RISKS-LIST: Risks-Forum Digest Monday 15 January 2023 Volume 33 : Issue 60
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/33.60>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
NASA just brought a spacecraft 23 billion kilometres away to LIFE and the
results are Astonishing (ViralOnce)
Remote Vulnerabilities in Automobiles (Bruce Schneier)
Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites
(Bill Toulas)
Cops Hacked Thousands of Phones. Was It Legal? (WiReD)
The next time scammers call your grandparents asking for money, it will be
with your voice. (MPost)
Ransomware group LockBit apologizes saying 'partner' was behind SickKids
attack (CBC-CA)
Matt Levine on Ransomware compliance (Joe Loughry)
Programming Languages: Why This Old Favorite Is on the Rise Again
(Liam Tung)
3rd-party Twitter apps stop working without warning, leaks indicate Twitter
did this intentionally (Engadget)
How ChatGPT Hijacks Democracy (*The New York Times*)
ChatGPT-Written Malware (Bruce Schneier)
Microsoft to challenge Google by integrating ChatGPT with Bing Search
(The Verge)
A New Area of AI Booms, Even Amid the Tech Gloom (NYTimes)
Re: Pretty Smart AI (Jurek Kirakowski)
State of the cybersecurity art (NCSC UK via Gary Hinson)
Artist Banned from reddit/Art Because Mods Thought They Used AI (Vice)
Re: Calculations on Maryland college savings plans lead to account freeze)
(Martin Ward)
Southwest airline disruption (Martin Ward)
Amazing Southwest story... (Paul Saffo)
The oven won't talk to the fridge: 'smart' homes struggle (techxplore.com) Colorado ski town emergency dispatch centers fielding dozens of automated
911 calls from skier iPhones (Jason Blevins via Paul Saffo)
Re: As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing
temps go viral (John Levine)
Re: Cats disrupt satellite Internet service (Henry Baker)
Re: I bought a $15 router at Goodwill, and found a millionaire's dirty
secrets (Steve Bacher)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 9 Jan 2023 01:44:56 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: NASA just brought a spacecraft 23 billion kilometres away to LIFE
and the results are Astonishing (ViralOnce)
Controllers assessing the probe's sent data have now declared that Voyager 1
is once again delivering accurate telemetry data to Earth.
From the very beginning, it was clear that the problem was connected to the mechanism responsible for ensuring that the probeâs antenna was always
pointed towards Earth. If the antenna were to flip, we would lose
communication with the spaceship (and the history of space exploration knows too many such cases).
The engineers discovered that this antenna control system had resumed transmitting telemetry data via an on-board computer that had been decommissioned for many years. This computer was responsible for distorting
the data, which ultimately arrived on Earth as a succession of nonsensical facts.
Once this was determined, the engineers issued a command to the probe instructing it to send the data via the appropriate computer. As he withdrew his hand, the issue disappeared. Obviously, it takes time to determine if
the cure was effective.
In fact, Voyager 1 is already almost 23 billion kilometers from Earth, which implies that the signal from Earth takes 22 hours to reach the probe. The signal verifying the command's execution is also traveling towards the
Earth.
After the probe's health was fully restored, the issue emerged as to how it could suddenly begin using a long-forgotten computer. In the next weeks, experts will examine all computer logs from the spacecraft's onboard systems
to determine the source of the misunderstanding.
https://viralonce.xyz/nasa-just-brought-a-spacecraft-23-billion-kilometres-away-to-life-and-the-results-are-astonishing/
The risks? Out-of-warranty equipment too remote for service calls,
decommissioned computers suddenly awakening. The good news, of course -- a
valuable lesson -- is system logs.
------------------------------
Date: Sun, 15 Jan 2023 15:55:00 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Remote Vulnerabilities in Automobiles (Bruce Schneier)
This group has found a ton of remote vulnerabilities in all sorts of automobiles.
It' enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible.
https://www.schneier.com/blog/archives/2023/01/remote-vulnerabilities-in-automobiles.html
DC Auto Show is this week -- it'll be interesting grilling executives and boothsters about this.
