RISKS Forum mailing list archives
Risks Digest 29.77
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 16 Sep 2016 14:25:13 PDT
RISKS-LIST: Risks-Forum Digest Friday 16 September 2016 Volume 29 : Issue 77 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/29.77> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Tesla fatal crash in Baarn, The Netherlands (Erling Kristiansen) Self-driving cars would cause 4.1 million jobs to disappear (PGN) Modern healthcare commentary on medical device security (Kevin Fu) Colin Powell, in Hacked Emails, Shows Scorn for Trump and Irritation at Clinton (NYTimes) After Colin Powell's Hacked Emails, am I Next? (Shear/Fandossept via Henry Baker) Russian Hackers Leak U.S. Star Athletes' Medical Information (NYTimes) New Documents Released From Hack of Democratic Party (NYTimes) Sowing Doubt Is Seen as Prime Danger in Hacking Voting System (NYTimes) Fire drill knocks ING bank's data centre offline (paul cornish) Data center crippled by loud noise (BBC via Mark Trumpler) Free Wi-Fi Kiosks Were to Aid New Yorkers. An Unsavory Side Has Spurred a Retreat (NYTimes) 'Command and Control': Common Errors, Nuclear Arms and Consequences (NYTimes via Monty Solomon) Bloomberg: This Loophole Ends the Privacy of SSNs (Gabe Goldberg) Re: Dangerous Galaxy Note 7 & AirAsia X flight from Sydney to Malaysia ends up in Melbourne (PGN) Re: PC without OS (Dimitri Maziuk) Re: How One GMO Nearly Took Down the Planet (Chris Drewe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 13 Sep 2016 10:21:06 +0200 From: Erling Kristiansen <erling.kristiansen () xs4all nl> Subject: Tesla fatal crash in Baarn, The Netherlands A Tesla model-S car crashed into a tree at high speed on 7 September in Baarn, The Netherlands, killing the driver. The impact caused parts of the battery to be scattered around, causing small fires that were difficult to extinguish. The car itself also caught fire after some time. The rescue team did not dare approach the wreckage for fear of electrocution. The driver was already dead (did the rescue workers know for sure?), but what if there had been survivors inside the wreck? Tesla stated within a day that telemetry showed that the speed at impact was 155 km/h (about 95 mph) and that the "autopilot" mode was not enabled. I want to make two points: 1. The battery of electric cars, not only Tesla's, presents a hazard in case of a violent accident that is only starting to be realized. In particular if the battery is severely damaged. 2. The fact that Tesla was able to provide detailed data from telemetry shows the extent to which they are following their cars. This should raise serious privacy concerns. And, of course, what guarantees are there that the manufacturer is telling the truth? If the car is somehow to blame, would they tell? [A little browsing turned up somewhat diverse reports. In any event, If the "autopilot" was not involved, this might reinforce Don Norman's argument that semi-automated cars are inherently dangerous, and that total automation is ultimately necessary. PGN] ------------------------------ Date: Fri, 16 Sep 2016 11:22:29 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Self-driving cars would cause 4.1 million jobs to disappear In a paper in which very large bold-faced article titles can sometimes take up as much space than the article, the front page of today's Palo Alto and Mid-Peninsula *Daily Post* has this squib in The Update section: SELF-DRIVING CARS: When the self-driving car revolution takes hold, 4.1 million jobs will disappear, according to Wolf Richter of the Wolf of Wall Street blog, citing government statistics. Among the jobs to go will be those of chauffeurs, truck drivers and bus drivers. He said the jobs will go away faster than society is prepared to deal with it. ------------------------------ Date: Wed, 14 Sep 2016 15:55:25 -0400 From: Kevin Fu <kevinfu () umich edu> Subject: Modern healthcare commentary on medical device security Commentary: Hospitals need better cybersecurity, not more fear http://www.modernhealthcare.com/article/20160914/NEWS/160919950/commentary-hospitals-need-better-cybersecurity-not-more-fear Kevin Fu, EECS Department, The U. of Mich. web.eecs.umich.edu/~kevinfu/ ------------------------------ Date: Thu, 15 Sep 2016 20:13:01 -0400 From: Monty Solomon <monty () roscom com> Subject: Colin Powell, in Hacked Emails, Shows Scorn for Trump and Irritation at Clinton The disclosures ripped away the diplomatic jargon and political niceties of a former secretary of state with a sober and thoughtful reputation. http://www.nytimes.com/2016/09/15/us/politics/colin-powell-emails-hack-donald-trump.html ------------------------------ Date: Fri, 16 Sep 2016 08:11:43 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: After Colin Powell's Hacked Emails, am I Next? What's good for the goose is good for the gander; what took YOU Congresspeople so long to wake up? "There but for the grace of God go all of us" "In Pakistan, politicians