The RISKS Digest
Volume 32 Issue 91

Saturday, 30th October 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Lettering on clothes mistaken for license plate
BBC
Florida Humidity Grounded Starliner
AVweb
Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away after apparent software bugs
WashPost
Blue Line Train Had Derailed Twice Before On The Same Day: NTSB
Patch
Surprise Russian Thruster Firing Prompts Space Station Emergency
NYTimes
Russia's Massive Internet Censorship Project
NYTimes
Gun-toting robo-dogs look like a dystopian nightmare. That's why they offer a powerful moral lesson
phys.org
Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor.
Archive
I *really* hate Hopin ...
Rob Slade
Left vs. Right VS. Facebook
Lauren Weinstein
I’m Not a Pilot, but I Just Flew a Helicopter Over California
NYTimes
Anonymity No More? Age Checks Come to the Web.
NYTimes
These Neural Networks Know What They're Doing
MIT News
Apple and Privacy
Lauren Weinstein
Ransomware Activity Report
Googleapis
Ransomware attack knocks some Sinclair television stations off the air
WashPost
Pirate-site operator hacked MLB and tried to extort $150,000, feds say
Ars Technica
Zero-Day Hacking Attacks Set New Record In 2021
MIT Tech Review
Banning anonymous social media accounts would only stifle free speech and democracy
The Guardian
No ink, no scan: Canon USA printers hit with class-action suit
ZDNet
Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend
ZDNet
Tech workers warned they were going to quit. Now, the problem is spiraling out of control
ZDNet
Re: Elevator-Pitch Privacy
Arthur T.
Re: Trans man says confusion caused cervical screening delay
Amos Shapir
Info on RISKS (comp.risks)

Lettering on clothes mistaken for license plate (BBC)

Mark Brader <msb@Vex.Net>
Thu, 21 Oct 2021 18:11:22 -0400 (EDT)
  A bus lane camera mistook a woman's sweater for a number plate, and her
  husband received a fine for driving in the bus lane.  The camera
  interpreted the word 'KNITTER' as her husband's number plate KN19TER.
  [She would have been *number* if the bus had hit her in the pedestrian
  crossing, but apparently the bus *letter* go.  Item PGN-ed]

http://www.bbc.co.uk/news/uk-england-somerset-58959930


Florida Humidity Grounded Starliner (AVweb)

"Gabe Goldberg" <gabe@gabegold.com>
Mon, 25 Oct 2021 15:15:52 -0400
Boeing’s Starliner spacecraft’s valves may have frozen because they couldn’t
handle Florida’s humidity, according to a report by United Press
International.  UPI quotes NASA and Boeing spokespeople as saying the famous
Florida stickiness may have caused corrosion in the valves that kept them
from functioning prior to an uncrewed test launch of the capsule in
August.  The fuel oxidizer that flows through some of those valves
apparently reacted to the humidity and the resulting corrosion locked up the
valves.

https://www.avweb.com/aviation-news/florida-humidity-grounded-starliner/

How could anyone predict or plan for that?

  [Let us not forget the loss of the Challenger shuttle, when the scientists
  had warned that the O-rings would not hold at subfreezing temperatures.
  PGN]


Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away after apparent software bugs (WashPost)

"Gabe Goldberg" <gabe@gabegold.com>
Mon, 25 Oct 2021 14:45:38 -0400
The company has come under criticism from regulators for practices
related to its Full Self-Driving beta.

https://www.washingtonpost.com/technology/2021/10/24/tesla-full-self-driving-musk/

Let's all look forward to wondering how our cars will drive TODAY...


Blue Line Train Had Derailed Twice Before On The Same Day: NTSB (Patch)

"Gabe Goldberg" <gabe@gabegold.com>
Tue, 19 Oct 2021 14:02:23 -0400
Federal investigators uncovered two previous derailments by the same
train on the same day last week and other unreported Metro failures.

Through its investigation of the derailment, NTSB learned that the
Washington Metropolitan Area Transit Authority (WMATA) was aware of
potential problems with the wheel and axel assembles of its Series 7000
trains since at least 2017.

WMATA told inspectors that Metro trains had experienced two failures of
their wheel assembles in both 2017 and 2018, four failures in 2019, five
in 2020, and 18 in 2021.

"That was before Friday, and that totaled 31," she said. "Adding to that
number are the failures that were uncovered as a result of their
inspections, which were initiated on Friday, which uncovered, so far, an
additional 21 failures."

In all, Homendy said the Series 7000 cars had experienced 39 failures in
2021 for a total of 52 failures since 2017. She added that those were
preliminary numbers.

"Of the 748 cars in the series, they have inspected 514, so that number
could go up," Homendy said.

https://patch.com/district-columbia/washingtondc/blue-line-train-had-derailed-3-times-same-day-ntsb


Surprise Russian Thruster Firing Prompts Space Station Emergency (NYTimes)

"Gabe Goldberg" <gabe@gabegold.com>
Tue, 19 Oct 2021 14:05:44 -0400
While the astronauts were said to not be in any danger, it was the
second such incident since July.

The incident occurred on Friday morning as the Russian astronaut Oleg
Novitsky was performing a test of the engines aboard the Soyuz MS-18
spacecraft, a crew module that has been docked to the station since
April. The spacecraft is scheduled to return three passengers to Earth
on Sunday.

When the engine test was scheduled to end, “the thruster firing
unexpectedly continued,” Leah Cheshier, a NASA spokeswoman, said in an
email, and the station orbital positioning control was lost at 5:13 a.m.
Eastern time. Russian officials in Moscow and personnel at NASA’s
astronaut headquarters in Houston sprang into action during the
incident, voicing commands to their astronauts to initiate emergency
protocols.

“Oleg, take it easy, the station was turned by 57 degrees, no big deal,”
a Russian mission control official in Moscow was quoted as saying to the
astronaut by Interfax, a Russian news agency. “We had to make sure that
engines are in order, this is important.”

“Station, Houston space-to-ground two, we see the loss of attitude
control warning,” NASA mission control in Houston alerted its astronauts
on the station, instructing them to begin emergency procedures in the
crew’s “warning book.” Flight controllers regained control of the
station within 30 minutes, Ms. Cheshier said.

...

Unexpected jolts to the space station, which is the size of a football
field, put stress on the forest of instrumentation on its exterior.
After the Nauka incident, Zebulon Scoville, a NASA flight director who
managed the agency’s emergency response that day, said on Twitter that
he had never “been so happy to see all solar arrays + radiators still
attached.”

https://www.nytimes.com/2021/10/15/science/international-space-station-russia.html?referringSource=articleShare


Russia's Massive Internet Censorship Project (NYTimes)

Lauren Weinstein <lauren@vortex.com>
Sat, 23 Oct 2021 08:38:44 -0700
https://www.nytimes.com/2021/10/22/technology/russia-internet-censorship-putin.html


Gun-toting robo-dogs look like a dystopian nightmare. That's why they offer a powerful moral lesson (phys.org)

Richard Stein <rmstein@ieee.org>
Fri, 22 Oct 2021 15:57:56 +0800
https://phys.org/news/2021-10-gun-toting-robo-dogs-dystopian-nightmare-powerful.html

"US-based military robot manufacturer Ghost Robotics has strapped a sniper
rifle to a robotic dog, in the latest step towards autonomous weaponry."


Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor. (Archive)

"Matthew Kruk" <mkrukg@gmail.com>
Tue, 19 Oct 2021 07:43:12 -0600
https://archive.ph/UNbpQ

When teens started turning up in doctors' offices with sudden, severe
physical tics, specialists suspected social media: The girls had been
watching Tourette syndrome TikTok videos


I *really* hate Hopin ...

Rob Slade <rmslade@shaw.ca>
Thu, 21 Oct 2021 12:15:06 -0700
I, somewhat famously, hate Slack.

Or, at least, I thought I hated Slack until I was forced to use Teams.  And
I thought I hated teams until I was forced to use Hopin.

I really, *really* hate Hopin.

I had to use Hopin because BSidesEdmonton used Hopin.  It took two days to
get the settings right, and, even then, there was no way to see what I was
actually presenting.  (One of Hopin's "functions" is that you *can't* sign
on more than once on one account.  And I hate Hopin so much that I'm
*really* not eager to go and create a *second* Hopin account just to fix
their shortcomings.)  I got through the BSidesEdmonton presentation OK.

BSidesCalgary (today and tomorrow) *also* is using Hopin.  It *also* took
two days to try and find settings that would work for Hopin with them, even
though I was already into Hopin with BSidesEdmonton.  And, when I signed on
this morning, with the same computer, and the same browser, all of a sudden
my cmarea wouldn't work.  (I have just spent another hour with someone from
the conf, chasing through Control Panel and browser settings, all of which
seemed to be set properly, but seeming to have to reboot the computer to get
it to work properly.  And I have limited confidence that it is still going
to work in a couple of hours when I have to actually present.)  (It's a good
thing that I'm a bit obsessive about this stuff, and tend to overprepare.)

Even on that test call with someone from the conference, some weirdnesses
were apparent.  Although she said my voice was coming through with problems,
she obviously didn't hear me at times, and *her* voice would drop out at
random times.  (Actually, I don't think they *were* random.  I think Hopin
was *deliberately* dropping her voice out *just* when she was giving the
most important details.  I hate Hopin.)

It may be that Hopin, like others of its ilk, is a victim of its own
success.  The BSidesCalgary people have done a great job (aside from their
choice of Hopin), and about 260 attendees are online right now.  It's
possible that this is responsible for the fact that it can take over a
minute for slides to change, and for some of the voice dropouts.

I've been doing teleconferencing, for teaching, for over 35 years now.  And,
as I've said, it's disappointing to see how little its realy worked for
teaching in all that time ...

  [I've been *hopin'* for many years that a telecon facility would emerge
  with fundamental design goals to be be reliable, resilient, and secure --
  and (above all) would provide a really pleasant friendly user experience.
  However, each would-be successor seems to be worse than its predecessors.
  No one seems to be learning from past shortcomings.  PGN]


Left vs. Right VS. Facebook

Lauren Weinstein <lauren@vortex.com>
Sun, 24 Oct 2021 19:10:58 -0700
So the Right is screaming that employees inside Facebook wanted to remove
their content—and the Left is screaming that management at Facebook
didn't actually do so. More & more, this looks like an effort from both
sides to give governments micromanagement of content.  VERY BAD.


I’m Not a Pilot, but I Just Flew a Helicopter Over California (NYTimes)

"Gabe Goldberg" <gabe@gabegold.com>
Tue, 26 Oct 2021 00:31:35 -0400
New technology, a few iPads and a quick tutorial can help anyone act
like a pilot. Dealing with air traffic control is another matter.

But there was a caveat: As I flew, a licensed pilot sat beside me. He
talked me through the flight and generally kept me in check. At one
point, I turned east and twisted the joystick with a little too much
confidence. He reached over, grabbed the joystick and corrected my attitude.

The new technology required more than 15 minutes of training. Though I
could turn and twist and climb, I could not handle the radio
communication with air traffic controllers during takeoff and landing,
and I needed help setting a course across the valley. Learning those
tasks may ultimately be more intimidating and more difficult than flying
the aircraft.

“You still need someone with training in communications protocols, what
speed and elevation to fly and where the system is unsafe to operate,”
said Jessica Rajkowski, head of artificial intelligence and autonomous
systems at Mitre, a nonprofit that runs a research and development
center for the Federal Aviation Administration.

https://www.nytimes.com/2021/10/25/technology/automated-flight-helicopter-skyryse.html


Anonymity No More? Age Checks Come to the Web. (NYTimes)

"Gabe Goldberg" <gabe@gabegold.com>
Thu, 28 Oct 2021 00:22:26 -0400
To protect children online, more companies and governments are forcing
users to prove how old they are.

https://www.nytimes.com/2021/10/27/technology/internet-age-check-proof.html


These Neural Networks Know What They're Doing (MIT News)

ACM TechNews <technews-editor@acm.org>
Mon, 18 Oct 2021 12:42:26 -0400 (EDT)
Adam Zewe, MIT News, 14 oct 2021 via ACM TechNews; Monday, October 18, 2021

Massachusetts Institute of Technology (MIT) researchers have demonstrated
that a specific neural network can learn the cause-and-effect structure of a
navigation task it is taught. The researchers observed that a Neural Circuit
Policy (NCP) system assembled by liquid neural network cells can
autonomously control a self-driving vehicle using just 19 control
neurons. They determined that when an NCP is being trained to complete a
task, the network learns to interact with the environment and factor in
interventions, or to recognize if an intervention is altering its output,
and then it can relate cause and effect together. Tests put NCPs through
various simulations in which autonomous drones performed navigation
tasks. MIT's Ramin Hasani said, "Once the system learns what it is actually
supposed to do, it can perform well in novel scenarios and environmental
conditions it has never experienced."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d2bcx22e8edx073553&

  [Please don't forget the usually forgotten corner cases.  PGN]


Apple and Privacy

Lauren Weinstein <lauren@vortex.com>
Sat, 23 Oct 2021 19:19:46 -0700
Steve Jobs was commonly accused of having a Reality Distortion Field.  Apple
nowadays has a "Privacy Distortion Field"—their "privacy" push is not
really what it appears to be at first glance, along a variety of vectors.


Ransomware Activity Report (Googleapis)

Monty Solomon <monty@roscom.com>
Fri, 29 Oct 2021 19:37:49 -0400
https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf


Ransomware attack knocks some Sinclair television stations off the air (WashPost)

Monty Solomon <monty@roscom.com>
Mon, 18 Oct 2021 20:22:48 -0400
The company says hackers targeted several of its servers and workstations, a=
nd took unspecified data.

https://www.washingtonpost.com/business/2021/10/18/sinclair-broadcasting-ran=
somware-attack/


Pirate-site operator hacked MLB and tried to extort $150,000, feds say (Ars Technica)

Monty Solomon <monty@roscom.com>
Fri, 29 Oct 2021 22:11:29 -0400
https://arstechnica.com/tech-policy/2021/10/pirate-site-operator-hacked-mlb-and-tried-to-extort-150000-feds-say/


Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review)

Monty Solomon <monty@roscom.com>
Fri, 29 Oct 2021 19:29:11 -0400
https://gadgets.ndtv.com/internet/news/zero-day-hacking-attack-2021-record-unprecedented-mit-technology-review-2551866


Banning anonymous social media accounts would only stifle free speech and democracy (The Guardian)

Lauren Weinstein <lauren@vortex.com>
Mon, 25 Oct 2021 18:41:01 -0700
https://www.theguardian.com/commentisfree/2021/oct/25/banning-anonymous-social-media-accounts-stifle-free-speech-abuse


No ink, no scan: Canon USA printers hit with class-action suit (ZDNet)

"Gabe Goldberg" <gabe@gabegold.com>
Thu, 21 Oct 2021 20:32:42 -0400
A class-action lawsuit has been launched against Canon for its 4-in-1
printers refusing to scan when one of their ink tanks is empty.  [...]

In addition, since inkjet ink costs an astronomical $12,000 a gallon, the
ink prices are also outrageous. It comes as no surprise that according to a
2019 Consumer Reports printer use survey, the "most common complaint was the
high cost and hassle of replacing ink cartridges."

https://www.zdnet.com/article/untrustworthy-canon-printer-lawsuit/


Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend (ZDNet)

"Gabe Goldberg" <gabe@gabegold.com>
Thu, 21 Oct 2021 20:34:32 -0400
On October 24, 2021, some time-keeping systems are going to take a trip
back in time to March 2002, unless you update your GPSD programs.

"Does anybody really know what time it is? Does anybody really care?"

Actually, if you use computers for pretty much anything, you do. Oh, you
may not know it if you're not a system or network administrator, but
security, identification, networks, everything that makes the Internet
go depends on accurate time-keeping. Some systems rely on Global
Positioning Systems (GPS) appliances and the GPSD daemon to tell the
exact time, and a nasty bug's been uncovered in GPSD that's going to pop
up on October 24, 2021. If left unpatched, it's going to switch your
time to some time in March 2002, and your system will crash with a
resounding kaboom. Here's how it works.

First, Earth time is not absolute. Earth's spin speed varies in response
to geological events. The International Earth Rotation and Reference
Systems Service (IERS) tracks this, and every few years, it adds a
leap-second to the year. This is done to Coordinated Universal Time
(UTC), which is the standard universal time system. UTC is used by the
Internet's Network Time Protocol (NTP). In turn, NTP is used to keep all
Internet-connected devices in sync with each other.

https://www.zdnet.com/article/thanks-to-a-nasty-gpsd-bug-real-life-time-travel-trouble-arrives-this-weekend/


Tech workers warned they were going to quit. Now, the problem is spiraling out of control (ZDNet)

"Matthew Kruk" <mkrukg@gmail.com>
Fri, 22 Oct 2021 12:54:51 -0600
https://www.zdnet.com/article/tech-workers-warned-they-were-going-to-quit-now-the-problem-is-spiralling-out-of-control/


Re: Elevator-Pitch Privacy (RISKS-32.89)

"Arthur T." <risks202110.6.atsjbt@xoxy.net>
Mon, 18 Oct 2021 00:18:24 -0400
I am not a lawyer, but...

At least two U.S. states require "all parties" to accept (or at least be
aware of) audio recording. Pennsylvania requires it for electronic
listening, even if there is no recording being made. That suggests that the
ability to silently tap into an elevator's microphone (or at least making
use of that ability) might be illegal in some places.


Re: Trans man says confusion caused cervical screening delay (RISKS-32.90)

Amos Shapir <amos083@gmail.com>
Sat, 23 Oct 2021 19:45:33 +0300
The bug here seems to be that of trying to use a data item—gender --
which was collected for one purpose, for a slightly different purpose --
namely, to determine which patients have a cervix.

The rather recent changes of attitudes towards gender identification, may
have changed the value of the "gender" item from a binary to a multi-valued
element.  But for a longer while now, modern medicine has enabled changes in
the human body, such as removal or implantation of gender-related organs.
Medical databases should take note of such changes, and implement better
distinctive data elements, instead of a single M/F flag.

Please report problems with the web pages to the maintainer

x
Top