[31012] in RISKS Forum
Risks Digest 30.39
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Jul 22 18:57:48 2017
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 22 Jul 2017 15:57:36 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 22 July 2017 Volume 30 : Issue 39
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.39>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Authorities shut down two black markets on the Darknet (NYTimes)
On Reddit, Intimate Glimpses of Addicts in Thrall to Opioids (NYTimes)
To tackle online crime, Israel approves web censorship law
(Times of Israel)
Uber and Airbnb Want To Tap Into India's Massive and Controversial
Biometric Database (Gizmodo)
FBI To Parents: Watch Out For Kids' Privacy With Internet-Connected Toys
(Consumerist)
Wifi Webcam TENVIS sends all it knows to dvripc.cn (turgut kalfaglu)
PSA: Update iPhones/iPads to iOS 10.3.3 now to fix serious wifi
vulnerability allowing attacker complete control
Watch a Homemade Robot Crack a Safe in Just 15 Minutes (WiReD)
Risks of hoarding vulnerabilies (Belfer Center et al.)
9-year standoff between Ireland's DP Commissioner & Statistics Office
(Bernard Lyons)
Mixed standard output and error streams (Diomidis Spinellis)
Connected cars -- where to attack first? (FPF)
Ransomware attack puts KQED in low-tech mode (San Francisco Chronicle)
Facebook fights fake news spread via modified link previews (TechCrunch)
Re: Charging Phone Kills 14-Year-Old Girl in Bathtub" (Paul Fenimore)
Re: Your pacemaker is spying on you (Rich Wales)
Re: Western tech firms bow to Russian demands to share cybersecrets
(Anthony Youngman, Martin Ward, Anthony Youngman)
Re: Press kits or other publications on thumb drives?
(Geoffrey Keating, Ivan Jager, Kelly Bert Manning)
Re: Leaping Kangaroos (Dave Horsfall, Amos Shapir)
Power outages caused by squirrels vs. kangaroos to date (PGN)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 21 Jul 2017 05:58:12 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Authorities shut down two black markets on the Darknet
Nathaniel Poppower and Rebecca Ruiz, *The New York Times*, 21 Jul 2017
The authorities took control of one large site, Hansa Market, and covertly
operated it to catch refugees fleeing the closing of the largest market,
AlphaBay.
https://www.nytimes.com/2017/07/20/business/dealbook/alphabay-dark-web-opioids.html
------------------------------
Date: Fri, 21 Jul 2017 09:06:01 -0400
From: Monty Solomon <monty@roscom.com>
Subject: On Reddit, Intimate Glimpses of Addicts in Thrall to Opioids
https://www.nytimes.com/2017/07/20/us/opioid-reddit.html
Dispatches left on a now-banned forum show the role one of the world's
largest online communities played in facilitating access to drugs tied to a
mounting toll.
------------------------------
Date: Tue, 18 Jul 2017 11:18:46 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: To tackle online crime, Israel approves web censorship law
To tackle online crime, Israel approves web censorship law Courts may now
order providers to block terror group websites, online illegal gambling,
prostitution services, hard drug sales. ...
The court order may be issued only if it is essential to halting the
criminal activity taking place online; or essential to prevent the exposure
of the Israeli user to an activity that, would it be done in Israel, would
be a crime, and the website's activity has some connection to Israel; or if
the website belongs to a terror organization.
In certain cases, if the owner of the website is Israel-based, the court may
order the provider to seek the website's removal, rather than merely
restricting access, it said.
The courts may also order search engines to remove the websites from their
search results and may rely on classified government testimony to make their
decision. All affected parties must be present in court, the law said,
unless they were summoned and failed to appear. ...