------------------------------
Date: Wed, 4 Jan 2023 11:44:01 -0500 (EST)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites
(Bill Toulas)
Bill Toulas, BleepingComputer, 30 Dec 2022,
via ACM TechNews; Wednesday, January 4, 2023
Antivirus vendor Dr. Web disclosed a new Linux malware that exploits 30
flaws in multiple outdated WordPress plugins and themes to inject malicious JavaScript and give attackers remote command capabilities. The vendor said
the trojan targets 32-bit and 64-bit Linux systems; it is mainly designed to penetrate WordPress websites via a series of hardcoded exploits that run successively until one breaks through. If the sites run outdated or
vulnerable plugins, the malware automatically injects malicious JavaScript
from its command-and-control server. The exploit is most effective on
abandoned sites, because infected pages can redirect visitors to a location
of the hacker's choosing. Dr. Web advised WordPress website admins to update
to the latest available version of the themes and plugins running on the
site, and to replace those that are no longer developed with alternatives
now being supported.
------------------------------
Date: Thu, 5 Jan 2023 16:03:16 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Cops Hacked Thousands of Phones. Was It Legal? (WiReD)
When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.
https://www.wired.com/story/encrochat-phone-police-hacking-encryption-drugs
------------------------------
Date: Mon, 9 Jan 2023 10:47:43 -0500
From: Steve Klein <
steven@klein.us>
Subject: The next time scammers call your grandparents asking for money,
it will be with your voice. (MPost)
Summary: VALL-E is a transformer-based TTS model that can generate speech in any voice after hearing only a three-second sample of that voice. This
could routinely enable participation in hearings & trials, bad actors might replace an unfriendly witness with a live deepfake of that same person, testifying against the interest of the person being faked. [Garbled e-mail PGN-ed]
Link:
https://mpost.io/vall-e-microsofts-new-zero-shot-text-to-speech-model-can-duplicate-everyones-voice-in-three-seconds/
It might be trite, but never more apt, to say ``The risks are obvious.''
------------------------------
Date: Mon, 2 Jan 2023 22:25:45 -0700
From: Matthew Kruk <
mkrukg@gmail.com>
Subject: Ransomware group LockBit apologizes saying 'partner' was behind
SickKids attack (CBC-CA)
A global ransomware operator has issued a rare apology after it claims one
of its "partners" was behind a cyberattack on Canada's largest pediatric medical centre.
LockBit, a ransomware group the U.S. Federal Bureau of Investigation has
called one of the most active and destructive in the world, posted a brief statement on what cybersecurity experts say is its data leak site claiming
it has blocked its partner responsible for the attack on Toronto's Hospital
for Sick Children and offering the code to restore the system.
https://www.cbc.ca/news/canada/toronto/ransomware-group-sickkids-cybersecurity-update-1.6701688
------------------------------
Date: Fri, 6 Jan 2023 14:04:20 -0700
From: Joe Loughry <
joe.loughry@gmail.com>
Subject: Matt Levine on Ransomware compliance
In Matt Levine's "Money Stuff" newsletter, 5 January 2023, he wrote about cybercriminals' need to balance aggressiveness and risk:
Ransomware compliance
I continue to be fascinated by the role of chief compliance officer at a
ransomware company. In general, the chief compliance officer at any
company has a dial in front of her that she can turn to get More Crime or
Less Crime, and at a normal company -- a bank, for instance -- her job
consists of
(1) turning it most of the way toward Less Crime, but (2) not all the
way, and (3) acting very contrite when politicians and regulators yell
at her about the residual crime. ``We have a zero-tolerance
policy for crime,'' she will say, and almost mean.
But the chief compliance officer at a ransomware company -- I assume that
this is not an actual job, but rather one of many hats worn by some senior
executive at the ransomware company, though what do I know -- will turn
the dial most of the way toward More Crime, since after all a ransomware
company's whole business is crime, but, again, not all the way. Sometimes
she will say no to crime, or at least act very contrite after doing crime.
She will have, like, a 98% tolerance policy for crime.
