Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 30.00 (), Volume 30 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 30 : Issue 00 () FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 30 (14 Dec 2016 -- ) (NOTE: This summary is archived in ftp file risks-30.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/30.00.html.) ---------------------------------------------------------------------- Date: Wed, 17 Aug 2016 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 30.00 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 30 (ongoing) (archived in ftp file risks-30.00) RISKS 30.01 Wednesday 14 December 2016 More on the LaMia crash involving the Brazilian soccer team PwC SAP fatal flaw in security software (Iain Thomson via Al Mac) Netgear R7000 and R6400 vulnerability (Bob Gezelter) Automated Assistants Will Soon Make a Bid for Your Finances (Nathaniel Popper) Cars Talking to One Another? They Could Under Proposed Safety Rules (Cecilia Kang) ACLU sues Rhode Island over computer benefits system delays (AP item via The Boston Globe) Designing a Safer Battery for Smartphones -- That Won't Catch Fire (John Markoff) Fake News Expert On How False Stories Spread And Why People Believe Them (NPR) SHAME ON YOU, GOOGLE! - Holocaust Deniers as the top search result (Gizmodo via Lauren Weinstein) Europe braces for Russian hacking in upcoming elections (Politico) Russia hacking the DNC (The New York Times) On the CIA assessment: Russia intervened in the 2016 election (Peter Houppermans) The Perfect Weapon: How Russian Cyberpower Invaded the U.S. (The New York Times) Don't like a political blog? Go after their advertising revenue (Thomas Koenig) Trump's F-35 tweet sends Lockheed Martin stock into tailspin (Steve Bittenbender) Ashley Madison settles cheaply for $1.6 million (FTC) Re: Boeing Dreamliner 787 should be reboot every 21 days (Michael Kohne) Re: Ball-bearing and crypto policy analogy (Serguei Patchkovskii, Ron Rivest) RISKS 30.02 Thursday 15 December 2016 Thunderbird Felled by Sticky Button (AirForceMag) Yahoo Says 1 Billion User Accounts Were Hacked (NYT) More details on massive new Yahoo hack -- it only gets worse (Business Insider via LW) Stolen Yahoo Data Includes Government Employee Information (DataCenterKnowldge) Interview with Charles Delavan on Podesta's e-mail (Slate) Colorado election omits more than 20,000 ballots (The DenverChannel) Uber said it protects you from spying. Security sources say otherwise (RevealNews) Bruce Schneier's latest CryptoGram (PGN) Value of having a computer at home is mixed (WashPo item via Ridgely C. Evers) Re: SHAME ON YOU, GOOGLE! (Craig Burton) RISKS 30.03 Monday 19 December 2016 Patient data encapsulated inside .exe file (Henry Baker) The EAC was itself hacked! (Elliott Hannon) US feds cyberattack US states (Al Mac) How France's TV5 was almost destroyed by 'Russian hackers' (Herb Lin, Richard OBrien) Evernote to read customer notes (Al Mac) Home routers under attack in ongoing malvertisement blitz (Ars Technica) Millions exposed to malvertising that hid attack code in banner pixels (Ars) Stop using Netgear routers with unpatched security bug, experts warn (Ars) Tech in Cars: What Happens When the Wheels Outlast the Wireless (WSJ) The FCC Just Approved a Landmark New Way For Deaf People to Communicate (Motherboard) Re: Audi Cars Now Talk To Stop Lights In Vegas (Richard Bos) Re: Yahoo Says 1 Billion User Accounts Were Hacked (Arthur Flatau) Re: Interview with Charles Delavan ... (Larry Sheldon) Re: SHAME ON YOU, GOOGLE! (Michael Marking, LW, Craig Burton, LW, CB, LW) RISKS 30.04 Tuesday 20 December 2016 U.S. House Encryption Working Group report (PGN) Project Wycheproof -- Crypto Check Libraries (Google) Russian Hackers Stole Millions a Day With Bots and Fake Sites (Vindu Goel) UK Police must be given power to shut websites (The Standard via Chris Drewe) Rail Crossing Warnings Are Sought for Mapping Apps (The New York Times) California DMV Calls Uber's San Francisco Self-Driving Cars Illegal (Bloomberg) The states of texting and driving in the U.S. (Ars Technica) Inside LeakedSource and Its Database of Hacked Accounts (WiReD) Integrity and correctness of Internet information (sur-behoffski) Re: SHAME ON YOU, GOOGLE! (Martin Ward) Re: U.S. feds cyberattack U.S. states (Dick Mills) Re: Audi Cars Now Talk To Stop Lights In Vegas (Anthony Youngman) RISKS 30.05 Monday 26 December 2016 BART new extension two years behind (PGN) Uber Booboo SNAFU, not FUBAR? (PGN) Who's Liable for George Hotz's Self-Driving Software? (Gabe Goldberg) Security risk on in-flight entertainment systems (BBC via Duncan Gibson) Recounts or no, U.S. elections still vulnerable to rigging, disruption (Rubinkam/Bajak) For Fact-Checking Website Snopes, a Bigger Role Brings More Attacks (David Streitfeld) Fake News Story Sets Off Israel-Pakistan Twitter Feud (AP) German government wants to fight "fake news" (Thomas Koenig) 'Special' Powers Corrupt Especially!! (Werner U) U.S. NSA insider may be behind Russian FSB leak? (BankInfoSecurity via Al Mac) Biz Cams into Madison MS (Al Mac) Patch Linux (Ars Technica via zdnet) Android phones by Lenovo and others may be running spyware (Michael Simon) Facebook banned a social justice activist for commenting on racism (TechCrunch) Online profile pictures leave lasting impressions, researchers say (CBC) Before Trump's Presidency, US Privacy Board in Disarray (ABC) MSFT $927M tech support contract (geek wire) Re: US feds cyberattack US states (Steve Lamont) Re: Audi Cars Now Talk To Stop Lights In Vegas (Chris Drewe) Re: Project Wycheproof -- Crypto Check Libraries (Craig Burton) "Walking Wounded: Inside the U.S. Cyberwar Machine" (Michael VanPutte) RISKS 30.06 Friday 30 December 2016 FBI/DHS Unclassified Summary Technical Report re Russian Hacking Attacks on U.S. (Documentcloud) How Russia Recruited Elite Hackers for Its Cyberwar (The NYTimes) Obama Strikes Back at Russia for Election Hacking (The NYTimes) It's Incredibly Easy to Tamper with Someone's Flight Plan, Anywhere on the Globe (Motherboard) Pixel Security: Better, Faster, Stronger (GoogleBlog) Advertising's Moral Struggle: Is Online Reach Worth the Hurt? (The NYTimes) White House: Robots may take half of our jobs (Henry Baker) "14 eyebrow-raising things Google knows about you" (JR Raphael) German Fake News debate: "False Opinion" destabilizes (Thomas Koenig) Facebook's Safety Check, Now Automated, Turns a Firecracker Into an Explosion (The NYTimes) Britney Spears reminds fans she's very much alive after death hoax (USAToday) Fake Academe, Looking Much Like the Real Thing (The NYTimes) OSCE security monitors targeted by hackers (BBC) Bid for Access to Amazon Echo Audio in Murder Case Raises Privacy Concerns (The NYTimes) For Millions of Immigrants, a Common Language: WhatsApp (The NYTimes) Why Some of Your Holiday Gifts Might Not Fly (The NYTimes) Re: MSFT $927M tech support contract (John Levine) Re: SHAME ON YOU, GOOGLE! (Bob Wilson) Re: Is no place sacred from surveillance? (on Jenna Wortham via HB) Scholarships for Women Studying Information Security (Jeremy Epstein) RISKS Digest 30.07 Sunday 8 January 2017 Russia meddled in 2016 election through hacking and spreading of propaganda (Ellen Nakashima and Karoun Demirjian and Philip Rucker) Evidence for Russian Hacks (DNI) Putin Ordered `Influence Campaign' Aimed at U.S. Election (David E. Sanger) WikiLeaks opposes leaking of CIA report (The Hill) WikiLeaks threatens to publish Twitter users' personal info (USA Today) Gee whiz, elections are part of our critical infrastructures! (PGN) Donald Trump's Twitter Account Is A Security Disaster Waiting To Happen (Buzzfeed) Intel Chiefs Say Trump's Twitter Account Was Hacked by Four-Year-Old (Andy Borowitz in *The New Yorker*) The Lauded Russian Hacker Whose Company Landed on the U.S. Blacklist (Andrew E. Kramer) India's Call-Center Talents Put to a Criminal Use: Swindling Americans (Ellen Barry) Fake Academe, Looking Much Like the Real Thing (Kevin Carey) KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption (Bleeping Computer) TV anchor says live on-air 'Alexa, order me a dollhouse' -- guess what happens next (Shaun Nichols via geoff goodfellow) Fridges and washing machines could be vital witnesses in murder plots (The Telegraph) Feds Accuse D-Link Of Failing To Properly Secure Routers & Webcams (Consumerist) The Health Data Conundrum (Kathryn Haun and Eric J. Topoljan) 2017: Search and Social Media (Lauren Weinstein) Psychiatric patient accesses confidential social service data (HIPAA via Mark Trumpler) "Information Warfare" (Labs.rs via Jim Forster) Singapore to ban Internet-connected government computers (Straits Times via Mark Thorson) Smart meters: Frauds, Explosions & Fires, Oh No! (The Guardian via Henry Baker) The Binge Breaker (The Atlantic) Cloudflare explains the leap second bug (Debora Weber-Wulff) Toshiba expands recall of laptop battery packs due to burn/fire risk (Bob Brown) "The Real Name Fallacy" (Lauren Weinstein) Re: Name-collision risks -- again! (Burt Kaliski) Re: 'Special' Powers Corrupt Especially!! (Chris Drewe) RISKS 30.08 Tuesday 10 January 2017 Russian Hackers Find Ready Bullhorns in the Media (Max Fischer) France blocks 24,000 cyberattacks amid fears that Russia may try to influence French presidential election (David Chazan) Russia's RT: The Network Implicated in U.S. Election Meddling (Russell Goldman) How to Starve Online Hate (Pagan Kennedy) Disrupting The Business Model of the Fake News Industry (Katherine Haenschen and Paul Ellenbogen) A Chilling PBS Documentary Shows How Mistakes Are Made (Neil Genzlinger) FDA Offers Advice for Hacking Risks With St Jude Cardiac Devices (Arthur Flatau) Vulnerability Disclosure Attitudes and Actions (NTIA) Perhaps a laptop can be too thin? (Henry Baker) Iran's p*rn censorship broke browsers as far away as Hong Kong (The Verge) "Windows security patches crash Active Directory Admin Center" (Woody Leonhard) "More than 10,000 exposed MongoDB databases deleted by ransomware groups" (Lucian Constantin) Re: Cloudflare explains the leap second bug (David E. Ross) Re: "The Real Name Fallacy" (Identity Withheld) Re: Russian Hacking (Dick Mills) Re: "TV anchor says live on-air 'Alexa ...'," (Adam Shostack, Jeremy Epstein, Mark Thorson) IoT Home Inspector Challenge (FTC via Alister Wm Macintyre) RISKS 30.09 Tuesday 17 January 2017 Tesla driver stranded because outside of cellphone coverage (Mark Thorson) Nissan's Path to Self-Driving Cars? Humans in Call Centers (Alex Davies via Gabe Goldberg) Automation is already here, and it's taking jobs and annoying customers (QZ) India gov banks compromised (Economic Times via Alister Wm Macintyre) Finally Revealed: Cloudflare Has Been Fighting NSL for Years (EFF) In the UK, Silent Emergency Assistance Can Come to the Rescue (Jonathan B Spira) "Pay the ransom? You won't get your data back" (Fahmida Y. Rashid) "Professionally designed ransomware Spora might be the next big thing" (Lucian Constantin) Google and the Misinformed Public (Chronicle of Higher Education) Why Google must start labeling highly ranked fake news results (Lauren Weinstein) Facebook to roll out fake news tools in Germany (BBC) "Families of ISIS victims sue Twitter for being 'weapon for terrorism'" (Sharon Gaudin) How Netflix Is Deepening Our Cultural Echo Chambers (The New York Times) Adobe Acrobat Reader DC Update Installs Chrome Browser Extension (Gabe Goldberg) Unacceptable