• Risks Digest 31.38

    From RISKS List Owner@21:1/5 to All on Sat Aug 24 19:00:03 2019
    RISKS-LIST: Risks-Forum Digest Saturday 24 August 2019 Volume 31 : Issue 38

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.38>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    16 Million Americans Will Vote on Hackable Paperless Machines
    (MIT TechReview)
    Moscow's blockchain voting system cracked a month before election (ZDNet)
    Judge Bars Georgia From Using Current Voting Technology in 2020 (CNet) Employees connect nuclear plant to the Internet so they can mine
    cryptocurrency" (Catalin Cimpanu)
    Patrick Byrne (Rob Slade)
    Why the U.S. Disaster Agency Is Not Ready for Catastrophes
    (Scientific American)
    Backdoor code found in 11 Ruby libraries (Catalin Cimpanu)
    "Unpatchable security flaw found in popular SoC boards"
    (Catalin Cimpanu)
    Hospital website hijacked by 'pirates' (Sonoma News)
    MoviePass exposed thousands of unencrypted customer card numbers
    (Tech Crunch)
    Hong Kong protesters warn of Telegram feature that can disclose
    their identities (Catalin Cimpanu)
    Researcher publishes second Steam zero day after getting banned on
    Valve's bug bounty program (Catalin Cimpanu)
    This trojan malware being offered for free could cause hacking spike
    (ZDNet)
    Users of Adult Website Exposed By Data Breach (Infosecurity)
    Ransomware Attacks Are Testing Resolve of Cities Across America (NYT) Ransomware Attack Hits 23 Texas Towns, Authorities Say (NYTimes)
    Phishing spam is getting better ... (Rob Slade)
    A credit card never needed cleaning instructions... then Apple came along
    (Gene Wirchenko)
    Want To Know What's In Your Sweat? There's A Patch For That (npr.org)
    Playing God: Japan temple puts faith in robot priest "with AI.
    It's changing Buddhism" (AFP)
    Re: Contingency plan for compromised fingerprint database (Edwin Slonim)
    Re: Facial recognition errors (Arthur T.)
    Re: Electric car charging stations may be portals for power grid
    cyberattacks (Kelly Bert Manning)
    Re: Shoot out the headlines first, ask questions later: Climate change ...
    (Kelly Bert Manning, Amos Shapir)
    Re: Password policy (Dmitri Maziuk)
    Noise about Quiet Skies program (Richard Stein)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 21 Aug 2019 12:25:08 -0400
    From: ACM TechNews <technews-editor@acm.org>
    Subject: 16 Million Americans Will Vote on Hackable Paperless Machines
    (MIT TechReview)

    Patrick Howell O'Neill, Technology Review, 13 Aug 2019 via
    ACM TechNews, Wednesday, August 21, 2019

    A study by researchers at New York University found that at least 16 million Americans in eight states will vote on completely paperless machines in the 2020 U.S. elections, despite a strong consensus among cyberosecurity and national security experts that paper ballots and vote audits are necessary
    to ensure election security. While the states in question are not
    historically battleground states, some are likely to be more closely
    contested than usual. Said U.S. Senator Ron Wyden of Oregon, "Congress needs
    to set mandatory federal election security standards that outlaw paperless voting machines and guarantee every American the right to vote with a hand-marked paper ballot." Wyden cited experts as requiring hand-marked
    paper ballots and post-election audits to defend against hacking. "Vendors should recognize that fact or get out of the way." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-212c5x21d479x070202&

    ------------------------------

    Date: Wed, 21 Aug 2019 8:45:41 PDT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: Moscow's blockchain voting system cracked a month before election
    (ZDNet)

    A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for
    the 2019 Moscow City Duma election.

    Pierrick Gaudry, an academic at Lorraine University and a researcher for
    INRIA, the French research institute for digital sciences, found that he
    could compute the voting system's private keys based on its public
    keys. This private keys are used together with the public keys to encrypt
    user votes cast in the election.

    MOSCOW BLOCKCHAIN VOTING SYSTEM ENCRYPTION BROKEN IN 20 MINUTES

    Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.

    "It can be broken in about 20 minutes using a standard personal computer,
    and using only free software that is publicly available," Gaudry said in a report published earlier this month.

