• Risks Digest 32.41 (1/2)

    From RISKS List Owner@21:1/5 to All on Sun Dec 20 01:13:02 2020
    RISKS-LIST: Risks-Forum Digest Saturday 19 December 2020 Volume 32 : Issue 41

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.41>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    SolarWinds, SunBurst, Russians, et al. (sundry sources merged by PGN)
    Advanced Persistent Threat Compromise of Government Agencies, Critical
    Infrastructure, and Private Sector Organizations (CISA)
    The U.S. government spent billions on a system for detecting hacks.
    The Russians outsmarted it. (Craig Timberg and Ellen Nakashima)
    More Hacking Attacks Found as Officials Warn of Grave Risk to
    U.S. Government (NYTimes)
    Harvard Gazette interviews Russia expert Paul Kolbe on Russian hacking of
    government computer systems (Christina Pazzanese)
    Hyundai and Kia Woes Continue as Nearly 425,000 Vehicles Recalled Over
    Engine Issues (The Drive)
    Boeing inappropriately coached test pilots during review of 737 Max after
    crashes, Senate investigators say (WashPost)
    Global google services outage 12/14 -- delay in repair (Edwin Slonim) Military-grade camera shows risks of airborne coronavirus spread (WashPost) National Weather Service faces Internet bandwidth shortage, proposes access
    limits (WashPost)
    Facebook' Tone-Deaf Attack on Apple (NYTimes)
    Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals -- Without
    Wi-Fi Hardware (The Hacker News)
    Cheap GPS jammers a major threat to drones (RNTFND)
    Betting on the election (Rob Slade)
    Vaccinated? Show Us Your App (NYTimes)
    Devices Used In COVID-19 Treatment Can Give Errors For Patients With Dark
    Skin (npr.org)
    An Internal Medicine Doctor and His Peers Read the Pfizer Vaccine Study and
    See Red Flags (Naked Capitalism)
    More Differential Privacy for Ordinary Security Mavens (Rob Slade)
    Differential Privacy for Ordinary Security Mavens: noise (Rob Slade)
    Re: AI Can Run Your Work Meetings Now (Amos Shapir)
    Re: Former Israeli space security chief says aliens exist, humanity not
    ready (Amos Shapir)
    Re: Police Drones Starting to Think for Themselves (Amos Shapir)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Sat, 19 Dec 2020
    From: Peter G Neumann <Neumann@CSL.SRI.COM>
    Subject: SolarWinds, SunBurst, Russians, et al. (sundry sources merged)

    WASHINGTON, 13 Dec 2020 (Reuters) - A sophisticated hacking group backed by
    a foreign government stole information from the U.S. Treasury Department and
    a U.S. agency responsible for deciding policy around the Internet and telecommunications, according to people familiar with the matter.
    (Reporting by Christopher Bing; Editing by Daniel Wallis) https://www.reuters.com/article/usa-cyber-amazoncom-idUSL1N2IT0HS

    Washington Post attributed it to .ru /Cozy Bear https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html

    The Russian government hackers who breached a top cybersecurity firm are
    behind a global espionage campaign that also compromised the Treasury and Commerce departments and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity
    of the matter.

    The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.

    Brian Krebs blog post: SolarWinds' products were used by virtually
    everyone. https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/

    Reuters reported that up to 18000 of them may have downloaded the malware. https://www.reuters.com/article/global-cyber/global-security-teams-assess-impact-of-suspected-russian-cyber-attack-idUKKBN28O1KN

    Many services from Alphabet Inc, including YouTube, Gmail and Google
    Drive, were down for thousands of users across the globe on Monday. https://www.reuters.com/article/alphabet-outages-int/alphabets-youtube-gmail-google-drive-services-hit-by-outage-idUSKBN28O1F1

    The NYTimes mentions that this all started in the spring of 2020, already
    too late to stop some of the damage.
    Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html?action=click&module=Top%20Stories&pgtype=Homepage

    Fireeye's analysis for the attack: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

    Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor
    the health of their IT networks. Given the breadth of the company's customer base, experts say the incident may be just the first of many such
    disclosures.

    SolarWinds hides list of high-profile customers after devastating hack https://www.theverge.com/2020/12/15/22176053/solarwinds-hack-client-list-russia-orion-it-compromised

    Some of SolarWinds' customers. Source: solarwinds.com
    According to a Reuters story <https://www.reuters.com/article/BigStory12/idUSKBN28N0PG>, hackers believed
    to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. Reuters reports the attackers were
    able to surreptitiously tamper with updates released by SolarWinds for its Orion platform <https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-How-Orion-Works-sw1625.htm>, a suite of network management tools.

