1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.34 (2/2)

    From RISKS List Owner@21:1/5 to All on Thu Jul 25 21:10:38 2019
    [continued from previous message]

    According to the research paper, Tracking Anonymized Bluetooth Devices
    (.PDF), many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is
    possible to circumvent the randomization of these addresses to permanently monitor a specific device.

    https://www.zdnet.com/article/bluetooth-vulnerability-can-be-exploited-to-track-and-id-iphone-smartwatch-microsoft-tablet-users/

    ------------------------------

    Date: Wed, 17 Jul 2019 10:44:43 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Clean Energy Regulator, WA Mines Department, and Vet Surgeons Board
    trying to access metadata (Comms Alliance)

    Chris Duckett | 17 Jul 2019
    The Communications Alliance has listed 27 other agencies that have tried to access metadata following the introduction of Australia's data retention regime. https://www.zdnet.com/article/clean-energy-regulator-wa-mines-department-and-vet-surgeons-board-trying-to-access-metadata-comms-alliance/

    opening text:

    Agencies trying to access metadata when not specifically listed as an enforcement agency for the purposes of Australia's data retention regime has been labelled as a "serious and persistent phenomenon" by the Communications Alliance industry group.

    Writing in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the mandatory data retention regime, Comms Alliance said it was a "problem that continues to grow in magnitude".

    ------------------------------

    Date: Wed, 17 Jul 2019 10:35:58 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Permission-greedy apps delayed Android 6 upgrade so they could
    harvest more user data (ZDNet)

    Catalin Cimpanu for Zero Day | 16 Jul 2019
    App devs delayed upgrading apps, but lost in the long run due to more
    negative reviews and less Play Store visibility.

    https://www.zdnet.com/article/permission-greedy-apps-delayed-android-6-upgrade-so-they-could-harvest-more-user-data/

    selected text:

    Android app developers intentionally delayed updating their applications to work on top of Android 6.0, so they could continue to have access to an
    older permission-requesting mechanism that granted them easy access to large quantities of user data, research published by the University of Maryland
    last month has revealed.

    And, ironically, the research team also found that app makers who delayed upgrading their apps to the newer Android 6.0 in order to keep access to a simpler system for harvesting user data received more negative ratings.

    These negative ratings eventually affected the apps' visibility on the Play Store, where positively-reviewed apps are placed higher in search results
    and recommendations.

    ------------------------------

    From: Monty Solomon <monty@roscom.com>
    Date: Sun, 21 Jul 2019 00:34:43 -0400
    Subject: Do drivers think you're a Ridezilla'? Better check your Uber rating.
    (WashPost)

    For some rideshare users, a little number can be heavy baggage.

    https://www.washingtonpost.com/lifestyle/do-drivers-think-youre-a-ridezilla-better-check-your-uber-rating/2019/07/18/8b441588-a291-11e9-b732-41a79c2551bf_story.html

    ------------------------------

    Date: Sun, 21 Jul 2019 00:47:32 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: London Police Twitter feed was hacked; then Trump got in on the act
    (WashPost)

    https://www.washingtonpost.com/world/2019/07/20/london-police-twitter-feed-was-hacked-then-trump-got-act/

    ------------------------------

    Date: Sun, 21 Jul 2019 17:27:38 +0200
    From: Thomas Koenig <tkoenig@netcologne.de>
    Subject: Car locks itself, trapping toddler inside (DerWesten)

    A mother got out of her car at a supermarket parking lot when suddenly, the central lock activated and locked the car. The key was still inside the
    car, as was her young son.

    She immediately called emergency services, who arrived a short time later, broke a window and were able to free the toddler from the car, which had
    alredy heated up considerably.

    https://www.derwesten.de/panorama/aldi-frau-steigt-aus-auto-aus-und-waehlt-sofort-den-notruf-id226542237.html

    ------------------------------

    Date: Mon, 22 Jul 2019 10:39:38 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Hackers breach FSB contractor, expose Tor deanonymization project
    and more (Catalin Cimpanu)

    Catalin Cimpanu, ZDNet, 20 Jul 2019

    https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/

    SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.

    Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal
    projects the company was working on behalf of the agency -- including one
    for deanonymizing Tor traffic. [...]

    ------------------------------

    From: Monty Solomon <monty@roscom.com>
    Date: Mon, 22 Jul 2019 22:16:18 -0400
    Subject: Facebook's Libra currency spawns a wave of fakes, including on
    Facebook itself (WashPost)

    The fakes could undermine Facebook's efforts to inspire confidence and
    satisfy the regulators now scrutinizing the global currency.

    https://www.washingtonpost.com/technology/2019/07/22/facebooks-libra-currency-spawns-wave-fakes-including-facebook-itself/

    ------------------------------

    Date: Tue, 16 Jul 2019 23:34:02 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Facebook Stock: Facebook's Libra Surrenders to Authority
    (InvestorPlace)

    https://investorplace.com/2019/07/facebooks-libra-surrenders-to-authority/

    ------------------------------

    Date: Wed, 17 Jul 2019 11:20:14 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Tether's $5B error exposes cryptocurrency market fragility (WSJ)

    Sudden flood of digital coins spooked market and drove down price of bitcoin
    by about 12%

    https://www.wsj.com/articles/tethers-5-billion-error-exposes-crypto-markets-fragility-11563280121

    ------------------------------

    Date: Sun, 14 Jul 2019 01:06:06 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: College student was late returning a textbook to Amazon, so the
    company took $3,800 from her father (Libercus)

    http://pge.libercus.net//.pf/showstory/201907110011/3

    Well, yeah. Likely debit was automatic but hassle getting it undone is
    systemic problem/failure.

    When AI runs everything it'll all be perfect. Nevermind Hal 9000, Skynet, or Colossus: The Forbin Project.

    ------------------------------

    Date: Wed, 17 Jul 2019 15:18:00 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Notre-Dame came far closer to collapsing than people knew.
    This is how it was saved. (NYTimes)

    *The New York Times*

    The fire warning system at Notre-Dame took dozens of experts six years to
    put together, and in the end involved thousands of pages of diagrams, maps, spreadsheets and contracts, according to archival documents found in a
    suburban Paris library by The Times.

    The result was a system so arcane that when it was called upon to do the one thing that mattered -- warn -- fire! and say where -- it produced instead a nearly indecipherable message. It made a calamity almost inevitable, fire experts consulted by *The Times* said.

    https://www.nytimes.com/interactive/2019/07/16/world/europe/notre-dame.html

    Stunning visuals, tragic outcome.

    ------------------------------

    Date: Wed, 17 Jul 2019 10:27:33 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: One in five US tech employees abuse pain relief drugs, reveals study
    (Eileen Brown)

    Eileen Brown for Social Business, ZDNet, 15 Jul 2019

    https://www.zdnet.com/article/one-in-five-us-tech-employees-abuse-pain-relief-drugs-reveals-study/

    There is nothing wrong with bonding over a beer or two after work, but when
    it becomes too much, it is important to spot the warning signs of substance abuse and addiction, according to a new study.

    ------------------------------

    Date: Tue, 16 Jul 2019 17:32:31 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Here's The Story Behind That Photo Of A Waterfall Inside A Metro
    Car (Dcist)

    ``It appears that the water entered the car through the fresh air intake of
    the HVAC system which is mounted on the roof of 7000-series vehicles; In
    normal or heavy rainfall, any water is diverted through ducts and exits the
    car through drains. At Virginia Square, the sudden deluge of water falling directly into the fresh air intake was more than the car could divert, resulting in water entering the cabin.''

    In response to safety concerns, she noted that wiring is enclosed in secure boxes or run on the underside of the car, and each car ``undergoes
    rigorous `water tightness testing'.''

    https://dcist.com/story/19/07/16/heres-the-story-behind-that-photo-of-a-waterfall-inside-a-metro-car/

    Done right, it seems. This really was epic/biblical rainstorm.

    ------------------------------

    Date: Mon, 15 Jul 2019 15:14:00 -1000
    From: the keyboard of geoff goodfellow <geoff@iconia.com>
    Subject: Stallone in Terminator 2? How one deepfake prankster is changing
    cinema history (Digital Trends)

    EXCERPT:

    In some parallel universe, there's a version of *Casino Royale* with Hugh Jackman playing everyone's favorite suave British agent, James Bond. And one
    in which Matthew McConaughey took the Leo role in *Titanic*. And DiCaprio
    and Brad Pitt co-starred in *Brokeback Mountain*. And *Saved by the Bell*'s Tiffani Thiessen played Rachel in *Friends*.

    The entertainment industry isn't exactly short on `what if?' scenarios in
    which actors came close to, but were ultimately passed over, playing iconic roles. For more than 99% of movie history, fans have been able to do little more than squirrel away this trivia for use in pop quizzes. That is until
    the arrival of deepfakes <https://www.digitaltrends.com/cool-tech/samsung-ai-deepfake-videos/>. Springing to life in the past couple of years, deepfakes use artificial intelligence technology to combine and superimpose new images and videos
    onto existing source footage using machine learning. That could mean
    anything from face swaps to mapping one person's body onto someone else's movements. <https://www.digitaltrends.com/cool-tech/uc-berkeley-deepfake-ai-dance/>
    The results can be jaw-droppingly realistic, which is why many people rightfully worry about its potential to be used for malicious hoaxes <https://www.digitaltrends.com/cool-tech/ai-spots-writing-by-ai/>.

    One tech enthusiast and movie buff thinks different, though. Operating under the YouTube username *Ctrl Shift Face*, <https://www.youtube.com/channel/UCKpH0CKltc73e4wh0_pgL3g> this high-tech Hollywood fan has used deepfake technology to create some astonishing
    remixes of iconic movie scenes -- complete with all new actors. Ever wanted
    to see *The Shining* starring Jim Carrey instead of Jack Nicholson? Sly Stallone in *Terminator 2: Judgement Day*? Heck, he's even broken w ith the movie theme by dropping David Bowie into Rick Astley's infamous song-turned-meme *Never Gonna Give You Up*.

    ``The Bowie one is my favorite,'' its creator told Digital Trends. ``I
    wanted to Rickroll people and blow them away at the same time. Bowie fitted
    the role of Rick Astley, and had interesting facial features for a
    deepfake.'' [...] https://www.digitaltrends.com/cool-tech/ctrl-shift-face-deepfake-changing-hollywood-history/

    ------------------------------

    From: David Tarabar <dtarabar@acm.org>
    Date: Tue, 16 Jul 2019 08:40:33 -0400
    Subject: Cellphone WiFi auto-connect identifies vandals (The Boston Globe)

    Four Maryland teenagers sneaked onto their school's property the night
    before graduation last year and covered it in racist, homophobic and anti-Semitic graffiti.

    They wore masks, but they were caught because their cellphones automatically connected to the school WiFi network -- using their student IDs.

    https://www.bostonglobe.com/news/nation/2019/07/10/helped-identify-teens-who-drew-racist-anti-semitic-graffiti-maryland-school/S0hQ1PwZNyXrzT43olZ2ZO/story.html

    ------------------------------

    Date: Tue, 16 Jul 2019 16:15:00 -0400
    From: David Tarabar <dtarabar@acm.org>
    Subject: Risks of an untimely text (Boston Globe)

    A couple in Rhode Island was being investigated for marriage fraud -- that
    they entered into a sham marriage to get permanent resident status for the husband. When the wife was being interviewed, she produced her cellphone to show texts from her husband. A text message arrived: We had the best sex
    ever. Unfortunately the text was not from the husband. A federal trial is
    in progress.

    https://www.bostonglobe.com/metro/2019/07/16/had-best-sexy-ever-steamy-text-helps-spark-marriage-fraud-case/QlRNLVhGzFcfzO1lNXFwLM/story.html

    ------------------------------

    Date: Mon, 15 Jul 2019 15:26:20 +0800
    From: Dan Jacobson <jidanni@jidanni.org>
    Subject: Minister apologizes for text alert (Taipei Times)

    http://www.taipeitimes.com/News/taiwan/archives/2019/07/11/2003718476

    "The alert was originally set up to be sent to residents within 300m of the borough, but the unit of distance was later changed to kilometers."

    Way to go, clodsburg.

    ------------------------------

    Date: Sun, 21 Jul 2019 23:24:10 -0600
    From: Brian Inglis <Brian.Inglis@systematicsw.ab.ca>
    Subject: Re: Line just went Orwellian on Japanese users with its social,
    credit-scoring system (Jacobson, RISKS-31.33)

    Still, it's unnerving that tech companies seem to think that social
    credit ratings are the next big thing for now. Hopefully, this is a
    trend that will not catch on.

    Stack Exchange was first.
    Some might say not the same thing...
    But users quickly learn to dot their i's and cross their t's...

    Some might say the same about BBS message boards (1978 CBBS), moderated
    Usenet netnews groups (UUCP 1979), and discussion lists (Listserv@Bitnic
    1984), like this one, which preceded SE (2009) by decades. Who didn't pay attention when dmr@bell-labs.com posted to comp.lang.c?

    https://en.wikipedia.org/wiki/Usenet#cite_ref-54

    "As long as there are folks who think a command line is better than a mouse, the original text-only social network will live on" in "Reports of Usenet's Death Are Greatly Exaggerated", August 1, 2008, TechCrunch. https://en.wikipedia.org/wiki/Usenet#cite_note-54

    The major appeal then and now is filtering and limiting the spam, garbage, verbiage, and incivility that permeates other [anti-?]"social networks".

    ------------------------------

    Date: Sun, 14 Jul 2019 21:15:20 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Re: Galileo sat-nav system experiences service outage (BBC News
    in RISKS-31.33)

    Europe's satellite-navigation system, Galileo, has suffered a major outage.

    The network has been offline since Friday due to what has been described as
    a "technical incident related to its ground infrastructure".

    The problem means all receivers, such as the latest smartphone models, will
    not be picking up any useable timing or positional information.

    These devices will be relying instead on the data coming from the American Global Positioning System (GPS).

    Depending on the sat-nav chip they have installed, cell phones and other devices might also be making connections with the Russian (Glonass) and
    Chinese (Beidou) networks.

    https://www.bbc.com/news/science-environment-48985399

    ------------------------------

    Date: Tue, 16 Jul 2019 08:34:35 -0400
    From: Dick Mills <dickandlibbymills@gmail.com>
    Subject: Re: How Fake News Could Lead to Real War (RISKS-31,33)

    "Imagine what it might be like to be in the grip of a conspiracy theory,
    when you've spent your whole professional life being one of those policy mandarins who could smell a conspiracy theory a mile away?..."

    The root problem here is lack of trust in authorities. It goes much deeper than just technology. For my whole life, such trust has been eroding
    among the public. The interesting thing about that story is that the shoe
    is finally on the other foot, an authority is losing trust.

    I say good. Maybe they may take steps to become trustworthy themselves.

    ------------------------------

    Date: Tue, 16 Jul 2019 21:45:35 +0100
    From: Chris Drewe <e767pmk@yahoo.co.uk>
    Subject: Re: London commuters Wi-FiTube being tracked

    [TfL is the authority that runs the London Underground]

    https://www.dailymail.co.uk/news/article-7223711/Experts-warn-London-commuters-turn-phones-Wi-Fi-Tube-stop-tracked.html

    Security experts warn London commuters to turn off their phones' Wi-Fi on
    the Tube to stop being tracked as TfL starts harvesting signal data today

    * *Operator will monitor travel patterns with beacon that detects Wi-Fi capability * * *Phones, laptops or tablets do not have to join the
    station's network to be tracked * * *Only way to ensure that you are not tracked is to disable your Wi-Fi completely *

    Sebastian Murphy-bates For Mailonline, 8 July 2019

    This morning the Tube network introduced monitoring of signals to harvest
    date from commuters in the capital. Transport for London says it is
    collecting details of where, when and how customers use the service. Even phones that are not connected to TfL's Wi-Fi will be vulnerable to tracking

    dmg media <https://www.dmgmedia.co.uk/>

    I went to a talk a year or two ago given by one of the Undergound's planning staff on remodeling Bank station in the heart of the City of London business district (so-named because the Bank of England building is just across the street, not because it's on the bank of the River Thames as I had
    incorrectly assumed when I was a kid). This is a major below-ground station underneath a large road intersection, where multiple lines cross at several levels, so it's quite a labyrinth.

    For busy, complicated subway/rapid transit systems like London's, obviously train capacity is a major planning challenge, but just as important is
    handling the volume of passengers through the stations as they use
    corridors, ticket barriers, elevators, stairs, escalators, etc. between
    trains or trains and streets. Historically, measuring passenger flows was
    done by groups of stewards located at strategic points around a station;
    some would hand out numbered cards to passengers as they entered the station
    or got off trains, while others would collect the cards as passengers left
    the station or got on trains. This was OK in a basic way, but was labour-intensive and rather intrusive at busy times, and only a small sample
    of passengers could be covered.

    Of course nowadays most people carry cellphone or wi-fi wireless devices and the Underground has repeaters to keep them working below ground, so the
    obvious step is to use these to log passenger movements, as it's totally unobtrusive and allows detailed real-time tracking of almost every
    passenger. The lady who gave the talk stressed that there's no attempt to
    make contact with or identify any of the devices, and presumably details of individual devices are not retained after analysing their movements -- pointless anyway unless GCHQ/MI5/FBI/CIA or whoever want to track random people's journeys for the sake of it. She added that the technique was unexpectedly useful as passengers were found to be surprisingly imaginative
    at figuring out routes around the station, including several ways that the planners hadn't considered themselves.

    Presumably the warning signs on stations mentioned in the newspaper are to comply with latest data-protection regulations.

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.34
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)