• Risks Digest 32.52 (1/2)

    From RISKS List Owner@21:1/5 to All on Sun Mar 7 01:16:20 2021
    RISKS-LIST: Risks-Forum Digest Saturday 6 March 2021 Volume 32 : Issue 52

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.52>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Fed outage shuts down U.S. payment system (Tom Van Vleck via Ars Technica)
    DC Vaccine Appointment Website, Phone Line Crashes Early Thursday (DCist) Weaknesses in FAA's certification and delegation processes hindered its
    oversight of the 737 MAX 8 (DOT)
    EU Report Warns AI Makes Autonomous Vehicles 'Highly Vulnerable' to Attack
    (Khari Johnson)
    Heavy Rain Affects Object Detection by Autonomous Vehicle LiDAR Sensors
    (U.Warwick)
    XC40 Recharge buyers have been told to sit tight (The Verge)
    Vintage technology: 'It sounds so much cleaner' (BBC News)
    Error-prone software reportedly ruined lives: Post Office scandal:
    Postmasters have convictions quashed (BBC)
    Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release
    Dates (KJZZ)
    Alexa in the car Toyota)
    Experts find a way to learn what you're typing during video calls
    (The Hacker News)
    Israel adopts law allowing names of unvaccinated to be shared (AFP)
    Judge in Google case disturbed that even *incognito* users are tracked
    (Bloomberg)
    Facebook will roll back its block on news posts in Australia (Engadget) Relativity Space unveils a reusable 3D-printed rocket to compete with
    SpaceX's Falcon 9 (CNBC)
    Big data healthcare project raises privacy issues (M.K.McGee)
    Contact-tracing apps help reduce COVID infections, data suggest (Nature)
    Can Zapping Our Brains Really Cure Depression? (NYTimes)
    Student Surveillance Vendor Proctorio Files SLAPP Lawsuit to Silence A
    Critic (EFF)
    Computers get Sundays off? (Gabe Goldberg)
    Formula E's Software Communication Problem (The Register via Ben Moore)
    Gig Workers Gather Their Own Data to Check the Algorithm's Math (WiReD)
    'Drunk' robot vacuums spark complaints from owners (BBC News)
    Predictive Text Feature Coming to Microsoft Word in March (PCMag)
    Doctor joins Zoom court hearing while operating on patient (BBC News)
    Carranza resigns as NYC schools chancellor; Meisha Porter will replace him
    (NYTimes)
    New security flaws detected in more credit cards (Leo Hermann))
    "Virtual computer chip tests expose flaws, protect against hackers"
    (Matthew Sparkes)
    Is Your Browser Extension a Botnet Backdoor? (Krebs on Security)
    When Companies Skimp on Cybersecurity (Bruce Schneier)
    Former SolarWinds CEO blames intern for "solarwinds123" password leak
    (CNNPolitics)
    Post Office scandal: Postmasters have convictions quashed (BBC)
    Objective or Biased (Bayerischer Rundfunk)
    Amazon's new rotating, follow-you camera is useful —0 and invasive
    (WashPost)
    Vaccine passport certificates already exist (Clive Page)
    Texas power outages demonstrate grid cyber-vulnerability and inadequacy of
    existing regulations (Joe Weiss)
    Re: His Lights Stayed on During Texas's Storm. Now He Owes $16,752
    (Keith Medcalf)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 25 Feb 2021 08:19:17 -0800
    From: Tom Van Vleck <thvv@multicians.org>
    Subject: Fed outage shuts down U.S. payment system (Ars Technica)

    I ran across this and wonder what really happened, and whether it can happen again.

    https://arstechnica.com/tech-policy/2021/02/fed-outage-shuts-down-us-payment-systems-for-more-than-an-hour/

    [Of course it can, although perhaps for a slightly different reason.
    PGN]

    ------------------------------

    Date: Thu, 25 Feb 2021 18:48:16 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: DC Vaccine Appointment Website, Phone Line Crashes Early Thursday
    (DCist)

    The District's phone and online system crashed on Thursday morning just as thousands of residents became newly eligible to sign up for 4,350
    appointments for the COVID-19 vaccine.

