RISKS-LIST: Risks-Forum Digest Tuesday 12 November 2019 Volume 31 : Issue 47
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/31.47>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Cleared the backlog.]
Galileo satellite system failure (The Register)
Boeing Shaped a Law to Its Liking. Weeks Later, a 737 Max Crashed. (NYTimes) Illegal drones ground water-dropping helicopters at critical moment in Maria
fire battle (LA Times)
Drones Used in Crime Fly Under the Law's Radar (NYTimes)
Kiwibot delivery bots drones (NYTimes)
AT&T claims a weeks-long voicemail outage will be fixed with a single device
update (The Verge)
Wrong-way driverless Tesla Model 3 (Geoff Goodfellow)
Uber self-driving car involved in fatal crash couldn't detect jaywalkers
(Engadget)
Testing Cars That Help Drivers Steer Clear of Pedestrians (NYTimes)
How Russia Meddles Abroad for Profit: Cash, Trolls and a Cult Leader
(NYTimes)
Russia Will Test Its Ability to Disconnect from the Internet (via GeoffG)
Brian Kernighan: Unix: A History and a Memoir (PGN)
GitHub blocking: vandal's dream (Dan Jacobson)
PSA: Turning off silent macros in Office for Mac leaves users wide open to
silent macro attacks (The Register)
Large Bitcoin Player Manipulated Price Sharply Higher, Study Says (WSJ)
Inside the Icelandic Facility Where Bitcoin Is Mined (WiReD)
Amazon blames 'error' for blocking Nintendo resellers from listing products
(The Verge)
What happens if your mind lives for ever on the Internet? (The Guardian)
1.5 Million Packages a Day: The Internet Brings Chaos to NY Streets
(NYTimes)
Security Researchers Warn of Online Voting Risks (Computerworld)
Calculation gives different results on different operating systems
(Techxplore)
Microsoft's Secured-Core PC Feature Protects Critical Code (WiReD)
The rise of microchipping: are we ready for technology to get under the
skin? (The Guardian)
Saudi Arabia recruited Twitter workers to spy on users, feds say (CBS News) U.S. Charges Former Twitter Employees With Spying for Saudi Arabia (WSJ)
The Internet is tilting toward tyranny (WashPost)
Network Solutions: Important Security Information re: Breach (via GabeG)
Radios do interfere with garage-door openers! (fauquiernow)
Automatic bug tracker issue closers (stalebot)
Robinhood Markets -- rob the poor to feed the rich? (Bloomberg)
Apps track students from the classroom to bathroom, and parents are
struggling to keep up (WashPost)
At an Outback Steakhouse Franchise, Surveillance Blooms (WiReD)
Researchers hack Siri, Alexa, and Google Home by shining lasers at them
(Ars Technica)
Insanely humanlike androids have entered the workplace and soon may take
your job (CNBC)
HireVue's AI face-scanning algorithm increasingly decides whether you
deserve the job (Wash Post)
Screen time is actually good for kids! (Oxford)
Risks of posting the wrong emoji (Dan Jacobson)
We Have No Reason to Believe 5G Is Safe (Scientific American Blog Network)
She Accidentally Uncovered a Nationwide Scam on Airbnb (VICE)
Expanded testbed in Singapore for autonomous vehicles a big boost for
research and developers (The Straits Times)
Coalfire CEO statement (via Gabe Goldberg)
Cirrus' $2 Million Vision Jet Now Lands Itself, No Pilot Needed (WiReD)
These Machines Can Put You in Jail. Don't Trust Them. (NYTimes)
Trolling Is Now Mainstream Political Discourse (WiReD)
Video giant Twitch pushes Trump rallies and mass violence into the
live-stream age (WashPost)
Text messages delayed from February were mysteriously sent overnight
(The Verge)
Netflix to stop supporting older devices from Samsung, Roku, and Vizio in
December (The Verge)
Members of violent white supremacist website exposed in massive data dump
(Ars Technica)
Re: Mountain village begs tourists not to follow Google Maps and
get stuck (Dan Jacobson)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 11 Nov 2019 10:48:17 -1000
From: the keyboard of geoff goodfellow <
geoff@iconia.com>
Subject: Galileo satellite system failure (The Register)
*Also organizational chaos, secrecy and self-regulation*
EXCERPT:
Key details about the failure of Europe's Galileo satellite system over the summer have started to emerge -- and it's not pretty.