Adobe Behavior: Adobe Acrobat Reader DC Update Installs Chrome Browser Extension (Lauren Weinstein) Surprising results on Chinese government manipulation of social media (GKing) "Forced to watch child porn for their job, Microsoft employees developed PTSD, they say" (Greg Hadley) Secret WWI telegram holds lessons for today, historians say (CBC) Browser autofill used to steal personal details in new phishing attack (The Guardian) Rudy Giuliani's Glass House (The Register) New Systems Security Engineering Web Site (Ronald S. Ross) FBI allegedly paid Geek Squad for evidence (Engadget) Congress is stupid because... (WiReD) Trump just said he's firing the people in charge of securing America's nukes (Yahoo!) Re: Command and Control (David Lesher) Re: Russian Hacking (Sam Steingold) Re: A Chilling PBS Documentary Shows How Mistakes Are Made (David Wittenberg) Re: The leap-second is a bug (Bob Frankston) Bruce Schneier's latest CRYPTO-GRAM (PGN) Garry Kasparov (PGN) Book: Jennifer Granick, American Spies (PGN) RISKS 30.10 Sunday 22 January 2017 Verizon remotely disables remaining Galaxy Note 7 phones (PGN) The cloud ate your homework! (code.org via Jim Reisert) Nim Language Draws From Best of Python, Rust, Go, and Lisp (Serdar Yegulalp) Will Blockchain-Based Election Systems Make E-Voting Possible? (Adam Stone) Dutch Developer Added Backdoor to Websites He Built, Phished Over 20,000 Users (Bleeping Computer) CIA unveils new rules for collecting information on Americans (Reuters) Tesla's Self-Driving System Cleared in Deadly Crash (Neal E. Boudette) Re: How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, not Engaged Argument (GKing 50c) The first-ever close analysis of leaked astroturf comments from China's "50c party" reveal Beijing's cybercontrol strategy (Cary Doctorow) Japan testing USB phone charging in public buses (TheNextWeb via Henry Baker) The Fine Art of Sniffing Out Crappy Science (Chronicle of Higher Education) Facebook and Falsehood (Chronicle of Higher Education) Re: Fake News (Peter Houppermans) Subject: Re: Nissan's Path to Self-Driving Cars? Humans in Call Centers (Michael Bacon) Re: Leap-seconds (Kurt Seifried, Bob Frankston, Kurt Seifried, Bob Frankston) RISKS 30.11 Saturday 28 January 2017 "The missile may have veered ... towards the United States" (AFP via danny burstein) Clip from Schlosser's Command and Control (Ken Knowlton) Russians Charged With Treason Worked in Office Linked to Election Hacking (The NYTimes) United Airlines resumes flights after temporary ground order (CNN via Monty Solomon) Galaxy Note 7 investigation concludes, pair of issues will cost Samsung $5 billion (geoff goodfellow) Galaxy Note 7 Fires Caused by Battery and Design Flaws, Samsung Says (The NYTimes) Verizon remotely disables remaining Galaxy Note 7 phones (Kelly Bert Manning) "HP recalls over 100,000 more laptop batteries for fire hazard" (Agam Shah) "Cisco scrambling to fix a remote code execution problem in Webex" (Tim Greene) TOR servers misused for spam (Gerrit Muller) "OpenSSL issues new patches as Heartbleed still lurks" (Fahmida Y. Rashid) White House kills their comment phone line, but a new one appears (Lauren Weinstein) Facebook is changing its Trending section to fight the spread of fake news (Lauren Weinstein) Massive networks of fake accounts found on Twitter (BBC) U.S. Park Service tweets were result of old Twitter passwords (Martyn Williams) Fake news costing advertisers reputation, ad dollars (enterpriseinnovation) Report fake news at alt-facts.net (alt-facts) Finding credibility clues on Twitter (Science Daily) The real reason why Trump using an old Android phone should freak you out (BGR) Donald Trump is using a private gmail account to secure the most powerful Twitter account in the world (Sam Biddle) Republican voter fraud? (PGN) Cellphone dependency (Neil Youngman) Re: CIA unveils new rules for collecting information on Americans (Mark F) Re: Nim Language Draws From Best of Python, Rust, Go, and Lisp (Amos Shapir) Re: Leap-seconds (John Levine) Re: Japan testing USB phone charging in public buses (Andrew Duane) RISKS 30.12 Wednesday 1 February 2017 Network-enabled ICBMs for the USAF? (John Dallman) Quantum Computers Versus Hackers, Round One (WiReD via Werner U) Hackers Use New Tactic at Austrian Hotel: Locking the Doors (Dan Bilefsky) Hotels and electronics (Benoit Goas) Hackers hit DC CCTV's Jan. 12-15, 2017 (Clarence Williams via Henry Baker) Everything I Need to Know about Russia's Internet Interference I Learned Through College Pranks (Sean Havey) "FBI request for Twitter account data may have overstepped legal guidelines" (Dustin Volz) Severe vulnerability in Cisco's WebEx extension for Chrome leaves PCs open to easy attack (PC World) Voter fraud? (PGN) The future of fake news is real-time video manipulation (Nick Bilton) Intentionally or not, big brands help fund fake news (Star Tribune) alt-facts.net site (Arthur T.) Re: "The missile may have veered ... towards the US" (Chris Drewe) Re: United Airlines resumes flights after temporary ground order (Mark) Re: Nim Language Draws From Best of Python, Rust, Go, and Lisp (Wols, John Levine) Data Privacy Day: know the risks of Amazon Alexa and Google Home (Naked Security) RISKS 30.13 Tuesday 7 February 2017 Russians Engineer A Brilliant Slot Machine Cheat - And Casinos Have No Fix (WiReD) TLS vulnerability in popular iOS apps allows user data to be intercepted in man-in-the-middle attack (Malcolm Owen) Popular apps with 18 million combined downloads in the Apple App Store found vulnerable to silent data interception (Greg Barbosa) "Dozens of iOS apps fail to secure users' data, researcher says" (Michael Kan) Security flaws in Pentagon systems "easily" exploited by hackers (Zack Whittaker) Data from man's pacemaker led to arson charges (Lauren Pack) Vizio to Pay $2.2M to Settle Charges it Illegally Collected Data from TV Owners (Gabe Goldberg) The Truth about Unix -- my version, anyway -- for comic relief (Don Norman) "Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs" (Woody Leonhard) "GitLab database goes out after spam attack" (Paul Krill) Cisco: Spam is making a big-time comeback (Tom Greene) How WhatsApp is fighting spam after its encryption rollout (Techcrunch) Trump's Vote Fraud Guru is Registered in Three States (AP) Re: Hackers Use New Tactic at Austrian Hotel: Locking the Doors (Amos Shapir) Re: Network-enabled ICBMs for the USAF? (Amos Shapir) Re: alt-facts.net site (AT, LW) Re: Nim Language Draws From Best of Python, Rust, Go, and Lisp (Dimitri Maziuk, Arthur Flatau, Alexander Klimov) Re: Quantum Computers Versus Hackers, Round One (Rob Slade, Werner U) RISKS 30.14 Friday 17 February 2017 To Lure Moviegoers, 20th Century Fox Dangles Fake News (Liam Stack and Sapna Maheshwari) Fake news is killing people's minds, says Apple boss Tim Cook (The Telegraph) Dutch election will be counted by hand (The Guardian) Forged Racist Emails Cause Stir at University of Michigan (ABC) New Mac malware from Iran targets US defense industry, human rights advocates with fake Flash updates (Apple) Can Foreign Governments Launch Malware Attacks on Americans Without Consequences? (EFF) Cooperative Bank sends a text with a dyn.co link (Martin Ward) Toyota recalls all the Mirais for software bug (Andrew Krok) Majority of Android VPNs can't be trusted to make users more secure (Ars Technica) "Flaw in Intel Atom chip could crash servers, networking gear" (Agam Shah) "S. Korea plans to tighten battery regulations after Note 7 crisis" (John Ribeiro) 'Xagent' malware arrives on Mac, steals passwords, screenshots, (Ars Technica) Yahoo sends new security warning to users (Chicago Tribune) "Microsoft re-releases snooping patches KB 2952664, KB 2976978" (Woody Leonhard) "Microsoft Explains Why Windows Drivers Are Dated 21 June 2006" (Matthew Humphries) Why you can't depend on antivirus software anymore (Slate) The Internet of Evil Things (Tim Johnson) Security and the Internet of Things (Bruce Schneier) Supporters of Mexico's Soda Tax Targeted With NSO Exploit Links (Citizen Lab) How do destroy a web form and the risks (Paul Robinson) Spanner, the Google Database That Mastered Time, Is Now Open to Everyone (WiReD) The AI Threat Isn't Skynet. It's the End of the Middle Class (WiReD) Google is spying on my photos (Geoff Kuenning, Lauren Weinstein) Re: D-Wave and quantum computer architecture (Rodney Van Meter) Re: quantum communications via plane and satellite (Rodney Van Meter) Re: Rob Slade on quantum computing (Rodney Van Meter) Re: Quantum Cryptography (Paul E. Black) Re: "The missile may have veered ... towards the United States" (Michael Black) Re: Nim Language Draws From Best of Python, Rust, Go, and Lisp (Amos Shapir) Re: The Truth About UNIX... (Paul Robinson)) *WiReD* in RISKS-30.13 (Dave Horsfall) The 'March for Science' is gaining mainstream momentum (Joel Achenbach via Dewayne Hendricks) Stein Schjolberg: The History of Cybercrime (PGN) RISKS 30.15 Tuesday 21 February 2017 German parents told to destroy Cayla dolls over hacking fears (BBC News) The previous owners of used smart cars can still control them via the cars' apps (BoingBoing) "Safety, Security, and Privacy Threats Posed by Accelerating Trends (Helen Wright and Ben Zorn) "Why Humans Distrust Algorithms--and How That Can Change" (Cade Massey and Joseph Simmons) Serious Computer Glitches Can Be Caused By Cosmic Rays (Science) Re: Dutch election will be counted by hand (Erling Kristiansen) Re: Old Intel chips (Martin Ward) Re: Facebook Trending (Wols) Re: Google and Evil (Charles Cazabon) Re: WiReD (John Bechtel) Re: The AI Threat Isn't Skynet. It's the End of the Middle Class (Michael Marking) RISKS 30.16 Sunday 26 February 2017 That "Russian" DoS against Deutsche Telekom? They just arrested... a Brit (RT via danny burstein) Swift-based ransomware targets macOS pirates with false decryption promise (AppleInsider via geoff goodfellow) Study reveals bot-on-bot editing wars raging on Wikipedia's pages (The Guardian) SHA-1 collision (PGN) Cloudflare bug (Brooks Davis) IoT problems (Joe Durusau) Prominent medical quackery website removed from Google search results (Mark Thorson) Prominent cartoonist shadowbanned by Twitter (Mark Thorson) Re: German parents told to destroy Cayla (Peter Bernard Ladkin) Science societies have long shunned politics. But now they're ready to march. (The Washington Post via Lauren Weinstein) Response to Michael Marking (Ken Knowlton) Re: The AI Threat Isn't Skynet (Chris Drewe) Re: Dutch election will be counted by hand (Richard Bos) Re: Old Intel Chips (Andrew Duane) Re: Cooperative Bank sends a text with a dyn.co link (Richard Bos, Andrew Duane) Re: Facebook Trending (Michael Bacon) Re: "The missile may have veered ... towards the United States" (Richard Bos) Re: Nim Language Draws From Best of Python, Rust, Go, and Lisp (OK) Re: WiReD -- Product is Mis-Identified (tanner andrews) Re: WiReD (Michael Kohne, John Bechtel, Michael Kohne) RISKS 30.17 Saturday 4 March 2017 Michelin Star Mix-Up Throws a Working-Class Bistro Into a Media Storm (The NYTimes) Hard Drive LED Allows Data Theft From Air-Gapped PCs (Eduard Kovacs) California Law Enforcement Union Sues To Block Police Accountability (TechDirt) How the Secret Service Protects the President Against New Cyber-threats (Fortune) The Internet is already dead (Michael Grant) Shhh! That Helpful Robot May Pose a Security Risk (John Markoff) Driverless cars have trouble seeing humans on bicycles (IEEE Spectrum) Oscars screwup and Asiana 214 crash (Phil Smith III) Use of the Red Cross in a video game (Paul Robinson) "Physical data is inherently less secure than digital" (The Register via Neil Youngman) Hacked texts from family of former Trump campaign manager surface on the dark web (TechCrunch) What if tomorrow it's the Church of Scientology? (Kelly Bert Manning) Software Engineer detained by U.S. Customs (CNBC) Google's anti-trolling AI can be defeated by typos, researchers find (Ars Technica) FCC chair wants carriers to block robocalls from spoofed numbers (Ars Technica) Human error caused Amazon Web Services outage, Apple iCloud service issues (Malcolm Owen) Full statement by Amazon regarding AWS S3 outage and actions (via LW) Radiolab podcast: CRISPR assassinations (Austin Burt via Henry Baker) A warning from Bill Gates, Elon Musk, and Stephen Hawking (Quincy Larson) Uber's data-sucking app is dangerously close to malware (Mike Isaac and Buster Hein via Henry Baker) Re: Science (Wols) Re: WiReD -- Product is Mis-Identified (westhawk) Re: WiReD (Mike Spencer) Re: Oscars screwup and Asiana 214 crash (Dan Skwire) Re: overloaded parentheses (Tony Finch) Re: The AI Threat Isn't Skynet (David Brodbeck) Re: Prominent medical quackery website removed from Google search results (David Damerell) RISKS 30.18 Wednesday 15 March 2017 Hacking Our Nuclear Weapons (Bruce G. Blair) Caveat Emptor Redux: vibrations are remotely tracked! (PGN) Malware found preinstalled on 38 Android phones used by 2 companies (Gabe Goldberg) Why is it so hard to trace an anonymous bomb threat? (The Verge) Secrecy surrounds White House cybersecurity staff shakeup (ZDNet) Scamville visit (WiReD via Gabe Goldberg) The night Zombie Smartphones Took Down 911 (Ryan Knutson) Police typo in IP address led to an innocent father's arrest for pedophilia (Matthew Champion) There's always a [mis]use case for data (Jeremy Epstein) FBI Director James Comey: "Americans have no right to expect absolute privacy" (CNN) Aging voting machines: an old risk (jared gottlieb) The World Wide Web's inventor warns it's in peril on 28th anniversary (Jon Swartz) 92% of Federal Sites Fail to Meet Security, Performance Standards (ITIF via Gabe Goldberg) Dangerous industrial robots (Nancy Leveson) AI's PR Problem (MIT Tech Review) These Adorable Robots are Roaming DC Streets with Food Inside (Patch via Gabe Goldberg) Consumer Reports Launches Digital Standard to Measure Privacy, Security (via Gabe Goldberg) Avast Cybercapture of personal files (Benoit Goas) Prominent English-language newspaper removed from Wikipedia (Mark Thorson) Re: Hinckley and Pres. Reagan, was: How the Secret Service Protects the President ... (danny burstein) Re: Science (Sue Willis, Gerrit Muller) Re: Google's anti-trolling AI can be defeated by typos (Dave Horsfall) Re: CRISPR assassinations (Robert R. Fenichel) Re: Hard Drive LED Allows Data Theft From Air-Gapped PCs (Kelly Bert Manning) Re: California Law Enforcement Union Sues To Block Police Accountability (Sam Steingold) Re: Software Engineer detained by U.S. Customs (Kelly Bert Manning) Non-detachable "What-is-this" metadata should be included in information (David A Wheeler) Re: A warning from Bill Gates, Elon Musk, and Stephen Hawking (Arthur Flatau) Risks of automated fast-food service (Paul Robinson) Re: The AI Threat Isn't Skynet (Chris Drewe) Re: Wired (John Alexander Stewart) GOP senators to let ISPs sell, without opt-out opportunity: your PII; geo travels; Web browsing data (Ars Tech) RISKS 30.19 Tuesday 21 March 2017 Britain's surveillance agency slaps down claim it was involved in Trump 'wiretap' (The WashPo) Justice Department charges Russian spies and criminal hackers in Yahoo intrusion (The WashPo) Inside the Russian hack of Yahoo: How they did it (CSO Online) Facebook just made it harder for you to share fake news (The Telegraph) A Small Table Maker Takes On Alibaba's Flood of Fakes (The NYTimes) "How to Counterfeit Quantum Money" (CORDIS News) Two Dead After T-Mobile 'Ghost Calls' Flood 911 Center in Texas (Gizmodo) "Security breach fears over 26 million NHS patients" (Laura Donnelly) Install this FREE android application and go to jail (tk) Court Orders ISP To Hand Over Identities Behind 5,300 IP Addresses To Copyright Trolls (torrentfreak/slashdot) Man in Trouble Due to Police IP Address Error (*Metro* via Chris Drewe) USAF had their own dataloss going on, recently... (ZDNet) Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam (Krebs) Expert: Apple may have deployed unauthorized patch by mistake (CSO Online) Re: Avast Cybercapture of personal files (Barry Gold) Re: A warning from Bill Gates, Elon Musk, and Stephen Hawking (Notatla, Arthur Flatau) Re: self-checkout at grocery stores (David Lamkin) Re: automation, restaurants, and industrial robots (Kelly Bert Manning) CRISPR assassinations (Gene Spafford) Re: Science (Wendy M. Grossman) RISKS 30.20 Thursday 30 March 2017 Aging resident dies after Eden Prairie caregiver forgot to plug in heart pump (Gabe Goldberg) Self-driving Uber gets in accident in Tempe, Arizona (Business Insider) NASA fireworks (Alister Wm Macintyre) Evidence That Robots Are Winning the Race for American Jobs (Claire Cain Miller) Ransomware scammers exploited Safari bug to extort porn-viewing iOS users (Ars Technica) Senate votes to let ISPs sell your Web browsing history to advertisers (Ars Technica) For sale: Your private browsing history (Ars Technica) UK government says Apple ``cannot get away with unbreakable encryption'' following terrorist attack (Ben Lovejoy) Fake Sleuths: Web Gets It Wrong on London Attacker (Mark Scott) How police unmasked suspect accused of sending seizure-inducing tweet (Ars Technica) DJI Proposes Electronic Identification Framework For Small Drones (Slashdot) Win10 Class Action ... (The Register via Alister Wm Macintyre) Risks from falsified Data (BBC via John Murrell) US Supreme Court Case on Toner Cartridges (Alister Wm Macintyre) Re: self-checkout at grocery stores (Barry Gold, Mark Jackson) RISKS 30.21 Saturday 1 April 2017 News break (PGN) US Congress rapes privacy, they are next (Misha Collins via Alister Wm Macintyre) Internet Noise, on purpose (Dan Schultz via Al Mac) Volkswagen's Emissions Fraud May Affect Mortality Rate in Europe (The New York Times) NASA fireworks a damp squib? (David Damerell) Re: NASA Fireworks (Kurt Seifried, Harlan Rosenthal) Re: Risks from falsified Data (Robert P. Schaefer) RISKS 30.22 Monday 3 April 2017 Automated Weather Observation failure closes airport (Tri-City Herald via Clay Jackson) Galaxy S8 face recognition already defeated with a simple picture (Ars Technica) FAKE NEWS!! The best and worst April Fools' Day stories (The Guardian) April Fools' Day pranks 2017 -- a complete list of all of the day's Internet hoaxes (The Washington Post) Lawmakers confuse 'oversight' and 'overlook' (EFF's EFFector) The Future of Free Speech, Trolls, Anonymity and Fake News Online (Pew) Why Tug on ATMs (Krebs) Re: Risks from falsified Data (A Michael W Bacon, David Alexander) Re: Fake Sleuths: Web Gets It Wrong (Kelly Bert Manning) Re: NASA Fireworks (Wols, Bruce Hunter) Re: Self-checkout at grocery stores and elsewhere (Kelly Bert Manning) Re: US Congress rapes privacy, they are next (Joseph Brennan) Risks Digest 30.23 Thursday 6 April 2017 The future of the open Internet -- and our way of life -- is in your hands (Quincy Larson) Tim Berners Lee plots radical overhaul (PGN) Encryption and the Press Clause (D. Victoria Baranetsky) Trust vs Trustworthy? (Stef Aupers) Russia Is Trying to Copy China's Approach to Internet Censorship (Slate) 20-year-old command & control server for Russian hackers (WiReD via Badi Irshid) Inside the Hunt for Russia's Most Notorious Hacker (WiReD) A scramble at Cisco exposes uncomfortable truths about U.S. cyberdefense (WiReD) Huge repository of documents obtained under FOIA (Governmentattic via Don Gilman) How Hackers Hijacked a Bank's Entire Online Operation (WiReD) Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear (WiReD) Microsoft says it's blocking Windows 7, 8 patches on latest AMD, Intel chips (PC World) How Garadget Avenged a One-Star Review With Digital Sabotage (The Atlantic) Another sex toy trivially hacked (Pentestpartners) $14M Initiative to Fight Fake News Includes Facebook, Mozilla (PCMag) Hate speech and fake news -- follow the money! (Lauren Weinstein) Fake News Publishers Are Still Earning Money From Major Ad Networks (Buzzfeed) Re: UK government says Apple cannot get away with encryption (Chris Drewe) Re: Risks from falsified Data (Robert P. Schaefer) RISKS 30.24 Saturday 15 April 2017 Someone hacked every tornado siren in Dallas. It was loud. (Avi Selk) Brexit vote site may have been hacked, MPs say in report (BBC) Prison inmates built working PCs out of e-waste, networked them, and hid them in a closet ceiling (BoingBoing) Is Your Fingerprint-Locked Cell Phone Really Secure? (Patch) FBI Arrests Hacker Who Hacked No One (The Daily Beast) "Dishwasher has directory traversal bug" (The Register) "BrickerBot" disables vulnerable IoT devices (Radware) Securing driverless taxis is going to be really really hard (BoingBoing) Uber's 'Hell' program tracked and targeted Lyft drivers (Engadget) Autonomous Electric Vehicle impact on Economy (Evans & Shedlock) Google's Sheriffbot: presto, no more bugs! (Dan Jacobson) IPv6 attacks bypass network intrusion-detection systems (IT News) How Scammers Were Able to Game Google Maps (Fortune via Gabe Goldberg) Security firms sometimes wreck FBI investigations. Here's how. (CyberScoop) Anova Ticks Off Customers By Requiring Accounts To Cook Food Using The App (Consumerist) Interesting interview with Ed Felten on his FTC and WH experience (PGN) Re: Follow the Money (Peter Houppermans) Re: How Garadget Avenged a One-Star Review With Digital Sabotage (Amos Shapir) Re: The future of the open Internet (Chris Drewe) RISKS 30.25 Tuesday 18 April 2017 How fake news and hoaxes have tried to derail Jakarta's election (BBC) Critics See Signs of Interference in French Vote (Andrew Higgins) Voters Cite Turkish Leader's Record as He Claims a Slim Victory (Patrick Kingsley) Biased Bots: Human Prejudices Sneak Into Artificial Intelligence Systems (Princeton) The tiny changes that can cause AI to fail (BBC) Shadow Brokers: a mysterious hacker or group of hackers released the Microsoft apocalypsed that wasn't (Robert Hackett) Hackers have just dumped a treasure trove of NSA data. Here's what it means. (Henry Farrell) Car parking app shares 2000 customers' private details after company suffers glitch (The Telegraph) California Secession Bid Fails: Leader Is Living in Russia (KABC) Inside the Tech Support Scam Ecosystem (OnTheWire) Why one Republican voted to kill privacy rules: Nobody has to use the Internet (Ars Technica) Re: Autonomous Electric Vehicle impact on Economy (Amos Shapir) RISKS 30.26 Sunday 30 April 2017 Auditors: panel exposed voter records to potential hacking (Baltimore Sun) Russia's alleged election interference - suspects & investigators (BBW) Russian-controlled telecom hijacks financial services' Internet traffic (Ars Technica) Denmark: Russia has been hacking us for two years (The Copenhagen Post) Cyber Attack in Israel reportedly used NSA tool (Edwin Slonim) How to Detect Fake News in Real-Time (Medium) Tectonic plate movement and driverless cars (David Horsfall) Flawed electronic