RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2022 Volume 33 : Issue 49
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/33.49>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Nuclear War Simulator Creator Says Public Must Know Potential Destruction
(Aristos Georgiou)
Climate Change Threatens Supercomputers (Jacklin Kwan)
The computer errors from outer space (bbc.com)
NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ... (danny burstein)
AI Language Models Show Bias Against People with Disabilities, Study Finds
(Penn State)
A new AI model can accurately predict human response to novel drug compounds
(phys.org)
We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Alternatives to Twitter (Lauren Weinstein)
A prudent approach to Musk and Twitter (Lauren Weinstein)
Twitter reportedly has a user retention problem (Lauren Weinstein)
TikTok and Facebook fail to detect election disinformation in the U.S.,
while YouTube succeeds (Global Witness)
Behind TikTok's Boom: A legion of traumatised, $10-a-day content moderators
(The Bureau Investigates)
ACM Highlights Underuse of Risk-Limiting Audits in Confirming Accuracy of
Election Results (ACM)
Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Internet Of Dangerous Things (Henry Baker)
In the ultimate Amazon smart home, each device collects your data (WashPost) GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Cuban Defector Flies Stolen An-2 To Florida (AVweb)
How to miss potentially important Google Chat notifications (LW)
Police Are Using DNA to Generate 3D Images of Suspects They've Never Seen
(Vice)
Even After $100 Billion, Self-Driving Cars Are Going Nowhere (Bloomberg)
Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
Heat from fingertips can be used to crack passwords, researchers find
(Yahoo! News)
Zillow bug (Jan Woliltzky)
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
Google drops Chrome support for Windows 7 (Lauren Weinstein)
Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
(Car and Driver)
Planned cuts at Twitter likely to hurt content moderation, user security
(WashPost)
Devastating Report: Twitter may fire 75% of workers, gut content moderation
and decimate infrastructure (WashPost)
The vulnerability of transformers-based malware detectors to adversarial
attacks (techxplore.com)
Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware
(Bill Toulas)
How a Microsoft blunder opened millions of PCs to potent malware attacks
(Ars Technica)
Microsoft Office 365 email encryption could expose message content
(Bleeping Computer)
Google's "passkey" effort (Twitter)
How Your Shadow Credit Score Could Decide Whether You Get an Apartment
(ProPublica)
U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD)
The danger of advanced artificial intelligence controlling its own feedback
(techxplore.com)
Toyota exposed 300,000 customer email addresses for 5 years (Techcrunch)
Parler leaked email addresses for Ivanka Trump, other 'VIPs' in Kanye West
announcement (Mashable)
Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers
(Matthew Sparkes)
Deception Detection (RAND)
Re: AI-driven 'thermal attack' system reveals computer and smartphone
passwords in seconds (Steve Bacher)
Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked Bags
(Jan Wolitzky)
Re: Not a physical DDoS attack on the Australian Postal system (John Levine) Re: Automatic emergency braking is not great at preventing crashes. at
normal speeds (Martin Ward)
Article about CHERI (Rik Farrow)
U.S. National Security Strategy report (The White House)
Book on Digital Ethics (Christian Fuchs)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 24 Oct 2022 11:59:06 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Nuclear War Simulator Creator Says Public Must Know Potential
Destruction (Aristos Georgiou)
Aristos Georgiou, *Newsweek*, 19 0ct 2022, via ACM TechNews, 24 Oct 2022
A computer scientist created a nuclear war simulator to demonstrate atomic weapons' destructive potential to the public. Christopher Minson said
Russia's war in Ukraine has elevated traffic to his website, which hosts a
map tool for modeling an attack on the U.S. involving approximately 1,200 nuclear warheads. Minson based the tool on databases of warhead yields and targets derived from declassified information; he then compiled a database
of census data, and mapped populations to target sites. Minson said the
system correlates this data and executes a two-hour attack, calculating casualties from known impact and population size, and modeling the spread of fallout. "It is critical that the public understands this threat," he said. "They need to see, clearly and viscerally, just how universal and
destructive a nuclear war would be."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx23708fx072432&
------------------------------
Date: Wed, 12 Oct 2022 15:16:14 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Climate Change Threatens Supercomputers (Jacklin Kwan)
Jacklin Kwan, *Science*, 11 Oct 2022, via ACM TechNews, 12 Oct 2022
Climate change is jeopardizing the operation of high-performance computing (HPC) facilities. Natalie Bates at the U.S. Department of Energy's Lawrence Livermore National Laboratory (LLNL) said such facilities, which include supercomputers and data centers, are vulnerable due to their high cooling demands and massive energy use. Increased humidity driven by climate change
can reduce the efficiency of the evaporative coolers many HPC centers depend on, and also can threaten the systems with blowouts. Hewlett Packard Enterprise's Nicolas Dub=C8 said the high cost of upgrades to adapt to such changes has driven some HPC centers to cooler and drier locations like
Canada and Finland. LLNL's Anna-Maria Bailey said the cost of relocation may
be unaffordable, so the California facility is considering moving its
computers underground.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f638x236c48x071990&
------------------------------
Date: Thu, 13 Oct 2022 00:26:49 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: The computer errors from outer space (bbc.com)
https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors
"When computers go wrong, we tend to assume it's just some software hiccup,
a bit of bad programming. But ionising radiation, including rays of protons blasted towards us by the sun, can also be the cause. These incidents,
called single-event upsets, are rare and it can be impossible to be sure
that cosmic rays were involved in a specific malfunction because they leave
no trace behind them."
