[29083] in RISKS Forum
Risks Digest 29.45
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Mon Apr 11 18:27:32 2016
From: RISKS List Owner <risko@csl.sri.com>
Date: Mon, 11 Apr 2016 15:27:07 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Monday 11 April 2016 Volume 29 : Issue 45
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.45.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Japanese computer system problems left many flight passengers stranded
(Chiaki Ishikawa)
MedStar Disputes Reports That "Simple" Fix Would've Prevented Hack
(Gabe Goldberg)
Alaska cancels all K-12 standardized tests for the year:
"technical problems" (WashPo via Jeremy Epstein)
When IP addresses lie (Fusion via Charles Mann)
How a Cashless Society Could Embolden Big Brother (The Atlantic via NNSq)
Top executives not interested in having good cyber security (CNBC via AlMac)
To dodge crypto, undercover UK cops simply asked to see terror convict's
iPhone (Ars Technica)
Judge calls Uber algorithm "genius," green-lights surge-pricing lawsuit
(Ars Technica)
NJ Transit is audio recording thousands of its riders (Larry Higgs via
Henry Baker)
Republicans Hijack an Election Agency (NYTimes)
Stanford data breach (Randy Livingston via Paul Saffo)
Cyber insurance rates fall with lull in major hacks (Reuters)
New Jersey University Was Fake, but Visa Fraud Arrests Are Real (NYTimes)
Yours sincerely, yourself (Dan Jacobson)
The Panama Papers Expose the Hidden Wealth of the World's Super-Rich
(Chuck Collins)
Excellent *Salon* article about the Panama Papers (Severo Ornstein)
The Panama Papers: Here's What We Know? (NYTimes)
Re: Panama Papers Explainer (NYTimes)
Re: Panama Papers law firm PR statemenmt (Al Mac)
Re: Panama Papers / major links (Al Mac)
How a Cryptic Message, 'Interested in Data?,' Led to the Panama Papers
(NYTimes)
Obama calls for international tax reform amid Panama Papers revelations
(Rupert Neate and David Smith)
Re: Man with Null name (Henry Baker)
Re: Wrecking crew demolishes wrong house due to Google Maps error
(David Landgren)
Make the most of your 0 credits! (Dan Jacobson)
The Deluge of Spurious Correlations in Big Data: Randomness in Nature and
Data (Diego Latella)
E-borders and successor programmes: a UK NAO Report (Diego Latella)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 07 Apr 2016 19:22:47 +0900
From: ishikawa@yk.rim.or.jp
Subject: Japanese computer system problems left many flight passengers stranded
In the spring season when many people travel for sightseeing in Japan, two
computer system malfunctions grounded many passengers in the last few weeks.
March 22, ANA check-in systems failed to function properly.
ANA system glitch grounds 10,000 domestic passengers, is resolved
three hours later: URL
http://www.japantimes.co.jp/news/2016/03/22/national/system-glitch-temporarily-grounds-anas-domestic-flights/
A google cache of a short notice of the day from ANA (in Japanese):
http://webcache.googleusercontent.com/search?q=cache:sbLnVBhAYGEJ:http://www.ana.co.jp/asw/topinfo/info/smartphoneInfo.jsp?id%20160322124041%26language%e%26category%wws_e%2Bana+flight+problem+march+2016&hl=ja&ct=clnk
On April first, JAL's system to decide where the passengers and cargoes
should be placed inside plane hull stopped working.
JAL system glitch causes Haneda flight cancelations
http://the-japan-news.com/news/article/0002846877
JAL's short announcement on that day (in Japanese):
https://www.jal.co.jp/info/other/160401.html
The irate passengers were complaining in TV interviews on that day each, but
as a computer professional I was curious what caused the issues.
This time something very new happened.
Interestingly, the cause and remedy was announced very quickly (well
relatively speaking) by ANA and JAL. Not in the exact details that I want
(especially in JAL's case), but I think the public in general now understand
computer systems better than they did, say, 20-30 years ago, and the
companies affected seem to be a little forthcoming about the issues they
faced.
I am not sure if English translation of the following articles are
available, but the Japanese articles I read explained thusly:
ANA's case:
http://itpro.nikkeibp.co.jp/atcl/ncd/14/457163/033101362/
or
http://www.aviationwire.jp/archives/85999
- in ANA's case, the problem was traced to a mal-behaving ethernet switch
CISCO 4948E. The switch was used to exchange packets among redundant DB
servers to cross check the operation of each server, and when the
communication degraded, the system stopped. Once this ethernet switch
unit was replaced, the system began operating again after a clean up.
The issue that triggered the failure of the system is that the system as a
whole could not detect the degrading (not complete shutdown) of the switch
and ANA mentioned some measure in the statement.
Of course, how the status of the switch was monitored is not explained
very well in the press articles. Possible brown-bag type of bug?
JAL's case:
http://itpro.nikkeibp.co.jp/atcl/news/16/040601011/
* In JAL's case, the problem was traced to a system that decides where to
put the load (i.e., passengers, and cargoes) to keep a good balance of the
weight on the airplane. This system called NetLine/Load was originally
created by by Lufthansa Systems (LHS).
According the article above, a critical region handling routine was
installed in the week before and this caused a deadlock of the application
cache (not sure exactly what/where the cache is) and handling of disk
access.
There is a stand-by system that tried to take over once the deadlock
degraded the primary system. But the stand-by system did not have the peak
performance of a primary one, and the system failed to handle the busy
requests of the morning rush hour flights although some flight data were
processed satisfactorily, and thus many flights were canceled during that
time.
JAL announced its plan to upgrade the secondary system's capacity to match
the primary one. (Why the critical region handler was installed in the
previous week was not explained, and it seems to be ripped off from the
program under testing.)
Interesting that rather well explained review of the incidents appeared in
general trade press, although the exact details are still lacking. [CI]
PS: That both airlines did not seem to have a foreign-language announcements
(maybe I did not search hard enough?) may point to a problem when overseas
tourists gather in 2020 when Tokyo Olympics and Paralympic Games will be
held.
------------------------------
Date: Thu, 7 Apr 2016 15:09:05 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: MedStar Disputes Reports That "Simple" Fix Would've Prevented Hack
Columbia, Md. -- *MedStar Health*, the Columbia-based healthcare network
that operates 10 hospitals in the Baltimore-Washington area, is disputing
media reports that last week's crippling malware attack was the result of
poor system maintenance. "News reports circulating about the malware attack
on MedStar Health's IT system are incorrect," the company said in a
statement. "Our partner *Symantec* has been on the ground from the start of
the situation and has been conducting a thorough forensic analysis. In
reference to the attack at MedStar, Symantec said, `The 2007 and 2010 fixes
referenced in the article were not contributing factors in this event.'" The
Associated Press, citing an anonymous source, reported Tuesday that the
hackers exploited a design flaw in MedStar's system that had persisted since
2007, despite "urgent public warnings in 2007 and in 2010 that it needed to
be fixed with a simple update." The attack early last week crippled the
company's three main clinical information systems supporting patient care,
though MedStar said that no patient or associate data was compromised.
http://www.medstarhealth.org/mhs/2016/04/06/medstar-response-incorrect-media-reports/#q
http://m1e.net/c?47971208-lT/cm.IZDH29M%40387025170-E4ZjHXELTfVZ6
------------------------------
Date: Tue, 5 Apr 2016 20:52:49 -0400
From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
Subject: Alaska cancels all K-12 standardized tests for the year:
"technical problems"
The issue isn't that the tests are poorly designed, or that they waste
teacher time "teaching to the test", or that they don't help students learn.
The problem was that the technology wasn't ready for prime time.
Among the problems were a "construction worker [who] accidentally cut a
fiber optic cable thousands of miles away at the University of Kansas"
(presumably blocking access to servers there). They didn't have redundancy
for a system that's used by every schoolchild in the state of Alaska? Also
bugs that caused the system to repeatedly restart, which caused problems
because students weren't permitted to start back at the beginning.
At the risk of getting on my hobby horse, given the budget for the system
($5M), what's the odds that any state would get Internet voting right?
There's certain similarities (e.g., everyone uses it more-or-less on the
same day, makeups are problematic, and issues like security and availability
are paramount), but with significant differences (e.g., no secret ballot in
test taking!) - and I'm willing to bet that Alaska didn't invest $5M in
their Internet voting system.
https://www.washingtonpost.com/news/education/wp/2016/04/05/alaska-cancels-all-k-12-standardized-tests-for-the-year-citing-technical-problems/
------------------------------
Date: Mon, 11 Apr 2016 18:42:26 +0000 (UTC)
From: Charles C <ccmann@comcast.net>
Subject: When IP addresses lie
http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/
Snippet:
The Kansas house is not the only house to have problems as a result of being
a default location in the MaxMind database. I also spoke with a man in
Virginia who has experienced similar problems for years.
Tony Pav lives in a house at the end of a cul-de-sac in Ashburn,
Virginia. Among other things, Ashburn is home to a number of large data
center -- the giant buildings that companies like Google and Facebook use to
store their huge clusters of servers. As a result of all of these data
centers, there are a gigantic number of IP addresses associated with Ashburn
-- more than 17 million in all.
And due to the way MaxMind selected its default locations, all 17 million of
these IP addresses appeared to be located in Pav's home.
Pav told me he first started experiencing problems four years ago. In 2012,
he came home late one night to find the police about to break down his
door. They said they were looking for a stolen government laptop with
personal information on it. He let them in to search; it wasn't there, even
though its IP address was pointing right at his house. ...
------------------------------
Date: Sun, 10 Apr 2016 07:42:05 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: How a Cashless Society Could Embolden Big Brother
NNSquad
http://www.theatlantic.com/technology/archive/2016/04/cashless-society/477411/
But wherever information gathers and flows, two predators follow closely
behind it: censorship and surveillance. The case of digital money is no
exception. Where money becomes a series of signals, it can be censored;
where money becomes information, it will inform on you.
This is but one example of such technology "bottlenecks" that could put a
big smile on Big Brother's face. Concentration of communications resources
are another. Yet another will almost certainly be autonomous vehicles, which
I'm convinced governments will use both to collect vast quantities of data,
and that governments will ultimately demand the ability to remotely control
in an array of contexts.
[Of course, don't forget that government-mandated backdoors for monitoring
would also be useful for nefarious purposes. PGN]
------------------------------
Date: Tue, 5 Apr 2016 17:14:08 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Subject: Top executives not interested in having good cyber security (CNBC)
According to CNBC, Tanium commissioned a survey with the Nasdaq. The survey
was conducted by Goldsmiths and included responses from 1,530 nonexecutive
directors and C-level executives in the United States, United Kingdom,
Germany, Japan and Nordic countries.
* 98 percent of the most vulnerable executives have little
confidence their firms constantly monitor devices and users on their
systems.
* More than 90 percent of corporate executives said they cannot read
a cybersecurity report and are not prepared to handle a major attack.
* 40 percent of executives said they don't feel responsible for the
repercussions of hackings.
* Individuals at the top of an organization - executives like CEOs
and CIOs, and even board members - didn't feel personally responsible for
cybersecurity or protecting the customer data.
http://www.cnbc.com/2016/04/01/many-executives-say-theyre-not-responsible-for-cybersecurity-survey.html
Nasdaq report on what the cyber attackers are seeking:
http://www.nasdaq.com/press-release/survey-highlights-the-economics-behind-cyberattacks-20160201-00359
[...]
------------------------------
Date: Wed, 6 Apr 2016 10:24:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: To dodge crypto, undercover UK cops simply asked to see terror
convict's iPhone
http://arstechnica.com/tech-policy/2016/04/iphone-terror-crypto-uk-police/
------------------------------
Date: Wed, 6 Apr 2016 10:26:56 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Judge calls Uber algorithm "genius," green-lights surge-pricing
lawsuit
http://arstechnica.com/tech-policy/2016/04/judge-calls-uber-algorithm-genius-green-lights-surge-pricing-lawsuit/
------------------------------
Date: Sun, 10 Apr 2016 18:14:23 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: NJ Transit is audio recording thousands of its riders
FYI -- Lemme see. We're recording train passengers, but not airline
passengers? More likely, we've *found out* about recording train
passengers, but haven't *yet* found out about recording airline passengers.
Does anyone seriously believe anymore that airline passengers aren't being
recorded *all the time*, including in the restrooms, terminals and frequent
flyer lounges?
http://www.nj.com/traffic/index.ssf/2016/04/nj_transit_is_recording_the_conversations_of_thousands_of_its_riders.html
NJ Transit is recording the conversations of thousands of its riders
Who's listening to you on the train? All the conversations between riders
are recorded by surveillance equipment aboard NJ Transit light rail trains,
which has commuter advocates and the ACLU concerned about privacy. [...]
Larry Higgs, NJ Advance Media for NJ.com, 10 Apr 2016
------------------------------
Date: Mon, 11 Apr 2016 7:43:39 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Republicans Hijack an Election Agency (NYTimes)
Republicans Hijack an Election Agency, NYTimes Editorial, 10 Apr 2016
http://www.nytimes.com/interactive/opinion/editorialboard.html
For 10 years, the Election Assistance Commission, the bipartisan federal
agency created after the 2000 election debacle to help make voting easier
and more standardized, has made it clear that prospective voters do not need
to prove that they are American citizens before they may register.
Anyone registering to vote with the federal voter-registration form, which
can be used for both federal and state elections, must already sign a
statement swearing that he or she is a citizen. Congress rejected a proposal
to require documented proof as well, finding that the threat of criminal
prosecution for a false statement was enough to deter fraud. This did not
satisfy some states, like Kansas and Arizona, where Republican officials
have fought for years to block voting by anyone who cannot come up with a
birth certificate or a passport.
See also:
http://www.eac.gov/default.aspx>
http://www.nytimes.com/2014/03/21/opinion/suppressing-the-vote.html
http://www.nytimes.com/2014/10/13/opinion/the-big-lie-behind-voter-id-laws.html>
http://www.nytimes.com/2016/04/09/us/election-assistance-commission-motor-voter-lawsuit.html
------------------------------
Date: Fri, 8 Apr 2016 15:06:26 +0000
From: Paul Saffo <psaffo1@stanford.edu>
Subject: Stanford data breach
Date: April 7, 2016 at 11:01:12 PM PDT
From: Randy Livingston <noreply@stanford.edu<mailto:noreply@stanford.edu>>
Subject: Notification of Breach
To: <employees@stanford.edu<mailto:employees@stanford.edu>>
To all Stanford University employees,
On Monday, April 4, Stanford's Department of Public Safety and the
Information Security Office issued an alert to the university community
after receiving a small number of reports from employees of fraudulently
filed tax returns. Tax fraud has become a rampant problem across the
country, arising from widespread online financial scams and highly
publicized cyber breaches that have occurred in recent years. As such, at
the time of the university alert, it did not appear that the university was
being specifically targeted. University officials began investigating
immediately, and that investigation is ongoing. It now appears that the
university, among other employers, was a target as a source of W-2 forms.
As the investigation proceeded we determined that some Stanford employee W-2
forms were fraudulently downloaded from our third-party vendor. In total,
the W-2s of approximately 3,500 current and former Stanford employees were
downloaded through the vendor's system. The majority of these downloads are
likely legitimate, but I regret to report that we believe that at least 600
were downloaded fraudulently. An affected current or former employee may not
yet be aware that his/her records have been compromised.
The university will notify all employees whose W-2 forms were downloaded
from the vendor's site whether legitimately or not. We intend to issue those
notifications early next week. Those notifications will include further
instructions for accessing credit monitoring services and other protections
at no cost.
The university employs a third-party service named W-2Express, which is
operated by the credit bureau Equifax, to make W-2 forms accessible online
via tax preparation software or for direct download. These downloads
required prior knowledge of an individual's Social Security Number and date
of birth. The perpetrators were already in possession of this personal
information, which was subsequently used to log in and download the W-2
forms.
[The rest omitted for RISKS. PGN]
Randy Livingston is Stanford Vice President for Business Affairs and CFO
------------------------------
Date: Tue, 5 Apr 2016 23:01:50 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cyber insurance rates fall with lull in major hacks (Reuters)
http://www.reuters.com/article/us-cyber-insurance-idUSKCN0WW1X4
The risk? Mistaking a momentary risk reduction (weather) for long-term trend
(climate). And underpricing risk insurance.
------------------------------
Date: Wed, 6 Apr 2016 05:55:29 -0400
From: Monty Solomon <monty@roscom.com>
Subject: New Jersey University Was Fake, but Visa Fraud Arrests Are Real
http://www.nytimes.com/2016/04/06/nyregion/new-jersey-university-was-fake-but-visa-fraud-arrests-are-real.html
Federal officials set up the University of Northern New Jersey, which had no
real classes, to ensnare brokers who recruited foreigners trying to obtain
student visas.
------------------------------
Date: Wed, 06 Apr 2016 15:15:07 +0800
From: Dan Jacobson <jidanni@jidanni.org>
Subject: Yours sincerely, yourself
Bob Snodd sends NurdCo Corporation a message and gets back an auto-response:
"We at NurdCo are concerned and will get back to you promptly. Yours
sincerely, NurdCo Webpage Manager Bob Snodd"
So how did it happen? The template's [Given name] and [Surname] give the
intended answer when sent a test mail from the Webpage Manager himself's
account.
OK I'll tell Facebook Pages to clarify whose names they are talking about.
------------------------------
Date: Tue, 5 Apr 2016 18:14:07 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: The Panama Papers Expose the Hidden Wealth of the World's Super-Rich
(Chuck Collins)
Chuck Collins, *The Nation* 5 Apr 2016
The Panama Papers Expose the Hidden Wealth of the World's Super-Rich
The Panama Papers reveal the widespread use of shell corporations in the
British Virgin Islands, the Seychelles in the Indian Ocean, and Panama.
Historically, North American investors prefer tax havens in the Caribbean or
Panama, with an estimated 54 percent of offshore investments going to those
areas. The release of the Panama Papers should give a strong boost to US
and global campaigns to crack down on these global secrecy jurisdictions and
practices.
As global wealth concentrates in fewer hands, the world's wealthy are
shifting trillions to offshore havens to escape taxation, accountability,
and publicity. The just-released Panama Papers -- filled with titillating
details involving the shady dealings of world leaders and violent
traffickers of drugs and slaves -- should give a strong boost to US and
global campaigns to crack down on these global secrecy jurisdictions and
practices. Starting with an anonymous leak to the German newspaper
Süddeutsche Zeitung and shared with a consortium of journalists, the
Panama Papers initially identify 140 politicians and public officials using
off-shore schemes. Leaders named with offshore wealth include current and
former members of China's politburo, three members of the UK House of Lords,
the president of Ukraine, and the prime ministers of Iceland and
Pakistan. Others include movie star Jackie Chan, Argentinian soccer star
Lionel Messi, and 29 billionaires from the Forbes global wealth list.
Initial media coverage in US major dailies is scant, perhaps due to the
conspicuous absence of US citizens named in what The Guardian calls the
*first tranche* of disclosures. [Much more... Excellent article.]
------------------------------
Date: Sat, 9 Apr 2016 10:04:06 -0700
From: severo ornstein <severo@poonhill.com>
Subject: Excellent *Salon* article about the Panama Papers
http://www.salon.com/2016/04/06/lessons_of_the_panama_papers_yes_the_rich_are_different_from_us_they_stole_our_money/
------------------------------
Date: Wed, 6 Apr 2016 05:43:00 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The Panama Papers: Here's What We Know? (NYTimes)
http://www.nytimes.com/2016/04/05/world/panama-papers-explainer.html
The documents name international politicians, business leaders and
celebrities in a web of unseemly financial transactions.
------------------------------
Date: Wed, 6 Apr 2016 14:03:58 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Subject: Re: Panama Papers law firm PR statemenmt (RISKS-29.44)
The Panama law firm has issued a PR statement to its clients about the
condition of its cybersecurity. Other organizations have also issued some
info.
* 3 year old version of Drupal, known to have many vulnerabilities. They on
version 7.23. In 2014, Drupal warned that anyone running on anything below
7.32 can consider themselves to be hacked.
* 3 month old version of Word Press. I believe I have seen several stories
about vulnerabilities there. I imagine someone could have done a search for
all places using a vulnerable application, for the purpose of breaching all
of them.
* Encryption not used in e-mails.
https://www.linkedin.com/pulse/why-should-we-all-care-panamapapers-tara-taubman-bassirian?
------------------------------
Date: Sun, 10 Apr 2016 16:45:09 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Subject: Re: Panama Papers / major links
As some of you may know, I launched a group on Linked In, last week, to
collect links to major stories on this scandal.
https://www.linkedin.com/groups/8508998
There are many aspects of this leak, that may be foreign to many members of
the general public, so I am on the look out for places that do a good job of
explanation, such as this post I made there today:
Off Shore Banking explained using a great piggy-bank analogy.
Many elements of the PP story need explanations, which are understandable to
people inexperienced in the subjects involved.
http://www.theguardian.com/world/2016/apr/05/how-to-explain-offshore-banking-and-when-it-is-naughty-to-a-5-year-old
------------------------------
Date: Wed, 6 Apr 2016 05:47:05 -0400
From: Monty Solomon <monty@roscom.com>
Subject: How a Cryptic Message, 'Interested in Data?,' Led to the Panama Papers
http://www.nytimes.com/2016/04/06/business/media/how-a-cryptic-message-interested-in-data-led-to-the-panama-papers.html
"We're very interested," replied an investigative reporter at a German
newspaper in response to an email more than a year ago from an anonymous
whistle-blower.
------------------------------
Date: April 6, 2016 at 11:54:06 AM EDT
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: Obama calls for international tax reform amid Panama Papers
revelations (Rupert Neate and David Smith)
Rupert Neate in NY, David Smith in Washington, *The Guardian*, 5 Apr 2016
Unscripted remarks come as Justice Department confirms it is examining US
links to leaked documents from Panama-based tax firm Mossack Fonseca
http://www.theguardian.com/news/2016/apr/05/justice-department-panama-papers-mossack-fonseca-us-investigation
Barack Obama has called for international tax reform in the wake of the
revelations contained in the Panama Papers.
In an unscheduled appearance in the White House briefing room, Obama
described the revelations from the leaks as "important stuff" and said the
issue of global tax avoidance was a *huge problem*.
Obama's intervention came as the leak of 11.5m files from the Panama-based
Mossack Fonseca continued to create uproar and upheaval around the world.
[...]
------------------------------
Date: Tue, 05 Apr 2016 19:00:23 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Man with Null name (Drewe, RISK-29.44)
Cute! His name is R.F.Null, which tells me he knows something about radio
and/or radio direction finders -- those things that the BBC uses to find
unpaid radio receivers.
[He may have an antagonist named R.F.Interference. PGN]
------------------------------
Date: Wed, 6 Apr 2016 11:30:43 +0200
From: David Landgren <david@landgren.net>
Subject: Re: Wrecking crew demolishes wrong house due to Google Maps error
(RISKS-29.44)
Not the first time this has happened. See also:
http://web.archive.org/web/20090620040005/http://www.wsbtv.com/news/19715994/detail.html
http://www.foxnews.com/us/2013/07/16/ft-worth-crews-accidentally-demolish-wrong-house.html
Each time, it's either in Texas, or done by a Texan company.
[The AIdes of Texas are upun us, I wreckon. Remember the Alamo? PGN]
------------------------------
Date: Fri, 08 Apr 2016 20:56:26 +0800
From: Dan Jacobson <jidanni@jidanni.org>
Subject: Make the most of your 0 credits!
I received this today from Blendr (like Grindr or Tinder):
Make the most of your credits!
We've noticed that you haven't used your credits for a while. Did you know
that by using your credits you could increase your popularity level with
our easy to use, one-click tools? [Tell me more]
Use your 0 credits to increase your popularity and meet more people!
------------------------------
Date: Fri, 08 Apr 2016 17:57:19 +0200
From: Diego Latella <Diego.Latella@isti.cnr.it>
Subject: The Deluge of Spurious Correlations in Big Data: Randomness in
Nature and Data
https://www.imtlucca.it/news-events/events/research-seminars
Interesting seminar at the IMT School for Advanced Studies
by Prof. Giuseppe Longo (CNRS et Ecole Normale Superieure, Paris).
The title of the talk was: The Deluge of Spurious Correlations in Big Data:
Randomness in Nature and Data.
The official paper has been published in Springer's Foundations of Science.
http://link.springer.com/article/10.1007/s10699-016-9489-4
The paper is *foundational* in the sense that, roughly speaking, it belongs
to the category of scientific contributions to algorithms/computability
theory in the form of negative results. The main message is simple and
clear: whatever correlation you want to consider, if you search for it in a
sufficiently large data set, you will find it. This depends only on the size
of the dataset and not on the nature of the data; in particular you find the
correlation also in data sets made up of random data. From abstract of the
paper:
Using classical results from ergodic theory, Ramsey theory and algorithmic
information theory [=E2=80=A6 ], [f]or example, we prove that very large
databases have to contain arbitrary correlations. These correlations
appear only due to the size, not the nature, of data. They can be found in
*randomly generated, large enough databases, which as we will prove
implies that most correlations are spurious. Too much information tends to
behave like very little information. The scientific method can be enriched
by computer mining in immense databases, but not replaced by.
Although the paper addresses mainly the general issue of scientific
research, its results apply of course also to political/social science and
their implications also for what concerns civil liberties (as they may be
affected by decisions based on Big-data techniques).
Dott. Diego Latella, CNR-ISTI, Via Moruzzi 1, 56124, Pisa, Italy
http://www.isti.cnr.it/People/D.Latella +390506212982
------------------------------
Date: Sun, 10 Apr 2016 18:56:55 +0200
From: Diego Latella <Diego.Latella@isti.cnr.it>
Subject: E-borders and successor programmes: a UK NAO Report
You might find the UK National Audit Office Report on E-borders and
successor programmes (December 2015) on PNR based border security programs
in UK an interesting one:
https://www.nao.org.uk/wp-content/uploads/2015/12/E-borders-and-successor-programmes.pdf =
The lesson I've learned (over and over again) is that (far too) often
lessons are not learned.
Dott. Diego Latella - Senior Researcher CNR-ISTI, Via Moruzzi 1, 56124 =
Pisa, Italy (http:www.isti.cnr.it)
FM&&T Lab. (http://fmt.isti.cnr.it)
http://www.isti.cnr.it/People/D.Latella - ph: +390506212982
------------------------------
Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 29.45
************************
