RISKS Forum mailing list archives
Risks Digest 32.51
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 22 Feb 2021 16:46:29 PST
RISKS-LIST: Risks-Forum Digest Monday 22 February 2021 Volume 32 : Issue 51 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.51> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: 777 has engine problems on takeoff from Denver, drops large pieces of debris on local neighborhood, makes it back to airport safely (Lauren Weinstein) His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (NYTimes) Abbott appointees made 'astonishing' cuts to power reliability team (Houston Chronicle) Future warfare will feature autonomous weaponry (WashPost) Malware Is Now Targeting Apple's New M1 Processor (WiReD) Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks (Vice) IRS trifecta -- not good news (WashPost) UN discusses how not to kill the planet (UNEP) Study of auto recalls shows carmakers delay announcements until they 'hide in the herd' (Techxplore.com) The Race to Fix Virtual Meetings (AKA, the nightmare continues (NYTimes) Sign this 8-year-old up! (Gabe Goldberg) China Censors the Internet. So Why Doesn't Russia? (NYTimes) A reminder about U2F/FIDO security keys and account security (Google via LW) Can't make this up -- panic culture (10TV via Gabe Goldberg) Current state of DDoS (IEEE Computer) Warning regarding fake Mars Probe video (Lauren Weinstein) UMass Amherst Team Helps Demonstrate Spontaneous Quantum Error Correction (UMass) Quantum networking progress (rod van meter) New Approach to 3D Printing of Human Tissue Closer to Reality (Brian P. Dunleavy) John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied. (Vice) Re: Texas vs FERC's "best practices" for anticipating disasters (Mark Brader) Re: U.S. Water Supply Has Few Protections Against Hacking (Amos Shapir) Re: "Vaccine" passport? (Amos Shapir) Re: Incredibly poor software design costs Citigroup $500M (Jim Geissman) Re: Gorilla COVID risks (John Levine) Re: Spy pixels in emails have become endemic' (John Levine) Re: Japanese contact tracing software: Update on Cocoa bug (Anthony Thorn) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 20 Feb 2021 13:31:27 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: 777 has engine problems on takeoff from Denver, drops large pieces of debris on local neighborhood, makes it back to airport safely Definitely not what you want to see today -- or any day -- when you look out of a 777 window https://youtu.be/r6vTuJzweVM ------------------------------ Date: Sun, 21 Feb 2021 12:26:09 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (NYTimes) SAN ANTONIO -- As millions of Texans shivered in dark, cold homes over the past week while a winter storm devastated the state's power grid and froze natural gas production, those who could still summon lights with the flick of a switch felt lucky. Now, many of them are paying a severe price for it. ``My savings is gone,'' said Scott Willoughby, a 63-year-old Army veteran who lives on Social Security payments in a Dallas suburb. He said he had nearly emptied his savings account so that he would be able to pay the $16,752 electric bill charged to his credit card -- 70 times what he usually pays for all of his utilities combined. ``There's nothing I can do about it, but it's broken.'' Mr. Willoughby is among scores of Texans who have reported skyrocketing electric bills as the price of keeping lights on and refrigerators humming shot upward. For customers whose electricity prices are not fixed and are instead tied to the fluctuating wholesale price, the spikes have been astronomical. The outcry elicited angry calls for action from lawmakers from both parties and prompted Gov. Greg Abbott, a Republican, to hold an emergency meeting with legislators on Saturday to discuss the enormous bills. [...] Under some of the plans, when demand increases, prices rise. The goal, architects of the system say, is to balance the market by encouraging consumers to reduce their usage and power suppliers to create more electricity. But when last week's crisis hit and power systems faltered, the state's Public Utilities Commission ordered that the price cap be raised to its maximum limit of $9 per kilowatt-hour, easily pushing many customers' daily electric costs above $100. And in some cases, like Mr. Willoughby's bills rose by more than 50 times the normal cost. [...] Many of the people who have reported extremely high charges, including Mr. Willoughby, are customers of Griddy, a small company in Houston that provides electricity at wholesale prices, which can quickly change based on supply and demand. The company passes the wholesale price directly to customers, charging an additional $9.99 monthly fee. Much of the time, the rate is considered affordable. But the model can be risky: Last week, foreseeing a huge jump in wholesale prices, the company encouraged all of its customers -- about 29,000 people -- to switch to another provider when the storm arrived. But many were unable to do so. Katrina Tanner, a Griddy customer who lives in Nevada, Texas, said she had been charged $6,200 already this month, more than five times what she paid in all of 2020. She began using Griddy at a friend's suggestion a couple of years ago and was pleased at the time with how simple it was to sign up. https://www.nytimes.com/2021/02/20/us/texas-storm-electric-bills.html The money quote -- literally: William W. Hogan, considered the architect of the Texas energy market design, said in an interview this past week that the high prices reflected the market performing as it was designed. Welcome to TX. ------------------------------ Date: Fri, 19 Feb 2021 14:52:27 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Abbott appointees made 'astonishing' cuts to power reliability team before deadly Texas storm Abbott appointees made 'astonishing' cuts to power reliability team before deadly Texas storm https://www.houstonchronicle.com/politics/texas/article/Abbott-appointees-made-astonishing-cuts-to-15963686.php ------------------------------ Date: Sun, 21 Feb 2021 13:34:54 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Future warfare will feature autonomous weaponry (WashPost) *The Washington Post* Advanced AI means weapons operating faster, leaving human operators and their molasses reflexes behind. Roper said that because of the way AI capabilities are accelerating, being behind means the United States might never catch up, which is why he's pushing to move fast and get AI out into combat. ``It doesn't make sense to study anything in the era of AI. It's s better to let the AI start doing and learning, because it's a living, breathing system, very much like a human, just silicon based.'' [...] The United States isn't alone in venturing into this territory. Nearly two decades ago, Britain built a missile called the Brimstone that was meant to go after enemy vehicles it selected on its own after being released from British Tornado fighters. Two computer algorithms -- not the pilots -- dictated its actions. Brimstone wasn't exactly an example of AI: Its algorithms were written by people, whereas AI weapons will rely on code computers write themselves -- extensive programming that's nearly impossible to review and verify. Still, when the missile was ready for use, British commanders — in the midst of combat in Ira-- were facing strong public pressure about civilian casualties and worries about international law. All military commanders, under the rules of war, must be able to show that they discriminate between legal military targets and civilians, something that's hard to do if the missile rather than a person is deciding what to strike. Ultimately, Royal Air Force commanders chose not to deploy the missile in Iraq, instead spending a year redesigning it to add a mode allowing pilots to pick the targets. https://www.washingtonpost.com/magazine/2021/02/17/pentagon-funds-killer-robots-but-ethics-are-under-debate/ First companies were people, now AI is people. I thought it was just Soylent Green that's people... ------------------------------ Date: Sun, 21 Feb 2021 00:59:13 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Malware Is Now Targeting Apple's New M1 Processor (WiReD) Two distinct strains of malware have already adjusted to the new silicon just months after its debut. [...] For now, the native M1 malware that researchers have found doesn't seem to be a desperately dangerous threat in itself. But the emergence of these new strains is a warning that there's more to come -- and that detection tools need to bridge the gap to be ready. https://www.wired.com/story/apple-m1-malware/ ...so the arms race continues. ------------------------------ Date: Mon, 22 Feb 2021 14:35:31 -0500 From: Monty Solomon <monty () roscom com> Subject: Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks (Vice) Multiple exploit developers tell Motherboard an upcoming change in iOS could make zero-click exploits harder to pull off. https://www.vice.com/en/article/pkd4kg/apple-is-going-to-make-it-harder-to-hack-iphones-with-zero-click-attacks ------------------------------ Date: Sun, 21 Feb 2021 15:42:40 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: IRS trifecta -- not good news (WashPost) Inside the IRS: The department is charged with the stimulus and tax season is barely hanging on *The Washington Post* The IRS is contending with those challenges while navigating a depleted workforce and years of underfunding. Congress has cut the agency's annual appropriation by 20 percent since 2010, chipping away at workplace morale and expertise. The reduction of human capital -- the IRS's most valuable resources, experts say -- risks further running the agency aground in 2021. More than 21,000 full-time employees left the agency between 2010 and 2019, including many of its most skilled and tenured professionals. As part of sustained budget cuts pushed by congressional Republicans upset over perceived bias within the agency, the IRS spent years cutting back on training, too, Reardon said, making it harder to adjust to an already hectic year. https://www.washingtonpost.com/business/2021/02/12/irs-taxes-stimulus-biden/ Tax season 2021: A tornado is coming A supersize list of some of the issues people will face this year https://www.washingtonpost.com/business/2021/02/12/irs-2021-tax-season-issues/ President Biden may struggle to get new $3,000 benefit to many of America's poorest families The White House touts plan as dramatically curbing child poverty, but questions abound about implementation https://www.washingtonpost.com/us-policy/2021/02/12/irs-democrats-child-tax-credit-plan/ Starve the IRS, then create chaos for it. What could go wrong... ------------------------------ Date: Sun, 21 Feb 2021 12:12:01 -1000 From: geoff goodfellow <geoff () iconia com> Subject: UN discusses how not to kill the planet (UNEP) Humans are making Earth a broken and increasingly unlivable planet through climate change, biodiversity loss and pollution. So the world must make dramatic changes to society, economics and daily life, a new United Nations report says. Unlike past U.N. reports that focused on one issue and avoided telling leaders actions to take, Thursday's report combines three intertwined environment crises and tells the world what's got to change. It calls for changing what governments tax, how nations value economic output, how power is generated, the way people get around, fish and farm, as well as what they eat. ``Without nature's help, we will not thrive or even survive,'' Secretary-General Antonio Guterres said. ``For too long, we have been waging a senseless and suicidal war on nature. The result is three interlinked environmental crises.'' ``Our children and their children will inherit a world of extreme weather events, sea level rise, a drastic loss of plants and animals, food and water insecurity and increasing likelihood of future pandemics,'' said report lead author Sir Robert Watson, who has chaired past UN science reports on climate change and biodiversity loss. ``The emergency is in fact more profound than we thought only a few years ago,'' said Watson, who has been a top level scientist in the U.S. and British governments. This year ``is a make-it or break-it year indeed because the risk of things becoming irreversible is gaining ground every year,'' Guterres said. ``We are close to the point of no return.'' The report highlighted what report co-author Rachel Warren of the University of East Anglia called ``a litany of frightening statistics that hasn't really been brought together:'' * Earth is on the way to an additional 3.5 degrees warming from now (1.9 degrees Celsius), far more than the international agreed upon goals in the Paris accord. * About 9 million people a year die from pollution. * About 1 million of Earth's 8 million species of plants and animals are threatened with extinction. * Up to 400 million tons of heavy metals, toxic sludge and other industrial waste are dumped into the world's waters every year. * More than 3 billion people are affected by land degradation, and only 15% of Earth's wetlands remain intact. * About 60% of fish stocks are fished at the maximum levels. There are more than 400 oxygen-depleted ``dead zones'' and marine plastics pollution has increased tenfold since 1980. ``In the end it will hit us,'' said biologist Thomas Lovejoy, who was a scientific advisor to the report. ``It's not what's happening to elephants. It's not what's happening to climate or sea level rise. It's all going to impact us.'' The planet's problems are so interconnected that they must be worked on together to be fixed right, Warren said. And many of the solutions, such as eliminating fossil fuel use, combat multiple problems including climate change and pollution, she said. The report ``makes it clear that there is no time for linear thinking or tackling problems one at a time,'' said University of Michigan environment professor Rosina Bierbaum, who wasn't part of the work. In another break, this report gives specific solutions that it says must be taken. This report uses the word ``must'' 56 times and ``should'' 37 times. There should be 100 more because action is so crucial, said former U.N. climate chief Christiana Figueres, who wasn't part of the report. ``Time has totally ran out. That's why the word '8must' is in there,'' Figueres said. The report calls for an end to fossil fuel use and says governments should not tax labor or production, but rather use of resources that damages nature. ``Governments are still playing more to exploit nature than to protect it,'' Guterres said. ``Globally, countries spend some 4 to 6 trillion dollars a year on subsidies that damage the environment.'' Scientists should inform leaders about environmental risks ``but their endorsement of specific public policies threatens to undermine the credibility of their science,'' said former Republican Rep. Bob Inglis, who founded the free market climate think tank RepublicEn.org. The report also tells nations to value nature in addition to the gross domestic product when calculating how an economy is doing. Getting there means changes by individuals, governments and business, but it doesn't have to involve sacrifice, said UN Environment Programme Director Inger Andersen. ``There's a country that has been on that path for 25 years: Costa Rica,'' Andersen said. ``Yes, these are difficult times, but more and leaders are stepping in.'' https://www.westhawaiitoday.com/2021/02/19/nation-world-news/un-discusses-how-not-to-kill-the-planet/ *https://www.unep.org/resources/making-peace-nature* ------------------------------ Date: Mon, 22 Feb 2021 21:59:56 +0800 From: Richard Stein <rmstein () ieee org> Subject: Study of auto recalls shows carmakers delay announcements until they 'hide in the herd' (Techxplore.com) https://techxplore.com/news/2021-02-auto-recalls-carmakers-herd.html '"The implication is that auto firms are either consciously or unconsciously delaying recall announcements until they are able to hide in the herd," said George Ball, assistant professor of operations and decision technologies and Weimer Faculty Fellow at the Indiana University Kelley School of Business. "By doing this, they experience a significantly reduced stock penalty from their recall."' The auto industry's product defect disclosure practice illustrates a callous disregard for public safety, an exemplary model of "Profit Without Honor" (see https://www.amazon.com/Profit-Without-Honor-Looting-Criminal/dp/0134871421). History teaches that commercial product defect discovery and disclosure depend on profit-driven organizational behavior. Foreknowledge of brand killing defects often fails to motivate governance actions to mitigate them when profits are risked. Boeing's MCAS, Volkswagen's defeat device, Morton-Thiokol's (https://en.wikipedia.org/wiki/Thiokol) SRB O-ring, and Takada's airbag inflator serve as significant examples. Should product defect disclosure processes, purposely delayed to protect profits, be penalized? The threat of a stiff fine, and civil or criminal prosecution, may restore product safety disclosure fidelity and reaffirm responsible corporate citizenship. Risk: Product defect disclosure latency ------------------------------ Date: Sun, 21 Feb 2021 13:25:25 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: The Race to Fix Virtual Meetings (AKA, the nightmare continues (NYTimes) Sick of boring grids of heads? A new crop of start-ups aims to bring some serendipity and spark to remote meetings. https://www.nytimes.com/2021/02/17/magazine/video-conference.html Good comment: Please stop. I do not want to add actor and or a performance artist to my job description. So far, It is just a meeting. I understand virtual conferences and speakers.� Virtual reality on the home-front needs a rethink.� The true reality that we are not, for the most part, interested in replacing or finding a work-around solution to in-person contact with a fantasy.� If you want to monetize further "zoom" meetings etc., and their counterparts, say so. Where is the hue and cry for an extended, more upbeat meeting arena? Now, let's talk about something substantial like the currently existing "digital divide," so there is not another crater being created between the "haves and the have nots." ------------------------------ Date: Sun, 21 Feb 2021 12:55:23 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Sign this 8-year-old up! She's got a real future as a cybersecurity Red Team member... The grifter: someone's 8 year old niece The prize: Playing virtual hooky permanently (School Zoom calls) The marks: sister, brother in law, teacher, school's s computer teacher, principal and Zoom's support team The con: How she pulled it off https://twitter.com/mfpiccolo/status/1360685864100237318 ------------------------------ Date: Sun, 21 Feb 2021 08:02:14 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: China Censors the Internet. So Why Doesn't Russia? (NYTimes) https://www.nytimes.com/2021/02/21/world/europe/russia-internet-censorship.html ------------------------------ Date: Sun, 21 Feb 2021 11:29:32 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: A reminder about U2F/FIDO security keys and account security (Google) U2F/FIDO is superior to other 2sv (2-step verification) authentication systems because it's a "what you know and *what you have*" system that makes such a difference. The phisher doesn't have your key. When Google implemented this internally, successful phishing dropped to zero. Using U2F/FIDO security keys to protect your Google account: https://support.google.com/accounts/answer/6103523 https://help.twitter.com/en/managing-your-account/two-factor-authentication ------------------------------ Date: Sun, 21 Feb 2021 12:48:03 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Can't make this up -- panic culture (10TV) Spare roses placed on Walmart cars triggers sex trafficking panic Dozens of roses were left on vehicles, leading people to call the sheriff's office, which issued a warning about a potential tie to human trafficking. https://www.10tv.com/article/news/local/roses-left-on-vehicles-create-temporary-panic-at-coshocton-walmart/530-6c8b72ed-9b05-40fa-89bf-dd4620aebe3b Punchline: At end, after it's revealed as a friendly/loving gesture after fellow spent $300 on roses when proposing to his girlfriend, and they decided to share the flowers, sheriff said it's a good reminder to be vigilant and report anything unusual -- instead of telling people to get a grip. No, it's a reminder to not start/believe ridiculous rumors. ------------------------------ Date: Sat, 20 Feb 2021 10:28:19 PST From: Peter Neumann <neumann () csl sri com> Subject: Current state of DDoS (IEEE) Dan Geer suggests: in light of the Texas fiasco (RISKS-32.50), it might be worth your checking this item out: Article in the current *IEEE Computer *: 21 Years of Distributed Denial-of-Service: Current State of Affairs Eric Osterweil and Angelos Stavrou, George Mason University and Lixia Zhang, UCLA https://cs.gmu.edu/~eoster/doc/21-ddos-current.pdf ------------------------------ Date: Sat, 20 Feb 2021 10:24:23 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Warning regarding fake Mars Probe video WARNING: While the new Mars probe has audio capability for the first time, a video racking up views claiming to be video & audio from the new probe is reportedly a fake, with video from an older probe and audio of unknown origin. The new probe has not sent audio or video yet. ------------------------------ Date: Fri, 19 Feb 2021 12:40:31 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: UMass Amherst Team Helps Demonstrate Spontaneous Quantum Error Correction UMass Amherst, 11 Feb 2021, via ACM TechNews, 19 Feb 2021 University of Massachusetts Amherst researchers have devised a novel form of quantum error correction (QEC) featuring spontaneous, or passive, correction. The passive QEC method specifically designs the friction or dissipation experienced by a quantum bit (qubit). UMass Amherst's Chen Wang said, "Although our experiment is still a rather rudimentary demonstration, we have finally fulfilled this counterintuitive theoretical possibility of dissipative QEC. Looking forward, the implication is that there may be more avenues to protect our qubits from errors and do so less expensively. Therefore, this experiment raises the outlook of potentially building a useful fault-tolerant quantum computer in the mid to long run." https://www.umass.edu/newsoffice/article/umass-amherst-team-helps-demonstrate ------------------------------ Date: February 19, 2021 at 11:43:12 AM GMT+9 From: rod van meter <rdviii () gmail com> Subject: Quantum networking progress ( [Via David Farber's IP] New paper (though not yet peer reviewed) from TU Delft, the leading experimental group using solid state qubit memories connected via single photons: https://arxiv.org/abs/2102.04471 And this interested Nature enough that they have a news article on it, quoting yours truly: https://www.nature.com/articles/d41586-021-00420-5 This is important because it's the first time that coupling entanglement across more than one hop has been done using solid state memories. ------------------------------ Date: Fri, 19 Feb 2021 12:40:31 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: New Approach to 3D Printing of Human Tissue Closer to Reality (Brian P. Dunleavy) Brian P. Dunleavy, UPI, 16 Feb 2021 via ACM TechNews; Friday, February 19, 2021 Carnegie Mellon University researchers have developed a new approach to three-dimensional (3D) bioprinting that fixes problems caused by gravity in the bioinks. The Freefrom Reversible Embedding of Suspended Hydrogels approach involves 3D printing in a "support bath," which holds the bioinks in place until they are cured and provides an environment that maintains high cell viability. Use of the support bath overcomes the challenges of 3D printing soft materials in air, as gravity distorts soft and liquid bioinks that are deposited in a layer-by-layer manner using a syringe pump. Although the technology already has been used to bioprint functional heart valves and contractile cardiac ventricles, Carnegie Mellon's Daniel J. Shiwarski said clinical use of printed tissue is "still years away." https://www.upi.com/Health_News/2021/02/16/Study-New-approach-to-3D-printing-of-human-tissue-closer-to-reality/3211613494678/ ------------------------------ Date: Sun, 21 Feb 2021 12:32:11 PST From: Peter Neumann <neumann () csl sri com> Subject: John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied. https://www.vice.com/en/article/v7m8mx/john-deere-promised-farmers-it-would-make-tractors-easy-to-repair-it-lied ------------------------------ Date: Fri, 19 Feb 2021 19:09:11 -0500 (EST) From: Mark Brader <msb () Vex Net> Subject: Re: Texas vs FERC's "best practices" for anticipating disasters (RISKS-32.50)
In our RISKS-related archives is also a major six-week complete power-outage disaster in Quebec in the winter of 1996-1997 when transmission towers froze and collapsed from the weight of ice under the prolonged hard freeze, and the outage lasted for months... (Surely, cold weather was not a surprise there.)
Prolonged cold weather was not a surprise, but what they hadn't planned for was prolonged *freezing rain*. http://gizmodo.com/that-time-a-canadian-town-derailed-a-diesel-train-and-d-1846307148 [Similar comment from Neil Youngman. PGN] ------------------------------ Date: Sat, 20 Feb 2021 12:51:50 +0200 From: Amos Shapir <amos083 () gmail com> Subject: Re: U.S. Water Supply Has Few Protections Against Hacking (RISKS-32.50) It seems that no notice was taken of a similar incident in Israel in April 2020; the attack (trying to increase chlorine level in water supply) and infiltration method (taking over the controlling OS by remote access) may indicate that the same hackers were involved. https://www.timesofisrael.com/6-facilities-said-hit-in-irans-cyberattack-on-israels-water-system-in-april/ ------------------------------ Date: Sat, 20 Feb 2021 13:16:56 +0200 From: Amos Shapir <amos083 () gmail com> Subject: Re: "Vaccine" passport? (RISKS-32.50) FWIW, I just received my Israeli "Green Passport". It is distributed as a PDF document, containing (plain text on a green background): Name (in Hebrew and English), ID number, passport number, DOB, date of inoculation (which is one week after receiving 2nd dose) and expiration date (6 months later). Then there are details of each dose: Date, type (Pfizer), production (BNT162b2, probably BioNtech), batch number, and health provider organization which administered it. There is also a QR code containing (in base64-encoded plain text) XML code of the fields: "idType" (probably indicating Israeli ID or foreign passport), "idNum", "certNum" (a hex value, which doesn't appear on the card itself), "fullName" (in Hebrew only), "immunedSince" (date value) "expirationDate" (date value). It seems that the "certNum" field is an attempt at validation, but it's unclear how it may be used. ------------------------------ Date: Sat, 20 Feb 2021 16:48:47 -0800 From: "Jim" <jgeissman () socal rr com> Subject: Re: Incredibly poor software design costs Citigroup $500M (RISKS-32.50) The interface reminds one of programming a computer from the 1950s by setting the console switches. It probably made sense to the designer, though, because he knew too much about the process. Take-away: Double-check the expert's ideas. (And double-check transactions that represent a large loss.) ------------------------------ Date: 20 Feb 2021 13:36:04 -0500 From: "John Levine" <johnl () iecc com> Subject: Re: Gorilla COVID risks (CNN, RISKS-32.50)
Tourists who take selfies with wild mountain gorillas could put the primates at risk of developing Covid-19, according to new research.
Funny you should mention that. Today's NY Times has a piece on the gorillas at the San Diego Safari Park, the open air annex to the SD Zoo. The noises of nature sometimes carry broader meanings. The howl of a wolf signifies that wildness endures. The gronk of Canada geese moving south overhead reminds Americans to brace for winter. The sound of a coughing gorilla signals that Covid-19 is an even bigger problem than we thought. ... https://www.nytimes.com/2021/02/19/opinion/covid-symptoms-gorillas.html https://www.nytimes.com/2021/01/11/us/gorillas-coronavirus-san-diego.html ------------------------------ Date: 20 Feb 2021 15:22:30 -0500 From: "John Levine" <johnl () iecc com> Subject: Re: Spy pixels in emails have become endemic' (BBC News) Risks of press releases! If you read the article, you'll see it's actually a thinly rewritten press release for a commercial service that purports to block web bugs, the standard name for what he calls "spy pixels." They are annoying and creepy, but they are very much not news. Here's a description of them the EFF published over 20 years ago: https://web.archive.org/web/20010729060646/www.eff.org/Privacy/Marketing/web_bug.html They're also not hard to avoid. Mail programs like Thunderbird only load images from senders who you've marked as friendly. I still use Alpine to read my mail. Since it runs in a terminal window, it doesn't render images at all, just shows you where they are in the message and what they point to. The least malicious excuse for them I've seen for web bugs is that smart marketers use them to see who is reading their mail, and stop sending mail to people who consistently don't open the message. I'm not sure how persuasive that is, but it does have some plausible benefit. Oh, and the strangest thing is that in most cases they're completely pointless. Any image in any HTML mail message can be used to track who is opening the mail. (I did some experiments a while back.) Why point an arrow at yourself by using an obvious transparent 1x1 image? ------------------------------ Date: Sun, 21 Feb 2021 10:00:06 +0100 From: Anthony Thorn <anthony.thorn () atss ch> Subject: Re: Japanese contact tracing software: Update on Cocoa bug (Ishikawa, RISKS-32.50) Kyosuke Yamamoto, Asahi, 19 Feb 2021 Japan's defective contact-tracing app COCOA gets bug fix update http://www.asahi.com/ajw/articles/14203456 Bugs have been fixed in Japan's COVID-19 contact-tracing smartphone app COCOA, the health ministry announced 18 Feb, starting distribution of the updated version the same day. COCOA, introduced to alert users if they come into close contact with someone who has tested positive for COVID-19, had failed to send Android users notifications since the end of last September. Despite the correction, users still will have to restart the app once a day for it to operate properly. The new version also fixes two other previously unpublicized bugs, one that kept some iPhone users from getting notifications depending on their OS version, and one that initialized the app on some mobile phones, mostly iPhones, after it had been used for a while. The ministry had said on 3 Feb 2021 that bugs were not reported among iPhone users. In announcing the new update, the ministry asked Android users to update their phones to the corrected version and to restart the app once a day and asked iPhone users to update to the latest iOS14. also: http://www.asahi.com/ajw/articles/14191936 http://www.asahi.com/ajw/articles/14162695 ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.51 ************************
Current thread:
- Risks Digest 32.51 RISKS List Owner (Feb 22)