Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 32.27
RISKS-LIST: Risks-Forum Digest Friday 18 September 2020 Volume 32 : Issue 27
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.27>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
PG&E error at power plant may help explain California's rolling blackouts
(SFChronicle.com)
Using information to cause a blackout (Crypto-gram)
Small drink cup-holders lead to engine shutdowns on A350s (FlightGlobal)
A Tesla driver was caught sleeping on Autopilot at high speed, police are
charging him criminally (electrek})
University Ransomware Attack Exploits Citrix, Kills German Hospital Patient
(Politico)
Weakened Encryption: The Threat to America's National Security (ThirdWay)
At this point, 5G is a bad joke (Computerworld)
Mobile phone radiation may be killing insects: German study (phys.org)
Listening To An IPhone With AM Radio (Hackaday)
Is the Internet Conscious? If It Were, How Would We Know? (Vinton Cerf)
Voatz letter published (Jack H Cable)
A Quick Note on Voting Twice (Matt Bishop)
How smart tech could help save the world's honey bees (cnn.com)
The future is cyborg: Kaspersky study finds support for human augmentation
(Reuters)
Police Across Canada Are Using Predictive Policing Algorithms, Report Finds
(Nathan Munn)
The 20-Year Hunt for the Man Behind the Love Bug Virus (WiReD)
Phone system cursed by magic words (Chicago Tribune)
I Have Blood on My Hands: A Whistleblower Says Facebook Ignored Global
Political Manipulation? (Buzzfeednews)
How an Epic Series of Tech Errors Hobbled Miami' Schools (WiReD)
Early research from 23andMe strengthens link between blood types and
Covid-19 (Kate Sheridan)
New Report Explains COVID-19's Impact on Cybersecurity (The Hacker News)
Re: 44 Square Feet: A School-Reopening Detective Story (Brian Inglis)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 14 Sep 2020 20:39:29 -0400 (EDT)
From: SFChronicle.com | Breaking News <newsletters@sfchronicle.com>
Subject: PG&E error at power plant may help explain California's rolling
blackouts (SFChronicle.com)
*San Francisco Chronicle*, 14 Sep 2020
https://link.sfchronicle.com/view/5f4624281f87ed47da50a19dcsz8z.1zl7/1366cfce>
A mistake by Pacific Gas and Electric Co. may have played a role in one of
the two days that California experienced rolling blackouts during an extreme
heat wave last month.
------------------------------
Date: Tue, 15 Sep 2020 21:32:18 +1000
From: 3daygoaty <threedaygoaty@gmail.com>
Subject: Using information to cause a blackout (Crypto-gram)
Bruce Schneier covers "How weaponizing disinformation can bring down a
city's power grid" linked here:
https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0236517
The attack has already happened and defenses are there, in London at
least! People turning on thousands of kettles in TV ad breaks:
https://en.wikipedia.org/wiki/TV_pickup
Dinorwig Power Station, pumped hydro scheme built in 1974 (I understand
but cannot prove) specifically for the Coronation Street TV show tea and
toast ad breaks.
I will use this little spot to suggest that a better vector is solar
microinverters. RISKS readers no doubt love what went down in Hawaii (and
in fact what stayed up):
"...as you can imagine, service call costs to 51,000 solar homes equipped
with 800,000 micro inverters quickly added up to tens of millions of
dollars. Uniquely, Enphase (who are heavily data focused and driven)
already had the ability to remotely connect to and tweak inverter
settings. Could they simultaneously, remotely and precisely make this
change? And measure its effectiveness? From their headquarters in Napa
Valley, California?"
Risk: Enphase install goes awry and an incomplete firmware upgrade causes
800k microinverters to reboot continuously, rapidly raising and lowering
grid feed-in. Then there's tens of millions of dollars of house calls.
https://www.theaustralian.com.au/business/business-spectator/news-story/something-astounding-just-happened-in-the-solar-energy-world/b94ca5dd20752e72c08913dd7609437f
------------------------------
Date: Sun, 13 Sep 2020 21:34:19 -0400
From: George Mannes <gmannes@gmail.com>
Subject: Small drink cup-holders lead to engine shutdowns on A350s
(FlightGlobal)
Airbus has developed a new liquid-resistant integrated control panel for the
A350, designed to avoid the risk to engine systems from accidental drink
spillage in the cockpit.
