RISKS Forum mailing list archives
Risks Digest 31.77
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 1 May 2020 10:58:55 PDT
RISKS-LIST: Risks-Forum Digest 1 May 2020 Volume 31 : Issue 77 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.77> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Red-Flagging Misinformation Could Slow the Spread of Fake News on Social Media (NYU) Statistics and protection (Rob Slade) Trust in experts has increased quite substantially over the last (geoff goodfellow) Footstep Sensors Identify People by Gait (Scientific American) How AI Steered Doctors Toward Possible Coronavirus Treatment (Cade Metz) States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo (NYTimes) Would you have fallen for this phone scam? (Krebs via geoff) Re: Online voting is too vulnerable (3daygoaty) Re: After prolonged service outage, Petnet shuts down (Martin Ward) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 1 May 2020 12:08:33 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Red-Flagging Misinformation Could Slow the Spread of Fake News on Social Media (NYU) NYU Tandon School of Engineering, 27 Apr 2020, via ACM TechNews, 1 May 2020 Researchers at the New York University Tandon School of Engineering found that pairing headlines with credibility alerts from fact-checkers, the public, news media, and artificial intelligence (AI) programs can reduce people's intention to share fake news. While the effectiveness of these alerts varies with political orientation and gender, official fact-checking sources are overwhelmingly trusted. The team studied 1,500 individuals to measure the effectiveness among different groups of four "credibility indicators" displayed beneath headlines. The researchers found that Republicans and men are less likely to be influenced by any of the credibility indicators, and are more inclined to share fake news on social media. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecbx069835& ------------------------------ Date: Thu, 30 Apr 2020 10:50:39 -0700 From: Rob Slade <rmslade () shaw ca> Subject: Statistics and protection Remdesivir works against CoVID-19! https://lite.cnn.com/en/article/h_1a62255cc20919cda25d487543ad9118 Sort of. When it comes to trials of this kind, you have to look at the details, not just the headlines. This trial does appear to have good design, with randomization and a control group with a placebo. That's good. The results, as reported so far, are positive. That's good. For those who took the remdesivir, recovery time was shorter. That's good. But the recovery time was an average of 11 days, versus 15 days for the control group. That's not exactly earth-shaking. Also, we probably need to look at the definition of "recovery," and, particularly, look at long term effects like ongoing respiratory and neurological problems that have been reported in some "recovered" patients. j For those who took the remdesivir, mortality was lower. That's good. But the mortality was still 8% for those on remdesivir versus 11.6% for those on placebo. Again, not a result that you want to rely on when people start thinking "oh, there *is* a treatment, so I don't have to worry as much about getting infected!" ------------------------------ Date: Thu, 30 Apr 2020 01:12:00 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Trust in experts has increased quite substantially over the last years ``84% of the British population trust scientists to tell the truth. This is up from 64% back in 1997. All others listed here (except priests)= are also trusted more than in the past. https://twitter.com/MaxCRoser/status/1254697157275287552 ------------------------------ Date: Fri, 1 May 2020 10:34:42 +0800 From: Richard Stein <rmstein () ieee org> Subject: Footstep Sensors Identify People by Gait (Scientific American) https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/ In the future, AI-trained gait detector networks can be used to identify chronic diseases like muscular dystrophy. "Fighting the noise is the biggest challenge we have." A gait detector network installed at Fred Astaire Dance School during a waltz? There's bound to be a few missteps. https://catless.ncl.ac.uk/Risks/27/44#subj5.1 identifies false alarms and alarm fatigue attributed to earthquake and building sensor networks in Japan. [How about people in wheelchairs? on tip-toes? sneaking? ... BTW, We already have gate detectors, as in this old dialog: Hark, sire, a stranger waits without the gate. Well, give him the gate. PGN] ------------------------------ Date: Fri, 1 May 2020 12:08:33 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: How AI Steered Doctors Toward Possible Coronavirus Treatment (Cade Metz) Cade Metz, *The New York Times*, 30 Apr 2020, via ACM TechNews, 1 May 2020 In January, researchers at U.K.