The RISKS Digest
Volume 31 Issue 15

Monday, 1st April 2019

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Might this be the last vestige of the British Empire?
PGN
MIT To Require 'Turing Test' for Admissions
Henry Baker
Russian interference alleged in mayor's election
Mark Thorson
ThickerThanWater[dot]com
Richard Stein
Electric seaplanes?
Rob Stein
British Airways flight lands 525 miles away from destination
USA Today
Computer outage led to flight delays for some U.S. biggest airlines
Vox
HTTPS Isn't Always As Secure As It Seems
WiReD
Twitter Network Uses Fake Accounts to Promote Netanyahu
NYTimes
Lawmakers Scrutinize Timeline for Boeing 737 MAX Software Fix
WSJ
Road safety: UK set to adopt vehicle speed limiters
bbc.com
Russia Regularly Spoofs Regional GPS
DarkReading
Smart talking: are our devices threatening our privacy?
The Guardian
Info on RISKS (comp.risks)

Might this be the last vestige of the British Empire?

"Peter G. Neumann" <peter.neumann@sri.com>
Mon, 1 Apr 2019 12:00:00 -0700
Given the troubles over the Brexit referendum, where at present no
acceptable solution appears to be possible, Great Britain seems likely to be
splitting altogether.  A new proposal is that England itself would splinter,
with London, Oxbridge, and a few other regions becoming part of France
(Fritainnia?) to remain within the EU, while the rest of England would
become something like Less Britain.  [Some pundits mistakenly see a parallel
with the Greater Antilles and the Lesser Antilles, although in that case,
size was the primary measure for the naming.]

Despite the troubles over the Troubles, it appears that Northern Ireland and
the Republic of Ireland have finally decided to merge, with a new capital
city to be built on the border (perhaps Dubbel, with the combined
population, although Dubfast and Belin might also be under consideration).
Reversing the 1973 referendum to split, this would enable Northern Ireland
to remain within the EU, in the face of the uncertainties noted above.
Scotland and Wales are still contemplating whether to join the new
Fritainnia, or the new United States of Ireland; remaining with Less Britain
somehow seems less likely to many observers.

Finally, given all of the above, the British Parliament seems most likely to
abolish itself altogether, starting first with the House of Lords (long
overdue), and then Commons.

  [So, why is this relevant to RISKS?  Once again, late-stage maneuvering
  seems to be just one more example of the results of short-term
  optimization instead of long-term planning.  The Foresight Saga
  strikes again.  PGN]


MIT To Require 'Turing Test' for Admissions

Henry Baker <hbaker1@pipeline.com>
Mon, 1 Apr 2019 13:00:00 -0700
Cambridge, MA—The Massachusetts Institute of Technology ("MIT") today
announced that—in addition to the usual SAT, ACT, etc., standardized
tests—applicants to MIT will now also have to pass a Turing Test.

  “The Turing test, developed by [famed English WWII codebreaker and
  computer scientist] Alan Turing in 1950, is a test of a machine's ability
  to exhibit intelligent behavior equivalent to, or indistinguishable from,
  that of a human.''—Wikipedia

“We've been overwhelmed by applications from robots,'' said Dr. Noah
Gnurds, MIT Director of Admissions.  Dr. Gnurds continued, "If we didn't
filter out robot applications, our current acceptance ratio of 7.9% would be
10^-3 times as large.  As it is, we send out ten times as many acceptance
letters to robots as to human applicants.  This new test will ensure that we
admit people, not test scores."

https://mitadmissions.org/apply/firstyear/tests-scores/

NYTimes reporter Ivy Leek asked, “Is MIT's announcement related in any way
to the recent 'Operation Varsity Blues' college admissions scandal?''

“Not really.  We doubt that MIT will be implicated, because MIT doesn't
admit applicants too stupid not to use Tor, Signal and untraceable
blockchain cryptocurrencies for their legacies,'' Dr. Gnurds responded.

When asked how these new Turing Tests would be administered, Dr. Gnurds
said, “Due to the substantial effort required to administer these tests,
MIT has developed a new Artificial Intelligence/Machine Learning program in
conjunction with IBM's Watson research effort.  IBM believes that Watson can
sniff out even the most sophisticated robots.''

“Isn't there some irony in utilizing a robot to test for robots?' asked a
reporter from MIT Technology Review.  Noah replied, “It takes one to know
one.''


Russian interference alleged in mayor's election

Mark Thorson <eee@dialup4less.com>
Mon, 1 Apr 2019 08:00:22
WASHINGTON DC (4/1/2019)—Sources close to the recent Mueller probe leaked
an unlikely finding in the investigation of Russian interference in U.S.
elections.  According to experts, social-media hackers engineered the upset
victory of the mayor of a small city in Idaho.  Vladimir Jackson won the top
office of Moscow ID. with an astounding 97% of votes cast.  "The election
had to be rigged," said Solomon Spaulding, owner and operator of Moscow
Haircuts.  "I know most everybody in town, and nobody I know voted for him."