    "Once these [private keys] are known, any encrypted data can be decrypted as quickly as they are created," he added.

    https://www.zdnet.com/article/moscows-blockchain-voting-system-cracked-a-month-before-election/

    ------------------------------

    Date: Fri, 23 Aug 2019 12:26:16 -0400
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Judge Bars Georgia From Using Current Voting Technology in 2020
    (CNet)

    Laura Hautala, CNet 15 Aug 2019) via ACM TechNews, 23 Aug 2019

    U.S. District Judge Amy Totenberg has ordered Georgia not to use its
    paperless voting machines, election management software, or servers for the 2020 election, requiring the state to implement a new voting system in time
    for the presidential primaries. Georgia is currently acquiring new
    electronic voting machines and vote-counting software. The court order will prevent the state from relying on its paperless voting machines and election management software if the replacement infrastructure is not ready in time; should this happen, Georgia may have to fall back on paper ballots. Attorney David Cross said the order ``is a big win for all Georgia voters and those working across the country to secure elections and protect the right to
    vote.''

    https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2135bx21d58ax070501&

    ------------------------------

    Date: Fri, 23 Aug 2019 10:27:27 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Employees connect nuclear plant to the Internet so they can mine
    cryptocurrency" (Catalin Cimpanu)

    By Catalin Cimpanu for Zero Day | 22 Aug 2019

    The Ukrainian Secret Service is investigating the incident as a potential security breach. https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/

    ------------------------------

    Date: Fri, 23 Aug 2019 10:26:14 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: Patrick Byrne

    Patrick Byrne says that he helped the "Deep State" investigations.

    He also says that the FBI ordered him to pursue a relationship with Russian (spy? agent? dupe?) Maria Butina.

    Oh. And he also wanted to change Overstock from a "cheap furniture" company
    to a "blockchain" company. So caveat emptor ...

    ------------------------------

    Date: Tue, 20 Aug 2019 20:12:47 -0700
    From: Richard Stein <rmstein@ieee.org>
    Subject: Why the U.S. Disaster Agency Is Not Ready for Catastrophes
    (Scientific American)

    https://www.scientificamerican.com/article/why-the-u-s-disaster-agency-is-not-ready-for-catastrophes/

    "The Federal Emergency Management Agency has wasted more than $3 billion and misused thousands of its employees by responding to hundreds of undersized floods, storms and other events that states could have handled on their own,
    an investigation by E&E News shows."

    As noted in http://catless.ncl.ac.uk/Risks/31/36#subj12, nations and
    localities are struggling to plan prioritized disaster response
    allocation. FEMA-level response dilution, partially driven by climate
    change, threatens US resilience -- a portentous sign of bad risk mitigation planning at a strategic level.

    ------------------------------

    Date: Tue, 20 Aug 2019 12:25:03 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Backdoor code found in 11 Ruby libraries (Catalin Cimpanu)

    Catalin Cimpanu for Zero Day | 20 Aug 2019
    RubyGems staff have removed 18 malicious Ruby library versions that
    have been downloaded 3,584 times since July 8. https://www.zdnet.com/article/backdoor-code-found-in-11-ruby-libraries/

    selected text:

    Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people's Ruby projects.

    The individual behind this scheme was active for more than a month, and
    their actions were not detected.

    Things changed when the hacker managed to gain access to the RubyGems
    account of one of the rest-client developers, which he used to push four malicious versions of rest-client on RubyGems.

    ------------------------------

    Date: Tue, 20 Aug 2019 12:29:28 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: "Unpatchable security flaw found in popular SoC boards"
    (Catalin Cimpanu)

    Catalin Cimpanu for Zero Day | 20 Aug 2019
    Xilinx Zynq UltraScale+ SoCs are normally used in automotive, aviation, consumer electronics, industrial, and military components. https://www.zdnet.com/article/unpatchable-security-flaw-found-in-popular-soc-boards/

    opening text:

    Security researchers have discovered an unpatchable security flaw in a
    popular brand of system-on-chip (SoC) boards manufactured by Xilinx.

