The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 2

Friday 11 January 2019

Contents

Heathrow flights disrupted by yet another drone
Ars
Gatwick and Heathrow buying anti-drone equipment
bbc.com
Inaccurate Software for Brain Surgery
Medscape
Can't connect to that *.gov website? Here's why...
Micah Lee via danny burstein
Denver was ground zero for CenturyLink's recent network outage ... and it can be explained by a Mickey Mouse movie
Aldo Svladi
Astronaut sparks panic after accidentally dialing 911 from space sending NASA security teams into a frenzy
The Sun
USB Type-C Authentication Program Officially Launches
EWeek
Finally, Some Good News About the EU's Horrendous "Right To Be Forgotten" Law
Lauren Weinstein
"Market volatility: Fake news spooks trading algorithms"
Tom Foremski
Is it time for Linux?
Dave Crooke
'Chipping' Is the Next Frontier for Biohackers
Fortune
Facebook appending ?fbclid to links
Dan Jacobson
US Air Force: 5G Dominance Critical to National Security
Security Now
Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
NYTimes
Hackers Leak Details of German Lawmakers, Except Those on Far Right
NYTimes
A DNS hijacking wave is targeting companies at an almost unprecedented scale
Ars
Hot new trading site leaked oodles of user data, including login tokens
Ars
The Risk of Twitter knowing all, telling all
Taipei Times
Chinese phone maker Huawei punishes employees for iPhone tweet blunder
CNBC
Los Angeles Accuses Weather Channel App of Covertly Mining User Data
NYTimes
Could a Chinese-made Metro car spy on us? Many experts say yes.
WashPost
Alexia really is a spy
The Register
Kingpin Used Spyware to Obsessively Monitor His Wife and Mistress: El Chapo Trial
NYTimes
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time Location Data, And It's Falling Into the Wrong Hands
Motherboard
For Owners of Amazon's Ring Security Cameras, Strangers May Have Been Watching
The Intercept
Aging In Place Technology Watch
CES 2019
Escalating Value of iOS Bug Bounties Hits $2M Milestone
EWeek
Zeroday Exploit Prices Are Higher Than Ever, Especially for iOS and Messaging Apps
Dan Goodin
Phone-staring warning after Wellingborough 'hit-and-run'
bbc.com
Manafort Accused of Sharing Trump Campaign Data With Russian Associate
NYTimes
Democrats Faked Online Push to Outlaw Alcohol in Alabama Race
NYTimes
Google search results listings can be manipulated for propaganda
Catalin Cimpanu
Disney, Apple and Facebook will be among your new streaming options in 2019
WashPost
What Happens When Facebook Goes the Way of Myspace?
NYTimes
Hackers Target Chromecast Devices, Smart TVs With PewDiePie Message
Variety
Taking the smarts out of smart TVs would make them more expensive
The Verge
Why it pays to declutter your digital life
bbc.com
Is Gamification Working in Security Training?
Channel Futures
U.S. Announces Settlement With Fiat Chrysler Over Emissions
NYTimes
Apple trolls Google at CES 2019 with massive iMessage privacy ad
Business Insider
Re: New Zealand courts banned ...
Dimitri Maziuk
Re: Huawei gives the US & allies security nightmares
Amos Shapir
Re: USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea
Amos Shapir
The AI Winter is coming
Mark Thorson
Info on RISKS (comp.risks)

Heathrow flights disrupted by yet another drone (Ars)

Monty Solomon <monty@roscom.com>
Tue, 8 Jan 2019 21:45:47 -0500
https://arstechnica.com/tech-policy/2019/01/heathrow-flights-disrupted-by-yet-another-drone/


Gatwick and Heathrow buying anti-drone equipment (bbc.com)

Richard Stein <rmstein@ieee.org>
Fri, 4 Jan 2019 18:08:10 +0800
https://www.bbc.com/news/uk-46754489

"The equipment, which can detect and jam communications between a drone and
its operator, was deployed by the RAF on a roof at Gatwick last month."

