RISKS-LIST: Risks-Forum Digest Thursday 25 July 2019 Volume 31 : Issue 34
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/31.34>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Senate Intelligence report on election integrity (NYTimes)
Nuclear industry pushing for fewer inspections at plants (NBC)
Tesla floats fully self-driving cars as soon as this year.
Many are worried about what that will unleash. (WashPost)
Airbus A350 software bug forces airlines to turn planes off and on
every 149 hours (The Register)
Home elevator deaths (WashPost)
Numerous airport passengers hijacked by robots (JXM)
Satellite Outage Serves as a Warning (WiReD)
'Dumb' robot ants are alarmingly smart -- and strong -- working together
(Geoff Goodfellow)
The AI Metamorphosis (The Atlantic)
Cylances AI-based AV easily spoofed (SkylightCyber)
AI Could Escalate New Type Of Voice Phishing Cyber Attacks (CSHub)
Uber glitch charges passengers 100 times the advertised price,
resulting in crosstown fares in the thousands of dollars (WashPost)
"Google says leaked assistant recordings are a violation of data
security policies" (Asha Barbaschow)
U.S. Companies Learn to Defend Themselves in Cyberspace (WSJ)
Agora farewell (Rob Slade)
NYC Subway Service Is Suspended on Several Lines, MTA Says (NYTimes)
Brazil is at the forefront of a new type of router attack (ZDNet)
My browser, the spy: How extensions slurped up browsing histories
from 4M users (Ars Technica)
Amazon Prime Day Glitch Let People Buy $13,000 Camera Gear for $94 (Gizmodo) Microsoft Office 365: Banned in German schools over privacy fears
(Cathrin Schaer)
Sweden and UK's surveillance programs on trial at the European Court of
Human Rights (Catalin Cimpanu)
Bluetooth exploit can track and identify iOS, Microsoft mobile device users
(ZDNet)
Clean Energy Regulator, WA Mines Department, and Vet Surgeons Board
trying to access metadata (Comms Alliance)
Permission-greedy apps delayed Android 6 upgrade so they could
harvest more user data (ZDNet)
Do drivers think you're a Ridezilla'? Better check your Uber rating.
(WashPost)
London Police Twitter feed was hacked; then Trump got in on the act
(WashPost)
Car locks itself, trapping toddler inside (DerWesten)
Hackers breach FSB contractor, expose Tor deanonymization project and more
(Catalin Cimpanu)
Facebook's Libra currency spawns a wave of fakes, including on Facebook
itself (WashPost)
Facebook Stock: Facebook's Libra Surrenders to Authority (InvestorPlace) Tether's $5B error exposes cryptocurrency market fragility (WSJ)
College student was late returning a textbook to Amazon, so the
company took $3,800 from her father (Libercus)
Notre-Dame came far closer to collapsing than people knew.
This is how it was saved. (NYTimes)
One in five US tech employees abuse pain relief drugs, reveals study
(Eileen Brown)
Here's The Story Behind That Photo Of A Waterfall Inside A Metro Car (Dcist) Stallone in Terminator 2? How one deepfake prankster is changing cinema
history (Digital Trends)
Cellphone WiFi auto-connect identifies vandals (Boston Globe)
Risks of an untimely text (Boston Globe)
Minister apologizes for text alert (Taipei Times)
Re: Line just went Orwellian on Japanese users with its social,
credit-scoring system (Brian Inglis)
Re: Galileo sat-nav system experiences service outage (Gabe Goldberg)
Re: How Fake News Could Lead to Real War (Dick Mills)
Re: London commuters Wi-FiTube being tracked (Chris Drewe)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 25 Jul 2019 15:18:55 PDT
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Senate Intelligence report on election integrity (NYTimes)
WASHINGTON DC: The Senate Intelligence Committee concluded [on 25 July 2019] that election systems in all 50 states were targeted by Russia in 2016,
largely undetected by the states and federal officials at the time, but at
the demand of American intelligence agencies the committee was forced to
redact its findings so heavily that key lessons for the 2020 election are blacked out.
While the report is not directly critical of either American intelligence agencies or the states, it described what amounted to a cascading
intelligence failure, in which the scope of the Russian effort was underestimated, warnings to the states were too muted, and state officials either underreacted or in some cases, resisted federal efforts to offer
help.''
https://www.nytimes.com/2019/07/25/us/politics/russian-hack-of-elections-system-was-far-reaching-report-finds.html
------------------------------
Date: Wed, 17 Jul 2019 15:15:39 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Nuclear industry pushing for fewer inspections at plants (NBC)
Caputo, who previously worked for nuclear plant operator Exelon Corp, told operators this week her aim was "risk-informed decision-making,"
concentrating regulatory oversight on high-risk problems.
