RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 33.06

From: RISKS List Owner <risko () csl sri com>
Date: Fri, 18 Feb 2022 17:23:22 PST
RISKS-LIST: Risks-Forum Digest  Friday 18 February 2022  Volume 33 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/33.06>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Solar Storm Destroys 40 New SpaceX Satellites in Orbit (NYTimes)
OneWeb founder plans to launch 100,000 satellites in space comeback (On)
Some Mazda cars stuck on a Seattle Station due to bad meta-data broadcast
 (Yahoo)
Serious Warning Issued For A Billion Apple iPhone Users (Forbes)
As Automakers Add Technology to Cars, Software Bugs Follow (NYIimes)
Chip errors are becoming more common and harder to track down (NYIimes)
EU Chip Production Plan Aims to Ease Dependency on Asia (AP)
107 drivers recently complained about their Teslas making random, jolting
 stops (Protocol.com)
Lessons from Post Office scandal: "computer-says-no culture runs the world"
 (The Guardian)
The most widespread miscarriage of justice in British legal history
 (Adam Wildavsky)
Really big electric power refund (BBC via Jeremy Epstein)
Humans Find AI-Generated Faces More Trustworthy Than the Real Thing
 (Scientific American)
True Story? Lie-Detection Systems Go High-Tech (BBC)
Tiny Chips, Big Headaches (NYTimes)
Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info (WiReD)
IRA accounts drained of $36 million in cryptocurrency (Coindesk)
IRS backlog hits nearly 24 million returns, further imperiling the 2022 tax
 filing season (WashPost)
Algorithm amplifies trustworthy news content on social media without
 shielding bias (USouthFlorida)
Two arrested for alleged conspiracy to launder $4.5B in stolen
 cryptocurrency (Justice.gov)
Man wins big jackpot in Vegas, but doesn't know it. Gaming board tracked him
 down. (Gaming)
DC Metro Did Not Intentionally Hide Faults In Railcars (Watchdog Annandale
 and VA Patch via Gabe Goldberg)
Quantum Errors Made More Tolerable (ETH Zurich)
Hertz claims thousands of renters steal cars. Customers argue they've been
 falsely accused. (WashPost)
Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD)
Their Bionic Eyes Are Now Obsolete and Unsupported (IEEE)
Cryptocurrencies remain a gamble best avoided (Nikkei Asia)
Re: Fiber cut takes out cell service to a large portion of SW Colorado
 (Andrew Duane0
Re: Teslas rolling through stop signs (Robert Wilson0
Re: Ancient Programming Language Is Way More Common Than We Thought
 (Amos Shapir)
Re: A crypto breakthrough? Western states consider taking digital currency
 (Amos Shapir)
Re: The New York Times Buys Wordle (Amos Shapir)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 9 Feb 2022 23:39:36 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: Solar Storm Destroys 40 New SpaceX Satellites in Orbit (NYTimes)

Solar Storm Destroys 40 New SpaceX Satellites in Orbit

Location, location, location...

https://www.nytimes.com/2022/02/09/science/spacex-satellites-storm.html

------------------------------

Date: Mon, 7 Feb 2022 12:44:34 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: OneWeb founder plans to launch 100,000 satellites in space comeback
 (On)

Greg Wyler says E-Space's vast mesh network will clean up debris and bring
it back to earth

Greg Wyler, the space entrepreneur who founded Britain's OneWeb, plans to
put up to 100,000 satellites in orbit this decade with his latest business
venture E-Space.

The company on Monday said it had raised $50mn in seed funding from Prime
Movers Lab, a fund that invests in breakthrough scientific start-ups.

E-Space aims to create a vast mesh network of small satellites that can
deliver bespoke and commercial services to business and government, from
secure communications to remote infrastructure management.

Wyler's plans come as the world becomes increasingly concerned about the
risk of collisions in orbit and resulting space debris.

Since 2019 the number of working satellites has risen 50% to roughly 5,000,
largely because new commercial groups are exploiting lower launch costs to
build businesses in low-earth orbit, 150km-200km above the earth. Elon Musk
aims to launch some 40,000 satellites for his Starlink Internet service.

