Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The ARD Tagesschau reports that there is a software error in the air-traffic control system over Germany. They are following up a report by Deutschlandfunk. https://www.tagesschau.de/wirtschaft/flugsicherung-panne-software-101.html The DFS (Deutsche Flugsicherung) uses a system that displays so-called control strips. The control strips contain information for the air traffic controllers such as vessel type, route, time of airspace crossing. This system is not working correctly. The system used in Langen in Hessia is showing errors, so that the controllers must take more time to inspect what they are doing. All other systems are said to be operational. This concerns the airspace from Constance to Kassel and from the French border to Thuringia. No other airspaces are said to be affected. Travelers should expect delays of around 30 minutes. Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin
Airlines had to pay more for two optional upgrades that could warn pilots about sensor malfunctions. The company will now make one of the features standard. https://www.nytimes.com/2019/03/21/business/boeing-safety-features-charge.html
A friend of mine who is both an IT professional and a private pilot has written a nice analysis of the 737 Max situation. https://drive.google.com/file/d/1249KS8xtIDKb5SxgpeFI6AD-PSC6nFA5/view R, Bob Poortinga, Bloomington, IN [via Dave Farber in Japan] [Note: Monty Solomon noted a second Seattle Times article after the one noted previously: Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system https://www.seattletimes.com/business/boeing-aerospace/failed-certification-faa-missed-safety-issues-in-the-737-max-system-implicated-in-the-lion-air-crash/ PGN]
https://www.latimes.com/local/california/la-fi-boeing-max-design-20190315-story.html "That low-to-the-ground design was a plus in 1968, but it has proved to be a constraint that engineers modernizing the 737 have had to work around ever since. The compromises required to push forward a more fuel-efficient version of the plane—with larger engines and altered aerodynamics—led to the complex flight control software system that is now under investigation in two fatal crashes over the last five months. "But the decision to continue modernizing the jet, rather than starting at some point with a clean design, resulted in engineering challenges that created unforeseen risks." Legacy 737 fuselage design constraints led to MCAS development and deployment decades later, which apparently caused the deadly aircraft incidents. Risk: Legacy system feature preservation for economic motives versus a full redesign to negate technical debt accumulation.
https://www.zdnet.com/article/boeing-737-max-software-patches-can-only-do-so-much/
Developers working for Facebook logged the passwords in plain text as they wrote code for the site. User passwords were accessible to as many as 20,000 FB employees. Brian Krebs noted up to 600M passwords. http://www.bbc.com/news/technology-47653656 [Several people have noted this today. PGN]
Hardigree also still maintains that the data Exactis aggregated and then exposed wasn't actually sensitive, and that the outrage over its exposure was overblown. He says much of it was pulled from sources like public records and census data. Exactis combined that public information with data it traded for and bought, with sources ranging from payday loan and auto companies to surveys to registration forms for business publications. Hardigree claims that hundreds of small companies possess similar data. He argues that anyone can buy a less refined version of the same collection, what's known as a Consumer Master File, for around $1,000. "This data is out there, and it always has been out there," Hardigree says. But Troy Hunt, the security researcher and data breach expert who manages HaveIBeenPwned, says that the Exactis data was indeed sensitive enough to justify the wave of pain that hit the company after its security lapse. He argues the data is, in fact, sufficiently detailed to contribute to identity theft, and certainly detailed enough to creep out anyone who finds themselves in it. https://www.wired.com/story/exactis-data-leak-fallout/
Concern that cars could be seriously hacked ”- by criminals, terrorists or even rogue governments ”- has prompted a new round of security efforts on the part of the auto industry. https://www.nytimes.com/2019/03/07/business/car-hacks-cybersecurity-safety.html
