RISKS Forum mailing list archives
Risks Digest 31.24
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 14 May 2019 17:50:44 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 14 May 2019 Volume 31 : Issue 24 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.24> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Silicon Valley makes everything worse: Four industries that Big Tech has ruined (Salon) "Do we need 6G wireless already? 5G engineers debate" (ZDNet via GeneW) "Over 25,000 smart Linksys routers are leaking sensitive data" (Charlie Osborne) The Future Is Here, and It Features Hackers Getting Bombed (Foreign Policy) Ford to expand medical transport service (Detroit News) Australian $50 note typo: spelling mistake printed 46 million times (The Guardian) SHA-1 collision attacks are now actually practical and a looming danger (Catalin Cimpanu) TOCTOU Attacks Against BootGuard (PGN via sundry sources) Sharp increase in ransomware attacks on Swiss SMEs (GovCert via Peter Houppermans) AI Can Now Defend Itself Against Malicious Messages Hidden in Speech (Matthew Hutson) Singlish also can, for this AI call system (The Straits Times) Special issue: The global competition for AI dominance Bulletin of the Atomic Scientists: Vol 75, No 3 Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com) What Sony's robot dog teaches us about biometric data privacy (CNET) New e-voting support system by Microsoft (via Diego Latella) Boeing Knew About Safety-Alert Problem for a Year Before Telling FAA, Airlines (WSJ) Unless you want your payment card data skimmed, avoid these commerce sites (Ars Technica) Hey, Alexa: Stop recording me (WashPost) "RobbinHood" ransomware takes down Baltimore City government networks (Ars Technica) Buying a replacement iPhone battery? Be careful you don't get ripped off (ZDNet) Software update crashes police ankle monitors in the Netherlands (Catalin Cimpanu) Tenants win as settlement orders landlords give physical keys over smart locks (CNET) Re: The Fight for the Right to Drive (Dan Jacobson) Re: Drug names (Robert R. Fenichel) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 13 May 2019 19:35:01 -0700 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Silicon Valley makes everything worse: Four industries that Big Tech has ruined (Salon) *The tech industry sells itself as improving our lives. So why does it seem to always do the opposite?* EXCERPT: Adapted from *A People's History of Silicon Valley: How the Tech Industry Exploits Workers, Erodes Privacy and Undermines Democracy*, by Keith A. Spencer, on sale now from major booksellers. Eyewear Publishing, 2018. Excerpted with permission. The word `innovation' has become synonymous with Silicon Valley to the point of absurdity. Indeed, the tech industry's entrepreneurs and "thoughtfluencers" throw it around as casually as a dodgeball in a middle-school P.E. class; what it really means is perpetually unclear and purposefully hazy. It is vague enough to be suitable in nearly any situation where a new product, service or "thing" is advertised as superior to the old -- never mind if the so-called "old" thing has some distinct advantages, or if the new thing's superiority is solely that it makes more money than the old thing, or if there are other old things that are actually superior yet which won't make anyone rich. (Consider Apple removing the headphone jack from its new phones to be Exhibit A.) That summary may sound flippant, but it is a good explication of the path of the tech industry over the past two decades: Some venture capital-backed entrepreneurs jackhammer their way into a new industry, "tech"-ify it in some way, undermine the competition and declare their new way superior once the old is bankrupted. Thus, rather than confine themselves to operating systems and PC software like they did in the 1980s and 1990s, the tech industry has figured out that the real money lies in being a middleman. By that I mean serving as the in-between point for, say, web traffic to newspapers and magazines (like this one); or being the go-between for taxi services, coordinating drivers and passengers through apps. In both of these examples, the original product isn't that different from the pre-tech world: a taxi ride, in the latter case, a news article in the former. The difference is that a tech behemoth takes a cut of the transaction. And also in many cases, the labor -- the people making and producing and doing the things the tech industry takes a slice from -- is more precarious, less well-remunerated, and less safe than it was in the pre-tech era. Looking at it this way, the tech industry doesn't really seem innovative at all. Or rather, its sole innovation seems to be exploiting workers with more cruelty, and positioning itself in the middle of more transactions. Granted, there