Jackson, originally from New York City, ran on a black separatist platform,
which advocates the creation of an independent Afro-American state in a
region that is presently in Idaho.  Reached for comment, Jackson denied any
illegitimacy in the election.  "Isn't that the way it always is?," he asked.
"When a white guy gets elected nobody says the election is rigged, but when
a black guy gets elected people just assume it can't be kosher.  Give me a
break!"

"There is no doubt that Russians exerted influence in the Moscow mayor's
race," said an informed source on condition of anonymity.  "What we don't
know is whether it's because the town's name is Moscow, the candidate's name
is Vladimir, or maybe they sought to sow discord by supporting black
separatism."  A spokeperson for the Russian embassy denied any involvement,
saying, "Why do we care about mayor?  We got bigger fish.  This is only to
make us look bad.  We no do it."


ThickerThanWater[dot]com

Richard Stein <rmstein@ieee.org>
Mon, 1 Apr 2019 18:46:08 -0800
WASHINGTON, D.C.—In a nationwide sting operation involving 600 federal
marshals and over 20 FBI field offices, the Justice Department indicted the
principals of ThickerThanWater.com (TTW), a startup specializing in human
DNA analysis. The indictment also names intelligence and law enforcement
personnel. TTW had planned their initial public offering the following week.

TTW was a deep-state cover business established for one purpose: Create,
manage, and monetize a vast human DNA database to accelerate cold-case
closure, exonerate the wrongly convicted, and track foreign espionage
sleeper agents.

To promote these objectives, TTW funded a "blood bounty" program enlisting
nearly 10,000 phlebotomists over a 9-month interval. Records show that each
participating phlebotomist pocketed almost $500/day, at $5 per sample cash,
with no questions asked by patients subject to routine blood extraction per
hospital or doctor wellness visit.

Dropoff locations reportedly overflowed with blood samples containing
personal identifying information. Hospital administrators were blind to the
blood sample tube inventory turnover; the extra consumables were never
missed.

TTW's corporate charter sought to commercially exploit DNA telomeric
extrapolation maps. These maps, when combined with Turing's tNose, enabled
human exposome tracking.

The exposome is the unique aroma, a scent-like fingerprint, that each person
exudes from interactions between skin bacteria and pheromones.  Telomeric
extrapolation maps predetermine each person's mix of skin bacteria and
pheromone, coupled to DNA replication and protein synthesis.

Approximately 250 million DNA profiles were created by TTW and their army of
phlebotomists-for-hire. Each profile was subject to real-time exposomal
tracing.  The Justice Department released a 2 minute-long videoclip of TTW's
SOC “ Smell Operation Center “ showing red, blue, and green exposomal tracks
with metadata updates across a large tessellated display.

A Justice Department spokeswoman refused to comment on cold-case closures,
prisoner releases, or sleeper spy discoveries.

"I thought I was being patriotic when TTW called," said Ann, a phlebotomist
with 12 years of experience. "I figured that law enforcement and
intelligence agencies needed the help. The bounty added up quickly. Of
course, I reported every nickel of bounty-earned income on my taxes—I
kept sample records on my phone!"

As TTW's CEO was perp-walked and frog-marched under police custody, she
shouted, "Blood is thicker than water!"


Electric seaplanes?

Rob Slade <rmslade@shaw.ca>
Tue, 26 Mar 2019 12:05:58 -0700
I've lived around seaplanes all my life.  At one point I spent a lot of time
traveling up and down the coast in seaplanes, particularly Beavers.  So I
was very interested in this story about Harbour Air converting float planes
to battery power.
https://www.harbourair.com/harbour-air-and-magnix-partner-to-build-worlds-first-all-electric-airline/
https://www.timescolonist.com/news/local/harbour-air-to-add-zero-emission-electric-plane-aims-to-convert-whole-fleet-1.23770626

The initial conversion of a Beaver will be intriguing.  I'll be fascinated
when they get to convert an Otter (a candidate for world's noisiest
aircraft) to electricity.  (I know Harbour Air has a number of them.)

I'll be wondering how well electric engines get along with salt water.  Most
of my flying time was at longer distances, so I'm curious about the
half-hour range.  (Although that's well within most of Harbour Air's
scheduled flights.)  I'll be interested in recharge time and reliability.
(Harbour Air planes do tend to spend a lot of time sitting at the dock in
the bay.)  The complete changeover from turbine engine to electric
infrastructure will be a non-trivial accomplishment.

But, if it works, it could be pretty great ...


