RISKS Forum mailing list archives
Risks Digest 33.06
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 18 Feb 2022 17:23:22 PST
RISKS-LIST: Risks-Forum Digest Friday 18 February 2022 Volume 33 : Issue 06 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.06> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Solar Storm Destroys 40 New SpaceX Satellites in Orbit (NYTimes) OneWeb founder plans to launch 100,000 satellites in space comeback (On) Some Mazda cars stuck on a Seattle Station due to bad meta-data broadcast (Yahoo) Serious Warning Issued For A Billion Apple iPhone Users (Forbes) As Automakers Add Technology to Cars, Software Bugs Follow (NYIimes) Chip errors are becoming more common and harder to track down (NYIimes) EU Chip Production Plan Aims to Ease Dependency on Asia (AP) 107 drivers recently complained about their Teslas making random, jolting stops (Protocol.com) Lessons from Post Office scandal: "computer-says-no culture runs the world" (The Guardian) The most widespread miscarriage of justice in British legal history (Adam Wildavsky) Really big electric power refund (BBC via Jeremy Epstein) Humans Find AI-Generated Faces More Trustworthy Than the Real Thing (Scientific American) True Story? Lie-Detection Systems Go High-Tech (BBC) Tiny Chips, Big Headaches (NYTimes) Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info (WiReD) IRA accounts drained of $36 million in cryptocurrency (Coindesk) IRS backlog hits nearly 24 million returns, further imperiling the 2022 tax filing season (WashPost) Algorithm amplifies trustworthy news content on social media without shielding bias (USouthFlorida) Two arrested for alleged conspiracy to launder $4.5B in stolen cryptocurrency (Justice.gov) Man wins big jackpot in Vegas, but doesn't know it. Gaming board tracked him down. (Gaming) DC Metro Did Not Intentionally Hide Faults In Railcars (Watchdog Annandale and VA Patch via Gabe Goldberg) Quantum Errors Made More Tolerable (ETH Zurich) Hertz claims thousands of renters steal cars. Customers argue they've been falsely accused. (WashPost) Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD) Their Bionic Eyes Are Now Obsolete and Unsupported (IEEE) Cryptocurrencies remain a gamble best avoided (Nikkei Asia) Re: Fiber cut takes out cell service to a large portion of SW Colorado (Andrew Duane0 Re: Teslas rolling through stop signs (Robert Wilson0 Re: Ancient Programming Language Is Way More Common Than We Thought (Amos Shapir) Re: A crypto breakthrough? Western states consider taking digital currency (Amos Shapir) Re: The New York Times Buys Wordle (Amos Shapir) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 9 Feb 2022 23:39:36 -0500 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Solar Storm Destroys 40 New SpaceX Satellites in Orbit (NYTimes) Solar Storm Destroys 40 New SpaceX Satellites in Orbit Location, location, location... https://www.nytimes.com/2022/02/09/science/spacex-satellites-storm.html ------------------------------ Date: Mon, 7 Feb 2022 12:44:34 -1000 From: geoff goodfellow <geoff () iconia com> Subject: OneWeb founder plans to launch 100,000 satellites in space comeback (On) Greg Wyler says E-Space's vast mesh network will clean up debris and bring it back to earth Greg Wyler, the space entrepreneur who founded Britain's OneWeb, plans to put up to 100,000 satellites in orbit this decade with his latest business venture E-Space. The company on Monday said it had raised $50mn in seed funding from Prime Movers Lab, a fund that invests in breakthrough scientific start-ups. E-Space aims to create a vast mesh network of small satellites that can deliver bespoke and commercial services to business and government, from secure communications to remote infrastructure management. Wyler's plans come as the world becomes increasingly concerned about the risk of collisions in orbit and resulting space debris. Since 2019 the number of working satellites has risen 50% to roughly 5,000, largely because new commercial groups are exploiting lower launch costs to build businesses in low-earth orbit, 150km-200km above the earth. Elon Musk aims to launch some 40,000 satellites for his Starlink Internet service. The European Space Agency estimates 330m pieces of debris less than 1cm across and 36,500 greater than 10cm are orbiting the planet. This poses a serious risk to operational satellites. A fleck of paint just a few thousandths of a millimetre across cracked the window of the International Space Station in 2016. Wyler insisted E-Space will leave low-earth orbit cleaner than before its satellites are launched, with a network that will collect and deorbit debris even as it provides connectivity services. The satellites have a substantially smaller cross section than rivals, Wyler told the Financial Times, and will be designed to crumple rather than break apart when struck. They will also entrain any debris they encounter and automatically de[-]orbit when a certain amount has been collected. ``Like oysters in the river that filter the river and clean it, our