RISKS-LIST: Risks-Forum Digest Friday 7 October 2022 Volume 33 : Issue 47
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/33.47>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related Deaths.
It Failed a Family of Three. (TexasTribune)
Crash of Air France 447 redux (Jagan Jagannathan)
Automatic emergency braking is not great at preventing crashes at normal
speeds (The Verge)
Chinese supply-chain tampering (Reuters)
Nordstream Explosion: Robotic Sabotage from *Inside*? (Henry Baker)
The Thorny Problem of Keeping the Internet's Time (David Mills)
The Securities and Exchange Commission Obstructs National Security
(Ari Schwartz)
NY SBOE is buying ES&S barcoding voting machines (Rebecca Mercuri)
Conspiracy theories muddy Louisiana voting machine debate (AP item)
WashDC Metro system looking for solutions to fare evasion (WashPost)
I wouldn't get on that DC-area bus (Gabe Goldberg)
Microsoft Exchange 0-Day Attack Threatens 220,000 Servers (Dan Goodin)
In the Battle With Robots, Human Workers Are Winning (NYTimes)
A data-sharing agreement between the US and UK is now in effect (Engadget)
More Bosses Spy on Quiet Quitters. It Could Backfire (WSJ)
Canadian ransomware hacker sentenced to 20 years in U.S. prison (CBC)
Few Customers Get Refunds for Rampant Zelle Fraud (Senator Warren)
Are You a Victim of Crypto Crime? Good Luck Getting Help (WiReD)
El_Salvador's Bitcoin Law -- one year on, with the World's Coolest Dictator:
Attack of the 50-Foot Blockchain (David Gerard)
SEC charges Kim Kardashian for allegedly not disclosing crypto promotion
payday (WashPost)
Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends
(PCMag)
Joe Sullivan guilty in Uber hacking case (WashPost)
I Make Video Games. I Won't Let My Daughters Play Them. (NYTimes)
Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends
(PCMag)
AI can now create any image in seconds, bringing wonder and danger
(WashPost)
Rethinking the Computer Chip in the Age of AI (Devorah Fischler)
Leading Makers Pledge Not to Weaponize Their Robots (Joe Hernandez)
Optus criticized for massive breach (Reuters)
Re: Optus' breach exposes 9.8M customers' data (John Colville)
Re: Wegmans Discontinues Self-Checkout App, Citing Losses (John Levine)
Re: Egypt's submarine cable stranglehold (Amos Shapir)
Re: Automakers are ignoring the simple solution to the rise of traffic
deaths (Scott Dorsey)
Castiglioncello 2022: Nuclear Weapons: New Risks (Diego Latella)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 4 Oct 2022 09:59:09 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related
Deaths. It Failed a Family of Three. (TexasTribune)
A Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related
Deaths. It Failed a Family of Three.
The generator industry has touted automatic shut-off switches as a
lifesaving fix for carbon monoxide poisoning. But the voluntary standard
falls short of what federal regulators say is necessary to eliminate deaths.
https://www.texastribune.org/2022/09/21/generators-carbon-monoxide-shutoff-switch-texas-cpsc
------------------------------
Date: Mon, 3 Oct 2022 07:59:16 -0700
From: Jagan Jagannathan <
jagan@ahista.com>
Subject: Crash of Air France 447 redux
https://admiralcloudberg.medium.com/the-long-way-down-the-crash-of-air-france-flight-447-8a7678c37982
------------------------------
Date: Fri, 30 Sep 2022 14:09:16 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Automatic emergency braking is not great at preventing crashes at
normal speeds (The Verge)
https://www.theverge.com/2022/9/29/23377376/automatic-emergency-braking-average-speed-study-aaa
------------------------------
Date: Sun, 2 Oct 2022 03:33:35 -0400
From: "Steven J. Greenwald" <
greenwald.steve@gmail.com>
Subject: Chinese supply-chain tampering (Reuters)
Suspected Chinese hackers tampered with widely used software distributed
by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S. networking company SolarWinds.