As silicon features reduce to near atomic dimensions (approaching 1
nanometer == 10), these events are likely increase their frequency. The
biggest supercomputers contain very high-density physical memory pools. Administrators and reliability engineers battle with row-level memory
failures constantly.
See
https://catless.ncl.ac.uk/Risks/30/15#subj6.1. There are at least 10
prior comp.risks posts containing the term "cosmic ray."
------------------------------
Date: Sat, 15 Oct 2022 23:25:02 +0000 ()
From: danny burstein <
dannyb@panix.com>
Subject: NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ...
In NYC, the "911" calls come into a central "public safety answering
position" ("psap"). If the emergency required EMS or fire response, it's transferred to the fire dep't center and then dispatched from there.
The FDNY dispatch and control system was crippled for half a day earlier
this week because...
... a contractor, thinking he was pushing an "open the door, Hal", button,
lifted the cover on a button labeled "EPO"...
Which stood for... "emergency power off".
Ok, everyone, start cringing... Including asking why, in addition to not having a secondary "hot standby" system, it took *hours* to bring this back
up.
[NY Post]
Oops! FDNY contractor presses wrong button, shuts down NYC's emergency
dispatch system
An outside contractor making repairs at the FDNY's emergency dispatch
center in downtown Brooklyn pressed the wrong button to open a door -- and
shut down the agency's communications system, triggering an hours-long
citywide crisis.
Wednesday's snafu at the FDNY's MetroTech Center facility forced staffers
to rely on ancient methods - pens, paper and telephones rather than
digital systems -- to gather facts and get word to first responders as 911
calls came in, officials for unions representing the agency's dispatchers
and medics told The Post.
Delays responding to emergency calls ranged from a few minutes to more
than an hour, said Oren Barzilay, president of Local 2507, which
represents city EMTs and paramedics. [...]
The shutdown occurred around 11 a.m. when a repairman from communications
company Lightpath responded to a report of an earlier glitch at the data
center. [...]
The repairman mistook a glass-enclosed button, marked "EPO" for "emergency power off," for an electronic door release button, so he opened the lid and accidentally shut down the system, workers recalled. [...[
The agency's radio systems were down until 2:30 p.m., and mobile data
terminals out in the field weren't fully operational until 6 p.m., Smyth
and Barzilay said.
https://nypost.com/2022/10/15/fdny-contractor-presses-wrong-button-shuts-down-emergency-dispatch-system/
------------------------------
Date: Wed, 19 Oct 2022 12:21:15 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: AI Language Models Show Bias Against People with Disabilities,
Study Finds (Penn State)
Jessica Hallman, Penn State News, 13 Oct 2022, via ACM TechNews, 19 Oct 2022
Pennsylvania State University (Penn State) researchers found that natural language processing models often are biased against people with
disabilities. The researchers studied 13 popular machine learning models trained to generate sequences of words, and tested over 15,000 unique
sentences on each model to produce word associations for over 600 adjectives that could be associated with individuals with or without disabilities. The researchers assessed the sentiment of each adjective generated as positive, negative, or neutral, finding that sentences with disability-related words scored more negatively than sentences lacking them. Penn State's Pranav
Venkit said the work demonstrates "that people need to care about what sort
of models they are using and what the repercussions are that could affect
real people in their everyday lives."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f706x236eaex072403&
------------------------------
Date: Tue, 18 Oct 2022 12:39:57 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: A new AI model can accurately predict human response to novel drug
compounds (phys.org)
https://phys.org/news/2022-10-ai-accurately-human-response-drug.html
"The journey between identifying a potential therapeutic compound and Food
and Drug Administration approval of a new drug can take well over a decade
and cost upward of a billion dollars. A research team at the CUNY Graduate Center has created an artificial intelligence model that could significantly improve the accuracy and reduce the time and cost of the drug development process."
