• Risks Digest 32.46 (1/2)

    From RISKS List Owner@21:1/5 to All on Mon Jan 25 21:53:14 2021
    RISKS-LIST: Risks-Forum Digest Monday 25 January 2021 Volume 32 : Issue 46

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.46>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    FAA Files Reveal a Surprising Threat to Airline Safety: the U.S. Military's
    GPS Tests (IEEE Spectrum)
    Australia's proposed media code could break the world wide web, says the man
    who invented it (The Guardian)
    Big Tech (Lauren Weinstein)
    Home alarm tech admits he used security cameras to be a serial Peeping Tom
    (ProTip via Ars Technica)
    AI-powered text from this program could fool the government (Will Knight)
    No stopping AI? Scientists conclude there would be no way to control
    super-intelligent machines (Study Finds)
    DNSpooq Lets Attackers Poison DNS Cache Records (Catalin Cimpanu)
    1,900 doses of Moderna vaccine destroyed after cleaner accidentally unplugs
    freezer in Boston (ABC News)
    COVID-19 Vaccine Reservations (RLGSC via Bob Gezelter)
    Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants
    (NYTimes)
    A Lesson From 1930s Germany: Beware State Control of Social Media
    (Heidi Tworek via Kimi Wei)
    Biden Has a Peloton Bike. That Raises Issues at the White House.
    (NYTimes)
    Biden will be the first president to use the new Air Force One
    (Business Insider)
    Janet Yellen suggests 'curtailing' cryptocurrency (Business Insider)
    Camouflage shield known as Quantum Stealth, is light-bending material that
    could be used to obscure objects of varying sizes (Geoff Goodfellow) Google-Linked Balloon Project to Provide Cell Service Will Close (NYTimes) Supermarket Worker Stole $1 Million and Bought Cars and Guns, Police Say
    (NYTimes)
    Forever Chemicals Are Widespread in U.S. Drinking Water
    (Scientific American)
    Revving up electric car industry, Israeli firm develops 5-minute-charge
    battery (The Guardian)
    Re: Bursts of acceleration in Tesla vehicles caused by drivers mistaking
    accelerators for brakes ... (Don Norman with appended excerpts from
    John Levine and Michael Bacon)
    Re: Post-Riot, the Capitol Hill IT Staff Faces a Security Mess
    (Craig S. Cottingham)
    Re: Bug wipes UK arrest records (Michael Bacon, John Colville)
    Re: Company name could lead to security xss attack (Wol)
    Re: Risk Management and Two-Dose Vaccines (Rob Slade)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 21 Jan 2021 09:57:56 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: FAA Files Reveal a Surprising Threat to Airline Safety: the
    U.S. Military's GPS Tests (IEEE Spectrum)

    *Military tests that jam and spoof GPS signals are an accident waiting to happen*

    Early one morning last May, a commercial airliner was approaching El Paso International Airport, in West Texas, when a warning popped up in the
    cockpit: *GPS Position Lost*. The pilot contacted the airline's operations center and received a report that the U.S. Army's White Sands Missile Range <https://www.wsmr.army.mil/Pages/home.aspx>, in South Central New Mexico,
    was disrupting the GPS signal. ``We knew then that it was not an aircraft
    GPS fault,'' the pilot wrote later.

    The pilot missed an approach on one runway due to high winds, then came
    around to try again. ``We were forced to Runway 04 with a predawn landing
    with no access to [an instrument landing] with vertical guidance,'' the
    pilot wrote. ``Runway 04 has a high CFIT threat due to the climbing terrain
    in the local area.''

    CFIT stands for ``controlled flight into terrain,'' and it is exactly as serious as it sounds. The pilot considered diverting to Albuquerque, 370 kilometers away, but eventually bit the bullet and tackled Runway 04 using
    only visual aids. The plane made it safely to the ground, but the pilot
    later logged the experience on NASA's Aviation Safety Reporting System <https://asrs.arc.nasa.gov/>, a forum where pilots can anonymously share
    near misses and safety tips.

