RISKS Forum mailing list archives
Risks Digest 30.63
From: RISKS List Owner <risko () csl sri com>
Date: Sun, 1 Apr 2018 11:45:36 PDT
RISKS-LIST: Risks-Forum Digest Sunday 1 April 2018 Volume 30 : Issue 63 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/30.63> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Google launches GoogleCoin cryptocurrency (Mark Thorson) GoogleExchange hacked, GoogleCoins worth USD$104B stolen (Mark Thorson) By 2020, More Than 30% of World's Electricity Consumption Will Be Spent Explaining Bitcoin (EFF) Celebrate The Calendar That Saved Us From Disaster (Mark Thorson) Cloudflare launches 1.1.1.1 consumer DNS service with a focus on privacy Georgia Passes Anti-Infosec Legislation (EFF) Hacking voting machine vendors (CSO Online) Despite privacy concerns, Israel to put nation's medical database online (The Times of Israel) Driverless vehicles and aircraft (Michael Bacon) Virtual reality shopping is here (Gabe Goldberg) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 31 Mar 2018 00:33:55 -0000 From: Mark Thorson <eee () dialup4less com> Subject: Google launches GoogleCoin cryptocurrency Mountain View (April 1, 2018) -- Google today launched its GoogleCoin cryptocurrency and the GoogleExchange for trading GoogleCoins. Google VP of cryptocurrencies Satoshi Nakamoto called GoogleCoin "a second-generation cryptocurrency" that incorporates more advanced technology than any other. "Unlike other cryptocurrencies that have no intrinsic value, GoogleCoin will be the only currency accepted for purchasing our new premium ad placement service, called Above The Fold. Although GoogleExchange will be supported with an initial endowment of 100 million GoogleCoins out of a total of 1 billion GoogleCoins that will ever exist, there is no barrier to the creation of third-party exchanges." In the first day's trading, GoogleCoin surged from an initial offering price of USD$100 to close at USD$1257. ------------------------------ Date: Sun, 1 Apr 2018 00:33:55 -0000 From: Mark Thorson <eee () dialup4less com> Subject: GoogleExchange hacked, GoogleCoins worth USD$104B stolen Mountain View (March 31, 2018) -- In a stunning announcement, Google VP of cryptocurrencies admitted 83 million GoogleCoins worth over USD$104 billion had been stolen. "It is regrettable this occurred, however we have the resources to make all of our customers whole. We have temporarily closed the exchange while we study this most unfortunate breach of our security. We suspect Russian hackers, but it's the Internet, so it could be anybody, like China or Israel." No further comment was available. A spokesman for the Foreign Ministry of the Russian Federation called any such speculation "unfounded" and "absurd". ------------------------------ Date: Sun, 1 Apr 2018 14:03:26 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: By 2020, More Than 30% of World's Electricity Consumption Will Be Spent Explaining Bitcoin (EFF) https://www.eff.org/pages/04/01 Scientists have released a new study claiming that if current trends continue, nearly a third of the worldâs power will be used to explain how Bitcoin works by 2020. According to experts, the amount of energy required to download tweets, articles, and instant messages which describe what âthe blockchainâ is and how âdecentralizedâ currencies are âthe futureâ will soon eclipse the total amount of power used by the country of Denmark. The authors note that the average Uber driver now spends three minutes per ride explaining how the coin is âtotally anonymousâ and encouraging riders to install Coinbase or a similar app. Furthermore, they warn that âalt-coinsâ like Ethereum and Filecoin are even more inscrutable, and explanations of them promise to waste even more time and energy in the future. ------------------------------ Date: Fri, 30 Mar 2018 17:48:30 -0700 From: Mark Thorson <eee () dialup4less com> Subject: Celebrate The Calendar That Saved Us From Disaster It was 1999, and experts agreed that the rollover into 2000 would cause planes to fall out of the sky, nuclear reactors to explode, the electrical power grid to fail, and Windows to crash. What saved us from that fate? It was this posting in RISKS: http://catless.ncl.ac.uk/Risks/20/26%23subj1 Widespread adoption of the replacement for the Gregorian calendar saved us, and now the Jubilee Year approaches. 2019 (Gregorian calendar) is 199T (Thorson calendar). Let us rejoice in the catastrophe averted! However, along with the festivities, we should raise awareness that the problem is only half-fixed. Even today, most software does not handle dates beyond 199Z. We've only got a little more than 7 years to patch up all of our software! Let's get moving! ------------------------------ Date: Sun, 1 Apr 2018 10:09:18 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Cloudflare launches 1.1.1.1 consumer DNS service with a focus on privacy [Don't use it!] via NNSquad http://betanews.com/2018/04/01/cloudflare-dns-privacy-four-ones/ Today is both Easter and April Fool's Day, making it an absolutely atrocious day for announcing new products. After all, on Easter, many people are busy with their families -- it will be very easy for technology news to get overlooked. Not to mention, companies often announce fake product on April Fool's -- anything announced will be questioned as being either real or not. That isn't stopping Cloudflare from announcing an ambitious (and real) new project, however. Today, the company announces a new consumer DNS service with a focus on privacy. Called "1.1.1.1." ... Apparently this isn't an April Fool's joke. But the privacy promises from a firm that openly supported Nazis and other sick degenerates -- and is still making excuses for them -- are worth less than nothing. I don't trust Cloudflare one iota. I don't willingly deal with them in any way. ------------------------------ Date: Sat, 31 Mar 2018 10:20:39 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Georgia Passes Anti-Infosec Legislation (EFF) Dave Maass, EFF, 30 Mar 2018 https://www.eff.org/deeplinks/2018/03/georgia-passes-anti-infosec-legislation