    Mayor Muriel Bowser said this week that appointments would open at 9 a.m. to residents living in priority ZIP codes who are 65 or older, are 18 and older and have a qualifying medical condition ranging from asthma to cancer, or
    work in a number of essential jobs from child care to grocery stores.

    But the demand almost immediately overwhelmed the city's online and phone system, with many callers reporting that they couldn't even get through on
    the phone. Others reported that even when they did get through online, the system wasn't updated to reflect the new eligibility criteria for
    pre-existing conditions and essential workers.

    https://dcist.com/story/21/02/25/dc-vaccine-appointment-system-crashes-qualifying-medical-conditions/

    Testing scalability -- why bother? That's what customers are for.

    ------------------------------

    Date: Fri, 26 Feb 2021 08:15:28 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Weaknesses in FAA's certification and delegation processes hindered
    its oversight of the 737 MAX 8 (DOT)

    (Office of Inspector General, Transportation)

    https://www.oig.dot.gov/library-item/38302

    "While FAA and Boeing followed the established certification process for the 737 MAX 8, we identified limitations in FAA's guidance and processes that impacted certification and led to a significant misunderstanding of the Maneuvering Characteristics Augmentation System (MCAS), the flight control software identified as contributing to the two accidents. First, FAA's certification guidance does not adequately address integrating new
    technologies into existing aircraft models. Second, FAA did not have a
    complete understanding of Boeing's safety assessments performed on MCAS
    until after the first accident. Communication gaps further hindered the effectiveness of the certification process. In addition, management and oversight weaknesses limit FAA's ability to assess and mitigate risks with
    the Boeing ODA. For example, FAA has not yet implemented a risk-based
    approach to ODA oversight, and engineers in FAA's Boeing oversight office continue to face challenges in balancing certification and oversight responsibilities. Moreover, the Boeing ODA process and structure do not
    ensure ODA personnel are adequately independent. While the Agency has taken steps to develop a risk-based oversight model and address concerns of undue pressure at the Boeing ODA, it is not clear that FAA's current oversight structure and processes can effectively identify future high-risk safety concerns at the ODA."

    ODA == Organization Designation Authorization is the FAA designation for delegated certification authority of 737-MAX certifications to Boeing. See page 29 of this report for percent of delegation for certified flight
    systems on the 737-MAX: Boeing performed ~30% certifications (self-certifications) in JAN2014 to ~100% by JAN2017.

    The OIG's report raises troubling questions about self-certification of
    737-MAX flight systems by Boeing. Government delegation of certification authority to industry indicates policy review is essential, and revisions to delegation practices, are urgently required.

    Risk: Self-certification authority without independent enforcement oversight

    ------------------------------

    Date: Wed, 24 Feb 2021 12:37:38 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: EU Report Warns AI Makes Autonomous Vehicles 'Highly Vulnerable' to
    Attack (Khari Johnson)

    Khari Johnson, *VentureBeat*, 22 Feb 2021
    via TechNews, Wednesday, February 24, 2021

    EU Report Warns AI Makes Autonomous Vehicles 'Highly Vulnerable' to Attack

    A report by the European Union Agency for Cybersecurity (ENISA) describes autonomous vehicles as "highly vulnerable to a wide range of attacks" that could jeopardize passengers, pedestrians, and people in other vehicles. The report identifies potential threats to self-driving vehicles as including sensor attacks with light beams, as well as adversarial machine learning
    (ML) hacks. With growing use of artificial intelligence (AI) and the sensors that power autonomous vehicles offering greater potential for attacks, the researchers advised policymakers and businesses to foster a security culture across the automotive supply chain, including third-party providers. The researchers suggested AI and ML systems for autonomous vehicles "should be designed, implemented, and deployed by teams where the automotive domain expert, the ML expert, and the cybersecurity expert collaborate." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-299f0x228a9ax070159&

    ------------------------------

    Date: Fri, 26 Feb 2021 12:08:57 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Heavy Rain Affects Object Detection by Autonomous Vehicle LiDAR
    Sensors (U.Warwick)

    University of Warwick (U.K.) 25 Feb 2021, via ACM TechNews, 26 Feb 2021

    Researchers at the University of Warwick in the U.K. have found that the
    LiDAR sensors on autonomous vehicles (AVs) are less effective in detecting objects at a distance during periods of heavy rain. The researchers used the university's WMG 3xD simulator to test an AV's LiDAR sensors in different intensities of rain on real roads; they found that when the rainfall
    increased up to 50 mm per hour, object detection by the sensors dropped in conjunction with a longer range in distance. Warwick's Valentina Donzella
    said, "Ultimately we have confirmed that the detection of objects is
    hindered to LiDAR sensors the heavier the rain and the further away they
    are."

    https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29a98x228c44x070842&

    ------------------------------

    Date: Mon, 1 Mar 2021 14:22:05 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: XC40 Recharge buyers have been told to sit tight

    Volvo XC40 Recharge electric SUVs are currently being held at US ports
    because the company is waiting to ship a crucial software update before releasing them to customers and dealers, *The Verge *has learned.

    The problem appears to be that these XC40 Recharge SUVs -- which is Volvo's first all-electric vehicle -- left the company's factory without the Volvo
    On Call software activated. Volvo On Call is a subscription service that connects Volvo cars to an owner's smartphone, allowing them to remotely turn the vehicle on and off, lock or unlock the doors, and access diagnostic information. [...] https://www.theverge.com/2021/3/1/22307866/volvo-xc40-recharge-delay-software-update-on-call-ota

    ------------------------------

    Date: Fri, 26 Feb 2021 17:00:00 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Vintage technology: 'It sounds so much cleaner' (BBC News)

    Air Vice Marshal Rich Maddison is a senior RAF officer with decades of
    flying experience. "As an Air Force we are as high-tech as you get, but
    this, this is just me."

    He is referring to a miniature computer with a black and lime green screen
    and minuscule memory that uses AA batteries to power a 1997 design. It is a Psion 5 device and for AVM Maddison it represents his personal aviation history.

    The dated device is where he keeps his own flying log. Hailing from an era
    when computers came with their own programming languages, the Psion invited users to tinker with its limited applications. He could take fields in its address book and convert them to resemble a pilot's logbook.

    https://www.bbc.com/news/business-55808632

    Funny, backup isn't mentioned. I guess that hadn't been invented yet.

    [Cute. But Multics had a lovely backup system in the 1960s. PGN]

    ------------------------------

    Date: Mon, 1 Mar 2021 14:24:23 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Error-prone software reportedly ruined lives: Post Office scandal:
    Postmasters have convictions quashed (BBC)

    Six former sub-postmasters have had fraud convictions linked to a faulty computer system quashed in court. The long-running scandal began when the
    Post Office installed a new computer system that led to hundreds of sub-postmasters being wrongly convicted.

    https://www.bbc.com/news/business-55271193

    ------------------------------

    Date: Tue, 23 Feb 2021 16:03:42 -0700
    From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
    Subject: Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond
    Release Dates (KJZZ)

    Jimmy Jenkins, KJZZ, February 23, 2021

    https://kjzz.org/content/1660988/whistleblowers-software-bug-keeping-hundreds-inmates-arizona-prisons-beyond-release

    According to Arizona Department of Corrections whistleblowers, hundreds of
    incarcerated people who should be eligible for release are being held in
    prison because the inmate management software cannot interpret current
    sentencing laws.

    As of 2019, the department had spent more than $24 million contracting
    with IT company Business & Decision, North America to build and maintain
    the software program, known as ACIS, that is used to manage the inmate
    population in state prisons.

    One of the software modules within ACIS, designed to calculate release
    dates for inmates, is presently unable to account for an amendment to
    state law that was passed in 2019.

    Senate Bill 1310, authored by former Sen. Eddie Farnsworth, amended the
    Arizona Revised Statutes so that certain inmates convicted of nonviolent
    offenses could earn additional release credits upon the completion of
    programming in state prisons. Gov. Ducey signed the bill in June of 2019.

    But department sources say the ACIS software is not still able to identify
    inmates who qualify for SB 1310 programming, nor can it calculate their
    new release dates upon completion of the programming.

    [Also noted by Dougherty. PGN]

    ------------------------------

    Date: Tue, 23 Feb 2021 20:40:21 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Alexa in the car (Toyota)

    Toyota announced they're adding Amazon Alexa as a feature in some of their cars, but will it be as convenient and helpful as it's supposed to be?

    Ellen Previews the New Alexa Backseat Driver

    https://www.youtube.com/watch?v=0HugGCoK7m0

    [Someone commented: So it's just like being married.]

    ------------------------------

    Date: Tue, 23 Feb 2021 13:07:07 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Experts find a way to learn what you're typing during video calls
    ()

    A new attack framework aims to infer keystrokes typed by a target user at
    the opposite end of a video conference call by simply leveraging the video
    feed to correlate observable body movements to the text being typed.

    The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack can be extended beyond live video feeds to
    those streamed on YouTube and Twitch as long as a webcam's field-of-view captures the target user's visible upper body movements.

    "With the recent ubiquity of video capturing hardware embedded in many
    consumer electronics, such as smartphones, tablets, and laptops, the threat
    of information leakage through visual channel[s] has amplified," the researchers *said*.

    "The adversary's goal is to utilize the observable upper body movements
    across all the recorded frames to infer the private text typed by the
    target." <https://www.ndss-symposium.org/wp-content/uploads/ndss2021_3A-1_23063_paper.pdf>.

    To achieve this, the recorded video is fed into a video-based keystroke inference framework that goes through three stages. [...] https://thehackernews.com/2021/02/experts-find-way-to-learn-what-youre.html

    ------------------------------

    Date: Wed, 24 Feb 2021 14:35:45 -1000
    From: the keyboard of geoff goodfellow <geoff@iconia.com>
    Subject: Israel adopts law allowing names of unvaccinated to be shared (AFP)

    Israel's parliament passed a law Wednesday allowing the government to share
    the identities of people not vaccinated against the coronavirus with other authorities, raising privacy concerns for those opting out of inoculation.

    The measure, which passed with 30 votes for and 13 against, gives local governments, the director general of the education ministry and some in the welfare ministry the right to receive the names, addresses and phone numbers
    of unvaccinated citizens.

    The objective of the measure -- valid for three months or until the Covid-19 pandemic is declared over -- is "to enable these bodies to encourage people
    to vaccinate by personally addressing them", a parliament statement said.
    [...]

    https://news.yahoo.com/israel-adopts-law-allowing-names-153232886.html

    ------------------------------

    Date: Fri, 26 Feb 2021 21:43:04 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Judge in Google case disturbed that even *incognito* users are
    tracked (Bloomberg)

    https://www.bloomberg.com/news/articles/2021-02-26/google-judge-disturbed-that-even-incognito-users-are-tracked

    ------------------------------

    Date: Mon, 22 Feb 2021 20:43:14 -0800
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Facebook will roll back its block on news posts in Australia
    (Engadget)

    As anticipated.
    https://www.engadget.com/facebook-australia-news-043441256.html

    ------------------------------

    Date: Mon, 1 Mar 2021 11:32:04 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Relativity Space unveils a reusable 3D-printed rocket to compete
    with SpaceX's Falcon 9 (CNBC)

    - 3D-printing rocket builder Relativity Space is working on Terran R, a
    fully reusable launch vehicle that would be near the capabilities of
    SpaceX's Falcon 9 rocket.
    - Terran R is ``really an obvious evolution'' from the company's Terran 1
    rocket, Relativity CEO Tim Ellis told CNBC, the latter of which is
    scheduled to launch for the first time later this year.
    - ``I've always been a huge fan of reusability. No matter how you look at
    it ... making [a reusable rocket] has got to be part of that future,'' Ellis
    added. [...] https://www.cnbc.com/2021/02/25/relativitys-reusable-terran-rocket-competitor-to-spacexs-falcon-9.html