Its development follows two incidents, in November last year and January
this year, in which A350-900s diverted as a result of uncommanded engine
shutdowns linked to beverage spills on the panel....
https://www.flightglobal.com/safety/airbus-redesigns-a350-control-panel-to-resist-liquid-spillage/140045.article
>From AVWeb:
In both instances one of the engines shut down and couldn't be restarted....
...It's not clear if the EASA [European Aviation Safety Administration]
mandate will include bigger cup holders. There are at least two located well
out of harm's way to the left of the captain and right of the FO but they're
too small for the paper cups used by most airport vendors.
https://www.avweb.com/aviation-news/airbus-spill-proofs-a350-consoles/
------------------------------
Date: Fri, 18 Sep 2020 04:56:05 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: A Tesla driver was caught sleeping on Autopilot at
high speed, police are charging him criminally
A Tesla driver was caught sleeping on Autopilot with their seat *fully
reclined* at high speed, according to police who criminally charged the
driver.
Alberta RCMP (Canada federal police) reported on a strange incident
involving a Tesla vehicle on Autopilot.
``Alberta RCMP received a complaint of a car speeding on Highway 2 near
Ponoka. The car appeared to be self-driving, traveling over 140 km/h [87
mph] with both front seats completely reclined and occupants appeared to be
asleep.''
With this report, they shared the picture of a Tesla Model S vehicle on
Twitter:
Alberta RCMP received a complaint of a car speeding on Hwy 2 near #Ponoka
<https://twitter.com/hashtag/Ponoka?src=hash&ref_src=twsrc%5Etfw>. The car
appeared to be self-driving, travelling over 140 km/h [87 mph] with both
front seats completely reclined & occupants appeared to be asleep. The
driver received a Dangerous Driving charge & summons for court
*pic.twitter.com/tr0RohJDH1* <https://t.co/tr0RohJDH1>
RCMP Alberta (@RCMPAlberta) *September 17, 2020*
<https://twitter.com/RCMPAlberta/status/1306600570791301123?ref_src=twsrc%5Etfw>
Tesla Autopilot is not a ``self-driving'' system but a suite of driver
assist features.
While it can technically drive autonomously on highways without driver
interventions, Tesla asks drivers to keep their hands on the wheel and to
pay attention at all times.
The automaker also implemented a system that requires drivers to frequently
apply light torque to the steering wheel in order for Autopilot to stay
active.
Some Tesla drivers have been getting around the system by *attaching a
weight to the steering wheel*
<https://electrek.co/2018/09/09/tesla-autopilot-buddy-hack-avoid-nag-relaunch-phone-mount-nhtsa-ban/>
-- a practice considered dangerous by US regulators (and anyone with half a
mind).
In this incident, the police reported some strange behaviors from the
vehicle, which was presumably on Autopilot: [...]
https://electrek.co/2020/09/17/tesla-driver-caught-sleeping-autopilot-at-high-speed-criminally-charged-police/
------------------------------
Date: Fri, 18 Sep 2020 11:17:33 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: University Ransomware Attack Exploits Citrix, Kills German Hospital
Patient (Politico)
A ransomware attack led to a patient's death in Germany
<https://abcnews.go.com/International/wireStory/german-hospital-hacked-patient-city-dies-73069416>,
authorities there said, marking the first known occasion of ransomware being
directly linked to a person's demise in the hospital -- and perhaps the most
direct civilian demise caused anywhere by any kind of cyberattack. An
investigation could lead to homicide charges, local press reported. News of
the incident last week -- where a patient had to be transferred to another
city's hospital due to the ransomware and died because of the delay in
treatment -- first broke on Thursday. The attack apparently wasn't even
targeting the hospital, but instead a university. A long-warned
vulnerability in Citrix tied to the attack generated another German
cybersecurity agency alert.
<https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/UKDuesseldorf_170920.html>
[linked document in German].
Cybersecurity experts have been warning for some
time<https://twitter.com/maurertim/status/1306634686819598336> about a
cyberattack causing the death of a medical patient, but the link has usually
been seen far more
indirectly<https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/>. Industry
voices took to Twitter to lament the death, sometimes in profane terms.
<https://twitter.com/uuallan/status/1306616852232245248> ``If you ever
wondered why the unsung jobs of IT admins [are] so thankless, if they
succeed, they are invisible, whereas if they fail - we all fail & people
die, tweeted Katie Moussouris, CEO of Luta Security.
<https://twitter.com/k8em0/status/1306629656074809345>
See also:
https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity
------------------------------
Date: Wed, 16 Sep 2020 11:04:53 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Weakened Encryption: The Threat to America's National Security
(ThirdWay)
*Takeaways* For years, law enforcement officials have warned that, because
of encryption, criminals can hide their communications and acts, causing law
enforcement to struggle to decrypt data during their investigation -- a
challenge commonly referred to as ``going dark.'' They called on technology
companies to build a process, like a ``master key,'' to enable law
enforcement to unlock encrypted communications. While this may seem like a
tempting idea, it would have grave implications for our national security.
As more and more of our communications move online, users seek out encrypted
services to protect their privacy. Unlike telephonic communications, and
despite repeated requests by law enforcement to do so, Congress has not
required Internet communications platforms to give law enforcement access to
intercept user communications or access stored communications. In this
paper, we assess the national security risks to a requirement to provide
that master key (referred to throughout as ``exceptional'' or ``backdoor''
access) to encrypted communications and propose alternative approaches to
address online harms.
In short, requiring exceptional access to encrypted technologies would
undermine national security by:
1. Weakening protections for the information that the national security
community relies upon, especially as it flows over foreign networks.
2. Creating a vulnerability in encrypted communications that could be
accessed by foreign adversaries.
3. Encouraging other countries to require tech and Internet companies
to provide equivalent access to communications within their boundaries.
4. This does not mean that the Internet should be a lawless zone. Law
enforcement and the private sector can and should cooperate in addressing
crimes on the Internet and can do so without undermining a protection as
fundamental as encryption. [...]
https://www.thirdway.org/report/weakened-encryption-the-threat-to-americas-national-security
------------------------------
Date: Fri, 18 Sep 2020 00:14:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: At this point, 5G is a bad joke (Computerworld)
Thinking of buying a new phone, just for high-speed mmWave 5G? Do yourself a
favor: Don't.
https://www.computerworld.com/article/3575510/at-this-point-5g-is-a-bad-joke.html
The risk? Marketing.
------------------------------
Date: Fri, 18 Sep 2020 14:19:53 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Mobile phone radiation may be killing insects: German study
(phys.org)
https://phys.org/news/2020-09-mobile-insects-german.html
"Mobile phone and Wi-Fi radiation in particular opens the calcium channels
in certain cells, meaning they absorb more calcium ions.
"This can trigger a biochemical chain reaction in insects, the study said,
disrupting circadian rhythms and the immune system."
"Peter Hensinger of the German consumer protection organisation Diagnose
Funk said closer attention must be paid to the possible negative effects of
radiation on both animals and humans, particularly with regard to the
introduction of 5G technology."
The insect apocalypse threatens to disrupt food chains and our ecosystem. Do
WiFi and cellular device and tower radiation exposure also contribute to
premature insect mortality?
Photon energy is determined by E = h*f
(h == Planck's constant, f == frequency).
Ultraviolet-C photons, known to cause melanoma, range in energy between
~4.5-12.4 eV (see https://en.wikipedia.org/wiki/Ultraviolet). 4.5 eV ~= 1100
THz; 12.4 eV ~= 3000 THz. A microwave oven operates @ ~2.5 GHz (~0.01
milli-electron volts).
5G technology (at a maximum) operates at ~30GHz (0.03 THz) or ~0.12
milli-electron volts which is insufficient, via the photoelectric effect, to
ionize an atom in a DNA's amino acid during reproduction and elevate genetic
mutation probability.
A certain species of bacteria has evolved a mechanism to survive ionizing
radiation exposure. See
https://en.wikipedia.org/wiki/Deinococcus_radiodurans. Doubtful that insects
inherited this capability. Humans do not possess these genes.
Note that room temperature of 300 degrees Kelvin (25 degrees Celsius or ~77
degrees F) ~= 0.026 eV which is ~200X greater than the energy of a 30 GHz
radio-wave photon. Ambient thermal energy, inside or out, swamps cell phone
radiation. DNA evolved to accommodate heat exposure.
Do RF sources influence insect cell membrane ion mobility and initiate
premature death? https://www.nature.com/articles/s41598-018-22271-3
(MAR2018) documents effects of RF exposure on several insect species using
2-120 GHz radio-waves. Their conclusion: "This could lead to changes in
insect behavior, physiology, and morphology over time due to an increase in
body temperatures, from dielectric heating." 'Could' is the operative word.
What happens when Drosophila Melanogaster are exposed to 30 GHz radio-wave
radiation for 1 hour each day? Fruit flies experience slight warming for 1
hour. Atmospheric garden heat exposes a fruit fly to 200 times the photon
energy emitted by cellular radio-wave photons.
To my knowledge, there are no established (meaning non-conflicted,
independent peer-review) links to non-ionizing radiation and vitality, be it
insect or human. Ambient RF radiation contribution to mortality, human or
insect, is impossible given physics.
Where are the epidemiological clusters and studies of human glioblastomas
(brain cancer) or other malignancies from earlier generations of cellphone
use and persistent exposure to ambient RF from cellphone towers or radio and
TV broadcasts? They do not exist.
Habitat loss and pesticide exposure are known, obvious insect mortality
contributors. Atmospheric influences (such as extra CO2, CH4, SO2, or
pollution or aerosols ) on insect populations are likely contributors (see
https://en.wikipedia.org/wiki/Decline_in_insect_populations#Causes_and_consequences).
The original publication on Germany's mitigation of insect demise is here:
https://phys.org/news/2020-08-germany-dim-night-insects.html.
------------------------------
Date: Fri, 18 Sep 2020 05:12:22 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Listening To An IPhone With AM Radio
Electronic devices can be surprisingly leaky, often spraying out information
for anyone close by to receive. [Docter Cube] has found another such leak,
this time with the speakers in iPhones. While repairing an old AM radio and
listening to a podcast on his iPhone, he discovered that the radio was
receiving audio the from his iPhone when tuned to 950-970kHz.
[Docter Cube] states that he was able to receive the audio signal up to 20
feet away. A number of people responded to the tweet with video and test
results from different phones. It appears that iPhones 7 to 10 are affected,
and there is at least one report for a Motorola Android phone. The
amplifier circuit of the speaker appears to be the most likely culprit, with
some reports saying that the volume setting had a big impact. With the short
range the security risk should be minor, although we would be interested to
see the results of testing with higher gain antennas. It is also likely that
the emission levels still fall within FCC Part 15 limits. [...]
https://hackaday.com/2020/09/18/listening-to-an-iphone-with-am-radio/
------------------------------
Date: Thu, Sep 17, 2020 at 8:18 AM
From: vinton cerf <vgcerf@gmail.com>
Subject: Is the Internet Conscious? If It Were, How Would We Know?
[via geoff goodfellow]
we give autonomy to a lot of IOT devices/applications; maybe that is not
quite independent behavior.