    This is far from the most worrying ASRS report involving GPS jamming. In
    August 2018, a passenger aircraft in Idaho, flying in smoky conditions, reportedly suffered GPS interference from military tests and was saved from crashing into a mountain only by the last-minute intervention of an air
    traffic controller. ``Loss of life can happen because air traffic control
    and a flight crew believe their equipment are working as intended, but are
    in fact leading them into the side of the mountain,'' wrote the controller. ``Had [we] not noticed, that flight crew and the passengers would be dead. I have no doubt.''. [...]

    https://spectrum.ieee.org/aerospace/aviation/faa-files-reveal-a-surprising-threat-to-airline-safety-the-us-militarys-gps-tests

    [For further background on this topic, see Kate Murphy, Our GPS System Is
    Too Vulnerable, *The New York Times* Sunday Review, 24 Jan 2021. ``We
    need a backup for a service that is essential but full of weaknesses.''
    Sounds quite consistent with other RISKS items! PGN]

    ------------------------------

    Date: Thu, 21 Jan 2021 20:07:09 -0800
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Australia's proposed media code could break the world wide web,
    says the man who invented it (The Guardian)

    https://www.theguardian.com/media/2021/jan/20/australias-proposed-media-code-could-break-the-world-wide-web-says-the-man-who-invented-it

    ------------------------------

    Date: Tue, 19 Jan 2021 14:23:51 -0800
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Big Tech

    [via NNSquad]

    Some of my contemporaries are jumping on the "Big Tech is the Enemy"
    bandwagon. I could not disagree more. I am convinced that "Big Tech" is ultimately our salvation -- and that does include social media. The goal
    must be fixing the problems we have created, not killing Big Tech.

    ------------------------------

    Date: Fri, 22 Jan 2021 12:57:57 -0800
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Home alarm tech admits he used security cameras to be a serial
    Peeping Tom (ProTip via Ars Technica)

    No cameras in the bedroom?

    https://arstechnica.com/information-technology/2021/01/home-alarm-tech-backdoored-security-cameras-to-spy-on-customers-having-sex/

    ------------------------------

    Date: January 18, 2021 at 7:38:27 PM GMT+9
    From: Dewayne Hendricks <dewayne@warpspeed.com>
    Subject: AI-powered text from this program could fool the government
    (Will Knight)

    [via Dave Farber]

    Volunteers couldn't tell AI-generated comments from those penned by humans. Will Knight, Ars Technica, 17 Jan 2021 https://arstechnica.com/tech-policy/2021/01/ai-powered-text-from-this-program-could-fool-the-government/

    In October 2019, Idaho proposed changing its Medicaid program. The state
    needed approval from the federal government, which solicited public feedback via Medicaid.gov.

    Roughly 1,000 comments arrived. But half came not from concerned citizens or even Internet trolls. They were generated by artificial intelligence. And a study found that people could not distinguish the real comments from the
    fake ones.

    The project was the work of Max Weiss, a tech-savvy medical student at
    Harvard, but it received little attention at the time. Now, with AI language systems advancing rapidly, some say the government and Internet companies
    need to rethink how they solicit and screen feedback to guard against deepfaketext manipulation and other AI-powered interference.

    ``The ease with which a bot can generate and submit relevant text that impersonates human speech on government websites is surprising and really important to know,'' says Latanya Sweeney, a professor at Harvard's Kennedy School who advised Weiss on how to run the experiment ethically. Sweeney
    says the problems extend well beyond government services, but it is
    imperative that public agencies find a solution. ``AI can drown speech from real humans,'' she says. ``Government websites have to change.''

    The Centers for Medicare and Medicaid Services says it has added new
    safeguards to the public comment system in response to Weiss's study,
    though it declines to discuss specifics. Weiss says he was contacted by the
    US General Services Administration, which is developing a new version of the federal government website for publishing regulations and comments, about
    ways to better protect it from fake comments.

