RISKS Forum mailing list archives
Risks Digest 29.50
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 3 May 2016 15:12:40 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 3 May 2016 Volume 29 : Issue 50 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/29.50.html> [But NOT YET...] The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Scary wifi SSID clears Qantas plane (The Telegraph via Henry Baker) Snowden on encryption: Without it everything stops! (Slashdot) RNC eschews use of electronic voting at their convention (Politico) Dilbert and voting machines (Donald B. Wagner) 20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption (Motherboard) FBI granted federal court warrant forcing suspect to unlock iPhone using Touch ID (Ben Lovejoy) Risks of doing live TV without the most recent Windows upgrade (YouTube via David Tarabar) The last non-Internet Generation (Paul Robinson) Autonomous cat-killer robot (Mark Thorson) Re: If Emoji Are the Future of Communication Then We're Screwed (Gene Wirchenko) Abridged info on RISKS (comp.risks) [SEE TEMPORARY NOTE on catless] ---------------------------------------------------------------------- Date: Mon, 02 May 2016 16:44:29 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Scary wifi SSID clears Qantas plane FYI -- Qantas flight QF481 is an Airbus A330-200. Just wondering if SSID's like 'Airbus A330 Navigation' or 'Airbus A330 Maintenance' would have cleared the plane; they certainly would have scared me a lot more. http://www.telegraph.co.uk/news/2016/05/02/wi-fi-hotspot-named-detonation-device-causes-bomb-scare-at-melbo/ Wi-Fi hotspot named 'detonation device' causes bomb scare at Melbourne airport The Qantas flight was due to fly to Perth Jonathan Pearlman, *The Telegraph*, Sydney, 2 May 2016 A poorly-named Wi-Fi hotspot sparked a security scare on a Qantas flight and prompted about 50 terrified passengers to refuse to fly. The hotspot name -- Mobile Detonation Device -- was spotted by a female passenger who saw it on her phone's Wi-Fi menu before the plane left Melbourne airport. She alerted the crew who notified the pilot and security officials. Passengers aboard the flight said the pilot asked the person responsible for the Wi-Fi name to come forward but no one did. The passengers were then asked to leave the plane, which was due to fly to Perth. Security officials checked the plane but were unable to find a threat and cleared the flight to leave. "The pilot said a particular passenger had gone to log on and a hotspot name has come up with one which was a scare to Qantas and passengers," a passenger told Channel Seven. "The pilot made us aware and said they were going to take proper security precautions... After half an hour no one came forward, the Wi-Fi covered a fair distance so [it] could have been someone in the terminal." Qantas offered to transfer concerned passengers to alternative flights. An estimated fifty passengers -- about half of those on board -- opted to take a different flight. Qantas said there had been no risk to the flight, which was delayed by two hours. "Some passengers elected not to travel so there was a delay as bags were taken off and those passengers disembarked," said a Qantas spokesperson. The passenger said he believed the scare was caused by "some immature person, possibly in the terminal". ------------------------------ Date: Mon, 2 May 2016 14:51:38 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Snowden on encryption: Without it everything stops! https://yro.slashdot.org/story/16/05/02/1755200/without-encryption-everything-stops-says-snowden ------------------------------ Date: Mon, 2 May 2016 12:59:13 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: RNC eschews use of electronic voting at their convention (Politico) Politico, 2 May 2016 SECURITY FEARS EQUAL PAPER BALLOTS: The Republican National Convention is shunning electronic voting, because: cybersecurity. And other things. "Senior party officials - worried about hacking and Internet reliability in the overcrowded Cleveland arena and eager to preserve the live television drama surrounding a drawn-out roll call - are ruling out a change to convention bylaws that would allow for electronic voting on the ballots to select the GOP's presidential and vice presidential nominees," POLITICO's Darren Samuelsohn reports. On the cybersecurity side of it specifically, Indiana RNC member John Hammond said about the possibility of an attack: "You certainly wouldn't want it to happen under those circumstances when the entire world is watching." <http://go.politicoemail.com/?qs=db12ef29fba0aff9aff27d9b4eefc021b7057b09faf1a9899d0e36cebbf7e5de> ------------------------------ Date: Sun, 1 May 2016 09:25:24 +0200 From: "Donald B. Wagner" <zapkatakonk1943.6.22 () gmail com> Subject: Dilbert and voting machines http://dilbert.com/strip/2016-05-01 ------------------------------ Date: Mon, 2 May 2016 19:54:06 -0400 From: "Dave Farber" <farber () gmail com> Subject: 20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption (Motherboard) https://motherboard.vice.com/read/senator-patrick-leahy-pgp-encryption-letter-20-years In 2016 some senators are trying to limit encryption, the technology that keeps your messages and personal data safe from prying eyes, with a bill that's so bad, one expert called it the most "ludicrous, dangerous, technically illiterate tech policy proposal of the 21st century." Two decades ago, some senators were fighting to make encryption more widespread. As part of that fight, which some call the first Crypto War, Sen. Patrick Leahy (D-VT) decided to make a statement about the importance of crypto by using it himself. .... ------------------------------ Date: May 2, 2016 at 4:25:30 PM EDT From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: FBI granted federal court warrant forcing suspect to unlock iPhone using Touch ID (Ben Lovejoy) Ben Lovejoy, 9to5mac.com For the first time in a federal case, a suspect has been ordered to use her fingerprint to unlock her iPhone using Touch ID. The LA Times reports that a federal judge signed a warrant allowing the FBI to compel a suspect in an identity theft case to to unlock the phone just 45 minutes after her arrest. Authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. In the Glendale case, the FBI wanted the fingerprint of Paytsar Bkhchadzhyan, a 29-year-old woman from L.A. with a string of criminal convictions who pleaded no contest to a felony count of identity theft. The warrant is consistent