are certain services that have become more convenient because of apps and smartphones -- but there is no reason that convenience must come at the high cost that it does, besides the tech industry's insatiable lust for profit. Here are but a few examples of how our livelihoods and our societies have been worsened by Silicon Valley as it sinks its talons into new industries. Taxis Public transit was never great in the United States, with the exception of a few big cities like New York, and thus private taxi services were around to supplement. Being a taxi driver was once a much-vaunted job, so much so that a taxi medallion was perceived of as a ticket to the middle class. Then came Uber and Lyft, who flooded the market for private transit and undercut the taxi industry by de-skilling the industry and paying their workers far, far less. Driving a taxi is no longer a middle class job; once-valuable taxi medallions have become burdens for some taxi drivers. The outlook for career taxi drivers is so dismal that an alarming number of taxi drivers have been committing suicide. Meanwhile, because of the precarious nature of Lyft and Uber jobs, those drivers are frequently not vetted or under-vetted -- resulting in significant safety concerns for passengers. And unlike a taxi back in the old days, being a rideshare driver isn't a ticket to the middle-class at all: a recent study of such employees revealed that most contractors use these kinds of jobs not as their sole source of income, but as supplementary jobs to make ends meet. Richard D. Wolff, an economics professor at the New School in New York City, describes gig economy companies like Uber as "winning the competition" by taking shortcuts that "frequently endanger the public." Regulatory agencies for taxis were created in most countries, Wolff says, because taxi companies were historically unsafe. "Taxi companies are required now to have insurance, training for drivers, well-inspected cars, and other safeguards to protect the public. The cost of riding in a taxi reflects those safeguards," Wolff said, adding: ...there's always the incentive for somebody to come in and operate, once again, inadequately insured, inadequately maintained, inadequately vetted drivers -- to come in with a cheaper cab service [that is] unregulated by the taxi commission. That's all that Uber and Lyft [are]... they undercut the old arrangement and offer cheaper and more competitive services by cutting corners. Home appliances Lightbulbs have existed for around 140 years, and home refrigerators for about 100. In that span, they haven't changed too much, besides getting more energy-efficient, mostly because they haven't really needed to: we need to keep food cold, and we need light. The appliances that do these things don't really need to do much else. Now, tech companies are putting wi-fi and Bluetooth chips in all kinds of things that didn't used to be Internet-connected. They call it the "smart home," and while the word is open-ended, the common thread with smart home devices is that they can generally be monitored via an app... https://www.salon.com/2019/05/12/silicon-valley-makes-everything-worse-four-industries-that-big-tech-has-ruined/ ------------------------------ Date: Tue, 14 May 2019 10:12:10 -0700 From: Gene Wirchenko <gene () shaw ca> Subject: "Do we need 6G wireless already? 5G engineers debate" [On the part about standards being too early or late, early in my career, I worked with CP/M on 8-bit micros. The version that was most widely used was 2.2. 3.0 came out later, but too late. How many ever used it? It had some nice features that should have been in 2.2 but were not. However, it was late in the life of CP/M, and it was unlikely programs would be rewritten to take advantage of the features.] https://www.zdnet.com/article/do-we-need-6g-wireless-already-5g-engineers-debate/ The race to 6G has already begun, according to a certain head of state. This while 5G firms in China may be helping other countries to race ahead. What if a "6G" isn't such a good idea? By Scott Fulton III | April 25, 2019 -- 12:57 GMT (05:57 PDT) | Topic: 5G 5G will be popularized via telecom carriers and the marketing of wire-cutting services, but the biggest impact and returns will come from connecting the Internet of things, edge computing and analytics infrastructure with minimal latency. selected text: It was a minefield that attendees of the first day of sessions at Brooklyn 5G Summit 2019 on Wednesday maneuvered through: The topic of whether the world's governmental policy makers have blown 5G wireless all out of proportion. Representatives of the world's three principal telecommunications equipment suppliers -- Huawei, Ericsson, and Nokia -- took the stage at NYU's Tandon School of Engineering, along with other