    ------------------------------

    Date: Mon, 1 Mar 2021 15:34:36 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Big data healthcare project raises privacy issues (M.K.McGee)

    Marianne Kolbasuk McGee (HealthInfoSec), 26 Feb 2021
    (healthcareinfosecurity.com)
    Truveta Initiative Involves Sharing De-Identified Data From 14 Provider
    Organizations

    https://www.healthcareinfosecurity.com/big-data-healthcare-project-raises-privacy-issues-a-16077

    [This is scary stuff. Massive potentials for misuse. PGN]

    ------------------------------

    Date: Tue, 23 Feb 2021 17:32:20 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Contact-tracing apps help reduce COVID infections, data suggest
    (Nature)

    Evaluations find apps are useful, but would benefit from better integration into health-care systems.

    https://www.nature.com/articles/d41586-021-00451-y

    ------------------------------

    Date: Thu, 25 Feb 2021 12:25:11 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Can Zapping Our Brains Really Cure Depression? (NYTimes)

    https://www.nytimes.com/2021/02/24/magazine/brain-stimulation-mental-health.html

    "The brain is an electrical organ. Everything that goes on in there is a
    result of millivolts zipping from one neuron to another in particular
    patterns. This raises the tantalizing possibility that, should we ever
    decode those patterns, we could electrically adjust them to treat
    neurological dysfunction -- from Alzheimers to schizophrenia -- or even optimize desirable qualities like intelligence and resilience."

    Brain tissue possesses plasticity: neural pathways can be molded. Adjust the neural pathway, and the characteristic electrical impulses (pulse frequency
    and amplitude) can modify human behavior and/or physiological response.

    Exploring transcranial stimulation to treat depression suggests that traditional therapies (talk + medicine) underachieves expected outcomes. Depression is a significant public health disorder that requires priority treatment.

    The US CDC estimates that 4.7% of the population aged 18+ regularly
    experiences feelings of depression. (https://www.cdc.gov/nchs/fastats/depression.htm)
    That's 0.047 * 255M =~ 12M people (https://datacenter.kidscount.org/data/tables/99-total-population-by-child-and-adult-populations#detailed/1/any/false/1729,37,871,870,573,869,36,868,867,133/39,40,41/416,417) for 2019 population estimates).

    The FDA assigns five product codes (OBP, OKP, QCI, QFF, QMD) for approved medical devices based on transcranial stimulation. Visit https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm and apply "transcranial" in the textbox to view medical device reports.

    These devices typically apply electromagnetic induction (discovered by
    Michael Faraday in 1831): a low-frequency, high-intensity magnetic field therapeutically adjusts the brain's neural pathways, a personalized electromagnetic pulse (EMP).

    Patients report immediate change in emotional state when applied. Whether
    or not these therapeutic devices yield persistent palliative relief from symptomatic depression remains to be demonstrated.

    Risk: Iatrogenic result.

    ------------------------------

    Date: Thu, 25 Feb 2021 14:38:13 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Student Surveillance Vendor Proctorio Files SLAPP Lawsuit to
    Silence A Critic (EFF)

    Electronic Frontier Foundation

    During the pandemic, a dangerous business has prospered: invading students' privacy with proctoring software and apps. In the last year, we've seen universities compel students to download apps that collect their face
    images, driver's license data, and network information. Students who want
    to move forward with their education are sometimes forced to accept being recorded in their own homes and having the footage reviewed for suspicious behavior.

    Given these invasions, it's no surprise that students and educators are fighting back against these apps. Last fall, Ian Linkletter, a remote
    learning specialist at the University of British Columbia, became part of a chorus of critics concerned with this industry.

    Now, he's been sued for speaking out. The outrageous lawsuit -- which relies
    on a bizarre legal theory that linking to publicly viewable videos is
    copyright infringement -- will become an important test of a 2019 British Columbia law passed to defend free speech, the Protection of Public Participation Act, or PPPA.

    https://www.eff.org/deeplinks/2021/02/student-surveillance-vendor-proctorio-files-slapp-lawsuit-silence-critic

    ------------------------------

    Date: Mon, 1 Mar 2021 15:57:19 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Computers get Sundays off?