with a 2014 case where a Virginia District Court ruled that while passcodes are protected by the 5th Amendment right against self-incrimination, fingerprints are not. Legal experts, however, have differing views. [...] http://9to5mac.com/2016/05/02/federal-court-touch-id-fingerprint/ ------------------------------ Date: Mon, 2 May 2016 13:31:14 -0400 From: David Tarabar <dtarabar () acm org> Subject: Risks of doing live TV without the most recent Windows upgrade During a live TV weather report, the map display was obscured by a dialog box saying that Microsoft recommended upgrading to Windows 10. See the video below. https://www.youtube.com/watch?v=VMPeTrHNX1U&feature=share ------------------------------ Date: Tue, 3 May 2016 01:09:43 +0000 (UTC) From: Paul Robinson <paul () paul-robinson us> Subject: The last non-Internet Generation This year effectively ends the last non-Internet generation. Every person born since 1995 has lived in a world where the Internet has always been generally available to almost everyone in the first world, and over about the last ten years, it's been fairly fast broadband. Think about this. Anyone born prior to 1995 has memories of a time when Internet access was not ubiquitous, was often unavailable in some areas or was very expensive, and in most cases was slow, and when I say slow, in 1988 the most common modem speed was still 2400 baud. That's 240 characters per second. When I first got into computers back in 1978, you had mainframes, which served lots of users but was expensive. Our computer at Orange Coast College in Costa Mesa, CA, served about 100 terminals on two campuses from three computers, and, as one of our professors told us, cost "a megabuck," that is, over a million 1978 dollars. And they weren't even all IBM, one was from Magnuson, the other from Amdahl but all ran IBM's OS/VS1 operating system and later VM hypervisor. The open source emulator Hercules can run that operating system in simulation on a PC probably faster than it ran on the original big iron. You also had minicomputers, Long Beach City College, Long Beach, CA had in its Math department a PDP-11/03 that had 56K of memory - and that is not a mistype, it had 56K, not 56 meg - had three CRT and one typewriter-style terminal, used two 256K 8" floppy disks, and cost $20,000. You probably have more capability now, in your hand, if you own an Android tablet or phone that costs about $50. So people born before about 1980 can remember when we didn't have quite powerful computers in our homes. And those who were at least teenagers in 1995 can remember when we didn't have Internet even if we did have a computer. But the kids that are just turning adults this year have no memory of a world without cell phones, computers and the Internet. The proliferation of apps for handheld computers, I think, has barely scratched the surface, and as near-universal wi-fi and connectivity become more common, I suspect we will see new developments that will change the world again. The availability of the PC starting in the early 1980s and the even less expensive availability in the late 1990s as well as what they became capable of doing for us, or allowing us to do with them, changed so many things in so many ways it's hard to believe how different this world is from say, 1987. Compare 1964 ro 1984 and the differences are not that significant. Color TV was crisper, microwave ovens and VCRs were around, but the way we interacted with people was similar to that of perhaps 10 years earlier (except phones were more common). Now look back on 1996 and now, cell phones are everywhere and cheap, most cell phones are actually computers, all have either local or carrier-provided Internet, and what we can do with systems rivals what required supercomputers twenty years ago, or might not even have been possible - like 3D printing of objects - and yet, again, we are just now entering a world where every child has lived in a country that has always had Internet connectivity. Now the only question is, will we have the ingenuity to use the power we have to do great accomplishments, or will we suffer from a lack of vision and foresight to think about new things and improvements? As the group Asia put it, "Only Time Will Tell." Paul Robinson <paul () paul-robinson us> - http://paul-robinson.us (My blog) ------------------------------ Date: Sat, 30 Apr 2016 23:47:34 -0700 From: Mark Thorson <eee () sonic net> Subject: Autonomous cat-killer robot Lindsay Marshall and the other cat-haters should be pleased by this development, currently undergoing testing in anticipation of widespread deployment. http://www.theguardian.com/environment/2016/apr/17/robots-lasers-poison-the-high-tech-bid-to-cull-wild-cats-in-the-outback ------------------------------ Date: Fri, 29 Apr 2016 21:38:42 -0700 From: Gene Wirchenko <genew () telus net> Subject: Re: If Emoji Are the Future of Communication Then We're Screwed (Ward, RISKS-29.49)
"There are (at least) two causes for the huge potential for miscommunication using emoji:"
I have a third: not being able to figure what is meant by the itty bitty
facial expression. I gave up *years* ago.
[BTW, catless is catless now because of a broken watermain. Many cats do
not like water? How could you miss such an excellent cheap shot? Maybe,
you think that catless and PiGeoNs do not belong together.]
[BTW, our friends at Newcastle will be attempting to reboot catless,
perhaps today. PGN]
------------------------------
Date: Tue, 3 May 2016 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks) [SEE TEMPORARY NOTE on catless]
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request () csl sri com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> OFFICIAL ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
XXX TEMPORARY NOTE: Existing RISKS subscribers served by the currently catless
XXX redistribution service will soon be automagically moved to the main SRI
XXX distribution, as soon as the catless server is reconstituted after its
XXX temporary demise. Normally,
XXX http://www.risks.org takes you to Lindsay Marshall's searchable archive at
XXX newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html --> VoLume, ISsue.
XXX Lindsay has also added to the Newcastle catless site a palmtop version
XXX of the most recent RISKS issue and a WAP version that works for many but
XXX not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 29.50
************************
Current thread:
- Risks Digest 29.50 RISKS List Owner (May 03)