One trusts that this gear does not interfere with commercial aviation
signals or RF-dependent devices used for emergency service.


Inaccurate Software for Brain Surgery (Medscape)

Paul Burke <box1320@gmail.com>
Wed, 9 Jan 2019 15:39:59 -0500
https://www.medscape.com/viewarticle/907429
https://www.fda.gov/MedicalDevices/Safety/ListofRecalls/ucm629348.htm

Some surgery is only possible with imaging software, but the software can
have bugs.

"The software monitor may show that the tip of the surgical tool has not
yet reached the planned target and may prevent the neurosurgeon from being
able to accurately see the location of surgical tools in the patient's
brain."


Can't connect to that *.gov website? Here's why... (Micah Lee)

danny burstein <dannyb@panix.com>
Thu, 10 Jan 2019 22:13:18 -0500
  [twitter]
  Micah Lee
  Verified account @micahflee

  Since the government shutdown started "more than 80 TLS certificates used
  by .gov websites have so far expired without being renewed"

  https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html

  Micah Lee Verified account  @micahflee
  I do computer security, open source software development, and journalism
  at the Intercept


Denver was ground zero for CenturyLink's recent network outage ... and it can be explained by a Mickey Mouse movie (Aldo Svladi)

Jim Reisert AD1C <jjreisert@alum.mit.edu>
Fri, 11 Jan 2019 08:01:24 -0700
Aldo Svaldi, *The Denver Post*, 11 Jan 2019

https://www.denverpost.com/2019/01/11/centurylink-network-outage-denver/

For about 30 hours, from the early morning hours of Dec. 27 until late on
Dec. 28, chaos reigned on CenturyLink's system. Western states that depend
most heavily on the company's fiber-optic system were hardest hit, but
reports of outages and slower speeds came in from Alaska to Florida,
according to downdetector.com.

"CenturyLink experienced a network event on one of our six transport
networks beginning on December 27 that impacted voice, IP, and transport
services for some of our customers. The event also impacted CenturyLink's
visibility into our network management system, impairing our ability to
troubleshoot and prolonging the duration of the outage," the company said in
a statement.

Technicians were left scrambling trying to pinpoint the root cause, and that
resulted in them losing time on fixes that didn't work. New Orleans as
ground zero was an early suspect, and then it was San Antonio, Texas. Teams,
which had to make physical site visits, went into action in Kansas City,
Mo., and then Atlanta, and so on.

But as they tried fixes in different areas, the problem didn't go away.
Making matters worse, the reporting system that gathered customer complaints
also failed.

The source of all that turmoil and hours of angst for affected customers
came down to one piece of equipment ”- a faulty third-party network
management card in Denver, according to the company.


Astronaut sparks panic after accidentally dialing 911 from space sending NASA security teams into a frenzy (The Sun)

Monty Solomon <monty@roscom.com>
Fri, 4 Jan 2019 23:23:48 -0500
https://www.thesun.co.uk/news/8116475/astronaut-calls-911-space-nasa-security/


USB Type-C Authentication Program Officially Launches (EWeek)

Gabe Goldberg <gabe@gabegold.com>
Fri, 4 Jan 2019 15:32:31 -0500
The USB Type-C authentication standard is moving forward in an effort to
help protect systems against malicious USB devices.

http://www.eweek.com/security/usb-type-c-to-become-more-secure-with-authentication-standard


Lauren's Blog: Finally, Some Good News About the EU's Horrendous "Right To Be Forgotten" Law

Lauren Weinstein <lauren@vortex.com>
Thu, 10 Jan 2019 08:42:46 -0800
via NNSquad
https://lauren.vortex.com/2019/01/10/finally-some-good-news-about-the-eus-horrendous-right-to-be-forgotten-law

I've been highly critical—to say the least—of the European Union's
insane global censorship regime—"The Right To Be Forgotten" (RTBF) --
since well before it became actual, enacted law.

