RISKS Forum mailing list archives
Risks Digest 30.21
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 1 Apr 2017 10:26:04 PDT
RISKS-LIST: Risks-Forum Digest Saturday 1 April 2017 Volume 30 : Issue 21 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/30.21> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: News break (PGN) US Congress rapes privacy, they are next (Misha Collins via Alister Wm Macintyre) Internet Noise, on purpose (Dan Schultz via Al Mac) Volkswagen's Emissions Fraud May Affect Mortality Rate in Europe (The New York Times) NASA fireworks a damp squib? (David Damerell) Re: NASA Fireworks (Kurt Seifried, Harlan Rosenthal) Re: Risks from falsified Data (Robert P. Schaefer) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 1 Apr 2017 10:01:05 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: News break The only news on this April Fool's day seems to be that there is no longer any Fake News. All previous allegedly Fake News has now evidently been declared to be genuine. This will greatly simplify fact checking. This issue of RISKS is apparently the first one in recent history on this particular day of the year that has no Intentionally Very Fake News. ------------------------------ Date: Thu, 30 Mar 2017 21:46:15 -0500 From: "Alister Wm Macintyre" <macwheel99 () wowway com> Subject: US Congress rapes privacy, they are next Misha Collins GoFundMe Campaign Aims To Purchase Congressional Browsing History, 29 Mar 2017 The House of Representatives passed and agreed to the S.J.Res. 34 on March 28, 2017, just a scant five days after the measure passed in the Senate. The joint resolution repeals privacy protections put into place by the Obama administration and effectively makes it okay for Internet service providers (ISPs) such as Verizon, Comcast, and Time Warner to collect and sell their customers' personal browsing data. In response, Supernatural star Misha Collins has started a GoFundMe campaign aimed at raising enough money to purchase the personal browsing data of all of the congressmen and women who voted in favor of the bill. Misha started the fund right after the resolution was passed and it has gained a huge amount of traction on social media. According to the first update, Misha wrote the following as the goal for the fundraiser. "Congress recently voted to strip Americans of their privacy rights by voting for SJR34, a resolution that allows Internet Service Providers to collect, and sell your sensitive data without your consent or knowledge. Since Congress has made our privacy a commodity, let's band together to buy THEIR privacy. "This GoFundMe will pay to purchase the data of Donald Trump and every Congressperson who voted for SJR34, and to make it publicly available. "Game on, Congress" "PS: No, we won't "doxx" people. We will not share information that will impact the safety & security of their families (such as personal addresses). However, all other details are fair game. It says so right in the resolution that they voted to approve." https://www.gofundme.com/BuyCongressData http://www.inquisitr.com/4102308/misha-collins-gofundme-campaign-aims-to-purchase-congressional-browsing-history/ I predict the politicians will react to this by passing amendments : * Privacy rules which apply only to the elected leaders, their top staff, and the families of these people, also police, judges, military, and a few other classes of government workers, like people working at NSA/CIA/FBI etc., but continue the no privacy for the rest of the citizenry. * Then maybe need a better way to identify exempted individuals, such as granting judges the right to authorize privacy for victims of domestic abuse, and people in the Witness Protection. Journalists may have archived all info on the exempted classes, before my first predicted amendment goes into action, so the politicians may need some other law to demand that people who copied such info, delete it. Good luck enforcing that. I predict the ISPs will make a fortune selling such info to our foreign adversaries, such as North Korea, Iran, Russia. In the near future we will see lists of bad stuff done by Congressmen & women, such as pornography sites, then for each bad thing, a list of which of those in Congress indulge in that. Remember that after a future election that gives more power to Democrats, this can be undone. The Verge argues that even though Republicans rolled back Obama privacy protections, other earlier laws have not yet been reversed, making this project impractical. http://www.theverge.com/2017/3/29/15115382/buy-congress-web-history-gop-fake -internet-privacy ------------------------------ Date: Fri, 31 Mar 2017 01:54:11 -0500 From: "Alister Wm Macintyre" <macwheel99 () wowway com> Subject: Internet Noise, on purpose (Dan Schultz) [US Congress has authorized ISPs to snoop into our browsing history, then sell that to advertisers & other 3rd parties without our knowledge or consent. Here is how to feed them garbage, and use other techniques to thwart or mitigate surveillance against you. I hope this garbage does not include any sites of interest to law enforcement to go after users of those sites. AWM] https://slifty.github.io/internet_noise/index.html https://twitter.com/slifty?