RISKS-LIST: Risks-Forum Digest Monday 2 November 2020 Volume 32 : Issue 35
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.35>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Defective Panels in Solar Arrays (Ben Heubl via Peter Bernard Ladkin)
American Pilots To Reassure Passengers Before MAX Flights (avweb.com)
Axios Navigate (Axios)
U.S. hatches plan to build a quantum Internet that might be unhackable
(WashPost)
NASA’s new rocket would be the most powerful ever. But it’s the
software that has some officials worried. (WashPost)
Elon Musk's SpaceX says it will make its own laws on Mars (Independent)
Robot Trained in Simulation Performs Better in Real Life
(Chris Stokel-Walker)
Using AI to control a camera at a sports event -- oops! (IFLScience)
Four years since the Mirai-Dyn attack, is the Internet safer?
(Techxplore.com)
FBI warns of "imminent" ransomware attacks on hospital systems (CBS News)
In a first, researchers extract secret key used to encrypt Intel
(Dan Goodin)
Marriott Hotels fined 18.4m pounds for data breach that hit millions
(bbc.com)
Two Former eBay Employees Plead Guilty to Aggressive Cyberstalking Campaign
Targeting Natick Couple (DoJ)
The Unsinkable Maddie Stone, Google's Bug-Hunting Badass (WiReD)
Beware a New Google Drive Scam Landing in Inboxes (WiReD)
Apple develops alternative to Google search (FT)
Senator Brian Schatz of Hawaii calls sec.'s testimony what it really was
(Amos Shapir)
@Team_Trump45 and the Hazards of Online Sleuthing (WiReD)
Wisconsin GOP Lost $2.3 Million in an Email Scam (WiReD)
New ‘Media Manipulation Casebook’ from Harvard teaches how to detect
misinformation campaigns (WashPost)
How a fake persona laid the groundwork for a Hunter Biden conspiracy deluge
(NBC News)
NSA Pot calling Chinese Kettle Black (Joseph Menn via Henry Baker)
Re: How does Google's monopoly hurt you? (Julian Bradfield)
Re: Air Force updates code on plane mid-flight (David Alexander)
Re: UK national police computer down for 10 hours after engineer pulled the
plug (Dick Mills)
Re: Censorship or Sensibility? (San Steingold)
Re: More on erroneous Alexa/third-party data provider evacuation notices in
Boulder County, Colorado (Dan Jacobson)
Re: Why cars are more "fragile": more technology has reduced robustness
(Martin Ward)
Re: F-35s and Teslas? (3daygoaty)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 28 Oct 2020 07:46:48 +0100
From: Peter Bernard Ladkin <
ladkin@causalis.com>
Subject: Defective Panels in Solar Arrays
The October issue of IET's E&T magazine has a story by Ben Heubl on problems with PV panels. It was originally published in July 2020 on-line
https://eandt.theiet.org/content/articles/2020/07/solar-panel-technology-scandal-could-see-millions-of-solar-pv-panels-fail-or-degrade-prematurely
``In February 2020, the power output plummeted at one of South Africa's
proudest solar photovoltaic electricity generation sites, the Mulilo
Sonnedix Prieska solar farm. .... Usually, PV solar panels last between
20 and 30 years. So how could this happen after less than four? Insiders
claim accelerated backsheet degradation is to blame. The backsheet is part
of a solar module that seals it from dust and moisture and provides
electrical insulation. It is also necessary to protect interior components
from mechanical and environmental stresses.''
... and when a backsheet cracks, the consequences can include electrical short-circuits and fire. So there are safety issues.
Heubl found it difficult to get anyone to give him information about the
extent of the problem, except that it appears to be significant. It is not clear that anyone knows where panels most susceptible to early degradation
are installed.
There is surely not just a quality-control problem with newish
panels. Panels have a limited functional lifetime in any case and it seems
to follow from the report that there are few effective systems in place to identify which ones are faulty, whether after 3 years or 30 years.
What about the panels on the roof of your house? Or built-in roofing panels?
------------------------------
Date: Wed, 28 Oct 2020 13:06:58 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: American Pilots To Reassure Passengers Before MAX Flights
(avweb.com)
https://www.avweb.com/aviation-news/american-pilots-to-reassure-passengers-before-max-flights/
"It's not often that passengers hear from the captain days before their
flight but American Airlines is employing those calm, soothing voices to
ease the reintroduction of the Boeing 737 MAX. As we recently reported, American plans to resume MAX flights starting Dec. 29, assuming all the regulatory approvals are in place. Its plan to gain customer approval for
the re-launch is to offer customer tours of the aircraft and to have pilots answer phone and video calls from jittery pax. 'They're the ones that
... really have the credibility to explain the Max,' Alison Taylor,
American's chief customer officer, told an online 'town hall' meeting with employees in mid-October."
