RISKS Forum mailing list archives
Risks Digest 31.80
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 6 May 2020 13:12:50 PDT
RISKS-LIST: Risks-Forum Digest Wednesday 6 May 2020 Volume 31 : Issue 80 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.80> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [MAILMAN crash caused some late deliveries of previous issues] Circumventing Censorship (Fenello) Brit cyber-spies drop 'whitelist' and 'blacklist' -- political correctness gone mad? (The Register) Tracking your browsing using HTML canvas fingerprinting (Web Informant) UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal (The Register) Visualization shows droplets from one cough on an airplane infecting large number of passengers, researchers say (FoxNews) Social Distancing Informants Have Their Eyes on You (NYTimes) BSides (World Netwide Online via Rob Slade) Re: Online voting is too vulnerable (Mark E. Smith) Re: statistics and protection - Remdesevir (David Alexander) Re: Big Rigs Begin to Trade Diesel for Electric Motors (Richard Stein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 4 May 2020 17:38:15 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Circumventing Censorship (Fenello) EXCERPT: Today, we live in a world that is interconnected at an historic rate. We can directly interact with billions of people via phone, text, and email, as well as assorted online platforms. News is also abundantly available through traditional TV, radio and print, as well as newer venues like youtube and other online websites. But what appears to be robust and permanent, is actually fragile and under attack. Messages that differ from the accepted narratives are being deleted at an alarming rate, while those responsible for those message are being demonetized and de-platformed. People are also being shadow-banned, resulting in their messages getting reduced visibility and circulation, all without anyone's knowledge. And it's not just the private networks either. We know from governments like China and revelations from Edward Snowden, that even more draconian measures are possible. Websites can be de-indexed from the search engines, taken offline, or even replaced with fake versions. Phone numbers and text can be blocked, as well as entire cellular and Internet networks. To circumvent these measures, here are a few options: [...] https://www.fenello.com/blog/circumventing-censorship/ ------------------------------ Date: Sun, 3 May 2020 23:15:16 -0700 From: Li Gong <ligongsf () gmail com> Subject: Brit cyber-spies drop 'whitelist' and 'blacklist' -- political correctness gone mad? https://www.theregister.co.uk/2020/05/02/uks_ncsc_whitelist_blacklist/ ------------------------------ Date: Tue, 5 May 2020 18:06:18 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Tracking your browsing using HTML canvas fingerprinting (Web Informant) Author writes: Every time you fire up your web browser your movements and browser history are being leaked to various websites. No, I am not talking about cookies, but about a technology that you may not have heard much about. It is called canvas fingerprinting. In this post, I will tell you what it does and how you can try to stop it from happening. Beware that the journey to do this isn't easy. The concept refers to coordinating a series of tracking techniques to identify a visitor using what browser, IP address, computer processor and operating system and other details. Canvas is based on the HTML 5 programming interface that is used to draw graphics and other animations using JavaScript. It is a very rich and detailed interface and to give you an idea of the data that the browser collects without your knowledge, take a look at the screenshot below. It shows my computer running Chrome on a Mac OS v.10.13 using Intel hardware. This is just the tip of a large iceberg of other data that can be found quite easily by any web server. https://blog.strom.com/wp/?p=7749 ------------------------------ Date: Wed, 6 May 2020 02:19:05 +0900 From: Dave Farber <farber () gmail com> Subject: UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal (The Register) https://www.theregister.co.uk/2020/05/05/uk_coronavirus_app/ ------------------------------ Date: Mon, 4 May 2020 17:36:21 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Visualization shows droplets from one cough on an airplane infecting large number of passengers, researchers say (FoxNews) EXCERPT: The coronavirus pandemic has brought air travel to an unprecedented standstill -- wreaking all sorts of havoc and putting countless jobs at risk -- but a new visualization is unlikely to make people eager to fly the friendly skies again soon. <https://www.foxnews.com/category/health/infectious-disease/coronavirus> The motion graphic produced by Purdue University researchers shows the aftermath of a single cough on an airplane, with tiny invisible droplets dispersing throughout the cabin, possibly infecting a large number of fellow passengers. [...] https://www.foxnews.com/science/visualization-droplets-one-cough-airplane-infecting-passengers ------------------------------ Date: Tue, 5 May 2020 09:59:54 -0400 From: Monty Solomon <monty () roscom com> Subject: Social Distancing Informants Have Their Eyes on You (NYTimes) Largely confined to their homes and worried about the spread of the coronavirus, members of the public are becoming unofficial watchdogs. https://www.nytimes.com/2020/05/04/us/social-distancing-rules-coronavirus.html ------------------------------ Date: Tue, 5 May 2020 12:34:05 -0700 From: Rob Slade <rmslade () shaw ca> Subject: BSides (World Netwide Online) So, a number of us are at home, prevented from going to any of the normal round of security conferences. But we are creative and inventive people, and we know the tech. So, why not create our own? I'm thinking the BSides model, trying to keep it as cheap (free?) as possible, for the widest possible access. (I'm thinking this because of the notices I am receiving from various vendors who are trying to actually sell their sales presentations, or combinations thereof, as conferences.) (I may be jumping the gun