A killer determined to make terrorism go viral beat a system designed to keep the worst of the web out of sight. https://www.nytimes.com/2019/03/18/opinion/facebook-youtube-mass-shootings.html
https://www.washingtonpost.com/technology/2019/03/18/inside-youtubes-struggles-shut-down-video-new-zealand-shooting-humans-who-outsmarted-its-systems/
New details reveal just how quickly the video spread across the world and rocketed out of tech companies' control. https://www.washingtonpost.com/technology/2019/03/19/fewer-than-people-watched-new-zealand-massacre-live-hateful-group-helped-it-reach-millions/
Aadhaar is a 12-digit unique number assigned to all Indian residents. Its uniqueness is supposed to be guaranteed by the use of biometrics (fingerprints, iris and photographs). Besides biometrics, the Unique Identification Authority of India (UIDAI) also collects demographic information. Aadhaar is being made compulsory for an increasing number of applications in India. An extensive household survey conducted by our team [1] revealed various issues related to this measure, including exclusion problems, transaction costs, and its impact on corruption. For example, people experience issues with enrolling [2] for Aadhaar, when they lose it [3], when they try to link [4] it to the appropriate registry, when they try to authenticate [5] themselves biometrically, and so on. More issues are highlighted in this Youtube playlist [6] (not all have subtitles). The consequences [7] of this range from cancellation or suspension of benefits, to delays and deaths [8]. 1: https://www.epw.in/journal/2017/50/special-articles/aadhaar-and-food-security-jharkhand.html 2: https://www.youtube.com/watch?v=KYwDkZ0l4wY 3: https://twitter.com/roadscholarz/status/1069616152152748034 4: https://twitter.com/roadscholarz/status/949317693789822977 5: https://www.thequint.com/news/india/uidai-ceo-admits-aadhaar-authentication-failure-rate-12 6: https://www.youtube.com/watch?v=fVSVqbW6dP0&list=PLdHEUXbHHVe30wNaeZqdb04XyJ5j3_ehc 7: https://www.washingtonpost.com/news/theworldpost/wp/2018/08/09/aadhaar/?noredirect=on&utm_term=.b57578095146 8: https://www.nytimes.com/2018/01/21/opinion/india-aadhaar-biometric-id.html [If you might have any thoughts about youtube/twitter postings possibly being being unreliable, what were used here were precisely what was recorded and compiled during the data collection exercise. PGN]
Two arrested after hundreds of hotel guests were filmed in south Korea for live-stream subscribers. https://www.washingtonpost.com/world/2019/03/20/spy-cameras-secretly-live-streamed-hotel-guests-subscribers-then-police-caught/
https://securityboulevard.com/2019/03/ransomware-fighter-lives-in-fear-for-his-life/
https://www.npr.org/sections/health-shots/2019/03/18/704475396/why-the-promise-of-electronic-health-records-has-gone-unfulfilled A transparency deficit contributes to the EHR catastrophe: "Entrenched policies continue to keep software failures out of public view. Vendors of electronic health records have imposed contractual 'gag clauses' that discourage buyers from speaking out about safety issues and disastrous software installations—and some hospitals fight to withhold records from injured patients or their families." Risk: Missing incentives among stakeholders (equipment vendors, EHR vendors, medical service providers, physicians, administrators) to align and standardized EHR content/metadata/coding structures, communications, and platform protocols. Possibly corrected through better regulation, legislation, or perpwalks.
https://thepointsguy.com/guide/how-to-detect-hidden-cameras-in-your-hotel-room/
You know the helpful browser form filler feature where it fills in your name, address, phone number, and email? It works great, except when reporting crimes, where you better check before clicking "submit" that it didn't also helpfully go back and re-fill in the bad guys' name, address, phone number... using guess who's data... https://bugs.chromium.org/p/chromium/issues/detail?id=944351
https://www.nytimes.com/2019/03/19/us/alabama-dna-murder-arrest.html For 19 years, police were unable to identify the person who fatally shot two 17-year-olds. Then they turned to the technique used in the Golden State Killer case.