The European Space Agency estimates 330m pieces of debris less than 1cm
across and 36,500 greater than 10cm are orbiting the planet.

This poses a serious risk to operational satellites. A fleck of paint just
a few thousandths of a millimetre across cracked the window of the
International Space Station in 2016.

Wyler insisted E-Space will leave low-earth orbit cleaner than before its
satellites are launched, with a network that will collect and deorbit
debris even as it provides connectivity services.

The satellites have a substantially smaller cross section than rivals, Wyler
told the Financial Times, and will be designed to crumple rather than break
apart when struck. They will also entrain any debris they encounter and
automatically de[-]orbit when a certain amount has been collected.

``Like oysters in the river that filter the river and clean it, our
satellites are the first to be designed to clean space.  The more satellites
we have, the cleaner space will be.''

Anton Brevde, partner at Prime Movers Lab and on the board of E-Space,
suggested Wyler's innovative design would do for satellites what Apple's
iPhone did for mobile phones.

``How do you minimise a 300kg sat to something that is an order of magnitude
smaller? How do you go from the personal computer to the iPhone, something
that is smaller and thinner.  It's a whole bunch of innovation that came
together. He has been brainstorming for years on how to make communications
satellites as small and cheap as possible.''

Wyler is one of the space industry's best-known innovators, having founded
the 03b network now owned by Luxembourg's SES and then OneWeb, a pioneer of
low-earth orbit Internet services.  [...]

https://on.ft.com/3J1ErJo

------------------------------

Date: Thu, 10 Feb 2022 03:56:42 +0000
From: "mike smith" <mike1234z () hotmail com>
Subject: Some Mazda cars stuck on a Seattle Station due to bad meta-data
 broadcast (Yahoo)

Listeners owning certain Mazda models in Seattle who happened to tune into
KUOW are now stuck on that station if their info system is even working.

According to
https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html
[https://s.yimg.com/uu/api/res/1.2/riQzg7XJI5LGVJRNZnRwtw--~B/aD01MTI7dz03Njg7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/afp.com/6211cba131374a417c52e2b479344723]<https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html>
US Mazda drivers stuck listening to public news
radio<https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html>
Mazda drivers in one part of the United States have found themselves stuck
listening to public radio after their car's entertainment system got jammed
on one frequency. Dozens of owners of the vehicles in the Seattle area are
unable to change the channel from 94.9 FM, while others are doomed to ...
news.yahoo.com

Dozens of owners of the vehicles in the Seattle area are unable to change
the channel from 94.9 FM, while others are doomed to watch their multimedia
screens endlessly -- and fruitlessly -- reboot. Mazda says the problem seems
to have stemmed from a broadcast by the station, which normally includes
extra data that today's sophisticated digital radios use to display
information like an artist's name or track title. "Between January 24 and
31, a radio station in the Seattle area sent image files with no extension,"
the company told tech website Geekwire.  An expert interviewed by the
Seattle Times said the on-board computer should have ignored the unknown
file extension, but instead tried to open it, sending the whole system into
meltdown.

------------------------------

Date: Mon, 7 Feb 2022 09:52:28 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Serious Warning Issued For A Billion Apple iPhone Users (Forbes)

The biggest hack in iPhone history
<https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/>
is now public knowledge with reports of the horrific attacks
<https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/>
it made on individuals. And now the one billion-strong
<https://www.theverge.com/2021/1/27/22253162/iphone-users-total-number-billion-apple-tim-cook-q1-2021>
iPhone user base has been told it was not alone.

A shocking new report from Reuters
<https://www.reuters.com/technology/exclusive-iphone-flaw-exploited-by-second-israeli-spy-firm-sources-2022-02-03/>
has revealed a secretive company called QuaDream which has been hacking
iPhones for more than five years, granting access to users' microphones,
cameras (front and back) and monitoring calls in real time.

Reuters says that QuaDream's flagship product was called ‘REIGN’ and the
company sold its hacks to the highest bidder. REIGN could take remote
control of any iPhone without the users' knowledge. It would then access
emails, photos, texts, contacts and instant messages — even from end-to-end
encrypted services like WhatsApp, Telegram and Signal.

The discovery mimics that of Israeli cyberarms firm NSO Group and its
Pegasus software <https://en.wikipedia.org/wiki/Pegasus_(spyware)> -- which
had been successfully hacking iPhones since 2016 until it was exposed last
year in news that sent shockwaves around the world.  [...]

<https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/>
https://www.forbes.com/sites/gordonkelly/2022/02/06/apple-iphone-security-quadream-reign-warning-new-iphone-hack/?sh=2e07f4e460ee

  [Jan Wolitzky noted this item:
  Israel to Investigate Domestic Use of Pegasus Spyware as Scrutiny Hits Home
  The decision reflected rising concerns about the domestic use of spyware
  made by NSO Group, based in Israel, which has long been a target of
  criticism abroad.
https://www.nytimes.com/2022/02/07/world/middleeast/israel-pegasus-spyware.html
  PGN]

------------------------------

Date: Tue, 8 Feb 2022 08:44:00 -0500
From: "Jan Wolitzky" <jan.wolitzky () gmail com>
Subject: As Automakers Add Technology to Cars, Software Bugs Follow (NYIimes)

Faulty computer systems are prompting class-action lawsuits by disgruntled
car owners, a symptom of automakers’ bumpy transition to the digital age.

<https://www.nytimes.com/2022/02/08/business/car-software-lawsuits.html>

------------------------------

Date: Mon, 7 Feb 2022 15:27:05 -0500
From: "Jan Wolitzky" <jan.wolitzky () gmail com>
Subject: Chip errors are becoming more common and harder to track down
 (NYIimes)

In the past year, researchers at both Facebook and Google have published
studies describing computer hardware failures whose causes have not been
easy to identify. The problem, they argued, was not in the software -- it
was somewhere in the computer hardware made by various companies.

``They're seeing these silent errors, essentially coming from the underlying
hardware,'' said Subhasish Mitra, a Stanford University electrical engineer.
who specializes in testing computer hardware.  Increasingly, Dr. Mitra said,
people believe that manufacturing defects are tied to these so-called silent
errors that cannot be easily caught.

<https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html>

------------------------------

Date: Mon, 14 Feb 2022 12:00:23 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: EU Chip Production Plan Aims to Ease Dependency on Asia (AP)

Raf Casert, Associated Press, 8 Feb 2022,
via ACM TechNews, Monday, February 14, 2022

The EU has announced a $48-billion plan to curtail its reliance on
semiconductors as part of its Chips Act. European Commission president
Ursula von der Leyen said the plan will integrate research, design, and
testing, and coordinate European and national investment in chip production
capabilities. The Chips Act will combine public and private funds, and
accommodate state aid to launch the investments. Von der Leyen aspires to
grow the bloc's share of the global semiconductor market from 9% to 20% by
2030, which "means basically quadrupling our efforts," given the sector is
projected to double over that period. She said the plan will infuse another
$17 billion in public and private investment into funds already pledged in
the EU budget.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e07fx23167cx073842&;

------------------------------

Date: Wed, 2 Feb 2022 09:27:23 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: 107 drivers recently complained about their Teslas making random,
 jolting stops (Protocol.com)

The so-called *phantom braking* increased after Tesla both made a software
update and stopped using radar sensors in October.

