBC) Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs (Applre) Apple to pay $113M to settle state investigation into iPhone *Battererygate* (WashPost) Privacy labeling for Apple apps (Rob Slade) Indistinguishability Obfuscation (WiReD) Why experts urge caution in using covid risk and tracking tools (WashPost) Functional and assurance requirements and CoVID (Rob Slade) Wrong GPS usual suspects First Responder avoidance (Dan Jacobson) Letter to Consumer Reports magazine (Gabe Goldberg) How the U.S. Military Buys Location Data from Ordinary Apps (Vice) 'Bot Battle' Shows What Happens When Two AI Programs Go On a Date (Vice) AI is wrestling with a replication crisis (MIT Tech Review) The iOS Covid App Ecosystem Has Become a Privacy Minefield (WiReD) Metrics and CoVID (Rob Slade) Mac certificate check stokes fears that Apple logs every app you run (Ars Technica) Two-Factor Eggs in One Basket (Kent Borg) 'Most Secure' U.S. Election Not Without Problems (Lukas Ropek) Election Security Experts Contradict Trump's Voting Claims (Nicole Perlroth) Blockchain Voting Risks Undetectable Nation-Scale Failures (Stilgherrian) Did you know that Dominion's voting software "Allows staff to adjust tally based on review of scanned ballot images? (Twitter) What happens when you test TCL TV's (Nenry Baker) 'Cheating detection' goes full Orwell during pandemic (Henry Baker) Re: How to F Up and Aiport, including What It's Like to Stress-Test Berlin's Brand New Airport (John Levine) Re: Facial recognition used to identify Lafayette Square protester accused of assault (Chuck Jackson) Re: CPU-Heat Sink Thermal Paste Effectiveness (Charles Cazabon) Re: Whale Sculpture Stops Train From Plunge in the Netherlands (Brian Inglis) Re: "Did you know that Dominion's voting software "Allows staff to adjust tally based on review of scanned ballot images"? (PGN) RISKS 32.39 Friday 4 December 2020 Keyhole wasps may threaten aviation safety (phys.org) Boeing's 737 Max Is a Saga of Capitalism Gone Awry (NYTimes) This Bluetooth Attack Can Steal a Tesla Model X in Minutes (WIRED) China's Surveillance State Sucks Up Data. U.S. Tech Is Key Sorting It Out (NYTimes) Secret Amazon Reports Expose the Company's Surveillance of Labor and Environmental Groups (Vice) How 30 Lines of Code Blew Up a 27-Ton Generator (WiReD) The world of online chess cheating (chess.com) A Broken Piece of Internet Backbone Might Finally Get Fixed (WiReD) WarGames for real: How one 1983 exercise nearly triggered WWIII (Ars Technica) Showing robots how to drive a car... in just a few easy lessons (Techxplore.com) Looking for ways to prevent price collusion with AI systems (Techxplore.com) ML Guarantees Robots' Performance in Unknown Territory (Princeton) AI in the Age of Cyber-Disorder (F. Rugge, Ed.) Is Alexa becoming antisemitic? (Vice) Google Search too powerful (Dan Jacobson) What Is the Signal Encryption Protocol? (WiReD) Thunderbird 78+ OpenPGP is a mess (im Garrison) Patients of a Vermont Hospital Are Left in the Dark After a Cyberattack (NYTimes) Inside the Cit0Day Breach Collection (Troy Hunt) Accidentally broadcast screenshot shows hackers where to look (Amos Shapir) Hackers tricked GoDaddy into helping attacks on cryptocurrency services (Engadget) Rashida Tlaib takes on cryptocurrency (WiReD) Apple's security chief charged with bribery (BBC) iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever (Ars Technica) A "moral contract" with a virus? (Rob Slade) Cyberattacks Discovered on Vaccine Distribution Operations (NYTimes) AI tool to track high-volume adverse vaccine reactions (geoff goodfellow) Internet's MostNotorious Botnet Has an Alarming New Trick (WiReD) After years of work, Congress passes 'Internet-of-Things' cybersecurity bill -- and it's kind of a big deal (Cyberscoop) Fortifying Our Electoral System Against Attacks (CAP) Google Researcher Says She Was Fired Over Paper Highlighting Bias in AI (NYTimes) Robocallers unclear on the concept ... (Rob Slade) "Discussion Feedback" becomes "Discussion Fee" (Dan Jacobson) Nice solution to password problem -- if only (Snopes via Gabe Goldberg) When Ships Are Abandoned, Stuck Sailors Struggle to Get By and Get Paid (Atlas Obscura) Another way every system eventually becomes email (Randall Monroe via Jan Wolitzky) Microsoft 365 "Productivity Score" (Rob Slade) Re: Microsoft Is Making a Secure PC Chip with Intel and AMD's Help (Jack Christensen) Re: Technology To Catch HOV Lane Violators Is Coming To Virginia (A Michael W Bacon) Re: What happens when you test TCL TVs (Richard A. DeMattia) Re: Whale Sculpture Stops Train From Plunge in the Netherlands (AMW Bacon) Re: Letter to Consumer Reports magazine (Gabe Gpldberg) Re: Online password '123456' more popular than ever and easy to crack (Stefan Lueders, Keith Medcalf) Utah monolith: Internet sleuths got there, but its origins are still a mystery (BBC News) RISKS 32.40 Friday 11 December 2020 GE puts default password in radiology devices, leaving healthcare networks exposed (Ars Technica) COVID data manager investigated, raided for using publicly available password (Ars Technica) Having one password makes it easier in Florida (Ars Technica) Amnesia: Critical TCP/IP Flaws Affect Millions of IoT Devices (The Hacker News) Russian SVR intel service hacks FireEye, obtaining "red team" tools (PGN) Former Israeli space security chief says aliens exist, humanity not ready (The Jerusalem Post) CDC Call for Data on Vaccine Recipients Raises Alarm Over Privacy (DNYUZ) How to steal photos off someone's iPhone from across the street (Naked Security) Global losses from cybercrime skyrocketed to nearly $1 trillion in 2020, new report finds (The Washington Post) Digital stethoscope uses artificial intelligence for diagnosing lung abnormalities (medicalxpress.com) Police Drones Starting to Think for Themselves (Cade Metz) AI Can Run Your Work Meetings Now (WiReD) The coming war on the hidden algorithms that trap people in poverty (Tech Review)) HP Ends 'Free Ink for Life' Subscription Plan (Consumer Reports) Waymo Terms of Service (waymo.com) Amazon Wants to Get Even Closer. Skintight (The New York Times) Designed A Smartwatch App To Help Stop His Dad's Nightmares (npr.org) Differential Privacy for Ordinary Security Mavens (Rob Slade) Re: Looking for ways to prevent price collusion with AI systems (Wol) Re: How 30 Lines of Code Blew Up a 27-Ton Generator (Martin Ward) Re: Utah monolith: Internet sleuths got there, but its origins are still a mystery (Amos Shapir) Re: Is Alexa Becoming Anti-semitic (John Wunderlich) Re: Rashida Tlaib takes on stablecoins, not cryptocurrency (John Levine) Re: Keyhole wasps may threaten aviation safety (Richard Stein, Carlos Villalpando) RISKS 32.41 Saturday 19 December 2020 SolarWinds, SunBurst, Russians, et al. (sundry sources merged by PGN) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA) The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. (Craig Timberg and Ellen Nakashima) More Hacking Attacks Found as Officials Warn of Grave Risk to U.S. Government (NYTimes) Harvard Gazette interviews Russia expert Paul Kolbe on Russian hacking of government computer systems (Christina Pazzanese) Hyundai and Kia Woes Continue as Nearly 425,000 Vehicles Recalled Over Engine Issues (The Drive) Boeing inappropriately coached test pilots during review of 737 Max after crashes, Senate investigators say (WashPost) Global google services outage 12/14 -- delay in repair (Edwin Slonim) Military-grade camera shows risks of airborne coronavirus spread (WashPost) National Weather Service faces Internet bandwidth shortage, proposes access limits (WashPost) Facebook' Tone-Deaf Attack on Apple (NYTimes) Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals -- Without Wi-Fi Hardware (The Hacker News) Cheap GPS jammers a major threat to drones (RNTFND) Betting on the election (Rob Slade) Vaccinated? Show Us Your App (NYTimes) Devices Used In COVID-19 Treatment Can Give Errors For Patients With Dark Skin (npr.org) An Internal Medicine Doctor and His Peers Read the Pfizer Vaccine Study and See Red Flags (Naked Capitalism) More Differential Privacy for Ordinary Security Mavens (Rob Slade) Differential Privacy for Ordinary Security Mavens: noise (Rob Slade) Re: AI Can Run Your Work Meetings Now (Amos Shapir) Re: Former Israeli space security chief says aliens exist, humanity not ready (Amos Shapir) Re: Police Drones Starting to Think for Themselves (Amos Shapir) RISKS 32.42 Digest Friday 25 December 2020 Navalny Says Russian Agent Confessed to Plot to Poison Him (NYTimes) Report accuses Saudi Arabia, UAE of probably hacking phones of over three dozen journalists in London, Qatar (Alternet) A Massive Fraud Operation Stole Millions From Online Bank Accounts (WiReD) Zoom helped China suppress U.S. calls about Tiananmen, prosecutors allege (WashPost) Zoom scam alert: Never click on this kind of invite (Fast Company) Zoom encryption "with one exception" (Gabe Goldberg) New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices (The Hacker News) Over 70 West Point Cadets Accused Of Cheating In Academic Scandal (NPR) Should We Use Search History for Credit Scores? IMF Says Yes (Gizmodo) Maverick astrophysicist calls for unusually intense solar cycle, straying from consensus view (WashPost) There's a disturbing provision buried in the government spending bill that could upend the way we use the Internet (Alternet) Re: SolarWinds, SunBurst, Russians, et al. (Keith Medcalf) Re: SolarWinds Hack Attribution (Dick Mills) Re: DrDoctor & Mjog & Sending SMS To Elderly Patients (Chris J Brady) Re: An Internal Medicine: Levels of medical evidence (Robert R. Fenichel) RISKS 32.43 Friday 31 December 2020 Happy New Year! What are your predictions? (Rob Slade) Microsoft says Russians hacked its network, viewing source code (Richard Forno) Health to be on cyber-security's front line in 2021 (bbc.com) A Tesla Model S erupted 'like a flamethrower.' It renewed old safety concerns about the trailblazing sedans. Brexit deal mentions Netscape browser and Mozilla Mail (BBC) "One Minute Left": Hockey, CoVID-19, vaccines, and infosecurity vs hacking (Rob Slade) Ransomware and new virus strains (Rob Slade) Automatic brake system installed on U.S. railroads ahead of federal deadline (WashPost) When Nashville Bombing Hit a Telecom Hub, the Ripples Reached Far Beyond (NYTimes) A Better Kind of Cybersecurity Strategy (Peter Dizikes) Apple loses copyright battle against security start-up Corellium (WashPost) The U.S. Internet Is Being Starved of Its Potential: 2020 in Review (Ernesto Falcon) First-Ever Quantum Chess Tournament Won by Amazon Researcher (Leah Crane) Re: Loss of trust is a huge issue (Anthony Thorn) RISKS 32.44 Saturday 9 January 2021 Y2K+21 Bugs reported: more echoes of Y2K (Bill Ricker) Microsoft says Russians hacked its network, viewing source code (WashPost) Scope of Russian Hacking Far Exceeds Initial Fears (NYTimes) Trump Officials Distorted Intelligence on Foreign Meddling (NYTimes) Voting Systems: The Cherry and the Cream, Life, Technology and more (Mark Cathcart) A journalist had a seizure while playing Cyberpunk 2077. Then she helped change the game. (WashPost) Insecure wheels: Police turn to car data to destroy suspects' alibis (NBC News) NYC prison website "bails out" (Gothamist) AI algorithms detect diabetic eye disease inconsistently (Medicalxpress.com) The Earth has been spinning faster lately (phys.org) Boeing to pay $2.5bn over 737 Max conspiracy (bbc.com) American Airlines says flight attendants forced to deal with politically motivated aggression (WHDH) Ticketmaster Pays Up for Hacking a Rival Company (WiReD) Internet detectives are identifying scores of pro-Trump rioters at the Capitol. Some have already been fired. (Jaclyn Peiser) Here's Why Car Thefts Are Soaring -- Hint: Check Your Cup Holder (NYTimes) Why Markets Boomed in a Year of Human Misery (NYTimes) A Robotic Revolution for Urban Nature (Leeds) Re: Vaccines (Wol) Re: One Minute Left": Hockey, CoVID-19 ...vs hacking (Chris Drewe) Re: The U.S. Internet Is Being Starved of Its Potential (Henry Baker, Chris Drewe) Re: References to Netscape and Mozilla in Brexit trade agreement (Attila the Hun, Stanley Chow) RISKS 32.45 Monday 18 January 2021 Bursts of acceleration in Tesla vehicles caused by drivers mistaking accelerators for brakes, feds conclude (Ian Duncan) Riot in the Capitol is a nightmare scenario for cybersecurity professionals (Tonya Riley) Post-Riot, the Capitol Hill IT Staff Faces a Security Mess (WiReD) The Parler API was open without authentication. One or more third parties have done full downloads (Ars Technica) ESS voting machine company sends threats (Andrew Appel) IPhone12 will stop your implantable defibrillator (Medicalxpress.com) IRS rushes to fix error that sent millions of stimulus payments to wrong bank accounts (Michelle Singletary) Lack of Tiny Parts Disrupts Auto Factories Worldwide (NYTimes) Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes (NYTimes) Bug wipes UK arrest records (Tom Van Vleck) Risks of DNS encryption: NSA warns enterprises to beware of third-party DNS resolvers (Ars Technica) Company name could lead to security xss attack (IBTimes) How Amazon Sidewalk Works -- and Why You May Want to Turn It Off (WiReD) What to expect for the 2021 workplace (WashPost) In-Garage Delivery: Amazon Key (Amazon.com) AI algorithm over 70% accurate at guessing a person's political orientation (techxplore.com) Detection of Hardware Trojans Using Controlled Short-Term Aging (NYU Tandon School of Engineering) Unique study incorporates fluid dynamics and more to evaluate, enhance future implants (PHYS.ORG) Risk Management and Two-Dose Vaccines (Rob Slade) Different kinds of security (Rob Slade) Hacker Locks Internet-Connected Chastity Cage (Larry Werring) Re: Scope of Russian Hacking Far Exceeds Initial Fears (Larry Werring) Re: Voting Systems: The Cherry and the Cream (3daygoaty) Re: One Minute Left": Hockey, CoVID-19 ...vs hacking (Stephen Fierbaugh, Chris Drew, Stephen Fierbaugh) RISKS 32.46 Monday 25 January 2021 FAA Files Reveal a Surprising Threat to Airline Safety: the U.S. Military's GPS Tests (IEEE Spectrum) Australia's proposed media code could break the world wide web, says the man who invented it (The Guardian) Big Tech (Lauren Weinstein) Home alarm tech admits he used security cameras to be a serial Peeping Tom (ProTip via Ars Technica) AI-powered text from this program could fool the government (Will Knight) No stopping AI? Scientists conclude there would be no way to control super-intelligent machines (Study Finds) DNSpooq Lets Attackers Poison DNS Cache Records (Catalin Cimpanu) 1,900 doses of Moderna vaccine destroyed after cleaner accidentally unplugs freezer in Boston (ABC News) COVID-19 Vaccine Reservations (RLGSC via Bob Gezelter) Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants (NYTimes) A Lesson From 1930s Germany: Beware State Control of Social Media (Heidi Tworek via Kimi Wei) Biden Has a Peloton Bike. That Raises Issues at the White House. (NYTimes) Biden will be the first president to use the new Air Force One (Business Insider) Janet Yellen suggests 'curtailing' cryptocurrency (Business Insider) Camouflage shield known as Quantum Stealth, is light-bending material that could be used to obscure objects of varying sizes (Geoff Goodfellow) Google-Linked Balloon Project to Provide Cell Service Will Close (NYTimes) Supermarket Worker Stole $1 Million and Bought Cars and Guns, Police Say (NYTimes) Forever Chemicals Are Widespread in U.S. Drinking Water (Scientific American) Revving up electric car industry, Israeli firm develops 5-minute-charge battery (The Guardian) Re: Bursts of acceleration in Tesla vehicles caused by drivers mistaking accelerators for brakes ... (Don Norman with appended excerpts from John Levine and Michael Bacon) Re: Post-Riot, the Capitol Hill IT Staff Faces a Security Mess (Craig S. Cottingham) Re: Bug wipes UK arrest records (Michael Bacon, John Colville) Re: Company name could lead to security xss attack (Wol) Re: Risk Management and Two-Dose Vaccines (Rob Slade) RISKS 32.47 Friday 29 January 2021 The `Dumb Money' Outfoxing Wall Street Titans (NYTimes et al. PGN-ed) Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes (CNN) On Twitter, many follow @robinhood en masse not realizing it's The Robin Hood Society of Sherwood, UK (Boing Boing) North Korea Targets and Dupes a Slew of Cybersecurity Pros (WiReD) Phone battery explodes after man bites into it (Boing Boing) Major Internet outage affecting users from Washington DC to Boston; Verizon fiber cut reported (WBNG) The World Is Dangerously Dependent on Taiwan for Semiconductors (Bloomberg) Cops Disrupt Emotet, the Internet's Most Dangerous Malware (WiReD) The Creeping Normalization of Robotic Police Officers (Digital Trends) With Online Terms of Service, What Happens When You Click 'Agree'? (NYTimes) Who's Making All Those Scam Calls? (NYTimes) An old arrest can follow you forever online. Some newspapers want to fix that. (WashPost) International cybercops derail botnet used to extort/steal data around the globe for years (CBC) Twitter Troll Tricked 4,900 Democrats in Vote-by-Phone Scheme (NYTimes) Parole Violator Who Raided Senate Building Sold Out By The GPS Unit Attached To Him For Previous Parole Violations (TechDirt) Retribution for hacker locking her out (RTE.IE) Internet Outage Impacts Access To Virtual Learning In NoVA (Patch) 63-year-old Thai woman receives 43-year sentence for sharing audio clips "defaming" the monarchy (Global Voices) Bank error not in my favour (Clive D.W. Feather) Sidewalk, security, and PopulistNet (Rob Slade) Airliner Pilot Says Jet Pack Guy Over Los Angeles Looked Just Like This Crazy Drone (The Drive) Flash Is Dead -- but Not Gone (WiReD) 150 Years Ago Brooklyn Renumbered All Its Streets. It Was a Disaster. (Jeremy Lechtzin) Re: Bursts of acceleration in Tesla vehicles caused by drivers, mistaking accelerators for brakes ... (Phil Koopman) Re: Company name could lead to security xss attack (John Levine) Re: Freezer spoils vaccine (Rick Gee) RISKS 32.48 Friday 5 February 2021 The Cyberweapons Arms Race (Nicole Perlroth) Google uncovers new iOS security feature Apple quietly added after zero-day attacks (geoff goodfellow) Killed by Google - the Google graveyard (Dan Jacobson) Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices (The Hacker News) NASA's space junk problem (Axios) AI Can Tell What Song You Are Listening to From Your Brainwaves (Matthew Sparkes) The iPhone's Face ID Will Soon Work With a Mask -- if You Have an Apple Watch (WiReD) How Google Searches Reveal the Hidden Cost of Lockdown (U.Warwick) F-35's Buggy Software Prompts Pentagon to Call in Universities (Bloomberg) Ford cuts F-150 pickup truck production due to semiconductor chip shortage (CNBC) Amazon Netradyne Driver Information on Vimeo (Gabe Goldberg) The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks (NYTimes) A Vast Web of Vengeance (NYTimes) Will Australia ban VPNs? (Lauren Weinstein) Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be Inactive (DCist) Ballot-Marking Devices in Georgia (Andrew Appel) No Flash, no trains (Apple Daily) Re: The `Dumb Money' Outfoxing Wall Street Titans (Henry Baker) Re: The Creeping Normalization of Robotic Police Officers (Amos Shapir) Re: An old arrest can follow you forever online... (Henry Baker) Re: Company name could lead to security xss attack? (Eli the Bearded) Re: The World Is Dangerously Dependent on Taiwan for Semiconductors (Dan Jacobson) Re: With Online Terms of Service, What Happens When You Click 'Agree'? (Dan Jacobson) Re: The calculus really is complex (Anthony Thorn) Risk analysis and CoVID variants (Rob Slade) Novel of the Next World War (Jan Wolitzky) A new bio-inspired joint model to design robotic exoskeletons (Richard Stein) Series of security lectures (Rob Slade) RISKS 32.49 Friday 12 February 2021 Someone tried to poison Oldsmar's water (TampaBay News) Water supply control system breached and adjusted to dangerous PH level (YouTube) Dangerous Stuff: Hackers Tried to Poison Water Supply of Florida Town (NYTimes) Poor Password Security Led to Recent Water Treatment Facility Hack (The Hacker News) Air pollution linked to irreversible sight loss: study (AFP) Brain-altering bioweapons' to DNA surveillance: Experts already preparing for next biological threat (StudyFinds) NPR covid variants (NPR) Cannon Salute at Baby Shower Ends in Death, Police Say (NYTimes) Scientists propose lithium to cope with high-risk condition in future fusion facilities (phys.org) Doorbell Security Cameras Are Easily Hackable, Researchers Find (Jim Wayner) Cities Sell Data From 'Smart' Streetlights (Bloomberg) 'Matrix'-style bracelets turn humans into batteries (Reuters) There Are Spying Eyes Everywhere -- and Now They Share a Brain There Are Spying Eyes Everywhere -- and Now They Share a Brain EAC Voluntary Voting System Guidelines 2.0 (WashPost) How a Dated Cyber-Attack Brought a Stock Exchange to its Knees AA21-042A: Compromise of U.S. Water Treatment Facility NSA at Amazon (Matthew D Green) Key TCP/IP Stacks Found Faulty, Vulnerable (Ars Technica) New Chrome Browser 0-day Under Active Update Immediately (Chrome Releases) Over a dozen Chrome extensions caught hijacking Google search results for millions (The Hacker News) New version of Uptane Standard clarifies protection strategies for vulnerable vehicles (NYU Tandon School of Engineering) A Bigger Risk Than GameStop? Beware the Ponzi Scheme Next Door (NYTimes) Section 230 reform SAFE TECH act would shut down paid Internet services (Gizmodo and Techdirt) The SAFE TECH Act would overhaul Section 230, but law's defenders warn of major side effects (TechCrunch) Where in the world is mobile data? (Andrew Yeomans) Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices (The Hacker News) British police arrest man over offensive Captain Moore tweet, giving it a vast international audience (BoingBoing) Calling All Ham Radio Operators (Rebecca Mercuri) You cannot be serious: electronic line judges make Grand Slam debut (AFP) AI and the List of Dirty, Naughty, Obscene, and Otherwise Bad Words (WiReD) Data fallacies: Cherry Picking, Data Dredging... (Dan Jacobson) Quantum computing hash function reversal (Bloomberg) The Battery Is Ready to Power the World (WSJ) Fairfax County vs Virginia on vaccinations (Gabe Goldberg) Re: Terraria port to Google Stadia sunk by bad Google support (Eli Griffin) Re: The `Dumb Money' Outfoxing Wall Street Titans (Isaac Morland) Re: The calculus really is complex (Wol) RISKS 32.50 Friday 19 February 2021 Texas vs FERC's "best practices" for anticipating disasters (PGN) U.S. Water Supply Has Few Protections Against Hacking (WSJ) Python wheel-jacking in supply chain attacks (VDOO) A Windows Defender Vulnerability Lurked Undetected for 12 Years (WiReD) Mercedes-Benz cars giving out *wrong* location info (Car and Driver Magazine) Growing size of vehicle screens sparks safety concerns (The Center for Auto Safety) Forget Self-Driving Cars: the Pentagon Wants Autonomous Ships, Choppers, and Jets (WSJ) California DMV suffers massive third-party data breach (TechCrunch) Researcher hacks over 35 tech firms in novel supply chain attack (Ax Sharma) How faster Internet is being blocked by politics and poverty throughout the eastern U.S. (CNET) 'Spy pixels in emails have become endemic' (BBC News) Google has bowed to pressure and will make 'significant' payments to Rupert Murdoch's News Corp (Business Insider) The losers in the news battle (Lauren Weinstein) Fixing Chrome 88's suddenly broken custom search-engine behavior (Lauren Weinstein) Facebook blocks news in Australia over government's payment rules (Dylan Byers) Woke teachers want Shakespeare cut from curriculum: 'This is about White supremacy' (Washington Times) Facebook to Label Climate Change Posts Like Covid, Vote Content (Yahoo!) France Ties Russia's Sandworm to a Multiyear Hacking Spree (WiReD) Citibank can't get back $900 million it wired by mistake (CNN) Incredibly poor software design costs Citigroup $500M (Matt Levine) Climate Change Could Shred Guitars Known for Shredding (Scientific American) Data breach warning after California DMV contractor hit by file-stealing ransomware (TechCrunch) Entitled People Are More Likely To Be Angry at Bad Luck (Scientific American) Who Should Stop Unethical A?I (Matthew Hutson) AI may mistake chess discussions as racist talk (Techxplore) "Holy cow. Bitcoin is using half a percent of all the world's electricity? (geoff goodfellow) Nvidia limits crypto-mining on new graphics card (msn.com) The IRS Cashed Her Check, Then the Late Notice Started Coming (ProPublica) Authorities have taken down the dark web's largest illegal marketplace vendor (The Verge) U.S. election cybersecurity (CDT) People answer scientists' queries in real time while dreaming (Scientific American) How Oracle Sells Repression in China (The Intercept) The Untold History of America's Zero-Day Market (WiReD) "Vaccine" passport? (Rob Slade) Man offered vaccine after error lists him as 6.2cm tall (BBC) Gorilla COVID risks (CNN) Japanese contact tracing software of Covid-19 patient on Android did not work for four months (Kyodo News) Bruce Schneier's CRYPTO-GRAM, 15 Feb 2021 (PGN) Re: Calling All Ham Radio Operators (Bob Wilson) RISKS 32.51 Monday 22 February 2021 777 has engine problems on takeoff from Denver, drops large pieces of debris on local neighborhood, makes it back to airport safely (Lauren Weinstein) His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (NYTimes) Abbott appointees made 'astonishing' cuts to power reliability team (Houston Chronicle) Future warfare will feature autonomous weaponry (WashPost) Malware Is Now Targeting Apple's New M1 Processor (WiReD) Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks (Vice) IRS trifecta -- not good news (WashPost) UN discusses how not to kill the planet (UNEP) Study of auto recalls shows carmakers delay announcements until they 'hide in the herd' (Techxplore.com) The Race to Fix Virtual Meetings (AKA, the nightmare continues (NYTimes) Sign this 8-year-old up! (Gabe Goldberg) China Censors the Internet. So Why Doesn't Russia? (NYTimes) A reminder about U2F/FIDO security keys and account security (Google via LW) Can't make this up -- panic culture (10TV via Gabe Goldberg) Current state of DDoS (IEEE Computer) Warning regarding fake Mars Probe video (Lauren Weinstein) UMass Amherst Team Helps Demonstrate Spontaneous Quantum Error Correction (UMass) Quantum networking progress (rod van meter) New Approach to 3D Printing of Human Tissue Closer to Reality (Brian P. Dunleavy) John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied. (Vice) Re: Texas vs FERC's "best practices" for anticipating disasters (Mark Brader) Re: U.S. Water Supply Has Few Protections Against Hacking (Amos Shapir) Re: "Vaccine" passport? (Amos Shapir) Re: Incredibly poor software design costs Citigroup $500M (Jim Geissman) Re: Gorilla COVID risks (John Levine) Re: Spy pixels in emails have become endemic' (John Levine) Re: Japanese contact tracing software: Update on Cocoa bug (Anthony Thorn) RISKS 32.52 Saturday 6 March 2021 Fed outage shuts down U.S. payment system (Tom Van Vleck via Ars Technica) DC Vaccine Appointment Website, Phone Line Crashes Early Thursday (DCist) Weaknesses in FAA's certification and delegation processes hindered its oversight of the 737 MAX 8 (DOT) EU Report Warns AI Makes Autonomous Vehicles 'Highly Vulnerable' to Attack (Khari Johnson) Heavy Rain Affects Object Detection by Autonomous Vehicle LiDAR Sensors (U.Warwick) XC40 Recharge buyers have been told to sit tight (The Verge) Vintage technology: 'It sounds so much cleaner' (BBC News) Error-prone software reportedly ruined lives: Post Office scandal: Postmasters have convictions quashed (BBC) Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release Dates (KJZZ) Alexa in the car Toyota) Experts find a way to learn what you're typing during video calls (The Hacker News) Israel adopts law allowing names of unvaccinated to be shared (AFP) Judge in Google case disturbed that even *incognito* users are tracked (Bloomberg) Facebook will roll back its block on news posts in Australia (Engadget) Relativity Space unveils a reusable 3D-printed rocket to compete with SpaceX's Falcon 9 (CNBC) Big data healthcare project raises privacy issues (M.K.McGee) Contact-tracing apps help reduce COVID infections, data suggest (Nature) Can Zapping Our Brains Really Cure Depression? (NYTimes) Student Surveillance Vendor Proctorio Files SLAPP Lawsuit to Silence A Critic (EFF) Computers get Sundays off? (Gabe Goldberg) Formula E's Software Communication Problem (The Register via Ben Moore) Gig Workers Gather Their Own Data to Check the Algorithm's Math (WiReD) 'Drunk' robot vacuums spark complaints from owners (BBC News) Predictive Text Feature Coming to Microsoft Word in March (PCMag) Doctor joins Zoom court hearing while operating on patient (BBC News) Carranza resigns as NYC schools chancellor; Meisha Porter will replace him (NYTimes) New security flaws detected in more credit cards (Leo Hermann)) "Virtual computer chip tests expose flaws, protect against hackers" (Matthew Sparkes) Is Your Browser Extension a Botnet Backdoor? (Krebs on Security) When Companies Skimp on Cybersecurity (Bruce Schneier) Former SolarWinds CEO blames intern for "solarwinds123" password leak (CNNPolitics) Post Office scandal: Postmasters have convictions quashed (BBC) Objective or Biased (Bayerischer Rundfunk) Amazon's new rotating, follow-you camera is useful —0 and invasive (WashPost) Vaccine passport certificates already exist (Clive Page) Texas power outages demonstrate grid cyber-vulnerability and inadequacy of existing regulations (Joe Weiss) Re: His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (Keith Medcalf) RISKS 32.53 Friday 12 March 2021 Confusing computer-interface complexity causes train crash (Mark Brader) Expectations of GPS accuracy contribute to train derailment (Mark Brader) Boeing calls for global grounding of 777s with Pratt&Whitney engines (NYTimes) NOAA begins transition exclusively to electronic navigation charts (Gabe Goldberg) Weather Service set to discontinue `advisories' for hazardous weather in 2024 (WashPost) Never seen anything like this': Chaos strikes global shipping (NYTimes) New Browser Attack Allows Tracking Users Online With JavaScript Disabled (The Hacker News) Calling All Ham Radio Operators (Rebecca Mercuri) Kentucky mom alleges hospital workers missed her cancer, then covered up their mistake (NBC News) Microsoft's dream of decentralized IDs enters the real world (WiReD) What the worldwide shortage of semiconductor chips is *really* Why a YouTube chat about chess got flagged for hate speech (WiReD) Farms are going to need different kinds of robots (bbc.com) The robots are coming for Phil in accounting (NYTimes) Spy agencies have big hopes for AI (The Economist via Ross Anderson) A new type of supply-chain attack with serious consequences is flourishing (Ars Technica) Google will remove *facts* if they think they're harmful (geoff goodfellow) Thousands of Android and iOS Apps Leak Data From the Cloud (WiReD) Hackers are finding ways to hide inside Apple's walled garden (Techology Review) ICE investigators used a private utility database covering millions to pursue immigration violations (WashPost) L.A. sheriff's office gets warrant for 'black box' in Tiger Woods' crashed SUV. (NBC News) Amazon has become a prime revolving-door destination in Washington (Mother Jones) Too much choice is hurting America (Paul Krugman via Richard Stein) CDC Links Restaurant Dining with Spread of Covid-19 in U.S. (Jonathan Spira) Those fever scanners that everyone is using to fight covid can be wildly inaccurate, researchers find (WashPost) The problems with anti-vaccers' precautionary principle arguments (The Logic of Science) You got a vaccine. Walgreens got your data. (Vox) Research highlights impact of Digital Divide (University of Houston) ES&S hashcode testing is wrong in 3 ways (Andrew Appel) At least 30,000 U.S. organizations newly hacked via holes in Microsoft's email software (geoff goodfellow) Texas PUC to electricity users who received outragrous bills from grid mismanagment during winter storm: SCREW YOU! (NPR via Lauren Weinstein) Rookie coding mistake prior to Gab hack came from site's CTO (Ars Technica) What lies beneath... on disaster respone (NYU Tandon) Re: Post Office scandal (Peter Bernard Ladkin) Re: Fed outage shuts down U.S. payment system (John Levine) Re: his lights stayed on during Texas's storm. Now he owes $16,752 (John Levine) RISKS 32.54 Saturday 13 March 2021 Faulty Software Snarls Sign-Ups for Vaccinations (Kellen Browning) Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, hospitals, hospitals, etc. (Bloomberg) Kia Recalls 380,000 Vehicles Over Fire Risk (NYIimes) Coors long outage due to ransomware (ZDNet via Tom Van Vleck) CRA to lock over 800,000 taxpayers out of online accounts tomorrow (CBC) Linus Torvalds fixes 'double ungood' Linux kernel bug (ZDNet) The Accellion breach keeps getting worse and more expensive (WiReD) T-Mobile to Step Up Ad Targeting of Cellphone Customers (WSJ) Experts brace for wave of hacks tied to Microsoft email vulnerabilities (Trust.org) Microsoft took nearly two months to issue a patch after hearing of Exchange Server's flaws, even as a mass-hack unfolded; some of the flaws were 10+ years old (Krebs on Security) Man Sues Hertz Over Lost Receipt That Was His Murder Alibi (NYTimes) Four new hacking groups have joined an ongoing offensive against Microsoft's email servers (Technology Review) Study of auto recalls shows carmakers delay announcements until they 'hide in the herd' (Techxplore) How to poison the data that Big Tech uses to surveil you (Technology Review) Pandemic Forces FDA to Sharply Curtail Drug Company Inspections (NYTimes) Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say (WSJ) Some turned away from Danvers mass vaccination site because of glitch (The Boston Globe) Introducing Deep Nostalgia: Animate the Faces in Your Family Photos (MyHeritage) Re: Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release Dates (Amos Shapir) Re: Israel adopts law allowing names of unvaccinated to be shared (Amos Shapir) Re: Computers get Sundays off? (Amos Shapir) Re: His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (Amos Shapir) Re: Vintage technology: 'It sounds so much cleaner' (David Damerell, Martin Ward, A Micael W Bacon) Re: Incorrect train simulator a factor in train crash (Clive Page) Re: Spy agencies have big hopes for AI (Henry Baker) Re: Farms are going to need different kinds of robots (Martyn Thomas, Henry Baker, Richard Stein) Re: Google will remove *facts* if they think they're harmful (Henry Baker) Re: Too much choice is hurting America (henry Baker, Richard Stein) Re: Boeing 777 PW4000 engine problems (Peter Bernard Ladkin) Allan McDonald Dies at 83; Tried to Stop the Challenger Launch (NYTimes) RISKS 32.55 Tuesday 16 March 2021 Report on foreign activities to influence the 2020 election (DNI) Mother and daughter arrested for allegedly hacking student accounts to rig homecoming court votes (CNN) What happens when an unstoppable force hits an immovable object? (Justin Bariso) Everything You Need to Know About Evolving Threat of Ransomware (The Hacker News) Telecommunications plans to block Google Voice Messaging (Android Police) A Hacker Got All My Texts for $16 (Vice) It's time to stop using SMS for anything (Vice) Spoiler Alert: Bits from Covid: Season 2 (Henry Baker) Maggots, Rape and Yet Five Stars: How U.S. ratings of nursing homes mislead the public (NYTimes) Massive Facebook study on users’ doubt in vaccines finds a small group appears to play a big role in pushing the skepticism (WashPost) From Crypto Art to Trading Cards, Investment Manias Abound (NYTimes) Amazon Dash Smart Shelf Review: The Future of Automatic Shopping (WiReD) Federal investigators blast Tesla, call for stricter safety standards (Ars Technica) 'Painless' glucose monitors are popular but little evidence they help most diabetes patients (nbcnews.com) Microsoft-Led Team Retracts Disputed Quantum-Computing Paper (WiReD) Twitter bug blocks the word 'Memphis' (CBS News) Re: Computers get Sundays off? (John Levine) Re: Farms are going to need different kinds of robots (Thomas Koenig) Re: Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly, insecure (Erlink Ktristiansen) Re: Confusing computer-interface complexity causes train crash (Mark Brader) Re: Too much choice is hurting America (Henry Baker) Re: Boeing 777 PW4000 engine problems (Richard Stein) Re: T-Mobile to Step Up Ad Targeting of Cellphone Customers (Craig S. Cottingham) RISKS 32.56 Friday 19 March 2021 Victoria University of Wellington accidentally wipes all desktop computers (Critic-NZ) The Cybersecurity 202: Congress mulls legislation to require companies to report major cyberattacks (WashPost) New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps (The Hacker News) Fintech Giant Fiserv Used Unclaimed Domain (Krebs on Security) Is automated vulnerability scanning the best way to secure smart vehicles (AT&T Business Insights Report) Mission to clean up space junk with magnets set for launch (CNN) Cars Have Your Location. This Spy Firm Wants to Sell It to the U.S. Military (Vice) Spanish COVID-19 mortality statistics in young children exaggerated by year coding problem? (The Lancet) If you've gotten fake calls from "Amazon" about a bogus purchase, watch this video (Lauren Weinstein) Europe's artificial intelligence blindspot: Race (Politco) An existential discussion: What is the probability of nuclear war? (Martin Hellman/Vint Cerf in the Bulletin of Atomic Scientists) Re: Japanese contact tracing software of Covid-19 patient on Android did not work for four months (Kyodo News via Chiaki Ishikawa) Re: Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly, insecure (Wol) Re: Computers get Sundays off? (David Lesher) RISKS 32.57 Tuesday 23 March 2021 Cybersecurity in retrospect: not good! (PGN on NYTimes item) A New York Lawmaker Wants to Ban Police Use of