Are stock programmed trading systems conscious? yes - they take in input,
process, produce output that affects the real world (stock market). They
are capable of unexpected behaviors (bugs). If based on machine learning,
they are also capable of "breaking" owing to unpredicted situations.
> https://www.wired.com/story/is-the-internet-conscious-if-it-were-how-would-we-know/
------------------------------
Date: Mon, 14 Sep 2020 17:04:32 +0000
From: Jack H Cable <cablej@stanford.edu>
Subject: Voatz letter published
The Voatz letter was published today, available at https://disclose.io/voatz-response-letter/. Thank you to everyone who signed on and contributed!
The letter was featured in this week's Politico cybersecurity newsletter<https://www.politico.com/newsletters/weekly-cybersecurity/2020/09/14/previewing-the-annual-cisa-cyber-summit-790384>.
------------------------------
Date: Tue, 15 Sep 2020 15:34:06 -0700
From: Matt Bishop <mabishop@ucdavis.edu>
Subject: A Quick Note on Voting Twice
> But if each ballot voted has to be checked to make sure it is not
> a second ballot, then the disruption factor is ENORMOUS.
Actually, not every ballot needs to be checked. Here's how it works:
If you vote by mail, when the envelope is received and your signature
validated, it's recorded that you voted. If you send in another vote by mail
ballot, when they try to validate your signature, the system will report you
have already voted. This is automatic and done when your signature is
checked.
So let's say you go to vote in person.
If you are doing a same-day registration, you vote conditionally. The
conditional ballot is handled the same as a provisional ballot.
If you have your vote by mail ballot and surrender it to the election
workers, they then print you a new ballot, and you vote in person.
If you do not have your vote by mail ballot, you then vote provisionally.
In all cases, if you have already signed the poll book, you vote
provisionally.
So the time-consuming checking is in processing the provisional and
conditional ballots. That can take quite a while; according to the election
officials in my county (Yolo), it can take 2-3 weeks to process them. It
took a bit longer at the last election due to COVID-19, but the Secretary of
State extended the dates.
Hope this clarifies things.
[Of course, some precincts don't use electronic poll books, and are
manual. Mine has a paper list that one has to sign that cannot indicate
whether you have already voted absentee. When the absentee ballots are
tallied later, the paper record would have to checked. PGN]
------------------------------
Date: Fri, 18 Sep 2020 19:57:49 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: How smart tech could help save the world's honey bees (cnn.com)
https://edition.cnn.com/2020/09/18/business/honey-bee-technology-sensors-spc-intl/index.html
The pollination industry contributes ~US$ 180B annually to agribusiness.
Avocados and almonds depend on pollination, as do ~1/3 of all commercial
crops.
Pesticides and fungicides -- agricultural chemicals -- jeopardize pollinator
survival. Bee apiaries fail at a high rate: ~44% die off annually,
threatening agriculture yields.
Hive inspection is time-consuming and laborious. Enter the wireless beehive
sensor to remotely monitor hive health for temperature, humidity, sound,
etc. and supply the beekeeper with important indicators of vitality or
decline.
Risks: Sensor calibration errors. Telemetry processing hacks manipulate hive
performance indicators.
[A few bugs to work out before a beeline to IPO?]
See https://askabiologist.asu.edu/bee-dance-game/ for an algorithm and game
that simulates bee dances. Not hard to imagine an ambitious future
roboticist who designs and builds robobees that out-compete natural
pollinators.
------------------------------
Date: Thu, 17 Sep 2020 09:38:40 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: The future is cyborg: Kaspersky study finds support for human
augmentation (Reuters)
Nearly two thirds of people in leading Western European countries would
consider augmenting the human body with technology to improve their lives,
mostly to improve health, according to research commissioned by Kaspersky.
As humanity journeys further into a technological revolution that its
leaders say will change every aspect of our lives, opportunities abound to
transform the ways our bodies operate from guarding against cancer to
turbo-charging the brain.
The Opinium Research survey of 14,500 people in 16 countries including
Britain, Germany, France, Italy and Spain showed that 63% of people would
consider augmenting their bodies to improve them, though the results varied
across Europe.