We have talked about this before, and one category of crime that a
ransomware compliance officer might reject is ``hacks that are so big and
disastrous that they could call down the wrath of the US government and
shut down the whole business.'' But another category of off-limits crime
appears to be hacks that are so morally reprehensible that they will lead
to other criminals boycotting you business.'' Here is a wild story about
a ransomware attack on Toronto's Hospital for Sick Children, which is
really the sort of name that ought to make you immune from hacking:
A global ransomware operator issued an apology and offered to unlock the
data targeted in a ransomware attack on Toronto's Hospital for
Sick Children, a move cybersecurity experts say is rare, if not
unprecedented, for the infamous group.
LockBit, a ransomware group the U.S. Federal Bureau of Investigation has
called one of the world's most active and destructive, issued the
brief apology on Dec. 31 to what cybersecurity experts say is the dark web
page where it posts about its ransoms and data leaks.
In the statement, reviewed directly by The Canadian Press, LockBit claimed
to have blocked the partner responsible for the attack
and offered SickKids a free decryptor to unlock its data.
LockBit's apology, meanwhile, appears to be a way of managing its image,
said [cybersecurity researcher Chester] Wisniewski.
The group is competing with other high-profile malware operators who are
also trying to court hackers to use their system to carry out lucrative
cyberattacks, he said. Hackers appear to move between the operators
frequently.
He suggested the move could be directed at those partners who might see
the attack on a children's hospital as a step too far.
``My instinct would be this is more aimed at criminal affiliates
themselves trying to not disgust them into switching into a different
ransom group,'' said Wisniewski.
The way the ransomware business is organized seems to be that there are a
couple of, like, malware-as-a-service providers like LockBit and DarkSide
that provide software and expertise to independent hacker customers who
pick the targets and do the hacks; the providers and the hackers split the
ransoms. If you are one of the providers, you have to choose your hacker
partners carefully so that they do the right amount of crime: You don't
want incompetent or unambitious hackers who can't make any money, but you
also don't want overly ambitious hackers who hack, you know, the US
Department of Defense, or the Hospital for Sick Children. Meanwhile you
also have to market yourself to hacker partners so that they choose your
services, which again requires that you have a reputation for being good
and bold at crime, but not too bold. Your hacker partners want to do
crime, but they have their limits, and if you get a reputation for
murdering sick children that will cost you some criminal business.
------------------------------
Date: Fri, 6 Jan 2023 11:36:47 -0500 (EST)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Programming Languages: Why This Old Favorite Is on the Rise Again
(Liam Tung)
Liam Tung, ZDNet, 6 Jan 2023, via ACM Tech News, 6 Jan 2023
Software-testing firm Tiobe has selected C++ as its programming language of 2022. Reported Tiobe use rose faster than all other languages last year, up
by 4.26% compared with January 2022, yet in this year's first monthly index,
it was ranked at No. 3. C++ rose in popularity faster than other languages
last year, a result of "its excellent performance while being a high-level object-oriented language," according to Tiobe CEO Paul Jensen. Added Jensen, "Because of this, it is possible to develop fast and vast software systems (over millions of lines of code) in C++ without necessarily ending up in a maintenance nightmare."
------------------------------
Date: Sun, 15 Jan 2023 15:03:47 -0800
From: Lauren Weinstein <
lauren@vortex.com>
Subject: 3rd-party Twitter apps stop working without warning, leaks indicate
Twitter did this intentionally (Engadget)
3rd party Twitter apps stop working without warning, leaks indicate
Twitter did this intentionally
https://www.engadget.com/twitter-may-have-deliberately-cut-off-tweetbot-and-other-third-party-clients-165048001.html?src=rss
[PGN-ed excerpt: Earlier LW item:
In desperate attempt to increase Twitter revenue, Elon moves to expand
political and cause-based ads (without taking his promised poll before
such a change). (5 Jan 2023)]
------------------------------
Date: Sun, 15 Jan 2023 12:55:53 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: How ChatGPT Hijacks Democracy (*The New York Times*)
Launched just weeks ago, ChatGPT is already threatening to upend how we
draft everyday communications like emails, college essays and myriad other forms of writing.
Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to
human.
