precedence: bulk
Subject: Risks Digest 29.00 (97), Volume 29 summary
REPLY-TO: risks@csl.sri.com
RISKS-LIST: RISKS-FORUM Digest Volume 29 : Issue 00 (97)
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
SUMMARY OF RISKS VOLUME 29 (3 Oct 2015 -- 10 Dec 2016)
(NOTE: This summary is archived in ftp file risks-29.00 at ftp.sri.com,
cd risks, and is also at http://catless.ncl.ac.uk/Risks/29.00.html.)
----------------------------------------------------------------------
Date: Wed, 17 Aug 2016 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
RISKS 29.00
SUMMARY OF RISKS VOLUME 29 (ongoing) (archived in ftp file risks-28.00)
RISKS 29.01 Saturday 3 October 2015
NSA's Trojan Horse Scored Gold at Athens Olympics (Henry Baker)
Xerox "more secure" Supply Chain (Gizmodo via AlMac)
Newly found TrueCrypt flaw allows full system compromise (PGN)
Google's Cute Cars And The Ugly End Of Driving (Lauren Weinstein)
Nerves rattled by highly suspicious Windows Update (Ars)
France pushes for global surveillance (EFF)
Michael Chertoff on encryption, etc. (HuffPost)
Experian hack exposes 15 million people's personal information (The Guardian
and Ars Technica)
Gigabytes of user data from hack of Patreon donations site dumped
online (Dan Goodin)
A billion Android phones are vulnerable to new Stagefright bugs (Dan Goodin)
Drop-dead simple exploit completely bypasses Macs malware Gatekeeper
(Dan Goodin)
UN proposes massive Internet censorship (WashPo)
Open Office on Ubuntu (SMB via PGN)
Re: EPA v VW cheatware, AI & "machine learning" (Paul Fenimore)
Re: VW Scandal (Pete Kaiser)
Adblock sells out -- refuses to identify the buyer (NextWeb)
The ad-block-alypse has arrived: a mobile carrier has for the first
time begun blocking *all* ads on its customers' phones (Monty Solomon)
Re: Ad-blocking (John Levine)
RISKS 29.02 Tuesday 6 October 2015
Your MRI machine has already been pwned (Scott Erven and Mark Collao via
Henry Baker)
European court of Justice bans "Safe Harbor" decision (Thomas Koenig)
Top EU court says US privacy protections are inadequate in landmark
ruling (Amar Toor)
How Many Deaths Did Volkswagen's Deception Cause in the U.S.? (NYTimes)
Engine Shortfall Pushed Volkswagen to Evade Emissions Testing (NYTimes)
Peeple Risks (Rob Slade)
The Athens Affair shows why we need encryption without backdoors
(Trevor Timm, Dorothy Denning, Grady Booch)
Got 'Em! Researchers Steal Crypto Keys From Amazon Cloud (Fahmida Y. Rashid)
Identifying Problems With National Identifiers: Supposedly Encrypted
Numbers Can Be Easily Decrypted (Harvard)
Study Rates UW CSE ... Most Practically Relevant (U.Wash)
US Customs collecting info on every Amtrak passenger (Al Mac)
Scottrade had no idea about data breach until the feds showed up (PCWorld)
Sherry Turkle's Reclaiming Conversation (NYTimes)
Business Technology Starts to Get Personal (NYTimes)
Re: Open Office on Ubuntu (Henry Crun)
Re: How to make the Internet worse for everyone except the slimeballs
(David Canzi)
Putting Mobile Ad Blockers to the Test (NYTimes)
Re: Adblock sells out -- refuses to identify the buyer (Alan Ralph)
RISKS 29.03 Wednesday 14 October 2015
Obama Won't Seek Door to Encrypted User Data (Perlroth/Sanger)
Voting Machines and the VW Emission Controversy (Rebecca Mercuri)
DMCA/TPP: How Do You Cross-Examine Proprietary Software? (Rebecca Wexler
via Henry Baker)
Southwest Flights Grounded by Sunday Computer Glitch (Jonathan Spira)
Leak site Cryptome accidentally leaks its own visitor IP addresses
(Daily Dot)
Rickety SHA-1 dead at age 20 after long zombie illness (Dan Goodin)
Unintentional cheating by compilers (Robert Wilson)
Cyber Insecurity at Civil Nuclear Facilities (Henry Baker)
Buying a new laptop causes a massive increase in Chevy truck
cellular data usage (Steve Golson)
Mail merge needs to actually merge (Geoff Kuenning)
Undercover New Hampshire police nab cellphone ban violators (Monty Solomon)
Re: Top EU court says US privacy protections are inadequate in landmark
ruling (Robert Levine)
Re: Obama administration on encryption backdoors (Amos Shapir)
Re: EPA v VW cheatware, AI & "machine learning" (Amos Shapir)
Outlook.com OAuth vulnerability, now fixed (JC Chu)
Re: Your MRI machine has already been pwned (Kevin Fu)
Re: Putting Mobile Ad Blockers to the Test (Alan Ralph)
Apple Approves An App That Blocks Ads In Native Apps, Including Apple News
(Tech Crunch)
RISKS 29.04 Saturday 17 October 2015
Flight MH17 downed by Russian-built missile (PGN)
ACARS pen-tester reports vulnerabilities according to EASA (PGN)
U.S. Navy teaching celestial navigation in case computers infected
(Mark Thorson)
Lessons from Ten Years of IT Failure (Robert Charette)
How the NSA can break trillions of encrypted Web and VPN connections
(Ars Technica quoting Alex Halderman and Nadia Heninger)
Reducing risks in national elections? (NYTimes)
Tesla Adds High-Speed Autonomous Driving to Its Bag of Tricks (NYTimes)
Software fault causes UK drivers to be banned from driving (The Guardian)
Robber uses Uber as getaway car (Mark Thorson)
UltraDNS Server Problem Pulls Down Websites, Including Netflix, for
90 Minutes (NYTimes)
Compulsive Texting Takes Toll on Teenagers (NYTimes)
The Deception Behind Illegal Bets (NYTimes)
Art Forgers Beware: DNA Could Thwart Fakes (NYTimes)
Apple Is Said to Deactivate Its News App in China (NYTimes)
Majority of ISPs not ready for metadata laws that come into force
(Australian ABC)
If you're not Flash Player "free" by now, you REALLY oughta be...
