1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 33.21

    From RISKS List Owner@21:1/5 to All on Mon May 16 23:58:01 2022
    RISKS-LIST: Risks-Forum Digest Monday 16 May 2022 Volume 33 : Issue 21

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/33.21>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    The dangerous business of dismantling America's aging nuclear plants
    (WashPost)
    Crypto is dead (Spectator)
    Phishing attack pop-up targets MetaMask users visiting popular crypto sites
    (The Verge)
    The COVID Testing Company That Missed 96% of Cases (Propublica)
    Everything is somehow interrelated, redux (PGN)
    The Man Who Controls Computers with His Mind (Ferris Jabr)
    Some Top 100,000 Websites Collect Everything You Type -- Before You Hit
    Submit (Lily Hay Newman)
    Sad delivery robot gets lost in the woods (Futurism)
    Estimated $163 billion from pandemic unemployment benefits were misspent or
    stolen (WashPost)
    AI Employment Systems may reflect various forms of bias (EEOC Warning)
    Russians plunder $5M farm vehicles from Ukraine -- to find they've been
    remotely disabled (CNN)
    Russian troops are tracking Ukrainians' Chinese drones (CNN)
    Flytrex expands drone delivery into Texas (TechCrunch)
    Finding it hard to get a new job? Robot recruiters might be to blame
    (The Guardian)
    Radical Ruling Lets Texas Ban Social Media Moderation (WiReD)
    A magnet for rip-off artists: Fraud siphoned billions from pandemic
    unemployment benefits (WashPost)
    He gave Instagram photos of his baby. Instagram returned fear. (WashPost)
    Re: Companies envision taxis flying above jammed traffic (Steve Bacher) Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Sat, 14 May 2022 15:00:11 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: The dangerous business of dismantling America's aging nuclear
    plants (WashPost)

    Accidents at New Jersey's Oyster Creek power plant have spurred calls for stricter oversight of the burgeoning nuclear decommissioning industry.

    Joseph Delmar, a spokesman for Holtec, defended the company's record, saying
    it takes safety and security seriously. The recent incidents ``are not reflective of the organization's culture,'' he said, adding that the worker
    who knocked down the power line ``did not follow the proper safety
    protocols.'' Delmar said the company has decades of experience building equipment to store nuclear waste and employs veteran plant workers to
    dismantle reactor sites.

    ``While the decommissioning organization may seem new, the professionals staffing the company are experienced nuclear professionals with intimate knowledge of the plants they work at,'' Delmar said in an emailed statement.

    Accelerated decommissioning

    Founded and wholly owned by Kris Singh, an inventor and entrepreneur, Holtec says it is pioneering a new model of accelerated decommissioning. At the
    24 U.S. reactors currently undergoing decommissioning, over half are
    expected to take two decades or more to complete the process, NRC data
    shows; Holtec pledges to return nuclear sites to safe, clean usable land in
    as few as eight years. Singh did not respond to requests for comment, and Holtec did not make him available for an interview. [...]

    ``I went from a staff of six to a staff of two, all having extra responsibilities, doubling our workload and learning new criteria of the positions,' the manager said in the letter, which was posted on the NRC's website.

    In a settlement with the NRC announced this year, Holtec agreed to pay a $50,000 civil penalty, hire a new corporate security director and conduct external security assessments. [...]

    In 2017, Holtec opened the doors of a stately new manufacturing center in Camden, N.J., that showcases Singh's accomplishments. Employees arriving at
    the main office building on the Krishna P. Singh Technology Campus walk by a parking space reserved for the CEO's chauffeured Rolls-Royce and into an
    atrium where more than 100 patents bearing Singh's name are on display.

    https://www.washingtonpost.com/business/2022/05/13/holtec-oyster-creek-nuclear-plant-cleanup/

    [In "only" eight years? PGN]

    ------------------------------

    Date: Mon, 16 May 2022 06:25:56 -0600
    From: "Matthew Kruk" <mkrukg@gmail.com>
    Subject: Crypto is dead (Spectator)

    https://www.spectator.co.uk/article/crypto-is-dead

    When Britain voted for Brexit, Macron boasted that Paris would eat the City
    of London's lunch. It didn't quite work out that way, with most league
    tables continuing to put London as the number one or two financial centre,
    with not a single EU city in the top ten. Emmanuel Macron's government has
    now announced that it has invited Binance, a crypto-currency exchange site,
    to set up a European HQ in Paris. You have to ask: has Macron leaped onto a bandwagon that has already started to lose its wheels? [...]

    [The rest of this duplicates Yaffe-Bellany et al. in RISKS-33.20. PGN]

    ------------------------------

    Date: Mon, 16 May 2022 17:11:22 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Phishing attack pop-up targets MetaMask users visiting popular
    crypto sites (The Verge)

    https://www.theverge.com/2022/5/13/23071786/etherscan-coingecko-crypto-phishing-ad-popup-coinzilla-metamask

    ------------------------------

    Date: Mon, 16 May 2022 18:07:53 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: The COVID Testing Company That Missed 96% of Cases (Propublica)

    State and local officials across Nevada signed agreements with Northshore Clinical Labs, a COVID testing laboratory run by men with local political connections. There was only one problem: Its tests didn't work.

    https://www.propublica.org/article/covid-testing-nevada-false-negatives-northshore

    ------------------------------

    Date: Sun, 15 May 2022 12:03:51 PDT
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Everything is somehow interrelated, redux

    Today's Earthweek diary of the planet in today's *San Francisco Chronicle":

    * Warming threshold: 50% chance the world will exceed the 1.5-degree
    Celsius goal by 2026 (UN weather agency). A harbinger?

    * Record swarms: Namibia's worst brown locust invasion in history,
    while still recovering from a 6-year drought ending in 2019. Fodder
    for livestock is rapidly vanishing.

    * Huge South Asia heat: Falling birds dehydrated and exhausted in Gujarat.

    * Eruption repercussions: The cataclysmic eruption of Tonga-Hunga Ha'apai
    volcano brought hurricane-force winds and unusual electric currents to the
    ionosphere. Satellites detected giant plumes of gases, water vapor, and
    dust.

    * Collateral damage: Beyond casualties and destruction in Ukraine, Turkish
    marine-life experts say the war is causing a sharp rise in dolphin deaths
    along the Black Sea coast, due to underwater noise pollution from 20
    Russian navy vessels, driving dolphins ashore or into fish nets. Bulgaria
    has similar reports.

    ------------------------------

    Date: Mon, 16 May 2022 12:21:25 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: The Man Who Controls Computers with His Mind (Ferris Jabr)

    Ferris Jabr, *The New York Times* Magazine, 15 May 2022,
    via ACM TechNews, 16 May 2022

    Paralyzed since 2006, Dennis DeGray has regained a semblance of control over his body via a brain-computer interface (BCI) developed by Stanford
    University researchers. Implanted in him in 2016, the BCI enables DeGray to move a cursor on a computer screen by thought, using machine learning algorithms that associate different neural activity patterns with different intended hand movements. DeGray has learned to control various technologies with his mind, including videogames, robotic limbs, and a simulated aerial drone. BCI advancements to date have relied on a combination of invasive and noninvasive technologies. Thomas Oxley at BCI developer Synchron believes future models will help physically disabled people re-engage with physical
    and digital environments. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ea22x233cdcx071866&

    [This is really seminal work, and opens up many opportunities. There are
    many potential risks -- security, reliability, denials of service attacks,
    and more. However, for some reason it reminded me of a book I read in
    1978 when it first appeared, which might seem timely now:

    Ingo Swann, Star Fire: The War To End All Wars Has Begun --
    Rock superstar-composer Dan Merriweather is the world's first true
    megapsychic. And when he discovers the true extent of his extraordinary
    powers, and his out-of-body voyages reveal the existence of top-secret
    U.S. and Russian installations for the development of psychic weapons
    more frightening than any nuclear or bacteriological hardware, he
    evolves an astounding plan to transform the world. [...]

    Note: Ingo was a subject for the SRI team on psychic experiments back
    then. PGN]

    ------------------------------

    Date: Mon, 16 May 2022 12:21:25 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Some Top 100,000 Websites Collect Everything You Type -- Before
    You Hit Submit (Lily Hay Newman)

    via ACM TechNews, 16 May 2022
    Lily Hay Newman, *Ars Technica*, 14 May 2022

    Researchers at Belgium's Katholieke Universiteit Leuven, Radboud University
    in the Netherlands, and Switzerland's University of Lausanne analyzed the
    top 100,000 websites and found a significant number record some or all of visitors' typewritten data. The researchers estimated 1,844 sites gathered a European Union user's email address without consent, while 2,950 logged a
    U.S. user's email. Many sites incorporate third-party marketing and
    analytics services that perform data-logging. After crawling sites for
    password leaks last May, the researchers found 52 sites in which third
    parties, including Russian technology company Yandex, were incidentally collecting password data prior to submission.

    https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ea22x233ce3x071866&

    ------------------------------

    Date: Mon, 16 May 2022 12:57:11 -0400
    From: Jan Wolitzky <jan.wolitzky@gmail.com>
    Subject: Sad delivery robot gets lost in the woods (Futurism)

    The Internet was delighted over the weekend when British history professor Matthew McCormack made a hilarious discovery during his morning bike ride: a six-wheeled delivery robot, driving by its lonesome self along a forested
    path, in a rather adorable reminder of the helplessness of increasingly ubiquitous autonomous machines.

    <https://futurism.com/the-byte/delivery-robot-lost-woods>

    ------------------------------

    Date: Mon, 16 May 2022 00:30:56 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Estimated $163 billion from pandemic unemployment benefits were
    misspent or stolen (WashPost)

    https://www.washingtonpost.com/us-policy/2022/05/15/unemployment-pandemic-fraud-identity-theft

    ------------------------------

    Date: Sat, 14 May 2022 12:42:17 -0400
    From: Bob Gezelter <gezelter@rlgsc.com>
    Subject: AI Employment Systems may reflect various forms of bias
    (EEOC Warning)

    Better now than later.

    An interesting problem. There have been many well-documented cases of
    scoring systems encapsulating pre-existing biases and gaps in understanding.

    Twenty years ago, I spoke about the limitations of many analyses in "Les Approximations Dangereaux: The Sorcerer's Apprentice and Other Dangerous Approximations" at e_Protectit 2002. (http://www.rlgsc.com/e-protectit/sorcerers.html)
    A more extensive treatment is contained in Cathy O'Neil's 2016 book,
    "Weapons of Math Destruction". Also relevant is Lawrence Lessig's 2000 book "Code and Other Laws of Cyberspace".

    Employment screening is no different than any other analysis. "Set", in essence, seeing what one wants is a long-known danger in the Intelligence, engineering, and other communities. Screening systems, whether for
    employment, creditworthiness (e.g., red-lining), parole (see O'Neil), or
    other uses, are no different.

    The EEOC release is at:

    https://www.eeoc.gov/newsroom/us-eeoc-and-us-department-justice-warn-against-disability-discrimination

    ------------------------------

    Date: Mon, 16 May 2022 06:15:19 -0600
    From: "Matthew Kruk" <mkrukg@gmail.com>
    Subject: Russians plunder $5M farm vehicles from Ukraine -- to find they've
    been remotely disabled (CNN)

    Russian troops in the occupied city of Melitopol have stolen all the
    equipment from a farm equipment dealership - and shipped it to Chechnya, according to a Ukrainian businessman in the area.

    But after a journey of more than 700 miles, the thieves were unable to use
    any of the equipment -- because it had been locked remotely.

    https://www.cnn.com/2022/05/01/europe/russia-farm-vehicles-ukraine-disabled-melitopol-intl/

    ------------------------------

    Date: Sun, 15 May 2022 12:24:03 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Russian troops are tracking Ukrainians' Chinese drones (CNN)

    In this clip by CNN, an Ukrainian drone operator describes how Russian
    troops were able to track the Ukrainians' off-the-shelf Chinese-made drones, trying to destroy their operators. https://www.youtube.com/watch?v=b166ecyNBCw&t=156s

    In this situation, it's all incidental, as both sides are just using
    whatever they can get; none of this was planned by the Chinese manufacturers
    -- yet. But military systems everywhere contain thousands of electronic components; I doubt their operators can even guess where every chip came
    from.

    ------------------------------

    Date: Fri, 13 May 2022 21:42:09 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Flytrex expands drone delivery into Texas (TechCrunch)

    https://techcrunch.com/2022/03/29/flytrex-expands-drone-delivery-into-texas/

    Will this "fly" with New York? What could go wrong?

    ------------------------------

    Date: Sun, 15 May 2022 00:41:50 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Finding it hard to get a new job? Robot recruiters might
    be to blame (The Guardian)

    https://www.theguardian.com/us-news/2022/may/11/artitifical-intelligence-job-applications-screen-robot-recruiters

    ------------------------------

    Date: Sat, 14 May 2022 23:01:07 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Radical Ruling Lets Texas Ban Social Media Moderation (WiReD)

    https://www.wired.com/story/texas-social-media-moderation-ban/

    Eventually he realized that if he wrote a version of Bitcoin that had a Turing-complete programming language, the network could deliver every imaginable digital service, right out of the box. It didn't even have to
    stop at financial applications. You could replicate Facebook, reassemble the stock market, or even build completely digital corporations and run them
    beyond the jurisdiction of any government entity. Once placed on a
    blockchain, they would exist in an environment where software, data, and financial assets interact without friction.

    https://www.wired.com/2016/06/the-uncanny-mind-that-built-ethereum

    ------------------------------

    Date: Sun, 15 May 2022 13:40:28 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: A magnet for rip-off artists: Fraud siphoned billions from pandemic
    unemployment benefits (WashPost)

    Identity theft and sophisticated criminal schemes siphoned billions from pandemic unemployment benefits while government officials were unprepared
    to deploy relief aid.

    https://www.washingtonpost.com/us-policy/2022/05/15/unemployment-pandemic-fr= aud-identity-theft/

    ------------------------------

    Date: Fri, 13 May 2022 21:25:35 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: He gave Instagram photos of his baby. Instagram returned fear.
    (WashPost)

    Have you ever felt like recommendations on Instagram, TikTok or YouTube are dragging you down an unwanted rabbit hole? We the users need algorithm transparency and control.

    https://www.washingtonpost.com/technology/2022/05/12/instagram-algorithm/

    ------------------------------

    Date: Sat, 14 May 2022 10:14:36 -0700
    From: Steve Bacher <sebmb1@verizon.net>
    Subject: Re: Companies envision taxis flying above jammed traffic
    (RISKS-33.20)

    Hasn't anyone considered that once flying cars/taxis are practical and popularized, the traffic jams will simply migrate from the roads to the air? You're not going to be able to just breeze through the sky when everyone
    else has the same notion and capability.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 33.21
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)