1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.39 (2/2)

    From RISKS List Owner@21:1/5 to All on Sat Dec 5 01:50:03 2020
    [continued from previous message]

    https://github.com/github/feedback/discussions/2811

    Oh no! There most certainly is no fee for creating a discussion here :-)

    Thank you for letting me know - we'll look into fixing this and report back. ;-)

    I bet it's the old story:
    Older users choose larger fonts,
    that younger designers never expected would then exceed their tiny boxes
    and get clipped... in just the wrong places!

    ------------------------------

    Date: Fri, 20 Nov 2020 18:58:12 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Nice solution to password problem -- if only

    Please note: We are using a passwordless system to manage Snopes
    Accounts. This means we'll email you a verification code each time you log
    in. If you do not receive your verification code within a few minutes of logging in, please check your spam folder.

    We're using a passwordless login system for a few key reasons:

    1. It's momore secure. With a username and password system, users tend to choose a password they're comfortable with (such as their birthday or pet's
    n name) or credentials they've used for other accounts. As a result, if
    hackers get access to one account, they can gain access to many, leading to
    a *domino effect* that can put all of your information at risk. A
    passwordless system removes this threat.

    2. It's simpler. Since your Snopes account will be tied to your email, you won't need to remember complicated passwords or periodically renew your password to keep your information safe. All you'll need to do is remember
    the email address associated with your account to log in.

    3. It's becoming the norm. Many other industry leaders are moving towards passwordless login systems for both reasons above, so it very well may soon
    be used by other websites you frequent.

    https://www.snopes.com/faq/what-is-passwordless-login-and-why-does-snopes-use-it/

    [What could go wrong with that? So having your email compromised
    automatically compromises every site using this system, what a great time
    saver. GG]

    ------------------------------

    Date: Sun, 22 Nov 2020 15:03:45 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: When Ships Are Abandoned, Stuck Sailors Struggle to Get By
    and Get Paid (Atlas Obscura)

    ``We are satisfied with little, but even that little is impossible today.''

    When Captain Alexander Ovchinnikov took over command of the ship Gobustan in Istanbul, the term COVID-19 hadn't been coined yet, quarantine was was the stuff of apocalyptic science fiction, and few people outside of China knew where Wuhan was. It was December 25, 2019. Ovchinnikov, 39, was still on
    that ship through the summer, along with 11 other crew members: The second engineer was Russian too, the cook was Ukranian, and the rest were from Azerbaijan. At least one had been on board since October 2019, and none of
    them had received a salary since January. The crew of Gobustan had been
    stuck since June 16 in the Italian port of Ravenna, on the Adriatic Sea.
    ``We live like in prison. We get up, have breakfast, do some routine activities, then we have dinner and go to bed,'' said Ovchinnikov. Their
    days were all the same and the stillness was shaken only by cleaning and maintenance activities. Sure enough, the ship was clean as a whistle.

    https://www.atlasobscura.com/articles/sailors-on-abandoned-ships

    Risks? Flags of convenience, politics, corruption, malfeasance...

    ------------------------------

    Date: Mon, 23 Nov 2020 17:54:05 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Another way every system eventually becomes email

    RISKS doesn't usually post cartoons, but Randall Munroe's XKCD today is appropriate:

    <https://xkcd.com/2389/>

    "I'll never install a smart home smoke detector. It's not that I don't trust the software--it's that all software eventually becomes email, and I know
    how I am with email."

    ------------------------------

    Date: Fri, 27 Nov 2020 11:09:56 -0800
    From: Rob Slade <rslade@gmail.com>
    Subject: Microsoft 365 "Productivity Score"

    Those who use Microsoft 365 can now get a "Productivity Score." And so can the boss. https://www.independent.co.uk/life-style/gadgets-and-tech/microsoft-365-office-surveillance-productivity-b1761570.html

    How many times do you use email, or chat? Do you turn off the Webcam when on video meetings? Employees are ranked against their peers. Optionally, the boss can also share the data with Microsoft, in order to see how your
    company is doing against the competition. Which means Microsoft gets lots
    and lots and lots of company and user data.

    Privacy issues, much?

    ------------------------------

    Date: Mon, 23 Nov 2020 14:32:17 -0500
    From: Jack Christensen <christensen.jack.a@gmail.com>
    Subject: Re: Microsoft Is Making a Secure PC Chip with Intel and AMD's Help
    (RISKS-32:38)

    "So there are fewer people involved, and the PC is going to be more secure
    for it."

    Interesting statement. Open-source proponents might make exactly the
    opposite argument.

    ------------------------------

    Date: Mon, 23 Nov 2020 07:53:52 +0000
    From: A Michael W Bacon <amichaelwbacon@gmail.com>
    Subject: Re: Technology To Catch HOV Lane Violators Is Coming To Virginia
    (Deist, RISKS-32.38)

    I recall a story I was told some 20 years ago while being driven along the
    road in question, that the CCTV operators overseeing the operation of the
    HOV 3+ lanes on the I395 (Shirley Highway) had observed that the passenger seats of many vehicles appeared to be occupied by opera divas in full song.

