• Risks Digest 33.51

    From RISKS List Owner@21:1/5 to All on Thu Nov 10 04:34:00 2022
    RISKS-LIST: Risks-Forum Digest Wednesday 9 November 2022 Volume 33 : Issue 51

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/33.51>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Ground Truth vs Ground-up Truth (PGN)
    What U.S. Democracy Can Learn from Brazil (Jack Nicas)
    Voting-system firms battle right-wing rage against the machines (Reuters)
    How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes) Blood oxygen monitors face scrutiny from FDA panel (The Verge)
    Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz)
    The Hunt for the Dark Web's Biggest Kingpin (WiReD)
    Why the FBI Is So Far Behind on Cybercrime (NYTimes)
    Ransomware attacks on hospitals take toll on patients (NBC News)
    iOS Privacy: Instagram and Facebook can track anything you do on any website
    in their in-app browser (Krausefx)
    The Most Vulnerable Place on the Internet (WiReD)
    Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls
    (U.Waterloo)
    Engineers ready innovative robotic servicing of geosynchronous satellites
    payload for launch (phys.org)
    Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces
    cybersecurity incident (CBC)
    Signal Says It Will Exit India Rather Than Compromise Its Encryption
    (Techdirt)
    Scientists Increasingly Can't Explain How AI Works (Vice)
    Billions Spent in Metaverse 'Land' Grab (BBC)
    Same New York lottery numbers drawn twice in one day (NYPost)
    Powerball winning numbers live drawing delayed for $1.9 billion jackpot due
    to 'security protocol issue' (ABC)
    There's a good chance Meta has your contact info. Here's how to delete it.
    (Mashable)
    Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC)
    'How much press are you worth?' New calculator tackles inequality in missing
    persons stories (msnbc.com)
    Federal government advised to pause Twitter ads after mass layoffs at
    company (CBC News)
    Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year
    (Gizmodo)
    Wireless meat thermometer: What could go wrong? (SharperImage via Gabe)
    Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD)
    Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes)
    AI code assistants may not spawn as many bugs as feared (NYTimes)
    The Rise of Rust, the Virus-Secure Programming Language That's Taking Over
    Tech (WiReD)
    The Strange Death of the Uyghur Internet (WiReD)
    Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown
    (WiReD)
    Jeppesen Cyber-Incident Affects Services (AVweb)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 9 Nov 2022 10:40:50 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Ground Truth vs Ground-up Truth

    It's time for a little levity after months of ugly campaign disinformation
    and gigantic fund-raising efforts in the U.S. I offer this limerick, and
    beg your indulgence.

    Relections on the U.S. Midterm Election Campaigns
    Peter G. Neumann (a.k.a. Lim[b]erRick),
    Election Day, 8 November 2022

    There once was a notion of "ground truth",
    Which the DNA linked up with "found tooth".
    But old farts with no heart
    Took the ground truth apart,
    While leaving the future to "frowned youth".

    [Your choice of alternatives in the last line:
    crowned, gowned, sound, bound, towned, ... I liked "frowned" <upon>]

    old fart:
    Tribal elder. A title self-assumed with remarkable frequency ...
    This is a term of insult in the second or third person, but one of
    pride in first person.

    "Ground Truth" is becoming like Ground-up Meat --
    You have no idea what it entails (or entrails?).
    Are the contents just FAKE NEWS? or REALLY-FAKE NEWS?

    An earlier draft version of my doggerel had the last line as:
    "Forsooth" took the meaning of "found truth".

    forsooth [WordNet]
    adv 1: an archaic word originally meaning *in truth* but now
    usually used to express *disbelief* [emphasis mine]

    forsooth formerly used as
    An expression of deference or respect, especially to woman;
    now used ironically or contemptuously.
    [1913 Webster]

    Our old English word "forsooth" has been changed for the French
    madam. -- Guardian.
    [1913 Webster]

    Dad-to-Kid-joke:
    Diner: Waiter, This coffee tastes like mud.
    Waiter: It should. It was *GROUND* this morning.

