RISKS-LIST: Risks-Forum Digest Friday 6 March 2020 Volume 31 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.60>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Tesla Autopilot crash driver 'was playing video game' (BBC News)
NTSB report on Walter Huang/Tesla crash (The Verge)
Apple's Upcoming 'CarKey' Feature Will Let You Send Digital Keys
Using Messages App (MacRumors)
Reliability of Pricey New Voting Machines Questioned (ACM Tech News) ElectionGuard (Lite via Rob Slade)
California man arrested on charges his DDoSes took down candidate's website
(Ars Technica)
A high-school student created a fake 2020 candidate. Twitter verified it
(CNN Business)
Radioactive products were popular in the early 20th century and still set
off geiger counters (WashPost)
Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
(TheHackerNew)
Hackers target cable TV alert system and send false messages
(Shawn Merdinger)
Phishing scams are getting more sophisticated; what to look out for
(Business Insider)
LTE security flaw can be abused to take out subscriptions at your expense
(Bochum)
What to do about artificially intelligent government (Stanford)
Lawsuit Says Google Used School Software To Spy On Children (NYT)
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
(The Hacker News)
A Viral Email About Coronavirus Had People Smashing Buses And Blocking
Hospitals. (Buzzfeednews)
Security self-theatre? (COVID-19 and masks)
Man who breached coronavirus stay-home notice stripped of Singapore PR
status, barred from re-entry (The Straits Times)
How coronavirus turned the dystopian joke of FaceID masks into a reality
(Technology Review)
The Computer Says No! UCLA face recognition (Fight for the Future via
Paul Cornish)
AI baby monitors attract anxious parents: Fear is the quickest way to get
people's attention (WashPost)
How North Korean Hackers Rob Banks Around the World (WIRED)
Fido Alliance gets backing from Apple to replace passwords (9to5Mac)
911 operators couldn't trace the location of a dying student's phone. It's
a growing issue. (WashPost)
Rice University Boosts 'Internet of Things' Security -- Again
(Mike Williams)
Startup's Stock Trading App experiences a day-long outage on one of
the busiest trading days of the year (Tech Crunch)
Government-Run Energy Company Keeps Reeling in the Same Employees
in Phishing Training (nextgov.com)
Clearview AI has billions of our photos. Its entire client list was just
stolen (CNN Business)
Afraid of the Thirteenth Floor? Superstition and Real Estate, Part 2
(Skeptical Inquirer)
Hilton drags corporate feet, minimizes disclosing personal data held
(A friend via Gabe Goldberg)
How a Hacker's Mom Broke Into a Prison -- and the Warden's Computer (WiReD)
Old RISKS risks are still in vogue (WXYZ via David Lesher)
Risks of Leap Years and Dumb Digital Watches (Mark Brader)
TikTok Challenges, Ranked by How Likely They Are to Maim or Kill You (Vice) Algorithm Targets Marijuana Convictions Eligible To Be Cleared (npr.org)
Would you eat a 'steak' printed by robots? (bbc.com)
'They lied to us': Mom says police deceived her to get her DNA and charge
her son with murder (NBC News)
Taxes are expected to rise in Taunton, MA after an assessing tech snafu
(Christopher Gavin)
Pets 'go hungry' after smart feeder goes offline (bbc.com)
Emissions possible: Streaming music swells carbon footprints (Al Jazeera
via Dan Jacobson)
Re: Linux is ready for the end of time (John Stockton)
Re: Mysterious GPS outages are wracking the shipping industry
(Craig S. Cottingham)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 26 Feb 2020 20:47:15 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Tesla Autopilot crash driver 'was playing video game' (BBC News)

An Apple employee who died after his Tesla car hit a concrete barrier was playing a video game at the time of the crash, investigators believe.

The US National Transportation Safety Board (NTSB) said the car had been driving semi-autonomously using Tesla's Autopilot software.

Tesla instructs drivers to keep their hands on the wheel in Autopilot mode.

But the NTSB said more crashes were foreseeable if Tesla did not implement changes to its Autopilot system.

The authority has published the results of a two-year investigation,
following the crash in March 2018.

Tesla's Autopilot software steered the vehicle into the triangular `gore
area' at a motorway intersection, and accelerated into a concrete barrier.

https://www.bbc.com/news/technology-51645566

Darwin wins again.