While one key official has sought to blame a single individual for the
system going dark, insiders warn that organizational chaos, excessive
secrecy and some unusual self-regulation is as much to blame.
Combined with those problems, a battle between European organizations over
the satellite system, and a delayed independent report into the July
cock-up, means things aren't looking good for Europe's answer to America's
GPS system. A much needed shake-up may be on its way.
In mid-July, the agency in charge of the network of 26 satellites, the
European Global Navigation Satellite Systems Agency (EGSA), warned of a `service degradation' but assured everyone that it would quickly be
resolved. <
https://www.theregister.co.uk/2019/07/15/galileo_outage/>
It wasn't resolved however, and six days later the system was not only still down but getting increasingly inaccurate <
https://www.theregister.co.uk/2019/07/17/europe_galileo_satellites_down/>, with satellites reporting that they were in completely different positions
in orbit than they were supposed to be - a big problem for a system whose entire purpose is to provide state-of-the-art positional accuracy to within
20 centimeters.
Billions of organizations, individuals, phones, apps and so on from across
the globe simply stopped listening to Galileo. It's hard to imagine a
bigger mess, aside from the satellites crashing down to Earth.
But despite the outage and widespread criticism over the failure of those behind Galileo to explain what was going on and why, there has been almost
no information from the various space agencies and organizations involved
in the project.
*Inquiry*...
[...]
https://www.theregister.co.uk/2019/11/08/galileo_satellites_outage/
------------------------------
Date: Sun, 27 Oct 2019 10:23:20 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Boeing Shaped a Law to Its Liking. Weeks Later, a 737 Max Crashed.
(NYTimes)
The government has been handing over more responsibility to manufacturers
for years. The new law makes it even harder for regulators to review
Boeing's work.
https://www.nytimes.com/2019/10/27/business/boeing-737-max-crashes.html
------------------------------
Date: Sun, 3 Nov 2019 09:42:25 -0700
From: Jim Reisert AD1C <
jjreisert@alum.mit.edu>
Subject: Illegal drones ground water-dropping helicopters at critical
moment in Maria fire battle (LA Times)
Colleen Shalby, Mark Puente, Hannah Fry, LA Times, 2 Nov 2019
As flames rapidly spread along a hillside in Santa Paula early Friday
morning, firefighters were faced with a perilous dilemma: ground
night-flying helicopters working to contain the growing fire or risk an
aerial collision with a thrill-seeking drone.
A Ventura County Fire Department helicopter pilot radioed in at 3:19
a.m. that a drone had been spotted flying above the flames, apparently
trying to take a photograph or video of the scene below. Air operations
were immediately stopped for at least 45 minutes until the sky was clear.
But at 4:05 a.m., another drone sighting occurred.
The aerial fight against the wildfire was upended for another hour while
at least two helicopters with night-flying capabilities that had been
deployed to help contain the Maria fire were grounded. Meanwhile, the
blaze that broke out atop South Mountain, just south of Santa Paula,
shortly after 6 p.m. Thursday marched toward the small agricultural towns
of Somis and Saticoy.
The interruption of the aerial firefighting underscores growing concerns
about how drones can bring added dangers to pilots battling major fires.
https://www.latimes.com/california/story/2019-11-01/maria-fire-drone-hinders-firefighting-efforts-as-blaze-doubles-in-size-overnight
------------------------------
Date: Sun, 3 Nov 2019 18:57:12 -0500
From: Monty Solomon <
monty@roscom.com>
Subject: Drones Used in Crime Fly Under the Law's Radar (NYTimes)
https://www.nytimes.com/2019/11/03/us/drones-crime.html
Drones are increasingly being used by criminals across the country, and
local law enforcement agencies are often powerless to stop them.