William Egginton, Mar 17 2019 No. And high schools shouldn't treat it that way. https://www.nytimes.com/2019/03/17/opinion/code-foreign-language.html Maryland's legislature is considering a bill to allow computer coding courses to fulfill the foreign-language graduation requirement for high school. A similar bill passed the Florida State Senate in 2017 (but was ultimately rejected by the full Legislature), and a federal version proposed by Senators Bill Cassidy, Republican of Louisiana, and Maria Cantwell, Democrat of Washington, is being considered in Congress. The animating idea behind these bills is that computer coding has become a valuable skill. This is certainly true. But the proposal that foreign-language learning can be replaced by computer coding knowledge is misguided: It stems from a widely held but mistaken belief that science and technology education should take precedence over subjects like English, history, and foreign languages. As a professor of languages and literatures, I am naturally skeptical of such a position. I fervently believe that foreign-language learning is essential for children's development into informed and productive citizens of the world. But even more urgent is my alarm at the growing tendency to accept and even foster the decline of the sort of interpersonal human contact that learning languages both requires and cultivates. Language is an essential—perhaps the essential—marker of our species. We learn in and through natural languages; we develop our most fundamental cognitive skills by speaking and hearing languages; and we ultimately assume our identities as human beings and members of communities by exercising those languages. Our profound and impressive ability to create complex tools with which to manipulate our environments is secondary to our ability to conceptualize and communicate about those environments in natural languages. The difference between natural and computer languages is not merely one of degree, with natural languages' involving vocabularies that are several orders of magnitude larger than those of computer languages. Natural languages aren't just more complex versions of the algorithms with which we teach machines to do tasks; they are also the living embodiments of our essence as social animals. We express our love and our losses, explore beauty, justice and the meaning of our existence, and even come to know ourselves all though natural languages. The irony is that few people appreciate the uniqueness of human language more than coders working in artificial intelligence, who wrestle with the difficulty of replicating our cognitive abilities. The computer scientist Alan Turing noted that the question of whether a machine can think is incredibly difficult to determine, not least because of the lack of a clear definition of `thinking'; he proposed investigating instead the more tractable question of whether a machine can convince a human interlocutor that it's human—the so-called Turing test. One of the important lessons of Turing's test is the reminder that in our interactions with other people, we are fundamentally limited in how much we can know about another's thoughts and feelings, and that this limitation and the desire to transcend it is essential to our humanity. In other words, for us humans, communication is about much more than getting information or following instructions; it's about learning who we are by interacting with others. The interpersonal essence of language learning extends to learning as a whole. We know that small-group, in-person instruction is more effective than traditional lectures. We ask questions, are asked in return, and we learn more, learn faster and retain more when we care about the people we are interacting with. It's no accident that despite the initial enthusiasm generated by MOOCs, or massive online open courses, they have in fact been a major disappointment, with completion rates as low as 5 percent. By comparison, online courses with smaller groups of students and direct feedback from the professor show completion rates as high as 85 percent. [Furthermore, the types of computer-language skills may be quite different from natural-language skills. For example, computer programming requires some intense left-brained activities that learning to *speak* natural languages does not, and total-system design and development requires synergy between the left-brain and right-brain activities. (See my book chapter, Zen and the Art of System Programming: Psychosocial Implications of Computer Software Development and Use: Zen and the Art of Computing, in Theory and Practice of Software Technology, D. Ferrari, M. Bolognani, and J. Goguen (editors), North-Holland, 1983, 221--232. However, learning to *write* grammatically in a natural language does require more left-brain activity. Besides, adequate natural-language learning (even English for a First Language) seems to be declining seriously. Sloppy use of natural languages seems to be tolerated, whereas sloppy use of computer languages is the source of many of the risks in RISKS. The concept of teaching programming as a natural language is *really* misguided, for many reasons. PGN]
