RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 32.48

From: RISKS List Owner <risko () csl sri com>
Date: Fri, 5 Feb 2021 16:21:58 PST
RISKS-LIST: Risks-Forum Digest  Friday 5 February 2021  Volume 32 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/32.48>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
The Cyberweapons Arms Race (Nicole Perlroth)
Google uncovers new iOS security feature Apple quietly added after zero-day
  attacks (geoff goodfellow)
Killed by Google - the Google graveyard (Dan Jacobson)
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
  (The Hacker News)
NASA's space junk problem (Axios)
AI Can Tell What Song You Are Listening to From Your Brainwaves
  (Matthew Sparkes)
The iPhone's Face ID Will Soon Work With a Mask -- if You Have an
  Apple Watch (WiReD)
How Google Searches Reveal the Hidden Cost of Lockdown (U.Warwick)
F-35's Buggy Software Prompts Pentagon to Call in Universities (Bloomberg)
Ford cuts F-150 pickup truck production due to semiconductor chip shortage
  (CNBC)
Amazon Netradyne Driver Information on Vimeo (Gabe Goldberg)
The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks (NYTimes)
A Vast Web of Vengeance (NYTimes)
Will Australia ban VPNs? (Lauren Weinstein)
Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z Pass May Be
  Inactive (DCist)
Ballot-Marking Devices in Georgia (Andrew Appel)
No Flash, no trains (Apple Daily)
Re: The `Dumb Money' Outfoxing Wall Street Titans (Henry Baker)
Re: The Creeping Normalization of Robotic Police Officers (Amos Shapir)
Re: An old arrest can follow you forever online... (Henry Baker)
Re: Company name could lead to security xss attack? (Eli the Bearded)
Re: The World Is Dangerously Dependent on Taiwan for Semiconductors
  (Dan Jacobson)
Re: With Online Terms of Service, What Happens When You Click 'Agree'?
  (Dan Jacobson)
Re: The calculus really is complex (Anthony Thorn)
Risk analysis and CoVID variants (Rob Slade)
Novel of the Next World War (Jan Wolitzky)
A new bio-inspired joint model to design robotic exoskeletons
  (Richard Stein)
Series of security lectures (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 5 Feb 2021 14:21:50 PST
From: Peter Neumann <neumann () csl sri com>
Subject: The Cyberweapons Arms Race (Nicole Perlroth)

  Nicole Perlroth
  This Is How They Tell Me the World Ends:
    The Cyberweapons Arms Race
  Bloomsbury, 2021

This book is "The untold story of the cyberweapons market -- the most
secretive, invisible, government-backed market on earth -- and a terrifying
first look at a new kind of global warfare."

Nicole Perlroth's new book will be a treasure chest for many RISKS readers.
Although it focuses on information warfare, it does so in the context of
much deeper issues relating to computer security and privacy.  It includes
details of many topics that have appeared here -- as well as in-depth
coverage of many nevertheless RISKS-relevant items that have not.  The title
might seem a little presumptuous at first glance, but the book lives up to
the title's expectations, and is right on the button (no pun intended).
Indeed, considering its publication date (next Tuesday), it is amazingly
up-to-date -- including some recent events earlier this year.  She has
wisely used her role of pursuing these topics for *The New York Times* in
recent years, and has written a far-reaching book that digs deeply into its
sources.  I'm sure it will inspire some considerable further discussion for
those of you who read it.

Jill Lepore has written an outstanding four-page review: *Zero Day: Hacking
the Whole World*, which appears in the current *The New Yorker*, 8 Feb 2021,
pp. 55--58.  I commend to you both Nicole Perlroth's book
  https://www.amazon.com/This-They-Tell-World-Ends/dp/1635576059
and Jill Lepore's analysis of it:
  https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way

------------------------------

Date: Sun, 31 Jan 2021 13:48:57 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Google uncovers new iOS security feature Apple quietly added
  after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security
mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent
attacks that were recently found to leverage zero-days in its messaging app.

Dubbed "BlastDoor," the improved sandbox system for iMessage data was
disclosed by Samuel Gro=C3=9F, a security researcher with Project Zero, a
team of security researchers at Google tasked with studying zero-day
vulnerabilities in hardware and software systems.