------------------------------
Date: Mon, 11 Nov 2019 17:04:07 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Kiwibot delivery bots drones (NYTimes)
https://www.nytimes.com/2019/11/07/business/kiwibot-delivery-bots-drones.html
The risk? It's in the title.
I've encountered these critters roaming George Mason University campus in Fairfax VA. One was being chased by a student who'd placed an order but forgotten to update his address, so it was going where he used to live.
------------------------------
Date: Thu, 24 Oct 2019 23:13:58 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: AT&T claims a weeks-long voicemail outage will be fixed with a
single device update (The Verge)
AT&T has been experiencing a weeks-long voicemail outage affecting some customers across the country. But it's hard to tell exactly
what's causing the outage, or how long until it will be fixed
-- and AT&T is saying conflicting things about what's
going on.
Here's what the company told us, when we asked:
`A recent software update to some devices may be affecting our customers'
voicemail. We are working with the device manufacturer to issue a patch to
resolve this and apologize for any inconvenience this has caused.''
That statement seems to suggest that only a single phonemaker is affected,
and that phonemaker might share the blame for the outage -- but
that wouldn't make sense, because AT&T customers are reporting a wide array
of different phones are having the same issue.
Right now, there's a 40+ page thread on AT&T's support forums concerning the recent voicemail issues. (It was marked as `solved' on page 8 by AT&T.) In
the thread, AT&T reps have attributed the issues to something much different than a recent software update -- they've said it's because of a `vendor
server problem' as first stated on October 9th, and reiterated as recently
as today, October 23rd.
https://www.theverge.com/2019/10/23/20929133/att-voicemail-outage-patch-vendor-server-problem
------------------------------
Date: Thu, 7 Nov 2019 14:22:00 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Wrong-way driverless Tesla Model 3
- Footage of the dodgy driving was captured in Richmond, British Columbia
- The Model 3 car stops and starts as it tentatively tries to reach its
owner
- Smart Summon was rolled out to supported Tesla cars on 26 Sep 2019
- It has been met with a very mixed reception from Tesla users and
pedestrians
EXCERPT:
An alarming video shows a 'smart summoned' driverless Tesla Model 3 car tentatively trying to find its owner -- while going down the wrong side of
the road.
Stopping and starting -- in the dead middle of the road at one point -- the vehicle's ham-fisted driving is seen to attract the concerned attention of passersby.
This latest worrying exhibition of driverless tech was filmed in a shopping centre parking lot in Richmond, British Columbia.
------------------------------
Date: Wed, 6 Nov 2019 08:26:09 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Uber self-driving car involved in fatal crash couldn't detect
jaywalkers (Engadget)
*The system had several serious software flaws, the NTSB said*
EXCERPT:
Uber's self-driving car that struck and killed a pedestrian in March 2018
had serious software flaws, including the inability to recognize jaywalkers, according to the NTSB. The US safety agency said that Uber's software
failed to recognize the 49-year-old victim, Elaine Herzberg, as a pedestrian crossing the street. It didn't calculate that it could potentially collide with her until 1.2 seconds before impact, at which point it was too late to brake. <
https://www.engadget.com/2018/03/19/uber-stops-all-self-driving-car-tests-after-fatal-accident/>
<
https://www.documentcloud.org/documents/6540547-629713.html>
More surprisingly, the NTSB said Uber's system design "did not include a consideration for jaywalking pedestrians." On top of that, the car
initiated a one second braking delay so that the vehicle could calculate an alternative path or let the safety driver take control. (Uber has since eliminated that function in a software update.)
*Although the [system] detected the pedestrian nearly six seconds before
impact ... it never classified her as a pedestrian, because she was
crossing at a location without a crosswalk [and] the system design did not include a consideration for jaywalking pedestrians.*
Uber's autonomous test vehicles may have failed to identify roadway hazards
in at least two other cases, according to the report. In one case, a
vehicle struck a bicycle lane post that had bent into a roadway. In
another, a safety driver was forced to take control to avoid an oncoming vehicle and ended up striking a parked car. In the seven months prior to
the fatal crash, Uber vehicles were involved in 37 accidents, including 33
in which other vehicles struck the Uber test cars...