------------------------------

Date: Tue, 25 Feb 2020 17:49:59 -0800
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: NTSB report on Walter Huang/Tesla crash (The Verge)

[Thanks to Natarajan Shankar, PGN]

https://www.theverge.com/2020/2/25/21153320/tesla-autopilot-walter-huang-death-ntsb-probable-cause

------------------------------

Date: Sat, 22 Feb 2020 15:52:38 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Apple's Upcoming 'CarKey' Feature Will Let You Send Digital Keys
Using Messages App (MacRumors)

As discovered in the first beta of iOS 13.4, Apple is working on a new
`CarKey' feature that will allow an iPhone or an Apple Watch to unlock,
lock, and start NFC-compatible vehicles.

https://www.macrumors.com/2020/02/19/carkey-feature-digital-keys-messages-app/

------------------------------

Date: Wed, 26 Feb 2020 11:45:43 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: "Reliability of Pricey New Voting Machines Questioned"

Computer security experts continue to express doubts that expensive new
voting machines are reliable, considering them almost as risky as earlier discredited electronic systems. Called ballot-marking devices, the machines have touchscreens for registering voter choices and print out paper records scanned by optical readers. South Carolina voters will use the systems,
which are at least twice as expensive as the hand-marked paper ballot
option, in Saturday's primary. Daniel Lopresti, a computer scientist at
Lehigh University and a South Carolina election commissioner, said, ``What
we worry is, what happens the next time if there's a programming bug, or a
hack or whatever, and it's done in a way that's not obvious?'' Said
University of South Carolina's Duncan Buell, ``I don't know that we've ever seen an election computer, a voting computer, whose software was done to a
high standard.'' https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-240c1x220a01x070995&

------------------------------

Date: Sat, 29 Feb 2020 11:08:05 -0800
From: Rob Slade <rmslade@shaw.ca>
Subject: ElectionGuard (Lite via Rob Slade)

Microsoft has come up with a new electronic voting system, called ElectionGuard. https://lite.cnn.com/en/article/h_6371b42359928a22ad5ccd6d5369aef7

(Yes, OK, *that* Microsoft. But it does sound possible.)

First off, this is not online or remote voting. This is a vote tabulation system. You vote on a device, a memory card is read and counted, and you
get a paper record of your vote. The individual votes are encrypted using homomorphic encryption (probably a version of Rivest's *Three Ballot* algorithm). https://en.wikipedia.org/wiki/ThreeBallot

ElectionGuard is open source, so I imagine that electronic voting
researchers will be looking under the hood. I'd like to know how you
prevent election officials from reading the printouts that voters receive
(but that's more a matter of training and process). I'd like to know how
many random challenges you make, taking real votes and checking to see if they've been tabulated properly. (There are likely some legal issues in
that regard.)

But it does sound promising.

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Fri, 21 Feb 2020 18:37:47 -0500
Subject: California man arrested on charges his DDoSes took down candidate's
website (Ars Technica)

Feds say defendant used Amazon servers to wage DDoS attacks that cost the rival campaign.

https://arstechnica.com/information-technology/2020/02/california-man-arrested-on-charges-his-ddoses-took-down-candidates-website/

------------------------------

Date: Fri, 28 Feb 2020 07:06:27 -0700
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: A high-school student created a fake 2020 candidate. Twitter
verified it (CNN Business)

Story by Donie O'Sullivan, CNN Business
Video by Richa Naik and Craig Waxman

Updated 1257 GMT (2057 HKT) February 28, 2020

Andrew Walz calls himself a *proven business leader* and a *passionate
advocate for students*. Walz, a Republican from Rhode Island, is running
for Congress with the tagline, "Let's make change in Washington together,"
or so his Twitter account claimed.

Earlier this month, Walz's account received a coveted blue checkmark from
Twitter as part of the company's broader push to verify the authenticity
of many Senate, House and gubernatorial candidates currently running for
office. Twitter has framed this effort as key to helping Americans find
reliable information about politicians in the leadup to the 2020 election.

But there's just one problem: Walz does not exist. The candidate is the
creation of a 17-year-old high school student from upstate New York, CNN
Business has learned.

The student, who CNN Business spoke to with the permission of his parents
and has agreed not to name as he is a minor, said he was `bored' over the
holidays and created the fake account to test Twitter's election integrity
efforts.

https://edition.cnn.com/2020/02/28/tech/fake-twitter-candidate-2020/

------------------------------

Date: Sun, 1 Mar 2020 00:53:12 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Radioactive products were popular in the early 20th century and
still set off geiger counters (WashPost)

Not long ago, curator Natalie Luvera began to worry about the strangest item
in the National Atomic Testing Museum's collection of artifacts —- a tiny 1920s device designed to restore lost manhood by irradiating the manliest of human body parts.

Was the gold-plated *scrotal radiendocrinator* still dangerous after nearly
a century? Luvera tested it with a Geiger counter, got a worrisome reading
and called in a radioactivity response team to double-check. ``They came
down and said, `Nope, you shouldn't have that here.' '' [.,,]

The device was the brainchild of an extraordinary quack named William
J.A. Bailey, who liked to describe radiation as *eternal sunshine*. He also hawked bottles of Radithor -— *certified radioactive water* —- that were touted as a cure-all for disorders such as impotence and fatigue.

https://www.washingtonpost.com/health/the-lethal-legacy-of-early-20th-century-radiation-quackery/2020/02/14/ed1fd724-37c9-11ea-bf30-ad313e4ec754_story.html

...that's a great museum, BTW.

------------------------------

Date: Mon, 2 Mar 2020 14:13:17 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: Hackers Can Use Ultrasonic Waves to Secretly Control Voice
Assistant Devices (TheHackerNew)

*It works over a longer distance and without the need to be in
line-of-sight.*

EXCERPT:

Researchers have discovered a new means to target voice-controlled devices
by propagating ultrasonic waves through solid materials in order to
interact with and compromise them using inaudible voice commands without
the victims' knowledge.

Called SurfingAttack, <https://surfingattack.github.io/papers/NDSS-surfingattack.pdf> the attack leverages the unique properties of acoustic transmission in solid materials
-- such as tables -- to ``enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without
the need to be in line-of-sight.''

In doing so, it's possible for an attacker to interact with the devices
using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously.

The research was published by a group of academics from Michigan State University, Washington University in St. Louis, Chinese Academy of
Sciences, and the University of Nebraska-Lincoln.

The results were presented at the Network Distributed System Security
Symposium (NDSS) on February 24 in San Diego.

How Does the SurfingAttack Work? [...] https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html

------------------------------

Date: Mon, 24 Feb 2020 14:04:08 -0500
From: Shawn Merdinger <shawnmer@gmail.com>
Subject: Hackers target cable TV alert system and send false messages

On Thursday, 20 February 2020 in Washington state EAS units were compromised
at WAVE Broadband and sent at least 3 unapproved EAS alerts to 3000+ cable subscribers.

News:

https://www.king5.com/article/news/local/no-emergency-false-alert-over-radiological-incident-sent-by-jefferson-county/281-568c86b3-8aae-4df0-b3b3-5dd4c800e0e8

At least one family took the warning to heart. A viewer wrote to KING 5 and said, ``We experienced an hour of pure terror. We evacuated our house with
our dogs and drove to Sequim to my parents. Wondering when and if we would die.''

https://www.kiro7.com/news/local/false-alert-indicating-radiological-incident-appeared-tv-jefferson-county/KJI2SNVTZBE6DAOMYWFOQK47SM/

``A lot of problems happen when these are first put in because there's a default password and if somebody knows the default password and there hasn't been time for an organization to change the default password, those can
easily be hacked,'' Nealey said.

------------------------------

From: the keyboard of geoff goodfellow <geoff@iconia.com>
Date: Tue, 25 Feb 2020 06:40:30 -0700
Subject: Phishing scams are getting more sophisticated; what to look out for
(Business Insider)

- Phishing scams in which hackers pose as trusted figures to trick
people into handing over passwords are getting increasingly sophisticated.
- Security experts describe an arms race between services that weed out
scammers and attackers developing new tricks and workarounds.
- Phishing is on the rise, and costing over $57 million from more than
114,000 victims in the US last year, according to a recent FBI report.

EXCERPT:

Hackers don't break in, they log in.

That mantra, often repeated by security experts, represents a rule of thumb: The vast majority of breaches are the result of stolen passwords, not
high-tech hacking tools.

These break-ins are on the rise. Phishing scams -- in which attackers pose
as a trustworthy party to trick people into handing over personal details or account information -- were the most common type of Internet crime last
year, according to a recent FBI report <https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-the-internet-crime-complaint-center-2019-internet-crime-report>.
People lost more than $57.8 million in 2019 as the result of phishing, according to the report, with over 114,000 victims targeted in the US.

And as phishing becomes more profitable, hackers are becoming increasingly sophisticated in the methods they use to steal passwords, according to
Tanmay Ganacharya, a principal director in Microsoft's Security Research
team.

``Most of the attackers have now moved to phishing because it's easy. If I
can convince you to give me your credentials, it's done. There's nothing
more that I need,'' Ganacharya told Business Insider.

Ganacharya monitors phishing tactics in order to build machine-learning
systems that root out scams for people using Microsoft services, including Windows, Outlook, and Azure, Microsoft's cloud computing service. This
week, Microsoft announced <https://blogs.microsoft.com/blog/2020/02/20/delivering-on-the-promise-of-security-ai-to-help-defenders-protect-todays-hybrid-environments/>
that
it will begin selling its threat-protection services for platforms
including Linux, iOS, and Android.

Ganacharya spoke to Business Insider about the trends in phishing that his
team has observed. Many of the tactics aren't new, but he said attackers
are constantly finding new ways to work around defenses like Microsoft's
threat protection. Here's what he described...

[...] https://www.businessinsider.com/phishing-scams-getting-more-sophisticated-what-to-look-out-for-2020-2

------------------------------

Date: Tue, 25 Feb 2020 06:41:20 -0700
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: LTE security flaw can be abused to take out subscriptions at your
expense (Bochum)

Researchers say the vulnerability impacts virtually all smartphones on the market*

EXCERPT:

A security vulnerability in LTE can be exploited to sign up for
subscriptions or paid website services at someone else's expense, new
research suggests.

According to researchers <https://news.rub.de/english/press-releases/2020-02-17-lte-vulnerability-attackers-can-impersonate-other-mobile-phone-users>
from Ruhr-Universitaet Bochum, the flaw exists in the 4G mobile
communication standard and permits smartphone user impersonation, which
could allow attackers to ``start a subscription at the expense of others or publish secret company documents under someone else's identity.''

The research, titled IMP4GT: IMPersonation Attacks in 4G NeTworks, is the
work of David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina P=C3=B6pper.

*See also: *Honeywell, Verizon partner on integrating LTE, smart meters,
lay groundwork for 5G <https://www.zdnet.com/article/honeywell-verizon-partner-on-integrating-lte-smart-meters-lay-groundwork-for-5g/>

The IMP4GT attack <https://imp4gt-attacks.net/> impacts ``all devices that communicate with LTE,'' which includes *virtually all* smartphones, tablets, and some Internet of Things (IoT) devices.

Software-defined radios are a key element of IMP4GT. These devices are able
to read the communications channels between a mobile device and base
station, and by using them, it is possible to trick a smartphone into considering the radio is the base station -- and dupe the network into
treating the radio as the mobile phone.

Once this channel of communication is compromised, it is time to start manipulating data packets being sent between an LTE device and base station.

``The problem is the lack of integrity protection: data packets are
transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping. However, it is possible to modify
the exchanged data packets. We don't know what is where in the data packet,
but we can trigger errors by changing bits from 0 to 1 or from 1 to 0.''

These errors can then force a mobile phone and base station to either
decrypt or encrypt messages, converting information into plaintext or
creating a situation in which an attacker is able to send commands without authorization. [...] https://www.zdnet.com/article/lte-security-flaw-can-be-abused-to-take-out-subscriptions-at-your-expense/

------------------------------

Date: Wed, 26 Feb 2020 19:16:55 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: What to do about artificially intelligent government

EXCERPT:

The White House's recent efforts to chart a national artificial intelligence (AI) policy are welcome and, frankly, overdue. Funding for AI research and updating agency IT systems is a good start. So is guidance for agencies as
they begin to regulate industry use of AI. But there's a glaring gap: The
White House has been silent about the rules that apply when agencies use AI
to perform critical governance tasks. <https://about.bgov.com/news/white-house-proposes-92-billion-it-budget-in-fy-2021/>
<https://news.bloomberglaw.com/tech-and-telecom-law/artificial-intelligence-principles-issued-by-white-house>

This matters because, of all the ways AI is transforming our world, some of
the most worrying come at the intersection of AI and the awesome power of
the state. AI drives the facial recognition police use to surveil citizens.
It enables the autonomous weapons changing warfare. And it powers the tools judges use to make life-changing bail, sentencing and parole decisions. Concerns about each have fueled debate and, as to facial recognition in particular, new laws banning use. <https://www.bloomberg.com/news/articles/2020-01-24/cops-spying-on-londoners-faces-sparks-human-rights-concerns>
<https://www.bloomberg.com/news/videos/2019-05-16/face-it-you-re-being-watched-video>

Sitting just beyond the headlines, however, is a little-known fact: AI use already is pervasive in government. Prohibition for most uses is not an
option, or at least not a wise one. Needed instead is a frank conversation about how to give the government the resources it needs to develop
high-quality and fairly deployed AI tools and build sensible accountability mechanisms around their use.

We know because we led a team of lawyers and computer scientists at Stanford and New York universities to advise federal agencies on how to develop and oversee their new algorithmic toolkit.

Our research <https://law.stanford.edu/education/only-at-sls/law-policy-lab/practicums-2018-2019/administering-by-algorithm-artificial-intelligence-in-the-regulatory-state/acus-report-for-administering-by-algorithm-artificial-intelligence-in-the-regulatory-state/#
slsnav-report>
shows that AI use spans government. By our estimates, half of major federal agencies have experimented with AI. Among the 160 AI uses we found, some -- such as facial recognition -- are fueling public outcries. But many others
fly under the radar. The Securities and Exchange Commission (SEC) uses AI to flag insider trading; the Centers for Medicare and Medicaid Services uses it
to ferret out health care fraud. The Social Security Administration is
piloting AI tools to help decide who gets disability benefits, and the
Patent and Trademark Office to decide who gets patent protection.

Still other agencies are developing AI tools to communicate with the public,
by sifting millions of consumer complaints or using chatbots to field
questions from welfare beneficiaries, asylum seekers and taxpayers.

Our research also highlights AI's potential to make government work better
and at lower cost. AI tools that help administrative judges spot errors in draft decisions can shrink backlogs that leave some veterans waiting years <https://www.militarytimes.com/news/2018/09/10/watchdog-report-the-va-benefits-backlog-is-higher-than-officials-say/>
(sometimes, close to a decade) for benefits. AI can help ensure that the decision to launch a potentially ruinous enforcement action does not reflect the mistakes, biases, or whims of human prosecutors. And AI can help make
more precise judgments about which drugs threaten public health.

But the picture is not all rosy. [...] https://thehill.com/opinion/technology/483878-what-to-do-about-artificially-intelligent-government

------------------------------

Date: Sun, 23 Feb 2020 07:55:15 -0700
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: Lawsuit Says Google Used School Software To Spy On Children (NYT)

EXCERPT:

New Mexico's attorney general sued Google on Thursday, saying the tech giant used its educational products to spy on the state's children and families.

Google collected a trove of students' personal information, including data
on their physical locations, websites they visited, YouTube videos they
watched and their voice recordings, Hector Balderas, New Mexico's attorney general, said in a federal lawsuit.

``The consequences of Google's tracking cannot be overstated: Children are being monitored by one of the largest data mining companies in the world,
at school, at home, on mobile devices, without their knowledge and without
the permission of their parents,'' the lawsuit said. <https://cdn.vox-cdn.com/uploads/chorus_asset/file/19734145/document_50_.pdf>

Over the last eight years, Google has emerged as the predominant tech brand
in American public schools <https://cdn.vox-cdn.com/uploads/chorus_asset/file/19734145/document_5.pdf>, outpacing rivals like Apple and Microsoft by offering a suite of
inexpensive, easy-to-use tools.

Today, more than half of the nation's public schools -- and 90 million
students and teachers globally -- use free Google Education apps like Gmail
and Google Docs. More than 25 million students and teachers also use Chromebooks, laptops that run on the company's Chrome operating system, the lawsuit said.

In September, Google agreed to pay a $170 million fine to settle federal
and New York State charges that it illegally harvested the personal data <https://www.nytimes.com/2019/09/04/technology/google-youtube-fine-ftc.html>
of children on YouTube.

The new lawsuit, filed in U.S. District Court for the District of New
Mexico, claimed that Google violated the federal Children's Online Privacy Protection Act. The law requires companies to obtain a parent's consent
before collecting the name, contact information and other personal details
from a child under 13.

The lawsuit also said Google deceived schools, parents, teachers and
students by telling them that were no privacy concerns with its education products when, in fact, the company had amassed a trove of potentially sensitive details on students' online activities and locations. [...]

https://www.nytimes.com/2020/02/20/technology/new-mexico-google-lawsuit.html

------------------------------

Date: Fri, 28 Feb 2020 14:32:57 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
(The Hacker News)

EXCERPT:

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by
Broadcom and Cypress -- apparently powering over a billion devices,
including smartphones, tablets, laptops, routers, and IoT gadgets.

Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby
remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.

The attacker does not need to be connected to the victim's wireless network
and the flaw works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption, to protect their
network traffic.

``Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi
3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k,'' ESET researchers said.

According to the researchers <https://www.eset.com/int/kr00k/>, the Kr00k
flaw is somewhat related to the KRACK attack <https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html>, a
technique that makes it easier for attackers to hack Wi-Fi passwords <https://thehackernews.com/2018/08/how-to-hack-wifi-password.html> protected using a widely-used WPA2 network protocol.

First, Learn What Kr00k Attack Doesn't Allow: [...] https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

------------------------------

Date: Mon, 24 Feb 2020 04:56:25 -0500
From: Monty Solomon <monty@roscom.com>
Subject: A Viral Email About Coronavirus Had People Smashing Buses And
Blocking Hospitals. (Buzzfeednews)

Ukraine's security service said the fake email that was supposedly from the Ministry of Health had actually been sent from outside the country.

https://www.buzzfeednews.com/article/christopherm51/coronavirus-ukraine-china

------------------------------

Date: Sat, 29 Feb 2020 11:43:15 -0800
From: Rob Slade <rmslade@shaw.ca>
Subject: Security self-theatre? (COVID-19 and masks)

OK, first off, to let you know that I know what I'm talking about, I put
myself through university by working in the medical field, first as a
practical nurse (I spent considerable time working in an isolation ward),
and later as an industrial first aid attendant. (My required non-physics elective at university was medical physiology.) I've also been an emergency management volunteer for a couple of decades.

Now I've talked about security theatre in regard to COVID-19, and we are discussing other issues related to the coronavirus. But one of the things
that has bugged me ever since it started hitting the news is the masks.

Masks won't keep you from getting COVID-19, or any other droplet bourne
virus. (At least, they don't reduce your risk very much.) The paper face masks provide next to no protection in this regard, and the N95 masks aren't much better. Droplet bourne viruses will still get on your skin, on your
face, and into your eyes, and simple daily activities make you touch your
skin and face and mouth and eyes and provide the viruses a path inside. You don't need to inhale the virus to get it, and, if you do get COVID-19, it probably will be from some other pathway than inhaling it. This is why frequent (*very* frequent) handwashing is important. (Hand sanitizer is
good, too. If you use it frequently.)

Masks are useful, if *you* have the virus, in preventing you giving it to
other people. (Not a complete prevention, mind, but useful.) So, if you
are wearing a face mask in public during this epidemic, you are making one
of two statements: 1) I AM INFECTED WITH THE COVID-19 VIRUS!! or 2) I AM STUPID AND IGNORANT!!

This advice, by the way, applies to influenza as well. Which brings up
another point: if you are worried about the COVID-19 virus, and still
haven't yet gotten a flu shot, you are stupid and ignorant. Even in China,
you are much, much more likely to get the flu than COVID-19. Even in China, the likelihood that the next person you meet will have COVID-19 is about
.0001. (Probably somewhat less.) But if you go out into a crowd (if you
can *find* a crowd in China these days), you are likely to encounter
somebody with the flu. Having a flu shot probably doesn't reduce your risk
of getting COVID-19, but it does reduce your risk of getting the flu. If
you get the flu, then you may have to get tested for COVID-19, and that puts that much more demand on the system and resources.

Wash your hands.

If you haven't got a flu shot, get one.

Don't panic buy, horde, or misuse masks and gloves. If you need them,
you'll get them. (If other people haven't been panic buying and hoarding.) https://lite.cnn.com/en/article/h_cd175447b3f892d7adcb7c196b0b7316

Now go wash your hands.

------------------------------

Date: Wed, 26 Feb 2020 09:12:29 -0800
From: Richard Stein <rmstein@ieee.org>
Subject: Man who breached coronavirus stay-home notice stripped of
Singapore PR status, barred from re-entry (The Straits Times)

https://www.straitstimes.com/singapore/coronavirus-singapore-permanent-resident-who-breached-stay-home-notice-stripped-of-pr

Singapore prioritizes public health and civility. Unwise to violate these orders, especially in a time of elevate pandemic conditions.

------------------------------

Date: Sun, 1 Mar 2020 09:38:17 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: How coronavirus turned the dystopian joke of FaceID masks into a
reality (Technology Review)

*Thousands ordered masks that let them unlock their phones during
outbreaks. But this viral art project doesn't just work with surveillance technology -- it works against it, too.*

EXCERPT:

Two weeks ago, Danielle Baskin had an idea for a tongue-in-cheek art
project. Now, she's suddenly big in China.

While talking with friends about the coronavirus outbreak

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)