[32512] in RISKS Forum
Risks Digest 32.71
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Jun 12 17:03:43 2021
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 12 Jun 2021 14:03:21 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 12 June 2021 Volume 32 : Issue 71
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.71>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
New trains on Amtrak's Acela delayed a year by new round of testing
(WashPost)
Drone scares off thousands of nesting elegant terns at Bolsa Chica
Ecological Reserve in California (WashPost)
Why are we building in "single points of failure"? (Rob Slade)
Fixing Medical Devices That Are Biased against Race or Gender
(Scientific American)
Baidu rolls out paid driverless taxi service in Beijing (AP)
Expert Stakeholder Consultation Report on the Indian Encryption Debate
(John Young)
Hundreds arrested in massive global crime sting using messaging app
(BBC News)
Ransomware and cyber-insurance (Rob Slade)
Fujifilm refuses to pay ransomware demand, restores network from backups
(Verdict)
We Have Met the Ransomware Enemy, and It Is /Partly/ Us!
(Lauren Weinstein)
Majority of $4.4 million cryptocurrency ransom payment in Colonial
Pipeline hack recovered (USA Today and others)
Cybersecurity Framework Profile for Ransomware Risk Management --
Preliminary Draft (nist.gov)
An insect-computer hybrid system for search operations in disasters
(Techxplore.com)
Dartmouth Medical School Drops Online Cheating Cases Against Students
(NYTimes)
Hackers Breached Colonial Pipeline Using Compromised Password (Bloomberg)
Apple driver's licenses (Lauren Weinstein)
Apple Wallet for ID (Gabe Goldberg)
Clueless or clickbait? You decide... (WashPost)
Encrypted Messaging App Run by the FBI Leads to Arrest of Over 100
Organized Crime Members (Gizmodo)
Fastly CDN screws up internal configuration, takes down major sites
around the world (NPR)
New York Times posts, then removes, article announcing discovery of
watermelons on Mars (Lauren Weinstein)
Amazon's Sidewalk Network Is Turned On by Default. Here's How to
Turn It Off (Inc.)
Pipeline Investigation Upends Idea That Bitcoin Is Untraceable (NYTimes)
Replacement with non-allergenic joints can provide relief (medicalxpress)
Re: How do you know this isn't a fake posting? (R. G. Newbury)
Re: A "lethal" weaponized drone "hunted down a human target" (George Sigut)
Book review - "Soap and Water and Common Sense" (Rob Slade)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 8 Jun 2021 20:47:19 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: New trains on Amtrak's Acela delayed a year by new round of testing
(WashPost)
Amtrak's new Acela train cars need an extra round of testing to ensure they
can safely operate on the curvy and aging tracks of the Northeast Corridor,
railroad officials said, confirming a year-long delay in the delivery of the
new trains.
A prototype train that began tests on the route between Washington and
Boston last year was incompatible with the corridor's track and its catenary
system -- the overhead wires that supply the train with electricity. The
train had to be modified to work harmoniously with the infrastructure,
according to Amtrak officials.
The first two of 28 Avelia Liberty high-speed train sets from the French
manufacturer Alstom had been expected to enter service this spring. Amtrak
now projects a spring 2022 debut, citing not only the train reconfiguration,
but also delays caused by production and training interruptions during the
coronavirus pandemic.
Larry Biess, who oversees the rollout of the new Acela trains at Amtrak,
said Alstom modified the train's design to address the compatibility
problems identified during testing.
The train would lose contact with the electrified catenary wire and could
not reach the optimal speed, he said. The adjustments ensure that the device
atop the train that makes contact with the wire will perform properly, Biess
said.
The modifications led to extra testing, extensive computer modeling and
simulation runs. Officials said the adjustments ultimately will improve how
the train handles curves.
``Unfortunately for us, the tests have been an extended affair,'' Biess
said, noting that this work extended by several months the timeline for
introducing the new trains. He said some challenges are related to the age
and configuration of the infrastructure in the Northeast Corridor.
``The track was basically designed in the 1800s. It's very curvy. It
presents a bit more of a challenge than the track that this train runs on in
Europe,'' he said. ``If we were running on a straighter track, with a more
modern infrastructure, it probably wouldn't have taken as long as it has.;;
https://www.washingtonpost.com/transportation/2021/06/03/amtrak-acela-new-trains/
The 1800s-design curvy track wasn't noticed when designing the new trains?
------------------------------
Date: Tue, 8 Jun 2021 10:56:39 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Drone scares off thousands of nesting elegant terns at Bolsa Chica
Ecological Reserve in California (WaPo)
An estimated 3,000 elegant tern eggs were recently abandoned on a nesting
island at the Bolsa Chica Ecological Reserve in Huntington Beach, Calif.,
after a drone, prohibited in the area, crashed and scared off the would-be
parents.
https://www.washingtonpost.com/science/2021/06/07/drone-crash-abandoned-eggs/
By Paulina Firozi, Washington Post, June 7, 2021 at 5:57 p.m. MDT
On a nesting island at the Bolsa Chica Ecological Reserve in Southern
California, thousands of elegant tern eggs dot the sands, abandoned. Now
it appears the eggs will never hatch.
After a drone crashed on the reserve grounds on May 13, about 3,000 adult
elegant terns were scared off, leaving about 1,500 to 2,000 eggs behind.
"It was devastating," Melissa Loebl, an environmental scientist who
manages the reserve, told The Washington Post. "That's one of the largest
losses we've had."
Drones, which California Fish and Wildlife officials say are prohibited on
state reserves, can look like a "giant bird, a giant predator," to the
elegant terns, said Michael H. Horn, a professor emeritus of biology at
California State University at Fullerton.
------------------------------
Date: Tue, 8 Jun 2021 11:56:53 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Why are we building in "single points of failure"?
Yet another "outage" of a service that takes down multiple major resources
on the net.
https://www.npr.org/2021/06/08/1004305569/internet-fastly-outage-go-down-twitter-reddit
Why is it that we, having created a dynamic, self-healing, massively
available network, are constantly trying to "improve" it into a brittle and
fragile state?
No, no, don't bother: I know the answer. "Convenience," "cost savings."
I'm beginning to think that "efficiency" is a four-letter word ...
------------------------------
Date: Sun, 6 Jun 2021 13:15:24 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Fixing Medical Devices That Are Biased against Race or Gender
(Scientific American)
https://www.scientificamerican.com/article/fixing-medical-devices-that-are-biased-against-race-or-gender/
"Medical devices, too, can be biased -- an issue that has gained attention
during the COVID pandemic, along with many other inequities that affect
health. In a recent article in Science, Kadambi, an assistant professor at
the University of California, Los Angeles, Samueli School of Engineering,
describes three ways that racial and gender bias can permeate medical
devices and suggests a number of solutions. Fairness, he argues, should be a
criterion for evaluating new technology, along with effectiveness."
This essay identifies and characterizes types of medical device bias:
physical, computational, and interpretational. These bias types are
demonstrated by pulse oximeters readings and remote plethysmographs (a
device used to measure volumetric tissue changes).
The author recommends that more diverse patient populations participate in
studies to better discern their fairness and effectiveness based on bias
measurements.
To accelerate medical device bias detection, perhaps there should be an FDA
certified standard "bias measurement characteristic platform" that can
assess these factors. These bias measurements (by gender and ethnicity)
should be publicly disclosed.
How would a consumer or physician react to medical device bias labeling?
Device manufacturers might reconsider their product engineering processes,
adjusting device bias characteristics for specific patient cohorts.
Risk: Medical device bias measurement and disclosure
------------------------------
Date: Tue, 8 Jun 2021 09:24:49 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Baidu rolls out paid driverless taxi service in Beijing (AP)
Chinese tech giant Baidu rolled out its paid driverless taxi service on
Sunday, making it the first company to commercialize autonomous driving
operations in China.
Unlike previous Baidu autonomous driving demonstrations in Beijing, this was
the first time there was no safety driver sitting behind the wheel.
Instead, a safety member was seated in the front passenger seat to deal with
any emergencies.
Up to 10 Apollo *robotaxis* are now operating simultaneously in an area of
about 3 square kilometers (1.2 square miles), picking up and dropping off
passengers at eight stops in Shougang Park in western Beijing. Each ride
costs 30 yuan ($4.60), and is open to passengers ages 18 to 60. [...]
https://apnews.com/article/beijing-technology-business-12b81749f522eff6706410cecae56716
------------------------------
Date: Sun, Jun 6, 2021 at 12:06 AM
From: John Young <jya@pipeline.com>
Subject: Expert Stakeholder Consultation Report on the Indian Encryption
Debate (Cryptography)
https://thedialogue.co/wp-content/uploads/2021/06/Report-on-Expert-Stakehol der-Consultation-on-the-Indian-Encryption-Debate-The-Dialogue.pdf
<https://t.co/XEoAWtOgWV?amp=3D1>
------------------------------
Date: Tue, 8 Jun 2021 16:22:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Hundreds arrested in massive global crime sting using messaging app
(BBC News)
More than 800 suspected criminals have been arrested worldwide after being
tricked into using an FBI-run encrypted messaging app, officials say.
The operation, jointly conceived by Australia and the FBI, saw devices with
the ANOM app secretly distributed among criminals, allowing police to
monitor their chats about drug smuggling, money laundering and even murder
plots.
Officials called it a watershed moment.
Targets included drug gangs and people with links to the mafia.
Drugs, weapons, luxury vehicles and cash were also seized in the operation,
which was conducted across more than a dozen countries. This included eight
tonnes of cocaine, 250 guns and more than $48m (£34m) in various
worldwide currencies and cryptocurrencies. [...]
The FBI began operating an encrypted device network called ANOM, and
covertly distributed devices with the chat app among the criminal underworld
via informants.
https://www.bbc.com/news/world-57394831
...next step after scattering infected USB drives outside gang headquarters.
------------------------------
Date: Mon, 7 Jun 2021 11:33:38 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Ransomware and cyber-insurance
I first started to see the idea of "cyber-insurance" back in the early days
(late 1980s) of malware. At that time "cyber-insurance" was just seen as
cost recovery when you'd been hit with a computer virus infestation. Then
the idea languished for many years. After all, most people saw
cyber-insurance as a way not to do risk analysis and management, and were
perturbed when they realized the insurers wanted them to do risk analysis
and management before they would quote on a policy.
About a decade ago, I started to see the idea being pushed again. One
again, risk management was a stumbling block, although now the insurers had
gotten smart enough to sell policies that, basically, had lots of verbiage
and conditions that boiled down to "if you got hit you were negligent, so we
don't have to pay."
In recent years I've been seeing an increasing push for cyber-insurance, this
time specifically in regard to ransomware. (For the purposes of this
posting, I don't need to go over the difference between ransomware and
breachstortion, and the value of backups.) This specific promotion has
gotten so aggressive that it has jumped from the tech trade press to the
general media.
https://lite.cnn.com/en/article/h_29b52c25ef9784bd6e4b2ca6d01a0646
In terms of ransomware, most of us in the security field know that paying is
bad because a) it increases the problem, and b) it is fairly unlikely that
paying the ransom will get you back in business. (Even Colonial Pipelines,
having already paid the ransom, found that restoring from backup was a more
effective recovery solution.) Law enforcement tends to agree, although
there are some in the world of management who still seem resistant to the
concept. (With the current interest in "herd immunity" for the pandemic, it
is instructive to note that not paying ransom is one way to increase
ransomware herd immunity. But I digress.)
The push by insurers to sell cyber-insurance for protection against
ransomware (and possibly breachstortion, as well), prompts another thought:
are the insurers and ransomware gangs in it together?
------------------------------
Date: Tue, 8 Jun 2021 11:44:10 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Fujifilm refuses to pay ransomware demand, restores network from
backups (Verdict)
Fujifilm reported it has refused to pay a ransom demand to the cybergang
that attacked its network in Japan last week and is instead relying on
backups to restore operations.
The company's computer systems are back to business as usual.
https://www.verdict.co.uk/fujifilm-ransom-demand/
Goodonya, Fuji!
------------------------------
Date: Sat, 5 Jun 2021 15:38:05 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: We Have Met the Ransomware Enemy, and It Is /Partly/ Us!
https://lauren.vortex.com/2021/06/05/ransomware-enemy
------------------------------
Date: Mon, 7 Jun 2021 15:12:04 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Majority of $4.4 million cryptocurrency ransom payment in Colonial
Pipeline hack recovered
https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
[See also
The U.S. government has seized millions of dollars in a cryptocurrency
payment made to hackers ...
https://apnews.com/article/8e7f5b297012333480d5e9153f40bd52
https://www.independent.co.uk/news/world/americas/us-politics/colonial-pipeline-hackers-ransom-paid-b1861336.html
https://www.bloomberg.com/news/articles/2021-06-07/doj-to-discuss-ransomware-attack-on-colonial-pipeline-on-monday
PGN]
------------------------------
Date: Fri, 11 Jun 2021 12:51:53 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Cybersecurity Framework Profile for Ransomware Risk Management --
Preliminary Draft (nist.gov)
https://csrc.nist.gov/CSRC/media/Publications/nistir//draft/documents/NIST.IR.8374-preliminary-draft.pdf
retrieved on 11JUN2021
"The Ransomware Profile aligns organizations' ransomware prevention and
mitigation requirements, objectives, risk appetite, and resources with the
elements of the Cybersecurity Framework. The purpose of the profile is to
help organizations identify and prioritize opportunities for improving
their ransomware resistance. Organizations can use this document as a
guide for profiling the state of their own readiness. For example, they
can determine their current state and set a target profile to identify
gaps to achieve their goal."
The Framework itemizes several commonsense measures to deploy that can
minimize ransomware assault (See Section 1.1 The Ransomware Challenge.) The
Framework establishes a basis for organizations to harmonize practices into
a standard operational business capability.
Given historical and largely voluntary measures to tighten infosec,
organizations require motivation to adopt these practices. Perhaps enforced
business regulation, including restricted terms of service for
indemnification, might compel shirkers to harden digital hygiene practices.
Without significant uptake of this guidance, the scourge of ransomware
assault will persist and remain unchecked.
------------------------------
Date: Fri, 11 Jun 2021 18:32:25 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: An insect-computer hybrid system for search operations in
disasters (Techxplore.com)
https://techxplore.com/news/2021-06-insect-computer-hybrid-disasters.html
The preprint @ https://arxiv.org/ftp/arxiv/papers/2105/2105.10869.pdf
retrieved on 11JUN2021, mentioned the power source is sufficient to power
the Madagascar hissing roach electronic payload for ~2H, and weighs in at
~5.5 grams. The payload consists of a CO2 sensor, a low power infrared
camera, and guidance unit.
A typical 'hisser' weighs anywhere from ~7-25g. Only the largest
individuals, per the paper, are saddled up for search and rescue duty.
In a large disaster, such as a peak-hour workday building collapse, one
would a need to deploy an swarm of hissers to accelerate survivor detection.
Fortunately, technology can control drone swarms.
"Swarm intelligence (SI) is the collective behavior of decentralized,
self-organized systems, natural or artificial" per
https://en.wikipedia.org/wiki/Swarm_intelligence (retrieved on 11JUN2021).
Risk: Search conditions. Per
https://extension.okstate.edu/fact-sheets/madagascar-hissing-cockroaches-information-and-care.html
(retrieved on 11JUN2021), the bugs are unionized and will initiate a "sit
down" strike if the ambient temperature is less than ~70 degrees F. --
------------------------------
Date: Fri, 11 Jun 2021 14:49:50 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Dartmouth Medical School Drops Online Cheating Cases Against
Students (NYTimes)
The Ivy League school said it was dismissing allegations that students had
looked up online course materials during remote exams.
Dartmouth's Geisel School of Medicine says it is dropping an online cheating
investigation that led the school to erroneously accuse some students,
allegations that prompted an outcry among faculty, alumni and technology
experts.
In March, Dartmouth charged 17 students with cheating based on a review of
certain online activity data on Canvas -- a popular learning management
system where professors post assignments and students submit their work --
during remote exams. The school quickly dropped seven of the cases after at
least two students argued that administrators had mistaken automated Canvas
activity for human cheating.
Now Dartmouth is also dropping allegations against the remaining 10
students, some of whom faced expulsion, suspension, course failures and
misconduct marks on their academic records that could have derailed their
medical careers.
``I have decided to dismiss all the honor code charges,'' Duane A. Compton,
the dean of the medical school, said in an email to the Geisel community on
Wednesday evening, adding that the students' academic records would not be
affected. ``I have apologized to the students for what they have been
through.''
Dartmouth's decision to dismiss the charges followed a software review by
The New York Times, which found that students’ devices could
automatically generate Canvas activity data even when no one was using
them. Dartmouth’s practices were condemned by some alumni along with some
faculty at other medical schools.
https://www.nytimes.com/2021/06/10/technology/dartmouth-cheating-charges.html
------------------------------
Date: Fri, 4 Jun 2021 20:37:33 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Hackers Breached Colonial Pipeline Using Compromised Password
I keep saying this again and again. This isn't rocket science. Decent
2-factor login authentication, especially FIDO/U2F keys, would block
this kind of compromise, rendering that password essentially useless.
And VPNs should be phased out in preference for Zero Trust platforms! -L
https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
------------------------------
Date: Mon, 7 Jun 2021 16:00:35 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Apple driver's licenses
Trying to think of worse ideas than scanning driver's licenses into iPhones
and then using the phones as a government ID. Yep, there are worse ideas,
but this one scores dandy high.
------------------------------
Date: Tue, 8 Jun 2021 16:29:19 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Apple Wallet for ID
A friend wrote:
Which reminds me ... Apple is supposedly arranging with TSA to use the
Wallet to hold your ID. Not sure what I think about that, but one of my
early experiences with a boarding pass in my phone was having the phone
shut off when the battery died and no backup. Not a pleasant experience.
How did I not see that coming?
Someone else I know came out strongly against Apple Wallet for ID. Apple's
pretty good on privacy and security so I'm not sure I agree with him.
Fortunately he likes cats, so we get along. And I'll await more info on
Apple Wallet -- I have stored various credit cards and memberships, not
drivers license.
------------------------------
Date: Sun, 6 Jun 2021 22:54:39 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Clueless or clickbait? You decide... (WashPost)
https://www.washingtonpost.com/technology/2021/06/06/apple-app-store-scams-fraud
This headline and subhead are nonsense:
Apple's tightly controlled App Store is teeming with scams Nearly 2 percent
of Apple's top-grossing apps on one day were scams -- and they have cost
people $48 million
...considering this definition of "teeming":
Teeming means completely full, especially with living things. If your
grandmother's apartment is teeming with cats, she sure has a lot of them.
"Nearly 2 percent" doesn't quite fulfill "completely full" or even "a
lot". That headline is either clueless or deliberate clickbait.
A better -- more accurate -- headline would have been, "Apple's tightly
controlled App Store holds less than 2% scam apps". This indicates Apple
works to weed out scams:
Apple says it is constantly improving its methods for sniffing out scams and
usually catches them within a month of hitting the App Store. In a recent
news release, Apple said it employed new tools to verify the authenticity of
user reviews and last year kicked 470,000 app developer accounts off the App
Store. Developers, however, can create new accounts and continue to
distribute new apps.
And this makes no sense:
Apple unwittingly may be aiding the most sophisticated scammers by
eliminating so many of the less competent ones during its app review
process, said Miles, who co-authored a paper called The Economics of
Scams.
There's plenty depressing anecdotal stories about scam apps here, along with
some details about what Apple does to prevent scams, but the headline is way
off the mark.
[Apple Teems vs Microsoft Teems? PGN]
------------------------------
Date: Tue, 8 Jun 2021 07:45:55 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Encrypted Messaging App Run by the FBI Leads to Arrest of Over 100
Organized Crime Members
https://gizmodo.com/encrypted-messaging-app-run-by-the-fbi-leads-to-arrest-1847051248
------------------------------
Date: Tue, 8 Jun 2021 07:56:03 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Fastly CDN screws up internal configuration, takes down major sites
around the world (NPR)
https://www.npr.org/2021/06/08/1004305569/internet-fastly-outage-go-down-twitter-reddit
------------------------------
Date: Tue, 8 Jun 2021 13:39:06 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: New York Times posts, then removes, article announcing discovery of
watermelons on Mars
[When your test page accidentally hits prod] New York Times posts,
then removes, article announcing discovery of watermelons on Mars
https://boingboing.net/2021/06/08/new-york-times-posts-then-removes-article-announcing-discovery-of-watermelons-on-mars.html
------------------------------
Date: Fri, 28 May 2021 11:47:14 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Amazon's Sidewalk Network Is Turned On by Default. Here's How to
Turn It Off (Inc.)
*The company's Sidewalk mesh network goes live June 8. The good news is
that you can turn it off.*
Last week, Amazon said it would turn on Sidewalk
<https://www.cnet.com/home/smart-home/amazon-sidewalk-will-create-entire-smart-neighborhoods-faq-ble-900-mhz/>,
its mesh network that uses Bluetooth and 900MHz radio signals to
communicate between devices, on June 8. I imagine that most people, even
those who bought an Echo smart speaker
<https://www.inc.com/jason-aten/amazon-just-announced-its-plan-to-put-smart-technology-everywhere-including-on-your-dog-seriously.html>
in
the past few years, have no idea what Sidewalk is.
I suspect most of those people would be even more surprised to know that
it's turned on by default on every one of their devices. I'll get to that
part in just a minute.
First, let's talk about Sidewalk. The idea behind is actually really
smart--make it possible for smart home devices to serve as a sort of bridge
between your WiFi connection and one another. That way, if your Ring
doorbell, for example, isn't located close to your WiFi router, but it
happens to near an Echo Dot, it can use Sidewalk to stay connected.
The same is true if your Internet connection is down. Your smart devices
can connect to other smart devices, even if they aren't in your home. The
big news on this front is that Tile is joining the Sidewalk network on June
14. That means that if you lose a Tile tracker, it can connect to any of
the millions of Echo or Ring devices in your neighborhood and send its
location back to you.
That's definitely a nice benefit, but it's also where things get a little
murky from a privacy standpoint. That's because other people's devices,
like your neighbor's, can also connect to your network. [...]
https://www.inc.com/jason-aten/amazons-sidewalk-network-is-turned-on-by-default-heres-how-to-turn-it-off.html
------------------------------
Date: Thu, 10 Jun 2021 00:13:21 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Pipeline Investigation Upends Idea That Bitcoin Is Untraceable
(NYTimes)
The FBI's recovery of Bitcoins paid in the Colonial Pipeline ransomware
attack showed cryptocurrencies are not as hard to track as it might seem.
Pipeline Investigation Upends Idea That Bitcoin Is Untraceable
https://www.nytimes.com/2021/06/09/technology/bitcoin-untraceable-pipeline-ransomware.html
------------------------------
Date: Mon, 7 Jun 2021 11:29:19 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Replacement with non-allergenic joints can provide relief
(medicalxpress.com)
https://medicalxpress.com/news/2021-06-non-allergenic-joints-relief.html
[For the 'old bones' at risk reading this stream...]
"More than one million joints are replaced in the United States every year,
and the vast majority of artificial joints improve function and provide
tremendous benefit. However, about 10% of these, or about 100,000 joint
replacements, will fail per year. Many fail due to infection or mechanical
issues, which can be diagnosed by surgeons. However, a significant portion
of those failures have no clear cause. For more than 10 years, Dr. Pacheco
and her colleagues have been identifying allergies as a cause of these
failed artificial joints and recommending replacement with non-allergenic
components. The current paper outlines the causes of allergic reactions
among patients with failed joints and the success of replacements with
non-allergenic components."
Allergic reaction to nickel fabricated into the implanted device requires a
simple blood test (the Lymphocyte Proliferation to Nickel test). Implant
bone cements are chemically analogous to "super glue." There's a suite of
skin tests to assess patient sensitivity.
Proactive test for allergic responses appears more effective than a
diminished post-operative outcome requiring a duplicate arthroscopy to
correct.
------------------------------
Date: Sat, 5 Jun 2021 23:33:23 -0400
From: "R. G. Newbury" <newbury@mandamus.org>
Subject: Re: How do you know this isn't a fake posting? (RISKS-32.70)
> Krueger-Dunning lives ...
And the Dunning-Kruger syndrome exposes itself for all to see.
------------------------------
Date: Mon, 7 Jun 2021 08:49:06 -0400
From: George Sigut <george.sigut@gmail.com>
Subject: Re: A "lethal" weaponized drone "hunted down a human target"
(RISKS-32.70)
While I consider the issue to be really important, I would suggest that you
really look at what is really going on.
The text in RISKS was taken from the businessinsider, EXCEPT that the 2nd
paragraph in original reads
In the March 2020 incident, a Kargu-2 quadcopter autonomously attacked a
person during a conflict between Libyan government forces and a breakaway
military faction, led by the Libyan National Army's Khalifa Haftar, the
Daily Star reported.
> https://www.businessinsider.com/killer-drone-hunted-down-human-target-without-being-told-un-2021-5?r=US&IR=T
not
> The March 2020 incident saw a KARGU-2 quadcopter autonomously attack a human
> during a conflict between Libyan government forces and a breakaway military
> faction, led by the Libyan National Army's Khalifa Haftar, the Daily Star
> reported.
New Scientist (see 1st paragraph) actually says
Military drones MAY have autonomously attacked humans...
Daily Star (see 2nd paragraph) says
An autonomous weaponised drone *hunted down* a human target last year and
is thought to have attacked them without being specifically ordered to...
Both New Scientist and Daily Star base their articles on the UN Report,
which can be found at
https://undocs.org/S/2021/229
and which is slightly more vague about the occasion.
The best summary, quoting DIRECTLY from the report is from NPR at
https://www.npr.org/2021/06/01/1002196245/a-u-n-report-suggests-libya-saw-the-first-battlefield-killing-by-an-autonomous-d
RISK: presenting information which was "improved" by the well-meaning chain
of sources.
------------------------------
Date: Mon, 7 Jun 2021 12:24:26 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Book review - "Soap and Water and Common Sense"
OK, a quick review, and recommendation.
"Soap and Water and Common Sense," by Dr. Bonnie Henry. The title comes
from a quote from the Canadian physician Sir William Osler: soap and water
and common sense are the best disinfectant. Dr. Henry's book is a readable
overview of infectious diseases, their various agents, causes, precautions
and cures.
Although written in 2009, the advice, that basic and simple precautions are
more effective than relying on using (and misusing) the advances of modern
medicine, is sound for the pandemic.
Since I wrote "Cybersecurity Lessons from CoVID-19" using the illustrations
of the pandemic to point out important security principles, I note that Dr.
Henry's book also points out a great many significant concepts vital to
information security. The importance of the basic foundations, the reliance
on the simple over the complex, and even the fact that the pursuit of
efficiency puts you at a risk which you must then address are all crucial.
Highly recommended. (Both for public hygiene, and for students of
security.)
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.71
************************