satellites are the first to be designed to clean space. The more satellites we have, the cleaner space will be.'' Anton Brevde, partner at Prime Movers Lab and on the board of E-Space, suggested Wyler's innovative design would do for satellites what Apple's iPhone did for mobile phones. ``How do you minimise a 300kg sat to something that is an order of magnitude smaller? How do you go from the personal computer to the iPhone, something that is smaller and thinner. It's a whole bunch of innovation that came together. He has been brainstorming for years on how to make communications satellites as small and cheap as possible.'' Wyler is one of the space industry's best-known innovators, having founded the 03b network now owned by Luxembourg's SES and then OneWeb, a pioneer of low-earth orbit Internet services. [...] https://on.ft.com/3J1ErJo ------------------------------ Date: Thu, 10 Feb 2022 03:56:42 +0000 From: "mike smith" <mike1234z () hotmail com> Subject: Some Mazda cars stuck on a Seattle Station due to bad meta-data broadcast (Yahoo) Listeners owning certain Mazda models in Seattle who happened to tune into KUOW are now stuck on that station if their info system is even working. According to https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html [https://s.yimg.com/uu/api/res/1.2/riQzg7XJI5LGVJRNZnRwtw--~B/aD01MTI7dz03Njg7YXBwaWQ9eXRhY2h5b24-/https://media.zenfs.com/en/afp.com/6211cba131374a417c52e2b479344723]<https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html> US Mazda drivers stuck listening to public news radio<https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html> Mazda drivers in one part of the United States have found themselves stuck listening to public radio after their car's entertainment system got jammed on one frequency. Dozens of owners of the vehicles in the Seattle area are unable to change the channel from 94.9 FM, while others are doomed to ... news.yahoo.com Dozens of owners of the vehicles in the Seattle area are unable to change the channel from 94.9 FM, while others are doomed to watch their multimedia screens endlessly -- and fruitlessly -- reboot. Mazda says the problem seems to have stemmed from a broadcast by the station, which normally includes extra data that today's sophisticated digital radios use to display information like an artist's name or track title. "Between January 24 and 31, a radio station in the Seattle area sent image files with no extension," the company told tech website Geekwire. An expert interviewed by the Seattle Times said the on-board computer should have ignored the unknown file extension, but instead tried to open it, sending the whole system into meltdown. ------------------------------ Date: Mon, 7 Feb 2022 09:52:28 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Serious Warning Issued For A Billion Apple iPhone Users (Forbes) The biggest hack in iPhone history <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> is now public knowledge with reports of the horrific attacks <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> it made on individuals. And now the one billion-strong <https://www.theverge.com/2021/1/27/22253162/iphone-users-total-number-billion-apple-tim-cook-q1-2021> iPhone user base has been told it was not alone. A shocking new report from Reuters <https://www.reuters.com/technology/exclusive-iphone-flaw-exploited-by-second-israeli-spy-firm-sources-2022-02-03/> has revealed a secretive company called QuaDream which has been hacking iPhones for more than five years, granting access to users' microphones, cameras (front and back) and monitoring calls in real time. Reuters says that QuaDream's flagship product was called ‘REIGN’ and the company sold its hacks to the highest bidder. REIGN could take remote control of any iPhone without the users' knowledge. It would then access emails, photos, texts, contacts and instant messages — even from end-to-end encrypted services like WhatsApp, Telegram and Signal. The discovery mimics that of Israeli cyberarms firm NSO Group and its Pegasus software <https://en.wikipedia.org/wiki/Pegasus_(spyware)> -- which had been successfully hacking iPhones since 2016 until it was exposed last year in news that sent shockwaves around the world. [...] <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> https://www.forbes.com/sites/gordonkelly/2022/02/06/apple-iphone-security-quadream-reign-warning-new-iphone-hack/?sh=2e07f4e460ee [Jan Wolitzky noted this item: Israel to Investigate Domestic Use of Pegasus Spyware as Scrutiny Hits Home The decision reflected rising concerns about the domestic use of spyware made by NSO Group, based in Israel, which has long been a target of criticism abroad. https://www.nytimes.com/2022/02/07/world/middleeast/israel-pegasus-spyware.html PGN] ------------------------------ Date: Tue, 8 Feb 2022 08:44:00 -0500 From: "Jan Wolitzky" <jan.wolitzky () gmail com> Subject: As Automakers Add Technology to Cars, Software Bugs Follow (NYIimes) Faulty computer systems are prompting class-action lawsuits by