    The vulnerable component is Xilinx's Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components. Two bugs found,
    but one is unpatchable

    ------------------------------

    Date: Wed, 21 Aug 2019 11:46:45 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Hospital website hijacked by 'pirates' (Sonoma News)

    https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates

    ------------------------------

    Date: Wed, 21 Aug 2019 11:49:19 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: MoviePass exposed thousands of unencrypted customer card numbers
    (Tech Crunch)

    https://techcrunch.com/2019/08/20/moviepass-thousands-data-exposed-leak/

    ------------------------------

    Date: Fri, 23 Aug 2019 10:29:02 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Hong Kong protesters warn of Telegram feature that can disclose
    their identities (Catalin Cimpanu)

    Catalin Cimpanu for Zero Day | 23 Aug 2019
    Message shared on discussion boards sparks panic among protesters. https://www.zdnet.com/article/hong-kong-protesters-warn-of-telegram-feature-that-can-disclose-their-identities/

    ------------------------------

    Date: Fri, 23 Aug 2019 10:31:22 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Researcher publishes second Steam zero day after getting banned on
    Valve's bug bounty program (Catalin Cimpanu)

    Catalin Cimpanu for Zero Day | 21 Aug 2019
    Valve gets heavily criticized for mishandling a crucial bug report. https://www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/

    Valve has responded to the publication of this second Steam zero-day. Due
    to the length of the response, we chose to cover it as a separate
    article. Original story below.

    A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has
    made public in the past two weeks.

    However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn't do the same with the second because the company banned him from submitting further
    bug reports via its public bug bounty program on the HackerOne platform.

    ------------------------------

    Date: Fri, 23 Aug 2019 10:32:48 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: This trojan malware being offered for free could cause hacking spike
    (ZDNet)

    Danny Palmer | 21 Aug 2019
    NanoCore RAT can steal passwords, payment details, and secretly record audio and video of Windows users. https://www.zdnet.com/article/cybersecurity-this-trojan-malware-being-offered-for-free-could-cause-hacking-spike/

    A new version of a powerful form of trojan malware is being offered on the
    dark web for free, with one cybersecurity company warning this could lead to
    a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.

    ------------------------------

    Date: Wed, 21 Aug 2019 11:50:23 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Users of Adult Website Exposed By Data Breach (Infosecurity)

    https://www.infosecurity-magazine.com/news/users-of-adult-website-exposed-by/

    ------------------------------

    Date: Thu, 22 Aug 2019 14:30:15 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Ransomware Attacks Are Testing Resolve of Cities Across America
    (NYT)

    At the public library in Wilmer, Tex., books were checked out not with the beeps of bar code readers but with the scratches of pen on notebook paper.
    Out on the street, police officers were literally writing tickets -- by
    hand. When the entire computer network that keeps the small town's
    bureaucracy afloat was recently hacked, Wilmer was thrown into the digital
    Dark Ages.

    This has been the summer of crippling ransomware attacks. Wilmer -- a town
    of almost 5,000 people just south of Dallas -- is one of 22 cities across
    Texas that are simultaneously being held hostage for millions of dollars <https://www.nytimes.com/2019/08/20/us/texas-ransomware.html?module=inline> after a sophisticated hacker, perhaps a group of them, infiltrated their computer systems and encrypted their data. The attack instigated a statewide disaster-style response that includes the National Guard and a widening
    F.B.I. inquiry.

    More than 40 municipalities have been the victims of cyberattacks this year, from major cities such as Baltimore, Albany and Laredo, Tex., to smaller
    towns including Lake City, Fla. Lake City is one of the few cities to have
    paid a ransom demand -- about $460,000 in Bitcoin, a cryptocurrency --
    because it thought reconstructing its systems would be even more costly. (https://www.nytimes.com/2019/07/07/us/florida-ransom-hack.html?module=inline)

    In most ransomware cases, the identities and whereabouts of culprits are cloaked by clever digital diversions. Intelligence officials, using data collected by the National Security Agency and others in an effort to
    identify the sources of the hacking, say many have come from Eastern Europe, Iran and, in some cases, the United States. The majority have targeted small-town America, figuring that sleepy, cash-strapped local governments
    *are the least likely to have updated their cyberdefenses or backed up their data*...

    https://www.msn.com/en-us/news/technology/ransomware-attacks-are-testing-resolve-of-cities-across-america/ar-AAGapHU

    https://www.nytimes.com/2019/08/22/us/ransomware-attacks-hacking.html

    ------------------------------

    Date: Tue, 20 Aug 2019 16:17:57 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Ransomware Attack Hits 23 Texas Towns, Authorities Say (NYTimes)

    The state declined to say which towns were affected by the coordinated cyberattack. But one expert said it could signal more such attacks in the future.

    https://www.nytimes.com/2019/08/20/us/texas-ransomware.html

    ------------------------------

    Date: Tue, 20 Aug 2019 12:30:12 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: Phishing spam is getting better ...