prescription system too entrenched to disable? (Times Colonist) The wrong way to remove clutter in EHRs (Robert L Wears) Senate staffers have picture of security chip on their IDs. (Ars Technica via Tom Russ) HSBC introduces voice passwords, all the same (Gabe Goldberg) Two-factor authentication (Dmitri Maziuk) Antivirus provider Webroot is causing trouble for customers (Ars Technica) Man gets fined for discovering a flaw (Motheroard) Turkey blocks Wikipedia under law designed to protect national security (The Guardian) EPA website removes climate science site from public view after two decades (The Washington Post) Amazon Wants to Put a Camera and Microphone in Your Bedroom (Motherboard) Brickerbot (Techcrunch and Gizmodo) Ankle Bracelet glitches (BBW) Hacker holds Netflix to ransom over new season of Orange Is The New Black (The Guardian) "Bash Bunny: Big hacks come in tiny packages" (InfoWorld) Homographic URLs (The Guardian via PGN) How A False Story About A Husband And Wife Being Twins Ended Up On Major News Websites (Buzzfeed) Princeton researchers discover why AI become racist and sexist (Ars Technica) "Don't get bit by zombie cloud data" (Fahmida Y. Rashid) "DDoS attacks abusing exposed LDAP servers on the rise" (Fahmida Y. Rashid) Bose headphones have been spying on customers, lawsuit claims (The Washington Post) For 18 years, she thought someone was stealing her identity. Until she found her. (The Guardian via Gabe Goldberg) Re: Autonomous Electric Vehicle impact on Economy (Kelly Bert Manning, Charles Jackson) Re: Prison inmates built working PCs out of e-waste (Richard Bos) RISKS 30.27 Friday 5 May 2017 Bobby Tables and electoral fraud (Dave Horsfall) Using AI-Enhanced Malware, Researchers Disrupt Algorithms Used in Antimalware (Michael Kassner) Artificial Intelligence Prevails at Predicting Supreme Court Decisions (Matthew Hutson) Critical Level Firmware-level Security Vulnerability in Intel server chips (Bob Gezelter) "Cybercrime group abuses Windows app compatibility feature" (Lucian Constantin) Facebook and Google Were Victims of $100M Payment Scam (Fortune) Russian hackers use OAuth, fake Google apps to phish users (PC World) The Lost Picture Show: Hollywood Archivists Can't Outpace Obsolescence (IEEE Spectrum) FBI allays some critics with first use of new mass-hacking warrant (Ars Technica) Fitbit Disputes Woman's Claim That Her Flex 2 Tracker Exploded on Its Own (Fortune) The default sharing of you -- a data privacy nightmare (Ageinplacetech) Senseless Government Rules Could Cripple the Robo-Car Revolution Re: Autonomous vehicle... (Martin Ward, Re: Homographic URLs (John Levine) Re: Antivirus provider Webroot is causing trouble for customers (Amos Shapir) Re: Man gets fined for discovering a flaw (Amos Shapir) Re: For 18 years, she thought someone was stealing her identity. (Martin Ward, Amos Shapir) Re: Two-factor authentication (John Levine) "Lessons from a flight gone wrong" (Bart Perkins) RISKS 30.28 Tuesday 9 May 2017 Macron condemns 'massive' hacking attack (BBC) Twitter bots are being weaponized to spread information on the French presidential campaign hack (Recode) How One Major Internet Company Helps Serve Up Hate on the Web (ProPublica) The hijacking flaw that lurked in Intel chips is worse than anyone thought (Ars Technica) Fingerprint Authentication (Anthony Thorn) How Online Shopping Makes Suckers of Us All (The Atlantic) Draft Law Would Require Egyptian Social Media Users to Register With Government (Global Voices) Wanna Share News on Social Media? With China's New Rules, You'll Need a Permit For That. (Global Voices) Inside VW's Campaign of Trickery (The New York Times) Sextortion suspect must unlock her seized iPhone, judge rules (Ars Technica) Re: Man gets fined for discovering a flaw (Dave Parnas channeled via PGN) Re: Bobby Tables and electoral fraud (Jeremy Epstein) Re: Autonomous vehicle... (John Levine, John Levine) Re: Senseless Government Rules Could Cripple the Robo-Car Revolution (Anthony Youngman) Re: Artificial Intelligence Prevails at Predicting Supreme Court Decisions (Henry Baker) Re: The Lost Picture Show: Hollywood Archivists Can't Outpace Obsolescence (Richard A. DeMattia) Re: For 18 years... stealing her identity. (Chris Drewe) RISKS 30.29 Saturday 13 May 2017 Fiat Chrysler Recalls 1.2 Million Ram Pickups Over Faulty Software (Bill Vlasic and Neal E. Boudette) Today's Massive Ransomware Attack Was Mostly Preventable -- Here's How To Avoid It (Gizmodo) Dozens of countries hit by huge cyberextortion attack (McClatchy) A British researcher says he found a kill switch for the malware crippling computers worldwide (The Washington Post) Hackers Use Tool Taken from NSA in Global Attack (Nicole Perlroth and Davide E. Sanger) Indicators Associated With WannaCry Ransomware (US-CERT) WARNING: Antivirus sites may be helping to SPREAD the current global malware ransomware WannaCry attack! (Lauren Weinstein) Global 'Wana' Ransomware Outbreak Earned Perpetrators $26,000 So Far (Krebs) The Joy of Tech comic: The Internet of ransomware things! (GeekCulture) Vehicle lien recorded in name of cartoon characters (Mark Brader) Cochrane Report on IHealth EHR: Lessons for engaging users to provide QA feedback (Island Health via Kelly Bert Manning) Microsoft patches Windows XP to fight 'WannaCrypt' attacks (Engadget via LW) Malware and The Cloud (Lauren Weinstein) "How the Macron campaign slowed cyberattackers" (Fahmida Y. Rashid) Counter intelligence in the French elections - this changes cybersecurity forever. (Gadi Evron) Facebook takes to newspapers to teach UK users how to spot "fake news" (Ars Technica) "HP computer owners: Check for the MicTray Conexant keylogger" (Woody Leonhard via Gene Wirchenko) MUST READ "Open MIC" report: Corporate responsibility in an age of alternative facts -- with emphasis on Facebook and Google (Lauren Weinstein) China Is on Track to Fully Phase Out Cash (Motherboard) Sony PlayStation leads to the arrest of 15 member gang (Diomidis Spinellis) UK Telecomms Service Stopped by Bureaucracy (Chris Drewe) Crash with Impact (The New York Times) NYU Accidentally Exposed Military Code-Breaking Computer Project to Entire Internet (Sam Biddle) Confidential patient data breach at NYC's Bronx Leb Hospital (Data Breaches via danny burstein) Security Alert from Intel concerning Business-grade Processors with detection tool -- followup (Bob Gezelter) "Supply chain attack on HandBrake video converter app hits Mac users" (Lucian Constantin) The FCC says an attack -- not John Oliver -- hampered its website (The Washington Post) U.S. military cyber operation to attack ISIS last year sparked heated debate over alerting allies (The Washington Post) Re: Someone hacked every tornado siren in Dallas. It was loud. (Jim Reisert) Progress To Date on Deepwater Horizon (Earl Boebert) Re: The Lost Picture Show (Dimitri Maziuk, Gabe Goldberg, Brian Inglis, Jeff Jonas) Re: Man gets fined for discovering an engineering flaw (John Levine) Re: Senseless Government Rules Could Cripple the Robo-Car Revolution (Mike Spencer) Re: Bobby Tables and electoral fraud (Dave Horsfall, Kelly Bert Manning) RISKS 30.30 Monday 5 June 2017 Remote Air Traffic Control (BBC News via Steve Lamont) Robot Copilot Lands 737 (Mary Grady via Gabe Goldberg) "Catastrophic" IT failure grounds British Airways (Wendy M. Grossman) Untold story of QF72: What happens when 'psycho' automation leaves pilots powerless? (SMH via Gabe Goldberg) Berkeley duo's plan to solve traffic jams: hyper-fast lanes for self-driving cars (The Guardian via Dave Crocker) Starbucks store registers down in widespread outage (Fortune) Pacemaker device security audit finds 8,600 flaws, some potentially deadly (Gabe Goldberg) Red Light Cameras May Issue Some Tickets Using the Wrong Formula (WiReD) Chipotle Credit-Card Hack (Don Gilman) MasterCard Serbia asked ladies to share FB photos of, among other things, their credit card (Svedic via Gabe Goldberg) This 11-Year-Old Just Schooled Cybersecurity Experts By `Weaponizing' a Teddy Bear (Fortune) "Digital signature service DocuSign hacked and email addresses stolen" (John Ribeiro) Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users (Motherboard) How Twitter Is Being Gamed to Feed Misinformation (The New York Times) Is China Outsmarting America in A.I.? (The New York Times) Internet of Things: Status and implications of an increasingly connected world (GAO-17-75 via Diego Latella) "Yahoobleed" flaw that festered for years leaked private Yahoo Mail data (Ars Technica) OneLogin admits recent breach is pretty dang serious (TechCrunch) Software is forever..., Re: WannaCry (Wendy M. Grossman What Happens When Your Car Gets Hacked? (The New York Times) Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors (Michael Marking) Ransomware: FBI says pay up! (Alister Wm Macintyre) Alister William Macintyre, 8 Feb 1944 -- 17 May 17 (V.) Re: Bobby Tables ... SQL injection (Gene Wirchenko) Re: Malware and The Cloud (Peter Houppermans) Re: UK Telecomms Service Stopped by Bureaucracy (Wols) Re: The Lost Picture Show: Hollywood Archivists Can't Outpace Obsolescence (Gabe Goldberg) RISKS 30.31 Thursday 8 June 2017 Russian malware communicates by leaving comments in Britney Spears's Instagram account (BoingBoing) Russian Gang Hacked Slot Machines and Plotted Over Stolen Sweets (The New York Times) How the Trump-Russia Data Machine Games Google to Fool Americans (Paste) An Ad Network That Helps Fake News Sites Earn Money Is Now Asking Users To Report Fake News (BuzzFeed) How The Intercept Outed Reality Winner (ErrataSec) The Internet Is Where We Share -- and Steal -- the Best Ideas (The New York Times) Why We Lie: The Science Behind Our Deceptive Ways (National Geographic) While EU Copyright Protests Mount, the Proposals Get Even Worse (EFF) Re: Alleged engineer says red light cameras may misissue tickets (John Levine, Joseph Brennan) Re: Untold story of QF72: What happens when 'psycho' automation leaves pilots powerless? (Kelly Bert Manning) Re: Software is forever... Re: WannaCry (Geoffrey Keating) Re: Robot Copilot Lands 737 (Roderick A Rees) Re: What Happens When Your Car Gets Hacked? (David E. Ross) RISKS 30.32 Saturday 10 June 2017 How Russian Propaganda Spread from a Parody Website to Fox News (Neil MacFarquahar and Andrew Rossback) Securing our election systems? (Slate) Stolen Roambee property reports itself to owner (Mark Brader) Voice synthesis (Mark Brader) Internet cameras have hard-coded password that can't be changed (Ars Technica) UK police arrest man via automatic face-recognition tech (Ars Technica) Task force tells Congress health IT security is in critical condition (Ars Technica) Cyberattack on Britain's National Health Service -- A Wake-up Call for Modern Medicine (Monty Solmon) Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack (NYTimes) Sneaky hackers use Intel management tools to bypass Windows firewall (Ars Technica) Self-driving cars (Multiple items from Monty) Re: Robot Copilot Lands 737 (Andrew Duane) Re: Software is forever... Re: WannaCry (Paul Edwards) Re: What Happens When Your Car Gets Hacked? (Dimitri Maziuk, Lothar Kimmeringer) Re: Untold story of QF72: What happens when 'psycho' automation leaves pilots powerless? (John Levine, William Brodie-Tyrrell) RISKS 30.33 Wednesday 14 June 2017 Russian cyberhacks on the U.S. electoral system far wider than previously known (Michael Riley on Bloomberg) "Supreme Court to