    ------------------------------

    Date: Mon, 23 Nov 2020 11:54:01 -0500
    From: "Richard A. DeMattia" <rademattia@sbcglobal.net>
    Subject: Re: What happens when you test TCL TVs

    It is truly an abomination that a line of mass-produced consumer products
    would be released with such egregious security failings. However, in my
    world and perhaps in certain parts of the REAL world, SSH on my home cable router is port-forwarded to a machine that is not the television. And on my
    TCL 40S330 purchased 20-Nov-2020 ssh and telnet are both rejected at that
    host.

    I don't have any comment on the serving up of the file system... well hardly any.

    ------------------------------

    Date: Mon, 23 Nov 2020 07:31:16 +0000
    From: A Michael W Bacon <amichaelwbacon@gmail.com>
    Subject: Re: Whale Sculpture Stops Train From Plunge in the Netherlands
    (RISKS-32.38)

    Taking up Brian Inglis's suggestion of a Limerick (RISKS-32.38) ...

    In Holland they tell a tall tale,
    Of a train that was stopped by a whale.
    It seemed quite a fluke,
    But it earned a rebuke,
    For the driver, whose train left the rail.

    ------------------------------

    Date: Mon, 23 Nov 2020 18:46:24 -0500
    From: Gabe Goldberg <gabe@gabegold.com>9
    Subject: Re: Letter to Consumer Reports magazine

    Right -- far too many household objects have delusions of computerhood (toothbrush with timer and several brushing modes, blood pressure monitor, electric razor charging station with multiple indicator lights, etc.). I actually don't mind them having localized/isolated computing power but I'm selective about what goes online. For example, I could connect garage door opener to Internet and control it with smartphone app -- but no.

    TVs should be TVs, not computers.

    That's how TVs are used in our household, but the horse is already out of
    the barn. You could also say watches should be watches, vacuum cleaners should be vacuum cleaners, phones should be phones, cars should be cars, refrigerators should be refrigerators. The issue is cooked. What may not
    be cooked is how we end up regulating the privacy and security
    issues.   I hope not, in any case.

    Before me is a copy of the notes for a talk I gave several times in the
    early 1990s to groups in Europe in which one slide asks "What's the difference between a computer with a television in it and a television
    with a computer in it?" and the next answers "None".  I wanted to
    prepare them for a networked future with active media where computing and networking would be so widespread and common as to be invisible.

    I can't recall that they ever got it.

    Pete Kaiser

    ------------------------------

    Date: Mon, 23 Nov 2020 07:49:13 +0000
    From: Stefan Lueders <Stefan.Lueders@cern.ch>
    Subject: Re: Online password '123456' more popular than ever and easy to
    crack (Kruk)

    I do not agree its conclusion. While I agree that passwords should be
    complex and long, rather passphrases, and ideally go along with second
    factor authentication, the problem in the below lies somewhere else: in the increasing need to register with an email address / password combination to even the simplest webpages to get some random content (newsletters, bulletin boards, etc.) such that the website owners can market those email
    addresses. The risk of exposure of personal information, if those sites are compromized, on that pages is zero. The password complexity (and use of 2FA) should be proportional to the risk --- where PII is at stake, complex
    passwords & 2FA are a must. But for a page where I am forced to register
    just with an email address to access content, like RISKS, any password can
    do.

    ------------------------------

    Date: Wed, 25 Nov 2020 05:25:18 -0700
    From: "Keith Medcalf" <kmedcalf@dessus.com>
    Subject: Re: Online password '123456' more popular than ever and easy to
    crack (Kruk, RISKS-32.38)

    And this points out why one should *NEVER* use a so-called "password
    manager" because they are inherently untrustworthy and have access to all
    your passwords.

    If you want to publish all your passwords for everyone to see, why not just write them on a sticky-note and stick it on your window, or send it as a
    letter to the editor of your local newspaper? Or post them on Twitter or whatever the kids are using these days ...

    ------------------------------

    Date: Fri, 27 Nov 2020 16:20:50 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Utah monolith: Internet sleuths got there, but its origins are
    still a mystery (BBC News)

    It took just 48 hours for the first person to get there.

    When officials in Utah on Monday revealed they had found a shimmering, metal structure deep in the Red Rock desert, they refused to say exactly where.

    They hoped that would be enough to deter amateur adventurers from setting
    off to find it, risking getting dangerously lost in the process.

    But there was little chance that people would abide by this advice. By Wednesday, pictures were emerging on Instagram of people triumphantly posing with the monolith, eager to show the world that they had got there first -
    even if the wider mystery of why it is there remains unsolved.

    They were aided by Internet sleuths who had quickly geo-located the
    structure on Google Earth and posted the co-ordinates online.

    https://www.bbc.com/news/world-us-canada-55071058

    The risk? Trying to keep secrets.

    [... and then it just disppeared... PGN]

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.39
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)