    ------------------------------

    Date: Mon, 7 Nov 2022 9:16:00 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: What U.S. Democracy Can Learn from Brazil (Jack Nicas)

    Jack Nicas, *The New York Times*, 6 Nov 2022

    https://www.nytimes.com/2022/11/05/world/americas/brazil-election-us-democracy.html

    Given that there are no computer systems that cannot be hacked through
    unsecure hardware, software, and apps, *and* the reality that the federal government cannot control state elections -- which the existing Supreme
    Court would pretty much guarantee -- there are no realistic solutions. The research community understands some of the machine-related issues, but (not surprisingly) ignores most of the total-system issues -- which include
    insider misuse, clever disenfranchisement, and devastating effects of
    pervasive disinformation. The commercial vendors for the most part don't
    care, although Dominion's defense and monster defensive lawsuits (a recent
    60 Minutes interviewed the head of Dominion) seem to make a case that they
    were brutally trashed by false attacks for which they are seeking BILLIONS
    of dollars in damages.

    ------------------------------

    Date: Sun, 6 Nov 2022 15:12:01 PST
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Voting-system firms battle right-wing rage against the machines
    (Reuters)

    https://www.reuters.com/world/us/voting-system-firms-battle-right-wing-rage-against-machines-2022-11-06/

    ------------------------------

    Date: Sun, 6 Nov 2022 10:50:45 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: How Republicans Fed a Misinformation Loop About the Pelosi Attack
    (NYTimes)

    https://www.nytimes.com/interactive/2022/11/05/us/politics/pelosi-attack-misinfo-republican-politicians.html

    ------------------------------

    Date: Thu, 3 Nov 2022 19:53:44 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Blood oxygen monitors face scrutiny from FDA panel (The Verge)

    https://www.theverge.com/2022/11/3/23438808/blood-oxygen-monitor-fda-bias-regulation

    ------------------------------

    Date: Sat, 5 Nov 2022 19:36:10 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Medicare enrollees warned about deceptive marketing schemes
    (Amanda Seitz)

    With Medicare's open enrollment underway, health experts are warning
    older adults about an uptick in misleading marketing tactics that might
    lead some to sign up for Medicare Advantage plans that don't cover
    their doctors or prescriptions and drive up their out-of-pocket costs

    https://www.washingtonpost.com/politics/medicare-enrollees-warned-about-deceptive-marketing-schemes/2022/11/05/d54ffa70-5cbf-11ed-bc40-b5a130f95ee7_story.html

    ------------------------------

    Date: Fri, 4 Nov 2022 10:24:46 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: The Hunt for the Dark Web's Biggest Kingpin (WiReD)

    The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow ''

    The notorious Alpha02 oversaw millions of dollars a day in online narcotic sales. For cybercrime detectives, he was public enemy number oneâand a total mystery. https://www.wired.com/story/alphabay-series-part-1-the-shadow/

    The Hunt for the Dark Webâs Biggest Kingpin, Part 2: Pimp_alex_91
    On the trail of AlphaBay's mastermind, a tip leads detectives to a suspect
    in Bangkok -- and to the daunting task of tracing his millions in cryptocurrency.

    https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/

    ------------------------------

    Date: Sun, 6 Nov 2022 19:39:01 -0700
    From: Matthew Kruk <mkrukg@gmail.com>
    Subject: Why the FBI Is So Far Behind on Cybercrime (NYTimes)

    https://www.nytimes.com/2022/11/06/opinion/ransomware-fbi.html

    There are many factors behind the stunning rise of ransomware. Our reporting found that one of the most important is the Federal Bureau of
    Investigation's outmoded approach to computer crime targeting people and institutions in the United States.

    State and local police generally can't handle a sophisticated international crime that locks victims' data remotely -- from patients' medical histories
    and corporate trade secrets to police evidence and students' performance records -- and demands payment for a key. Many police departments have themselves been hamstrung by ransomware attacks. Federal investigators, especially the FBI, are responsible for containing the threat. They need to
    do better.

    When ransomware gained traction a decade ago, individual attackers were
    hitting up home users for a few hundred dollars. In 2015, as the crime was evolving into something more, the bureau still dismissed ransomware as an ankle-biter. That year, about a dozen frustrated Cyber Division agents
    warned James Comey, who was then the director of the F.B.I., that
    institutional lack of respect for their skills was spurring their
    departures. Now well-organized gangs, with hierarchies mirroring those of traditional businesses, are paralyzing the computer networks of high-profile targets and demanding millions of dollars in ransom.

