Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
It's time for a little levity after months of ugly campaign disinformation
and gigantic fund-raising efforts in the U.S. I offer this limerick, and
beg your indulgence.
Relections on the U.S. Midterm Election Campaigns
Peter G. Neumann (a.k.a. Lim[b]erRick),
Election Day, 8 November 2022
There once was a notion of "ground truth",
Which the DNA linked up with "found tooth".
But old farts with no heart
Took the ground truth apart,
While leaving the future to "frowned youth".
[Your choice of alternatives in the last line:
crowned, gowned, sound, bound, towned, ... I liked "frowned" <upon>]
old fart:
Tribal elder. A title self-assumed with remarkable frequency ...
This is a term of insult in the second or third person, but one of
pride in first person.
"Ground Truth" is becoming like Ground-up Meat --
You have no idea what it entails (or entrails?).
Are the contents just FAKE NEWS? or REALLY-FAKE NEWS?
An earlier draft version of my doggerel had the last line as:
"Forsooth" took the meaning of "found truth".
forsooth [WordNet]
adv 1: an archaic word originally meaning *in truth* but now
usually used to express *disbelief* [emphasis mine]
forsooth formerly used as
An expression of deference or respect, especially to woman;
now used ironically or contemptuously.
[1913 Webster]
Our old English word "forsooth" has been changed for the French
madam. —Guardian.
[1913 Webster]
Dad-to-Kid-joke:
Diner: Waiter, This coffee tastes like mud.
Waiter: It should. It was *GROUND* this morning.
Jack Nicas, *The New York Times*, 6 Nov 2022 https://www.nytimes.com/2022/11/05/world/americas/brazil-election-us-democracy.html Given that there are no computer systems that cannot be hacked through unsecure hardware, software, and apps, *and* the reality that the federal government cannot control state elections—which the existing Supreme Court would pretty much guarantee—there are no realistic solutions. The research community understands some of the machine-related issues, but (not surprisingly) ignores most of the total-system issues—which include insider misuse, clever disenfranchisement, and devastating effects of pervasive disinformation. The commercial vendors for the most part don't care, although Dominion's defense and monster defensive lawsuits (a recent 60 Minutes interviewed the head of Dominion) seem to make a case that they were brutally trashed by false attacks for which they are seeking BILLIONS of dollars in damages.
https://www.reuters.com/world/us/voting-system-firms-battle-right-wing-rage-against-machines-2022-11-06/
https://www.nytimes.com/interactive/2022/11/05/us/politics/pelosi-attack-misinfo-republican-politicians.html
https://www.theverge.com/2022/11/3/23438808/blood-oxygen-monitor-fda-bias-regulation
With Medicare's open enrollment underway, health experts are warning older adults about an uptick in misleading marketing tactics that might lead some to sign up for Medicare Advantage plans that don't cover their doctors or prescriptions and drive up their out-of-pocket costs https://www.washingtonpost.com/politics/medicare-enrollees-warned-about-deceptive-marketing-schemes/2022/11/05/d54ffa70-5cbf-11ed-bc40-b5a130f95ee7_story.html
The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow '' The notorious Alpha02 oversaw millions of dollars a day in online narcotic sales. For cybercrime detectives, he was public enemy number oneâand a total mystery. https://www.wired.com/story/alphabay-series-part-1-the-shadow/ The Hunt for the Dark Webâs Biggest Kingpin, Part 2: Pimp_alex_91 On the trail of AlphaBay's mastermind, a tip leads detectives to a suspect in Bangkok—and to the daunting task of tracing his millions in cryptocurrency. https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/
https://www.nytimes.com/2022/11/06/opinion/ransomware-fbi.html There are many factors behind the stunning rise of ransomware. Our reporting found that one of the most important is the Federal Bureau of Investigation's outmoded approach to computer crime targeting people and institutions in the United States. State and local police generally can't handle a sophisticated international crime that locks victims' data remotely—from patients' medical histories and corporate trade secrets to police evidence and students' performance records—and demands payment for a key. Many police departments have themselves been hamstrung by ransomware attacks. Federal investigators, especially the FBI, are responsible for containing the threat. They need to do better. When ransomware gained traction a decade ago, individual attackers were hitting up home users for a few hundred dollars. In 2015, as the crime was evolving into something more, the bureau still dismissed ransomware as an ankle-biter. That year, about a dozen frustrated Cyber Division agents warned James Comey, who was then the director of the F.B.I., that institutional lack of respect for their skills was spurring their departures. Now well-organized gangs, with hierarchies mirroring those of traditional businesses, are paralyzing the computer networks of high-profile targets and demanding millions of dollars in ransom.
https://www.nbcnews.com/tech/security/ransomware-attacks-hospitals-take-toll-patients-rcna54090
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
Underwater cables keep the internet online. When they congregate in one place, things get tricky https://www.wired.com/story/submarine-internet-cables-egypt/
University of Waterloo (Canada), 13 Nov 2022, via ACM TechNews; 4 Nov 2022 A drone-powered device developed by researchers at Canada's University of Waterloo can see through walls by accessing Wi-Fi networks. The Wi-Peep device can fly close to a building and identify all Wi-Fi-enabled devices inside using the building's Wi-Fi network by taking advantage of the "polite Wi-Fi" loophole, in which smart devices automatically respond to contact attempts from any device within range. Comprised of a store-bought drone and $20 of hardware, Wi-Peep can pinpoint the location of a device within one meter by measuring response times to the messages it sends to devices while in flight. Said Waterloo's Ali Abedi, "We need to fix the Polite Wi-Fi loophole so that our devices do not respond to strangers. We hope our work will inform the design of next-generation protocols." [... and will greatly enhance the accuracy of drone bombers?]
https://phys.org/news/2022-11-ready-robotic-geosynchronous-satellites-payload.html "Ace Satellite Repair Co's" first gig was in April, 1984—the "Solar Max" satellite needed a tune up. The Solar Max was in low earth orbit (~200 km), close enough for the Space Shuttle Challenger to capture. Intrepid space-walkers swapped out and replaced a circuit board or two. Geo-synchronous orbit, @ ~35K km, is where a lot of communications, weather, and other satellite payloads park and operate. No bus for a repair person to ride. Send a robot. DARPA funded "Robotic Servicing of Geosynchronous Satellites" program relies on a two-armed bot. A sophisticated robotic simulator and qualification mechanism, including environment chamber conditions, applied to boost mission objective achievement. Risks: Cosmic radiation, software defects, hardware failure
https://www.cbc.ca/news/canada/nova-scotia/sobeys-safeway-maple-leaf-foods-cybersecurity-incident-1.6642937 Some stores across Canada owned by Empire Company Ltd., including Sobeys, Safeway and affiliated pharmacy services, continue to experience disruptions <http://cbc.ca/1.6642540> due to an information technology systems issue. Empire, which owns Sobeys, Lawtons, IGA, Safeway, Farm Boy, Foodland and FreshCo, among other brands, announced Monday an IT problem is preventing some of its pharmacies from filling prescriptions. ... Meanwhile, Maple Leaf Foods announced in a news release late Sunday night that a "cybersecurity incident" caused a system outage at the company. The company said it became aware of the issue over the weekend and immediately began working with cybersecurity and recovery experts, information systems professionals and third-party specialists to investigate the outage.
https://www.techdirt.com/2022/10/26/signal-says-it-will-exit-india-rather-than-compromise-its-encryption/
AI researchers are warning developers to focus more on how and why a system produces certain results than the fact that the system can accurately and rapidly produce them. What's your favorite ice cream flavor? You might say vanilla or chocolate, and if I asked why, you'd probably say it's because it tastes good. But why does it taste good, and why do you still want to try other flavors sometimes? Rarely do we ever question the basic decisions we make in our everyday lives, but if we did, we might realize that we can't pinpoint the exact reasons for our preferences, emotions, and desires at any given moment. There's a similar problem in artificial intelligence: The people who develop AI are increasingly having problems explaining how it works and determining why it has the outputs it has. Deep neural networks (DNN)—made up of layers and layers of processing systems trained on human-created data to mimic the neural networks of our brains—often seem to mirror not just human intelligence but also human inexplicability. Most AI systems are black box models, which are systems that are viewed only in terms of their inputs and outputs. Scientists do not attempt to decipher the black box, or the opaque processes that the = system undertakes, as long as they receive the outputs they are looking for. For example, if I gave a black box AI model data about every single ice cream flavor, and demographic data about economic, social, and lifestyle factors for millions of people, it could probably guess what your favorite ice cream flavor is or where your favorite ice cream store is, even if it wasn't programmed with that intention. These types of AI systems notoriously have issues because the data they are trained on are often inherently biased, mimicking the racial and gender biases that exist within our society. The haphazard deployment of them leads to situations where, to use just one example, Black people are disproportionately misidentified by facial recognition technology. It becomes difficult to fix these systems in part because their developers often cannot fully explain how they work, which makes accountability difficult. As AI systems become more complex and humans become less able to understand them, AI experts and researchers are warning developers to take a step back and focus more on how and why a system produces certain results than the fact that the system can accurately and rapidly produce them. [...] <https://www.vice.com/en/article/n7jwx7/even-the-government-admits-facial-recognition-is-racially-biased> https://www.vice.com/en/article/y3pezm/scientists-increasingly-cant-explain-how-ai-works
Joe Tidy, BBC News, 3 Nov 2022, via ACM TechNews, 7 Nov 2022 Research by DappRadar indicates that over the past year, people and companies have spent $1.93 billion in cryptocurrency to purchase virtual "real estate" in the metaverse. In Decentraland, parcels of "land" can sell for millions of dollars, and are being bought by companies like Samsung, UPS, and Sotheby's to build virtual shops. Adidas, Atari, Ubisoft, Binance, Warner Music, and Gucci have purchased virtual property in Sandbox, while Gucci also has created a town in Roblox. Said Amber Jae Slooten of *The Fabricant*, a digital design house, "There will be for sure a mass market in this because if you think about the younger generation, they already play games. For them there's no distinction between virtual and real. But it still needs to be built." [No distinction? Wow! That is scary, especially when it comes to voting and living in the real world (whatever that may be). PGN]
https://nypost.com/2022/10/28/1-in-331-billion-chance-same-new-york-lottery-numbers-drawn-twice-in-one-day/
https://abc7ny.com/1-9-billion-lottery-powerball-jackpot-today-how-big-is-the-drawing-time/12426091/ ALSO: Powerball: Winning numbers for the record $1.9 billion jackpot have yet to be announced after drawing was delayed https://www.cnn.com/2022/11/08/us/powerball-lottery-record-delayed-drawing-tuesday-trnd/index.html
https://mashable.com/article/facebook-how-to-delete-contact-info-meta
Ryan Browne, CNBC News, 04 Nov 2022, via ACM TechNews, 7 Nov 2022 ACM A.M. Turing Award recipient Tim Berners-Lee, credited with inventing the World Wide Web, considers Web3 nonviable for building the next iteration of the Internet. At the Web Summit in Lisbon, Portugal, Berners-Lee called Web3 a vague term to describe a theoretical Internet that is more decentralized than the current Web, incorporating technologies like blockchain, cryptocurrencies, and nonfungible tokens. Berners-Lee described blockchain protocols as "too slow, too expensive, and too public." He said people frequently confuse Web3 with his Web 3.0 framework for reconfiguring the Internet. His new Inrupt startup intends to allow users to control their own data via a global single sign-on feature for universal logins, login IDs that let users exchange data, and a "common universal application programming interface." [Don't forget the putting all-of-your-eggs-in-one-basket risks of single sign-on, e.g., RISKS-32.93, -33.11. PGN]
https://www.nbcnews.com/news/us-news/-much-press-are-new-calculator-tackles-inequality-missing-persons-stor-rcna55517 If you went missing, how much press would you be 'worth'? *The Columbia Journalism Review( unveiled a tool that calculates the number of stories your disappearance would net, based on demographics. https://areyoupressworthy.com/ calculates news coverage based on select rules. Each missing person's report is a potential crime with a tragic outcome. Somewhat greater likelihood that extensive coverage will lead to discovery, and eventual happy ending. Turns out that "missing white person syndrome" generates more headlines than non-white minority disappearances. Not hard to imagine an AI applying this tool to determine whether or not to compose a news chyron, or invoke GPT-3 to (not) cook a story, based on computed merit. Risk: Algorithm-driven news headlines
A media and marketing agency that is responsible for buying and planning much of the government's advertising has advised federal departments to pause activity on Twitter, citing mass layoffs at the company. Cossette, which is the government's "media agency of record," issued guidance Friday to "pause activity immediately and monitor the situation over the weekend" due to "unknown continuity plans for moderation" and a "heightened risk of brand safety," according to an internal document seen by CBC News. https://www.cbc.ca/news/politics/cossette-agency-government-ads-twitter-layoffs-1.6642527
https://gizmodo.com/crypto-1849727577
Wireless meat thermometer—use in oven or on barbecue, charges via USB. $100. https://www.sharperimage.com/view/product/Wireless+Meat+Thermometer/206969 Electronics survive repeated baking/grilling/washing? USB plug smeared with sauce/gravy? [Worse yet, Made in China or Russia, broadcasting kitchen conversations, and compromising your Internet of Things devices? See the Thunderclap paper: https://www.ndss-symposium.org/ndss-paper/thunderclap-exploring-vulnerabilities-in-operating-system-iommu-protection-via-dma-from-untrustworthy-peripherals/ PGN]
Certain Pantone collections now require users to pay $15 a month to access them—with colors turned black unless you pay up. Since the 1950s, the company Pantone has helped designers match the colors they see onscreen to what they see in the real world. This color standardization process means that, for example, a poster made in Adobe InDesign looks exactly the same when it's printed out as a giant billboard. And it worked just fineâuntil last week, when everything went dark. Scores of Photoshop and Illustrator users who have used certain Pantone color collections in their works have recently been confronted with the fallout of a disagreement between Adobe and Pantone. The result? Where once there were vibrant hues there is now only the color black. The change is the latest twist in a long-running dispute between the design software giant and the color-standard-setting organization. In December 2021, Adobe announced it would be removing Pantone colors from its app. Why that happened was never certain; rumors spread that it was over the cost of including Pantone in Adobe software, while Pantone publicly said that it felt Adobe wasnât keeping pace with the plethora of new colors it released. Adobeâs chief product officer, Scott Belsky, has tweeted that Pantone asked Adobe to remove the colors, âas they want to charge customers directly.â https://www.wired.com/story/adobe-pantone-color-subscription-fee [Transomware? PGN]
Cybersecurity experts warn that threats lurk in cheat codes, microtransactions and messages from fellow players. Millions of people escaped the drudgery of the Covid-19 pandemic's first year by turning to video games, where they could cast spells, kill zombies and compete as their favorite athletes. These virtual worlds also lured in a different kind of enthusiast—the kind who sought to steal people' personal information and real-world dollars. In recent months, cybersecurity firms have warned that cybercrime in gaming has increased substantially since the start of the pandemic, and that the vulnerabilities—for game studios as well as players --are far from being vanquished. https://www.nytimes.com/2022/10/13/technology/gamers-malware-minecraft-roblox.html
They can't be any worse than some human developers Machine-learning models that power next-gen code-completion tools like GitHub Copilot can help software developers write more functional code, without making it less secure. That's the tentative result of an albeit small 58-person survey conducted by a group of New York University computer scientists. https://www.theregister.com/2022/10/07/machine_learning_code_assistance
Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough. https://www.wired.com/story/rust-secure-programming-language-memory-safe [Just don't believe that all Rust-generated code is secure! PGN]
China's Muslim minority used to have its own budding cluster of websites, forums, and social media. Now thatâs been erased. https://www.wired.com/story/uyghur-internet-erased-china
A new report finds that municipal agencies in Washington deploy dozens of automated decision systems, often without residents' knowledge. Washington, DC, is the home base of the most powerful government on earth. It's also home to 690,000 peopleâand 29 obscure algorithms that shape their lives. City agencies use automation to screen housing applicants, predict criminal recidivism, identify food assistance fraud, determine if a high schooler is likely to drop out, inform sentencing decisions for young people, and many other things. [...] The findings are notable beyond DC because they add to the evidence that many cities have quietly put bureaucratic algorithms to work across their departments, where they can contribute to decisions that affect citizensâ lives. [...] EPIC says governments can help citizens understand their use of algorithms by requiring disclosure anytime a system makes an important decision about a personâs life. And some elected officials have favored the idea of requiring public registries of automated decisionmaking systems used by governments. Last month, lawmakers in Pennsylvania, where a screening algorithm had accused low-income parents of neglect, proposed an algorithm registry law. [...] Winters says algorithm registries can work, if rules or laws are in place to require government departments take them seriously. “It's great format, but it's extremely incomplete.'' https://www.wired.com/story/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown [Oh no, algorithms! OBSCURE algorithms! BUREAUCRATIC ones! As opposed to ... obscure and bureaucratic government employees. Gabe]
Jeppesen says it has addressed some issues caused by a cyber-incident, and is still working on other services. The disruption also affected ForeFlight's NOTAM service but that was fixed Sunday. ForeFlight's NOTAM services have been fully restored; all new and updated NOTAMs are now being processed and displayed in ForeFlight Mobile and ForeFlight Web.
Please report problems with the web pages to the maintainer