For a business to survive, the brands it sells must project and reliably demonstrate trust to sustain customer loyalty. Consumer expectations are, in part, achieved through unbiased and independent evaluations by regulatory agencies who evaluate these brands. They serve as the last line of defense
for public health and safety. All bets are off when these agencies are neutered, or their investigatory and enforcement capabilities are
compromised.
How do businesses recover and restore brand trustworthiness after a 'Black Swan' shatters that expectation?
The Chicago Tylenol murders (
https://en.wikipedia.org/wiki/Chicago_Tylenol_murders retrieved on
28OCT2020) details measures a business can responsibly apply to restore and rebuild brand reputation following a deadly trust erosion incident.
A "time heals all wounds" approach appears ineffective in the Internet-era where history is easy to retrieve, if curiosity strikes.
Will a pilot's pre-flight reassurance be sufficient to sooth public anxiety about the re-engineered MAX's safety? The passenger loyalty consequences
from a 'fit to fly' customer-charm offensive defy prediction. Eventually, I suspect this engagement 'pitch' will vanish.
For now, that's all the flying public can expect following the Congressional investigations, FAA investigations, Boeing restructuring, liability settlements, MCAS revisions, re-certification efforts, etc.
Airlines that offer discount 737-MAX flights will lure passengers and
possibly recover revenue. Sustained airline profits from 737-MAX flights depends on over-achievement of historical aircraft safety records and
trends.
The flying public MIGHT be best served if, at ticket point-of-purchase, a government-mandated disclosure states, "This flight powered by a re-tooled 737-MAX. See this link for fleet history."
------------------------------
Date: Sun, 1 Nov 2020 17:31:46 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Axios Navigate (Axios)
Tesla is beta-testing its latest self-driving technology with a small group
of early adopters, a move that alarms experts and makes every road user -- including other motorists, pedestrians and cyclists -- unwitting subjects in its ongoing safety experiment.
https://www.axios.com/newsletters/axios-navigate-bd1ba2e9-6da7-4c76-91af-2d388ca96ba7.html
CAS Comment on AV TEST Data Collection
https://www.autosafety.org/cas-comment-on-av-test-data-collection/
Dear Deputy Administrator Owens,
The Center for Auto Safety (the Center) appreciates the opportunity to
provide comments on the notice and request for comment regarding the
Automated Vehicle Transparency and Engagement for Safe Testing (AV TEST) initiative. The Center, founded in 1970, is an independent, member
supported, non-profit consumer advocacy organization dedicated to improving vehicle safety, quality, and fuel economy. In 2020, we are celebrating 50
years of advocacy for consumer automotive safety and informed choice.
The AV TEST initiative proposes using government resources for the purpose
of providing ``information to the public about Automated Driving System
(ADS) testing operations in the U.S. and applicable State and local laws, regulations, and guidelines.'' Instead, the public would be better off visiting the promotional website of each AV manufacturer after conducting
their own Google search. At least that way, there would not be any confusion about the biased nature of the promotion or the lack of government
oversight.
Motor vehicle crashes remain one of the primary causes of premature death,
and the leading cause of death for those under age 30. These crashes cost
the U.S. approximately $1 trillion every year. Sadly, NHTSA has estimated
the first six months of 2020 have resulted in the highest death rate per vehicle mile traveled in the U.S. in over a decade. The Center firmly
believes ADS technology can play a significant role in a safer
transportation future and is committed to seeing its successful and safe integration into our transit ecosystem. Yet, NHTSA's refusal to even require the submission of test data relating to ADS development is an implicit encouragement of the deployment of unproven technology guided by artificial intelligence on public roads. These self-described self-driving vehicles are being unleashed on America in the hope that nothing too horrible will
happen, in the absence of NHTSA analyzing validated engineering data demonstrating safe ADS performance.
------------------------------
Date: October 28, 2020 5:07:30 JST
From: Dewayne Hendricks <
dewayne@warpspeed.com>
Subject: U.S. hatches plan to build a quantum Internet that might be
unhackable (WashPost)
[vis Dave Farber, who notes:
Typical PR piece. There has been an International activity to
conceptualize such a network for a while now -- Japan , USA, EU, etc. It
is at the early research stage but advancing at a fast pace. Dave
Farber
]
U.S. hatches plan to build a quantum Internet that might be unhackable
The new network would sit alongside the existing Web, offering a more secure way to send and process information
Jeanne Whalen, *The Washington Post*, 23 Jul 2020
https://www.washingtonpost.com/technology/2020/07/23/us-plan-quantum-internet/
U.S. officials and scientists unveiled a plan Thursday to pursue what they called one of the most important technological frontiers of the 21st
century: building a quantum Internet.
Speaking in Chicago, one of the main hubs of the work, they set goals for forging what they called a second Internet -- one that would function
alongside the globe's existing networks, using the laws of quantum mechanics
to share information more securely and to connect a new generation of
computers and sensors.
Quantum technology seeks to harness the distinct properties of atoms,
photons and electrons to build more powerful computers and other tools for processing information. A quantum Internet relies on photons exhibiting a quantum state known as entanglement, which allows them to share information over long distances without having a physical connection.
David Awschalom, a professor at the University of Chicago's Pritzker School
of Molecular Engineering and senior scientist at Argonne National
Laboratory, called the Internet project a pillar of the nation's quantum-research program.
``It's the birth of a new technology. It's becoming a global competition.
Every major country on earth has launched a quantum program, because it is becoming clearer and clearer there will be big impacts,'' he said in an interview.
The United States' top technology rival, China, is investing heavily in
quantum technology, a field that could transform information processing and confer big economic and national security advantages to countries that
dominate it. Europe is also hotly pursuing the research.
The Energy Department and its 17 national labs will form the backbone of the project.
How exactly the work will be funded wasn't clear. The Energy Department did
not announce a funding figure for the project Thursday. Speaking to
reporters, Paul Dabbar, the Energy Department's undersecretary for science, said the federal government invests about $500 to $700 million a year in quantum information technology, suggesting some of that money would fund the new Internet.
In an interview, Dabbar said there would probably be further funding announcements for the project in the future.
Panagiotis Spentzouris, head of quantum science at the Chicago-area Fermi National Accelerator Laboratory, or Fermilab, said in an interview that more resources, and a clearer project structure, will be needed to carry out the blueprint published Thursday.
The 38-page document lays out research priorities and milestones to aim for, but it doesn't assign detailed tasks to particular parties.
Initial users of a quantum Internet could include national security
agencies, financial institutions and health-care companies seeking to send
data more securely, researchers said.
The networks promise to be more secure -- some even say unhackable --
because of the nature of photons and other quantum bits, known as qubits.
Any attempt to observe or disrupt these particles would automatically alter their state and destroy the information being transmitted, scientists say.
A quantum Internet could also be used to connect various quantum computers
with one another, helping boost their total computing power. Quantum
computers are still at an early stage of development and not yet as powerful
as classical computers, but connecting them via an Internet could help accelerate their use for solving complex problems like finding new pharmaceuticals or new high-tech materials, Awschalom said.
Eventually consumers might also tap into the quantum Internet, to buy
products with less risk of their credit card details being hacked, or to
send and receive sensitive personal information such as health records or social security numbers, Spentzouris said. It is possible consumers will
surf seamlessly between the regular and quantum Internets as they make purchases and send information, without necessarily knowing they are
switching platforms, he said.
In a sign of the potential economic rewards that quantum technology could bring, Illinois Gov. J.B. Pritzker and Chicago Mayor Lori Lightfoot both
spoke at the announcement Thursday, expressing hope that there would be spillover effects for the city's tech community.
Universities and labs in the region have established the Chicago Quantum Exchange to try to accelerate innovation and economic development. [...]
------------------------------
Date: Sun, 1 Nov 2020 20:03:09 -0500
From: Monty Solomon <
monty@roscom.com>
Subject: NASA’s new rocket would be the most powerful ever. But it’s the
software that has some officials worried. (WashPost)
As NASA moves towards the SLS's first flight, putting the Orion spacecraft
in orbit around the moon, there are concerns not with the rocket's engines
but rather with the computer software embedded in all its systems.
https://www.washingtonpost.com/technology/2020/10/31/nasa-sls-moon-rocket/
------------------------------
Date: Fri, 30 Oct 2020 08:03:59 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Elon Musk's SpaceX says it will make its own laws on Mars
(Independent)
*No Earth-based government has authority or sovereignty over Martian activities, SpaceX claims*
SpaceX will not recognise international law on Mars, according to the Terms
of Service of its Starlink Internet project.
Elon Musk's space company will instead reportedly adhere to a set of *self-governing principles*" that will be defined at the time of Martian settlement. [...]
https://www.independent.co.uk/life-style/gadgets-and-tech/elon-musk-spacex-mars-laws-starlink-b1396023.html
------------------------------
Date: Wed, 28 Oct 2020 12:59:16 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Robot Trained in Simulation Performs Better in Real Life
(Chris Stokel-Walker)
Chris Stokel-Walker, *New Scientist*, 21 Oct 2020
via ACM TechNews, Wednesday, October 28, 2020
Researchers at the Swiss Federal Institute of Technology, Zurich (ETH
Zurich) trained a neural network algorithm designed to control a four-legged robot in a simulated environment resembling a video game. The ETH Zurich
team told the algorithm which direction the simulated robot should be attempting to move in, and restricted how fast it could turn, in order to reflect the capabilities of the actual robot. The researchers started with a neural network preprogrammed with knowledge about the environment so the algorithm could absorb and recall inputs from virtual sensors, then
transferred this knowledge to a large network controlling the real robot. As
a result, the robot was able to move on uneven, mossy terrain more than
twice as fast as it was able to with its default programming.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27b91x225f47x066975&
[As noted in RISKS many times, Flaws in simulations can lead to huge risks
in the systems that are being modeled. Here is a case of the tail wagging
the dog, happily. Please remember, relevant success stories are always
welcome here, although they do not show up often enough. PGN]
------------------------------
Date: Fri, 30 Oct 2020 13:36:06 -0700
From: Barry Gold <
barrydgold@ca.rr.com>
Subject: Using AI to control a camera at a sports event -- oops!
(IFLScience)
https://www.iflscience.com/technology/ai-camera-ruins-soccar-game-for-fans-after-mistaking-referees-bald-head-for-ball/
A bald linesman distracts a camera aimed by a computer.
On Beta, we'd have earrings for that. You could buy them in any jewelry
store.
http://www.conchord.org/xeno/bdgsig.html
------------------------------
Date: Sat, 31 Oct 2020 10:19:34 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Four years since the Mirai-Dyn attack, is the Internet safer?
(Techxplore.com)
https://techxplore.com/news/2020-10-years-mirai-dyn-internet-safer.html
"'It seems that the lessons learned from the 2016 Dyn attack have only been acted upon by a handful of websites that were directly impacted,' says Aqsa Kashaf, a Ph.D. student in Electrical and Computer Engineering (ECE) and
lead author of the new study.
"The Mirai-Dyn attack in 2016 was successful because of what Kashaf and her team refer to as critical dependencies. The domains affected by the
Mirai-Dyn attack were critically dependent on Dyn, a third-party DNS. In
other words, they relied solely on Dyn, so when Dyn went down, so did they."
The Mirai-initiated DDoS disabled ~180K domains and inconvenienced 10s of millions of website users.
The research shows that BAU (business as usual) practices remain in
place. Of the top 100Kwebites, 89% of them rely on a 3rd party DNS
provider. In turn, these DNS providers rely on cloud services to support
their operations. These shared dependencies and inter-dependencies comprise
an attack perimeter that can cripple e-commerce.
Service consumption favors provider availability/uptime over integrity characteristics that confer assault resilience.
Core service providers (DNS, Content Delivery, Certification Authorities) should be required to disclose site hardening qualification results. That information can assist procurement decisions to improve industry readiness
that helps deter the next meltdown.
------------------------------
Date: Thu, 29 Oct 2020 09:26:09 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: FBI warns of "imminent" ransomware attacks on hospital systems
(CBS News)
Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system
designed to lock up hospital information systems, which could hurt patient
care just as nationwide cases of COVID-19. <
https://www.cbsnews.com/feature/coronavirus> are spiking.
In a joint alert Wednesday, the FBI and two federal agencies warned that
they had "credible information of an increased and imminent cybercrime
threat to U.S. hospitals and healthcare providers." The alert said malicious groups are targeting the sector with attacks that produce "data theft and disruption of healthcare services."
The cyberattacks involve ransomware, which scrambles data into gibberish
that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week and could impact hundreds more. [...]
https://www.cbsnews.com/news/fbi-warns-ransomware-attack-us-healthcare-system-hospitals/
------------------------------
Date: Thu, 29 Oct 2020 12:00:45 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: In a first, researchers extract secret key used to encrypt Intel
(Dan Goodin)
Hackers can now reverse-engineer updates or write their own custom firmware.
Dan Goodin, 28 Oct 2020 [PGN-enhanced: added middle para]
Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences
for the way the chips are used and, possibly, the way they're secured.
An independent researcher, working with two researchers from security firm Positive Technologies, extracted the secret key that encrypts updates to
Intel central processing units (CPUs). Hackers who got their hands on the
key would be able to decrypt updates Intel issues to plug security holes or update other aspects of chip operation. Independent researcher Maxim
Goryachy said, "At the moment, it is quite difficult to assess the security impact" of being able to obtain such a key. Added Positive Technologies'
Mark Ermolov, "For now, there's only one but very important consequence: independent analysis of a microcode patch that was impossible until now."
The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted
copy of an update may allow hackers to reverse-engineer it and learn
precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel -- say a malicious hacker or a hobbyist -- to
update chips with their own microcode, although that customized version wouldn't survive a reboot. [...]
https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/
------------------------------
Date: Sat, 31 Oct 2020 10:35:56 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Marriott Hotels fined 18.4m pounds for data breach that hit
millions (bbc.com)
https://www.bbc.com/news/technology-54748843
"In some ways you can feel sorry for Marriott.
"In all the boardroom discussions about the company's takeover of Starwood,
I bet it never realised that a hacker was already lurking inside the
valuable databases they were buying.
"The cyber-criminals had been in the systems for years, and were effectively thrown into the merger deal without Marriott having a clue."
https://catless.ncl.ac.uk/Risks/30/93#subj5.1 reports this incident.
Lesson learned: Do not neglect an IT infrastructure audit, and incident review/mitigation effort, before acquisition acceptance.
------------------------------
Date: Sat, 31 Oct 2020 19:34:37 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Two Former eBay Employees Plead Guilty to Aggressive Cyberstalking
Campaign Targeting Natick Couple (DoJ)
https://www.justice.gov/usao-ma/pr/two-former-ebay-employees-plead-guilty-aggressive-cyberstalking-campaign-targeting-nati-0
Department of Justice, U.S. Attorney's Office, District of Massachusetts Thursday, October 29, 2020
Two Former eBay Employees Plead Guilty to Aggressive Cyberstalking Campaign Targeting Natick Couple
BOSTON – Two former employees of eBay, Inc. pleaded guilty today to their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company.
Brian Gilbert, 52, of San Jose, Calif., a former Senior Manager of Special Operations for eBay's Global Security Team, and Stephanie Stockwell, 26, of Redwood City, Calif., the former manager of eBay's Global Intelligence
Center, pleaded guilty to conspiracy to commit cyberstalking and conspiracy
to tamper with witnesses. U.S. District Court Judge William G. Young
scheduled sentencing for Stockwell on March 11, 2021, and for Gilbert on May
6, 2021.
On Oct. 8, 2020, co-defendants Stephanie Popp, 32, and Veronica Zea, 26, pleaded guilty to the same charges and are scheduled to be sentenced on
Feb. 25, 2021. On Oct. 27, 2020, co-conspirator Philip Cooke, 55, pleaded guilty and is scheduled to be sentenced on Feb. 24, 2021.
Former eBay executives, James Baugh, 45, and David Harville, 48, were
arrested and charged on June 15, 2020.
According to the charging documents, the victims of the cyberstalking
campaign were a Natick couple who are the editor and publisher of an online newsletter that covers ecommerce companies, including eBay. Members of
eBay's executive leadership team followed the newsletter's posts, often
taking issue with its content and the anonymous comments underneath the editor's stories.
It is alleged that in August 2019, the defendants executed a three-part harassment campaign against the Natick couple, which included the defendants sending anonymous and disturbing deliveries to the victims' home; sending private Twitter messages and public tweets criticizing the newsletter's
content and threatening to visit the victims in Natick; and traveling to
Natick to surveil the victims and install a GPS tracking device on their
car.
In connection with his plea today, Gilbert admitted to drafting threatening Twitter messages for Popp to send and planning the surveillance trip with various co-defendants. Gilbert also proposed bringing a dossier of documents
to the Natick Police Department (NPD) -- whom the victims had involved --
that would make the victims *look crazy* and contacting the victims to offer help with the threatening messages that the defendants had sent. Lastly, Gilbert made false statements to the NPD about Zea and Harville's reason for being in Boston.
