1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.80

    From RISKS List Owner@21:1/5 to All on Wed May 6 16:15:26 2020
    RISKS-LIST: Risks-Forum Digest Wednesday 6 May 2020 Volume 31 : Issue 80

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.80>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents: [MAILMAN crash caused some late deliveries of previous issues] Circumventing Censorship (Fenello)
    Brit cyber-spies drop 'whitelist' and 'blacklist' -- political correctness
    gone mad? (The Register)
    Tracking your browsing using HTML canvas fingerprinting (Web Informant)
    UK finds itself almost alone with centralized virus contact-tracing
    app that probably won't work well, asks for your location, may be illegal
    (The Register)
    Visualization shows droplets from one cough on an airplane infecting large
    number of passengers, researchers say (FoxNews)
    Social Distancing Informants Have Their Eyes on You (NYTimes)
    BSides (World Netwide Online via Rob Slade)
    Re: Online voting is too vulnerable (Mark E. Smith)
    Re: statistics and protection - Remdesevir (David Alexander)
    Re: Big Rigs Begin to Trade Diesel for Electric Motors (Richard Stein)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 4 May 2020 17:38:15 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Circumventing Censorship (Fenello)

    EXCERPT:

    Today, we live in a world that is interconnected at an historic rate. We
    can directly interact with billions of people via phone, text, and email,
    as well as assorted online platforms. News is also abundantly available through traditional TV, radio and print, as well as newer venues like
    youtube and other online websites.

    But what appears to be robust and permanent, is actually fragile and under attack. Messages that differ from the accepted narratives are being
    deleted at an alarming rate, while those responsible for those message are being demonetized and de-platformed. People are also being shadow-banned, resulting in their messages getting reduced visibility and circulation, all without anyone's knowledge.

    And it's not just the private networks either. We know from governments
    like China and revelations from Edward Snowden, that even more draconian measures are possible. Websites can be de-indexed from the search engines, taken offline, or even replaced with fake versions. Phone numbers and text
    can be blocked, as well as entire cellular and Internet networks.

    To circumvent these measures, here are a few options:

    [...]
    https://www.fenello.com/blog/circumventing-censorship/

    ------------------------------

    Date: Sun, 3 May 2020 23:15:16 -0700
    From: Li Gong <ligongsf@gmail.com>
    Subject: Brit cyber-spies drop 'whitelist' and 'blacklist' -- political
    correctness gone mad?

    https://www.theregister.co.uk/2020/05/02/uks_ncsc_whitelist_blacklist/

    ------------------------------

    Date: Tue, 5 May 2020 18:06:18 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Tracking your browsing using HTML canvas fingerprinting
    (Web Informant)

    Author writes:

    Every time you fire up your web browser your movements and browser history
    are being leaked to various websites. No, I am not talking about cookies,
    but about a technology that you may not have heard much about. It is called canvas fingerprinting.

    In this post, I will tell you what it does and how you can try to stop it
    from happening. Beware that the journey to do this isn't easy.

    The concept refers to coordinating a series of tracking techniques to
    identify a visitor using what browser, IP address, computer processor and operating system and other details. Canvas is based on the HTML 5
    programming interface that is used to draw graphics and other animations
    using JavaScript. It is a very rich and detailed interface and to give you
    an idea of the data that the browser collects without your knowledge, take a look at the screenshot below. It shows my computer running Chrome on a Mac
    OS v.10.13 using Intel hardware. This is just the tip of a large iceberg of other data that can be found quite easily by any web server.

    https://blog.strom.com/wp/?p=7749

    ------------------------------

    Date: Wed, 6 May 2020 02:19:05 +0900
    From: Dave Farber <farber@gmail.com>
    Subject: UK finds itself almost alone with centralized virus contact-tracing
    app that probably won't work well, asks for your location, may be illegal
    (The Register)

    https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/

    ------------------------------

    Date: Mon, 4 May 2020 17:36:21 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Visualization shows droplets from one cough on an airplane
    infecting large number of passengers, researchers say (FoxNews)
    EXCERPT:

    The coronavirus pandemic has brought air travel to an unprecedented
    standstill -- wreaking all sorts of havoc and putting countless jobs at risk
    -- but a new visualization is unlikely to make people eager to fly the
    friendly skies again soon. <https://www.foxnews.com/category/health/infectious-disease/coronavirus>

    The motion graphic produced by Purdue University researchers shows the aftermath of a single cough on an airplane, with tiny invisible droplets dispersing throughout the cabin, possibly infecting a large number of fellow passengers. [...]

    https://www.foxnews.com/science/visualization-droplets-one-cough-airplane-infecting-passengers

    ------------------------------

    Date: Tue, 5 May 2020 09:59:54 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Social Distancing Informants Have Their Eyes on You (NYTimes)

    Largely confined to their homes and worried about the spread of the coronavirus, members of the public are becoming unofficial watchdogs.

    https://www.nytimes.com/2020/05/04/us/social-distancing-rules-coronavirus.html

    ------------------------------

    Date: Tue, 5 May 2020 12:34:05 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: BSides (World Netwide Online)

    So, a number of us are at home, prevented from going to any of the normal
    round of security conferences.

    But we are creative and inventive people, and we know the tech. So, why not create our own?

    I'm thinking the BSides model, trying to keep it as cheap (free?) as
    possible, for the widest possible access. (I'm thinking this because of the notices I am receiving from various vendors who are trying to actually sell their sales presentations, or combinations thereof, as conferences.) (I may
    be jumping the gun on that name/brand: I don't know who owns the BSides
    model or brand, and while I highly respect it, I don't want to step on any
    toes by simply assuming it.)

    I'm thinking this is more than just a big Zoom meeting, or even a series of Zoom meetings.

    Anybody in?

    ------------------------------

    Date: Tue, 5 May 2020 19:31:23 -0500
    From: "Mark E. Smith" <mymark@gmail.com>
    Subject: Re: Online voting is too vulnerable (RISKS-31.79)

    Dick Mills appears to understate the risks to the public from US elections, whether the votes are cast online or not. Since the US Constitution does not require that the popular vote be counted, it is the Constitution itself, not the way in which elections are held, that constitutes a risk to the public,
    who can be fooled into thinking that their vote is a form of participation
    or a voice in government, when it is, in reality, merely an expression of wishful thinking. An election in which a candidate who loses both the
    popular and Electoral votes can still become President, is not a democratic process that ensures meaningful public input or influence.

    ------------------------------

    Date: Wed, 6 May 2020 08:08:14 +0000 (UTC)
    From: David Alexander <davidalexander440@btinternet.com>
    Subject: Re: statistics and protection - Remdesivir

    Rob Slade looks for details in the reports on the trial of Remdesivir (Remdesivir works against CoVID-19! https://lite.cnn.com/en/article/h_1a62255cc20919cda25d487543ad9118) and I
    agree that the message the data gives does need to be managed to ensure it
    does not give a false sense of security. Unfortunately Rob appears to have missed one obvious point. The drug may not lower the mortality rate by much (but as far as I am concerned any life saved is a significant bonus for that individual, their family & friends) but reducing the recovery time by 4 days
    is absolutely crucial for a medical and care system that is heavily over-loaded. If it can get people out of hospital 4 days earlier, freeing up the bed and care professionals to treat somebody else who might otherwise
    die for a lack of treatment, that is a game changer, a 'force multiplier'
    for good. disclaimer: I am not a healthcare professional (but my fiancee
    is) nor do I have any connection with the pharmaceutical industry, except as
    a satisfied customer.

    ------------------------------

    Date: Wed, 6 May 2020 20:08:40 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Re: Big Rigs Begin to Trade Diesel for Electric Motors (RISKS-31.64)

    https://catless.ncl.ac.uk/Risks/31/64#subj10.1

    Privately-owned vehicles converted from carbon-fuel to battery-driven propulsion are apparently compliance-exempt from FMVSS 141, save for certain conversions as noted. The NY Times piece identifies at least one company
    that sells and conversion kits for classic VW models.

    A battery-powered stretch-Humvee does not need to hum unless it wants to.

    Here's the NHTSA's Office of Vehicle Safety Compliance (OVSC) response to my inquiry on after-market vehicle conversions.

    From: OVSCPublic@dot.gov
    Date: 06MAY2020

    Please note that the response provided below does not constitute
    authoritative legal advice. If you would like an authoritative answer,
    please request an interpretation from NHTSA's Office of Chief Counsel.

    Please also note that you may wish to consider the relevance of
    state/local laws and insurance policies.

    If this is a privately owned vehicle, and you are the owner, it is likely
    that modifications that you make do not fall under NHTSA's authority and
    would not need to comply with FMVSS 141 unless your modifications are
    extensive enough to make this a new vehicle (e.g. if an old body is placed
    on a new chassis). That being said, we would encourage vehicle owners to
    carefully consider whether vehicle modifications alter the vehicle in a
    way that might affect safety, and to take appropriate steps to ensure
    motor vehicle safety.

    NHTSA's enforcement authority applies primarily to entities such as
    manufacturers, distributors, dealers, and motor vehicle repair businesses
    rather than individual owners. If you are not the owner of the vehicle,
    you are likely to be considered such an entity. (In certain cases, you may
    also be such an entity even if you are the individual owner.) In such a
    case, we suggest seeking an interpretation from the Office of Chief
    Counsel or contacting the Compliance Assistance Program.

    The entities mentioned above are responsible for ensuring that vehicles
    comply with FMVSS that were applicable at the time of first sale - i.e.
    new vehicles. After first sale, such entities may not modify vehicles in a
    manner that knowingly makes inoperative part of a device or element of
    design that is required to maintain compliance with FMVSSs (see 49 USC
    30122). Consequently, a business modifying/repairing a vehicle would need
    to consider whether they are modifying the vehicle in a manner that
    maintains compliance with the FMVSSs that applied to the vehicle at the
    time it was originally manufactured. Additionally, the answer to your
    question may hinge on whether the vehicles you intend to produce are
    consider new or used. If they are considered used, then FMVSS 141 would
    likely not apply. If the vehicle is considered new (e.g. if an old body is
    placed on a new chassis), then FMVSS 141 would apply subject to the
    phase-in schedule detailed in 49 CFR 571.141 S9. The phase-in schedule
    applies to small volume manufacturers beginning on September 1, 2020.

    The Office of Chief Counsel has previously addressed correspondence
    similar to your question. Please note that these interpretations are being
    provided as a reference and may not be applicable to your specific
    circumstances:

    * https://isearch.nhtsa.gov/files/8439.html
    * https://isearch.nhtsa.gov/gm/92/nht92-8.48.html

    For more information about interpretations from NHTSA's Chief Counsel, see
    https://isearch.nhtsa.gov/ For more information on the Compliance
    Assistance Program, see
    https://www.nhtsa.gov/laws-regulations/compliance-assistance-program-cap

    Thank you, OVSC Public

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.80
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)