http://www.timesofisrael.com/to-tackle-online-crime-israel-approves-web-censorship-law/
------------------------------
Date: Wed, 19 Jul 2017 13:56:47 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Uber and Airbnb Want To Tap Into India's Massive and Controversial
Biometric Database
NNSquad
http://gizmodo.com/uber-and-airbnb-want-to-tap-into-india-s-massive-and-co-1797066488
The national ID database, Aadhar, contains information on about 90 percent
of India's population of 1.3 billion people, as well as people working and
living in the country. Aadhar was launched in 2009 as a way to inhibit
fraud and improve access to welfare and healthcare. But the
biometric-based system has been criticized as Orwellian and dangerous
because it can be used to monitor residents and because the nation has no
privacy regulations. According to a report from India's Centre for
Internet and Society, about 130 million citizens were put at risk of fraud
after Aadhar data was recently leaked online. Earlier this month,
Microsoft also integrated Aadhar into Skype Lite, but the company said it
will keep user information encrypted. As more companies use Aadhar data,
the risk of personal data being leaked will likely increase. Anonymous
sources at Airbnb, Uber, and Ola told BuzzFeed News how the companies
planned to use the controversial system. Airbnb is interested in using
the database to authenticate India-based hosts and is already testing it
with a sample of users, according to an Airbnb spokesperson. Hosts
selected for the test are given the option to use Aadhar to verify their
identity.
------------------------------
Date: Fri, 21 Jul 2017 16:07:44 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: FBI To Parents: Watch Out For Kids' Privacy
With Internet-Connected Toys
A basketball, a Lego set, or a box of crayons is largely what it seems, but
modern smart toys and entertainment devices for kids have a lot of things in
them that can collect sensitive data. And as more and more of a kid's
nursery fills up with gadgets that connect to Bluetooth, the web, or parent
apps, the feds are advising parents to be wary.
The FBI's public service announcement doesn't outright say not to buy
connected toys, but it does say that parents and caretakers need to be aware
of the vulnerabilities smart toys present.
https://consumerist.com/2017/07/19/fbi-to-parents-watch-out-for-kids-privacy-with-internet-connected-toys/
------------------------------
Date: Tue, 18 Jul 2017 07:47:32 +0300
From: turgut kalfaglu <turgut@kalfaoglu.com>
Subject: Wifi Webcam TENVIS sends all it knows to dvripc.cn
I have purchased several wifi webcams, but the TENVIS webcam is unique;
every few minutes, I see a GET request going out from my LAN, to China.
Here is its log from squid cache - using which I blocked the webcam's
outbound requests:
1497330724.676 278 192.168.1.99 TCP_DENIED/403 5976 GET
http://post.dvripc.cn/post/post.aspx?xmldata=%3c%3fxml+version%3d%221.0%22+encoding%3d%22gb2312%22%3f%3e%0d%0a+%3cdvs+dvsid%3d%220018A977AF83%22+domainname%3d%2277AF83%22+corpid%3d%22%22++dvsname%3d%22IPCAM%22+dvsip%3d%22192.168.1.99%22+webport%3d%2280%22+ctrlport%3d%228200%22+protocol%3d%22tcp%22++userid%3d%22root%22+password%3d%22mypassword%22+model%3d%22C006-A1080003%22+postfrequency%3d%2260%22+version%3d%22H150602%22+status%3d%220%22+serverip%3d%220.0.0.0%22+serverport%3d%2280%22+transfer%3d%222%22+mobileport%3d%2215961%22+channelcount%3d%221%22%3e%0d%0a%3cdv+channel%3d%220%22+dvname%3d%22Channel01%22+status%3d%221%22+%2f%3e%0d%0a%3c%2fdvs%3e%0d%0a
- HIER_NONE/- text/html
(Modified IP addresses and password)
Risks are obvious: Trust a webcam to keep you private, but it sends
everything to "post.dvripc.cn" instead. Nowhere in the configuration does
it mention that it sends information to some "cloud".
------------------------------
Date: Thu, 20 Jul 2017 18:41:49 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: PSA: Update iPhones/iPads to iOS 10.3.3 now to fix serious wifi
vulnerability allowing attacker complete control
It's always a good idea to accept iOS dot updates as soon as they are
available as they generally have significant security fixes. But iOS 10.3.3
<https://9to5mac.com/2017/07/19/ios-10-3-3/>, released yesterday, fixes one
particularly nasty vulnerability, making a swift update a particularly good
idea.
Apple's security document <https://support.apple.com/en-us/HT207923>
describes it in rather mundane-sounding terms.
Impact: An attacker within range may be able to execute arbitrary code on
the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory
<handling.