"One of the major changes in iOS 14 is the introduction of a new, tightly
sandboxed 'BlastDoor' service which is now responsible for almost all
parsing of untrusted data in iMessages," Gro=C3=9F said
<https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html>.
"Furthermore, this service is written in Swift, a (mostly) memory safe
language which makes it significantly harder to introduce classic memory
corruption vulnerabilities into the code base."

The development is a consequence of a *zero-click exploit
<https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html>
that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security
protections as part of a cyberespionage campaign targeting Al Jazeera
journalists last year.  [...]
https://thehackernews.com/2021/01/google-uncovers-new-ios-security.html

------------------------------

Date: Sun, 31 Jan 2021 07:36:55 +0800
From: Dan Jacobson <jidanni () jidanni org>
Subject: Killed by Google - the Google graveyard

Hey kids, before you get started on that new Google API, check out:
  https://killedbygoogle.com/

Killed by Google is the Google graveyard; a free and open source list of
discontinued Google services, products, devices, and apps. We aim to be a
source of factual information about the history surrounding Google's dead
projects.

Contributors from around the world help compile, research, and maintain the
information about dying and dead Google products. You can join the
discussion on GitHub, or follow us on Twitter. A project by Cody Ogden.

Press inquiries and other assorted death threats...

------------------------------

Date: Thu, 4 Feb 2021 11:03:32 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded
  Devices (The Hacker News)

The second can be exploited without requiring Wi-Fi #password, and the other
allows exploitation of Wi-Fi client and full takeover.

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi
module that could have been exploited to gain root access and take complete
control of a device's wireless communications.

The six flaws were reported by researchers from Israeli IoT security firm
Vdoo.

The Realtek RTL8195A module is a standalone, low-power-consumption Wi-Fi
hardware module targeted at embedded devices used in several industries
such as agriculture, smart home, healthcare, gaming, and automotive
sectors.  [...]
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

------------------------------

Date: Thu, 4 Feb 2021 11:05:56 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: NASA's space junk problem (Axios)

NASA needs to do more to understand the risks posed to spacecraft by space
junk and find new ways to mitigate the threat, according to a report last
week from the Office of Inspector General.
<https://oig.nasa.gov/docs/IG-21-011.pdf>

Why it matters: Some see space junk as an environmental crisis in orbit.
<https://www.axios.com/space-looming-space-junk-environmentalism-cb3b0c15-1=
bb7-43fb-a1de-f9a6334d601e.html>
Millions of pieces of space debris speed around Earth at more than 17,000
mph, putting spacecraft and sometimes people in harm=99s way.

Driving the news: The new OIG report suggests that while NASA has done a
good job of deorbiting its own spacecraft and rocket bodies, many other
nations haven't been as proactive, launching spacecraft and rockets that
stay in orbit longer than the 25 years recommended.

   - Now experts warn the space agency will need to both mitigate the junk
   already in space and prevent future junk from being created to keep
   spacecraft safe in the future.
   - "Despite presidential and congressional directives to NASA over the
   past decade to develop active debris removal technologies, the Agency ha=
s
   made little to no progress on such efforts," the OIG wrote.
   - The OIG also recommended NASA should develop a better means of
   tracking and understanding the nature of space junk in orbit to more
   effectively protect its spacecraft.

The catch: Nations and private companies are working to find ways to
effectively
clean up space
<https://www.axios.com/space-junk-satellite-janitors-bdf897f3-81ac-40b8-b94=
9-a944bafbc4c9.html>,
but those technologies are still early in development.

https://www.axios.com/nasa-protect-satellites-space-junk-89818dfe-1be3-48bc=
-8d79-811d93528b83.html

------------------------------

Date: Mon, 1 Feb 2021 11:50:56 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: AI Can Tell What Song You Are Listening to From Your Brainwaves
  (Matthew Sparkes)