    In a security advisory <https://www.solarwinds.com/securityadvisory>,
    Austin, Texas based SolarWinds acknowledged its systems ``experienced a
    highly sophisticated, manual supply chain attack on SolarWinds Orion
    Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.''

    In response to the intrusions at Treasury and Commerce, the Department of Homeland Security's *Cybersecurity and Infrastructure Security Agency* (CISA) took the unusual step of issuing an emergency directive <https://cyber.dhs.gov/ed/21-01/> ordering all federal agencies to
    immediately disconnect the affected Orion products from their networks. [...] https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/

    - - - -

    Partial customer listing from Brian Krebs:
    Acxiom
    Ameritrade
    AT&T
    Bellsouth Telecommunications
    Best Western Intl.
    Blue Cross Blue Shield
    Booz Allen Hamilton
    Boston Consulting
    Cable & Wireless
    Cablecom Media AG
    Cablevision
    CBS
    Charter Communications
    Cisco
    CitiFinancial
    City of Nashville
    City of Tampa
    Clemson University
    Comcast Cable
    Credit Suisse
    Dow Chemical
    EMC Corporation
    Ericsson
    Ernst and Young
    Faurecia
    Federal Express
    Federal Reserve Bank
    Fibercloud
    Fiserv
    Ford Motor Company
    Foundstone
    Gartner
    Gates Foundation
    General Dynamics
    Gillette Deutschland GmbH
    GTE
    H&R Block
    Harvard University
    Hertz Corporation
    ING Direct
    IntelSat
    J.D. Byrider
    Johns Hopkins University
    Kennedy Space Center
    Kodak
    Korea Telecom
    Leggett and Platt
    Level 3 Communications
    Liz Claiborne
    Lockheed Martin
    Lucent
    MasterCard
    McDonald's Restaurants
    Microsoft
    National Park Service
    NCR
    NEC
    Nestle
    New York Power Authority
    New York Times
    Nielsen Media Research
    Nortel
    Perot Systems Japan
    Phillips Petroleum
    Pricewaterhouse Coopers
    Procter & Gamble
    Sabre
    Saks
    San Francisco Intl. Airport
    Siemens
    Smart City Networks
    Smith Barney
    Smithsonian Institute
    Sparkasse Hagen
    Sprint
    St. John's University
    Staples
    Subaru
    Supervalu
    Swisscom AG
    Symantec
    Telecom Italia
    Telenor
    Texaco
    The CDC
    The Economist
    Time Warner Cable
    U.S. Air Force
    University of Alaska
    University of Kansas
    University of Oklahoma
    US Dept. Of Defense
    US Postal Service
    US Secret Service
    Visa USA
    Volvo
    Williams Communications
    Yahoo

    https://twitter.com/briankrebs/status/1340012807258042371

    - - - -

    Russia Suspected In Major Cyberattack On U.S. Treasury, Commerce Departments https://www.npr.org/2020/12/14/946163194/russia-suspected-in-months-long-cyber-attack-on-federal-agencies

    Spreading effects of SolarWinds software supply chain compromise. The
    security effects of remote work. <https://thecyberwire.com/newsletters/daily-briefing/9/240>

    Solarwinds seems to have used a bad password for its update server: https://threatpost.com/solarwinds-default-password-access-sales/162327/

    Apparently a security research told SolarWinds that their githib repo had a password "SolarWinds123" and it wasn't changed even after being tipped off.

    There is an explanation of the hack, but not the compromise itself at https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

    ZDNet reports that a compromise of the company's Microsoft Office 365 email
    and office productivity accounts may have provided a point of entry. <https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/>

    See also https://www.washingtonpost.com/opinions/russia-solarwinds-hack-us-cyber-defenses/2020/12/16/e3bfabe8-3fd2-11eb-8bc0-ae155bee4aff_story.html

    ------------------------------

    Date: Fri, 18 Dec 2020 01:54:02 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Advanced Persistent Threat Compromise of Government Agencies,
    Critical Infrastructure, and Private Sector Organizations (CISA)

    [Later inf the week, the "official" CISA announcement appeared. PGN]

    Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations https://us-cert.cisa.gov/ncas/alerts/aa20-352a

    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities,
    and private sector organizations by an advanced persistent threat (APT)
    actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these
    intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.