    Government systems have been the target of automated influence campaigns before. In 2017, researchers discovered that over a million comments
    submitted to the Federal Communications Commission regarding plans to roll
    back net neutrality rules had been auto-generated, with certain phrases
    copied and pasted into different messages.

    Weiss's project highlights a more serious threat. There has been remarkable progress in applying AI to language over the past few years. When powerful machine-learning algorithms are fed huge amounts of training data=94in the
    form of books and text scraped from the Web=94they can produce programs
    capable of generating convincing text. Besides myriad useful applications,
    this raises the prospect that all sorts of Internet messages, comments, and posts could be faked easily and less detectably.

    ``As technology gets better,'' Sweeney says, ``human speech venues become subject to manipulation without human knowledge that it has happened.''
    Weiss was working at a health care consumer-advocacy organization in the
    summer of 2019 when he learned about the public feedback process required to make Medicaid changes. Knowing that these public comments had swayed
    previous efforts to change state Medicaid programs, Weiss looked for tools
    that could auto-generate comments.

    ``I was a bit shocked when I saw nothing more than a submit button standing
    in the way of your comment becoming a part of the public record,'' he says.

    Weiss discovered GPT-2, a program released earlier that year by OpenAI, an
    AI company in San Francisco, and realized he could generate fake comments to simulate a groundswell of public opinion. ``I was also shocked at how easy
    it was to fine tune GPT-2 to actually spit out the comments,'' Weiss
    says. ``It's relatively concerning on a number of fronts.''

    Besides the comment-generating tool, Weiss built software for automatically submitting comments. He also conducted an experiment in which volunteers
    were asked to distinguish between the AI-generated comments and ones written
    by humans. The volunteers did no better than random guessing.

    After submitting the comments, Weiss notified the Centers for Medicare and Medicaid Services. He had added a few characters to make it easy to identify each fake comment. Even so, he says, the AI feedback remained posted online
    for several months.

    GPT-3

    OpenAI released a more capable version of its text-generation program,
    called GPT-3, last June. So far, it has only been made available to a few AI researchers and companies, with some people building useful applications
    such as programs that generate email messages from bullet points. When GPT-3 was released, OpenAI said in a research paper that it had not seen signs of GPT-2 being used maliciously, even though it had been aware of Weiss's research.

    OpenAI and other researchers have released a few tools capable of
    identifying AI-generated text. These use similar AI algorithms to spot
    telltale signs in the text. It's not clear if anyone is using these to
    protect online commenting platforms. Facebook declined to say if it is using such tools; Google and Twitter did not respond to requests for comment.

    It also isn't clear if sophisticated AI tools are yet being used to create
    fake content. In August, researchers at Google posted details of an
    experiment that used deepfake-text-detection tools to analyze over 500
    million webpages. They found that the tools could identify pages hosting auto-generated text and spam. But it wasn't clear if any of the content was made using an AI tool such as GPT-2.

    ------------------------------

    Date: Mon, 18 Jan 2021 12:28:06 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: No stopping AI? Scientists conclude there would be no way to
    control super-intelligent machines (Study Finds)

    From self-driving cars to computers that can win game shows, humans have a natural curiosity and interest in artificial intelligence (AI). As
    scientists continue making machines smarter and smarter however, some are asking ``what happens when computers get too smart for their own good?''
    From The Matrix to The Terminator, the entertainment industry has already started pondering if future robots will one day threaten the human race.
    Now, a new study concludes there may be no way to stop the rise of
    machines. An international team says humans would not be able to prevent
    super artificial intelligence from doing whatever it wanted to.

    Scientists from the Center for Humans and Machines at the Max Planck
    Institute have started to picture what such a machine would look like.
    Imagine an AI program with an intelligence far superior to humans. So much
    so that it could learn on its own without new programming. If it was
    connected to the Internet, researchers say the AI would have access to all
    of humanity's data and could even take control of other machines around the globe.

