RISKS-LIST: Risks-Forum Digest Saturday 19 December 2020 Volume 32 : Issue 41
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.41>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
SolarWinds, SunBurst, Russians, et al. (sundry sources merged by PGN)
Advanced Persistent Threat Compromise of Government Agencies, Critical
Infrastructure, and Private Sector Organizations (CISA)
The U.S. government spent billions on a system for detecting hacks.
The Russians outsmarted it. (Craig Timberg and Ellen Nakashima)
More Hacking Attacks Found as Officials Warn of Grave Risk to
U.S. Government (NYTimes)
Harvard Gazette interviews Russia expert Paul Kolbe on Russian hacking of
government computer systems (Christina Pazzanese)
Hyundai and Kia Woes Continue as Nearly 425,000 Vehicles Recalled Over
Engine Issues (The Drive)
Boeing inappropriately coached test pilots during review of 737 Max after
crashes, Senate investigators say (WashPost)
Global google services outage 12/14 -- delay in repair (Edwin Slonim) Military-grade camera shows risks of airborne coronavirus spread (WashPost) National Weather Service faces Internet bandwidth shortage, proposes access
limits (WashPost)
Facebook' Tone-Deaf Attack on Apple (NYTimes)
Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals -- Without
Wi-Fi Hardware (The Hacker News)
Cheap GPS jammers a major threat to drones (RNTFND)
Betting on the election (Rob Slade)
Vaccinated? Show Us Your App (NYTimes)
Devices Used In COVID-19 Treatment Can Give Errors For Patients With Dark
Skin (npr.org)
An Internal Medicine Doctor and His Peers Read the Pfizer Vaccine Study and
See Red Flags (Naked Capitalism)
More Differential Privacy for Ordinary Security Mavens (Rob Slade)
Differential Privacy for Ordinary Security Mavens: noise (Rob Slade)
Re: AI Can Run Your Work Meetings Now (Amos Shapir)
Re: Former Israeli space security chief says aliens exist, humanity not
ready (Amos Shapir)
Re: Police Drones Starting to Think for Themselves (Amos Shapir)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 19 Dec 2020
From: Peter G Neumann <
Neumann@CSL.SRI.COM>
Subject: SolarWinds, SunBurst, Russians, et al. (sundry sources merged)
WASHINGTON, 13 Dec 2020 (Reuters) - A sophisticated hacking group backed by
a foreign government stole information from the U.S. Treasury Department and
a U.S. agency responsible for deciding policy around the Internet and telecommunications, according to people familiar with the matter.
(Reporting by Christopher Bing; Editing by Daniel Wallis)
https://www.reuters.com/article/usa-cyber-amazoncom-idUSL1N2IT0HS
Washington Post attributed it to .ru /Cozy Bear
https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
The Russian government hackers who breached a top cybersecurity firm are
behind a global espionage campaign that also compromised the Treasury and Commerce departments and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity
of the matter.
The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.
Brian Krebs blog post: SolarWinds' products were used by virtually
everyone.
https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
Reuters reported that up to 18000 of them may have downloaded the malware.
https://www.reuters.com/article/global-cyber/global-security-teams-assess-impact-of-suspected-russian-cyber-attack-idUKKBN28O1KN
Many services from Alphabet Inc, including YouTube, Gmail and Google
Drive, were down for thousands of users across the globe on Monday.
https://www.reuters.com/article/alphabet-outages-int/alphabets-youtube-gmail-google-drive-services-hit-by-outage-idUSKBN28O1F1
The NYTimes mentions that this all started in the spring of 2020, already
too late to stop some of the damage.
Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect
https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html?action=click&module=Top%20Stories&pgtype=Homepage
Fireeye's analysis for the attack:
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor
the health of their IT networks. Given the breadth of the company's customer base, experts say the incident may be just the first of many such
disclosures.
SolarWinds hides list of high-profile customers after devastating hack
https://www.theverge.com/2020/12/15/22176053/solarwinds-hack-client-list-russia-orion-it-compromised
Some of SolarWinds' customers. Source: solarwinds.com
According to a Reuters story <
https://www.reuters.com/article/BigStory12/idUSKBN28N0PG>, hackers believed
to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. Reuters reports the attackers were
able to surreptitiously tamper with updates released by SolarWinds for its Orion platform <
https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-How-Orion-Works-sw1625.htm>, a suite of network management tools.
