[continued from previous message]
Screenshots provided below indicating that the wash account . . . is present and boxes checked appropriately for the principal components.'' Fratta then forwarded the same email to members of his team, with the subject line
``Urgent Wash Account Does not Work.'' He stated: ``Flexcube is not working properly, and it will send your payments out the door to
lenders/borrowers. The wash account selection is not working. This lead
[sic] to ~1BN going out the door in error yesterday for an ABTF Deal,
Revlon.'' ...
Over the course of the day, Fratta learned that the principal payments --
which were made with Citibank's own money, as Revlon had provided funds only for the interim interest payments to be made in connection with the roll up transaction -- were not caused by a technical error, but by human error: the failure to select the FRONT and FUND fields when inputting the default
override instructions in Flexcube.
Nope, nope, he was right the first time, this whole setup is a ``technical error.'' Citi's software will only let you pay principal to some lenders if
you pretend to pay it to every lender, and it will only let you pretend to
pay principal to every lender if you check the ``just pretend'' box next to ``PRINCIPAL'' (fine!) and ``FUND'' (what?) and ``FRONT'' (what even?). What a terrifying thing......l
------------------------------
Date: Sun, 14 Feb 2021 09:44:58 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Climate Change Could Shred Guitars Known for Shredding
(Scientific American)
https://www.scientificamerican.com/podcast/episode/climate-change-could-shred-guitars-known-for-shredding/
"It is the wood that the rock greats have sworn by -- swamp ash, in the form
of their Fender Telecaster and Stratocaster guitars -- for over 70 years. If you've ever listened to rock, you've probably heard a swamp ash, solid body guitar. But now, climate change is threatening the wood that helped build
rock and roll."
Rock n' roll will never die, but the next generation of inspirational guitarists, and their rich riffs, may not mature without solid-body swamp
ash stringed instruments. Amplifiers that go to 11 can't fix Fender Stratocaster extinction.
------------------------------
Date: Fri, 19 Feb 2021 15:29:42 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Data breach warning after California DMV contractor hit by
file-stealing ransomware (TechCrunch)
California's Department of Motor Vehicles is warning of a potential data
breach after a contractor was hit by ransomware.
The Seattle-based Automatic Funds Transfer Services (AFTS), which the DMV
said it has used for verifying changes of address with the national database since 2019, was hit by an unspecified strain of ransomware earlier this
month.
In a statement sent by email, the DMV said that the attack may have
compromised “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle
identification numbers.” But the DMV said AFTS does not have access to customers' Social Security numbers, dates of birth, voter registration, immigration status or driver's license information, and was not compromised.
https://techcrunch.com/2021/02/18/california-motor-vehicles-afts-ransomware/?guccounter=1
------------------------------
Date: Thu, 18 Feb 2021 11:00:49 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Entitled People Are More Likely To Be Angry at Bad Luck
(Scientific American)
https://www.scientificamerican.com/article/entitled-people-are-more-likely-to-be-angry-at-bad-luck/
"Defeat is never fun, but losing a game of poker is less painful when it's
due to the luck of the draw rather than an opponent who's cheating.
Unfairness fires people up, whereas bad luck just disappoints.
"But interestingly, this isn't true for everyone. In a series of studies, we found that people who have higher levels of psychological entitlement -- who believe they deserve good things -- actually felt victimized and angered
when they experienced, remembered or imagined bad luck befalling them."
Where would the technology industry be if luck preordained investment
outcomes? Is the game of life imperceptibly fixed for some and not others? Fortitude sustains human perseverance, though the myth of Sisyphus reminds
us that effort does not always render beneficial outcome.
That luck serves a significant role in personal or collective achievement,
or underachievement, or at least the perception of it, is both devastating
and demoralizing. Resorting to luck as the sole determinant of success reinforces the desperate idiom that "Man plans and God laughs."
------------------------------
Date: Mon, 15 Feb 2021 06:44:57 -0500
From: Jan Wolitzky <
jan.wolitzky@gmail.com>
Subject: Who Should Stop Unethical AI? (Matthew Hutson)
At artificial-intelligence conferences, researchers are increasingly alarmed
by what they see.
