RISKS-LIST: Risks-Forum Digest Monday 21 March 2022 Volume 33 : Issue 10

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.10>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
It's 70 degrees warmer than normal in eastern Antarctica. Scientists are
flabbergasted. (MSN)
Russia Faces IT Crisis with Just 2 Months of Data Storage Left (Bill Toulas) Huge DDoS attack temporarily kicks Israeli government sites offline
(The Register)
Unix Rootkit Used to Steal ATM Banking Data (Two items combined)
Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the Wild
(Dan Goodin)
Legislation to require hand-counting of ballots? (Douglas W. Jones)
When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe)
The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD)
Find You: Building a stealth AirTag clone (Positive Security)
Tired of Waiting for Driverless Vehicles? Head to a Farm (Scott McFetridge) *Time* Releases Full Magazine Issue as NFT on the Blockchain" (Time)
Beware of QR Code Scams (Heidi Mitchell)
Drone swarm forms clickable QR code (Hollywood Reporter)
Re: Senate passes permanent Daylight Saving Time (John Levine)
One problem with permanent daylight saving time: Geography
(Lauren Weinstein)
Re: MMS spam? (Jay Libove, Rob Slade)
Re: Farewell Honeychild (Charles Jackson)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 19 Mar 2022 14:49:38 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: It's 70 degrees warmer than normal in eastern Antarctica.
Scientists are flabbergasted. (MSN)

The coldest location on the planet has experienced an episode of warm
weather this week unlike any ever observed, with temperatures over the
eastern Antarctic ice sheet soaring 50 to 90 degrees above normal. The
warmth has smashed records and shocked scientists.

This event is completely unprecedented and upended our expectations about
the Antarctic climate system, said Jonathan Wille, a researcher studying
polar meteorology at Universite Grenoble Alpes in France, in an email.

Antarctic climatology has been rewritten, tweeted Stefano Di Battista,
a researcher who has published studies on Antarctic temperatures. He
added that such temperature anomalies would have been considered
impossible and unthinkable before they actually occurred.

Parts of eastern Antarctica have seen temperatures hover 70 degrees
(40 Celsius) above normal for three days and counting, Wille said. He
likened the event to the June heat wave in the Pacific Northwest,
which scientists concluded would have been virtually impossible
without human-caused climate change.

What is considered warm over the frozen, barren confines of eastern
Antarctica is, of course, relative. Instead of temperatures being
minus-50 or minus-60 degrees (minus-45 or minus-51 Celsius), they've
been closer to zero or 10 degrees (minus-18 Celsius or minus-12
Celsius) -- but that's a massive heat wave by Antarctic standards. [...]

https://www.msn.com/en-us/weather/topstories/it-e2-80-99s-70-degrees-warmer-than-normal-in-eastern-antarctica-scientists-are-flabbergasted/ar-AAVfk4m

------------------------------

Date: Wed, 16 Mar 2022 12:08:06 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Russia Faces IT Crisis with Just 2 Months of Data Storage Left
(Bill Toulas)

Bill Toulas, BleepingComputer, Ides of March 2022,
via ACM TechNews, 16 Mar 2022

The withdrawal of Western cloud computing companies from Russia has left the country with roughly two months of information technology (IT) data storage. Russian news outlet *Kommersant* says the situation is compounded by exponential growth of public Russian agencies' storage needs due to Smart
City projects entailing extensive video-surveillance and facial-recognition systems. Options proposed at a meeting of the Ministry of Digital Transformation Solutions include leasing all available domestic data storage
or mandating that Internet service providers ditch media streaming services
and other online entertainment platforms. Russia also could seize IT servers and storage left behind by exiting businesses and incorporate them into
public infrastructure. The last option would be to use Chinese cloud service providers and IT system sellers, although China has not yet decided how much aid it is willing to provide.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e3c6x23240bx073178&

------------------------------

Date: Wed, 16 Mar 2022 09:16:49 +0200
From: Mike Rechtman <mike@rechtman.com>
Subject: Huge DDoS attack temporarily kicks Israeli government sites offline
(The Register)

A state of emergency is declared as officials assess the damage and look for culprits https://www.theregister.com/2022/03/15/ddos-attack-israel-government-iran/
15 Mar 2022 // 17:12 UTC

A massive distributed denial-of-service (DDoS) attack forced Israeli
officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident.

In a tweet, the Israel National Cyber Directorate said it had detected the
DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.

According to Internet watchdog NetBlocks, the attacks targeted Israeli
telecom providers Bezeq and Cellcom and hit multiple networks run by the companies.

------------------------------

Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Unix Rootkit Used to Steal ATM Banking Data (Two items combined)

Bill Toulas, BleepingComputer, 17 Mar 2022

Researchers at the cybersecurity firm Mandiant found that the LightBasin hacking group is using a previously unknown Unix rootkit to steal ATM
banking data and make unauthorized cash withdrawals from ATM terminals at several banks. The rootkit, a Unix kernel module called "Caketap," affects servers running the Oracle Solaris operating system, hiding network connections, processes, and files while installing several hooks into system functions to receive remote commands and configurations. Caketap intercepts messages sent to the Payment Hardware Security Module (HSM), used by the banking industry to verify bank card information, to stop verification
messages that match fraudulent bank cards and instead generate a valid response. It also internally saves valid messages that match non-fraudulent primary account numbers and sends them to the HSM to avoid impacting routine customer transactions and implant operations. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x232602x073400&

ALSO: Drew Harwell, *The Washington Post* 17 Mar 2022

Computer programmers and volunteer "information warriors" are attempting to counter Russian propaganda and information suppression concerning the
Ukraine invasion. A Website built by the squad303 coder group shows a
randomly selected Russian citizen's email address and phone or WhatsApp
number, and provides a pre-written message visitors can send to engage in a dialogue. A Polish programmer said he works with more than 100 volunteers
from the U.S., Estonia, France, Germany, and more, divided into teams
focused on software development, cyberdefense, social media, and a help desk
to onboard new messengers. Western social media companies and media outlets also have started helping Russians bypass government censorship by using Tor software, which directs online traffic through a scattered network of
servers, neutralizing Russia's Website blockade. Market research data
indicates virtual private network applications, which enable Russians to
access otherwise-banned sites, have been downloaded millions of times on the Apple and Google app stores. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x2325f7x073400&

------------------------------

Date: Wed, 16 Mar 2022 12:08:06 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the
Wild (Dan Goodin)

Dan Goodin, Ars Technica, 14 Mar 2022,
via ACM TechNews, 16 Mar 2022

Researcher Hanno B=F6ck said he used a 379-year-old algorithm described by French mathematician Pierre de Fermat to break a handful of weak
cryptographic keys found in the wild. The keys were generated with older software owned by technology company Rambus, derived from a basic version of the SafeZone Crypto Libraries. B=F6ck said the SafeZone library
insufficiently randomized the two prime numbers it used to generate RSA
keys, and Fermat's factorization method can crack such keys easily. The algorithm was based on the fact that any odd number can be expressed as the difference between two squares, and factors near that number's root are
easily and quickly calculable. B=F6ck thinks all the keys he found in the
wild were generated using software or methods unaffiliated with the SafeZone library, which if true means the Fermat algorithm might easily break keys crafted by other software.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e3c6x23240fx073178&

[You gotta be very Ferm-at avoiding such primes. PGN]

------------------------------

Date: Sun, 20 Mar 2022 11:49:09 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Legislation to require hand-counting of ballots? (Douglas W. Jones)

My long-time colleague (Prof.) Doug Jones (not the politician) has
published an op-ed relating to recent attempts to abandon ballot
scanners in favor of hand-counting ballots. It is in The Des Moines
Register. This is worth reading.

https://www.msn.com/en-us/news/politics/opinion-we-shouldnt-abandon-machine-counted-election-ballots/ar-AAVhCzE

[Hand-counting is more easily rigged? PGN]

------------------------------

Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe)

Adam Zewe, MIT News, 15 Mar 2022

Massachusetts Institute of Technology (MIT) researchers have demonstrated
the use of a generative machine-learning model to produce synthetic data,
based on real data, to train another model for image classification. Researchers showed the generative model millions of images containing
objects in a specific class, after which it learned those objects'
appearance in order to generate similar objects. MIT's Ali Jahanian said generative models also learn how to transform underlying training data, and connecting a pre-trained generative model to a contrastive learning model enabled both models to work together automatically. The results show that a contrastive representation learning model trained only on synthetic data can learn visual representations that rival or top those learned from real
data. In analyzing how the number of samples influenced the model's performance, researchers determined that, in some cases, generating larger numbers of unique samples facilitated additional enhancements. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x2325f8x073400&

[RISKS: Is this just kicking the can down the road, because The
training-data model may be biased. PGN]

------------------------------

Date: Sun, 20 Mar 2022 21:57:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD)

The agreement may provoke a global data storage melee and more politically motivated intervention in the tech sector.

In August 2020, President Donald Trump dropped a bombshell executive order banning TikTok in the United States. Since then, as TikTok has competed
against other Big Tech companies -- growing among teen users while Facebook
and others have struggled -- its ability to survive in the United States has remained under a cloud of uncertainty. Would regulators step in and kill off
a product that had become a staple form of communication for some 100
million Americans?

That cloud seemed to lift last week in the wake of reports that TikTok will enter into a data storage deal with Oracle. In the short term, the agreement would be good for U.S. users, enabling TikTok to invest more of its
resources and energy into improving its product, rather than wrestling with
the government.

But in the long run, the forecast looks bleaker. The deal would establish precedents likely to harm technology companies and their users. [...]

However, the agreement is almost certain to provide momentum to foreign governments who want to do exactly what the United States is doing: require companies to store data within their borders. Numerous countries have pushed these types of data localization requirements over the last decade,
including Russia, India, and France. In response, the tech sector has made
the case that this approach to data storage creates privacy risks, degrades performance, and imposes compliance costs that make it harder for small companies to compete.

If the U.S. government succeeds in forcing TikTok to enter this local data-storing arrangement with Oracle, other governments will be more likely
to impose comparable requirements on U.S. companies operating within their borders. A principle that might be appealing to TikTok’s critics in the United States could seem much less desirable if it were applied to Apple,
Meta, or Snap in countries like China or Russia. The war in Ukraine has highlighted why countries like Russia want to use localization to exert more control over global tech companies, and also why it’s so important that
local data storage requirements remain the exception rather than the norm.

https://www.wired.com/story/the-tiktok-oracle-deal-would-set-2-dangerous-precedents

------------------------------

Date: Sun, 20 Mar 2022 22:11:15 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Find You: Building a stealth AirTag clone (Positive Security)

* After AirTags are reportedly used more and more frequently for malicious
purposes, Apple has published a statement that lists its current and
future efforts to prevent misuse.

* We built an AirTag clone that bypasses all those tracking protection
features and confirmed it working in a real-world experiment (source code
available here).

* We encourage Apple to include AirTag clones/modified AirTags into their
threat model when planning the next changes to the Find My ecosystem.

https://positive.security/blog/find-you

------------------------------

Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Tired of Waiting for Driverless Vehicles? Head to a Farm
(Scott McFetridge)

Scott McFetridge, Associated Press, 16 Mar 2022

Driverless vehicles are more abundant on farms than city streets, with John Deere to start manufacturing autonomous tractors this fall after more than
10 years in development. The company intends to run the tractors on 10 to 50 farms by fall, before expanding to more farms in the coming years. Carnegie Mellon University's Raj Rajkumar said autonomous tractors have no vehicles, pedestrians, or intricacies of urban systems to deal with, and they can
employ consistent global-positioning system data. Farmers can hitch a plow behind the driverless tractor, start it with a swipe of a smartphone, and
then leave it to travel the field on its own. The machine has six pairs of cameras that can provide a 360-degree image, and computer algorithms help it
to navigate and stop before unfamiliar obstacles. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x2325ffx073400&

[If it its uses are off-road only, that means safety standards tend to be
considerably reduced? That's the way off-road equipment works now,
although it might need a trailer to go from one farm to another. PGN]

------------------------------

Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: *Time* Releases Full Magazine Issue as NFT on the Blockchain" (Time)

*Time*, 18 MAr 2022

*Time* magazine will publish the first fully decentralized magazine issue, available on March 23 as a non-fungible token (NFT) on the blockchain.
Created in partnership with LITDAO, a Web3 cultural currency and NFT
project, the issue will be hosted through a decentralized protocol, with readers accessing the magazine through an interactive NFT. With support from the global Internet finance firm Circle, the issue, which will feature a
cover story on Ethereum's Vitalik Buterin, will be airdropped to certain TIMEPiece and genesis LIT community wallet holders. "As *Time* continues to push the boundaries as to what is possible within the Web3 ecosystem,
producing the first-ever full magazine on the blockchain seemed like a
natural extension for our brand, and we knew this issue, in particular,
would be cherished by our community," said *Time~'s Keith A. Grossman. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x2325fcx073400&

------------------------------

Date: Mon, 21 Mar 2022 12:03:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Beware of QR Code Scams (Heidi Mitchell)

Heidi Mitchell, *The Wall Street Journal*, 19 Mar 2022

Security researchers warn of the growing threat of fraudulent quick response (QR) codes, including some affixed to parking meters in Texas cities that tricked drivers into entering their credit-card data at a bogus Website. Although the Better Business Bureau's Scam Tracker site lists just 46 QR code-related attacks in the U.S. since March 2020, link-management service Bit.ly has observed a 750% increase in QR-code downloads since then. Most smartphones "just read the code and open the link without ensuring that it
is safe or that it is, in fact, what it says it is," said Justin Fier at artificial intelligence cybersecurity firm Darktrace. Skilled attackers also can use a QR code to send users to a spoof site, then hand over the
information they enter to the genuine site. Symantec's Eric Chien suggests either avoiding QR codes that are stuck on devices or installing QR-code scanner applications. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e440x2325f9x073400&

[See RISKS-33.02-04. PGN]

------------------------------

Date: Wed, 16 Mar 2022 17:47:35 +0200
From: Amos Shapir <amos083@gmail.com>
Subject: Drone swarm forms clickable QR code (Hollywood Reporter)

In a publicity stunt for a TV series, 400 drones formed a huge QR code
square in the sky over Austin, Texas, which linked to the series' trailer
clip.

Yet another way to make people click on links to sites they never intended
to visit.

Full story at: https://www.hollywoodreporter.com/tv/tv-news/halo-sxsw-drones-1235110882/

------------------------------

Date: 16 Mar 2022 14:39:22 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: Senate passes permanent Daylight Saving Time (RISKS-33.09)

There were claims that there might be more accidents, but no evidence that there actually were.

https://www.nytimes.com/1974/10/01/archives/senate-votes-return-to-standard-time-for-four-months-and-sends-bill.html

Here in the frozen north, in January the sun rises at 7:30 or later so a lot
of kids wait for the bus in the dark with or without daylight time.

------------------------------

Date: Mon, 21 Mar 2022 09:48:13 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: One problem with permanent daylight saving time: Geography

It's pretty much always the case that anything Congress does in a
hurry hasn't been thought out. Often not thinking things through is
one of Congress' most obvious attributes. -L

https://www.nbcnews.com/politics/meet-the-press/one-problem-permanent-daylight-saving-time-geography-n1292415

------------------------------

Date: Wed, 16 Mar 2022 08:10:31 +0000
From: Jay Libove <libove@felines.org>
Subject: Re: MMS spam?

In re: Rob Slade's question about MMS spam, I've seen some mobile phone
based messaging clients that, by default, "upgrade" messages which are too
long to fit in a single (or in a consecutive set of up to five) SMS text messages, or which contain non-SMS-compatible content, to MMS. That is of course a horrible default, because MMS messages tend to have ridiculous
costs, of which the user is unlikely to be consciously aware at the moment
that their messaging software "helpfully" ensures delivery .. at a cost of $1.00 or so both to themself and probably also to each recipient. Rob, ask your correspondent to take a look at the settings of their messaging app in which the finally-resulted-as-MMS message was sent. -Jay

------------------------------

Date: Mon, 7 Mar 2022 07:21:29 -0800
From: Rob Slade <rslade@gmail.com<mailto:rslade@gmail.com>>
Subject: Re: MMS spam?

I have been receiving a lot of MMS (as opposed to SMS, normal text) messages
on my phones recently. One of the phones doesn't have a data plan, so I
don't get to see what the messages are. (Yes, yes, I *know* the cell
companies promise that their plans allow you unlimited voice, video, and pictures "text" messages. They lie.) I have generally despaired of trying
to get people to realize the difference between SMS and MMS messages, and
the incompatibilities that make MMS messages unreliable even if you do have
the phone and cell/mobile data plan to support them.

However, a few days ago I got an MMS message from someone who *is*
technically competent, and, when I challenged him, he denied sending any
such message. Given that he would know, and the increase in numbers, I am wondering if there is some new spamming campaign utilizing MMS messages.

Anybody heard/seen anything along these lines?

------------------------------

Date: Tue, 15 Mar 2022 21:15:11 -0400
From: Charles Jackson <clj@jacksons.net>
Subject: Re: Farewell Honeychild (PGN, RISKS-33.09)

Well, as I recall the story, it goes like this:

Honeywell and Fairchild have announced a merger. They also announced that
the merger would create substantial efficiencies by reducing expenses.
Substantial layoffs are expected. The merged firm will be called Farewell
Honeychild. [TNX for the rest of the story!!! PGN]

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.10
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)