But there's finally some good news about RTBF—in the form of a formal
opinion from EU Advocate General Maciej Szpunar, chief adviser at Europe's
highest court.

I'm not sure offhand when I first began writing about the monstrosity that
is RTBF, but a small subset of related posts includes:

The "Right to Be Forgotten": A Threat We Dare Not Forget (2/2012):
https://lauren.vortex.com/archive/000938.html

Why the "Right To Be Forgotten" is the Worst Kind of Censorship (8/2015):
https://lauren.vortex.com/archive/001119.html

RTBF was always bad, but it became a full-fledged dumpster fire when (as
many of us had predicted from the beginning) efforts were made to enforce
its censorship demands globally. This gave the EU effectively worldwide
censorship powers via RTBF's "hide the library index cards" approach,
creating a lowest common denominator "race to the bottom" of expanding mass,
government-directed censorship of search results related to usually
completely accurate and still published news and other information items.

In a nutshell, Maciej Szpunar's opinion—which is not binding but is
likely to be a strong indicator of how related final decisions will turn out
-- is that global application of EU RTBF decisions is usually unreasonable.
While he doesn't rule out the possibility of global "enforcement" in
"certain situations" (an aspect that will need to be clarified), it's
obvious that he views routine global enforcement of EU RTBF demands to be
untenable.

This is of course only a first step toward reining in the RTBF monster, but
it's potentially an enormously important one, and we'll be watching further
developments in this arena with great interest indeed.


"Market volatility: Fake news spooks trading algorithms" (Tom Foremski)

Gene Wirchenko <genew@telus.net>
Thu, 13 Dec 2018 09:00:56 -0800
ZDnet, 10 Dec 2018
Stock trading algorithms know how to read news headlines, but they don't


Is it time for Linux?

Dave Crooke <dcrooke@gmail.com>
Sat, 5 Jan 2019 08:40:25 -0600
For decades, Microsoft products have been very vulnerable to viruses and
other exploits. This does not seem to be a solvable problem.

For over two decades, I have used Linux in some form as my primary laptop
or desktop OS, mostly because I'm old enough to have grown up with Unix and
VMS. Back in the day, I would use a Windows VM as a way to run products
like MS-Office, but now the open source alternatives have gotten to the
point where I never do so—car diagnostic software is the only reason to
fire up the VM. LibreOffice is more compatible with MS-Office than
Microsoft's own Office:mac

Many years ago, Linux support for hardware was variable, now it's rarely a
concern. Installs and upgrades were awkward, now Ubuntu is very slick, and
easy for IT to manage centrally.

The need for Windows to support fat client business software is far less,
as most applications are now thin client requiring only a good browser
(Chrome) and indeed in the cloud.

Is it time for the security community to recommend "run Linux if you can?"


'Chipping' Is the Next Frontier for Biohackers (Fortune)

Gabe Goldberg <gabe@gabegold.com>
Wed, 9 Jan 2019 18:05:09 -0500
The incredibly promising business behind people injecting themselves with
microchips. Bye-bye keys, passwords, and tickets—they're all on the chip.

Down a narrow side street in the Swedish city of Gothenburg sits the
Barbarella piercing parlor, a regular haunt for locals who decorate their
bodies with piercings and tattoos, and which claims to offer the area;s
finest collection of ear discs and nose rings. But on a frigid evening in
November, the shop is the setting for a very different kind of body
enhancement: biochips. As darkness falls on the port town of nearly 600,000
people, Jowan Österlund wanders in, wearing a baseball cap and
T-shirt, to meet two new clients for his small startup, ­Biohax
International. From his backpack, he pulls plastic-wrapped syringes, each
containing a tiny, dark microchip that is barely visible from the
outside. Inside the unassuming package is Österlund's prized product, a
window into what today is a fringe tech obsession but which, he believes,
will one day be a giant industry. “You are creating an entirely new type of
behavior and entirely new types of data that will be massively more valuable
than what we have now.  It is kind of a moonshot. But in the long run, this
is what is going to happen.''

http://fortune.com/longform/biochipping-biohax-microchip/


Facebook appending ?fbclid to links

Dan Jacobson <jidanni@jidanni.org>
Thu, 10 Jan 2019 13:44:26 +0800
Facebook user sends another user a vital link about a disease:
https://www.cdc.gov.tw/home/Scrub_typhus
But because Facebook appends ?fbclid... to the link,
the second user cannot open it, and eventually perhaps dies.
Yup, some sites rightly do not expect random parameters randomly added...


US Air Force: 5G Dominance Critical to National Security (Security Now)

Gabe Goldberg <gabe@gabegold.com>
Wed, 9 Jan 2019 00:11:08 -0500
https://www.securitynow.com/author.asp?section_id=706&doc_id=748435&

Lots of risks but not clear they justify the headline, nor are all related
to 5G.


Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted (NYTimes)

Monty Solomon <monty@roscom.com>
Fri, 4 Jan 2019 11:05:12 -0500
https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html

The overall number of guests affected by the hacking, in which Chinese
intelligence is the leading suspect, declined to 383 million. But the
passport data is critical to intelligence agencies.


Hackers Leak Details of German Lawmakers, Except Those on Far Right (NYTimes)

Monty Solomon <monty@roscom.com>
Fri, 4 Jan 2019 11:05:49 -0500
https://www.nytimes.com/2019/01/04/world/europe/germany-hacking-politicians-leak.html

Twitter has shut down an account that had been posting personal data for
weeks.  Only the Alternative for Germany party appeared to be unscathed.


A DNS hijacking wave is targeting companies at an almost unprecedented scale (Ars)

Monty Solomon <monty@roscom.com>
Thu, 10 Jan 2019 23:54:14 -0500
Clever trick allows attackers to obtain valid TLS certificate for hijacked
domains.

https://arstechnica.com/information-technology/2019/01/a-dns-hijacking-wave-is-targeting-companies-at-an-almost-unprecedented-scale/


Hot new trading site leaked oodles of user data, including login tokens (Ars)

Monty Solomon <monty@roscom.com>
Thu, 10 Jan 2019 23:59:42 -0500
Data leaked by DX.Exchange would be "super easy" to criminalize.

https://arstechnica.com/information-technology/2019/01/hot-new-trading-site-leaked-oodles-of-user-data-including-login-tokens/


The Risk of Twitter knowing all, telling all (Taipei Times)

Mark Thorson <eee@dialup4less.com>
Fri, 4 Jan 2019 12:52:37 -0800
Huawei's New Year's greeting was sent from their official account, tagged
"via Twitter for iPhone".  At least two employees have been demoted with
reduction of pay.

http://www.taipeitimes.com/News/biz/archives/2019/01/05/2003707357


Chinese phone maker Huawei punishes employees for iPhone tweet blunder (CNBC)

Gabe Goldberg <gabe@gabegold.com>
Fri, 4 Jan 2019 15:02:52 -0500
https://www.cnbc.com/2019/01/04/chinese-phone-maker-huawei-punishes-employees-for-iphone-tweet-blunder.html?__source=iosappshare%7Ccom.apple.UIKit.activity.Mail

The risk? Insufficient loyalty to house brand.


Los Angeles Accuses Weather Channel App of Covertly Mining User Data (NYTimes)

Monty Solomon <monty@roscom.com>
Fri, 4 Jan 2019 11:08:28 -0500
https://www.nytimes.com/2019/01/03/technology/weather-channel-app-lawsuit.html

In a lawsuit on Thursday, the city attorney said tracking was used not just
for local forecasts but also for commercial purposes like targeted
marketing.