(AppleInsider via Geoff Goodfellow)
Credit Rules (US gov via AlMac)
Video Explainer: How Criminals Can Easily Hack Your Chip & PIN Card
(Gizmodo)
FBI's statement on microchip-enabled credit cards (Armando Stettner)
FBI takes down alert on chip credit cards after bankers complain
(John Levine)
Social Media Abuse Stories to Shrivel Your Soul (NYTImes)
Re: Undercover New Hampshire police nab cellphone ban violators
(Bob Frankston)
Apple removes Been Choice and other ad blockers from its app store
(Monty Solomon)
RISKS 29.05 Monday 26 October 2015
Now we know the NSA blew the black budget breaking crypto, how can
you defend yourself? (Cory Doctorow)
Most NHS depression apps are unproven, warn health experts (Chris Drewe
DoD tries to upgrade cyberdefenses (IHLS via Alister Wm Macintyre)
US Copyright Office outage - *not* a breach (Jeremy Epstein)
Senator Wonders If 'Pro-Botnet' Caucus Derailed His CISA Amendment
(HuffPost)
Most Americans would be fine with some Internet surveillance if
they were notified (Daily Dot)
CCTV cameras worldwide used in DDoS attacks (ZDNet)
Thailand reacts badly to protests via Internet (IHLS)
Privatizing censorship in fight against extremism is risk to press freedom
(CPJ)
Russia 'tried to cut off' World Wide Web (*The Telegraph)
CIA and DHS directors' personal email reported hacked;
China's "character scores (WYFF4)
Hackers Prove They Can Pwn the Lives of Those Not Hyperconnected (NYT)
Western Digital self-encrypting hard drives riddled with security flaws
(Ars Technica)
"Tricky new malware replaces your entire browser with a dangerous Chrome
lookalike" (Jared Newman)
FTD's -- Fitbit Transmitted Diseases (Henry Baker)
NTP Attacks: It's Earlier Than You Think (Jeremy Kirk)
Hackers Make Cars Safer. Don't Ban Them From Tinkering (*WiReD*)
Driverless cars, auto insurance, electric cars (Gabe Goldberg)
UK Govt's Surveillance -- Who's Doing It? (Fraser Nelson via Chris Drewe)
UK TalkTalk hacked again (IHLS)
Encrypted VoIP Leaks: Can You Hear Me Now? (Henry Baker)
Feds to Apple: Game Over; EULA LUSA (Richard Chirgwin)
Identity Chaos, Courtesy of Your Federal Government (Ron Lieber)
Cops are asking Ancestry.com and 23andMe for their customers' DNA
(Kashmir Hill)
Re: Art Forgers Beware: DNA Could Thwart Fakes (Gary Hinson)
Re: Reducing risks in national elections? (Michael L. Cook)
Re: Tesla Adds High-Speed Autonomous Driving to Its Bag of Tricks
(Stephen Kent)
RISKS 29.06 Friday 30 October 2015
China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities
In U.S. Security Systems (The Onion)
EFF Wins Petition to Inspect and Modify Car Software (EFF)
Brain-dead email from medical practice (Gabe Goldberg)
It ain't just squirrels vs. power lines. Now it's drones (LA Times)
World Series Drama: A Four-Minute Blackout (NYTimes)
Report says "You've been hacked!" (Merrill Lynch RIC)
Allegations of San Francisco voter fraud (EFF)
Xen patch addresses 7-year old privilege escalation flaw (Ars Technica)
Cars' Voice-Activated Systems Distract Drivers (NYTimes)
Re: Most Americans would be fine with some Internet surveillance if .. (PGN)
E-mail encryption is still an oxymoron
(SIGCOMM paper and Joseph Cox via Henry Baker)
Re: Encrypted VoIP Leaks: Can You Hear Me Now? (Jeremy Epstein, Henry Baker)
Re: Cops are asking Ancestry.com and 23andMe for their customers' DNA
(R. G. Newbury)
If You REALLY Want to Change the World ... (Kressel and Winarsky via PGN)
RISKS 29.07 Tuesday 3 November 2015
UK: Internet firms to be banned from offering unbreakable encryption
under new laws (The Telegraph)
Weather radios down; severe weather a possibility (Ben Moore)
Of cats and cliffs: the ethical dilemmas of the driverless car
(Gabe Goldberg)
Fyunch(click)-jacking [1]: The Internet of Ears (Daniel Dern)
What We Know About the Computer Formulas Making Decisions in Your Life
(Lauren Kirchner via Judy Clark)
Chase Fraud *Protection*? (HASM)
Risks of banks not practising what they preach (Steve Loughran)
RushCard outage (Alister Wm Macintyre)
$1 million iPhone Zero-day Bounty (Henry Baker)
World's biggest tech companies get failing grade on data-privacy rights ...
from me! (Tim Libert)
S.Korea pulls plug on government-mandated child surveillance app
(USNews via Lauren Weinstein)
Wikipedia and Deepak Chopra: Open-Source Character Assassination (HuffPost)
ISIS Hackers can target Critical Infrastructure? (IHLS)
Arbitration Everywhere, Stacking the Deck of Justice (NYTimes)
Re: E-mail encryption is still an oxymoron (Dimitri Maziuk, David E. Ross)
RISKS 29.08 Monday 9 November 2015
Cybersecurity Firm FireEye Blames Tanking Stock On U.S.-China Hacking Deal
(Robert Hackett via Prashanth Mundkur)
Helping victims who used encrypted privacy (Scripps via AlMac)
Anonymity of Crooks (Knujon)
Trade Pact Could Bar Governments From Auditing Source Code (WiReD)
TPP Details made public (NZ)
Net Of Insecurity: The kernel of the argument (Craig Timberg)
German & US spy scandals make us paranoid (IBTimes et al. via AlMac)
UK Health Minister announces a review of NHS IT (Martyn Thomas)
Why haven't our medical records entered the digital age (538)
Programmers: Stop Calling Yourselves Engineers (Ian Bogost)
More and more audio enthusiasts hitting fast forward (Boston Globe)
When Neighbors Tangle Online (NYTimes)
Volkswagen Says Whistle-Blower Pushed It to Admit Broader Cheating
(NYTimes)
The EC is preparing a frontal attack on the hyperlink (Julia Reda)
