Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
http://www.nytimes.com/2018/07/20/business/energy-environment/california-energy-grid-jerry-brown-plan.html Two decades ago, a new approach to power delivery led to blackouts. Now the state is considering another energy makeover: a regional electric grid.
http://www.npr.org/2018/07/19/630443485/reporter-shows-the-links-between-the-men-behind-brexit-and-the-trump-campaign
Blackouts could have been caused after the networks of trusted vendors were easily penetrated http://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110
“Existing email analysis solutions only analyze specific email elements using rule-based methods, and don't analyze other important parts,'' said Nir Nissim, head of the David and Janet Polak Family Malware Lab at the cyber department of the university. Antivirus software solutions mainly use “signature-based detection methods, and therefore are insufficient for detecting new, unknown malicious emails.'' The new method, called Email-Sec-360, was developed by Aviad Cohen, a PhD student and researcher at the BGU Malware Lab. The research, published in the scientific journal Expert Systems with Applications, is based on machine learning methods and makes use of 100 general descriptive features extracted from the various components of emails, including the header, its body and attachments. The methodology provides “enhanced threat detection in real time,'' the statement said. http://www.timesofisrael.com/israeli-researchers-say-they-have-found-better-way-to-weed-out-malicious-emails/ Perhaps too narrow and general description of "existing" solutions and too excited about "machine learning methods and makes use of 100 general descriptive features".
A pair of Israeli researchers found a flaw in the encryption scheme securing *Bluetooth* file transfers that could allow hackers to steal data. Many device makers have already issued security patches, so make sure your phone software is up to date. http://click.email.fortune.com/%3Fqs%3Dd1f8604be7a3b4e712c2efab3dea9a016c9c10ce3936774f1ab2ce11061b7dd2c6d1849421a60e597918a8a2b90dfdf2328e6f4acee9ba96
*Out of the frying pan*. The once-ubiquitous (and hated by Steve Jobs) web display software known as *Flash* is going away in less than two years, according to its maker, *Adobe*. But the U.S. government hasn't got the message, prompting Sen. Ron Wyden to send a letter to three federal agencies to get a move on removing Flash pronto. The software has "serious, largely unfixable cybersecurity issues," Wyden wrote. http://click.email.fortune.com/%3Fqs%3De4b25fc39f5bb39138b88ad39157f5cb3af50e9d9898dd83818b237ac60ab63c68e7946cc6295350040d105c0cac7bee5a976b7cdaf297ce
Ars Technica (07/25/18) Dan Goodin via ACM TechNews, Monday, July 30, 2018 A study from the Technion-Israel Institute of Technology warns of a decade-old bug in the Bluetooth specification that allows hackers to intercept and tamper with data shared wirelessly through man-in-the-middle attacks on the link between devices. Not only can hackers view the data, but they can forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website. Says security engineer JP Smith, "This attack lets an attacker who can read and modify Bluetooth traffic during pairing force the key to be something they know." The researchers say the attack is enabled by two design flaws: one involves sending both the x-coordinate and the y-coordinate during the public key exchange, while the other is the protocol's authentication of only the x-coordinate. http://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1c2c9x21684dx072162%26
http://www.nytimes.com/2018/07/27/opinion/columnists/traffic-deaths-driverless-cars.html "But the current mismatch between the attention to driverless cars and the attention to driver-operated cars is a big mistake. We're acting as if the status quo is fine, and the only problem is some risky newfangled technology. In reality, the status quo is a public- health crisis, and a preventable one. "Today, another 100 or so Americans—many of them young and healthy -- will likely die in human-driven vehicle crashes. Even more Americans are likely to die on Saturday, the deadliest day of the week on the roads. The terrible toll will continue every day after that, until we decide to do something about it." ~100 deaths per day from carbon-based drivers v. 3 documented silicon- related vehicle deaths to date. Risk is usually characterized by severity (critical, high, medium, low) and probability (high, medium, low) attributes. One alternative characterization is RISK = HAZARD + OUTRAGE. This expression clearly quantifies a risk: (1) a known hazard; and, (2) accompanying outrage if/when the hazard materializes (http://www.psandman.com/articles/amsa.htm) By the 2nd risks characterization, AV hazard is trivial compared to daily experience, but each AV incident is disproportionately accorded hyperbolic viral media attention (exponentiated outrage).