disgruntled car owners, a symptom of automakers’ bumpy transition to the digital age. <https://www.nytimes.com/2022/02/08/business/car-software-lawsuits.html> ------------------------------ Date: Mon, 7 Feb 2022 15:27:05 -0500 From: "Jan Wolitzky" <jan.wolitzky () gmail com> Subject: Chip errors are becoming more common and harder to track down (NYIimes) In the past year, researchers at both Facebook and Google have published studies describing computer hardware failures whose causes have not been easy to identify. The problem, they argued, was not in the software -- it was somewhere in the computer hardware made by various companies. ``They're seeing these silent errors, essentially coming from the underlying hardware,'' said Subhasish Mitra, a Stanford University electrical engineer. who specializes in testing computer hardware. Increasingly, Dr. Mitra said, people believe that manufacturing defects are tied to these so-called silent errors that cannot be easily caught. <https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html> ------------------------------ Date: Mon, 14 Feb 2022 12:00:23 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: EU Chip Production Plan Aims to Ease Dependency on Asia (AP) Raf Casert, Associated Press, 8 Feb 2022, via ACM TechNews, Monday, February 14, 2022 The EU has announced a $48-billion plan to curtail its reliance on semiconductors as part of its Chips Act. European Commission president Ursula von der Leyen said the plan will integrate research, design, and testing, and coordinate European and national investment in chip production capabilities. The Chips Act will combine public and private funds, and accommodate state aid to launch the investments. Von der Leyen aspires to grow the bloc's share of the global semiconductor market from 9% to 20% by 2030, which "means basically quadrupling our efforts," given the sector is projected to double over that period. She said the plan will infuse another $17 billion in public and private investment into funds already pledged in the EU budget. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e07fx23167cx073842& ------------------------------ Date: Wed, 2 Feb 2022 09:27:23 -1000 From: geoff goodfellow <geoff () iconia com> Subject: 107 drivers recently complained about their Teslas making random, jolting stops (Protocol.com) The so-called *phantom braking* increased after Tesla both made a software update and stopped using radar sensors in October. Some Tesla drivers say they're experiencing an increase in "phantom braking," in which their cars make random, jolting stops because they misinterpret hazards like trash on the road, trucks in nearby lanes and oncoming traffic on two-lane roads. 107 Tesla drivers have filed complaints with the National Highway Traffic Safety Administration in the past three months, according to federal data reviewed by The Washington Post <https://www.washingtonpost.com/technology/2022/02/02/tesla-phantom-braking/>. Only 34 complaints had been filed in the preceding 22 months. [...] https://www.protocol.com/bulletins/tesla-phantom-braking ------------------------------ Date: Wed, 16 Feb 2022 07:39:09 +0000 From: David Lamkin <drl () shelford org> Subject: Lessons from Post Office scandal: "computer-says-no culture runs the world" (The Guardian) As the Public Enquiry into the long running British Post Office computer scandal limps into life, this article from *The Guardian* expresses the way that 'technology is deferred to' in our world. <https://www.theguardian.com/commentisfree/2022/feb/15/post-office-scandal-workers-computer-system> <https://www.private-eye.co.uk/special-reports/justice-lost-in-the-post> for a refresher This won't come as a surprise to RISKS readers, but it is worth noting how this outrageous situation drags on. ------------------------------ Date: Wed, 16 Feb 2022 16:53:28 -0800 From: Adam Wildavsky <adam () tameware com> Subject: The most widespread miscarriage of justice in British legal history The British Post Office Horizon Scandal was covered in RISKS-31.22,23,51: Per the BBC, "The wrongful convictions of hundreds of sub-postmasters and mistresses will be examined by a public inquiry starting on Monday (Feb 21, 2022.)" https://www.bbc.com/news/business-60369875 Wikipedia's coverage seems thorough: https://en.wikipedia.org/wiki/British_Post_Office_scandal I've seen no mention of whether Horizon employed double-entry accounting. I suspect that it did not - such a feature would have made these so-called "glitches" difficult to perpetrate and easy to spot. ------------------------------ Date: Mon, 14 Feb 2022 08:40:45 -0500 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Really big electric power refund (BBC) https://www.bbc.com/news/uk-england-tyne-60369098 Northern Powergrid sent 74 refund checks to customers who lost power during a storm for several trillion pounds (each). No indication if any of them tried to cash the checks. The company is voiding them (!) and resending the correct amounts. I find two interesting things about this: 1. Lack of sanity checking -- I would think that there would be a human in the loop for such things (e.g., a customer check above 1000 pounds or whatever a rational number is). 2. The software was obviously built for a large number - not only could it print the numerical value on the check, but it also successfully translates the number to the words "two trillion three hundred twenty four billion ...". Was such number-to-word technology built for hyperinflationary systems (e.g., Zimbabwe from a few decades ago)? If not, why would it even have the word "trillion" in its vocabulary? ------------------------------ Date: Tue, 15 Feb 2022 08:06:37 +0800 From: Richard Stein <rmstein () ieee org> Subject: Humans Find AI-Generated Faces More Trustworthy Than the Real Thing (Scientific American) https://www.scientificamerican.com/article/humans-find-ai-generated-faces-more-trustworthy-than-the-real-thing/ "The startling realism has implications for malevolent uses of the technology: its potential weaponization in disinformation campaigns for political or other gain, the creation of false porn for blackmail, and any number of intricate manipulations for novel forms of abuse and fraud. Developing countermeasures to identify deepfakes has turned into an 'arms race' between security sleuths on one side and cybercriminals and cyberwarfare operatives on the other." Deepfaked content reaffirms human susceptibility to truth default interpretation (https://en.wikipedia.org/wiki/Truth-default_theory). The human psyche is easily and quickly hooked into believing a whole-cloth tale as fact. Without verifiable evidence to support or justify a claim, fiction evolves into popular wisdom that erroneously distorts judgment and erodes commonsense. An age-old problem: Discriminating fact from fiction. [Everyone is entitled to his own opinion, but not to his own facts.] (https://www.goodreads.com/author/quotes/219349.Daniel_Patrick_Moynihan) ------------------------------ Date: Wed, 2 Feb 2022 12:18:52 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: True Story? Lie-Detection Systems Go High-Tech (BBC) Natalie Lisbona, BBC News, 31 Jan 2022, via ACM TechNews, 2 Feb 2022 A new method of lie detection developed by researchers at Israel's Tel Aviv University uses electrodes affixed to the face to determine whether someone is lying. The researchers said their software and algorithm, which can detect 73% of lies, have uncovered two types of liars: those who move their eyebrows involuntarily when lying, and those who are unable to conceal a slight movement where their lips meet their cheeks when lying. Converus' EyeDetect system detects lies based on involuntary eye movements, as detected by eye-tracking software. More than 65 U.S. law enforcement agencies and close to 100 agencies worldwide use EyeDetect, which claims to be 86% to 88% accurate. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dee3x2310a9x072807& ------------------------------ Date: Mon, 7 Feb 2022 10:17:08 -0800 From: Richard Stein <rmstein () ieee org> Subject: Tiny Chips, Big Headaches (NYTimes) https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html "Until now, computer designers have tried to deal with hardware flaws by adding to special circuits in chips that correct errors. The circuits automatically detect and correct bad data. It was once considered an exceedingly rare problem. But several years ago, Google production teams began to report errors that were maddeningly difficult to diagnose. Calculation errors would happen intermittently and were difficult to reproduce, according to their report. "A team of researchers attempted to track down the problem, and last year they published their findings. They concluded that the company's vast data centers, composed of computer systems based upon millions of processor “cores,” were experiencing new errors that were probably a combination of a couple of factors: smaller transistors that were nearing physical limits and inadequate testing. "In their paper, Cores That Don't Count, the Google researchers noted that the problem was challenging enough that they had already dedicated the equivalent of several decades of engineering time to solving it. Computer hardware errors, since the days of vacuum tubes, have always been problematic and inconvenient. Multi-core CPUs elevate failure likelihood -- non-deterministic stimulus conditions tip a spontaneous bit flip undetected by hardware correction mechanism. These 'silent; corrupt execution errors, or CEEs' from "Core That Don't Count" via https://dl.acm.org/doi/10.1145/3458336.3465297 . The essay states, "Because CEEs may be correlated with specific execution units within a core, they expose us to large risks appearing suddenly and unpredictably for several reasons, including seemingly-minor software changes." CEEs are frightening in that their silent and random materialization may compromise medical imaging systems, business transactions, document content, election tallies, transportation system operation, or initiate unauthorized