Ransomware: Newest viral marketing gimmick (Dan Goodin via Henry Baker)
Re: Internet of Ears / OK Google (William Brodie-Tyrrell)
Re: Wikipedia and Deepak Chopra: Open-Source Character
Assassination (Rob Slade)
Re: $1 million iPhone Zero-day Bounty (Brian Inglis)
RISKS 29.09 Friday 13 November 2015
Another failed software project: DHS online immigration forms (WashPo
via Jeremy Epstein)
Driverless car stopped by officer in traffic (PGN)
Toyota's A.I. Research Efforts Could Mean Cars That Anticipate
Traffic, Pedestrian Moves (Sharon Gaudin)
Windows 3.1 Is Still Alive, And It Just Killed a French Airport
(Peter Longeray via Jim Reisert)
Aircraft maintenance -- and making sausages? (PGN)
Ukraine Cyberwar's Hottest Front (Coker and Sonne)
UK law will allow secret backdoor orders for software, imprison you
for disclosing them (BoingBoing)
UK Snooper's Charter would devastate computer security (Ars Technica)
Court Says Tracking Web Histories Can Violate Wiretap Act (WiReD)
Linux users targeted by new Linux.Encoder.1 encryption ransomware
(Mark Wilson)
"Crackas With Attitude" claim they hacked the FBI's LEEP portal
(ted byfield)
Anatomy of an Incident Website on Industrial Process Control Incidents
Launched (Rob Wilcox)
10 reasons why phishing attacks are nastier than ever (InfoWorld)
Apple and Google yank Instagram password-stealing app from app stores
(ZDNet)
Encouraging trends and emerging threats in email security (Lauren Weinstein)
It's Way Too Easy to Hack the Hospital (Reel and Robertson)
Oz 'My Health Record': more surveillance than health (Richard Chirgwin)
Re: UK Health Minister announces a review of NHS IT (Prashanth Mundkur)
My first purchase with a chipped card (Paul Robinson)
Tor Users Matter (Matthew Green)
Microsoft: Self-Righteously Reformed Privacy Advocate (Henry Baker)
New Microsoft Country Clouds Won't Bring Reign (Henry Baker)
Vizio TV spies on you whether you agree or not (Dan Goodin via HB)
Re: Helping victims who used encrypted privacy (Barry Gold)
Re: Wikipedia and Deepak Chopra (3daygoaty)
Re: German & US spy scandals ... (Clint Chaplin)
RISKS 29.10 Tuesday 17 November 2015
Microsoft Helps Out Healthcare Sector With New Data Encryption Algorithm
(Softpedia)
Encrypted Messaging Apps Face New Scrutiny Over Possible
Role in Paris Attacks (David E. Sanger and Nicole Perlroth)
Edward Snowden and spread of encryption blamed after Paris terror attacks
(MacDailyNews)
Politicians blame Snowden for Paris attacks (DailyDot)
Let's flush privacy down the toilet (Russell Brandom)
Police body cams found pre-installed with notorious Conficker worm
(Ars Technica)
NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography
Standard (Scientific American republishing)
Re: In wake of Paris attacks, renewed calls for encryption backdoors
(The Guardian)
ICANN policy problems (CircleID via AlMac)
The Microcomplaint: Nothing Too Small to Whine About (NYTimes)
Re: Software is forever (Wendy M. Grossman)
Re: Driverless car stopped by officer in traffic ... (AlMac, Clint Chaplin,
Dan Geer)
Re: Wikipedia and Deepak Chopra (Dan Jacobson)
Re: Beware of ads that use inaudible sound to link your phone, TV, tablet,
and PC (Doug Humphrey)
Re: My first purchase with a chipped card (Carl Byington, Chris Drewe)
Re: Encouraging trends and emerging threats in email security
(Dimitri Maziuk)
Bruce Schneier's CRYPTO-GRAM, 15 Nov 2015 (PGN)
RISKS 29.11 Thursday 19 November 2015
House panel examines safety risks and benefits of the Internet of Cars
(USA Today)
Signs Point to Unencrypted Communications Between Terror Suspects
(Bob Hinden)
Anonymous vs. ISIS: Netpolitik After the Pari s Attacks (Charlie Firestone)
DO SOMETHING: After Paris, flailing to protect us (Ashley Carman and others
u via Henry Baker)
CIA snooping on Congress (EPIC and the NYTimes via PGN)
Feds bugged steps of Silicon Valley courthouse (Dan Goodin)
When TV Turns Itself Off (NYTimes)
CMU cybersecurity warrant canary dies (Henry Baker)
Carnegie Mellon denies it was paid to help the FBI crack Tor (Ashley Carman)
On Fake Instagram, a Chance to Be Real (NYTimes)
Re: My first purchase with a chipped card (John Levine)
RISKS 29.12 Wednesday 25 November 2015
Laser damages pilot's eye (The Guardian)
Data breach in Georgia could affect 6 million voters (MYAJC)
Tech group rejects post-Paris call for data encryption backdoors (Volz)
After Lenovo now Dell PCs and Laptops are shipping with rogue root level CA
(Techworm)
Dell provides cert removal tool nightmare (Ars Technica)
SSL Safer (SHA2TEST.com)
The Right to Tinker With Cars' Software (NYTimes)
Dyre for Win 10 (Help Net & Heimdal)
Federal privacy law lags far behind personal-health technologies (WashPo)
The 911 System Isn't Ready for the iPhone Era (NYTimes)
Bank fined: automated electronic foreign exchange trading misconduct
(DFS.NY via The Conversation)
IRS cyber security challenges (GAO & Gov Info Security)
Net of Insecurity (Craig Timberg)
Government minister poses with his password on a PostIt note
(Diomidis Spinellis)
Multiple Paris Attackers were on US Watch Lists (Free Beacon)
Re: Beware of ads that use inaudible sound... (Chris Drew)
RISKS 29.13 Thursday 26 November 2015
HIPAA Settlement Reinforces Lessons for Users of Medical Devices (HHS)
China Cuts Mobile Service of Xinjiang Residents Evading Internet Filters
(*NYTimes*)
Who's right on crypto? An American prosecutor or a Lebanese coder?
