[33530] in RISKS Forum
Risks Digest 34.57
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Thu Feb 20 22:06:20 2025
From: RISKS List Owner <risko@csl.sri.com>
Date: Thu, 20 Feb 2025 19:06:02 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Thursday 20 Feb 2025 Volume 34 : Issue 57
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.57>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Delta Plane Crashes and Overturns While Landing at Toronto Airport (NYTimes)
ATC Firings (The Guardian)
Too much fuel, not enough planning? (N Herald)
Family Of DC Plane Crash Victim Files $250M Legal Claims (Arlington, VA Patch)
Top U.S. Election Security Watchdog Forced to Stop Election Security Work
(WiReD)
Censored Science Can't Save Lives (NYTimes)
The war against information (The New Republic)
How not to hire for a senior information security role (Ben Rothke)
Ransomware, disease, and 'ultra low-cost retailers': Why 3 iconic Canadian
clothing stores went broke (CBC)
DeepSeek 'shared user data' with TikTok owner ByteDance (YNA)
Copter May Have Missed Key (NYTimes, Mark Walker)
Re: Lies, Damned Lies and Trumpflation (Gabe Goldberg)
Re: Hiding the Fatal Motor Vehicle Crash Record (Ed Ravin)
Re: Dear, did you say pastry? meet the AI granny driving scammers up the wall
(Amos Shapir. Steve Bacher)
Aviation analyst on DC January 29 helicopter crash references "Swiss Cheese
human & systems failure model" (James T Reason via Rob Wilcox)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 17 Feb 2025 17:26:42 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: Delta Plane Crashes and Overturns While Landing at Toronto Airport
(NYTimes)
At least 18 people were injured, officials said. Two passengers, including a
pediatric patient, were in critical condition but were expected to survive.
A Delta Air Lines jet attempting to land at Toronto Pearson Airport amid
strong winds and drifting snow crashed and flipped over on the tarmac on
Monday afternoon, finally coming to a rest with its belly up and with at
least one wing shorn off.
Despite the aircraft's dramatic landing, all 80 people aboard the plane
Flight 4819 from Minneapolis, were evacuated.
The NY Times 17 Feb 2025
------------------------------
Date: Mon, 17 Feb 2025 09:11:11 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: ATC Firings (The Guardian)
Trump begins firings of FAA air traffic control staff just weeks after fatal
Washington DC plane crash
The Associated Press reports that the Trump administration has begun firing
several hundred Federal Aviation Administration employees, upending staff on
a busy air travel weekend and just weeks after a January fatal mid-air
collision at Ronald Reagan Washington National airport.
Probationary workers were targeted in late-night emails on Friday notifying
them they had been fired, David Spero, president of the Professional
Aviation Safety Specialists union, said in a statement.
The affected workers include personnel hired for FAA radar, landing and
navigational aid maintenance, one air traffic controller told the Associated
Press. The air traffic controller was not authorized to talk to the media
and spoke on condition of anonymity.
Spero said messages began arriving after 7pm on Friday and continued late
into the night. More might be notified over the long weekend or barred from
entering FAA buildings on Tuesday, he said.
The employees were fired "without cause nor based on performance or
conduct", Spero said, and the emails were "from an 'exec order' Microsoft
email address" - not a government email address.
The firings hit the FAA when it faces a shortfall in controllers. Federal
officials have been raising concerns about an overtaxed and understaffed air
traffic control system for years, especially after a series of close calls
between planes at U.S. airports. Among the reasons they have cited for
staffing shortages are uncompetitive pay, long shifts, intensive training
and mandatory retirements.
*The Guardian* 18 Feb 2025
------------------------------
Date: Mon, 17 Feb 2025 09:46:22 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: Too much fuel, not enough planning? (NZ Herlad)
NZ Herald 17 Feb 2025
Passengers on an Air New Zealand <https://www.nzherald.co.nz/topic/air-nz/>
flight from Wellington <https://www.nzherald.co.nz/topic/wellington/> to
Dunedin <https://www.nzherald.co.nz/topic/dunedin/> on Saturday were told
13 volunteers would need to get off the plane to lighten the load or all the
baggage would be left behind.
One of the passengers told RNZ he and other passengers were paid hundreds of
dollars each to get off the overweight Air New Zealand
<https://www.nzherald.co.nz/topic/air-new-zealand/> flight
<https://www.nzherald.co.nz/topic/aviation/> , which the airline blamed on
over-fuelling.
Michael Reddell was on the plane to Dunedin to take his daughter to the
University of Otago <https://www.nzherald.co.nz/topic/university-of-otago/>
on Saturday when the airline <https://www.nzherald.co.nz/topic/airlines/>
announced passengers would need to disembark or the baggage be unloaded.
Passengers were told the aircraft was overweight by 1300kg, Reddell said.
------------------------------
Date: Wed, 19 Feb 2025 17:15:22 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Family Of DC Plane Crash Victim Files $250M Legal Claims
(Arlington, VA Patch)
Officials said the Black Hawk crew never heard the words *pass behind the
plane* during the transmission from the controller because the helicopter's
microphone key was depressed.
https://patch.com/virginia/annandale/s/j5tyz/family-of-dc-plane-crash-victim-files-250m-legal-claim-reports
That's a wonderful protocol; maybe research could develop one that doesn't
lose essential transmissions.
------------------------------
Date: Sun, 16 Feb 2025 13:41:15 -0800
From: Jim <jgeissman@socal.rr.com>
Subject: Top U.S. Election Security Watchdog Forced to Stop Election Security
Work (WiReD)
The Cybersecurity and Infrastructure Security Agency has frozen all of its
election security work and is reviewing everything it has done to help state
and local officials secure their elections for the past eight years, WIRED
has learned. The move represents the first major example of the country's
cyberdefense agency accommodating President Donald Trump’s false claims of
election fraud and online censorship.
https://www.wired.com/story/cisa-election-security-freeze-memo/
------------------------------
Date: Wed, 19 Feb 2025 16:48:55 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Censored Science Can't Save Lives (NYTimes)
Jehan Alladina. C. Corey Hardin, and Alexander Rabin
*The New York Times*, 19 Feb 2025, National Edition, opinion
Progress is stifled when researchers are barred from asking certain
questions.
Censoring research on how to deliver treatments to those most in need isn't
just nonsensical, it puts lives at risk and undermines America's leadershop
in medical innovation. Progress cannot occur if scientists are barred from
asking certain questions. This is not how science works. [...]
The question is: Will the government police words and obstruct research, or
will it allow doctors to work freely in the name of health?
------------------------------
Date: Mon, 17 Feb 2025 09:58:25 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: The war against information (The New Republic)
https://newrepublic.com/article/191563/trump-musk-war-information-data?utm_source=newsletter
With dramatic cuts to departments and efforts to restrict access to certain
research, the administration is reshaping a vast data-driven world in its
autocratic image.
Since reentering the Oval Office last month, President Donald Trump has
undertaken several actions to restrict access to public health and education
research. The ostensible goals may be to remove certain content related to
issues that the administration considers ideologically objectionable-such as
references to racial, sexual, and gender identity and information regarding
climate change-as well as a nod to cost-cutting. But the end result of this
knowledge purge may be the loss of critical data that physicians,
researchers, and educators use to inform their work on matters as wide
ranging as public health, schooling, and the national economy.
In January, agencies scrambled to scrub websites
<https://www.cbsnews.com/news/trump-officials-pausing-most-federal-governmen
t-websites-friday/> that made references to transgender individuals or
"diversity, equity, and inclusion" efforts, with the goal of being in
alignment with Trump's executive orders. The Office of Personnel Management
ordered agency heads to remove "gender ideology" from websites; this
resulted in actions such as the Centers for Disease Control and Prevention
removing information
<https://www.pbs.org/newshour/health/health-info-wiped-from-federal-websites
-following-trump-order-targeting-transgender-rights> on contraception,
facts about HIV-positive and transgender individuals, and research showing
that transgender youth face higher rates of bullying, depression, and other
issues. Data from the CDC's Youth Risk Behavior Surveillance System, which
tracks health issues for young people, was removed entirely.
in the country -- but due to local uproar, plans are on hold.
<https://www.nzherald.co.nz/business/companies/energy/harmony-clarus-to-buil
d-nzs-biggest-solar-farm/WT6NL3WI3ZG6XBUAOXBNHWYUPY/>
The solar farm in Central Otago would be located on 660ha of unirrigated
land, leased by two local farming families, and is one of several currently
in development across New Zealand.
<https://www.nzherald.co.nz/business/companies/energy/energy-crisis-is-solar-power-the-solution-for-new-zealand-power-prices/YMVFIHGNU5BBVFKLJT45MHCCC4/>
https://www.nzherald.co.nz/nz/central-otago-solar-farm-application-on-hold-after-local-uproar/ORGBOEAGJJCXDP23PIDWFE5HF4/
However, residents of the tiny nearby town of Naseby --npopulation 140 at
the 2023 Census -- are mostly opposed to the development, citing fire
hazards and visual pollution.
<https://www.nzherald.co.nz/the-country/news/solar-farms-can-eat-up-farmland-but-agrivoltaics-could-mean-the-best-of-both-worlds-for-nz-farmers/5IWQATHBAVDALA7JVBWTBBBVQ4/%5d>
Former Delta employee Richard Healey, who several years ago was a
whistleblower over an energy cost increase by Aurora, has been one of the
most vocal critics. He says he is not anti-solar energy, simply concerned
at the sheer scale of the project.
------------------------------
Date: Mon, 17 Feb 2025 20:50:12 -0500
From: Ben Rothke <brothke@gmail.com>
Subject: How not to hire for a senior information security role
I recently received a flurry of emails from clueless recruiters hiring for
a senior medical device information security role. It reminded me of a
project I worked on with Bruce Schneier.
Bruce met with the client, and they totally misunderstood everything he
told them.
https://brothke.medium.com/how-not-to-hire-for-a-senior-information-security-role-4bf71ce7ee26?sk=9cab2444ee1ead944e41ab61445aea4c
------------------------------
Date: Sun, 16 Feb 2025 22:04:57 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Ransomware, disease, and 'ultra low-cost retailers': Why 3
iconic Canadian clothing stores went broke (CBC)
https://www.cbc.ca/news/canada/british-columbia/bootlegger-comark-insolvency-covid-1.7459717
For three weeks in November and December 2021, iconic Canadian clothing
chains Bootlegger, Cleo and Ricki's found themselves paralyzed -- staring
down the barrel of the "critical holiday season" but prevented by ransomware
from moving inventory.
The attack occurred on Nov. 23, but the businesses weren't able to regain
access to their internal systems until 13.Dec -- lag time that forced the
221 affected stores to mount heavy promotions in order to offload the
substantial portion of seasonal clothing caught up in the delay.
------------------------------
Date: Tue, 18 Feb 2025 08:48:39 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: DeepSeek 'shared user data' with TikTok owner ByteDance (YNA)
South Korea has accused Chinese AI startup DeepSeek of sharing user data
with the owner of TikTok in China.
"We confirmed DeepSeek communicating with ByteDance," the South Korean data
protection regulator told Yonhap News Agency.
<https://en.yna.co.kr/view/AEN20250218005300315>
------------------------------
Date: Sun, 16 Feb 2025 15:42:46 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Copter May Have Missed Key (NYTimes, Mark Walker)
Instructions Before Crash
Then on 15 Feb 2025 comes this headline: Copter May Have Missed Key
Instructions Before Crash: The investigative board head cited two
instances of when air-traffic control had given instructions to the
Black Hawk crew on how to weave through the busy airspace that the
crew might not have completely received. But the recording in the
helicopter did not include two messages that are in the controller's
recording.
------------------------------
Date: Tue, 18 Feb 2025 22:21:47 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Re: Lies, Damned Lies and Trumpflation (Paul Krugman, RISKS-34.56)
His fact checkers missed that COBOL isn't obsolete and is still used in the
business world, as well as government. And it's not the COBOL language
setting missing birth dates to 1875 but very bad programming. X and Threads
aren't necessarily the best source for facts, maybe especially technical
facts.
This makes more sense, except the "rarely" part. And it's still bad
programming.
https://www.wired.com/story/elon-musk-doge-social-security-150-year-old-benefits
Computer programmers quickly claimed that the 150 figure was not evidence of
fraud but rather the result of a weird quirk of the Social Security
Administration's benefits system, which was largely written in COBOL, a
60-year-old programming language that undergirds SSA's databases as well as
systems from many other U.S. government agencies.
<https://www.wired.com/story/cant-file-unemployment-dont-blame-cobol/>
COBOL is rarely used today, and as such, Musk's cadre of young engineers
may well be unfamiliar with it.
Because COBOL does not have a date type, some implementations rely instead
on a system whereby all dates are coded to a reference point
<https://www.threads.net/@ashmore_glenn/post/DGDfmj6TsZS>. The most commonly
used is May 20, 1875, as this was the date of an international
standards-setting conference held in Paris, known as the Convention du
Mètre. <https://x.com/toshiHQ/status/1889928670887739902>
------------------------------
Date: Sun, 16 Feb 2025 21:39:01 -0500
From: Ed Ravin <eravin@panix.com>
Subject: Re: Hiding the Fatal Motor Vehicle Crash Record
The FARS data is online again as of February 12 according to :
https://static.nhtsa.gov/nhtsa/downloads/FARS/2022/FARS2022%20Release%20Notes.txt
They seem to be transparent about what was changed:
> 02/11/2025
> Update the renaming of the variable to "Sex" and the replacement of
> attribute 3 with attribute 8-Not Reported. There were 22 records in
> Person and 1 record in PBTYPE (all in U.S. and none for PR) that were
> updated. Removed attribute 3 in the format library.
Friends have been telling me that the current upheaval feels like
living in a dystopian novel. The above seems straight out of Orwell's
"Nineteen Eighty-Four" - for those 23 people, a critical facet of their
lives has been erased, tossed down the memory hole.
------------------------------
From: Amos Shapir <amos083@gmail.com>
Date: Wed, 19 Feb 2025 11:27:49 +0200
Subject: Re: Dear, did you say pastry? meet the AI granny driving scammers
up the wall (RISKS-34.56)
A friend of mine was employing a low-tech solution, since before smartphones
even existed: He'd just hand over the phone to his two years old daughter.
She liked to chat, and it usually took the perpetrator about 15-20 minutes
to realize what was happening.
The only drawback of this method is that it requires a steady supply of two
year old toddlers.
------------------------------
Date: Mon, 17 Feb 2025 09:05:58 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Dear, did you say pastry? meet the AI granny driving scammers
up the wall (The Guardian)
So the AI "granny" declares herself "78 years young," does she/it? May I
point out that the computer-savvy generation has been entering their
retirement years for some time now. I myself am but 7 years behind Daisy.
So the stereotype about oldsters being computer-ignorant is becoming more
and more irrelevant. "Daisy" types will have to be in their 90s or even
centenarians to keep the deception going.
------------------------------
From: Rob Wilcox <robwilcoxjr@gmail.com>
Date: Mon, 17 Feb 2025 20:19:25 -0800
Subject: Aviation analyst on DC January 29 helicopter crash references
"Swiss Cheese human & systems failure model" (James T Reason)
Broncalario, Juan Browne, is one of a group of aviation pilots who
contribute post-air disaster and near-miss public analysis to YouTube. They
overlay synchronized ATS-B, maps, and ATC voice communications with
knowledge of the aircraft, pilots, weather, and other data.
My professional interest is electric grid failures and preventing them.
They are similar to aviation incidents.
In an update on the Washington DC crash on January 29, Browne cites the work
of risk analyst James T Reason at University of Manchester, and familiar to
Risks readers. He has published extensively. He passed 5 Feb 2025.
Reason has extensive contributions in journals and in books.
https://www.youtube.com/watch?v=v8sNVcm9TMU
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.57
************************
