The RISKS Digest
Volume 30 Issue 63

Sunday, 1st April 2018

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Google launches GoogleCoin cryptocurrency
Mark Thorson
GoogleExchange hacked, GoogleCoins worth USD$104B stolen
Mark Thorson
By 2020, More Than 30% of World's Electricity Consumption Will Be Spent Explaining Bitcoin
EFF
Celebrate The Calendar That Saved Us From Disaster
Mark Thorson
Cloudflare launches 1.1.1.1 consumer DNS service with a focus on privacy
????
Georgia Passes Anti-Infosec Legislation
EFF
Hacking voting machine vendors
CSO Online
Despite privacy concerns, Israel to put nation's medical database online
The Times of Israel
Driverless vehicles and aircraft
Michael Bacon
Virtual reality shopping is here
Gabe Goldberg
Info on RISKS (comp.risks)

Google launches GoogleCoin cryptocurrency

Mark Thorson <eee@dialup4less.com>
Sat, 31 Mar 2018 00:33:55 -0000
Mountain View (April 1, 2018)—Google today launched its GoogleCoin
cryptocurrency and the GoogleExchange for trading GoogleCoins.  Google VP of
cryptocurrencies Satoshi Nakamoto called GoogleCoin "a second-generation
cryptocurrency" that incorporates more advanced technology than any other.
"Unlike other cryptocurrencies that have no intrinsic value, GoogleCoin will
be the only currency accepted for purchasing our new premium ad placement
service, called Above The Fold.  Although GoogleExchange will be supported
with an initial endowment of 100 million GoogleCoins out of a total of 1
billion GoogleCoins that will ever exist, there is no barrier to the
creation of third-party exchanges."  In the first day's trading, GoogleCoin
surged from an initial offering price of USD$100 to close at USD$1257.


GoogleExchange hacked, GoogleCoins worth USD$104B stolen

Mark Thorson <eee@dialup4less.com>
Sun, 1 Apr 2018 00:33:55 -0000
Mountain View (March 31, 2018)—In a stunning announcement, Google VP of
cryptocurrencies admitted 83 million GoogleCoins worth over USD$104 billion
had been stolen.  "It is regrettable this occurred, however we have the
resources to make all of our customers whole.  We have temporarily closed
the exchange while we study this most unfortunate breach of our security.
We suspect Russian hackers, but it's the Internet, so it could be anybody,
like China or Israel."  No further comment was available.  A spokesman for
the Foreign Ministry of the Russian Federation called any such speculation
"unfounded" and "absurd".


By 2020, More Than 30% of World's Electricity Consumption Will Be Spent Explaining Bitcoin (EFF)

Gabe Goldberg <gabe@gabegold.com>
Sun, 1 Apr 2018 14:03:26 -0400
https://www.eff.org/pages/04/01

Scientists have released a new study claiming that if current trends
continue, nearly a third of the world's power will be used to explain how
Bitcoin works by 2020. According to experts, the amount of energy required
to download tweets, articles, and instant messages which describe what "the
blockchain" is and how "decentralized" currencies are "the future" will soon
eclipse the total amount of power used by the country of Denmark. The
authors note that the average Uber driver now spends three minutes per ride
explaining how the coin is "totally anonymous" and encouraging riders to
install Coinbase or a similar app.

Furthermore, they warn that "alt-coins" like Ethereum and Filecoin are even
more inscrutable, and explanations of them promise to waste even more time
and energy in the future.


Celebrate The Calendar That Saved Us From Disaster

Mark Thorson <eee@dialup4less.com>
Fri, 30 Mar 2018 17:48:30 -0700
It was 1999, and experts agreed that the rollover into 2000 would cause
planes to fall out of the sky, nuclear reactors to explode, the electrical
power grid to fail, and Windows to crash.  What saved us from that fate?  It
was this posting in RISKS:

  http://catless.ncl.ac.uk/Risks/20/26#subj1

Widespread adoption of the replacement for the Gregorian calendar saved us,
and now the Jubilee Year approaches.  2019 (Gregorian calendar) is 199T
(Thorson calendar).  Let us rejoice in the catastrophe averted!

However, along with the festivities, we should raise awareness that the
problem is only half-fixed.  Even today, most software does not handle dates
beyond 199Z.  We've only got a little more than 7 years to patch up all of
our software!  Let's get moving!


Cloudflare launches 1.1.1.1 consumer DNS service with a focus on privacy

Lauren Weinstein <lauren@vortex.com>
Sun, 1 Apr 2018 10:09:18 -0700
[Don't use it!]
via NNSquad
http://betanews.com/2018/04/01/cloudflare-dns-privacy-four-ones/

  Today is both Easter and April Fool's Day, making it an absolutely
  atrocious day for announcing new products. After all, on Easter, many
  people are busy with their families—it will be very easy for technology
  news to get overlooked. Not to mention, companies often announce fake
  product on April Fool's—anything announced will be questioned as being
  either real or not.  That isn't stopping Cloudflare from announcing an
  ambitious (and real) new project, however.  Today, the company announces a
  new consumer DNS service with a focus on privacy. Called "1.1.1.1." ...

Apparently this isn't an April Fool's joke.  But the privacy promises from a
firm that openly supported Nazis and other sick degenerates—and is still
making excuses for them—are worth less than nothing.  I don't trust
Cloudflare one iota.  I don't willingly deal with them in any way.


Georgia Passes Anti-Infosec Legislation (EFF)

geoff goodfellow <geoff@iconia.com>
Sat, 31 Mar 2018 10:20:39 -1000
Dave Maass, EFF, 30 Mar 2018
https://www.eff.org/deeplinks/2018/03/georgia-passes-anti-infosec-legislation

Despite the full-throated objections of the cybersecurity community, the
Georgia legislature has passed a bill that would open independent
researchers who identify vulnerabilities in computer systems to prosecution
and up to a year in jail.

EFF calls upon Georgia Gov. Nathan Deal to veto S.B. 315 as soon as it lands
on his desk.

For months, advocates such as Electronic Frontiers Georgia, have descended
on the state Capitol to oppose S.B. 315, which would create a new crime of
*unauthorized access* to computer systems. While lawmakers did make a major
concession by exempting terms of service violations under the measure—an
exception we've been asking Congress for years to carve out of the federal
Computer Fraud & Abuse Act (CFAA)—the bill stills fall short of ensuring
that researchers aren'st targeted by overzealous prosecutors. This has too
often been the case under CFAA.

“Basically, if you're looking for vulnerabilities in a non-destructive way,
even if you're ethically reporting them—especially if you're ethically
reporting them—suddenly you're a criminal if this bill passes into law,''
EFF Georgia's Scott Jones told us in February.

Andy Green, a lecturer in information security and assurance at Kennesaw
State University concurred.  “I'm putting research on hold with college
undergrad students because it may open them up to criminal penalties,''
Green told the Parallax.  “It's definitely giving me pause right now.''

Up until this week, Georgia has positioned itself as a hub for cybersecurity
research, with well-regarded university departments developing future
experts and the state investing $35 million to expand the state's
cybersecurity training complex. That is one reason it's so unfortunate that
lawmakers would pass a bill that would deliberately chill workers in the
field. Cybersecurity firms—and other tech companies—considering
relocations to Georgia will likely think twice about moving to a state that
is so hostile and short-sighted when it comes to security research. [...]

  [This is not an April Fool's item.  PGN]


Hacking voting machine vendors (CSO Online)

"J.M. Porup" <jm@porup.com>
March 31, 2018 at 2:05:30 AM GMT+9
Want to hack a voting machine? Hack the voting machine vendor first
http://www.csoonline.com/article/3267625/security/want-to-hack-a-voting-machine-hack-the-voting-machine-vendor-first.html

  Thousands of voting machine vendor employees' work emails and plaintext
  passwords appear in freely available third-party data breach dumps
  reviewed by CSO, raising questions about the security of voting machines
  and the integrity of past election results.


Despite privacy concerns, Israel to put nation's medical database online (The Times of Israel)

Gabe Goldberg <gabe@gabegold.com>
Sun, 1 Apr 2018 13:14:55 -0400
The Israeli government on Sunday approved a National Digital Health plan,
which, despite mounting privacy concerns, plans to create a digital database
of the medical files of some 9 million residents and make them available
to researchers and enterprises.

The government has vowed to protect the privacy of individuals and is
touting the NIS 1 billion ($287 million) program as a huge boon to the
medical research industry. But critics pointed to risks of a massive breach
in patient confidentiality and urged the government to slow down.

To promote the initiative, Israel will unify the existing database of the
digital medical records it has collected over a period of 20 years—which
holds the medical files of more than 98 percent of the population—to
create a single database, in which one's participation is optional, that
will help attract researchers and industry leaders from across the globe,
the Prime Minister's office said Sunday.

http://www.timesofisrael.com/despite-privacy-concerns-israel-to-put-nations-medical-database-online/


Driverless vehicles and aircraft

Michael Bacon - Grimbaldus <michael.bacon@grimbaldus.com>
Sat, 31 Mar 2018 16:59:46 +0100
The developers of driverless vehicles are currently discovering what
airliner manufacturers discovered many years ago; that humans are adaptive
and will break rules to avoid harm, and computers don't get bored with just
monitoring.

In reverse: humans get bored with the monotony of monitoring, whilst
computers will kill people unless they're programmed not to.


Virtual reality shopping is here

Gabe Goldberg <gabe@gabegold.com>
Sun, 1 Apr 2018 13:12:01 -0400
Because it involves thinking and logic, designing artificial intelligence is
not all that dissimilar from raising a child, Redding says. Like children,
these machines must be taught to differentiate right from wrong and learn
how to adapt to changing rules or circumstances.

A.I. creators are still human, which means they can be susceptible to flaws
and biases.

As an example, Redding cited research by University of Southern California
assistant communications professor Dr. Safiya U. Noble, who has written
extensively about how the algorithms used by search engines like Google
reinforce racism and sexism.

To avoid issues such as the stereotyping of black boys and girls that Noble
has chronicled in her research, companies should focus on raising A.I. that
is both explainable “ meaning that the reasoning behind its actions and
decisions can be understood by humans “ and responsible.

http://www.fairfaxtimes.com/articles/virtual-reality-shopping-is-here/article_d3985cbc-3461-11e8-9b22-63e484c3931d.html

  [Please don't expect me to be unmunging horrible URLs.  The combination of
  non-ASCII characters, various encodings, and Office 365 SafeLink munging
  has become really annoying.  Also, 90% of some messages is header crap.  PGN]

    [[I have unmunged the href URL so it now works, but I have left
    the garbage for your entertainment LFM]]

Please report problems with the web pages to the maintainer

x
Top