Armed Robots (WiReD) Eastern Health blames software after thousands allowed to book early vaccine appointments (CBC.CA) How far should humans go to help species adapt? (Atlas Obscura) No good evidence that 5G harms humans, new studies find (Gizmodo) Where Are Those Shoes You Ordered? Check the Ocean Floor (WiReD) Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10 (Ars Technica) What Happens When Our Faces Are Tracked Everywhere We Go? Face Is Not Your Own (NYTimes) Risk transfer and Doordash (Rob Slade) 'Expert' Hackers Used 11 Zerodays to Infect Windows, iOS, Android Users (Dan Goodin) New publication launch: Zero Day (Kim Zetter) Faster fusion reactor calculations thanks to machine learning (phys.org) Re: Victoria University of Wellington accidentally wipes all desktop computers (John Harper) Richard Thieme -- Mobius: A Memoir (reviewed by PGN) RISKS 32.58 Thursday 1 April 2021 April No-Fools' Day? No fooling! (PGN) Post-vaccine guidance (Rob Slade) Errors ruin 15 million doses of Johnson & Johnson's COVID-19 vaccine (NYTimes) Dark web bursting with COVID-19 vaccines, vaccine passports (Ars Technica) New York launches nation's first vaccine passports (USA Today) Vaccine passports (Lauren Weinstein) New Covid vaccines needed globally within a year, say scientists (The Guardian) Child tweets gibberish from U.S. nuclear-agency account (BBC News) Fooling facial recognition (The Register) Biometrics instead of passwords (The Register via Arthur T.) The Antiscience Movement Is Escalating, Going Global and Killing Thousands (Peter J. Hotez) Nine requests assistance from government after major cyber-attack (John Colville) How the Nine cyber-attack is affecting the Herald (John Colville) How a Software Error Made Spain's Child COVID-19 Mortality Rate Skyrocket (Slate) The Underground Nuclear Test That Didn't Stay Underground (Atlas Obscura) Solar Geoengineering Should be Investigated, Scientists Say (Scientific American) PHP's Git Server Hacked to Insert Secret Backdoor to Its Source Code (The Hacker News) New wave of hacktivism adds twist to cybersecurity woes (reuters.com) Blockchain is causing female green sea turtles (Rob Slade) Your right to repair: COVID-19 is sending businesses, hospitals, and consumers to the breaking point (ZDNet) Wetware data retrieval: Forensic analysis and data recovery from water-submerged hard drives (Techxplore) Scientists can implant false memories -- and reverse them... (Inverse) Suez Canal Blocked After Giant Container Ship Gets Stuck (NY Times) Suez Canal from Space (Geoff Kuenning) 'Agile' F-35 fighter software dev techniques failed to speed up supersonic jet deliveries (The Register) F-35 vs. bird (Gabe Goldberg with PGN comments) Radiation Upset confused computers and caused false alarm on International Space Station (The Register) Vote-by-mail fraud in Australia (Vanessa Teague) How Facebook got addicted to spreading misinformation (TechReview) No security on Website intended to prove that Swiss are vaccinated (Anthony Thorn) Volkswagen apparently changing their name in U.S. (Lauren Weinstein) Remote Work Is Here to Stay. Manhattan May Never Be the Same (NYTimes) Where Are Those Shoes You Ordered? Check the Ocean Floor (David Lesher) Cautionary story about cryptocurrencies, apps, security... (Gabe Goldberg) Energy-harvesting card treats 5G networks as wireless power grids (NewAtlas) Yet another 5G attack vector (Rob Slade) Re: No good evidence that 5G harms humans, new studies find (Douglas Lucas) Re: Cybersecurity in retrospect: not good! (Dick Mills) Re: How far should humans go to help species adapt? (Bob Wilson) Re: Too much choice is hurting America (Sam Steingold) Re: Risk transfer and Doordash (John Levine) TikTok Does Not Pose Overt Threat to U.S. National Security (Eva Xiao) RISKS 32.59 Sunday 4 April 2021 Safe and affordable electricity supply in danger (German finance watchdog) Weather Service Internet systems are crumbling as key platforms are taxed and failing (WashPost) 533 million Facebook users' phone numbers and personal data have been leaked online (Business Insider) An Accidental Disclosure Exposes a $1 Billion Tax Fight With Bristol Myers (NYTimes) No vehicle inspections in Mass. for second straight day due to malware attack on vendor (The Boston Globe) Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities (Ars Technica) 7% of Americans don't use the Internet. Who are they? (Pew Research) 5G is not just a radio (Bob Frankston) Scientists Collected Human DNA From the Air In a Breakthrough (Science News for Students) NFTs built on sand? (The Atlantic via Bob Frankston) Google and "pink noise" (Lauren Weinstein) It’s Easy - and Legal - to Bet on Sports. Do Young Adults Know the Risks? (NYTimes) Another water system hacked (KSNT) Re: Energy-harvesting card treats 5G networks as wireless power grids (Martin Cooper) Re: Antiscience Movement Is ... Killing Thousands (Henry Baker) Re: Scientists can implant false memories-and reverse them (Stephen E. Bacher) Re: Volkswagen apparently changing their name in U.S. (John Levine) Re: New York launches nation's first 'vaccine passports' (John Levine) Re: Vintage technology: 'It sounds so much cleaner' (Terje Mathisen) Re: Too much choice is hurting America (John Levine, Andrew Pam) RISKS 32.60 Saturday 17 April 2021 National Weather Service Internet systems crumbling as key platforms fail (WashPost) 737 MAX recidivus (Rob Slade) Cosmic rays causing 30,000 network malfunctions in Japan each year (The Japan Times) 100 Million More IoT Devices Are Exposed and They Won't Be the Last (WiReD) GPS is endangered by a misguided FCC decision made during the Trump administration (WashPost) Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 (Zero Day Initiative) A Casino Gets Hacked Through a Fish-Tank Thermometer (Entrepeneur) Millions of Devices at Risk From NAME:WRECK DNS Bugs (Alex Scroxton) Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027) ``How can a democracy function if we can't talk to one another?'' U.S. justices ask (Reuters) Texas Man Charged With Planning To Blow Up Ashburn Data Center (Arlington VA Patch) NYPD's Robot Dog Returns to Work, Touching Off a Backlash (NYTimes) The Perils of Overhyping Artificial Intelligence For AI to Succeed, It First Must Be Able to Fail (Foreign Affairs) Microchip security continues to confound Pentagon (Techxplorre) 'Miss'taken assumptions lead to plane incident (The Guardian) The UK Is Trying to Stop Facebook's End-to-End Encryption (WiReD) Coinbase Makes Its Debut -- and Bitcoin Arrives on Wall Street (WiReD) My email account needs blockchain maintenance? (Rob Slade) Scientists studying solar try solving a dusty problem (techxplore.com) Plan to install green energy storage on Williamsburg roof raises tenants' ire (Bklyner) Understanding fruit fly behavior may be next step toward autonomous vehicles (techxplore.com) Self-driving vehicles (Car and Driver via Richard Stein) Supreme Court & Facebook Unwanted Automated Texts (Consumer Reports) Foreign intel services could abuse ad networks for spying (Henry Baker) NJ town: Our IT vendor ate our e-mails (North Jersey) Loot boxes in video games deemed close enough to gambling to warrant regulation (medicalxpress.com) "Work From Home" being blamed for security risks (Rob Slade) He Built a $10 Billion Investment Firm. It Fell Apart in Days. (NYTimes) Marylanders could soon be fined $100 for intentionally releasing balloons (DCist) She called off her Wedding. The Internet will never forget (WiReD) Scientists Create Online Games to Show Risks of AI Emotion Recognition (Nicola Davis) AI Comes to Car Repair, and Body Shop Owners Aren't Happy (WiReD) The Foundations of AI Are Riddled With Errors (WiReD) We tested the first state's vaccine passport: Here's what to expect (WashPost) GoToMeeting/GoToWebinar (Rob Slade) Re: Antiscience Movement Is ... Killing Thousands (Jose Maria Meteos, Amos Shapir) People Count: People Count: Contact-Tracing Apps and Public Health (Susan Landau, MIT Press 2021) RISKS 32.61 Friday 23 April 2021 Two people killed in fiery Tesla crash with no one driving (Sundry sources) Israel appears to confirm it carried out cyberattack on Iran nuclear facility (The Guardian) Blackout in China's Xinjiang region caused almost half of the bitcoin network to go offline for 48 hours (Twitter via geoff goodfellow) U.S. Unveils 100-day Plan to Avoid "Going Dark" (Henry Baker) Data Integrity (Dan Geer) They Hacked McDonald's Ice Cream Machines -- and Started a Cold War (WiReD) U.S. and Japan to invest $4.5bn in next-gen 6G race with China (Nikkei Asia) Jaguar Land Rover to suspend output due to chip shortage (BBC News) Bitcoin Plunges in Biggest Intraday Drop Since February (Bloomberg) IBM Clarifies Stance On Developers Working On Open-Source Projects In Off-Hours (Phoronix) Grey-hat "security research," Linux, and U of Minnesota (Rob Slade) A growing problem of 'deepfake geography': How AI falsifies satellite images (Techxplore.com) In bot we trust: People put more faith in computers than other humans (StudyFinds) The Incredible Rise of North Korea's Hacking Army (The New Yorker) $40,000 Swindle Puts Spotlight on Literary Prize Scams (NYTimes) Processes changing for redacting documents (Chesterfield County VA) Victory for Fair Use: The Supreme Court Reverses the Federal Circuit in Oracle v. Google (Michael Barclay)) What's Really in Your Water? (Scientific American) Water Safety That Uses Your Mussels (nowiknow via Gabe Goldberg) Stealthy Dopant-Level Hardware Trojans (IACR paper via Rob Slade) The Postal Service is running a 'covert operations program' that monitors Americans' social media posts (Yahoo! item via Lauren Weinstein) The Pandemic Proved That Our Toilets Are Crap (WiReD) Space Junk Removal Is Not Going Smoothly (Scientific American) Re: We tested the first state's vaccine passport: Here's what to expect (John Levine) Re: Miss'taken assumptions lead to plane incident (David Lesher) Election Systems, Security, and the Future (Rebecca Mercuri) Infosec Ethics -- VSS, 4 May 2021 (Rob Slade) RISKS 32.62 Sunday 25 April 2021 China's domestic surveillance programmes benefit foreign spies (The Economist) Two cases of two+two - 777 & ETOPS (David Lesher) AS8003 or What IPV4 shortage?? (kentik) Eversource Energy data breach caused by unsecured cloud storage (Jan Wolitzky) Believe the computer, and Do Not Pass Go. (The Register) Researchers Uncover Advertising Scam Targeting Streaming-TV Apps (WSJ) Apple's new Find My Network application enables third-party tracking (MacRumors) Apple's Ransomware Mess Is the Future of Online Extortion (WiReD) Apple sued for terminating account with $25,000 worth of apps and videos (Ars Technica) Now for AI's Latest Trick: Writing Computer Code (WiReD) Minutes before Trump left office, millions of the Pentagon's dormant IP addresses sprang to life (Craig Timberg and Paul Sonne) Re: Fiery Tesla crash with no one driving (Henry Baker) Re: In bot we trust: People put more faith in computers than other humans (John Levine) RISKS 32.63 Friday 30 April 2021 The Plane Paradox: More Automation Should Mean More Training (WiReD) VPN hacks are a slow-motion disaster (WiReD) AirDrop could make 1.5 billion Apple devices vulnerable to hackers (Fortune) Hundreds lose Internet service in northern B.C. after beaver chews through cable (CBC.CA) NYPD Robot Dog's Run Is Cut Short After Fierce Backlash (NYTimes) Researchers Say Changing Simple iPhone Setting Fixes Long-Standing Privacy Bug (Mike Snider) Why the FCC Keeps Shooting Down Requests From Companies That Want To Shoot Down Drones (IEEE Spectrum) How Close Is Ordinary Light to Doing Quantum Computing? (Niel Savage) SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security (James Rundle) Outlook/Exchange accounts under attack? (Rob Slade) U.S. investigating possible mysterious directed energy attack near White House (CNNPolitics) An Ambitious Plan to Tackle Ransomware Faces Long Odds (WiReD) Man arrested over fake QR codes (South Australia Police) Spending on Cloud Computing Hits US$42 Billion Worldwide (Canalys) Fighting patent trolls (Rob Slade) Re: Eversource Energy data breach caused by unsecured cloud storage (Anthony Thorn) Re: Fiery Tesla crash with no one driving (Goldy) Re: IBM Clarifies Stance On Developers Working On Open-Source Projects In Off-Hours (Amos Shapir) Re: Masking the CoVID-19 problem (Robert Weaver) RISKS Tuesday 4 May 2021 Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin (WiReD) Dark web child abuse image site with 400,000 members taken down in global police sting (NBC News) U.S. Mulling Domestic Spying Partnership with Private Companies (Infosecurity Magazine) A New Line of Attack that Evades Spectre Defenses (Science Daily) An ambitious