The RISKS Digest
Volume 32 Issue 12

Monday, 20th July 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

‘Friendliest,’ not fittest, is key to evolutionary survival, scientists argue in their new book
The Hour
Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say intelligence agencies
CBC
Cloudflare DNS goes down, taking a large piece of the Internet with it
TechCrunch
Boeing's future is cloudy as it tries to restore credibility
WashPost
Seven ‘no log’ VPN providers accused of leaking—yup, you guessed it— 1.2TB of user logs onto the Internet
The Register
Outlook Woes: I have no email and I must scream
Computerworld
The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential
WiReD
Bottleneck for U.S. Coronavirus Response: The Fax Machine
NYTimes
The Role of Cognitive Dissonance in the Pandemic
The Atlantic
Machine Learning
MIT Tech Review
Re: The Dark Secret at the Heart of AI
Matthew Kruk
Re: An invisible hand: Patients aren't being told about the AI systems advising their care
Amos Shapir
Re: When tax prep is free, you may be paying with your privacy
Amos Shapir Chris Drewe
Re: Why Some Birds Are Likely To Hit Buildings
Richard Stein Craig S. Cottingham
Info on RISKS (comp.risks)

‘Friendliest,’ not fittest, is key to evolutionary survival, scientists argue in their new book (The Hour)

geoff goodfellow <geoff@iconia.com>
Mon, 20 Jul 2020 08:41:10 -1000

British naturalist Charles Darwin got it right, but maybe we got Darwin wrong.

Most people assume that Darwin was talking about physical strength when referring to survival of the fittest, meaning that a tougher, more resilient species always will win out over its weaker counterparts. But what if he didn't mean that at all?

Scientists Brian Hare and Vanessa Woods, both researchers at Duke University's Center for Cognitive Neuroscience, believe something else has been at work among species that have thrived throughout history, successfully reproducing to sustain themselves, and it has nothing to do with beating up the competition.

Their new book, Survival of the Friendliest: Understanding Our Origins and Rediscovering Our Common Humanity <https://amzn.to/30tOgez>, posits that friendly partnerships among species and shared humanity have worked throughout centuries to ensure successful evolution. Species endure — humans, other animals and plants - they write, based on friendliness, partnership and communication. And they point to many life examples of cooperation and sociability to prove it.

“Survival of fittest, which is what everyone has in mind as evolution and natural selection, has done the most harm of any folk theory that has penetrated society,” Hare says. “People think of it as strong alpha males who deserve to win. That's not what Darwin suggested, or what has been demonstrated. The most successful strategy in life is friendliness and cooperation, and we see it again and again.”

“Dogs are exhibit A. They are the extremely friendly descendants of wolves. They were attracted to humans and became friendly to humans, and changed their behavior, appearance and developmental makeup. Sadly, their close relative, the wolf, is threatened and endangered in the few places where they live, whereas there are hundreds of millions of dogs. Dogs were the population of wolves that decided to rely on humans - rather than hunting - and that population won big.”

In nature, for example, flowering plants attract animals to spread their pollen, forming a partnership that benefits both. “The plants provide food and energy, while the animals provide transportation for the pollen,” Hare says. […]

https://www.thehour.com/news/article/Friendliest-not-fittest-is-key-to-15419832.php


Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say intelligence agencies (CBC)

“Matthew Kruk” <mkrukg@gmail.com>
Thu, 16 Jul 2020 19:06:09 -0600

A hacker group almost certainly backed by Russia is trying to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries.

The Communications Security Establishment (CSE), responsible for Canada's foreign signals intelligence, said APT29 - also known as Cozy Bear and the Dukes - is behind the malicious activity.

The group was accused of hacking the Democratic National Committee before the 2016 U.S. election.

https://www.cbc.ca/news/politics/tunney-russia-alleged-attack-vaccine-canada-us-uk-1.5651697


Cloudflare DNS goes down, taking a large piece of the Internet with it (TechCrunch)

Lauren Weinstein <lauren@vortex.com>
Fri, 17 Jul 2020 15:13:13 -0700

https://techcrunch.com/2020/07/17/cloudflare-dns-goes-down-taking-a-large-piece-of-the-internet-with-it/


Boeing's future is cloudy as it tries to restore credibility (WashPost)

Gabe Goldberg <gabe@gabegold.com>
Sun, 19 Jul 2020 18:24:52 -0400

Boeing is also scrambling to prove it can fly astronauts safely to low Earth orbit. In December, a test flight of its Starliner spacecraft without any astronauts onboard ran into trouble as soon as it reached orbit. A software problem reminiscent of the issues with the 737 Max made the spacecraft think it was at a different point in the mission. As engineers moved to fix that problem, they uncovered another that could have caused the service module to collide with the crew module when they separated in flight. They were able to quickly send up a software fix to that problem so that the two modules separated cleanly.

The problems prevented the spacecraft from docking with the International Space Station, and Boeing had to bring the spacecraft home after just two days.

Since then, NASA and Boeing launched an investigation, and Boeing said it has better integrated its hardware and software teams, and has taken a hard look at its culture and processes. It's also reviewed all 1 million lines of code in the spacecraft “resulting in increased robustness of flight software,” the company said in a statement to The Post. […]

Nearly a decade after winning the Air Force contract to build a fleet of KC-46 Pegasus aerial refueling tankers, Boeing's assembly lines outside of Seattle have been busy. The company has delivered 34 of the planes so far.

But the military has said it won't be able to use them for most missions until at least 2023 because of persistent technical flaws.

The plane's boom, the long tube through which fuel is transferred, isn't flexible enough to safely link up with smaller jets. And the Defense Department's testing office has determined that the complex camera system that guides the boom into place isn't accurate enough. The Air Force also has repeatedly found trash, wrenches and other debris scattered inside newly delivered jets.

http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx


Seven ‘no log’ VPN providers accused of leaking—yup, you guessed it—1.2TB of user logs onto the Internet (The Register)

Lauren Weinstein <lauren@vortex.com>
Sat, 18 Jul 2020 08:20:36 -0700

https://www.theregister.com/2020/07/17/ufo_vpn_database/


Outlook Woes: I have no email and I must scream (Computerworld)

Gabe Goldberg <gabe@gabegold.com>
Sun, 19 Jul 2020 15:32:35 -0400

It turns out someone in Microsoft's quality assurance team (There is one, RIGHT!?) didn't bother to test the newest edition of Outlook with the latest version of Windows. I mean why would you want to check that e-mail, an application almost no one uses today, actually works with your main operating system??

The truth is there was never anything wrong with your PST files. Somehow, the combination of the newest versions of Outlook and Windows led to a total failure. The fix required you to manually edit your registry “ always a fun job for a user who's miles away from the closest tech support staff.

https://www.computerworld.com/article/3567355/outlook-woes-i-have-no-email-and-i-must-scream.html


The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 19 Jul 2020 15:39:10 -0400

By tearing down bootleg network switches, researchers found ample opportunity for malice—but no signs of a backdoor this time.

https://www.wired.com/story/counterfeit-cisco-switch-teardown/


Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 18 Jul 2020 10:32:02 -0400

Before public health officials can manage the pandemic, they must deal with a broken data system that sends incomplete results in formats they can't easily use.

https://www.nytimes.com/2020/07/13/upshot/coronavirus-response-fax-machines.html


The Role of Cognitive Dissonance in the Pandemic (The Atlantic)

Monty Solomon <monty@roscom.com>
Sat, 18 Jul 2020 12:52:48 -0400

The minute we make any decision — I think COVID-19 is serious; no, I'm sure it is a hoax—we begin to justify the wisdom of our choice and find reasons to dismiss the alternative.

https://www.theatlantic.com/ideas/archive/2020/07/role-cognitive-dissonance-pandemic/614074/


Machine Learning (MIT Tech Review)

“Peter G. Neumann” <neumann@csl.sri.com>
Thu, 16 Jul 2020 18:02:25 PDT

Machine learning is a black box. That makes it a double-edged sword?

https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai


Re: The Dark Secret at the Heart of AI (RISKS-32.11)

“Matthew Kruk” <mkrukg@gmail.com>
Sun, 19 Jul 2020 13:04:26 -0600

In 2016, a strange self-driving car was released onto the quiet roads of Monmouth County, New Jersey. The experimental vehicle, developed by researchers at the chip maker Nvidia, didn't look different from other autonomous cars, but it was unlike anything demonstrated by Google, Tesla, or General Motors, and it showed the rising power of artificial intelligence. The car didn't follow a single instruction provided by an engineer or programmer. Instead, it relied entirely on an algorithm that had taught itself to drive by watching a human do it.

https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai


Re: An invisible hand: Patients aren't being told about the AI systems advising their care (RISKS-32.11)

Amos Shapir <amos083@gmail.com>
Sun, 19 Jul 2020 11:04:29 +0300

A somewhat apocryphal story I've heard (but now cannot verify), at the time when AI systems were just making their first steps in the world:

A graduate student was tasked with generating an AI system to distinguish between benign and malignant cells in microscope images, for research at a local hospital. The hospital gave him a pile of images, and an oncologist doctor to help him decipher them.

So they sat down, and the doctor started to go over the images, stating “this is malignant, this is not, this is malignant…” The student had to stop her “but can you please explain a bit more about how you make the distinction?” She looked at him sternly and said “Look, young man; I've been doing this for 30 years now, and when I say it's malignant, it's malignant!.”

I hope AI systems had improved since then!


Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11)

Amos Shapir <amos083@gmail.com>
Sun, 19 Jul 2020 11:06:57 +0300

It seems that the old principle is still valid: “If you're not paying, you're not the customer, you're the merchandise.”


Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11)

Chris Drewe <e767pmk@yahoo.co.uk>
Sun, 19 Jul 2020 18:10:02 +0100

No such thing as a free lunch, as the saying goes. This has been the case for many other topics over the years; just from my memory:


Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)

Richard Stein <rmstein@ieee.org>
Fri, 17 Jul 2020 18:33:28 +0800

The bird strike term labels a cruel and unfortunate incident in use since 1988 per https://en.wikipedia.org/wiki/Bird_strike.

The FAA's wildlife strike reporting mechanism was a serendipitous discovery via web search query for bird strike while composing.

I was surprised to learn of the reporting system's existence, and supposed a simple calculation of incident rate would inform the flying public.


Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)

“Craig S. Cottingham” <craig@cottingham.net>
Fri, 17 Jul 2020 08:14:49 -0500

While I assume that the correspondent's tongue is planted in their cheek, I would like to point out that according to maritime rules of the road (and I would guess that aviation rules are similar), the more maneuverable craft is supposed to give way to the less maneuverable craft should their courses intersect. If I, operating a personal watercraft such as what is colloquially referred to as a jet ski, were mowed down by a Panamax-class container ship under the command of the correspondent, the latter would likely not be held responsible, as I should have given way to the bloody big fat and fast moving other vessel.

(Removing my tongue from my cheek at this point.)

Please report problems with the web pages to the maintainer

x
Top