"We shouldn't regulate to zero risk," said David Wright, a former South Carolina public-utility commissioner appointed to the NRC board last year.
"The NRC mission is reasonable assurance of adequate protection -- no more,
no less," Wright said.
https://www.nbcnews.com/politics/politics-news/nuclear-industry-pushing-fewer-inspections-plants-n983671
What could go wrong?
------------------------------
Date: Wed, 17 Jul 2019 20:28:05 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Tesla floats fully self-driving cars as soon as this year.
Many are worried about what that will unleash. (WashPost)
The electric-car maker said it will do that without light detection and ranging, or lidar, complex sensors that use laser lights to map the
environment -- technology most autonomous vehicle makers consider necessary. Even with lidar, many of those manufacturers have adopted a slow and
deliberate approach to self-driving vehicles, with limited testing on public roads.
Tesla shows little sign of such caution. And because autonomous vehicles are largely self-regulated -- guided by industry standards but with no clearly enforceable rules -- no one can stop the automaker from moving ahead.
*The Washington Post* spoke with a dozen transportation officials and executives, including current and former safety regulators, auto industry executives, safety advocacy group leaders and autonomous-vehicle
competitors. In interviews, they expressed worries that Tesla's plan to
unleash robo-cars on the road on an expedited timeline likely without
regulated vetting -- could result in crashes, lawsuits and confusion. Plus, they said, Tesla's promised `full self-driving' features fall short of
industry standards for a true autonomous vehicle because humans will still
need to be engaged at all times and ready to intervene in the
beginning. Some of the people interviewed requested anonymity because of the sensitivity of the matter. ...
Tesla has raised eyebrows with its statements that autonomous driving can be achieved through a slimmed-down system that sheds all but the most critical equipment. Musk says he wants Tesla's system to use a combination of cameras and radar sensors that triangulate a field of vision, similar to human eyesight, forgoing lidar. It also forgoes a driver-monitoring camera to
improve safety in the cabin, instead relying on torque-sensing
steering-wheel monitors to detect whether the driver's hands are on the
wheel.
Tesla executives said at an April conference that the company is using its radar and cameras to understand depth around its cars and real-world road conditions, as well as its Shadow Mode, which allows it to test how self-driving technologies perform without actually activating those features
-- something the company says lets it train and refine its networks without needing to do the same testing as other companies.
``Lidar is lame,'' Musk said in April. Rivals are ``all going to dump
lidar. That's my prediction. Mark my words.''
Meanwhile, traditional auto-industry executives have preached caution.
https://www.washingtonpost.com/technology/2019/07/17/tesla-floats-fully-self-driving-cars-soon-this-year-many-are-worried-about-what-that-will-unleash/
------------------------------
Date: Thu, 25 Jul 2019 11:53:05 -0400
From: Steve Golson <
sgolson@trilobyte.com>
Subject: Airbus A350 software bug forces airlines to turn planes off and on
every 149 hours (The Register)
https://www.theregister.co.uk/2019/07/25/a350_power_cycle_software_bug_149_hours/
The airworthiness directive says in part:
Prompted by in-service events where a loss of communication occurred between some avionics systems and avionics network, analysis has shown that this may occur after 149 hours of continuous aeroplane power-up. Depending on the affected aeroplane systems or equipment, different consequences have been observed and reported by operators, from redundancy loss to complete loss on
a specific function hosted on common remote data concentrator and core processing input/output modules.
This condition, if not corrected, could lead to partial or total loss of
some avionics systems or functions, possibly resulting in an unsafe
condition.
I suspect they have a 32-bit counter that updates every 125 microseconds
(8kHz). Such a counter will overflow after 149 hours, 7 minutes, 51
seconds.
------------------------------
Date: Thu, 18 Jul 2019 14:42:28 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Home elevator deaths (WashPost)
https://www.washingtonpost.com/business/economy/home-elevator-deaths/2019/07/18/27b53434-968e-11e9-830a-21b9b36b64ad_story.html
------------------------------
Date: Tue, 16 Jul 2019 08:28:53 -0700
From: <
jxm@calidris.net>
Subject: Numerous airport passengers hijacked by robots
Here's a brief transport/automation problem that I encountered last week/
During the afternoon of 9 July 2019, the automated AirTrain shuttle service
at Newark airport went seriously awry.
