MSGID: 1:18/200@fidonet 5ca956ba
CHRS: CP437 2
TZUTC: -0400
TID: MBSE-FIDO 1.0.7.12 (GNU/Linux-x86_64)
(Apologies for any weird characters: posting to Linux from a Windows box...)
RISKS-LIST: Risks-Forum Digest Monday 1 April 2019 Volume 31 : Issue 15
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at as
The current issue can also be found at
Contents:
Might this be the last vestige of the British Empire? (PGN)
MIT To Require 'Turing Test' for Admissions (Henry Baker)
Russian interference alleged in mayor's election (Mark Thorson)
ThickerThanWater[dot]com (Richard Stein)
Electric seaplanes? (Rob Stein)
British Airways flight lands 525 miles away from destination (USA Today)
Computer outage led to flight delays for some U.S. biggest airlines (Vox)
HTTPS Isn't Always As Secure As It Seems (WiReD)
Twitter Network Uses Fake Accounts to Promote Netanyahu (NYTimes)
Lawmakers Scrutinize Timeline for Boeing 737 MAX Software Fix (WSJ)
Road safety: UK set to adopt vehicle speed limiters (bbc.com)
Russia Regularly Spoofs Regional GPS (DarkReading)
Smart talking: are our devices threatening our privacy? (The Guardian)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 1 Apr 2019 12:00:00 -0700
From: "Peter G. Neumann"
Subject: Might this be the last vestige of the British Empire?
Given the troubles over the Brexit referendum, where at present no
acceptable solution appears to be possible, Great Britain seems likely to be
splitting altogether. A new proposal is that England itself would splinter,
with London, Oxbridge, and a few other regions becoming part of France
(Fritainnia?) to remain within the EU, while the rest of England would
become something like Less Britain. [Some pundits mistakenly see a parallel
with the Greater Antilles and the Lesser Antilles, although in that case,
size was the primary measure for the naming.]
Despite the troubles over the Troubles, it appears that Northern Ireland and
the Republic of Ireland have finally decided to merge, with a new capital
city to be built on the border (perhaps Dubbel, with the combined
population, although Dubfast and Belin might also be under consideration).
Reversing the 1973 referendum to split, this would enable Northern Ireland
to remain within the EU, in the face of the uncertainties noted above.
Scotland and Wales are still contemplating whether to join the new
Fritainnia, or the new United States of Ireland; remaining with Less Britain
somehow seems less likely to many observers.
Finally, given all of the above, the British Parliament seems most likely to
abolish itself altogether, starting first with the House of Lords (long
overdue), and then Commons.
[So, why is this relevant to RISKS? Once again, late-stage maneuvering
seems to be just one more example of the results of short-term
optimization instead of long-term planning. The Foresight Saga
strikes again. PGN]
------------------------------
Date: Mon, 1 Apr 2019 13:00:00 -0700
From: Henry Baker
Subject: MIT To Require 'Turing Test' for Admissions
Cambridge, MA -- The Massachusetts Institute of Technology ("MIT") today
announced that -- in addition to the usual SAT, ACT, etc., standardized
tests -- applicants to MIT will now also have to pass a Turing Test.
``The Turing test, developed by [famed English WWII codebreaker and
computer scientist] Alan Turing in 1950, is a test of a machine's ability
to exhibit intelligent behavior equivalent to, or indistinguishable from,
that of a human.'' -- Wikipedia
``We've been overwhelmed by applications from robots,'' said Dr. Noah
Gnurds, MIT Director of Admissions. Dr. Gnurds continued, "If we didn't
filter out robot applications, our current acceptance ratio of 7.9% would be
10^-3 times as large. As it is, we send out ten times as many acceptance
letters to robots as to human applicants. This new test will ensure that we
admit people, not test scores."
https://mitadmissions.org/apply/firstyear/tests-scores/
NYTimes reporter Ivy Leek asked, ``Is MIT's announcement related in any way
to the recent 'Operation Varsity Blues' college admissions scandal?''