weapon deployment, etc. Casualties and public chaos might arise without an easily traceable root cause. Semiconductor manufacturer's product license terms of service invoke indemnification to shield them against product liability. They need this "air cover" more than ever. ------------------------------ Date: Sun, 13 Feb 2022 02:13:47 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info (WiReD) The attackers exploited a known vulnerability and installed credit card skimmers on more than 500 websites. https://www.wired.com/story/hackers-stole-payment-info-from-websites/ ------------------------------ Date: Tue, 15 Feb 2022 10:27:49 -0500 From: "George Mannes" <gmannes () gmail com> Subject: IRA accounts drained of $36 million in cryptocurrency (Coindesk) https://www.coindesk.com/business/2022/02/14/drained-crypto-accounts-at-ira-financial-leave-victims-searching-for-answers/ Drained Crypto Accounts at IRA Financial Leave Victims Searching for Answers Danny Nelson They joined IRA Financial Trust eager to build a nest egg in crypto. Instead, some users told CoinDesk their retirement accounts were drained, frozen and locked -- with little explanation of what happens next. It's been nearly one week since an apparent security breach threw IRA Financial's clients into crisis mode. With $36 million of their retirement savings in limbo and no full explanation from either IRA Financial or Gemini -- the crypto exchange owned by the Winklevoss twins, Cameron and Tyler, and custodian where their crypto was held pp they've begun organizing a response to crypto's latest hack. [,,,] The incident is one of the first high-profile exploits to hit crypto retirement accounts in the U.S. Appealing to tax-savvy bitcoiners, this cottage industry has for the past few years hawked products in partnership with top crypto brands. ....``Almost my entire Roth that I've had for over 20 years was stolen,'' said one victim who had invested much of it in bitcoin and ether. Two other victims said they were locked out of their accounts; they can’t even see the damage. The full theft is likely well under $50 million, according to a source familiar with the situation. Gemini's emails to customers provide a somewhat clearer picture of what went down. ``Although our investigation remains ongoing, the facts discovered to date indicate that transfer requests were made by utilizing properly authenticated accounts controlled by IRA Financial Group, which were used to execute asset transfers to another account, At the time, these requests complied with IRA's approval processes and appeared to Gemini to be legitimate, authorized transactions. To date, our investigation has found no indication of any unauthorized access to your account resulting from any security failure or breach of Gemini systems.'' This finding would place the blame entirely on IRA Financial. It would also, in Gemini’s telling, absolve it of any responsibility to cover the loss with its own insurance policy. Gemini advised the customer to ask IRA Financial about its insurance policy... ------------------------------ Date: Sat, 12 Feb 2022 17:42:50 -0500 From: "Gabe Goldberg" <gabe () gabegold com> Subject: IRS backlog hits nearly 24 million returns, further imperiling the 2022 tax filing season (WashPost) The inventory of unprocessed returns and related correspondence was provided by the IRS's taxpayer advocate service to the tax-writing committees in Congress. The Treasury Department, the IRS's parent agency, warned in January that it expected its response to be subpar this year. https://www.washingtonpost.com/politics/2022/02/11/irs-returns-backlog/ ------------------------------ Date: Mon, 7 Feb 2022 12:15:25 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: Algorithm amplifies trustworthy news content on social media without shielding bias (USouthFlorida) University of South Florida Newsroom, 3 Feb 2022, via ACM TechNews, 7 Feb 2022 Researchers at the University of South Florida (USF), Indiana University (IU), and Dartmouth College have developed a method for amplifying trustworthy news on social media. The researchers analyzed content amplified on newsfeeds by recommendation algorithms, targeting a source's reliability score and the political variegation of their audience. They devised an algorithm using data on Web traffic and the self-reported partisanship of 6,890 persons who reflect the sexual, racial, and political diversity of the U.S., and reviewed the reliability scores of 3,765 news sources based on the NewGuard Reliability Index. They found that adding a news audience's partisan diversity to the algorithm can boost the reliability of recommended sources while still supplying relevant recommendations, irrespective of partisanship. IU's Filippo Menczer said, "This is especially welcome news for social media platforms, especially since they have been reluctant of introducing changes to their algorithms for fear of criticism about partisan bias." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2df63x23132cx073950& ------------------------------ Date: Tue, 8 Feb 2022 09:52:00 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Two arrested for alleged conspiracy to launder $4.5B in stolen cryptocurrency (Justice.gov) https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency ------------------------------ Date: Sun, 6 Feb 2022 16:12:25 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Man wins big jackpot in Vegas, but doesn't know it. Gaming board tracked him down. (Gaming) Man wins almost a quarter million dollar jackpot in Vegas, but malfunction doesn't inform him. The gaming board spent weeks tracking him down back home in Arizona: https://gaming.nv.gov/modules/showdocument.aspx?documentid=18419 ------------------------------ Date: Wed, 9 Feb 2022 15:58:15 -0500 From: "Gabe Goldberg" <gabe () gabegold com> Subject: DC Metro Did Not Intentionally Hide Faults In Railcars (Watchdog Annandale and VA Patch) Geoffrey Cherrington, WMATA's inspector general, told the House Subcommittee on Government Operations during a hearing on Wednesday morning that a chief mechanical officer had discovered the two faults in the railcars. Rather than notifying his superiors, he instead chose to report it as a warranty issue. "Nevertheless, increased frequency of back-to-back failures year over year should have raised concerns beyond the chief mechanical officer," Cherrington said, in his opening remarks "WMATA managed defects as warranty claims, not as safety hazard or safety concerns. WMATA's warranty processes were disconnected from safety certification processes. During its initial investigation, NTSB discovered that WMATA was aware of 52 failures of 7000-series cars going back to 2017, which the transit provider failed to make public. https://patch.com/virginia/annandale/s/i3x7z/metro-did-not-intentionally-hide-faults-in-railcars-watchdog The problem? Train wheels moving in axles outside tolerances, risking/causing derailings. Safety related? Nah. ------------------------------ Date: Wed, 16 Feb 2022 12:28:06 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: Quantum Errors Made More Tolerable (ETH Zurich) Andreas Trabesinger, ETH Zurich (Switzerland), 11 Feb 2022 via ACM TechNews, 16 Feb 2022 Physicists at the Swiss Federal Institute of Technology, Zurich (ETH Zurich) have demonstrated the ability to extend the longevity of quantum states and expand tolerance of quantum errors, which are crucial to future quantum computing. The method accounts for limitations of physically realistic devices, and is relatively easy to deploy compared to other proposed error-correction schemes. The researchers employed a platform that encodes quantum information within the mechanical oscillator motion of a single trapped ion, in effect optimizing the generation and control of logical states of Gottesman-Kitaev-Preskill code for finite-energy states. The approach supported efficient correction of unwanted displacements in the oscillator's motion, and lengthened coherence time threefold. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e0c9x2317b1x073651& ------------------------------ Date: Sat, 12 Feb 2022 17:39:58 -0500 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Hertz claims thousands of renters steal cars. Customers argue they've been falsely accused. (WashPost) Hundreds of customers say they were arrested or served jail time after the rental car company reported them to police for stealing vehicles they had properly paid for. The problem sometimes arises when Hertz cannot find one of its cars in a physical parking lot or its computer system, Malofiy said. So, he said, the company reports the vehicle missing. https://www.washingtonpost.com/travel/2022/02/11/hertz-customers-car-theft/ ------------------------------ Date: Thu, 10 Feb 2022 15:43:42 -0500 From: "Gabe Goldberg" <gabe () gabegold com> Subject: Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD) Amazon's Dark Secret: It Has Failed to Protect Your Data Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant has handled your information less carefully than it handles your packages. https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/ ------------------------------ Date: Thu, 17 Feb 2022 10:33:04 -0700 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: Their Bionic Eyes Are Now Obsolete and Unsupported (IEEE) Eliza Strickland, Mark Harris, 15 Feb 2022 Yet in 2020, Byland had to find out secondhand that the company had abandoned the technology and was on the verge of going bankrupt. While his two-implant system is still working, he doesn't know how long that will be the case. "As long as nothing goes wrong, I'm fine," he says. "But if something does go wrong with it, well, I’m screwed. Because there's no way of getting it fixed." https://spectrum.ieee.org/bionic-eye-obsolete [Also noted by Chad Dougherty. PGN] ------------------------------ Date: Sat, 5 Feb 2022 09:20:47 +0900 From: Dave <farber () keio jp> Subject: Cryptocurrencies remain a gamble best avoided (Nikkei Asia) The recent meltdown in values for cryptocurrencies and