[Apologies to Creedence Clearwater Revival.] NSA FOMO... Whether you trust Huawei's words or not, at least they give lip service to "no back doors", which is more than the 5i's will give. "Huawei, in other words, hampers US efforts to spy on whomever it wants." "Prism, prism on the wall. Who's the most trustworthy of them all?" "Huawei has not and will never plant backdoors. And we will never allow anyone to do so in our equipment." https://www.ft.com/content/b8307ce8-36b3-11e9-bb0c-42459962a812 The US attacks on Huawei betray its fear of being left behind Proliferation of our technology hampers American efforts to spy on whomever it wants Guo Ping February 27, 2019 As a top Huawei executive, I'm often asked why the US has launched a full-scale assault on us. The Americans have charged us with stealing technology and violating trade sanctions, and largely blocked us from doing business there. Mike Pence, US vice-president, recently told Nato of "the threat posed by Huawei", and Mike Pompeo, secretary of state, warned allies that using our telecommunications equipment would make it harder for the US to "partner alongside them." On Tuesday at the Mobile World Congress, the industry's largest trade show, a US delegation led by Ajit Pai, Federal Communications Commission chair, repeated the call to keep Huawei out of global 5G networks. Washington has cast aspersions on Huawei for years. A 2012 report by the House Intelligence Committee labeled us a threat. But, until recently, these attacks were relatively muted. Now that the US has brought out the heavy artillery and portrayed Huawei as a threat to western civilisation, we must ask why. I believe the answer is in the top secret US National Security Agency documents leaked by Edward Snowden in 2013. Formed in 1952, the NSA monitors electronic communications, such as email and phone calls, for intelligence and counter-intelligence purposes. The Snowden leaks shone a light on how the NSA's leaders were seeking to "collect it all"—every electronic communication sent, or phone call made, by everyone in the world, every day. Those documents also showed that the NSA maintains "corporate partnerships" with particular US technology and telecom companies that allow the agency to "gain access to high-capacity international fibre-optic cables, switches and/or routers throughout the world". Huawei operates in more than 170 countries and earns half of its revenue abroad but its headquarters are in China. This significantly reduces the odds of a "corporate partnership". If the NSA wants to modify routers or switches in order to eavesdrop, a Chinese company will be unlikely to co-operate. This is one reason why the NSA hacked into Huawei's servers. "Many of our targets communicate over Huawei-produced products," a 2010 NSA document states. "We want to make sure that we know how to exploit these products." Clearly, the more Huawei gear is installed in the world's telecommunications networks, the harder it becomes for the NSA to "collect it all". Huawei, in other words, hampers US efforts to spy on whomever it wants. This is the first reason for the campaign against us. The second reason has to do with 5G. This latest generation of mobile technology will provide data connections for everything from smart factories to electric power grids. Huawei has invested heavily in 5G research for the past 10 years, putting us roughly a year ahead of our competitors. That makes us attractive to countries that are preparing to upgrade to 5G in the next few months. If the U.S. can keep Huawei out of the world's 5G networks by portraying us as a security threat, it can retain its ability to spy on whomever it wants. America also directly benefits if it can quash a company that curtails its digital dominance. Hobbling a leader in 5G technology would erode the economic and social benefits that would otherwise accrue to the countries that roll it out early. Meanwhile, a range of US laws, including most recently the Cloud Act, empowers the US government to compel telecom companies to assist America's programme of global surveillance, as long as the order is framed as an investigation involving counter-intelligence or counterterrorism. The fusillade being directed at Huawei is the direct result of Washington's realisation that the US has fallen behind in developing a strategically important technology. The global campaign against Huawei has little to do with security, and everything to do with America's desire to suppress a rising technological competitor. The writer is a rotating chairman of Huawei Technologies https://www.huawei.com/en/press-events/news/2019/2/guoping-global-3rd-party-assurance-cyber-security "Choose Huawei for greater security", Says Huawei's Guo Ping In his keynote address at MWC 2019, Rotating Chairman Guo Ping calls for global 3rd party assurance to cyber security. Feb 26, 2019 [Barcelona, Spain, February 26, 2019] Guo Ping, Huawei's Rotating Chairman, calls for