``Not really. We doubt that MIT will be implicated, because MIT doesn't
admit applicants too stupid not to use Tor, Signal and untraceable
blockchain cryptocurrencies for their legacies,'' Dr. Gnurds responded.
When asked how these new Turing Tests would be administered, Dr. Gnurds
said, ``Due to the substantial effort required to administer these tests,
MIT has developed a new Artificial Intelligence/Machine Learning program in
conjunction with IBM's Watson research effort. IBM believes that Watson can
sniff out even the most sophisticated robots.''
``Isn't there some irony in utilizing a robot to test for robots?' asked a
reporter from MIT Technology Review. Noah replied, ``It takes one to know
one.''
------------------------------
Date: Mon, 1 Apr 2019 08:00:22
From: Mark Thorson
Subject: Russian interference alleged in mayor's election
WASHINGTON DC (4/1/2019) -- Sources close to the recent Mueller probe leaked
an unlikely finding in the investigation of Russian interference in U.S.
elections. According to experts, social-media hackers engineered the upset
victory of the mayor of a small city in Idaho. Vladimir Jackson won the top
office of Moscow ID. with an astounding 97% of votes cast. "The election
had to be rigged," said Solomon Spaulding, owner and operator of Moscow
Haircuts. "I know most everybody in town, and nobody I know voted for him."
Jackson, originally from New York City, ran on a black separatist platform,
which advocates the creation of an independent Afro-American state in a
region that is presently in Idaho. Reached for comment, Jackson denied any
illegitimacy in the election. "Isn't that the way it always is?," he asked.
"When a white guy gets elected nobody says the election is rigged, but when
a black guy gets elected people just assume it can't be kosher. Give me a
break!"
"There is no doubt that Russians exerted influence in the Moscow mayor's
race," said an informed source on condition of anonymity. "What we don't
know is whether it's because the town's name is Moscow, the candidate's name
is Vladimir, or maybe they sought to sow discord by supporting black
separatism." A spokeperson for the Russian embassy denied any involvement,
saying, "Why do we care about mayor? We got bigger fish. This is only to
make us look bad. We no do it."
------------------------------
Date: Mon, 1 Apr 2019 18:46:08 -0800
From: Richard Stein
Subject: ThickerThanWater[dot]com
WASHINGTON, D.C. -- In a nationwide sting operation involving 600 federal
marshals and over 20 FBI field offices, the Justice Department indicted the
principals of ThickerThanWater.com (TTW), a startup specializing in human
DNA analysis. The indictment also names intelligence and law enforcement
personnel. TTW had planned their initial public offering the following week.
TTW was a deep-state cover business established for one purpose: Create,
manage, and monetize a vast human DNA database to accelerate cold-case
closure, exonerate the wrongly convicted, and track foreign espionage
sleeper agents.
To promote these objectives, TTW funded a "blood bounty" program enlisting
nearly 10,000 phlebotomists over a 9-month interval. Records show that each
participating phlebotomist pocketed almost $500/day, at $5 per sample cash,
with no questions asked by patients subject to routine blood extraction per
hospital or doctor wellness visit.
Dropoff locations reportedly overflowed with blood samples containing
personal identifying information. Hospital administrators were blind to the
blood sample tube inventory turnover; the extra consumables were never
missed.
TTW's corporate charter sought to commercially exploit DNA telomeric
extrapolation maps. These maps, when combined with Turing's tNose, enabled
human exposome tracking.
The exposome is the unique aroma, a scent-like fingerprint, that each person
exudes from interactions between skin bacteria and pheromones. Telomeric
extrapolation maps predetermine each person's mix of skin bacteria and
pheromone, coupled to DNA replication and protein synthesis.
Approximately 250 million DNA profiles were created by TTW and their army of
phlebotomists-for-hire. Each profile was subject to real-time exposomal
tracing. The Justice Department released a 2 minute-long videoclip of TTW's
SOC â.. Smell Operation Center â.. showing red, blue, and green exposomal
tracks
with metadata updates across a large tessellated display.