(Kieren McCarthy)
Sneaky Microsoft renamed its data slurper before sticking it back
in Windows 10 (*The Register*)
Black Friday Falters as Consumer Behaviors Change (*NYTimes*)
RISKS 29.14 Wednesday 2 December 2015
NTSB: Controllers, Software Complicit In Wrong-Runway Landings
(Aviation Week via Steve Golson)
Database Error Complicit In Turkish Airlines Landing Accident (Steve Golson)
Software Cut Off Fuel Supply In Stricken A400M (Steve Golson)
Everyone is lying about the downed Russian jet (Motherboard)
Tech fails led to 'Spooky' strike on Drs Without Borders hospital
(Sean Gallagher)
One-person one-vote principle in Texas (Voting News Weekly)
Hacking in Argentina (Nicole Perlroth)
China accused of hacking Australian Bureau of Meteorology and more
(IBTimes)
Hello Barbie can spy for crooks (*The Guardian*)
VTech hacker exposes the personal information of more than 200,000
kids and millions of parents (Lorenzo Franceschi-Bicchierai)
Google Maps hacked to show "Kalusunan" instead of Luzon (Dan Jacobson)
Embedded vulnerability (Sec-Consult & Carnegie CERT/CC)
MagSpoof disables chip and pin (Help Net)
Electrical incompatibility (Android)
Cops complain about civilian encryption use, but conduct tactical
ops in the clear (NNSquad)
After Paris attacks, US politics shift on government phone data
collection; Rubio sees opening (AP)
L.A. License Plate Readers proposed for john-shaming (Nick Selby)
The Serial Swatter (NYTimes)
UK ISP boss points out massive technical flaws in Investigatory
Powers Bill (Ars Technica)
Reply@not.possible? For how long? (Dan Jacobson)
Re: The Right to Tinker With Cars' Software (Steve Lamont)
RISKS 29.15 Wednesday 9 December 2015
Reboot not a solution -- especially for commercial aviation (Mark Richards)
Working on Cheaper Sensors, Deeper Learnings (Gabe Goldberg)
How Electronic Health Records Are Harming Patients (CIO)
Hopeless failure of Dutch telecom providers & Phone House to protect
personal data: How I could access 12+ million records (Kees Huyser)
Car calls 911 to report accident after Florida hit and run (ABC)
Fired Kemp worker says he is a scapegoat re: Massive Georgia data breach
(AJC)
Trend Micro finds security bugs in over 6M devices (Help Net)
"New payment card malware hard to detect and remove" (Jeremy Kirk)
The attack that broke Tor, and how Tor plans to fix it (Kashmir Hill)
France looking at banning Tor, blocking public Wi-Fi (Sebastian Anthony)
Interesting hack to gain backstage access (BBC via Ken Olthoff)
"I gave my students iPads -- then wished I could take them back"
(WashPost)
"Why Node.js waited for OpenSSL security update before patching"
(Fahmida Y. Rashid)
I thought it was "https://" (Dan Jacobson)
Road to Robotic Parking Is Littered With Faulty Projects
(UK National Crime Agency *via The New York Times*)
Your child is a CYBER-CRIMINAL! (UK National Crime Agency via
Lauren Weinstein)
How not to report on the encryption 'debate' (CJR)
Terrorists Mock Bids to End Use of Social Media (NYTimes)
Re: Database Error Complicit In Turkish Airlines Landing Accident
(Dan Jacobson)
"Post on Facebook - and get a tax bill." (Kate Palmer via Chris Drewe)
Re: Everyone is lying about the downed Russian jet? (David Damerell)
Re: reply@not.possible (Dimitri Maziuk)
Voter Privacy in the Age of Big Data (Ira Rubenstein)
RISKS 29.16 Monday 14 December 2015
Tablet computer zoom error lets plane fly 13 hours with 46cm hole
(*The Register*)
Boston Red Line train leaves station without operator (*The Boston Globe*)
VW Says Emissions Cheating Was Not a One-Time Error (*NYTimes*)
The Moral Failure of Computer Scientists (Phillip Rogaway, *The Atlantic*)
Twitter says it was target of state-sponsored hack (*The Boston Globe*)
"Europe Could Kick Majority of Teens Off Social Media, and That Would Be
Tragic" (HuffPost)
Maine General Health Breach (Gov Info Sec)
Medical privacy: small scale violations (Propublica via Suzanne Johnson)
Cloud Lock inspects security by industry (Help Net via Al Mac)
Malvertising: these advertisers *really* want your business (*WiReD*)
AT&T Fools Entire Media With Giant Gigabit Fiber Bluff (DSLreports via
Lauren Weinstein)
New York State Health Insurance site implemented with elementary
security flaws, blames the whistleblower (Gothamist)
Massive DDoS attack on core Internet servers was 'zombie army'
botnet from popular smartphone app (*IBTimes* via Bob Frankston)
Microsoft pulls botched patch KB 3114409 that triggered problems
with Outlook 2010 (Woody Leonhard)
"Microsoft Edge has inherited many of Internet Explorer's
security holes" (Woody Leonhard)
Discrimination by Airbnb Hosts Is Widespread, Report Says (*NYTimes*)
Your iPhone Is Ruining Your Posture -- and Your Mood (*NYTimes*)
America's secret cyberarsenal (*NYTimes* via Henry Baker)
Re: "I gave my students iPads -- then wished I could take them back
(Gene Wirchenko)
Re: Voter Privacy in the Age of Big Data (Mark E. Smith)
Re: Working on Cheaper Sensors, Deeper Learnings (Amos Shapir)
Re: Your child is a CYBER-CRIMINAL! (Amos Shapir, Simon Wright, Henry Baker)
RISKS 29.17 Tuesday 15 December 2015
Former National Security Officials Urge Government to Embrace Risks of
Encryption (Ellen Nakashima)
What the government should've learned about backdoors from the
Clipper Chip (Sean Gallagher)
"Final cyber security bill paves way for the surveillance state"
(Caroline Craig)
Lightbulb DRM: Philips Locks Purchasers Out Of Third-Party Bulbs
With Firmware Update (TechDirt)
Personalized news hits home (Quealy and Sanger-Katz via Charles C Mann)
European Space Agency records leaked for amusement, attackers say (CSO)
FAA Wants Your Credit Card Number when you register your drones
(Lauren Weinstein)
Thai Man May Go to Prison [for 37 years] for Insulting King's Dog on
social media (NYTimes)
13 million MacKeeper users exposed after MongoDB door was left open
(Ars Technica)
Bangladesh extends social media ban, blocking Twitter and Skype
(Lauren Weinstein)
Hackers actively exploit critical vulnerability in sites running Joomla
(Ars Technica)
Small, community banks using machine learning to reduce fraud
(NetworkWorld)
Lie-detecting Software uses Machine Learning to Achieve 75 Percent Accuracy
(Scientific Computing)
British government admits selling Internet addresses to Saudi
Arabia and says it can't stop ISIS extremists using them
Your iPhone Is Ruining Your Posture -- and Your Mood (David Damerell)
Google links back to itself (Peter Houppermans)
A looming anniversary, and an offer (Gene Spafford)
Re: America's secret cyberarsenal (Henry Baker)
RISKS 29.18 Thursday 24 December 2015
Power failure and equipment damage causing continuing major
shutdowns at U.S. Patent and Trademark Office (USPTO)
The Strangest, Most Spectacular Bridge Collapse -- and How We Got It
Wrong (Motherboard)
Driverless Cars (Analog)
Driverless cars: too safe at any speed? (Keith Naughton)
How difficult it is to do crypto properly (Steve Bellovin)
Juniper backdoor (PGN)
Apple Pushes Against British Talk of Softening Encryption (NYTimes)
Meet the woman in charge of the FBI's most controversial high-tech
tools (WashPost)
MIT's Vuvuzela Messaging System Uses 'Noise' to Ensure Privacy
(Tim Greene)
Believe it -- or don't: InterApp: The Gadget That Can Spy on Any
Smartphone (Softpedia)
Vulnerability in popular bootloader puts locked-down Linux
computers at risk (Lucian Constantin)
The Mystery of India's Deadly Exam Scam (TheGuardian via Ashish Gehani)
Cisco shocker: Some network switches may ELECTROCUTE you
(The Register)
European Space Agency records leaked (Clive Page)
Database leak exposes 3.3-million Hello Kitty fans (CSO)
Idiot naughty word filter strikes again (Gabe Goldberg)
New cybercrime thread, forging deeds using online records
(nasdaq item via Robert Schaefer)
Super-literate software reads and comprehends better than humans
(New Scientist)
Hotmail and how not to block spam (Turgut Kalfaoglu)
President of China calls for the world to cooperate with China
to censor the entire Internet (USNews)
Wish list app from Target springs a major personal data leak
(Ars Technica)
Comcast Users Beware (Malwarebytes & Help Net)
US Politics: redirecting URLs (Politico)
Re: British government admits selling Internet addresses to Saudi Arabia
(Amos Shapir)
Re: The Moral Failure of Computer Scientists (Karl Auerbach)
Re: Philips Locks Purchasers ... (Chris Drewe)
Re: Lie-detecting Software uses Machine Learning to Achieve 75% ...