But for all the consternation over the potential for humans to be replaced
by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligence replacing humans in the democratic processes
â not through voting, but through lobbying.
https://www.nytimes.com/2023/01/15/opinion/ai-chatgpt-lobbying-democracy.html
------------------------------
Date: Sun, 15 Jan 2023 14:29:07 PST
From: Bruce Schneier <
schneier@schneier.com>
Subject: ChatGPT-Written Malware (Bruce Schneier)
PGN-excerpted From Bruce Schneier's CRYPTO-GRAM, 15 Jan 2023
[
https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html]
I don't know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild, [
https://arstechnica.com/information-technology/2023/01/chatgpt-is-enabling-script-kiddies-to-write-functional-malware/]
...within a few weeks of ChatGPT going live, participants in cybercrime
forums -- some with little or no coding experience -- were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.
``It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web company.
However, the cybercriminal community has already shown significant interest
and are jumping into this latest trend to generate malicious code.''
Last month one forum participant posted what they claimed was the first
script they had written, and credited the AI chatbot with providing a nice [helping] hand to finish the script with a nice scope.
The Python code combined various cryptographic functions including code
signing encryption and decryption. One part of the script generated a key
using elliptic curve cryptography and the curve ed25519 for signing files. Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. A third used RSA keys and digital
signatures message signing and the blake2 hash function to compare various files.
------------------------------
Date: Thu, 5 Jan 2023 15:57:51 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Microsoft to challenge Google by integrating ChatGPT with Bing
Search (The Verge)
ChatGPT made conversational AI accessible, now Microsoft is rumored to be integrating the machine learning techniques behind it into Bing search
queries.
Even OpenAI CEO Sam Altman has cautioned that "it's a mistake to be relying
on [ChatGPT] for anything important right now." Exactly how Microsoft plans
to integrate ChatGPT into Bing will be important, and it's likely the
company will start with beta tests and a limited amount of integration
before itâs ready for all Bing users to take advantage of.
https://www.theverge.com/2023/1/4/23538552/microsoft-bing-chatgpt-search-google-competition
------------------------------
Date: Sat, 7 Jan 2023 23:14:28 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: A New Area of AI Booms, Even Amid the Tech Gloom (NYTimes)
An investment frenzy over *generative artificial intelligence* in response
to short prompts seize the imagination. Now OpenAI is in the midst of a new gold rush.
Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than
a million people using it to create everything from poetry to high school
term papers to rewrites of Queen songs.
Now OpenAI is in the midst of a new gold rush. [...]
Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than
a million people using it to create everything from poetry to high school
term papers to rewrites of Queen songs.
Now OpenAI is in the midst of a new gold rush. [...]
Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than a million people using it to create everything from poetry to high school term papers to rewrites of Queen songs.
Now OpenAI is in the midst of a new gold rush.
More than 450 start-ups are now working on generative AI, by one venture capital firm's count. And the frenzy has been compounded by investor
eagerness to find the next big thing in a gloomy environment.
https://www.nytimes.com/2023/01/07/technology/generative-ai-chatgpt-investments.html
------------------------------
Date: Wed, 4 Jan 2023 14:36:19 +0000
From: Jurek Kirakowski <
jzk@uxp.ie>
Subject: Re: Pretty Smart AI (Bacher, RISKS-33.58)
Those answers appear inconsistent with one another. Google demonstrates
that adagio is faster than either lento or largo, but GPT-3's response
seems to claim that adagio is slower than lento. Maybe GPT-3 is going by the principle that "slow" is slower than "slower," but that's not how one reads it when the statements are adjacent to one another.
This discussion is terribly wrong. 'Lento', 'Largo' and 'Adagio' are descriptions not only of the pulse of the music *as notated* but also the
mood: each word conjures up a different kind of sense in the mind of the experienced musician of how the piece is to be performed. And what would
Google make of 'Andante Cantabile' or 'Largo Sostenuto'?
As Prof Newman would explain to his first-year music students at Edinburgh University :)#
Yes, regrettable that these subtle descriptive terms are reduced to
metronome markings -- but in a way characteristic of how technology can
eliminate the subjective human dimension.
[Beware of Artificial Oversimplification. The real stuff is bad enough.
PGN]
------------------------------
Date: Wed, 4 Jan 2023 15:31:59 +1300
From: Gary Hinson <
gary@isect.com>
Subject: State of the cybersecurity art
https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits
"So long and thanks for all the bits" is a lengthy, well-written parting
blog by Ian Levy, [former] Technical Director of the UK's National Cyber Security Centre, lamenting the sorry state of cybersecurity while holding
out some hope of progress through approaches currently being used and developed.
