Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Driven by Social Media, Amateurs Rush In to Squeeze Top Funds Matt Phillips and Taylor Lorenz, The New York Times, 28 Jan 2021, front page
For example, GameStop share prices went from under $40 to $347,51 in less than a week. GameStop had been shorted by professionals, and boosted by some cleverness by “millions of amateur traders collectively taking on some of Wall Street's most sophisticated investors.” [PGN-ed]
This is a remarkable David-and-Goliath tale, with a lot of Alices and Bobs participating as well. Or might it be the tale wagging the dog? PGN
Other items on this story:
Reddit traders cause Wall Street havoc by buying GameStop https://thehill.com/policy/finance/536212-reddit-traders-cause-wall-street-havoc-by-buying-gamestop>
https://www.bloomberg.com/opinion/articles/2021-01-27/reddit-driven-surge-puts-gamestop-and-ryan-cohen-in-a-weird-spot Amateur online traders fueled by discussions on Reddit sent shares of a struggling video game retailer flying Wednesday, a moment that is underscoring the divorce between the skyrocketing values of companies and the pain in the real economy.
Kate Kelly and Matt Phillips, The New York Times, 29 Jan 2021 GameStop Trading Spree Ends As Online Brokers Hit Brakes A day after GameStop shares rose 135% … Robinhood, the stock-trading app at the center of it all, clamped down.
Insert: The GameStop Reckoning Was a Long Time Coming
This week, gleeful online hordes turned the stock market upside down. This shouldn't come as a surprise. https://www.nytimes.com/2021/01/28/technology/gamestop-stock.html
https://www.cnn.com/2020/06/19/business/robinhood-suicide-alex-kearns/index.html
Ah, yes, another case of mistaken social media handle identity.
The World Wide Robin Hood Society, based in the heart of Sherwood, Nottingham, England, has a bunch of new followers on Twitter.
CNN's Brian Fung observed, “People appear to be following @robinhood en masse without realizing that the handle belongs to the Robin Hood society in the UK, not the stock trading platform.”
The sweeping campaign took advantage of the collaborative spirit among researchers, with an unknown number of victims.
https://www.wired.com/story/north-korea-hackers-target-cybersecurity-researchers/
Store surveillance video captured this wild scene in China: a phone battery exploding after a man bites into it. The clip has gone viral on Chinese social media.
https://boingboing.net/2021/01/28/phone-battery-explodes-after-man-bites-into-it-video.html
Exploding battery - if in US, would result in “Do not bite battery” labels
Backhoes on the loose again?
A global operation has taken down the notorious botnet in a blow to cybercriminals worldwide.
https://www.wired.com/story/emotet-botnet-takedown/
Robotic police officers are slowly being normalized, whether we like it or not
“I worry about when we move out of the stage where police robots are just photo opportunities. We're going to eventually have to confront the scenario in which robots that police have to make decisions, and when the time comes that a police robot makes the wrong decision — somebody gets hurt or the wrong person gets arrested — police robots are not people,” Guariglia says. “You can't reprimand them.”
What if the robot falsely identifies them as a criminal and gets them arrested? Who will be held responsible for that? You can't fire a robot or charge it with a crime.
Guariglia also notes that these robots can easily be outfitted with all kinds of surveillance technology, and they could become “roving surveillance towers.” He says a robot might be assigned to a high-crime neighborhood to conduct near-constant surveillance and call the police when it suspects it's identified a criminal, whether it has or not.
Imagine you're walking down the street and a police robot orders you to stop. It believes you're wanted for a crime and calls the police on you. The police arrive and take you to jail. You're released once they figure out that they've arrested the wrong person. They blame the robot's algorithm, and there's nothing you can do about it. It's a dystopian future we could be fast approaching.
https://www.digitaltrends.com/features/robot-law-enforcement-normalization/
Not a word about whether any of these are autonomous or manually controlled. Just a bit overwrought.
The same legalese that can ban Donald Trump from Twitter can bar users from joining class-action lawsuits. Its time to fix the fine print.
https://www.nytimes.com/2021/01/23/opinion/sunday/online-terms-of-service.html
Every year, tens of millions of Americans collectively lose billions of dollars to scam callers. Where does the other end of the line lead?
https://www.nytimes.com/2021/01/27/magazine/scam-call-centers.html
The Boston Globe has joined a handful of newsrooms around the country doing something once unthinkable: changing old articles because they are ruining a person's life.
What next? Allowing supplying alternate replacement versions?
https://www.cbc.ca/news/world/cybercrime-botnet-derailed-canadian-arrested-1.5890484
“…“This is a really big deal. Emotet was one of the largest, if not the largest, botnets delivering a wide variety of malware. Their botnet consisted of hundreds of thousands compromised hosts which were used to send more than 10 million spam and phishing emails a week,“ said Allan Liska, an analyst with Recorded Future.”
“A South Dublin woman has brought High Court proceedings against Facebook after a hacker took over and locked her out of her account.”
School districts in Northern Virginia said the Verizon Fios outage on the East Coast is impacting students and staff.
I am volunteering, under the auspices of a well-known organization, at the vaccination centres being set up in England. While I don't get paid for this, I am allowed to claim mileage because it's a 75 mile round trip at present and about to become 130 miles when I change centres.
After some minor teething troubles, I have finally got access to the web site used for making claims and start my first claim. In the UK, all bank accounts have an 8 digit number and a 6 digit “sort code”, usually written in the form “12-34-56”. The form asks me to enter both of these, in different boxes. The latter says “enter sort code as 6 digits, either with or without dashed”.
The web site is dynamic so that valid answers have a green background and invalid (or not-yet-filled-in) ones have a pink background. The account number was accepted but the sort code was rejected. I try taking out the dashes in case the instructions were wrong but, no, that doesn't help. I wonder if they're using a validation database so try the sort code of a different account at a different bank. No, doesn't help. I dig through my memory and come up with the sort code from an account I had held for 30 years but eventually closed. No, that doesn't work either. I even try logging out, logging in again, and starting over. No dice.
Eventually I get annoyed enough that I type “123456” in the box. Green! “111111”? Pink for the first five digits, then green on the sixth. “999999”, the same. “000000”, stays pink. Hmm. “012345”: stays pink. “111110”: pink. “111112”: green.
Yes, it doesn't accept “0” as a digit (it doesn't accept “O” either; I tried). And all three of my accounts had at least one zero in their sort code (the first one has two, including a leading zero).
My calculator says this should be rejecting 47% of possible sort codes and a higher proportion of issued ones, including all those used by at least three major banks and also the codes allocated to the Bank of England!
I've been seeing mentions of Amazon Sidewalk, and how it is going to destroy security and privacy as we know it. There was some mention of it on the “community.” But it is, of course, the RISKS Forum Digest that finally got me to read up and figure out what it is all about.
Lo and behold, Sidewalk is my old friend PeopleNet, or PopulistNet. https://blogs.securiteam.com/index.php/archives/1390 Well, a sort of cut-down version of it, and limited to Amazon devices (and therefore completely owned by Amazon, which sort of defeats the original purpose). But, I suppose it is a start.
(By the way, if Amazon has patented any of this, my article was published in 2010, so it could probably invalidate some of the patents by being prior art.)
Amazon has attempted to head off some of the undoubted complaints about security and privacy by detailing some provisions of security for the Sidewalk network, and publishing those in a white paper. https://m.media- amazon.com/images/G/01/sidewalk/final_privacy_security_whitepaper.pdf Stripped to it's essentials, it's basically a version of Tor. There are “layers” of encryption, corresponding the the OSI application and network layers (and one more “just for show,” as Tevye would put it). There is also a promise to limit bandwidth (which probably has as much to do with preventing usage-based denial of service as anything else).
In regard to encryption, key exchange is vital. Sidewalk relies upon Ephemeral Elliptic Curve Diffie-Hellman. A decent protocol, to be sure, but what kind of key size are we talking about? Then there is the blythe promise of “random” key generation. (We know that “random” is not possible, and there is no detail on how any pseudorandom data is generated.) (There is a good deal of digital certification going on, and there is a kind of certificate revocation list, which is comforting. At least they seem to have covered the basics.)
Amazon's use of encryption is supposed to protect privacy, but the wording that the Sidewalk Network Server makes it “difficult” to de-anonymize data implicitly admits that it isn't impossible. It will be interesting to see, with the aggregation of undoubtedly huge amounts of data, how difficult or easy this might be.
When I first proposed PopulistNet, I knew that securing such communications would be a non-trivial task. I still hope for some kind of open-source exploration of the idea on a much wider scale than Amazon. Sidewalk does provide some ideas for the securing of such a system.
Months after the first sighting of the jet pack guy over Southern California, we get new insights into the official investigation into the incidents.
Months after an initial report <https://www.thedrive.com/the-war-zone/36096/airline-pilots-landing-at-lax-report-a-guy-in-jetpack-flying-alongside-them-on> from airline pilots about seeing what appeared to be an individual flying alongside them using a jet pack as they came in to land at Los Angeles International Airport, that incident <https://www.thedrive.com/the-war-zone/36786/heres-the-faa-report-and-full-audio-from-the-mysterious-jetpack-guy-incident-near-lax>, and subsequent encounters in southern California <https://www.thedrive.com/the-war-zone/37071/another-guy-in-a-jetpack-was-spotted-by-airliners-descending-into-lax-we-have-the-audio> <https://www.thedrive.com/the-war-zone/38403/video-taken-by-pilots-of-what-could-be-the-elusive-los-angeles-jet-pack-guy-emerges>, remains as curious and unexplained as ever. Newly obtained documents from the Federal Aviation Administration show officials there were also stumped after the first sighting. At the same time, they were asking similar questions and considering one of the exact same possible explanations that we here at The War Zone have also explored. <https://www.thedrive.com/the-war-zone/38403/video-taken-by-pilots-of-what-could-be-the-elusive-los-angeles-jet-pack-guy-emerges>
John Greenewald, a vigorous filer of Freedom Of Information Act (FOIA) requests and author, who runs the website The Black Vault <https://www.theblackvault.com/>, received the documents through the FOIA process and generously shared them with The War Zone. You can read the documents in their entirety over at The Black Vault by clicking here <https://www.theblackvault.com/documentarchive/jetpack-sighting-over-los-angeles-international-airport-lax-august-30-2020>. The records cover discussions between various FAA officials regarding the first of these recent jet pack-related sightings near Los Angeles International Airport, or LAX, on 30 Aug 2020. You can read more about that incident specifically in these previous War Zone stories […] <https://www.thedrive.com/the-war-zone/36786/heres-the-faa-report-and-full-audio-from-the-mysterious-jetpack-guy-incident-near-lax> <https://www.thedrive.com/the-war-zone/36096/airline-pilots-landing-at-lax-report-a-guy-in-jetpack-flying-alongside-them-on>
Zombie versions of Adobe's troubled software can still cause problems in systems around the world.
https://www.wired.com/story/zombie-flash-security-problems/
Jeremy Lechtzin, Brooklyn's Big Street Address Mess: A Wild Tale of Total Civic Disfunction; Change of Address; The Solution Sowed Even More Confusion The New York Times online, 27 Jan 2021 https://www.nytimes.com/interactive/2021/01/27/nyregion/brooklyn-streets-numbers-renaming.html
A decades-long effort to organize addresses in the mid-1800s was plagued by the incompetence and grift of city leaders.
> [John Levine noted that in the 1980s a bunch of unexpected acceleration > events in Audi 100's were also due to pedal confusion. Audi recalled them > to move the pedals farther apart and to add an interlock so you had to > step on the brake before putting the car in gear.
This is a prevalent but misleading description of the Audi 100/5000 issue. (Not picking on John Levine here. You can find such a summary description almost anywhere. But RISKS readers deserve to know the whole story.)
In reality, there was a vehicle defect that initiated the event, and human drivers got blamed for imperfect reactions to a surprise wide-open-throttle situation in a parking lot.
The original source is: Study of mechanical and driver-related systems of the Audi 5000 capable of producing uncontrolled sudden acceleration incidents, DOT-TSC-NHTSA-88-4, Dec. 1988, Appendix H. https://archive.org/details/Audi5000UAReport
Abstract: “Some versions of Audi idle-stabilization system were prone to defects which resulted in excessive idle speeds and brief unanticipated accelerations of up to 0.3g. These accelerations could not be the sole cause of SAIs, but might have triggered some SAIs by startling the driver.” (“SAI” = Sudden Acceleration Incident)
Pages 1-6 to 1-7: “The Audi 5000 has mechanical and electronic failure modes that could induce engine surging and produce unexpected increases in engine power.” … “Failures in the idle-stabilizer system, and to a much lesser extent the cruise control system, were identified which are capable of initiating an SAI without leaving evidence detectable under normal test procedures.” … “It can therefore be concluded that once unwanted acceleration has begun, pedal misapplication resulting from panic, confusion, or perhaps unfamiliarity with the Audi 5000 contributes to the severity of the incident.”
The data I've seen puts 0.3g as on a par with 0-60 maximum acceleration numbers for that vehicle. Contrast the abstract “triggered” with the text “contributes to the severity”.
As far as I can tell, this report is the genesis of the pedal misapplication narrative commonly at play in cases such as the recent Tesla outcome. (There is a 1989 follow-on report that elaborates that narrative: DOT-HS-807-367.)
For those who want to dig deeper, a SAFECOMP 2018 paper covers the history of this RISK-y narrative of blaming the driver by default while, in many cases, failing to rule in a sufficient scope of potential computer-based system defects. (For example, perhaps the accelerator pedal is read incorrectly due to defective software. That same incorrect data commands engine power, and is also sent to the data recorder. But this is just a hypothetical; I've not looked at the Tesla situation.) https://users.ece.cmu.edu/~koopman/pubs/koopman18_safecomp.pdf
Some years ago, someone stole a check sent to the city of “Kearny, N.J.”, endorsed it Nathan Kearny, and cashed it. There's a lot of ways to be ambiguous.
This sounds like an urban legend but it was reported on August 23, 1973, in The New York Times.
Seeing the freezer story in 32.46 I remembered this one.
https://www.wltribune.com/news/power-outage-spoils-covid-19-vaccine-at-tletinqox/
Please report problems with the web pages to the maintainer