related assets was entirely predictable and overdue. But that does not signal a great opportunity for you, or anyone with an ounce of common sense, to buy into this so-called market now or anytime in the foreseeable future. We are not investment advisers or lawyers. But we are familiar with technology, and, apparently unlike a lot of the speculators who see cryptocurrencies as an easy road to wealth, we have learned from the past. We have watched technology hype innumerable times. We have seen financial bubbles inflate and deflate. We have seen how con artists take advantage of bubble mentality. Again and again, we have seen riches for a relative few and losses for many. Cryptocurrencies such as Bitcoin have several things in common. One is their reliance on what is called the blockchain, a decentralized ledger that keeps track of all transactions. Although it has some problematic features, including big energy consumption, blockchain is a genuine innovation. With major financial institutions, not just startups, investing in cryptocurrency research and development, why are we so skeptical about the current state of affairs? Here are some of the reasons. First, in many jurisdictions, cryptocurrencies exist in a largely unregulated environment. To their promoters, that is a feature. To us, it is a bug. David J. Farber and Dan Gillmor https://asia.nikkei.com/Opinion/Cryptocurrencies-remain-a-gamble-best-avoided ------------------------------ Date: Tue, 15 Feb 2022 12:12:06 -0500 From: "Andrew Duane" <e91.waggin () gmail com> Subject: Re: Fiber cut takes out cell service to a large portion of SW Colorado (ouraynews) I work in this industry, and see fiber cuts all the time. A well designed network should have effectively zero impact from a fiber cut, as long as: 1) There is circuit redundancy properly designed, so other fibers can take over traffic (there are lots of protocols for managing this). 2) Those other fibers *AREN'T IN THE SAME CONDUIT*. It's surprising how many network providers spend a fortune to get #1 right and completely forget about #2. ------------------------------ Date: Wed, 9 Feb 2022 19:43:25 -0600 From: Robert Wilson <rlwilsonjr () charter net> Subject: Re: Teslas rolling through stop signs The response that says "police will ticket drivers for disregarding stop signs" must come from some idealized world, and certainly not one where I have lived (quite a few places). Where I am now (southern Wisconsin) drivers regularly roll through stop signs with no help from software. The saying that used to be "stop and go" has become "roll and stroll": I have frequently heard people say exactly that! The official response to accident rates is to lower speed limits (often without then enforcing them.) I can calculate kinetic energy and I know the danger of more serious injury in a high speed accident. But speed rarely is the actual cause of an accident involving two cars. Accidents almost always involve at least one vehicle being in the wrong place, not necessarily at a high speed. But we almost never see enforcement of laws about where a vehicle should be, e.g. which lane to be in. Once upon a time I had a competition license, given after classes and testing, and I wish that we required drivers to show more than how to parallel park. Maybe Tesla's programmers were basing their product on what they saw in the real world. ------------------------------ Date: Sat, 12 Feb 2022 12:40:30 +0200 From: "Amos Shapir" <amos083 () gmail com> Subject: Re: Ancient Programming Language Is Way More Common Than We Thought (RISKS-33.05) Something which had happened to a friend of mine highlights yet another risk of COBOL: He was employed as a COBOL programmer for a bank in London. One day he was called by his boss: "I've heard that you know Hebrew. We have a project for you -- in Brazil!". It turned out that the bank's Brazilian branch had employed an Israeli programmer who had left, and no one was able to decipher his code. Since COBOL contains about 300 reserved words, programmers have to be careful not to step on one; this programmer's solution was to name all his variables with Hebrew words... ------------------------------ Date: Sat, 12 Feb 2022 12:43:28 +0200 From: "Amos Shapir" <amos083 () gmail com> Subject: Re: A crypto breakthrough? Western states consider taking digital currency (RISKS-33.05) In the same issue of the Risks digest, there is another headline: "$325 Million Vanishes From Crypto Platform Wormhole After Apparent Hack". As they say in court dramas: I rest my case. ------------------------------ Date: Sat, 12 Feb 2022 12:51:55 +0200 From: "Amos Shapir" <amos083 () gmail com> Subject: Re: The New York Times Buys Wordle (RISKS-33.05) Calling these saboteurs "malicious hackers" is an insult to hackers... It doesn't take more than a control-U and another click, to get into the full list of plain text words, in order of appearance. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.06 ************************
Current thread:
- Risks Digest 33.06 RISKS List Owner (Feb 18)