AirTrain is an unmanned monorail service with a single line that links the airport's three terminals with the parking and car rental facilities, as
well as the NJTransit/Amtrak station. Starting about 3.00pm, passengers were instructed by AirTrain staff to evacuate the vehicles, to transfer back and forth between certain trains, and to ignore the automated signs and announcements. Some trains appeared to suddenly reverse direction and return
to their origin without visiting the terminals. Others arrived at one end of the line already jammed with passengers who had expected to get to the other end. There were numerous mismatches between the system's destination
indicators and the actual train movements.
For many dozens of people, what should have been a ten-minute transfer took well over an hour, presumably with a corresponding number of missed
flights. There was no indication of any form of police activity or airport security problems, that might have caused the mixup.
It would be interesting to find out if anyone actually got to the root
of this robotic hijacking incident.
------------------------------
Date: Sat, 20 Jul 2019 00:33:45 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Satellite Outage Serves as a Warning (WiReD)
Europe's Galileo satellite navigation system largely regained service
Thursday [18 Jul 2019], after a mass outage began on 11 Jul. The European Global Navigation Satellite Systems Agency, known as GSA, said that
commercial users would start to see coverage returning, but that there might
be "fluctuations" in the system. What remains unclear is what exactly caused the downtime -- nd why it persisted for so long.
https://www.wired.com/story/galileo-satellite-outage-gps/
ices might also be making connections with the Russian (Glonass) and
Chinese (Beidou) networks.
https://www.bbc.com/news/science-environment-48985399
------------------------------
Date: Tue, 16 Jul 2019 15:06:00 -1000
From: the keyboard of geoff goodfellow <
geoff@iconia.com>
Subject: 'Dumb' robot ants are alarmingly smart -- and strong -- working
together
Everyone knows robot ants can't move a rubber tree plant. Oh shoot, they
can!
EXCERPT:
A team of Swiss researchers with bugs on the brain has created an army of simple robotic "ants" capable of some impressive feats. The takeaway from
these 10 gram bots, which are inexpensive to make and surprisingly simple in design? *Teamwork makes the dream work. *
As described in a new paper in the journal Nature, the ants can communicate with each other, assign roles among themselves, and complete complex tasks
and overcome obstacles together. That means that while simple compared to
much more complex autonomous agents, these origami-inspired robots can solve complex challenges, such navigating uneven surfaces or, yes, moving comparatively huge objects.
The robots <
https://www.zdnet.com/blog/robotics/>, which are T-shaped and called Tribots by researchers at the Ecole polytechnique federale de
Lausanne <
https://www.epfl.ch/en/>, a Swiss research institute, have
infrared and proximity sensors for detection and communication. Made of foldable thin materials, they're also easy to manufacture. The actuated
robots can jump and crawl to explore uneven surfaces.
"Their movements are modeled on those of Odontomachus ants," says Zhenishbek Zhakypov, the first author of the Nature article. "These insects normally crawl, but to escape a predator, they snap their powerful jaws together to
jump from leaf to leaf."...
------------------------------
Date: Mon, 15 Jul 2019 15:15:00 -1000
From: the keyboard of geoff goodfellow <
geoff@iconia.com>
Subject: The AI Metamorphosis (The Atlantic)
*AI will bring many wonders. It may also destabilize everything from nuclear detente to human friendships. We need to think much harder about how to
adapt.*
EXCERPT:
Humanity is at the edge of a revolution driven by artificial intelligence.
It has the potential to be one of the most significant and far-reaching revolutions in history, yet it has developed out of disparate efforts to
solve specific practical problems rather than a comprehensive plan.
Ironically, the ultimate effect of this case-by-case problem solving may be
the transformation of human reasoning and decision making.
This revolution is unstoppable. Attempts to halt it would cede the future to that element of humanity more courageous in facing the implications of its
own inventiveness. Instead, we should accept that AI is bound to become increasingly sophisticated and ubiquitous, and ask ourselves: How will its evolution affect human perception, cognition, and interaction? What will be
its impact on our culture and, in the end, our history?
