RISKS Forum mailing list archives
Risks Digest 31.83
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 16 May 2020 12:53:37 PDT
RISKS-LIST: Risks-Forum Digest Saturday 16 May 2020 Volume 31 : Issue 83 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.83> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Massachusetts uses same license plate numbers for diff vehicle types (WHDH) Feds Suspect Vast Fraud Network Is Targeting U.S. Unemployment Systems (NYTimes) Australia's largest steel producer shut down by ransomware attack (ABC AU) China is capable of shutting down Europe's 5G network regardless of whether Huawei equipment is included in it (UI.SE) Meaningless "review" of Imperial COVID codebase (Wordpress) Virginia Will No Longer Include Antibody Tests In Overall Test Data (DCist) Stimulus check delays when accounts were overdrawn! (Propublica) App Shows Promise in Tracking New Coronavirus Cases, Study Finds (NYTimes)
From asymptomatic to lethal:- Coronavirus discrepancies puzzle scientists
(WashTimes) Apple and Google clash with health officials over virus-tracking apps (WashPost) The Prophecies of Q (The Atlantic) DHS to advise telecom firms on preventing 5G cell tower attacks linked to coronavirus conspiracy theories (WashPost) Poll -- US believers see message of change from God in virus (AP) Re: COVID SW model is a steaming pile ... (Erling Kristiansen) Re: Coronavirus New York Shock: Two-Thirds Of Recent Patients Infected While Staying At Home (Jay Elinsky) Re: Risks in signature verification for mail-in ballots (Paul Burke) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 13 May 2020 23:44:43 -0400 (EDT) From: danny burstein <dannyb () panix com> Subject: Massachusetts uses same license plate numbers for diff vehicle types (WHDH) Massachusetts issues the same license plate number for different vehicles. So as the news article ref'ed below states, "there could be Mass passenger 1234, but also commercial 1234, Cape and Island 1234, Red Sox, Purple Heart, and more." The EZ Pass readers/back systems in Mass perform some sort of Arthur C. Clarke Magic [*] to determine which vehicle should get charged, but when the license plate is scanned in other states, well... A local couple was home, sheltering in place during the pandemic. So why was their car was being charged for tolls in another state? Hank's investigation gets answers and action. Cynthia's red four-door sits in her Concord driveway. Exactly where it's been for weeks. [...] So when Cynthia got her April EZ Pass bill she was baffled. It said her car went through tolls in New York, a COVID hot spot. [...] [It turned out that one of the local ambulances, with the same basic plate number, was part of the FEMA mutual aid response in NYC, which went through lots and lots of bridge and tunnel tollgates every day. Lots and lots of bills.] https://whdh.com/news/hank-investigates-incorrectly-charged-for-ezpass-tolls/ * Per the late science/science fiction author Arthur C. Clarke, "Any sufficiently advanced technology is indistinguishable from magic." ------------------------------ Date: Sat, 16 May 2020 14:59:56 -0400 From: Monty Solomon <monty () roscom com> Subject: Feds Suspect Vast Fraud Network Is Targeting U.S. Unemployment Systems (NYTimes) Investigators detected a sophisticated international attack they said could siphon hundreds of millions of dollars that were intended for the unemployed. https://www.nytimes.com/2020/05/16/us/coronavirus-unemployment-fraud-secret-service-washington.html ------------------------------ Date: Fri, 15 May 2020 09:17:33 +0000 From: John Colville <John.Colville () uts edu au> Subject: Australia's largest steel producer shut down by ransomware attack (ABC AU) https://www.abc.net.au/news/2020-05-15/bluescope-steel-cyber-attack-shut-down-kembla-ransomware/12251316 ------------------------------ Date: Fri, 15 May 2020 09:16:07 -1000 From: geoff goodfellow <geoff () iconia com> Subject: China is capable of shutting down Europe's 5G network regardless of whether Huawei equipment is included in it (UI.SE) Chinese cyber-espionage presents a huge challenge but almost all spying is carried out by means of applications and phishing, rather than through infrastructure... https://www.ui.se/globalassets/butiken/ui-paper/2020/ui-paper-no.