often agree to speak to reporters in person only after removing phone batteries" The good news: expect quick action on an email security bill without back doors. The bad news: expect an all-out attack on FOIA, which requires saving govt emails for all time. http://www.nytimes.com/2016/09/16/us/politics/email-hacking-colin-powell-congress.html Michael D. Shear and Nicholas Fandossept. *The New York Times*, 15 Sep 2016 Concern Over Colin Powell's Hacked Emails Becomes a Fear of Being Next A panicked network anchor went home and deleted his entire personal Gmail account. A Democratic senator began rethinking the virtues of a flip phone. And a former national security official gave silent thanks that he is now living on the West Coast. The digital queasiness has settled heavily on the nation's capital and its secretive political combatants this week as yet another victim, former Secretary of State Colin L. Powell, fell prey to the embarrassment of seeing his personal musings distributed on The Internet and highlighted in news reports. "There but for the grace of God go all of us," said Tommy Vietor, a former National Security Council spokesman for President Obama who now works in San Francisco. He said thinking about his own email exchanges in Washington made him cringe, even now. "Sometimes we're snarky, sometimes we are rude," Mr. Vietor said, recalling a few such moments during his time at the White House. "The volume of hacking is a moment we all have to do a little soul searching." The Powell hack, which may have been conducted by a group with ties to the Russian government, echoed the awkwardness of previous leaks of emails from Democratic National Committee officials and the C.I.A. director, John O. Brennan. The messages exposed this week revealed that Mr. Powell considered Donald J. Trump a "national disgrace," Hillary Clinton "greedy" and former Vice President Dick Cheney an "idiot." The latest hack could well spur a new rash of email deletions across the country as millions of people scan their sent mail for anything compromising, humiliating or career-destroying. It adds to the sense that everyone is vulnerable. The soul searching is happening with a special urgency in Washington, where email accounts burst with strategies, delicate political proposals, gossipy whispers and banal details of girlfriends, husbands, bank accounts and shopping lists. [Long item truncated for RISKS. PGN] ------------------------------ Date: Tue, 13 Sep 2016 22:12:58 -0400 From: Monty Solomon <monty () roscom com> Subject: Russian Hackers Leak U.S. Star Athletes' Medical Information Documents, published this week, showed Simone Biles and Serena and Venus Williams received exemptions to use banned drugs. http://www.nytimes.com/2016/09/14/sports/simone-biles-serena-venus-williams-russian-hackers-doping.html ------------------------------ Date: Thu, 15 Sep 2016 12:34:55 -0400 From: Monty Solomon <monty () roscom com> Subject: New Documents Released From Hack of Democratic Party New Documents Released From Hack of Democratic Party http://www.nytimes.com/2016/09/14/us/politics/dnc-hack.html A hacker known as Guccifer 2.0, who American officials believe has ties to Russia, released a second batch of documents purportedly stolen from the Democratic National Committee. ------------------------------ Date: Thu, 15 Sep 2016 12:34:48 -0400 From: Monty Solomon <monty () roscom com> Subject: Sowing Doubt Is Seen as Prime Danger in Hacking Voting System http://www.nytimes.com/2016/09/15/us/politics/sowing-doubt-is-seen-as-prime-danger-in-hacking-voting-system.html ------------------------------ Date: Tue, 13 Sep 2016 12:59:03 +0100 From: paul cornish <paul.a.cornish () googlemail com> Subject: Fire drill knocks ING bank's data centre offline Apparently the nozzles used in the fire suppression systems create sound with enough volume to damage hard disks! http://www.bbc.co.uk/news/technology-37337868 ------------------------------ Date: Mon, 12 Sep 2016 20:04:32 -0400 From: Mark Trumpler <mtrumpler () alum syracuse edu> Subject: Data center crippled by loud noise (BBC) The BBC reports that the test of a fire suppression system in the Romanian data center of ING caused many of its systems to fail, resulting in outages of ATM and other services. The root cause is thought to be the loud noise (about 130 dB) emitted by the high pressure gas discharge. http://www.bbc.com/news/technology-37337868 ------------------------------ Date: Fri, 16 Sep 2016 09:49:01 -0400 From: Monty Solomon <monty () roscom com> Subject: Free Wi-Fi Kiosks Were to Aid New Yorkers. An Unsavory Side Has Spurred a Retreat http://www.nytimes.com/2016/09/15/nyregion/internet-browsers-to-be-disabled-on-new-yorks-free-wi-fi-kiosks.html The operator is shutting off the Internet browsers because they have drawn people who linger for hours, sometimes drinking, using drugs or watching pornography. [Is this surprising? PGN] ------------------------------ Date: Tue, 13 Sep 2016 