Some Tesla drivers say they're experiencing an increase in "phantom
braking," in which their cars make random, jolting stops because they
misinterpret hazards like trash on the road, trucks in nearby lanes and
oncoming traffic on two-lane roads. 107 Tesla drivers have filed complaints
with the National Highway Traffic Safety Administration in the past three
months, according to federal data reviewed by The Washington Post
<https://www.washingtonpost.com/technology/2022/02/02/tesla-phantom-braking/>.
Only 34 complaints had been filed in the preceding 22 months.  [...]

https://www.protocol.com/bulletins/tesla-phantom-braking

------------------------------

Date: Wed, 16 Feb 2022 07:39:09 +0000
From: David Lamkin <drl () shelford org>
Subject: Lessons from Post Office scandal: "computer-says-no culture runs
 the world" (The Guardian)

As the Public Enquiry into the long running British Post Office computer
scandal limps into life, this article from *The Guardian* expresses the way
that 'technology is deferred to' in our world.
<https://www.theguardian.com/commentisfree/2022/feb/15/post-office-scandal-workers-computer-system>
<https://www.private-eye.co.uk/special-reports/justice-lost-in-the-post> for
a refresher

This won't come as a surprise to RISKS readers, but it is worth noting how
this outrageous situation drags on.

------------------------------

Date: Wed, 16 Feb 2022 16:53:28 -0800
From: Adam Wildavsky <adam () tameware com>
Subject: The most widespread miscarriage of justice in British legal history

The British Post Office Horizon Scandal was covered in RISKS-31.22,23,51:

Per the BBC, "The wrongful convictions of hundreds of sub-postmasters and
mistresses will be examined by a public inquiry starting on Monday (Feb 21,
2022.)"

https://www.bbc.com/news/business-60369875

Wikipedia's coverage seems thorough:

https://en.wikipedia.org/wiki/British_Post_Office_scandal

I've seen no mention of whether Horizon employed double-entry accounting. I
suspect that it did not - such a feature would have made these so-called
"glitches" difficult to perpetrate and easy to spot.

------------------------------

Date: Mon, 14 Feb 2022 08:40:45 -0500
From: Jeremy Epstein <jeremy.j.epstein () gmail com>
Subject: Really big electric power refund (BBC)

https://www.bbc.com/news/uk-england-tyne-60369098

Northern Powergrid sent 74 refund checks to customers who lost power during
a storm for several trillion pounds (each).

No indication if any of them tried to cash the checks.  The company is
voiding them (!) and resending the correct amounts.

I find two interesting things about this:

1. Lack of sanity checking -- I would think that there would be a human in
   the loop for such things (e.g., a customer check above 1000 pounds or
   whatever a rational number is).

2. The software was obviously built for a large number - not only could it
   print the numerical value on the check, but it also successfully
   translates the number to the words "two trillion three hundred twenty
   four billion ...".  Was such number-to-word technology built for
   hyperinflationary systems (e.g., Zimbabwe from a few decades ago)?  If
   not, why would it even have the word "trillion" in its vocabulary?

------------------------------

Date: Tue, 15 Feb 2022 08:06:37 +0800
From: Richard Stein <rmstein () ieee org>
Subject: Humans Find AI-Generated Faces More Trustworthy Than the Real Thing
 (Scientific American)

https://www.scientificamerican.com/article/humans-find-ai-generated-faces-more-trustworthy-than-the-real-thing/

"The startling realism has implications for malevolent uses of the
technology: its potential weaponization in disinformation campaigns for
political or other gain, the creation of false porn for blackmail, and any
number of intricate manipulations for novel forms of abuse and
fraud. Developing countermeasures to identify deepfakes has turned into an
'arms race' between security sleuths on one side and cybercriminals and
cyberwarfare operatives on the other."

Deepfaked content reaffirms human susceptibility to truth default
interpretation (https://en.wikipedia.org/wiki/Truth-default_theory). The
human psyche is easily and quickly hooked into believing a whole-cloth tale
as fact. Without verifiable evidence to support or justify a claim, fiction
evolves into popular wisdom that erroneously distorts judgment and erodes
commonsense. An age-old problem: Discriminating fact from fiction.