In Britain, France and Switzerland, support for augmentation was low - at
just 25%, 32% and 36% respectively - while in Portugal and Spain it was
much higher - at 60% in both.
``Human augmentation is one of the most significant technology trends
today,'' said Marco Preuss, European director of global research and
analysis at Kaspersky, a Moscow-based cybersecurity firm.
``Augmentation enthusiasts are already testing the limits of what's
possible, but we need commonly agreed standards to ensure augmentation
reaches its full potential while minimising the risks,'' Preuss
said. [...]
https://www.reuters.com/article/idUSKBN2680KP
------------------------------
Date: September 14, 2020 at 18:42:31 GMT+9
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: Police Across Canada Are Using Predictive Policing Algorithms,
Report Finds (Nathan Munn)
Nathan Munn, *Vice*, 1 Sep 2020 (via David Farber)
Police across Canada are increasingly adopting algorithmic technology to
predict crime. The authors of a new report say human rights are threatened
by the practice.
<https://www.vice.com/en_us/article/k7q55x/police-across-canada-are-using-predictive-policing-algorithms-report-finds>
Police across Canada are increasingly using controversial algorithms to
predict where crimes could occur, who might go missing, and to help them
determine where they should patrol, despite fundamental human rights
concerns, a new report has found.
To Surveil and Predict: A Human Rights Analysis of Algorithmic Policing in
Canada is the result of a joint investigation by the University of Toronto's
International Human Rights Program (IHRP) and Citizen Lab. It details how,
in the words of the report's authors, ``law enforcement agencies across
Canada have started to use, procure, develop, or test a variety of
algorithmic policing methods,'' with potentially dire consequences for civil
liberties, privacy and other Charter rights, the authors warn.
The report breaks down how police are using or considering the use of
algorithms for several purposes including predictive policing, which uses
historical police data to predict where crime will occur in the
future. Right now in Canada, police are using algorithms to analyze data
about individuals to predict who might go missing, with the goal of one day
using the technology in other areas of the criminal justice system. Some
police services are using algorithms to automate the mass collection and
analysis of public data, including social media posts, and to apply facial
recognition to existing mugshot databases for investigative purposes.
``Algorithmic policing technologies are present or under consideration
throughout Canada in the forms of both predictive policing and algorithmic
surveillance tools.''
Police in Vancouver, for example, use a machine-learning tool called GeoDASH
to predict where break-and-enter crimes might occur. Calgary Police Service
(CPS) uses Palantir's Gotham software to identify and visualize links
between people who interact with the police -- including victims and
witnesses -- and places, police reports, and the properties and vehicles
they own. (A draft Privacy Impact Assessment (PIA) conducted by CPS in 2014
and mentioned in the report noted that Gotham could ``present false
associations between innocent individuals and criminal organizations and
suspects'' and recommended measures to mitigate the risk of this happening,
but not all the recommendations have been implemented.)
The Toronto Police Service does not currently use algorithms in policing,
but police there have been collaborating with a data analytics firm since
2016 in an effort to ``develop algorithmic models that identify high crime
areas,'' the report notes.
The Saskatchewan Police Predictive Analytics Lab (SPPAL), founded in 2015,
is using data provided by the Saskatoon Police Service to develop algorithms
to predict which young people might go missing in the province. The SPPAL
project is an extension of the ``Hub model'' of policing, in which social
services agencies and police share information about people believed to be
``at risk'' of criminal behavior or victimization. The SPPAL hopes to use
algorithms to address ``repeat and violent offenders, domestic violence, the
opioid crisis, and individuals with mental illness who have come into
conflict with the criminal justice system,'' the report reads.
``We've learned that people in Canada are now facing surveillance in many
aspects of their personal lives, in ways that we never would have associated
with traditional policing practices,'' said Kate Robertson, a criminal
defense lawyer and one of the authors of the report, in a phone call with
Motherboard.