Matthew Sparkes, *New Scientist* 26 Jan 2021, via ACM TechNews, 1 Feb 2021

Artificial intelligence (AI) developed by researchers at Delft University of
Technology in the Netherlands can identify the songs a person is listening
to by examining their brainwaves. The researchers used an
electroencephalography (EEG) cap that detects the brain's electrical
activity to record the brainwaves of 20 test subjects as they listened to 12
songs through headphones while blindfolded in a dimly lit room. The AI was
trained using short segments of each person's EEG readings along with the
matching music clip to identify patterns, and identified the songs with 85%
accuracy in tests on unseen portions of the data. However, accuracy fell
below 10% when the AI was trained on EEG data from one person and then
sought to identify a song when a different person listened to it. Said
Delft's Derek Lomas, music is "just voltage fluctuations. And it's the same
with the EEG."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-293a4x227ec3x071236

  [One man's beat is another man's noise,n?  PGN]

------------------------------

Date: Thu, 4 Feb 2021 18:20:45 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: The iPhone's Face ID Will Soon Work With a Mask
  --  if You Have an Apple Watch (WiReD)

Recognizing you while your face is covered is still pretty tough for a
computer.

Apple is facing our face-masked future. This week, the company started
testing some new software for the iPhone that will let device owners unlock
the handset while wearing a face covering. There's a catch, though, one that
lines up with Apple's strategy of locking people in to different Apple
products, and it highlights how challenging it can be to develop accurate
facial recognition technology: The new face-unlock feature requires an Apple
Watch.

The first developer beta of iOS 14.5 includes updates to app tracking
controls and Siri alongside the face-mask function. App-makers typically get
early access to the newest version of iOS in order to launch or retool their
apps well in advance of the formal software release. (Brave souls who don't
mind the risk of potentially bricking their iPhones can also enroll in
public beta releases.) The fully baked version of the software is expected
to be made available to the general public this spring.

https://www.wired.com/story/iphone-face-id-mask-ios-beta/

------------------------------

Date: Wed, 3 Feb 2021 12:09:23 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: How Google Searches Reveal the Hidden Cost of Lockdown
  (U.Warwick)

University of Warwick (UK), 27 Jan 2021 via ACM TechNews 3 Feb 2021

Researchers at the U.K.'s University of Warwick, Canada's University of
Ottawa, and France's Paris School of Economics and Aix-Marseille University
found that Google Trends data from 10 countries across Europe and the U.S.
between January 2019 and April 2020 demonstrated the impact of pandemic
lockdowns on mental health. The researchers observed a sharp increase in the
number of people searching on Google for terms related to boredom,
loneliness, and worry at the beginning of the first lockdown. Said the
University of Warwick's Nick Powdthavee, "Our findings indicate that
people's mental health may have been severely affected by the pandemic and
lockdown." Powdthavee added, "It may be necessary to make sure support is
provided to help those struggling most with lockdown."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806bx068373&;

------------------------------

Date: Wed, 3 Feb 2021 12:09:23 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: F-35's Buggy Software Prompts Pentagon to Call in Universities
  (Bloomberg)

Anthony Capaccio, *Bloomberg*, 2 Feb 2021 via ACM TechNews 3 Feb 2021

The Pentagon is consulting with U.S. universities to evaluate software on
aerospace company Lockheed Martin's F-35 fighter jet, in the hope of
correcting the buggy system. The F-35 program's Laura Seal said software
experts at the Johns Hopkins University Applied Physics Laboratory, the
Carnegie Mellon University Software Engineering Institute, and the Georgia
Institute of Technology Research Institute are conducting an independent
technical assessment. The $398-billion F-35 program involves Lockheed
fighter jets equipped with more than 8 million lines of code each. Seal said
the program office will analyze the assessment as part of "a broad range of
information," then announce dates for program milestones, including
simulated combat testing to rate the F-35's performance against the latest
Russian and Chinese aircraft and air defenses.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-29437x22806cx068373&;

------------------------------

Date: Thu, 4 Feb 2021 16:03:33 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: Ford cuts F-150 pickup truck production due to semiconductor chip
  shortage (CNBC)
...again.

https://www.cnbc.com/2021/02/04/ford-forced-to-cut-pickup-production-due-to-semiconductor-shortage-.html

------------------------------

Date: Thu, 4 Feb 2021 20:58:11 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: Amazon Netradyne Driver Information on Vimeo

https://vimeo.com/504570835/e80ee265bc

Snoopervision. As if driving/delivering isn't already stressful.

