1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.74

    From RISKS List Owner@21:1/5 to All on Mon Apr 27 19:06:50 2020
    RISKS-LIST: Risks-Forum Digest Monday 27 April 2020 Volume 31 : Issue 74

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.74>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Why a Data-Security Expert Fears U.S. Voting Will Be Hacked
    (Alexandra Wolfe WSJ)
    Principle of the Day (Ray Dalio)
    Emissions Are Way Down. No, That's Not All Good News for the Environment
    (Mother Jones)
    Coronavirus detected on particles of air pollution (NIH via geoff goodfellow) "Recommendation: Do Not Install or Use Centralized Server Coronavirus
    COVID-19 Contact Tracing Apps" (Lauren Weinstein)
    'No evidence' that recovering from Covid-19 gives people immunity, WHO says
    (geoff goodfellow)
    Re: Coronavirus Antibody Tests: Can You Trust the Results (Rich Klawiec)
    Re: Spam filter censoring COVID content (Henry Baker)
    Re: e-postage, Internet Usage update (Paul Edwards)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Sun, 26 Apr 2020 22:38:51 +0200
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: Why a Data-Security Expert Fears U.S. Voting Will Be Hacked
    (Alexandra Wolfe, The Wall Street Journal)

    <https://www.wsj.com/articles/why-a-data-security-expert-fears-u-s-voting-will-be-hacked-11587747159>

    In 2005, a concerned Florida election supervisor asked the Finnish data-security expert Harri Hursti to hack into one of the state's commonly
    used voting machines to test its vulnerability. The verdict wasn't
    reassuring. By modifying just a few lines of code on the machine's memory
    card, Mr. Hursti says, he could change the results of a mock election. That same model, he adds, will be among those used in the 2020 elections. (A spokesperson for the machine's vendor, Dominion Voting, says that these weaknesses were fixed in 2012, but Mr. Hursti says that he has tested the
    new version and found the updates insufficient.)

    Mr. Hursti has spent the past 15 years trying to draw attention to the weaknesses in America's voting systems. Last month, he was featured in an
    HBO documentary called ``Kill Chain: The Cyber War on America's Elections,'' about far-reaching security breaches in multiple U.S. elections that he says have gone unfixed. He warns that both the American political establishment
    and the public are far too complacent. ``Once you understand how everything works, you understand how fragile everything is and how easy it is to lose
    this all,'' Mr. Hursti says in the film.

    In 2017, the Department of Homeland Security notified 21 states that they
    had been targeted by Russian hackers in the previous year's voting. (Russia denies the allegations.) Mr. Hursti has worked with some of those states to stave off future attacks, he says, but past breaches are rarely
    investigated. DHS has said that it found no evidence that votes were changed during the 2016 voting. A 2017 U.S. intelligence assessment <https://www.dni.gov/files/documents/ICA_2017_01.pdf?mod''article_inline> -- whose findings were unanimously reaffirmed <https://www.wsj.com/articles/senate-report-affirms-u-s-intelligence-findings-on-2016-russian-interference-11587483408?mod''article_inline>
    Tuesday by the Republican-led Senate Intelligence Committee -- described a significant 2016 Russian ``influence campaign'' to ``undermine public
    faith'' in American democracy and ``help President-elect Trump's election chances.''

    Mr. Hursti focuses more on the hardware side of the voting process than information operations from hostile powers. He doesn't offer direct evidence
    of vote tampering in 2016, but he warns that, given the security flaws he
    has uncovered, it was certainly possible. For years, voting rights groups
    have been suing states, alleging problems with voting machines. Last August,
    a judge in Georgia ruled that the state needed new voting machines to
    replace unsecure, outdated ones that had malfunctioned during the 2018 governor's race. [...]

    After working in computer programming for most of his life, he is amused to hear critics calling him opposed to technology because of his calls for an old-school paper voting system. ``I'm against the irresponsible use of technology,'' he says, but ``I'm the last person I would ever think people would be calling a Luddite.''

    [Excellent article. Read it in its entirety if you are concerned.
    (You should be.) PGN]

    ------------------------------

    Date: Sun, 26 Apr 2020 08:45:40 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Principle of the Day (Ray Dalio)

    *"Because of the different ways that our brains are wired, we all experience reality in different ways and any single way is essentially distorted. This
    is something that we need to acknowledge and deal with."*

    *"So if you want to know what is true and what to do about it, you must understand your own brain."*

    https://twitter.com/RayDalio/status/1254134881472438275

    [image omitted for RISKS]

    ------------------------------

    Date: Mon, 27 Apr 2020 15:13:35 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Emissions Are Way Down. No, That's Not All Good News for the Environment
    (Mother Jones)

    Chaos in the oil sector could actually intensify climate change.

    As the coronavirus cripples world economies, greenhouse gas emissions are plummeting: This year, they could drop by as much as 5.5 percen -- the
    largest decrease ever recorded. On Monday, the price of oil went negative, meaning storing oil now costs more than the oil itself. Since we're burning less gas and fuel, air pollution has dropped 30 percent in northeastern
    cities, and Los Angeles's notorious smoggy skyline has cleared.

    [Editor's Note: The coronavirus likes to piggyback on smog (see the next
    item from NIH). Nevertheless, at the moment, Los Angeles is far behind
    the San Francisco Bay Area in coping with COVID-19 -- although for
    unrelated reasons. PGN]

    You might be thinking all this is great news for the environment. It's a
    nice idea —- but the real story is more complicated. ``You don't want companies collapsing like this,'' says Andrew Logan, oil and gas director of Ceres, a think tank focused on sustainable investment. ``Even the most
    ardent climate advocate shouldn't wish for a chaotic transition in this
    sector. A chaotic transition brings all sort of pain to workers and also
    the environment.''

    https://www.motherjones.com/environment/2020/04/oil-prices-are-below-zero-no-thats-not-all-good-news-for-the-environment/

    ------------------------------

    Date: Sun, 26 Apr 2020 08:47:20 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Coronavirus detected on particles of air pollution

    Scientists examine whether this route enables infections at longer distances

    EXCERPT:

    Coronavirus has been detected on particles of air pollution by scientists investigating whether this could enable it to be carried over longer
    distances and increase the number of people infected.

    The work is preliminary and it is not yet known if the virus remains viable
    on pollution particles and in sufficient quantity to cause disease.

    The Italian scientists used standard techniques to collect outdoor air pollution samples at one urban and one industrial site in Bergamo province
    and identified a gene highly specific to Covid-19 in multiple samples. The detection was confirmed by blind testing at an independent laboratory.

    Leonardo Setti at the University of Bologna in Italy, who led the work <https://www.medrxiv.org/content/10.1101/2020.04.15.20065995v1>, said it was important to investigate if the virus could be carried more widely by air pollution.

    ``I am a scientist and I am worried when I don't know,'' he said. ``If we
    know, we can find a solution. But if we don't know, we can only suffer the consequences.''

    Two other research groups have suggested particles could help coronavirus travel further in the air, piggybacking on air pollution pollution. <https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7151372/> <https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7156797/#CR6>

    A statistical analysis by Setti's team suggests higher levels of particle pollution could explain higher rates of infection in parts of northern Italy before a lockdown was imposed, an idea supported by another preliminary analysis. The region is one of the most polluted in Europe. [...]

    <https://www.medrxiv.org/content/10.1101/2020.04.11.20061713v1> <https://www.medrxiv.org/content/10.1101/2020.04.06.20055657v1> <https://www.theguardian.com/environment/2020/apr/24/coronavirus-detected-particles-air-pollution>

    ------------------------------

    Date: Mon, 27 Apr 2020 12:56:19 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: "Recommendation: Do Not Install or Use Centralized Server
    Coronavirus COVID-19 Contact Tracing Apps"

    Lauren's Blog: https://lauren.vortex.com/2020/04/27/recommendation-do-not-install-or-use-centralized-server-coronavirus-covid-19-contact-tracing-apps

    ------------------------------

    Date: Sun, 26 Apr 2020 08:48:14 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: 'No evidence' that recovering from Covid-19 gives people immunity,
    WHO says (

    *The World Health Organization warned on Saturday that recovering from coronavirus may not protect people from reinfection as the death toll from
    the pandemic approached 200,000 around the globe.*

    EXCERPT:

    Governments across the world are struggling to limit the economic
    devastation unleashed by the virus, which has infected nearly 2.8 million people and left half of humanity under some form of lockdown.

    The United Nations has joined world leaders in a push to speed up
    development of a vaccine, but effective treatments for COVID-19 [...] are still far off.
    <https://www.france24.com/en/tag/united-nations/> <https://www.france24.com/en/tag/coronavirus/>

    But with signs the disease is peaking in the US and Europe, governments are starting to ease restrictions, weighing the need for economic recovery
    against cautions that lifting them too soon risks a second wave of
    infections.

    The WHO <https://www.france24.com/en/tag/who/> warned on Saturday that
    there is still no evidence that people who test positive for the new coronavirus and recover are immunised and protected against reinfection.

    Read more: 'Grave concerns' about Covid-19 immunity passports <https://www.france24.com/en/20200416-grave-concerns-about-covid-19-immunity-passports>

    The warning came as some governments study measures such as "immunity passports" or documents for those who have recovered as one way to get
    people back to work after weeks of economic shutdown.

    "There is currently no evidence that people who have recovered from
    #COVID19 and have antibodies are protected from a second infection," WHO
    said in a statement. [...] https://www.france24.com/en/20200425-no-evidence-that-recovering-from-covid-19-gives-people-immunity-who-says

    ------------------------------

    Date: April 27, 2020 2:13:50 JST
    From: Rich Kulawiec <rsk@gsp.org>
    Subject: Re: Coronavirus Antibody Tests: Can You Trust the Results
    (RISKS-31.73)

    [via Dave Farber]

    About all those tests:

    ``There are three major problems with testing right now. One, we do not have the reagents. Our government is not working with private sector companies,
    as all the other governments of the world are now seeking testing to
    understand how to best ramp up these reagents that we do need. Number two is
    we have the wild, wild west for testing right now. The FDA has all but given
    up its oversight responsibility for the tests we have on the market. Many of them are nothing short of a disaster. And we got into that place because of
    the fact -- once CDC had a problem, the FDA just opened the gate. And we
    have a lot of bad tests on the market right now. The third thing is these
    tests just do not perform well in low prevalent populations. Meaning that
    right now, if you were to test for antibody in most places in the United States, over half of the tests would be false positives. So what we need is
    a major, new initiative on testing that gets away from every day just saying how many people got tested. We're missing the mark in a big way right now.``

    Dr. Michael Osterholm, the director of the Center for Infectious Disease Research and Policy at the University of Minnesota, 4/26/2020 on "Meet the Press"

    ------------------------------

    From: Henry Baker <hbaker1@pipeline.com>
    Date: Mon, 27 Apr 2020 13:02:44 -0700
    Subject: Re: Spam filter censoring COVID content (Levine, RISKS-31.73)

    Hopefully, even bad encryption can defeat bad spam filtering.

    Yes, you are correct, the spam filter almost certainly looked at the entire message, which contained links, etc.

    I didn't mention it, but it is true that the spam filter of this particular domain operates *before* looking at the "From:" whitelist, hence my sister can't receive this email by simply whitelisting me.

    I wasn't kidding when I said *censorship* is in operation here: a number of email providers have unilaterally taken upon themselves the task of "protecting" their snowflakes from "bad" advice re certain pandemic viruses
    (I can't use the correct term else this email itself might get censored).

    This problem is another variation on the "Scunthorpe problem" (Google it)
    [or dig up RISKS-18.07,08. PGN], wherein emails were censored for nasty
    words using simple character string searches which made certain perfectly
    good non-nasty words unusable.

    ------------------------------

    Date: Mon, 27 Apr 2020 09:27:19 +1000
    From: Paul Edwards <paule@cathicolla.com>
    Subject: Re: e-postage, Internet Usage update (Levine, RISKS-31.73)

    Thanks John; that's a well-written white paper and lays out the arguments
    well. I agree with your conclusion that e-postage won't work across the
    board. If this example was interpreted as advocating for e-postage more broadly then that wasn't my intent!

    For this particular company, the problem they were trying to solve was email overload of their staff. They worked out what they *could* control: the
    number of internal emails sent (especially given that a significant
    proportion of addresses included on emails sent were purely for
    arse-covering purposes).

    I think the key differentiators between this specific example and that of broader e-postage are: the problem statement was well-defined and
    understood; the scope of the exercise was similarly well-defined and limited solely to the one company (admittedly with 100K+ employees and contractors); implementation was simple and capable of being rolled back quickly; and the charging was all internal. I guess the key outcome is that they were happy
    with the behavioural changes they got from the exercise.

    [TNX. We all seem to agree here, so I theink this thread may now e-vanesce
    or e-strange itself.*

    (* NOTE: Long-time RISKS readers may remember my treatise on
    hyphenation, which appeared on April Fool's Day in 1996, in
    RISKS-17.95, and very slightly updated:
    http://www.csl.sri.com/neumann/hyphen.html] PGN)]

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an
    alternative

    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.74
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)