-5-2020.pdf ------------------------------ Date: Thu, 14 May 2020 21:25:30 +0930 From: William Brodie-Tyrrell <william.brodie.tyrrell () gmail com> Subject: Meaningless "review" of Imperial COVID codebase (Wordpress) As is usually the case, a risk arises from people overestimating the applicability of their expertise. Specifically, commercial software developers "reviewing" a COVID simulation numerical model without understanding its requirements or how scientific software is applied. https://philbull.wordpress.com/2020/05/10/why-you-can-ignore-reviews-of-scientific-code-by-commercial-software-developers/amp/ The risk is that public trust in what was probably an excellent analysis (I'm not an epidemiologist so I couldn't possibly say - and neither can they) will be undermined by tech-bro egos. ------------------------------ Date: Thu, 14 May 2020 18:54:11 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Virginia Will No Longer Include Antibody Tests In Overall Test Data (DCist) This week, as Virginia has faced continuing criticism for its lag in widespread coronavirus testing even as it gears up to reopen large swaths of the state, government officials are grappling with yet another backlash. Media reports, including a story in the Richmond Times-Dispatch and a scathing article in The Atlantic, highlighted that the state was including antibody testing in its overall coronavirus testing numbers, artificially boosting those numbers and driving down the percentage of positive cases. Governor Northam has repeatedly cited increased testing capacity as the main reason that most of Virginia will begin to re-open starting this Friday. On Thursday, the Virginia Department of Health announced they would no longer include the results of antibody tests in their overall data, though officials stressed that its inclusion did not significantly alter the trends that aided the governor in making the decision to reopen. About 15,000 antibody tests had been included, making up about nine percent of the overall testing number. The commonwealth says the inclusion of this antibody testing data wasn't done on purpose -- it was the fault of an automatic computer programming system. https://dcist.com/story/20/05/14/virginia-will-no-longer-include-antibody-tests-in-overall-test-data/ Same as HAL 9000, Colossus the Forbin Project, etc. No human's fault... ------------------------------ Date: Mon, 27 Apr 2020 17:24:46 +0000 From: Lindsay Marshall <Lindsay.Marshall () newcastle ac uk> Subject: Stimulus check delays when accounts were overdrawn! (Propublica) Plenty in this article for RISKS lovers to chew on. https://www.propublica.org/article/millions-of-people-face-stimulus-check-delays-for-a-strange-reason-they-are-poor ------------------------------ Date: Fri, 15 May 2020 13:28:58 -0400 From: Monty Solomon <monty () roscom com> Subject: App Shows Promise in Tracking New Coronavirus Cases, Study Finds (NYTimes) The app, which allows people to record their symptoms, was remarkably effective in predicting infections. The most reliable indicators, researchers found, were loss of smell and taste. https://www.nytimes.com/2020/05/11/health/coronavirus-symptoms-app.html ------------------------------ Date: Fri, 15 May 2020 09:17:27 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: From asymptomatic to lethal:- Coronavirus discrepancies puzzle scientists (WashTimes) *COVID-19 lack of symptoms compared to Zika outbreaks* EXCERPT: The share of people who are infected with the coronavirus but never get sick varies widely from place to place, from less than 20% of cruise ship passengers in Japan to a whopping 95% of inmates at an Ohio prison, underscoring the challenge in weeding out infections and isolating the virus as parts of the world reopen. During the mosquito-borne Zika outbreak in 2015 and 2016, scientists were confident that 75% of those infected would not develop symptoms. But scientists are having a hard time pinpointing a global average for COVID-19, the disease caused by the new coronavirus, and are finding different rates in different places. A study in Iceland found that half of those who tested positive for the coronavirus infection showed no signs of illness. Nearly 1 in 5, or 17.9%, of infected passengers on the Diamond Princess cruise ship off Japan were asymptomatic, according to a March study. The Center for Evidence-Based Medicine at Oxford University said 50% to 70% of people in an Italian village west of Venice were asymptomatic, compared with 31% of