[...]
https://www.engadget.com/2019/11/06/uber-self-driving-car-fatal-accident-ntsb/
[Monty Solomon noted the article here:]
https://www.washingtonpost.com/local/trafficandcommuting/pedestrian-in-self-driving-uber-collision-probably-would-have-lived-if-braking-feature-hadnt-been-shut-off-ntsb-finds/2019/11/05/7ec83b9c-ffeb-11e9-9518-1e76abc088b6_story.html
------------------------------
Date: Wed, 6 Nov 2019 10:48:32 -0600
From: Monty Solomon <
monty@roscom.com>
Subject: Testing Cars That Help Drivers Steer Clear of Pedestrians (NYTimes)
https://www.nytimes.com/2019/10/29/business/pedestrian-deaths-collision-avoidance.html
As pedestrian deaths climb, collision-avoidance systems could reduce that
toll, but new tests show significant differences in how well they work.
------------------------------
Date: Mon, 11 Nov 2019 14:37:26 -0500
From: Monty Solomon <
monty@roscom.com>
Subject: How Russia Meddles Abroad for Profit: Cash, Trolls and a Cult
Leader (NYTimes)
https://www.nytimes.com/2019/11/11/world/africa/russia-madagascar-election.html
Madagascar has little obvious strategic value for the Kremlin or the global balance of power. But Russians were there during an election, offering
bribes, spreading disinformation and recruiting an apocalyptic cult leader.
"The Russians were hard to miss. They appeared suddenly last year in Madagascar's traffic-snarled capital, carrying backpacks stuffed with cash
and campaign swag decorated with the name of Madagascar's president.
"It was one of Russia's most overt attempts at election interference to
date. Working from their headquarters in a resort hotel, the Russians published their own newspaper in the local language and hired students to
write fawning articles about the president to help him win another
term. Skirting electoral laws, they bought airtime on television stations
and blanketed the country with billboards.
"They paid young people to attend rallies and journalists to cover
them. They showed up with armed bodyguards at campaign offices to bribe challengers to drop out of the race to clear their candidate's path.
At Madagascar's election commission, officials were alarmed. `'We all
recall what the Russians did in the United States during the election,' said Thierry Rakotonarivo, the commission's vice president. 'We were truly
afraid.''
https://www.nytimes.com/2019/11/11/world/africa/russia-madagascar-election.html
------------------------------
Date: Thu, 24 Oct 2019 14:21:00 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Russia Will Test Its Ability to Disconnect from the Internet
(sundry sources)
*The nascent RuNet is meant to allow the country to survive an attack --
and Putin to monitor and control his subjects*
EXCERPT:
Russia will test its internal RuNet network to see whether the country can function without the global Internet, the Russian government announced
Monday. The tests will begin after Nov. 1, recur at least annually, and possibly more frequently. It's the latest move in a series of technical and policy steps intended to allow the Russian government to cut its citizens
off from the rest of the world.
``On Monday, the government approved the provision on conducting exercises
to ensure the stable, safe and holistic functioning of the Internet and
public communications networks in the Russian Federation,'' notes an article
in D-Russia. <
http://d-russia.ru/opublikovano-polozhenie-o-regulyarnyh-ucheniyah-po-vyyavleniyu-ugroz-i-otrabotke-mer-po-vosstanovleniyu-rabotosposobnosti-runeta.html>
(The original article is in Russian. We verified a translation with the
help of a native Russian speaker.) ``The exercises are held at the federal
(in the territory of the Russian Federation) and regional (in the territory
of one or more constituent entities of the Russian Federation) levels.''
