Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Three American firefighters whose aircraft crashed while they were fighting the [Australian] Black Summer bushfires were not given the appropriate information about the difficult conditions and were without aerial supervision, a report from the aviation watchdog has found. https://www.smh.com.au/environment/weather/us-pilots-killed-in-plane-crash-unaware-of-terrible-fire-conditions-20220829-p5bdmj.html UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. Think. Green. Do. Please consider the environment before printing this email.
A technology enabling the transmission of fake locations to carry out murky or even illegal business operations could have profound implications for the enforcement of international law. https://www.nytimes.com/2022/09/03/world/americas/high-seas-deception-how-shady-ships-use-gps-to-evade-international-law.html [Jan Wolitsky noted that this is Somewhat misleading, as the technology involved doesn't involve altering any GPS signals, but rather the AIS (Automatic Identification Systems) signal, which uses GPS to transmit position information. The "similar satellite transponder" used by aircraft, mentioned but unnamed in the article, is ADS-B (Automatic Dependent Surveillance Broadcast). PGN]
The large flat rooftops on Amazon warehouses would seem to be ideal locations for solar panel arrays. Indeed, Amazon has installed a significant amount of PV capacity on their warehouses. However, poor design and/or poor maintenance has resulted in a number of fires in these panel arrays. While Amazon has not disclosed details of the PV systems involved in these fires, we can hazard (!) a guess. There are several major risks associated with solar panel arrays, mainly due to the *direct current* (DC) coupling found in most older PV arrays. DC-coupled PV panels are typically series-connected with voltages up to 600V or more—roughly the same voltage found in the "third rail" of subway train systems, so *electrocution risk* is quite high. DC-coupled PV panel strings run at 10 amps or more, providing a rough equivalent to a low-grade *arc welding* system. This high amperage, plus the high DC voltage, means that once an arc starts, it may continue even after the conductor melts away and increases the size of the arc gap. Hail and other damage to PV arrays can thus later result in arcs and fires. Many of these risks can be reduced through the use of AC-coupled PV panels which incorporate so-called 'microinverters' which convert DC to AC within each individual PV panel. https://www.fluke.com/en-us/learn/blog/renewable-energy/solar-power-safety - - - ALSO: https://www.acsolarwarehouse.com/news/are-your-solar-systems-safe/ Amazon took all U.S. solar rooftops offline last year after flurry of fires, electrical explosions "Between April 2020 and June 2021, solar panels atop Amazon fulfillment centers caught fire or experienced electrical explosions at least six different times." "Some 220 solar panels and other equipment at the facility, known as FAT1, were damaged by the three-alarm fire, which was caused by "an undetermined electrical event within the solar system mounted on top of the roof," Leland Wilding, Fresno's fire investigator, wrote in an incident report." "The documents, which have never been made public, indicate that between April 2020 and June 2021, Amazon experienced "critical fire or arc flash events" in at least six of its 47 North American sites with solar installations, affecting 12.7% of such facilities. Arc flashes are a kind of electrical explosion."
Federal regulators and the White House have been scrambling to prevent poor service and a possible strike from jamming up a vital but often overlooked network. US freight railroads cut staff in recent years as part of a shift toward a leaner and more profitable operating model dubbed Precision Scheduled Railroading (PSR). It was invented by a Canadian railroad executive and later replicated in the US, with the intention of simplifying a complex rail network by running fewer, longer trains, replacing single-commodity trains with mixed freight, and slashing labor. US freight trains grew 25 percent in length between 2008 and 2017 and now sometimes reach 3 miles long. And while the profits materialized, the promised service improvements have not always followed.
The scammers used a fake email account to send phony billing requests to Virginia Commonwealth University, authorities allege. Prosecutors said Egbinola controlled an email account that sent phony billing requests to Virginia Commonwealth University on behalf of Kjellstrom and Lee, a construction company that had been doing contract work for the university in Richmond. The emails from "Rachel Moore" in fact came from an impostor account mimicking the construction company's real domain name, according to prosecutors. After communicating with Moore over several months, VCU officials wired almost $470,000 in December 2018 to a bank account that U.S. officials said was controlled by Egbinola's associates. https://www.washingtonpost.com/dc-md-va/2022/08/11/vcu-email-scam-extradition/
Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people's movements months back in time, according to public records and internal emails obtained by The Associated Press. Police have used Fog Reveal to search hundreds of billions of records from 250 million mobile devices, and harnessed the data to create location analyses known among law enforcement as *patterns of life*, according to thousands of pages of records about the company. [...] https://apnews.com/article/technology-police-government-surveillance-d395409ef5a8c6c3f6cdab5b1d0e27ef
BALTIMORE—he FBI is warning individuals employed in the healthcare industry of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information (PII). Scammers, as part of a large criminal network, research background information of their intended targets through a medical practice's website and/or social media and supplement this information with information found on common social media websites such as Facebook, Instagram, LinkedIn, etc., to make themselves appear legitimate. Scammers will often spoof authentic phone numbers and names and use fake credentials of well-known government and law enforcement agencies to notify the intended target they were subpoenaed to provide expert witness testimony in a criminal or civil court case. The health care professional is notified since they did not appear in court, they are in violation of the subpoena, have been held in contempt, and an arrest warrant has been issued for them. The targeted victim is told if they pay a court fine, they will no longer be held in contempt. Scammers use an urgent and aggressive tone coupled with scare tactics that claim the target victim is currently under surveillance and an arrest warrant will involve an early morning police raid. The intended victim is warned non-compliance will result in their medical license being revoked. Payment is demanded in various forms, with the most prevalent being prepaid cards, wire transfers, and cash, sent by mail or inserted into cryptocurrency ATMs. Victims are asked to read prepaid card numbers over the phone or text a picture of the card. Mailed cash will be hidden or packaged to avoid detection by normal mail scanning devices. Wire transfers are often sent overseas and at times in person cash payments or drop offs are completed. If victims make money payments, a new reason to send additional funds is used, such as additional court costs for having to continue the court hearing. Often the scammers will change tactics and impersonate law enforcement officers stating their victim has been identified as a participant of a scam and are currently under investigation for their part in sending money to the criminals. They are then told another payment will exonerate them from their part of the scam. https://www.fbi.gov/contact-us/field-offices/baltimore/news/press-releases/fbi-warns-individuals-employed-in-the-healthcare-industry-of-the-ongoing-scam-involving-the-impersonation-of-law-enforcement-and-government-officials Hard to believe this works.
According to KGMH-TV, some 22,000 customers (who voluntarily enrolled in the AC Rewards program offered by their electricity company) had their enrolled "Smart" (IOT enabled) AC thermostats locked at 79 F (~26C) due to an "energy emergency" when the temperature in Denver approached 90F (32C). This program is voluntary (for now). KGMH-TV report: https://www.thedenverchannel.com/news/contact-denver7/thousands-of-xcel-customers-locked-out-of-thermostats-during-energy-emergency Details of Xcel Energy's AC Reward program: https://co.my.xcelenergy.com/s/residential/heating-cooling/ac-rewards
The US is seeing a growing liberal hostility to checking election results. CNN and ACLU say that counting votes twice, by hand and by computer, is more risky than counting just by computer. This may surprise many states which use hand counts to check computer counts and many countries which just count by hand. The Nevada ACLU director says the hand count "is going to give them the opportunity to tamper with an election," as if computers are immune from tampering. Election staff have always been partisan, and are constrained by bipartisan procedures and public observation, which are easy to provide for hand counts. https://www.cnn.com/videos/politics/2022/08/31/election-deniers-nevada-gop-elections-ballot-counting-republicans-nye-county-lah-lead-vpx.cnn
hristina A. Cassidy and Colleen Slevin, Associated Press, 25 Aug 2022, via ACM TechNews, 29 Aug 2022 Election officials and security experts in the U.S. are concerned that conspiracy theories related to the 2020 presidential election could encourage interference with, or even attempts to sabotage, voting machines during this fall's elections. Such concerns were highlighted on the last day of voting in the Pueblo County, CO, June primary, when a poll worker found an error message on a voting machine's screen. Election officials can take measures to ensure unauthorized devices don't infect voting equipment, by for example, configuring systems to recognize only proprietary devices. In the Pueblo County case, the tamper-evident seal on the voting machine appeared to be disturbed. The case remains under investigation. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f1c9x23590ax069928&
Cryptocurrency mining brought constant noise to this remote part of Appalachia https://www.washingtonpost.com/business/interactive/2022/cryptocurrency-mine-noise-homes-nc
Alyssa Lukpat, *The Wall Street Journal*, 26 Aug 2022 via ACM TechNews, 29 Aug 2022 On Aug. 25, online password manager LastPass reported the theft of some of its source code and proprietary information, but said there is no evidence customer information from its more than 33 million users or encrypted password vaults were accessed. LastPass' Karim Toubba said a developer account had been breached, allowing an unauthorized party to access the company's development environment. The unusual activity was detected two weeks ago, prompting an investigation. Toubba said the company is working with a cybersecurity and forensics firm and has rolled out additional security measures. LastPass stores encrypted login information that users can access online with a master password, but they cannot see customers' data. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f1c9x235913x069928&
Matthew Sparkes, New Scientistm 24 Aug 2022, via ACM TechNews, 29 Aug 2022 A test designed by the Norwegian University of Science and Technology's Marcel Grimmer and colleagues found that facial recognition algorithms start running into difficulty identifying people after they have aged five years. The researchers used open-source alternatives to face recognition tools used by police and smartphone manufacturers, as well as AI-generated images of 50,000 humans aged synthetically. Grimmer said the tools' accuracy declined continuously from the point the reference image was captured. The algorithms used to age faces synthetically from reference images also proved more effective when the target was between 20 and 40 years, compared to children and older adults. The implication is that new photos may be needed more often to maintain accuracy and security. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f1c9x23590cx069928&
Los Alamos National Laboratory, 23 Aug 2022, via ACM TechNews, 29 Aug 2022 A proof devised by a multi-institutional team of scientists demonstrates that quantum neural networks can train on minimal data. "The need for large datasets could have been a roadblock to quantum AI, but our work removes this roadblock," said Patrick Coles at the U.S. Department of Energy's Los Alamos National Laboratory (LANL). Coles said quantum AI training occurs in a mathematical construct called a Hilbert space, and the theorem shows that navigating this space requires only as many data points as the number of parameters in a given model. The researchers could ensure that a quantum model can be compiled in far fewer computational gates relative to the volume of data. LANL's Marco Cerezo said, "We can compile certain very large quantum operations within minutes with very few training points—something that was not previously possible." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f1c9x23590bx069928& [This makes no sense at all in the real world. This proof seems to assume (among other things) that the model is absolutely correct with respect to even the most stringent unstated assumptions, and that the parameters are well defined. Who is proving that those assumptions hold? I suppose the next proof will be that Quantum Computing requires NO TRAINING WHATSOEVER irrespective of the quantumware and the software, under ill-defined or undefined assumptions. PGN]
The phishing attack on the SMS giant exposes the dangers of B2B companies to the entire tech ecosystem. The communication company Twilio suffered a breach at the beginning of August that it says impacted 163 of its customer organizations. Out of Twilio's 270,000 clients, 0.06 percent might seem trivial, but the company's particular role in the digital ecosystem means that that fractional slice of victims had an outsized value and influence. The secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta are all Twilio customers that were secondary victims of the breach. https://www.wired.com/story/twilio-breach-phishing-supply-chain-attacks
Real Money, Fake Musicians: Inside a Million-Dollar Instagram Verification Scheme A jeweler. A plastic surgeon. An OnlyFans Model. They and others received a blue check in likely the biggest Instagram verification scheme revealed to date. After ProPublica started asking questions, Meta removed badges from over 300 accounts. To his more than 150,000 followers on Instagram, Dr. Martin Jugenburg is Real Dr. 6ix, a well-coiffed Toronto plastic surgeon posting images and video of his work sculpting the decolletage, tucking the tummies and lifting the faces of his primarily female clientele. Jugenburg's physician-influencer tendencies led to a six-month suspension of his Ontario medical license in 2021 after he admitted to filming patient interactions and sharing images of procedures without consent. He apologized for the lapse and is currently facing a class-action lawsuit from female patients who say their privacy was violated. But on Spotify, Apple Music and Deezer, and in roughly a dozen sponsored posts scattered across the web, Jugenburg's career and controversial history was eclipsed by a new identity. On those platforms, he was DJ Dr. 6ix, a house music producer who is celebrated for his inherent instinctual ability for music composition assures his followers that his music is absolutely unique. https://www.propublica.org/article/instagram-spotify-verified-fake-musicians People being influenced by "influencers" who pay for being badged as credible. What could go wrong?
https://www.rand.org/blog/2022/08/facebook-misinformation-is-bad-enough-the-metaverse.html [You never MetaVerse you didn't like—until now? Was ist Werse? (Ger.)
The agency's lawsuit against Kochava should squash the industry's core defense—and help keep sensitive info off the open market. https://www.wired.com/story/the-ftc-may-finally-protect-americans-from-data-brokers
Standardized time is broadcast by satellite networks around the world, but their signals are vulnerable to interference --tso he UK is building a more resilient system. https://www.wired.com/story/satellite-time-distribution
Dated 1/6/22—this explains a lot... why my car's clock was wrong from start of Daylight Savings Time to yesterday! The Jalopnik inbox has been lit up with a number of reports about clocks and calendars in Honda cars getting stuck at a certain time in the year 2002. The spread is impressive, impacting Honda and Acura models as old as 2004 and as new as 2012. Here's what might be happening. [...] The issue is widespread, hitting a huge number of cars in Acura's and Honda's lineup with navigation systems. And it's not just in the United States, as owners in Canada and even as far as the United Kingdom have all reported similar issues.
*Today, to celebrate Ukraine's Independence Day, dozens of IP cameras with speaker outputs have been hacked to play patriotic music in Russia as well as occupied Crimea and Donbas... https://twitter.com/ItsArtoir/status/1562440263330476032
The Freedom of Information Act helps Americans learn what the government is up to. The Poseys exploited itâand became unlikely defenders of transparency. The Poseys' lawsuits may have helped rein in the government's tendency to hoard information, but the family hardly makes for a set of uncomplicated FOIA heroes. George Posey was the first person and one of only a handful ever to be convicted of violating the US Comprehensive Anti-Apartheid Act, and [son] Mac has pleaded guilty to conspiracy and receiving stolen government property. https://www.wired.com/story/pentagon-data-profit-freedom-information-of-information-act
So, I understand that printing 3D guns is illegal in Canada and probably ought to be in other countries, but think about this, at least from a USA standpoint: It is not illegal, in general, to manufacture guns here. In fact, it iss a profitable business for many companies. So if someone were to start a business manufacturing guns using 3D printer technology, would that be a legitimate business? If they were manufacturing, say, gardening tools using 3D printer technology, that would certainly be unobjectionable. I suppose it's analogous to the distinction between liquor distributors and the folks who brew at home in their basements. But is it designed to protect the general public or the interests of the established businesses?
This case shows that the power of Google over our lives has become so great that it requires some supervision, the same kind that applies (or should apply, anyway) to electric companies: Can an electric company disconnect a client without warning? If they employ a protocol to report a client to the authorities, which may cause disconnection, do they also have to employ a protocol to reconnect, if authorities determine that no offense was made?
> [Mark gave me the above horrible URL, but browsing on the title instead > gets me the article with the generic Guardian top-level URL! Bummer. > PGN] Try this one: https://www.theguardian.com/technology/commentisfree/2022/aug/23/tesla-fanatics-elon-musk-children-moving-cars Then we can resume wondering what it is about Elon Musk that makes people do such incredibly stupid things.
People handed over real money for something with no intrinsic value in the hope that they would be able to persuade other people to hand over *more* money for the thing with no intrinsic value. How is this in any way different from a Ponzi scheme or the South Sea Bubble? (To stave off the inevitable complaints that "money has no intrinsic value": the value of money is backed by the power of the Government. If you think that your Government has some power and is willing to back its currency to a certain extent, then to that extent
Please report problems with the web pages to the maintainer