Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
No one's talking about what's going on. Seattle-area patients frustrated by days of system outages at Virginia Mason Franciscan Health facilities 8 Oct 2022 at 4:55 pm Updated Oct. 9, 2022 at 1:24 pm Shaun D'Sylva was trying to get a handle on his stepfather's medical care this past week by logging in to MyChart, a patient portal used by medical providers for users to track appointments, test results, medications and other health records. The website wouldn't load. Hospital-wide system outages, stemming from an IT security issue reported by Virginia Mason Franciscan Health's parent company, have led to several days of disruptions for patients and providers at VMFH facilities throughout Puget Sound, with no estimated restoration date. Along with outages of the MyChart system, appointments were canceled or rescheduled, some with no notice because schedulers couldn't look up patients' contact information in a database. CommonSpirit Health, the company affiliated with 10 VMFH hospitals throughout the Puget Sound region, said it has identified the security issue but hasn't provided additional details on who or what may have caused the issue. CommonSpirit Health has 140 hospitals in 21 states and was created in 2019 when Catholic Health Initiatives and Dignity Health merged, according to its website. It's unclear how many facilities have been affected, though several have reported disruptions. In Iowa, ambulances were diverted from MercyOne Des Moines Medical Center's emergency department because of a system shutdown. https://www.seattletimes.com/seattle-news/health/seattle-area-patients-frustrate d-by-days-of-system-outages-at-virginia-mason-franciscan-health-facilities/
https://www.engadget.com/rivian-recall-13000-ev-steering-control-problem-095548602.html
Killnet, a pro-Russian hacker group, called for hackers to mount a DDoS (Distributed Denial of Service) attack against various American airport Websites. A number of them were subsequently partially or fully unavailable for a few hours. This attack is part of a series of such attacks by Killnet, in opposition to the US support of Ukraine following the Russian invasion, and may have been prompted by the damage to the Kerch bridges. Although the unavailability of the airport Websites may have been inconvenient for travelers and friends wishing to check flight departure and arrival times, no impact was seen on air operations, and the flight information would have been available from other sources. https://www.npr.org/2022/10/10/1127902795/airport-killnet-cyberattack-hacker-russia
https://medicalxpress.com/news/2022-10-electronic-gaming-trigger-potentially-let hal.html "The investigators performed a systematic review of literature and initiated a multisite international outreach effort to identify cases of children with sudden loss of consciousness while playing video games. Across the 22 cases they found, multiplayer war gaming was the most frequent trigger. Some children died following a cardiac arrest. Subsequent diagnoses of several heart rhythm conditions put the children at continuing risk. Catecholaminergic polymorphic ventricular tachycardia (CPVT) and congenital long QT syndrome (LQTS) types 1 and 2 were the most common underlying causes."
It appears to be the sole airline saying that international standards don't allow passengers to use the Bluetooth devices in the cargo hold. Apple said that regulators allow their use for all baggage. https://www.nytimes.com/2022/10/11/travel/lufthansa-apple-airtags-luggage.html
Ephrat Livini, *The New York Times*, 8 Oct 2022 Binance, the world's biggest crypto[currency] exchange, confirmed that $570 million had been stolen in a hack of a blockchain it runs that serves as a bridge for asset transfers between networks. The attack on the Binance Smart Chain network highlighted weaknesses in decentralized finance (DeFi), where transactions are controlled by code. [...] Vitalik Buterin, one of the founders of the Ethereum network—and the second-most popular cryptocurrency, Ether—has been a vocal critic of cross-chain bridges, noting that they have "fundamental security limits."
Ben Arnoldy, Cleaning up Crypto, Earthjustice, Fall 2022, pp. 22--31 Some cryptocurrencies are using so much energy that they are bringing dirty power plants out of retirement. How CRYPTO is heating the Planet: Miners around the world compete: 125,988,000,000,000,000,000,000 guesses All of these guesses use about as much as 11 million U.S. homes. The carbon footprint equals nearly 16-million cars on the road. Most of that electricity comes from fossil fuels, First miner to guess correctly gets 6.25 Bitcoins or $133,241 at press time.
Facebook parent Meta is warning 1 million users that their login information may have been compromised through malicious apps. Meta's researchers found more than 400 malicious Android and Apple iOS apps this year that were designed to steal the personal Facebook login information of its users, the company said Friday in a blog post. Meta spokesperson Gabby Curtis confirmed that Meta is warning 1 million users who may have been affected by the apps. https://www.washingtonpost.com/technology/2022/10/07/facebook-malicious-apps-logins/
How a DJI Mini drone enabled a $147,000 ATM robbery Not quite "Mission Impossible" level, but getting close! https://dronedj.com/2022/10/07/dji-mini-drone-atm-theft/
On 26 Sep 2022, the Nord Stream 1 and 2 natural gas pipelines beneath the Baltic Sea sustained near-simultaneous breaches (RISKS-33.47). Less than a week later, on 1 Oct 2022, Professor John Naughton, of the Open University and the author of "From Gutenberg to Zuckerberg: What You Really Need to Know About the Internet", published an OpEd in *The Guardian*. The OpEd asked an important question: "What would happen if someone were to deliberately sever the worldwide communications infrastructure?" Professor Naughton likely understates the hazard. "Severing" implies total disconnection. Though less severe, the far more likely degradation is as damaging to supply chains and society as disconnection. Critical information systems that presume low-latency wide-area communications are widespread. Some are life-threatening in the short term, e.g., health care systems. Others, while not short-term immediate dangers, e.g., logistics and transport, can easily set the stage for life-threatening consequences. The danger is widespread and a ongoing risk. Extended discussion: "Worldwide Bandwidth Vulnerability", an entry in "Ruminations—An IT Blog": http://www.rlgsc.com/blog/ruminations/worldwide-bandwidth-vulnerability.html
With human therapists in short supply, AI chatbots are trying to plug the gap—but it's not clear how well they work. Unlike their living-and-breathing counterparts, AI therapists can lend a robotic ear any time, day or night. They're cheap, if not free—a significant factor considering cost is often one of the biggest barriers to accessing help. Plus, some people feel more comfortable confessing their feelings to an insentient bot rather than a person, research has found. https://www.wired.com/story/mental-health-chatbots
An Uber passenger in the UK received a bill for over 35,000 pounds for an Uber ride. https://www.manchestereveningnews.co.uk/news/uber-passenger-22-charged-35000-25206987 It's 2022 and a huge company like Uber still apparently doesn't have basic sanity checks in its billing system.
https://arstechnica.com/information-technology/2022/10/ongoing-0-day-attacks-backdoor-zimbra-servers-by-sending-a-malicious-email/
A reminder, as if one was necessary, that distributed denial of service attacks are not limited to modern electronic systems. https://auspost.com.au/service-updates/international-service-updates Sea Mail—temporary inbound suspension There are temporary delivery delays for items sent to Australia by Sea Mail. This is due to the increasing number of prohibited items coming into Australia by sea. We've informed the relevant authorities about a temporary suspension on incoming Sea Mail from 1 Oct 2022.
Certain iPhones with iOS 14 have a "crash detect" feature that uses a gyroscope and accelerometer to detect when you've been in a car crash. However, other situations, such as being on a rollercoaster, will also trigger the feature—which then dials 911 and plays a recorded message, tying up 911 lines, operators, and law enforcement, and possibly other first responder services who are dispatched to the scene. https://www.theverge.com/2022/10/9/23395222/iphone-14-calling-911-rollercoasters -apple-crash-detection (It can be, and probably should be, disabled in any situations where you expect a bumpy ride, including off-road riding, and high speed watercraft. But that kind of defeats the whole purpose ... RS)
[...] It looks like the violent decelerations on a roller coaster ride are similar enough to a car crash. The dangers of false positives are well known. Perhaps Apple may need to update their phone to exclude, by geo-location, possible emergencies near known roller-coasters? Or maybe ensure that as a bare minimum that the phone is traveling along the surface of the earth and not vertically towards / away from it? But that 'vertical' use case could exclude a car falling down an embankment / off a bridge. So there's also the risk of adding functions, e.g., automatic crash detection without considering all the use cases. It also makes me wonder if Apple actually got real data from car crashes before designing their software feature. Leading to another risk of designing features with partial data-sets. https://www.theguardian.com/technology/2022/oct/11/iphones-calling-911-from-owners-pockets-on-rollercoasters?CMP=share_btn_link [Also commented on by Henry Baker, suggesting some other activities that might set the watches off. RISKS does not need to indulge in such speculations here. We will leave it to his and your imaginations. PGN]
During the course of the pandemic, we have seen an extraordinary rise in social misbehaviour, in a variety of forms. (A friend has attributed much of it to aspects of grief, and, having been forced to study the issue recently, I tend to concur, and feel that this should be studied further.) At the same time (possibly coincidentally, possibly not) intelligence agencies have noted a rise in what are being referred to as "discord" attacks, where foreign nation-state actors are posting material online in calculated efforts to inflame divisions in Western and democratic societies. Currently, false calls to emergency responders about potential or supposedly ongoing attacks at schools (a category of what are known as "SWATting" calls or attacks) are increasing. Some researchers have noted coordination and commonalities between the calls, indicating a deliberate attack along discord lines. https://www.npr.org/2022/10/07/1127242702/false-calls-about-active-shooters-at-schools-are-up-why
https://techxplore.com/news/2022-10-ai-driven-thermal-reveals-smartphone-passwor ds.html "Then, they trained an artificial intelligence model to effectively read the ima ges and make informed guesses about the passwords from the heat signature clues using a probabilistic model. Through two user studies, they found that ThermoSecure was capable of revealing 86% of passwords when thermal images are taken within 20 seconds, and 76% when within 30 seconds, dropping to 62% after 60 seconds of entry."
Power-sequence bugs can cause damaging flickers on built-in displays. Update now. https://arstechnica.com/gadgets/2022/10/linux-5-19-2-kernel-can-flicker-and-damage-screens-on-some-intel-gpu-laptops/
A judge has decided that jurors who are asked to decide whether a man killed his wife in New Jersey will not be told that he was convicted earlier of having killed his first wife in Ohio. No wonder so many people consider the U.S. jury system such a travesty, and why so many jurors after the fact express rage at being given incomplete information that would have affected their decision either for or against a defendant. -L https://www.wfmj.com/story/47446950/judge-jury-in-wife-slaying-wont-be-told-abou t-earlier-case
Interesting how Musk, ready to hand Taiwan back to Communist China & still wanting to buy Twitter, conveniently forgot—or more likely just doesn't care—that the Communist Chinese Regime BANS Twitter in China. So you couldn't even see Musk's tweets there. Hypocrisy run amok. -L
On 10/7/2022 8:39 PM, RISKS List Owner wrote: > The generator industry has touted automatic shut-off switches as a > lifesaving fix for carbon monoxide poisoning. But the voluntary standard > falls short of what federal regulators say is necessary to eliminate > deaths. https://www.texastribune.org/2022/09/21/generators-carbon-monoxide-shutoff-switch-texas-cpsc I see no contradiction here. The article quotes the manufacturer as saying that the cutoff prevents 99% of carbon monoxide poisoning deaths. The article does not present any statistics to contradict that claim. Surely a system that prevents 99% of deaths is better than one that doesn't prevent any? I'll add that even that death could probably have been prevented by a carbon monoxide detector that costs less than $40 at major hardware stores. The beeping is almost certain to wake the sleeping family up before the CO concentration reaches dangerous levels. A common fallacy: that a human life is worth an infinite amount of money. No matter what you do, nobody lives forever. Nor will they in the foreseeable future. Maybe someday we'll be able to transfer human consciousness into a computer and distribute it all over the network. And still a network failure... I remember an editorial by (IIRC) John Campbell (editor of Astounding, later Analog). He pointed out that the plot of life expectancy against age is an inverse exponential curve. If you remove the cause of half the deaths, you extend life by 8 years. Remove another half, you get another 8 years. You'll never get to infinity. (And even if you eliminated everything else, there's still the heat death.)
Many years ago I read an article in a car magazine. In the UK the approach to many roundabouts is preceded by a series of yellow lines (rumble strips) painted proud of the road surface, and the car judders slightly as it goes over them. Everybody assumes that the (clearly visible in the statistics) accidents at the roundabout are reduced because it makes the drivers slow down. This article cited the (apparently only) real study into the phenomenon, which concluded that actually, while it was not statistically significant, cars appeared to *speed* *up* on the roundabout approach. But the alertness level of drivers seemed much higher. Similarly, an attempt was made to protect country villages by introducing chicanes, but this only increased the number of crashes as cars crashed into the chicane itself. My mother's village had tiny rumble strips put at the start of it, and these are noticeably far more effective. The problem is that, in order to work, they need to be placed very close to the first house on the road, and, of course, the residents of said house are not happy with the noise ... The best technologies seems to be the ones that nudge the driver - "hey, wake up, something's not right ..."
I have to take a bit of exception to The Verge's headline for this item. Automatic emergency braking is not great at preventing crashes at normal speeds However, the article says "Automatic Emergency Braking does well at tackling the limited task it was designed to do," said Greg Brannon, director of AAA's automotive engineering and industry relations, in a statement. "Unfortunately, that task was drawn up years ago, and regulator's slow-speed crash standards haven't evolved." In other words, AEB works as advertised and seems to actually do a decent job. AEB has proven itself useful over the years at reducing low-speed rear-end crashes, but AAA wanted to see how well it performs in two more common -- and more deadly—crash scenarios: T-bones and left turns in front of oncoming vehicles. [. . .] The results were pretty dispiriting. In both the T-bones and left turns in front of an oncoming vehicle tests, AEB failed to prevent 100 percent of crashes staged by AAA. The system also failed to alert the driver and slow the vehicle's speed. You can argue that we need systems to prevent T-bone and left turn crashes, but to say that a system not designed to prevent them doesn't do so just seems a bit silly. My toaster oven isn't real great at making microwave popcorn, either.
Please report problems with the web pages to the maintainer