In a security advisory <
https://www.solarwinds.com/securityadvisory>,
Austin, Texas based SolarWinds acknowledged its systems ``experienced a
highly sophisticated, manual supply chain attack on SolarWinds Orion
Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.''
In response to the intrusions at Treasury and Commerce, the Department of Homeland Security's *Cybersecurity and Infrastructure Security Agency* (CISA) took the unusual step of issuing an emergency directive <
https://cyber.dhs.gov/ed/21-01/> ordering all federal agencies to
immediately disconnect the affected Orion products from their networks. [...]
https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
- - - -
Partial customer listing from Brian Krebs:
Acxiom
Ameritrade
AT&T
Bellsouth Telecommunications
Best Western Intl.
Blue Cross Blue Shield
Booz Allen Hamilton
Boston Consulting
Cable & Wireless
Cablecom Media AG
Cablevision
CBS
Charter Communications
Cisco
CitiFinancial
City of Nashville
City of Tampa
Clemson University
Comcast Cable
Credit Suisse
Dow Chemical
EMC Corporation
Ericsson
Ernst and Young
Faurecia
Federal Express
Federal Reserve Bank
Fibercloud
Fiserv
Ford Motor Company
Foundstone
Gartner
Gates Foundation
General Dynamics
Gillette Deutschland GmbH
GTE
H&R Block
Harvard University
Hertz Corporation
ING Direct
IntelSat
J.D. Byrider
Johns Hopkins University
Kennedy Space Center
Kodak
Korea Telecom
Leggett and Platt
Level 3 Communications
Liz Claiborne
Lockheed Martin
Lucent
MasterCard
McDonald's Restaurants
Microsoft
National Park Service
NCR
NEC
Nestle
New York Power Authority
New York Times
Nielsen Media Research
Nortel
Perot Systems Japan
Phillips Petroleum
Pricewaterhouse Coopers
Procter & Gamble
Sabre
Saks
San Francisco Intl. Airport
Siemens
Smart City Networks
Smith Barney
Smithsonian Institute
Sparkasse Hagen
Sprint
St. John's University
Staples
Subaru
Supervalu
Swisscom AG
Symantec
Telecom Italia
Telenor
Texaco
The CDC
The Economist
Time Warner Cable
U.S. Air Force
University of Alaska
University of Kansas
University of Oklahoma
US Dept. Of Defense
US Postal Service
US Secret Service
Visa USA
Volvo
Williams Communications
Yahoo
https://twitter.com/briankrebs/status/1340012807258042371
- - - -
Russia Suspected In Major Cyberattack On U.S. Treasury, Commerce Departments
https://www.npr.org/2020/12/14/946163194/russia-suspected-in-months-long-cyber-attack-on-federal-agencies
Spreading effects of SolarWinds software supply chain compromise. The
security effects of remote work. <
https://thecyberwire.com/newsletters/daily-briefing/9/240>
Solarwinds seems to have used a bad password for its update server:
https://threatpost.com/solarwinds-default-password-access-sales/162327/
Apparently a security research told SolarWinds that their githib repo had a password "SolarWinds123" and it wasn't changed even after being tipped off.
There is an explanation of the hack, but not the compromise itself at
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
ZDNet reports that a compromise of the company's Microsoft Office 365 email
and office productivity accounts may have provided a point of entry. <
https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/>
See also
https://www.washingtonpost.com/opinions/russia-solarwinds-hack-us-cyber-defenses/2020/12/16/e3bfabe8-3fd2-11eb-8bc0-ae155bee4aff_story.html
------------------------------
Date: Fri, 18 Dec 2020 01:54:02 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Advanced Persistent Threat Compromise of Government Agencies,
Critical Infrastructure, and Private Sector Organizations (CISA)
[Later inf the week, the "official" CISA announcement appeared. PGN]
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities,
and private sector organizations by an advanced persistent threat (APT)
actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these
intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.
