RISKS-LIST: Risks-Forum Digest Sunday 26 April 2020 Volume 31 : Issue 73
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/31.73>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The illusion of certainty (Spectator)
That no-click iOS Zero-day reported to be under exploit doesn't exist,
Apple says (Ars Technica)
The Untold Story of the Birth of Social Distancing (NYTimes)
Germany changes course on contact tracing app, abandoning PEPP-PT (Politico) Inexpensive, portable detector identifies pathogen in minutes
(Lois Yoksoulian)
Re: Coronavirus Antibody Tests: Can You Trust the Results? (PGN)
Re: Cox email creation policy change I'd missed! (John Levine)
Re: e-postage, Internet Usage update (John Levine)
Re: Zoom 5.0 update will bring much-needed security upgrades (John Levine,
Monty Solomon)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 25 Apr 2020 15:39:34 +0900
From: Dave Farber <
farber@gmail.com>
Subject: The illusion of certainty (Spectator)
https://app.spectator.co.uk/2020/04/22/the-illusion-of-certainty/content.html
------------------------------
Date: Sun, 26 Apr 2020 09:18:23 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: That no-click iOS Zero-day reported to be under exploit doesn't
exist, Apple says (Ars Technica)
Other critics also question evidence and say 0day may have been confused with simple bug.
https://arstechnica.com/information-technology/2020/04/apple-disputes-report-of-non-click-ios-0day-under-exploit-for-two-years/
------------------------------
Date: Sat, 25 Apr 2020 14:52:57 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: The Untold Story of the Birth of Social Distancing (NYTimes)
The idea has been around for centuries. But it took a high school science
fair, George W. Bush, history lessons and some determined researchers to overcome skepticism and make it federal policy.
https://www.nytimes.com/2020/04/22/us/politics/social-distancing-coronavirus.html
------------------------------
Date: Sun, 26 Apr 2020 10:17:36 PDT
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Germany changes course on contact tracing app, abandoning PEPP-PT
(Politico)
Laura Kayali and Janosch Delcker, Politico, 26 Apr 2020
The German government announced today that Berlin would adopt a
decentralized approach to a coronavirus contact-tracing app, now backing an approach championed by U.S. tech giants Apple and Google.
``We will promote the use of a consistently decentralized software
architecture for use in Germany,'' the country's Federal Health Minister
Jens Spahn said on Twitter, echoing an interview in "Die Welt am Sonntag".
<
https://www.welt.de/wirtschaft/webwelt/article207509833/Corona-App-Bundesregierung-favorisiert-dezentralen-Ansatz.html>
Earlier this month, Google and Apple announced they would team up to unlock their smartphones' Bluetooth capabilities to allow developers to build interoperable contact tracing apps. [...]
------------------------------
Date: April 27, 2020 0:38:52 JST
From: Dewayne Hendricks <
dewayne@warpspeed.com>
Subject: Inexpensive, portable detector identifies pathogen in minutes
(Lois Yoksoulian)
[Note: This item comes from friend David Rosenthal. DLH]
[Note: The entire item comes via David Farber. PGN]
Lois Yoksoulian, University of Illinois at Urbana-Champaign, 23 Apr 2020
<
https://phys.org/news/2020-04-inexpensive-portable-detector-pathogens-minutes.html
Most viral test kits rely on labor- and time-intensive laboratory
preparation and analysis techniques; for example, tests for the novel coronavirus can take days to detect the virus from nasal swabs. Now, researchers have demonstrated an inexpensive yet sensitive smartphone-based testing device for viral and bacterial pathogens that takes about 30 minutes
to complete. The roughly $50 smartphone accessory could reduce the pressure
on testing laboratories during a pandemic such as COVID-19.
The results of the new multi-institutional study, led by University of
Illinois at Urbana-Champaign electrical and computer engineering professor Brian Cunningham and bioengineering professor Rashid Bashir, are reported in the journal Lab on a Chip.
"The challenges associated with rapid pathogen testing contribute to a lot
of uncertainty regarding which individuals are quarantined and a whole host
of other health and economic issues," Cunningham said.
The study began with the goal of detecting a panel of viral and bacterial pathogens in horses, including those that cause severe respiratory illnesses similar to those presented in COVID-19, the researchers said.
"Horse pathogens can lead to devastating diseases in animal populations, of course, but one reason we work with them has to do with safety. The horse pathogens in our study are harmless to humans," Cunningham said.
The new testing device is comprised of a small cartridge containing testing reagents and a port to insert a nasal extract or blood sample, the
researchers said. The whole unit clips to a smartphone.
Inside the cartridge, the reagents break open a pathogen's outer shell to
gain access to its RNA. A primer molecule then amplifies the genetic
material into many millions of copies in about 10 or 15 minutes, the researchers said. A fluorescent dye stains the copies and glows green when illuminated by blue LED light, which is then detected by the smartphone's camera.
"This test can be performed rapidly on passengers before getting on a
flight, on people going to a theme park or before events like a conference
or concert," Cunningham said. "Cloud computing via a smartphone application could allow a negative test result to be registered with event organizers or
as part of a boarding pass for a flight. Or, a person in quarantine could
give themselves daily tests, register the results with a doctor, and then
know when it's safe to come out and rejoin society."
------------------------------
Date: Sun, 26 Apr 2020 10:24:17 PDT
From: "Peter G. Neumann" <
neumann@csl.sri.com>
Subject: Re: Coronavirus Antibody Tests: Can You Trust the Results?
(RISKS-31.72)
[Here's more on the brief item in the previous issue. PGN]
Apoorva Mandavilli, *The New York Times*, 24 Apr 2020
https://www.nytimes.com/2020/04/24/health/coronavirus-antibody-tests.html
A team of scientists worked around the clock to evaluate 14 antibody
tests. A few worked as advertised. Most did not.
The researchers worked around the clock, in shifts of three to five hours, hoping to stave off weariness and keep their minds sharp for the delicate
task.
They set up lines of laboratory volunteers: medical residents, postdoctoral students, even experienced veterans of science, each handling a specific
task. They checked and rechecked their data, as if the world were depending
on it. Because in some ways, it is.
For the past few weeks, more than 50 scientists have been working diligently
to do something that the Food and Drug Administration mostly has not:
Verifying that 14 coronavirus antibody tests now on the market actually
deliver accurate results.
These tests are crucial to reopening the economy, but public health experts have raised urgent concerns about their quality. The new research, completed just days ago and posted online Friday, confirmed some of those fears: Of
the 14 tests, only three delivered consistently reliable results. Even the
best had some flaws.
The research has not been peer-reviewed and is subject to revision. But the results are already raising difficult questions about the course of the epidemic.
Surveys of residents in the Bay Area, Los Angeles and New York this week
found that substantial percentages tested positive for antibodies to SARS-CoV-2, the official name of the new coronavirus. In New York City, the figure was said to be as high as 21 percent. Elsewhere, it was closer to 3 percent.
The idea that many residents in some parts of the country have already been exposed to the virus has wide implications. At the least, the finding could greatly complicate plans to reopen the economy.
Already Americans are scrambling to take antibody tests to see if they might escape lockdowns. Public health experts are wondering if those with positive results might be allowed to return to work.
But these tactics mean nothing if the test results can't be trusted.
In the new research, researchers found that only one of the tests never delivered a so-called false positive -- that is, it never mistakenly
signaled antibodies in people who did not have them.
Two other tests did not deliver false-positive results 99 percent of the time.
But the converse was not true. Even these three tests detected antibodies in infected people only 90% of the time, at best.
The false-positive metric is particularly important. The result may lead
people to believe themselves immune to the virus when they are not, and to
put themselves in danger by abandoning social distancing and other
protective measures.
It is also the result on which scientists are most divided. [...]
[PGN-truncated for RISKS]
------------------------------
Date: 25 Apr 2020 17:15:59 -0400
From: "John Levine" <
johnl@iecc.com>
Subject: Re: Cox email creation policy change I'd missed!
(Goldberg, RISKS-31.72)
That's really pitiful. At Comcast and Spectrum, not only do they still
provide e-mail to their customers, but if you move or switch providers, your e-mail keeps working indefinitely, for free.
------------------------------
Date: 25 Apr 2020 17:44:20 -0400
From: "John Levine" <
johnl@iecc.com>
Subject: Re: e-postage, Internet Usage update (PaulE, RISKS-31.72)
E-postage is a Well Known Bad Idea that just won't go away. Whatever
problems you think it will solve, it won't, and even if it were possible to implement, which it isn't, the problems it would create would be worse than
the ones it didn't solve.
I wrote a white paper on the topic in 2004. Other than perhaps adding a
zero or two to some of the numbers, nothing has changed:
https://www.taugh.com/epostage.pdf
------------------------------
Date: 25 Apr 2020 17:27:48 -0400
From: "John Levine" <
johnl@iecc.com>
Subject: Re: Zoom 5.0 update will bring much-needed security upgrades
(Engadget)
It's actually Zoom 4.6.12 but it has long overdue meeting management features.
The meeting host can turn the waiting room feature on and off, can control whether participants can share their screens, and with a couple of clicks
put anyone back in the waiting room or remove them, and lock a meeting so
more people can't join.
This is not unlike the set of features that instant messaging and mailing
lists have had since approximately forever. Whatever it is that provokes people to be jerks in video meetings is definitely not limited to video
calls.
------------------------------
Date: Sat, 25 Apr 2020 22:11:32 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Re: Zoom 5.0 update will bring much-needed security upgrades (Levine)
The TBD version is scheduled for April 27
https://support.zoom.us/hc/en-us/articles/201361953-New-updates-for-Windows https://support.zoom.us/hc/en-us/articles/205759689-New-updates-for-Linux https://support.zoom.us/hc/en-us/articles/201361973-New-updates-for-Android https://support.zoom.us/hc/en-us/articles/201361943-New-updates-for-iOS https://support.zoom.us/hc/en-us/articles/201361963-New-updates-for-macOS
Added notes:
I have 4.6.12 installed on my Mac now and it has the features I described.
I can believe that they will add more stuff next week.
Some of the features described in the article are scheduled for the upcoming release. The article ends with ``The company's download page still only
offers Zoom 4.6.12, but 5.0 should be out sometime this week.''
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones:
http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.73
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)