RISKS Forum mailing list archives
Risks Digest 30.35
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 28 Jun 2017 20:13:53 PDT
RISKS-LIST: Risks-Forum Digest Wednesday 28 June 2017 Volume 30 : Issue 35 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/30.35> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: HMS Queen Elizabeth is 'running outdated Windows XP', raising cyberattack fears (The Telegraph) 32TB of Windows 10 internal builds, core source-code leak online (The Register) AES-256 keys sniffed in seconds using E200 of kit a few inches away (The Register) Google's Elite Hacker SWAT Team vs. Everyone (Fortune) Easiest Path to Riches on the Web? An Initial Coin Offering (NYTimes) FCC investigating unlawful transactions after contractor takes ownership of 40-plus towers (WirelessEstimator) Europe has been working to expose Russian meddling for years (The Washington Post) Trump's Lies (NYTimes) Complex Petya-Like Ransomware Outbreak Worse than WannaCry (ThreatPost) Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) Transition problem for mailservice cutover (Steven Barryte) Re: Y2K problem causes earthquake aftershock 92 years later (Amos Shapir) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 27 Jun 2017 20:02:26 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: HMS Queen Elizabeth is 'running outdated Windows XP', raising cyberattack fears Danny Boyle and Ben Farmer, *The Telegraph*, 27 June 2017 http://www.telegraph.co.uk/news/2017/06/27/hms-queen-elizabeth-running-outdated-windows-xp-software-raising/ Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. As HMS Queen Elizabeth left its dockyard for the first time to begin sea trials, it was revealed the £3.5billion aircraft carrier is apparently using the same software that left the NHS exposed. Screens inside a control room on the ship, which is the largest vessel ever built for the Royal Navy, reportedly displayed Microsoft Windows XP - copyright 1985 to 2001. But Michael Fallon, the Defence Secretary, insisted the ship's systems were safe because security around the computer software on the aircraft carrier is "properly protected". He told BBC Radio 4's Today programme: "It's not the system itself, of course, that's vulnerable, it's the security that surrounds it. "I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score." The operating system was that which left the NHS and other organisations around the world vulnerable to a major WannaCry ransomware attack last month. It affected 300,000 computers in 150 countries. Windows XP is no longer supported by Microsoft, meaning it does not receive updates to protect users from new types of cyber hacks. A computer expert warned that Windows XP could leave HMS Queen Elizabeth vulnerable to cyber attack. "If XP is for operational use, it is extremely risky," Alan Woodward, professor of computing at the University of Surrey told The Times. "Why would you put an obsolete system in a new vessel that has a lifetime of decades?" A defence source told the newspaper that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated". However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks. [...] ------------------------------ Date: Fri, 23 Jun 2017 16:50:42 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: 32TB of Windows 10 internal builds, core source-code leak online via NNSquad http://www.theregister.co.uk/2017/06/23/windows_10_leak/ A massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online. The data - some 32TB of official and non-public installation images and software blueprints that compress down to 8TB - were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed confidential data in this dump was exfiltrated from Microsoft's in-house systems around March this year. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. ------------------------------ Date: Sat, 24 Jun 2017 09:59:31 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: AES-256 keys sniffed in seconds using E200 of kit a few inches away NNSquad https://www.theregister.co.uk/2017/06/23/aes_256_cracked_50_seconds_200_kit/ Sideband attacks that monitor a computer's electromagnetic output to snaffle passwords are nothing new. They usually require direct access to the target system and a lot of expensive machinery - but no longer. Researchers at Fox-IT have managed to wirelessly extract secret AES-256 encryption keys from a distance of one metre (3.3 feet) - using EUR200 (~US$224) worth of parts obtained from a standard electronics store - just by measuring electromagnetic radiation. At that distance sniffing the keys over the air took five minutes, but if an attacker got within 30 centimetres (11.8 inches) of a device, the extraction time is cut down to just 50 seconds. ------------------------------ Date: Sun, 25 Jun 2017 13:44:12 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Google's Elite Hacker SWAT Team vs. Everyone Brash. Controversial. A guard against rising digital threats around the globe. Google's Project Zero is securing the Internet on its own terms. Is that a problem? http://fortune.com/2017/06/23/google-project-zero-hacker-swat-team/ ------------------------------ Date: Sun, 25 Jun 2017 13:59:30 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Easiest Path to Riches on the Web? An Initial Coin Offering (NYTimes) Programmers are selling digital currencies redeemable for services that do not exist. Where some see a financing revolution, others see trouble. https://www.nytimes.com/2017/06/23/business/dealbook/coin-digital-currency.html Invent currency, sell it. Beats counterfeiting a real one... ------------------------------ Date: Sun, 25 Jun 2017 13:39:37 