on that name/brand: I don't know who owns the BSides model or brand, and while I highly respect it, I don't want to step on any toes by simply assuming it.) I'm thinking this is more than just a big Zoom meeting, or even a series of Zoom meetings. Anybody in? ------------------------------ Date: Tue, 5 May 2020 19:31:23 -0500 From: "Mark E. Smith" <mymark () gmail com> Subject: Re: Online voting is too vulnerable (RISKS-31.79) Dick Mills appears to understate the risks to the public from US elections, whether the votes are cast online or not. Since the US Constitution does not require that the popular vote be counted, it is the Constitution itself, not the way in which elections are held, that constitutes a risk to the public, who can be fooled into thinking that their vote is a form of participation or a voice in government, when it is, in reality, merely an expression of wishful thinking. An election in which a candidate who loses both the popular and Electoral votes can still become President, is not a democratic process that ensures meaningful public input or influence. ------------------------------ Date: Wed, 6 May 2020 08:08:14 +0000 (UTC) From: David Alexander <davidalexander440 () btinternet com> Subject: Re: statistics and protection - Remdesivir Rob Slade looks for details in the reports on the trial of Remdesivir (Remdesivir works against CoVID-19! https://lite.cnn.com/en/article/h_1a62255cc20919cda25d487543ad9118) and I agree that the message the data gives does need to be managed to ensure it does not give a false sense of security. Unfortunately Rob appears to have missed one obvious point. The drug may not lower the mortality rate by much (but as far as I am concerned any life saved is a significant bonus for that individual, their family & friends) but reducing the recovery time by 4 days is absolutely crucial for a medical and care system that is heavily over-loaded. If it can get people out of hospital 4 days earlier, freeing up the bed and care professionals to treat somebody else who might otherwise die for a lack of treatment, that is a game changer, a 'force multiplier' for good. disclaimer: I am not a healthcare professional (but my fiancee is) nor do I have any connection with the pharmaceutical industry, except as a satisfied customer. ------------------------------ Date: Wed, 6 May 2020 20:08:40 +0800 From: Richard Stein <rmstein () ieee org> Subject: Re: Big Rigs Begin to Trade Diesel for Electric Motors (RISKS-31.64) https://catless.ncl.ac.uk/Risks/31/64#subj10.1 Privately-owned vehicles converted from carbon-fuel to battery-driven propulsion are apparently compliance-exempt from FMVSS 141, save for certain conversions as noted. The NY Times piece identifies at least one company that sells and conversion kits for classic VW models. A battery-powered stretch-Humvee does not need to hum unless it wants to. Here's the NHTSA's Office of Vehicle Safety Compliance (OVSC) response to my inquiry on after-market vehicle conversions. From: OVSCPublic () dot gov Date: 06MAY2020 Please note that the response provided below does not constitute authoritative legal advice. If you would like an authoritative answer, please request an interpretation from NHTSA's Office of Chief Counsel. Please also note that you may wish to consider the relevance of state/local laws and insurance policies. If this is a privately owned vehicle, and you are the owner, it is likely that modifications that you make do not fall under NHTSA's authority and would not need to comply with FMVSS 141 unless your modifications are extensive enough to make this a new vehicle (e.g. if an old body is placed on a new chassis). That being said, we would encourage vehicle owners to carefully consider whether vehicle modifications alter the vehicle in a way that might affect safety, and to take appropriate steps to ensure motor vehicle safety. NHTSA's enforcement authority applies primarily to entities such as manufacturers, distributors, dealers, and motor vehicle repair businesses rather than individual owners. If you are not the owner of the vehicle, you are likely to be considered such an entity. (In certain cases, you may also be such an entity even if you are the individual owner.) In such a case, we suggest seeking an interpretation from the Office of Chief Counsel or contacting the Compliance Assistance Program. The entities mentioned above are responsible for ensuring that vehicles comply with FMVSS that were applicable at the time of first sale - i.e. new vehicles. After first sale, such entities may not modify vehicles in a manner that knowingly makes inoperative part of a device or element of design that is required to maintain compliance with FMVSSs (see 49 USC 30122). Consequently, a business modifying/repairing a vehicle would need to consider whether they are modifying the vehicle in a manner that maintains compliance with the FMVSSs that applied to the vehicle at the time it was originally manufactured. Additionally, the answer to your question may hinge on whether the vehicles you intend to produce are consider new or used. If they are considered used, then FMVSS 141 would likely not apply. If the vehicle is considered new (e.g. if an old body is placed on a new chassis), then FMVSS 141 would apply subject to the phase-in schedule detailed in 49 CFR 571.141 S9. The phase-in schedule applies to small volume manufacturers beginning on September 1, 2020. The Office of Chief Counsel has previously addressed correspondence similar to your question. Please note that these interpretations are being provided as a reference and may not be applicable to your specific circumstances: * https://isearch.nhtsa.gov/files/8439.html * https://isearch.nhtsa.gov/gm/92/nht92-8.48.html For more information about interpretations from NHTSA's Chief Counsel, see https://isearch.nhtsa.gov/ For more information on the Compliance Assistance Program, see https://www.nhtsa.gov/laws-regulations/compliance-assistance-program-cap Thank you, OVSC Public ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.80 ************************
Current thread:
- Risks Digest 31.80 RISKS List Owner (May 06)