  [Gabe Goldberg noted this item as well:
    L.A. Sues IBM's Weather Company over 'Deceptive' Weather Channel App
      http://fortune.com/2019/01/04/la-ibm-weather-channel-app/
        The risk? Everything spies/leaks/sells personal data.
  PGN]


Could a Chinese-made Metro car spy on us? Many experts say yes. (WashPost)

Richard Stein <rmstein@ieee.org>
Thu, 10 Jan 2019 12:08:30 +0800
https://www.washingtonpost.com/local/trafficandcommuting/could-a-chinese-made-metro-car-spy-on-us-many-experts-say-yes/2019/01/07/00304b2c-03c9-11e9-b5df-5d3874f1ac36_story.html

It would be quaint and surprising to learn about technology-enabled
transportation that DID NOT spy on passengers!

To counteract intrusive surveillance, each seat should have a built-in
personal "Cone of Silence" ala Mel Brooks' "Get Smart."


Alexia really is a spy (The Register)

Benoit Goas <goasben@hawk.iit.edu>
Sat, 5 Jan 2019 20:24:53 +0100
If the risks of keeping a voice activated device at home were not obvious
enough, here are some more proofs: the recordings are kept for a while, and
may even be provided to the wrong user.

https://www.theregister.co.uk/2018/12/20/amazon_alexa_recordings_stranger/
pointing to
https://www.heise.de/downloads/18/2/5/6/5/3/9/6/ct.0119.016-018_engl.pdf


Kingpin Used Spyware to Obsessively Monitor His Wife and Mistress: El Chapo Trial (NYTimes)

Monty Solomon <monty@roscom.com>
Thu, 10 Jan 2019 05:15:28 -0500
https://www.nytimes.com/2019/01/09/nyregion/el-chapo-trial.html

An IT expert working for the crime lord helped the FBI obtain dozens of
intimate—and incriminating—text messages he wrote to the women.


T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time Location Data, And It's Falling Into the Wrong Hands (Motherboard)

Gabe Goldberg <gabe@gabegold.com>
Tue, 8 Jan 2019 23:51:43 -0500
He Gave a Bounty Hunter $300. Then He Located His Phone

T-Mobile, Sprint, and AT&T are selling access to their customers' location
data, and that data is ending up in the hands of bounty hunters and others
not authorized to possess it, letting them track most phones in the country.

https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile


For Owners of Amazon's Ring Security Cameras, Strangers May Have Been Watching (The Intercept)

Gabe Goldberg <gabe@gabegold.com>
Fri, 11 Jan 2019 17:44:33 -0500
The `smart home' [isn't] just supposed to be a monument to convenience,
weâre told, but also to protection, a Tony Stark-like bubble of vigilant
algorithms and Internet-connected sensors working ceaselessly to watch over
us.  But for some who've welcomed in Amazon's Ring security cameras, there
have been more than just algorithms watching through the lens, according to
sources alarmed by Ring's dismal privacy practices.

Ring has a history of lax, sloppy oversight when it comes to deciding who
has access to some of the most precious, intimate data belonging to any
person: a live, high-definition feed from around—and perhaps inside --
their house. The company has marketed its line of miniature cameras,
designed to be mounted as doorbells, in garages, and on bookshelves, not
only as a means of keeping tabs on your home while you're away, but of
creating a sort of privatized neighborhood watch, a constellation of
overlapping camera feeds that will help police detect and apprehend burglars
(and worse) as they approach.  “Our mission to reduce crime in
neighborhoods has been at the core of everything we do commemorate the
company's reported $1 billion acquisition payday from Amazon, a company with
its own recent history of troubling facial recognition practices. The
marketing is working; Ring is a consumer hit and a press darling.

Despite its mission to keep people and their property secure, the company's
treatment of customer video feeds has been anything but, people familiar
with the company's practices told The Intercept.  Beginning in 2016,
according to one source, Ring provided its Ukraine-based research and
development team virtually unfettered access to a folder on Amazon's S3
cloud storage service that contained every video created by every Ring
camera around the world. This would amount to an enormous list of highly
sensitive files that could be easily browsed and viewed. Downloading and
sharing these customer video files would have required little more than a
click. The Information, which has aggressively covered Ring's security
lapses, reported on these practices last month.

https://theintercept.com/2019/01/10/amazon-ring-security-camera/

  The risk? Believing advertising?