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: FCC investigating unlawful transactions after contractor takes ownership of 40-plus towers (WirelessEstimator) A Wisconsin wireless contractor discovered a flaw in the FCCâs Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company's name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts. The unlawful assignments also created a dangerous condition for aircraft since an FCC investigator was relying upon statements from the new owner, William M. Nix, 39, President of Aura Holdings of Wisconsin, Inc. (Aura), that he would repair obstruction lighting on a 1,100-foot tower, but he had no intentions of ordering the equipment to complete the repairs by July 1 because he neither owned the structure nor could fund the repairs that would cost over $21,000. [...] It is unknown why Nix changed the ownership of the structures or what benefits would be derived by being able to identify that Aura owned a $12-plus million group of towers. Although the ASR database identifies the owner of the tower, it is not legal proof of ownership but allows for a chain of correspondence to ensure compliance with all FCC requirements that also incorporate other federal regulations. FCC allows instantaneous ownership Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR. Although Grace said that owners are notified if a change is made in the system, two tower owners whose structures' ownership was changed by Nix informed Wireless Estimator they were never informed with an email or through regular mail, or they would have immediately acted. http://wirelessestimator.com/articles/2017/fcc-investigating-unlawful-transactions-after-contractor-takes-ownership-of-40-plus-towers/ Ability to change online ownership listings without notifying rightful owners. What could go wrong? ------------------------------ Date: Mon, 26 Jun 2017 08:28:09 -0400 From: Monty Solomon <monty () roscom com> Subject: Europe has been working to expose Russian meddling for years (The Washington Post) Official and unofficial groups use a variety of tactics to counter fake news promulgated by Moscow. https://www.washingtonpost.com/world/europe/europe-has-been-working-to-expose-russian-meddling-for-years/2017/06/25/e42dcece-4a09-11e7-9669-250d0b15f83b_story.html ------------------------------ Date: Fri, 23 Jun 2017 12:57:37 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Trump's Lies (NYTimes) https://www.nytimes.com/interactive/2017/06/23/opinion/trumps-lies.html "Many Americans have become accustomed to President Trump's lies. But as regular as they have become, the country should not allow itself to become numb to them. So we have catalogued nearly every outright lie he has told publicly since taking the oath of office." ------------------------------ Date: Wed, 28 Jun 2017 09:05:02 -0400 From: Monty Solomon <monty () roscom com> Subject: Complex Petya-Like Ransomware Outbreak Worse than WannaCry (ThreatPost) https://threatpost.com/complex-petya-like-ransomware-outbreak-worse-than-wannacry/126561/ ------------------------------ Date: Wed, 28 Jun 2017 09:34:14 -0400 From: Monty Solomon <monty () roscom com> Subject: Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) https://arstechnica.com/information-technology/2017/06/skylake-kaby-lake-chips-have-a-crash-bug-with-hyperthreading-enabled/ ------------------------------ Date: Mon, 26 Jun 2017 02:14:50 -0700 From: Steven Barryte <sebarryte () cox net> Subject: Transition problem for mailservice cutover Between 4/24/2017 & 5/10/2017 Cox.com transitioned my email account to their upgraded email server. Since my account was transitioned to the new server both humans & automated subscription mailing systems occasionally receive a "550 5.1.1 <sebarryte () cox net <mailto:sebarryte () cox net>> invalid recipient" response when sending email to me. Humans can resend the email & it is delivered. However, some (& possibly all) automated senders delete my email address from their distribution list when this happens. These have included: my local newspaper (twice), a local radio station, Smithsonian, nextdoor.com & possibly a few other yet to be identified automated senders that only send me email "as needed", but not very often. If the automated subscription mailing systems where to implement a 3-strikes-and-you're-out policy rather than deleting an email address for a single delivery failure, it would be less likely to delete valid subscribers. ------------------------------ Date: Sun, 25 Jun 2017 17:22:32 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Y2K problem causes earthquake aftershock 92 years later (RISKS-30.34) I do not think that the bug could have been caused by the UNIX epoch time -- which, as the LA Times article itself says, starts in 1970. I doubt any system which keeps historical times would use this epoch in its stored data. Even if it did, a possible bug would either interpret the negative epoch time for 1925 as a positive number, then it would end up on a date 44.5 years after the epoch instead of 44.5 years before -- that is, in 2014; or else, the negative number might be interpreted as an unsigned number (to avoid the upcoming 2K38 bug) and so end up 2^32 or 136 years later -- in 2061. More likely it's just a data entry error, e.g. 6/29/25 interpreted as 2025. The real bug is that the alert system did not check its input's sanity, and blared out the warnings anyway. In any case, I'm keeping that mail, in case there will be an earthquake on 6/29/2025.... ------------------------------ Date: Tue, 10 Jan 2017 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 30.35 ************************
Current thread:
- Risks Digest 30.35 RISKS List Owner (Jun 28)