(Stephen Doig)
Re: Lie-detecting Software uses Machine Learning to Achieve
75 Percent Accuracy (Gene Wirchenko)
Re: A looming anniversary, and an offer (David Gillett)
RISKS 29.19 Monday 28 December 2015
"Listen up, FBI: Juniper code shows the problem with backdoors"
(Fahmida Rashid)
NSA Helped British Spies Find Security Holes In Juniper Firewalls
(Gallagher and Greenwald)
More on Juniper backdoor (Henry Baker)
China passes law requiring tech firms to hand over encryption keys
(Mark Wilson via Henry Baker)
China's New Big Brother Law Is A Clone Of The West's Bad Ideas (HuffPo)
Dangerous helicopter bird strikes on the rise, FAA warns (KSL via LW)
Techno-skeptics objection growing louder (WashPo)
U.S. Says Hacker Stole IDs and Unreleased Scripts From Host of Celebrities
(NYTimes)
Re: Reply by Karl Auerbach to The Moral Failure of Computer Scientists
(Gene Wirchenko)
Re: Super-literate software reads and comprehends better than humans
(Gene Wirchenko)
Re: Vulnerability in popular bootloader puts locked-down Linux, computers at
risk (Mike Rechtman)
Re: Lie-detecting Software uses Machine Learning to Achieve 75%
accuracy (Erling Kristiansen)
Re: Hotmail and how not to block spam (John Levine)
Re: Driverless Cars (John Levine)
RISKS 29.20 Tuesday 5 January 2016
Dutch government defers on dumbing down security (EDRi)
Bug in prison-release calculations unknown for 10 years, unfixed for 3 more
(Mark Brader)
Kid Racks Up $5,900 Bill on Dad's iPad Playing Jurassic World (PCMag)
Payment Card Protocols Wide Open to Fraud (OnTheWire)
IRS insider crime (Tax Law Prof Blog)
Risks of Facial Recognition (Consumer Reports via Al Mac)
"Tim Peake said a spreadsheet error had caused his prank call from space"
(Sarah Knapton)
Video of L.A. hoverboard fire (Al Mac)
Cisco joins Juniper in thorough checking (Bank Info Sec)
Analysis of VW Dieselgate SW (Henry Baker)
Millions of Voter Records Posted, and Some Fear Hacker Field Day (NYTimes)
2 Bankers Charged With Creating AT Cards to Steal From Accounts (NYTimes)
Microsoft may have your encryption key; here's how to take it back
(Ars Technica)
Re: Hotmail and how not to block spam (Gene Wirchenko)
Re: Lie-detecting Software uses Machine Learning to Achieve 75%
accuracy (Dan Geer)
Re: Driverless Cars (Al Mac, John Levine)
Scholarships for Women Studying Information Security (Jeremy Epstein and
Rebecca Wright)
RISKS 29.21 Thursday 14 January 2016
Ex-NSA boss Michael Hayden says FBI director is wrong on encryption
Ukraine electric grid down via malware (Data Breach Today)
Fed STAR system flunks cyber security audit (GovInfoSec)
Oregon Benefit Information System mess (AlMac)
Michigan gets a damning cyber audit (Detroit Free Press)
What do we know about medical errors related to EMRs? (HealthCareBlog)
Skylake processors appear to have some glitches (Ars Technica)
Google Opens Up About When Its Self-Driving Cars Have Nearly Crashed
(Matt McFarland)
Clickjacking Campaign Plays on European Cookie Law (MalwareBytes)
`Smart' Guns: What Could Possibly Go Right? (Henry Baker)
Can Computer Games Improve the Ability to Study? (Cathy Farmer)
Ballot Battles: The History of Disputed Elections in the U.S. (Luther Weeks)
FTC vs. dental practice software (Bank Info Sec)
TurboTax and gmail and the conflation of two accounts (Stephen Bryant)
Twitter Considering 10,000-Character Limit for Tweets (Recode via LW)
URL query string parameters hanging on for dear life (Dan Jacobson)
Calculating your threat 'score' (Justin Jouvenal via Henry Baker)
Routers could soon help police solve crimes (Ryan O'Hare)
Another fixed-width field problem (Steve Summit)
USC students required to detail sexual history before registering for
classes (Anthony Gockowski)
Security of IoT: "always listening" devices in the office (Security Week)
Fortinet Firewalls seem to have a hardwired SSH Password issue
(Ars Technica via Bob Gezelter)
Re: FTC's "Privacy Con" kicks out those who care about privacy
(John Gilmore)
Re: Dutch government defers on dumbing down security (Paul van Keep)
Re: Analysis of VW Dieselgate SW (Dan Pritts)
Re: Hotmail and how not to block spam (Jeremy Epstein, John Levine)
Re: Risks of Facial Recognition (AlMac)
RISKS 29.22 Sunday 24 January 2016
Roger Kemp on the Lancaster Floods (Peter Bernard Ladkin)
Nest Thermostats Are Having Battery Problems and There's No Fix Yet
(Kate Knibbs)
The Internet of Things that Talk About You Behind Your Back (Bruce Schneier)
Automakers increasing efforts to enhance safety and defend against
cyberattacks (Gabe Goldberg)
Affinity sues Trustwave (security news media)
Why no secure architectures in commodity systems? (Nick Sizemore)
Overhaul Puts Pentagon in Charge of Protecting Federal Security Clearance
Data (Damian Paletta)
French seem to have rejected crypto/security backdoors (The Register)
Royal Melbourne Hospital virus attack (The Age)
Virus hits TRMC computers (PGN)
As More Pay by Smartphone, Banks Scramble to Keep Up (NYTimes)
Rarely Patched Software Bugs in Home Routers Cripple Security (WSJ)
Android bug (Martin Schaef)
"Windows 10 Spying is worse than I ever imagined" (Gene Wirchenko)
Instagram negatively impacting survival of big cats in the wild
(Kaleigh Rogers)
Facebook vs Indian Internet regulators (Prashanth Mundkur)
Pakistan lifts ban on Youtube after launch of own version (Lauren Weinstein)
"Understandable but Very Wrong: Google Enables Government YouTube Censorship
in Pakistan" (Lauren Weinstein)
74% of leading US 2016 Presidential Candidates flunk privacy & data security
(Trust Alliance)
Linux bug imperils tens of millions of PCs, servers, Android phones
(Ars Technica)
ColoSpgs NCIC national hub for cybersecurity (Warren Pearce)
Why do people keep coming to this couple's home looking for lost phones
(Kashmir Hill)
Time Inc. Is in the Midst of a Replyallpocalypse (Monty Solomon)
Risks of impostors (Dave Kristol)
The resolution of the Bitcoin experiment (Mike Hearn)
Pound vs. Dollar vs. ASCII (Dan Jacobson)
Re: Ballot Battles: The History of Disputed Elections in the U.S.