Via Reuters:
https://www.reuters.com/technology/exclusive-suspected-chinese-hackers-tampered-with-widely-used-canadian-chat-2022-09-30/
------------------------------
Date: Fri, 30 Sep 2022 16:11:15 +0000
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Nordstream Explosion: Robotic Sabotage from *Inside*?
An intriguing possibility is that the Nordstream LNG pipelines were
sabotaged by robots *from the inside* !
This type of sabotage would not require submarines (robotic or otherwise), frogmen, etc., but would only require the ability to insert a modern 'pig' (inspection robot) into the pipeline from the Russian end controlled by Gazprom.
This type of sabotage could have been performed during the recent
*maintenance shutdowns* over the past several months, and the explosions
later set off by remote control.
https://www.dw.com/en/denmark-sweden-view-nord-stream-pipeline-leaks-as-deliberate-actions/a-63251217
Denmark, Sweden view Nord Stream pipeline leaks as 'deliberate actions'
27 Sep 2022
Mikhail Krutikhin, an energy analyst from the RusEnergy consultancy, told DW that initial evidence clearly pointed to sabotage, and said that a key
question going forward would be whether the damage originated inside or
outside the pipe. He said the shape of the damaged segments of pipe should indicate this.
https://oilprice.com/Energy/Energy-General/Oil-Pipelines-To-Be-Inspected-By-Robots.html
------------------------------
Date: Mon, 03 Oct 2022 09:59:20 -0400
From:
scs@eskimo.com (Steve Summit)
Subject: The Thorny Problem of Keeping the Internet's Time (David Mills)
David Mills, TNY on NTP
https://www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-time
There are a few bobbles: the author seems a bit confused over whether NTP is
an Internet RFC or a piece of software, and whether NTP is the IETF's only concern. *The New Yorker*'s predilection for diereses in English is rather comically distracting when ritually applied to the phrase "Coordinated Universal Time". Nevertheless, it's a nice read, covering both the
technical issues and the people involved, with a particularly touching
portrait of Mills himself. And the RISKS relevance is the points made --
not for the first time, but not badly -- about the difficulties involved in placing the maintenance of core protocols, upon which millions of computers depend, in the decentralized hands of nearly anonymous, unpaid volunteers
who can't always even agree on who's in charge, let alone how the protocols should evolve.
------------------------------
Date: Fri, 30 Sep 2022 09:11:48 -0400
From:
dan@geer.org
Subject: The Securities and Exchange Commission Obstructs National Security
(Ari Schwartz)
Editorial:
The Securities and Exchange Commission Obstructs National Security
Public disclosure of cyber attacks shows weakness to enemies.
Ari Schwartz,
https://www.wsj.com, 29 September 2022
The Securities and Exchange Commission seems to have missed a key principle
of fighting crime: Investigators don't release all the details of an
incident before it's solved because it would make it harder to catch the criminal. This is true in cybersecurity too. You don't want hackers to know they've been discovered or to highlight a company's weakness to other bad actors. Yet a new rule from the SEC would require public disclosure of an incident within four days of discovery, even if the hack is still under investigation and hasn't been remedied.
Those of us who have dealt with actual cyber incidents know that a fix is unlikely to materialize in four days. These reporting requirements will
place a spotlight on the vulnerability in the hacked company's
cybersecurity, putting the business at greater risk of suffering successive attacks before the exploited weakness can be fixed. That comes with a
national security risk too, as nation states often engage in or aid cyberattacks against companies. The SEC's new rule will help states cover their tracks by alerting them to any discovery. And it'll make it easier for them to find targets by highlighting what businesses are vulnerable and how.
The goal of the SEC's new rule is to inform investors about attacks, which
is a fine idea in principle. Investors should be informed about firms' cybersecurity risks and sharing information about attacks can help other businesses optimize their own cyber defenses. Reporting is important, but companies should be allowed to resolve an incident before making it public.
