Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
A distracted aide at an Eden Prairie assisted-living center failed to plug in a resident's heart pump at bedtime, and the man didn't live through the night, according to a state investigation released Wednesday. http://www.startribune.com/aging-resident-dies-after-eden-prairie-caregiver-forgot-to-plug-in-heart-pump/413868613/ If an alarm sounds but nobody hears it... Gabriel Goldberg, Computers and Publishing, Inc. gabe@gabegold.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433
http://www.businessinsider.com/self-driving-uber-gets-in-accident-in-tempe-arizona-2017-3
NASA's Inspector General reports: https://oig.nasa.gov/ A security patch, applied by IT staff at NASA, caused an equipment shutdown and subsequent fire that destroyed spacecraft hardware. The fire lasted 3.5 hours, unnoticed by anyone because the security patch had shut down the fire alarm systems. [The news media blame the fire on the security patch. Inspector General finds more significant faults. The Space Agency has lost track of its equipment needs. AWM] This was not an isolated incident, of bad consequences of networking hardware, without good management of the equipment's dissimilar needs.. "Vulnerability scanning used to identify software flaws, that can be exploited by an attacker, caused equipment to fail and loss of communication with an Earth science spacecraft during an orbital pass. A chilled-water heating, ventilation and air-conditioning system was disabled—which caused IT equipment reliant on it in one of NASA's data centers to be shut down after temperatures rapidly rose to more than 50 degrees centigrade. Here is the IG Feb-8 report, on above challenges: https://oig.nasa.gov/audits/reports/FY17/IG-17-011.pdf [Many industries grew with industrial control mechanisms not designed to be networked with computer systems vulnerable to malware, hacking etc. They don't have good firewalls or any cyber security protections, but in the interests of cost savings, critical infrastructure industrial systems are being included into computer networks, often without adequate thinking to protect all the devices in a cyber security risky world. US's Space Agency is one of those industries. Before networking the industrial control hardware, there were personnel familiar with its maintenance needs. If you drop those people from the payroll, you are making your outfit more vulnerable.. AWM] https://fcw.com/articles/2017/02/09/nasa-iot-problems-rockwell.aspx http://www.computing.co.uk/ctg/news/3004421/security-patch-caused-equipment-shutdown-and-fire-at-nasa?im_edp=gmail.com [Registration required] http://www.theinquirer.net/inquirer/news/3004427/nasa-equipment-shutdown-and-fire-blamed-on-rogue-security-patch Lots of NASA operations get connected to the cloud, without upper management awareness, nor approval, due to lack of good cyber security.. Here's IG Feb-7 report on that: https://oig.nasa.gov/audits/reports/FY17/IG-17-010.pdf http://www.networkworld.com/article/3167609/security/nasa-has-a-shadow-it-problem.html NASA is also involved with IoT. https://www.fedscoop.com/nasa-forays-into-the-internet-of-things/ https://www.nasa.gov/sites/default/files/atoms/files/it-talk_oct-dec2015-v1_1.pdf Iowa Senator Chuck Grassley reported, in 2007, that $ 1.9 billion in hardware was stolen, thanks to hackers into NASA. That's a significant portion of NASA's annual $ 13 billion budget. https://www.grassley.senate.gov/news/news-releases/nasa-ig-under-fire
[Note: This item comes from friend Mike Cheponis. DLH] Claire Cain Miller, *The New York Times*, 28 Mar 2017 https://www.nytimes.com/2017/03/28/upshot/evidence-that-robots-are-winning-the-race-for-american-jobs.html Who is winning the race for jobs between robots and humans? Last year, two leading economists described a future in which humans come out ahead. But now they've declared a different winner: the robots. The industry most affected by automation is manufacturing. For every robot per thousand workers, up to six workers lost their jobs and wages fell by as much as three-fourths of a percent, according to a new paper by the economists, Daron Acemoglu of M.I.T. and Pascual Restrepo of Boston University. It appears to be the first study to quantify large, direct, negative effects of robots. The paper is all the more significant because the researchers, whose work is highly regarded in their field, had been more sanguine about the effect of technology on jobs. In a paper last year, they said it was likely that increased automation would create new, better jobs, so employment and wages would eventually return to their previous levels. Just as cranes replaced dockworkers but created related jobs for engineers and financiers, the theory goes, new technology has created new jobs for software developers and data analysts. But that paper was a conceptual exercise. The new one uses real-world data -- and suggests a more pessimistic future. The researchers said they were surprised to see very little employment increase in other occupations to offset the job losses in manufacturing. That increase could still happen, they said, but for now there are large numbers of people out of work, with no clear path forward—especially blue-collar men without college degrees. Acemoglu: “The conclusion is that even if overall employment and wages recover, there will be losers in the process, and it's going to take a very long time for these communities to recover. If you've worked in Detroit for 10 years, you don't have the skills to go into health care. The market economy is not going to create the jobs by itself for these workers who are bearing the brunt of the change.'' The paper's evidence of job displacement from technology contrasts with a comment from the Treasury secretary, Steve Mnuchin, who said at an Axios event last week that artificial intelligence's displacement of human jobs was “not even on our radar screen,'' and “50 to 100 more years'' away. (Not all robots use artificial intelligence, but a panel of experts -- polled by the M.I.T. Initiative on the Digital Economy in reaction to Mr. Mnuchin's comments—expressed the same broad concern of major job displacement.) The paper also helps explain a mystery that has been puzzling economists: why, if machines are replacing human workers, productivity hasn't been increasing. In manufacturing, productivity has been increasing more than elsewhere—and now we see evidence of it in the employment data, too. The study analyzed the effect of industrial robots in local labor markets in the United States. Robots are to blame for up to 670,000 lost manufacturing jobs between 1990 and 2007, it concluded, and that number will rise because industrial robots are expected to quadruple. [...]
https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/
NNSquad https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-sell-your-web-browsing-history-to-advertisers/ The US Senate today voted to eliminate broadband privacy rules that would have required ISPs to get consumers' explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies. The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. The Senate today used its power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect" and to prevent the FCC from issuing similar regulations in the future. The House, also controlled by Republicans, would need to vote on the measure before the privacy rules are officially eliminated. President Trump could also preserve the privacy rules by issuing a veto. If the House and Trump agree with the Senate's action, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers.
via NNSquad https://arstechnica.com/tech-policy/2017/03/for-sale-your-private-browsing-history/ The House of Representatives voted today to eliminate ISP privacy rules, following the Senate vote to take the same action last week. The legislation to kill the rules now heads to President Donald Trump for his signature or veto. The White House issued a statement today supporting the House's action, and saying that Trump's advisors will recommend that he sign the legislation. That would make the death of the Federal Communications Commission's privacy rules official. The rules issued by the FCC last year would have required ISPs to get consumers' opt-in consent before selling or sharing Web browsing history, app usage history, and other private information with advertisers and other companies. But lawmakers used their authority under the Congressional Review Act (CRA) to pass a joint resolution ensuring that the rules "shall have no force or effect" and that the FCC cannot issue similar regulations in the future.
Ben Lovejoy, 9to5mac, 27 Mar 2017 British Home Secretary Amber Rudd—in charge of police policy in the UK -- told the BBC what is quoted in the subject line. Rudd was speaking after it was revealed that Khalid Masood accessed WhatsApp two minutes before ploughing through pedestrians on Westminster Bridge in a rented car, killing three of them, before fatally stabbing a police officer guarding the Houses of Parliament. She described end-to-end encrypted messaging as used by WhatsApp and Apple's Messages app as “completely unacceptable''. https://9to5mac.com/2017/03/27/amber-rudd-british-government-apple-messages-whatsapp-end-to-end-encryption/ [The problem is of course that dumbing down communication security just for British law enforcment would also be completely unacceptable, and could even be responsible for bringing down her own government as a result of subsequent compromises! Is she Ruddy Naive? (And then I recall the former prime minister suggesting a ban an all cryptography.) PGN]
Mark Scott, *The New York Times*, 24 Mar 2017 http://www.nytimes.com/2017/03/24/technology/london-terror-attack-suspect-social-media.html
https://arstechnica.com/tech-policy/2017/03/how-police-unmasked-suspect-accused-of-sending-seizure-inducing-tweet/
https://tech.slashdot.org/story/17/03/28/213236/dji-proposes-new-electronic-license-plate-for-drones?utm_source=rss1.0mainlinkanon&utm_medium=feed Chinese drone maker DJI proposed that drones be required to transmit a unique identifier to assist law enforcement to identify operators where necessary. Anyone with an appropriate receiver could receive the ID number, but the database linking the ID with the registered owner would only be available to government agencies. Ridiculous idea—bad players would simply disable this feature—or modify it (and you can bet that it will be possible to modify it, one way or another). Handy for false flags! Luckily, the DJI page on this is in such a low contrast font that you can't read it without going blind anyway.
'Windows 10 destroyed our data!' Microsoft hauled into US court. 'Dodgy' unwanted operating system update sparks potential class-action lawsuit 24 Mar 2017 According to the complaint, Windows 10 installed itself onto plaintiff Stephanie Watson's computer without her consent and then erased data, some of it related to her work. She hired Geek Squad to repair the machine, with only partial success, and ended up having to purchase a new computer. Plaintiff Robert Saiger, the complaint says, consented to the Windows 10 update, only to have his computer stop functioning. He lost data, then lost time and money, while incurring aggravation attempting to recover the data. Plaintiff Howard Goldberg "elected to accept Windows 10 after declining over 6 months of daily prompts requesting him to download it." After three attempts to do so, the result was a non-functional computer and lost data. https://www.theregister.co.uk/2017/03/24/microsoft_windows_10_update/ [If a Win-7 user got add-on software for some activity, supported by Win-7 but not by Win-10, and uses the software sub-directories of the add-on for the associated data, then: 1. Microsoft does NOT tell the user that Win-10 does not support that stuff. 2. The Win-10 installation process erases all the non-Microsoft software, and associated sub-directory data, that won't work with Win-10. 3. The user is not told about this erasure. Other OS are much more polite to the user, giving the opportunity to save the software and data, not supported by the OS upgrade, so that the user can seek some add-on that is supported by the latest OS upgrade, and also provides a conversion path to move the data into any replacement format needed. Documentation regarding the OS upgrade also gives warning what is no longer supported, and will need some software from some from other than the OS company, to facilitate such conversions. Microsoft is not a believer in such user-friendly conversion info standards. AWM]
http://www.bbc.co.uk/news/business-38254362 There is an interesting article on the BBC website at that discusses an alternative and much more subtle version of Malware. This involves infiltrating systems and making changes to data which while being too small to notice immediately result in system failure. Their conclusion is that data integrity from start to end is just as important as any other form of security. I had a quick search through the Risks Digests and could not find any evidence of this being discussed. Has anyone any evidence that they are willing and able to discuss of this type of attack ? [Is this not just one more example of faked news, perhaps more subtle than flagrant fake news, but still disinformation. PGN]
You Should Care about the Supreme Court Case on Toner Cartridges. The verdict could have consequences on practically any purchased product. [PC printer manufacturers make most of their money selling toner & other ink systems, often at ridiculous high prices. Various 3rd party outfits sell apparently identical ink cartridges for much less money. I turn in my used cartridges to a recycling outfit, which refills them, with much lower cost to me than buying the printer manufacturer cartridges. The printer manufacturers want to put a stop to that competition, make you use theirs exclusively, then they can jack up the prices even more. https://www.hardocp.com/news/2017/03/25/you_should_care_about_supreme_court_case_on_toner_cartridges/ http://gizmodo.com/supreme-court-printer-cartridge-case-could-be-the-citiz-1793643311 http://www.scotusblog.com/case-files/cases/impression-products-inc-v-lexmark-international-inc/ <https://www.hardocp.com/news/2017/03/25/you_should_care_about_supreme_court_case_on_toner_cartridges/%0b%0bThe%20case:%0dhttp:/www.scotusblog.com/case-files/cases/impression-products-inc-v-lexmark-international-inc/%20%0b> https://consumerist.com/2017/03/23/why-you-should-care-about-the-supreme-court-case-on-toner-cartridges/
I avoid self-checkout lanes unless the queues get *very* long or I have only a single item because: 1. I'm nowhere near as fast as a trained checker in the whole scan-and-bag thing. 2. I want the checkers to keep their jobs. And I *never* use self-checkout if I have produce or anything else that needs to be weighed, because there's no way I can do the enter-the-proper-code-and-weigh the thing as a checker who has usually memorized the code for every single produce item in the store.
That looks like the same system deployed in some of their stores by Stop & Shop, a not-particularly-high-end grocery chain serving much of the U.S. Northeast: https://stopandshop.com/shopping/shopping-tools/scanit/
Please report problems with the web pages to the maintainer