    I griped yesterday (Sunday, Feb 28) to my money manager that my February distribution hadn't been paid:

    Today is last day of month, last business day was Friday -- no expected deposit.

    This needs to be reliable -- what happened?

    This should be automatic?

    Response:

    Unfortunately, when the date of the distribution falls on a Saturday or
    Sunday, it pushes the payment to the next business day which is today. 
    The funds should be posted to your account this morning.  For your March
    28 distribution, it will post to your banking account on Monday, March 29.

    My response:

    But that does seem strange -- computers don't work on Sundays? Funds
    transfer networks take Sundays off? Surely these payments are made automatically so what's the reason Sundays are skipped?

    So I'm waiting for some nonsense justification. Friend speculated:

    Whaddaya wanna bet this is some ancient rule that these can only happen on
    biz days?

    Really, every day's a business day these days. Credit card companies have no problem with billing days on weekends. And customers can't tell them that they're delaying payment to Monday. So payments should be made on
    weekends. Or should be made Friday before, not Monday after.

    ------------------------------

    Date: Mon, 1 Mar 2021 20:23:01 -0600
    From: Ben Moore <ben.moore@juno.com>
    Subject: Formula E's Software Communication Problem

    `Incorrect software parameter' sends Formula E's Edoardo Mortara to
    hospital: Brakes' fail-safe system failed (The Register) https://www.theregister.com/2021/03/01/formula_e_bug/

    Swiss Formula E driver Edoardo Mortara ended up in hospital after a software error left him driving into a safety wall at the ABB FIA Formula E World Championship in Diriyah, Saudia Arabia, on Saturday.

    The Mercedes-EQ Team said they've managed to correct the software problem
    and convince ruling body the FIA (Federation Internationale de l'Automobile) that the problem has been resolved.

    Former Audi driver Daneil Abt, who, prior to being suspended for cheating in
    an online race last May, had a similar accident also attributed to braking software and took note of the parallel circumstances.

    The Diriyah race saw also a more alarming accident, involving driver Alex
    Lynn (said to be well), and a missile interception over the city that
    occurred in the midst of a fireworks display.

    [Also noted by Tom Van Vleck. PGN]

    ------------------------------

    Date: Tue, 2 Mar 2021 00:22:49 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Gig workers gather their own data to check the algorithm's math
    (WiReD)

    Drivers for Uber, Lyft, and other firms are building apps to compare their mileage with pay slips. One group is selling the data to government
    agencies.

    https://www.wired.com/story/gig-workers-gather-data-check-algorithm-math/

    ------------------------------

    Date: Tue, 2 Mar 2021 13:33:42 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: 'Drunk' robot vacuums spark complaints from owners (BBC News)

    Owners of Roomba robot vacuums have complained the devices appear "drunk" following a software update.

    Problems include the machines "spinning around", constantly recharging or
    not charging at all, and moving in strange directions.

    The devices' maker iRobot has acknowledged its update had caused problems
    for "a limited number" of its i7 and s9 Roomba models.

    However, it added a fix would take "several weeks" to roll out worldwide.

    In the meantime, the firm is asking those affected to share the serial
    numbers of their devices so it can remove the most recent update.

    Ken Munro is a cyber-security expert who specialises in security around the Internet-of-things -- anything which is connected to the Internet. "Updates usually add new features or fix security bugs in smart products," he said. "They don't always go to plan though, sometimes introducing new bugs.

    https://www.bbc.com/news/technology-56239454

    What could ever go wrong with over-the-air updates of automotive software? It'll be OK as long as it doesn't touch anything related to engine,
    handling, navigation, safety, or infotainment. I can't wait.

    ------------------------------

    Date: Tue, 23 Feb 2021 01:18:19 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Predictive Text Feature Coming to Microsoft Word in March (PCMag)

    Over time, Word will learn and adapt to users' writing style while reducing spelling and grammatical errors.