look at mobile privacy. Uh-oh." (Evan Schuman) Microsoft warns of 'destructive cyberattacks, issues new Windows XP patches (ZDNet) Four Ways Your Location Is Being Tracked Everywhere You Go (MakeUseOf) Hackers Hijacking Verified Accounts to Spread Fake News (Gizmodo) Algo stock trading on "fake news"? (John Carney via Henry Baker) WSJ ends Google users' free ride, then falls 44% in search results (Columbian) Turks Click Away, but Wikipedia Is Gone (The New York Times) The tech world is rallying around a young developer who made a huge embarrassing mistake (QZ) Healthcare ransomware and how we can climb out of this mess (Kevin Fu) Re: Software is forever (Arthur T.) Precise Documentation (David Parnas via PGN) RISKS-30.34 Saturday 24 June 2017 U.S., Russia, and Kaspersky (The Washington Post) Researcher finds Georgia voter records exposed on the Internet (Seattle Times) European Parliament Committee Recommends End-To-End Encryption For All Electronic Communications (TomsHardware) FCC makes net neutrality commenters' e-mail addresses public (Ars Technica) News Corp CEO attacks Google and more (Fox News) Hong Kong privacy watchdog blasts electoral office for massive data breach (SCMP) How hackers can steal your 2FA email account by getting you to sign up for another website (BoingBoing) Espionage suspect totally thought messages to Chinese intel were deleted (Ars Technica) Risks of Overflow Department (Slashdot via Chuck Weinstock) Y2K problem causes earthquake aftershock 92 years later (Henry Baker) Sundry items (Monty Solomon) Re: The tech world is rallying around a young developer who made a huge embarrassing mistake (Amos Shapir) Re: Voice synthesis (Richard Bos) David Owen: Air Accident Investigation: How science is making flying safer (Robert Dorsett) RISKS 30.35 Wednesday 28 June 2017 HMS Queen Elizabeth is 'running outdated Windows XP', raising cyberattack fears (The Telegraph) 32TB of Windows 10 internal builds, core source-code leak online (The Register) AES-256 keys sniffed in seconds using E200 of kit a few inches away (The Register) Google's Elite Hacker SWAT Team vs. Everyone (Fortune) Easiest Path to Riches on the Web? An Initial Coin Offering (NYTimes) FCC investigating unlawful transactions after contractor takes ownership of 40-plus towers (WirelessEstimator) Europe has been working to expose Russian meddling for years (The Washington Post) Trump's Lies (NYTimes) Complex Petya-Like Ransomware Outbreak Worse than WannaCry (ThreatPost) Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) Transition problem for mailservice cutover (Steven Barryte) Re: Y2K problem causes earthquake aftershock 92 years later (Amos Shapir) RISKS 30.36 Friday 7 July 2017 U.S. lottery rigged, then payout used for offshore tax scam (Jose Maria Mateos) "In touching tribute to Samsung Note 7, fidget spinners burst in flames" (Shaun Nichols) Security of US nukes now an official secret (Robert Burns) IoT goes nuclear: creating a ZigBee chain reaction (Ronen) Volvo admits its self-driving cars are confused by kangaroos (The Guardian) Data glitch sets tech company stock prices at $123.47 (The Verge) Cyberattackers Find Fertile Proving Grounds (Sheera Frenkel) Researchers Found They Could Hack Entire Wind Farms (WiReD) Skylake, Kaby Lake chips have a crash bug with hyperthreading enabled (Ars Technica) CopyCat malware infected 14 million outdated Android devices (CNET) Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows (The New York Times) NHS doctors use Snapchat to send patients' scans (The Telegraph via Chris Drewe) Happy 4th of July! Show Us Your Papers: Comm. on Election Integrity (The New York Times) Staying humble is key to staying safe, says Israel's cyber chief; electoral system is secure! (Times of Israel) CCC Russia-Proofing Germany's Elections (Bloomberg via PGN) Re: Government meddling, election hacks and sundry items (EyeOnCanada) Trump's attempt to obtain and make public California voter records (Lauren Weinstein) Science division of White House office no longer staffed: report (Brandon Carter) Republicans want to open U.S. roads for testing self-driving cars (Recode) "This Burger King Ad Forces Your Google Home Device To Tell You About Whoppers" (Mary Beth Quirk) AT&T is reinstating their plan to spy on you unless you pay extra (PrivateInternetAccess) Vindicated: I am not the memory hog (Dan Jacobson) Re: Western tech firms bow to Russian demands to share cyber secrets (Martin Ward) Re: Y2K problem causes earthquake aftershock 92 years later (Lothar Kimmeringer) RISKS 30.37 Friday 14 July 2017 DIY devices let car owners add autonomous features to vehicles (Carolyn Said via PGN) Kaspersky in the crosshairs (Engadget) Requested voter details may be gold for cybercriminals (John Wildermuth) On the request for states to provide all personal info on voters (The Washington Post) FTC Halts Operation That Unlawfully Shared and Sold Consumers' Sensitive Data (FTC) Two Former Employees of House Member Indicted On Federal Charges in Cyberstalking Case (DoJ) The White House just posted the emails of critics without censoring sensitive personal information (Vox via Lauren Weinstein) Beware of a new scam involving "relatives" and gift cards (CBS) Computerization and overnight train service (Mark Brader) Why fact-checking 'fake news' stories is a waste of time (WeForum) Web gets built-in copy protection hooks with a few key flaws (Engadget) "Charging Phone Kills 14-Year-Old Girl in Bathtub" (Harriet Sinclair) Funny how these articles are all the same... (Gabe Goldberg) Woman's selfie causes $200,000 of damage to LA art exhibit (Pamela Ng) FDA Deal Would Relax Rules on Reporting Medical Device Problems (The New York Times) Judges refuse to order fix for court software that put people in jail by mistake (Ars Technica) Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts (UpGuard) Backdoor built in to widely used tax app seeded last week's NotPetya outbreak (Ars Technica) Hackers have been stealing credit card numbers from Trump's hotels for months (The Washington Post) Everybody lies: how Google search reveals our darkest secrets (The Guardian) Re: Volvo admits its self-driving cars are confused by kangaroos (Dave Horsfall) Re: Western tech firms bow to Russian demands to share cybersecrets (Anthony Youngman) Press kits or other publications on thumb drives? (Gabe Goldberg) RISKS 30.38 Monday 17 July 2017 A Solar Eclipse Could Wipe Out 9,000 Megawatts of Power Supplies (Bloomberg) Massachusetts tax system blocks payments, sends refunds in error (MassLive) The AlphaBay Takedown Sends Dark Web Markets Reeling (WiReD) Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts (UpGuard) How Fake News Goes Viral -- Here's the Math (Scientific American) While Some Cry 'Fake,' Spotify Sees No Need to Apologize (The New York Times) Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network' (Gizmodo) Elon Musk says preventing a 'fleet-wide hack' is Tesla's top security priority (Electrek) Weekend Video Extra: A Prescient Warning re: AI and Robotics, from 1956! (Lauren Weinstein) Your pacemaker is spying on you (Mark Thorson) Leaping Kangaroos (Anthony Thorn) Paper ballots (Tom Donilon) To avoid cyberattacks, Israel urged to manually count election results (Haaretz) UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials (The Washington Post) Re: Western tech firms bow to Russian demands to share cybersecrets (Martyn Thomas) Re: DIY devices let car owners add autonomous features to vehicles (Simon Wright) Re: Funny how these articles are all the same (Jonathan Levine) Re: Press kits or other publications on thumb drives? (Kelly Bert Manning) Review: "Twitter and Tear Gas," by Zeynep Tufekci (Bruce Schneier) RISKS 30.39 Saturday 22 July 2017 Authorities shut down two black markets on the Darknet (NYTimes) On Reddit, Intimate Glimpses of Addicts in Thrall to Opioids (NYTimes) To tackle online crime, Israel approves web censorship law (Times of Israel) Uber and Airbnb Want To Tap Into India's Massive and Controversial Biometric Database (Gizmodo) FBI To Parents: Watch Out For Kids' Privacy With Internet-Connected Toys (Consumerist) Wifi Webcam TENVIS sends all it knows to dvripc.cn (turgut kalfaglu) PSA: Update iPhones/iPads to iOS 10.3.3 now to fix serious wifi vulnerability allowing attacker complete control (geoff goodfellow) Watch a Homemade Robot Crack a Safe in Just 15 Minutes (WiReD) TV computer weather animation proves global warming (YouTube) Risks of hoarding vulnerabilies (Belfer Center et al.) 9-year standoff between Ireland's DP Commissioner & Statistics Office (Bernard Lyons) Mixed standard output and error streams (Diomidis Spinellis) Connected cars -- where to attack first? (FPF) Ransomware attack puts KQED in low-tech mode (San Francisco Chronicle) Facebook fights fake news spread via modified link previews (TechCrunch) Re: Charging Phone Kills 14-Year-Old Girl in Bathtub" (Paul Fenimore) Re: Your pacemaker is spying on you (Rich Wales) Re: Western tech firms bow to Russian demands to share cybersecrets (Anthony Youngman, Martin Ward, Anthony Youngman) Re: Press kits or other publications on thumb drives? (Geoffrey Keating, Ivan Jager, Kelly Bert Manning) Re: Leaping Kangaroos (Dave Horsfall, Amos Shapir) Power outages caused by squirrels vs. kangaroos to date (PGN) RISKS 30.40 Friday 28 July 2017 Keen Lab hackers managed to take control of Tesla vehicles again (Electrek) Russian parliament bans use of proxy Internet services, VPNs (SacBee) Hackers undermine Russia's attempts to control the Internet (Alex Luhn roundabout via Geoff Goodfellow) Hackers plan to break into 30 voting machines to put election meddling to the test (USA Today) Facebook helped blunt Russian meddling in French elections (Engadget) World's most hi-tech voting system raises cyber-defences (Irish Examiner) China WhatsApp crackdown only scratches surface of worsening Internet censorship (CNN) A smart fish tank left a casino vulnerable to hackers (CNN) Beijing Wants AI to Be Made in China by 2030 (The New York Times) Chinese Mind-Reading Computer Moves Closer to Reality (Patrick Nelson) Myopic CEO perspective, I think (Gabe Goldberg on Fortune item) 45,000 Facebook Users Leave One-Star Ratings After Hacker's Unjust Arrest (Bleeping Computer) Wisconsin Company to Implant Microchips In Employees (KSTP via Gabe Goldberg) Chicago festival to mark Pokemon Go anniversary goes awry (San Francisco Chronicle) Massive Privacy Breach: Wells Fargo Accidentally Releases Trove of Data on Wealthy Clients (NYTimes) Roomba's Next Big Step Is Selling Maps of Your Home to the Highest Bidder (Gizmodo) Student denied loan due to namesake (Amos Shapir on BBC item) Bugs in popular hacker tools open the door to striking back (WiReD) Three Square Market microchips its employees (prlog via Steve Lamont) Pile driver vs. underground high-voltage cable. Oops (News Observer via danny burstein) Sweden drenched by "The Cloud" (Rick Falkvinge) Re: Leaping Kangaroos (3daygoaty) Re: 'Energy firms can switch off your freezer for a few minutes at night' (Chris Drewe) Re: Bloomberg: A Solar Eclipse Could Wipe Out 9,000 Megawatts of Power Supplies (Kelly Bert Manning) Re: Wifi Webcam TENVIS sends all it knows to dvripc.cn (David Alexander, Rob Slade) Re: Western tech firms bow to Russian demands to share cybersecrets (Martin Ward) NEC updates are like software updates (Re: Charging Phone Kills 14-Year-Old Girl in Bathtub, Burton Strauss