The AI yields a number that supposedly determines the outcome from
swallowing a pill or undergoing IV infusion.
Reduce pharmaceutical company operating and R&D expenses for drug approval: substitute machine decisions for double-blind random control trials and
other FDA-mandated processes. Regulatory processes safeguard public health
and safety.
[Heuristic, perhaps nondeterministic, no need for testing, expensive
controlled trials, long delays, and regulation, what could possibly go
wrong? PGN]
------------------------------
Date: Sun, 16 Oct 2022 12:32:40 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: We Should Try to Prevent Another Alex Jones (Zeynep Tufekci)
Zeynep Tufekci, The New York Times, 16 Oct 2022
We Should Try to Prevent Another Alex Jones
https://www.nytimes.com/2022/10/16/opinion/alex-jones-sandy-hook.html
PGN notes: Zeynep comments on her own article:
On the Alex Jones Verdict: The Very, Very Lucrative World of Lying
https://www.theinsight.org/p/on-the-alex-jones-verdict-the-very
My latest piece for *The New York Times* returns to a key question: how
should we grapple with the current historic transformation of the public
sphere? I focus on the Alex Jones trial and verdict, but my question is
about the future: what can we do, what should we do, to prevent future
cases?
I suggest that we take a closer look at money as an incentive, and also
focus on friction as an answer. [...] ZT
------------------------------
Date: Fri, 21 Oct 2022 15:42:41 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Alternatives to Twitter
Starting to see articles pushing for the creation of an alternative to
Twitter for people who aren't horrible. Not a new idea. Let's see if anyone with money puts it where their mouths are. Not holding my breath. -L
------------------------------
Date: Sun, 23 Oct 2022 17:13:33 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: A prudent approach to Musk and Twitter
It would be prudent for @Twitter users *right now* to start planning how
they would deal with a return of mass hate speech and disinformation to TWitter, and how they will hold @Twitter, @Apple, @Google and other related ecosystem stakeholders responsible. -L
------------------------------
Date: Tue, 25 Oct 2022 15:05:08 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Twitter reportedly has a user retention problem
So apparently @Twitter has a problem with retaining "power users". Could
be. ProTip: Flooding Twitter with hate speech and disinformation a la Musk's Twitter isn't likely to help those retention metrics at all. Quite the opposite.
And creating a firestorm of negative media and regulator (e.g., EU)
attention by embracing hate speech and disinformation isn't gonna help the business stuff either. All the oxygen will be sucked out of the room. -L
------------------------------
Date: Fri, 21 Oct 2022 10:36:23 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: TikTok and Facebook fail to detect election disinformation in the
U.S., while YouTube succeeds (Global Witness)
https://www.globalwitness.org/en/campaigns/digital-threats/tiktok-and-facebook-f
ail-detect-election-disinformation-us-while-youtube-succeeds/
------------------------------
Date: Sun, 23 Oct 2022 20:34:23 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Behind TikTok's Boom: A legion of traumatised, $10-a-day content
moderators (The Bureau Investigates)
https://www.thebureauinvestigates.com/stories/2022-10-20/behind-tiktoks-boom-a-legion-of-traumatised-10-a-day-content-moderators
------------------------------
Date: Fri, 14 Oct 2022 12:10:42 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: ACM Highlights Underuse of Risk-Limiting Audits in Confirming
Accuracy of Election Results
Association for Computing Machinery, 13 Oct 2022,
via ACM TechNews, October 14, 2022
Despite their efficiency in confirming the accuracy of election results, risk-limiting audits (RLAs) are underused, according to a new TechBrief from ACM's global Technology Policy Council. The authors found only five
U.S. states will require then in the upcoming November elections, while just
10 additional states either have RLA pilot programs or allow their
use. Meanwhile, Denmark is the only other country to have performed an RLA
of an election. "RLAs give us the best of both worlds: a high degree of accuracy and transparency without the enormous undertaking that is counting every contest on every ballot by hand," said TechBrief co-lead author
Matthew Bernhard.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f684x236d1fx072707&
[Risks? If you don't believe in science and technology, you most
likely won't believe in RLAs. See the CACM Inside Risks article:
Rebecca T. Mercuri and Peter G. Neumann,
The Risks of Election Believability (or Lack Thereof),
CACM June 2021:
http://www.csl.sri.com/neumann/cacm251.pdf
What can be done to get more people understanding science and tech?
PGN]
------------------------------
Date: Sat, 22 Oct 2022 21:12:52 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Iran Hackers Behind Attempt on US Election Are Still Active
(GovInfoSecurity)
Emennet Pasargad, the Iranian cyberthreat actors behind an attempt to
disrupt the U.S. presidential election in 2020, remain active, warns
the FBI.
https://www.govinfosecurity.com/iran-hackers-behind-attempt-on-us-election-are-still-active-a-20310
www.govinfosecurity.com
------------------------------
Date: Thu, 20 Oct 2022 18:51:16 +0000
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Internet Of Dangerous Things -- IoDT
I recently stayed in a brand new hotel in the Bay Area, and it had a
*Bluetooth Mirror* in the bathroom.
For the life of me, I can't imagine what geek's bright idea this Bluetooth-enabled mirror was, but it's right up there with 'smart rocks' (wifi-enabled boulders???).
The *misuses* of this idea far exceed the *uses*, by many orders of
magnitude.
[NOT] Attached is a screenshot of my phone after pairing with this dumbest
of all ideas. The mirror apparently has the same SW as a BT boombox, so you
can call your phone on the throne? [Hone alone?]
Notice that I didn't allow this mirror to access my *contacts*, but if I
had, it would have downloaded all 2000+ of them, I presume.
I don't think that this mirror had a camera, but in today's world, I
wouldn't be too sure.
[I understand that some hotel rooms now come complete with either Amazon's
*Alexa* or Google's *OK Google*, so you're now under 24x7 surveillance.]
------------------------------
Date: Tue, 18 Oct 2022 17:20:18 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: In the ultimate Amazon smart home, each device collects your data
(WashPost)
Here's everything Amazon learns about your family, your home and you.
https://www.washingtonpost.com/technology/interactive/2022/amazon-smart-home
Toilet, garage, car, doorbell, Roomba, TV, lights/switches/shades, exercise band, router, soap dispenser (!), medicines, pantry, Whole Foods, air
quality, thermostat, more.
------------------------------
Date: Fri, 21 Oct 2022 10:31:23 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: GPS interference caused the FAA to reroute Texas air traffic.
Experts stumped (Ars Technica)
Episode lasting almost 2 days prompted the closure of a runway at Dallas airport.
The Federal Aviation Administration is investigating the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly.
The interference first came to light on Monday afternoon when the FAA issued
an advisory over ATIS (Automatic Terminal Information Service). It warned flight personnel and air traffic controllers of GPS interference over a
40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF
DFW. [...]
https://arstechnica.com/information-technology/2022/10/cause-is-unknown-for-mysterious-gps-outage-that-rerouted-texas-air-traffic/
"This week's event appears similar to one that, according to GPSWorld,
played out in Denver last January. In the January episode, aircraft in a 50-nautical-mile swath of airspace around the airport reported unreliable
GPS for more than 33 hours."
https://www.gpsworld.com/what-happened-to-gps-in-denver/
------------------------------
Date: Mon, 24 Oct 2022 14:49:05 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Cuban Defector Flies Stolen An-2 To Florida (AVweb)
A Cuban pilot defected to Florida on Friday but there won't be much intelligence to be gleaned from the government aircraft he stole. The pilot, identified by a Spanish publication as Ruben Martinez, flew an ancient
Antonov An-2 single-engine biplane at wavetop level before landing at Dade-Collier Training and Transition Airport in the Everglades.
The TSA and Customs and Border Protection are, of course, interested in how
the school-bus sized relic of the Soviet era was able to sneak through one
of the most surveilled coastlines in the country.
https://www.avweb.com/aviation-news/cuban-defector-flies-stolen-an-2-to-florida/
------------------------------
Date: Thu, 20 Oct 2022 12:46:56 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: How to miss potentially important Google Chat notifications
There appears to be a significant flaw in the Google Chat notification model that can easily cause desktop users to be unaware of important chat replies
for hours, days -- or indefinitely. It happened to me.