Other regulators are racing to require companies to report problems even faster, creating the possibility of confusion of whom to report to and
when. Following the European Union requirement of three days, Congress has charged the U.S. Department of Homeland Security to create rules that would also require reporting within three days of an incident, except for
ransomware payments, which must be reported in one day. The New York State Department of Financial Services is also asking for a report in three
days. The Office of the Comptroller of the Currency, Board of Governors of
the Federal Reserve System and the Federal Deposit Insurance Corp. have required notification no later than 36 hours after a banking organization determines that an incident has occurred. India has skipped a time frame altogether, requiring immediate reporting to the government.
Unlike the SEC rules, most of these allow for companies to investigate and remediate the incident. But it would be better if the U.S. agencies worked together to create common rules that give businesses a reasonable delay
before they report. It would go a long way toward simplifying reporting standards if they clarified what information needs to be reported and when.
The key is to balance national security with other concerns, including
the investor's right to be informed. This balance can be achieved,
but it will requires agencies to look past their own narrow priorities
and putting the public interest, including national security, first.
Mr. Schwartz served as special assistant to the president for cybersecurity policy, 2013-15. He coordinates the Cybersecurity Coalition.
------------------------------
Date: Sun, 2 Oct 2022 19:57:04 -0400
From: Rebecca Mercuri <
notable@mindspring.com>
Subject: NY SBOE is buying ES&S barcoding voting machines
Unfortunately, it appears that the New York State Board of Elections has
been convinced (by ES&S and Dominion and others) to purchase new voting machines that can add votes without the voters' consent. This will be engineered by the fact that votes will not be counted from the verified
choices that the voters made, rather there will be a barcode (generated by
the voting system) that will be used to tally the results. It doesn't take a rocket scientist to know that this is a big mistake.
Basically this purchase, if it goes through, will wind back all of the good work that we [DrM--Rebecca Mercuri, PGN, and Ronnie Dugger] with enormous inspiration from Mae Churchill, when [the first two of us testified for the NYBoE in 1988] some 3 decades ago. Doug Kellner had spearheaded the effort
to thwart the DRE purchase in NYC when he was on the City board then, and later, in his position on the State BOE, worked hard to ensure that NY State regulations provided plenty of checks and balances, including being the ONLY state in the country that REQUIRES escrow of voting system source code (not that it'll ever be looked at, but at least they have it). I ran into Doug a
few years ago (pre-COVID) and it seemed that he had grown tired of fighting
the good fight, and these recent procurement decisions appear to be evidence
of that. Hence there are various current protest letters from advocates (familiar folks who have been also fighting for 30+ years, but haven't given up) against these new voting systems.
[This is slightly edited from a private message for RISKS, with
permission, Among other things, Rebecca seems to have some concerns about
the letters' use of the term *voter-verifiable*, which was the focus of
her PhD thesis in 21 years ago. If you are interested in joining in on
this old battle that never seems to go away, please contact her for more
information. PGN]
------------------------------
Date: Sat, 1 Oct 2022 11:13:12 -0700
From: Peter G Neumann <
neumann@csl.sri.com>
Subject: Conspiracy theories muddy Louisiana voting machine debate
(AP item)
Sara Cline and Christina A. Cassidy, AP, *The Times Picayune*, 14 Aug 2022
[With thanks to Sevilla Finley]
The need for Louisiana to replace its voting machines dating from 2006 is
not in dispute. What to do about them is another story. The machines' main problem is that votes are recorded electronically without a paper record of each voter's selections. However, "The problem in Louisiana is that if
someone were to allege the voting machines had been hacked, there would be
no conclusive evidence to rebut that." [or even to prove it!] [PGN-ed]
[2006 is a very long time, but the situation is continually getting
worse in many respects. See my most recent Inside Risks article in
the Communications of the ACM:
http://www.csl.sri.com/neumann/cacm252.pdf
PGN]
------------------------------
Date: Wed, 5 Oct 2022 16:19:37 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: WashDC Metro system looking for solutions to fare evasion
(WashPost)
Evasion has proliferated during the pandemic and is a visible reminder to
many riders of revenue Metro is not collecting
The issue has put a spotlight on Metro's recent $70 million replacement of
more than 1,200 fare gates at its 91 stations. The new gates are touch-free, process mobile payments, display SmarTrip balances and improve Metro's
ability to collect ridership data, but do little to deter evasion of
fares. The gates predate the arrival of Clarke, who acknowledges Metro may
have erred in their design and has asked his staff to research possible modifications.
