1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 33.02

    From RISKS List Owner@21:1/5 to All on Sat Jan 15 23:32:47 2022
    RISKS-LIST: Risks-Forum Digest Saturday 15 January 2021 Volume 33 : Issue 02

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/33.02>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    A High-Risk Medical Device Didn't Meet Federal Standards. The Government
    Paid Millions for More. (ProPublica)
    Software glitch snarls New York City schools (NYTimes)
    Why planes might soon have just one pilot (CNN Travel)
    How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App
    (Vice)
    Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador
    with Pegasus Spyware (CitizenLab)
    New Apple Warning Affects All iPhone Users (Forbes)
    German interior minister threatens to ban Telegram (Thomas Koenig)
    Fake QR Codes on Parking Meters (Bruce Schneier)
    Metaverse's Dark Side: Here Come Harassment and Assaults (NYTimes)
    Metro says timing for return of suspended railcars is unknown (WashPost)
    Norton 360 Now Comes With a Cryptominer (Krebs on Security)
    Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago (WiReD)
    New Chrome security measure aims to curtail an entire class of Web attack
    (Ars Technica)
    Black box that could record collapse of civilisation set to be installed on
    Earth (The Mirror)
    Automakers Rev Up Subscription Services (Washington Consumers' Checkbook)
    Biden Administration Warns Against Spyware Targeting Dissidents (NYTimes) Tackling Hard Computational Problems (Steve Nasis MIT News)
    How Game Theory Changed Poker (Oliver Roeder WSJ)
    Paper on finance and technology manias (Andrew Odlyzko)
    Wearing Many Hats: The Rise of the Professional Security Hacker
    (Gabriella Coleman via PGN)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Fri, 7 Jan 2022 23:22:59 -0500
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: A High-Risk Medical Device Didn't Meet Federal Standards. The
    Government Paid Millions for More. (ProPublica)

    For years after federal inspectors found serious problems with the HeartWare heart pump, agencies like the Department of Veterans Affairs and Centers for Medicare & Medicaid Services continued paying to implant it in patients.

    https://www.propublica.org/article/a-high-risk-medical-device-didnt-meet-federal-standards-the-government-paid-millions-for-more

    ------------------------------

    Date: Sat, 15 Jan 2022 11:48:48 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Software glitch snarls New York City schools (NYTimes)

    Lola Fadula, *The New York Times*, 15 Jan 2022

    Skedula, a platform that helps NYC teachers post assignments and track
    grades and attendance -- and even helps track Covid test results -- stopped working a week ago on 8 Jan, and was still down at the end of the week.
    This is apparently a particularly bad time for the outage. The contractor Illuminate Education said this was the result of ``an attempted security threat'' -- an investigation of which is still ongoing. [PGN-ed]

    [This might be called Skedula Oblongona, as it is the connection to the
    school brain. PGN]

    ------------------------------

    Date: Thu, 13 Jan 2022 23:53:45 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Why planes might soon have just one pilot (CNN Travel)

    (CNN) If you boarded a passenger plane in 1950 and peeked into the cockpit,
    you would have seen five people in there (almost certainly men): two pilots,
    a radio operator, a navigator, and a flight engineer.

    Over the years, technical advances in radio communications, navigation
    systems and on-board monitoring equipment gradually removed the need for the last three, making it possible to safely fly a passenger plane with just two pilots. That has been the norm in commercial aviation for about 30 years.

    Soon, however, things could streamline further, and one of the two remaining pilots -- technically the first officer -- could soon go, leaving behind
    only the captain. Many smaller and military aircraft are already manned by a single pilot, but for commercial aviation this would mean venturing into a brave new world. [...]