    Technical Details
    Overview

    CISA is aware of compromises, which began at least as early as March 2020,
    at U.S. government agencies, critical infrastructure entities, and private sector organizations by an APT actor. This threat actor has demonstrated sophistication and complex tradecraft in these intrusions. CISA expects
    that removing the threat actor from compromised environments will be highly complex and challenging. This adversary has demonstrated an ability to
    exploit software supply chains and shown significant knowledge of Windows networks. It is likely that the adversary has additional initial access
    vectors and tactics, techniques, and procedures (TTPs) that have not yet
    been discovered. CISA will continue to update this Alert and the
    corresponding indicators of compromise (IOCs) as new information becomes available. Initial Infection Vectors [TA0001]

    CISA is investigating incidents that exhibit adversary TTPs consistent with this activity, including some where victims either do not leverage
    SolarWinds Orion or where SolarWinds Orion was present but where there was
    no SolarWinds exploitation activity observed. Volexity has also reported publicly that they observed the APT using a secret key that the APT
    previously stole in order to generate a cookie to bypass the Duo
    multi-factor authentication protecting access to Outlook Web App (OWA).[1

    Volexity attributes this intrusion to the same activity as the SolarWinds
    Orion supply chain compromise, and the TTPs are consistent between the
    two. This observation indicates that there are other initial access vectors beyond SolarWinds Orion, and there may still be others that are not yet
    known. SolarWinds Orion Supply Chain Compromise

    SolarWinds Orion is an enterprise network management software suite that includes performance and application monitoring and network configuration management along with several different types of analyzing tools. SolarWinds Orion is used to monitor and manage on-premise and hosted
    infrastructures. To provide SolarWinds Orion with the necessary visibility
    into this diverse set of technologies, it is common for network
    administrators to configure SolarWinds Orion with pervasive privileges,
    making it a valuable target for adversary activity.

    https://us-cert.cisa.gov/ncas/alerts/aa20-352a

    ------------------------------

    Date: December 17, 2020 at 5:57:28 PM GMT+9
    From: Dewayne Hendricks <dewayne@warpspeed.com>
    Subject: The U.S. government spent billions on a system for detecting hacks.
    The Russians outsmarted it. (Craig Timberg and Ellen Nakashima)

    [Note: This item comes from reader Randall Head. DLH]

    15 Dec 2020 <https://www.washingtonpost.com/national-security/ruusian-hackers-outsmarted-us-defenses/2020/12/15/3deed840-3f11-11eb-9453-fc36ba051781_story.html>

    When Russian hackers first slipped their digital Trojan horses into federal government computer systems, probably sometime in the spring, they sat dormant for days, doing nothing but hiding. Then the malicious code sprang into action and began
    communicating with the outside world.

    At that moment -- when the Russian malware began sending transmissions from federal servers to command-and-control computers operated by the hackers --
    an opportunity for detection arose, much as human spies behind enemy lines
    are particularly vulnerable when they radio home to report what they've
    found.

    Why then, when computer networks at the State Department and other federal agencies started signaling to Russian servers, did nobody in the
    U.S. government notice that something odd was afoot?

    The answer is part Russian skill, part federal government blind spot.

    The Russians, whose operation was discovered this month by a cybersecurity firm that they hacked, were good. After initiating the hacks by corrupting patches of widely used network monitoring software, the hackers hid well, wiped away their tracks and
    communicated through IP addresses in the United States rather than ones in, say, Moscow to minimize suspicions.

    The hackers also shrewdly used novel bits of malicious code that apparently evaded the U.S. government's multibillion-dollar detection system, Einstein, which focuses on finding new uses of known malware and also detecting connections to parts of the Internet used in previous hacks.

    But Einstein, operated by the Department of Homeland Security's
    Cybersecurity and Infrastructure Security Agency (CISA), was not equipped to find novel malware or Internet connections, despite a 2018 report from the Government Accountability Office suggesting that building such capability
    might be a wise investment. Some private cybersecurity firms do this type of *hunting* for suspicious communications -- maybe an IP address to which a server has never before connected -- but Einstein doesn't.

    ``It's fair to say that Einstein wasn't designed properly,'' said Thomas Bossert, a top cybersecurity official in both the George W. Bush and Trump administrations. ``But that's a management failure.''

    CISA spokeswoman Sara Sendek said the breaches stretch back to March and
    were not caught by any intrusion detection or prevention system. As soon as CISA received indicators of the activity it loaded them into Einstein to
    help identify breaches on agency networks, Sendek said.

    CISA is providing technical assistance to affected agencies, she said.

    Russia has denied involvement in the intrusions.

    The federal government has invested heavily in securing its myriad
    computers, especially since the extent of the devastating Chinese hack of
    the Office of Personnel Management was discovered in 2015, when more than 20 million federal employees and others had their personal information,
    including Social Security numbers, compromised.

    But this year's months-long hack of federal networks, discovered in recent days, has revealed new weaknesses and underscored some previously known
    ones, including the federal government's reliance on widely used commercial software that provides potential attack vectors for nation-state hackers.

    The FBI and DHS are investigating the scope and nature of the breaches,
    which intelligence officials believe were carried out by the Russian Foreign Intelligence Service (SVR). Sen. Richard Blumenthal (D-Conn.) on Tuesday publicly acknowledged as much, tweeting that the Senate received a
    ``classified briefing on Russia's cyberattack [that] left me deeply alarmed,
    in fact downright scared.''

    The Russians reportedly found their way into federal systems by first
    hacking SolarWinds, a Texas-based maker of network-monitoring software, and then slipped the malware into automatic updates that network administrators,
    in the federal government and elsewhere, routinely install to keep their systems current. The company reported that nearly 18,000 of its customers
    may have been affected worldwide.

    More broadly, the hack highlighted the struggles of the government's network-monitoring systems to detect threats delivered through newly written malicious code communicating to servers not previously affiliated with known cyberattacks. This is something advanced nation-state hackers, including
    from Russia, sometimes do -- presumably because it makes intrusions harder
    to detect.

    The full scope of the hack remains unknown, though it's already clear that a growing number of agencies have been penetrated, including the departments
    of State, Treasury, Homeland Security and Commerce, and the National
    Institutes of Health. They are among victims that include consulting, technology, telecom, and oil and gas companies in North America, Europe,
    Asia and the Middle East.

    The Pentagon was assessing Tuesday whether there had been intrusions at the sprawling department and if so what impact they may have had, a spokesman
    said.

    Emails were one target of the hackers, officials said. Though it's not yet clear what the Russians may be intending to do with the information, their victims, including a variety of State Department bureaus, suggest a range of motives.

    At State, they may want to know what policymakers' plans are with respect to regions and issues that affect Russia's strategic interests. At Treasury,
    they may have sought insights into potential Russian targets of
    U.S. sanctions. At NIH, they may be interested in information related to coronavirus vaccine research.

    As the investigative work continues, some lawmakers are focused on probing why and how federal cybersecurity efforts have fallen short despite years of damaging hacks by Russian and Chinese spies and major federal investments in defensive technologies.

    Einstein, which was developed by DHS and is now operated by CISA, was
    supposed to be a backbone of federal protection of civilian agency
    computers, but the 2018 GAO report found significant weaknesses.

    The capability to ``identify any anomalies that may indicate a cybersecurity compromise'' was planned for deployment by 2022, the report said. It also
    said that network monitoring by individual agencies is spotty. Of 23 federal agencies surveyed, five ``were not monitoring inbound or outbound direct connections to outside entities,'' and 11 ``were not persistently monitoring inbound encrypted traffic.'' Eight ``were not persistently monitoring
    outbound encrypted traffic.''

    ``DHS spent billions of taxpayer dollars on cyber defenses and all it got in return was a lemon with a catchy name,'' said Sen. Ron Wyden (D-Ore.), a
    member of the Senate Intelligence Committee. ``Despite warnings by
    government watchdogs, this administration failed to promptly deploy
    technology necessary to identify suspicious traffic and catch hackers using
    new tools and new servers.''

    It wasn't just this administration.

    [But it does take an Einstein to get it right? PGN]

    ------------------------------

    Date: Sat, 19 Dec 2020 13:40:09 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: More Hacking Attacks Found as Officials Warn of Grave Risk to
    U.S. Government (NYTimes)

    ``Governments have long spied on each other but there is a growing and
    critical recognition that there needs to be a clear set of rules that put certain techniques off limits. One of the things that needs to be off
    limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.'' [Attributed to a
    Mr Smith] https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html

    ------------------------------

    Date: Fri, 18 Dec 2020 8:59:11 PST
    From: Paul Saffo <paul@saffo.com>
    Subject: Harvard Gazette interviews Russia expert Paul Kolbe on Russian
    hacking of government computer systems (Christina Pazzanese)