    [PGN's risk—large number of garbled characters approximated
    from this and the next posting from Gabe.  Note `[??]' in the
    next item.]


Aging In Place Technology Watch (CES 2019)

Gabe Goldberg <gabe@gabegold.com>
Fri, 11 Jan 2019 17:45:42 -0500
Ten Technology Offerings

Bright Lights, thick smoke, constant walking and avoidance maneuvers.  After
taking a year or two off, returning to CES is a chore and a revelation—it
clearly is the major event for new technology announcements. Gadgets, yes,
too many smart wearables, including underwear, too many near misses of being
run over by gangs of oblivious young guys staring at their phones. If there
was a key trend in all of this racket, Sleep has become a tech obsession,
the uptake of Digital Health is almost here, new variants of companions and
assistants were pervasive, including Google Assistant inside everything and
Amazon voice devices everywhere.

Self-service increasingly matters in unexpected health categories. As with
nearly every [?], we want to serve ourselves, no matter what.  One day soon,
onset of a stroke can be detected (Celloscope) when your smartphone watches
your face droop as you read your email. A robotics company, Intuition
Robotics, launches its cognitive AI Q[?] for 3rd-party companies to use as a
digital companion agent, for example, in a car. In subsequent posts, others
will be noted from the exhibit hall books, but for now, here are 10 other
new companies/new offerings in alphabetical order from CES 2019 with content
from the press releases/sites of the companies:

https://www.ageinplacetech.com/blog/ten-technology-offerings-ces-2019

The risks?  TBD


Escalating Value of iOS Bug Bounties Hits $2M Milestone (EWeek)

Gabe Goldberg <gabe@gabegold.com>
Fri, 11 Jan 2019 16:39:41 -0500
In the escalating market for security vulnerabilities, a new milestone has
been recorded early in the new year, with $2 million now being offered for a
remote Apple iOS exploit.

The $2 million award is being offered by vulnerability acquisition firm
Zerodium, which first achieved global notoriety for offering $1 million for
an iOS 9 zero-day exploit back in September 2015. In September 2016,
Zerodium increased its top iOS exploit award to a $1.5 million, which has
now been topped by the $2 million bounty.

http://www.eweek.com/security/escalating-value-of-ios-bug-bounties-hits-2m-threshold


Zeroday Exploit Prices Are Higher Than Ever, Especially for iOS and Messaging Apps (Dan Goodin)

Monty Solomon <monty@roscom.com>
Tue, 8 Jan 2019 21:47:37 -0500
Dan Goodin, Ars Technica, 7 Jan 2019

Governments and police forces around the world are trying harder than ever
to exploit software that is becoming increasingly difficult to compromise.
Market-leading software exploit broker Zerodium recently said it would pay
up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for
one-click iOS jailbreaks, and $1 million for exploits that take over
security messaging apps WhatsApp and iMessage. These prices are up about
$500,000 from previous levels, an indication that the demand for them
continues to grow, and that reliable exploitation of these targets is
becoming increasingly difficult. Zerodium said it sells the exploits only to
lawful governments, although it has never provided details to verify those
claims.

https://arstechnica.com/information-technology/2019/01/zeroday-exploit-prices-continue-to-soar-especially-for-ios-and-messaging-apps/

  [MISPLACED ONLY PGN-ed above.  See my long-ago analysis of that problem:
     http://www.csl.sri.com/neumann/only.html
  PGN]


Phone-staring warning after Wellingborough 'hit-and-run' (bbc.com)

Richard Stein <rmstein@ieee.org>
Sat, 5 Jan 2019 20:22:03 +0800
https://www.bbc.com/news/uk-england-northamptonshire-46762571

A woman has warned of the dangers of looking at phones while crossing roads
after being hit by a vehicle in a suspected hit-and run.  Olivia Keane, 20,
was knocked unconscious while walking across Butts Road in Wellingborough,
Northamptonshire, on New Year's Eve.  Police believe she was hit by a
vehicle that failed to stop.  Miss Keane cannot remember the details, but
believes she was looking down at her phone at the time.