-based artificial intelligence (AI) startup BenevolentAI mined scientific literature about the coronavirus to uncover a potential treatment within two days. BenevolentAI's technology can pinpoint information buried in massive volumes for the design of new drugs, using universal language models that teach themselves to understand written and spoken language by analyzing digital text. The company's engineers employed automated language tools to generate an interconnected database of biological processes related to the coronavirus, then BenevolentAI's Peter Richardson applied additional tools to browse the findings. He plotted out linkages between human genes and the biological processes affected by the virus, and identified two particular genes. Using a digital flow chart to outline how current medications targeted these genes, the researchers identified the anti-inflammatory drug baricitinib as a possible treatment that may block the coronavirus from entering cells; the drug is being prepared for clinical testing. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecax069835& ------------------------------ Date: Fri, 1 May 2020 10:52:40 +0800 From: Richard Stein <rmstein () ieee org> Subject: States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo (NYTimes) https://www.nytimes.com/2020/04/30/upshot/unemployment-state-restrictions-pandemic.html '"In a time when pretty much everybody who's applying should be eligible, we're working with a system that got us to a 26 percent recipiency rate," said Steve Gray, the director of Michigan's Unemployment Insurance Agency. That means Michigan was giving aid to one in four unemployed workers in 2019, following restrictions adopted by the Michigan legislature after the Great Recession. That system, Mr. Gray said, was "built to assume that you're guilty and make you prove that you're innocent."' Risk: Change management agility and governance resilience planning to accommodate emergencies. [On this item, Monty Solomon noted Systems that were devised to treat each case as potentially fraudulent are now rushing to deal with millions of newly unemployed people. PGN] ------------------------------ Date: Thu, 30 Apr 2020 01:11:00 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Would you have fallen for this phone scam? You may have heard that today's phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn't know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account -- data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft. Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bank's real phone number, but they were also pretending to be him in a separate call at the same time with his bank. https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/ This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him). Shortly after that story ran, I heard from another reader -- we'll call him Jim since he didn't want his real name used for this story -- whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bank's own automated phone system just by spoofing her phone number. [...] https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-sc= am/ ------------------------------ Date: Thu, 30 Apr 2020 12:16:01 +1000 From: "3daygoaty ." <threedaygoaty () gmail com> Subject: Re: Online voting is too vulnerable (Economist, RISKS-31.76) I think the difficulty with online voting can be illustrated in one particular use case. If bright sparks can solve this, we would be a lot closer. They can't, and we aren't. As an older, non-English speaking person who does not have great fluency in computer use, I want to use the iPhone my son has given me so I can vote online. Since I understand there are risks in voting this way, I want the phone to let me confirm my vote was recorded as I intended it. I would like this to be a simple task I can complete after voting, but the result of this task needs to prove to me definitely that my vote *did not make it*, if this is indeed the case. In other words, it has to be "impossible" to subvert the mechanism that verifies recorded-as-cast, and only the voter can do this test, without prior training, easily, non-optionally. When this test fails, the user needs to understand, and then take some course of action (and not to a fake call centre). I include non-English speaking because of the inherent biases in election and technology design. I could have included users with barriers and impairments to paper voting since these electors are typically the guinea pigs for I-voting. The military being young, technically literate, able bodied, and English speakers are at the opposite spectrum in terms of capability. A much easier use case. Of course many other use cases define the vote making it safely into reported results, only the right people voting, only voting once, privacy, and so on. But I think understanding the above use case is understanding the challenge of I-voting. Good luck with that! TDG ------------------------------ Date: Fri, 1 May 2020 12:34:31 +0100 From: Martin Ward <martin () gkc org uk> Subject: Re: After prolonged service outage, Petnet shuts down (RISKS-31.75) "A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable" (Leslie Lamport). We can update this to: "The Internet of Things is a system in which the failure of a computer you didn't even know existed can render your own things unusable" ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.77 ************************
Current thread:
- Risks Digest 31.77 RISKS List Owner (May 05)