international collaboration on industry standards and appeals to governments across the world to listen to cyber security experts. His requests come during a keynote speech at Mobile World Congress 2019. Huawei is the first company to deploy 5G networks at scale, Guo said. His MWC 2019 keynote address - "Bringing you 5G safer, faster, smarter" - outlined how Huawei has developed the most powerful, simple, and intelligent 5G networks in the world, and argued that such innovation is nothing without security. He urges the industry and governments to work together and adopt unified cyber security standards. Guo Ping, Huawei's Rotating Chairman, made a keynote speech at Mobile World Congress 2019. Summary of MWC 2019 keynote address by Guo Ping, Rotating Chairman, Huawei: 1. Innovation Guo used the first half of his keynote to outline Huawei's position as the global leader in 5G but asserted that security is the basis of the company's commitment to innovation. * "Huawei is the first company that can deploy 5G networks at scale. More importantly, we can deliver the simplest possible sites with better performance." * "The more we invest in engineering science, the more value we can create. At Huawei, we can bring powerful, simple, and intelligent 5G networks to carriers anywhere in the world, faster than anyone else. Huawei is the global leader in 5G. But we understand innovation is nothing without security." 2. Security In the second half of the keynote, Guo responded to recent allegations directed at Huawei by the U.S. government and called for fact-based regulation, referring to the recommendations made by GSMA, the industry organization for mobile network operators worldwide, for governments and mobile operators to work together. * "To build a secure cyber environment for everyone, we need standards, we need fact-based regulation, and we need to work together." * "To build a system that we all can trust, we need aligned responsibilities, unified standards, and clear regulation." * "I fully agree with recent recommendations: Governments and mobile operators should work together to agree upon Europe's assurance testing and certification regime. NESAS is a very good idea and I would recommend extending it to the world." * "Huawei has not and will never plant backdoors. And we will never allow anyone else to do so in our equipment." * The irony is that the US CLOUD Act allows their governmental entities to access data across borders. FULL TEXT: Guo Ping's Keynote at MWC Barcelona 2019 Bringing you 5G safer, faster, smarter Ladies and gentlemen, good morning. It's great to see you all again. There has never been more interest in Huawei. We must be doing something right. Of course, the past few months have been a challenge for us. On one hand, our 5G solutions are widely recognized in the industry. On the other hand, there has been a lot of speculation about the security of our 5G solutions. Today, I would like to talk about Huawei's latest innovations and our views on cyber security. Innovation “ It's all in the details On the 2018 EU R&D Investment Scoreboard, Huawei ranks number 5 globally. Last year, we invested more than 15 billion US dollars. This consistent investment has produced many positive results. Through nonstop investment, we can keep providing our customers with new, innovative products and more efficient services. 5G is a perfect example of this. Powerful. Simple. Intelligent. Huawei is the first company that can deploy 5G networks at scale. More importantly, we can deliver the simplest possible sites with better performance. With 100 megahertz, our 5G can reach more than 14 gigs-per-second; that's for a single sector. We are at the leading edge of performance. Strong capacity also needs strong transmission equipment. * If fiber is available, we only need to install a blade, attach one fiber, and we can bring bandwidth up to 200 Gbps. It's incredible. * If fiber is not available, carriers can use microwave. However, the bandwidth of traditional microwave is only 1 Gbps. To address this problem, we use innovative architecture to boost that bandwidth to 20 Gbps. * With our 5G smartphone and CPE, Huawei is able to provide end-to-end 5G solutions. We have begun to help carriers deploy 5G at scale. Proven in field tests and commercial use Last month, Zealer published a report, saying that Huawei's 5G is 20 times faster than the so-called 5G in the US. That's in field tests. In commercial use, it is not 20 times faster, but it's still much, much faster. So I fully understand what President Donald Trump said last week. The United States needs powerful, faster, and smarter 5G. In the two charts on the left, we have the results from IMT-2020's phase 3 tests in China. As you can see, Huawei is far ahead of the game when it comes to single site throughput. The third chart compares the speeds of a commercial 5G network deployed by several vendors. This is a real customer network. On Huawei 5G, single user speed reaches 1.3 Gbps. Powerful Innovation is in the details. Let's start with capacity. * For example, with