But transit officials note they couldn't have foreseen the pandemic or its effects, which some say has exacerbated fare evasion alongside higher gas prices, inflation, and fewer passengers in buses or stations to discourage evasions. They also say societal norms increasingly have been ignored during the pandemic, a problem that extends to airlines battling passenger disruptions, rising pedestrian deaths from reckless drivers and elevated
crime rates.
https://www.washingtonpost.com/transportation/2022/10/01/dc-metro-fare-evasion/
[Right, after 100+ years of public transit, who could know people might
evade fares?]
------------------------------
Date: Fri, 30 Sep 2022 00:47:40 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: I wouldn't get on that DC-area bus
...with front identification panel display alternating between these designations in large friendly letters:
Invalid code
Please enter new code
------------------------------
Date: Wed, 5 Oct 2022 12:21:07 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Microsoft Exchange 0-Day Attack Threatens 220,000 Servers
(Dan Goodin)
Dan Goodin, Ars Technica, 30 Sep 2022,
via ACM TechNews; Wednesday, October 5, 2022
Microsoft researchers said numerous servers have been compromised and approximately 220,000 additional servers worldwide are threatened by two critical vulnerabilities in its Exchange application. One is a server-side request forgery vulnerability, and the other enables remote code execution
via PowerShell. The unpatched flaws were identified in August by researchers
at the Vietnamese security firm GTSC, who found that an Exchange
vulnerability was exploited to infect customer networks with malicious webshells. The GTSC researchers said, "After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim's system. The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other
servers in the system. Microsoft is working on a patch for the new vulnerabilities.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f590x236956x070749&
------------------------------
From: Matthew Kruk <
mkrukg@gmail.com>
Date: Fri, 7 Oct 2022 12:09:44 -0600
Subject: In the Battle With Robots, Human Workers Are Winning (NYTimes)
https://www.nytimes.com/2022/10/07/opinion/machines-ai-employment.html
It's 2022, and computers keep stunning us with their achievements.
Artificial intelligence systems are writing drawing creating videos interactive, diagnosing diseases, dreaming up new molecules for medicine,
and doing much else to make their parents very proud. Yet somehow we sacks
of meat -- though prone to exhaustion, distraction, injury and sometimes spectacular error -- remain in high demand. How did this happen? Weren't humans supposed to have been replaced by now -- or at least severely
undermined by the indefatigable go-getter robots who were said to be gunning for our jobs?
