RISKS Forum mailing list archives
Risks Digest 32.91
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 30 Oct 2021 16:36:42 PDT
RISKS-LIST: Risks-Forum Digest Saturday 30 October 2021 Volume 32 : Issue 91 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.91> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Lettering on clothes mistaken for license plate (BBC) Florida Humidity Grounded Starliner (AVweb) Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away after apparent software bugs (WashPost) Blue Line Train Had Derailed Twice Before On The Same Day: NTSB (Patch) Surprise Russian Thruster Firing Prompts Space Station Emergency (NYTimes) Russia's Massive Internet Censorship Project (NYTimes) Gun-toting robo-dogs look like a dystopian nightmare. That's why they offer a powerful moral lesson (phys.org) Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor. (Archive) I *really* hate Hopin ... (Rob Slade) Left vs. Right VS. Facebook (Lauren Weinstein) I’m Not a Pilot, but I Just Flew a Helicopter Over California (NYTimes) Anonymity No More? Age Checks Come to the Web. (NYTimes) These Neural Networks Know What They're Doing (MIT News) Apple and Privacy (Lauren Weinstein) Ransomware Activity Report (Googleapis) Ransomware attack knocks some Sinclair television stations off the air (WashPost) Pirate-site operator hacked MLB and tried to extort $150,000, feds say (Ars Technica) Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review) Banning anonymous social media accounts would only stifle free speech and democracy (The Guardian) No ink, no scan: Canon USA printers hit with class-action suit (ZDNet) Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend (ZDNet) Tech workers warned they were going to quit. Now, the problem is spiraling out of control (ZDNet) Re: Elevator-Pitch Privacy (Arthur T.) Re: Trans man says confusion caused cervical screening delay (Amos Shapir) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 21 Oct 2021 18:11:22 -0400 (EDT) From: Mark Brader <msb () Vex Net> Subject: Lettering on clothes mistaken for license plate (BBC) A bus lane camera mistook a woman's sweater for a number plate, and her husband received a fine for driving in the bus lane. The camera interpreted the word 'KNITTER' as her husband's number plate KN19TER. [She would have been *number* if the bus had hit her in the pedestrian crossing, but apparently the bus *letter* go. Item PGN-ed] http://www.bbc.co.uk/news/uk-england-somerset-58959930 ------------------------------ Date: Mon, 25 Oct 2021 15:15:52 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Florida Humidity Grounded Starliner (AVweb) Boeing’s Starliner spacecraft’s valves may have frozen because they couldn’t handle Florida’s humidity, according to a report by United Press International. UPI quotes NASA and Boeing spokespeople as saying the famous Florida stickiness may have caused corrosion in the valves that kept them from functioning prior to an uncrewed test launch of the capsule in August. The fuel oxidizer that flows through some of those valves apparently reacted to the humidity and the resulting corrosion locked up the valves. https://www.avweb.com/aviation-news/florida-humidity-grounded-starliner/ How could anyone predict or plan for that? [Let us not forget the loss of the Challenger shuttle, when the scientists had warned that the O-rings would not hold at subfreezing temperatures. PGN] ------------------------------ Date: Mon, 25 Oct 2021 14:45:38 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away after apparent software bugs (WashPost) The company has come under criticism from regulators for practices related to its Full Self-Driving beta. https://www.washingtonpost.com/technology/2021/10/24/tesla-full-self-driving-musk/ Let's all look forward to wondering how our cars will drive TODAY... ------------------------------ Date: Tue, 19 Oct 2021 14:02:23 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Blue Line Train Had Derailed Twice Before On The Same Day: NTSB (Patch) Federal investigators uncovered two previous derailments by the same train on the same day last week and other unreported Metro failures. Through its investigation of the derailment, NTSB learned that the Washington Metropolitan Area Transit Authority (WMATA) was aware of potential problems with the wheel and axel assembles of its Series 7000 trains since at least 2017. WMATA told inspectors that Metro trains had experienced two failures of their wheel assembles in both 2017 and 2018, four failures in 2019, five in 2020, and 18 in 2021. "That was before Friday, and that totaled 31," she said. "Adding to that number are the failures that were uncovered as a result of their inspections, which were initiated on Friday, which uncovered, so far, an additional 21 failures." In all, Homendy said the Series 7000 cars had experienced 39 failures in 2021 for a total of 52 failures since 2017. She added that those were preliminary numbers. "Of the 748 cars in the series, they have inspected 514, so that number could go up," Homendy said. https://patch.com/district-columbia/washingtondc/blue-line-train-had-derailed-3-times-same-day-ntsb ------------------------------ Date: Tue, 19 Oct 2021 14:05:44 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Surprise Russian Thruster Firing Prompts Space Station Emergency (NYTimes) While the astronauts were said to not be in any danger, it was the second such incident since July. The incident occurred on Friday morning as the Russian astronaut Oleg Novitsky was performing a test of the engines aboard the Soyuz MS-18 spacecraft, a crew module that has been docked to the station since April. The spacecraft is scheduled to return three passengers to Earth on Sunday. When the engine test was scheduled to end, “the thruster firing unexpectedly continued,” Leah Cheshier, a NASA spokeswoman, said in an email, and the station orbital positioning control was lost at 5:13 a.m. Eastern time. Russian officials in Moscow and personnel at NASA’s astronaut headquarters in Houston sprang into action during the incident, voicing commands to their astronauts to initiate emergency protocols. “Oleg, take it easy, the station was turned by 57 degrees, no big deal,” a Russian mission control official in Moscow was quoted as saying to the astronaut by Interfax, a Russian news agency. “We had to make sure that engines are in order, this is important.” “Station, Houston space-to-ground two, we see the loss of attitude control warning,” NASA mission control in Houston alerted its astronauts on the station, instructing them to begin emergency procedures in the crew’s “warning book.” Flight controllers regained control of the station within 30 minutes, Ms. Cheshier said. ... Unexpected jolts to the space station, which is the size of a football field, put stress on the forest of instrumentation on its exterior. After the Nauka incident, Zebulon Scoville, a NASA flight director who managed the agency’s emergency response that day, said on Twitter that he had never “been so happy to see all solar arrays + radiators still attached.” https://www.nytimes.com/2021/10/15/science/international-space-station-russia.html?referringSource=articleShare ------------------------------ Date: Sat, 23 Oct 2021 08:38:44 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Russia's Massive Internet Censorship Project (NYTimes) https://www.nytimes.com/2021/10/22/technology/russia-internet-censorship-putin.html ------------------------------ Date: Fri, 22 Oct 2021 15:57:56 +0800 From: Richard Stein <rmstein () ieee org> Subject: Gun-toting robo-dogs look like a dystopian nightmare. That's why they offer a powerful moral lesson (phys.org) https://phys.org/news/2021-10-gun-toting-robo-dogs-dystopian-nightmare-powerful.html "US-based military robot manufacturer Ghost Robotics has strapped a sniper rifle to a robotic dog, in the latest step towards autonomous weaponry." ------------------------------ Date: Tue, 19 Oct 2021 07:43:12 -0600 From: "Matthew Kruk" <mkrukg () gmail com> Subject: Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor. (Archive) https://archive.ph/UNbpQ When teens started turning up in doctors' offices with sudden, severe physical tics, specialists suspected social media: The girls had been watching Tourette syndrome TikTok videos ------------------------------ Date: Thu, 21 Oct 2021 12:15:06 -0700 From: Rob Slade <rmslade () shaw ca> Subject: I *really* hate Hopin ... I, somewhat famously, hate Slack. Or, at least, I thought I hated Slack until I was forced to use Teams. And I thought I hated teams until I was forced to use Hopin. I really, *really* hate Hopin. I had to use Hopin because BSidesEdmonton used Hopin. It took two days to get the settings right, and, even then, there was no way to see what I was actually presenting. (One of Hopin's "functions" is that you *can't* sign on more than once on one account. And I hate Hopin so much that I'm *really* not eager to go and create a *second* Hopin account just to fix their shortcomings.) I got through the BSidesEdmonton presentation OK. BSidesCalgary (today and tomorrow) *also* is using Hopin. It *also* took two days to try and find settings that would work for Hopin with them, even though I was already into Hopin with BSidesEdmonton. And, when I signed on this morning, with the same computer, and the same browser, all of a sudden my cmarea wouldn't work. (I have just spent another hour with someone from the conf, chasing through Control Panel and browser settings, all of which seemed to be set properly, but seeming to have to reboot the computer to get it to work properly. And I have limited confidence that it is still going to work in a couple of hours when I have to actually present.) (It's a good thing that I'm a bit obsessive about this stuff, and tend to overprepare.) Even on that test call with someone from the conference, some weirdnesses were apparent. Although she said my voice was coming through with problems, she obviously didn't hear me at times, and *her* voice would drop out at random times. (Actually, I don't think they *were* random. I think Hopin was *deliberately* dropping her voice out *just* when she was giving the most important details. I hate Hopin.) It may be that Hopin, like others of its ilk, is a victim of its own success. The BSidesCalgary people have done a great job (aside from their choice of Hopin), and about 260 attendees are online right now. It's possible that this is responsible for the fact that it can take over a minute for slides to change, and for some of the voice dropouts. I've been doing teleconferencing, for teaching, for over 35 years now. And, as I've said, it's disappointing to see how little its realy worked for teaching in all that time ... [I've been *hopin'* for many years that a telecon facility would emerge with fundamental design goals to be be reliable, resilient, and secure -- and (above all) would provide a really pleasant friendly user experience. However, each would-be successor seems to be worse than its predecessors. No one seems to be learning from past shortcomings. PGN] ------------------------------ Date: Sun, 24 Oct 2021 19:10:58 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Left vs. Right VS. Facebook So the Right is screaming that employees inside Facebook wanted to remove their content -- and the Left is screaming that management at Facebook didn't actually do so. More & more, this looks like an effort from both sides to give governments micromanagement of content. VERY BAD. ------------------------------ Date: Tue, 26 Oct 2021 00:31:35 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: I’m Not a Pilot, but I Just Flew a Helicopter Over California (NYTimes) New technology, a few iPads and a quick tutorial can help anyone act like a pilot. Dealing with air traffic control is another matter. But there was a caveat: As I flew, a licensed pilot sat beside me. He talked me through the flight and generally kept me in check. At one point, I turned east and twisted the joystick with a little too much confidence. He reached over, grabbed the joystick and corrected my attitude. The new technology required more than 15 minutes of training. Though I could turn and twist and climb, I could not handle the radio communication with air traffic controllers during takeoff and landing, and I needed help setting a course across the valley. Learning those tasks may ultimately be more intimidating and more difficult than flying the aircraft. “You still need someone with training in communications protocols, what speed and elevation to fly and where the system is unsafe to operate,” said Jessica Rajkowski, head of artificial intelligence and autonomous systems at Mitre, a nonprofit that runs a research and development center for the Federal Aviation Administration. https://www.nytimes.com/2021/10/25/technology/automated-flight-helicopter-skyryse.html ------------------------------ Date: Thu, 28 Oct 2021 00:22:26 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Anonymity No More? Age Checks Come to the Web. (NYTimes) To protect children online, more companies and governments are forcing users to prove how old they are. https://www.nytimes.com/2021/10/27/technology/internet-age-check-proof.html ------------------------------ Date: Mon, 18 Oct 2021 12:42:26 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: These Neural Networks Know What They're Doing (MIT News) Adam Zewe, MIT News, 14 oct 2021 via ACM TechNews; Monday, October 18, 2021 Massachusetts Institute of Technology (MIT) researchers have demonstrated that a specific neural network can learn the cause-and-effect structure of a navigation task it is taught. The researchers observed that a Neural Circuit Policy (NCP) system assembled by liquid neural network cells can autonomously control a self-driving vehicle using just 19 control neurons. They determined that when an NCP is being trained to complete a task, the network learns to interact with the environment and factor in interventions, or to recognize if an intervention is altering its output, and then it can relate cause and effect together. Tests put NCPs through various simulations in which autonomous drones performed navigation tasks. MIT's Ramin Hasani said, "Once the system learns what it is actually supposed to do, it can perform well in novel scenarios and environmental conditions it has never experienced." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d2bcx22e8edx073553& [Please don't forget the usually forgotten corner cases. PGN] ------------------------------ Date: Sat, 23 Oct 2021 19:19:46 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Apple and Privacy Steve Jobs was commonly accused of having a Reality Distortion Field. Apple nowadays has a "Privacy Distortion Field" -- their "privacy" push is not really what it appears to be at first glance, along a variety of vectors. ------------------------------ Date: Fri, 29 Oct 2021 19:37:49 -0400 From: Monty Solomon <monty () roscom com> Subject: Ransomware Activity Report (Googleapis) https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf ------------------------------ Date: Mon, 18 Oct 2021 20:22:48 -0400 From: Monty Solomon <monty () roscom com> Subject: Ransomware attack knocks some Sinclair television stations off the air (WashPost) The company says hackers targeted several of its servers and workstations, a= nd took unspecified data. https://www.washingtonpost.com/business/2021/10/18/sinclair-broadcasting-ran= somware-attack/ ------------------------------ Date: Fri, 29 Oct 2021 22:11:29 -0400 From: Monty Solomon <monty () roscom com> Subject: Pirate-site operator hacked MLB and tried to extort $150,000, feds say (Ars Technica) https://arstechnica.com/tech-policy/2021/10/pirate-site-operator-hacked-mlb-and-tried-to-extort-150000-feds-say/ ------------------------------ Date: Fri, 29 Oct 2021 19:29:11 -0400 From: Monty Solomon <monty () roscom com> Subject: Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review) https://gadgets.ndtv.com/internet/news/zero-day-hacking-attack-2021-record-unprecedented-mit-technology-review-2551866 ------------------------------ Date: Mon, 25 Oct 2021 18:41:01 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Banning anonymous social media accounts would only stifle free speech and democracy (The Guardian) https://www.theguardian.com/commentisfree/2021/oct/25/banning-anonymous-social-media-accounts-stifle-free-speech-abuse ------------------------------ Date: Thu, 21 Oct 2021 20:32:42 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: No ink, no scan: Canon USA printers hit with class-action suit (ZDNet) A class-action lawsuit has been launched against Canon for its 4-in-1 printers refusing to scan when one of their ink tanks is empty. [...] In addition, since inkjet ink costs an astronomical $12,000 a gallon, the ink prices are also outrageous. It comes as no surprise that according to a 2019 Consumer Reports printer use survey, the "most common complaint was the high cost and hassle of replacing ink cartridges." https://www.zdnet.com/article/untrustworthy-canon-printer-lawsuit/ ------------------------------ Date: Thu, 21 Oct 2021 20:34:32 -0400 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend (ZDNet) On October 24, 2021, some time-keeping systems are going to take a trip back in time to March 2002, unless you update your GPSD programs. "Does anybody really know what time it is? Does anybody really care?" Actually, if you use computers for pretty much anything, you do. Oh, you may not know it if you're not a system or network administrator, but security, identification, networks, everything that makes the Internet go depends on accurate time-keeping. Some systems rely on Global Positioning Systems (GPS) appliances and the GPSD daemon to tell the exact time, and a nasty bug's been uncovered in GPSD that's going to pop up on October 24, 2021. If left unpatched, it's going to switch your time to some time in March 2002, and your system will crash with a resounding kaboom. Here's how it works. First, Earth time is not absolute. Earth's spin speed varies in response to geological events. The International Earth Rotation and Reference Systems Service (IERS) tracks this, and every few years, it adds a leap-second to the year. This is done to Coordinated Universal Time (UTC), which is the standard universal time system. UTC is used by the Internet's Network Time Protocol (NTP). In turn, NTP is used to keep all Internet-connected devices in sync with each other. https://www.zdnet.com/article/thanks-to-a-nasty-gpsd-bug-real-life-time-travel-trouble-arrives-this-weekend/ ------------------------------ Date: Fri, 22 Oct 2021 12:54:51 -0600 From: "Matthew Kruk" <mkrukg () gmail com> Subject: Tech workers warned they were going to quit. Now, the problem is spiraling out of control (ZDNet) https://www.zdnet.com/article/tech-workers-warned-they-were-going-to-quit-now-the-problem-is-spiralling-out-of-control/ ------------------------------ Date: Mon, 18 Oct 2021 00:18:24 -0400 From: "Arthur T." <risks202110.6.atsjbt () xoxy net> Subject: Re: Elevator-Pitch Privacy (RISKS-32.89) I am not a lawyer, but... At least two U.S. states require "all parties" to accept (or at least be aware of) audio recording. Pennsylvania requires it for electronic listening, even if there is no recording being made. That suggests that the ability to silently tap into an elevator's microphone (or at least making use of that ability) might be illegal in some places. ------------------------------ Date: Sat, 23 Oct 2021 19:45:33 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Trans man says confusion caused cervical screening delay (RISKS-32.90) The bug here seems to be that of trying to use a data item -- gender -- which was collected for one purpose, for a slightly different purpose -- namely, to determine which patients have a cervix. The rather recent changes of attitudes towards gender identification, may have changed the value of the "gender" item from a binary to a multi-valued element. But for a longer while now, modern medicine has enabled changes in the human body, such as removal or implantation of gender-related organs. Medical databases should take note of such changes, and implement better distinctive data elements, instead of a single M/F flag. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.91 ************************
Current thread:
- Risks Digest 32.91 RISKS List Owner (Oct 30)