(The New York Times, 26 Jul 2018) http://www.nytimes.com/2018/07/26/business/digital-license-plates.html Another Internet of mistakes target awaiting exploitation by a botnet near you.
via NNSquad http://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/ Identity theft protection firm LifeLock—a company that's built a name for itself based on the promise of helping consumers protect their identities online—may have actually exposed customers to additional attacks from ID thieves and phishers. The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company. Pretty much the oldest trick in the book, too. [Gabe Goldberg noted that *LifeLock* wasn't protecting its customers' email addresses, which could be seen on the web. The service went offline briefly on Wednesday to fix the leaky web page. http://click.email.fortune.com/%3Fqs%3De4b25fc39f5bb391bfe9e1596dce033645918d9c6d91757b3a9dbc32dd2e69815ab646f0294ba4332849e9e59bc1e9a671bbe9ebd8f5ac95 ]
http://www.nytimes.com/2018/07/29/business/for-sale-survey-data-on-millions-of-high-school-students.html College-planning surveys give a peek into the opaque and little-regulated market of data-mining of minors.
http://www.manatt.com/Insights/Newsletters/TCPA-Connect/First-Ringless-Voicemail-Message-TCPA-Decision-Sid
http://www.thecaterer.com/articles/531764/travelodge-data-hacked-in-security-incident
http://www.kwch.com/content/news/Indictment-Man-Behind-Cyberattacks--Was-Working-for-Wichita-Lawyer-488441491.html
Monika Glennon has lived in Huntsville, Alabama, for the last 12 years. Other than a strong Polish accent, she fits a certain stereotype of the All-American life. She's blonde. Her husband is a veteran Marine. Her two children, a boy and a girl, joined the military as adults. She sells houses -- she's a real estate agent at Re/Max—helping others realize their own American dream. But in September 2015, she was suddenly plunged into an American nightmare. She got a call at 6 a.m. one morning from a colleague at Re/Max telling her something terrible had been posted about her on the Re/Max Facebook page. Glennon thought at first she meant that a client had left her a bad review, but it turned out to be much worse than that. http://gizmodo.com/when-a-stranger-decides-to-destroy-your-life-1827546385 The risk? People.
Some land rovers can be linked to an account allowing to track them, unlock them and more. It has to be transferred / disabled on car sale, if you don't forget about it and/or go through an official car dealer... Else the first owner keeps some control over the car! http://www.theregister.co.uk/2018/07/27/jaguar_land_rover_connected_car_privacy/
http://www.washingtonpost.com/technology/2018/07/24/this-company-is-building-massive-pack-robot-dogs-purchase-starting/?noredirect=on "These robots from Boston Dynamics are incredibly rugged and robust, which makes them capable of addressing the clutter and uncertainty of our chaotic human world," Srinivasa said. "Some people watching the robot on video find their capabilities scarily anthropomorphic and humanlike, but to me it shows that there is a robot I can have in my home that will not break things or harm people." This bot brings new meaning to the term "doggie breath." I wonder if it can be trained to play fetch, retrieve a newspaper, or bark at strangers? The idea of doggiebot as a household pet is unsettling. Safe for the whole family, especially cats and infants? A robot bull in a china-shop should it misinterpret a voice- communicated command (if that sensor interface is sponsored).