III) RISKS 30.41 Tuesday 1 August 2017 Watch: Hackers Demonstrate How to Crack Into Electronic Voting Machines in Minutes (Luly Friesdat) Security This Week: The Very Best Hacks From Black Hat and DEF CON (WiReD) The Hacking Wars Will Get Worse (Adam Segal) UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption (Business Insider) Putin passes law that will ban VPNs in Russia (TechCrunch) Queensland Police want to listen through your fridge (Brisbane Times via Henry Baker) Amazon suspends sales of Blu phones due to privacy concerns (CNET) These cheap phones come at a price -- your privacy (CNET) HBO is hacked, and Game of Thrones episodes may have leaked out (The Washington Post) Senate launches bill to remove immunity for websites hosting illegal content, spurred by Backpage.com (The Washington Post) Illegal and undocumented instructions (Koehntopp) Iranians Use 'Cute Photographer' Profile To Hack Targets In Middle East (Slashdot) Amazon Echo as a spy device -- with significant limitations (Android Guys) AI defeats anti-virus (The Register) Killer Car Wash: Hackers Can Trap and Attack Vehicles (Fortune via Gabe Goldberg) Google's new program to track shoppers sparks a federal privacy complaint (The Washington Post) "Google, Personal Information, and Star Trek" (Lauren Weinstein) Apple Removes Apps From China Store That Help Internet Users Evade Censorship (The New York Times) Cars Suck Up Data About You. Where Does It All Go? (The New York Times) Re: Keen Lab hackers ... take control of a Tesla ... (Gary Hinson) Re: Myopic CEO perspective, I think (Gene Wirchenko) Re: NEC Updates like software updates (R. G. Newbury) Re: Mass. maker of Roomba isn't going to sell your data, after all (Monty Solomon) RISKS 30.42 Monday 7 August 2017 Siemens, DHS warn of "low skill" exploits against CT and PET Scanners (Ars Technica) U.S. Senate is going to help improve security of the IoT (Don Gilman) U.S. Army reportedly asks units to stop using DJI drones, citing cybersecurity concerns (The Verge) 200-Terabyte Proof Demonstrates the Potential of Brute-Force Math (Michael Byrne) Amazon Echo vulnerability allows hackers to eavesdrop with always-on microphone (Apple Insider via geoff goodfellow) 'Anonymous' browsing data can be easily exposed, researchers reveal (The Guardian) 21 Technologies Transforming Software Development (Peter Wayner) "The Death of Ruby? Developers Should Learn These Languages Instead" (Alison DeNisco) China holds drill to shut down 'harmful' websites (Reuters via Suzanne Johnson) HBO Security Contractor: Hackers Stole 'Thousands of Internal Documents' (Variety) Stolen nude photos and hacked defibrillators: is this the future of ransomware? (The Guardian) Uber drivers gang up to cause surge pricing, research says (The Telegraph) Wells Fargo faces lawsuits, angry lawmakers over car lending (WashPost) "How can we stop algorithms telling lies?" (Cathy O'Neil via PGN) Grandpa Had a Pension. This Generation Has Cryptocurrency. (NYTimes) Cybersecurity Researcher Hailed as Hero Is Accused of Creating Malware (NYTimes) Have Smartphones Destroyed a Generation? (The Atlantic) More than 1 in 5 travelers knowingly or unknowingly carried prohibited items onto aircraft, survey finds (WashPost) "Beware the Browser Extensions Privacy Trap!" (Lauren Weinstein) Site tracks Russian Propaganda on Social Media (Dashboard) Hacker who stopped WannaCry charged for writing banking malware (WiReD) To Protect Voting, Use Open-Source Software (Woolsey and Fox) Fishy circumstances cause power outage in Seattle (Dyer Oxley) Re: Leaping Kangaroos (Paul Edwards) Re: somebody else's computer, in another country (Kelly Bert Manning) Re: NEC Updates like software updates (William Brodie-Tyrrell) Re: Iranians Use 'Cute Photographer' Profile To Hack Targets in Middle East (Amos Shapir) RISKS 30.43 Monday 14 August 2017 Scientists Fear Trump Will Dismiss Blunt Climate Report (Rich Kulawiec) How the Indiana GOP Used Uneven Early Voting Rules to Tamp Down Democratic Votes (Ed Kilgore) Russian Cyberattack Targeted Elections Vendor Tied To Voting-Day Disruptions (NPR) Former MI5 chief warns against cracking dowm on encryption (The Guardian) UK Law Proposal to Criminalize Re-Identification of Anonymized User Data (Bleeping Computer) VPN Provider Accused of Sharing Customer Traffic With Online Advertisers (Bleeping Computer) Internet Archive blocked by government of India (Medianama) Apple's troubles in China have just started, after it removed more than 400 VPN apps (Sundry) Botched Firmware Update Bricks Hundreds of Smart Door Locks (Catalin Cimpanu) "Driverless" van in Virginia (Mark Thorson) HPE's future for us (Insights) Is LIBOR, Benchmark for Trillions of Dollars in Transactions, a Lie (Matt Taibbi) Malicious code written into DNA infects the computer that reads it (Devin Coldewey) The Guy Who Invented Those Annoying Password Rules Now Regrets (Gizmodo) AWS EBS SNAPSHOTS (nvteh) UK Airlines and rail companies face huge fines for IT meltdowns (The Telegraph) Cyberattack on UCLA server potentially accesses student information (Daily Bruin) Bruce Springsteen Is Bringing His Music and His Memories to Broadway (The New York Times) Secrets of Silicon Valley - the Persuasion Machine (Brian Randell) Re: The Death of Ruby? Developers Should Learn These Languages (Kelly Bert Manning) Re: Mozilla launches new effort to counter fake news (Jonathan M. Smith) Re: Fishy circumstances cause power outage in Seattle (Michael Bacon) RISKS 30.44 Thursday 31 August 2017 U.S. National Infrastructures (Henry Petroski via PGN) Taiwan Grid Outage Caused By Human Error (Rob Wilcox) Pacemaker firmware updates (Peter Gregory) Donald Trump's cybersecurity advisers resign, warning of 'insufficient attention to the growing threats' (Chris Baynes) FBI pushes private sector to cut ties with Kaspersky (CyberScoop) WikiLeaks Turned Down Leaks on Russian Government During U.S. Presidential Campaign (Foreign Policy) The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard (Trend Micro) Quebec man fights back after dealer remotely disables car over $200 fee (CBC) Yu Pingan arrested for involvement in hacking OPM (Gizmodo) US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records (Gizmodo) DreamHostStatus.com forgot to use separate nameservers (Dan Jacobson) Cracked screen => cracked security? (Dan Goodin) Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency (The NYTimes) Google Accidentally broke the Internet throughout Japan (Engadget) Apple, Facebook, Google and others sign brief concerned about warrantless location tracking (Roger Fingas) "Even Artificial Neural Networks Can Have Exploitable 'Backdoors'" (WiReD) `Devil's Ivy' Is Another Wake-Up Call for IoT Security (Threatpost) US Army backing off a bit from its decision regarding sUAS usage (Gary Mortimer) Aero-ease (Aeon) 98.5% of unique net neutrality comments oppose Ajit Pai's anti-Title II plan (Ars Techica) Risks of IBAN checksums (Paul van Keep) Ethereum Hack (Bruce Schneier) I knew what you were going to do next: AI learns from pro gamers, then crushes them (The Washington Post) How Peter Thiel's Secretive Data Company Pushed Into Policing (WiReD) From Isaac Asimov to Aimee Mann, 'robophobia' plagues humans (WashPo) Carl Sagan in 1995 (Rich Kulawiec) UK Today's Roads Aren't Good Enough for Driverless Cars (Chris Drewe) Uh oh -- too easy to confuse self-driving cars (IEEE Spectrum via Gabe Goldberg) Re: "Driverless" van in Virginia (Don Norman) Re: Is LIBOR, Benchmark for Trillions of Dollars in Transactions, a Lie? (Amos Shapir) Re: The Death of Ruby? Developers Should Learn These Languages Instead (Amos Shapir) Re: Botched Firmware Update Bricks Hundreds of Smart Door Locks (Michael Bacon) Re: Microchipping employees (David Randolph) Lindsay Marshall named UK National Teaching Fellow (PGN) RISKS 30.45 Tuesday 5 September 2017 West Air CRJ accident involved two different causes (PGN) Kaspersky: The Cyber Insecurity Company (Jeanne Shaheen) Russian Election Hacking Efforts, Wider Than Previously Known, Draw Little Scrutiny (Nicole Perlroth et al.) How Russian & Alt-Right Twitter Accounts Worked Together to Skew the Narrative About Berkeley (Caroline O.) Ice-cold Kaspersky shows the industry how to handle patent trolls (The Register) Open-source voting in San Francisco? (Dominic Fracassa) Millions of Time Warner Cable Customer Records Exposed in Third-Party Data Leak (Gizmodo) Internet Censorship Bill Would Spell Disaster for Speech and Innovation (EFF) Hacking Retail Gift Cards Remains Scarily Easy (WiReD) Radio Hacker Interrupts Police Chase in Australia (Bleeping Computer) US government: We can jail you indefinitely for not decrypting your data (The Register) Risks of biometrics: man with no arms refused by bank demanding fingerprints (NBC News) Re: Wisconsin Company to Implant Microchips In Employees (Richard A. O'Keefe) Re: Microchipping employees (John Levine) Re: Cracked screen => cracked security? (Richard Bos) Re: Is LIBOR, Benchmark for Trillions of Dollars in Transactions, a Lie? (Michael Bacon) Password: hint: birthday (Dan Jacobson) RISKS 30.46 Monday 11 September 2017 Equifax Hack May Expose Data of 143 Million Users (Polly Mosendz) More info on Equifax breach (Lauren Weinstein) PSA: no matter what you write, Equifax may tell you you've been impacted by the hack (TechCrunch) Hurricane Harvey Knocked Out Cell Service. Now Calls for Backup Wireless Power Are Rising (Fortune) Fake Russian Facebook Accounts Planted $100,000 in Political Ads (Vindu Goel and Scott Shane) Fake Facebook 'like' networks exploited code flaw to create millions of bogus 'likes' (Elizabeth Weise) Facebook Wins, Democracy Loses (NYTimes) Virginia scraps touchscreen voting machines (Morgan Chalfant) A huge solar flare temporarily knocked out GPS communications (Engadget) Apple and Google Fix Browser Bug. Microsoft Does Not. (Bleeping Computer) Dogwhistle ultrasound returns in a new guise (The Verge) India's Supreme Court ruled that privacy is a constitutional right (Menaka Guruswamy) 'Game of Thrones' was pirated more than a billion times -- far more than it was watched legally (The Washington Post) 10 minutes of silence storms iTunes charts thanks to awful Apple UI (The Register) RISKS 30.47 Friday 29 September 2017 NTSB: Tesla's Autopilot UX a "major role" in fatal Model S crash (Ars Technica) Deloitte joins the club of the massively hacked (The Guardian) In spectacular fail, Adobe security team posts private PGP key on blog (Ars Technica) Distrustful U.S. Allies Force NSA to Back Down in Encryption Fight (Joseph Menn) Propaganda flowed heavily into battleground states around election, study says (WashPo) PC-Wahl in the German elections (Chaos Computing Club via PGN) Yet another trove of sensitive US voter records has leaked (ZDNet) See The Fake End-Of-World Broadcast That Panicked Southern Cal (Patch) RT, Sputnik and Russia's New Theory of War (NYTimes) U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage (WashPo) Facebook and Russian Ads (The Guardian) 4-10% of encrypted web connections are man-in-the-middled and intercepted (BoingBoing) Forget Your Password, Go to Jail (ITKE via Gabe Goldberg) Failure to patch two-month-old bug led to massive Equifax breach (Ars Technica) Equifax's Maddening Response (Zeynep Tufekci) Equifax hacked well before it was disclosed (TechCrunch) Equifax Says CIO, Chief Security Officer to Leave After Breach )Blookberg) Equifax