stakeholders in the 5G global standard. At issue: Have the expectations of both policy makers and wireless customers been raised so high that the development of "6G Wireless" -- until now merely a placeholder for future discussion -- actually begins now? "Let's be fair. Presidents of countries are saying, 'My country's going to be the first to deploy.' The UK prime minister at the time, [David] Cameron, said the UK is going to be the first country in Europe to deploy 5G. (He's now an ex-prime minister, but that's for a different reason.) My point is, standardization takes time. It takes several years to write a generation of standards. When we set about this process in 2015, there were many, many operators saying, 'We don't need this right now. Please slow down the standardization process! We don't need 5G, because LTE's doing fine.' And yet when we started the three- or four-year program of writing these standards, during that process, there was this massive acceleration, and the political push that said, 'We want these standards right now! Why are you so slow, 3GPP? You need to speed up!' "My point is," Scrase wrapped up, "standards historically are either too early or too late. It's very difficult to have standards that are perfectly on-time. It's even more difficult when the timeline keeps shifting forwards and backwards." ------------------------------ Date: Tue, 14 May 2019 10:29:04 -0700 From: Gene Wirchenko <gene () shaw ca> Subject: "Over 25,000 smart Linksys routers are leaking sensitive data" (Charlie Osborne) Charlie Osborne for Zero Day | 14 May 2019 A security flaw grants remote access to router information. https://www.zdnet.com/article/over-2500-smart-linksys-routers-may-leak-owners-sensitive-data/ Over 25,000 Linksys Smart Wi-Fi routers are believed to be vulnerable to remote exploit by attackers, leading to the leak of sensitive information. [Note that this article is about Linksys routers. The word "Huawei" does not occur in the text. Nonetheless, if you check the article, you will see a Huawei picture. Is this a simple mistake or propaganda? (Huawei has been attacked by the USA, and I have not seen much evidence.) The risks of the Web.] ------------------------------ Date: Wed, 8 May 2019 12:05:02 +0800 From: Richard Stein <rmstein () ieee org> Subject: The Future Is Here, and It Features Hackers Getting Bombed (Foreign Policy) https://foreignpolicy.com/2019/05/06/the-future-is-here-and-it-features-hackers-getting-bombed/ A pinpoint accuracy, drone-delivered incentive and deterrent against hacking Israeli infrastructure. Only a matter of time before an equivalent commercial capability can be purchased using virtual currency. Risks: Target selection error, munition guidance compromise. ------------------------------ Date: Wed, 8 May 2019 12:24:39 +0800 From: Richard Stein <rmstein () ieee org> Subject: Ford to expand medical transport service (Detroit News) https://www.detroitnews.com/story/business/autos/ford/2019/05/07/ford-expand-medical-transport-service/1128517001/ "Despite a critical and growing need across our country, most patients are unable to find reliable transportation and drivers who understand their needs. GoRide Health can fill that gap." Well I'll be darned...silicon-driven wheels that "understands their [patients] needs." Good spin for self-driving wheel promotion. Risk: Without a carbon-backup driver, patient safety and evacuation assist during an accident. ------------------------------ Date: Thu, 9 May 2019 08:54:49 -0400 From: Monty Solomon <monty () roscom com> Subject: Australian $50 note typo: spelling mistake printed 46 million times (The Guardian) https://www.theguardian.com/australia-news/2019/may/09/australian-50-note-typo-spelling-mistake-printed-46-million-times ------------------------------ Date: Mon, 13 May 2019 08:45:38 -0700 From: Gene Wirchenko <gene () shaw ca> Subject: SHA-1 collision attacks are now actually practical and a looming danger (Catalin Cimpanu) Catalin Cimpanu for Zero Day | 13 May 2019 Research duo showcases first-ever SHA-1 chosen-prefix collision attack. https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/ opening text: Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever "chosen-prefix collision attack," a more practical version of the SHA-1 collision attack first carried out by Google two years ago. What this means is that SHA-1 collision attacks can now be carried out with custom inputs, and they're not just accidental mishaps anymore, allowing attackers to target certain files to duplicate and forge. ------------------------------ Date: Mon, 13 May 2019 21:37:04 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: TOCTOU Attacks Against BootGuard Now You See It... TOCTOU Attacks Against BootGuard "malicious and unsigned code is executed successfully, something that Boot Guard was designed to prevent." https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%2520-%2520Toctou%2520Attacks%20Against%20Secure%20Boot%20-%20Trammell%20Hudson%20 https://bugzilla.tianocore.org/show_bug.cgi%3Fid%3D1614 https://github.com/tianocore/edk2-staging/blob/BootGuardTocTouVulnerabilityMitigation/Readme.md ------------------------------ Date: Thu, 9 May 2019 21:50:55 +0200 From: <not.for.spam () houppermans net> Subject: Sharp increase in ransomware attacks on Swiss SMEs I suspect this is not a uniquely Swiss situation, but the size of the nation makes for a better signal-to-noise ratio: it takes fewer attacks for it to pop up on the radar. Attacking SMEs is a fairly standard approach - they're the weak underbelly of commerce as their size typically makes for less process driven security, and they serve as a possible entry point to bigger fish as part of a supply chain. Swiss government agencies GovCERT and MELANI already have analysis online: https://www.govcert.admin.ch/blog/36/severe-ransomware-attacks-against-swiss-smes ------------------------------ Date: Mon, 13 May 2019 12:08:45 -0400 From: ACM TechNews <technews-editor () acm org> Subject: AI Can Now Defend Itself Against Malicious Messages Hidden in Speech (Matthew Hutson) Matthew Hutson, *Nature*, 10 May 2019 via ACM TechNews, Monday, May 13, 2019 University of Illinois at Urbana-Champaign researchers have developed a technique to protect artificial intelligence (AI) against deception by adversarial examples, like audio clips. The researchers created an algorithm that transcribes a full audio clip, as well as an independent segment of it; the program flagged a clip as potentially compromised if transcription of that segment did not closely correspond to the transcription of the complete audio file. Testing revealed that the algorithm always spotted meddling in several attack scenarios, even when the attacker was aware of the countermeasures. https://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1fc39x21c22bx068806%26 ------------------------------ Date: Sat, 11 May 2019 10:36:10 +0800 From: Richard Stein <rmstein () ieee org> Subject: Singlish also can, for this AI call system (The Straits Times) https://www.straitstimes.com/singapore/singlish-also-can-for-this-ai-call-system When traveling internationally, one is likely to encounter English spoken with unique accents and semantic features. One example being Singapore's Singlish. One overheard Singlish sentence at Changi Airport: "Everything so blur" means "I am confused." The government is developing, and will eventually deploy, a speech recognition system that performs speech-to-text (STT) translation to assist Singapore's civil defense force dispatchers. Singapore's four official languages are: Mandarin, Tamil, Malay, and English. Adding Singlish into the interpretative voice space, given 4 predecessor languages, enlarges the STT test space. While unlikely to encounter an emergency call that simultaneously combines words and semantics from 5 distinct languages (save for a lively UN debate), one might want to test the STT platform with certain concurrently mixed language tuples to assess translation outcome. Public interest can be served by determining and disclosing how well an STT platform responds during a cacophonous call for emergency assistance. An AUCROC assessment -- area under curve/radar operating characteristic -- can provide a telling measure of concurrent, multi-lingual STT effectiveness in terms of false positive/negative determinations. Note: Thanks to Chris Elsaesser for pointing out the importance of AUCROC measures to characterize and quantify AI platform discrimination capabilities and limits. ------------------------------ Date: Mon, 13 May 2019 09:16:24 +0900 From: Dave Farber <farber () gmail com> Subject: Special issue: The global competition for AI dominance (Bulletin of the Atomic Scientists: Vol 75, No 3) https://ip.topicbox.com/groups/ip/Tbfe9f494f555d523-M2e1a2d75fe3cde319f025550 ------------------------------ Date: Sun, 12 May 2019 16:55:38 +0800 From: Richard Stein <rmstein () ieee org> Subject: Who[m] to Sue When a Robot Loses Your Fortune (Bloomberg.com) https://www.bloomberg.com/news/articles/2019-05-06/who-to-sue-when-a-robot-loses-your-fortune "The legal battle is a sign of what's in store as AI is incorporated into all facets of life, from self-driving cars to virtual assistants. When the technology misfires, where the blame lies is open to interpretation." Risk: Overtrust (see http://catless.ncl.ac.uk/Risks/30/94%23subj3.1 in an AI-driven, equity trading platform to out-perform market indices. UNIX message of the day: "The way to make a small fortune in the commodities market is to start with a large fortune." ------------------------------ Date: Fri, 10 May 