------------------------------

Date: Thu, 4 Feb 2021 00:24:43 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks
  (NYTimes)

432 Park, one of the wealthiest addresses in the world, faces some
significant design problems, and other luxury high-rises may share its fate.

The Down Side to Life in a Supertall Tower: Leaks, Creaks, Breaks
https://www.nytimes.com/2021/02/03/realestate/luxury-high-rise-432-park.html

------------------------------

Date: Thu, 4 Feb 2021 00:27:08 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: A Vast Web of Vengeance (NYTimes)

Outrageous lies destroyed Guy Babcock's online reputation. When he went
hunting for their source, what he discovered was worse than he could have
imagined.

Author writes:

Ms. Atas's victims spent years begging Google, Pinterest and WordPress to
take down the slanderous posts or at least make them harder to find.  The
companies rarely did so, until I contacted them to request comment for this
article. Pinterest then removed photos linked to Ms. Atas.  Automattic,
which owns WordPress, deleted her blogs.

A Vast Web of Vengeance
https://www.nytimes.com/2021/01/30/technology/change-my-google-results.html

------------------------------

Date: Thu, 4 Feb 2021 09:32:15 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Will Australia ban VPNs?

Thought Experiment: Will the Australian government try to "do a China"
and ban VPNs, when Aussies start using VPNs to access Google, if
Google pulls out of Oz in justified response to the government there
behaving like idiots who don't understand how the Internet works?

------------------------------

Date: Tue, 2 Feb 2021 19:32:20 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: Maybe Set A Calendar Reminder For Summer: Your Virginia E-Z
  Pass May Be Inactive (DCist)

The commonwealth is one of two states (New Hampshire is the other) that
deactivates drivers' passes and closes their accounts after a year of
inactivity. This is due to the requirements of the state's unclaimed
property regulations. With routines upended, many commuters would likely see
their passes approach expiration come mid-March.

But now, drivers have until the summer to avoid losing their pass's
functionality. The Virginia Treasury Department has given the Virginia
Department of Transportation (VDOT) a one-time, six-month moratorium on the
deactivation rule because of the pandemic.

https://dcist.com/story/21/02/02/virginias-e-z-pass-has-one-odd-rule-you-need-to-know/

Deactivate account, forfeit account balance, get sudden no-plate toll bill.
Brilliant.

------------------------------

Date: Mon, 1 Feb 2021 13:16:59 PST
From: Peter Neumann <neumann () csl sri com>
Subject: Ballot-Marking Devices in Georgia (Andrew Appel)

https://freedom-to-tinker.com/2021/02/01/georgias-election-certification-avoided-an-even-worse-nightmare-thats-just-waiting-to-happen-next-time/

------------------------------

Date: Sat, 30 Jan 2021 17:06:05 +0000
From: "Clive D.W. Feather" <clive () davros org>
Subject: No Flash, no trains

When Flash stopped working at the start of the year, it wasn't just online
games that were affected. It turns out that a railway in China was running
its systems using Flash.

Their solution? To install a pirated version.

https://hk.appledaily.com/news/20210117/FLXATT4LKVBGVEBRLAECJPTCHM/
https://jalopnik.com/any-1846109630

------------------------------

Date: Fri, 29 Jan 2021 13:58:00 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: The `Dumb Money' Outfoxing Wall Street Titans (NYTimes)

There is a serious problem with the regulation of short selling, which has
been going on for most of my 70+ years: you're not allowed to sell short
shares that you haven't *borrowed*. This keeps the total number of shares
shorted at less than the total number of shares in the public market (the
"float").

However, some of the companies mentioned in these articles have had total
shorted shares substantially greater than the total number of shares in the
company, which proves that someone (actually, a large # of someone's) have
been illegally rigging the system.

The SEC claims to be looking into this whole situation, but I'm not holding
my breath waiting for any fines or jail sentences.

------------------------------

Date: Sat, 30 Jan 2021 18:43:48 +0200
From: Amos Shapir <amos083 () gmail com>
Subject: Re: The Creeping Normalization of Robotic Police Officers
  (RISKS-32.47)

This is not the future, it's the present.  This might already happen with
current surveillance cameras and face-recognition software, no need for
robocops patrolling the streets.