The word ``holistic'' shows that the exercises follow April's passage of
the sovereign Internet law <
https://www.cnn.com/2019/05/01/europe/vladimir-putin-russian-independent-internet-intl/index.html>
that will require all Internet traffic in Russia to pass through official chokepoints, allowing the government to shut down outside access, block websites that they don't like and monitor traffic. <
https://www.defenseone.com/technology/2019/04/russians-will-soon-lose-uncensored-access-internet/156531/>
In 2016, Russia launched the Closed Data Transfer Segment: basically, a big military intranet for classified data, similar to the Pentagon's Joint Worldwide Intelligence Communications System <
https://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System>.
The following year, Russia announced <
https://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/>
that it intends to build its own domain name directory, which would allow
it to re-route traffic intended for one website to another <
https://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/>.
And last year, Putin's top IT advisor Herman Klimenko <
http://www.businessinsider.com/putin-internet-advisor-allegedly-owns-piracy-torrent-site-2016-1>and
others suggested that the new segment might be able to carry the rest of
the country's Internet traffic. But Klimenko cautioned that moving to the
new system would be painful. As recently as March, Gen. Paul Nakasone,
director of U.S. Cyber Command and the NSA, expressed skepticism <
https://www.youtube.com/watch?time_continue=3D12&v=3DApd2ReXB6vk> that Russia would succeed. ...
https://www.defenseone.com/technology/2019/10/russia-will-test-its-ability-disconnect-internet/160861/
------------------------------
Date: Mon, 11 Nov 2019 10:19:10 PST
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Brian Kernighan: Unix: A History and a Memoir
Brian Kernighan
Unix: A History and a Memoir
Kindle Direct Publishing
October 2019
ISBN 9891695978553
This is Brian's 13th book, and I think we are very lucky that he has made a significant effort to write it.
Why is this book relevant to RISKS?
* It provides a well-documented long-term success story, a genre that we
have long sought for RISKS (and indeed explicitly requested in our first
few decades, although there have been few examples as far-reaching as this
one).
* It is a wonderful example of the fundamental importance of skilled,
devoted, and committed individuals in building new systems and enabling
those systems to have long lives, as well as enabling an ever-growing
group of other contributors to create relevant enhancements, and of course
inspiring the advent of many open-source operating systems and supporting
software.
* The book is a fine example of the effective use of constructive
self-publishing. The process of getting a book published through the
usual channels is typically very labor intensive and time consuming,
sometimes making aspects of the book no longer timely. However, the
historical aspects of Brian's book are timeless, and carefully prepared.
Incidentally, the memoir aspects demonstrate Brian's modesty: ``For 30
years, he was a member of the original Unix research group, ... present at
the creation, though not responsible for it.'' I believe he had a
decidedly nontrivial role in its success. PGN
------------------------------
Date: Sat, 09 Nov 2019 23:11:13 +0800
From: Dan Jacobson <
jidanni@jidanni.org>
Subject: GitHub blocking: vandal's dream
Let's take another look at GitHub blocking.
On Facebook if Boris BadUser blocks Gerry GoodUser, both lose access to each other's stuff.
On GitHub, Boris blocks Gerry's *notifications of Boris' actions*, including vandalizing Gerry's stuff to his heart's content (until one day some third party hopefully tells Gerry.)
Unbelievable, undocumented, but true (as confirmed by staff in my previous post.)
------------------------------
Date: Tue, 5 Nov 2019 23:05:43 -0600
From: Monty Solomon <
monty@roscom.com>
Subject: PSA: Turning off silent macros in Office for Mac leaves users wide
open to silent macro attacks (The Register)
https://www.theregister.co.uk/2019/11/05/office_mac_macro_bug/
------------------------------
Date: Mon, 4 Nov 2019 08:01:45 -0600
From: Monty Solomon <
monty@roscom.com>
Subject: Large Bitcoin Player Manipulated Price Sharply Higher, Study Says
(WSJ)
A single large player, using the Bitfinex exchange and a cryptocurrency
called tether, manipulated the price of bitcoin as it ran up to a peak of nearly $20,000 two years ago, a new study has concluded.
https://www.wsj.com/articles/large-bitcoin-player-manipulated-price-sharply-higher-study-says-11572863400
------------------------------
Date: Sun, 3 Nov 2019 22:06:49 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Inside the Icelandic Facility Where Bitcoin Is Mined (WiReD)
Cryptocurrency mining now uses more of the Nordic island nation's
electricity than its homes.