Technical Details
Overview
CISA is aware of compromises, which began at least as early as March 2020,
at U.S. government agencies, critical infrastructure entities, and private sector organizations by an APT actor. This threat actor has demonstrated sophistication and complex tradecraft in these intrusions. CISA expects
that removing the threat actor from compromised environments will be highly complex and challenging. This adversary has demonstrated an ability to
exploit software supply chains and shown significant knowledge of Windows networks. It is likely that the adversary has additional initial access
vectors and tactics, techniques, and procedures (TTPs) that have not yet
been discovered. CISA will continue to update this Alert and the
corresponding indicators of compromise (IOCs) as new information becomes available. Initial Infection Vectors [TA0001]
CISA is investigating incidents that exhibit adversary TTPs consistent with this activity, including some where victims either do not leverage
SolarWinds Orion or where SolarWinds Orion was present but where there was
no SolarWinds exploitation activity observed. Volexity has also reported publicly that they observed the APT using a secret key that the APT
previously stole in order to generate a cookie to bypass the Duo
multi-factor authentication protecting access to Outlook Web App (OWA).[1
Volexity attributes this intrusion to the same activity as the SolarWinds
Orion supply chain compromise, and the TTPs are consistent between the
two. This observation indicates that there are other initial access vectors beyond SolarWinds Orion, and there may still be others that are not yet
known. SolarWinds Orion Supply Chain Compromise
SolarWinds Orion is an enterprise network management software suite that includes performance and application monitoring and network configuration management along with several different types of analyzing tools. SolarWinds Orion is used to monitor and manage on-premise and hosted
infrastructures. To provide SolarWinds Orion with the necessary visibility
into this diverse set of technologies, it is common for network
administrators to configure SolarWinds Orion with pervasive privileges,
making it a valuable target for adversary activity.
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
------------------------------
Date: December 17, 2020 at 5:57:28 PM GMT+9
From: Dewayne Hendricks <
dewayne@warpspeed.com>
Subject: The U.S. government spent billions on a system for detecting hacks.
The Russians outsmarted it. (Craig Timberg and Ellen Nakashima)
[Note: This item comes from reader Randall Head. DLH]
15 Dec 2020 <
https://www.washingtonpost.com/national-security/ruusian-hackers-outsmarted-us-defenses/2020/12/15/3deed840-3f11-11eb-9453-fc36ba051781_story.html>
When Russian hackers first slipped their digital Trojan horses into federal government computer systems, probably sometime in the spring, they sat dormant for days, doing nothing but hiding. Then the malicious code sprang into action and began
communicating with the outside world.
At that moment -- when the Russian malware began sending transmissions from federal servers to command-and-control computers operated by the hackers --
an opportunity for detection arose, much as human spies behind enemy lines
are particularly vulnerable when they radio home to report what they've
found.
Why then, when computer networks at the State Department and other federal agencies started signaling to Russian servers, did nobody in the
U.S. government notice that something odd was afoot?
The answer is part Russian skill, part federal government blind spot.
The Russians, whose operation was discovered this month by a cybersecurity firm that they hacked, were good. After initiating the hacks by corrupting patches of widely used network monitoring software, the hackers hid well, wiped away their tracks and
communicated through IP addresses in the United States rather than ones in, say, Moscow to minimize suspicions.
The hackers also shrewdly used novel bits of malicious code that apparently evaded the U.S. government's multibillion-dollar detection system, Einstein, which focuses on finding new uses of known malware and also detecting connections to parts of the Internet used in previous hacks.
But Einstein, operated by the Department of Homeland Security's
Cybersecurity and Infrastructure Security Agency (CISA), was not equipped to find novel malware or Internet connections, despite a 2018 report from the Government Accountability Office suggesting that building such capability
might be a wise investment. Some private cybersecurity firms do this type of *hunting* for suspicious communications -- maybe an IP address to which a server has never before connected -- but Einstein doesn't.
``It's fair to say that Einstein wasn't designed properly,'' said Thomas Bossert, a top cybersecurity official in both the George W. Bush and Trump administrations. ``But that's a management failure.''
CISA spokeswoman Sara Sendek said the breaches stretch back to March and
were not caught by any intrusion detection or prevention system. As soon as CISA received indicators of the activity it loaded them into Einstein to
help identify breaches on agency networks, Sendek said.
CISA is providing technical assistance to affected agencies, she said.
Russia has denied involvement in the intrusions.
The federal government has invested heavily in securing its myriad
computers, especially since the extent of the devastating Chinese hack of
the Office of Personnel Management was discovered in 2015, when more than 20 million federal employees and others had their personal information,
including Social Security numbers, compromised.