(Mark E. Smith)
Re: Michigan IT security audit (Dimitri Maziuk)
Re: USC students required to detail sexual history before
registering for classes (John Levine)
Privacy, Safety, Security & Healthcare --> Seeking Your Scholarship
(Robert Mathews)
RISKS 29.23 Monday 25 January 2016
British Family Refused Entry To The USA -- upgrade screwup (Chris J Brady)
The Boston Globe delivery disaster caused by software (Steve Golson)
Belgian Crelan Bank loses 75.8-million dollars in CEO fraud (Al Mac)
Re: Why no secure architectures in commodity systems? (Mark Thorson,
Michael Marking)
Re: Ballot Battles: The History of Disputed Elections in the U.S.
(Amos Shapir)
Internet of Things security is so bad, there's a search engine for
sleeping kids (Ars Technica)
RISKS 29.24 Saturday 30 January 2016
F-35 software overrun with bugs, DoD testing chief warns (Ars Technica)
A plane that's become just too complicated (Ken Knowlton)
Errors in Scientific Software May Be More Serious Than Suspected
(Tech Dirt via Paul Robinson)
Cops hate encryption but the NSA loves it when you use PGP (Iain Thomson)
2015: one in three Americans had health records hacked---all because HIPAA
enables endless aggregation and collection of health data (Deborah Peel)
Documents Uncover NYPD's Vast License Plate Reader Database (Dave Farber)
Israel's electric grid hit by severe hack attack (Dan Goodin)
Accidental sharing -- the plague of the always-connected era (Paul Venezia)
Microsoft says odd behavior in Outlook 2010 calendar is a feature,~
not a bug (Woody Leonhard)
Hacking into Supervisors of Elections Office (Fox)
Vanishing electronic journal (Al Stangenberger)
Report identity theft and get a personal recovery plan at IdentityTheft.gov
(Al Mac)
Re: Why no secure architectures in commodity systems? (Fred Cohen, Al Mac)
Re: Belgian Crelan Bank loses 75.8-million dollars in CEO fraud
(John Levine, Al Mac)
Re: Ballot Battles: The History of Disputed Elections in the U.S.
(Mark E. Smith)
Re: date formats (Simson Garfinkel)
Re: The Boston Globe delivery disaster caused by software (Larry Sheldon)
Re: Documents Uncover NYPD's Vast License Plate Reader Database
(Thomas Leavitt)
Re: Roger Kemp on the Lancaster Floods (Dick Mills)
Re: Why do people keep coming to this couple's home looking for lost
(Al Mac)
RISKS 29.25 Thursday 11 February 2016
Asiana: Secondary Cause of Crash Was Poor Software Design (Gabe Goldberg)
More than 100 crashes caused by confusing gear shifters -- Jeep, Chrysler,
Dodge (Gabe Goldberg)
Conclusions of research on oldest ancient homo sapiens DNA study revised due
to data-processing error (Bob Gezelter)
IoT Insecurity by design (TechDirt via Alister Wm Macintyre)
Fake Online Locksmiths May Be Out to Pick Your Pocket, Too (NYTimes)
Dodgy USB Type-C cable fries vigilante engineer's $1,000 laptop (Ian Paul)
Live in the EU? You probably should start accessing Google through a VPN or
proxy. (Reuters)
Hackers Get Employee Records at Justice and Homeland Security Depts
(Eric Lichtblau)
Hackers claim to have hacked NASA, hijacked one of its drones (danny burstein)
Hacked Toy Company VTech's TOS Now Says It's Not Liable for Hacks
(Lorenzo Franceschi-Bicchierai via Richard Forno)
Hack-Proof RFID Chips (Larry Hardesty)
"KB 3123862 eerily resembles Microsoft's earlier Get Windows 10 patch"
(Woody Leonhard)
AFCEA on cybersecurity (Warren Pearce)
University of California traffic stored for up to 30 days
(Christopher Brooks)
At Berkeley, a New Digital Privacy Protest (NYTimes)
Why "Let's Encrypt" free SSL certs are worse than useless -- actually
dangerous -- to many sites (Lauren Weinstein)
Shopping Mall SMS Parking Notifications Could Be Used To Track Any Car
(Slashdot via Dan Jacobson)
Increasingly popular update technique for iOS apps puts users at risk
(Lucian Constantin)
EAC exec director on voter registration (Voting News Weekly)
Amazon's customer service backdoor (Medium.Com)
"rm -rf /" Can Brick Your UEFI System (Henry Baker)
Re: Errors in Scientific Software May Be More Serious Than Suspected
(Mike Crawford)
Re: Israel's electric grid hit by severe hack attack (Mike Rechtman)
Re: On Facebook normally one can only see others' public groups
(Dan Jacobson)
Re: Date formats (J R Stockton)
Re: Why do people keep ... looking for lost cellphones (Michael Kohne,
Al Mac)
Blackout rehearsals: let's start with GPS (Martyn Thomas)
Doing University exams on computers? (Richard A. O'Keefe)
RISKS 29.26 Monday 15 February 2016
Indian Supreme Court says nothing wrong with banning the Internet
(Prashanth Mundkur)
UK politicians green-light plans to record every citizen's Internet history
(James Vincent)
US intel chief: we might use the Internet of Things to spy on you
(Spencer Ackerman and Sam Thielman)
Tesla Updates Self-Parking Software After Consumer Reports Raises Concerns