*But what Nitay Artenstein of Exodus Intelligence discovered -- and reported
to Apple -- was that it was able to exploit the issue to run code in the
main application processor. In other words, gain complete control of your
device.*
*The underlying issue is a weakness in the Broadcom BCM43xx family of wifi
chips. These are used in every iPhone from the iPhone 5 to iPhone 7, as well
as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a
way to leverage control of the wifi chip to then take control of the main
processor.*
Now that the vulnerability is fixed, Artenstein will be sharing full
details at the Black Hat conference
<https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603>next
week.
It's not the first time that a bug has allowed an attacker to take control
of an iPhone via wifi. Back in 2015, attackers were able to completely
disable <https://9to5mac.com/2015/04/22/security-flaw-ios-carriers/> any
device running iOS 8 within range of a given wifi network.
https://9to5mac.com/2017/07/20/broadpwn-wifi-vulnerability-iphone-ipad/
N.B. in the articles comments: "most Android users won't get this
fix at all," vis-a-vis "... fix serious wifi vulnerability allowing
attacker complete control"
------------------------------
Date: Fri, 21 Jul 2017 18:12:36 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Watch a Homemade Robot Crack a Safe in Just 15 Minutes
Last Christmas, Nathan Seidle's wife gave him a second-hand safe she'd found
on Craigslist. It was, at first glance, a strange gift. The couple already
owned the same model, a $120 SentrySafe combination fire safe they'd bought
from Home Depot. But this one, his wife explained, had a particular feature:
The original owner had locked it and forgotten the combination. Her
challenge to Seidle: Open it.
Seidle isn't much of a safecracker. But as the founder of the Niwot,
Colorado-based company SparkFun, a DIY and open-source hardware supplier,
he's a pretty experienced builder of homemade gadgets, tools, and robots. So
over the next four months, he and his SparkFun colleagues set about building
a bot that could crack the safe for them. The result: A fully automated
device, built from off-the-shelf and 3-D printed components, that can open
his model of SentrySafe in a maximum of 73 minutes, or half that time on
average, with no human interaction. In fact, in the demonstration Seidle
gave WIRED in the video above, the process took just 15 minutes.
https://www.wired.com/story/watch-robot-crack-safe/
------------------------------
Date: Fri, 21 Jul 2017 13:15:18 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: TV computer weather animation proves global warming
https://www.youtube.com/watch?v=iXuc7SAyk2s
------------------------------
Date: Fri, 21 Jul 2017 8:23:41 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Risks of hoarding vulnerabilies
http://www.belfercenter.org/sites/default/files/files/publication/Vulnerability%20Rediscovery.pdf
https://jia.sipa.columbia.edu/sites/default/files/attachments/Healey%20VEP.pdf
https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf
------------------------------
Date: Thu, 20 Jul 2017 21:11:41 +0100
From: Bernard Lyons <bernard.lyons@mac.com>
Subject: 9-year standoff between Ireland's DP Commissioner & Statistics Office
A project by [Ireland's] Central Statistics Office proposing to track
tourists and Irish residents traveling abroad using mobile phone roaming
data has been described as *surveillance at its worst* by a world-renowned
privacy expert.
The statistics office wants to compel mobile operators to transfer to it
monthly the details of phones or users roaming on the networks, as well as
the dates and times of their calls.
It has been in a stand-off with the Data Protection Commissioner for almost
nine years on the legality of the proposal, but said last week it had found
an *innovative technical solution* to anonymise the phone records.
The commissioner's office has described the project as *disproportionate*
and *extraordinary*.
Dr Ann Cavoukian, executive director of the Privacy and Big Data Institute
at Ryerson University in Toronto, and former information and privacy
commissioner for Ontario, said she was *appalled* by the proposal,
particularly given the *negative messaging* from the commissioner. [...]
Full article
<https://www.irishtimes.com/business/technology/cso-mobile-phone-plan-surveillance-at-its-worst-privacy-expert-1.3159979>
------------------------------
Date: Tue, 18 Jul 2017 12:22:54 +0300
From: Diomidis Spinellis <dds@aueb.gr>
Subject: Mixed standard output and error streams
A student sent me a shell script attached in an email. My mail program
wouldn't display it, so I tried to view it through the email's source code.
