Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
*San Francisco Chronicle*, 14 Sep 2020 https://link.sfchronicle.com/view/5f4624281f87ed47da50a19dcsz8z.1zl7/1366cfce> A mistake by Pacific Gas and Electric Co. may have played a role in one of the two days that California experienced rolling blackouts during an extreme heat wave last month.
Bruce Schneier covers "How weaponizing disinformation can bring down a city's power grid" linked here: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0236517 The attack has already happened and defenses are there, in London at least! People turning on thousands of kettles in TV ad breaks: https://en.wikipedia.org/wiki/TV_pickup Dinorwig Power Station, pumped hydro scheme built in 1974 (I understand but cannot prove) specifically for the Coronation Street TV show tea and toast ad breaks. I will use this little spot to suggest that a better vector is solar microinverters. RISKS readers no doubt love what went down in Hawaii (and in fact what stayed up): "...as you can imagine, service call costs to 51,000 solar homes equipped with 800,000 micro inverters quickly added up to tens of millions of dollars. Uniquely, Enphase (who are heavily data focused and driven) already had the ability to remotely connect to and tweak inverter settings. Could they simultaneously, remotely and precisely make this change? And measure its effectiveness? From their headquarters in Napa Valley, California?" Risk: Enphase install goes awry and an incomplete firmware upgrade causes 800k microinverters to reboot continuously, rapidly raising and lowering grid feed-in. Then there's tens of millions of dollars of house calls. https://www.theaustralian.com.au/business/business-spectator/news-story/something-astounding-just-happened-in-the-solar-energy-world/b94ca5dd20752e72c08913dd7609437f
Airbus has developed a new liquid-resistant integrated control panel for the A350, designed to avoid the risk to engine systems from accidental drink spillage in the cockpit. Its development follows two incidents, in November last year and January this year, in which A350-900s diverted as a result of uncommanded engine shutdowns linked to beverage spills on the panel.... https://www.flightglobal.com/safety/airbus-redesigns-a350-control-panel-to-resist-liquid-spillage/140045.article >From AVWeb: In both instances one of the engines shut down and couldn't be restarted.... ...It's not clear if the EASA [European Aviation Safety Administration] mandate will include bigger cup holders. There are at least two located well out of harm's way to the left of the captain and right of the FO but they're too small for the paper cups used by most airport vendors. https://www.avweb.com/aviation-news/airbus-spill-proofs-a350-consoles/
A Tesla driver was caught sleeping on Autopilot with their seat *fully reclined* at high speed, according to police who criminally charged the driver. Alberta RCMP (Canada federal police) reported on a strange incident involving a Tesla vehicle on Autopilot. “Alberta RCMP received a complaint of a car speeding on Highway 2 near Ponoka. The car appeared to be self-driving, traveling over 140 km/h [87 mph] with both front seats completely reclined and occupants appeared to be asleep.'' With this report, they shared the picture of a Tesla Model S vehicle on Twitter: Alberta RCMP received a complaint of a car speeding on Hwy 2 near #Ponoka <https://twitter.com/hashtag/Ponoka?src=hash&ref_src=twsrc^tfw>. The car appeared to be self-driving, travelling over 140 km/h [87 mph] with both front seats completely reclined & occupants appeared to be asleep. The driver received a Dangerous Driving charge & summons for court *pic.twitter.com/tr0RohJDH1* <https://t.co/tr0RohJDH1> RCMP Alberta (@RCMPAlberta) *September 17, 2020* <https://twitter.com/RCMPAlberta/status/1306600570791301123?ref_src=twsrc^tfw> Tesla Autopilot is not a “self-driving'' system but a suite of driver assist features. While it can technically drive autonomously on highways without driver interventions, Tesla asks drivers to keep their hands on the wheel and to pay attention at all times. The automaker also implemented a system that requires drivers to frequently apply light torque to the steering wheel in order for Autopilot to stay active. Some Tesla drivers have been getting around the system by *attaching a weight to the steering wheel* <https://electrek.co/2018/09/09/tesla-autopilot-buddy-hack-avoid-nag-relaunch-phone-mount-nhtsa-ban/> -- a practice considered dangerous by US regulators (and anyone with half a mind). In this incident, the police reported some strange behaviors from the vehicle, which was presumably on Autopilot: [...] https://electrek.co/2020/09/17/tesla-driver-caught-sleeping-autopilot-at-high-speed-criminally-charged-police/
A ransomware attack led to a patient's death in Germany <https://abcnews.go.com/International/wireStory/german-hospital-hacked-patient-city-dies-73069416>, authorities there said, marking the first known occasion of ransomware being directly linked to a person's demise in the hospital—and perhaps the most direct civilian demise caused anywhere by any kind of cyberattack. An investigation could lead to homicide charges, local press reported. News of the incident last week—where a patient had to be transferred to another city's hospital due to the ransomware and died because of the delay in treatment—first broke on Thursday. The attack apparently wasn't even targeting the hospital, but instead a university. A long-warned vulnerability in Citrix tied to the attack generated another German cybersecurity agency alert. <https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2020/UKDuesseldorf_170920.html> [linked document in German]. Cybersecurity experts have been warning for some time<https://twitter.com/maurertim/status/1306634686819598336> about a cyberattack causing the death of a medical patient, but the link has usually been seen far more indirectly<https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/>. Industry voices took to Twitter to lament the death, sometimes in profane terms. <https://twitter.com/uuallan/status/1306616852232245248> “If you ever wondered why the unsung jobs of IT admins [are] so thankless, if they succeed, they are invisible, whereas if they fail - we all fail & people die, tweeted Katie Moussouris, CEO of Luta Security. <https://twitter.com/k8em0/status/1306629656074809345> See also: https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity
*Takeaways* For years, law enforcement officials have warned that, because
of encryption, criminals can hide their communications and acts, causing law
enforcement to struggle to decrypt data during their investigation—a
challenge commonly referred to as “going dark.'' They called on technology
companies to build a process, like a “master key,'' to enable law
enforcement to unlock encrypted communications. While this may seem like a
tempting idea, it would have grave implications for our national security.
As more and more of our communications move online, users seek out encrypted
services to protect their privacy. Unlike telephonic communications, and
despite repeated requests by law enforcement to do so, Congress has not
required Internet communications platforms to give law enforcement access to
intercept user communications or access stored communications. In this
paper, we assess the national security risks to a requirement to provide
that master key (referred to throughout as “exceptional'' or “backdoor''
access) to encrypted communications and propose alternative approaches to
address online harms.
In short, requiring exceptional access to encrypted technologies would
undermine national security by:
1. Weakening protections for the information that the national security
community relies upon, especially as it flows over foreign networks.
2. Creating a vulnerability in encrypted communications that could be
accessed by foreign adversaries.
3. Encouraging other countries to require tech and Internet companies
to provide equivalent access to communications within their boundaries.
4. This does not mean that the Internet should be a lawless zone. Law
enforcement and the private sector can and should cooperate in addressing
crimes on the Internet and can do so without undermining a protection as
fundamental as encryption. [...]
https://www.thirdway.org/report/weakened-encryption-the-threat-to-americas-national-security
Thinking of buying a new phone, just for high-speed mmWave 5G? Do yourself a favor: Don't. https://www.computerworld.com/article/3575510/at-this-point-5g-is-a-bad-joke.html The risk? Marketing.
https://phys.org/news/2020-09-mobile-insects-german.html "Mobile phone and Wi-Fi radiation in particular opens the calcium channels in certain cells, meaning they absorb more calcium ions. "This can trigger a biochemical chain reaction in insects, the study said, disrupting circadian rhythms and the immune system." "Peter Hensinger of the German consumer protection organisation Diagnose Funk said closer attention must be paid to the possible negative effects of radiation on both animals and humans, particularly with regard to the introduction of 5G technology." The insect apocalypse threatens to disrupt food chains and our ecosystem. Do WiFi and cellular device and tower radiation exposure also contribute to premature insect mortality? Photon energy is determined by E = h*f (h == Planck's constant, f == frequency). Ultraviolet-C photons, known to cause melanoma, range in energy between ~4.5-12.4 eV (see https://en.wikipedia.org/wiki/Ultraviolet). 4.5 eV ~= 1100 THz; 12.4 eV ~= 3000 THz. A microwave oven operates @ ~2.5 GHz (~0.01 milli-electron volts). 5G technology (at a maximum) operates at ~30GHz (0.03 THz) or ~0.12 milli-electron volts which is insufficient, via the photoelectric effect, to ionize an atom in a DNA's amino acid during reproduction and elevate genetic mutation probability. A certain species of bacteria has evolved a mechanism to survive ionizing radiation exposure. See https://en.wikipedia.org/wiki/Deinococcus_radiodurans. Doubtful that insects inherited this capability. Humans do not possess these genes. Note that room temperature of 300 degrees Kelvin (25 degrees Celsius or ~77 degrees F) ~= 0.026 eV which is ~200X greater than the energy of a 30 GHz radio-wave photon. Ambient thermal energy, inside or out, swamps cell phone radiation. DNA evolved to accommodate heat exposure. Do RF sources influence insect cell membrane ion mobility and initiate premature death? https://www.nature.com/articles/s41598-018-22271-3 (MAR2018) documents effects of RF exposure on several insect species using 2-120 GHz radio-waves. Their conclusion: "This could lead to changes in insect behavior, physiology, and morphology over time due to an increase in body temperatures, from dielectric heating." 'Could' is the operative word. What happens when Drosophila Melanogaster are exposed to 30 GHz radio-wave radiation for 1 hour each day? Fruit flies experience slight warming for 1 hour. Atmospheric garden heat exposes a fruit fly to 200 times the photon energy emitted by cellular radio-wave photons. To my knowledge, there are no established (meaning non-conflicted, independent peer-review) links to non-ionizing radiation and vitality, be it insect or human. Ambient RF radiation contribution to mortality, human or insect, is impossible given physics. Where are the epidemiological clusters and studies of human glioblastomas (brain cancer) or other malignancies from earlier generations of cellphone use and persistent exposure to ambient RF from cellphone towers or radio and TV broadcasts? They do not exist. Habitat loss and pesticide exposure are known, obvious insect mortality contributors. Atmospheric influences (such as extra CO2, CH4, SO2, or pollution or aerosols ) on insect populations are likely contributors (see https://en.wikipedia.org/wiki/Decline_in_insect_populations#Causes_and_consequences). The original publication on Germany's mitigation of insect demise is here: https://phys.org/news/2020-08-germany-dim-night-insects.html.
Electronic devices can be surprisingly leaky, often spraying out information for anyone close by to receive. [Docter Cube] has found another such leak, this time with the speakers in iPhones. While repairing an old AM radio and listening to a podcast on his iPhone, he discovered that the radio was receiving audio the from his iPhone when tuned to 950-970kHz. [Docter Cube] states that he was able to receive the audio signal up to 20 feet away. A number of people responded to the tweet with video and test results from different phones. It appears that iPhones 7 to 10 are affected, and there is at least one report for a Motorola Android phone. The amplifier circuit of the speaker appears to be the most likely culprit, with some reports saying that the volume setting had a big impact. With the short range the security risk should be minor, although we would be interested to see the results of testing with higher gain antennas. It is also likely that the emission levels still fall within FCC Part 15 limits. [...] https://hackaday.com/2020/09/18/listening-to-an-iphone-with-am-radio/
[via geoff goodfellow] we give autonomy to a lot of IOT devices/applications; maybe that is not quite independent behavior. Are stock programmed trading systems conscious? yes - they take in input, process, produce output that affects the real world (stock market). They are capable of unexpected behaviors (bugs). If based on machine learning, they are also capable of "breaking" owing to unpredicted situations. > https://www.wired.com/story/is-the-internet-conscious-if-it-were-how-would-we-know/
The Voatz letter was published today, available at https://disclose.io/voatz-response-letter/. Thank you to everyone who signed on and contributed! The letter was featured in this week's Politico cybersecurity newsletter<https://www.politico.com/newsletters/weekly-cybersecurity/2020/09/14/previewing-the-annual-cisa-cyber-summit-790384>.
> But if each ballot voted has to be checked to make sure it is not > a second ballot, then the disruption factor is ENORMOUS. Actually, not every ballot needs to be checked. Here's how it works: If you vote by mail, when the envelope is received and your signature validated, it's recorded that you voted. If you send in another vote by mail ballot, when they try to validate your signature, the system will report you have already voted. This is automatic and done when your signature is checked. So let's say you go to vote in person. If you are doing a same-day registration, you vote conditionally. The conditional ballot is handled the same as a provisional ballot. If you have your vote by mail ballot and surrender it to the election workers, they then print you a new ballot, and you vote in person. If you do not have your vote by mail ballot, you then vote provisionally. In all cases, if you have already signed the poll book, you vote provisionally. So the time-consuming checking is in processing the provisional and conditional ballots. That can take quite a while; according to the election officials in my county (Yolo), it can take 2-3 weeks to process them. It took a bit longer at the last election due to COVID-19, but the Secretary of State extended the dates. Hope this clarifies things. [Of course, some precincts don't use electronic poll books, and are manual. Mine has a paper list that one has to sign that cannot indicate whether you have already voted absentee. When the absentee ballots are tallied later, the paper record would have to checked. PGN]
https://edition.cnn.com/2020/09/18/business/honey-bee-technology-sensors-spc-intl/index.html The pollination industry contributes ~US$ 180B annually to agribusiness. Avocados and almonds depend on pollination, as do ~1/3 of all commercial crops. Pesticides and fungicides—agricultural chemicals—jeopardize pollinator survival. Bee apiaries fail at a high rate: ~44% die off annually, threatening agriculture yields. Hive inspection is time-consuming and laborious. Enter the wireless beehive sensor to remotely monitor hive health for temperature, humidity, sound, etc. and supply the beekeeper with important indicators of vitality or decline. Risks: Sensor calibration errors. Telemetry processing hacks manipulate hive performance indicators. [A few bugs to work out before a beeline to IPO?] See https://askabiologist.asu.edu/bee-dance-game/ for an algorithm and game that simulates bee dances. Not hard to imagine an ambitious future roboticist who designs and builds robobees that out-compete natural pollinators.
Nearly two thirds of people in leading Western European countries would consider augmenting the human body with technology to improve their lives, mostly to improve health, according to research commissioned by Kaspersky. As humanity journeys further into a technological revolution that its leaders say will change every aspect of our lives, opportunities abound to transform the ways our bodies operate from guarding against cancer to turbo-charging the brain. The Opinium Research survey of 14,500 people in 16 countries including Britain, Germany, France, Italy and Spain showed that 63% of people would consider augmenting their bodies to improve them, though the results varied across Europe. In Britain, France and Switzerland, support for augmentation was low - at just 25%, 32% and 36% respectively - while in Portugal and Spain it was much higher - at 60% in both. “Human augmentation is one of the most significant technology trends today,'' said Marco Preuss, European director of global research and analysis at Kaspersky, a Moscow-based cybersecurity firm. “Augmentation enthusiasts are already testing the limits of what's possible, but we need commonly agreed standards to ensure augmentation reaches its full potential while minimising the risks,'' Preuss said. [...] https://www.reuters.com/article/idUSKBN2680KP
Nathan Munn, *Vice*, 1 Sep 2020 (via David Farber) Police across Canada are increasingly adopting algorithmic technology to predict crime. The authors of a new report say human rights are threatened by the practice. <https://www.vice.com/en_us/article/k7q55x/police-across-canada-are-using-predictive-policing-algorithms-report-finds> Police across Canada are increasingly using controversial algorithms to predict where crimes could occur, who might go missing, and to help them determine where they should patrol, despite fundamental human rights concerns, a new report has found. To Surveil and Predict: A Human Rights Analysis of Algorithmic Policing in Canada is the result of a joint investigation by the University of Toronto's International Human Rights Program (IHRP) and Citizen Lab. It details how, in the words of the report's authors, “law enforcement agencies across Canada have started to use, procure, develop, or test a variety of algorithmic policing methods,'' with potentially dire consequences for civil liberties, privacy and other Charter rights, the authors warn. The report breaks down how police are using or considering the use of algorithms for several purposes including predictive policing, which uses historical police data to predict where crime will occur in the future. Right now in Canada, police are using algorithms to analyze data about individuals to predict who might go missing, with the goal of one day using the technology in other areas of the criminal justice system. Some police services are using algorithms to automate the mass collection and analysis of public data, including social media posts, and to apply facial recognition to existing mugshot databases for investigative purposes. “Algorithmic policing technologies are present or under consideration throughout Canada in the forms of both predictive policing and algorithmic surveillance tools.'' Police in Vancouver, for example, use a machine-learning tool called GeoDASH to predict where break-and-enter crimes might occur. Calgary Police Service (CPS) uses Palantir's Gotham software to identify and visualize links between people who interact with the police—including victims and witnesses—and places, police reports, and the properties and vehicles they own. (A draft Privacy Impact Assessment (PIA) conducted by CPS in 2014 and mentioned in the report noted that Gotham could “present false associations between innocent individuals and criminal organizations and suspects'' and recommended measures to mitigate the risk of this happening, but not all the recommendations have been implemented.) The Toronto Police Service does not currently use algorithms in policing, but police there have been collaborating with a data analytics firm since 2016 in an effort to “develop algorithmic models that identify high crime areas,'' the report notes. The Saskatchewan Police Predictive Analytics Lab (SPPAL), founded in 2015, is using data provided by the Saskatoon Police Service to develop algorithms to predict which young people might go missing in the province. The SPPAL project is an extension of the “Hub model'' of policing, in which social services agencies and police share information about people believed to be “at risk'' of criminal behavior or victimization. The SPPAL hopes to use algorithms to address “repeat and violent offenders, domestic violence, the opioid crisis, and individuals with mental illness who have come into conflict with the criminal justice system,'' the report reads. “We've learned that people in Canada are now facing surveillance in many aspects of their personal lives, in ways that we never would have associated with traditional policing practices,'' said Kate Robertson, a criminal defense lawyer and one of the authors of the report, in a phone call with Motherboard. “Individuals now face the prospect that when they're walking or driving down the street, posting to social media, or chatting online, police surveillance in the form of systematic data monitoring and collection may be at work,'' Robertson added. The authors note that “historically disadvantaged communities'' are at particular risk of being targeted for surveillance and analysis by the technology due to systemic bias found in historical police data.
For two decades, Onel de Guzman has been suspected of unleashing the groundbreaking virus. But he's never confessed to anything—until now. https://www.wired.com/story/the-20-year-hunt-for-the-man-behind-the-love-bug-virus/
Author writes: Trying to get a human on the line when you're trapped in some company's automated phone system is like whacking your way through a jungle with a pair of toenail clippers. Impossible. Interminable. Maddening. I am here today to offer two magic words to free you from the wilderness. We've all been there: You have a problem. You need a person. Instead, you're trapped with a computer that keeps chirping, "I'm sorry. Did you mean ...?"¿ What I meant, @#$$%^, is: @#$! you. And those, I regret to say, are the magic words. https://www.chicagotribune.com/news/ct-xpm-2012-08-31-ct-met-schmich-0831-20120831-story.html
*A 6,600-word internal memo from a fired Facebook data scientist details how the social network knew leaders of countries around the world were using their site to manipulate voters—and failed to act.* “I've found multiple blatant attempts by foreign national governments to abuse our platform on vast scales to mislead their own citizenry, and caused international news on multiple occasions. I have personally made decisions that affected national presidents without oversight, and taken action to enforce against so many prominent politicians globally that I've lost count.'' [...] https://www.buzzfeednews.com/article/craigsilverman/facebook-ignore-political-manipulation-whistleblower-memo
It started with the district hiring a little-known virtual charter school company, which led to balky connections and an even more troublesome curriculum. https://www.wired.com/story/epic-tech-errors-hobbled-miamis-schools/
Kate Sheridan, StatNews, 14 Sep 2020 <https://www.statnews.com/2020/09/14/23andme-study-covid-19-genetic-link/>
A new report explains COVID-19's impact on #cybersecurity, detailing changes in cyberattacks experts at @Cynet360 have observed across North America and Europe since the beginning of this pandemic. https://thehackernews.com/2020/09/covid-cybersecurity-report.html
Take 2m physical distance guide, square for area/person, which seems reasonable and is the Australian guideline I believe, and convert to sq.ft.: $ units \(2m\)^2 ft^2 43.055642 ft^2 One Canadian indoor store selling outdoor goods seems to have gone an order higher: https://www.mec.ca/en/explore/precautions $ units 20m^2 yd^2 23.919801 yd^2 Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
Please report problems with the web pages to the maintainer