RISKS Forum mailing list archives
Risks Digest 32.30
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 2 Oct 2020 12:38:03 PDT
RISKS-LIST: Risks-Forum Digest Friday 2 October 2020 Volume 32 : Issue 30 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.30> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Microsoft says Russia behind most nation-state cyber-attacks (Bloomberg) Conservative operatives face felony charges in connection with robocalls seeking to mislead voters (WashPost) More on Cambridge Analytica (UK Channel 4) Error discovered on Georgia touchscreens in US Senate race (Mark Niesse) Maryland's web-delivered ballots must be hand-copied to be counted (WashPost) Tokyo Stock Market Halts Trading for a Day, Citing Glitch (NYTimes) Is The Internet falling apart? (The Hill) Apple marches to a different beat (Henry Baker) Robots smaller than the width of a hair (bbc.com) Could future AI turn animals against us? (The Next Web) This Is How Much Top Hackers Are Earning From Bug Bounties (Steve Ranger) Windows XP source code leaks online (The Verge) File under `feature interaction' (BBC) Third-Party Code Bug Left Instagram Users at Risk of Account Takeover (Alex Scroxton) MIT Media Lab develops sleep-tracking device that alters dreams to boost creativity (Science Times) Privacy of biometric data in DHS hands in doubt, IG says (RollCall) New homeowner 'freaked out' when stranger took control of her security system (CBC.CA) Alarm company "overlooked" change of home ownership (CBC.CA) Teacher saw a BB gun in 9-year-old's room during online class, who faced expulsion (WashPost) Using deep learning to control the unconsciousness level of patients in an anesthetic state (Techxplore.com) Re: A Tesla driver was caught sleeping on Autopilot (Martin Ward) Re: Tribune staff furious as cybersecurity test email makes cruel promises (John Beattie) Re: D.C.'s New Area Code Will Be... 771 (Wol) Re: Pandemic spurs journalists to go it alone via email (Steve and Micki Bacher) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 30 Sep 2020 10:52:08 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Microsoft says Russia behind most nation-state cyber-attacks (Bloomberg) Targets have ranged from elections to the Olympic Games* Hackers in Iran and China have also been active, report says Russia-based hackers are responsible for the majority of nation-state attacks on Microsoft customers, according to new data from company. Microsoft Corp. has issued 13,000 alerts about nation-state hacking attempts to its customers in the last two years, with 52% of incidents between July 2019 and June 2020 related to Russian hackers -- whose targets have ranged from elections to the Olympics, according to a report published Tuesday. Iran was responsible for a quarter of the alerts while China was responsible for 12%. The remainder of the nation-state activity observed by Microsoft came from North Korea and other countries. Russian hackers have targeted elections and political organizations in multiple countries, as well as non-profit groups, professional services and higher education, according to Microsoft. Kremlin-linked hackers also tried to break into 16 sporting and anti-doping organizations on three continents amid doping investigations into Russia athletes. ``We see nation-state actors constantly evolving, trying new techniques,'' said Tom Burt, a vice president at Microsoft. ``As it stands today the attackers are winning in that they are so well resourced, so determined and so agile.'' Foreign hackers have continued to target organizations related to American politics in recent weeks, he said. Iranian hackers have also been prolific, stepping up the volume of their attacks in the last six months, according to Burt. In August 2019 alone, Iranian hackers attacked 241 Microsoft accounts associated with a U.S. presidential campaign, current and former U.S. officials, political journalists and well-known Iranians living abroad, the report said. While only four of these attacks were successful, Microsoft anticipates an increase activity as the U.S. election approaches. Hackers based in China have ``attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election,'' according to Microsoft. Those hackers have also been active in cyber-attacks related to medical research. Among multiple attempts to hack medical research institutions in the U.S. and Asia, China-based hackers attacked an unnamed U.S. university that was researching a coronavirus vaccine in March. [...] https://www.bloomberg.com/news/articles/2020-09-29/microsoft-says-russia-behind-most-nation-state-hacking-attempts -or- https://www.msn.com/en-us/news/world/microsoft-says-russia-behind-most-nation-state-cyber-attacks/ar-BB19xXsj ------------------------------ Date: Fri, 2 Oct 2020 02:30:14 -0400 From: Monty Solomon <monty () roscom com> Subject: Conservative operatives face felony charges in connection with robocalls seeking to mislead voters (WashPost) If convicted, the pair could face up to 24 years in prison each https://www.washingtonpost.com/politics/2020/10/01/wohl-robocall-michigan/ ------------------------------ Date: September 30, 2020 23:04:14 JST From: David Isenberg <isen () isen com> Subject: More on Cambridge Analytica (UK Channel 4) [Via Dave Farber] Channel 4 in the UK has released an amazing 20 minute video that is the best explanation I've seen of how Cambridge Analytica used Facebook data to micro-target voters to influence the 2016 US election and the Brexit vote: https://www.youtube.com/embed/KIf5ELaOjOk There's also another most interesting video from the same project that digs into one guy's Facebook/Cambridge Analytica file" https://www.youtube.com/watch?v=5Swqc2NjEXM This second video shows one particular guy's file, which contains his psychographic profile, including openness, conscientiousness, extroversion, agreeableness and neuroticism scores by percentile. It "knows" what kind of car the individual has, that he's a gamer, what his investments are, what his diet is, whether he uses coupons, if he writes a blog, how he uses The Internet and social media, whether he has a home office and what charities he gives to. And a bunch of other things.
From these aggregated data, it's easy to imagine how CA could determine
things like who he'd vote for and the strength of his commitment to the voting process, and target manipulative ads and messages from "friends" accordingly. In my humble opinion, both videos are must-watch for all who consider themselves to be technology literate. ------------------------------ Date: Sat, 26 Sep 2020 17:19:27 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Error discovered on Georgia touchscreens in US Senate race (Mark Niesse) Mark Niesse, *Atlanta Journal Constitution( <https://www.ajc.com/politics/error-discovered-on-georgia-touchscreens-in-us-senate-race/M7CJDSSZHRDBJFGTHYCPJ4APHM/> Election officials working to correct issue before early voting begins 12 Oct. Georgia election officials said Saturday they found a programming error on the state's voting touchscreens that caused a row of candidates in the 21-person U.S. Senate special election to disappear at times when flipping back and forth between screens. This will require reprogramming the state's 30,000 new touchscreens. The issue occurred in the U.S. Senate special election, which includes Republican U.S. Sen. Kelly Loeffler and U.S. Rep. Doug Collins, along with Democrats Raphael Warnock, Matt Lieberman and Ed Tarver. [Long item PGN-ed] ------------------------------ Date: Sun, 27 Sep 2020 14:15:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Maryland's web-delivered ballots must be hand-copied to be counted (WashPost) The rush to vote from home this year left Maryland election judges with a burden that plagues no other state in the country: Ballots delivered online cannot be read by the state's scanning machines. To be counted, each of those ballots must instead be hand-copied by election judges onto a cardstock ballot. And each week, more requests for those Web-delivered ballots are rolling into election offices around the state, dramatically increasing the pressure on a system built for a far different type of election. A month ahead of the deadline, more than 111,000 people have requested Web-delivered blank ballots -- nearly twice the volume of the previous election. About 924,000 voters have so far asked for ballots to be mailed to them. The Web-delivered ballots offer front-end expediency for voters, who can follow a link in their email, enter credentials on a website and download a ballot packet to print at home on regular paper. But on the back end, that plain paper becomes a first draft, and every voter's choices must be transcribed onto oversize cardstock that can be scanned. For transparency's sake, the transcription is done by a pair of judges -- one a Republican, the other a Democrat. One judge reads the ballot choices aloud, and the other marks them down on the ballot. Then the judges switch jobs to check each other's work. The process takes about five minutes per ballot, election officials said. As of Thursday, that added up to more than 9,000 hours of work just to get the ballots ready to be scanned. https://www.washingtonpost.com/local/md-politics/maryland-web-ballots-hand-copied/2020/09/23/73221310-f2bd-11ea-999c-67ff7bf6a9d2_story.html No good deed goes unpunished. ------------------------------ Date: Thu, 1 Oct 2020 09:38:34 -0400 From: Monty Solomon <monty () roscom com> Subject: Tokyo Stock Market Halts Trading for a Day, Citing Glitch (NYTimes) The exchange's operator said it planned to resume trading on Friday after a technical problem left investors unable to place orders. https://www.nytimes.com/2020/09/30/business/tokyo-stock-market-glitch.html ------------------------------ Date: Wed, 30 Sep 2020 10:39:56 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Is The Internet falling apart? (The Hill) The president's two August Executive Orders banning the mobile app TikTok <https://www.whitehouse.gov/presidential-actions/executive-order-addressing-threat-posed-tiktok/> and the mobile app WeChat <https://www.whitehouse.gov/presidential-actions/executive-order-addressing-threat-posed-wechat/>, along with the State Department's major foreign policy initiative for a ``clean'' internet within the United States <https://www.state.gov/the-clean-network-safeguards-americas-assets/> are only the most recent signs that the once open, global Internet is slowly being replaced by 200, nationally-controlled, separate internets. And, while these separate American, Chinese, Russian, Australian, European, British, and other ``internets'' may decide to have some things in common with each other, the laws of political gravity will slowly pull them further apart as interest groups in each country lobby for their own concerns within their own country. Moreover, we will probably see the emergence of a global alternat[iv]e internet before long. Some of this nationalistic dis-integration of The Internet has been foreseen <http://www3.weforum.org/docs/WEF_FII_Internet_Fragmentation_An_Overview_2016.pdf> as the 1990s' open/global Internet gradually became a principal domain of war, news, espionage, politics, propaganda, banking, commerce, entertainment, and education since around 2005. The process of creating hundreds of individual, national internets has been slow because the global Internet -- the network of networks =94 was never designed to recognize national borders and because the United States had been a forceful opponent of a fragmented set of national internets. Both of these conditions have changed and they are changing rapidly. To oversimplify, the genesis of the internet, the U.S. Defense Department=99s DARPANET, was designed to allow completely different computer networks (think IBM and UNIVAC, or PC and Mac) to connect with each other by inserting between them a gateway that converts each network=99s computer language into a common internet language, called internet protocols. The genius behind the concept is that not all computer networks needed to use the same computer language they only had to convert to a common language at a gateway, which then routed everyone on every network to everyone on every other network. And -- since computer networks do not inherently notice or care which city, province, state or country they=99re in or the nationality of their human user -- the technology was not designed to take national borders into account. This contrasts markedly with such media as broadcasting and telecommunications, which basically grew with the permission of national governments from within countries, and then governments allowed the interconnection of their national network to others under government-controlled technical and substantive arrangements. As background, it's important to recognize that -- by almost any measure -4 the global Internet is controlled by businesses and non-profits subject to the jurisdiction of the United States government. Within a roughly 1,000-mile strip of land stretching from San Diego to Seattle lie most major Internet businesses and network control or standards bodies (and those that aren=99t there likely lie elsewhere in the United States). So =94 as the governments of China, Russia and Iran never tire of explaining =94 while Americans constitute around 310 million out of the world=99s 4.3 billion Internet users (around 8 percent) <https://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users>, the U.S. government exercises influence or control over more than 70 percent of the Internet's controls and services. It took China millions -- perhaps billions =94 of dollars and well over a decade to demonstrate that the inherently non-nationalistic nature of the internet could be managed through both technical and legal means, sometimes described as ``The Great Firewall of China <https://en.wikipedia.org/wiki/Great_Firewall>.'' Without listing the wide range of methods that China has used to create an internet within China that is different from the Internet in the U.S. or Europe, suffice it to say that unless someone in China has extraordinary technical means and is willing to risk breaking the rules, the internet in China is noticeably different (e.g. no Google, Facebook or Twitter <https://www.businessinsider.com/major-us-tech-companies-blocked-from-operating-in-china-2019-5#tumblr-6>). China's ability to control the Internet experience within its borders between roughly 2005 and 2018 taught many other countries that doing so, even if costly, is possible. This lesson was not lost on Russia, Iran, Australia, Turkey, Saudi Arabia, the EU and many other countries, which began developing legal (and sometimes technical) means to control Internet content within their borders. This legal/technical nationalization over the past decade was significantly boosted by the realization that it was actually not very difficult for a government to substantially shut down the Internet within a territory. [...] https://thehill.com/opinion/technology/518762-is-the-internet-falling-apart [MODERATOR's NOTE: I have long tried to make a distinction between The Internet (initial caps) and what are otherwise might be called "subnets of the Internet" or even ``othernets'' that are *not* The Internet. This worked nicely when there has been only *one Internet*. I have done some editing here to try to make this distinction clearer. PGN] ------------------------------ Date: Mon, 28 Sep 2020 11:38:33 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Apple marches to a different beat Is it just me, or do other people find that MacOS keeps their clock 2-3 *minutes* early? I noticed that MacOS was several minutes ahead of the opening bell of the NYSE, and started watching over the next several days. It was not a fluke. I rebooted the machine, which got MacOS to sync with an *Apple* time server, and it was still 2-3 minutes early. I didn't see any easy way to change the time server that this machine consults, so it remains early. Among other things, this time difference is a security risk, because someone might be able to utilize a *specific* time difference to identify a particular computer. ------------------------------ Date: Tue, 29 Sep 2020 13:40:13 +0800 From: Richard Stein <rmstein () ieee org> Subject: Robots smaller than the width of a hair (bbc.com) https://www.bbc.com/news/technology-54327412 The video demonstrates that silicon-device manufacturing techniques can mass produce microscopic mobile robots. The device creators suggest these devices might one day deliver targeted chemotherapy payloads or other substances to treat human diseases. For size comparison purposes: a) Human blood cell diameter is ~6 to 8 micrometers (see https://en.wikipedia.org/wiki/Red_blood_cell#Human, retrieved on 29SEP2020). b) Human hair diameter ranges between ~17 micrometers to ~181 micrometers. Thickness attributed to various genetic factors (see https://hypertextbook.com/facts/1999/BrianLey.shtml Tablets (with silicon dioxide) are apparently used to treat osteoporosis, heart disease, hair loss, Alzheimer's disease, etc (see https://www.webmd.com/vitamins/ai/ingredientmono-1096/silicon, retrieved on 29SEP2020). Silicon dust, if inhaled, is toxic (see https://en.wikipedia.org/wiki/Silicon#Safety, retrieved on 29SEP2020). Risk: Unmetabolized silicon robot carcasses (toxic waste), including other minerals used to manufacture the robot, or metabolites from robot interaction with human blood. Double-blind clinical study needed to determine therapeutic safety. ------------------------------ Date: Fri, 2 Oct 2020 08:49:16 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Could future AI turn animals against us? (The Next Web) https://thenextweb.com/neural/2020/09/30/elon-musk-put-a-computer-interface-in-a-pigs-brain-could-future-ai-turn-the-animals-against-us/ ------------------------------ Date: Mon, 28 Sep 2020 13:12:20 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: This Is How Much Top Hackers Are Earning From Bug Bounties Steve Ranger, ZDNet, 22 Sep 2020 via the ACM Tech News, 28 Sep 2020 More than $44.75 million in bounties was awarded to hackers worldwide over the past year, up 86% annually, according to HackerOne, which operates bug bounty programs. The average bounty paid for critical vulnerabilities rose 8% over the past year to $3,650, and the average amount paid per vulnerability was $979. To date, more than 181,000 vulnerabilities have been reported, and hackers have been paid more than $100 million. Almost nine out of 10 of the hackers enrolled with HackerOne are under 35, and hacking is the only source of income for one in five of the program's hackers. HackerOne reported that, in less than a decade, nine individual hackers have been paid $1 million in total bounty earnings, more than 200 hackers have earned more than $100,000, and 9,000 hackers have earned "at least something." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27364x225229x065996&; [One might wonder how many of them are double-dipping, and selling off their findings on the dark web as well. Probably a bad idea if they get caught, although persistent separation of aliases in the dark web may be less easy to match with their HackerOne identities. PGN] ------------------------------ Date: Sat, 26 Sep 2020 00:03:59 -0400 From: Monty Solomon <monty () roscom com> Subject: Windows XP source code leaks online (The Verge) https://www.theverge.com/2020/9/25/21455655/microsoft-windows-xp-source-code-leak ------------------------------ Date: Sat, 26 Sep 2020 19:12:00 +0100 From: Martyn Thomas <martyn () 72f org> Subject: File under `feature interaction' (BBC) https://www.bbc.co.uk/news/uk-england-oxfordshire-54310800 If this story is true it appears that the alcohol mist is automatic -- and so is the sensor to detect alcohol in the driver's breath. But surely it must have been tested ... ------------------------------ Date: Mon, 28 Sep 2020 12:50:25 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Third-Party Code Bug Left Instagram Users at Risk of Account Takeover (Alex Scroxton) Alex Scroxton, *Computer Weekly*, 24 Sep 2020 via ACM TechNews, 28 Sep 2020 Security teams at Check Point and Facebook reported a third-party remote code execution flaw in the Instagram photo-sharing platform, which could have enabled malefactors to hijack accounts and use victims' devices for surveillance. Facebook calls the bug an integer overflow leading to a heap buffer overflow, and was present in Mozjpeg, an open source, third-party JPEG decoder that Instagram uses to upload images to the application. Check Point's Yaniv Balmas highlighted the risks of using third-party code libraries to build app infrastructures without checking for flaws. Although patched six months ago, the Mozjpeg bug is only being disclosed now in the hope that a sufficient number of users have updated their apps to ameliorate its impact. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27364x225232x065996&; ------------------------------ Date: Wed, 30 Sep 2020 10:47:07 -1000 From: geoff goodfellow <geoff () iconia com> Subject: MIT Media Lab develops sleep-tracking device that alters dreams to boost creativity (Science Times) Scientists from MIT have found a way to implant ideas on the minds of people as they fall asleep to create bizarre and abstract dreams. The researchers used the targeted dream incubation to guide people's dreams towards particular themes by repeating information during the first stage of sleep. That stage is called hypnagogia, which is responsible for dreams about psychedelic phenomena. The technology consists of a wrist-worn electronic device that tracks sleep, called Dormio, connected to an app that delivers audio prompts during hypnagogia. The researchers influenced the dreams of most of its study participants to dream about a tree during the earliest stage of sleep during the trials. An MIT computer scientist also used the Dormio system to make himself dream about the chocolate fountain seen in the classic 1971 film 'Willy Wonka and the Chocolate Factory.' Dreams in the Hypnagogia Stage. [...] <https://www.media.mit.edu/projects/sleep-creativity/overview/> https://www.sciencetimes.com/articles/27501/20200929/mit-sleep-alter-dreams-creativity.htm [Think of what hacking Dormio or the app might do to a person's sanity! Forget Willie Wonka. I remember the 1944 movie *Gaslight*, with Charles Boyer, Ingrid Bergman, Joseph Cotten, and Angela Lansbury. PGN] ------------------------------ Date: Wed, 30 Sep 2020 10:56:15 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Privacy of biometric data in DHS hands in doubt, IG says (RollCall) *CBP failed to protect 184,000 facial images of cross-border travelers before massive data breach last year, according to report* [...] https://www.rollcall.com/2020/09/29/privacy-of-biometric-data-in-dhs-hands-in-doubt-inspector-general-says/ ------------------------------ Date: Mon, 28 Sep 2020 06:45:57 -0600 From: "Matthew Kruk" <mkrukg () gmail com> Subject: New homeowner 'freaked out' when stranger took control of her security system (CBC.CA) Weak laws leave thousands vulnerable, former privacy commissioner says. The message came out of the blue for Taylor Fornell. A stranger told her he had complete control over the home security system in her new house in Stony Plain, Alta., and could prove it. As she stood alone in her front hall, she watched in disbelief as the man unarmed the system, unlocked doors and windows and told her he could track when she left the house - all with a few clicks on the security company's app. "I felt a little sick to my stomach . It's just really creepy and a breach of trust," Fornell told Go Public, referring to Vivint, the security company that installed and ran the system. Fornell was lucky. The stranger who connected with her on Facebook was the former owner of the house. https://www.cbc.ca/news/business/security-system-app-homeowner-stranger-1.5733444 ------------------------------ Date: Mon, 28 Sep 2020 07:53:35 -0600 From: Jonathan Levine <jonathan.canuck.levine () gmail com> Subject: Alarm company "overlooked" change of home ownership (CBC.CA) https://www.cbc.ca/news/business/security-system-app-homeowner-stranger-1.5733444 ------------------------------ Date: Fri, 25 Sep 2020 23:08:50 -0400 From: Monty Solomon <monty () roscom com> Subject: Teacher saw a BB gun in 9-year-old's room during online class, who faced expulsion ``They're applying on-campus rules to these children, even though they're learning virtually in their own homes,''said the family's attorney, Chelsea Cusimano. https://www.washingtonpost.com/nation/2020/09/25/louisiana-student-bbgun-expulsion/ ------------------------------ Date: Mon, 28 Sep 2020 15:08:19 +0800 From: Richard Stein <rmstein () ieee org> Subject: Using deep learning to control the unconsciousness level of patients in an anesthetic state (Techxplore.com) https://techxplore.com/news/2020-09-deep-unconsciousness-patients-anesthetic-state.html "Essentially, Schamberg and his colleagues developed a deep neural network and trained it to control anesthetic dosing using reinforcement learning within a simulated environment. They specifically focused on the dosage of Propofol, a medication that decreases people's level of consciousness and is commonly used to perform general anesthesia or sedation on patients who are undergoing medical procedures." The report concludes with this text: "So far, our approach outperformed the commonly used proportional-integral-derivative controller and was robust across a variety of patient variations in drug metabolism and effect," Schamberg said. "We would now love to test the proposed paradigm on humans in controlled clinical settings." Modern anesthesia practice demonstrates dramatically low patient injury or mortality. See https://pubs.asahq.org/anesthesiology/article/110/4/759/10557/Epidemiology-of-Anesthesia-related-Mortality-in (retrieved 28SEP2020) which estimates 1 death per 100000 anesthesia procedures since ~2000. General anesthesia application encompasses a procedural life cycle. Patient sedation comprises one life cycle phase (see https://my.clevelandclinic.org/health/treatments/15286-anesthesiology, retrieved on 28SEP2020). Numerous devices, depending on surgical procedure, are used to administer sedation and for post-operative recovery: Needles, catheters, sedative injections, gas mixtures, etc. Several instruments are applied to measure patient sedation and overall vitality while under the knife: blood oxygen level, blood pressure, sedative flow, patient pulse, respiration rate, etc. The FDA's Total Product Life Cycle reporting system reveals product codes representing widely deployed commercial anesthesia delivery systems and kits. This query yields 28 product codes. Individual medical device reports (MDR) attributed to the three-letter product code, and the commercial anesthesia devices it classifies, can be accessed: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cftplc/tplc.cfm?start_search=1&devicename=anesthesia&productcode=&deviceclass=®ulationnumber=&min_report_year=2015&pagenum=50 Since 2015, the product codes with the biggest MDR density appear to be: BSZ and OGE. BSZ applies to "gas machine, anesthesia" devices; OGE applies to "anesthesia, epidural kit" devices. It is notable that the top 3 MDR problems for each product code indicate device or component issue that DID NOT impact the patient. The events run the gamut: contaminated syringe, stuck catheter, leak, system shutdown, foreign body in patient, broken knob, kink in suction line, etc. Fortunately, a skilled professional intervened to mitigate. The Top-10 Patient Problems for BSZ: Patient Problems,MDRs with this Patient Problem,Events in those MDRs No Patient Involvement,7245,7245 No Consequences Or Impact To Patient,3203,3203 No Known Impact Or Consequence To Patient,633,633 Low Oxygen Saturation,55,55 No Information,33,33 Death,31,31 Awareness during Anaesthesia,22,22 No Code Available,14,14 Cardiac Arrest,11,11 Hypoxia,9,9 The Top-10 Patient for OGE: Patient Problems,MDRs with this Patient Problem,Events in those MDRs No Consequences Or Impact To Patient,260,260 No Information,148,148 No Known Impact Or Consequence To Patient,115,115 Foreign Body In Patient,66,66 Device Embedded In Tissue or Plaque,29,29 Cerebrospinal Fluid Leakage,18,18 No Patient Involvement,15,15 Needle Stick/Puncture,10,10 Pain,9,9 No Code Available,6,6 ------------------------------ Date: Sat, 26 Sep 2020 15:54:23 +0100 From: Martin Ward <martin () gkc org uk> Subject: Re: A Tesla driver was caught sleeping on Autopilot (RISKS-32.29) Basically, the Tesla Autopilot replaces a good driver by a poor driver. (If you are a poorer driver than Tesla Autopilot, then you should not be allowed to drive!). But, Tesla might argue, its OK because the good driver has to continuously watch over the poor driver and take control the moment the poor driver makes a mistake. This makes driving much more tiring for the human driver: having to concentrate all the time without being in control is much more work than actually driving. It also makes the journey less safe: the good driver is now having to *react* to mistakes made by the autopilot instead of being proactive in anticipating and avoiding potentially dangerous situations. Advanced driving is all about anticipation and avoidance to reduce the possibility that a dangerous situation occurs, it is not about lightning reflexes to get out of trouble. Some examples: * You catch a glimpse through the trees of a car on a slip road approaching a junction at high speed. At his current speed he is on a collision course with you: he might slow down behind the trees, but just in case, you take avoidance action. Would Tesla Autopilot do the same? * Driving down a town street the driver in front keeps glancing from side to side. You deduce that he is looking for a parking spot, is not paying attention to you, and is liable to slam on the brakes without warning. So you drop back and give him room. Would Tesla Autopilot do the same? * Also on a town street, there are bairns (small children) on the pavement: so in my opinion the speed limit is now 20 mph, regardless of what the signs say. A child might run into the road and be killed and at 20 mph they have a much better chance of surviving. Even though it is the childs "fault": I still don't want to kill a child just for running into the road! Does Tesla Autopilot follow this rule? * Does Tesla Autopilot notice L plates on a car and give it extra room? In each case, instead of just instinctively avoiding the possible danger, you also have to decide if and when to take over from the autopilot, and then manage the transition while avoiding the danger. ------------------------------ Date: Mon, 28 Sep 2020 12:28:59 +0100 From: John Beattie <jkb () jkbsc co uk> Subject: Re: Tribune staff furious as cybersecurity test email makes cruel promises (RISKS-32.29) I disagree that this is the fault of the WaPo staff. First off, journalists are paid to be inquisitive, so clicking on links should be fine. Second, they probably didn't particularly believe the email anyway but wanted to see more to understand what was going on. I've been subject to this kind of test and it is bad enough to be shown a red flashing page saying 'FAILED' or the like. Pointed content of the kind the WaPo used is guaranteed to get a very negative response -- and from people you are actually trying to help! Third, what we all need (and not just journalists) is to have our email pre-filtered in a sandbox environment. Load the email, test the links and see what comes back. Dodgy javascript and dodgy websites can be flagged. An automated test of that sort is never going to be 100% accurate; the end user would still need to take some care. But adding checks would help greatly. End users are not solely responsible for damage due to following bad links in emails! ------------------------------ Date: Sat, 26 Sep 2020 02:00:51 +0100 From: Wols Lists <antlists () youngman org uk> Subject: Re: D.C.'s New Area Code Will Be... 771 (Levine, RISKS-32.28) And how many of those numbers are "allocated but unused"? Many years ago, they upgraded the numbers in the town where I worked from 5 digits to 6. In the process, they allocated our company the number 36nnnn for DDI (Direct Dial-In). In other words, each phone in the office had a normal phone number - the local exchange routed all numbers starting with 36 to the company PABX for it to process the rest. That's 10,000 numbers allocated to just one customer ... ------------------------------ Date: Sat, 26 Sep 2020 09:01:55 -0400 From: "Steve and Micki Bacher" <sebmb1 () verizon net> Subject: Re: Pandemic spurs journalists to go it alone via email (Axios) This item fails to observe that in the case of Sullivan (and likely Taibbi as well), what's pushing them out is not the pandemic but the amount of interference (aka censorship) being imposed by the publishing organizations they work for, since these writers often espouse views not in keeping with the mainstream. So it's more cancel culture than COVID-19 cultures. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.30 ************************
Current thread:
- Risks Digest 32.30 RISKS List Owner (Oct 02)