  Lucky to be alive after this hit-and-run incident.

  I lost count of pedestrians in Singapore and Malaysia descending stairs
  and fully engrossed typing SMS content or playing a mobile game, oblivious
  to their peril.

  See http://catless.ncl.ac.uk/Risks/30/89#subj18.1
  cellphone addiction.

  Some people can't live without 'em until they die with 'em.


Manafort Accused of Sharing Trump Campaign Data With Russian Associate (NYTimes)

Monty Solomon <monty@roscom.com>
Wed, 9 Jan 2019 01:47:34 -0500
https://www.nytimes.com/2019/01/08/us/politics/manafort-trump-campaign-data-kilimnik.html

Mr. Manafort's lawyers made the disclosure by accident, through a formatting
error in a document filed to respond to charges that he had lied to
prosecutors working for the special counsel, Robert S. Mueller III, after
agreeing to cooperate with their investigation into Russian interference in
the election.


Democrats Faked Online Push to Outlaw Alcohol in Alabama Race (NYTimes)

Monty Solomon <monty@roscom.com>
Mon, 7 Jan 2019 21:05:12 -0500
https://www.nytimes.com/2019/01/07/us/politics/alabama-senate-facebook-roy-moore.html

A prohibitionist campaign appeared to be led by supporters of the Republican
Senate candidate in 2017. But it was created by progressives—the second
such secret effort to be unmasked.


Google search results listings can be manipulated for propaganda (Catalin Cimpanu)

Gene Wirchenko <genew@telus.net>
Thu, 10 Jan 2019 21:18:00 -0800
Catalin Cimpanu, ZDNet, 9 Jan 2019
https://www.zdnet.com/article/google-search-results-listings-can-be-manipulated-for-propaganda/

Google search results listings can be manipulated for propaganda
Dutch researcher argues that Google should remove support for knowledge panels.

opening text:

A feature of the Google search engine lets threat actors alter search
results in a way that could be used to push political propaganda, oppressive
views, or promote fake news.

The feature is known as the "knowledge panel", and is a box that usually
appears at the right side of the search results, usually highlighting the
main search result for a very specific query.

  [The article then gives details that, while I have not tried this myself,
  appear to suffice to reproduce the problem.]


Disney, Apple and Facebook will be among your new streaming options in 2019 (WashPost)

Monty Solomon <monty@roscom.com>
Tue, 8 Jan 2019 23:17:19 -0500
Overwhelmed by all the TV you haven't seen? Get ready for even more.

https://www.washingtonpost.com/classic-apps/the-new-streaming-services-you-should-watch-in-2019/2019/01/04/1c40d660-106c-11e9-831f-3aa2c2be4cbd_story.html


What Happens When Facebook Goes the Way of Myspace? (NYTimes)

Monty Solomon <monty@roscom.com>
Mon, 7 Jan 2019 21:29:32 -0500
If the past teaches us anything, it will happen one day. In fact, the
process might have already started.

https://www.nytimes.com/2018/12/12/magazine/what-happens-when-facebook-goes-the-way-of-myspace.html


Hackers Target Chromecast Devices, Smart TVs With PewDiePie Message (Variety)

Monty Solomon <monty@roscom.com>
Wed, 2 Jan 2019 22:16:06 -0500
Hackers Target Chromecast Devices, Smart TVs With PewDiePie Message
https://variety.com/2019/digital/news/chromecast-hacked-pewdiepie-1203097889/


Taking the smarts out of smart TVs would make them more expensive (The Verge)

Monty Solomon <monty@roscom.com>
Wed, 9 Jan 2019 22:48:15 -0500
https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019


Why it pays to declutter your digital life (bbc.com)

Richard Stein <rmstein@ieee.org>
Tue, 8 Jan 2019 19:20:10 +0800
http://www.bbc.com/future/story/20190104-are-you-a-digital-hoarder

"With the storage capacity of our devices increasing with every upgrade and
cloud storage plans costing peanuts, it might not seem like a problem to
hold on to thousands of emails, photos, documents and various other digital
belongings.