    However, removing a pilot from the cockpit will help develop the very technology required for the next, and final, step: removing human pilots altogether and fly planes remotely or autonomously. That, however, sounds
    like an even more complicated conversation: "Two pilots to one pilot is a
    major step," says Smith, "but one pilot to no pilots is an immense one."

    https://www.cnn.com/travel/article/single-pilot-planes/index.html

    ------------------------------

    Date: Thu, 13 Jan 2022 16:34:55 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: How a Hacker Controlled Dozens of Teslas Using a Flaw in
    Third-Party App (Vice)

    A security researcher found flaws in a third-party open-source app that
    allowed him to track and unlock some Teslas.

    A 19-year-old hacker and security researcher said he was able to control
    some features of dozens of Tesla cars all over the world thanks to a vulnerability in a third-party app that allows car owners to track their
    car's movements, remotely unlock doors, open windows, start keyless
    driving, honk, and flash lights.

    David Colombo, the researcher who found the issue, asked Motherboard not to reveal all the details about his findings -- such as the name of the third-party app -- given that some of the vulnerabilities he discovered are
    yet to be fixed. Colombo allowed Motherboard to review his upcoming blog
    post, which contained the details.

    ``There are those Teslas around the world right now in 13 countries and I'm able to disable the sentry mode, unlock the doors, start keyless driving,
    and take them on a road trip,'' Colombo told Motherboard in an interview.
    [...]

    https://www.vice.com/en/article/akv7z5/how-a-hacker-controlled-dozens-of-teslas-using-a-flaw-in-third-party-app

    [See also Katrina Nicholas and Jordan Robertson, Bloomberg, 12 Jan 2022]

    ------------------------------

    Date: Fri, 14 Jan 2022 20:45:09 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Project Torogoz: Extensive Hacking of Media & Civil Society in
    El Salvador with Pegasus Spyware (CitizenLab)

    The Citizen Lab and Access Now have conducted a joint investigation into Pegasus hacking in El Salvador in collaboration with Frontline Defenders, SocialTIC, and Fundaci=C3=B3n Acceso.

    We confirmed 35 cases of journalists and members of civil society whose
    phones were successfully infected with NSO's Pegasus spyware between July
    2020 and November 2021. We shared a sample of forensic data with Amnesty International's Security Lab which independently confirms the findings.

    Targets included journalists at El Faro, GatoEncerrado, La Prensa
    Gr=C3=A1fica, Revista Digital Disruptiva, Diario El Mundo, El Diario de Hoy, and two independent journalists. Civil society targets included
    Fundaci=C3=B3n DTJ, Cristosal, and another NGO.

    The hacking took place while the organizations were reporting on sensitive issues involving the administration of President Bukele, such as a scandal involving the government's negotiation of a pact with the MS-13 gang for a reduction in violence and electoral support.

    While evidence linking a particular infection to a particular Pegasus
    customer is often unavailable, in this case we identified a Pegasus customer operating almost exclusively in El Salvador since at least November 2019
    that we call TOROGOZ, and have connected this operator to an infection
    attempt against El Faro.

    https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/

    ------------------------------

    Date: Sat, 8 Jan 2022 15:50:42 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: New Apple Warning Affects All iPhone Users (Forbes)

    Last year saw the biggest hack in iPhone history, complete with individual horror stories from affected users. Now a haunting new discovery could make
    all iPhone attacks a lot worse. <https://www.forbes.com/sites/gordonkelly/2021/11/27/apple-iphone-warning-security-hack-pegasus-nso-group-iphone-warning-notifications/>,
    <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/>

    It is called *NoReboot* and was discovered by (highly respected mobile
    security specialists ZecOps. The company describes it as ``the ultimate persistence bug'' because it can stop iPhones affected by even temporary attacks from escaping their hacker. Moreover, it affects every iPhone model
    and every version of iOS and Apple cannot fix it which sets alarm bells ringing. <https://www.forbes.com/sites/gordonkelly/2021/07/17/apple-iphone-12-pro-max-warning-wifi-hack-zero-click-exploit-new-iphone-ios-upgrade/>
    <https://www.forbes.com/sites/gordonkelly/2020/05/13/apple-iphone-exploit-vulnerability-ios-13-mail-problem-update-iphone-11-pro-max-u-iphone-xs-max-xr-upgrade/?sh=5fafe8d3c07b>)

    The concept behind NoReboot is simple, but this is also what makes it so dangerous: it tricks users into thinking they have switched off or restarted their iPhones. It works by hijacking the InCallService, SpringBoard <https://apple.fandom.com/wiki/SpringBoard> and backboardd <https://iphonedev.wiki/index.php/Backboardd> background processes which
    handle the reboot process on iPhones and shows them a fake shutdown or
    startup sequence instead when users try to initiate either process. In
    reality, the iPhone remains on at all times.

    Why is this dangerous? Because it is easier for hackers to access iPhones
    with *non-persistent* attacks but -- as the name implies -- these are
    removed when a user shuts down or restarts their phone. But the damage these hacks can now do supersizes when combined with NoReboot code because the
    user cannot (by design or by accident) rid themselves of the hack. ZecOps illustrates this in the video below. [...] https://www.forbes.com/sites/gordonkelly/2022/01/08/apple-warning-iphone-hack-attack-vulnerability-new-iphone-update/

    ------------------------------

    Date: Sat, 15 Jan 2022 14:51:16 +0100
    From: Thomas Koenig <tkoenig@netcologne.de>
    Subject: German interior minister threatens to ban Telegram

    The new German minister of the interior, Nancy Fraeser, has threatened to
    shut down Telegram:

    https://www.dw.com/de/innenministerin-nimmt-telegram-ins-visier/a-60397720

    If this threat is carried out, Germany would join the ranks of the
    countries listed in

    https://en.wikipedia.org/wiki/Government_censorship_of_Telegram_Messenger

    ------------------------------

    Date: Sat, 15 Jan 2022 09:46:19 +0000
    From: Bruce Schneier <schneier@schneier.com>
    Subject: Fake QR Codes on Parking Meters

    [PGN-excerpted from Bruce's CRYPTO-GRAM, 15 Jan 2022
    https://www.schneier.com/crypto-gram/]

    The City of Austin is warning about QR codes stuck to parking meters
    that take people to fraudulent payment sites. https://www.bitdefender.com/blog/hotforsecurity/us-police-parking-meters-phishing-qr-codes/">

    ------------------------------

    Date: Thu, 6 Jan 2022 13:34:02 -0500
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Metaverse's Dark Side: Here Come Harassment and Assaults (NYTimes)

    As Meta and other companies bet big on an immersive digital world, questions about its harms are rising.

    SAN FRANCISCO -- Chanelle Siggens recently strapped on an Oculus Quest
    virtual reality headset to play her favorite shooter game, Population
    One. Once she turned on the game, she maneuvered her avatar into a virtual lobby in the immersive digital world and waited for the action to begin.

    But as she waited, another player's avatar approached hers. The stranger
    then simulated groping and ejaculating onto her avatar, Ms. Siggens
    said. Shocked, she asked the player, whose avatar appeared male, to stop.

    ``He shrugged as if to say: I don't know what to tell y'u. It's the
    metaverse -- I'll do what I want," and then he walked away."'' [...]

    Meta has asked its employees to volunteer to test the metaverse, according
    to an internal memo viewed by *The New York Times*. A stranger recently
    groped the avatar of one tester of a Meta virtual reality game, Horizon
    Worlds, a company spokeswoman said. The incident, which Meta has said it learned from, was reported earlier by The Verge.

    Misbehavior in virtual reality is typically difficult to track because incidents occur in real time and are generally not recorded.

    Titania Jordan, the chief parent officer at Bark, which uses artificial intelligence to monitor children's devices for safety reasons, said she was especially concerned about what children might encounter in the
    metaverse. She said abusers could target children through chat messages in a game or by speaking to them through headsets, actions that are difficult to document.

    https://www.nytimes.com/2021/12/30/technology/metaverse-harassment-assaults.html

    Today's Internet in VR, what could go wrong...

    ------------------------------

    Date: Wed, 12 Jan 2022 23:39:55 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Metro says timing for return of suspended railcars is unknown
    (WashPost)

    The latest hang-up: Technicians didn't know whether to pass or fail a
    railcar if its wheels moved precisely 1/32 of an inch.

    After a second suspension in late December, transit officials acknowledged Friday they don't know when the cars will return to service. The latest hang-up: Technicians didn't know whether to pass or fail a rail car if its wheels moved precisely 1/32 of an inch -- a scenario not spelled out in
    Metro's restoration plan. In such cases, Metro acted on its own accord and against the wishes of an oversight commission. ...

    The latest violation the safety commission cited stems from a small tweak
    Metro made while measuring the width between wheels, transit officials
    said. In its plan to the commission, Metro said its technicians would flag
    any car with wheels that deviated more than 1/32 of an inch on their axles
    from the standard width of 53 5/16 inches.

    Several cars, however, landed right at that limit, and technicians were
    unclear on whether to fail those cars or to allow them back into
    service. The confusion among technicians was compounded because the distance was so small that widths on a car could fluctuate from the heat they
    generated if a car was coming directly out of service.

    Without consulting the safety commission, Metro supervisors told technicians
    to pass the limit, a decision that placed them back into service.

    Swink Benson said, “the modification of the process was not submitted to the [safety commission] for their approval prior to implementation.

    https://www.washingtonpost.com/transportation/2022/01/08/metro-ntsb-railcar-investigation/

    The risk? Not understanding mathematical relationships. "More than" seems pretty clear, not needing interpretation.

    ------------------------------

    Date: Thu, 6 Jan 2022 14:29:47 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Norton 360 Now Comes With a Cryptominer (Krebs on Security)

    Norton 360, one of the most popular antivirus products on the market today,
    has installed a cryptocurrency mining program on its customers' computers. Norton's parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme -- in which the company keeps
    15 percent of any currencies mined -- is opt-in,

    Norton users complain the mining program is difficult to remove, and
    reactions from longtime customers have ranged from unease and disbelief to, ``Dude, where's my crypto?'' [...]

    From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

    ``How on Earth could anyone at Norton think that adding crypto mining within
    a security product would be a good thing? Norton should be *detecting* and killing off crypto-mining hijacking, not installing their own. the post
    reads. The product people need firing.

    [Norton should be *detecting* and killing off crypto mining hijacking, not
    installing their own. The product people need firing. GG]

    https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/

    ------------------------------

    Date: Wed, 5 Jan 2022 19:55:08 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago (WiReD)

    Unless you go out of your way to install the patch, your system could be exposed.

    <https://www.wired.com/story/zloader-microsoft-signature-verification-hack/>

    The widely used malware ZLoader crops up in all sorts of criminal hacking,
    from efforts that aim to steal banking passwords and other sensitive data to ransomware attacks. Now, a ZLoader campaign that began in November has
    infected almost 2,200 victims in 111 countries by abusing a Windows flaw
    that Microsoft fixed back in 2013.

    ------------------------------

    Date: Fri, 14 Jan 2022 14:19:03 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: New Chrome security measure aims to curtail an entire class of Web
    attack (Ars Technica)

    https://arstechnica.com/information-technology/2022/01/new-chrome-security-measure-aims-to-curtail-an-entire-class-of-web-attack/

    ------------------------------

    Date: Thu, 13 Jan 2022 16:16:12 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Black box that could record collapse of civilisation set to be
    installed on Earth (The Mirror)

    The black box, which is set to built on the west coast of Tasmania, will be connected to the Internet and will record information to help a future civilisation if humanity suffers a major apocalyptic event. [...]

    https://www.mirror.co.uk/news/weird-news/black-box-could-record-collapse-25936553

    ------------------------------

    Date: Thu, 13 Jan 2022 20:45:50 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Automakers Rev Up Subscription Services (Washington Consumers'
    Checkbook)

    When you buy or lease your next car, you might be required to pay a monthly
    or yearly subscription fee to activate some of its features.

    Although automakers are making record profits despite pandemic-induced production problems, they continue to look for ways to increase revenue
    beyond sales, financing, and repairs. Stellantis, the world's fourth largest automaker (formerly known as Fiat Chrysler), announced last month that it
    plans to generate about $22.5 billion (20 billion euros) in new annual
    revenue by 2030 from software services and subscriptions. [...]

    Most car companies now offer a subscription package of some type, whether it’s satellite radio, enhancements to the entertainment system, or a connectivity package that provides roadside assistance, concierge services,
    and triggers 911 calls in an accident (such as OnStar).

    But until recently, most of these subscriptions didn't relate to the functioning of the vehicle. And because of that, after the free-trial
    period, many drivers cancel their subscriptions.

    ``Manufacturers are struggling to make these subscription services more valuable, and one way to do that is to require a subscription for some
    pretty basic services.''Eisenstein told Checkbook. Manufacturers say the subscription model allows them to meet the diverse needs of their customers.

    But what if you had to subscribe to driver assistance software, or voice-recognition technology? Would you pay a monthly fee to activate
    optional safety features, such as automatic emergency braking, forward-collision warning, or blind-spot warning? [...]

    Toyota owners have been unpleasantly surprised to discover that when their complimentary subscription to the automaker's Remote Connect service expires
    -- after three years in some cases, 10 years in others -- the remote start feature on their key fob no longer works.

    ``That's absurd. It's a clear attempt to gouge consumers and drive up the
    real cost of buying their vehicles.''

    According to a blog post on The Drive, Toyota appears to be the first
    company to charge for full use of a physical key fob -- either $8 a month or $80 a year at the Remote Connect plan's current price.

    https://www.checkbook.org/washington-area/consumers-notebook/articles/Automakers-Rev-Up-Subscription-Services-7623

    ------------------------------

    Date: Fri, 7 Jan 2022 14:08:50 -0500
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Biden Administration Warns Against Spyware Targeting Dissidents
    (NYTimes)

    The U.S. intelligence community offered steps that would mitigate -- but not stop -- spyware developed by firms like the NSO Group.

    The federal government on Friday warned the public about the risks of commercial surveillance tools that have been used to spy on journalists and political dissidents by infecting their phones with malware.

    https://www.nytimes.com/2022/01/07/us/politics/spyware-warning-cybersecurit= y.html https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/FINAL_Jan-7-= 2022_Protect_Yourself_Commercial_Surveillance_Tools.pdf

    ------------------------------

    Date: Wed, 12 Jan 2022 12:22:31 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Tackling Hard Computational Problems (MIT News)

    Steve Nadis, MIT News. 10 Jan 2022, via ACM TechNews, 12 Jan 2022

    The Massachusetts Institute of Technology's David Gamarnik and colleagues
    have developed the overlap gap property (OGP) tool to analyze difficult computational problems that involve randomness. "We discovered that all
    known problems of a random nature that are algorithmically hard have a
    version of this property," Gamarnik said. "This provides a more precise
    measure of algorithmic hardness." Scientists can evaluate the challenge of creating fast algorithms to solve particular problems with the OGP, and Gamarnik said the tool has already shown that stable algorithms, including quantum approximation optimization algorithms, cannot handle such problems.

    https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2dc33x23071fx072353&100000

    ------------------------------

    Date: Fri, 14 Jan 2022 12:12:06 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: How Game Theory Changed Poker (Oliver Roeder)

    Oliver Roeder, *The Wall Street Journal*, 13 Jan 2022
    via ACM TechNews, 14 Jan 2022

    Researchers at the University of Alberta's Computer Poker Research Group in Canada pioneered game theory mathematics that has transformed how
    professional poker players approach the game. Poker's mathematical
    complexity rivals or surpasses that of chess while adding randomness and
    hidden data, bringing it closer to the "real world" that artificial intelligence scientists want to control. Many poker-playing algorithms incorporate the minimization of regret, a mathematical concept for decision-making in uncertain environments. Game-theory optimal poker players hire programmers to analyze their game data, finding "leaks" or errors in strategy, and to conduct game-theoretical analyses, calculating optimal
    plays in any of the innumerable situations that can confront a player.

    https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dc7bx2307b5x072349&

    ------------------------------

    Date: Tue, 11 Jan 2022 19:35:29 -0600 (CST)
    From: Andrew Odlyzko <odlyzko@umn.edu>
    Subject: Paper on finance and technology manias

    [Slightly adapted for RISKS. PGN]

    Enclosed is a notice of my latest paper on technology and financial manias.
    As there is currently much concern about the possible instability of the financial system that might lead to a crash, given elevated valuations, unprecedented levels of government intervention, low interest rates, opaque interrelationships, very complex systems, rise of fintech, zombie companies, and so on, it might be of interest to see what happened a century and a half ago, when many similar phenomena reigned and when the "roving cavaliers of credit" (to borrow a phrase from Karl Marx) managed to facilitate a giant expansion of a public transportation infrastructure, and ruined themselves
    and many others through "financial innovation." This paper describes a
    major, but previously undocumented, step in the "financialization" of the economy.

    There are also interesting similarities to the Silicon Valley "fake it till
    you make it" philosophy, to the "alternate reality" concerns about the post-truth world, and other currently hot topics.

    Your assistance in the work that led to this paper is gratefully
    acknowledged, although it may not have affected this manuscript, and may
    only influence later ones. You are listed, along with everyone else who assisted in this project on the web page

    http://www.dtc.umn.edu/~odlyzko/doc/mania-ack.html

    [...] if you have any comments on this work, I would be delighted to receive them.

    http://www.dtc.umn.edu/~odlyzko/doc/mania18.pdf
    and if there are any problems with those, also
    https://ssrn.com/abstract=4006745

    The railway mania of the 1860s and financial innovation

    The 1860s witnessed Britain's third, and last, large railway mania.
    Although it added about as much mileage to the rail network as the great Railway Mania of the 1840s, little is known about it in modern literature.
    This paper documents how this mania managed to delude investors into pouring immense sums into the expansion of a public infrastructure. It did so by stealth, by introducing a variety of "financial innovations" reminiscent of those involved in the Global Financial Crisis of 2008. That period, just
    like ours, featured new technologies, novel business models, rapid globalization, dramatic increases in speed of information transmission, and proliferation of misinformation and disinformation. Combined with
    progressive relaxation of government regulation and extremely opaque
    accounts, the "financial engineering" of the 1860s misled even very knowledgeable and inquisitive observers, such as Walter Bagehot. The
    results included the Overend, Gurney crash of 1866, ruin to many individuals and businesses, and a large, but inefficient, expansion of the rail network. These in turn likely influenced the legal and institutional foundations of corporate capitalism. There are striking similarities to many aspects of modern financial markets that might be instructive, especially in the widespread reliance on "search for a greater fool" approaches.

    As a reminder, the above piece, as well as previous ones in this
    series, is available at:

    http://www.dtc.umn.edu/~odlyzko/doc/bubbles.html

    P.S. This draft was written for submission to the proceedings of the 7th International Virtual Early Railways Conference, where a lecture on this material was presented. [...]

    ------------------------------

    Date: Fri, 14 Jan 2022 11:03:20 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Wearing Many Hats: The Rise of the Professional Security Hacker
    (Gabriella Coleman)

    https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/
    Gabriella Coleman <biella@riseup.net>

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 33.02
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)