Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Solar Storm Destroys 40 New SpaceX Satellites in Orbit
Location, location, location…
https://www.nytimes.com/2022/02/09/science/spacex-satellites-storm.html
Greg Wyler says E-Space's vast mesh network will clean up debris and bring it back to earth
Greg Wyler, the space entrepreneur who founded Britain's OneWeb, plans to put up to 100,000 satellites in orbit this decade with his latest business venture E-Space.
The company on Monday said it had raised $50mn in seed funding from Prime Movers Lab, a fund that invests in breakthrough scientific start-ups.
E-Space aims to create a vast mesh network of small satellites that can deliver bespoke and commercial services to business and government, from secure communications to remote infrastructure management.
Wyler's plans come as the world becomes increasingly concerned about the risk of collisions in orbit and resulting space debris.
Since 2019 the number of working satellites has risen 50% to roughly 5,000, largely because new commercial groups are exploiting lower launch costs to build businesses in low-earth orbit, 150km-200km above the earth. Elon Musk aims to launch some 40,000 satellites for his Starlink Internet service.
The European Space Agency estimates 330m pieces of debris less than 1cm across and 36,500 greater than 10cm are orbiting the planet.
This poses a serious risk to operational satellites. A fleck of paint just a few thousandths of a millimetre across cracked the window of the International Space Station in 2016.
Wyler insisted E-Space will leave low-earth orbit cleaner than before its satellites are launched, with a network that will collect and deorbit debris even as it provides connectivity services.
The satellites have a substantially smaller cross section than rivals, Wyler told the Financial Times, and will be designed to crumple rather than break apart when struck. They will also entrain any debris they encounter and automatically de[-]orbit when a certain amount has been collected.
“Like oysters in the river that filter the river and clean it, our satellites are the first to be designed to clean space. The more satellites we have, the cleaner space will be.”
Anton Brevde, partner at Prime Movers Lab and on the board of E-Space, suggested Wyler's innovative design would do for satellites what Apple's iPhone did for mobile phones.
“How do you minimise a 300kg sat to something that is an order of magnitude smaller? How do you go from the personal computer to the iPhone, something that is smaller and thinner. It's a whole bunch of innovation that came together. He has been brainstorming for years on how to make communications satellites as small and cheap as possible.”
Wyler is one of the space industry's best-known innovators, having founded the 03b network now owned by Luxembourg's SES and then OneWeb, a pioneer of low-earth orbit Internet services. […]
Listeners owning certain Mazda models in Seattle who happened to tune into KUOW are now stuck on that station if their info system is even working.
According to https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html [https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html> US Mazda drivers stuck listening to public news radio<https://news.yahoo.com/us-mazda-drivers-stuck-listening-214454930.html> Mazda drivers in one part of the United States have found themselves stuck listening to public radio after their car's entertainment system got jammed on one frequency. Dozens of owners of the vehicles in the Seattle area are unable to change the channel from 94.9 FM, while others are doomed to … news.yahoo.com
Dozens of owners of the vehicles in the Seattle area are unable to change the channel from 94.9 FM, while others are doomed to watch their multimedia screens endlessly—and fruitlessly—reboot. Mazda says the problem seems to have stemmed from a broadcast by the station, which normally includes extra data that today's sophisticated digital radios use to display information like an artist's name or track title. “Between January 24 and 31, a radio station in the Seattle area sent image files with no extension,” the company told tech website Geekwire. An expert interviewed by the Seattle Times said the on-board computer should have ignored the unknown file extension, but instead tried to open it, sending the whole system into meltdown.
The biggest hack in iPhone history <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> is now public knowledge with reports of the horrific attacks <https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> it made on individuals. And now the one billion-strong <https://www.theverge.com/2021/1/27/22253162/iphone-users-total-number-billion-apple-tim-cook-q1-2021> iPhone user base has been told it was not alone.
A shocking new report from Reuters <https://www.reuters.com/technology/exclusive-iphone-flaw-exploited-by-second-israeli-spy-firm-sources-2022-02-03/> has revealed a secretive company called QuaDream which has been hacking iPhones for more than five years, granting access to users' microphones, cameras (front and back) and monitoring calls in real time.
Reuters says that QuaDream's flagship product was called ‘REIGN’ and the company sold its hacks to the highest bidder. REIGN could take remote control of any iPhone without the users' knowledge. It would then access emails, photos, texts, contacts and instant messages ” even from end-to-end encrypted services like WhatsApp, Telegram and Signal.
The discovery mimics that of Israeli cyberarms firm NSO Group and its Pegasus software <https://en.wikipedia.org/wiki/Pegasus_(spyware)>—which had been successfully hacking iPhones since 2016 until it was exposed last year in news that sent shockwaves around the world. […]
<https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/> https://www.forbes.com/sites/gordonkelly/2022/02/06/apple-iphone-security-quadream-reign-warning-new-iphone-hack/?sh=2e07f4e460ee
Faulty computer systems are prompting class-action lawsuits by disgruntled car owners, a symptom of automakers’ bumpy transition to the digital age.
<https://www.nytimes.com/2022/02/08/business/car-software-lawsuits.html>
In the past year, researchers at both Facebook and Google have published studies describing computer hardware failures whose causes have not been easy to identify. The problem, they argued, was not in the software—it was somewhere in the computer hardware made by various companies.
“They're seeing these silent errors, essentially coming from the underlying hardware,” said Subhasish Mitra, a Stanford University electrical engineer. who specializes in testing computer hardware. Increasingly, Dr. Mitra said, people believe that manufacturing defects are tied to these so-called silent errors that cannot be easily caught.
<https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html>
Raf Casert, Associated Press, 8 Feb 2022, via ACM TechNews, Monday, February 14, 2022
The EU has announced a $48-billion plan to curtail its reliance on semiconductors as part of its Chips Act. European Commission president Ursula von der Leyen said the plan will integrate research, design, and testing, and coordinate European and national investment in chip production capabilities. The Chips Act will combine public and private funds, and accommodate state aid to launch the investments. Von der Leyen aspires to grow the bloc's share of the global semiconductor market from 9% to 20% by 2030, which “means basically quadrupling our efforts,” given the sector is projected to double over that period. She said the plan will infuse another $17 billion in public and private investment into funds already pledged in the EU budget.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e07fx23167cx073842&
The so-called phantom braking increased after Tesla both made a software update and stopped using radar sensors in October.
Some Tesla drivers say they're experiencing an increase in “phantom braking,” in which their cars make random, jolting stops because they misinterpret hazards like trash on the road, trucks in nearby lanes and oncoming traffic on two-lane roads. 107 Tesla drivers have filed complaints with the National Highway Traffic Safety Administration in the past three months, according to federal data reviewed by The Washington Post <https://www.washingtonpost.com/technology/2022/02/02/tesla-phantom-braking/>. Only 34 complaints had been filed in the preceding 22 months. […]
https://www.protocol.com/bulletins/tesla-phantom-braking
As the Public Enquiry into the long running British Post Office computer scandal limps into life, this article from The Guardian expresses the way that ‘technology is deferred to’ in our world. <https://www.theguardian.com/commentisfree/2022/feb/15/post-office-scandal-workers-computer-system> <https://www.private-eye.co.uk/special-reports/justice-lost-in-the-post> for a refresher
This won't come as a surprise to RISKS readers, but it is worth noting how this outrageous situation drags on.
The British Post Office Horizon Scandal was covered in RISKS-31.22,23,51:
Per the BBC, “The wrongful convictions of hundreds of sub-postmasters and mistresses will be examined by a public inquiry starting on Monday (Feb 21, 2022.)”
https://www.bbc.com/news/business-60369875
Wikipedia's coverage seems thorough:
https://en.wikipedia.org/wiki/British_Post_Office_scandal
I've seen no mention of whether Horizon employed double-entry accounting. I suspect that it did not - such a feature would have made these so-called “glitches” difficult to perpetrate and easy to spot.
https://www.bbc.com/news/uk-england-tyne-60369098
Northern Powergrid sent 74 refund checks to customers who lost power during a storm for several trillion pounds (each).
No indication if any of them tried to cash the checks. The company is voiding them (!) and resending the correct amounts.
I find two interesting things about this:
“The startling realism has implications for malevolent uses of the technology: its potential weaponization in disinformation campaigns for political or other gain, the creation of false porn for blackmail, and any number of intricate manipulations for novel forms of abuse and fraud. Developing countermeasures to identify deepfakes has turned into an ‘arms race’ between security sleuths on one side and cybercriminals and cyberwarfare operatives on the other.”
Deepfaked content reaffirms human susceptibility to truth default interpretation (https://en.wikipedia.org/wiki/Truth-default_theory). The human psyche is easily and quickly hooked into believing a whole-cloth tale as fact. Without verifiable evidence to support or justify a claim, fiction evolves into popular wisdom that erroneously distorts judgment and erodes commonsense. An age-old problem: Discriminating fact from fiction.
[Everyone is entitled to his own opinion, but not to his own facts.] (https://www.goodreads.com/author/quotes/219349.Daniel_Patrick_Moynihan)
Natalie Lisbona, BBC News, 31 Jan 2022, via ACM TechNews, 2 Feb 2022
A new method of lie detection developed by researchers at Israel's Tel Aviv University uses electrodes affixed to the face to determine whether someone is lying. The researchers said their software and algorithm, which can detect 73% of lies, have uncovered two types of liars: those who move their eyebrows involuntarily when lying, and those who are unable to conceal a slight movement where their lips meet their cheeks when lying. Converus' EyeDetect system detects lies based on involuntary eye movements, as detected by eye-tracking software. More than 65 U.S. law enforcement agencies and close to 100 agencies worldwide use EyeDetect, which claims to be 86% to 88% accurate.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2dee3x2310a9x072807&
https://www.nytimes.com/2022/02/07/technology/computer-chips-errors.html
“Until now, computer designers have tried to deal with hardware flaws by adding to special circuits in chips that correct errors. The circuits automatically detect and correct bad data. It was once considered an exceedingly rare problem. But several years ago, Google production teams began to report errors that were maddeningly difficult to diagnose. Calculation errors would happen intermittently and were difficult to reproduce, according to their report.”
“A team of researchers attempted to track down the problem, and last year they published their findings. They concluded that the company's vast data centers, composed of computer systems based upon millions of processor ‘cores,’ were experiencing new errors that were probably a combination of a couple of factors: smaller transistors that were nearing physical limits and inadequate testing.”
“In their paper, Cores That Don't Count, the Google researchers noted that the problem was challenging enough that they had already dedicated the equivalent of several decades of engineering time to solving it.”
Computer hardware errors, since the days of vacuum tubes, have always been problematic and inconvenient. Multi-core CPUs elevate failure likelihood — non-deterministic stimulus conditions tip a spontaneous bit flip undetected by hardware correction mechanism.
These ‘silent; corrupt execution errors, or CEEs’ from “Core That Don't Count” via https://dl.acm.org/doi/10.1145/3458336.3465297 . The essay states, “Because CEEs may be correlated with specific execution units within a core, they expose us to large risks appearing suddenly and unpredictably for several reasons, including seemingly-minor software changes.”
CEEs are frightening in that their silent and random materialization may compromise medical imaging systems, business transactions, document content, election tallies, transportation system operation, or initiate unauthorized weapon deployment, etc.
Casualties and public chaos might arise without an easily traceable root cause. Semiconductor manufacturer's product license terms of service invoke indemnification to shield them against product liability. They need this “air cover” more than ever.
The attackers exploited a known vulnerability and installed credit card skimmers on more than 500 websites.
https://www.wired.com/story/hackers-stole-payment-info-from-websites/
Drained Crypto Accounts at IRA Financial Leave Victims Searching for Answers
Danny Nelson
They joined IRA Financial Trust eager to build a nest egg in crypto. Instead, some users told CoinDesk their retirement accounts were drained, frozen and locked—with little explanation of what happens next.
It's been nearly one week since an apparent security breach threw IRA Financial's clients into crisis mode. With $36 million of their retirement savings in limbo and no full explanation from either IRA Financial or Gemini — the crypto exchange owned by the Winklevoss twins, Cameron and Tyler, and custodian where their crypto was held pp they've begun organizing a response to crypto's latest hack. [,,,]
The incident is one of the first high-profile exploits to hit crypto retirement accounts in the U.S. Appealing to tax-savvy bitcoiners, this cottage industry has for the past few years hawked products in partnership with top crypto brands.
…“Almost my entire Roth that I've had for over 20 years was stolen,” said one victim who had invested much of it in bitcoin and ether. Two other victims said they were locked out of their accounts; they can’t even see the damage. The full theft is likely well under $50 million, according to a source familiar with the situation.
Gemini's emails to customers provide a somewhat clearer picture of what went down.
“Although our investigation remains ongoing, the facts discovered to date indicate that transfer requests were made by utilizing properly authenticated accounts controlled by IRA Financial Group, which were used to execute asset transfers to another account, At the time, these requests complied with IRA's approval processes and appeared to Gemini to be legitimate, authorized transactions. To date, our investigation has found no indication of any unauthorized access to your account resulting from any security failure or breach of Gemini systems.”
This finding would place the blame entirely on IRA Financial. It would also, in Gemini’s telling, absolve it of any responsibility to cover the loss with its own insurance policy. Gemini advised the customer to ask IRA Financial about its insurance policy…
The inventory of unprocessed returns and related correspondence was provided by the IRS's taxpayer advocate service to the tax-writing committees in Congress. The Treasury Department, the IRS's parent agency, warned in January that it expected its response to be subpar this year.
https://www.washingtonpost.com/politics/2022/02/11/irs-returns-backlog/
University of South Florida Newsroom, 3 Feb 2022, via ACM TechNews, 7 Feb 2022
Researchers at the University of South Florida (USF), Indiana University (IU), and Dartmouth College have developed a method for amplifying trustworthy news on social media. The researchers analyzed content amplified on newsfeeds by recommendation algorithms, targeting a source's reliability score and the political variegation of their audience. They devised an algorithm using data on Web traffic and the self-reported partisanship of 6,890 persons who reflect the sexual, racial, and political diversity of the U.S., and reviewed the reliability scores of 3,765 news sources based on the NewGuard Reliability Index. They found that adding a news audience's partisan diversity to the algorithm can boost the reliability of recommended sources while still supplying relevant recommendations, irrespective of partisanship. IU's Filippo Menczer said, “This is especially welcome news for social media platforms, especially since they have been reluctant of introducing changes to their algorithms for fear of criticism about partisan bias.”
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2df63x23132cx073950&
Man wins almost a quarter million dollar jackpot in Vegas, but malfunction doesn't inform him. The gaming board spent weeks tracking him down back home in Arizona:
https://gaming.nv.gov/modules/showdocument.aspx?documentid=18419
Geoffrey Cherrington, WMATA's inspector general, told the House Subcommittee on Government Operations during a hearing on Wednesday morning that a chief mechanical officer had discovered the two faults in the railcars. Rather than notifying his superiors, he instead chose to report it as a warranty issue.
“Nevertheless, increased frequency of back-to-back failures year over year should have raised concerns beyond the chief mechanical officer,“ Cherrington said, in his opening remarks “WMATA managed defects as warranty claims, not as safety hazard or safety concerns. WMATA's warranty processes were disconnected from safety certification processes.”
During its initial investigation, NTSB discovered that WMATA was aware of 52 failures of 7000-series cars going back to 2017, which the transit provider failed to make public.
The problem? Train wheels moving in axles outside tolerances, risking/causing derailings. Safety related? Nah.
Andreas Trabesinger, ETH Zurich (Switzerland), 11 Feb 2022 via ACM TechNews, 16 Feb 2022
Physicists at the Swiss Federal Institute of Technology, Zurich (ETH Zurich) have demonstrated the ability to extend the longevity of quantum states and expand tolerance of quantum errors, which are crucial to future quantum computing. The method accounts for limitations of physically realistic devices, and is relatively easy to deploy compared to other proposed error-correction schemes. The researchers employed a platform that encodes quantum information within the mechanical oscillator motion of a single trapped ion, in effect optimizing the generation and control of logical states of Gottesman-Kitaev-Preskill code for finite-energy states. The approach supported efficient correction of unwanted displacements in the oscillator's motion, and lengthened coherence time threefold.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e0c9x2317b1x073651&
Hundreds of customers say they were arrested or served jail time after the rental car company reported them to police for stealing vehicles they had properly paid for.
The problem sometimes arises when Hertz cannot find one of its cars in a physical parking lot or its computer system, Malofiy said. So, he said, the company reports the vehicle missing.
https://www.washingtonpost.com/travel/2022/02/11/hertz-customers-car-theft/
Amazon's Dark Secret: It Has Failed to Protect Your Data
Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant has handled your information less carefully than it handles your packages.
https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/
Eliza Strickland, Mark Harris, 15 Feb 2022
Yet in 2020, Byland had to find out secondhand that the company had abandoned the technology and was on the verge of going bankrupt. While his two-implant system is still working, he doesn't know how long that will be the case. “As long as nothing goes wrong, I'm fine,” he says. “But if something does go wrong with it, well, I’m screwed. Because there's no way of getting it fixed.”
https://spectrum.ieee.org/bionic-eye-obsolete
The recent meltdown in values for cryptocurrencies and related assets was entirely predictable and overdue. But that does not signal a great opportunity for you, or anyone with an ounce of common sense, to buy into this so-called market now or anytime in the foreseeable future.
We are not investment advisers or lawyers. But we are familiar with technology, and, apparently unlike a lot of the speculators who see cryptocurrencies as an easy road to wealth, we have learned from the past.
We have watched technology hype innumerable times. We have seen financial bubbles inflate and deflate. We have seen how con artists take advantage of bubble mentality. Again and again, we have seen riches for a relative few and losses for many.
Cryptocurrencies such as Bitcoin have several things in common. One is their reliance on what is called the blockchain, a decentralized ledger that keeps track of all transactions. Although it has some problematic features, including big energy consumption, blockchain is a genuine innovation.
With major financial institutions, not just startups, investing in cryptocurrency research and development, why are we so skeptical about the current state of affairs? Here are some of the reasons.
First, in many jurisdictions, cryptocurrencies exist in a largely unregulated environment. To their promoters, that is a feature. To us, it is a bug.
David J. Farber and Dan Gillmor https://asia.nikkei.com/Opinion/Cryptocurrencies-remain-a-gamble-best-avoided
I work in this industry, and see fiber cuts all the time. A well designed network should have effectively zero impact from a fiber cut, as long as:
1) There is circuit redundancy properly designed, so other fibers can take over traffic (there are lots of protocols for managing this). 2) Those other fibers AREN'T IN THE SAME CONDUIT.
It's surprising how many network providers spend a fortune to get #1 right and completely forget about #2.
The response that says “police will ticket drivers for disregarding stop signs” must come from some idealized world, and certainly not one where I have lived (quite a few places). Where I am now (southern Wisconsin) drivers regularly roll through stop signs with no help from software. The saying that used to be “stop and go” has become “roll and stroll”: I have frequently heard people say exactly that!
The official response to accident rates is to lower speed limits (often without then enforcing them.) I can calculate kinetic energy and I know the danger of more serious injury in a high speed accident. But speed rarely is the actual cause of an accident involving two cars. Accidents almost always involve at least one vehicle being in the wrong place, not necessarily at a high speed. But we almost never see enforcement of laws about where a vehicle should be, e.g. which lane to be in. Once upon a time I had a competition license, given after classes and testing, and I wish that we required drivers to show more than how to parallel park.
Maybe Tesla's programmers were basing their product on what they saw in the real world.
Something which had happened to a friend of mine highlights yet another risk of COBOL: He was employed as a COBOL programmer for a bank in London. One day he was called by his boss: “I've heard that you know Hebrew. We have a project for you—in Brazil!”.
It turned out that the bank's Brazilian branch had employed an Israeli programmer who had left, and no one was able to decipher his code. Since COBOL contains about 300 reserved words, programmers have to be careful not to step on one; this programmer's solution was to name all his variables with Hebrew words…
In the same issue of the Risks digest, there is another headline: “$325 Million Vanishes From Crypto Platform Wormhole After Apparent Hack”.
As they say in court dramas: I rest my case.
Calling these saboteurs “malicious hackers” is an insult to hackers… It doesn't take more than a control-U and another click, to get into the full list of plain text words, in order of appearance.
Please report problems with the web pages to the maintainer