"But emerging research on digital hoarding—a reluctance to get rid of the
digital clutter we accumulate through our work and personal lives --
suggests that it can make us feel just as stressed and overwhelmed as
physical clutter. Not to mention the cybersecurity problems it can cause for
individuals and businesses and the way it makes finding that one email you
need sometimes seem impossible."

Digital storage ubiquity promotes monomaniacal behavior.

Horder iDisorder disorder? IDisorder Horder disorder?


Is Gamification Working in Security Training? (Channel Futures)

Gabe Goldberg <gabe@gabegold.com>
Sat, 5 Jan 2019 19:03:52 -0500
One need only to look at hacker games and competitions to see the compelling
allure of gamification in training and practice for security pros.

https://www.channelfutures.com/mssp-insider/is-gamification-working-in-security-training

Wait, what?


U.S. Announces Settlement With Fiat Chrysler Over Emissions (NYTimes)

Monty Solomon <monty@roscom.com>
Thu, 10 Jan 2019 21:34:06 -0500
https://www.nytimes.com/2019/01/10/business/fiat-chrysler-justice-emissions-settlement.html

The accord in lawsuits over false readings on diesel vehicles could cost
nearly $800 million, including penalties, fixes, warranties and
compensation.


Apple trolls Google at CES 2019 with massive iMessage privacy ad (Business Insider)

Monty Solomon <monty@roscom.com>
Tue, 8 Jan 2019 21:35:57 -0500
https://www.businessinsider.com/apple-google-ad-ces-2019-privacy-imessage-2019-1


Re: New Zealand courts banned ... (Drewe, RISKS-31.01)

Dimitri Maziuk <dmaziuk@bmrb.wisc.edu>
Fri, 4 Jan 2019 17:41:53 -0600
Is that the Google that removes the little padlock icon from their browser
because "the web is now safe by default"? The one that's pushing https down
our throats to ensure the ads we (don't) see came from bona fide
Google-paying advertisers?

Was it Bruce Schneier who said this isn't techno-feudalism because in
feudalism the feudal actually had obligations towards his vassals?

No obligation indeed.


Re: Huawei gives the US & allies security nightmares (RISKS-31.01)

Amos Shapir <amos083@gmail.com>
Mon, 7 Jan 2019 09:59:48 +0200
The initial role of the Internet (in its first incarnation as Arpanet) was
to provide a medium, detached from the phone network, for secure and stable
communication even during a nuclear emergency.

It's ironic is that the same network had become a Trojan horse within the
US national security infrastructure.


Re: USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea (RISKS-31.01)

Amos Shapir <amos083@gmail.com>
Mon, 7 Jan 2019 10:13:53 +0200
This is yet another symptom of the "US first" fallacy.  Such laws and
regulations are based on an inherent assumption that the US is first in
everything, so any new technology would be made in the USA, and the only way
adversaries could get it is by export from the USA.

During the encryption exports craze of the 1980's, I came into the US
carrying a computer board for an exhibition; I was employed by an American
company, but the board was designed and built in their Israeli branch.  When
leaving the US, I was stopped by customs—it seems the board's CPU was too
fast, so it was categorized as an encryption device.  I had no problem just
leaving it there, we had plenty more back home.  (I have no idea if the
company had ever redeemed the board, it may sill be stored in some customs
warehouse at JFK).


The AI Winter is coming

Mark Thorson <eee@dialup4less.com>
Fri, 11 Jan 2019 10:41:20 -0800
No, not that one.  The other one.

http://www.smbc-comics.com/comics/1547218636-20190111.png

Please report problems with the web pages to the maintainer

Top