Such questions brought together the three authors of this article: a
historian and sometime policy maker; a former chief executive of a major technology company; and the dean of a principal technology-oriented academic institution. We have been meeting for three years to try to understand these issues and their associated riddles. Each of us is convinced of our
inability, within the confines of our respective fields of expertise, to
fully analyze a future in which machines help guide their own evolution, improving themselves to better solve the problems for which they were
designed. So as a starting point -- and, we hope, a springboard for wider discussion -- we are engaged in framing a more detailed set of questions
about the significance of AI's development for human civilization...
https://www.theatlantic.com/magazine/archive/2019/08/henry-kissinger-the-metamorphosis-ai/592771/
------------------------------
Date: Fri, 19 Jul 2019 9:53:16 PDT
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Cylances AI-based AV easily spoofed (SkylightCyber)
Steven Cheung just read a fun article that has been slashdotted.
It's about how a team defeats Cylance, a popular machine-learning-based antivirus software
https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware
here are more technical details:
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
------------------------------
Date: Mon, 15 Jul 2019 12:40:55 -0400
From: =?UTF-8?Q?Jos=C3=A9_Mar=C3=ADa_Mateos?= <
chema@rinzewind.org>
Subject: AI Could Escalate New Type Of Voice Phishing Cyber Attacks
(CSHub)
https://www.cshub.com/attacks/articles/ai-could-escalate-new-type-of-voice-phishing-cyber-attacks
While many cyber security professionals have been looking at (and even investing in) the potential benefits of utilizing artificial intelligence
(AI) technology within many different business functions, earlier this week, the Israel National Cyber Directorate (INCD) issued a warning of a new type
of cyber-attack that leverages AI to impersonate senior enterprise
executives. The method instructs company employees to perform transactions including money transfers and other malicious activity on the network.
There are recent reports of this type of cyber-attack received at the operational center of the INCD. While business email compromise (BEC) types
of fraud oftentimes use social engineering methods for a more effective
attack, this new method escalates the attack type by using AI-based
software, which makes voice phishing calls to senior executives. ---
(Via BreachExchange:
https://lists.riskbasedsecurity.com/listinfo/breachexchange)
------------------------------
Date: Thu, 18 Jul 2019 18:19:02 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Uber glitch charges passengers 100 times the advertised price,
resulting in crosstown fares in the thousands of dollars (WashPost)
``We understand that this has been frustrating,'' Uber said in response to
one of the riders' complaints. ``There was a known issue that caused your authorization hold to be very high. Our team has already fixed this
issue. Thank you so much for your patience.''
https://www.washingtonpost.com/technology/2019/07/18/uber-glitch-charges-passengers-times-normal-price-resulting-crosstown-fares-thousands-dollars/
------------------------------
Date: Mon, 15 Jul 2019 09:50:22 -0700
From: Gene Wirchenko <
gene@shaw.ca>
Subject "Google says leaked assistant recordings are a violation of data
security policies" (Asha Barbaschow)
Asha Barbaschow | 11 Jul 2019
https://www.zdnet.com/article/google-says-leaked-assistant-recordings-are-a-violation-of-data-security-policies/
The search giant has confirmed humans are listening in to 'Okay Google' commands, but it says leaking the recordings are a violation of its data security policies.
opening text:
Earlier this week, a report from Belgium-based VRT NWS revealed that Google employees had been "systematically listening" to audio files recorded by
Google Home smart speakers and the Google Assistant smartphone app.
The report detailed how employees were listening to excerpts of recordings
that are captured when a user activates the device by the usual "Okay
Google" or "Hey Google" commands.
After obtaining copies of some recordings, VRT NWS reached out to the users
and had them verify their voice, or those of their children, talking to the digital assistant.
------------------------------
Date: Mon, 15 Jul 2019 17:21:15 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: U.S. Companies Learn to Defend Themselves in Cyberspace (WSJ)
From a friend, his comments below.
"One chief information-security officer at a major bank told us that, in
five years, his bank will largely be immune to cyberattacks because it is upgrading from legacy systems that are insecure by default to cutting-edge systems that are secure by design."
https://www.wsj.com/articles/u-s-companies-learn-to-defend-themselves-in-cyberspace-11562941994
Um, right. Wish I knew which bank that was so we could short its stock.
(Not that IBM Z is *necessarily* more secure, but if they really think `cutting-edge systems' are `secure by design', well ...)