If that happens to anyone, they'd better keep themselves under house
arrest, because this situation might happen again each time they step out
-- until someone takes care to update the algorithms.

------------------------------

Date: Sat, 30 Jan 2021 18:20:25 -0800
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: An old arrest can follow you forever online... (RISKS-32.47)

What's good for the goose is good for the gander: Steve Bannon, Roger Stone,
Rod Blagojevich, Tony Levandowski, Paul Manafort, Michael Flynn, Joe Arpaio,
etc. will all want the same treatment.

The phony "right to be forgotten" has to have some limits -- e.g., shouldn't
those who run for office be required to disclose any legal troubles?

What happens if someone runs for office and loses? Does the Internet now
have to scrub itself of any of these disclosures made while they ran?

The silly thing is that anyone who really cares -- e.g., a potential
employer, a bank, an insurance company, etc., can easily find out all these
things w/o any hindrance from *The Boston Globe*.

Only you, as a woman attending a first date, won't be able to Google about
your upcoming date without paying a hefty sum.

------------------------------

Date: Tue,  2 Feb 2021 17:08:01 -0500 (EST)
From: Eli the Bearded <*@eli.users.panix.com>
Subject: Re: Company name could lead to security xss attack?
  (Levine, RISKS-32.47)

More recently the (now ex-)commissioner of the Department of Building
Inspection (DBI) in San Francisco, Rodrigo Santos was regularly pocketing
checks made out to DBI and changing the payee to RODBIGO SANTOS to cash
them. The FBI published an example of such late last year.

https://missionlocal.org/2020/09/rodrigo-santos-dbi/

I have to suspect automated check processing made this easier, as humans
would likely scrutinize the change in handwriting better. The payers might
not have looked closely so long as they got their building
permits. Unfortunately for Rodrigo Santos, the computers also keep copies of
the checks for police to subpoena.

------------------------------

Date: Sun, 31 Jan 2021 12:44:23 +0800
From: Dan Jacobson <jidanni () jidanni org>
Subject: Re: The World Is Dangerously Dependent on Taiwan for Semiconductors
  (Bloomberg)

And, we got the chips.  So, World, how about some vaccines?

https://www.qatar-tribune.com/news-details/id/206745/taiwan-to-germany-can-we-trade-semiconductor-chips-for-vaccine-
https://focustaiwan.tw/politics/202101290021
https://www.taiwannews.com.tw/en/news/4113126

------------------------------

Date: Sun, 31 Jan 2021 12:07:45 +0800
From: Dan Jacobson <jidanni () jidanni org>
Subject: Re: With Online Terms of Service, What Happens When You
  Click 'Agree'? (The New York Times)

And what happens when you try sending an email to one of those addresses
in those Terms of Service?

   A message that you sent could not be delivered to one or more of its
   recipients. This is a permanent error. The following address(es) failed:
    legal () godaddy com

------------------------------

Date: Sat, 30 Jan 2021 11:34:37 +0100
From: Anthony Thorn <anthony.thorn () atss ch>
Subject: Re: The calculus really is complex (RISKS-32.46)

I was of the same opinion as WOL along the lines that IF the first dose of
the Pfizer/Biontech vaccine provides 60% protection (for twice as many
people) and 100% protection against serious illness, it's a no-brainer from
the epidemiological standpoint- if not for those individuals who would
otherwise receive their second dose after 3 weeks.

However Dr Fauci's statement that providing 60% protection to a large
population would/could select for mutations with immunity to the vaccine
adds a new level of complexity.

https://www.businessinsider.com/fauci-coronavirus-variant-mutation-2nd-vaccine-dose-covid-2021-1

Fauci, speaking on a virtual World Economic Forum panel:
"You don't get full efficacy until you get the second dose, and if you allow
suboptimal efficacy, you can actually immunologically select for mutations,"

But England's chief medical officer Professor Chris Whitty:
  a "real worry but quite a small real worry".
https://news.sky.com/story/covid-19-extending-gap-between-coronavirus-jab-doses-creates-small-risk-of-escaped-mutant-variant-whitty-12180180

I do not envy the politicians or even the scientific advisors their
responsibility.

