The RISKS Digest
Volume 32 Issue 17

Saturday, 1st August 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents

Florida Teen Arrested in Twitter Hack
The New York Times
How self-driving cars can alter consumer morality
JCR
PayPal and Venmo QR payments are coming to CVS Pharmacies
Engadget
Data isn't just being collected from your phone. It's being used to score you.
WashPost
Google accused by developer of retaliation for cooperating with House antitrust investigation
WashPost
Twitter hackers used "phone spear phishing" in mass account takeover
Ars Technica
MRI study reveals all mammals, including humans, share equal brain connectivity
StudyFinds
Global methane emissions soar to record high
Stanford
A concert is being held to learn how COVID-19 spreads at large events. Here's how?
Miami Herald
The "Cubic Model"
Martin Ward
Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades
Amos Shapir
Re: Let a thousand poppies bloom, thanks to cheap solar power
Scott Dorsey
Re: When tax prep is free, you may be paying with your privacy (
????
Re: Darwin's tautology?
Amos Shapir
Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
Al Stangenberger John Levine
Photo Deposit
xkcd
Quote of The Day
Thomas Sowell
Quote of The Day
Sven Henrich
Info on RISKS (comp.risks)

Florida Teen Arrested in Twitter Hack (The New York Times)

Gabe Goldberg <gabe@gabegold.com>
Fri, 31 Jul 2020 18:09:47 -0400
The authorities arrested a 17-year-old who they said ran a scheme that
targeted the accounts of celebrities, including former President Barack
Obama and Elon Musk. Two others were also charged.

OAKLAND, Calif.  The authorities said on Friday that a Florida teenager was
the *mastermind* of a recent high-profile hack of 130 Twitter accounts,
including the accounts of celebrities like former Vice President Joseph
R. Biden Jr. and the Silicon Valley mogul Elon Musk.

Graham Ivan Clark, 17, was arrested in his Tampa home early Friday, state
officials said. He is believed to be the linchpin of a hack that turned into
an embarrassment for Twitter and called into question the security measures
of a range of tech companies. Two other people were also charged with taking
part in the hack.  [...]

The hackers tweeted from 45 of the accounts, gained access to the direct
messages of 36 accounts, and downloaded full information from seven
accounts. They gained access to internal Twitter systems by stealing login
information from employees, then used their access to reset passwords on the
accounts.

https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html

  Where to start? Employees losing internal system credentials, Twitter not
  validating login location or requiring VPN, and people responding to
  tweets offering to double their bitcoins. Comments are interesting—half
  condemning the kid, half praising him and suggesting he work as
  IT/security consultant.


How self-driving cars can alter consumer morality (JCR)

George Mannes <gmannes@gmail.com>
Fri, 31 Jul 2020 12:35:54 -0400
A paper by Tripat Gill in the August 2020 issue of *Journal of Consumer
Research* addresses how people in an autonomous vehicle might resolve the
dilemma of harm to themselves vs. harm to a pedestrian. From the abstract:

  ...participants considered harm to a pedestrian more permissible with an
  AV as compared to self as the decision agent in a regular car. This shift
  in moral judgments was driven by the attribution of responsibility to the
  AV and was observed for both severe and moderate harm.... However, the
  effect was attenuated when five pedestrians or a child could be
  harmed. These findings suggest that AVs can change prevailing moral
  norms....  https://doi.org/10.1093/jcr/ucaa018

Note to self: When the glorious age of self-driving cars arrives, be sure
to walk around in large groups...or dress in a onesie. Maybe then the
"driver" will grab the wheel.


PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget)

Monty Solomon <monty@roscom.com>
Fri, 31 Jul 2020 12:58:51 -0400
CVS pharmacies will soon let you do touch-free payments using your PayPal or
Venmo accounts by using PayPal's QR code payment system, PayPal has
announced.  The system will let shoppers “securely pay for their items
without needing to touch a keypad or sign a receipt,'' according to PayPal.

PayPal supports various means of payment, including stored debit or credit
cards, bank accounts, a PayPal balance or a PayPal credit. On Venmo (which
is owned by PayPal), “customers can pay using their stored debit or credit
cards, bank account, Venmo balance or Venmo rewards'' without any user fees,
according to PayPal.  [...]

https://www.engadget.com/pay-pal-and-venmo-payments-are-coming-to-cvs-pharmacies-124500145.html


Data isn't just being collected from your phone. It's being used to score you. (WashPost)

Monty Solomon <monty@roscom.com>
Sat, 1 Aug 2020 02:04:14 -0400
It's called surveillance scoring. And everybody's doing it.

https://www.washingtonpost.com/opinions/2020/07/31/data-isnt-just-being-collected-your-phone-its-being-used-score-you/


Google accused by developer of retaliation for cooperating with House antitrust investigation (WashPost)

Monty Solomon <monty@roscom.com>
Sat, 1 Aug 2020 02:08:35 -0400
Blix, Inc., the maker of an email app, has been on Google's Play Store for
six years. On Friday, just two days after a Capitol Hill hearing on
antitrust issues, Google kicked the app off the store. Blix says it's
because the company cooperated with lawmakers.

https://www.washingtonpost.com/technology/2020/07/31/google-accused-antitrust-retaliation/


Twitter hackers used "phone spear phishing" in mass account takeover (Ars Technica)

Monty Solomon <monty@roscom.com>
Fri, 31 Jul 2020 10:26:34 -0400
The hackers behind this month's epic Twitter breach targeted a small number
of employees through a *phone spear phishing attack*, the social media site
said on Thursday night. When the pilfered employee credentials failed to
give access to account support tools, the hackers targeted additional
workers who had the permissions needed to access the tools. [...]

https://arstechnica.com/information-technology/2020/07/twitter-hackers-used-phone-spear-phishing-in-mass-account-takeover/


MRI study reveals all mammals, including humans, share equal brain connectivity (StudyFinds)

geoff goodfellow <geoff@iconia.com>
Sat, 1 Aug 2020 01:14:00 -1000
Mankind's collective ego may be about to take a big hit. Humans have always
reigned supreme on planet Earth when it comes to intelligence.  Indeed, it's
our intellect and capacity for critical thinking that primarily separates us
from the rest of this planet's inhabitants.  That's why the findings of a
new study are so surprising. Researchers from Tel Aviv University, after
examining and comparing brain connectivity across 130 different mammalian
species (including humans), conclude that brain connectivity is equal among
*all* mammals.  <https://www.studyfinds.org/mammals-poop-feces-study/>

These findings, reached via MRI brain scans, oppose long-standing beliefs
and assumptions among medical and scientific professionals
<https://www.studyfinds.org/covid-19-gender-gap-academia/>.

  “We discovered that brain connectivity—namely the efficiency of
  information transfer through the neural network—does not depend on
  either the size or structure of any specific brain,'' says Professor Yaniv
  Assaf, of the School of Neurobiology, Biochemistry and Biophysics, in a
  release.  In other words, the brains of all mammals, from tiny mice
  through humans to large bulls and dolphins, exhibit equal connectivity,
  and information travels with the same efficiency within them. We also
  found that the brain preserves this balance via a special compensation
  mechanism: when connectivity between the hemispheres is high, connectivity
  within each hemisphere is relatively low, and vice versa.''

<https://www.aftau.org/press-release---brain-connectivity---july-20-2020>

Brain connectivity compared via MRI scans.  [...]
https://www.studyfinds.org/mri-study-reveals-all-mammals-including-humans-share-equal-brain-connectivity/


Global methane emissions soar to record high (Stanford)

geoff goodfellow <geoff@iconia.com>
Sat, 1 Aug 2020 01:13:00 -1000
*The pandemic has tugged carbon emissions down, temporarily. But levels of
the powerful heat-trapping gas methane continue to climb, dragging the
world further away from a path that skirts the worst effects of global
warming.*

Global emissions of methane have reached the highest levels on record.
Increases are being driven primarily by growth of emissions from coal
mining, oil and natural gas production, cattle and sheep ranching, and
landfills.

Between 2000 and 2017, levels of the potent greenhouse gas barreled up
toward pathways that climate models suggest will lead to 3-4 degrees Celsius
of warming before the end of this century. This is a dangerous temperature
threshold at which scientists warn that natural disasters, including
wildfires, droughts and floods, and social disruptions such as famines and
mass migrations become almost commonplace. The findings are outlined in two
papers published July 14 in *Earth System Science Data*
<https://doi.org/10.5194/essd-12-1561-2020> and *Environmental Research
Letters* <https://doi.org/10.1088/1748-9326/ab9ed2> by researchers with the
Global Carbon Project <https://www.globalcarbonproject.org/>, an initiative
led by Stanford University scientist Rob Jackson
<https://profiles.stanford.edu/jackson>.

In 2017, the last year when complete global methane data are available,
Earth's atmosphere absorbed nearly 600 million tons of the colorless,
odorless gas that is 28 times more powerful than carbon dioxide at trapping
heat over a 100-year span. More than half of all methane emissions now come
from human activities. Annual methane emissions are up 9 percent, or 50
million tons per year, from the early 2000s, when methane concentrations in
the atmosphere were relatively stable.

In terms of warming potential, adding this much extra methane to the
atmosphere since 2000 is akin to putting 350 million more cars on the
world's roads or doubling the total emissions of Germany or France.  “We
still haven't turned the corner on methane,'' said Jackson, a professor of
Earth system science in Stanford's School of Earth, Energy & Environmental
Sciences <https://earth.stanford.edu/> (Stanford Earth).

*Growing sources of methane*.  [...]
https://earth.stanford.edu/news/global-methane-emissions-soar-record-high


A concert is being held to learn how COVID-19 spreads at large events. Here's how? (Miami Herald)

geoff goodfellow <geoff@iconia.com>
Sat, 1 Aug 2020 01:12:00 -1000
One of the worst activities you can do in the middle of a pandemic is attend
a large gathering with thousands of attendees—but researchers in Germany
want people to do just that.

It's not for recreation: The goal is to examine just how dangerous those
events really are, especially as parts of the world prepare to return to
normalcy.

For a project called *RESTART-19*, scientists with the University Medical
Center Halle (Saale) plan on throwing a concert with 4,000 fans and a German
music artist in an indoor arena to simulate how people move, gather and
spread potentially coronavirus-infected germs.
<https://restart19.de/das-projekt/#1594374092971-9e179e0a-f140>

But there's a catch: participants must test negative for SARS-CoV-2, the
virus driving the pandemic, and wear a mask at all times aside from snack
and outdoor breaks, according to their website.

The team says data on how respiratory diseases spread in large events is
“sparse overall and practically nonexistent for COVID-19,'' so they want to
fill in the gaps.

“The corona pandemic paralyzes the event industry. As long as there is a
risk of contagion, no major concerts and trade fairs or sports events are
allowed to take place.''
<https://www.medizin.uni-halle.de/index.php?id=2882&tx_ttnews[tt_news]=6410&cHash=40a36e8e42d018d4f4ca42fa135a6378>
Dr. Armin Willingmann, minister of economics for the German state of
Saxony-Anhalt and a science professor, said in a news release.  “That is
why it is so important to find out which technical or organizational
framework can effectively minimize the risk of infection.''  [...]

https://www.miamiherald.com/news/coronavirus/article244375897.html


The "Cubic Model"

Martin Ward <martin@gkc.org.uk>
Fri, 31 Jul 2020 13:18:08 +0100
Do you remember the Trump administration's "cubic model" of coronavirus
deaths? On 4th May a Washington Post report said "people with knowledge of
that model say it shows deaths dropping precipitously in May—and
essentially going to zero by May 15".  The "model" turned out to be a stock
Excel function, which fits a cubic polynomial to the data (hence the name
"cubic model").

With the data at the time, the best fitting cubic model has a negative
coefficient for x^3: meaning that the model will show deaths rapidly
dropping the zero. (Note that you have to avoid plotting the model *beyond*
that date since the number of deaths then rapidly goes negative as the model
predicts a huge Zombie Apocalypse, or something!)

But now look at today's figures, e.g., here:

https://ourworldindata.org/grapher/daily-covid-deaths-per-million-7-day-average

or here (scroll down for graphs):

https://www.worldometers.info/coronavirus/country/us/

I haven't run the model, but I am pretty sure that the uptick in deaths over
the last month or so means that the best fit cubic will now have a
*positive* x^3 coefficient: meaning that the model will predict deaths
rapidly rising with a quadratically increasing slope. I would be interested
to know the exact date when the cubic model predicts the death of the last
remaining person in the USA.

I wonder if the Trump administration is still using their "cubic model"?


Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades (RISKS-32.16)

Amos Shapir <amos083@gmail.com>
Sat, 1 Aug 2020 12:22:24 +0300
This prediction sounds like those made during the 1890's, predicting
precisely when civilization is going to collapse because of excess
accumulation of horses dung on the streets...

It's rather easy to extrapolate current trends, but it's obvious that in
matters of human welfare and survival, it's safe to assume that people are
going to intervene to change such trends.  I suspect however that a
prediction of collapse within a 100 years might delay intervention to no
earlier than 90 years later.


Re: Let a thousand poppies bloom, thanks to cheap solar power (Baker, RISKS-32.16)

Scott Dorsey
31 Jul 2020 14:43:37 -0000
> BTW, a similar-sized solar system installed at my home in California would
> cost $40,000 instead of $4,000 (including the Taliban tax).  Perhaps I
> need to bring over some Afghan solar installers to the U.S.?

Perhaps this is because the writers of the original article appear to have
confused amps and watts.  A 1.50-meter solar panel is apt to be 150 watts,
not 150 amps.


Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11)

Scott Dorsey
31 Jul 2020 14:43:37 -0000
I don't get this.  The IRS guarantees anyone can file their taxes for free
on paper.  I don't know anyone who has ever paid a fee to the IRS for
submitting their taxes... only people who have paid a fee to the IRS because
they did not submit them.

You fill out the forms, you put them in the mail, it costs maybe a dollar in
stamps.  I do not understand why people are willing to pay any money to do
it online when doing it by hand is simple and cheap unless you have a lot of
income or very complex deductions.


Re: Darwin's tautology? (Ward, Risks 32.16)

Amos Shapir <amos083@gmail.com>
Sat, 1 Aug 2020 13:23:08 +0300
Tautology is a term in logic defined as a statement which is true
unconditionally, determined just by its formulation, e.g., "A or not A".
Thus when a statement is a tautology, its truthfulness requires no proof.  A
statement cannot "become a tautology" by a proof.

> The statement "God exists" is (with a suitably precise definition of
> "God") a meaningful statement.

Let's not step into this quagmire, which stems mainly from the fact that
what constitutes a "suitably precise" definition of God depends a lot on
whether the person making the definition believes in God or not.


Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (RISKS-32.15)

Al Stangenberger <forags@sbcglobal.net>
Thu, 30 Jul 2020 22:51:25 -0700
All Berkeley dissertations are now filed electronically as PDF's.

https://grad.berkeley.edu/academic-progress/dissertation/#formatting-your-manuscript


Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (RISKS-32.15)

"John Levine" <johnl@iecc.com>
31 Jul 2020 16:03:59 -0400
I think it was required at Harvard. The story says the issue was that
Ritchie wasn't willing to pay to have a copy bound for the library. I would
be surprised if they didn't also have the usual form allowing them to
provide a copy to University Microfilms.

When I got my PhD from Yale in 1984 I was living in Cambridge, so I took my
thesis to the bindery that was probably the same place that Ritchie didn't
take his. I submitted my thesis to Yale, who rejected it because
(inevitably) it was bound according to Harvard rules which were different
from Yale rules.  Fortunately, the difference boiled down to Harvard wanted
only the author's last name on the spine while Yale wanted initials before
the name.  So I got a gold ink pen at the stationery store, carefully added
my initials, and now I have my PhD.

Ritchie's approach to day to day life was famously flaky and it is not out
of the question that he just never got around to going to the bindery. At
Bell Labs he chronically failed to cash his paychecks. I talked to someone
who told me a story that one time they voided all the uncashed checks, wrote
him a check for something like $20,000 (a lot of money in the 1970s), and
personally walked him to the bank to deposit it.


xkcd: Photo Deposit

Monty Solomon <monty@roscom.com>
Fri, 31 Jul 2020 20:26:57 -0400
https://xkcd.com/2335/


Quote of The Day (Thomas Sowell)

geoff goodfellow <geoff@iconia.com>
Fri, 31 Jul 2020 12:04:20 -1000
*"The first lesson of economics is scarcity: there is never enough of
anything to fully satisfy all those who want it. The first lesson of
politics is to disregard the first lesson of economics."*

https://twitter.com/ThomasSowell/status/1288471114038022144


Quote of The Day (Sven Henrich)

geoff goodfellow <geoff@iconia.com>
Sat, 1 Aug 2020 01:11:00 -1000
*"Can't wait to take a vaccine that's been rushed through the system with
none of the established safety protocols in place that require years of peer
review and testing for side effects knowing that big pharma companies stand
to make huge profits from it in a race to be first."*

https://twitter.com/NorthmanTrader/status/1284925040862076928

Please report problems with the web pages to the maintainer

Top