    Harvard Gazette, 16 Dec 2020

    Revelations of cyberattacks on U.S. likely just `tip of the iceberg'
    Espionage aimed at government, big business was `sustained, targeted, far-reaching', analysts say

    https://news.harvard.edu/gazette/story/2020/12/harvard-cybersecurity-experts-discuss-russian-breach/
    https://webcache.googleusercontent.com/search?q=cache:nd02WV_TL2kJ:https://www.solarwinds.com/fr/company/customers+&cd=5&hl=en&ct=clnk&gl=no

    ------------------------------

    Date: Sun, 13 Dec 2020 18:55:02 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Hyundai and Kia Woes Continue as Nearly 425,000 Vehicles Recalled
    Over Engine Issues (The Drive)

    The independent Center for Auto Safety <https://www.autosafety.org/> has
    been particularly outspoken about how owners have been treated by the two manufacturers. ``Hyundai is recalling another 129k vehicles for fire risk,
    but because the current recall only covers certain Hyundai vehicles, despite other ones having the exact same engines, we don't think this recall is the
    end of this story,'' the center said in a tweeted statement. <https://twitter.com/Ctr4AutoSafety/status/1335585122410696706>

    ``When consumers are telling their car company and their government their
    cars are catching on fire, it should not require a third-party watchdog to force life-saving action, but that's exactly what happene here,'' said Jason Levine, executive director of the Center for Auto Safety, in a press
    release. ``Far too many Hyundai owners had their horror stories dismissed
    as freak occurrences or anomalous. Today's recall demonstrates that where there's smoke there's fire.''

    https://www.thedrive.com/news/37985/hyundai-and-kia-woes-continue-as-nearly-425000-vehicles-recalled-over-engine-issues

    ------------------------------

    Date: Sat, 19 Dec 2020 11:07:51 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Boeing inappropriately coached test pilots during review of 737 Max
    after crashes, Senate investigators say (WashPost)

    https://www.washingtonpost.com/local/trafficandcommuting/boeing-faa-senate/2020/12/18/b1ce57b6-414d-11eb-8db8-395dedaaa036_story.html

    Self-certification authority transferred to the aviation industry has
    weakened the FAA's independence and regulatory effectiveness.

    Delegation of certification authority to industry accelerates commercial operations; independent regulators impede product delivery through their enforcement and oversight processes.

    Government whistleblowers experience retaliation from their superiors
    because they refuse to "play ball" deters public safety advocacy.

    Self-certification and self-regulation have been promoted by the Federal government. "FAA Is Not Alone In Allowing Industry To Self-Regulate," identifies the Interior Department Bureau of Safety and Environmental Enforcement -- the offshore carbon extraction practice regulator that contributed to the Deep Water Horizon disaster -- as another spectacular example. The Environmental Protection Agency and Department of Agriculture routinely practice "light touch" regulation or outright industrial
    capitulation to enable profit pursuit. https://wbhm.org/npr_story_post/2019/faa-is-not-alone-in-allowing-industry-to-self-regulate/

    Protecting public health and safety is a government's primary function.
    Urgent reconsideration of their elected service is appropriate when specific enforcement measures are regarded with impunity.

    ------------------------------

    Date: Tue, 15 Dec 2020 16:26:01 +1100
    From: Edwin Slonim <eslonim@minols.com>
    Subject: Global google services outage 12/14 -- delay in repair

    The preliminary report contains this fascinating note in Additional Details: "Many of our internal users and tools experienced similar errors, which
    added delays to our outage external communication."

    Preliminary Incident Statement while full Incident Report is prepared.

    (All Times US/Pacific)
    Incident Start: 2020-12-14 03:45
    Incident End: 2020-12-14 04:35
    Duration: 50 minutes;
    Affected:

    - Services: Google Cloud Platform, Google Workspace
    - Features: Account login and authentication to all Cloud services
    - Regions/Zones: Global

    Description:

    Google Cloud Platform and Google Workspace experienced a global outage affecting all services which require Google account authentication for a duration of 50 minutes. The root cause was an issue in our automated quota management system which reduced capacity for Google's central identity management system, causing it to return errors globally. As a result, we couldn't verify that user requests were authenticated and served
    errors to our users. Customer Impact:

    - GCP services (including Cloud Console, Cloud Storage, BigQuery, Google
    Kubernetes Engine) requiring authentication would have returned an error
    for all users.
    - Google Workspace services (including Gmail, Calendar, Meet, Docs and
    Drive) requiring authentication would have returned an error for all users.

    Additional Details:

    - Many of our internal users and tools experienced similar errors, which
    added delays to our outage external communication.
    - We will publish an analysis of this incident once we have completed
    our internal investigation.