It wasn't long after Bitcoin's creation on 3 Jan 2009 that cryptocurrency companies began moving to Iceland. In 2016, large data centers accounted for nearly 1 percent of its GDP, with cryptocurrency mining operations making up
90 percent of those. They now use more electricity than all of Iceland's
homes combined, with electric bills at Enigma running more than $1 million
per month. But however green the energy, miners still can't escape a dilemma
as old as picks and shovels: how to extract resources without marring the landscape. According to local experts cited by The Wall Street Journal,
keeping up with demand for electricity requires building more dams and power stations that could alter Iceland's unique, sensitive environment.
https://www.wired.com/story/iceland-bitcoin-mining-gallery/
------------------------------
Date: Sun, 3 Nov 2019 20:56:51 -0600
From: Monty Solomon <
monty@roscom.com>
Subject: Amazon blames 'error' for blocking Nintendo resellers from listing
products (The Verge)
https://www.theverge.com/2019/11/1/20943772/amazon-marketplace-nintendo-deal-used-retro-games-consoles-counterfeit
------------------------------
Date: October 22, 2019 8:18:27 GMT+8
From: geoff goodfellow <
geoff@iconia.com>
Subject: What happens if your mind lives for ever on the Internet?
(The Guardian)
(The Guardian, 20 Oct 2019)
It may be some way off, but mind uploading, the digital duplication of your mental essence, could expand human experience into a virtual afterlife.
Imagine that a person's brain could be scanned in great detail and recreated
in a computer simulation. The person's mind and memories, emotions and personality would be duplicated. In effect, a new and equally valid version
of that person would now exist, in a potentially immortal, digital form.
This futuristic possibility is called mind uploading. The science of the
brain and of consciousness increasingly suggests that mind uploading is possible -- there are no laws of physics to prevent it. The technology is likely to be far in our future; it may be centuries before the details are fully worked out -- and yet given how much interest and effort is already directed towards that goal, mind uploading seems inevitable. Of course we
can't be certain how it might affect our culture but as the technology of simulation and artificial neural networks shapes up, we can guess what that mind uploading future might be like.
Suppose one day you go into an uploading clinic to have your brain scanned. Let's be generous and pretend the technology works perfectly. It's been
tested and debugged. It captures all your synapses in sufficient detail to recreate your unique mind. It gives that mind a standard-issue, virtual body that's reasonably comfortable, with your face and voice attached, in a
virtual environment like a high-quality video game. Let's pretend all of
this has come true...
https://www.theguardian.com/technology/2019/oct/20/mind-uploading-brain-live-for-ever-internet-virtual-reality
[Of course, we will need truly trustworthy systems on which to house such
a facility, to prevent and detect impersonations, alterations, and the
creation of entirely fake persona. PGN]
------------------------------
Date: Sun, 3 Nov 2019 22:21:48 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: 1.5 Million Packages a Day: The Internet Brings Chaos to NY Streets
(NYTimes)
The push for convenience is having a stark impact on gridlock, roadway
safety and pollution in New York City and urban areas around the world.
https://www.nytimes.com/2019/10/27/nyregion/nyc-amazon-delivery.html
------------------------------
Date: Fri, 18 Oct 2019 12:16:21 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Security Researchers Warn of Online Voting Risks (Computerworld)
Security Researchers Warn of Online Voting Risks
Rohan Pearce, Computerworld, 17 Oct 2019) via ACM TechNews, 18 Oct 2019
Security researchers said Australia should not rely on any online voting
system that lacks a thorough ballot-verification method, to ensure against fraudulent voting. The University of Melbourne's Chris Culnane and Vanessa Teague warned of the vulnerability of Scytl's iVote platform, designed to accommodate visually impaired voters and those traveling on the day of the election, as well as substituting for voting by mail. The researchers cited findings that votes cast via iVote in a 2017 Western Australia election were channeled through a content delivery network that could potentially "read
and alter votes." Culnane, Teague, and their colleagues told an ongoing Victorian inquiry examining the conduct of the state's 2018 election, "Electronic voting risks introducing into Australian elections the
possibility of large-scale, undetectable fraud that could potentially be committed from anywhere in the world."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-22109x21e58dx070251&
------------------------------
Date: Mon, 21 Oct 2019 07:05:26 -0700
From: Barry Gold <
barrydgold@ca.rr.com>
Subject: Calculation gives different results on different operating systems
(Techxplore)
Chaos is loose in the world.
A grad student who was checking the calculations in a study discovered that
the algorithm returned different results on MacOS, Windows, and Linux.
"Studies that used the original code for NMR computations could probably be incorrect," Luo said. "Because most researchers didn't include the type of operating system they used, there is no easy way to know if their results
were affected by this glitch."
https://techxplore.com/news/2019-10-team-glitch-affect-scientific.html?fbclid=IwAR0RjcX4HtZVjXsU5gq6IPQ9E36NqkeGWm6BL181nOr3Lg3qsRor0MJQsuU
------------------------------
Date: Mon, 21 Oct 2019 17:54:35 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Microsoft's Secured-Core PC Feature Protects Critical Code (WiReD)
The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on
a system. Instead of relying on firmware, Microsoft has worked with AMD,
Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified
way. Only the chip manufacturers will hold the encryption keys to broker
these checks, and they're burned onto the CPUs during manufacturing rather
than interacting with the firmware's amorphous, often unreliable code layer.
"It's rooted in the CPU and no longer in the firmware, because it still
boots early," Weston says. "But if there's anything tampered with, the
system code would identify this and shut everything down. So we're taking firmware and any potential compromise out of the circle of trust."
https://www.wired.com/story/microsoft-secured-core-pc/
Only the chip manufacturers will hold the encryption keys
Hmmm.
------------------------------
Date: November 9, 2019 9:22:22 JST
From: geoff goodfellow <
geoff@iconia.com>
Subject: The rise of microchipping: are we ready for technology to get under
the skin? (The Guardian)
As implants grow more common, experts fear surveillance and exploitation of workers. Advocates say the concerns are irrational
EXCERPT:
On 1 August 2017, workers at Three Square Market, a Wisconsin-based company specializing in vending machines, lined up in the office cafeteria to be implanted with microchips. One after the other, they held out a hand to a
local tattoo artist who pushed a rice-grain sized implant into the flesh between the thumb and forefinger. The 41 employees who opted into the
procedure received complimentary t-shirts that read ``I Got Chipped''.
This wholesale implant event, organized by company management, dovetailed
with Three Square Market's longer-term vision of a cashless payment system
for their vending machines =E2=80=93 workplace snacks purchased with a flick
of the wrist. And the televised ``chipping party'' proved to be a savvy marketing tactic, the story picked up by media outlets from Moscow to
Sydney. ...
https://www.theguardian.com/technology/2019/nov/08/the-rise-of-microchipping-are-we-ready-for-technology-to-get-under-the-skin
------------------------------
Date: Wed, 06 Nov 2019 20:55:50 -0500
From: José María (Chema) Mateos <
chema@rinzewind.org>
Subject: Saudi Arabia recruited Twitter workers to spy on users, feds say
(CBS News)
Yet another example that you can't trust your data out there. Private
messages are not private if you send them as plain text.
https://www.cbsnews.com/news/saudi-arabia-recruited-twitter-workers-to-spy-on-users-feds-say/
Saudi Arabia's government recruited two Twitter employees to get personal account information on some of their critics, prosecutors with the
U.S. Department of Justice said Wednesday.
A complaint unsealed in U.S. District Court in San Francisco detailed a coordinated effort by Saudi government officials to recruit employees at the social media giant to look up the private data of thousands of Twitter accounts. The accounts included those of a popular journalist with more than
1 million followers and other prominent government critics.
------------------------------
Date: Wed, 6 Nov 2019 17:33:56 -0600
From: Monty Solomon <
monty@roscom.com>
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)