------------------------------
Date: Sat, 20 Jul 2019 09:39:29 -0800
From: Rob Slade <
rmslade@shaw.ca>
Subject: Agora farewell
Security does not have a community. It has several siloed, sliced, and separated communities. Security has always taken "security by obscurity"
too readily to heart, and despite the fact that we know SBO doesn't work;
and even works against us; we still insist on dividing ourselves into
smaller and smaller sub-sets. Intelligence doesn't talk to law enforcement which doesn't talk to academia which doesn't talk to business which doesn't talk to military which doesn't talk to industry which doesn't talk to government which doesn't talk to research. In all my decades in the field, I've only ever found two venues that attracted, encouraged, and almost
forced the interaction (and often long-term relationships) of all these disparate groups (and more).
If you've never been to the Agora meetings, you're too late. I attended the last one yesterday. For the past twenty-five years, those in the know
would, every quarter, make every effort to spend Friday morning together.
That was it: Friday morning. Three hours long, never more than three main presentations. There were also announcements, job postings, occasional queries, and, every August 15th, storytime. (That's an Agora joke. I don't expect you to get it. If you tell it to someone and they laugh, they've
been to Agora recently.)
Agora didn't just happen, of course. It was created and diligently (and creatively and competently) managed by Kirk Bailey, later ably assisted by
Ann Nagel and Daniel Schwalbe. Also assisted by various students and a
whole host of attendees and even companies, but that list would a) make this piece far too long and b) I'd definitely forget someone. Those of us who attended owe them all a debt of gratitude.
Kirk's ability to attract speakers was legendary. We heard presentations at Agora I've never heard anywhere else, and some I never thought to hear. I recall a drive back after one Agora, when we we discussing a rather
lackluster piece, and I was suddenly struck by the fact that, even if this meeting hadn't been sterling, the worst Agora meeting I'd ever attended was better than the best conference I'd ever attended.
But the presentations were only half of what made Agora special. The other half was the people you met. People from three-letter agencies. People
from high up in important corporations. People who were just there out of interest. People with political and social positions at extravagantly wild variance to your own. I remember, when I was first researching the implications, for security, of the potential capabilities of quantum
computers, I got very excited over the possibilities for improving emergency management in the midst of a disaster. At Agora I met a Navy captain who
got equally excited over similar possibilities for battle command.
A number of us from the SIG drove down for the meetings, despite the three
hour trip if nothing went wrong. Highway construction, bridge collapses (that's another Agora joke), local traffic, and border guards could easily double that. But we happily faced eleven hours of travel time for three
hours of Agora and, if we were lucky, a couple of hours of "networking" and possibly lunch.
We envied the people from the local area, but they weren't the only ones who came. Lots of people regularly came considerable distances. Before governments lost their travel budgets there were pretty much constant
attendees from DC and Ottawa. People came from other continents. (Some of
the DC crowd were pretty high up in DHS. If I could stay for one of the post-Agora lunches, the DHS guys always tried to grab me for their table.
They wanted to know the latest border horror story, and I always had one for them. They regularly fell on the floor laughing about it.) (Recounting
those would also make this piece far too long.)
You will note that I haven't said where we met. That's another, well, not
so much Agora joke as Agora tribute. Agora was governed by a sort of
variant set of Chatham House Rules. What was said at Agora stayed at Agora.
As an attendee, you never quoted any of the presentations, or any of the
people you talked to at the breaks. For years this was simply understood by all involved. After one notable failure, a more formal NDA was created, but that was late in the game.
Agora was the security world's worst kept secret. Nobody blabbed about what was said at Agora, or who went. But, despite the fact that Agora had no
legal existence, no bank account, no Website, and no offices, almost
everyone who ever attended became an instant devotee, and, often,
evangelist. Within a few years of it's creation, attendance was hitting
600. During the Great Recession, the slashing of budgets and demands that security people stick to their desks dropped attendance to the 150 region,
but, for the past few years it's been back in the 400 range.
There was never any charge for membership in, or attendance at, Agora.
There was a cost, certainly. Much of that was "sweat equity" on the part of Kirk and a number of others. There were also other direct costs, generally borne by whoever would pay for (or donate) a venue, or mailing costs, or refreshments, or (latterly) the "Agora spam gun." In the end, Agora became
a victim of it's own success: it just became too hard to find people or institutions willing to donate, provide, pay for, or give priority to rooms
big enough for the group to meet.
Agora is gone, but leaves a legacy. That legacy is the model. We need a space. Or, more probably, spaces. We need other other venues, sites,
and/or communities where the various communities can meet. Together. We
need others to take up the Agora torch, and create places, physical or
virtual, where anyone who is committed to (or even just strongly interested
in) security, of whatever type, can meet together and, safely, exchange
ideas. We need spaces where the formal can meet the anarchic, where the business can meet the exploratory, where the old can meet the young and pass along wisdom (and occasional silliness). Hopefully, Agora's death will have been a spawning or a sporing out, and not just a mere termination.
------------------------------
Date: Sat, 20 Jul 2019 21:44:25 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: NYC Subway Service Is Suspended on Several Lines, MTA Says
(NYTimes)
https://www.nytimes.com/2019/07/19/nyregion/subway-service-suspended-mta.html
The Metropolitan Transportation Authority attributed the disruption to a `network communications' issue
------------------------------
Date: Wed, 17 Jul 2019 11:41:45 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Brazil is at the forefront of a new type of router attack (ZDNet)
Avast: More than 180,000 routers in Brazil had their DNS settings changed in
Q1 2019.
For nearly a year, Brazilian users have been targeted with a new type of
router attack that has not been seen anywhere else in the world.
The attacks are nearly invisible to end users and can have disastrous consequences, having the ability to lead to direct financial losses for
hacked users.
What's currently happening to routers in Brazil should be a warning sign for users and ISPs from all over the world, who should take precautions to
secure devices before the attacks observed in South American country spread
to them as well. ...
https://www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/
------------------------------
Date: Thu, 18 Jul 2019 17:54:35 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: My browser, the spy: How extensions slurped up browsing histories
from 4M users (Ars Technica)
https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/
------------------------------
Date: Sun, 21 Jul 2019 00:07:05 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Amazon Prime Day Glitch Let People Buy $13,000 Camera Gear for $94.
(Gizmodo)
https://gizmodo.com/amazon-prime-day-glitch-let-people-buy-13-000-camera-g-1836487919
------------------------------
Date: Mon, 15 Jul 2019 09:55:33 -0700
From: Gene Wirchenko <
gene@shaw.ca>
Subject: Microsoft Office 365: Banned in German schools over privacy fears
(Cathrin Schaer)
Cathrin Schaer, ZDNet, 12 Jul 2019
State of Hesse says student and teacher information could be "exposed" to US spy agencies.
https://www.zdnet.com/article/microsoft-office-365-banned-in-german-schools-over-privacy-fears/
opening text:
Schools in the central German state of Hesse have been have been told it's
now illegal to use Microsoft Office 365.
The state's data-protection commissioner has ruled that using the popular
cloud platform's standard configuration exposes personal information about students and teachers "to possible access by US officials". That might
sound like just another instance of European concerns about data privacy or worries about the current US administration's foreign policy. But in fact
the ruling by the Hesse Office for Data Protection and Information Freedom
is the result of several years of domestic debate about whether German
schools and other state institutions should be using Microsoft software at
all.
Besides the details that German users provide when they're working with the platform, Microsoft Office 365 also transmits telemetry data back to the US.
Last year, investigators in the Netherlands discovered that that data could include anything from standard software diagnostics to user content from
inside applications, such as sentences from documents and email subject
lines. All of which contravenes the EU's General Data Protection Regulation,
or GDPR, the Dutch said.
------------------------------
Date: Mon, 15 Jul 2019 09:58:00 -0700
From: Gene Wirchenko <
gene@shaw.ca>
Subject: Sweden and UK's surveillance programs on trial at the European
Court of Human Rights (Catalin Cimpanu)
Catalin Cimpanu for Zero Day | 12 Jul 2019
Last chance for Europe's top human rights court to rule against dragnet surveillance programs.
https://www.zdnet.com/article/sweden-and-uks-surveillance-programs-on-trial-at-the-european-court-of-human-rights/
opening text:
This week, the highest body of the European Court of Human Rights heard arguments against the mass surveillance programs of two countries, Sweden
and the United Kingdom.
------------------------------
Date: Thu, 18 Jul 2019 17:53:31 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Bluetooth exploit can track and identify iOS, Microsoft mobile
device users (ZDNet)
A flaw in the Bluetooth communication protocol may expose modern device
users to tracking and could leak their ID, researchers claim.
The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and
macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks,
and Microsoft tablets & laptops. Security 101 How to protect your privacy
from hackers, spies, and the government
How to protect your privacy from hackers, spies, and the government
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
On Wednesday, researchers from Boston University David Starobinski and
Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)