plan to tackle ransomware faces long odds (Ars Technica) Paying ransomware doesn't pay (Rob Slade) Legal chatbot firm DoNotPay adds anti-facial recognition filters to its suite of handy tools (The Verge) Known software issue grounds Ingenuity Mars copter as it attempted fourth flight (The Register) Stealthy Linux backdoor malware spotted after three years of minding your business (The Register) BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw (The Register) Pro-Trump web forums are abuzz with directions to forge Covid vaccine cards (NBC News) How to give Feedback about the Feedback Form? (Dan Jacobson) 100 prohibited porcupine quills seized at Dulles Airport (Herndon, VA Patch) Re: The Plane Paradox (Lars-Henrik Eriksson, Peter Bernard Ladkin) Re: SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security (Richard Stein) Re: Outlook/Exchange accounts under attack (Amos Shapir) Re: Hundreds Lose Internet service (A Michael W Bacon) RISKS 32.65 Sunday 9 May 2021 Prescribing software in some hospitals in South Australia adds digit to dosages (ABC.AU) Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down (The Hacker News) This massive DDoS attack took large sections of a country's Internet offline (ZDNet) Dogecoin tumbles nearly 50% after Musk calls it a 'hustle' on SNL (Breaking Alpha) Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild (The Hacker News) They Told Their Therapists Everything. Hackers Leaked It All (WiReD) Railroad Signaling Explained: Crossings (YouTube) USPS claims slowing down the mail won't actually slow down the mail (GovExec) The Lithium Gold Rush: Inside the Race to Power Electric Vehicles (NYTimes) FTC report blasts manufacturers for restricting product repairs (Jon Porter) New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations (The Hacker News) Cellular Industry's Clash Over the Movement to Remake Networks (IEEE Spectrum) Hack-to-Patch by Law Enforcement Is a Dangerous Practice (Just Security) DHS kicks off workforce sprint with push to hire 200 cyber pros (FCW) Latest "How I ended up posting my password for all to see" (Dan Jacobson) To Solve 3 Cold Cases, This Small County Got a DNA Crash Course (NYTimes) A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles. Good Samaritans are paying (WashPost) Re: How to give Feedback about the Feedback Form? (Mark Brader) Re: Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin (Peter Houppermans) RISKS 32.66 Wednesday 12 May 2021 The Pentagon Inches Toward Letting AI Control Weapons (WiReD) DarkSide hacking group responsible for the Colonial Pipeline shutdown (CNBC and Bloomberg via geoff goodfellow) U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyberattack (The Hacker News) What the U.S. Colonial pipeline cyberattack means for Europe (Politico Europe) ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality (WiReD) Tesla backseat driver was arrested then released; now he says he is back at it (Electrek) Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks (The Hacker News) U.S. Intelligence Agencies Warn About 5G Network Weaknesses (The Hacker News) Pro tip for the "but how do we protect ourselves?" folks (Brian Krebs) Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable (WiReD) I have been pwned! -- but not really (Rob Slade) Marvin Minsky hacked? (Tom Van Vleck) That reminds me of Bob Fenichel's Turing Hack (Tom Van Vleck) 96% of U.S. Users Opt Out of App Tracking in iOS 14.5, Analytics Find (Samuel Axon) FaceApp misprepresentation (WashPost) A risk of computerizing what worked fine without the computer (NotAlwaysRight) Apple's new Airtags can be easily abused by stalkers (WashPost) Michigan GOP lawmaker floats bill to register, fine 'fact checkers' (Lauren Weinstein) Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles (Amos Shapir) RISKS 32.67 Thursday 13 May 2021 Colonial Pipeline not likely to pay millions in ransom demanded by hackers (CNN Politics) A Closer Look at the DarkSide Ransomware Gang (Krebs on Security) Look who's hiring at Colonial (Richard Forno) Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations (The Hacker News) Fact Sheet on Biden Cybersecurity EO (The White House) ICAO Updates Effort To Clean Up NOTAM 'Garbage' (AVweb) Covid pandemic was preventable, says WHO-commissioned report (Sarah Boseley) Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards (The Hacker News) Re: Marvin Minsky hacked? (Martin Ward0 Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles (Bernie Cosell, Martin Ward) Re: I have been pwned! -- but not really (DJC) Cybersecurity, Nuclear Weapon Systems and Strategic Stability: Webinar (Diego Latella) RISKS 32.68 Friday 21 May 2021 Waymo self-driving taxi fumbles in construction Zone, Blocks Traffic (Youtube) Tesla's Autopilot Mode Crashed a Car Right Into a Washington State Cop Car (Gizmodo) Tesla Autopilot system was on during fatal California crash, adding to self-driving safety concerns (WashPost) Your Car Is Spying on You. A CBP Contract Shows the Risks. (The Intercept) Get Ready for In-Car Ads (The Intercept via geoff goodfellow) CNA paid $40M for ransomware (Bloomberg) Irish Health Service hit by ransomware (BBC) Technobabble, Libertrarian Derp and Bitcoin (Paul Krugman) The Full Story of the Stunning RSA Hack Can Finally Be Told (WiReD) Flaw in Japan vaccine reservation system leaves government red-faced (The Japan Times) Just 12 People Are Behind Most Vaccine Hoaxes On Social Media, Research Shows (NPR) Prosecutors probe Pennsylvania contact-tracing data breach (Meadville Tribune) Millions of fake commenters asked the FCC to end net neutrality. *Astroturfing* is a business model. (WashPost) Police Departments Adopting Facial Recognition Tech Amid Allegations of Wrongful Arrests (60 Minutes) The Disinformation Dozen (NPR via Rob Slade) Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons (The Hacker News) Lies on Social Media Inflame Israeli-Palestinian Conflict (NYTimes) Tech audit of Colonial Pipeline found glaring' problems (AP) 'Extreme Reaction' By Colonial Pipeline Baffles Energy Experts (Arlington VA Patch) DarkSide group that attacked Colonial Pipeline drops from sight online (NYTimes) FBI leads investigation of RPI computer attack (Albany Times Union) Microsoft Data Shows That The FCC's Broadband Maps Are Fantasy (TechDirt) Cheating Charges Upend Dartmouth Medical School (NYTimes) Bias Is a Big Problem. But So Is Noise. (NYTimes) We Found Joe Biden's Secret Venmo. Here's Why That's A Privacy Nightmare For Everyone (Buzzfeed News) Open Source and Cybersecurity (ZDNet via Rebecca Mercuir) U.S. Has Almost 500,000 Job Openings in Cybersecurity (CBS News) Californian RoboCop Had To Deal With Its First Crime, And It Did Not Go Well (IFLScience) The United States should make cybercrime a high priority (WashPost) Mob Violence Against Palestinians in Israel Is Fueled by Groups on WhatsApp (NYTimes) Coinbase is down for some users as Bitcoin sees massive sell-off (CNBC) Dutch civil servants used social media to spy on citizens, says study (EuroNews) How to Solve Captchas -- and Why They've So Hard to Solve (WiReD) Cracking the Code of Letterlocking (Atlas Obscura) Re: Marvin hacked (Tom Van Vleck) Re: RISKS and Zero Day (Kim Zetter) Re: I have been pwned! -- but not really (Merlyn) Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob, Popsicles (Bernie Cosell) MIT STAMP/STPA Virtual Workshop 2021 (Nancy Leveson) RISKS 32.69 Sunday 30 May 2021 U.S. nuclear weapon secrets revealed in cloud flash-card apps (Bellingcat) U.S. nuclear weapon bunker security secrets spill from online (The Register via Tom Van Vleck) Surviving an in-flight anomaly: what happened on Ingenuity's sixth flight (NASA) "Rule of 48" redux concerning airborne spread of pathogens, a reminder with wide applicability to all research (WiReD) A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (WiReD) Secret Chats Show How Cybergang Became a Ransomware Powerhouse (NYTimes) Why GitHub Refuses to Provide Key Evidence to a Man on Death Row (Gizmodo) Several Organizations Protest Facebook, Sign Public Complaints Against Platform (Broadband Breakfast) An FTC Lawsuit Says Frontier Lied About Internet Speeds (WiReD) Scatalogical appliances (Medicalxpress.com) A new replication crisis: Research that is less likely to be true is cited more (phys.org) "Hobbit" house renamed due to lawsuit threat (Rob Slade) Florida governor signs law to block *deplatforming* of Florida politicians (The Verge) D.C. Attorney General Karl A. Racine brings antitrust lawsuit against Amazon (The Washington Post) Microsoft Tips Generational Update for Windows 10 (PCMag) NFTs and tokenization: How crypto could help regular people become real-estate tycoons (Fortune) Security of the IMPs (Bernie Cosell) SolarWinds hackers are back with a new mass campaign, Microsoft says (NYTimes) Canada Post says 950,000 customers exposed in data breach (CBC) A New Line of Attack that Evades Spectre Defenses (WiReD) As Congress Dithers, States Step In to Set Rules for the Internet (NYTimes) Colonial Pipeline accused of negligence in proposed class action (Bloomberg Law) Truth, Lies, and Automation (Georgetown) That Salesforce outage: Global DNS downfall started by one engineer trying a quick fix (The Register) For First Time, Microsoft Integrating GPT-3 Into Its Software (EnterpriseAI) Caltech Prof Helps Solve Hindenburg Disaster (NOVA via Henry Baker) Re: Just 12 People Are Behind Most Vaccine Hoaxes On Social Media (Toebs Douglass) Sharing lock-picking information on RISKS (Jay Libove) NoScript is immoral? (Martin Ward) Re: freemium for all, was A mom panicked (John Levine) June 2021 CACM Inside Risks column and video (David Roman) RISKS 32.70 Saturday 5 June 2021 WARNING to RISKS readers (PGN) Tesla activates in-car camera to monitor drivers using Autopilot (TechCrunch) Tesla brings the strategies pioneered by Apple to the auto industry (WashPost) Tesla apologizes after man in S.China locked in his car due to power failure (Global Times) A "lethal" weaponized drone "hunted down a human target" without being told to for the first time (Business Insider) AI in medicine (Statnews via Wendy Grossman) AI Drone May Have Acted on Its Own in Attacking Fighters, U.N. Says (NYTimes) Don't End Up on This Artificial Intelligence Hall of Shame (WiReD) Bug in Siemens PLCs.... (The Hacker News bia Robert Mathews) Cyberattack closes JBS meat-packing facilities in Canada, U.S. and Australia (CBC) How to Negotiate with Ransomware Hackers (The New Yorker) Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions (The Hacker News) This $5 billion insurance company likes to talk up its AI. Now it's in a mess over it. (cnn.com) Steamship authority targeted in ransomware attack (The Martha's Vineyard Times) Cybersecurity insurance, if you can get it (knowbe4) Supreme Court narrows cybercrime law (The Hill) High-tech policing: Suspect identified after posting pic of his hand holding cheese (LinkedIn) Our digital pasts weren't supposed to be weaponized like this (NYTimes) Will the Excelsior Pass, New York's Vaccine Passport, CatchOn? (NYTimes) How do you know this isn't a fake posting? (Rob Slade) Amazon "stealing" your data is not the same as what Comcast is doingxo (Lauren Weinstein) Amazon Sidewalk Poised to Sweep You Into Its Mesh (ThreatPost) Emergency Amazon (Rob Slade) Amazon home devices may now use part of your WAN uplink for a mesh network with neighbors' Amazon Devices (Newser) FCC's emergency connectivity funds ineligible for school and library self-provisioned networks (Broadband Breakfast) E-Commerce liability cases could open floodgates for lawsuites, panelists agree (Broadband Breakfast) Norton Antivirus Is Now a Cryptominer; Wait, what (Review Geek) The Mayor of Reno Is Betting Big on the Blockchain (WiReD) Oximeters used to be designed for equity. What happened? (WiReD) One blessing of the Cybersecurity Executive Order (Hagai Bar-El) CDC loosened mask guidance to encourage vaccination -- it failed spectacularly (Beth Mole, Ars Technica) Deter prying eyes by locking your own letters (Atlas Obscura) Facebook systematically censoring "vaccine concerns", regardless of truthfulness (Project Veritas) Facebook suspends Trump for 2 years in response to Oversight Board ruling (WashPost) Google made it nearly impossible for users to keep their location private (Business Insider) Security Engineering: A Guide to Building Dependable Distributed Systems (Ross Anderson, reviewed by Sven Dietrich) Re: Risks: Colonial Pipeline accused of negligence in proposed class action (John Bechtel) Re: Florida governor signs law to block *deplatforming* of Florida politicians (San Steingold) Re: Irish Health Service hit by ransomware (Patrick O'Beirne) Re: Why