Japanese nationals evacuated from Wuhan, China, where the outbreak began in December. [...] https://www.washingtontimes.com/news/2020/may/14/coronavirus-asymptomatic-discrepancies-compared-zi/ ------------------------------ Date: Fri, 15 May 2020 16:13:22 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Apple and Google clash with health officials over virus-tracking apps (WashPost) The tech giants have refused officials' pleas to allow the collection of location data and to help contact-tracing teams learn where new infections have spread. https://www.washingtonpost.com/technology/2020/05/15/app-apple-google-virus/ ------------------------------ Date: Thu, 14 May 2020 19:59:36 -0400 From: Monty Solomon <monty () roscom com> Subject: The Prophecies of Q (The Atlantic) American conspiracy theories are entering a dangerous new phase. https://www.theatlantic.com/magazine/archive/2020/06/qanon-nothing-can-stop-what-is-coming/610567/ ------------------------------ Date: Wed, 13 May 2020 23:11:27 -0400 From: Monty Solomon <monty () roscom com> Subject: DHS to advise telecom firms on preventing 5G cell tower attacks linked to coronavirus conspiracy theories (WashPost) Disinformation has spurred sporadic attacks against cell towers in the United States. https://www.washingtonpost.com/national-security/dhs-to-advise-telecom-firms-on-preventing-5g-cell-tower-attacks-linked-to-coronavirus-conspiracy-theories/2020/05/13/6aa9eaa6-951f-11ea-82b4-c8db161ff6e5_story.html ------------------------------ Date: Fri, 15 May 2020 09:19:26 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Poll -- US believers see message of change from God in virus (AP) EXCERPT: The coronavirus has prompted almost two-thirds of American believers of all faiths to feel that God is telling humanity to change how it lives, a new poll finds. While the virus rattles the globe, causing economic hardship for millions and killing more than 80,000 Americans, the findings of the poll by the University of Chicago Divinity School and The Associated Press-NORC Center for Public Affairs Research indicate that people may also be searching for deeper meaning in the devastating outbreak. Even some who don't affiliate with organized religion, such as Lance Dejesus of Dallastown, Pa., saw a possible bigger message in the virus. [...] https://apnews.com/0bed79d024a56d2ac0b93bc51df80e9b ------------------------------ Date: Thu, 14 May 2020 18:57:29 +0200 From: Erling Kristiansen <erling.kristiansen () xs4all nl> Subject: Re: COVID SW model is a steaming pile ... (Wol, RISKS-31.82) Wol missed the point of Baker's article: That running a computer program twice with the same inputs (including PRNG seed, if relevant) should produce identical (not just similar) outputs. If not, something is VERY wrong, and output is essentially useless. You just don't know what you are doing. Reproducibility in science is something different: Repeating an experiment or observation, or doing a different experiment to determine the same parameters, gives you confidence in the results if they give similar (but not strictly identical) results. In astronomy, you do observe the same objects using different telescopes, different methods, etc. So also here, finding similar results helps you gain confidence in the results. ------------------------------ Date: Fri, 15 May 2020 13:54:43 -0400 From: Jay Elinsky <jay.m.elinsky () gmail com> Subject: Re: Coronavirus New York Shock: Two-Thirds Of Recent Patients Infected While Staying At Home (RISKS-31.82) I can think of a few reasons why a whole-building air handler in multiple dwelling buildings, posited by Geoff Goodfellow, would be impractical besides its potential to distribute pathogens: 1) In case of fire, smoke and toxic fumes could be distributed throughout the building; 2) Cooking odors could be distributed throughout the building; 3) Impractically large ductwork would be required to carry large quantities of heat over long distances in the building via moving air. I've lived in two high rise residential buildings with central air conditioning. In neither building is air from throughout the building mixed in a central chamber. In one building, chilled water is distributed to fan coil units located in each room. A fan, controlled by a thermostat in the room, blows room air over the chilled coils. In the other building, central A/C is provided by heat pumps in each unit, almost