RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 31.77

From: RISKS List Owner <risko () csl sri com>
Date: Fri, 1 May 2020 10:58:55 PDT
RISKS-LIST: Risks-Forum Digest  1 May 2020  Volume 31 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/31.77>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Red-Flagging Misinformation Could Slow the Spread of Fake News on
  Social Media (NYU)
Statistics and protection (Rob Slade)
Trust in experts has increased quite substantially over the last
  (geoff goodfellow)
Footstep Sensors Identify People by Gait (Scientific American)
How AI Steered Doctors Toward Possible Coronavirus Treatment (Cade Metz)
States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo
  (NYTimes)
Would you have fallen for this phone scam? (Krebs via geoff)
Re: Online voting is too vulnerable (3daygoaty)
Re: After prolonged service outage, Petnet shuts down (Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 1 May 2020 12:08:33 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: Red-Flagging Misinformation Could Slow the Spread of Fake News on
  Social Media (NYU)

NYU Tandon School of Engineering, 27 Apr 2020, via ACM TechNews, 1 May 2020

Researchers at the New York University Tandon School of Engineering found
that pairing headlines with credibility alerts from fact-checkers, the
public, news media, and artificial intelligence (AI) programs can reduce
people's intention to share fake news. While the effectiveness of these
alerts varies with political orientation and gender, official fact-checking
sources are overwhelmingly trusted. The team studied 1,500 individuals to
measure the effectiveness among different groups of four "credibility
indicators" displayed beneath headlines. The researchers found that
Republicans and men are less likely to be influenced by any of the
credibility indicators, and are more inclined to share fake news on social
media.
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecbx069835&;

------------------------------

Date: Thu, 30 Apr 2020 10:50:39 -0700
From: Rob Slade <rmslade () shaw ca>
Subject: Statistics and protection

Remdesivir works against CoVID-19!
https://lite.cnn.com/en/article/h_1a62255cc20919cda25d487543ad9118

Sort of.

When it comes to trials of this kind, you have to look at the details, not
just the headlines.  This trial does appear to have good design, with
randomization and a control group with a placebo.  That's good.

The results, as reported so far, are positive.  That's good.

For those who took the remdesivir, recovery time was shorter.  That's good.
But the recovery time was an average of 11 days, versus 15 days for the
control group.  That's not exactly earth-shaking.  Also, we probably need to
look at the definition of "recovery," and, particularly, look at long term
effects like ongoing respiratory and neurological problems that have been
reported in some "recovered" patients.
j
For those who took the remdesivir, mortality was lower.  That's good.  But
the mortality was still 8% for those on remdesivir versus 11.6% for those on
placebo.  Again, not a result that you want to rely on when people start
thinking "oh, there *is* a treatment, so I don't have to worry as much about
getting infected!"

------------------------------

Date: Thu, 30 Apr 2020 01:12:00 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Trust in experts has increased quite substantially over the last
  years

``84% of the British population trust scientists to tell the truth.  This is
up from 64% back in 1997.  All others listed here (except priests)= are also
trusted more than in the past.

https://twitter.com/MaxCRoser/status/1254697157275287552

------------------------------

Date: Fri, 1 May 2020 10:34:42 +0800
From: Richard Stein <rmstein () ieee org>
Subject: Footstep Sensors Identify People by Gait (Scientific American)

https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/

In the future, AI-trained gait detector networks can be used to identify
chronic diseases like muscular dystrophy. "Fighting the noise is the biggest
challenge we have."

A gait detector network installed at Fred Astaire Dance School during a
waltz? There's bound to be a few missteps.

https://catless.ncl.ac.uk/Risks/27/44#subj5.1 identifies false alarms and
alarm fatigue attributed to earthquake and building sensor networks in
Japan.

  [How about people in wheelchairs?  on tip-toes?  sneaking? ... BTW,
   We already have gate detectors, as in this old dialog:
     Hark, sire, a stranger waits without the gate.
     Well, give him the gate.
   PGN]

------------------------------

Date: Fri, 1 May 2020 12:08:33 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: How AI Steered Doctors Toward Possible Coronavirus Treatment
  (Cade Metz)

Cade Metz, *The New York Times*, 30 Apr 2020, via ACM TechNews, 1 May 2020

In January, researchers at U.K.-based artificial intelligence (AI) startup
BenevolentAI mined scientific literature about the coronavirus to uncover a
potential treatment within two days. BenevolentAI's technology can pinpoint
information buried in massive volumes for the design of new drugs, using
universal language models that teach themselves to understand written and
spoken language by analyzing digital text. The company's engineers employed
automated language tools to generate an interconnected database of
biological processes related to the coronavirus, then BenevolentAI's Peter
Richardson applied additional tools to browse the findings. He plotted out
linkages between human genes and the biological processes affected by the
virus, and identified two particular genes. Using a digital flow chart to
outline how current medications targeted these genes, the researchers
identified the anti-inflammatory drug baricitinib as a possible treatment
that may block the coronavirus from entering cells; the drug is being
prepared for clinical testing.
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecax069835&;