``Individuals now face the prospect that when they're walking or driving
down the street, posting to social media, or chatting online, police
surveillance in the form of systematic data monitoring and collection may be
at work,'' Robertson added.
The authors note that ``historically disadvantaged communities'' are at
particular risk of being targeted for surveillance and analysis by the
technology due to systemic bias found in historical police data.
------------------------------
Date: Mon, 14 Sep 2020 00:16:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The 20-Year Hunt for the Man Behind the Love Bug Virus (WiReD)
For two decades, Onel de Guzman has been suspected of unleashing the
groundbreaking virus. But he's never confessed to anything -- until now.
https://www.wired.com/story/the-20-year-hunt-for-the-man-behind-the-love-bug-virus/
------------------------------
Date: Wed, 16 Sep 2020 16:15:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Phone system cursed by magic words (Chicago Tribune)
Author writes:
Trying to get a human on the line when you're trapped in some company's
automated phone system is like whacking your way through a jungle with a
pair of toenail clippers.
Impossible. Interminable. Maddening.
I am here today to offer two magic words to free you from the wilderness.
We've all been there: You have a problem. You need a person. Instead, you're
trapped with a computer that keeps chirping, "I'm sorry. Did you mean
...?"¿
What I meant, @#$$%^, is: @#$! you.
And those, I regret to say, are the magic words.
https://www.chicagotribune.com/news/ct-xpm-2012-08-31-ct-met-schmich-0831-20120831-story.html
------------------------------
Date: Wed, 16 Sep 2020 11:15:08 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: I Have Blood on My Hands: A Whistleblower Says Facebook Ignored
Global Political Manipulation? (Buzzfeednews)
*A 6,600-word internal memo from a fired Facebook data scientist details how
the social network knew leaders of countries around the world were using
their site to manipulate voters -- and failed to act.*
``I've found multiple blatant attempts by foreign national governments to
abuse our platform on vast scales to mislead their own citizenry, and caused
international news on multiple occasions. I have personally made decisions
that affected national presidents without oversight, and taken action to
enforce against so many prominent politicians globally that I've lost
count.'' [...]
https://www.buzzfeednews.com/article/craigsilverman/facebook-ignore-political-manipulation-whistleblower-memo
------------------------------
Date: Wed, 16 Sep 2020 17:16:24 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How an Epic Series of Tech Errors Hobbled Miami' Schools (WiReD)
It started with the district hiring a little-known virtual charter school
company, which led to balky connections and an even more troublesome
curriculum.
https://www.wired.com/story/epic-tech-errors-hobbled-miamis-schools/
------------------------------
From: Dewayne Hendricks <dewayne@warpspeed.com>
Date: Wed, Sep 16, 2020 at 3:45 AM
Subject: Early research from 23andMe strengthens link between blood types
and Covid-19 (Kate Sheridan)
Kate Sheridan, StatNews, 14 Sep 2020
<https://www.statnews.com/2020/09/14/23andme-study-covid-19-genetic-link/>
------------------------------
Date: Thu, 17 Sep 2020 08:07:53 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: New Report Explains COVID-19's Impact on Cybersecurity
(The Hacker News)
A new report explains COVID-19's impact on #cybersecurity, detailing
changes in cyberattacks experts at @Cynet360 have observed across North
America and Europe since the beginning of this pandemic.
https://thehackernews.com/2020/09/covid-cybersecurity-report.html
------------------------------
Date: Mon, 14 Sep 2020 17:21:00 -0600
From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
Subject: Re: 44 Square Feet: A School-Reopening Detective Story (RISKS-32.26)
Take 2m physical distance guide, square for area/person, which seems
reasonable and is the Australian guideline I believe, and convert to sq.ft.:
$ units \(2m\)^2 ft^2
43.055642 ft^2
One Canadian indoor store selling outdoor goods seems to have gone an order
higher:
https://www.mec.ca/en/explore/precautions
$ units 20m^2 yd^2
23.919801 yd^2
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.27
************************