GitHub Refuses to Provide Key Evidence to a Man on Death Row (Stephen E. Bacher) Re: NoScript is immoral? (Eli the Bearded, Kaufmann, John Levine) Re: Security of the IMPs (Henry Baker) Re: Truth, Lies, and Automation (Toebs Douglass) RISKS 32.71 Saturday 12 June 2021 New trains on Amtrak's Acela delayed a year by new round of testing (WashPost) Drone scares off thousands of nesting elegant terns at Bolsa Chica Ecological Reserve in California (WashPost) Why are we building in "single points of failure"? (Rob Slade) Fixing Medical Devices That Are Biased against Race or Gender (Scientific American) Baidu rolls out paid driverless taxi service in Beijing (AP) Expert Stakeholder Consultation Report on the Indian Encryption Debate (John Young) Hundreds arrested in massive global crime sting using messaging app (BBC News) Ransomware and cyber-insurance (Rob Slade) Fujifilm refuses to pay ransomware demand, restores network from backups (Verdict) We Have Met the Ransomware Enemy, and It Is /Partly/ Us! (Lauren Weinstein) Majority of $4.4 million cryptocurrency ransom payment in Colonial Pipeline hack recovered (USA Today and others) Cybersecurity Framework Profile for Ransomware Risk Management -- Preliminary Draft (nist.gov) An insect-computer hybrid system for search operations in disasters (Techxplore.com) Dartmouth Medical School Drops Online Cheating Cases Against Students (NYTimes) Hackers Breached Colonial Pipeline Using Compromised Password (Bloomberg) Apple driver's licenses (Lauren Weinstein) Apple Wallet for ID (Gabe Goldberg) Clueless or clickbait? You decide... (WashPost) Encrypted Messaging App Run by the FBI Leads to Arrest of Over 100 Organized Crime Members (Gizmodo) Fastly CDN screws up internal configuration, takes down major sites around the world (NPR) New York Times posts, then removes, article announcing discovery of watermelons on Mars (Lauren Weinstein) Amazon's Sidewalk Network Is Turned On by Default. Here's How to Turn It Off (Inc.) Pipeline Investigation Upends Idea That Bitcoin Is Untraceable (NYTimes) Replacement with non-allergenic joints can provide relief (medicalxpress) Re: How do you know this isn't a fake posting? (R. G. Newbury) Re: A "lethal" weaponized drone "hunted down a human target" (George Sigut) Book review - "Soap and Water and Common Sense" (Rob Slade) RISKS 32.72 Tuesday 22 June 2021 GPS III's Long Journey Is Picking Up Speed (WiReD) An autonomous ship's first effort to cross the Atlantic shows the difficulty of the experiment (WashPost) Why the Mexico City Metro Collapsed (NYTimes) One stolen password gave hackers access to NYC's deepest secrets (NYTimes PGN-ed) Double-Encrypting Ransomware (WiReD) Optional is not always optional (Bob Gezelter) Facial Recognition Failures Are Locking People Out of Unemployment Systems (Vice) Doggie device prompts scare that closed CIA front gate, spokeswoman says (WashPost) This tech uses augmented reality to give surgeons 'superpowers' (cnn.com) Caps and Gowns and credit-card fraud (The Globe via David Tarabar) Hard to fathom this having been a design goal... (Geek via GG) Biomimetic resonant acoustic sensor detecting far-distant voices accurately to hit the market (Techxplore.com) Apple Says It's Time to Digitize Your ID, Ready or Not (WiReD) What If Doctors Are Always Watching, but Never There? (WiReD) End-to-End Verifiability Key to Future Election Security (unidentified author via Gabe Goldberg) Government Chatbots Now a Necessity for States, Cities, Counties (GovTech) Wabi-sabi software systems (Henry Baker) CoVID dream (Rob Slade) Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened (Vice via Lauren Weinstein) Metrics and integrity -- and media? (Rob Slade) Fake surveys? Real surveys? Who knows? (Lauren Weinstein) Correlated errors in quantum computers emphasize need for design changes (Sarah Perdue) Apple's and Google's New AI Wizardry Promises Privacy, at a Cost (WiReD) The Efforts to Make Text-Based AI Less Racist and Terrible (WiReD) How Humans Think When They Think As Part of a Group (WiReD) One-billion-dollar Bangladesh cybertheft in 2016 foiled by faulty printer, random coincidence in street address, and a spelling error (and perhaps deductible -- BBC and techxplore.com) Re: Pipeline Investigation Upends Idea That Bitcoin Is Untraceable (Stephen E. Bacher) Re: New trains on Amtrak's Acela delayed a year by new round of testing (John Levine) Re: Encrypted Messaging App Run by the FBI Leads to Arrest of Over 100 Organized Crime Members (Stephen E. Bacher) Re: Single-point failure (Roderic Rees) [corrected] RISKS 32.73 Tuesday 29 June 2021 It's a new world today for RISKS!!! (PGN) Re: Pipeline Investigation Upends Idea That Bitcoin Is Untraceable (Toebs Doouglass) Re: Government Chatbots Now a Necessity for States, Cities, Counties (Toebs Doouglass) Re: Wabi-sabi software systems (Martin Ward) Re: End-to-End Verifiability Key to Future Election Security (Barry Gold) Re: Metrics and integrity -- and media (Wol) Re: Optional is not always optional (Arthur T., Bob Gezelter) RISKS 32.74 Wednesday 30 June 2021 Wabi-sabi rebar -- on Miami Surfside collapse (Henry Baker) Qantas pilot was `incapacitated' by oxygen mask (ATSB) GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base (New Scientist) The Internet Eats Up Less Energy Than You Might Think (NYTimes) The Problem With Jam-ming GPS (Now I Know) Pilot in deadly Canadian military helicopter crash unaware of flight-control software conflict, says report (CBC) Cyber-risk Across the U.S. Nuclear Enterprise (TSNR) CSIS says 2020 was a banner year for espionage operations targeting Canada (CBC) Mounties suspected person leaking secrets had high-level computer access, search warrants show (CBC) Major Step Forward for Quantum Error Algorithms (NCI Australian) 3D Scanning Breakthrough Means Results Are 4,500% More Accurate (Loughborough) Giant comet found in outer solar system by Dark Energy Survey (phys.org) Supreme Court sides with credit agency (WashPost) EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination (Diego Latella) I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical. (NYTimes) German States want compulsory pre-installed youth protection filters (Heise) Politicians vs. Big Tech: Ordinary Users are Going to Lose Big Time! (TechDirt) Regarding "My Book" ext. drives w/Internet connectivity (Bleeping Computer via danny burstein) Your CPU May Have Slowed Down on Wednesday (travisdowns via Thomas Koenig) Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9 (TorrentFreak) USPS mail delays: What it means in your Zip code (WashPost) A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (WiReD) A model to predict how much humans and robots can be trusted with completing specific tasks (techxplore.com) Re: End-to-End Verifiability Key to Future Election Security (eric Sosman) Re: Government Chatbots Now a Necessity for States, Cities, Counties (DJC) Re: Apple Says It's Time to Digitize Your ID, Ready or Not (Steven Klein) RISKS 32.75 Sunday 4 July 2021 Power outage knocks Houston 911 call center offline for several hours (Houston Chronicle) An apparent supply chain attack exploited Kaseya's IT management software to encrypt a "monumental" number of victims all at once (WiReD) Major ransomware attack aimed at tech provider leaves other companies scrambling (CBC) With cyberattacks growing more frequent and disruptive, a unified approach is essential (Techxplore.com) Study finds variations in quantitative MRI scanners' measurements (medicalxpress.com) Research lays groundwork for restoring lost oral functions with pacemaker-like devices (medicalxpress.com) Rethinking Application Security in the API-First Era (The Hacker News) In Sweden, a supermarket chain was forced to close 800 stores due to a cyber-attack (Eurnews) Bypassing macOS TCC User Privacy Protections By Accident and Design (Sentinel One) "Alexa, do this" (BBC) Latency, overuse of cache, and integrity (Rob Slade) On testing production voting systems (Douglas W Jones) Re: Major Step Forward for Quantum Error Algorithms (Rob Slade) Re: Supreme Court sides with credit agency (Steve Klein) Re: Government Chatbots Now a Necessity for States, Cities, Counties (John Levine, Toebs Douglass) Re: German States want compulsory pre-installed youth protection (Amos Shapir, elvis-85781) RISKS 32.76 Saturday 10 July 2021 RFI on scientific integrity (White House OSTP) A code grabber is a device that can capture a radio signal from a vehicle's key fob, analyze it and replicate (geoff goodfellow) Social-credit score system for Germany (Vorausschau) Developer Infinidash joke ends up as job requirement (The Register) Europe makes the case to ban biometric surveillance (Matt Burgess) Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how. (NBC News) Researchers examine burden of electronic health record on primary care clinicians (medicalxpress.com) How California's new Digital Vaccine Records can be easily abused (EFF) NY's "Excelsior" vaccine "passport" is a mess (TechReview) Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability (MS) Human Risk Management /HRM/ is the FIX. (The Hacker News) Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software (Krebs on Security) Cell phones and cancer: New UC Berkeley study suggests cell phones sharply increase tumor risk (KTVU) GOP Congressman in leaked video: "We want chaos and inability to get things done for the next 18 months!" (Common Dreams) Re: Supreme Court sides with credit agency (Richard Stein, Stanley Chow) RISKS 32.77 Thursday 22 July 2021 NSW teachers in ‘state of paralysis’ after cyber-attack (Sydney Morning Herald) Internet Futures: Spotlight on the technologiesm, which may shape the Internet of the future (UK OFCOM report) EU Parliament allows blanket scans for child pornography (Politico) YouTube fined 100 000 Euros delaying court order to restore video (Thomas König) Rounding errors could make certain stop-watches pick wrong race winners (Eurekalert) Veteran Affairs big software upgrade is plagued by hidden costs and flawed training (Dave Philipps) Is Washington ready for space tourism to take off? (politico.com) Traffic Analysis and Herd Immunity (Rob Slade) Wabi Sabi Systems Programming (Henry Baker) Russia's most aggressive ransomware group disappeared. It's unclear who disabled them. (NTimes via Matthew Kruk) Russian-based cyberattacks (Lauren Weinstein) Binance Froze When Bitcoin Crashed. Now Users Want Their Money Back (WSJ) A secret algorithm is transforming DNA evidence. This defendant could be the first to scrutinize it. (WashPost) Israeli listening device exposed (Gadi Evron) Re: Cell phones and cancer: New UC Berkeley study suggests cell phones sharply increase tumor risk Re: Social-credit score system for Germany (Lars-Henrik Eriksson, goldy, Fritz Grammer) Re: Supreme Court sides with credit agency (John Levine, Stanley Chow) Re: Insider attacks (Ross Anderson) Re: NY's "Excelsior" vaccine "passport" is a mess (John Levine, Lauren Weinstein) Re: Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how. (John Levine) Re: RFI on scientific integrity (Henry Baker) RISKS 32.78 Tuesday 27 July 2021 Russia Disconnects from Internet in Tests as It Bolsters Security (Reuters) ‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath (Scientific American) Space Data Integrator (faa.gov) What Ever Happened to IBM's Watson? (NYTimes) A Severe Drought Is Threatening the Hoover Dam Reservoir -- and Water Throughout the West (Mother Jones) The end of open source? (Shaun O'Meara) Niemoeller's Boiled Frog: Weaponization of App Data (Josephy Cox via Henry Baker) Hoe no! Facebook snafu spells trouble for gardening group (AP News) Hackers Turning to 'Exotic' Programming Languages for Malware Development (The Hacker News) Disinformation for Hire, a Shadow Industry, Is Quietly Booming (Max Fisher) What Should Happen to Our Data When We Die?] (NYTimes) Breast Cancer Patient Attacked by Violent Anti-Mask Protest Outside Los Angeles Clinic (Vice) 'STFU' is anti-science (Tunku Varadarajan via Henry Baker) The Problem With Stealing High-End Electronics and Beer (Now I Know) Re: Traffic Analysis and Herd Immunity (anthony youngman} Re: Rounding errors could make certain stop-watches pick wrong race winners (Jim Garrison) Re: YouTube fined 100 000 Euros delaying court order to restore video (Dick Mills) Re: A secret algorithm is transforming DNA evidence. This defendant could be the first to scrutinize it. (Michael Black)) Re: Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how. (David B. Horvath) Re: RFI on scientific integrity (David B. Horvath) RISKS 32.79 Monday 2 August 2021 If you don't trust AI yet, you're not wrong. (NYTimes) Phantom Warships Are Courting Chaos in Conflict