------------------------------

Date: Fri, 1 May 2020 10:52:40 +0800
From: Richard Stein <rmstein () ieee org>
Subject: States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo
  (NYTimes)

https://www.nytimes.com/2020/04/30/upshot/unemployment-state-restrictions-pandemic.html

'"In a time when pretty much everybody who's applying should be eligible,
we're working with a system that got us to a 26 percent recipiency rate,"
said Steve Gray, the director of Michigan's Unemployment Insurance
Agency. That means Michigan was giving aid to one in four unemployed workers
in 2019, following restrictions adopted by the Michigan legislature after
the Great Recession. That system, Mr. Gray said, was "built to assume that
you're guilty and make you prove that you're innocent."'

Risk: Change management agility and governance resilience planning to
accommodate emergencies.

  [On this item, Monty Solomon noted
    Systems that were devised to treat each case as potentially fraudulent
    are now rushing to deal with millions of newly unemployed people.
  PGN]

------------------------------

Date: Thu, 30 Apr 2020 01:11:00 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Would you have fallen for this phone scam?

You may have heard that today's phone fraudsters like to use use caller ID
spoofing services to make their scam calls seem more believable. But you
probably didn't know that these fraudsters also can use caller ID spoofing
to trick your bank into giving up information about recent transactions on
your account -- data that can then be abused to make their phone scams more
believable and expose you to additional forms of identity theft.

Last week, KrebsOnSecurity told the harrowing tale of a reader (a security
expert, no less) who tried to turn the tables on his telephonic tormentors
and failed spectacularly.  In that episode, the people impersonating his
bank not only spoofed the bank's real phone number, but they were also
pretending to be him in a separate call at the same time with his bank.
https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/

This foiled his efforts to make sure it was really his bank that called him,
because he called his bank with another phone and the bank confirmed they
currently were in a separate call with him discussing fraud on his account
(however, the other call was the fraudster pretending to be him).

Shortly after that story ran, I heard from another reader -- we'll call him
Jim since he didn't want his real name used for this story -- whose wife was
the target of a similar scam, albeit with an important twist: The scammers
were armed with information about a number of her recent financial
transactions, which he claims they got from the bank's own automated phone
system just by spoofing her phone number. [...]
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-sc=
am/

------------------------------

Date: Thu, 30 Apr 2020 12:16:01 +1000
From: "3daygoaty ." <threedaygoaty () gmail com>
Subject: Re: Online voting is too vulnerable (Economist, RISKS-31.76)

I think the difficulty with online voting can be illustrated in one
particular use case.  If bright sparks can solve this, we would be a lot
closer.  They can't, and we aren't.

As an older, non-English speaking person who does not have great fluency in
computer use, I want to use the iPhone my son has given me so I can vote
online.  Since I understand there are risks in voting this way, I want the
phone to let me confirm my vote was recorded as I intended it.  I would like
this to be a simple task I can complete after voting, but the result of this
task needs to prove to me definitely that my vote *did not make it*, if this
is indeed the case.

In other words, it has to be "impossible" to subvert the mechanism that
verifies recorded-as-cast, and only the voter can do this test, without
prior training, easily, non-optionally.  When this test fails, the user
needs to understand, and then take some course of action (and not to a fake
call centre).  I include non-English speaking because of the inherent biases
in election and technology design.  I could have included users with
barriers and impairments to paper voting since these electors are typically
the guinea pigs for I-voting.  The military being young, technically literate,
able bodied, and English speakers are at the opposite spectrum in terms of
capability. A much easier use case.

Of course many other use cases define the vote making it safely into
reported results, only the right people voting, only voting once, privacy,
and so on.  But I think understanding the above use case is understanding
the challenge of I-voting.

Good luck with that!  TDG

------------------------------

Date: Fri, 1 May 2020 12:34:31 +0100
From: Martin Ward <martin () gkc org uk>
Subject: Re: After prolonged service outage, Petnet shuts down (RISKS-31.75)

  "A distributed system is one in which the failure of a computer you didn't
  even know existed can render your own computer unusable" (Leslie Lamport).

We can update this to: "The Internet of Things is a system in which the
failure of a computer you didn't even know existed can render your own
things unusable"

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.77
************************
Previous By Date Next
Previous By Thread Next

Current thread: