[32039] in RISKS Forum
Risks Digest 32.12
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Tue Jul 21 04:20:51 2020
From: RISKS List Owner <risko@csl.sri.com>
Date: Mon, 20 Jul 2020 13:48:15 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Monday 20 July 2020 Volume 32 : Issue 12
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.12>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
`Friendliest,' not fittest, is key to evolutionary survival, scientists
argue in their new book (The Hour)
Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say
intelligence agencies (CBC)
Cloudflare DNS goes down, taking a large piece of the Internet with it
(TechCrunch)
Boeing's future is cloudy as it tries to restore credibility (WashPost)
Seven 'no log' VPN providers accused of leaking -- yup, you guessed it --
1.2TB of user logs onto the Internet (The Register)
Outlook Woes: I have no email and I must scream (Computerworld)
The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD)
Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)
The Role of Cognitive Dissonance in the Pandemic (The Atlantic)
Machine Learning (MIT Tech Review)
Re: The Dark Secret at the Heart of AI (Matthew Kruk)
Re: An invisible hand: Patients aren't being told about the AI
systems advising their care (Amos Shapir)
Re: When tax prep is free, you may be paying with your privacy (Amos Shapir,
Chris Drewe)
Re: Why Some Birds Are Likely To Hit Buildings (Richard Stein,
Craig S. Cottingham)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 20 Jul 2020 08:41:10 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: `Friendliest,' not fittest, is key to evolutionary survival,
scientists argue in their new book (The Hour)
British naturalist Charles Darwin got it right, but maybe we got Darwin
wrong.
Most people assume that Darwin was talking about physical strength when
referring to *survival of the fittest*, meaning that a tougher, more
resilient species always will win out over its weaker counterparts. But
what if he didn't mean that at all?
Scientists Brian Hare and Vanessa Woods, both researchers at Duke
University's Center for Cognitive Neuroscience, believe something else has
been at work among species that have thrived throughout history,
successfully reproducing to sustain themselves, and it has nothing to do
with beating up the competition.
Their new book, Survival of the Friendliest: Understanding Our Origins and
Rediscovering Our Common Humanity <https://amzn.to/30tOgez>, posits that
friendly partnerships among species and shared humanity have worked
throughout centuries to ensure successful evolution. Species endure --
humans, other animals and plants - they write, based on friendliness,
partnership and communication. And they point to many life examples of
cooperation and sociability to prove it.
``Survival of fittest, which is what everyone has in mind as evolution and
natural selection, has done the most harm of any folk theory that has
penetrated society,'' Hare says. ``People think of it as strong alpha males
who deserve to win. That's not what Darwin suggested, or what has been
demonstrated. The most successful strategy in life is friendliness and
cooperation, and we see it again and again.''
``Dogs are exhibit A. They are the extremely friendly descendants of
wolves. They were attracted to humans and became friendly to humans, and
changed their behavior, appearance and developmental makeup. Sadly, their
close relative, the wolf, is threatened and endangered in the few places
where they live, whereas there are hundreds of millions of dogs. Dogs were
the population of wolves that decided to rely on humans - rather than
hunting - and that population won big.''
In nature, for example, flowering plants attract animals to spread their
pollen, forming a partnership that benefits both. ``The plants provide food
and energy, while the animals provide transportation for the pollen,'' Hare
says. [...]
https://www.thehour.com/news/article/Friendliest-not-fittest-is-key-to-15419832.php
[Tom Van Vleck suggests Darwin's statement is a tautology: the fittest
are by definition the ones that survive! PGN]
------------------------------
Date: Thu, 16 Jul 2020 19:06:09 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Russian group targeted COVID-19 vaccine research in Canada,
U.S. and UK, say intelligence agencies (CBC)
A hacker group *almost certainly* backed by Russia is trying to steal
COVID-19-related vaccine research in Canada, the U.K. and the U.S.,
according to intelligence agencies in all three countries.
The Communications Security Establishment (CSE), responsible for Canada's
foreign signals intelligence, said APT29 - also known as Cozy Bear and the
Dukes - is behind the malicious activity.
The group was accused of hacking the Democratic National Committee before
the 2016 U.S. election.
https://www.cbc.ca/news/politics/tunney-russia-alleged-attack-vaccine-canada-us-uk-1.5651697
[See also Julian E. Barnes, *The New York Times*, 17 July 2020,
Hackers sought data from companies trying to eradicate coronavirus
PGN]
------------------------------
Date: Fri, 17 Jul 2020 15:13:13 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Cloudflare DNS goes down, taking a large piece of the Internet with
it (TechCrunch)
https://techcrunch.com/2020/07/17/cloudflare-dns-goes-down-taking-a-large-piece-of-the-internet-with-it/
------------------------------
Date: Sun, 19 Jul 2020 18:24:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Boeing's future is cloudy as it tries to restore credibility
(WashPost)
Boeing is also scrambling to prove it can fly astronauts safely to low Earth
orbit. In December, a test flight of its Starliner spacecraft without any
astronauts onboard ran into trouble as soon as it reached orbit. A software
problem reminiscent of the issues with the 737 Max made the spacecraft think
it was at a different point in the mission. As engineers moved to fix that
problem, they uncovered another that could have caused the service module to
collide with the crew module when they separated in flight. They were able
to quickly send up a software fix to that problem so that the two modules
separated cleanly.
The problems prevented the spacecraft from docking with the International
Space Station, and Boeing had to bring the spacecraft home after just two
days.
Since then, NASA and Boeing launched an investigation, and Boeing said it
has better integrated its hardware and software teams, and has taken a hard
look at its culture and processes. It's also reviewed all 1 million lines of
code in the spacecraft ``resulting in increased robustness of flight
software,'' the company said in a statement to The Post. [...]
Nearly a decade after winning the Air Force contract to build a fleet of
KC-46 Pegasus aerial refueling tankers, Boeing's assembly lines outside of
Seattle have been busy. The company has delivered 34 of the planes so far.
But the military has said it won't be able to use them for most missions
until at least 2023 because of persistent technical flaws.
The plane's boom, the long tube through which fuel is transferred, isn't
flexible enough to safely link up with smaller jets. And the Defense
Department's testing office has determined that the complex camera system
that guides the boom into place isn't accurate enough. The Air Force also
has repeatedly found trash, wrenches and other debris scattered inside newly
delivered jets.
http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx
------------------------------
Date: Sat, 18 Jul 2020 08:20:36 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Seven 'no log' VPN providers accused of leaking -- yup, you guessed
it -- 1.2TB of user logs onto the Internet (The Register)
https://www.theregister.com/2020/07/17/ufo_vpn_database/
[Gabe Goldberg noted this as well: VPN with 'strict no-logs policy'
exposed millions of user log files including account passwords
https://betanews.com/2020/07/15/ufo-vpn-data-leak/
PGN]
------------------------------
Date: Sun, 19 Jul 2020 15:32:35 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Outlook Woes: I have no email and I must scream (Computerworld)
It turns out someone in Microsoft's quality assurance team (There is one,
RIGHT!?) didn't bother to test the newest edition of Outlook with the latest
version of Windows. I mean why would you want to check that e-mail, an
application almost no one uses today, actually works with your main
operating system??
The truth is there was never anything wrong with your PST files. Somehow,
the combination of the newest versions of Outlook and Windows led to a total
failure. The fix required you to manually edit your registry – always a fun
job for a user who's miles away from the closest tech support staff.
https://www.computerworld.com/article/3567355/outlook-woes-i-have-no-email-and-i-must-scream.html
------------------------------
Date: Sun, 19 Jul 2020 15:39:10 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential
(WiReD)
By tearing down bootleg network switches, researchers found ample
opportunity for malice -- but no signs of a backdoor this time.
https://www.wired.com/story/counterfeit-cisco-switch-teardown/
------------------------------
Date: Sat, 18 Jul 2020 10:32:02 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)
Before public health officials can manage the pandemic, they must deal with
a broken data system that sends incomplete results in formats they can't
easily use.
https://www.nytimes.com/2020/07/13/upshot/coronavirus-response-fax-machines.html
------------------------------
Date: Sat, 18 Jul 2020 12:52:48 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The Role of Cognitive Dissonance in the Pandemic (The Atlantic)
The minute we make any decision —- I think COVID-19 is serious; no, I'm sure
it is a hoax -- we begin to justify the wisdom of our choice and find
reasons to dismiss the alternative.
https://www.theatlantic.com/ideas/archive/2020/07/role-cognitive-dissonance-pandemic/614074/
------------------------------
Date: Thu, 16 Jul 2020 18:02:25 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Machine Learning (MIT Tech Review)
Machine learning is a black box. That makes it a double-edged sword?
https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai?utm_source=pocket-newtab
------------------------------
Date: Sun, 19 Jul 2020 13:04:26 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Re: The Dark Secret at the Heart of AI (RISKS-32.11)
In 2016, a strange self-driving car was released onto the quiet roads of
Monmouth County, New Jersey. The experimental vehicle, developed by
researchers at the chip maker Nvidia, didn't look different from other
autonomous cars, but it was unlike anything demonstrated by Google, Tesla,
or General Motors, and it showed the rising power of artificial
intelligence. The car didn't follow a single instruction provided by an
engineer or programmer. Instead, it relied entirely on an algorithm that
had taught itself to drive by watching a human do it.
https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai
------------------------------
Date: Sun, 19 Jul 2020 11:04:29 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: An invisible hand: Patients aren't being told about the AI
systems advising their care (RISKS-32.11)
A somewhat apocryphal story I've heard (but now cannot verify), at the time
when AI systems were just making their first steps in the world:
A graduate student was tasked with generating an AI system to distinguish
between benign and malignant cells in microscope images, for research at a
local hospital. The hospital gave him a pile of images, and an oncologist
doctor to help him decipher them.
So they sat down, and the doctor started to go over the images, stating
``this is malignant, this is not, this is malignant...'' The student had to
stop her ``but can you please explain a bit more about how you make the
distinction?'' She looked at him sternly and said ``Look, young man; I've
been doing this for 30 years now, and when I say it's malignant, it's
malignant!.''
I hope AI systems had improved since then!
[AI has actually improved, but the over-hyping has not? PGN]
------------------------------
Date: Sun, 19 Jul 2020 11:06:57 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: When tax prep is free, you may be paying with your privacy
(RISKS-32.11)
It seems that the old principle is still valid: ``If you're not paying,
you're not the customer, you're the merchandise.''
------------------------------
Date: Sun, 19 Jul 2020 18:10:02 +0100
From: Chris Drewe <e767pmk@yahoo.co.uk>
Subject: Re: When tax prep is free, you may be paying with your privacy
(RISKS-32.11)
No such thing as a free lunch, as the saying goes. This has been the case
for many other topics over the years; just from my memory:
* Since I was a kid, garages have been offering ``have a free safety check
on your car from us'', which makes cynics wonder how the 'free' offer is
paid for.
* Not sure if this is still the case, but in the UK banks often used to
provide travel insurance as one of the benefits of holding an account,
either 'free' or with a modest additional payment. Reportedly the problem
is that this will likely be a minimum-cost generic policy which may not
actually meet your needs and/or may have unexpected limitations,
e.g. 'hazardous activities', which could be anything. If you've actually
paid for your insurance, you're more likely to get what you wanted.
* Historically, buying a house in the UK was strictly controlled; mortgages
were generally only obtainable from building societies (non-profit
organisations run like credit unions) and only proper lawyers could do
conveyancing (handling the sale contract and title deed documents). In
the early 1980s these controls were relaxed so loads of financial
organisations now offer mortgages. As it happened, a work colleague was
buying his first house at the time, and a common offer was ``if you get
your mortgage from us we'll give you free conveyancing,'' but as he said,
if you are paying for the lawyer yourself, you know who he/she is working
for.
* Businesses offering maintenance and repair work may offer fixed-price
jobs, which appear to have the attraction of avoiding any nasty surprises
with the bill, but I have a feeling that unexpected costs may be against
your interests and in favour of the business, in the sense that the
business will try to do the work as cheaply as possible as this is to
their benefit, while they may be less inclined to put in any extra effort
to deal with unexpected difficulties.
------------------------------
Date: Fri, 17 Jul 2020 18:33:28 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)
The *bird strike* term labels a cruel and unfortunate incident in use since
1988 per https://en.wikipedia.org/wiki/Bird_strike.
The FAA's wildlife strike reporting mechanism was a serendipitous discovery
via web search query for *bird strike* while composing.
I was surprised to learn of the reporting system's existence, and supposed a
simple calculation of incident rate would inform the flying public.
------------------------------
Date: Fri, 17 Jul 2020 08:14:49 -0500
From: "Craig S. Cottingham" <craig@cottingham.net>
Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)
While I assume that the correspondent's tongue is planted in their cheek, I
would like to point out that according to maritime rules of the road (and I
would guess that aviation rules are similar), the more maneuverable craft is
supposed to give way to the less maneuverable craft should their courses
intersect. If I, operating a personal watercraft such as what is
colloquially referred to as a *jet ski*, were mowed down by a Panamax-class
container ship under the command of the correspondent, the latter would
likely not be held responsible, as I should have given way to the bloody big
fat and fast moving other vessel.
(Removing *my* tongue from my cheek at this point.)
------------------------------
Date: Mon, 1 Jun 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.12
************************