------------------------------

Date: Tue, 2 Feb 2021 09:35:47 -0800
From: Rob Slade <rslade () gmail com>
Subject: Risk analysis and CoVID variants

Right now, people are in a major panic about CoVID variants.  B1.1.7 (aka
UK), B1.351 (aka South Africa), CAL20C, and at least one from Brazil.  By
the time you read this, there will likely be others.

CoVID is a really classic example of risk because so much probability is
involved.  As Donn Parker has famously said, there is no risk of
encountering malware because, in the current computing environment there is
no probability of encountering malware: it's a certainty.  Almost none of
the CoVID risk is binary.  If you leave your house, you don't necessarily
immediately get CoVID, it just increases the probability of your risk of
getting infected.  If you fail to wash your hands, you don't immediately get
CoVID, it just increases the probability of your risk of getting infected.
If you stand less than two metres away from someone, you don't immediately
get CoVID, it just increases the probability of your risk of getting
infected.  If you don't wear a mask when you go out, you don't immediately
get CoVID, it just increases the probability of your risk of getting
infected.

And, if you do get infected, there is probability involved again.  You may
never show any symptoms.  Or you may have something like a mild case of the
flu.  Or you may die.  Or you may just become really, really sick, and, for
a month or so, *wish* you would die.  Or you may become one of the
long-haulers with some weird respiratory or neurological deficit that never
goes away.  It's a fairly random outcome, as far as we can tell at the
moment.

But there's more probability involved, and almost nobody is talking about
it.  Each time the virus reproduces, there is a chance of an error.  Those
errors become mutations.  Most of the time, the mutation simply fails.  The
error causes the virus to fail to reproduce, or sometimes to fall apart.
(Those mutations just disappear.)  Sometimes the error doesn't really change
much of anything, and it just makes it possible for us humans to do full
genome sequencing and figure out where this particular case of CoVID came
from.  But sometimes, say once in 85.4 trillion times, the error produces
something that will make the virus work slightly better than it did before.
It may bind more tightly to human cells, or hide a bit better from
antibodies.  It'll be more successful.

A more successful virus will tend to have an advantage, and will therefore
sort of take over the niche that the viruses are trying to occupy, just like
any other evolutionary population dynamics.  If the new mutation is more
successful because it infects faster or easier, then the variant will spread
faster, and the new variant will be more infectious than the old variant,
thus increasing the reproductive number and increasing the number of cases
per day.  But that's ironic, because each new case provides more opportunity
for mutation.  Each time the virus reproduces there is room for that error,
and so each and every new case means a greater risk of more variants.

Which means that every time you go out when you don't need to, or fail to
wash your hands, or fail to distance, or fail to wear a mask, you not only
risk getting infected, or giving the infection to your friends and family,
or increasing the spread in your neighbour, but you also risk making a new
variant, each one closer to the ultimate aim of the viruses to become
something that infects everyone it contacts immediately, spreads via tiny
aerosols that go right through filters, completely spreads through the
entire organism, and then sits and does nothing and produces no detectable
symptoms until a month after infection when it kills everyone.

Now, lest you think that is too dark a thought in regard to virus variants,
note that, right now, even with the variants that we have encountered, we
*do* know how to deal with them.  We need to do exactly what we have been
told all along, only more so.  Stay home if you can.  Wash your hands.  If
you need to go out, keep your distance.  If you need to go out, wear a mask.
Don't go to parties.  Don't hold parties.  No, not even SuperBowl parties.
Don't merge bubbles.  This is not rocket science.  And it works.

------------------------------

Date: Tue, 2 Feb 2021 19:53:09 -0500
From: Jan Wolitzky <jan.wolitzky () gmail com>
Subject: Novel of the Next World War

Wired magazine is publishing a 6-part, serialized novel, by Elliot Ackerman
and Admiral James Stavridis, about a near-future war between the U.S. and
China that turns on innovations in artificial intelligence, quantum
computing, and cyberweapons.