    Gloria asked me to have a look at an email message "from" our bank.

    Other than addressing her as an "esteemed" customer, it looked pretty good.
    No problems with spelling or grammar. A security warning at the bottom.
    The head office address for the bank.

    When I looked at the headers, there were only a few, very small, indications
    of possible problems. It was sent from a domain that was not owned by the bank, but a lot of companies are outsourcing a lot of IT functions, so that wasn't exactly definitive. It had a couple of headers indicative of spam filtering.

    About the only thing that solidly demonstrated a problem was the
    verification link in the body of the message, but that a) won't be visible
    to most, and b) isn't a really strong indication unless you really know how
    to read URLs.

    (Now if banks start outsourcing account verification ...)

    ------------------------------

    Date: Fri, 23 Aug 2019 10:39:25 -0700
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: A credit card never needed cleaning instructions... then Apple
    came along

    Apple warns its credit card doesn't like leather or denim or other cards.

    [Just in case there is someone on the planet who does not know how special
    Apple is ... . I go to my optometrist's office every so often for a fresh
    cloth. I think they may have given me fewer instructions than Apple
    does.]

    By Adrian Kingsley-Hughes for Hardware 2.0 | 22 Aug 2019
    Yes, Apple went and published care instructions for its new credit card. https://www.zdnet.com/article/a-credit-card-never-needed-cleaning-instructions-then-apple-came-along/

    I used to think that the $999 XDR monitor stand was the most Apple thing
    Apple ever made. But then the company came out with a credit card that
    needed its own care instructions.

    Yes, care instructions. For a credit card.

    Apple goes into great detail on how to keep your flashy laser-etched
    titanium Apple Card looking its finest. Store it in "a wallet, pocket, or
    bag made of soft materials," don't store it with another credit card because
    it might become scratched, and give it the occasional clean with a "soft, slightly damp, lint-free microfiber cloth."

    Chris Duckett, ZDNet, 22 Aug 2019
    Apple warns its credit card doesn't like leather or denim or other cards
    White titanium card is afraid of most things people use to carry ID and coinage, like wallets and pockets. https://www.zdnet.com/article/apple-warns-its-credit-card-doesnt-like-leather-or-denim/

    Oh dear, that card appears to be on a hard surface.

    Apple has detailed a number of things that its newly launched titanium
    credit card should be kept away from.

    A support note from Cupertino, spotted by AppleInsider, says the card should
    be kept away from leather and denim to avoid discoloration, and also away
    from hard surfaces, to avoid scratching its white finish.

    Users are warned not to use household cleaners on the card, nor compressed
    air and aerosols, nor any solvents, or ammonia, or anything abrasive to
    clean it.

    ------------------------------

    Date: Tue, 20 Aug 2019 19:54:16 -0700
    From: Richard Stein <rmstein@ieee.org>
    Subject: Want To Know What's In Your Sweat? There's A Patch For That
    (npr.org)

    https://www.npr.org/sections/health-shots/2019/08/20/752378580/want-to-know-whats-in-your-sweat-there-s-a-patch-for-that

    "The patch the Berkeley scientists designed collects sweat at the surface of the skin and analyzes it in real-time using a custom printed circuit board
    that transmits the collected data wirelessly to a mobile phone."

    Obvious risk here -- streaming perspiration chemistry to a phone or Internet-connected widget for analysis.

    If there's too much sodium or potassium detected in perspiration, does this imply that a custom replenishment fluid must be ingested to re-balance blood chemistry? How is the replenishment molarity calibrated for an athlete in competition?

    This device represents the next step in the pharmaceutical athletic games. Should that IV be shaken or stirred?

    ------------------------------

    Date: Tue, 20 Aug 2019 14:28:11 -1000
    From: the keyboard of geoff goodfellow <geoff@iconia.com>
    Subject: Playing God: Japan temple puts faith in robot priest "with AI.
    It's changing Buddhism" (AFP)

    A 400-year-old temple in Japan is attempting to hot-wire interest in
    Buddhism with a robotic priest it believes will change the face of the
    religion -- despite critics comparing the android to "Frankenstein's
    monster."