Stockwell admitted to, at Baugh’s direction, purchasing a laptop for use in harassing the victims, and using an anonymous email account to order online live spiders and a prepaid debit card to purchase a late-night pizza
delivery to the victims' home. Stockwell also prepared an eBay `Person of Interest' report for the Bay Area -- a fictions list of potential suspects
to provide to the NPD to deflect the police from suspecting that eBay
employees were actually harassing the victims.
The charges of conspiracy to commit cyberstalking and conspiracy to tamper
with witnesses each carry a sentence of up to five years in prison, three
years of supervised release, a fine of up to $250,000 and
restitution. Sentences are imposed by a federal district court judge based
upon the U.S. Sentencing Guidelines and other statutory factors.
United States Attorney Andrew E. Lelling; Joseph R. Bonavolonta, Special
Agent in Charge of the Federal Bureau of Investigation, Boston Field
Division; and Natick Chief of Police James G. Hicks made the announcement today. eBay provided valuable assistance and cooperation with the federal investigation. Assistant U.S. Attorney Seth B. Kosto, Deputy Chief of
Lelling's Securities, Financial & Cyber Fraud Unit is prosecuting the case.
The details contained in charging documents are allegations. The remaining defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
------------------------------
Date: Mon, 2 Nov 2020 00:18:01 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The Unsinkable Maddie Stone, Google's Bug-Hunting Badass (WiReD)
The Project Zero reverse engineer shuts down some of the world's most
dangerous exploits -- along with antiquated hacker stereotypes.
https://www.wired.com/story/maddie-stone-project-zero-reverse-engineering/
------------------------------
Date: Sun, 1 Nov 2020 23:54:43 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Beware a New Google Drive Scam Landing in Inboxes (WiReD)
Scammers are luring people into Google Docs in an attempt to get them to
visit potentially malicious websites.
https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/
------------------------------
Date: Wed, 28 Oct 2020 08:01:52 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Apple develops alternative to Google search (FT)
*iPhone maker pushes to build its own search tools as ties to Google come
under antitrust scrutiny*
Apple is stepping up efforts to develop its own search technology as US antitrust authorities threaten multibillion-dollar payments that Google
makes to secure prime placement of its engine on the iPhone.
In a little-noticed change to the latest version of the iPhone operating system, iOS 14, Apple has begun to show its own search results and link directly to websites when users type queries from its home screen.
That web search capability marks an important advance in Apple's in-house development and could form the foundation of a fuller attack on Google, according to several people in the industry.
The Silicon Valley company is notoriously secretive about its internal projects, but the move adds to growing evidence that it is working to build
a rival to Google's search engine. [...]
https://www.ft.com/content/fd311801-e863-41fe-82cf-3d98c4c47e26
------------------------------
Date: Sat, 31 Oct 2020 17:29:17 +0200
From: Amos Shapir <
amos083@gmail.com>
Subject: Senator Brian Schatz of Hawaii calls sec.'s testimony what it
really was (YouTube)
A very clear explanation of how Section 230 had become a Republican
political tool:
https://www.youtube.com/watch?v=kc-hh_uhEOA
(It's a bit funny how he criticizes Republicans for turning a Congressional hearing into political campaigning, while actually doing the same...)
[On the eve of a highly political event in the U.S., we generally eschew
political items. This is one on truthiness vs truthfulness, which is
a long-time consideration in RISKS, irrespective of politics. PGN]
------------------------------
Date: Mon, 2 Nov 2020 00:06:25 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: @Team_Trump45 and the Hazards of Online Sleuthing (WiReD)
A pro-Trump Twitter troll posted fundraising pleas for a child he said had cancer. Debunking-Twitter pounced. A tale of collateral damage in the disinformation age.
https://www.wired.com/story/team-trump45-twitter-hazards-online-sleuthing/
------------------------------
Date: Sun, 1 Nov 2020 23:46:57 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Wisconsin GOP Lost $2.3 Million in an Email Scam (WiReD)
The Wisconsin Republican party this week revealed that they had been
swindled out of $2.3 million, money that had been earmarked for Donald
Trump's reelection campaign. Rather than a sophisticated hack of a bank account, the incident appears to be yet another case of business email compromise, a category of scam that has netted billions of dollars for attackers over the past few years alone. The attackers apparently sent
invoices to GOP officials that looked like they were from official vendors,
but with banking information that routed the money to the schemers instead.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)