Zones (WiReD) Chair moved to clean in control room, bumps switch, shutting reactor in Taiwan (The Register) World's first re-progammable commercial satellite set to launch (phys.org) AirDropped Image Of AirSoft Weapon Leads to UAL Flight Evacuation (AVweb) On The Contours of Our Insecurity' & Related Obduracy... (Forbes) Hackers Turning to 'Exotic' Programming Languages for Malware Development (The Hacker News) As Cyberattacks Surge, Security Start-Ups Reap the Rewards (NYTimes) Albertans' personal information exposed after national health-care provider hacked, data put up for sale (Edmonton Journal) Human Risk Management is the FIX. (The Hacker News) Don't click links in text messages (Tom Van Vleck) Florida Sheriff's Office Now Notifying People It Will Be Inflicting Its Pre-Crime Program On Them (TexchDirt) Ancient Printer Security Bug Affects Millions of Devices Worldwide (Mayank Sharma) ML Technique Used to Pinpoint Quantum Errors (Q-CTRL and.Sydney) QR Codes Are Here to Stay. So Is the Tracking They Allow. (NYTimes) The Robocall Rebellion (NYTimes) Joint USTPC/CRA Comments to the White House's OSTP on Enhancing Scientific Integrity Policies (PGN) Re: Disinformation for Hire, a Shadow Industry, Is Quietly Booming, (Richard Thieme) Re: Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how. (John Levine) Re: YouTube fined 100 000 Euros delaying court order to restore video (Thomas Koenig) Re: "Roundoff" (Eric Ferguson) RISKS 32.80 Thursday 5 August 2021 The World Is Suffering from Champlain Towers South Syndrome (WiReD) Beware using telemedicine for voice and speech therapy (techxplore) In China, Big Brother is a service (Facebook) AI flunks COVID test (Will Douglas Heaven vis Henry Baker) YouTube suspends Sky News Australia uploads over COVID-19 misinformation (Engadget) RISKS 32.81 Saturday 7 August 2021 Thousands of Patients Were Implanted With Heart Pumps That the FDA Knew Could Be Dangerous (ProPublica) Reading Race: A Remarkable AI/ML Achievemento (WordPress) Hospitals Still Use Pneumatic Tubes—and They Can Be Hacked (WiReD) The Pentagon inches toward letting AI control weapons (WiReD) Cyber-attack against steering of ships? (Times of Israel) What, me worry? (WashPost via Gabe Goldberg) The chip shortage is getting worse (Vox) The Full Story of the Stunning RSA Hack Can Finally Be Told (WiReD) Revealed: leak uncovers global abuse of cyber-surveillance weapon (The Guardian) Keeping old computers going costs government 2.3bn pounds a year, says report (Richard Morris -- BBC) Apple to Scan iPhones for Child Sex Abuse Images (James Clayton -- BBC) DRM on hand power tools (TechDirt) Hacking a Capsule Hotel to Silence a Noisy Neighbor (Infosecurity Magazine) Senate Banking Chair Asks CFPB How It Plans to Address Risks of Chime and Other Banking Apps (ProPublica) Hackers Turning to 'Exotic' Programming Languages for Malware Development (The Hacker News) Re: Hackers using 'Exotic' PLs for Malware (Henry Baker) Re: Chair moved to clean in control room, bumps switch, shutting reactor in Taiwan (JC Cantrell) RISKS 32.82 Friday 13 August 2021 The Chinese smart city that knows people's personal habits (bbc.com) Clearing the heavens of space junk (CBS News) AI wrote better phishing emails than humans in a recent test© (WiReD) Robots are coming for the lawyers (The Conversation) Facebook is reportedly trying to analyze encrypted data without deciphering it (Engadget) We Research Misinformation on Facebook. It Just Disabled Our Accounts. (NYTimes) Brooklyn Tech students uncovered an NYC schools data breach (Brooklyner) Citigroup Center Stilts – New York, New York (Atlas Obscura) A Critical Random Number Generator Flaw Affects Billions of IoT Devices (The Hacker News) Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic (The Hacker News) Tortured phrases’ give away fabricated research papers (Nature) A new flying car illustrates the same old problems (Hackaday) Cryptocurrency debate slows infrastructure bill (WashPost) #DEFCON: Exploiting Vulnerabilities in the Global Food Supply Chain (Infosecurity Magazine) Mesa County Colorado secure election systems passwords posted on political blog (Rod Wilcox) Why you should care about Zoom’s $85m privacy lawsuit (Ars Technica) Re: Chair moved to clean in control room, bumps switch, shutting reactor in Taiwan (Dan Jacobson) Re: Apple to Scan iPhones for Child Sex Abuse Images (Ross Anderson via PGN) Re: Cyber-attack against steering of ships? (R A Lichtensteiger) Re: DRM item with an Unreadable Button (David E. Ross) Re: Reading Race: A Remarkable AI/ML Achievement (Michal Pavlovic) RISKS 32.83 Thursday 19 August 2021 Inside a Fatal Tesla Autopilot Accident (NYImes) Self-Driving Car Company to Test a Second Autonomous Vehicle in NYC (Streetsblog New York City) Technical Issue Gives Some Metro Riders Unexpected SmarTrip Boost (DCist) Texas murder suspect granted bond after police data loss (ABC News) Simulating nuclear cloud rise anywhere, anytime (phys.org) Mysterious Hacker Group Suspected in July Cyberattack on Iranian Trains (NYTimes) Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients (The Hacker News) Autocorrect Errors in Excel Still Creating Genomics Headache (Dyani Lewis) BlackBerry resisted announcing major flaw in software powering cars, hospital equipment (Peter Gutmann) Apple's controversial client-side child-abuse scanning algorithm reverse engineered, first hash collision already created (Schneier via LW) Apple's project is likely doomed (Lauren Weinstein) New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems (The Hacker News) Parents pull kids from schools as district bucks CDC guidance and board member spreads misinformation (CNN) Abrien Aguirre Hawaii Covid Whistleblower (BitChute) Insecurity of voting machines against attackers with physical access (Andrew Appel) Colorado Republican official accused after voting system passwords are leaked to right-wing site (WashPost) Re: Citigroup Center Stilts -- New York, New York (Mark Brader) Re: Clearing the heavens of space junk (Erling Kristiansen) RISKS 32.84 Thursday 26 August 2021 General Motors expands Chevrolet Bolt recall over battery fire issue (Neal E. Boudett) Why Teslas Keep Striking Parked Firetrucks and Police Cars (Slate) Aurora Releases Tool to Gauge Safety of Self-Driving Systems (Reuters) Further on the Fatal Tesla Autopilot Accident report (Stephen Mason) An Obstacle to Amtrak Expansion That Money Won’t Solve (NYTimes) Rain falls on peak of Greenland ice cap for first time on record (The Guardian) Why Bad Science Is Sometimes More Appealing Than Good Science (Scientific American) Implantable AI system developed for early detection and treatment of illnesses (medicalxpress.org) Body cams alone not enough to prevent police violence (phys.org) The fix is in: How it can cost you more to get medical treatment with insurance than without (NYTimes) How your employer may be tracking your remote work (WashPost) As delta variant spreads, some companies with vaccine mandates deploy tech to verify records (WashPost) Cortana is AWOL in the war against COVID-19 disinfo (Computerworld) Critical flaw found in older Cisco Small Business Routers won't be fixed (The Hacker News) Google announces commitment of $10 billion to advance cybersecurity (LW) Cybercrime Group Asking Insiders for Help in Planting Ransomware (The Hacker News) Wanted: Disgruntled Employees to Deploy Ransomware (Krebs on Security) A simple software fix could limit location-data sharing (WiReD) Princeton: We built a system like Apple's to flag child sexual abuse material -- and concluded the tech was dangerous (WashPost) Another source for Apple's anti-CSAM proposal (NYTimes) Edward Snowden on Apple's approach to CSAM (PGN) Apple’s Double Agent (Vice) UK to Hang Up on Landline Phones in 2025 (Jonathan Spira) VPNs Could Be Vulnerable to Attacks That Send You to Fake Websites (New Scientist) Folly: eBay "security" notice (Gabe Goldberg) RISKS 32.85 Wednesday 1 September 2021 Tesla on autopilot smashes into police car helping motorist at side of road (CNN) Toyota suspends use of self-driving vehicle in Olympic Village after collision with Paralympic athlete (CNN) 'Copilot' "highly likely" to introduce bugs and vulnerabilities (Techradar) Keeping Your Family Safe From Vehicle Rollaways (NBC4 WashDC) Lights Flickered in New York City. Why Did the Subways Grind to a Halt? (NYTimes) Fraud Alert: Malicious QR Codes Now Used by Online Scammers (Washington Consumers' Checkbook) A Fix for Ransomeware Attacks (Paul Rosenzweig) Falsehoods diminish trust in Califonia recall vote (Kaylee Fagan) Manned Mars mission viable if it doesn't exceed four years, concludes international research team (phys.org) Lying with statistics (Ars Technica) Iceland has reported more cases in the past month than they had in the previous 9 months combined (ianmSC) T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’ (WSJ) Reddit CEO rejects call for a crackdown on coronavirus misinformation (Engadget) Australian preprint ban in grant applications deemed ‘plain ludicrous’ (Nature) One more position on the Apple Appleplexy (Susan Landau) Re: UK to SORT-OF Hang Up on Landline Phones in 2025 (Lindsay Marshall, John Levine) RISKS 32.86 Sunday 5 September 2021 Whistleblower claims smart motorway system failure (Safer Highways) The U.S. Army Tried Portable Nuclear Power at Remote Bases 60 Years Ago (Atlas Obscura) Excel spreadsheet font gives evidence of fraud (The Economist) Digital Archives Meant to Be Permanent Seem to Be Lost on the Web (New Scientist) AI Matches Cardiologists' Expertise, While Explaining Its Decisions (UCSF News) Popular Smart Home Security System Can Be Remotely Disarmed (TechCrunch) New NSA FAQ on Quantum Computing and Post-Quantum Cryptography (Defense.gov) Apple backs down on CSAM launch, says it will collect input and make improvements before launching (Apple Insider) Insufficient evidence that AI breast cancer screening is accurate enough to replace human scrutiny (medicalxpress.com) GOP Election Reviews Create a New Kind of Security Threat (NYTimes) Re: Lying with statistics (Jonathan Levine) Re: Iceland has reported more cases in the past month than they had in the previous 9 months combined (Sheldon, Andrew Douglass, Amos Shamir) Re: Toyota suspends use of self-driving vehicle in Olympic Village (Steve Lamont) Re: Lights Flickered in New York City. Why Did the Subways Grind to a Halt? (Sheldon) Re: autonomous vehicles (Matthew Kruk) Biden Administration Establishes Program to Recruit Techo (Maggie Miller) Security, Privacy, and Innovation: Reshaping Law for the AI Era (noted by Gabe Goldberg) RISKS 32.87 Saturday 11 September 2021 Airbus flight computers shutdown (Rich Brown) AI Can Help Patients—but Only If Doctors Understand It (WiReD) USG Releases Draft Zero-Trust Guidance (PGN) ‘Breach of trust’: Police using QR check-in data to solve crimes (Sydney Morning Herald) ProtonMail provides Swiss authorities with user data (Proprivacy) How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users (Propublica) Facebook made big mistake in data it provided to researchers, undermining academic work (WashPost) Brits hire ad agency to 'protect children' from E2EE (Henry Baker) Misbehaving Microsoft Teams ad brings down the entire Windows 11 desktop (Ars Technica) Automated Hiring Software is Mistakenly Rejecting Millions of Viable Job Candidates (Slashdot) Government says polluters can dump raw sewage into rivers as Brexit disrupts water treatment (The Independent) Russia's Yandex says it repelled biggest DDoS attack in history (Reuters) Singapore has moved from preventing cyberthreats to assuming breaches have occurred (The Straits Times) El Salvador’s Bitcoin Gamble Is Off to a Rocky Start (WiReD) Revealed: LAPD officers told to collect social media data on every civilian they stop (The Guardian) Venice prepares to charge tourists, require booking (Reuters) Sydney couple scammed out of almost $1 million (Sydney Morning Herald) FOX News' Tucker Carlson defends making and selling fake covid vaccine cards (The Independent) As U.S. Prepares to Ban Ivermectin for Covid-19, More Countries in Asia Begin Using It (Naked Capitalism) Freezing his credit after yet another data breach (Rob Pegoraro) That NYC subway outage? Someone pushed the wrong button. (danny burstein) Re: fast vs slow repairs, Lights Flickered in New York City. (John Levine) Re: Autonomous Vehicles, (Richard Stein) Quote of The Day (CommonSense MD) RISKS 32.88 Saturday 18 September 2021 Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge (The Hacker News) How Cryptocurrency Can Keep Americans Free (NYTimes) Facebook, Biden officials poised for clash on cryptocurrency (WashPost) Study Finds Processing