    The android Kannon, based on the Buddhist deity of mercy, preaches sermons
    at Kodaiji temple in Kyoto, and its human colleagues predict that with artificial intelligence it could one day acquire unlimited wisdom. "This
    robot will never die, it will just keep updating itself and evolving,"
    priest Tensho Goto told AFP. "That's the beauty of a robot. It can store knowledge forever and limitlessly. "With AI we hope it will grow in wisdom
    to help people overcome even the most difficult troubles. It's changing Buddhism," added Goto. ...

    https://news.yahoo.com/playing-god-japan-temple-puts-faith-robot-priest-043640106.html

    ------------------------------

    Date: Tue, 20 Aug 2019 07:54:51 +0300
    From: Edwin Slonim <eslonim@minols.com>
    Subject: Re: Contingency plan for compromised fingerprint database (R 31 37)

    My contingency plan is to use a different finger. Even if all 10 fingers
    are eventually compromised, assuming the access control locks out after n
    tries where (n << 10) I should be ok :-)

    In Risks 31.37 Anthony Thorn <anthony.thorn@atss.ch> wrote:

    You can change a compromised password, but your fingerprint is not only
    fixed, but shared across all applications which use fingerprint recognition.
    What is your contingency plan?

    ------------------------------

    Date: Tue, 20 Aug 2019 02:23:08 -0400
    From: "Arthur T." <risks201908.10.atsjbt@xoxy.net>
    Subject: Re: Facial recognition errors (RISKS-31.37)

    Facial recognition software mistook 1 in 5 California lawmakers for criminals, says ACLU

    A better headline and subhead for the original story might be:

    Software Set At 80% Confidence Level Works Correctly 80% Of The Time;
    Software Used With Default Values Rather Than Recommended Values Doesn't
    Work Well

    Amazon does seem disingenuous with its claim that the software should be
    used at the 99% confidence level when matching faces, while shipping with
    the default set to 80%. As we've seen here, many users who should know
    better never change from default settings.

    Note that the 80% default value didn't appear in the linked story, but in another on the same topic that I had read earlier: <https://yro.slashdot.org/story/19/08/13/2046220/amazons-facial-recognition-misidentified-1-in-5-california-lawmakers-as-criminals>.

    [Sarcastically, Geoffrey Newbury and Phil Martel each suggested:
    So the software actually had an 80% failure rate?
    Might that suggest that 5 out of 5 were actually criminals?]
    PGN]

    ------------------------------

    Date: Tue, 20 Aug 2019 12:58:43 -0400
    From: Kelly Bert Manning <bo774@freenet.carleton.ca>
    Subject: Re: Electric car charging stations may be portals for power grid
    cyberattacks (RISKS-31.37)

    I did not see what types of charging stations were involved.

    The flip side is that reversing flow and drawing power from e-vehicles has
    been proposed has been proposed as a way to smooth out demand spikes and to store surplus wind and solar power when they are parked plugged in.

    I have to speculate that this risk involves Level 3 or higher stations.

    With the demise of the last gas station in downtown Vancouver BC, and the proliferation of "free" (TANSTAAFL) or pay to use fast charging stations at parking lots and underground garages this might be a risk, but not likely
    for 110 or 220 volt charging stations. I did not bother to install a level 2 charger for our plug in hybrid because it charges from the carport plug in
    5.5 hours with about the same draw as a major kitchen appliance.

    Other protection in the electric distribution system could put them offline before a large section goes down. Canadian wiring specs require the top and bottom sockets of kitchen counter outlets, and adjacent outlets, to be on separate circuits. You need at least 4 circuits to wire a kitchen according
    to code if you have 2 or more kitchen outlets.

    Don't Grid Controllers in the UK have TVs in the control rooms to monitor Football (Soccer in Canadian & USA English) games because so many fans tend
    to plug in electric kettles during long pauses and ad breaks? Pumped Hydro Electric Storage generators in Wales and elsewhere can be spun up to meet
    those demand surges when the operators see a break coming. We don't need electric cars to experience this type of power demand surge.