But this year's months-long hack of federal networks, discovered in recent days, has revealed new weaknesses and underscored some previously known
ones, including the federal government's reliance on widely used commercial software that provides potential attack vectors for nation-state hackers.
The FBI and DHS are investigating the scope and nature of the breaches,
which intelligence officials believe were carried out by the Russian Foreign Intelligence Service (SVR). Sen. Richard Blumenthal (D-Conn.) on Tuesday publicly acknowledged as much, tweeting that the Senate received a
``classified briefing on Russia's cyberattack [that] left me deeply alarmed,
in fact downright scared.''
The Russians reportedly found their way into federal systems by first
hacking SolarWinds, a Texas-based maker of network-monitoring software, and then slipped the malware into automatic updates that network administrators,
in the federal government and elsewhere, routinely install to keep their systems current. The company reported that nearly 18,000 of its customers
may have been affected worldwide.
More broadly, the hack highlighted the struggles of the government's network-monitoring systems to detect threats delivered through newly written malicious code communicating to servers not previously affiliated with known cyberattacks. This is something advanced nation-state hackers, including
from Russia, sometimes do -- presumably because it makes intrusions harder
to detect.
The full scope of the hack remains unknown, though it's already clear that a growing number of agencies have been penetrated, including the departments
of State, Treasury, Homeland Security and Commerce, and the National
Institutes of Health. They are among victims that include consulting, technology, telecom, and oil and gas companies in North America, Europe,
Asia and the Middle East.
The Pentagon was assessing Tuesday whether there had been intrusions at the sprawling department and if so what impact they may have had, a spokesman
said.
Emails were one target of the hackers, officials said. Though it's not yet clear what the Russians may be intending to do with the information, their victims, including a variety of State Department bureaus, suggest a range of motives.
At State, they may want to know what policymakers' plans are with respect to regions and issues that affect Russia's strategic interests. At Treasury,
they may have sought insights into potential Russian targets of
U.S. sanctions. At NIH, they may be interested in information related to coronavirus vaccine research.
As the investigative work continues, some lawmakers are focused on probing why and how federal cybersecurity efforts have fallen short despite years of damaging hacks by Russian and Chinese spies and major federal investments in defensive technologies.
Einstein, which was developed by DHS and is now operated by CISA, was
supposed to be a backbone of federal protection of civilian agency
computers, but the 2018 GAO report found significant weaknesses.
The capability to ``identify any anomalies that may indicate a cybersecurity compromise'' was planned for deployment by 2022, the report said. It also
said that network monitoring by individual agencies is spotty. Of 23 federal agencies surveyed, five ``were not monitoring inbound or outbound direct connections to outside entities,'' and 11 ``were not persistently monitoring inbound encrypted traffic.'' Eight ``were not persistently monitoring
outbound encrypted traffic.''
``DHS spent billions of taxpayer dollars on cyber defenses and all it got in return was a lemon with a catchy name,'' said Sen. Ron Wyden (D-Ore.), a
member of the Senate Intelligence Committee. ``Despite warnings by
government watchdogs, this administration failed to promptly deploy
technology necessary to identify suspicious traffic and catch hackers using
new tools and new servers.''
It wasn't just this administration.