Power Wasted Mining Bitcoin Only Thing Preventing Sentient Computers From Wiping Out Humanity (The Onion) Timezone risk on COVID test registration site (John Shardlow) 'Every message was copied to the police': the inside story of the most daring surveillance sting in history (The Guardian) Larry Elder supported site claims election fraud that caused Newsom to win in California -- BEFORE ANY VOTES HAVE BEEN COUNTED! (NBC) Bolsonaro's Ban on Removing Social Media Posts Is Overturned in Brazil (NYTimes) Anonymous leaks gigabytes of data from alt-right web host Epik (Ars Technica) Travis CI flaw exposed secrets of thousands of open-source projects (Ars Technica) An incredible violation of privacy from the GOP! (Spotlight PA) Beware the hidden bias behind TikTok resumes (Techcrunch) Apple Issues Emergency Security Updates to Close a Spyware Flaw (Nicole Perlroth) Apple and Google bend over for Putin (Gizmodo) Reports that armed police occupied Google Moscow offices demanding opposition app removal (FT) Hear That? It’s Your Voice Being Taken for Profit (NYTimes) Defeating facial recognition with ... natural makeup (via LW) Why you need a personal laptop (The Verge) Forced Entry: NSO Group iMessage Zero-Click Exploit Captured in the Wild (Citizen Lab) Re: Airbus flight computers shutdown (Peter Bernard Ladkin) Re: As U.S. Prepares to Ban Ivermectin for Covid-19 (Peter Bernard Ladkin, David Canzi) RISKS 32.89 Sunday 3 October 2021 First death attributed to ransomware (WSJ via Ross Anderson) What Is CoolSculpting? (The New York Times) Tesla owners can now request ‘Full Self-Driving’, prompting criticism from regulators and safety advocates (MSN) Chip makers to carmakers: time to get out of the semiconductor Stone Age (Fortune) Taiwan system update causes accidental loss of student data (Focus Taiwan) Portpass app may have exposed hundreds of thousands of users' personal data (CDC) How close is nuclear fusion power? (Sabine Hossenfelder) Troll farms, Russia, YouTube, Facebook (PGN-ed from Lauren Weinstein) Regulators Racing Toward First Major Rules on Cryptocurrency (NYTimes) Elevator-Pitch Privacy (Richard Stein) Vulnerability of locked iPhone with a Visa Card set in Transit Mode (BBC) How to have a hard time finding the About page (Dan Jacobson) Save the date! IFIP 60th Anniversary Panel “Autonomous vehicle (Charles B Weinstock) RISKS 32.90 Sunday 17 October 2021 Keyword warrants (NY Post) Security risks of insulin pumps (Healio) The FDA Should Better Regulate Medical Algorithms (Scientific American) Apple's App Tracking Transparency circumvented by some apps (LockDownPrivacy) Special Report: How AT&T helped build far-right One America News (Reuters) Missouri governor accuses journalist who warned state about cybersecurity flaw of criminal ‘hacking’ (WashPost) Trans man says confusion caused cervical screening delay (BBC News) How the WhatsApp Outage Hurt Small Businesses in India (Slate) Expensive hotel room!!! (Jonathan M. Gitlin) Hyperbole (Lauren Weinstein) Google Chat spam? (Rob Slade) Dubai’s Ruler Hacked Phones of His Ex-Wife and Her Lawyers, UK Court Says (NYTimes) Bugs in our Pockets: The Risks of Client-Side Scanning (PGN) RISKS 32.91 Saturday 30 October 2021 Lettering on clothes mistaken for license plate (BBC) Florida Humidity Grounded Starliner (AVweb) Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away after apparent software bugs (WashPost) Blue Line Train Had Derailed Twice Before On The Same Day: NTSB (Patch) Surprise Russian Thruster Firing Prompts Space Station Emergency (NYTimes) Russia's Massive Internet Censorship Project (NYTimes) Gun-toting robo-dogs look like a dystopian nightmare. That's why they offer a powerful moral lesson (phys.org) Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor. (Archive) I *really* hate Hopin ... (Rob Slade) Left vs. Right VS. Facebook (Lauren Weinstein) I’m Not a Pilot, but I Just Flew a Helicopter Over California (NYTimes) Anonymity No More? Age Checks Come to the Web. (NYTimes) These Neural Networks Know What They're Doing (MIT News) Apple and Privacy (Lauren Weinstein) Ransomware Activity Report (Googleapis) Ransomware attack knocks some Sinclair television stations off the air (WashPost) Pirate-site operator hacked MLB and tried to extort $150,000, feds say (Ars Technica) Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review) Banning anonymous social media accounts would only stifle free speech and democracy (The Guardian) No ink, no scan: Canon USA printers hit with class-action suit (ZDNet) Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend (ZDNet) Tech workers warned they were going to quit. Now, the problem is spiraling out of control (ZDNet) Re: Elevator-Pitch Privacy (Arthur T.) Re: Trans man says confusion caused cervical screening delay (Amos Shapir) RISKS 32.92 Saturday 6 November 2021 SpaceX Under Fire After Autonomous Rocket Hits Pedestrian (The Onion) 9-year-old unlocks unconscious father's iPhone with his face to call 911 (Apple Insider via Monty Solomon) AI Is Not A-OK (NY Times) Fake Polls and Tabloid Coverage on Demand: The Dark Side of Sebastian Kurz (NYTimes) Trojan Source Bug Threatens the Security of All Code (KrebsonSecurity) Hackers are stealing data today so quantum computers can crack it in a decade (MIT Tech Review) Using Google search to deliver customers or worse (Mike) Credit-card PINs can be guessed even when covering the ATM pad (BleepingComputer) CoVID dream, risk, and the Newfoundland "cyberattack" (Rob Slade) Will there be vehicle safety tricks or treats this Halloween? (Gabe Goldberg) Re: I *really* hate Hopin ... (John Stewart) Re: Lettering on clothes mistaken for license plate (Andy Walker) RISKS 32.93 Monday 22 November 2021 FBI e-mail system breach (Reuters) Do-It-Yourself artificial pancreas given approval by team of experts (MedicalXpress.com) International Space Station nearly struck by Chinese satellite debris (JPost) DoS Sabotage by Telegram (Bertrand Meyer) Palestinians Were Targeted by Israeli Firm’s Spyware, Experts Say (NYTimes via Jan Wolitzky) Congress mandates new car technology to stop drunken driving (techxplore.com) Thermal Grease Degradation is an underappreciated hazard (Bob Gezelter) Unconsidered automatic filtering creates damaging side-effects (Bob Gezelter) QR codes, URL's, and restaurants (Jerry Leichter) "Political Ads During 2020 Presidential Election Cycle Collected Personal Information, Spread Misleading Information" (UWash) Algorithmic Tracking 'Damaging Mental Health' of UK Workers (Dan Milmo) Scammers impersonate guest editors to get sham papers published (Nature) Ransomware operators have a compliance department (Matt Levine) Bipartisan bill would force Big Tech to offer algorithm-free feeds, search results (Ars Technica via Lauren Weinstein) Edge and Windows 11 — the return of Microsoft's IE fiasco? (Computerworld) Google 2021 AI Principles Progress Update (Googleleapis) You've Got an Enemy at Chase! (Paul Robinson) UK regulator seeks to improve the privacy of video conferencing (Peter Houppermans) Cryptocurrency, NTFs or other such digital assets faces a quantum computing problem (CNET) Security Vulnerabilities in Computer Memories These Parents Built a School App. Then the City Called the Cops (WiReD) Cars Are Going Electric. What Happens to the Used Batteries? (WiReD) Open Source Doesn't Mean More Software Is Better Software (WiReD) The Era Of D.C.’s New (771) Area Code Has Begun (DCist) Hackers Targeted Apple Devices in Hong Kong for Widespread Attack (WiReD) This Company Tapped AI for Its Website—and Landed in Court (WiReD) Contract lawyers face a growing invasion of surveillance programs that monitor their work (WashPost) The next normal: Algorithms will take over college, from admissions to advising (WashPost) Google loses appeal against $2.7 billion antitrust fine over its comparison-shopping practices in Europe (Fortune) Caller ID fun (Comcast) Debris From Test of Russian Antisatellite Weapon Forces Astronauts to Shelter (NYTimes) Apple announces-Self Service Repair (Apple via Gabe Goldberg) Re: Trojan Source Bug Threatens the Security of All Code (Henry Baker) Re: SpaceX Under Fire After Autonomous Rocket Hits Pedestrian (Mark Brader, Scott Dorsey) Re: spider bites, or Using Google search to deliver customers or worse (John Levine) Facebook 3rd party single-sign-on failure (Paul Robinson) After a pandemic, fire season, and now floods, are you ready to get trained for emergencies and disasters? (Rob Slade) RISKS 32.94 Wednesday 1 December 2021 The End of Trust (The Atlantic) The makers of EyeDetect promise a new era of truth-detection, but many experts are skeptical (WashPost) Apple sues NSO Group over Pegasus spyware (WashPost) The Car Key of the Future -- is still in your pocket (NYTimes) Locked Out of God Mode, Runners Are Hacking Their Treadmills (WiReD) Sorry I'm late, my car had a 500 error. (twitter) Israel and Iran Broaden Cyberwar to Attack Civilian Targets (NYTimes) India to ban almost all private cryptocurrencies including Bitcoin in new clampdown (Euronews) Dutch Tax Office algorithm targeted low-income households (Kees Huyser) Crowd-Sourced Suspicion Apps Are Out of Control (EFF) GoDaddy says data breach exposed over a million user accounts (TechCrunch) He Leaked U.S. Missile Secrets. It Turned Into ‘a Dark Comedy of Errors.’ (DailyBeast) Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD) The Zelle Fraud Scam: How it Works, How to Fight Back (Krebs on Security) Wikipedia Tests AI for Spotting Contradictory Claims in Articles (New Scientist) Apple, Facebook, privacy, voter turnout efforts, and differential privacy (Rob Slade) Google hacking (Wikipedia) Devious *Tardigrade* Malware Hits Biomanufacturing Facilities (WiReD) The unbearable fussiness of the smart home (staceyoniot) YANCV: Yet Another New CoVID Variant (Rob Slade) Re: Unconsidered automatic filtering creates damaging side-effects (John Levine) Re: Scammers impersonate guest editors to get sham papers published (Martin Ward) CISA Should Assess the Effectiveness of its Actions to Support the Communications Sector (GAO Critical Infrastructure Protection) RISKS 32.95 Tuesday 14 December 2021 Hackers take $196 million from crypto exchange Bitmart, security firm says (CNBC) A Software Bug Let Hackers Drain $31M From a Crypto Service (WiReD) Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Alice Klein) Fake scientist used to spread anti-US propaganda (Facebook via Dave Farber) The Webb Space Telescope Will Rewrite Cosmic History. If It Works. (Quantum Magazine) Verizon overrides users' opt-out preferences in push to collect browsing history (Ars Technica) Planned Parenthood data breach (WSJ) Israeli computer glitch lets people improperly leave the country (Winnews via danny burstein) Israeli Company's Spyware Is Used to Target U.S. Embassy Employees in Africa (NYTimes) There's a new push for mobile voting in WashDC (DCist via Gabe Goldberg) U.S. Military Has Acted Against Ransomware Groups, General Acknowledges (NYTimes) Companies Linked to Russian Ransomware Hide in Plain Sight (NYTimes) Officials press for actionable recommendations from new cyber-advisory committee (The Hill) Quote of The Day (WIDA) Re: You've Got an Enemy at Chase! (Paul Robinson) RISKS 32.96 Wednesday 29 December 2021 Volume 32 : Issue 96 Wing Resumes Drone Deliveries in Canberra After Raven Attacks Forced Pause During Nesting Season (ABC Australia) The human factor fails and is caught in U.S. nuclear plant inspections (NBC12) The CIA Is Deep Into Cryptocurrency, Director Reveals (Vice) U.S. FAA Issues Draft Airworthiness Directives Highlighting impact of 5G on Radar Altimeters (FAA) AWS us-east-1 outage brings down services around the world (DatacenterDynamics) Google finally knows which app to blame for Android's mysterious can't-call-911 bug (Android Police) 'The Beatles: Get Back' shows that deepfake tech isn't always evil (ZDNet) Inside Tesla as Elon Musk Pushed an Unflinching Vision for Self-Driving Cars (NYTimes) A New Tesla Safety Concern: Drivers Can Play Video Games in Moving Cars (NYTimes) log4j (collected from Dan Goodin and others) A $92,000 flying car can reach speeds of 63 miles per hour (Business Insider) Researchers unveil new cyber-protections against "logic bombs" (techxplore) Researchers Made a Camera That's the Size of a Grain of Salt (Vice) A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution (Goggle Project Zero) Twitter Spaces is being used by the Taliban and white nationalists (WashPost) Next year's Android smartphones will be watching you (The Verge) Re: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Nic Fulton) ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.00 (32.97) ************************