These notification issues may relate to the hangouts->chat migration. On (linux) desktops, there's no longer a native official Google Chat app, so if Chrome isn't running there are apparently no related desktop notifications.
The desktop notification that Chrome throws when running (even when not
showing Gmail) is momentary, if you're not around at the moment it pops you won't see or hear it.
------------------------------
Date: Thu, 13 Oct 2022 11:55:30 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: Police Are Using DNA to Generate 3D Images of Suspects They've
Never Seen (Vice)
Releasing one of these Parabon images to the public like the Edmonton Police did recently, is dangerous and irresponsible, especially when that image implicates a Black person and an immigrant.
On Tuesday, the Edmonton Police Service (EPS) shared a computer generated
image of a suspect <
https://www.edmontonpolice.ca/News/MediaReleases/DNAPhenotypeOct4> they created with DNA phenotyping, which it used for the first time in hopes of identifying a suspect from a 2019 sexual assault case. Using DNA evidence
from the case, a company called Parabon NanoLabs created the image of a
young Black man. The composite image did not factor in the suspect's age,
BMI, or environmental factors, such as facial hair, tattoos, and scars. The
EPS then released this image to the public, both on its website and on
social media platforms including its Twitter, claiming it to be ``a last
resort after all investigative avenues have been exhausted.'' The EPS's decision to produce and share this image is extremely harmful, according to privacy experts, raising questions about the racial biases in DNA
phenotyping for forensic investigations and the privacy violations of DNA databases that investigators are able to search through.
In response to the EPS's tweet of the image, many privacy and criminal
justice experts replied with indignation at the irresponsibility of the
police department. Callie Schroeder, the Global Privacy Counsel at the Electronic Privacy Information Center, retweeted the tweet, questioning the usefulness of the image: ``Even if it is a new piece of information, what
are you going to do with this? Question every approximately 5'4" black man
you see? ...that is not a suggestion, absolutely do not do that.'' [...]
https://www.vice.com/en/article/pkgma8/police-are-using-dna-to-generate-3d-images-of-suspects-theyve-never-seen
------------------------------
Date: Thu, 13 Oct 2022 00:23:25 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Even After $100 Billion, Self-Driving Cars Are Going Nowhere
(Bloomberg)
They were supposed to be the future. But prominent detractors -- including Anthony Levandowski, who pioneered the industry -- are getting louder as the losses get bigger.
https://www.bloomberg.com/news/features/2022-10-06/even-after-100-billion-self-driving-cars-are-going-nowhere
------------------------------
Date: Tue, 25 Oct 2022 13:46:03 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Eleven more crash deaths are linked to automated-tech vehicles
(The Center for Auto Safety)
Eleven people were killed in U.S. crashes involving vehicles that were using automated driving systems during a four-month period earlier this year, according to newly released government data, part of an alarming pattern of incidents linked to the technology.
https://www.autosafety.org/11-more-crash-deaths-are-linked-to-automated-tech-vehicles
11 people in four months? Out of how many total killed on roads in that
time?
More meaningful would be deaths/miles driven with and without automated
technologies.
------------------------------
Date: Sat, 22 Oct 2022 10:15:48 +0900
From: David Farber <
farber@keio.jp>
Subject: High-Tech Cars Are Killing the Auto Repair Shop (WiReD)
https://www.wired.com/story/high-tech-cars-killing-the-traditional-auto-repair-shop/
[PGN Note: This reminds me of the wonderful old Alex Guiness film:
The Man in The White Suit, 1951
Sidney ("Sid") Stratton, a brilliant young research chemist and former
Cambridge scholarship recipient, has been dismissed from jobs at several
textile mills in the north of England because of his demands for expensive
facilities and his obsession with inventing an everlasting fibre. Whilst
working as a labourer at the Birnley Mills, he accidentally becomes an
unpaid researcher and invents an incredibly strong fibre which repels dirt
and never wears out. From this fabric, a suit is made-which is brilliant
white because it cannot absorb dye and slightly luminous because it
includes radioactive elements.
Stratton is lauded as a genius until both management and the trade unions
realise the consequence of his invention; once consumers have purchased
enough cloth, demand will drop precipitously and put the textile industry
out of business. The managers try to trick and bribe Stratton into signing
away the rights to his invention but he refuses. Managers and workers each
try to shut him away, but he escapes. Wikipedia]
[Perhaps fortunately for the mechanics, self-driving cars are still a
long way from trustworthy. The diagnostic tools are good enough that
they can quickly identify which chip to replace, the tools are
presumably proprietary so it is more difficult for you to do your own
maintenance, and mechanics can probably charge you large rates for
maintenance even though it becomes trivial to change the part.
Furthermore, there still seems to be business for mechanics and body
shops (legal or otherwise), from accidents. Also, in that California's
Governor Newsom has made it illegal in California to buy a
stolen/stripped catalyic convertor, that has apparently not stopped the
thieves and the blackmarket for precious metals. PGN]
------------------------------
Date: Thu, 13 Oct 2022 11:51:37 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: Heat from fingertips can be used to crack passwords, researchers
find (Yahoo! News)
Heat-detecting cameras can help crack passwords up to a minute after typing them, researchers have found, as they warn similar systems could be
developed by criminals to break into computers and smartphones.
Heat from people's fingertips can be detected on recently-used keyboards
and, when thermal images were combined with the help of artificial intelligence, informed guesses of what the password could be were made by a tool developed by researchers at the University of Glasgow.
Some 86% of passwords were cracked when thermal images were taken within 20 seconds of typing in the secret code and put through their ThermoSecure
system, and 76% when within 30 seconds. Success dropped to 62% after 60
seconds of entry.
They also found within 20 seconds, the system was capable of successfully attacking even long passwords of 16 characters, with a rate of up to 67% correct attempts.
It's important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to
develop our technology to try to stay one step ahead of attackers. [...]
https://news.yahoo.com/heat-fingertips-used-crack-passwords-102357016.html
------------------------------
Date: Wed, 19 Oct 2022 08:56:47 -0400
From: Jan Wolitzky <
jan.wolitzky@gmail.com>
Subject: Zillow bug
Q: What's wrong with these Cambridge, MA, listings?
https://www.zillow.com/homedetails/21-Day-St-Cambridge-MA-02140/2061016351_zpid/
https://www.zillow.com/homedetails/3-Jarvis-St-Cambridge-MA-02138/2061087683_zpid/
https://www.zillow.com/homedetails/6607-Bellis-Ct-Cambridge-MA-02140/2061083868_zpid/
https://www.zillow.com/homedetails/56-Scott-St-Cambridge-MA-02138/2061087954_zpid/
https://www.zillow.com/homedetails/14-Alpine-St-Cambridge-MA-02138/2061083680_zp
id/
A: They're all really in Cambridge ON (Ontario), Canada. (In some cases,
the street names are a bit off. Usually, "street" instead of "road", but "Bellis" is actually "Ellis".)
I don't know what's gotten into Zillow, but they seem to have a problem!
------------------------------
Date: Thu, 13 Oct 2022 12:04:38 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
(Dark Reading)
The attacks showcase broader security concerns as phishing grows in volume
and sophistication, especially given that Windows Defender's Safe Links
feature for identifying malicious links in emails completely failed in the campaign.
https://www.darkreading.com/attacks-breaches/real-estate-phish-1000s-credentials-escalating-cyber-risk
------------------------------
Date: Tue, 25 Oct 2022 12:34:07 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Google drops Chrome support for Windows 7
So @googlechrome is apparently dropping updates for Windows 7 early next
year. From a purely logical standpoint for @Google this makes complete and utter sense. However, given the VERY high number of people still using
Windows 7 for important applications, there's a real risk. -L
------------------------------
Date: Thu, 20 Oct 2022 16:33:10 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Too Many Drivers with Advanced Tech Expect Cars to Drive for Them
https://www.caranddriver.com/news/a41710516/driver-safety-abuse-semi-autonomous-technology-insurance-institute/
[But not if they have been reading RISKS? PGN]
------------------------------
Date: Thu, 20 Oct 2022 19:38:39 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Planned cuts at Twitter likely to hurt content moderation, user
security (WashPost)
Previously unreported details shed new light on Twitter's motivations for selling the company -- and Elon Musk's plans to transform it.
Twitter's workforce is likely to be hit with massive cuts in the coming
months, no matter who owns the company, interviews and documents obtained by *The Washington Post* show, a change likely to have major impact on its
ability to control harmful content and prevent data security crises.
Elon Musk told prospective investors in his deal to buy the company that he planned to get rid of nearly 75 percent of Twitter's 7,500 workers,
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)