    Study authors ask what would such an intelligence <https://www.studyfinds.org/human-brains-computer-see-objects/> do with all that power? Would it work to make all of our lives better? Would it devote
    its processing power to fixing issues like climate change? Or, would the machine look to take over the lives <https://www.studyfinds.org/majority-of-office-workers-feel-artificial-intelligence-could-replace-them-within-5-years/>
    of its human neighbors? Controlling the uncontrollable? The dangers of
    super artificial intelligence [...] https://www.studyfinds.org/no-way-to-control-super-artificial-intelligence-ai/

    ------------------------------

    Date: Mon, 25 Jan 2021 12:18:06 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: DNSpooq Lets Attackers Poison DNS Cache Records (Catalin Cimpanu)

    Catalin Cimpanu, ZDNet, 19 Jan 2021 via ACM TechNews, 25 Jan 2021

    Researchers in Israeli boutique cybersecurity consultancy JSOF have
    disclosed seven vulnerabilities that affect Dnsmasq, a domain name system
    (DNS) forwarding client for *NIX-based operating systems. The
    vulnerabilities involve DNSpooq software in millions of devices sold
    worldwide, including networking gear like routers, access points, firewalls, and VPNs from numerous companies. The researchers say the vulnerabilities
    could be combined to poison DNS cache entries recorded by Dnsmasq servers, allowing attackers to redirect users to clones of legitimate websites. Four
    of the vulnerabilities are buffer overflows in the Dnsmasq code that could result in remote code execution scenarios, and the remainder enable DNS
    cache poisoning. The researchers advise users to apply security updates released by the Dnsmasq project.

    https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-291b8x2279e7x070793&

    ------------------------------

    Date: Fri, 22 Jan 2021 14:10:41 -0600
    From: "Allen M. Bonneau"
    Subject: 1,900 doses of Moderna vaccine destroyed after cleaner accidentally
    unplugs freezer in Boston (ABC News)

    I have seen many stories about cleaners unplugging various systems so they could plug in the vacuum cleaner, etc.  This is the first one I have seen
    where the system was alarmed for this very scenario.

    Toto said, the freezer at the Boston pharmacy "was in a secure location
    and had an alarm system installed. The plug was found loose after a
    contractor accidentally removed it while cleaning."

    He said they are investigating why the incident occurred and why the
    alarm system did not work as it was supposed to.

    https://abcnews.go.com/Health/1900-doses-moderna-vaccine-destroyed-cleaner-accidentally-unplugs/story?id=75419665

    ------------------------------

    Date: Mon, 25 Jan 2021 04:57:59 -0700
    From: "Bob Gezelter" <gezelter@rlgsc.com>
    Subject: COVID-19 Vaccine Reservations (RLGSC)

    Various new outlets have reported systemic problems with the COVID-19 vaccination program in the United States. The most recent installment in my blog, Ruminations, discussed some of the major issues I encountered.

    The general public is rarely impacted by poor choices in IT implementations. Unfortunately, the COVID-19 vaccination program has become an example of how not to implement important public-facing computer systems. ...

    The full text can be found at:

    http://www.rlgsc.com/blog/ruminations/public-health-endangered-by-deficient-user-models.html

    ------------------------------

    Date: Sat, 23 Jan 2021 15:27:37 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Intelligence Analysts Use U.S. Smartphone Location Data Without
    Warrants, Memo Says

    https://www.nytimes.com/2021/01/22/us/politics/dia-surveillance-data.html

    ------------------------------

    Date: January 19, 2021 at 10:13:21 AM GMT+9
    From: Kimi Wei <kimiwei88@gmail.com>
    Subject: A Lesson From 1930s Germany: Beware State Control of Social Media

    Heidi Tworek, *The Atlantic*, 26 May 2019 [via Dave Farber]

    https://www.theatlantic.com/international/archive/2019/05/germany-war-radio-social-media/590149/?fbclid=IwAR1o7hi3wl70oEtokq9Q4ofduG45sSF-4XqAb6tXfS7lUKnPjZeglRRg0H0

    Regulators should think carefully about the fallout from well-intentioned
    new rules and avoid the mistakes of the past

    ``Our way of taking power and using it would have been inconceivable without the radio and the airplane,'' Nazi Propaganda Minister Joseph Goebbels
    claimed in August 1933.

