1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.17

    From RISKS List Owner@21:1/5 to All on Sat Aug 1 23:33:59 2020
    RISKS-LIST: Risks-Forum Digest Saturday 1 August 2020 Volume 32 : Issue 17

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.17>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Florida Teen Arrested in Twitter Hack (The New York Times)
    How self-driving cars can alter consumer morality (JCR)
    PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget)
    Data isn't just being collected from your phone. It's being used to score
    you. (WashPost)
    Google accused by developer of retaliation for cooperating with House
    antitrust investigation (WashPost)
    Twitter hackers used "phone spear phishing" in mass account takeover
    (Ars Technica)
    MRI study reveals all mammals, including humans, share equal brain
    connectivity (StudyFinds)
    Global methane emissions soar to record high (Stanford)
    A concert is being held to learn how COVID-19 spreads at large events.
    Here's how? (Miami Herald)
    The "Cubic Model" (Martin Ward)
    Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within
    Several Decades (Amos Shapir)
    Re: Let a thousand poppies bloom, thanks to cheap solar power (Scott Dorsey) Re: When tax prep is free, you may be paying with your privacy (
    Re: Darwin's tautology? (Amos Shapir)
    Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (Al Stangenberger, John Levine)(
    Photo Deposit (xkcd)
    Quote of The Day (Thomas Sowell)
    Quote of The Day (Sven Henrich)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Fri, 31 Jul 2020 18:09:47 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Florida Teen Arrested in Twitter Hack (The New York Times)

    The authorities arrested a 17-year-old who they said ran a scheme that
    targeted the accounts of celebrities, including former President Barack
    Obama and Elon Musk. Two others were also charged.

    OAKLAND, Calif. The authorities said on Friday that a Florida teenager was
    the *mastermind* of a recent high-profile hack of 130 Twitter accounts, including the accounts of celebrities like former Vice President Joseph
    R. Biden Jr. and the Silicon Valley mogul Elon Musk.

    Graham Ivan Clark, 17, was arrested in his Tampa home early Friday, state officials said. He is believed to be the linchpin of a hack that turned into
    an embarrassment for Twitter and called into question the security measures
    of a range of tech companies. Two other people were also charged with taking part in the hack. [...]

    The hackers tweeted from 45 of the accounts, gained access to the direct messages of 36 accounts, and downloaded full information from seven
    accounts. They gained access to internal Twitter systems by stealing login information from employees, then used their access to reset passwords on the accounts.

    https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html

    Where to start? Employees losing internal system credentials, Twitter not
    validating login location or requiring VPN, and people responding to
    tweets offering to double their bitcoins. Comments are interesting -- half
    condemning the kid, half praising him and suggesting he work as
    IT/security consultant.

    ------------------------------

    Date: Fri, 31 Jul 2020 12:35:54 -0400
    From: George Mannes <gmannes@gmail.com>
    Subject: How self-driving cars can alter consumer morality (JCR)

    A paper by Tripat Gill in the August 2020 issue of *Journal of Consumer Research* addresses how people in an autonomous vehicle might resolve the dilemma of harm to themselves vs. harm to a pedestrian. From the abstract:

    ...participants considered harm to a pedestrian more permissible with an
    AV as compared to self as the decision agent in a regular car. This shift
    in moral judgments was driven by the attribution of responsibility to the
    AV and was observed for both severe and moderate harm.... However, the
    effect was attenuated when five pedestrians or a child could be
    harmed. These findings suggest that AVs can change prevailing moral
    norms.... https://doi.org/10.1093/jcr/ucaa018

    Note to self: When the glorious age of self-driving cars arrives, be sure
    to walk around in large groups...or dress in a onesie. Maybe then the
    "driver" will grab the wheel.

    ------------------------------

    Date: Fri, 31 Jul 2020 12:58:51 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: PayPal and Venmo QR payments are coming to CVS Pharmacies
    (Engadget)

    CVS pharmacies will soon let you do touch-free payments using your PayPal or Venmo accounts by using PayPal's QR code payment system, PayPal has
    announced. The system will let shoppers ``securely pay for their items
    without needing to touch a keypad or sign a receipt,'' according to PayPal.

    PayPal supports various means of payment, including stored debit or credit cards, bank accounts, a PayPal balance or a PayPal credit. On Venmo (which
    is owned by PayPal), ``customers can pay using their stored debit or credit cards, bank account, Venmo balance or Venmo rewards'' without any user fees, according to PayPal. [...]

    https://www.engadget.com/pay-pal-and-venmo-payments-are-coming-to-cvs-pharmacies-124500145.html

    ------------------------------

    Date: Sat, 1 Aug 2020 02:04:14 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Data isn't just being collected from your phone. It's being used to
    score you. (WashPost)

    It's called surveillance scoring. And everybody's doing it.

    https://www.washingtonpost.com/opinions/2020/07/31/data-isnt-just-being-collected-your-phone-its-being-used-score-you/

    ------------------------------

    Date: Sat, 1 Aug 2020 02:08:35 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Google accused by developer of retaliation for cooperating with
    House antitrust investigation (WashPost)

    Blix, Inc., the maker of an email app, has been on Google's Play Store for
    six years. On Friday, just two days after a Capitol Hill hearing on
    antitrust issues, Google kicked the app off the store. Blix says it's
    because the company cooperated with lawmakers.

    https://www.washingtonpost.com/technology/2020/07/31/google-accused-antitrust-retaliation/

    ------------------------------

    Date: Fri, 31 Jul 2020 10:26:34 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Twitter hackers used "phone spear phishing" in mass account takeover
    (Ars Technica)

    The hackers behind this month's epic Twitter breach targeted a small number
    of employees through a *phone spear phishing attack*, the social media site said on Thursday night. When the pilfered employee credentials failed to
    give access to account support tools, the hackers targeted additional
    workers who had the permissions needed to access the tools. [...]

    https://arstechnica.com/information-technology/2020/07/twitter-hackers-used-phone-spear-phishing-in-mass-account-takeover/

    ------------------------------

    Date: Sat, 1 Aug 2020 01:14:00 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: MRI study reveals all mammals, including humans, share equal brain
    connectivity (StudyFinds)

    Mankind's collective ego may be about to take a big hit. Humans have always reigned supreme on planet Earth when it comes to intelligence. Indeed, it's our intellect and capacity for critical thinking that primarily separates us from the rest of this planet's inhabitants. That's why the findings of a
    new study are so surprising. Researchers from Tel Aviv University, after examining and comparing brain connectivity across 130 different mammalian species (including humans), conclude that brain connectivity is equal among *all* mammals. <https://www.studyfinds.org/mammals-poop-feces-study/>

    These findings, reached via MRI brain scans, oppose long-standing beliefs
    and assumptions among medical and scientific professionals <https://www.studyfinds.org/covid-19-gender-gap-academia/>.

    ``We discovered that brain connectivity -- namely the efficiency of
    information transfer through the neural network -- does not depend on
    either the size or structure of any specific brain,'' says Professor Yaniv
    Assaf, of the School of Neurobiology, Biochemistry and Biophysics, in a
    release. In other words, the brains of all mammals, from tiny mice
    through humans to large bulls and dolphins, exhibit equal connectivity,
    and information travels with the same efficiency within them. We also
    found that the brain preserves this balance via a special compensation
    mechanism: when connectivity between the hemispheres is high, connectivity
    within each hemisphere is relatively low, and vice versa.''

    <https://www.aftau.org/press-release---brain-connectivity---july-20-2020>

    Brain connectivity compared via MRI scans. [...] https://www.studyfinds.org/mri-study-reveals-all-mammals-including-humans-share-equal-brain-connectivity/

    ------------------------------

    Date: Sat, 1 Aug 2020 01:13:00 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Global methane emissions soar to record high (Stanford)

    *The pandemic has tugged carbon emissions down, temporarily. But levels of
    the powerful heat-trapping gas methane continue to climb, dragging the
    world further away from a path that skirts the worst effects of global warming.*

    Global emissions of methane have reached the highest levels on record. Increases are being driven primarily by growth of emissions from coal
    mining, oil and natural gas production, cattle and sheep ranching, and landfills.

    Between 2000 and 2017, levels of the potent greenhouse gas barreled up
    toward pathways that climate models suggest will lead to 3-4 degrees Celsius
    of warming before the end of this century. This is a dangerous temperature threshold at which scientists warn that natural disasters, including
    wildfires, droughts and floods, and social disruptions such as famines and
    mass migrations become almost commonplace. The findings are outlined in two papers published July 14 in *Earth System Science Data* <https://doi.org/10.5194/essd-12-1561-2020> and *Environmental Research Letters* <https://doi.org/10.1088/1748-9326/ab9ed2> by researchers with the Global Carbon Project <https://www.globalcarbonproject.org/>, an initiative
    led by Stanford University scientist Rob Jackson <https://profiles.stanford.edu/jackson>.

    In 2017, the last year when complete global methane data are available,
    Earth's atmosphere absorbed nearly 600 million tons of the colorless,
    odorless gas that is 28 times more powerful than carbon dioxide at trapping heat over a 100-year span. More than half of all methane emissions now come from human activities. Annual methane emissions are up 9 percent, or 50
    million tons per year, from the early 2000s, when methane concentrations in
    the atmosphere were relatively stable.

    In terms of warming potential, adding this much extra methane to the
    atmosphere since 2000 is akin to putting 350 million more cars on the
    world's roads or doubling the total emissions of Germany or France. ``We
    still haven't turned the corner on methane,'' said Jackson, a professor of Earth system science in Stanford's School of Earth, Energy & Environmental Sciences <https://earth.stanford.edu/> (Stanford Earth).

    *Growing sources of methane*. [...] https://earth.stanford.edu/news/global-methane-emissions-soar-record-high

    ------------------------------

    Date: Sat, 1 Aug 2020 01:12:00 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: A concert is being held to learn how COVID-19 spreads at large
    events. Here's how? (Miami Herald)

    One of the worst activities you can do in the middle of a pandemic is attend
    a large gathering with thousands of attendees -- but researchers in Germany want people to do just that.

    It's not for recreation: The goal is to examine just how dangerous those
    events really are, especially as parts of the world prepare to return to normalcy.

    For a project called *RESTART-19*, scientists with the University Medical Center Halle (Saale) plan on throwing a concert with 4,000 fans and a German music artist in an indoor arena to simulate how people move, gather and
    spread potentially coronavirus-infected germs. <https://restart19.de/das-projekt/#1594374092971-9e179e0a-f140>

    But there's a catch: participants must test negative for SARS-CoV-2, the
    virus driving the pandemic, and wear a mask at all times aside from snack
    and outdoor breaks, according to their website.

    The team says data on how respiratory diseases spread in large events is ``sparse overall and practically nonexistent for COVID-19,'' so they want to fill in the gaps.

    ``The corona pandemic paralyzes the event industry. As long as there is a
    risk of contagion, no major concerts and trade fairs or sports events are allowed to take place.'' <https://www.medizin.uni-halle.de/index.php?id=2882&tx_ttnews%5Btt_news%5D=6410&cHash=40a36e8e42d018d4f4ca42fa135a6378>
    Dr. Armin Willingmann, minister of economics for the German state of Saxony-Anhalt and a science professor, said in a news release. ``That is
    why it is so important to find out which technical or organizational
    framework can effectively minimize the risk of infection.'' [...]

    https://www.miamiherald.com/news/coronavirus/article244375897.html

    ------------------------------

    Date: Fri, 31 Jul 2020 13:18:08 +0100
    From: Martin Ward <martin@gkc.org.uk>
    Subject: The "Cubic Model"

    Do you remember the Trump administration's "cubic model" of coronavirus
    deaths? On 4th May a Washington Post report said "people with knowledge of
    that model say it shows deaths dropping precipitously in May -- and
    essentially going to zero by May 15". The "model" turned out to be a stock Excel function, which fits a cubic polynomial to the data (hence the name "cubic model").

    With the data at the time, the best fitting cubic model has a negative coefficient for x^3: meaning that the model will show deaths rapidly
    dropping the zero. (Note that you have to avoid plotting the model *beyond* that date since the number of deaths then rapidly goes negative as the model predicts a huge Zombie Apocalypse, or something!)

    But now look at today's figures, e.g., here:

    https://ourworldindata.org/grapher/daily-covid-deaths-per-million-7-day-average

    or here (scroll down for graphs):

    https://www.worldometers.info/coronavirus/country/us/

    I haven't run the model, but I am pretty sure that the uptick in deaths over the last month or so means that the best fit cubic will now have a
    *positive* x^3 coefficient: meaning that the model will predict deaths
    rapidly rising with a quadratically increasing slope. I would be interested
    to know the exact date when the cubic model predicts the death of the last remaining person in the USA.

    I wonder if the Trump administration is still using their "cubic model"?

    ------------------------------

    Date: Sat, 1 Aug 2020 12:22:24 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: Theoretical Physicists Say 90% Chance of Societal Collapse
    Within Several Decades (RISKS-32.16)

    This prediction sounds like those made during the 1890's, predicting
    precisely when civilization is going to collapse because of excess
    accumulation of horses dung on the streets...

    It's rather easy to extrapolate current trends, but it's obvious that in matters of human welfare and survival, it's safe to assume that people are going to intervene to change such trends. I suspect however that a
    prediction of collapse within a 100 years might delay intervention to no earlier than 90 years later.

    ------------------------------

    Date: 31 Jul 2020 14:43:37 -0000
    From: kludge@panix.com (Scott Dorsey)
    Subject: Re: Let a thousand poppies bloom, thanks to cheap solar power
    (Baker, RISKS-32.16)

    BTW, a similar-sized solar system installed at my home in California would cost $40,000 instead of $4,000 (including the Taliban tax). Perhaps I
    need to bring over some Afghan solar installers to the U.S.?

    Perhaps this is because the writers of the original article appear to have confused amps and watts. A 1.50-meter solar panel is apt to be 150 watts,
    not 150 amps.

    ------------------------------

    Date: 31 Jul 2020 14:43:37 -0000
    From: kludge@panix.com (Scott Dorsey)
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    I don't get this. The IRS guarantees anyone can file their taxes for free
    on paper. I don't know anyone who has ever paid a fee to the IRS for submitting their taxes... only people who have paid a fee to the IRS because they did not submit them.

    You fill out the forms, you put them in the mail, it costs maybe a dollar in stamps. I do not understand why people are willing to pay any money to do
    it online when doing it by hand is simple and cheap unless you have a lot of income or very complex deductions.

    ------------------------------

    Date: Sat, 1 Aug 2020 13:23:08 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: Darwin's tautology? (Ward, Risks 32.16)

    Tautology is a term in logic defined as a statement which is true unconditionally, determined just by its formulation, e.g., "A or not A".
    Thus when a statement is a tautology, its truthfulness requires no proof. A statement cannot "become a tautology" by a proof.

    The statement "God exists" is (with a suitably precise definition of
    "God") a meaningful statement.

    Let's not step into this quagmire, which stems mainly from the fact that
    what constitutes a "suitably precise" definition of God depends a lot on whether the person making the definition believes in God or not.

    ------------------------------

    Date: Thu, 30 Jul 2020 22:51:25 -0700
    From: Al Stangenberger <forags@sbcglobal.net>
    Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis
    Ritchie (RISKS-32.15)

    All Berkeley dissertations are now filed electronically as PDF's.

    https://grad.berkeley.edu/academic-progress/dissertation/#formatting-your-manuscript

    ------------------------------

    Date: 31 Jul 2020 16:03:59 -0400
    From: "John Levine" <johnl@iecc.com>
    Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis
    Ritchie (RISKS-32.15)

    I think it was required at Harvard. The story says the issue was that
    Ritchie wasn't willing to pay to have a copy bound for the library. I would
    be surprised if they didn't also have the usual form allowing them to
    provide a copy to University Microfilms.

    When I got my PhD from Yale in 1984 I was living in Cambridge, so I took my thesis to the bindery that was probably the same place that Ritchie didn't
    take his. I submitted my thesis to Yale, who rejected it because
    (inevitably) it was bound according to Harvard rules which were different
    from Yale rules. Fortunately, the difference boiled down to Harvard wanted only the author's last name on the spine while Yale wanted initials before
    the name. So I got a gold ink pen at the stationery store, carefully added
    my initials, and now I have my PhD.

    Ritchie's approach to day to day life was famously flaky and it is not out
    of the question that he just never got around to going to the bindery. At
    Bell Labs he chronically failed to cash his paychecks. I talked to someone
    who told me a story that one time they voided all the uncashed checks, wrote him a check for something like $20,000 (a lot of money in the 1970s), and personally walked him to the bank to deposit it.

    ------------------------------

    Date: Fri, 31 Jul 2020 20:26:57 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: xkcd: Photo Deposit

    https://xkcd.com/2335/

    ------------------------------

    Date: Fri, 31 Jul 2020 12:04:20 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Quote of The Day (Thomas Sowell)

    *"The first lesson of economics is scarcity: there is never enough of
    anything to fully satisfy all those who want it. The first lesson of
    politics is to disregard the first lesson of economics."*

    https://twitter.com/ThomasSowell/status/1288471114038022144

    ------------------------------

    Date: Sat, 1 Aug 2020 01:11:00 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Quote of The Day (Sven Henrich)

    *"Can't wait to take a vaccine that's been rushed through the system with
    none of the established safety protocols in place that require years of peer review and testing for side effects knowing that big pharma companies stand
    to make huge profits from it in a race to be first."*

    https://twitter.com/NorthmanTrader/status/1284925040862076928

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.17
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)