<https://www.wired.com/story/2034-novel-next-world-war-editors-letter/>

------------------------------

Date: Wed, 3 Feb 2021 20:59:24 +0800
From: Richard Stein <rmstein () ieee org>
Subject: A new bio-inspired joint model to design robotic exoskeletons
  (Techxplore.com)

https://techxplore.com/news/2021-02-bio-inspired-joint-robotic-exoskeletons.html

"Recent advances in the field of robotics have enabled the fabrication of
increasingly sophisticated robotic limbs and exoskeletons. Robotic
exoskeletons are essentially wearable 'shells' made of different robotic
parts. Exoskeletons can improve the strength, capabilities and stability of
users, helping them to tackle heavy physical tasks with less effort or
aiding their rehabilitation after accidents."

A fascinating field ripe for innovation. No ready means to determine the
deployed product population. See some exoskeleton models:
https://www.digitaltrends.com/cool-tech/robot-exosuit-roundup/

These systems can enable a paraplegic to ambulate. However, the limb motion
control systems can injure human anatomy.

The FDA's TPLC platform lists one product code, PHL, that categorizes
regulations for powered exoskeletons, specifically "powered lower extremity
exoskeleton."

See
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=3931&min_report_year=2016.
There are 20 medical device reports listed between 2016-2020. The key
patient problem reported is bone fracture.

The top-10 device problems attributed to the MDRs, in CSV format:

Device Problems,MDRs with this Device Problem,Events in those MDRs
Adverse Event Without Identified Device or Use Problem,6,6
Human-Device Interface Problem,5,5
Insufficient Information,2,2
Fracture,2,2
Component Missing,1,1
Break,1,1
Crack,1,1
Appropriate Term/Code Not Available,1,1
Noise, Audible,1,1
Detachment Of Device Component,1,1

The top-10 patient problems, attributed to the MDRs, in CSV format:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
Bone Fracture(s),14,14
Swelling,5,5
Bruise/Contusion,2,2
Edema,1,1
Head Injury,1,1
Joint Swelling,1,1
No Code Available,1,1
No Consequences Or Impact To Patient,1,1
Spinal Cord Injury,1,1
No Known Impact Or Consequence To Patient,1,1

------------------------------

Date: Mon, 1 Feb 2021 08:43:47 -0800
From: Rob Slade <rslade () gmail com>
Subject: Series of security lectures

Oh, my brothers and only friends:

I have been presented with an opportunity to give a whole series of
presentations to a *non*-security group.  We, as security people, always
complain that nobody in tech ever wants to listen to us, so I am not about
to turn down an opportunity for an eight-month gig to evangelize our
non-security bretheren.

VanTUG ( http://vantug.com/ ) started life as a Microsoft user group, so
they want me to use Microsoft Teams, which I never have.  I am still
learning.  Some things I like, and some I don't.  The VanTUG President has
told me that they are willing to have non-members attend the
"meetings"/lectures, or to join the group.  There is no charge for either
membership or attendance.  You can join the VanTUG "Team" at
https://teams.microsoft.com/join/r7slh6566c60.  It is not necessary to join
in order to attend the "meetings"/lectures, but joining gets you
announcements about the meetings.  Or you can view the postings I'm making
at https://community.isc2.org/t5/C/V/m-p/42919 or follow my Twitter feed at
https://twitter.com/rslade

The first of these presentations is going to be on this Tuesday, February
2nd, and the first and third Tuesdays of the month thereafter, currently
slated to run until September. The meetings are from 7 pm to 8:30 pm ET:
Vancouver).  A (rough) list of topics can be found at the posting at
https://community.isc2.org/t5/C/V/m-p/42919

The link for the first "meeting" is:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_MGNlNjNhMGItNzVjNC00NDk3LThmNDUtNDE3MjZlN2RmOTVh%40thread.v2/0?context=%7b%22Tid%22%3a%228d3d8493-09a7-43f8-97e6-9423036fdf31%22%2c%22Oid%22%3a%22055a3565-22c2-4d78-a9f2-e72f723df6ef%22%7d
It might be easier to get it off the posting at
https://community.isc2.org/t5/C/V/m-p/42919 or my Twitter feed at
https://twitter.com/rslade

So, if you are interested, or if you want to see "Teams" in action, or if
you have any non-security friends that you want to be evangelized into
security, or want to attend and heckle me when I make a mistake in what I
tell them ...

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.48
************************
Previous By Date Next
Previous By Thread Next

Current thread: