[33050] in RISKS Forum

home help back first fref pref prev next nref lref last post

Risks Digest 33.51

daemon@ATHENA.MIT.EDU (RISKS List Owner)
Wed Nov 9 23:30:15 2022

From: RISKS List Owner <risko@csl.sri.com>
Date: Wed, 9 Nov 2022 20:24:50 PST
To: risks@mit.edu

RISKS-LIST: Risks-Forum Digest  Wednesday 9 November 2022  Volume 33 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/33.51>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Ground Truth vs Ground-up Truth (PGN)
What U.S. Democracy Can Learn from Brazil (Jack Nicas)
Voting-system firms battle right-wing rage against the machines (Reuters)
How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes)
Blood oxygen monitors face scrutiny from FDA panel (The Verge)
Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz)
The Hunt for the Dark Web's Biggest Kingpin (WiReD)
Why the FBI Is So Far Behind on Cybercrime (NYTimes)
Ransomware attacks on hospitals take toll on patients (NBC News)
iOS Privacy: Instagram and Facebook can track anything you do on any website
 in their in-app browser (Krausefx)
The Most Vulnerable Place on the Internet (WiReD)
Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls
 (U.Waterloo)
Engineers ready innovative robotic servicing of geosynchronous satellites
 payload for launch (phys.org)
Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces
 cybersecurity incident (CBC)
Signal Says It Will Exit India Rather Than Compromise Its Encryption
 (Techdirt)
Scientists Increasingly Can't Explain How AI Works (Vice)
Billions Spent in Metaverse 'Land' Grab (BBC)
Same New York lottery numbers drawn twice in one day (NYPost)
Powerball winning numbers live drawing delayed for $1.9 billion jackpot due
 to 'security protocol issue' (ABC)
There's a good chance Meta has your contact info. Here's how to delete it.
 (Mashable)
Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC)
'How much press are you worth?' New calculator tackles inequality in missing
 persons stories (msnbc.com)
Federal government advised to pause Twitter ads after mass layoffs at
 company (CBC News)
Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year
 (Gizmodo)
Wireless meat thermometer: What could go wrong? (SharperImage via Gabe)
Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD)
Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes)
AI code assistants may not spawn as many bugs as feared (NYTimes)
The Rise of Rust, the Virus-Secure Programming Language That's Taking Over
 Tech (WiReD)
The Strange Death of the Uyghur Internet (WiReD)
Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown
 (WiReD)
Jeppesen Cyber-Incident Affects Services (AVweb)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 9 Nov 2022 10:40:50 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Ground Truth vs Ground-up Truth

It's time for a little levity after months of ugly campaign disinformation
and gigantic fund-raising efforts in the U.S.  I offer this limerick, and
beg your indulgence.

     Relections on the U.S. Midterm Election Campaigns
        Peter G. Neumann (a.k.a. Lim[b]erRick),
        Election Day, 8 November 2022

      There once was a notion of "ground truth",
      Which the DNA linked up with "found tooth".
        But old farts with no heart
        Took the ground truth apart,
      While leaving the future to "frowned youth".

   [Your choice of alternatives in the last line:
    crowned, gowned, sound, bound, towned, ...  I liked "frowned" <upon>]

   old fart:
     Tribal elder.  A title self-assumed with remarkable frequency ...
     This is a term of insult in the second or third person, but one of
     pride in first person.

   "Ground Truth" is becoming like Ground-up Meat --
   You have no idea what it entails (or entrails?).
   Are the contents just FAKE NEWS?  or REALLY-FAKE NEWS?

An earlier draft version of my doggerel had the last line as:
  "Forsooth" took the meaning of "found truth".

  forsooth [WordNet]
    adv 1: an archaic word originally meaning *in truth* but now
           usually used to express *disbelief* [emphasis mine]

  forsooth  formerly used as
     An expression of deference or respect, especially to woman;
     now used ironically or contemptuously.
     [1913 Webster]

     Our old English word "forsooth" has been changed for the French
     madam.  -- Guardian.
     [1913 Webster]

  Dad-to-Kid-joke:
   Diner: Waiter, This coffee tastes like mud.
   Waiter: It should.  It was *GROUND* this morning.

------------------------------

Date: Mon, 7 Nov 2022 9:16:00 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: What U.S. Democracy Can Learn from Brazil (Jack Nicas)

Jack Nicas, *The New York Times*, 6 Nov 2022

https://www.nytimes.com/2022/11/05/world/americas/brazil-election-us-democracy.html

Given that there are no computer systems that cannot be hacked through
unsecure hardware, software, and apps, *and* the reality that the federal
government cannot control state elections -- which the existing Supreme
Court would pretty much guarantee -- there are no realistic solutions.  The
research community understands some of the machine-related issues, but (not
surprisingly) ignores most of the total-system issues -- which include
insider misuse, clever disenfranchisement, and devastating effects of
pervasive disinformation.  The commercial vendors for the most part don't
care, although Dominion's defense and monster defensive lawsuits (a recent
60 Minutes interviewed the head of Dominion) seem to make a case that they
were brutally trashed by false attacks for which they are seeking BILLIONS
of dollars in damages.

------------------------------

Date: Sun, 6 Nov 2022 15:12:01 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Voting-system firms battle right-wing rage against the machines
 (Reuters)

https://www.reuters.com/world/us/voting-system-firms-battle-right-wing-rage-against-machines-2022-11-06/

------------------------------

Date: Sun, 6 Nov 2022 10:50:45 -0500
From: Monty Solomon <monty@roscom.com>
Subject: How Republicans Fed a Misinformation Loop About the Pelosi Attack
 (NYTimes)

https://www.nytimes.com/interactive/2022/11/05/us/politics/pelosi-attack-misinfo-republican-politicians.html

------------------------------

Date: Thu, 3 Nov 2022 19:53:44 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Blood oxygen monitors face scrutiny from FDA panel (The Verge)

https://www.theverge.com/2022/11/3/23438808/blood-oxygen-monitor-fda-bias-regulation

------------------------------

Date: Sat, 5 Nov 2022 19:36:10 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Medicare enrollees warned about deceptive marketing schemes
 (Amanda Seitz)

With Medicare's open enrollment underway, health experts are warning
older adults about an uptick in misleading marketing tactics that might
lead some to sign up for Medicare Advantage plans that don't cover
their doctors or prescriptions and drive up their out-of-pocket costs

https://www.washingtonpost.com/politics/medicare-enrollees-warned-about-deceptive-marketing-schemes/2022/11/05/d54ffa70-5cbf-11ed-bc40-b5a130f95ee7_story.html

------------------------------

Date: Fri, 4 Nov 2022 10:24:46 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The Hunt for the Dark Web's Biggest Kingpin (WiReD)

The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow ''

The notorious Alpha02 oversaw millions of dollars a day in online narcotic
sales. For cybercrime detectives, he was public enemy number oneâand a total
mystery.  https://www.wired.com/story/alphabay-series-part-1-the-shadow/

The Hunt for the Dark Webâs Biggest Kingpin, Part 2: Pimp_alex_91
On the trail of AlphaBay's mastermind, a tip leads detectives to a suspect
in Bangkok -- and to the daunting task of tracing his millions in
cryptocurrency.

https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/

------------------------------

Date: Sun, 6 Nov 2022 19:39:01 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Why the FBI Is So Far Behind on Cybercrime (NYTimes)

https://www.nytimes.com/2022/11/06/opinion/ransomware-fbi.html

There are many factors behind the stunning rise of ransomware. Our reporting
found that one of the most important is the Federal Bureau of
Investigation's outmoded approach to computer crime targeting people and
institutions in the United States.

State and local police generally can't handle a sophisticated international
crime that locks victims' data remotely -- from patients' medical histories
and corporate trade secrets to police evidence and students' performance
records -- and demands payment for a key. Many police departments have
themselves been hamstrung by ransomware attacks. Federal investigators,
especially the FBI, are responsible for containing the threat. They need to
do better.

When ransomware gained traction a decade ago, individual attackers were
hitting up home users for a few hundred dollars. In 2015, as the crime was
evolving into something more, the bureau still dismissed ransomware as an
ankle-biter.  That year, about a dozen frustrated Cyber Division agents
warned James Comey, who was then the director of the F.B.I., that
institutional lack of respect for their skills was spurring their
departures. Now well-organized gangs, with hierarchies mirroring those of
traditional businesses, are paralyzing the computer networks of high-profile
targets and demanding millions of dollars in ransom.

------------------------------

Date: Tue, 8 Nov 2022 10:21:30 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Ransomware attacks on hospitals take toll on patients (NBC News)

https://www.nbcnews.com/tech/security/ransomware-attacks-hospitals-take-toll-patients-rcna54090

------------------------------

Date: Wed, 9 Nov 2022 09:35:28 -0500
From: Monty Solomon <monty@roscom.com>
Subject: iOS Privacy: Instagram and Facebook can track anything you do on
 any website in their in-app browser (Krausefx)

https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser

------------------------------

Date: Fri, 4 Nov 2022 09:45:43 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The Most Vulnerable Place on the Internet (WiReD)

Underwater cables keep the internet online. When they congregate in one
place, things get tricky

https://www.wired.com/story/submarine-internet-cables-egypt/

------------------------------

Date: Fri, 4 Nov 2022 12:47:51 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Security Loophole Allows Attackers to Use Wi-Fi to See Through
 Walls (U.Waterloo)a

University of Waterloo (Canada), 13 Nov 2022, via ACM TechNews; 4 Nov 2022

A drone-powered device developed by researchers at Canada's University of
Waterloo can see through walls by accessing Wi-Fi networks. The Wi-Peep
device can fly close to a building and identify all Wi-Fi-enabled devices
inside using the building's Wi-Fi network by taking advantage of the "polite
Wi-Fi" loophole, in which smart devices automatically respond to contact
attempts from any device within range. Comprised of a store-bought drone and
$20 of hardware, Wi-Peep can pinpoint the location of a device within one
meter by measuring response times to the messages it sends to devices while
in flight. Said Waterloo's Ali Abedi, "We need to fix the Polite Wi-Fi
loophole so that our devices do not respond to strangers. We hope our work
will inform the design of next-generation protocols."

  [... and will greatly enhance the accuracy of drone bombers?]

------------------------------

Date: Thu, 10 Nov 2022 00:37:42 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Engineers ready innovative robotic servicing of geosynchronous
 satellites payload for launch (phys.org)

https://phys.org/news/2022-11-ready-robotic-geosynchronous-satellites-payload.html

"Ace Satellite Repair Co's" first gig was in April, 1984 -- the "Solar Max"
satellite needed a tune up. The Solar Max was in low earth orbit (~200 km),
close enough for the Space Shuttle Challenger to capture. Intrepid
space-walkers swapped out and replaced a circuit board or two.

Geo-synchronous orbit, @ ~35K km, is where a lot of communications, weather,
and other satellite payloads park and operate.

No bus for a repair person to ride. Send a robot. DARPA funded "Robotic
Servicing of Geosynchronous Satellites" program relies on a two-armed bot. A
sophisticated robotic simulator and qualification mechanism, including
environment chamber conditions, applied to boost mission objective
achievement.

  Risks: Cosmic radiation, software defects, hardware failure

------------------------------

Date: Mon, 7 Nov 2022 13:11:40 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Sobeys, Safeway grappling with IT issues as Maple Leaf Foods
 announces cybersecurity incident (CBC)

https://www.cbc.ca/news/canada/nova-scotia/sobeys-safeway-maple-leaf-foods-cybersecurity-incident-1.6642937

Some stores across Canada owned by Empire Company Ltd., including Sobeys,
Safeway and affiliated pharmacy services, continue to experience disruptions
<http://cbc.ca/1.6642540> due to an information technology systems issue.

Empire, which owns Sobeys, Lawtons, IGA, Safeway, Farm Boy, Foodland and
FreshCo, among other brands, announced Monday an IT problem is preventing
some of its pharmacies from filling prescriptions.  ...

Meanwhile, Maple Leaf Foods announced in a news release late Sunday night
that a "cybersecurity incident" caused a system outage at the company.

The company said it became aware of the issue over the weekend and
immediately began working with cybersecurity and recovery experts,
information systems professionals and third-party specialists to investigate
the outage.

------------------------------

Date: Fri, 28 Oct 2022 21:05:02 +0900
From: David Farber <farber@keio.jp>
Subject: Signal Says It Will Exit India Rather Than Compromise Its
 Encryption (Techdirt)

https://www.techdirt.com/2022/10/26/signal-says-it-will-exit-india-rather-than-compromise-its-encryption/

------------------------------

Date: Wed, 2 Nov 2022 08:07:31 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Scientists Increasingly Can't Explain How AI Works (Vice)

AI researchers are warning developers to focus more on how and why a system
produces certain results than the fact that the system can accurately and
rapidly produce them.

What's your favorite ice cream flavor? You might say vanilla or chocolate,
and if I asked why, you'd probably say it's because it tastes good. But why
does it taste good, and why do you still want to try other flavors
sometimes? Rarely do we ever question the basic decisions we make in our
everyday lives, but if we did, we might realize that we can't pinpoint the
exact reasons for our preferences, emotions, and desires at any given
moment.

There's a similar problem in artificial intelligence: The people who develop
AI are increasingly having problems explaining how it works and determining
why it has the outputs it has. Deep neural networks (DNN) -- made up of
layers and layers of processing systems trained on human-created data to
mimic the neural networks of our brains -- often seem to mirror not just
human intelligence but also human inexplicability.

Most AI systems are black box models, which are systems that are viewed only
in terms of their inputs and outputs. Scientists do not attempt to decipher
the black box, or the opaque processes that the = system undertakes, as long
as they receive the outputs they are looking for. For example, if I gave a
black box AI model data about every single ice cream flavor, and demographic
data about economic, social, and lifestyle factors for millions of people,
it could probably guess what your favorite ice cream flavor is or where your
favorite ice cream store is, even if it wasn't programmed with that
intention.

These types of AI systems notoriously have issues because the data they are
trained on are often inherently biased, mimicking the racial and gender
biases that exist within our society. The haphazard deployment of them leads
to situations where, to use just one example, Black people are
disproportionately misidentified by facial recognition technology. It
becomes difficult to fix these systems in part because their developers
often cannot fully explain how they work, which makes accountability
difficult. As AI systems become more complex and humans become less able to
understand them, AI experts and researchers are warning developers to take a
step back and focus more on how and why a system produces certain results
than the fact that the system can accurately and rapidly produce them. [...]

<https://www.vice.com/en/article/n7jwx7/even-the-government-admits-facial-recognition-is-racially-biased>

https://www.vice.com/en/article/y3pezm/scientists-increasingly-cant-explain-how-ai-works

------------------------------

Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Billions Spent in Metaverse 'Land' Grab (BBC)

Joe Tidy, BBC News, 3 Nov 2022, via ACM TechNews, 7 Nov 2022

Research by DappRadar indicates that over the past year, people and
companies have spent $1.93 billion in cryptocurrency to purchase virtual
"real estate" in the metaverse. In Decentraland, parcels of "land" can sell
for millions of dollars, and are being bought by companies like Samsung,
UPS, and Sotheby's to build virtual shops. Adidas, Atari, Ubisoft, Binance,
Warner Music, and Gucci have purchased virtual property in Sandbox, while
Gucci also has created a town in Roblox. Said Amber Jae Slooten of *The
Fabricant*, a digital design house, "There will be for sure a mass market in
this because if you think about the younger generation, they already play
games. For them there's no distinction between virtual and real. But it
still needs to be built."

  [No distinction? Wow!  That is scary, especially when it comes to voting
  and living in the real world (whatever that may be).  PGN]

------------------------------

Date: Thu, 3 Nov 2022 13:50:00 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Same New York lottery numbers drawn twice in one day (NYPost)

https://nypost.com/2022/10/28/1-in-331-billion-chance-same-new-york-lottery-numbers-drawn-twice-in-one-day/

------------------------------

Date: Mon, 7 Nov 2022 23:34:00 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Powerball winning numbers live drawing delayed for $1.9 billion
 jackpot due to 'security protocol issue' (ABC)

https://abc7ny.com/1-9-billion-lottery-powerball-jackpot-today-how-big-is-the-drawing-time/12426091/

ALSO:
  Powerball: Winning numbers for the record $1.9 billion jackpot
  have yet to be announced after drawing was delayed

https://www.cnn.com/2022/11/08/us/powerball-lottery-record-delayed-drawing-tuesday-trnd/index.html

------------------------------

Date: Tue, 1 Nov 2022 20:43:57 -0400
From: Monty Solomon <monty@roscom.com>
Subject: There's a good chance Meta has your contact info. Here's how to
 delete it. (Mashable)

https://mashable.com/article/facebook-how-to-delete-contact-info-meta

------------------------------

Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC)

Ryan Browne, CNBC News, 04 Nov 2022, via ACM TechNews, 7 Nov 2022

ACM A.M. Turing Award recipient Tim Berners-Lee, credited with inventing the
World Wide Web, considers Web3 nonviable for building the next iteration of
the Internet. At the Web Summit in Lisbon, Portugal, Berners-Lee called Web3
a vague term to describe a theoretical Internet that is more decentralized
than the current Web, incorporating technologies like blockchain,
cryptocurrencies, and nonfungible tokens. Berners-Lee described blockchain
protocols as "too slow, too expensive, and too public." He said people
frequently confuse Web3 with his Web 3.0 framework for reconfiguring the
Internet. His new Inrupt startup intends to allow users to control their own
data via a global single sign-on feature for universal logins, login IDs
that let users exchange data, and a "common universal application
programming interface."

  [Don't forget the putting all-of-your-eggs-in-one-basket risks of single
  sign-on, e.g., RISKS-32.93, -33.11.  PGN]

------------------------------

Date: Fri, 04 Nov 2022 02:07:09 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: 'How much press are you worth?' New calculator tackles inequality
 in missing persons stories (msnbc.com)

https://www.nbcnews.com/news/us-news/-much-press-are-new-calculator-tackles-inequality-missing-persons-stor-rcna55517

If you went missing, how much press would you be 'worth'?  *The Columbia
Journalism Review( unveiled a tool that calculates the number of stories
your disappearance would net, based on demographics.

https://areyoupressworthy.com/ calculates news coverage based on select
rules. Each missing person's report is a potential crime with a tragic
outcome. Somewhat greater likelihood that extensive coverage will lead to
discovery, and eventual happy ending. Turns out that "missing white person
syndrome" generates more headlines than non-white minority disappearances.

Not hard to imagine an AI applying this tool to determine whether or not to
compose a news chyron, or invoke GPT-3 to (not) cook a story, based on
computed merit.

  Risk: Algorithm-driven news headlines

------------------------------

Date: Sun, 6 Nov 2022 16:20:15 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Federal government advised to pause Twitter ads after mass layoffs
 at company (CBC News)

A media and marketing agency that is responsible for buying and planning
much of the government's advertising has advised federal departments to
pause activity on Twitter, citing mass layoffs at the company.

Cossette, which is the government's "media agency of record," issued
guidance Friday to "pause activity immediately and monitor the situation
over the weekend" due to "unknown continuity plans for moderation" and a
"heightened risk of brand safety," according to an internal document seen by
CBC News.

https://www.cbc.ca/news/politics/cossette-agency-government-ads-twitter-layoffs-1.6642527

------------------------------

Date: Tue, 1 Nov 2022 20:40:59 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Websites Accepting Crypto for Child Sex Abuse Content Doubling
 Every Year (Gizmodo)

https://gizmodo.com/crypto-1849727577

------------------------------

Date: Wed, 2 Nov 2022 17:03:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Wireless meat thermometer: What could go wrong?

Wireless meat thermometer -- use in oven or on barbecue, charges via USB.
$100.

https://www.sharperimage.com/view/product/Wireless+Meat+Thermometer/206969

Electronics survive repeated baking/grilling/washing?
USB plug smeared with sauce/gravy?

  [Worse yet, Made in China or Russia, broadcasting kitchen conversations,
  and compromising your Internet of Things devices?  See the Thunderclap paper:
  https://www.ndss-symposium.org/ndss-paper/thunderclap-exploring-vulnerabilities-in-operating-system-iommu-protection-via-dma-from-untrustworthy-peripherals/
  PGN]

------------------------------

Date: Wed, 2 Nov 2022 23:47:58 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD)

Certain Pantone collections now require users to pay $15 a month to access
them -- with colors turned black unless you pay up.

Since the 1950s, the company Pantone has helped designers match the colors
they see onscreen to what they see in the real world. This color
standardization process means that, for example, a poster made in Adobe
InDesign looks exactly the same when it's printed out as a giant billboard.
And it worked just fineâuntil last week, when everything went dark.

Scores of Photoshop and Illustrator users who have used certain Pantone
color collections in their works have recently been confronted with the
fallout of a disagreement between Adobe and Pantone. The result? Where once
there were vibrant hues there is now only the color black.

The change is the latest twist in a long-running dispute between the design
software giant and the color-standard-setting organization. In December
2021, Adobe announced it would be removing Pantone colors from its app. Why
that happened was never certain; rumors spread that it was over the cost of
including Pantone in Adobe software, while Pantone publicly said that it
felt Adobe wasnât keeping pace with the plethora of new colors it
released. Adobeâs chief product officer, Scott Belsky, has tweeted that
Pantone asked Adobe to remove the colors, âas they want to charge customers
directly.â

https://www.wired.com/story/adobe-pantone-color-subscription-fee

  [Transomware?  PGN]

------------------------------

Date: Thu, 3 Nov 2022 23:36:44 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes)

Cybersecurity experts warn that threats lurk in cheat codes,
microtransactions and messages from fellow players.

Millions of people escaped the drudgery of the Covid-19 pandemic's first
year by turning to video games, where they could cast spells, kill zombies
and compete as their favorite athletes.

These virtual worlds also lured in a different kind of enthusiast -- the
kind who sought to steal people' personal information and real-world
dollars.

In recent months, cybersecurity firms have warned that cybercrime in gaming
has increased substantially since the start of the pandemic, and that the
vulnerabilities -- for game studios as well as players --are far from being
vanquished.

https://www.nytimes.com/2022/10/13/technology/gamers-malware-minecraft-roblox.html

------------------------------

Date: Thu, 3 Nov 2022 23:44:15 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: AI code assistants may not spawn as many bugs as feared (NYTimes)

They can't be any worse than some human developers

Machine-learning models that power next-gen code-completion tools like
GitHub Copilot can help software developers write more functional code,
without making it less secure.

That's the tentative result of an albeit small 58-person survey conducted by
a group of New York University computer scientists.

https://www.theregister.com/2022/10/07/machine_learning_code_assistance

------------------------------

Date: Sat, 5 Nov 2022 00:27:16 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Rise of Rust, the Virus-Secure Programming Language That's
 Taking Over Tech (WiReD)

Rust makes it impossible to introduce some of the most common security
vulnerabilities. And its adoption can't come soon enough.

https://www.wired.com/story/rust-secure-programming-language-memory-safe

  [Just don't believe that all Rust-generated code is secure!  PGN]

------------------------------

Date: Sat, 5 Nov 2022 19:04:23 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Strange Death of the Uyghur Internet (WiReD)

China's Muslim minority used to have its own budding cluster of websites,
forums, and social media. Now thatâs been erased.

https://www.wired.com/story/uyghur-internet-erased-china

------------------------------

Date: Sat, 5 Nov 2022 19:15:01 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your
 Hometown (WiReD)

A new report finds that municipal agencies in Washington deploy dozens of
automated decision systems, often without residents' knowledge.

Washington, DC, is the home base of the most powerful government on earth.
It's also home to 690,000 peopleâand 29 obscure algorithms that shape their
lives. City agencies use automation to screen housing applicants, predict
criminal recidivism, identify food assistance fraud, determine if a high
schooler is likely to drop out, inform sentencing decisions for young
people, and many other things.  [...]

The findings are notable beyond DC because they add to the evidence that
many cities have quietly put bureaucratic algorithms to work across their
departments, where they can contribute to decisions that affect citizensâ
lives.  [...]

EPIC says governments can help citizens understand their use of algorithms
by requiring disclosure anytime a system makes an important decision about a
personâs life. And some elected officials have favored the idea of requiring
public registries of automated decisionmaking systems used by governments.
Last month, lawmakers in Pennsylvania, where a screening algorithm had
accused low-income parents of neglect, proposed an algorithm registry law.
[...]

Winters says algorithm registries can work, if rules or laws are in place to
require government departments take them seriously.  ``It's great format,
but it's extremely incomplete.''

https://www.wired.com/story/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown

  [Oh no, algorithms! OBSCURE algorithms! BUREAUCRATIC ones!
  As opposed to ... obscure and bureaucratic government employees.  Gabe]

------------------------------

Date: Tue, 8 Nov 2022 16:00:17 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Jeppesen Cyber-Incident Affects Services (AVweb)

Jeppesen says it has addressed some issues caused by a cyber-incident, and
is still working on other services. The disruption also affected
ForeFlight's NOTAM service but that was fixed Sunday.  ForeFlight's NOTAM
services have been fully restored; all new and updated NOTAMs are now being
processed and displayed in ForeFlight Mobile and ForeFlight Web.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.51
************************

home help back first fref pref prev next nref lref last post