victims may face another hassle in buying an iPhone (StarTribune) A new website lets you automatically sue Equifax with a click (Chuck Petras) Stay away from Equifax sites! (Lauren Weinstein) Billions of devices imperiled by new clickless Bluetooth attack (Ars Technica) BEWARE/HEADS UP vis-a-vis Bluetooth & Wi-Fi can't be fully disabled via iOS 11 Control Center (Apple Insider) Blockchains Technology in Finance (IEEE) Risks of geolocation (paul wallich) Re: UK Banks, etc. to check account-holders' residence eligibility (Chris Drewe) Re: Hurricane Harvey Knocked Out Cell Service... (Wols) Judge dismisses libel lawsuit filed by self-proclaimed e-mail inventor (ArsTechnica) An open letter to the W3C Director, CEO, team and membership (EFF) Letter from indigenous Mexican man who was denied a US visa to receive an award for Internet development (BoingBoing) RISKS 30.48 Thursday 19 October 2017 Drone collides with passenger jet (Digital Trends) Airports Worldwide Are Hit by Delays After Software Outage (NYTimes) Medical IoT device woes (Business Insights) DHS and vendor warn on automotive cyberflaws (FCW) WPA2 KRACK: Key Re-installation attACK (PGN) Millions of high-security crypto keys crippled by newly discovered Infineon flaw (Ars Technica) Russia Tried to Use Pokemon Go to Destabilize U.S. Election (Variety) Politico's Morning Cybersecurity on voting machines (PGN) Hacker study: Russia could get into U.S. voting machines (Politico) Yet Another Russian Hack of the NSA, with Kaspersky's Help (Bruce Schneier) Russia Turned Kaspersky Software Into Global Spying Tool (WSJ) Israel hacked Kaspersky, tipped off NSA (WashPo) Russia's Use of Antivirus Software to Spy on the U.S. Shows Why We Need Strong Encryption (Slate) RT, Sputnik, and Russia's New Theory of War (NYTimes) North Korea hacking Sony (NYTimes) HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon (Reuters) More on the Deloitte hack (The Guardian) Wireless Emergency Alert System Nationwide No-Op (WashPo) "The Coming Software Apocalypse" (James Somers) Accenture exposes data to public (SMH) Amazon's Echo Spot is a sneaky way to get a camera into your bedroom (The Verge) Ads don't work so websites are using your electricity to pay the bills (The Guardian) Stolen phones unlocked through a phishing attack (Diomidis Spinellis) Dubai airport's new virtual aquarium tunnel scans your face as you walk through it (The National) Microsoft's Nadella Wants to Help Coders Take a Quantum Leap (WiReD) Informed delivery is stalker's dream (Brian Krebs via Paul Fenimore) Internet Regulator Delays Key Security Feature Update Because of Lazy ISPs (Bleeping Computer via Gabe Goldberg) Use This USB Drive Trick to Secure Your Laptop in Public -- or Anywhere Else (MakeUseOf) Google and Facebook Failed Us (The Atlantic) Facebook is introducing new protections for profile pictures for users in India (The Verge via Dan Jacobson) Google builds the Babelfish (QZ via Mark Thorson) How a Fire Alarm Caused a Glitch for Microsoft's Azure Cloud (Fortune) Faulty data center takes out Sourceforge (The Register) Wikipedia deletions: make my day (Dan Jacobson) Google changes the target when you click down (Chromium) Re: Propaganda flowed heavily into battleground states around election (Mark Kramer) Re: Yet another trove of sensitive US voter records leaked (Michael Kohne) Re: UK Banks, etc. to check account-holders' residence eligibility (Michael Bacon, Anthony Youngman) Re: Forget Your Password, Go to Jail (Amos Shapir) Re: 'Game of Thrones' was pirated ... (Kelly Bert Manning) RISKS 30.49 Tuesday 7 November 2017 Airports Worldwide Are Hit by Delays After Software Outage (NYTimes) NYPD claims to have incompetent sysadmins (Ed Ravin) AirBnB monopolizing and forcing incorrect currency conversions (Toby Douglass) To Survive the Streets, Robocars Must Learn to Think Like Humans (WiReD) Palestinian Man Arrested After Facebook Auto-Translates 'Good Morning' as 'Attack Them' (Gizmodo) Fixing cities' data privacy potholes (Insights) Apple's Machine Learning Engine Could Surface Your iPhone's Secrets (WiReD) A Bug in a Popular Maritime Platform Left Ships Exposed (WiReD) Corrected monitor resolution, pinup model no longer slim (Dan Jacobson) Risks of being interrupted while using Siri to comment online (NYTimes via David Tarabar) Denver Art Museum warns donors, members, employees after sensitive data breach (John Wenzel) Even lower chances of winning the lottery (Jeremy Epstein) Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects (Bleeping Computer) Technology seeks to preserve fading skill: Braille literacy (WashPo) Fundamental problems with the Infineon crypto library (Ars via PGN) Taser Company Ignored SEC Emails Because They Were In a Spam Folder (Bloomberg via Gabe Goldberg, Lauren Weinstein) USS John S McCain (Dick Mills) Stuxnet-style code signing is more widespread than anyone thought (Ars Technica) Medical device security (Mark Thorson) Inside story: How Russians hacked the Democrats emails (WashPo) Estonia freezes resident ID cards due to security flaw (Engadget) The 2020 census is in big trouble. Here's how we got here (ThinkProgress) Hackers prey on home buyers, with hundreds of millions of dollars at stake (WashPo) Re: North Korea hacking Sony (Michael Bacon) Re: Wikipedia deletions: make my day (Denis Bloodnok) Re: UK Banks, etc. to check account-holders' residence eligibility (Peter Houppermans, Tom Gardner) Google exec: Our society is in real jeopardy (Gerhard Eschelbeck) Susan Landau: Listening In: Cybersecurity in an Insecure Age (PGN) RISKS 30.50 Wednesday 22 October 2017 Warning to Humanity (The Sun) Singapore MRT signaling fault injures 29 (Straits Times via Richard M Stein) How Level 3's Tiny Error Shut Off the Internet Parts of the US (HighTechForum) A major vulnerability has frozen Ethereum $ hundreds of millions (FlipBoard) $300M cryptocurrency "accidentally killed" after bad software patch (ParityTech) One Bitcoin Transaction Now Uses as Much Energy as Your House in a Week (Christopher Malmo) Cops raid German bloke's house after his Alexa music device held a party on its own -- while he was out (Amazon Grace) Russia used 150,000 Twitter accounts to meddle in Brexit (BoingBoing) Facebook admits that Ruskies interfered with UK Brexit vote (Buzzfeed) Russian 'Proof' That the US Is Helping ISIS Is Actually From a Video Game (Gizmodo) Homeland Security team remotely hacked a Boeing 757 (CSO) Facebook is asking users to upload nudes to stop revenge porn online (TechWorm) MINIX: Intel's in-chip operating system (ZDnet) USB Exploit Affects Nine Years of Intel Processors (ITProToday) Hacker Erases 30 Million Files From CA Transit System... Took Over Computers, Demanded Ransom (CBS) Eavesdropper Flaw Exposes Millions of Call Texts and Recordings (Hackread) Following Equifax breach, CEO doesn't know if data is encrypted (SearchSecurity) On the Equifax Breach (Bruce Schneier) Senators push to ditch Social Security numbers in light of Equifax hack (TechCrunch) Stuxnet-style code signing is more widespread than anyone thought (Dan Goodin) Pentagon's hacker disclosure program defangs 2,800 security flaws (Joe Uchill) Security Breach and Spilled Secrets Have Shaken the NSA to its Core (The New York Times) Uber drivers in Lagos are using a fake GPS app to inflate rider fares (QZ) Uber Paid Hackers to Delete Stolen Data on 57 Million People (Eric Newcomer) Jailbreaking your connected coffee machine: The idiocy of things (ZDnet) How Are ATMs Exploited? An Update on ATM Malware Methods (Security Intelligence) Remote Unauthenticated DoS in Debut embedded httpd server used by Brother printers (TrustWave) Verizon Asks the Federal Communications Commission to Prohibit States from Protecting User Privacy (EFF) CAST Research on the State of Software Security Reveals Riskiest Applications (GlobeNewsWire) Asus Zenfone 3 botched update (Dan Jacobson) Strings embedded in the web page (Dan Jacobson) Epson is Using its eBay "Trusted Status" to Make Competing Ink Sellers Vanish (EFF) Logitech to shut down service and support for Harmony Link devices in 2018 (Ars Technica) Twitter officially expands its character count to 280 starting (Techcrunch via Gabe Goldberg) Re: Even lower chances of winning the lottery (Amos Shapir) Re: Taser Company Ignored SEC Emails ... In a Spam Folder (Mark Kramer) Re: Tasers, Preying on home buyers (Chris Drewe) RISKS 30.51 Wednesday 19 December 2017 ATL Hartsfield-Jackson Airport loses all power (CNN) A more mundane air travel risk (Jeremy Epstein) Claims container ship's navigation system "hacked" (danny burstein) Commentary on the risks of technology and climate change (Rob Slade) When is Big Automation Too Big for Comfort? (DevOps.com) Apparent Google update glitch disconnects student Chromebooks in schools across the U.S. (Geekwire) Former Facebook exec says social media is ripping apart society (The Verge) Hackers halt plant operations in watershed cyber-attack (Jim Finkle) Searchable database of 1.4 billion stolen credentials found on dark (Steven Cheung) World's biggest botnet sends 12.5 MILLION emails containing ransomware... (Daily Mail via Geoff Goodfellow) Department of Homeland Security finds government mobile apps lack (Rob Wilcox) Fun with blockchain (MakeUseOf) Initial Coin Offerings Horrify a Former SEC Regulator (The NYTimes via Gabe Goldberg) Bitcoin Exchange Youbit to Declare Bankruptcy After Hack (Coindesk) Bitcoin Investors Resort to Hypnotherapy to Recover Passwords (Fortune) Ethereum cryptocurrency choking on purchases of virtual cats (Taipei Times) Many Consumers Lack Understanding of Basic Cyber-Hygiene (Tenable) McLean-Based Hilton to Begin Rolling Out High-Tech "Connected Rooms" (Gabe Goldberg) Crooks Cash in Stolen Rewards Points for Flights and Hotels (Fortune) Microsoft Researcher Details Real-World Dangers of Algorithm Bias (Gizmodo) Experts Warn: Terrorists Could Kill Millions by Remotely Hacking (Gabe Goldberg) Dangers of dynamic road trip mapping applications (danny burstein) Large wildfires vs. navigation apps for drivers (David Tarabar) iOS 11 leaves iOS devices more vulnerable to edge-case attacks, says phone-cracking company ElcomSoft (9to6mac via Geoff Goodfellow) Want to break into a house? Just type in its address... (Dave Horsfall) Improving election integrity/security/??? (Politico) The Germans have no word for "Entscheidungsproblem" (Catalin Cimpanu via Henry Baker) Have You Ever Felt Sorry for the IRS? Now Might Be the time (The NYTimes) Car theft "relay crime" (Sky) More Than a Third of Federal Websites Just Failed a Major Security (Fortune) NSF-funded research on vehicular social networking (Ross Stapleton-Gray) Researchers craft Android app that reveals to find horrific menagerie of hidden spyware; legally barred from doing the same with iOS (Cory Doctorow) Overseas customers left behind in clearXchange to Zelle conversion (Dan Jacobson) Wrong number: Are Israel's phone companies systematically overcharging (Gabe Goldberg) Warn that results are not necessarily in order (Dan Jacobson) Upside of multiple-choice security questions (Ed Ravin) You can log into macOS High Sierra as root with no password (The Register) Feds in Two Minds About Artificial Intelligence Defense (Meritalk) Australian man uses snack bags as Faraday cage to block tracking by employer (Sean Gallagher) White House Weighs Personal Mobile Phone Ban for Staff (Bloomberg) Re: Singapore MRT signaling fault injures 