    In Canada the equivalent is the Hockey Game Flush, as thousands of fans
    flush toilets, creating a risk of municipal water lines collapsing or having infiltration due to sharp drops in water pressure. System ops watch the
    game, ready to start turbo boost pumps during breaks and stop them at the
    end of the break.

    ------------------------------

    Date: Tue, 20 Aug 2019 13:30:32 -0400
    From: Kelly Bert Manning <bo774@freenet.carleton.ca>
    Subject: Re: Shoot out the headlines first, ask questions later (RISKS-31.37)

    Rushing into print or digital publication of new startling results from recently deployed or newly developed instruments is a known risk in Climate Research.

    Someone rushed into print with an "Oceans are Cooling" paper, based on comparing early Argo Buoy data with older XBT data. With the wisdom of hindsight the Argo data had a Cold bias and the XBT data had a Warm
    bias. Longer term study revealed the bias in both instruments.

    https://earthobservatory.nasa.gov/features/OceanCooling

    Instrument Bias also came up when Anthony Watt enlisted an army of fans to create a list of "poorly sited" weather stations which they felt gave a warm bias to the NOAA conclusion of a warming trend in the Continental USA. NOAA repeated the analysis, excluding those stations, and got a slightly stronger warming trend. Be careful what you ask for.

    https://en.wikipedia.org/wiki/Anthony_Watts_(blogger)#Surface_Stations_project

    ------------------------------

    Date: Wed, 21 Aug 2019 11:17:55 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: Shoot out the headlines first, ask questions later (RISKS-31.37)

    Before joining the celebrations of the "Ha ha, no global warming! We can go
    on burning as much carbon as we like!" crowd, please see the following
    article (in French): https://www.lci.fr/planete/les-records-de-chaleur-au-groenland-remis-en-cause-par-des-climatosceptiques-en-quoi-ils-se-trompent-2129437.html

    It points out that the post in "What's up with that" relies on an error in a single station on a single day, ignoring thousands of measurements over the past few months.

    Also check out my post in Quora: https://www.quora.com/Is-global-warming-a-hoax/answer/Amos-Shapir-1 which includes two maps to demonstrate the current situation in Greenland.

    ------------------------------

    Date: Tue, 20 Aug 2019 12:50:34 -0500
    From: Dimitri Maziuk <dmaziuk@bmrb.wisc.edu>
    Subject: Re: Password policy (Goldberg, RISKS-31.37)

    I'm pretty sure this made RISKS at least once before: https://xkcd.com/936/

    Evidently none of the password security expert policy writes ever heard
    of xkcd.

    (Incidentally I recently tried "oh, not again!" for a linux account password and it worked.)

    ------------------------------

    Date: Mon, 19 Aug 2019 22:49:04 -0700
    From: Richard Stein <rmstein@ieee.org>
    Subject: Noise about Quiet Skies program (Thorson, RISKS-30.86)

    "Federal air marshals have begun following ordinary US citizens not
    suspected of a crime or on any terrorist watch list and collecting
    extensive information about their movements and behavior under a new
    domestic surveillance program that is drawing criticism from within the agency."

    "As an ordinary citizen," Mark's submission provoked my "spider sense" to
    file a FOIA request with TSA. I finally received a response to my petition dated 19AUG2019:

    "This letter is in response to your Freedom of Information Act (FOIA)
    request to the Transportation Security Administration (TSA) dated October
    11, 2018, seeking access to the following records about yourself:

    "1. All Federal Air Marshall Service 'Quiet Skies' records collected,
    reported, and collated that pertain to international or domestic travel.
    To include dates/times of collection, transport vehicle/flight or
    bus/train or ship, and itemize detail of collected records include
    purpose/reason/justification for data capture based on air marshal
    prerogative.

    "2. A list of federal and state agencies that have approved
    direct/indirect access to these records and include dates/time/purpose for
    access.

    "Your request has been processed under the FOIA, 5 U.S.C. 552, and the
    Privacy Act, 5 U.S.C 552a. A search was conducted within the TSA and no
    records responsive to your request were located."

    Guess the skies are safe to fly after all? While a sample size of 1 does not prove much, the TSA response suggests that citizens of "sufficient interest" merit air marshal tracking and attention. What constitutes "sufficient interest" was not a petition subject, and therefore not disclosed.

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.38
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)