[But it does take an Einstein to get it right? PGN]
------------------------------
Date: Sat, 19 Dec 2020 13:40:09 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: More Hacking Attacks Found as Officials Warn of Grave Risk to
U.S. Government (NYTimes)
``Governments have long spied on each other but there is a growing and
critical recognition that there needs to be a clear set of rules that put certain techniques off limits. One of the things that needs to be off
limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.'' [Attributed to a
Mr Smith]
https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html
------------------------------
Date: Fri, 18 Dec 2020 8:59:11 PST
From: Paul Saffo <
paul@saffo.com>
Subject: Harvard Gazette interviews Russia expert Paul Kolbe on Russian
hacking of government computer systems (Christina Pazzanese)
Harvard Gazette, 16 Dec 2020
Revelations of cyberattacks on U.S. likely just `tip of the iceberg'
Espionage aimed at government, big business was `sustained, targeted, far-reaching', analysts say
https://news.harvard.edu/gazette/story/2020/12/harvard-cybersecurity-experts-discuss-russian-breach/
https://webcache.googleusercontent.com/search?q=cache:nd02WV_TL2kJ:https://www.solarwinds.com/fr/company/customers+&cd=5&hl=en&ct=clnk&gl=no
------------------------------
Date: Sun, 13 Dec 2020 18:55:02 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Hyundai and Kia Woes Continue as Nearly 425,000 Vehicles Recalled
Over Engine Issues (The Drive)
The independent Center for Auto Safety <
https://www.autosafety.org/> has
been particularly outspoken about how owners have been treated by the two manufacturers. ``Hyundai is recalling another 129k vehicles for fire risk,
but because the current recall only covers certain Hyundai vehicles, despite other ones having the exact same engines, we don't think this recall is the
end of this story,'' the center said in a tweeted statement. <
https://twitter.com/Ctr4AutoSafety/status/1335585122410696706>
``When consumers are telling their car company and their government their
cars are catching on fire, it should not require a third-party watchdog to force life-saving action, but that's exactly what happene here,'' said Jason Levine, executive director of the Center for Auto Safety, in a press
release. ``Far too many Hyundai owners had their horror stories dismissed
as freak occurrences or anomalous. Today's recall demonstrates that where there's smoke there's fire.''
https://www.thedrive.com/news/37985/hyundai-and-kia-woes-continue-as-nearly-425000-vehicles-recalled-over-engine-issues
------------------------------
Date: Sat, 19 Dec 2020 11:07:51 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Boeing inappropriately coached test pilots during review of 737 Max
after crashes, Senate investigators say (WashPost)
https://www.washingtonpost.com/local/trafficandcommuting/boeing-faa-senate/2020/12/18/b1ce57b6-414d-11eb-8db8-395dedaaa036_story.html
Self-certification authority transferred to the aviation industry has
weakened the FAA's independence and regulatory effectiveness.
Delegation of certification authority to industry accelerates commercial operations; independent regulators impede product delivery through their enforcement and oversight processes.
Government whistleblowers experience retaliation from their superiors
because they refuse to "play ball" deters public safety advocacy.
Self-certification and self-regulation have been promoted by the Federal government. "FAA Is Not Alone In Allowing Industry To Self-Regulate," identifies the Interior Department Bureau of Safety and Environmental Enforcement -- the offshore carbon extraction practice regulator that contributed to the Deep Water Horizon disaster -- as another spectacular example. The Environmental Protection Agency and Department of Agriculture routinely practice "light touch" regulation or outright industrial
capitulation to enable profit pursuit.
https://wbhm.org/npr_story_post/2019/faa-is-not-alone-in-allowing-industry-to-self-regulate/
Protecting public health and safety is a government's primary function.
Urgent reconsideration of their elected service is appropriate when specific enforcement measures are regarded with impunity.
------------------------------
Date: Tue, 15 Dec 2020 16:26:01 +1100
From: Edwin Slonim <
eslonim@minols.com>
Subject: Global google services outage 12/14 -- delay in repair
The preliminary report contains this fascinating note in Additional Details: "Many of our internal users and tools experienced similar errors, which
added delays to our outage external communication."
Preliminary Incident Statement while full Incident Report is prepared.
(All Times US/Pacific)
Incident Start: 2020-12-14 03:45
Incident End: 2020-12-14 04:35
Duration: 50 minutes;
Affected:
- Services: Google Cloud Platform, Google Workspace
- Features: Account login and authentication to all Cloud services
- Regions/Zones: Global
Description:
Google Cloud Platform and Google Workspace experienced a global outage affecting all services which require Google account authentication for a duration of 50 minutes. The root cause was an issue in our automated quota management system which reduced capacity for Google's central identity management system, causing it to return errors globally. As a result, we couldn't verify that user requests were authenticated and served
errors to our users. Customer Impact:
- GCP services (including Cloud Console, Cloud Storage, BigQuery, Google
Kubernetes Engine) requiring authentication would have returned an error
for all users.
- Google Workspace services (including Gmail, Calendar, Meet, Docs and
Drive) requiring authentication would have returned an error for all users.
Additional Details:
- Many of our internal users and tools experienced similar errors, which
added delays to our outage external communication.
- We will publish an analysis of this incident once we have completed
our internal investigation.