http://www.washingtonpost.com/technology/2018/07/25/waymo-partners-with-walmart-shuttle-customers-self-driving-cars/?noredirect=on Probably safer to send Boston Dynamics' SpotMini with a shopping list to fetch pretzels and beer than take a WayMo. (http://www.washingtonpost.com/technology/2018/07/24/this-company-is-building-massive-pack-robot-dogs-purchase-starting/>
Fun with VoIP... -------- Forwarded Message -------- > Subject: If you have Cox phone service you may experience trouble > contacting 9-1-1. All Fairfax County 9-1-1 functions are in service. > Date: Fri, 27 Jul 2018 17:21:43 +0000 (UTC) *This is a message from Fairfax Alerts* If you have Cox phone service you may experience trouble contacting 9-1-1. All Fairfax County 9-1-1 functions are in service. Please use a wireless phone to reach 9-1-1 if you experience trouble. Text-to-9-1-1 is also available. The cause of the issue is a Cox Communications service interruption near the area of Georgetown Pike and Bellview Road. There is not an estimated time of repair at this time.
http://arstechnica.com/gaming/2018/07/nintendo-to-rom-sites-forget-cease-and-desist-now-were-suing/
http://arstechnica.com/tech-policy/2018/07/venmos-terrible-idea/
http://www.boston.com/news/local-news/2018/07/19/boston-woman-temporarily-becomes-a-millionaire-after-an-account-mix-up
http://www.bostonglobe.com/business/2018/07/20/few-extra-zeroes-causes-big-headache/8kquT0q25v8XH6mYTzLt9N/story.html Somehow, instead of paying $182.36 and $92.60 via her online account, she paid $18,236 and $9,260. Whether she inadvertently typed in a couple of extra zeros—thus paying 100 times what she owed—or the software on her account went haywire, she doesn't know. ...
via NNSquad [UNACCEPTABLE!] St. Louis Uber driver has put video of hundreds of passengers online. Most have no idea. http://www.stltoday.com/news/local/metro/st-louis-uber-driver-has-put-video-of-hundreds-of/article_9060fd2f-f683-5321-8c67-ebba5559c753.html But there was something the women didn't know: Their driver was streaming a live video of them to the Internet, and comments from viewers were pouring in. The blonde is a 7, the brunette a 5, someone with the username "DrunkenEric" commented. "She doesn't sit like a lady though," another viewer added. "This is creepy," said another. The women are among hundreds of St. Louis area Uber passengers who have been streamed online without their knowledge by their driver, Jason Gargac, 32, of Florissant. Gargac has given about 700 rides in the area since March through Uber, plus more with Lyft. Nearly all have been streamed to his channel on Twitch, a live video website popular with video gamers where Gargac goes by the username "JustSmurf." Passengers have included children, drunk college students and unwitting public figures such as a KSDK reporter and Jerry Cantrell, lead guitarist with the band Alice in Chains. First names, and occasionally full names, are revealed. Homes are shown. Passengers have thrown up, kissed, talked trash about relatives and friends and complained about their bosses in Gargac's truck. All the while, an unseen online audience watches, evaluating women's bodies, judging parents and mocking conversations. UNACCEPTABLE! Irrespective of the legality, Uber, Lyft, and other similar services must ban this practice among their drivers, or face serious repercussions going forward. Drivers violating such bans must be excised from the services. This must be dealt with IMMEDIATELY or these services risk losing all trust from their passengers.
http://www.nytimes.com/2018/07/21/technology/china-future-robot-waiters.html Whereas comp.risks readers are generally inured (or incensed) by technology's weaknesses and vulnerabilities, the PRC's population embraces robotic service deployment. Novelty impresses, especially if there's an yuan to earn from it. "Waiters said their automated counterparts caused more work than they saved. The robots take trays of food out to customers, but are unable to lower them to the table. Real waiters stand back so photos and videos can be taken before shuffling in and serving food the old-fashioned way. "The robots also break down. Three times during an hour lunch, a waiter had to lean a robot on its side and take a blowtorch to the undercarriage to burn out food and trash caught in its axles. When asked whether he was worried that the robots would take his job, the waiter laughed. "Still, patrons were impressed. "I've just been to America, and I didn't see many new things at all," said Xie Aijuan, a retiree in her 50s. "I don't think they have anything like robotic restaurants there." "China is surpassing America," agreed her dining companion, Zhuang Jiazheng. "Robots are coming. Tech is advancing. It's all a matter of time." A Caesar salad served by R2D2 today, and a killbot tomorrow. PRC investors, especially the government, look long term for returns. Will a no-op robot restaurant open in the US? When customers assent to restaurant owner indemnification against a hot bouillabaisse spill or flambe' by Bananas Foster.
via NNSquad http://www.wired.com/story/dropbox-sharing-data-study-ethics/ But it still appears this research was conducted without the express consent of the thousands of customers whose information Dropbox and the researchers accessed (the HBR article originally suggested that 400,000 users' data was analyzed, while Dropbox says that the study dealt with data from 16,000 customers). Late Tuesday HBR added a second editors' note indicating that the researchers started with information on 400,000 "unique users" but pared the data set down to 16,000 after incorporating data from Web of Science. HBR editors also updated the article to indicate that it wasn't 1,000 universities that were included, but rather 1,000 separate departments. Informed consent, one of the cornerstones of academic research, is one of the things that got Facebook in so much trouble back in 2014 ...
<http://www.dropbox.com/privacy> Dropbox representatives told WIRED that users gave consent when they agreed to the company's privacy terms and pointed to a section of that policy about how data will be used to improve Dropbox services. That section reads: "We collect information related to how you use the Services, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Services, develop new services and features, and protect Dropbox users." They also pointed to language about sharing data with third parties, which says "Dropbox uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our Services." Exactly how the study improved Dropbox services was not clear from the HBR article or the Dropbox blog post, though Dropbox representatives told WIRED the insights into how teams collaborate would help the company design better features. http://www.wired.com/story/dropbox-sharing-data-study-ethics/
Google Translate is moonlighting as a deranged oracle—and experts say it's likely because of the spooky nature of neural networks. http://motherboard.vice.com/en_us/article/j5npeg/why-is-google-translate-spitting-out-sinister-religious-prophecies Garbage in, "gospel" out? Which other neural networks can be corrupted by nonsense? Maybe Star Trek had it right, Kirk destroying evil computers by feeding them jabberwocky...
http://boingboing.net/2018/07/22/adversarial-interop.html
http://www.wired.com/story/google-safe-browsing-oral-history/
http://www.thisisinsider.com/orrin-hatch-tweeted-google-not-dead-2018-7 Hmm, Wikipedia isn't gospel; who knew...
A Nationals spokeswoman said the team is aware of the racially insensitive and homophobic tweets and is gathering more information. http://www.washingtonpost.com/news/nationals-journal/wp/2018/07/29/nationals-trea-turner-is-the-latest-mlb-player-to-have-ugly-tweets-uncovered/
The second-year Atlanta starter's roller coaster Sunday capped a far more eventful late-July MLB series than usual. http://www.washingtonpost.com/news/early-lead/wp/2018/07/29/braves-sean-newcomb-addresses-ugly-old-tweets-right-after-just-missing-a-no-hitter/
Distribution of the schematics allowing people to make homemade guns is protected by the First Amendment, the company argues. http://www.washingtonpost.com/news/morning-mix/wp/2018/07/30/data-allowing-people-to-print-out-their-own-guns-temporarily-blocked-from-internet-in-pa-after-legal-pressure/
