RISKS-LIST: Risks-Forum Digest Saturday 17 September 2022 Volume 33 : Issue 45

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.45>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Chinese and Russian ops (Two NYTimes items PGN-ed)
Chinese spy convicted with help from iCloud backup of his iPhone (9to5Mac) Nuclear Power Still Doesn't Make Much Sense (NYTimes)
Say Hello to Crazy-Thin Deep-Insert ATM Skimmers (Krebs on Security)
Malware attack knocks out software for 6,000+ residential properties
George Mannes)
Patent troll attacks against open-source projects are up 100% since last
year. Here's why (ZDNET)
Alarms over healthcare cyberattacks are getting louder (The Verge)
Microsoft Teams has been storing authentication tokens in plaintext
(Engadget)
Trojanized versions of PuTTY utility being used to spread backdoor
(Ars Technica)
iPhone Lockdown Mode can be easily detected, could make you a target
(9to5Mac)
WatchOS 9 Breaks Spotify Streaming, Apple Watch Users Urged Not to Update
(MacRumors)
Text Messaging Is Cool. But Where Are Its Boundaries? (NYTimes)
Watch it! Legal issues arise with home security cameras (Hiawatha Bray)
DHS built huge database from cellphones/computers seized at border
(WashPost)
Appeals court upholds Texas law regulating social media moderation
(WashPost)
Biden is completely wrong about Section 230 as relates to hate speech
(Lauren Weinstein)
Uber wasn't using security keys (Vice)
Uber's hack shows the stubborn power of social engineering (The Verge)
Chess Grandmaster accused of using anal beads to cheat receives offer to
clear his name by playing nude (AVClub)
We're stuck with this white elephant: A Wisconsin town's big bet on
electronics maker Foxconn hasn't panned out as planned (Fortune)
NSA Software Supply Chain Guidance (The New Stack)
Re: Artemis I launch scrubbed again, new attempt may not come until October
(Martin Ward)
Re: How criminals are using jammers, deauthers to disrupt WiFi (Henry Baker) Re: Major telecoms sign deal to keep some phone services running during
future outages (Steve Bacher)
Re: Apple and other vendors and eSIM (John levine)
Re: Groove.cm Breaks the Internet (Amos Shapir, Steve Bacher)
Re: The Search for info, not just Dirt, on the Twitter Whistle-Blower
(John Levine)
Re: Facebook has no idea where to find your data (Ssteve Bacher)
Re: 3D gun printing operation busted in Calgary (dmitri maziuk)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 16 Sep 2022 14:19:50 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Chinese and Russian ops (Two NYTimes items)

China Covert Operations May Overwhelm Us
Nigel Inkster, *The New York Times*, 16 Sep 2022
The West isn't sufficiently prepared for intelligence threats from Beijing

Russia Secretly Spent $300M to Sway Elections Around the World
Edward Wong, *The New York Times*, 14 Sep 2022
[At least. That what has been detected. PGN]

------------------------------

Date: Sat, 17 Sep 2022 01:19:12 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Chinese spy convicted with help from iCloud backup of his iPhone
(9to5Mac)

https://9to5mac.com/2022/09/16/chinese-spy/

------------------------------

Date: Fri, 16 Sep 2022 15:15:18 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Nuclear Power Still Doesn't Make Much Sense (NYTimes)

I heard a Ukrainian reporter on the radio talking about the problems with
the Ukrainian "grid infrastructure" due to the Russian occupation of the
Zaporizhzhia nuclear plant. Except with her Ukrainian accent, she
pronounced it "greed infrastructure". I think that she summed up the
nuclear power industry precisely !!
Truly a Kinsley gaffe (Google it) moment !

Farhad Manjoo, *The New York Times*, 16 Sep 2022
Nuclear Power Still Doesn't Make Much Sense https://www.nytimes.com/2022/09/16/opinion/nuclear-power-still-doesnt-make-much-sense.html

I landed in London at around the same time that international energy
regulators were making emergency plans for maintaining the safety of
Ukraine's Zaporizhzhia nuclear plant, which had come under shelling from Russian troops. [...]

Tyson Slocum, the director of the energy program at the advocacy group
Public Citizen, summed up these problems neatly: ``Nuclear power has simply been eclipsed. It was an incredible zero-emission resource for its day. But for much of the energy system today, that day has long passed.'' [...]

------------------------------

Date: Fri, 16 Sep 2022 09:57:51 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Say Hello to Crazy-Thin Deep-Insert ATM Skimmers
(Krebs on Security)

A number of financial institutions in and around New York City are dealing
with a rash of super-thin *deep-insert* skimming devices designed to fit
inside the mouth of an ATM's card acceptance slot. The card skimmers are
paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.

https://krebsonsecurity.com/2022/09/say-hello-to-crazy-thin-deep-insert-atm-skimmers/

------------------------------

Date: Thu, 15 Sep 2022 21:26:13 -0400
From: George Mannes <gmannes@gmail.com>
Subject: Malware attack knocks out software for 6,000+ residential
properties

I live in a New York City co-op apartment building that contracts with the
firm BuildingLink for a package of administrative & security services, such
as tracking & notification of package deliveries, repair requests,
instructions for the front desk regarding items such as permissions to
enter, and storage and check-out of apartment keys at the front desk. The system also includes a directory of building residents, including their apartment numbers, their phone numbers & email addresses. BuildingLink's software is used in more than 6,000 properties worldwide, according to the company's website.

The system was down Monday, Tuesday, and much of Wednesday following a
malware attack. Apparently, it was a nationwide outage. Some excerpts from BuildingLink's status report page (https://status.buildinglink.com/):

12 Sep Monday:

Users are currently unable to access BuildingLink.com and custom domains,
the resident app, and the valet app.

-Users are also unable to access ConciergeLink and the GEO app if not
already logged in....

-KeyLink can currently be used with the fingerprint reader, but not with username and password.

14 Sep afternoon

On Sunday, 11 Sep, BuildingLink was the target of a malware incident, which impacted certain network systems.

While we are still in the early stages of an investigation, here's what we
know so far: our team acted quickly and took certain systems offline as a precautionary measure and continue to take steps to enhance security systems already in place. We also immediately engaged outside specialists ... to
assist us in our response and conduct a full investigation so we can fully understand what happened.

15 Sep (this afternoon):

We have a team investigating the malware incident to determine if any data
was impacted. We will share our findings as soon as we are able.

The service interruption had no ill effects on me or anyone I know of. But
I'll be interested to learn what, if any, data concerning those 6,000+ properties and their residents was "impacted."

------------------------------

Date: Wed, 14 Sep 2022 00:34:55 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Patent troll attacks against open-source projects are up 100%
since last year. Here's why (ZDNET)

In recent years, patent trolls have started attacking open-source developers and companies. But, the open-source community is fighting back.

https://www.zdnet.com/article/patent-troll-attacks-against-open-source-projects-are-up-100-since-last-year-heres-why/

------------------------------

Date: Sat, 17 Sep 2022 00:50:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Alarms over healthcare cyberattacks are getting louder (The Verge)

https://www.theverge.com/2022/9/16/23356974/health-cybersecurity-devices-fbi-ransomware

------------------------------

Date: Sat, 17 Sep 2022 00:54:19 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Microsoft Teams has been storing authentication tokens in plaintext
(Engadget)

https://www.engadget.com/microsoft-teams-has-been-storing-auth-tokens-in-plaintext-093510463.html

------------------------------

Date: Sat, 17 Sep 2022 01:09:51 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Trojanized versions of PuTTY utility being used to spread backdoor
(Ars Technica)

https://arstechnica.com/information-technology/2022/09/trojanized-versions-of-putty-utility-being-used-to-spread-backdoor/

------------------------------

Date: Fri, 16 Sep 2022 23:36:38 -0400
From: Monty Solomon <monty@roscom.com>
Subject: iPhone Lockdown Mode can be easily detected, could make you a
target (9to5Mac)

https://9to5mac.com/2022/08/26/iphone-lockdown-mode-2/

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Sat, 17 Sep 2022 01:13:31 -0400
Subject: WatchOS 9 Breaks Spotify Streaming, Apple Watch Users Urged Not to
Update (MacRumors)

https://www.macrumors.com/2022/09/16/watchos-9-breaks-spotify-streaming/

------------------------------

Date: Wed, 14 Sep 2022 19:14:27 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Text Messaging Is Cool. But Where Are Its Boundaries? (NYTimes)

Apple and Google have added useful features to texting apps, yet the apps
still lack a major component: an effective way to set limits.

The pros of text messaging can easily turn into cons. Since texting
typically takes only a few seconds and is widely considered the most urgent, attention-grabbing form of digital communication, itâs difficult to set boundaries around texting with our colleagues and friends. Texting invites
us to intrude on other peopleâs time.

https://www.nytimes.com/2022/09/14/technology/personaltech/texting-ios-android.html

Don't answer? "Do not disturb"? Off?

Plus gripes about various unrelated matters like Apple vs. Google, messaging insecurity, complexity, can't schedule sending messages, and waxes nostalgic for AOL Instant Messenger. Wanders unproductively far afield from messaging boundaries.

------------------------------

Date: Thu, 15 Sep 2022 10:08:02 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Watch it! Legal issues arise with home security cameras
(Hiawatha Bray)

*The Boston Globe*, 14 Sep 2022 https://www.boston.com/real-estate/fall-house-hunt/2022/09/14/watch-it-legal-issues-arise-with-home-security-cameras

<https://www.hollywoodreporter.com/tv/tv-news/ed-markey-slams-amazon-wanda-sykes-ring-nation-1235205556/>

Tech giant Amazon is rolling out a new TV series about Rings, and it's not their billion-dollar blockbuster set in Middle-Earth.

This show is called Ring Nation, and it will feature videos captured by Amazon's Ring home security cameras. The idea of a weekly TV series
featuring surveillance videos has ticked off privacy experts, civil libertarians, and Senator Edward Markey, Democrat of Massachusetts. But it
also proves that home security cameras are on the way to becoming as commonplace as lawn sprinklers.

We've still got a way to go. By the end of 2021, only about 14 percent of
homes with broadband access had a network-connected security camera, while
15 percent owned a video doorbell, according to research firm Parks
Associates. <https://www.parksassociates.com/blog/article/access-control-ecosystem--expanding-value>

But with the surge in crime <https://time.com/6138650/violent-crime-us-surging-what-to-do/>, the
percentage is likely to rise. And a 2021 survey by the National Association
of Home Builders indicated that 70 percent of likely home buyers want
security cameras, with 27 percent calling them a âmust-haveâ feature.

When the concept was first patented by Marie van Brittan Brown <https://lemelson.mit.edu/resources/marie-van-brittan-brown#:~:text=African%20American%20inventor%20Marie%20Van,Jamaica%2C%20Queens%2C%20New%20York.>
and her husband, inventors from Queens, N.Y., back in the 1960s, home-video technology was far too cumbersome and expensive for the average homeowner.

Today, cameras cost between $100 and $400, depending on the features. They
can shoot high-resolution video images and carry microphones that can pick
up conversations 20 feet away. Some are completely wireless and powered by internal batteries or even solar cells, while using Wi-Fi to hook up with a homeâs broadband system. Videos can be viewed in real time over a smartphone connection or automatically stored in the Internet cloud for later
viewing. This type of camera --offered by major companies like SimpliSafe, Vivint, and Ring --is something homeowners can set up easily.

But when people start pointing cameras and microphones at one another,
certain issues arise. Like, what if your next-door neighbor complains that
your camera invades his privacy? What if the microphone records people's private conversations?

The law has little to say about such matters, according to Matthew Guariglia <https://www.eff.org/about/staff/dr-matthew-guariglia-0>, a policy analyst
at the Electronic Frontier Foundation, an online civil liberties group.
``There isn't a lot of protection for people from household surveillance devices,'' Guariglia said.

If your camera is pointed at a part of your neighbor's property that's in
plain view --like the driveway, front porch, or even the backyard - these
are areas where the neighbor has no reasonable expectation of privacy. And people are watching. According to a survey Vivint released in May, nearly 25 percent of people with outdoor cameras use them to keep an eye on their neighbors.

With one major exception: cameras that can see inside someone's home. In a
2014 ruling, the Massachusetts Supreme Judicial Court held that a homeowner could be sued for setting up a camera that can peer through the neighbor's windows. <https://scholar.google.com/scholar_case?case=15557137513272157927&q=Polay+v.+McMahon&hl=en&as_sdt=40000006&as_vis=1>

And be even more careful about recording voices. Under Massachusetts law,
you can't record someone's voice without their permission. Inadvertently picking up a few phrases is no big deal, but using your camera to eavesdrop deliberately could get you into trouble.

Another thing: What happens to all that recorded video and audio? Most of
these systems store it online, where you can review it from any Internet-connected device. This makes home video systems a godsend for
police forces, which routinely ask homeowners for captured footage of
possible crimes.

Lots of people are fine with this. A 2021 Consumer Reports survey indicated that 10 percent of video doorbell users have handed over footage to the
police on request. <https://www.consumerreports.org/consumer-protection/curbs-on-neighbors-by-ring-dont-ease-privacy-rights-concerns-a1459419637/>

Millions of people who own Ring cameras use Amazonâs social network
Neighbors to share video footage with friends -- and with law enforcement.
When a crime is committed, police can log onto Neighbors and request video footage from all nearby Ring users. Compliance is entirely voluntary, most
of the time. <https://www.aceableagent.com/blog/amazons-ring-launches-social-network-for-neighborhood-safety/>

But Ring will also provide video recordings without the user's permission if the police come with a search warrant. In addition, Amazon said that in the first half of 2022, it handed over Ring videos to police 11 times without a warrant or user permission. The company said that these were extraordinary cases involving danger of death such as a kidnapping or an attempted murder. <https://www.businessinsider.com/amazon-gave-police-11-ring-doorbell-videos-without-consent-2021-2022-7>

Even more worrisome is the possibility that hackers could steal your stored videos or employees at the security company who have no right to see them
will watch them. This actually happened at Ring several years ago, leading
the company to toughen up its access policies. <https://www.theverge.com/2019/1/10/18177305/ring-employees-unencrypted-customer-video-amazon>

If the prospect dismays you, Ring offers the option to encrypt all your
videos automatically so that only you can unlock them. Or you can opt for a security camera that allows you to store all video on a small hard drive, instead of keeping it online.

Of course, a local drive could be lost or damaged or a savvy thief could
cover his tracks by stealing it, which just goes to show that there's no
such thing as perfect security.

------------------------------

Date: Fri, 16 Sep 2022 11:35:04 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: DHS built huge database from cellphones/computers seized at border
(The Washington Post)

Contacts, call logs, messages and photos from up to 10,000 travelers' phones are saved to a government database every year

https://www.washingtonpost.com/technology/2022/09/15/government-surveillance-database-dhs/

------------------------------

Date: Fri, 16 Sep 2022 18:16:11 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Appeals court upholds Texas law regulating social media moderation
(WashPost)

The decision likely sets up a Supreme Court showdown over the future of
online speech

The 5th Circuit Court of Appeals on Friday upheld a controversial Texas
social media law that bars companies from removing posts based on a person’s political ideology, overturning a lower court’s decision to block the law from taking effect and likely setting up a Supreme Court showdown over the future of online speech.

The ruling could have wide-ranging effects on the future of tech regulation,
as states throughout the country consider legislation similar to the Texas
law.

The judges ruled that while the First Amendment guarantees every person’s right to free speech, it doesn’t guarantee corporations the right to “muzzle
speech. [...]

https://www.washingtonpost.com/technology/2022/09/16/5th-circuit-texas-social-media-law/

------------------------------

Date: Fri, 16 Sep 2022 15:37:32 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Biden is completely wrong about Section 230 as relates to hate
speech

Biden is completely wrong about Section 230 as relates to hate speech

Sad to say, President Biden in new remarks has continued to demonstrate an apparently fundamental misunderstanding of a key aspect of Section 230, in
his continuing claim that rolling back 230 would help stop hate speech. In fact, what rolling back 230 would do is make virtually all User Generated Content (UGC) impractical, killing most discussion entirely. Who the blazes advises him on these issues?

------------------------------

Date: Fri, 16 Sep 2022 12:00:28 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Uber wasn't using security keys (Vice)

[BREAKING: Reports of another data breach at Uber, with internal systems
affected and extent unknown and/or not being made public. -L]

The Uber Hack Shows Push Notification 2FA Has a Downside: It's Too Annoying

https://www.vice.com/en/article/5d35yd/the-uber-hack-shows-push-notification-2fa-has-a-downside-its-too-annoying

[ADDED LATER:

Another bad sign in the Uber hack

Another really bad sign in the Uber hack -- in addition to their apparently
not using security key tech for authentication -- is the wide access the
hacker got inside the corp net, exactly what zero trust security systems
would have very likely prevented. -L

------------------------------

Date: Sat, 17 Sep 2022 00:50:46 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Uber's hack shows the stubborn power of social engineering
(The Verge)

https://www.theverge.com/2022/9/16/23356959/uber-hack-social-engineering-threats

------------------------------

Date: Fri, 16 Sep 2022 09:49:29 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Chess Grandmaster accused of using anal beads to cheat receives
offer to clear his name by playing nude (AVClub)

[This is not a parody] Chess Grandmaster accused of using anal beads
to cheat receives offer to clear his name by playing nude

[If aliens decide Earth should be removed from the galaxy, this will probably
be one of the leading exhibits. -L]

https://www.avclub.com/hans-niemann-anal-beads-chess-grandmaster-cam-site-1849545231

[Paul Wexelblat noted
A first!? article submitted to both RISKS and YUCKS. https://metro.co.uk/2022/09/14/the-internet-thinks-a-chess-grandmaster-cheated-using-anal-beads-17370756/
to which Gene Spafford replied
Yucks is defunct, but I did publish it in the web-heads list!
PGN]

------------------------------

Date: Tue, 6 Sep 2022 19:05:15 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: We're stuck with this white elephant: A Wisconsin town's big bet
on electronics maker Foxconn hasn't panned out as planned (Fortune)

In 2017, Terry Gou, then CEO of electronics manufacturing giant Foxconn, announced in the White House's East Room that his firm would spend $10
billion to build a state-of-the-art megafactory in Wisconsin that would make LCD television and computer screens. "We are committed to creating great
jobs for American people," Gou said at the press conference, promising
13,000 new jobs for Wisconsinites.

The announcement spawned the Wisconn Valley Science and Technology Park and
the aspiration that the cornfields of southeastern Wisconsin could become a global tech hub with the help of Foxconn, best known for producing iPhones
for Apple. "We believe this will have a transformational effect on
Wisconsin, just as Silicon Valley transformed the San Francisco Bay Area," Wisconsin’s then-Gov. Scott Walker declared at the press conference, alongside then-President Donald Trump and top Wisconsin lawmakers.

Now five years into the experiment, so-called Wisconn Valley has failed to
live up to expectations. Instead of a sprawling 20-million-square-foot
factory complex, Foxconn has built a far smaller campus. There is a 1-million-square-foot warehouse, a 260,000-square-foot "smart manufacturing center," a 120,000-square-foot "multipurpose building," and a 100-foot-tall glass globe that bulges from otherwise empty farmland like an otherworldly "orb," says Gordon Hintz, a member of Wisconsin’s state assembly.

Nobody is quite sure what the buildings are being used for, though it’s clearly not manufacturing. "The whole thing has just been a joke," says
Hintz.

But the town of Mount Pleasant, home to the project, isn't laughing. [...]

To pay upfront for the Foxconn site and infrastructure such as water pipes
and road upgrades, Mount Pleasant created a special district, called a tax increment financing, or TIF, district. It allowed the town to borrow $911 million on an annual budget of $23 million. "Let's say you have an income of $50,000," says Lawrence Tabak, author of Foxconned, a book about Foxconn's Wisconsin factory. "That would be like buying a $10 million house and then trying to figure out how you're going to pay the taxes and mortgage debt."

https://fortune.com/2022/08/04/foxconn-mount-pleasant-wisconsin-wisconn-valley-lcd-factory/

------------------------------

Date: Wed, 14 Sep 2022 19:01:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: NSA Software Supply Chain Guidance (The New Stack)

The National Security Agency (NSA) and friends have released "Securing the Software Supply Chain for Developers." The Enduring Security Framework
(ESF), a public-private working group that provides security guidance on high-priority threats to the nation's critical infrastructure, wrote this report.

https://thenewstack.io/nsa-software-supply-chain-guidance/

------------------------------

Date: Wed, 14 Sep 2022 12:19:58 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Artemis I launch scrubbed again, new attempt may not come
until October (Goldberg, RISKS-33.44)

Yesterday's NASA: Apollo 13 has just suffered a major explosion with loss of fuel cells and oxygen and the Lunar Module equipment is not compatible with
the Command Module's carbon dioxide scrubbing canisters. Engineers on the ground examine every item available to the astronauts on the spacecraft and devise a way to fix the problem using bits of plastic, cardboard manual
covers and other items.

Today's NASA: The batteries on the Artemis emergency detonation system
need recharging. We are on the ground, so have available the entire
resources of NASA to fix the problem. The only solution that
*this* generation of engineers on the ground can come up with
is to tow the whole rocket four miles back to the assembly building
where it can be plugged in and recharged.

As Gabe says "No suitable extension cord". Also no suitable generator
or battery pack or suitable skills to design one, apparently.

------------------------------

Date: Wed, 14 Sep 2022 11:31:46 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: How criminals are using jammers, deauthers to disrupt WiFi

I see *two* problems:

1. WiFi CCTV cameras should always record locally (encrypted with PKE), even when WiFi isn't working. A 256GB SD card now costs $21 at Amazon. You may
not get a real-time warning, but at least you'll still have the video
(assuming you have the decryption key).

2. WiFi operates in Part 15 unlicensed spectrum. FCC says "Part 15 devices
may not cause any harmful interference to authorized services and must ***accept any interference*** that may be received"

It is well-known that *spread spectrum* techniques can resist jamming (intentional or otherwise).

https://en.wikipedia.org/wiki/Spread_spectrum

"Resistance to jamming (interference). Direct sequence (DS) is good at resisting continuous-time narrowband jamming, while frequency hopping (FH)
is better at resisting pulse jamming."

Spread spectrum techniques utilize so-called "process gain" (measured in dB)
to overcome jamming interference. Since WiFi transmitters are limited in
the amount of power they can utilize in overcoming jammers, they could in theory utilize more "process gain" get their signal through. However, these techniques would dramatically reduce the transfer speed in Mbps, but at
least the signal would get through.

The good news is that ***ultra wide band*** (UWB) is coming to devices
near you.

https://www.osti.gov/biblio/1021131

"UWB offers low probability of detection (LPD), low probability of = interception
(LPI) as well as anti-jamming (AJ) properties in signal space"

https://en.wikipedia.org/wiki/Ultra-wideband

"Ultra-wideband characteristics are well-suited to short-range applications, such as PC peripherals, wireless monitors, ***camcorders***, wireless
printing, and file transfers to portable media players. UWB was proposed for use in personal area networks, and appeared in the IEEE 802.15.3a draft PAN standard. However, after several years of deadlock, the IEEE 802.15.3a task group was dissolved in 2006. The work was completed by the WiMedia Alliance
and the USB Implementer Forum. Slow progress in UWB standards development,
the cost of initial implementation, and performance significantly lower =
than initially expected are several reasons for the limited use of UWB in = consumer products (which caused several UWB vendors to cease operations in
2008 and 2009)."

------------------------------

Date: Thu, 15 Sep 2022 13:42:11 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Major telecoms sign deal to keep some phone services running
during future outages (CBC Canada, RISKS-33.44)

Having telephone service independent of whatever may befall the electrical
grid is nothing new. That's how we all started out in the 20th century.  It
is a fortunate accident of history that Alexander Graham Bell preceded
Thomas Alva Edison, otherwise it might not have turned out that way.
Imagine what it would have been like during, say, the 1965 Northeast U.S.
power blackout if telephones had stopped working.

------------------------------

Date: 14 Sep 2022 11:40:28 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: Apple and other vendors and eSIM (Slade, RISKS-33.44)

It appears that Rob Slade <rslade@gmail.com> said: >In its new line of
iPhones, Apple will be doing away with physical SIM >cards, moving instead
to a system it refers to as eSIM. This will be a >software version of identification of the phone handset, and will be >modifiable in order to
change to new providers. ...

Samsung introduced an eSIM watch in 2015, and since 2019 eSIM phones have
been available from Samsung, Motorola, Sony, Google, Huawei and others. The change in the iPhone 14 is that in North America it will ship without a physical SIM slot, just eSIM. Models sold in some countries will continue to have both, in China just physical SIMs.

I don't see any new threat here other than that if you have an account with
a North American carrier that doesn't offer eSIM, you lose. But in practice other than some small MVNOs they all do. For people who travel and use different SIMs in different countries, eSIMs are a pain to swap, but that's
not new either.

I would also have expected to hear of eSIM security attacks but so far I haven't. Maybe there are easier was to attack a phone, like SIM swapping.

------------------------------

Date: Wed, 14 Sep 2022 11:54:25 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: Groove.cm Breaks the Internet (RISKS-33.44)

I just had a similar experience with Microsoft's help team for Outlook. I usually read my mail on Outlook's site, using Firefox. There's a bug which sometimes makes messages disappear from the Inbox. I reported it to Microsoft's help team and had a nice chat.

When they heard that this problem does not happen on Chrome (or maybe I just don't use it often enough to encounter the bug), their reaction was
something like "Oh, then it's a browser problem, Bye!"

My comment that such a major application should work well on all major browsers, was simply ignored.

------------------------------

Date: Thu, 15 Sep 2022 13:49:03 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Groove.cm Breaks the Internet (RISKS-33.44)

Regarding the practice of websites mandating Chrome: Yes, it's bad, but in a practical sense that's the world many of us are already living in. How often have you complained about some web site feature that isn't working for you
in (e.g.) Firefox, only to be told by support that that's the way it is and
you need to use Chrome to avoid the problem?

------------------------------

Date: 14 Sep 2022 12:14:48 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: The Search for info, not just Dirt, on the Twitter
Whistle-Blower (RISKS-33.44)

Ronan Farrow is a good reporter, but this time, quite unusually, he totally blew it.

The people looking for info about Mudge are not Musk and his allies looking
to discredit him. They are investment bankers and hedge funds using the
expert networks they've been using for decades to figure out what their TWTR stock is worth. They only care whether Mudge is credible to see if he's
going to have an effect on the outcome of the trial in Delaware. If Twitter wins, their stock is worth about $50, and if Musk wins, more like
$20. (Informed observers say he won't.) The companies that connect
investors with experts they pay for business info are nothing new or
unusual, nor should it be surprising that the people asking about Mudge are doing so.


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)