    ------------------------------

    Date: Tue, 8 Nov 2022 10:21:30 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Ransomware attacks on hospitals take toll on patients (NBC News)

    https://www.nbcnews.com/tech/security/ransomware-attacks-hospitals-take-toll-patients-rcna54090

    ------------------------------

    Date: Wed, 9 Nov 2022 09:35:28 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: iOS Privacy: Instagram and Facebook can track anything you do on
    any website in their in-app browser (Krausefx)

    https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

    ------------------------------

    Date: Fri, 4 Nov 2022 09:45:43 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: The Most Vulnerable Place on the Internet (WiReD)

    Underwater cables keep the internet online. When they congregate in one
    place, things get tricky

    https://www.wired.com/story/submarine-internet-cables-egypt/

    ------------------------------

    Date: Fri, 4 Nov 2022 12:47:51 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Security Loophole Allows Attackers to Use Wi-Fi to See Through
    Walls (U.Waterloo)a

    University of Waterloo (Canada), 13 Nov 2022, via ACM TechNews; 4 Nov 2022

    A drone-powered device developed by researchers at Canada's University of Waterloo can see through walls by accessing Wi-Fi networks. The Wi-Peep
    device can fly close to a building and identify all Wi-Fi-enabled devices inside using the building's Wi-Fi network by taking advantage of the "polite Wi-Fi" loophole, in which smart devices automatically respond to contact attempts from any device within range. Comprised of a store-bought drone and $20 of hardware, Wi-Peep can pinpoint the location of a device within one
    meter by measuring response times to the messages it sends to devices while
    in flight. Said Waterloo's Ali Abedi, "We need to fix the Polite Wi-Fi
    loophole so that our devices do not respond to strangers. We hope our work
    will inform the design of next-generation protocols."

    [... and will greatly enhance the accuracy of drone bombers?]

    ------------------------------

    Date: Thu, 10 Nov 2022 00:37:42 +0000
    From: Richard Marlon Stein <rmstein@protonmail.com>
    Subject: Engineers ready innovative robotic servicing of geosynchronous
    satellites payload for launch (phys.org)

    https://phys.org/news/2022-11-ready-robotic-geosynchronous-satellites-payload.html

    "Ace Satellite Repair Co's" first gig was in April, 1984 -- the "Solar Max" satellite needed a tune up. The Solar Max was in low earth orbit (~200 km), close enough for the Space Shuttle Challenger to capture. Intrepid space-walkers swapped out and replaced a circuit board or two.

    Geo-synchronous orbit, @ ~35K km, is where a lot of communications, weather, and other satellite payloads park and operate.

    No bus for a repair person to ride. Send a robot. DARPA funded "Robotic Servicing of Geosynchronous Satellites" program relies on a two-armed bot. A sophisticated robotic simulator and qualification mechanism, including environment chamber conditions, applied to boost mission objective
    achievement.

    Risks: Cosmic radiation, software defects, hardware failure

    ------------------------------

    Date: Mon, 7 Nov 2022 13:11:40 -0700
    From: Matthew Kruk <mkrukg@gmail.com>
    Subject: Sobeys, Safeway grappling with IT issues as Maple Leaf Foods
    announces cybersecurity incident (CBC)

    https://www.cbc.ca/news/canada/nova-scotia/sobeys-safeway-maple-leaf-foods-cybersecurity-incident-1.6642937

    Some stores across Canada owned by Empire Company Ltd., including Sobeys, Safeway and affiliated pharmacy services, continue to experience disruptions <http://cbc.ca/1.6642540> due to an information technology systems issue.

    Empire, which owns Sobeys, Lawtons, IGA, Safeway, Farm Boy, Foodland and FreshCo, among other brands, announced Monday an IT problem is preventing
    some of its pharmacies from filling prescriptions. ...

    Meanwhile, Maple Leaf Foods announced in a news release late Sunday night
    that a "cybersecurity incident" caused a system outage at the company.

    The company said it became aware of the issue over the weekend and
    immediately began working with cybersecurity and recovery experts,
    information systems professionals and third-party specialists to investigate the outage.

    ------------------------------

    Date: Fri, 28 Oct 2022 21:05:02 +0900
    From: David Farber <farber@keio.jp>
    Subject: Signal Says It Will Exit India Rather Than Compromise Its
    Encryption (Techdirt)

    https://www.techdirt.com/2022/10/26/signal-says-it-will-exit-india-rather-than-compromise-its-encryption/

    ------------------------------

    Date: Wed, 2 Nov 2022 08:07:31 -0700
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Scientists Increasingly Can't Explain How AI Works (Vice)

    AI researchers are warning developers to focus more on how and why a system produces certain results than the fact that the system can accurately and rapidly produce them.

    What's your favorite ice cream flavor? You might say vanilla or chocolate,
    and if I asked why, you'd probably say it's because it tastes good. But why does it taste good, and why do you still want to try other flavors
    sometimes? Rarely do we ever question the basic decisions we make in our everyday lives, but if we did, we might realize that we can't pinpoint the exact reasons for our preferences, emotions, and desires at any given
    moment.

    There's a similar problem in artificial intelligence: The people who develop
    AI are increasingly having problems explaining how it works and determining
    why it has the outputs it has. Deep neural networks (DNN) -- made up of
    layers and layers of processing systems trained on human-created data to
    mimic the neural networks of our brains -- often seem to mirror not just
    human intelligence but also human inexplicability.

    Most AI systems are black box models, which are systems that are viewed only
    in terms of their inputs and outputs. Scientists do not attempt to decipher
    the black box, or the opaque processes that the = system undertakes, as long
    as they receive the outputs they are looking for. For example, if I gave a black box AI model data about every single ice cream flavor, and demographic data about economic, social, and lifestyle factors for millions of people,
    it could probably guess what your favorite ice cream flavor is or where your favorite ice cream store is, even if it wasn't programmed with that
    intention.

    These types of AI systems notoriously have issues because the data they are trained on are often inherently biased, mimicking the racial and gender
    biases that exist within our society. The haphazard deployment of them leads
    to situations where, to use just one example, Black people are disproportionately misidentified by facial recognition technology. It
    becomes difficult to fix these systems in part because their developers
    often cannot fully explain how they work, which makes accountability
    difficult. As AI systems become more complex and humans become less able to understand them, AI experts and researchers are warning developers to take a step back and focus more on how and why a system produces certain results
    than the fact that the system can accurately and rapidly produce them. [...]

    <https://www.vice.com/en/article/n7jwx7/even-the-government-admits-facial-recognition-is-racially-biased>

    https://www.vice.com/en/article/y3pezm/scientists-increasingly-cant-explain-how-ai-works

    ------------------------------

    Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Billions Spent in Metaverse 'Land' Grab (BBC)

    Joe Tidy, BBC News, 3 Nov 2022, via ACM TechNews, 7 Nov 2022

    Research by DappRadar indicates that over the past year, people and
    companies have spent $1.93 billion in cryptocurrency to purchase virtual
    "real estate" in the metaverse. In Decentraland, parcels of "land" can sell
    for millions of dollars, and are being bought by companies like Samsung,
    UPS, and Sotheby's to build virtual shops. Adidas, Atari, Ubisoft, Binance, Warner Music, and Gucci have purchased virtual property in Sandbox, while
    Gucci also has created a town in Roblox. Said Amber Jae Slooten of *The Fabricant*, a digital design house, "There will be for sure a mass market in this because if you think about the younger generation, they already play games. For them there's no distinction between virtual and real. But it
    still needs to be built."

    [No distinction? Wow! That is scary, especially when it comes to voting
    and living in the real world (whatever that may be). PGN]

    ------------------------------

    Date: Thu, 3 Nov 2022 13:50:00 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Same New York lottery numbers drawn twice in one day (NYPost)

    https://nypost.com/2022/10/28/1-in-331-billion-chance-same-new-york-lottery-numbers-drawn-twice-in-one-day/

    ------------------------------

    Date: Mon, 7 Nov 2022 23:34:00 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Powerball winning numbers live drawing delayed for $1.9 billion
    jackpot due to 'security protocol issue' (ABC)

    https://abc7ny.com/1-9-billion-lottery-powerball-jackpot-today-how-big-is-the-drawing-time/12426091/

    ALSO:
    Powerball: Winning numbers for the record $1.9 billion jackpot
    have yet to be announced after drawing was delayed

    https://www.cnn.com/2022/11/08/us/powerball-lottery-record-delayed-drawing-tuesday-trnd/index.html

    ------------------------------

    Date: Tue, 1 Nov 2022 20:43:57 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: There's a good chance Meta has your contact info. Here's how to
    delete it. (Mashable)

    https://mashable.com/article/facebook-how-to-delete-contact-info-meta

    ------------------------------

    Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC)

    Ryan Browne, CNBC News, 04 Nov 2022, via ACM TechNews, 7 Nov 2022

    ACM A.M. Turing Award recipient Tim Berners-Lee, credited with inventing the World Wide Web, considers Web3 nonviable for building the next iteration of
    the Internet. At the Web Summit in Lisbon, Portugal, Berners-Lee called Web3
    a vague term to describe a theoretical Internet that is more decentralized
    than the current Web, incorporating technologies like blockchain, cryptocurrencies, and nonfungible tokens. Berners-Lee described blockchain protocols as "too slow, too expensive, and too public." He said people frequently confuse Web3 with his Web 3.0 framework for reconfiguring the Internet. His new Inrupt startup intends to allow users to control their own data via a global single sign-on feature for universal logins, login IDs
    that let users exchange data, and a "common universal application
    programming interface."

    [Don't forget the putting all-of-your-eggs-in-one-basket risks of single
    sign-on, e.g., RISKS-32.93, -33.11. PGN]

    ------------------------------

    Date: Fri, 04 Nov 2022 02:07:09 +0000
    From: Richard Marlon Stein <rmstein@protonmail.com>
    Subject: 'How much press are you worth?' New calculator tackles inequality
    in missing persons stories (msnbc.com)

    https://www.nbcnews.com/news/us-news/-much-press-are-new-calculator-tackles-inequality-missing-persons-stor-rcna55517

    If you went missing, how much press would you be 'worth'? *The Columbia Journalism Review( unveiled a tool that calculates the number of stories
    your disappearance would net, based on demographics.

    https://areyoupressworthy.com/ calculates news coverage based on select
    rules. Each missing person's report is a potential crime with a tragic
    outcome. Somewhat greater likelihood that extensive coverage will lead to discovery, and eventual happy ending. Turns out that "missing white person syndrome" generates more headlines than non-white minority disappearances.

    Not hard to imagine an AI applying this tool to determine whether or not to compose a news chyron, or invoke GPT-3 to (not) cook a story, based on
    computed merit.

    Risk: Algorithm-driven news headlines

    ------------------------------

    Date: Sun, 6 Nov 2022 16:20:15 -0700
    From: Matthew Kruk <mkrukg@gmail.com>
    Subject: Federal government advised to pause Twitter ads after mass layoffs
    at company (CBC News)

    A media and marketing agency that is responsible for buying and planning
    much of the government's advertising has advised federal departments to
    pause activity on Twitter, citing mass layoffs at the company.

    Cossette, which is the government's "media agency of record," issued
    guidance Friday to "pause activity immediately and monitor the situation
    over the weekend" due to "unknown continuity plans for moderation" and a "heightened risk of brand safety," according to an internal document seen by CBC News.

    https://www.cbc.ca/news/politics/cossette-agency-government-ads-twitter-layoffs-1.6642527

    ------------------------------

    Date: Tue, 1 Nov 2022 20:40:59 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Websites Accepting Crypto for Child Sex Abuse Content Doubling
    Every Year (Gizmodo)

    https://gizmodo.com/crypto-1849727577

    ------------------------------

    Date: Wed, 2 Nov 2022 17:03:26 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Wireless meat thermometer: What could go wrong?

    Wireless meat thermometer -- use in oven or on barbecue, charges via USB.
    $100.

    https://www.sharperimage.com/view/product/Wireless+Meat+Thermometer/206969

    Electronics survive repeated baking/grilling/washing?
    USB plug smeared with sauce/gravy?

    [Worse yet, Made in China or Russia, broadcasting kitchen conversations,
    and compromising your Internet of Things devices? See the Thunderclap paper:
    https://www.ndss-symposium.org/ndss-paper/thunderclap-exploring-vulnerabilities-in-operating-system-iommu-protection-via-dma-from-untrustworthy-peripherals/
    PGN]

    ------------------------------

    Date: Wed, 2 Nov 2022 23:47:58 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD)

    Certain Pantone collections now require users to pay $15 a month to access
    them -- with colors turned black unless you pay up.

    Since the 1950s, the company Pantone has helped designers match the colors
    they see onscreen to what they see in the real world. This color standardization process means that, for example, a poster made in Adobe InDesign looks exactly the same when it's printed out as a giant billboard.
    And it worked just fineâuntil last week, when everything went dark.

    Scores of Photoshop and Illustrator users who have used certain Pantone
    color collections in their works have recently been confronted with the
    fallout of a disagreement between Adobe and Pantone. The result? Where once there were vibrant hues there is now only the color black.

    The change is the latest twist in a long-running dispute between the design software giant and the color-standard-setting organization. In December
    2021, Adobe announced it would be removing Pantone colors from its app. Why that happened was never certain; rumors spread that it was over the cost of including Pantone in Adobe software, while Pantone publicly said that it
    felt Adobe wasnât keeping pace with the plethora of new colors it
    released. Adobeâs chief product officer, Scott Belsky, has tweeted that Pantone asked Adobe to remove the colors, âas they want to charge customers directly.â

    https://www.wired.com/story/adobe-pantone-color-subscription-fee

    [Transomware? PGN]

    ------------------------------

    Date: Thu, 3 Nov 2022 23:36:44 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes)

    Cybersecurity experts warn that threats lurk in cheat codes,
    microtransactions and messages from fellow players.

    Millions of people escaped the drudgery of the Covid-19 pandemic's first
    year by turning to video games, where they could cast spells, kill zombies
    and compete as their favorite athletes.

    These virtual worlds also lured in a different kind of enthusiast -- the
    kind who sought to steal people' personal information and real-world
    dollars.

    In recent months, cybersecurity firms have warned that cybercrime in gaming
    has increased substantially since the start of the pandemic, and that the vulnerabilities -- for game studios as well as players --are far from being vanquished.

    https://www.nytimes.com/2022/10/13/technology/gamers-malware-minecraft-roblox.html

    ------------------------------

    Date: Thu, 3 Nov 2022 23:44:15 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: AI code assistants may not spawn as many bugs as feared (NYTimes)

    They can't be any worse than some human developers

    Machine-learning models that power next-gen code-completion tools like
    GitHub Copilot can help software developers write more functional code,
    without making it less secure.

    That's the tentative result of an albeit small 58-person survey conducted by
    a group of New York University computer scientists.

    https://www.theregister.com/2022/10/07/machine_learning_code_assistance

    ------------------------------

    Date: Sat, 5 Nov 2022 00:27:16 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: The Rise of Rust, the Virus-Secure Programming Language That's
    Taking Over Tech (WiReD)

    Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough.

    https://www.wired.com/story/rust-secure-programming-language-memory-safe

    [Just don't believe that all Rust-generated code is secure! PGN]

    ------------------------------

    Date: Sat, 5 Nov 2022 19:04:23 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: The Strange Death of the Uyghur Internet (WiReD)

    China's Muslim minority used to have its own budding cluster of websites, forums, and social media. Now thatâs been erased.

    https://www.wired.com/story/uyghur-internet-erased-china

    ------------------------------

    Date: Sat, 5 Nov 2022 19:15:01 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your
    Hometown (WiReD)

    A new report finds that municipal agencies in Washington deploy dozens of automated decision systems, often without residents' knowledge.

    Washington, DC, is the home base of the most powerful government on earth.
    It's also home to 690,000 peopleâand 29 obscure algorithms that shape their lives. City agencies use automation to screen housing applicants, predict criminal recidivism, identify food assistance fraud, determine if a high schooler is likely to drop out, inform sentencing decisions for young
    people, and many other things. [...]

    The findings are notable beyond DC because they add to the evidence that
    many cities have quietly put bureaucratic algorithms to work across their departments, where they can contribute to decisions that affect citizensâ lives. [...]

    EPIC says governments can help citizens understand their use of algorithms
    by requiring disclosure anytime a system makes an important decision about a personâs life. And some elected officials have favored the idea of requiring public registries of automated decisionmaking systems used by governments.
    Last month, lawmakers in Pennsylvania, where a screening algorithm had
    accused low-income parents of neglect, proposed an algorithm registry law. [...]

    Winters says algorithm registries can work, if rules or laws are in place to require government departments take them seriously. ``It's great format,
    but it's extremely incomplete.''

    https://www.wired.com/story/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown

    [Oh no, algorithms! OBSCURE algorithms! BUREAUCRATIC ones!
    As opposed to ... obscure and bureaucratic government employees. Gabe]

    ------------------------------

    Date: Tue, 8 Nov 2022 16:00:17 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Jeppesen Cyber-Incident Affects Services (AVweb)

    Jeppesen says it has addressed some issues caused by a cyber-incident, and
    is still working on other services. The disruption also affected
    ForeFlight's NOTAM service but that was fixed Sunday. ForeFlight's NOTAM services have been fully restored; all new and updated NOTAMs are now being processed and displayed in ForeFlight Mobile and ForeFlight Web.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 33.51
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)