Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Australian news] It's in the mail: how submarine secrets surfaced in Australia In late April 2013 a Sydney postman reached into his satchel and pulled out a small envelope containing the secrets of India's new submarine fleet. ... This week the contents of that disk have become front-page news in Australia, India and France as each country grapples with the ramifications of an Edward Snowden-style leak of confidential documents disclosing the entire secret combat capability of India's new Scorpene-class submarine fleet. rest: http://www.theaustralian.com.au/news/nation/its-in-the-mail-how-submarine-secrets-surfaced-in-australia/news-story/38f8f0c1d78fcbb358581cf27819acfb?utm_content=buffer28bf2&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
Last June the Defense Science Board released a study on the application of autonomy to DoD missions. The report is available at: https://www.hsdl.org/?abstract&did=3D794641 The abstract reads as follows: At the request of the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)), the Defense Science Board (DSB) conducted a study on the applicability of autonomy to Department of Defense (DoD) missions. The study concluded that there are both substantial operational benefits and potential perils associated with the use of autonomy. Autonomy delivers significant military value, including opportunities to reduce the number of warfighters in harm's way, increase the quality and speed of decisions in time-critical operations, and enable new missions that would otherwise be impossible. Autonomy is by no means new to the DoD. Fielded capabilities demonstrate ongoing progress in embedding autonomous functionality into systems, and many development programs already underway include an increasingly sophisticated use of autonomy. Autonomy also delivers significant value a diverse array of global markets. Both enabling technologies and commercial applications are advancing rapidly in response to market opportunities. Autonomy is becoming a ubiquitous enabling capability for products spanning a spectrum from expert advisory systems to autonomous vehicles. Commercial market forces are accelerating progress, providing opportunities for DoD to leverage the investments of others, while also providing substantial capabilities to potential adversaries. This study concluded that DoD must accelerate its exploitation of autonomy--both to realize the potential military value and to remain ahead of adversaries who also will exploit its operational benefits.
http://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html The NSO Group sells expensive surveillance tools for criminal and terrorism inquiries, but critics say they are also used to track journalists and rights activists. [Sunday's edition of *60 Minutes* rebroadcast the 17 Apr 2016 segment showing Karsten Nohl in Germany hacking a Congressman's cellphone as part of a long video segment showing how easy it was to hack almost everything. It's still timely, even if just one more reminder. PGN]
http://www.slate.com/articles/news_and_politics/war_stories/2016/08/what_we_can_learn_from_the_cyberattack_on_the_dnc.html
Tekla S. Perry, *IEEE Spectrum*, 2 Sep 2016 http://spectrum.ieee.org/view-from-the-valley/computing/it/facebook-engineers-crash-data-centers-in-realworld-stress-test In 2014, [Jay] Parikh decided Project Storm was ready for a real-world test: The team would take down an actual data center during a normal working day and see if they could orchestrate the traffic shift smoothly. Other Facebook leaders didn't think he'd actually do it, Parikh recalls. “I was having coffee with a colleague just before the first drill. He said, "You're not going to go through with it; you've done all the prep work, so you're done, right?" I told him, "There's only one way to find out—if it works." ''
http://www.nytimes.com/2016/09/04/opinion/sunday/youre-how-old-well-be-in-touch.html?_r=0 This weekend's New York Times op-ed about the ageism people over 50 face in the workplace includes a charming anecdote via JK Scheinberg, the esteemed Apple engineer who got Mac OS running on Intel processors. A little restless after retiring in 2008, at 54, he figured he'd be a great fit for a position at an Apple store Genius Bar, despite being twice as old as anyone else at the group interview. "On the way out, all three of the interviewers singled me out and said, 'We'll be in touch,' " he said. "I never heard back."