------------------------------
Date: Sat, 7 Jan 2023 03:31:42 -0700
From: Jim Reisert AD1C <
jjreisert@alum.mit.edu>
Subject: Artist Banned from reddit/Art Because Mods Thought They Used AI
(Vice)
Moderators for the 22 million member forum banned someone for making
an illustration that too closely resembled AI-generated art.
https://www.vice.com/en/article/y3p9yg/artist-banned-from-art-reddit
------------------------------
Date: Tue, 3 Jan 2023 14:55:26 +0000
From: Martin Ward <
martin@gkc.org.uk>
Subject: Re: Calculations on Maryland college savings plans lead to account
freeze (RISKS-33.59)
The calculations of account values seem to have been incorrect, and
the state is having a hard time figuring out the correct values.
The calculations for value must be pretty complex
Writing provably correct code for a complex financial calculation is one of
the simpler tasks for an expert in formal methods.
But it seems likely that the programmers of the Maryland state college
savings plan are not familiar with formal methods, or indeed, with
mathematics in general, given that they are having a hard time figuring out
the correct values.
------------------------------
Date: Tue, 3 Jan 2023 14:54:17 +0000
From: Martin Ward <
martin@gkc.org.uk>
Subject: Southwest airline disruption (Re: RISKS-33.59)
The most chilling line from this article:
``The tools we use to recover from disruption serve us well, 99
percent of the time,''
You are an *airline*! Working 99% of the time is not good enough!
I would not like to fly in an airplane that reaches its destination
in one piece only 99% of the time.
------------------------------
Date: Tue, 27 Dec 2022 18:22:22 -0800
From: "Paul Saffo" <
paul@saffo.com>
Subject: Amazing Southwest story...
Might be risks-worthy, tho I expect others will have better sourcing for
the same issue. Anyway, this from a friend on FB. (I have no idea how
many times it has been indirected, so take with a grain of salt!) -p
This remarkable tale from a Southwest pilot: ``My friend's husband is a
pilot with Southwest. He just posted this an hour ago. I'm not including his name or the photos he shared of packed SWA employee rooms at the airports
over the past couple of days (in case his post comes back to bite him with
the company -- even though he's stating facts). He also posted a screenshot
of a fellow pilot on hold with SWA Scheduling for over 22 hours. Anyway,
here's some insight for those wondering if this massive round of SWA cancellations is really all due to weather and staffing issues: ``I don't
know what to say. Southwest Airlines has imploded. Their antiquated software system has completely fried. Planes are parked. Crews are stranded in the airports with the passengers, volunteering to take the passengers in the
parked planes but the software won't accept it. Phone lines are overwhelmed
for both passenger and crews. I personally spent over two hours trying to
get hold of anyone in the company last night after midnight. A Captain and I did manage to get the one flight put together on Christmas night and got
people home. Kudos to the ops agent and dispatcher for making it happen. We
had to manually input a lot of the data and it took over an hour to
coordinate with dispatch going back and forth running numbers. We spent
hours trying to get the company to answer and get us a hotel when we landed
as they're all sold out. We were put in a call queue for hours before
hanging up. I found one hotel with 4 rooms and we bought our own rooms at 2:30am. I even paid for a Flight Attendants room. We literally have crews sleeping on the airport floors all over the country with nowhere to
go. Crews have been calling to fly anyone, anywhere, but the company says
the system needs a reset. They have effectively shut down the operations for the rest of year, running 1/3 of the flights so that they can let the
computer find and locate the crews and aircraft. Gate agents are in
tears. They've been yelled at, cussed at, slapped and spit on. Flight attendants have been taking a beating. The frontline employees have had
little support or communication. Terminals are standing room only with
people having been there for days. Pilot lounges are packed with pilots
ready to fly and nowhere to go. Embarrassing is an understatement. I’m
going on my second of three days off, still stuck on the east coast and
still expected to show up in the morning with no schedule. And I’m willing
to fly all day if needed. Because that’s nothing compared to the passengers needing meds in bags that are lost and mothers traveling with kids, having
been stuck for the same amount of days in the terminal. In 24 years, I’ve never seen anything like this. Heads need to roll! Rumors on media are
floating that there is a lack of crews and pilots are staging sick calls. Absolutely not true at all. This is a computer system meltdown. Thousands of crew members are sitting in hotels and airports with nowhere to go. This airline has failed miserably.
------------------------------
Date: Sun, 08 Jan 2023 02:39:57 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: The oven won't talk to the fridge: 'smart' homes struggle
(techxplore.com)
https://techxplore.com/news/2023-01-oven-wont-fridge-smart-homes.html
The Matter protocol apparently solves the long-standing interoperability
issue preventing seamless home-appliance device integration through WiFi.
I wonder if this protocol will be deployed among hospital refrigerators that store blood, plasma, vaccines, and other temperature sensitive health
products?
IoT device exploit perimeter expansion.
------------------------------
Date: Tue, 27 Dec 2022 20:28:31 -0800
From: Paul Saffo <
paul@saffo.com>
Subject: Colorado ski town emergency dispatch centers fielding dozens of
automated 911 calls from skier iPhones (Jason Blevins in The Colorado Sun)
And another:
https://www.skyhinews.com/news/colorado-ski-town-emergency-dispatch-centers-fielding-dozens-of-automated-911-calls-from-skier-iphones/
------------------------------
Date: 2 Jan 2023 21:52:06 -0500
From: "John Levine" <
johnl@iecc.com>
Subject: Re: As Tesla stock tanks, videos of Teslas malfunctioning in
below-freezing temps go viral (RISKS-33.59)
Someone once commented that we are lucky that the car industry grew up in Detroit. If it were in Miami, cars would fail whenever it freezes. If it
were in Los Angeles they'd fail whenever it rains.
------------------------------
Date: Tue, 03 Jan 2023 20:23:05 +0000
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Re: Cats disrupt satellite Internet service (RISKS-33.59)
Apparently, some personnel assigned to the 'DEW Line' in Alaska & other arctic locations sometimes kept warm by standing in front of the radar transmitters.
https://en.wikipedia.org/wiki/Distant_Early_Warning_Line
While this activity can result in *cooking* one's insides and producing eye cataracts, it did eventually lead to the invention of *microwave ovens*.
Google "Hazard of Electromagnetic Radiation to Personnel", i.e., "HERP"
The Starlink uplink frequencies (14GHz) are higher than those used in
microwave ovens (2.4GHz), but the Starlink does require a 100-watt power
supply -- and a significant fraction of this power ends up being converted
into microwave energy .
I'd be worried about cute cats with not-so-cute eye cataracts.
I've heard of 'cats on a hot tin roof', but ...
------------------------------
Date: Thu, 5 Jan 2023 09:28:54 -0800
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Re: I bought a $15 router at Goodwill, and found a millionaire's
dirty secrets (RISKS 33.59)
I found it hard to believe that the headline would refer to a backup device
as a router, but Wikipedia says it's true:
https://en.wikipedia.org/wiki/AirPort_Time_Capsule
"The *AirPort Time Capsule* (originally named *Time Capsule*) is a wireless router <
https://en.wikipedia.org/wiki/Wireless_router> which was sold by
Apple Inc. <
https://en.wikipedia.org/wiki/Apple_Inc.>, featuring network-attached storage <
https://en.wikipedia.org/wiki/Network-attached_storage> (NAS) and a residential gateway router
<
https://en.wikipedia.org/wiki/Residential_gateway>, and is one of Apple's AirPort <
https://en.wikipedia.org/wiki/AirPort> products. They are, essentially, versions of the AirPort Extreme <
https://en.wikipedia.org/wiki/AirPort_Extreme> with an internal hard drive <
https://en.wikipedia.org/wiki/Hard_drive>. Apple describes it as a "Backup Appliance", designed to work in tandem with the Time Machine <
https://en.wikipedia.org/wiki/Time_Machine_(macOS)> backup software utility introduced in MacOS 10.5 <
https://en.wikipedia.org/wiki/Mac_OS_X_10.5>.^"
Seems there is an inherent privacy risk in having a device function as
both a network router and a local backup drive.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.60
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)