(Consumerist)
Wrong number of hits in Bing (M. E. Kabay)
Lack of reproducibility of research (Anthony Thorn)
Pirate Bay of science? (Fiona Macdonald)
Apple owns up to '1 January 1970' iPhone bricking bug (Monty Solomon)
Motorcycle software recall (Mike Tashker)
Office 2013 patch KB 3114717 freezes 32-bit Word 2013 on Win 7, 8.1, 10
(Woody Leonhard)
Creative Cloud deletes files you *really* wanted (Barry Gold)
And Then There Were 4: Phone Booths Saved on Upper West Side Sidewalks
(Monty Solomon)
Russian hackers, Kazan-based Energobank, and Ruble-$ exchange rate
(HackerNews)
Re: Asiana: Secondary Cause of Crash Was Poor Software Design
(Peter Bernard Ladkin)
Re: IoT Insecurity by design (John Beattie)
Re: Doing University exams on computers? (3daygoaty, Len Finegold,
Rogier Wolff)
RISKS 29.27 Thursday 18 February 2016
U.S. vs. iPhone security (statement by Apple's Tim Cook)
Google CEO: FBI's request of Apple could set a 'troubling precedent'
(Engadget)
Extremely severe bug leaves dizzying number of software and devices
vulnerable (Ars Technica)
"Windows 10 forced update KB 3135173 changes browser and other default
settings" (Woody Leonhard)
VTech back stabs customers (Gov Info Sec)
Hollywood Presbyterian Medical Center Pays Hackers $17K Ransom (NBC News)
Fatal German train crash caused by human error, prosecutor says (Reuters)
SKYNET is already live (Ars Technica via William Brodie-Tyrrell)
Steam Gauges are Safer (Erling Kristiansen)
NSA's TAO Head on Internet Offense and Defense (Bruce Schneier)
Worldwide Encryption Products Survey (Bruce Schneier)
Re: Asiana: Secondary Cause of Crash Was Poor Software Design (Amos Shapir)
Re: Lack of reproducibility of research (C. Titus Brown)
Re: Doing University exams on computers? (Gene Wirchenko, Al Mac)
RISKS 29.28 Thursday 25 February 2016
Great Interview on Safety+Security (Braband/Harner via Peter Bernard Ladkin)
"Volvo recalls 59,000 cars over software fault" (Martyn Thomas)
Nissan Leaf vulnerable to unauthenticated queries (Jeremy Epstein,
Gabe Goldberg)
A 19-year-old made a free robot lawyer that has appealed $3 million in
parking tickets (Leanna Garfield)
Hacked mid-air while writing an Apple-FBI story (Steven Petrow via
geoff goodfellow)
Apple's external and internal messages about "FBI vs. Apple" (TechCrunch)
Popular home security system SimpliSafe can be easily disabled by burglars
(Lucian Constantin)
Reporting Cyber Risks in USA (DHS via Al Mac)
Is it time to consider key escrow again? (Tad Taylor)
Robots Are Reading Trader Chats to Stop Next Wave of Bank Fines (Bloomberg)
*WarGames* and Cybersecurity's Debt to a Hollywood Hack (NYTimes)
N Korea nuke tests & the volcano (Al Mac)
Trimble date problem (Tim Young via Donald B. Wagner)
Re: KB 3123862 eerily resembles Microsoft's earlier Get Windows 10 patch
(Jack Christensen)
Re: NSA's TAO Head on Internet Offense and Defense (Rogier Wolff)
Re: Doing University exams on computers? (Rogier Wolff)
RISKS 29.29 Friday 26 February 2016
Best Explanation for the Apple FBI Hack I've Seen and What It Means
(Rebecca Mercuri)
Re: key escrow (Dimitri Maziuk)
Re: Robots Are Reading Trader Chats to Stop Next Wave of Bank Fines
(Jeff Jonas)
Re: Hacked mid-air while writing an Apple-FBI story (David Damerell)
Re: Trimble date problem (Bob Rahe)
RISKS 29.30 Monday 29 February 2016
Risks of Leap Years and Dumb Digital Watches (Mark Brader)
A 12-year-old girl is facing criminal charges for using certain emoji.
She's not alone. (WashPo via Gabe Goldberg)
Google Wants Less Reliable Hard Disks (Thomas Claburn)
Asus lawsuit puts entire industry on notice over shoddy router security
(Ars Technica)
The FBI wants a backdoor only it can use, but wanting it doesn't make it
possible (The Guardian)
It Really Doesn't Matter What Apple's Motivations Are --
Idealistic or Other Wise (NYMag)
Re: Best Explanation for the Apple FBI Hack ... (Taed Wynnell, DrM,
Ted Lee, AlMac, DrM, Simson Garfinkel)
Risks 29.31 Thursday 3 March 2016
Navigation app sends Israeli soldiers into Palestinian area, two dead
(YNetNews via Mark Thorson)
Over a thousand suitcases not transported on Leap Day (Debora Weber-Wulff)
Palo Alto school's medical privacy case (John R Levine)
No Surprise: Health IT in the ER, new `error' categories (Erik Hollnagel)
SSLv2 Support Compromises TLS Connections (Ars Technica)
IRS identity theft story -- wanna bet it is much, much bigger? (Paul Saffo)
"OpenSSL update fixes Drown vulnerability" (Fahmida Y. Rashid)
Hack the Pentagon (Alister Wm Macintyre)
Re: A 12-year-old girl is facing criminal charges for using certain emoji.
She's not alone. (David Weil)
Court orders Facebook to release WhatsApp data (James Hughes)
ISIS turns to foreign encryption products as Apple-FBI fight rages in U.S.