Matthew Hutson, *The New Yorker*, 15 Feb, 2021
https://www.newyorker.com/tech/annals-of-technology/who-should-stop-unethical-ai
------------------------------
Date: Fri, 19 Feb 2021 10:13:39 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: AI may mistake chess discussions as racist talk
(Techxplore.com)
https://techxplore.com/news/2021-02-ai-chess-discussions-racist.html
'"We don't know what tools YouTube uses, but if they rely on artificial intelligence to detect racist language, this kind of accident can happen," KhudaBukhsh said. And if it happened publicly to someone as high-profile as Radic, it may well be happening quietly to lots of other people who are not
so well known.'
Would discussion of "rainbow-sprinkled cookies" or an "all red, queen-high flush" crash Youtube's AI platform?
Risk: AI misclassification.
------------------------------
Date: Wed, 17 Feb 2021 13:11:45 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: "Holy cow. Bitcoin is using half a percent of all the world's
electricity?
https://twitter.com/Ryan-Knutson/status/1362167579461226497
------------------------------
From: Richard Stein <
rmstein@ieee.org>
Date: Fri, 19 Feb 2021 10:25:54 +0800
Subject: Nvidia limits crypto-mining on new graphics card (msn.com)
https://www.msn.com/en-xl/news/other/nvidia-limits-crypto-mining-on-new-graphics-card/ar-BB1dNJev
"Nvidia said the software for its forthcoming GeForce RTX 3060 card will
limit how efficiently it can process Ethereum transactions by about 50%.
"This will make it less economical for miners to use the card for mining Ethereum."
A software throttle is an exploit target.
------------------------------
Date: Fri, 19 Feb 2021 14:23:48 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The IRS Cashed Her Check, Then the Late Notice Started Coming
(ProPublica)
https://www.propublica.org/article/the-irs-cashed-her-check-then-the-late-notices-started-coming
------------------------------
Date: Thu, 18 Feb 2021 22:49:59 -0500
From: Monty Solomon <
monty@roscom.com>
Subject: Authorities have taken down the dark web's largest illegal
marketplace vendor
Authorities have taken down the dark web's largest illegal marketplace
https://www.theverge.com/2021/1/12/22227929/darkmarket-shutdown-europol-worlds-largest-illegal-marketplace
------------------------------
Date: Tue, 16 Feb 2021 17:10:11 -0800
From: Peter G Neumann
Subject: U.S. election cybersecurity (CDT)
The Center for Democracy and Technology has issued a relevant report:
https://cdt.org/wp-content/uploads/2021/02/2021-02-02-CDT-Agenda-for-US-Election-Cybersecurity-KAS-FINAL.pdf
------------------------------
Date: Fri, 19 Feb 2021 17:25:29 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: People answer scientists' queries in real time while dreaming
(Scientific American)
https://www.scientificamerican.com/article/people-answer-scientists-queries-in-real-time-while-dreaming/
"Researchers demonstrate that during REM sleep, people can hear -- and
respond to -- simple questions (What is eight minus six?)"
Not difficult to imagine an exploitation of this capability. For instance, a CxO for a publicly listed company asked a yes-or-no question: 'Will your
shop achieve projected profitability this quarter?'
Risk: Sleep-talking.
------------------------------
Date: Fri, 19 Feb 2021 15:24:57 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: How Oracle Sells Repression in China (
In its bid for TikTok, Oracle was supposed to prevent data from being passed
to Chinese police. Instead, it’s been marketing its own software for their surveillance work.
https://theintercept.com/2021/02/18/oracle-china-police-surveillance/
------------------------------
Date: Mon, 15 Feb 2021 20:04:47 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The Untold History of America's Zero-Day Market (WiReD)
https://www.wired.com/story/untold-history-americas-zero-day-market/
A bit too breathless and incoherent...
------------------------------
Date: Tue, 16 Feb 2021 11:59:18 -0800
From: Rob Slade <
rmslade@shaw.ca>
Subject: "Vaccine" passport?
I'm not holding my breath, waiting for one.
I have, previously, mentioned John McAfee's "enterprise" regarding a similar certificate or passport for swingers in the time of AIDS. The thing just
isn't workable, at best, and, at worst, it can be a positive danger.
You're going to have to carry some kind of document or card. Let's say it's
a card. Now, does it just give contact info for a centralized database?
(One version I saw just used a QR code on your phone, so that definitely
seems to just be a "pointer" situation.) *How* centralized? This is going
to be used for international travel, one would think, if it is going to be
used at all. So which countries are going to sign on? And which are going
to accept a database in some other jurisdiction? And which are going to
accept having their citizens' data stored by someone else?
OK, so what if we make it a smart card and store it on the phone. Same problems with jurisdiction. Which countries are going to agree (within the next few months, please) to a standard for data storage on such a card? And start producing them, all to the same specs.
Then we have the data. There are the details of the vaccine. Which version
of the vaccine? Which lot number? What is the date of administration?
(Oh, and, by the way, all vaccine administration points are going to have to
be prepared to input *and verify* all this information at the time you get
your shot.) (Every single nurse-practitioner's office and pharmacy.) (And
the details of who entered the info is going to have to be there as well,
for verification.) Is it a multi-shot regimen? Did you get your booster?
That's a lot of data. And, if someone gets access to it, a lot more can be inferred from it. Like where you were on a given date and time ...
Oh, and, by the way, there are some additional data points we should add.
Like, have you been tested? What type of test? What date? [...]
I see *lots* of problems ...
------------------------------
Date: Fri, 19 Feb 2021 14:08:17 +0200
From: Amos Shapir <
amos083@gmail.com>
Subject: Man offered vaccine after error lists him as 6.2cm tall
Yet another case of GIGO:
https://www.bbc.com/news/uk-england-merseyside-56111209
A young man was offered a vaccine despite not being in any risk group. It turns out his height was registered as 6.2cm instead of 6'2", which resulted
in a BMI number of about 28,000 -- which the system flagged as "clinically, morbidly-obese".
------------------------------
Date: Tue, 16 Feb 2021 13:22:53 -0700
From: Jim Reisert AD1C <
jjreisert@alum.mit.edu>
Subject: Gorilla COVID risks (CNN)
https://www.cnn.com/2021/02/16/africa/gorilla-covid-selfie-safety-scli-intl-scn/
Jack Guy, CNN, 16 Feb 2021
Tourists who take selfies with wild mountain gorillas could put the
primates at risk of developing Covid-19, according to new research.
Scientists from Oxford Brookes University, England, looked at hundreds of
Instagram posts from people visiting the animals in East Africa and found
most tourists were close enough to gorillas to spread viruses and
diseases, according to a press release from the university on Tuesday.
"The risk of disease transmission between visitors and gorillas is very
concerning," said study lead author Gaspard Van Hamme, an Oxford Brookes
University alumnus who started work on the study during his masters
program.
"It is vital that we strengthen and enforce tour regulations to ensure
gorilla trekking practices do not further threaten these already imperiled
great apes."
------------------------------
Date: Mon, 15 Feb 2021 16:51:48 +0900
From: Chiaki Ishikawa <
ishikawa@yk.rim.or.jp>
Subject: Japanese contact tracing software of Covid-19 patient on Android
did not work for four months (Kyodo News)
The following item explains it all.
https://english.kyodonews.net/news/2021/02/6437947c3d50-suga-apologizes-for-glitch-in-japans-covid-19-contact-tracing-app.html
A contact tracing app dubbed "COCOA" in Japan has failed miserably on
Android phones since September update, but obviously no one at the health ministry or the development company who contracted the work verified the operation on a real phone despite there are SNS posts of Covid-19 patients
who mentioned that their family members' phone did not report the exposure warning at all.