[See the NYTimes online version for oodles of URLs. PGN]
------------------------------
Date: Mon, 3 Oct 2022 15:21:40 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: A data-sharing agreement between the US and UK is now in effect
(Engadget)
https://www.engadget.com/us-uk-data-sharing-agreement-in-effect-171316794.html
------------------------------
Date: Fri, 30 Sep 2022 13:43:44 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: More Bosses Spy on Quiet Quitters. It Could Backfire (WSJ)
Christopher Mims, *The Wall Street Journal*, 17 Sep 2022,
via ACM TechNews <
technews-editor@acm.org>
More companies are using technology to monitor virtually everything workers
do on their devices, with Gartner reporting that one in three
medium-to-large companies in the U.S. implemented a worker surveillance
system since the pandemic started, and that two out of three such companies currently use these systems. The technology can screenshot a worker's
computer every 10 minutes, record the apps and websites they visit, and document how long was spent on each site, among other things. However,
critics are concerned such "bossware" can be counterproductive. Teramind's Isaac Kohn said, "Realistically, the vast majority of customers don't find
the need to enable full monitoring on all users all the time." However, Kohn acknowledged that "the system can be abused if placed in the wrong hands."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f4fdx236761x071689&
------------------------------
Date: Tue, 4 Oct 2022 20:15:30 -0600
From: Matthew Kruk <
mkrukg@gmail.com>
Subject: Canadian ransomware hacker sentenced to 20 years in U.S. prison
(CBC)
https://www.cbc.ca/news/canada/ottawa/ransomeware-hacker-vachon-desjardins-sentenced-1.6606274
Sebastien Vachon-Desjardins pleaded guilty to ransomware crimes, $28 million
in bitcoin seized
------------------------------
Date: Mon, 3 Oct 2022 23:25:40 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Few Customers Get Refunds for Rampant Zelle Fraud (Senator Warren)
Elizabeth Warren's analysis of fraud and scam complaints on the payment
network found that banks at times violate a federal consumer protection law.
https://www.nytimes.com/2022/10/03/business/zelle-fraud-warren.html
------------------------------
Date: Sun, 2 Oct 2022 19:17:56 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Are You a Victim of Crypto Crime? Good Luck Getting Help (WiReD)
Local law enforcement isn't ready to deal with this new type of fraud, even with shady scams on the rise.
As platforms overwhelmed by fraud and theft begin looking to traditional law enforcement to assist with crypto crime-fighting efforts, victims may have
no choice but to throw themselves at the mercy of the police, and it's difficult to imagine the crypto crime wave subsiding any time soon if the police prove unequal to the task.
https://www.wired.com/story/cryptocurrency-cybercrime-law-enforcement
------------------------------
Date: Thu, 29 Sep 2022 23:56:43 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: El_Salvador's Bitcoin Law -- one year on, with the World's
Coolest Dictator: Attack of the 50-Foot Blockchain (David Gerard)
El Salvador's Bitcoin Law came into force on 7 September 2021 -- and what a
day it was!
Bitcoin is yet another failed initiative from President Nayib Bukele -- a
huge splashy announcement, a lot of money set on fire, and not much to show
for it. [...] "No one really talks about Bitcoin here anymore. Itâs kind
of been forgotten," says former Banco Central de Reserva president Carlos Acevedo. "I don't know if you'd call that a failure, but it certainly hasn't been a success."
The bitcoin infrastructure seems to have been paid for out of previous borrowing. The State Financial Management Report for 2021, chapter 3, says
the bitcoin project was financed from $375.9 million of loans previously
taken out by the government.
https://davidgerard.co.uk/blockchain/2022/09/24/el-salvadors-bitcoin-law-one-yea
r-on-with-the-worlds-coolest-dictator/
------------------------------
Date: Mon, 3 Oct 2022 16:12:01 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: SEC charges Kim Kardashian for allegedly not disclosing crypto
promotion payday (WashPost)
Kim Kardashian to pay $1.26 million in SEC crypto case
The Securities and Exchange Commission is charging the reality star and entrepreneur with allegedly promoting a cryptocurrency on her Instagram
account without disclosing how much she was paid to do so, the agency announced.
https://www.washingtonpost.com/business/2022/10/03/sec-kardashian-crypto
The risks? Reality stars (whatever that means), people who believe/follow
them, and crypto-anything.
------------------------------
Date: Sun, 2 Oct 2022 22:52:14 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying
Tech Trends (PCMag)
Think you can escape the metaverse? KPMG's 'Digital to the core' report
shows a high state of buzzword compliance among surveyed execs.
Many of those concepts have drawn a fair amount of skepticism if not
outright scorn. For example, in June Bill Gates ridiculed cryptocurrencies
and non-fungible tokens as examples of "the Greater Fool Theory." And
ambitions to build the metaverse -- what we used to call immersive virtual words before Facebook founder and CEO Mark Zuckerberg leaped on the term as
he renamed Facebook to Meta -- assume a level of consumer interest that may
not be there.
https://www.pcmag.com/news/sorry-but-your-boss-is-pretty-hyped-about-todays-most
-annoying-tech-trends
The risks? Buzzwords and execs
------------------------------
Date: Wed, 5 Oct 2022 18:16:49 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Joe Sullivan guilty in Uber hacking case (WashPost)
Surprise verdict on charges that predated rampant ransomware and extortion payoffs in more recent hacking cases
A former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016.
Joe Sullivan was found guilty of obstructing justice for keeping the breach from the Federal Trade Commission, which had been probing Uber's privacy protections at the time, and of actively hiding a felony.
The verdict ended a dramatic case that pitted Sullivan, a prominent security expert who was an early prosecutor of cybercrimes for the San Francisco
U.S. attorney's office, against his former government office. In between prosecuting hackers and being prosecuted, Sullivan served as the top
security executive at Facebook, Uber and Cloudflare.
https://www.washingtonpost.com/technology/2022/10/05/uber-obstruction-sullivan-hacking
------------------------------
Date: Mon, 03 Oct 2022 03:00:05 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: I Make Video Games. I Won't Let My Daughters Play Them.
(NYTimes)
https://www.nytimes.com/2022/10/02/opinion/video-game-addiction.html
"The over-the-top experiences and rewards built into video games can
stimulate our brains to release dopamine. Dopamine, the powerful 'feel good' neurotransmitter, motivates us to seek more of these pleasurable activities. This is what can lead to addictive behavior.
"...a significant minority, 10 percent, developed pathological tendencies related to video games, including having difficulty stopping play. Compared with the other group in the study, these players displayed higher levels of depression, aggression, shyness, problematic phone use and anxiety by the
time they were emerging into adulthood."
------------------------------
Date: Sun, 2 Oct 2022 22:52:14 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying
Tech Trends (PCMag)
Think you can escape the metaverse? KPMG's 'Digital to the core' report
shows a high state of buzzword compliance among surveyed execs.
Many of those concepts have drawn a fair amount of skepticism if not
Date: Sun, 2 Oct 2022 21:14:45 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: AI can now create any image in seconds, bringing wonder and danger
(WashPost)
https://www.washingtonpost.com/technology/interactive/2022/artificial-intelligence-images-dall-e/
------------------------------
Date: Fri, 7 Oct 2022 12:55:17 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Rethinking the Computer Chip in the Age of AI (Devorah Fischler)
Devorah Fischler, Penn Engineering Today, 29 Sep 2022,
via ACM TechNews, 7 Oct 2022
A team of researchers from the University of Pennsylvania (Penn), Sandia National Laboratories, and Brookhaven National Laboratory has unveiled a computing architecture suited for artificial intelligence (AI). The
researchers developed a transistor-free compute-in-memory (CIM) architecture where processing and storage happen in the same place, removing transfer
time and minimizing energy consumption. The architecture, which builds on earlier work on a ferroelectric switching scandium-alloyed aluminum nitride semiconductor, could potentially perform up to 100 times faster than a conventional computing architecture. The design also performs on-chip
storage, parallel search, and matrix multiplication acceleration. Penn's
Xiwen Liu said the work "proves that we can rely on memory technology to develop chips that integrate multiple AI data applications in a way that
truly challenges conventional computing technologies."
https://blog.seas.upenn.edu/rethinking-the-computer-chip-in-the-age-of-ai/
------------------------------
Date: Fri, 7 Oct 2022 12:55:17 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Leading Makers Pledge Not to Weaponize Their Robots
(Joe Hernandez)
Joe Hernandez, NPR, 6 Oct 2022, via ACM TechNews, 7 Oct 2022
Six major robot manufacturers have signed a letter promising not to
weaponize their products. Boston Dynamics, Agility Robotics, ANYbotics, Clearpath Robotics, Open Robotics, and Unitree pledged against weaponizing their "advanced-mobility general-purpose robots" or their underlying
software, while also vowing to ensure their customers do not weaponize them either. The companies also said they do not oppose "existing technologies"
used by governments to "defend themselves and uphold their laws." Boston Dynamics says police and fire departments are using the company's
canine-like robot Spot to assess hazardous situations, but the firm notes
Spot is not designed for surveillance or as a substitute for police
officers.
"
https://www.npr.org/2022/10/06/1127227605/boston-dynamics-robots-pledge-against
-weapons"
------------------------------
Date: Sun, 2 Oct 2022 03:34:34 -0400
From: "Steven J. Greenwald" <
greenwald.steve@gmail.com>
Subject: Optus criticized for massive breach (Reuters)
"The Australian government on Sunday leveled its harshest criticism yet
against Optus, the second-biggest telecoms company, for a cybersecurity
breach that affected the equivalent of 40% of the country's population."
Via Reuters:
https://www.reuters.com/business/media-telecom/australian-government-slams-optus-cybersecurity-breach-2022-10-02/
------------------------------
Date: Fri, 30 Sep 2022 01:40:39 +0000
From: John Colville <
John.Colville@uts.edu.au>
Subject: Re: Optus' breach exposes 9.8M customers' data (RISKS-33.46)
It now appears that Optus's access controls were (very) weak. A lot of
debate about how much of peoples' data is being stored by various
organizations -- and for how long. However Optus have continued to store information like drivers licence ids and passport detail which have
originally been used to identify customers. For telcos the length of the period that data has to be stored is more complicated because of worries
that they may be asked for communication histories in connection with authorities' enquiries into activities like drug importation or terrorism.
------------------------------
Date: 30 Sep 2022 00:31:35 -0400
From: "John Levine" <
johnl@iecc.com>
Subject: Re: Wegmans Discontinues Self-Checkout App, Citing Losses
(NYTimes, RISKS-33.46)
I am scratching my head about this one. The thing they stopped was a phone
app that you could use to scan items as you shopped and put them in your
bags. Then when you get to the self-check kiosk, you scanned a code on the kiosk screen, it transferred the list of items to the kiosk and then you
paid and left. It was great, I used it every time I shopped there for the
past year.
They are not getting rid of the self-check kiosks, just the app. I suppose
that since there is usually a staff person watching the kiosks it is
somewhat harder to sneak stuff, but the kiosks no longer annoyingly insist
that you immediately put every item in a bag so it can weigh them and match
the weight on the scale to what you've bought. (Now that most people bring their own bags, I suspect there's no way to handle the variable weight of
the bags that isn't even more annoying.)
The Waitrose grocery chain in the UK has had a similar self-scan scheme for over a decade, originally with hand-held scanners they provided, now also
with a phone app:
ttps://www.waitrose.com/ecom/help-information/shopping-with-waitrose/shopping-instore/quick-check
Waitrose say they may rescan the contents of your bag at the till but when I was there they never did. I wonder why they haven't had similar problems. Waitrose caters to an upper middle class demographic but anyone can shop
there and I would think that if it were easy to cheat, some people would.
------------------------------
Date: Fri, 30 Sep 2022 19:33:37 +0300
From: Amos Shapir <
amos083@gmail.com>
Subject: Re: Egypt's submarine cable stranglehold (RISKS-33.46)
The part of the DCD article posted here, contains the quote "It's not like there's another Egypt you can go to."; but the truncated part does contain a survey of alternative routes. Some of them have failed, but at least one succeeds: Google's Raman-Blue line from India via Saudi Arabia, Jordan and Israel.
Also note that the posted map shows yet another alternative route, from the
Red Sea via Israel. If Egypt tries to squeeze this resource too tight, It wouldn't be hard for users to switch.
------------------------------
Date: Fri, 30 Sep 2022 09:41:58 -0400 (EDT)
From:
kludge@panix.com (Scott Dorsey)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)