  [Everyone is entitled to his own opinion, but not to his own facts.]
  (https://www.goodreads.com/author/quotes/219349.Daniel_Patrick_Moynihan)

------------------------------

Date: Wed, 2 Feb 2022 12:18:52 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: True Story? Lie-Detection Systems Go High-Tech (BBC)

Natalie Lisbona, BBC News, 31 Jan 2022, via ACM TechNews, 2 Feb 2022

A new method of lie detection developed by researchers at Israel's Tel Aviv
University uses electrodes affixed to the face to determine whether someone
is lying. The researchers said their software and algorithm, which can
detect 73% of lies, have uncovered two types of liars: those who move their
eyebrows involuntarily when lying, and those who are unable to conceal a
slight movement where their lips meet their cheeks when lying. Converus'
EyeDetect system detects lies based on involuntary eye movements, as
detected by eye-tracking software. More than 65 U.S. law enforcement
agencies and close to 100 agencies worldwide use EyeDetect, which claims to
be 86% to 88% accurate.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dee3x2310a9x072807&;

------------------------------

Date: Mon, 7 Feb 2022 10:17:08 -0800
From: Richard Stein <rmstein () ieee org>
Subject: Tiny Chips, Big Headaches (NYTimes)

https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html

"Until now, computer designers have tried to deal with hardware flaws by
adding to special circuits in chips that correct errors. The circuits
automatically detect and correct bad data. It was once considered an
exceedingly rare problem. But several years ago, Google production teams
began to report errors that were maddeningly difficult to diagnose.
Calculation errors would happen intermittently and were difficult to
reproduce, according to their report.

"A team of researchers attempted to track down the problem, and last year
they published their findings. They concluded that the company's vast data
centers, composed of computer systems based upon millions of processor
“cores,” were experiencing new errors that were probably a combination of a
couple of factors: smaller transistors that were nearing physical limits and
inadequate testing.

"In their paper, Cores That Don't Count, the Google researchers noted that
the problem was challenging enough that they had already dedicated the
equivalent of several decades of engineering time to solving it.

Computer hardware errors, since the days of vacuum tubes, have always been
problematic and inconvenient. Multi-core CPUs elevate failure likelihood --
non-deterministic stimulus conditions tip a spontaneous bit flip undetected
by hardware correction mechanism.

These 'silent; corrupt execution errors, or CEEs' from "Core That Don't
Count" via https://dl.acm.org/doi/10.1145/3458336.3465297 .  The essay
states, "Because CEEs may be correlated with specific execution units within
a core, they expose us to large risks appearing suddenly and unpredictably
for several reasons, including seemingly-minor software changes."

CEEs are frightening in that their silent and random materialization may
compromise medical imaging systems, business transactions, document content,
election tallies, transportation system operation, or initiate unauthorized
weapon deployment, etc.

Casualties and public chaos might arise without an easily traceable root
cause.  Semiconductor manufacturer's product license terms of service invoke
indemnification to shield them against product liability. They need this
"air cover" more than ever.

------------------------------

Date: Sun, 13 Feb 2022 02:13:47 -0500
From: Gabe Goldberg <gabe () gabegold com>
Subject: Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info
 (WiReD)

The attackers exploited a known vulnerability and installed credit card
skimmers on more than 500 websites.

https://www.wired.com/story/hackers-stole-payment-info-from-websites/

------------------------------

Date: Tue, 15 Feb 2022 10:27:49 -0500
From: "George Mannes" <gmannes () gmail com>
Subject: IRA accounts drained of $36 million in cryptocurrency (Coindesk)

https://www.coindesk.com/business/2022/02/14/drained-crypto-accounts-at-ira-financial-leave-victims-searching-for-answers/

Drained Crypto Accounts at IRA Financial Leave Victims Searching for Answers

Danny Nelson

They joined IRA Financial Trust eager to build a nest egg in crypto.
Instead, some users told CoinDesk their retirement accounts were drained,
frozen and locked -- with little explanation of what happens next.

It's been nearly one week since an apparent security breach threw IRA
Financial's clients into crisis mode. With $36 million of their retirement
savings in limbo and no full explanation from either IRA Financial or Gemini
-- the crypto exchange owned by the Winklevoss twins, Cameron and Tyler, and
custodian where their crypto was held pp they've begun organizing a response
to crypto's latest hack.  [,,,]

The incident is one of the first high-profile exploits to hit crypto
retirement accounts in the U.S. Appealing to tax-savvy bitcoiners, this
cottage industry has for the past few years hawked products in partnership
with top crypto brands.

....``Almost my entire Roth that I've had for over 20 years was stolen,''
said one victim who had invested much of it in bitcoin and ether. Two other
victims said they were locked out of their accounts; they can’t even see the
damage. The full theft is likely well under $50 million, according to a
source familiar with the situation.

Gemini's emails to customers provide a somewhat clearer picture of what
went down.

``Although our investigation remains ongoing, the facts discovered to date
indicate that transfer requests were made by utilizing properly
authenticated accounts controlled by IRA Financial Group, which were used to
execute asset transfers to another account, At the time, these requests
complied with IRA's approval processes and appeared to Gemini to be
legitimate, authorized transactions. To date, our investigation has found no
indication of any unauthorized access to your account resulting from any
security failure or breach of Gemini systems.''

This finding would place the blame entirely on IRA Financial. It would also,
in Gemini’s telling, absolve it of any responsibility to cover the loss with
its own insurance policy. Gemini advised the customer to ask IRA Financial
about its insurance policy...

------------------------------

Date: Sat, 12 Feb 2022 17:42:50 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: IRS backlog hits nearly 24 million returns, further imperiling the
 2022 tax filing season (WashPost)

The inventory of unprocessed returns and related correspondence was
provided by the IRS's taxpayer advocate service to the tax-writing
committees in Congress. The Treasury Department, the IRS's parent
agency, warned in January that it expected its response to be subpar
this year.

https://www.washingtonpost.com/politics/2022/02/11/irs-returns-backlog/

------------------------------

Date: Mon, 7 Feb 2022 12:15:25 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: Algorithm amplifies trustworthy news content on social media
 without shielding bias (USouthFlorida)

University of South Florida Newsroom, 3 Feb 2022,
via ACM TechNews, 7 Feb 2022

Researchers at the University of South Florida (USF), Indiana University
(IU), and Dartmouth College have developed a method for amplifying
trustworthy news on social media. The researchers analyzed content amplified
on newsfeeds by recommendation algorithms, targeting a source's reliability
score and the political variegation of their audience. They devised an
algorithm using data on Web traffic and the self-reported partisanship of
6,890 persons who reflect the sexual, racial, and political diversity of the
U.S., and reviewed the reliability scores of 3,765 news sources based on the
NewGuard Reliability Index. They found that adding a news audience's
partisan diversity to the algorithm can boost the reliability of recommended
sources while still supplying relevant recommendations, irrespective of
partisanship. IU's Filippo Menczer said, "This is especially welcome news
for social media platforms, especially since they have been reluctant of
introducing changes to their algorithms for fear of criticism about partisan
bias."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2df63x23132cx073950&;

------------------------------

Date: Tue, 8 Feb 2022 09:52:00 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Two arrested for alleged conspiracy to launder $4.5B in stolen
 cryptocurrency (Justice.gov)

https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency

------------------------------

Date: Sun, 6 Feb 2022 16:12:25 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Man wins big jackpot in Vegas, but doesn't know it. Gaming board
 tracked him down. (Gaming)

Man wins almost a quarter million dollar jackpot in Vegas, but malfunction
doesn't inform him. The gaming board spent weeks tracking him down back home
in Arizona:

https://gaming.nv.gov/modules/showdocument.aspx?documentid=18419

------------------------------

Date: Wed, 9 Feb 2022 15:58:15 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: DC Metro Did Not Intentionally Hide Faults In Railcars (Watchdog
 Annandale and VA Patch)

Geoffrey Cherrington, WMATA's inspector general, told the House Subcommittee
on Government Operations during a hearing on Wednesday morning that a chief
mechanical officer had discovered the two faults in the railcars. Rather
than notifying his superiors, he instead chose to report it as a warranty
issue.

