1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.76

    From RISKS List Owner@21:1/5 to All on Wed Apr 29 20:56:07 2020
    RISKS-LIST: Risks-Forum Digest Wednesday 29 April 2020 Volume 31 : Issue 76

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.76>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Online voting is too vulnerable (The Economist)
    No-password Access to Britain's Road Surveillance Camera Data (The Register) Democratising mass surveillance, one snafu at a time (The Register)
    Washington Post-University of Maryland poll finds a problem for
    Apple-Google coronavirus app (WashPost)
    Malicious Android apps (WiReD)
    Nine million logs of Brits' road journeys spill onto the Internet
    from password-less number-plate camera dashboard (The Register)
    Amazon Smart Oven Review: Don't Let It Anywhere Near Your Kitchen (WiReD) Disney claims May the 4th (Rob Slade)
    Ross Anderson course videos online (Rob Slade)
    Re: 'No evidence' that recovering from Covid-19 gives people immunity,
    WHO says (Arthur Flatau)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 29 Apr 2020 15:51:31 PDT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: Online voting is too vulnerable (The Economist)

    Why voting online is not the way to hold an election in a pandemic:
    It is still too vulnerable to cyber-attacks and security breaches.

    <https://www.economist.com/international/2020/04/27/why-voting-online-is-not-the-way-to-hold-an-election-in-a-pandemic>

    ------------------------------

    Date: Tue, 28 Apr 2020 14:49:12 -0400
    From: Charles Dunlop <cemdunlop@gmail.com>
    Subject: No-password Access to Britain's Road Surveillance Camera Data
    (The Register)

    Travel involving nearly nine million cars in Britain was accessible merely
    by typing the system's IP address into a browser:
    https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/

    ------------------------------

    Date: Wed, 29 Apr 2020 13:09:44 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Democratising mass surveillance, one snafu at a time (The Register)

    Exclusive In a blunder described as "astonishing and worrying," Sheffield
    City Council's automatic number-plate recognition (ANPR) system exposed to
    the Internet 8.6 million records of road journeys made by thousands of
    people, The Register can reveal.

    The ANPR camera system's internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates,
    travel through Sheffield's road network.

    Britain's Surveillance Camera Commissioner Tony Porter described the
    security lapse as "both astonishing and worrying," and demanded a full probe into the snafu.

    https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/

    IoT follies.

    ------------------------------

    Date: Wed, 29 Apr 2020 10:39:31 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Washington Post-University of Maryland poll finds a problem for
    Apple-Google coronavirus app (WashPost)

    Nearly 3 in 5 Americans say they are either unable or unwilling to use the infection-alert apps under development by Google and Apple, suggesting a
    steep climb to win enough adoption of the technology to make it effective against the coronavirus pandemic, a Washington Post-University of Maryland
    poll finds. [...]

    A major source of skepticism about the infection-tracing app is distrust of Google, Apple and tech companies generally, with a majority expressing
    doubts about whether they would protect the privacy of health data. A 57 percent majority of smartphone users report having a `great deal' or a `good amount' of trust in public health agencies and 56 percent trust
    universities. That compares with 47 percent who trust health insurance companies and 43 percent who trust tech companies like Google and Apple.

    https://www.washingtonpost.com/technology/2020/04/29/most-americans-are-not-willing-or-able-use-an-app-tracking-coronavirus-infections-thats-problem-big-techs-plan-slow-pandemic/

    ------------------------------

    Date: Wed, 29 Apr 2020 13:12:24 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Malicious Android apps (WiReD)

    Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google's defenses.

    https://www.wired.com/story/phantomlance-google-play-malware-apt32/

    ------------------------------

    Date: Tue, 28 Apr 2020 17:29:28 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Nine million logs of Brits' road journeys spill onto the Internet
    from password-less number-plate camera dashboard

    https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/

    ------------------------------

    Date: Wed, 29 Apr 2020 17:25:09 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Amazon Smart Oven Review: Don't Let It Anywhere Near Your Kitchen
    (WiReD)

    Connected kitchen gadgets are supposed to streamline cooking, but this one
    just gave me a headache.

    https://www.wired.com/review/amazon-smart-oven/

    This is laugh out loud funny.

    ------------------------------

    Date: Tue, 28 Apr 2020 12:46:14 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: Disney claims May the 4th

    Disney claimed that it owned "Maythe4th" and all *your* posts that use it. https://twitter.com/disneyplus/status/1254772307941191686

    The reaction was predictable.
    https://www.bbc.com/news/technology-52457596

    ------------------------------

    Date: Tue, 28 Apr 2020 12:28:31 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: Ross Anderson course videos online

    Professor Ross Anderson (University of Cambridge)) has put his lectures for
    his first-year Software and Security Engineering course online. Freely available.

    https://www.cl.cam.ac.uk/teaching/1920/SWSecEng/materials.html

    Avail yourselves.

    [Highly recommended. PGN]

    ------------------------------

    Date: Tue, 28 Apr 2020 13:08:19 -0500
    From: Arthur Flatau <flataua@acm.org>
    Subject: Re: 'No evidence' that recovering from Covid-19 gives people immunity,
    WHO says (RISKS-31.74)

    There have been a number of reports and suggestions that people who have
    had COVID-19 may not have immunity. They are usually accompanied by
    statements that we need a vaccine. Of course, a vaccine just tricks the
    immune system into developing antibodies by exposing it to parts of/attenuated/dead the virus in question. However, if being infected with
    the virus does not create immunity, this makes developing an effective
    vaccine very difficult if not impossible.

    [One of these days we will consider the risks of computer viruses and
    coronaviruses in complementary context -- for example, relating to the
    soundness of models and predictions, theory vs practice, belief systems,
    misinformation, disinformation, etc. Many useful comparisons might seem
    relevant here, in case any readers are wondering why there are so many
    COVID items in RISKS lately! PGN]

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.76
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)