This also didn't work, because the script was base64-encoded. Rather than
saving the attachment and opening it with an editor, I lazily copied the
text into the clipboard and run "base64 -d /dev/clipboard". This is what I
got.
#!/bin/bash
input_file=$1
echo "Input file:" $input_filebase64: invalid input
I first thought that the student had sent me a wrong incomplete script. I
then realized that the actual output, intermixed with the base64 error
message was a plausible shell script. The risks are obvious; here is a
possible solution.
Now that we all have color screens and work with smart terminal emulators,
it would make sense for terminal emulators to subtly color a program's
standard error stream, so as to make it distinguishable from its standard
output. This would also educate novice users on the difference between the
two types of outputs, and encourage tool authors to properly use the two
types of streams. While at it, coloring folded lines would also help us
read streams with long lines (e.g. log files) and, again, educate novice
users on the folly of writing such text.
Diomidis Spinellis - https://www.spinellis.gr
------------------------------
Date: Tue, 18 Jul 2017 17:21:02 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Connected cars -- where to attack first?
https://fpf.org/2017/06/29/infographic-data-connected-car-version-1-0/
https://www.ftc.gov/news-events/events-calendar/2017/06/connected-cars-privacy-security-issues-related-connected
Videos:
https://www.ftc.gov/news-events/audio-video/video/connected-cars-privacy-security-issues-related-connected-automated-0
------------------------------
Date: Wed, 19 Jul 2017 10:47:28 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Ransomware attack puts KQED in low-tech mode
The journalists at San Francisco's public TV and radio station, KQED, have
been stuck in a time warp. All Internet-connected devices, tools and
machinery have been cut off in an attempt to isolate and contain a
ransomware attack that infected the station's computers on 15 Jun. More
than a month later, many remain offline.
Though the stations' broadcasts have been largely uninterrupted -- minus a
half-day loss of the online stream on the first day of the attack -- KQED
journalists said every day has brought new challenges and revealed the
immeasurable ways the station, like many businesses today, has become
dependent on Internet-connected devices.
``It's like we've been bombed back to 20 years ago, technology-wise,'' said
Queena Kim, a senior editor at KQED. ``You rely on technology for so many
things, so when it doesn't work, everything takes three to five times longer
just to do the same job.''
http://www.sfchronicle.com/business/article/Ransomware-attack-puts-KQED-in-low-tech-mode-11295175.php
------------------------------
Date: Tue, 18 Jul 2017 15:33:14 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Facebook fights fake news spread via modified link previews
(TechCrunch)
via NNSquad
https://techcrunch.com/2017/07/18/facebook-link-preview-modification/?ncid=rss
Until now, any Facebook Page that posted a link could change the headline,
body text and image that appeared in the News Feed preview. That allowed
fake news distributors to bait-and-switch readers into visiting articles
they didn't expect, or make it look like legitimate news publishers were
posting inflammatory or false headlines. But it also let real news outlets
A/B test link previews, tailor content to different audiences and update
previews as news stories evolved. To combat false news without stifling
responsible publications, Facebook is now starting to disable the ability
of all Pages to edit the previews of the links they post in the Page
composer or API, with an exemption for some original publishers.
------------------------------
Date: Wed, 19 Jul 2017 03:27:32 -0600
From: Paul Fenimore <fenimore@swcp.com>
Subject: Re: Charging Phone Kills 14-Year-Old Girl in Bathtub"
(Harriet Sinclair re: RISKS-30.38)
I claim the biggest risk here is not principally poor user education --
which is on-going for a Century or more. Instead, regardless of particulars
in this case (the essential technical detail about the presence or absence
of ground-fault protection is missing from the news articles), the
fundamental risk associated with allowing grand-fathered electrical circuits
to continue operating without a clear sunset provision for older, unsafe
circuits. I am not claiming this fundamental problem is easy solve. I am
claiming the problem of old installations is the real problem.
The persistent risk of shock in wet *and damp* environments observed
over the decades has not been radically reduced by the population
becoming more familiar with electricity and widgets. Education cannot
and will not solve this problem because 120V 15A 60Hz electrical power
in wet *and damp* environments is fundamentally unsafe without
engineering controls. The technical basis for the risk is a ground-fault
current, and addressing that risk *as an engineering challenge* is the
only effective means of mitigating a fundamental risk associated with
wet environments. The National Electric Code (US) specifies that
electric power sockets in these *high risk* areas be "protected" by a
ground-fault interrupter. There are also special rules for the presence
of power cabling in wet and damp environments even without a socket.
There is an analogy of old power circuit designs to old software that is
not maintained but continues to operate in the high-risk environments
found on networks.
[There is something to be said for understanding the basics of
technology. GW]
Harriet Sinclair, *Newsweek*, 11 Jul 2017
http://www.newsweek.com/teenager-madison-coe-killed-after-using-cell-phone-bath-635208
opening text:
A teenager has been killed after using her cell phone in the bath and
suffering an electric shock.
------------------------------
Date: Wed, 19 Jul 2017 22:28:02 -0700
From: Rich Wales <richw@richw.org>
Subject: Re: Your pacemaker is spying on you (Thorson, RISKS-30.38)
Any discussion of the forensic value of pacemaker data should certainly
mention the 2000 death of David Crawford in Australia, whose time of death
was precisely established through analysis of his pacemaker -- thus
disproving the alibi offered by his killer. There is, to be sure, a
difference between the (presumably) steadily beating heart of an accused
arsonist one the one hand, and the non-beating heart of a murder victim on
the other.
------------------------------
Date: Tue, 18 Jul 2017 11:19:27 +0100
From: Wols Lists <antlists@youngman.org.uk>
Subject: Re: Western tech firms bow to Russian demands to share cybersecrets
(Thomas, RISKS-30.38)
There were two points. First, reasoning is HARD. It takes time, and
(like cryptography) many problems have no solution that can be computed
in the time we have available.
> All reasoning depends on axioms. Does Youngman eschew reasoning?
And second, that reason is itself unreasonable ... ?
The thing with axioms is they have this sneaky little habit of turning out
to be unreliable -- we get them wrong, we pick the wrong ones, etc. And
Godel proved that this is not our fault, this is actually the fundamental
nature of an axiom.
So no, I'm actually all in favour of reasoning, and logical thought. What I
am against is glib calls for it treating it as if it is a "magic bullet",
with no regard to its failings.
I'm a scientist. I've seen too many examples of "the wrong maths in the
wrong place", leading to mathematically perfect but practically erroneous
results. (My favourite example, Euclid's "parallel lines never meet" leads
to Newtons laws of motions, which are mathematically perfect but clearly
erroneous.) Formal mathematical proofs are only as good as the assumptions,
or axioms, on which they are based. And both experience and formal
mathematical proofs -- Godel's theorem -- lead me to the inevitable
conclusion that these axioms will have holes in them.
------------------------------
Date: Thu, 20 Jul 2017 14:41:00 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Western tech firms bow to Russian demands to share cybersecrets
(Youngman, RISKS-30.38)
The last occasion when a flaw was discovered in the axioms used to prove the
correctness of programs (logic and basic set theory) was Russell's Paradox:
discovered in 1901, partially fixed by Russell's theory of types in 1903,
and resolved in 1908. Putting to one side questions concerning the Axiom of
Choice and various large cardinal axioms (which are not relevant to proofs
in computer science) there have been no subsequent flaws uncovered in the
axioms in over a century. We cannot prove that the axioms are consistent
(cf Godel), but the axioms have survived the entire history of electronic
computing so far and so can probably be relied on in the future!
As Martyn Thomas points out, *all* engineering depends on mathematics.
Engineering also depends on the "laws" of physics: which have been revised
several times over the last century. But engineers use physics and
mathematics extensively because they know that these methods are far more
likely to lead to dependable systems.
> Then of course, there is the little problem that any program of any size
> will likely exhibit knapsack complexity, i.e., an automated proof would
> take longer than the universe has existed.
Most formal-methods researchers do not advocate writing a program in an
informal way, and then attempting to prove it correct. Instead, we develop
methods for deriving code from specifications such that the code guaranteed
to be correct by construction. For example, in my paper "Provably Correct
Derivation of Algorithms Using FermaT" (Formal Aspects of Computing, Volume
26, Issue 5, pp 993--1031, 2013) I derived a program for polynomial addition
using Knuth's four-way linked list data structure. The first time I ran the
program it crashed :-( But I soon noticed a typo: I had mistyped a variable
name when typing up the code from my written notes. After fixing this typo
the program ran correctly, and was tested by running it continuously for
several days. The derived algorithm also turned out to be over twice as
fast as Knuth's algorithm in "Fundamental Algorithms" Vol 1. I then derived
a program to solve the more complex problem of polynomial
multiplication. This time I took more care with my typing, and the program
ran correctly first time.
Martyn Thomas <martyn@thomas-associates.co.uk> writes:
> All reasoning depends on axioms. Does Youngman eschew reasoning?
There is (alas) a new and growing area of research under the heading
"empirical software engineering" which does appear to eschew reasoning. A
program is deemed "correct" if and only if it passes its test suite.
Various automated and semi-automated ways of modifying the program are being
investigated: any modification which passes the test suite is deemed to be
"correct". For example, "empirical slicing" may be defined as "delete random
sections of code and call the result a valid slice if it passes the
regression test". Program semantics and program analysis are considered to
be "too difficult" by these researchers, and therefore are not attempted.
Regular RISKS readers will no doubt already be wondering how such methods
avoid introducing security holes: given that a security hole will not
necessarily prevent the program from passing its test suite (unless the
tests happen to include the carefully crafted data which triggers the
security hole!) As far as I can tell, the answer is: they don't!
Dr Martin Ward | Email: martin@gkc.org.uk | http://www.gkc.org.uk
------------------------------
Date: Thu, 20 Jul 2017 18:24:45 +0100 cybersecrets (Ward, RISKS-30.38)
From: Wols Lists <antlists@youngman.org.uk>
Subject: Re: Western tech firms bow to Russian demands to share cybersecrets
(Thomas, RISKS-30.39)
> The last occasion when a flaw was discovered in the axioms used
> to prove the correctness of programs (logic and basic set theory)
> was Russell's Paradox:
And? The maths was flawed, it was incorrect.
My problem is people using the wrong maths -- it's correct but
inappropriate. Like I said, Newton's laws of motion are mathematically
correct, but useless for calculating the path of a spacecraft ...
> But engineers use physics and mathematics extensively because they know
> that these methods are far more likely to lead to dependable systems.
And as I learnt on Groklaw, philosophers seem to divide into two camps. The
majority view appears to be that Mathematics tells the Universe what to do.
I seem to be in the minority believing that Mathematics describes what the
Universe does.
That doesn't mean that mathematics is any less important to those of us in
the second camp. It just makes us rather more skeptical about the assumption
that a proof means the program will run correctly. (Regardless of that, my
personal attitude is that the time spent doing it formally is time very well
spent.)
> ...
I got my first programming job based on top 'A'-level grades so have no
formal computer qualifications. That said, it always seems to have been me
pushing for formal methods, good programming practice, etc etc. I tend to
program top down by defining the problem and refining it into a program -
quite like the mechanism you describe :-) (And I've seen what happens when
such a program is "improved" by someone ignoring the proof logic :-)
My position is quite simple - formal methods and proofs are time well
spent, but given that the foundations of mathematics are themselves
provably unprovable, a complete formal proof is impossible. That's not
saying they're not worth having.
------------------------------
Date: 17 Jul 2017 23:28:03 -0700
From: Geoffrey Keating <geoffk@geoffk.org>
Subject: Re: Press kits or other publications on thumb drives? (Manning,
RISKS-30.38)
High-value targets probably shouldn't rely on that. A random object
inserted into a USB port might not actually be a thumb drive; it might be a
chip that impersonates a keyboard and/or mouse and takes over your system.
Or it might be a perfectly functional blank thumb drive that's been
additionally programmed to impersonate a keyboard at some time in the
future.
------------------------------
Date: Tue, 18 Jul 2017 17:21:08 +0000
From: Ivan Jager <aij+@mrph.org>
Subject: Re: Press kits or other publications on thumb drives? (Manning,
RISKS-30.38)
I believe the RISK being referred to is that of assuming that an untrusted
USB gadget will present itself as a mass storage device when you plug it
into a *general-purpose* bus on your computer. (As opposed to a keyboard,
mouse, network adapter, USB hub, etc.)
Most computers these days will accept input from a new USB keyboard without
requiring any configuration.
Your antivirus may be able to scan media for known malicious content, but it
cannot scan circuits.
------------------------------
Date: Tue, 18 Jul 2017 14:36:20 -0400 (EDT)
From: Kelly Bert Manning <Kelly.Manning@ncf.ca>
Subject: Re: Press kits or other publications on thumb drives?
(Jager, RISKS-30.39)
For me this risk comes up most often when I get Conference Proceedings on a
USB drive, rather than downloading individual presentations one by one from
a web server.
At the annual local Privacy and Security conference someone always does a
demo of a WiFi Pineapple type interception of wireless traffic, so I started
doing an optical disk boot of Tails OS at conferences, and mentioned that to
the session presenter last time it happened. Those events might be places
where folks with the skills might see a challenge or an opportunity.
I check that the mass storage device scan is starting. Windows 8 seems to
prompt me that a new USB device has been installed if it detects a new USB
device that is not a mass storage drive.
The risk of malware in circuitry is a good point. Weren't news organisations
that had received copies of documents from the Snowden Document Dump ordered
to turn chips from devices and peripherals such as keyboards over to
NSA-GCHA, not just hard drives and removable storage media?
The implication is that long-term data recording may involve writable chip
memory within workstations and peripheral devices. A USB connected "device"
could be in that category.
------------------------------
Date: Thu, 20 Jul 2017 11:00:02 +1000 (EST)
From: Dave Horsfall <dave@horsfall.org>
Subject: Re: Leaping Kangaroos (Thorn, RISKS-30.38)
In RISKS-30.38, Anthony Thorn wrote:
> I am reluctant to question an Australian's statement about kangaroos,
> but surely a taller object would appear to be nearer than it really is?
Although Australian (well, British/Australian, to be precise), I don't claim
to be an expert on our hopping fauna, but I believe the system measures from
the bottom of the object to the perceived road surface, thus a mid-air
marsupial appears to be further away than it really is. How it handles kids
on pogo-sticks is anyone's guess... Does anyone know for sure how it works?
Dave Horsfall, North Gosford, NSW, Australia
------------------------------
Date: Thu, 20 Jul 2017 18:52:19 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: Leaping Kangaroos (Thorn, RISKS-30.38)
For the same reason the leaping man in this photograph
<http://www.trendingly.com/weird-perspectives/3> seems to be farther away
-- a near object above ground and a far object on the ground occupy the
same place on the 2D plane of the camera.
------------------------------
Date: Tue, 18 Jul 2017 11:48:15 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Power outages caused by squirrels vs. kangaroos to date
[From CyberSquirrel1 data as of 18 Jul 2017; cumulative?]
Squirrel 1018
Bird 528
Unknown 130
Snake 95
Raccoon 85
Rat 45
Marten 23
aCat 22
Beaver 16
Jellyfish 13
Monkey 11
Possum 11
Eagle 8
Bat 7
Rodent 5
Gopher 4
Elephant 3
Mouse 3
Deer 2
Fox 2
Lizard 2
Bear 2
Marmot 2
Frog 2
Slug 1
Shark 1
Duck 1
Chicken 1
Caterpillar 1
Mongoose 1
Leopard 1
Bobcat 1
Baboon 1
Kangaroo 1 <=====!
[Incidentally, SRI recently had what I think was our eighth total outage
in Menlo Park (although our co-generation plant continued to function this
time). However, that is irrelevant when applied to self-driving cars in
Australia. A few years from now, the kangaroos on Australian roadways may
seriously outrank the squirrels in causing highway accidents, whereas the
squirrels are very unlikely to have any significant impact {!!!} on the
vehicles or on passengers. PGN]
------------------------------
Date: Tue, 10 Jan 2017 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
<http://the.wiretapped.net/security/info/textfiles/risks-digest/>
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 30.39
************************