------------------------------
Date: Fri, 11 Dec 2020 19:31:17 -0500
From: Monty Solomon <
monty@roscom.com>
Subject: Military-grade camera shows risks of airborne coronavirus spread
(WashPost)
To visually illustrate the risk of airborne transmission, The Washington Post used an infrared camera capable of detecting exhaled breath.
https://www.washingtonpost.com/investigations/2020/12/11/coronavirus-airborne-video-infrared-spread/
------------------------------
Date: Sun, 13 Dec 2020 20:57:04 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: National Weather Service faces Internet bandwidth shortage,
proposes access limits (WashPost)
Agency floats a solution to problems that could hobble private companies and affect popular weather apps.
The Weather Service held a public forum Tuesday to discuss the proposal and answer questions. When asked about the investment in computing
infrastructure that would be required for these limits to not be necessary, agency officials said a one-time cost of about $1.5 million could avert rate limits. The NOAA budget for fiscal 2020 was $5.4 billion.
Buchanan, however, stated the actual cost to address the issue would be
higher because the $1.5 million “would comprise just one component
of what has to be a multifaceted solution.”
The officials at the forum also said that senior management at the Weather Service was aware of the relatively small cost of addressing the issue but
that the agency faced “competing priorities.”
Buchanan said data dissemination is a priority for Weather Service
leadership but that it is *continuously weighed* against others.
When officials at the forum were asked if Congress was aware of the agency's data dissemination challenges, they said that they did not know.
https://www.washingtonpost.com/weather/2020/12/09/nws-data-limits-internet-bandwidth/
------------------------------
Date: Sat, 19 Dec 2020 13:42:13 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Facebook' Tone-Deaf Attack on Apple (NYTimes)
The company declared in newspaper ads that it was ``standing up to Apple.'' It's a desperate ploy that's unlikely to work.
https://www.nytimes.com/2020/12/18/opinion/facebook-apple-ads.html
What's Facebook doing pretending to be on the high/moral ground in this
fight?
------------------------------
Date: Wed, 16 Dec 2020 10:29:05 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals
-- Without Wi-Fi Hardware (The Hacker News)
A security researcher has demonstrated that sensitive data could be
exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel -- surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.
Dubbed "*AIR-FI* <
https://arxiv.org/abs/2012.06884>," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers
controlled by an attacker.
The findings were published today in a paper titled "AIR-FI: Generating
Covert Wi-Fi Signals from Air-Gapped Computers" by *Dr. Mordechai Guri* <
https://www.linkedin.com/in/mordechai-guri-081109100/?originalSubdomain=il>, the head of R&D at Ben-Gurion University of the Negev's Cyber-Security
Research Center, Israel.
"The AIR-FI attack [...] does not require Wi-Fi related hardware in the air-gapped computers," Dr. Guri outlined. [...]
https://thehackernews.com/2020/12/exfiltrating-data-from-air-gapped.html
------------------------------
Date: Thu, 17 Dec 2020 11:29:25 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Cheap GPS jammers a major threat to drones
*Blog Editor's Note: We are not sure the drone and autonomous community have really come to grips with this issue. *
*The article mentions interference with a display involving hundreds of
drones. There have been other incidents, of course, in China and elsewhere.
One example is the UK accident we reported on that could have resulted in a fatality, according to the government's investigation report <
https://rntfnd.org/2020/07/20/gps-interference-crashed-a-survey-drone-in-the-uk-will-the-debate-resonate-in-the-us-c4isrnet-ligado/>.*
*We agree with the below article that GPS/GNSS receivers should include
better hardware and software to make them more resilient to jamming and spoofing.*
*That's only part of the solution, though. A holistic approach is needed if GPS/GNSS is to be managed property. We agree with the Protect, Toughen, and Augment scheme advocated by the National Space-based Positioning, Navigation, and Timing Advisory Board.* <
https://rntfnd.org/what-we-do/our-recommendations-gps-gnss/>
*PROTECT: GPS/GNSS signals with the right kinds of laws and regulations, interference detection, and enforcement action, *
*TOUGHEN: Receivers and users with better software and equipment, and*
*AUGMENT: GPS/GNSS signals with other signals/sources of PNT information.* EXCERPT:
*Jammers that can be bought for as little as $50 threaten commercial drones, but there are options.*
With rotors whirring and airframes hurling through the air, drones can be
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)