    [Timely byt very long item truncated for RISKS. PGN]

    ------------------------------

    Date: Wed, 20 Jan 2021 05:33:22 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Biden Has a Peloton Bike. That Raises Issues at the White House.

    https://www.nytimes.com/2021/01/19/us/politics/biden-peloton.html

    ------------------------------

    Date: Thu, 21 Jan 2021 13:38:57 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Biden will be the first president to use the new Air Force One
    (Business Insider)

    Here's what we know about the $5.3-billion aircraft

    https://www.businessinsider.com/what-we-know-about-the-air-force-one-replacement-project-2020-7

    Favorite line:

    The Air Force announced in April that Boeing will develop the owner's
    manual for the new VC-25B aircraft and the service branch is paying $84
    million for it, DefenseOne reported. The manual will reportedly contain
    over 100,000 pages and won't even be ready at the time of the jet's
    estimated delivery to the Air Force, with DefenseOne reporting that it
    will arrive in January 2025.

    That is one serious manual! And it better have a quick index for pilots...

    ------------------------------

    Date: Thu, 21 Jan 2021 14:03:49 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Janet Yellen suggests 'curtailing' cryptocurrency

    https://markets.businessinsider.com/currencies/news/bitcoin-price-cryptocurrency-should-be-curtailed-terrorism-concerns-yellen-2021-1-1029985692

    On the other hand...

    http://broadbandbreakfast.com/2021/01/panelists-at-ces-2021-agree-widespread-adoption-of-cryptocurrency-is-imminent/

    ------------------------------

    Date: Thu, 21 Jan 2021 10:00:08 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Camouflage shield known as Quantum Stealth, is light-bending
    material that could be used to obscure objects of varying sizes

    https://twitter.com/knowIedgehub/status/1352235869143330819

    ------------------------------

    Date: Fri, 22 Jan 2021 13:00:14 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Google-Linked Balloon Project to Provide Cell Service Will Close
    (NYTimes)

    https://www.nytimes.com/2021/01/21/technology/loon-google-balloons.html

    ------------------------------

    Date: Fri, 22 Jan 2021 13:11:00 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Supermarket Worker Stole $1 Million and Bought Cars and Guns,
    Police Say (NYTimes)

    The theft, by a 19-year-old who worked at a Kroger in Duluth, Georgia., occurred over two weeks when a supermarket compliance officer was away, the authorities said.

    https://www.nytimes.com/2021/01/21/us/kroger-atlanta-teen-arrested.html

    The risk? Let me think...

    ------------------------------

    Date: Sat, 23 Jan 2021 13:05:06 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Forever Chemicals Are Widespread in U.S. Drinking Water
    (Scientific American)

    https://www.scientificamerican.com/article/forever-chemicals-are-widespread-in-u-s-drinking-water/

    "A handful of states have set about trying to address these contaminants,
    which are scientifically known as perfluoroalkyl and polyfluoroalkyl
    substances (PFASs). But no federal limits have been set on the concentration
    of the chemicals in water, as they have for other pollutants such as
    benzene, uranium and arsenic. With a new presidential administration coming into office this week, experts say the federal government finally needs to remedy that oversight. 'The PFAS pollution crisis is a public health emergency,' wrote Scott Faber, EWG's senior vice president for government affairs, in a recent public statement."

    Cast iron cookware is safer than non-stick, though maintenance is
    higher. Can also be used for weight training!

    The movie "Dark Waters" dramatizes the protracted effort to hold industry accountable for PFAS water pollution.

    ------------------------------

    Date: Tue, 19 Jan 2021 12:46:52 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Revving up electric car industry, Israeli firm develops
    5-minute-charge battery

    *Herzliya-based startup StoreDot unveils solution for main obstacle to widespread use of electric vehicles, but it requires major upgrades to
    charging stations*

    Israeli company StoreDot announced Tuesday that in a landmark achievement in the electric vehicle industry, it had managed to develop the world's first
    car battery that can be fully charged in just five minutes.

    However, the invention will take time to become commercially feasible since
    the ultra-fast charge would require much higher-power chargers than are currently available, The Guardian *reported* [... PGN-truncated] <https://www.theguardian.com/environment/2021/jan/19/electric-car-batteries-race-ahead-with-five-minute-charging-times>
    <https://www.timesofisrael.com/israeli-startup-storedot-unveils-ultra-fast-charging-batteries-for-drones/>
    https://www.timesofisrael.com/revving-up-electric-car-industry-israeli-firm-develops-5-minute-charge-battery/

    ------------------------------

    Date: Mon, 18 Jan 2021 15:49:42 -0800
    From: Don Norman <dnorman@ucsd.edu>
    Subject: Re: Bursts of acceleration in Tesla vehicles caused by drivers
    mistaking accelerators for brakes ... (RISKS-32.45)

    Gabe Goldberg reported *The Washington Post* on an NHTSA investigation into crashes by Teslas. The study concluded that there was no design fault, but rather Driver Error: Mistakenly stepping on the accelerator rather than the brake.

    https://www.washingtonpost.com/transportation/2021/01/08/tesla-brakes/

    Gabe then editorializes in the cute quip manner that has become all too
    common on RISKS: "[Doesn't speak well of Tesla owners' driving skills...]."

    I believe it is a Design Fault -- not just of Tesla, but of automobiles in general and the standards committees.

    Mistaken application of the accelerator pedal rather than the brake is a reasonably frequent event in automobiles, so frequent that it even has an acronym: SUA. Sudden Unintended Acceleration.

    Why? Because the accelerator and brake pedals are adjacent, sometimes at approximately the same height (especially loved by racers, so they can "heel and toe" between the toe pedals rapidly.

    In modern autos, there is no clutch pedal, so there is lots of room to space the pedals differently. There are other solutions to the placement of the pedals, but each change will have its own perceived risks, so rather than
    make suggestions only to have people point out the flaws, I say, why not
    turn it over to the Human Factors engineers. Every major car manufacturer -- and even NHTSA-- employs them. Let the studies begin! (Caveat: I'm a Fellow
    of the Human Factors society, among others, so I am biased.)

    I also suspect that for many of the Tesla accidents, the driver's foot was
    on the floor or otherwise resting. Why? In the Tesla (or any auto with adaptive cruise control), there is nothing for the right foot to do. Acceleration and appropriate speed is automatically handled by the vehicle.
    Why not rest the foot. I know I do. If there suddenly is a need to brake, a small percentage of misses is likely.

    Note too that in the case of Tesla, all the SUA events did have forces
    applied to the accelerator pedal (the auto has extensive record keeping), so these were unlikely to simply be faulty automation. Of the 217 cases
    examined by NHTSA. 28% were in parking lots and 12% in Driveways -- 40%!

    Tesla -- and many Electric Vehicles (EVs) have a feature that can be
    dangerous in this situation: Electric motors have high torque even at
    startup, so the initial acceleration, even (especially) from a stopped
    position can be unexpectedly rapid. Notice that most of the cases were in
    zero or low velocity situations. The NHTSA report states: "Eighty-six (86) percent of these crashes occurred in parking lots, driveways or other close-quarter *not-in-traffic* locations." Moreover, NHTSA says: "Almost all
    of these crashes were of short duration, with crashes occurring within three seconds of the alleged SUA event."

    I don't have comparable statistics for the multiple crashes that Toyota had
    due to SUA or for any of the other manufacturers who were also afflicted.

    But Norman's Rule of Design is that when there are multiple, repeated
    incidents of the same type of accident, even though the tendency is to blame the person, invariably it is actually due to inappropriate design. When I
    see one or two cases, blaming the person might be appropriate. But when the number of cases gets into the multiple hundreds, something else is going on.

    It is cute to make fun of drivers, whether for their age, gender, or choice
    of automobile. Cute statements often are false statements. And false
    statements can cause damage and death. In the case of automobile accidents,
    a false belief that incidents are caused by driver error prevents government agencies and automobile manufacturers from believing they should do
    something about it.

    Please people, stop calling faulty design "human error."

    (I couldn't find the NHTSA report on the NHTSA site, but it is available at https://www.teslarati.com/tesla-sudden-acceleration-nhtsa-closes-review/ .)

    Don Norman, Founding Director Emeritus, Design Lab,
    University of California, San Diego USA.

    [John Levine noted that in the 1980s a bunch of unexpected acceleration
    events in Audi 100's were also due to pedal confusion. Audi recalled them
    to move the pedals farther apart and to add an interlock so you had to
    step on the brake before putting the car in gear.

    Michael Bacon noted that many air crashes have been attributed to "pilot
    error", but examination of later incidents found issues with design,
    materials, systems, construction, maintenance, inspection, manuals,
    training, operations, etc. PGN]

    ------------------------------

    Date: Tue, 19 Jan 2021 14:35:11 -0600
    From: "Craig S. Cottingham" <craig@cottingham.net>
    Subject: Re: Post-Riot, the Capitol Hill IT Staff Faces a Security Mess
    (Goldberg, RISKS-32.45)

    And if they ran out of money to destroy things, what was left
    to *buy* things?

    Different bucket. Congress probably allocated X dollars to destroy and Y dollars to replace.

    ------------------------------

    Date: Tue, 19 Jan 2021 10:58:50 +0000
    From: Michael Bacon <attilathehun1900@tiscali.co.uk>
    Subject: Re: Bug wipes UK arrest records (RISKS-32.45)

    The deleted records were linked to police investigations that were
    terminated before charge (No Further Action) or to those where an individual had been acquitted at court. Statistically, few of them will relate to murders, rapes or other serious crimes.

    That's not to say there is little or no risk, but it's not as serious as the opposition parties or the British Broadcasting Corporation would like to
    make out.

    ------------------------------

    Date: Tue, 19 Jan 2021 10:58:50 +0000
    From: Michael Bacon <attilathehun1900@tiscali.co.uk>
    Subject: Re: Bug wipes UK arrest records (RISKS-32.45)

    The deleted records were linked to police investigations that were
    terminated before charge (No Further Action) or to those where an individual had been acquitted at court. Statistically, few of them will relate to murders, rapes or other serious crimes.

    That's not to say there is little or no risk, but it's not as serious as the opposition parties or the British Broadcasting Corporation would like to
    make out.

    ------------------------------

    Date: Mon, 18 Jan 2021 23:06:21 +0000
    From: John Colville <John.Colville@uts.edu.au>
    Subject: Re: Company name could lead to security xss attack

    Not a sophisticated, modern problem but: Some years ago, in Sydney
    (Australia) there was a company named Computer Accounting and Systems, or
    CAS for short. For a while people were sending cheques (checks) were to pay 'CAS' until some enterprising person changed the recipient name by adding a
    'H' converting it to a cash cheque.

    ------------------------------

    Date: Mon, 18 Jan 2021 23:46:34 +0000
    From: Wol <antlists@youngman.org.uk>
    Subject: Re: Risk Management and Two-Dose Vaccines (RISKS-32.45)

    The calculus involved here is complex. [...]

    The UK thinks the calculus is simple.

    Firstly, it appears that 12 weeks is the optimum delay to provide the
    longest protection.

    Secondly, and far more importantly, while a single dose may only offer 50%
    or 60% protection against infection, it DOES seem to offer *100%* protection against hospitalisation.

    No, we don't want "one shot" people getting infected and spreading it, but
    the more people we can keep out of hospital, the better. (And getting
    infected seems to offer 85% immunity after you've recovered.)

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)