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor https://iapp.org/news/a/internet-noise-website-helps-obscure-users-online-identity/ http://www.theverge.com/2017/3/30/15127360/internet-noise-browsing-tool-advertising-isp [WIRED has an article about this, which it won't let me access, unless I first turn off my ad blocker.] [I need to rethink "noise-signal" ratio, now that noise is a good thing.] Here is prior history of Internet noise: https://www.youtube.com/watch?v=gsNaR6FRuO0 https://en.wikipedia.org/wiki/Internet_background_noise ------------------------------ Date: Fri, 31 Mar 2017 02:07:14 -0400 From: Monty Solomon <monty () roscom com> Subject: Volkswagen's Emissions Fraud May Affect Mortality Rate in Europe [Old item, not previously noted in RISKS. PGN] http://www.nytimes.com/2017/03/06/science/volkswagen-emissions-scandal-air-pollution-deaths.html Software that allowed the auto manufacturer to skirt environmental rules could lead to 1,200 deaths because of excess air pollution, researchers said. ------------------------------ Date: Thu, 30 Mar 2017 21:39:34 +0100 From: David Damerell <damerell () chiark greenend org uk> Subject: NASA fireworks a damp squib?
Iowa Senator Chuck Grassley reported, in 2007, that $ 1.9 billion in hardware was stolen, thanks to hackers into NASA.
Well, no. Grassley reported that $1.9 billion in *data* was stolen, and mentions (dismissively), the entirely sensible objection that the data was not stolen when it was copied without permission since NASA still had the data afterward. One also wonders how this value was placed upon it; RISKS readers will be familiar by the process where the net cost of unauthorised copying mysteriously inflates until it threatens to exceed the world's total GDP. ------------------------------ Date: Thu, 30 Mar 2017 13:29:12 -0600 From: Kurt Seifried <kurt () seifried org> Subject: Re: NASA Fireworks (RISKS-30.20) Er wot now? My first thought was "how do you physically steal that much stuff, 1.9 billion is a huge amount of equipment. Luckily it wasn't hardware, the URL cited says: "One such investigation concerned the theft of approximately $1.9 billion-worth of International Traffic in Arms Regulations data." To whit the NASA guy argued "Mr. Cobb dismissed worries over the theft of this data because, in his view, the data wasn't "stolen," since NASA was still technically in possession of the accessed information. " I'd also be very curious to know how they arrived at this $1.9 billion price tag for this data. Maybe they meant ITAR data regarding $1.9 billion in hardware? The whole thing makes very little sense once you start looking into it. ------------------------------ Date: Thu, 30 Mar 2017 13:58:57 -0500 (CDT) From: Harlan Rosenthal <harlan.rosenthal () verizon net> Subject: Re: Risks from falsified Data (RISKS-30.20) Are we counting: * The Pentium floating-point bug? * The Excel bugs? * Compiler bugs (often activated by optimization) ------------------------------ Date: Fri, 31 Mar 2017 12:55:46 +0000 From: "Robert P. Schaefer" <rps () mit edu> Subject: Re: Risks from falsified Data (BBC, RISKS-30.20) "There is an interesting article on the BBC website at that discusses an alternative and much more subtle version of Malware. This involves infiltrating systems and making changes to data which while being too small to notice immediately result in system failure." If you consider data to be the same as code and code to be the same as data, then adding subtle malware is well known among nation states: " the United States added a Trojan horse to gas pipeline control software that the Soviet Union obtained from a company in Canada." https://en.wikipedia.org/wiki/Trojan_horse_(computing) https://en.wikipedia.org/wiki/At_the_Abyss And of course more recently, stuxnet: https://en.wikipedia.org/wiki/Stuxnet ------------------------------ Date: Tue, 10 Jan 2017 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 30.21 ************************
Current thread:
- Risks Digest 30.21 RISKS List Owner (Apr 01)