2019 22:41:00 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: What Sony's robot dog teaches us about biometric data privacy (CNET) The state's Biometric Information Privacy Act prevents Sony from selling it there. https://www.cnet.com/news/what-sonys-robot-dog-teaches-us-about-biometric-data-privacy/ ------------------------------ Date: Mon, 13 May 2019 10:57:51 +0200 From: Diego Latella <Diego.Latella () isti cnr it> Subject: New e-voting support system by Microsoft https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting-democratic-elections-through-secure-verifiable-voting/ ElectionGuard can be used to build systems with five major benefits that will protect the vote against tampering by anyone, and improve the voting process for citizens and officials: Verifiable: Allowing voters and third-party organizations to verify election results. Secure: Built with advanced encryption techniques developed by Microsoft Research. Auditable: Supporting risk-limiting audits that help assure the accuracy of elections. Open source: Free and flexible with the ability to be used with off-the-shelf hardware. Make voting better: Supporting standard accessibility tools and improving the voting experience. [...] The ElectionGuard SDK will be available through GitHub beginning this summer. We encourage the election technology community to begin building offerings based on this technology and expect early prototypes using ElectionGuard will be ready for piloting during the 2020 elections in the United States, with significant deployments for subsequent election cycles. Over time we will seek to update and improve the SDK to support additional voting scenarios such as mail-in ballots and ranked choice voting. Microsoft will not charge for using ElectionGuard and will not profit from partnering with election technology suppliers that incorporate it into their products. ------------------------------ Date: Thu, 9 May 2019 09:23:56 -0400 From: Monty Solomon <monty () roscom com> Subject: Boeing Knew About Safety-Alert Problem for a Year Before Telling FAA, Airlines (WSJ) https://www.wsj.com/articles/boeing-knew-about-safety-alert-problem-for-a-year-before-telling-faa-airlines-11557087129 ------------------------------ Date: Thu, 9 May 2019 09:40:46 -0400 From: Monty Solomon <monty () roscom com> Subject: Unless you want your payment card data skimmed, avoid these commerce sites (Ars Technica) https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/ ------------------------------ Date: Thu, 9 May 2019 19:45:12 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Hey, Alexa: Stop recording me (WashPost) When Alexa runs your home, Amazon tracks you in more ways than you might want. https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/ ------------------------------ Date: Thu, 9 May 2019 09:41:33 -0400 From: Monty Solomon <monty () roscom com> Subject: "RobbinHood" ransomware takes down Baltimore City government networks (Ars Technica) https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/ ------------------------------ Date: Fri, 10 May 2019 09:53:11 -0700 From: Gene Wirchenko <gene () shaw ca> Subject: Buying a replacement iPhone battery? Be careful you don't get ripped off (ZDNet) Adrian Kingsley-Hughes for Hardware 2.0 | 10 May 2019 Buying a replacement iPhone battery? Be careful you don't get ripped off Just because you're told that the replacement iPhone battery you're buying is new doesn't mean that it is. It could be old and worn out. https://www.zdnet.com/article/buying-a-replacement-iphone-battery-be-careful-you-dont-get-ripped-off/ selected text: For example, eBay is awash with iPhone battery testers that allow the recharge cycle count to be cleared or set to a low level (and tools that can read the recharge cycles, such as Coconut Battery, cannot tell that this figure has been reset). Other than duping people, I'm having a hard time coming up with a legitimate use for this feature, especially since you have to physically remove the battery from the iPhone to do it. ------------------------------ Date: Fri, 10 May 2019 09:59:32 -0700 From: Gene Wirchenko <gene () shaw ca> Subject: Software update crashes police ankle monitors in the Netherlands (Catalin Cimpanu) Catalin Cimpanu for Zero Day | 10 May 2019 Borked update prevents ankle monitors from sending data back to police control rooms. https://www.zdnet.com/article/software-update-crashes-police-ankle-monitors-in-the-netherlands/ selected text: A borked software update has crashed hundreds of ankle monitoring devices used by Dutch police, Dutch government officials said today. The issue was fixed later in the day, on Thursday; however, the Dutch Ministry of Justice and Security had to step in and preemptively arrest and jail some of its most high-risk suspects. [I find this bit darkly amusing. "You're under arrest for our ankle monitoring system crashing."?] ------------------------------ Date: Fri, 10 May 2019 14:52:03 -0400 From: =?UTF-8?Q?Jos=C3=A9_Mar=C3=ADa_Mateos?= <chema () rinzewind org> Subject: Tenants win as settlement orders landlords give physical keys over smart locks (CNET) https://www.cnet.com/news/tenants-win-rights-to-physical-keys-over-smart-locks-from-landlords/ The physical key has prevailed over the smart lock for a group of tenants with privacy concerns. In a settlement released Tuesday, a judge ordered landlords of an apartment building in New York to provide physical keys to any tenants who don't want to use the Latch smart locks installed on the building last September. The settlement is a first, as there's no legal precedent or legislation deciding how landlords can use smart home technology. Since the technology is relatively new, lawmakers haven't had time to catch up with smart home devices, and this case in New York is one of the few legal challenges to appear in court. It won't set a legal precedent because it's a settlement, but it represents a win for tenants who had issues with smart locks and landlords installing them against their will. "This is a huge victory for these tenants and tenants throughout New York City. These types of systems, which landlords have used to surveil, track and intimidate tenants, have been used frequently in New York City," Michael Kozek, the attorney representing the tenants in Manhattan, said in a statement. "These tenants refused to accept the system, and the negative impact it had on their lives. Hopefully they will be an inspiration for other tenants to fight back." ------------------------------ Date: Fri, 10 May 2019 10:54:53 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: The Fight for the Right to Drive (The New Yorker via Stein) RS> companies might require you to ... watch commercial messages displayed on the vehicles windows." They already do, but it is on the outside, not the inside, and it make it tough to look out, almost impossible on rainy days etc. https://www.brisbanetimes.com.au/national/queensland/major-security-risk-call-for-advertising-wraps-to-be-removed-from-buses-20161221-gtfvz3.html ------------------------------ Date: Thu, 9 May 2019 13:42:40 -0700 From: "Robert R. Fenichel" <bob () fenichel net> Subject: Re: Drug names (RISKS-31.23) There's another level to the drug-name issue raised by Craig Burton. Each brand-name drug you receive has three different names, not just two. [*] First, there is the chemical _structural name_, constructed according to strict, non-contentious international conventions. Given, for example, the structural name (S)-1- [N 2-(1-carboxy-3- phenylpropyl)-L-lysyl]-L-proline dihydrate, anyone with basic chemical training could draw a diagram of the molecule.. This example, like the one given by Burton, exemplifies the ponderous nature of structural names, so WHO has a means of assigning pronounceable _generic names_. Generic names draw upon a growing suffix vocabulary ("vir" for antivirals, "pine" for dihydropyridine calcium-channel blockers, "olol" for beta-blockers, "pril" for ACE inhibitors, and so on) and then WHO tries to coordinate generic names (for example, benazepril, captopril, enalapril, fosinopril, lisinopril, moexipril, perindopril, quinapril, ramipril, trandolapril are all ACE inhibitors) to minimize confusion. Some older drugs have different generic names in different parts of the world (adrenaline/epinephrine, meperidine/pethidine, acetaminophen/paracetamol), but new examples of that sort are not appearing, thanks to WHO. It doesn't stop there. The structural name that I gave above is that of lisinopril. In North America, lisinopril is available as generic lisinopril, as Prinivil(R), and as Zestril(R). The assignment of _brand names_ is regulated nationally (in the US by the FDA). There is a committee at FDA that passes on proposed names, trying to head off aural confusion. Sometimes they turn out to have got it wrong: Omeprazole was originally (1996) allowed to use the brand name Losec(R), but there were persistent reports of mixups with the much-older brand name Lasix(R) (furosemide), so approval for "Losec" was withdrawn, and Astra Zeneca had to reissue omeprazole under another name (Prilosec(R)). I have been out of FDA since before machine interpretation of speech became important, but I'd be surprised to hear that the brand-name committee at FDA is not now worrying about computer errors as well as human errors. [* Old Possum's Book of Practical Cats: The naming of cats is a difficult matter, for a cat must have three different names. PGN] ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.24 ************************
Current thread:
- Risks Digest 31.24 RISKS List Owner (May 14)