in the usual way, except that the heat pump transfers room heat to water that circulates throughout the building, rather than to a refrigerant circuit. The circulating water passes through a rooftop cooling tower which transfers the heat to the outdoors. ------------------------------ Date: Thu, 14 May 2020 13:05:49 -0700 From: Paul Burke <box1320 () gmail com> Subject: Risks in signature verification for mail-in ballots RISKS Digest 31.82 reported a story that "All California voters will receive mail-in ballots for November" Far more than "all voters" will receive mail-in ballots. California will mail to inactive addresses too: "over 458,000 likely dead or relocated persons will be mailed ballots... Almost 178,000 have *never* voted... Mass 'seeding' of unclaimed ballots, coupled with ballot 'harvesting' by unscrupulous operatives, is a significant risk to the integrity of the November election." https://www.prnewswire.com/news-releases/hundreds-of-thousands-of-ineligible-persons-could-be-mailed-ballots-if-california-goes-all-mail-in-november-election-301055445.html Accepting mailed ballots depends purely on comparing one signature on the outside of the envelope to one or more signatures on file. Comparisons are often automated. Successful computer matches are not always reviewed, and false match rates are unknown. "[A]lgorithms that look for a certain number of points of similarity between the compared signatures... different brands of machines are used... ES&S, Olympus, Vantage, Pitney Bowes, Runbeck, and Bell & Howell... a wide range of algorithms and standards, each particular to that machine's manufacturer, are used to verify signatures. In addition, counties have discretion in managing the settings and implementing manufacturers' guidelines... there are no statewide standards for automatic signature verification... most counties do not have a publicly available, written explanation of the signature verification criteria and processes they use" https://www-cdn.law.stanford.edu/wp-content/uploads/2020/04/FINAL-Signature-Verification-Report-4-15-20.pdf For manual signature reviews, that same Stanford study says, "Most counties review ballot signatures with a basic presumption in favor of counting each ballot... [Some] declare that just three or even one matching characteristic between the ballot signature and the comparison signature will be sufficient to find a match... many county officials expressed that evaluating ballot signatures is made substantially harder by the decline of cursive education and by the use of electronic signature pads during DMV registration, which often produce blurry signatures or flatten otherwise distinctive elements of a signature. Both issues disproportionately affect younger voters, who are more likely to have registered on an electronic signature pad and are less likely to have learned cursive in school. The registrar of one Bay Area county explained that she 'cannot compare a printed name to a signature,' and that people printing rather than signing their names on their ballots is 'becoming more prevalent over time.' " Stanford says that signatures also vary more from people who rarely use Roman characters, such as some Asian-Americans. "election officials with little or no training in verifying a person's signature are tasked with doing just that... it's unlikely that only one or two samples will show the spectrum of a person's normal variations... Even major treatises on handwriting analysis concede that it is extremely difficult for anyone to be able to figure out if a signature or other very limited writing sample has been forged..." https://www.propublica.org/article/handwriting-disputes-cause-headaches-for-some-absentee-voters California requires less than a week notice to voters to cure discrepancies. Many states allow less time than that. (And Stanford says they often still require a new signature to match a signature on file.) https://www.ncsl.org/research/elections-and-campaigns/verification-of-absentee-ballots.aspx I fully support all-mail voting this year. We need to measure and minimize false-positive and false-negative signature verification. What levels will be acceptable? There's scope to suppress young voters and Asian-American voters. ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.83 ************************
Current thread:
- Risks Digest 31.83 RISKS List Owner (May 16)