    ------------------------------

    Date: Fri, 11 Dec 2020 19:31:17 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Military-grade camera shows risks of airborne coronavirus spread
    (WashPost)

    To visually illustrate the risk of airborne transmission, The Washington Post used an infrared camera capable of detecting exhaled breath.

    https://www.washingtonpost.com/investigations/2020/12/11/coronavirus-airborne-video-infrared-spread/

    ------------------------------

    Date: Sun, 13 Dec 2020 20:57:04 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: National Weather Service faces Internet bandwidth shortage,
    proposes access limits (WashPost)

    Agency floats a solution to problems that could hobble private companies and affect popular weather apps.

    The Weather Service held a public forum Tuesday to discuss the proposal and answer questions. When asked about the investment in computing
    infrastructure that would be required for these limits to not be necessary, agency officials said a one-time cost of about $1.5 million could avert rate limits. The NOAA budget for fiscal 2020 was $5.4 billion.

    Buchanan, however, stated the actual cost to address the issue would be
    higher because the $1.5 million “would comprise just one component
    of what has to be a multifaceted solution.”

    The officials at the forum also said that senior management at the Weather Service was aware of the relatively small cost of addressing the issue but
    that the agency faced “competing priorities.”

    Buchanan said data dissemination is a priority for Weather Service
    leadership but that it is *continuously weighed* against others.

    When officials at the forum were asked if Congress was aware of the agency's data dissemination challenges, they said that they did not know.

    https://www.washingtonpost.com/weather/2020/12/09/nws-data-limits-internet-bandwidth/

    ------------------------------

    Date: Sat, 19 Dec 2020 13:42:13 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Facebook' Tone-Deaf Attack on Apple (NYTimes)

    The company declared in newspaper ads that it was ``standing up to Apple.'' It's a desperate ploy that's unlikely to work.

    https://www.nytimes.com/2020/12/18/opinion/facebook-apple-ads.html

    What's Facebook doing pretending to be on the high/moral ground in this
    fight?

    ------------------------------

    Date: Wed, 16 Dec 2020 10:29:05 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals
    -- Without Wi-Fi Hardware (The Hacker News)

    A security researcher has demonstrated that sensitive data could be
    exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel -- surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems.

    Dubbed "*AIR-FI* <https://arxiv.org/abs/2012.06884>," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers
    controlled by an attacker.

    The findings were published today in a paper titled "AIR-FI: Generating
    Covert Wi-Fi Signals from Air-Gapped Computers" by *Dr. Mordechai Guri* <https://www.linkedin.com/in/mordechai-guri-081109100/?originalSubdomain=il>, the head of R&D at Ben-Gurion University of the Negev's Cyber-Security
    Research Center, Israel.

    "The AIR-FI attack [...] does not require Wi-Fi related hardware in the air-gapped computers," Dr. Guri outlined. [...] https://thehackernews.com/2020/12/exfiltrating-data-from-air-gapped.html

    ------------------------------

    Date: Thu, 17 Dec 2020 11:29:25 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Cheap GPS jammers a major threat to drones

    *Blog Editor's Note: We are not sure the drone and autonomous community have really come to grips with this issue. *

    *The article mentions interference with a display involving hundreds of
    drones. There have been other incidents, of course, in China and elsewhere.
    One example is the UK accident we reported on that could have resulted in a fatality, according to the government's investigation report <https://rntfnd.org/2020/07/20/gps-interference-crashed-a-survey-drone-in-the-uk-will-the-debate-resonate-in-the-us-c4isrnet-ligado/>.*

    *We agree with the below article that GPS/GNSS receivers should include
    better hardware and software to make them more resilient to jamming and spoofing.*

    *That's only part of the solution, though. A holistic approach is needed if GPS/GNSS is to be managed property. We agree with the Protect, Toughen, and Augment scheme advocated by the National Space-based Positioning, Navigation, and Timing Advisory Board.* <https://rntfnd.org/what-we-do/our-recommendations-gps-gnss/>

    *PROTECT: GPS/GNSS signals with the right kinds of laws and regulations, interference detection, and enforcement action, *

    *TOUGHEN: Receivers and users with better software and equipment, and*

    *AUGMENT: GPS/GNSS signals with other signals/sources of PNT information.* EXCERPT:

    *Jammers that can be bought for as little as $50 threaten commercial drones, but there are options.*

    With rotors whirring and airframes hurling through the air, drones can be

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)