(Daily Dot)
Amazon Quietly Removes Encryption Support from its Gadgets (Motherboard)
NY Judge rules in Apple's favor (Alister Wm Macintyre
Re: Best Explanation for the Apple FBI Hack ... (John Levine, Ted Lee,
Simson Garfinkel)
EFF and 46 Technology Experts Ask Court To Throw Out Unconstitutional Apple
Order (EFF)
Apple vs FBI - the Apple logo obscures the issue (Peter Houppermans)
RISKS 29.32 Monday 7 March 2016
Risk to babies' health due to an alleged cover up of patient information
system failures: Israeli clinics converted to new system (Omer Zak)
Cisco NX-OS switch risk (Martyn Thomas)
France to Jail Tech Execs over Encryption (The Register)
Big Brother is tracking all of us...except for terrorists (via Paul Saffo)
Apple vs FBI -- Another Constitutional Issue (David E. Ross)
Apple VP: The FBI wants to roll back safeguards that keep us a step ahead of
criminals (WashPo)
Competing Interests on Encryption Divide Top Obama Officials (NYTimes)
Joining Together to Avoid a Troubling Legal Precedent (Google)
Re: ISIS turns to foreign encryption products as Apple-FBI fight rages in
U.S. (Amos Shapir)
Re: NY Judge rules in Apple favor (John Levine)
Re: Apple vs FBI ... (Peter Bernard Ladkin, Keith Medcalf, Henry Baker)
Re: IRS identity theft story -- wanna bet it is much, much bigger?
(John Levine)
Drone conflict update (ACLU+ via AlMac)
RISKS 29.33 Wednesday 9 March 2016
Last week's House Judiciary hearings (Susan Landau)
Speech by Robert Hannigan, Director GCHQ, delivered at MIT (LW)
Encryption: Selected Legal Issues (Thompson II/Jaikaran)
Apple vs. FBI primer on info extraction (Muckrock)
FBI quietly changes its privacy rules for accessing NSA data on Americans
(Spencer Ackerman)
France: prison sentences for noncompliant tech execs? (USNews)
Re: France to Jail Tech Execs over Encryption (Mark Brader)
Hacking industrial vehicles from the Internet (JCarlosNorte)
Risks to our industry re: CVE (Kurt Seifried)
Multiple iOS apps found to be harvesting Snapchat user credentials
(geoff goodfellow)
Mac 'Ransomware' Attack Exposes Vulnerability of Apple Users (NYTimes)
Florida Senate endorses making computer coding a foreign language
(Kristen Clark, PGN)
Apple loses e-books USSC appeal (NPR)
Apple iOS Has PINs; But has not adopted Duress Codes (Bob Gezelter)
Re: Apple vs FBI (Peter Houppermans)
RISKS 29.34 Tuesday 15 March 2016
Great encryption segment from John Oliver, with Matt Blaze cameo (LW)
Facebook, Google and WhatsApp plan to increase encryption of user data
(The Guardian)
Kremlin Falls for Its Own Fake Satellite Imagery (Dan Jacobson)
Typosquatters Running .om Domain Scam To Push Mac Malware (ThreatPost)
139+ breaches in 2016 thru Mar-8 (ITRC)
Online Leak of N.C.A.A. Tournament Bracket Upstages CBS Selection Show
(NYTimes)
Web security company breached, client list -- including KKK -- dumped,
hackers mock inept security (BoingBoing)
WhatsApp Encryption Said to Stymie Wiretap Order (NYTimes)
Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (Tom's)
Interesting Bamford piece on life at the NSA (Dave Farber)
President Obama at SXSW (Henry Baker)
Doctorow on POTUS' infatuation with magic ponies (Richard Forno)
Researchers Spoof Phone's Fingerprint Readers Using Inkjet Printers"
(Todd Weiss)
Hey Siri, Can I Rely on You in a Crisis? Not Always, a Study Finds (NYT)
"Nations Ranked on Their Vulnerability to Cyberattacks" (Matthew Wright)
Kalamazoo shootings: Uber driver blames app (BBC)
Hooray for Hollywood Robots: Movie Machines May Boost Robot Acceptance
(Matt Swayne)
Re: Florida Senate endorses making computer coding a foreign language
(Michael Bacon, Craig Burton)
Re: Why no secure architectures in commodity systems? (Nick Sizemore)
RISKS 29.35 Wednesday 16 March 2016
Apple's Brief Hits the FBI With a Withering Fact Check (WiReD)
Apple and Justice Dept. Trade Barbs in iPhone Privacy Case (NYTimes)
Spontaneous Windows 10 Upgrade (Martin Fong)
City's Public Wi-Fi Raises Privacy Concerns (NYCLU)
Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank
... (WashPo)
Yet another reason why expiring and reusing domain names is a
really bad idea (ZDNet)
Heat Scanning vs. Privacy (Harper's)
ICANN -- "Time for America to relinquish custody of the Internet"
(James Titcomb)
Internet mismanagement (The Independent)
Stealing Nude Pics From iCloud Requires Zero Hacking Skills --
Just Some YouTube Guides (Forbes)
"YOGA* - A Software Development Process Based On Ancient Principles"
(ACM Learning Center)
Threat Intelligence & AI (Business Wire)
Re: Florida Senate endorses making computer coding a foreign language
(Dan Geer)
Re: President Obama at SXSW (Mark E. Smith)
Re: Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (John Levine)
Re: Why no secure architectures in commodity systems? (Dick Mills,
Henry Baker)
RISKS 29.36 Friday 18 March 2016
China bans wordplay in attempt at pun control (Tania Branigan)
Pentagon skips tests on key component of U.S.-based missile defense system
(David Willman)
Microsoft servers to bottom of ocean (I-HLS)
U.S. war on Tor encryption (I-HLS)
Brazen Heist of Millions Puts Focus on the Philippines (NYTimes)
Denver Police Caught Misusing Databases Got Light Punishments (NYTimes)
Where Computers Defeat Humans, and Where They Can't (NYTimes)
How Microsoft copied malware techniques to make Get Windows 10 the world's
PC pest (The Register)
Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist
(NYTimes)
This is the phone NSA suggested Clinton use: A $4,750 Windows CE PDA
(Ars Technica)
CRYPTO-GRAM, March 15, 2016 (Bruce Schneier)
Bangladesh Bank Chief Resigns After Cyber Theft of $81 Million (NYTimes)
Re: Hackers steal $81M from Bangladesh (John Levine)
Re: Typo thwarts hackers in $1 billion cyber heist on Bangladesh central
bank ... (Bob Frankston)
RISKS 29.37 Monday 21 March 2016
Flaw in iMessage fixed in today's release of iOS 9.3 (Ellen Nakashima
via PGN)
Printer Error Triggered Bangladesh Race to Halt Cyber Heist (Bloomberg)
Hackers Stalked Bangladesh Bank for Two Weeks Before Big Heist (Bloomberg)
Indian parliament passes bill that enables mass domestic surveillance