Dmitri Maziuk says "I'm not quite sure what makes med AI coders so different" from medical researchers, but the difference is in the stage of the activity (routine vs. experimental), not in the personnel. Medical research (clinical trials) is regulated differently from medical practice, and the ethical restrictions are different, too, RCTs are tightly regulated (by FDA, Health Canada, EMEA, or similar bodies in other countries) and by Institutional Review Boards, with ethicists chiming in on every detail. Medical practice is loosely regulated by state licensing boards and hospital committees, with practitioners mostly left to practice as they see fit. The extreme case is first-in-man trials of a new drug. They offer no benefit to the subjects, who usually don't have the disease that the drug is hoped to treat. I'm glad that there are people who will volunteer to be subjects in those trials, but no one could be forced to do it. Maziuk reports that El Al maintenance crews are required to be passengers, but they are presumably not required to be test pilots. Robert R. Fenichel, M.D., http://www.fenichel.net
replying to Richard M Stein Subject: The cameras that know if you're happy - or a threat (bbc.com) "This technology motivates the old aphorism to "Keep smiling, the boss likes idiots." Starbuck's already does that: hires and rewards people who smile. A lot. All the time. http://valuesdrivenresults.com/starbucks-hires-best/ ***** replying to Richard M Stein Subject: China Expands Surveillance of Sewage to Police Illegal Drug Use "April Fools for 2019: The PRC expands surveillance to detect halitosis and BO." 1) Bad breath can be indicative of medical problems (cavities), but the term "halitosis" was allegedly a marketing ploy: http://www.smithsonianmag.com/smart-news/marketing-campaign-invented-halitosis-180954082/ 2) Homeless people are being harassed more than ever. Everywhere. In some countries, it is illegal to be homeless where the police will harass and beat them with impunity. There are already sensors to deter folks from using elevators as restrooms. I fear data and sensor fusion will make a more hostile environment for the already desperate: http://en.wikipedia.org/wiki/Anti-homelessness_legislation On the bright side, in Elizabeth NJ "2 homeless men found bombs, saved lives" http://www.nj.com/union/index.ssf/2016/09/homeless_men_found_bombs_saved_lives_walked_with_a.html ***** replying to Benoit Goas Subject: Micro SD cards silently switching to read-only when they're "too old" "The 64G Patriot micro SD ... just decided to turn itself into a read-only memory card." That seems like a reasonable fail-safe to the end of life condition, but 1) as mentioned, most software/firmware does not detect the condition 2) when it switches from read/write to read-only, I fear some file system data might not get written, leading to unrepairable inconsistencies. The operating system understands what data is higher priority but the SD card probably cannot infer that. 3) it's a lot better than the way hard drives tend to fail so catastrophically that all data is lost. ***** replying to Benoit Goas Subject: Birds are making expensive roaming calls (The Register) "A new risk when tracking birds (or any other kind of stuff): someone manage to recover the SIM card from the tracker, and used it!" A bright side of IoT: some cellphone providers have SIM card plans for low data usage, perhaps with usage caps such as texting/SMS only. ***** replying to Monty Solomon Subject: Robo-calls are getting worse. Some **** thinks that engineers want to get phone calls and talk about their trade-journal subscriptions instead of just completing a bingo-card or web form. That's why I rarely answer my phone during the day. The moment I answer ONE call, I'm flooded with more. I suspect I'm flagged on their sucker's list: answer one call and obviously you're interested in more. All day. They're poisoning their own well. ***** replying to Benoit Goas Subject: We're not allowed to die anymore (NYTimes) "In the same kind of problems, a(n old) friend of mine died recently, and facebook want me to organize an event for his birthday" 1) Consider http://leonardbernstein.com/at100 Leonard Bernstein at 100 is the world-wide celebration of the 100th birthday of Leonard Bernstein, the composer, conductor, educator, musician, cultural ambassador, and humanitarian, officially beginning on August 25, 2017 2) Not only the famous get such consideration. Several friends have recently died. Friends and family want their Internet social-media to remain intact to remember and honor them. 3) the Jewish "unveiling" ceremony honors the deceased, normally a year after the burial. My take is that it's mostly for the family to remember and honor the person, not to forget them.
Please report problems with the web pages to the maintainer