British Airways flight lands 525 miles away from destination

Monty Solomon <monty@roscom.com>
Tue, 26 Mar 2019 15:23:50 -0400
https://www.usatoday.com/story/travel/news/2019/03/25/british-airways-flight-lands-525-miles-away-destination-scotland-london-germany/3267136002/


Computer outage led to flight delays for some U.S. biggest airlines (Vox)

Monty Solomon <monty@roscom.com>
Tue, 26 Mar 2019 15:25:53 -0400
The outage affected American Airlines, JetBlue, and other major airlines.

https://www.vox.com/the-goods/2019/3/26/18282767/sabre-outage-american-airlines-jetblue-alaska-delays


HTTPS Isn't Always As Secure As It Seems (WiReD)

geoff goodfellow <geoff@iconia.com>
Thu, 28 Mar 2019 08:46:53 -0700
Widespread adoption of the web encryption scheme HTTPS has added a lot of
green padlocks and corresponding data protection—to the web. Almost all
of the popular sites you visit every day likely offer this defense, called
Transport Layer Security (TLS), which encrypts data between your browser and
the web servers it communicates with to protect your travel plans,
passwords, and embarrassing Google searches from prying eyes. But new
findings from researchers at Ca' Foscari University of Venice in Italy and
Tu Wien in Austria indicate that a surprising number of encrypted sites
still leave these connections exposed.
https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/

In analysis of the web's top 10,000 HTTPS sites—as ranked by Amazon-owned
analytics company Alexa—the researchers found that 5.5 percent had
potentially exploitable TLS vulnerabilities. These flaws were caused by a
combination of issues in how sites implemented TLS encryption schemes and
failures to patch known bugs (of which there are many in TLS and its
predecessor Secure Sockets Layer. But the worst thing about these flaws is
they are subtle enough that the green padlock will still appear.

https://www.wired.com/2014/04/heartbleed-embedded/
https://www.wired.com/2014/10/poodle-explained/
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/

"We assume in the paper that the browser is up to date, but the things that
we found are not spotted by the browser," says Riccardo Focardi, a network
security and cryptography researcher at Ca' Foscari University, who also
co-founded the auditing firm Cryptosense. "These are things that are not
fixed and are not even noticed. We wanted to identify these problems with
sites' TLS that are not yet pointed out on the user side."

The researchers, who will present their full findings at the IEEE Symposium
on Security and Privacy in May, developed TLS analysis techniques and also
used some from existing cryptographic literature to crawl and vet the top
10,000 sites for TLS issues. And they developed three categories for the
types of vulnerabilities they found...

https://www.wired.com/story/https-isnt-always-as-secure-as-it-seems/


Twitter Network Uses Fake Accounts to Promote Netanyahu (NYTimes)

Amos Shapir <amos083@gmail.com>
Mon, 1 Apr 2019 10:05:31 +0300
An Israeli watchdog group has discovered a network of hundreds of fake
Twitter accounts, all promoting the candidacy of PM Netanyahu and his party,
using exact wordings of the party's official messages.  These accounts
"like" and re-tweet each other, in an attempt to create the impression of
large grass-roots support.

https://www.nytimes.com/2019/03/31/world/middleeast/netanyahu-fake-twitter.html

Luckily, bots cannot actually vote (yet?)


Lawmakers Scrutinize Timeline for Boeing 737 MAX Software Fix (WSJ)

Monty Solomon <monty@roscom.com>
Wed, 27 Mar 2019 07:33:42 -0400
The basics of the safety change were first described to airlines and pilot
groups last November

https://www.wsj.com/articles/lawmakers-scrutinize-timeline-for-boeing-737-max-software-fix-11553601603


Road safety: UK set to adopt vehicle speed limiters (bbc.com)

Richard Stein <rmstein@ieee.org>
Thu, 28 Mar 2019 05:38:05 +0800
https://www.bbc.com/news/business-47715415

"Under the ISA system, cars receive information via GPS and a digital map,
telling the vehicle what the speed limit is.  This can be combined with a
video camera capable of recognising road signs.  Under the ISA system, cars
receive information via GPS and a digital map, telling the vehicle what the
speed limit is.  This can be combined with a video camera capable of
recognising road signs."

RISKS Trifecta: GPS spoofing, digital map inaccuracies, digital image
recognition.


Russia Regularly Spoofs Regional GPS (DarkReading)

Rich Wales <richw@richw.org>
Wed, 27 Mar 2019 22:03:11 -0700
A large-scale analysis of data has discovered widespread Russian government
spoofing of the country's satellite navigation system.  The findings
underscore the dangers of relying on global positioning data.

  (This could also presumably lead to problems with Russian time enthusiasts
  using GLONASS for time synchronization in computer networks.)

https://www.darkreading.com/risk/russia-regularly-spoofs-regional-gps/d/d-id/1334262


Smart talking: are our devices threatening our privacy? (The Guardian)

Monty Solomon <monty@roscom.com>
Sun, 31 Mar 2019 19:11:05 -0400
Millions of us now have virtual assistants, in our homes and our
pockets. Even children's toys are getting smart. But when we talk to them,
who is listening?

https://www.theguardian.com/technology/2019/mar/26/smart-talking-are-our-devices-threatening-our-privacy

Please report problems with the web pages to the maintainer

x
Top