    Redmond first tipped the text-prediction feature in September, when it had a limited rollout for Word beta testers and Microsoft 365 Word on the web
    users, as well as Outlook.com and Outlook on the web users in North
    America. The idea is to help users "write more efficiently by predicting
    text quickly and accurately," Microsoft said at the time.

    https://www.pcmag.com/news/predictive-text-feature-coming-to-microsoft-word-in-march

    What COULD go wrong with this... paving the way to even worse things than demented spelling checkers.

    ------------------------------

    Date: Sun, 28 Feb 2021 20:29:41 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Doctor joins Zoom court hearing while operating on patient
    (BBC News)

    A doctor in Sacramento, California joined a traffic court hearing on Zoom
    while performing surgery on a patient.
    Scott Green was dressed in surgical scrubs in an operating theatre when
    he appeared at his virtual trial on Thursday, the Sacramento Bee reported.

    When questioned by the judge, Mr Green said he was happy to go ahead, and
    that he had "another surgeon right here who's doing the surgery with me".

    The judge said that would not be "appropriate" and postponed the trial.

    The Medical Board of California has now said in a statement that it would
    look into the incident, adding that it "expects physicians to follow the standard of care when treating their patients".

    https://www.bbc.com/news/world-us-canada-56222317

    The risk?

    https://www.tvfanatic.com/quotes/whats-the-difference-between-god-and-a-doctor-god-knows-hes-not/

    ------------------------------

    Date: Fri, 26 Feb 2021 16:55:46 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Carranza resigns as NYC schools chancellor; Meisha Porter will
    replace him (NYTimes)

    The New York Times

    At issue was whether the city should continue to sort 4-year-olds into
    gifted and talented classes through a selective admissions process. Mr. de Blasio had said that the city would continue to offer an admissions exam for toddlers this year, then announce a new admissions system before he leaves office in January.

    https://www.nytimes.com/2021/02/26/nyregion/richard-carranza-nyc-schools.html

    What could go wrong with selecting 4-year old kids for enhanced learning, leaving others behind?

    Other issues here are desegregation and entrance criteria for New York's specialized schools (one of which I attended, so have opinion on entrance
    exams for them).

    ------------------------------

    Date: Fri, 26 Feb 2021 12:08:57 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: New security flaws detected in more credit cards (Leo Hermann))

    Leo Hermann, ETH Zurich (Switzerland), 22 Reb 2021
    Security Flaw Detected for 2nd Time in Credit Cards
    via ACM TechNews, Friday, February 26, 2021

    A method for bypassing security measures to use certain credit and debit
    cards without a PIN code has been uncovered by researchers at Switzerland's
    ETH Zurich. Previously, the researchers had demonstrated that bypassing security was possible using Visa cards, while the new research shows
    security methods may be bypassed with Mastercard and Maestro cards by exploiting the data exchanged between the card and the card terminal. The method initially worked only with Visa cards, but the researchers were able
    to manipulate the payment process so the card terminal performed a Visa transaction and the card itself performed a Mastercard or Maestro
    transaction. The researchers informed Mastercard of their findings, after
    which the company updated the relevant safeguards. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29a98x228c4ax070842&

    ------------------------------

    Date: Fri, 26 Feb 2021 12:08:57 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: "Virtual computer chip tests expose flaws, protect against hackers"
    (Matthew Sparkes)

    Matthew Sparkes, *New Scientist*, 24 Feb 2021
    via ACM TechNews, Friday, February 26, 2021

    Researchers at the University of Michigan, Virginia Polytechnic Institute
    and State University, and Google have accelerated computer-chip testing by simulating chips and applying advanced software testing tools for analysis
    of the simulations. Virtual testing lets engineers utilize fuzzing, a method that monitors for unexpected results or crashes that can be reviewed and corrected. The researchers had to modify software fuzzers to run over time, rather than trigger a single input and wait for the response. This approach enabled a chip that would usually take 100 days to test to be analyzed in
    one day. The researchers think faster hardware testing could reduce
    development time and bring more reliable, more secure next-generation chips
    to market faster. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29a98x228c4dx070842&


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)