Despite the full-throated objections of the cybersecurity community, the Georgia legislature has passed a bill that would open independent researchers who identify vulnerabilities in computer systems to prosecution and up to a year in jail. EFF calls upon Georgia Gov. Nathan Deal to veto S.B. 315 as soon as it lands on his desk. For months, advocates such as Electronic Frontiers Georgia, have descended on the state Capitol to oppose S.B. 315, which would create a new crime of *unauthorized access* to computer systems. While lawmakers did make a major concession by exempting terms of service violations under the measure -- an exception we've been asking Congress for years to carve out of the federal Computer Fraud & Abuse Act (CFAA) -- the bill stills fall short of ensuring that researchers aren'st targeted by overzealous prosecutors. This has too often been the case under CFAA. ``Basically, if you're looking for vulnerabilities in a non-destructive way, even if you're ethically reporting them -- especially if you're ethically reporting them -- suddenly you're a criminal if this bill passes into law,'' EFF Georgia's Scott Jones told us in February. Andy Green, a lecturer in information security and assurance at Kennesaw State University concurred. ``I'm putting research on hold with college undergrad students because it may open them up to criminal penalties,'' Green told the Parallax. ``It's definitely giving me pause right now.'' Up until this week, Georgia has positioned itself as a hub for cybersecurity research, with well-regarded university departments developing future experts and the state investing $35 million to expand the state's cybersecurity training complex. That is one reason it's so unfortunate that lawmakers would pass a bill that would deliberately chill workers in the field. Cybersecurity firms -- and other tech companies -- considering relocations to Georgia will likely think twice about moving to a state that is so hostile and short-sighted when it comes to security research. [...] [This is not an April Fool's item. PGN] ------------------------------ From: "J.M. Porup" <jm () porup com> Date: March 31, 2018 at 2:05:30 AM GMT+9 Subject: Hacking voting machine vendors (CSO Online) Want to hack a voting machine? Hack the voting machine vendor first http://www.csoonline.com/article/3267625/security/want-to-hack-a-voting-machine-hack-the-voting-machine-vendor-first.html Thousands of voting machine vendor employees' work emails and plaintext passwords appear in freely available third-party data breach dumps reviewed by CSO, raising questions about the security of voting machines and the integrity of past election results. ------------------------------ Date: Sun, 1 Apr 2018 13:14:55 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Despite privacy concerns, Israel to put nation's medical database online (The Times of Israel) The Israeli government on Sunday approved a National Digital Health plan, which, despite mounting privacy concerns, plans to create a digital database of the medical files of some 9 million residents and make them available to researchers and enterprises. The government has vowed to protect the privacy of individuals and is touting the NIS 1 billion ($287 million) program as a huge boon to the medical research industry. But critics pointed to risks of a massive breach in patient confidentiality and urged the government to slow down. To promote the initiative, Israel will unify the existing database of the digital medical records it has collected over a period of 20 years -- which holds the medical files of more than 98 percent of the population -- to create a single database, in which oneâs participation is optional, that will help attract researchers and industry leaders from across the globe, the Prime Ministerâs office said Sunday. http://www.timesofisrael.com/despite-privacy-concerns-israel-to-put-nations-medical-database-online/ ------------------------------ Date: Sat, 31 Mar 2018 16:59:46 +0100 From: Michael Bacon - Grimbaldus <michael.bacon () grimbaldus com> Subject: Driverless vehicles and aircraft The developers of driverless vehicles are currently discovering what airliner manufacturers discovered many years ago; that humans are adaptive and will break rules to avoid harm, and computers don't get bored with just monitoring. In reverse: humans get bored with the monotony of monitoring, whilst computers will kill people unless they're programmed not to. ------------------------------ Date: Sun, 1 Apr 2018 13:12:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Virtual reality shopping is here Because it involves thinking and logic, designing artificial intelligence is not all that dissimilar from raising a child, Redding says. Like children, these machines must be taught to differentiate right from wrong and learn how to adapt to changing rules or circumstances. A.I. creators are still human, which means they can be susceptible to flaws and biases. As an example, Redding cited research by University of Southern California assistant communications professor Dr. Safiya U. Noble, who has written extensively about how the algorithms used by search engines like Google reinforce racism and sexism. To avoid issues such as the stereotyping of black boys and girls that Noble has chronicled in her research, companies should focus on raising A.I. that is both explainable â meaning that the reasoning behind its actions and decisions can be understood by humans â and responsible. http://e-edition.fairfaxtimes.com/Olive/ODN/FairfaxCountyTimes/shared/ShowArticle.aspx%3Fdoc%3DFCT%252F2018%252F03%252F30%26entity%3DAr00707%26sk%3DB40A14D2%26mode%3Dtext [Please don't expect me to be unmunging horrible URLs. The combination of non-ASCII characters, various encodings, and Office 365 SafeLink munging has become really annoying. Also, 90% of some messages is header crap. PGN] ------------------------------ Date: Tue, 10 Jan 2017 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 30.63 ************************
Current thread:
- Risks Digest 30.63 RISKS List Owner (Apr 01)