22:20:03 -0400 From: Monty Solomon <monty () roscom com> Subject: 'Command and Control': Common Errors, Nuclear Arms and Consequences The film documents a 1980 accident in a missile silo in Arkansas that showed just how vulnerable the nationâs most fearsome weapons can be. http://www.nytimes.com/2016/09/14/movies/review-command-and-control-common-errors-nuclear-arms-and-consequences.html ------------------------------ Date: Thu, 15 Sep 2016 22:24:06 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Bloomberg: This Loophole Ends the Privacy of SSNs [Bloomberg, 15 Sep 2016] Hold on tight to that number. Federal law is supposed to protect the privacy of your Social Security number from government inquiries -- but apparently that doesn't extend to a check on whether you've paid back taxes and child support. In a decision with worrying implications for those who oppose a single national identification number, a divided federal appeals court has rejected a lawyer's refusal to submit his Social Security number along with his renewal of Maryland bar membership. To read the entire article, go to http://bv.ms/2cLpZel Of course, Medicare numbers have for years been SSNs. Camouflaged wonderfully by addition of a tricky trailing letter. ------------------------------ Date: Fri, 16 Sep 2016 11:12:32 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Re: Dangerous Galaxy Note 7 & AirAsia X flight from Sydney to Malaysia ends up in Melbourne (RISKS-29.76) ,,, and U.S. safety regulators yesterday announced a formal recall of Samsung's Galaxy Note 7 smartphone after a spate of fires led to injuries and property damage ... [Here's why Samsung Note 7 phones are catching fire:] https://www.cnet.com/news/why-is-samsung-galaxy-note-7-exploding-overheating/ ------------------------------ Date: Mon, 12 Sep 2016 17:51:29 -0500 From: Dimitri Maziuk <dmaziuk () bmrb wisc edu> Subject: Re: PC without OS (Sayer, RISKS-29.76) When one looks up non sequitur, one should find
... PC makers have no obligation to offer you a machine without an OS, the European Union's highest court has ruled.
therefore
"Consumers have no right to buy a PC without an OS, European court rules"
------------------------------ Date: Mon, 12 Sep 2016 17:56:54 +0100 From: Chris Drewe <e767pmk () yahoo co uk> Subject: Re: How One GMO Nearly Took Down the Planet (Goldberg, RISKS-29.75) Difficult to disagree that GMOs are beyond the scope of RISKS, but I feel that how these things are debated is very relevant. Trouble is, people look in terms of safe vs. dangerous, good vs. bad, wrong vs. right, etc. when of course in real life it's risks vs. other risks, not quite safe vs. slight danger, and possible conflicts between safety requirements and other considerations.
Trade-offs are fine -- necessary to get anything done.
Absolutely... Big problem with contentious subjects like GMOs (banned in the EU anyway), nuclear power, hydraulic fracturing for shale gas & oil, and so forth is that the actual issues are swamped by hysteria and political posturing (and any publicity document which starts with "let's look at the facts" is pretty sure not to contain any facts...). One example: in the UK, trains have a good safety record, but on the rare occasions when something bad happens, there are demands to spend huge amounts of money on improving safety. The railways only have two sources of money, fares and subsidies from taxes, so spending more money on train safety either means more-expensive fares, which may mean people deciding to travel by road instead, putting themselves at a much greater risk, or the Government diverting money from other health/safety-related budgets. But of course road deaths are just one of those things, while train crashes are a crime against humanity. (Most rail-related deaths are trespassers and suicides which are effectively intentional so difficult for railway operators to prevent.) Another point worth debating is "profit before safety", as however much is spent on safety, it's always possible to spend more, but money is not unlimited. A commercial organisation has to make a profit or it goes bust, but also has to avoid a poor safety reputation or customers will go elsewhere, while prices must also be competitive to attract customers in the first place. A fine balancing act, and when something does go wrong it's easy to be wise after the event. At least commercial organisations do have to worry about their reputations, which Government monopolies don't. The relevance of all this to RISKS is that more and more safety-related systems are becoming software-controlled, as well as Internet-linked, thus interconnected and potentially hackable. ------------------------------ Date: Wed, 17 Aug 2016 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) <http://the.wiretapped.net/security/info/textfiles/risks-digest/> *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 29.77 ************************
Current thread:
- Risks Digest 29.77 RISKS List Owner (Sep 16)