performance algorithm, we can more than triple cell throughput. * For hardware, our 5G chips support 64 channels, the highest in the industry. We have also increased the computing power of these chips by 2.5 times. For microwave, we can support 10 times greater transmission bandwidth than other solutions on the market. Little by little, we are pushing the physical limits of our technology. Simple We are also making sites as simple as possible, without sacrificing performance. For example, if we made 64T antennas with old techniques, one 5G antenna would be bigger than a door. Can you imagine installing that? If we put one here on the beach, it would be blown down. To address this issue, we are using new materials. We have reduced the number of components by 99%, and with lighter covers, we can reduce weight by 40%. These new AAUs are as wide as a backpack and very strong. They can survive grade-15 typhoons. This happened in Shenzhen last year. Installation is super easy. We can install them directly on a 4G site, or even on a lamp pole. Simple sites greatly reduce carrier CAPEX and OPEX. In Europe, where space is limited, we can help you save 10,000 euros on site rental, every site, every year. Intelligent In the telecom industry, someone said we are using 5G networks of the 21st century. However, network Operation and Maintenance is still in the 18th century. Let's look at one figure. Globally, 70% of network faults are from human limitations. To make life easier for carriers, our goal is to build intelligent networks. Last October, Huawei launched the world's most powerful AI chips: Ascend 910 and Ascend 310. We can use these to bring intelligence to all scenarios, and reduce computing power costs for carrier networks. Building on these chips, Huawei has developed many algorithms and models for carrier networks. With AI, we can increase resource efficiency, make O&M easier, and reduce power consumption for telecom networks. Conclusion The more we invest in engineering science, the more value we can create. At Huawei, we can bring powerful, simple, and intelligent 5G networks to carriers anywhere in the world, faster than anyone else.
For the second time in three years, an NCAA basketball tournament bracket leaked after it was provided to the network that paid to reveal the results. Among the revelations? UConn is a No. 2 seed. https://www.nytimes.com/2019/03/18/sports/espn-womens-bracket-leak.html
Mixing business with medicine is ethically horrible. When healthcare is a business, the more sick people there are (especially those that need expensive treatments), the more profit there is to be made. This has many bad consequences: (1) Managing symptoms is more profitable than curing a disease; (2) Expensive drugs are more profitable than, for example, recommending simple changes to diet: so vastly more resources are poured into drug research than into any other form of cure; (3) The more unhealthy the population, the more money is to be made. So encouraging unhealthy habits is beneficial to a healthcare company. (It might be seen as a bit *too* obviously cynical for a healthcare company to buy a tobacco company and heavily advertise and subsidise tobacco: but there is a strong business case!) (4) Tests, tests and more tests! Testing is expensive but can be carried out on apparently healthy people: so its a good business practice to test for everything, "just in case". If you are lucky, you might even discover some condition that needs expensive treatment. Contrast this with universal healthcare and government-funded medical research. If you are allocated with a certain budget per person and tasked with improving health you will have a very different set of priorities. Not having universal healthcare, the U.S. spends around twice as much per person, compared to other countries, but millions of people still don't have any healthcare, and overall the population is less healthy than other first world countries which do have universal health care.
Is it possible that 500 experts can be found in 50 countries who can compile an 8,000 plus page report to the effect that we are actually managing our resources as well as we can to accommodate the expanding world population? Yes, there *is* a risk here: when a scientific hypothesis (with I presume its obligatory attendant verification-only studies) is taken as a statement of reality and a political bandwagon is created onto which all sorts of famous scientists are keen to hop... rational analysis seems to evaporate. In my experience, science and technology courses do not pay enough attention to educating students about the philosophy of science... like, who has time for THAT kind of stuff in a crowded curriculum, right? That's the real risk.
... "enabling hackers to activate car alarms, unlock vehicle doors, and start engines" In view of another article: "Toyota patents system to dispense tear gas on car thieves", it's possible to add to this list "if the hacked car is a Toyota, also spray occupants with tear gas"
Please report problems with the web pages to the maintainer