"Nevertheless, increased frequency of back-to-back failures year over
year should have raised concerns beyond the chief mechanical officer,"
Cherrington said, in his opening remarks "WMATA managed defects as
warranty claims, not as safety hazard or safety concerns. WMATA's
warranty processes were disconnected from safety certification processes.

During its initial investigation, NTSB discovered that WMATA was aware of 52
failures of 7000-series cars going back to 2017, which the transit provider
failed to make public.

https://patch.com/virginia/annandale/s/i3x7z/metro-did-not-intentionally-hide-faults-in-railcars-watchdog

The problem? Train wheels moving in axles outside tolerances,
risking/causing derailings. Safety related? Nah.

------------------------------

Date: Wed, 16 Feb 2022 12:28:06 -0500 (EST)
From: ACM TechNews <technews-editor () acm org>
Subject: Quantum Errors Made More Tolerable (ETH Zurich)

Andreas Trabesinger, ETH Zurich (Switzerland), 11 Feb 2022
via ACM TechNews, 16 Feb 2022

Physicists at the Swiss Federal Institute of Technology, Zurich (ETH Zurich)
have demonstrated the ability to extend the longevity of quantum states and
expand tolerance of quantum errors, which are crucial to future quantum
computing. The method accounts for limitations of physically realistic
devices, and is relatively easy to deploy compared to other proposed
error-correction schemes. The researchers employed a platform that encodes
quantum information within the mechanical oscillator motion of a single
trapped ion, in effect optimizing the generation and control of logical
states of Gottesman-Kitaev-Preskill code for finite-energy states. The
approach supported efficient correction of unwanted displacements in the
oscillator's motion, and lengthened coherence time threefold.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e0c9x2317b1x073651&;

------------------------------

Date: Sat, 12 Feb 2022 17:39:58 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: Hertz claims thousands of renters steal cars. Customers argue
 they've been falsely accused. (WashPost)

Hundreds of customers say they were arrested or served jail time after the
rental car company reported them to police for stealing vehicles they had
properly paid for.

The problem sometimes arises when Hertz cannot find one of its cars in a
physical parking lot or its computer system, Malofiy said. So, he said, the
company reports the vehicle missing.

https://www.washingtonpost.com/travel/2022/02/11/hertz-customers-car-theft/

------------------------------

Date: Thu, 10 Feb 2022 15:43:42 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD)

Amazon's Dark Secret: It Has Failed to Protect Your Data

Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant
has handled your information less carefully than it handles your packages.

https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/

------------------------------

Date: Thu, 17 Feb 2022 10:33:04 -0700
From: Jim Reisert AD1C <jjreisert () alum mit edu>
Subject: Their Bionic Eyes Are Now Obsolete and Unsupported (IEEE)

Eliza Strickland, Mark Harris, 15 Feb 2022

  Yet in 2020, Byland had to find out secondhand that the company had
  abandoned the technology and was on the verge of going bankrupt. While his
  two-implant system is still working, he doesn't know how long that will be
  the case. "As long as nothing goes wrong, I'm fine," he says. "But if
  something does go wrong with it, well, I’m screwed. Because there's no way
  of getting it fixed."

https://spectrum.ieee.org/bionic-eye-obsolete

  [Also noted by Chad Dougherty.  PGN]

------------------------------

Date: Sat, 5 Feb 2022 09:20:47 +0900
From: Dave <farber () keio jp>
Subject: Cryptocurrencies remain a gamble best avoided (Nikkei Asia)

The recent meltdown in values for cryptocurrencies and related assets was
entirely predictable and overdue. But that does not signal a great
opportunity for you, or anyone with an ounce of common sense, to buy into
this so-called market now or anytime in the foreseeable future.

We are not investment advisers or lawyers. But we are familiar with
technology, and, apparently unlike a lot of the speculators who see
cryptocurrencies as an easy road to wealth, we have learned from the past.

We have watched technology hype innumerable times. We have seen financial
bubbles inflate and deflate. We have seen how con artists take advantage of
bubble mentality. Again and again, we have seen riches for a relative few
and losses for many.

Cryptocurrencies such as Bitcoin have several things in common. One is their
reliance on what is called the blockchain, a decentralized ledger that keeps
track of all transactions. Although it has some problematic features,
including big energy consumption, blockchain is a genuine innovation.

With major financial institutions, not just startups, investing in
cryptocurrency research and development, why are we so skeptical about the
current state of affairs? Here are some of the reasons.

First, in many jurisdictions, cryptocurrencies exist in a largely
unregulated environment. To their promoters, that is a feature. To us, it is
a bug.

David J. Farber and Dan Gillmor
https://asia.nikkei.com/Opinion/Cryptocurrencies-remain-a-gamble-best-avoided

------------------------------

Date: Tue, 15 Feb 2022 12:12:06 -0500
From: "Andrew Duane" <e91.waggin () gmail com>
Subject: Re: Fiber cut takes out cell service to a large portion of SW
 Colorado (ouraynews)

I work in this industry, and see fiber cuts all the time. A well designed
network should have effectively zero impact from a fiber cut, as long as:

1) There is circuit redundancy properly designed, so other fibers can take
   over traffic (there are lots of protocols for managing this).
2) Those other fibers *AREN'T IN THE SAME CONDUIT*.

It's surprising how many network providers spend a fortune to get #1 right
and completely forget about #2.

------------------------------

Date: Wed, 9 Feb 2022 19:43:25 -0600
From: Robert Wilson <rlwilsonjr () charter net>
Subject: Re: Teslas rolling through stop signs

The response that says "police will ticket drivers for disregarding stop
signs" must come from some idealized world, and certainly not one where I
have lived (quite a few places). Where I am now (southern Wisconsin) drivers
regularly roll through stop signs with no help from software.  The saying
that used to be "stop and go" has become "roll and stroll": I have
frequently heard people say exactly that!

The official response to accident rates is to lower speed limits (often
without then enforcing them.) I can calculate kinetic energy and I know the
danger of more serious injury in a high speed accident. But speed rarely is
the actual cause of an accident involving two cars. Accidents almost always
involve at least one vehicle being in the wrong place, not necessarily at a
high speed. But we almost never see enforcement of laws about where a
vehicle should be, e.g. which lane to be in. Once upon a time I had a
competition license, given after classes and testing, and I wish that we
required drivers to show more than how to parallel park.

  Maybe Tesla's programmers were basing their product on what they saw in
  the real world.

------------------------------

Date: Sat, 12 Feb 2022 12:40:30 +0200
From: "Amos Shapir" <amos083 () gmail com>
Subject: Re: Ancient Programming Language Is Way More Common Than We Thought
 (RISKS-33.05)

Something which had happened to a friend of mine highlights yet another risk
of COBOL: He was employed as a COBOL programmer for a bank in London.  One
day he was called by his boss: "I've heard that you know Hebrew.  We have a
project for you -- in Brazil!".

It turned out that the bank's Brazilian branch had employed an Israeli
programmer who had left, and no one was able to decipher his code.  Since
COBOL contains about 300 reserved words, programmers have to be careful not
to step on one; this programmer's solution was to name all his variables
with Hebrew words...

------------------------------

Date: Sat, 12 Feb 2022 12:43:28 +0200
From: "Amos Shapir" <amos083 () gmail com>
Subject: Re: A crypto breakthrough? Western states consider taking digital
 currency (RISKS-33.05)

In the same issue of the Risks digest, there is another headline: "$325
Million Vanishes From Crypto Platform Wormhole After Apparent Hack".

As they say in court dramas: I rest my case.

------------------------------

Date: Sat, 12 Feb 2022 12:51:55 +0200
From: "Amos Shapir" <amos083 () gmail com>
Subject: Re: The New York Times Buys Wordle (RISKS-33.05)

Calling these saboteurs "malicious hackers" is an insult to hackers...  It
doesn't take more than a control-U and another click, to get into the full
list of plain text words, in order of appearance.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.06
************************
Previous By Date Next
Previous By Thread Next

Current thread: