1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.21

    From RISKS List Owner@21:1/5 to All on Sat Aug 22 00:24:34 2020
    RISKS-LIST: Risks-Forum Digest Friday 21 August 2020 Volume 32 : Issue 21

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.21>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Groundbreaking new material 'could allow artificial intelligence to merge
    with the human brain' (The Independent)
    What would happen to Earth if humans went extinct? (Live Science)
    Would you like to live forever? (The Sun)
    A typo created a 212-story monolith in Microsoft Flight Simulator (Engadget) Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security)
    "Driverless cars are coming soon." (The Telegraph)
    How Your Phone Is Used to Track You, and What You Can Do About It (NYTimes) Tokyo's latest attraction: Transparent public toilets (cnn.com)
    DC No Longer Has Online Voter Registration (DCist)
    GOP-led Senate panel details ties between 2016 Trump campaign and Russian
    interference (NYTimes)
    Trump's 2016 campaign chair was a 'grave counterintelligence threat'
    (WashPost)
    Postal Service backs down on changes as at least 20 states sue over
    potential mail delays ahead of election (CNN)
    America Has Two Feet. It’s About to Lose One of Them. (NYTimes)
    U.S. Secret Service buys location data that would otherwise need a warrant
    (Ars Technica)
    Booze and cruise providers are the latest to be hit by ransomware scourge
    (Ars Technica)
    Researchers Can Duplicate Keys from the Sounds They Make (Kottke)
    Bluetooth update could turn wearables into COVID-19 trackers (Engadget)
    USPS filed a patent for Blockchain voting system (Decrypt)
    Russian opposition leader Alexei Navalny 'poisoned' (BBC)
    Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)
    U.S. COVID-19 and World War 2 mortality rates, interim comparison
    (Richard Stein)
    Israeli gargle trial gives COVID results in 1 sec., 95% accuracy
    (Henry Crun)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 17 Aug 2020 17:15:56 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Groundbreaking new material 'could allow artificial intelligence to
    merge with the human brain' (The Independent)

    Technology could enable new health diagnostics and achieve Elon Musk's
    goal of integrating with artificial intelligence

    Scientists have discovered a ground-breaking bio-synthetic material that
    they claim can be used to merge artificial intelligence with the human
    brain.

    The breakthrough, presented today at the American Chemical Society Fall
    2020 virtual expo, is a major step towards integrating electronics with the body to create part human, part robotic "cyborg" beings.

    Connecting electronics to human tissue has been a major challenge due to traditional materials like gold, silicon and steel causing scarring when implanted.

    Scars not only cause damage but also interrupt electrical signals flowing between computers and muscle or brain tissue. The researchers from the University of Delaware were able to overcome this after various types of polymers. [...]

    https://www.independent.co.uk/life-style/gadgets-and-tech/news/artificial-intelligence-brain-computer-cyborg-elon-musk-neuralink-a9673261.html

    ------------------------------

    Date: Mon, 17 Aug 2020 17:09:42 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: What would happen to Earth if humans went extinct? (Live Science)

    *Nature always finds a way*

    Deep within Guatemala's rainforest sits one of the most famous remnants of
    the *Maya* <https://www.livescience.com/41781-the-maya.html> civilization: a roughly 2,000-year-old citadel turned to ruins called *Tikal* <https://www.livescience.com/23479-tikal-mayan-civilization.html>. When Alan Weisman hiked through the surrounding region, he discovered something fascinating along the way: "You're walking through this really dense rainforest, and you're walking over hills," said Weisman, author and journalist. "And the archaeologists are explaining to you that what you're really walking over are pyramids and cities that haven't been excavated."

    In other words, we know about sites like Tikal because humans have gone to great efforts to dig up and restore their remains. Meanwhile, countless
    other ruins remain hidden, sealed beneath forest and earth. "It's just amazingly thrilling how fast nature can bury us," Weisman told *Live
    Science*.

    This scene from the rainforest allows us a glimpse of what our planet could look like, if humans simply stopped existing. Lately, that idea has been especially pertinent, as the global COVID-19 *pandemic* <https://www.livescience.com/pandemic.html> has kept people inside, and emboldened animals to return to our quieter urban environments -- giving us
    a sense of what life might look like if we retreated further into the background. Weisman, who wrote "The World Without Us" (Thomas Dunne Books, 2007), spent several years interviewing experts and systematically investigating this question: What would happen to our planet -- to our
    cities, to our industries, to nature -- if humans disappeared?

    *A different kind of skyline*. [...] https://www.livescience.com/earth-without-people.html

    ------------------------------

    Date: Mon, 17 Aug 2020 17:18:48 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Would you like to live forever? (The Sun)

    BIO-UPGRADABLE: Meet the super-rich biohackers turning into cyborgs
    with in-built armour and injecting teenagers' *blood* to stay young

    From daily sessions in sub-zero cryo-chambers to stem cell injection and transfusions of teenagers' blood, their bizarre attempts to become
    superhuman have fueled a multi-million dollar industry.

    It may sound like something out of a sci-fi novel, but there's a growing
    band of Silicon Valley billionaires who believe they can achieve eternal
    life through *biohacking* -- the process of making alterations to your body
    to keep it younger.

    Netflix's new drama Biohackers, released on Thursday, (20 Aug) seizes on the terrifying trend by imagining a secretive lab where a young student, played
    by Luna Wedler, discovers a sinister experiment using the techniques on an entire town.

    Here we meet the real Silicon Valley biohackers - the men who want to be immortal. [...]

    https://www.the-sun.com/news/1323518/silicon-valley-biohackers-injecting-teenage-blood/

    ------------------------------

    Date: Fri, 21 Aug 2020 14:39:41 +0800
    From: Dan Jacobson <jidanni@jidanni.org>
    Subject: A typo created a 212-story monolith in Microsoft Flight Simulator
    (Engadget)

    Flight Simulator users recently found an unusual landmark: a 212-story
    monolith towering over an otherwise nondescript suburb in Melbourne,
    Australia.

    After some sleuthing, the title's community found what had caused the tower
    to appear in Flight Simulator. When developer Asobo Studio built its
    detailed recreation of the globe, they pulled data from OpenStreetMap, a
    free map of the world to which anyone can contribute. About a year ago, a
    user named nathanwright120 added a tag that said this one building in
    Melbourne had 212 floors instead of two. Based on their other contributions,
    it appears the edit was a simple typo, not them trying to mislead
    anyone. The error was later corrected by another OpenStreetMap contributor,
    but not before it made its way into Flight Simulator.

    https://www.engadget.com/flight-simulator-open-street-map-building-205545509.html

    ------------------------------

    Date: Mon, 17 Aug 2020 17:12:47 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security)

    A security flaw in the way *Microsoft Windows* guards users against
    malicious files was actively exploited in malware attacks for two years
    before last week, when Microsoft finally issued a software update to correct the problem.

    One of the 120 security holes Microsoft fixed on the 11 Aug Patch Tuesday [NOTED IN RISKS-32.20. PGN] was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs. <https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/>
    <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464>

    Code signing <https://en.wikipedia.org/wiki/Code_signing> is the method of using a certificate-based digital signature to sign executable files and scripts in order to verify the author's identity and ensure that the code
    has not been changed or corrupted since it was signed by the author.

    Microsoft said an attacker could use this spoofing vulnerability to bypass security features intended to prevent improperly signed files from being loaded. Microsoft's advisory makes no mention of security researchers having told the company about the flaw, which Microsoft acknowledged was actively being exploited. [...]

    https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/

    ------------------------------

    Date: Wed, 19 Aug 2020 22:16:44 +0100
    From: Chris Drewe <e767pmk@yahoo.co.uk>
    Subject: "Driverless cars are coming soon." (The Telegraph)

    Old news for RISKS readers, but just announced in the UK.

    Driverless cars are coming soon, and will bring a host of ethical and
    moral dilemmas with them

    https://www.telegraph.co.uk/cars/comment/driverless-cars-coming-soon-will-bring-host-ethical-moral-dilemmas/

    A driverless future is not far away, but what are the implications for
    passengers and pedestrians?

    Whether drivers like them or not, autonomous cars are coming soon to a
    road near you. Well, actually, they are already here. Many modern
    vehicles have the ability to 'see' white lines, kerbs, pedestrians, other
    cars and obstacles, and can steer, brake and accelerate in accordance with
    the road and surrounding traffic. They already have all the hardware
    needed for Level 3 autonomy (although a software update would likely be
    needed before it could be fully activated) but legislation prohibits the
    use of it. Currently, a driver must be in control of the vehicle at all
    times regardless of how clever the vehicle's autonomous systems may be.
    That could be about to change. Ministers in the UK are considering plans
    that could see drivers being allowed to take their hands off the wheel in
    Level 3 autonomous cars, as early as next spring.

    This is what puzzles me. When I'm driving a car, the driving takes my full attention (I have to explain to passengers that my conversation may be a
    little erratic), whereas if I'm a passenger then I try to avoid looking at
    the road so as not to be a mental back-seat driver. If I'm riding in an autonomous vehicle, I would have difficulty in keeping close-enough
    attention to be able to take over instantly if needed. If I have a crash,
    who is liable?

    One example that springs to mind is if the car was approaching a red traffic light; I would initially assume that the car will stop, but if it doesn't, I may not realise until it's too late.

    ------------------------------

    Date: Fri, 21 Aug 2020 07:00:00 -0600
    From: "Matthew Kruk" <mkrukg@gmail.com>
    Subject: How Your Phone Is Used to Track You, and What You Can Do About It
    (NYTimes)

    Smartphone location data, often used by marketers, has been useful for
    studying the spread of the coronavirus. But the information raises troubling privacy questions.

    https://www.nytimes.com/2020/08/19/technology/smartphone-location-tracking-opt-out.html?surface=home-living-vi&fellback=false&req_id=845505994&algo=identity&imp_id=61664156&action=click&module=Smarter%20Living&pgtype=Homepage

    ------------------------------

    Date: Tue, 18 Aug 2020 23:59:09 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Tokyo's latest attraction: Transparent public toilets (cnn.com)

    https://edition.cnn.com/travel/article/tokyo-toilet-project-transparent-toilets/index.html

    Light valves control opacity electrically or optically. When not energized,
    the valve is dark.

    Energize the valve to expose the toilet interior when the door is unlocked.

    Lock the door to power-down the valve, and the walls darken in ~1-3 seconds.

    Not hard to imagine a lock bypass when occupied. There might be a backup interlock using an motion detector to defeat door lock shorts/bypasses.

    Doubt this prank would arise in Tokyo given civility and group cohesion. Regardless of culture or country, an uneventful bio-break should be a guaranteed human right.

    [Smart loos? What could possibly go wrong? PGN]

    ------------------------------

    Date: Tue, 18 Aug 2020 17:33:38 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: DC No Longer Has Online Voter Registration (DCist)

    But as Jackson, 27, tried to use the app and its companion portal online, neither would work. And he soon learned why: In a move that wasn't widely publicized, the D.C. Board of Elections recently discontinued the
    long-troubled app, killing the only means for residents to register online
    to vote in the process. ``I was just frustrated that there was no
    information online. There was no clear communication.''

    Election officials say the app was notoriously buggy and no longer
    reliable. And they concede it isn't likely that the elections board will be able to roll out a new app before the Nov. 3 election, potentially making it more difficult for new residents to register to vote or for existing voters
    to change their information. ``We are working to identify a new possible vendor, but significant testing would need to be done prior to launch, and we’re not sure this will be doable before the general [election],'' said Rachel Coll, a spokeswoman for the elections board, in an email. ``We're actively looking, though.''

    https://dcist.com/story/20/08/18/dc-no-longer-has-online-voter-registration/

    ------------------------------

    Date: Tue, 18 Aug 2020 14:02:54 PDT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: GOP-led Senate panel details ties between 2016 Trump campaign and
    Russian interference (NYTimes)

    https://www.nytimes.com/2020/08/18/us/politics/senate-intelligence-russian-interference-report.html

    ------------------------------

    Date: Tue, 18 Aug 2020 09:14:28 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Trump's 2016 campaign chair was a 'grave counterintelligence
    threat' (WashPost)

    Trump's 2016 campaign chair was a 'grave counterintelligence threat,' had repeated contact with Russian intelligence, Senate panel finds

    https://www.washingtonpost.com/national-security/senate-intelligence-trump-russia-report/2020/08/18/62a7573e-e093-11ea-b69b-64f7b0477ed4_story.html

    ------------------------------

    Date: Tue, 18 Aug 2020 11:45:23 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Postal Service backs down on changes as at least 20 states sue over
    potential mail delays ahead of election (CNN)

    https://www.cnn.com/2020/08/18/politics/post-office-dejoy/index.html

    ------------------------------

    Date: Wed, 19 Aug 2020 15:05:30 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: America Has Two Feet. It’s About to Lose One of Them. (NYTimes)

    For decades, U.S. metrologists have juggled two conflicting measurements for the foot. Henceforth, only one shall rule.

    https://www.nytimes.com/2020/08/18/science/foot-surveying-metrology-dennis.html

    [Who's going to foot the bill? Or, do we need a bill for the foot?
    Could this become a partisan issue in the U.S. Congress? PGN]

    ------------------------------

    Date: Tue, 18 Aug 2020 17:59:01 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: U.S. Secret Service buys location data that would otherwise need a
    warrant (Ars Technica)

    Agencies' ability to purchase any data on the open market is a big loophole.

    https://arstechnica.com/tech-policy/2020/08/secret-service-other-agencies-buy-access-to-mobile-phone-location-data/

    ------------------------------

    Date: Tue, 18 Aug 2020 17:53:48 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Booze and cruise providers are the latest to be hit by ransomware
    scourge (Ars Technica)

    Jack Daniel's distiller and Carnival cruise operator both warn of personal
    data theft.

    https://arstechnica.com/information-technology/2020/08/booze-and-cruise-providers-are-the-latest-to-be-hit-by-ransomware-scourge/

    ------------------------------

    Date: Wed, 19 Aug 2020 10:05:56 -0400
    From: Tom Van Vleck <thvv@multicians.org>
    Subject: Researchers Can Duplicate Keys from the Sounds They Make (Kottke)

    https://kottke.org/20/08/researchers-can-duplicate-keys-from-the-sounds-they-make-in-locks

    ------------------------------

    Date: Wed, 19 Aug 2020 12:44:19 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Bluetooth update could turn wearables into COVID-19 trackers
    (Engadget)

    https://www.engadget.com/covid-bluetooth-sig-ens-wearables-plan-120555994.html

    ------------------------------

    Date: Thu, 20 Aug 2020 9:03:54 PDT
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: USPS filed a patent for Blockchain voting system (Decrypt)

    https://decrypt.co/39162/usps-blockchain-voting-not-ready-primetime

    [This keeps getting sillier. PGN]

    ------------------------------

    Date: Thu, 20 Aug 2020 13:07:07 PDT
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Russian opposition leader Alexei Navalny 'poisoned' (BBC)

    https://www.bbc.com/news/world-europe-53844958

    Why is this relevant to RISKS? Because the truth is a precursor to
    avoiding risks. Dissent into hell? PGN]

    ------------------------------

    Date: Fri, 21 Aug 2020 14:26:57 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)

    Before public health officials can manage the pandemic, they must deal with
    a broken data system that sends incomplete results in formats they can't
    easily use.

    https://www.nytimes.com/2020/07/13/upshot/coronavirus-response-fax-machines.html

    Doesn't mention eFax and similar services which at least eliminate paper
    mountains. But they cost $ for these volumes. GG

    ------------------------------

    Date: Tue, 18 Aug 2020 17:40:53 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: U.S. COVID-19 and World War 2 mortality rates, interim comparison

    [Note: I undertook this historical comparison out of curiosity. I am not
    an epidemiologist. The calculations yield average mortality rate measures
    based on accumulated public epidemiological reports and historical US
    government sources.]

    COVID-19 represents a mortal threat, analogous to an enemy combatant in
    battle.

    nUS involvement in World War 2, per Congressional Research Service (see https://fas.org/sgp/crs/natsec/RL32492.pdf), identifies 291,557 battle
    deaths between 07DEC1941 and 14AUG1945 (192 weeks and 2 days). Total deaths
    are much higher: 405,399 (which includes 113,842 "Other Deaths" arising from accidents, disease, and infections).

    The arithmetic yields: 291,557 battle deaths/192.29 weeks ~= 1516 battle
    deaths per week.

    Since 22JAN2020 until 18AUG2020 (29 weeks, 6 days), Johns Hopkins (https://coronavirus.jhu.edu/data/new-cases active since 22JAN2020, see
    US tracker) reports 170,584 deaths from COVID-19.

    These casualty rate figures shock my senses.

    Consider the reporting time interval ratio (COVID-19 29.86 weeks/WW2
    192.29 weeks) ~= 0.16, or ~1/6th the total duration of World War 2.

    The ratio of COVID-19 to WW2 battle deaths per week: 5712/1516 ~= 3.77.

    The casualty rate ratio shatters my senses!

    Without a viable and effective vaccine, the US COVID-19 casualty risk will accumulate until effective disease prophylactic measures are adopted and applied with civility.

    ------------------------------

    Date: Tue, 18 Aug 2020 13:58:05 +0300
    From: Henry Crun <mike@rechtman.com>
    Subject: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy

    Championing it as instant, cheap and reliable, innovators at Israel's
    largest hospital say their invention could become the world's standard COVID screening method.

    [No source given. PGN]

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.21
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)