I think the issue is due to a few factors.:
- Apple/Google publishes so called Exposure Notification API and implements
its functionality on their respective OS. The specs from two companies disagreed on a few minor points. Obviously, there have been updates, and
new specs are hard to read as many in ICT industry can attest. This type of specs is read only by geeks and not many complain loudly that they are
written poorly. But I digress.
Only some really serious developers noticed the subtle difference between
the API published for iOS and Android. A blog in Japanese about the bug. It refers to the github issue comments that first reported the issue from programmer's point of view.
https://zenn.dev/zipperpull/articles/20210210-cocoa-bug (in
Japanese).
- Apple/Google have asked the health authorities of countries/regions only
one such app is used in the region. This I suppose is due to the privacy concerns.
This made the selection of developers a bit difficult since there had been a few independent groups who already have more or less working samples. (I
don't know if they were bug-free or not.). Eventually, one of the developed software was chosen as the basis of COCOA and a maintenance company was
chosen whose main function, it thought, was the operation/maintenance of anonymous patient database (anonomized by apple/goole algorithms, I think.)
But actually, due to the API change over the long run, the app needed to be maintained as well for both on iOS and Android. Somehow the Android update
got buggy but no real world phone tests did not take place if I understand correctly. This is probably due to the unpreparedness of the development company, but I am not sure.
If this were an ordinary software bug, I would say"OK, a bug is always
there, let's fix it and move on.".
However, when the app was relied on the health authority of the region where
I live (Kanagawa prefecture), it is not such an easy-to-ignore bug. The authority stated in early January, citing lack of man-power, that it would
rely on this failing app to keep track of people who come into contact with known Covid-19 patients instead of human-based tracing. This means that
those who relied on Android version of the app got short shrift and worse.
I am not even sure if iOS version is working correctly since there has been
a report from an iOS user who got Covid-19 and yet her family members
iPhones did not report the exposure. Hmm...
I use Android and have removed the app for now.
------------------------------
Date: Mon, 15 Feb 2021 10:52:16 PST
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Bruce Schneier's CRYPTO-GRAM, 15 Feb 2021
[I am including the ToC for this issue of Bruce Schneier's CRYPTO-GRAM
because it illustrates an incredible increase in the breadth and
pervasiveness of serious security attacks. FYI. You might want your own
subscription (it's free) if this is of interest to you. PGN]
For back issues, or to subscribe, visit Crypto-Gram's web page [
https://www.schneier.com/crypto-gram/].
Read this issue on the web [
https://www.schneier.com/crypto-gram/archives/2021/0215.html]
1. Cell Phone Location Privacy
2. Injecting a Backdoor into SolarWinds Orion
3. Sophisticated Watering Hole Attack
4. SVR Attacks on Microsoft 365
5. Insider Attack on Home Surveillance Systems
6. Massive Brazilian Data Breach
7. Dutch Insider Attack on COVID-19 Data
8. Police Have Disrupted the Emotet Botnet
9. New iMessage Security Features
10. Including Hackers in NATO Wargames
11. Georgia's Ballot-Marking Devices
12. More SolarWinds News
13. Another SolarWinds Orion Hack
14. Presidential Cybersecurity and Pelotons
15. NoxPlayer Android Emulator Supply-Chain Attack
16. SonicWall Zero-Day
17. Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer
18. Ransomware Profitability
19. Attack against Florida Water Treatment Facility
20. Medieval Security Techniques
21. Chinese Supply-Chain Attack on Computer Systems
------------------------------
Date: Mon, 15 Feb 2021 15:19:40 -0600
From: Bob Wilson <
wilson@math.wisc.edu>
Subject: Re: Calling All Ham Radio Operators
As a ham myself, I want to point out this has nothing to do with ham radio operators. (Many of us do happily use Morse, but we are not the only such people in the world!) Ham radio is a flourishing activity (the US has more licensed hams now than ever in the past, something like three quarters of a million) that in addition to being a hobby enjoyed by many is a valuable contribution to national security and safety, and should not be (be)smirched with any connection to that hacking attack! Bob Wilson
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.50
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)