Elizabeth Harrington, *FreeBeacon* via SlashDot, 2 Sep 2016 https://news.slashdot.org/story/16/09/02/226226/feds-spend-nearly-500k-to-combat-online-trolling *Washington Free Beacon* reports:"The National Science Foundation is spending roughly half a million dollars to combat 'online trolling <http://freebeacon.com/issues/feds-spend-499571-combat-online-trolling/>.' A joint project by Northwestern and Northeastern universities is examining how to create 'trolling-free environments' on The Internet. The researchers define online trolls as those who try to influence public opinion by boosting 'misleading' and 'inauthentic comments.'" Just how can the "misleading" and "inauthentic" speech be eliminated by the government without violating the First Amendment?* [...]
[NSF-studies are not obvious topics to call attention to in RISKS, but when reading "to improve voice-command software" (Apple's Siri) and "high-stakes settings" (road/air/space travel?) I thought of failures (misunderstandings?!?). Elizabeth Harrington, *FreeBeacon*, 2 Sep 2016 Feds Spend $333,989 Studying Conversations http://freebeacon.com/issues/feds-spend-333989-studying-conversations/> The National Science Foundation is spending over $300,000 studying conversations, saying that little is known about how people communicate with each other. Research by Vanderbilt University began last month into the conversations of high school students and the elderly. <https://nsf.gov/awardsearch/showAward?AWD_ID=1556700&HistoricalAwards=false>
The solution (from the article): "D.C. emergency officials plan to add more security and signage to limit access to the button involved in the outage." What could possibly go wrong with that?
Fahmida Y. Rashid, *InfoWorld* 2 Sep 2016 The vulnerability, which Google has patched, could let attackers obtain the password for locked Nexus 5X devices and easily access device contents http://www.infoworld.com/article/3116149/security/google-patches-critical-bug-on-android-nexus-5x-devices.html opening text: Google's Android security team patched a critical vulnerability in the company's Nexus 5X devices which would have let attackers bypass the lockscreen. An attacker who successfully triggered the vulnerability would be able to obtain data stored on the device via a forced memory dump, according to researchers from the IBM's X-Force team.
Ian Paul, PC World, 2 Sep 2016 After reports of the Galaxy Note 7 "exploding," Samsung halted shipments of the device in the company's home country. http://www.pcworld.com/article/3114766/android/samsung-halts-galaxy-note-7-shipments-after-reports-of-exploding-devices.html In response to concerns over defective batteries prone to explosion, Samsung has offered to exchange current Note 7 phones with a new Note 7—as early as next week. Current Note 7 owners can also immediately opt to exchange their phones for a Galaxy S7 or S7 Edge and pocket the price difference. Note 7 owners can also receive a $25 gift card or bill credit within the exchange program. Go here for more details on Note 7 exchanges. Later: Samsung issued an official statement on Friday regarding the Galaxy Note 7. The company says it has halted sales of the phablet worldwide, and that previously sold devices will be replaced *in the coming weeks.* The company says that a battery cell issue resulted in 35 reported problems worldwide with the Galaxy Note 7. Samsung's statement does not explain what those issues were ... [See article for the details.]
https://www.consumer.ftc.gov/blog/what-your-phone-telling-your-rental-car August 30, 2016 Lisa Weintraub Schifferle Attorney, FTC, Division of Consumer & Business Education When I rent a car, it's fun to get all the bells and whistles like navigation, hands-free calls and texts, streaming music and even web browsing. But did you know that cars with these features might keep your personal information, long after you've returned your rental car? Here are some things to keep in mind when renting a connected car. What happens when you rent a connected car? When you use the car's infotainment system, it may store personal information. It may keep locations you entered in GPS or visited when travelling [sic] in the rental car—like where you work or live. If you connect a mobile device, the car may also keep your mobile phone number, call and message logs, or even contacts and text messages. Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers. [Also noted by Gabe Goldberg. PGN]
My son sent me a screenshot from a WhatsApp popup. It clearly says that they won't share phone numbers, even if he agrees to share account information. So are they sharing (and lying) or not? [Attachment omitted for RISKS. Check with Martyn if you want a copy. PGN]
I'd like to suggest that this is evidence that counter-phishing training is working astoundingly well. We have constructed computer systems in which clicking on things is how you get things done, in which clicking on things is essential to both doing your job, watching cute cats, and becoming outraged by the latest outrage. (The wisdom of this design is subject to debate, that we have designed things this way is not.) The broad world trains people to click, and rewards them for doing so. Cormac Herley, in "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users" points out that "if users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two orders of magnitude greater than all phishing losses." That counter-phishing training created a situation in which people didn't click is an astounding achievement. Of course, we could design technical systems which detect that you that you've never before heard from this correspondent, that you have never received email from their domain, that the link goes to a domain you have never visited, and so reduce the need for such training and the effort involved in evaluation.
Perhaps there are separate keys as on the Segway (which I think were just speed limits / expertise level). Or some menu to "choose driver profile" so even the profiled driver can choose NOT to use auto-preferences when it's raining, snowing, etc. But what of the "right to be forgotten" erase button? Will the data stay local, or be shared with the ever-helpful IoT? Considering the popularity of insurance-company motor-vehicle spy-modules, what of privacy such as "pops wheelies on highway", speed profiles, etc. Will it auto-determine aggressive or jackass drivers?
Recent research shows that dogs process meaning in the left brain and intonation in the right brain. http://www.npr.org/sections/health-shots/2016/08/30/491935800/their-masters-voices-dogs-understand-tone-and-meaning-of-words So you can bet that humans do as well.
>http://www.alternet.org/food/how-one-gmo-nearly-took-down-planet >Extreme? Exaggerated? Valid? Can't tell. A few minutes of googlage suggests that it's nonsense. The article claims that the alcohol made by the bacterium would kill all the plants on whose roots it grew, because plants can't tolerate more than one 1 ppm of alcohol. In fact the tolerance is all over the place and many plants including food crops like maize (corn in the US) produce enzymes that can metabolize alcohol. We can certainly talk about the biological and legal issues that GMOs can cause, but the anti-GMO crowd totally ignores the fact that GMOs have concrete and well-documented benefits, notably less use of pesticides and low-till farming to reduce soil erosion. It's a trade-off, like most other technical changes, and extremists on each side are utterly unhelpful. [Trade-offs are fine—necessary to get anything done. But pro-GMO crowd totally ignores arguments [*] in favor of labeling. Sugar/fat/etc. content is shown on labels, why not GMOs, even given they're so far deemed benign? I think resistance to labeling hinders acceptance. Foods are labeled kosher, people don't resist them; try it for GMOs too. Gabe Goldberg] [* They aren't arguments, they're assertions. A lot of us think that the goal of GMO labeling is to scare people, not to inform them. If there are indeed dangers to GMOs, they are better dealt with at the farm where issues like jumping to weeds can be addressed, not at the grocery store where they can't. How about if they said this: "this product contains genetically modified ingredients, which decades of research have shown to be safe to eat" That is at least true. John Levine PS: I see a lot of potato chips and such that say in smallish type on the back that they contain GMOs, so you might be right that most people don't care.] [Argument is for right to know, regardless of safety—separate from any assertions about non-safety. Realistically, resisting labeling supports conspiracy theories: if GMOs are so safe, why are they so militant about NOT labeling them; what are they hiding? I'm not arguing against GMOs; I don't know enough to have a position except that apparently they're currently deemed safe by most credible experts. But I believe in label disclosures *and* that resisting labeling is counter-productive for acceptance. Gabe Goldberg] [This topic was marginally relevant to begin with, but now I'm blowing the whistle. PGN]
http://www.nature.com/nbt/journal/v19/n4/full/nbt0401_292.html (April 2001) On March 6, an Oregon State University researcher Elaine Ingham and the New Zealand Green Party apologized to the New Zealand government for submitting false claims about the ecological impact of genetically modified organisms (GMOs)—a mistake that seriously undermines the green lobby's call for a moratorium on field trials of all GMOs in New Zealand. It seems clear that the microbe in question does kill wheat, under some circumstances. This is bad, but not enough for it to "take down the planet". How close it was to actually being used outside of a lab seems to have been exaggerated. The risk? Corrections to articles don't get as widely distributed. [This one evidently does. PGN] [Indeed. Truth loses the race to rumors and lies. Gabe Goldberg]
Something that really caught my attention was when my car's voice-activated GPS unit began responding to (what it deemed) voice commands in conversations within the car. I turned off voice commands. Yes, I SIRIously turned them off.
Move along; nothing new here... In the bad old days, *all* of the "Western" hotel rooms in Moscow were bugged, so *every* visitor could assume that they were being listened to and/or watched. There's even a one-character play (American? British?) about someone staying in such a bugged Moscow hotel room, and who spends the entire play talking to the assumed, but unseen, spies. At the very end of the play, one of the listening spies becomes so involved with the main character and his/her story that spy starts talking back! Perhaps someone on this list will know the name of this play; I've been trying to recall it for decades. If you're too young to understand what was going on in the bad ol' days, I simply refer you to the [then] incredibly sophisticated and thorough bugging of the newly constructed U.S. Embassy building in Moscow [*]: http://www.nytimes.com/1988/11/15/world/the-bugged-embassy-case-what-went-wrong.html?pagewanted=all [* Non-electronic acoustically resonating and transmitting Russian-built wall panels, if I recall correctly. PGN]
Flip Feng Shui (FSS) technique Cool ! The middle (Feng) character has been flipped to an S :-)
[This book is finally available, in hardcopy, Kindle, and UK editions. As noted in my foreword reproduced here, it is highly RISKS-relevant. Publication was apparently held up because a Hollywood movie is due to be released at the end of September—even though I don't think the book played a role (!) in the film. Two relatively minor corrections are posted online: http://www.boebertandblossom.com/?page_id=251 PGN] Earl Boebert and James Blossom Deepwater Horizon: A Systems Analysis of the Macondo Disaster Harvard University Press Cambridge, Massachusetts and London, England September 2016 ISBN 978-0-674-54523-6 Book Foreword by PGN This is an extraordinary book that digs deeply into the demise of the Deepwater Horizon. Readers are likely to be On Edge in every chapter. Although this book is a factual account, it reads somewhat like a novel in being such an unusually detailed, thorough, and authoritative analysis of a disaster. It also enumerates many realistic precautions, each of which could have helped prevent the Macondo disaster. In reality there was no one weakest link; instead there were many weak links, and attention to them could have avoided what happened. The book is also unusual in the ways it explores the depth and breadth of the causal factors that can be identified throughout—involving many layers of corporate and operational personnel, and multiple factors relating to technology, management, standard practices that do not adequately cover contingencies, and much more. In this analysis of the Macondo case, these factors are clearly multidimensional, multifaceted, widely distributed, and crying out for the retrospective analysis that this book achieves. Many lessons are here for everyone involved in the exploration and production of oil and gas. But much deeper, this book is an incisive parable for almost everyone involved in risky endeavors, even in completely different areas. It stresses the importance of planning for disasters, establishing detailed monitoring practices, carefully documenting instructions for seemingly routine operations, and even more important, carefully documenting changes in what must be done to anticipate and respond to possible effects—especially whenever the risks happen to be greatly increasing in real time. Even though it can be very difficult to realistically assess dynamic changes in risks in real time, it is absolutely essential. The book's notion of the need to establish a pervasive and properly enforced "safety culture" is very timely in a world that emphasizes cost reductions and short-term optimization, to the deprecation of safety measures. Many organizations depending on life-critical systems might claim that they already have a safety culture, but it requires much more than lip service -- it requires deep awareness of issues such as those considered here. Furthermore, a similar observation also applies more generally to the need for a culture of predictable dependability and trustworthiness, whether or not human safety is a primary issue. Many computer-related endeavors require much greater reliability, resilience, security, privacy, and other mission-critical desiderata. In almost all disciplines, holistic thinking that encompasses concerns such as those considered in this book—and many more—is becoming a lost art. The need for ubiquitous risk awareness and risk avoidance (not just "risk management"), rigorous system practices, preventive maintenance, and many other factors is increasingly being widely ignored or given a much lower priority, typically in the quest for greater profits. As a consequence, the lessons of this book are enormously important in most technologically based enterprises, and are vitally compelling.
Please report problems with the web pages to the maintainer