A Justice Department spokeswoman refused to comment on cold-case closures,
prisoner releases, or sleeper spy discoveries.
"I thought I was being patriotic when TTW called," said Ann, a phlebotomist
with 12 years of experience. "I figured that law enforcement and
intelligence agencies needed the help. The bounty added up quickly. Of
course, I reported every nickel of bounty-earned income on my taxes -- I
kept sample records on my phone!"
As TTW's CEO was perp-walked and frog-marched under police custody, she
shouted, "Blood is thicker than water!"
------------------------------
Date: Tue, 26 Mar 2019 12:05:58 -0700
From: Rob Slade
Subject: Electric seaplanes?
I've lived around seaplanes all my life. At one point I spent a lot of time
traveling up and down the coast in seaplanes, particularly Beavers. So I
was very interested in this story about Harbour Air converting float planes
to battery power.
https://www.harbourair.com/harbour-air-and-magnix-partner-to-build-worlds-first
-all-electric-airline/
https://www.timescolonist.com/news/local/harbour-air-to-add-zero-emission-elect
ric-plane-aims-to-convert-whole-fleet-1.23770626
The initial conversion of a Beaver will be intriguing. I'll be fascinated
when they get to convert an Otter (a candidate for world's noisiest
aircraft) to electricity. (I know Harbour Air has a number of them.)
I'll be wondering how well electric engines get along with salt water. Most
of my flying time was at longer distances, so I'm curious about the
half-hour range. (Although that's well within most of Harbour Air's
scheduled flights.) I'll be interested in recharge time and reliability.
(Harbour Air planes do tend to spend a lot of time sitting at the dock in
the bay.) The complete changeover from turbine engine to electric
infrastructure will be a non-trivial accomplishment.
But, if it works, it could be pretty great ...
------------------------------
Date: Tue, 26 Mar 2019 15:23:50 -0400
From: Monty Solomon
Subject: British Airways flight lands 525 miles away from destination
https://www.usatoday.com/story/travel/news/2019/03/25/british-airways-flight-la
nds-525-miles-away-destination-scotland-london-germany/3267136 002/
------------------------------
Date: Tue, 26 Mar 2019 15:25:53 -0400
From: Monty Solomon
Subject: Computer outage led to flight delays for some U.S. biggest airlines
(Vox)
The outage affected American Airlines, JetBlue, and other major airlines.
https://www.vox.com/the-goods/2019/3/26/18282767/sabre-outage-american-airlines
-jetblue-alaska-delays
------------------------------
Date: Thu, 28 Mar 2019 08:46:53 -0700
From: geoff goodfellow
Subject: HTTPS Isn't Always As Secure As It Seems (WiReD)
Widespread adoption of the web encryption scheme HTTPS has added a lot of
green padlocks and corresponding data protection -- to the web. Almost all
of the popular sites you visit every day likely offer this defense, called
Transport Layer Security (TLS), which encrypts data between your browser and
the web servers it communicates with to protect your travel plans,
passwords, and embarrassing Google searches from prying eyes. But new
findings from researchers at Ca' Foscari University of Venice in Italy and
Tu Wien in Austria indicate that a surprising number of encrypted sites
still leave these connections exposed.
https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/
In analysis of the web's top 10,000 HTTPS sites -- as ranked by Amazon-owned
analytics company Alexa -- the researchers found that 5.5 percent had
potentially exploitable TLS vulnerabilities. These flaws were caused by a
combination of issues in how sites implemented TLS encryption schemes and
failures to patch known bugs (of which there are many in TLS and its
predecessor Secure Sockets Layer. But the worst thing about these flaws is
they are subtle enough that the green padlock will still appear.
https://www.wired.com/2014/04/heartbleed-embedded/
https://www.wired.com/2014/10/poodle-explained/
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/
"We assume in the paper that the browser is up to date, but the things that
we found are not spotted by the browser," says Riccardo Focardi, a network
security and cryptography researcher at Ca' Foscari University, who also
co-founded the auditing firm Cryptosense. "These are things that are not
fixed and are not even noticed. We wanted to identify these problems with
sites' TLS that are not yet pointed out on the user side."
The researchers, who will present their full findings at the IEEE Symposium
on Security and Privacy in May, developed TLS analysis techniques and also
used some from existing cryptographic literature to crawl and vet the top
10,000 sites for TLS issues. And they developed three categories for the
types of vulnerabilities they found...
https://www.wired.com/story/https-isnt-always-as-secure-as-it-seems/
------------------------------
Date: Mon, 1 Apr 2019 10:05:31 +0300
From: Amos Shapir
Subject: Twitter Network Uses Fake Accounts to Promote Netanyahu (NYTimes)
An Israeli watchdog group has discovered a network of hundreds of fake
Twitter accounts, all promoting the candidacy of PM Netanyahu and his party,
using exact wordings of the party's official messages. These accounts
"like" and re-tweet each other, in an attempt to create the impression of
large grass-roots support.
https://www.nytimes.com/2019/03/31/world/middleeast/netanyahu-fake-twitter.html
Luckily, bots cannot actually vote (yet?)
------------------------------
Date: Wed, 27 Mar 2019 07:33:42 -0400
From: Monty Solomon
Subject: Lawmakers Scrutinize Timeline for Boeing 737 MAX Software Fix (WSJ)
The basics of the safety change were first described to airlines and pilot
groups last November
https://www.wsj.com/articles/lawmakers-scrutinize-timeline-for-boeing-737-max-s
oftware-fix-11553601603
------------------------------
Date: Thu, 28 Mar 2019 05:38:05 +0800
From: Richard Stein
Subject: Road safety: UK set to adopt vehicle speed limiters (bbc.com)
https://www.bbc.com/news/business-47715415
"Under the ISA system, cars receive information via GPS and a digital map,
telling the vehicle what the speed limit is. This can be combined with a
video camera capable of recognising road signs. Under the ISA system, cars
receive information via GPS and a digital map, telling the vehicle what the
speed limit is. This can be combined with a video camera capable of
recognising road signs."
RISKS Trifecta: GPS spoofing, digital map inaccuracies, digital image
recognition.
------------------------------
Date: Wed, 27 Mar 2019 22:03:11 -0700
From: Rich Wales
Subject: Russia Regularly Spoofs Regional GPS (DarkReading)
A large-scale analysis of data has discovered widespread Russian government
spoofing of the country's satellite navigation system. The findings
underscore the dangers of relying on global positioning data.
(This could also presumably lead to problems with Russian time enthusiasts
using GLONASS for time synchronization in computer networks.)
https://www.darkreading.com/risk/russia-regularly-spoofs-regional-gps/d/d-id/13
34262
------------------------------
Date: Sun, 31 Mar 2019 19:11:05 -0400
From: Monty Solomon
Subject: Smart talking: are our devices threatening our privacy?
(The Guardian)
Millions of us now have virtual assistants, in our homes and our
pockets. Even children's toys are getting smart. But when we talk to them,
who is listening?
https://www.theguardian.com/technology/2019/mar/26/smart-talking-are-our-device
s-threatening-our-privacy
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an
=> alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
------------------------------
End of RISKS-FORUM Digest 31.15
************************
Later,
Sean
... After all is said and done, a lot more has been said than done.
--- GoldED+/LNX 1.1.5-b20170303
* Origin: Outpost BBS * Limestone, TN, USA (1:18/200)
SEEN-BY: 15/2 18/200 123/1970 226/17 229/107 200 354 426 452 1014
SEEN-BY: 240/5832 249/206 317 400 280/464 317/3 322/757 342/200 393/68
SEEN-BY: 633/280
PATH: 18/200 229/426
|