29 (Richard M Stein) Re: Web Browser JavaScript Woes (Chris Drewe) Re: Taser Company Ignored SEC Emails ... In a Spam Folder (John Levine, Mark Kramer) Re: Are you aware that Comcast is injecting 400+ lines of JavaScript (geoff goodfellow) RISKS 30.52 Tuesday 26 December 2017 Calif fires? Electrical utility "reclosers" may have contributed (IEEE Spectrum via danny burstein) The Unstoppable Momentum of Self-Driving Cars ("Laurie" via Gabe Goldberg) "Google Home is Leaving Elderly and Disabled Users Behind" (Lauren Weinstein) Section 230 of the Communications Decency Act (David Magda) Quantum Computing Is the Next Big Security Risk (WiReD) Navigation Apps Are Turning Quiet Neighborhoods Into Traffic Nightmares (Lisa Foderaro) Re: Large wildfires vs. navigation apps for drivers (Amos Shapir) Uber offers bug bounty College Students Come up With Plug-In to Combat Fake News (USNews via (Lauren Weinstein) Privacy Complaints Mount Over Phone Searches at U.S. Border Since 2011 (The New York Times) Claims container ship's navigation system "hacked" (John C. Bauer) Re: When is Big Automation Too Big for Comfort? (Martin Ward, Terje Mathisen) Re: The hotel of the future, High-Tech "Connected Rooms" (John Levine, Gabe Goldberg) RISKS 30.53 Thursday 18 January 2018 Are Implanted Medical Devices Creating A 'Danger Within Us'? (NPR via Richard M Stein) Russia admits $45m satellite launch failed because programmers put in co-ordinates for the WRONG launch site (Daily Mail) Phoenix Pay System Disaster Continues (John C. Bauer) Ernst & Young report on Vancouver Island iHealth project mismanagment (Kelly Bert Manning) Erie, PA household electric bill for US$ 284B (WashPo) Programming error results in too many winning lottery tickets (The State via Steve Golson) 500 rupees, 10 minutes, and you have access to billion Aadhaar details (The Tribune India via Prashanth Mundkur) Massive security breach in India (Mark Thorson) Who's liable in driverless train accident? (The Straits Times) "LA-Tokyo flight turns back after passenger 'boards with wrong ticket'" (BBC) Rise of the Robo-Judge (Dan Jacobson) Hawaiian False Missile Alert Command Confirmation Bias Strikes Again (NYTimes et al.) War Risk 2018 with North Korea (Rob Wilcox) Drones keep entering no-fly zones over Washington, raising security concerns (WashPo) What Happens If Russia Attacks Undersea Internet Cables (WiReD) New Rules Announced for Border Inspection of Electronic Devices (Gabe Goldberg) Is the Answer to Phone Addiction a Worse Phone? (NYTimes) Apple said a software problem caused its heating system to break, which caused icicles to form on the roof of its Chicago store (Gabe Goldberg) Meltdown/Spectre/GoogleZero (The Verge) Microsoft's patches brick AMD PCs (Money via Barry Gold) Antivirus: the perfect spying tool!! (Nicole Perlroth) Infected USB sticks handed out at security conference (Taipei Times) Cybersecurity in self-driving cars: University of Michigan releases threat identification tool (Mike Chinni) BlackBerry Jarvis Checks Autonomous Car Software for Security Flaws (EWeek) Firms buy insurance 'in mad panic' as cyber-attacks soar (BBC) Health Care Is Hemorrhaging Data. AI Is Here to Help (WiReD) Romanian Hackers Compromised DC Security Cameras Prior to Inauguration (TRK) Indiana Hospital Hacked for Ransom: An Argument for Decentralized Data Dan Jacobson) Chanticleer to use blockchain for its rewards program (Gabe Goldberg) How to lose $8k worth of bitcoin in 15 minutes with Verizon and Coinbase.com (Dan Jacobson) Egypt's grand mufti says bitcoin 'forbidden' by Islam (The Times of Israel) How The Banks Bought Bitcoin (Lightning Network) Your Mother's Maiden Name Is Not a Secret (NYTimes) Risks of not using a bookstore? (Newsweek) Why you'll fire Siri and do the job yourself (ComputerWorld) Always allow removing comments (Dan Jacobson) Five copyright claims against youtube video of white noise (BBC via Mark Thorson) The Geography of Risks (Spencer Cheng) How Adding Accelerometers to Keys Will Thwart Car Thieves (IEEE Spectrum) Re: The Unstoppable Momentum of Self-Driving Cars (Amos Shapir) Re: Vehicle Satellite Navigation (Chris Drewe) RISKS 30.54 Saturday 10 February 2018 Dutch agencies provide crucial intel about Russia's interference in US-elections (volkskrant) DHS exec: Russians penetrated US voter registrations in 2016 (NBC) German shock at car exhaust tests on humans and monkeys (bbc.com) "Ten Monkeys and a Bettle: Inside Rigged Diesel Test" (NYTimes) How a single line of computer code put 75,000 innocent Turks in jail (Kelly Bert Manning) Triton Malware Details Show the Dangers of Industrial System Sabotage (WiReD) FBI vs crypto-sanity? (PGN) Waze navigation app sends US driver into lake (The Times of Israel) Eyesight Technologies Will Watch You Drive, and That's a Good Thing (IEEE Spectrum) Self-Driving Cars Have a Secret Weapon: Remote Control (WiReD) Facebook AI spam detector lacks autoreview (Dan Jacobson) Why cops won't need a warrant to pull the data off your autonomous car (Gabe Goldberg) WHATIS Going to Happen With WHOIS? (Motherboard) "How Strava's "anonymized" fitness tracking data spilled government secrets" (Jack Whittaker via Gabe Goldberg) Personal Trackers expose Aggregated Personal and Group Data (Bob Gezelter) "Disney faces privacy complaint over children's apps" (Corinne Reichert) IoT fun -- Don't Rely on Your Smart Speaker as Your Only Alarm Clock (Lifehacker) More Than Half of Adult Americans Were Victims of Cybercrime in 2017 (TRK via Gabe Goldberg) ICE can now track anyone's car in almost real-time (Think Progress) Terrorists Could Use Teslas to Kill Us (The Weekly Standard) A motorcyclist is suing GM after crashing into its self-driving car (PopSci) robots.txt vs. noindex (Google via Dan Jacobson) "3 leaked NSA exploits work on all Windows versions since Windows 2000" (CSO Online) 'Jackpotting' hackers steal over $1 million from ATMs across U.S. (Amos Shapir) Feds drop hammer on massive "carder" ring that caused $530 million in losses (Ars Technica) Blockchain Stocks Collapse by 40% to 90% (Wolfstreet) Bitcoin price manipulation (Charley Kline) Coincheck Says It Lost Crypto Coins Valued at About $400M (Bloomberg) Bitcoin payments used to unmask dark web users (Naked Security) Bitcoin: Dumb Crypto Criminal Botches Kidnapping (Fortune) As Bitcoin Bubble Loses Air, Frauds and Flaws Rise to Surface (NYTimes) Russian nuclear scientists arrested for 'Bitcoin mining plot' (BBC) Crooks Created 28 Fake Ad Agencies to Disguise Massive Malvertising Campaign (Catalin Cimpanu) The Fake-Follower Factory (NYTimes) British Teen Accessed U.S. Middle East Intelligence Ops by Pretending to be CIA Director (Newsweek) Bug Bounty Programs Are Paying Off for Hackers, HackerOne Finds (EWeek) Want to see all data Windows 10 sends Microsoft? There's an app for that (Ars Technica) "Can AI predict when that new hire will quit?" (Terena Bell) First, We Kill All the Lawsuits (Henry Baker) "In spite of military assurances, autonomous weapon research speeds ahead" (Greg Nichols) Ford Patents Autonomous Robocop Police Car That Can Give Out Tickets (Tech Times) British 15-year-old gained intelligence info (The Telegraph) Majority of employees in US unaware of GDPR mandate (DXC) Enter all identifying numbers as single text string without formatting (Dan Jacobson) Exclusive: Mattis seeking to ban cell phones from Pentagon (CNNPolitics) Re: Vehicle Satellite Navigation (Drewe, RISKS-30.53) Not knowing Twitter credentials delayed Hawai'i "all clear" (Lauren Weinstein) HI-EMA 'button pusher' refusing to cooperate with FCC (Star Advertiser) Re: Hawaiian False Missile Alert Command Confirmation Bias Strikes Again (Henry Baker) Re: "LA-Tokyo flight turns back after passenger 'boards with wrong (John Levine) Re: Five copyright claims against youtube video of white noise (John Levine) RISKS 30.55 Saturday 17 February 2018 Aerospace Eyes Pilotless Cargo Planes (Richard M Stein via Straits Times) White Paper Points Out Just How Irresponsible 'Responsible Encryption' Is (TechDirt via Richard Forno) Ghost in the DCL shell: OpenVMS, touted as ultra reliable, had a local root hole for 30 years (The Register) Hackers Find, Fix 106 Security Flaws in Air Force Bug Bounty Challenge (TRK) "Skype can't fix a nasty security bug without a massive code rewrite" (Zack Whittaker) That mega-vulnerability Cisco dropped is now under exploit (Ars Technica) Understanding the Attack Vectors of CVE-2018-0101 -- Cisco ASA Remote Code Execution and Denial of Service Vulnerability (Cisco) How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code (Motherboard) Pirates Crack Microsoft's UWP Protection, Five Layers of DRM Defeated (TorrentFreak) Cyberattack Caused Olympic Opening Ceremony Disruption (Nicole Perlroth) Samsung and Roku Smart TVs Vulnerable to Hacking (Consumer Reports) FinTech Revolut sends PINs via email (Toby Douglass) "The House That Spied on Me" (Kashmir Hill and Surya Mattu) House Committee votes to terminate the Election Assistance Commission (The Nation) Spelling corrector busy changing words many pages back (Dan Jacobson) "Biggest Brazilian newspaper quits Facebook" (Angelica Mari) "Facebook's Very Revealing Text Messaging Privacy Fail" (Lauren Weinstein0 Australian Cabinet Files (Bruce Schneier via PGN) With Closed-Circuit TV, Satellites And Phones, Millions Of Cameras Are Watching (NPR.org via Richard M Stein) Someone Is Sending Amazon Sex Toys to Strangers. Amazon Has No Idea How to Stop It (The Daily Beast) One Cause of Market Turbulence: Computer-Driven Index Funds (NYTimes via Richard M Stein) Most People Prefer Buying Wireless Devices Through Their Smartphones (TRK) Re: The unstoppable momentum of self-driving cars (Michael Bacon) Re: The Fake-Follower Factory (Jose Maria Mateos) Re: WHATIS Going to Happen With WHOIS? (Michael Bacon, John Beattie) Denver Airport AGTS marble stairs: Fall risk due to lack of contrast (Shawn Merdinger) Contra Ovadya on post-truth (John Ohno) RISKS 30.56 Tuesday 27 February 2018 To Stir Discord in 2016, Russians Turned Most Often to Facebook (NYT) Russian election interference (PGN) Russia hacked the Olympics and tried to make it look like North Korea did it (Vox) Are Bots a Danger for Political Election Campaigns? (PGN) The Myth of the Hacker-Proof Voting Machine (Kim Zetter) Your Bitcoin or Your Life (Nathaniel Popper) All but Banned in the U.S., Chinese Giant Huawei Is Welcomed in Britain (WSJ) Drone collisions, close calls underscore growing risks for aircraft (WashPo) BB&T Restores ATM Service, Online Banking Problem Persists (WSJ) "Lawsuits threaten infosec research just when we need it most" (Zack Whittaker) "Security firm Keeper sues news reporter over vulnerability story" (Zack Whittaker) "Microsoft is distributing security patches through insecure HTTP links" (Woody Leonhard) That terrifying 'unfixable' Microsoft Skype security flaw: THE TRUTH. (The Register) Facebook's Mandatory Anti-Malware Scan Is Invasive and Lacks Transparency (WiReD) An old tax scam -- with a troubling new twist (WashPo) "Maker of sneaky Mac adware sends security researcher cease-and-desist letters" (Zack Whittaker) Tesla cloud resources are hacked to run cryptocurrency-mining malware (Ars Technica) One-stop counterfeit certificate shops for all your malware-signing (Ars Technica) US Border Patrol Hasn't Validated E-Passport Data For Years (Lily Hay Newman) Facebook Shows Why SMS Isn't Ideal for Two-Factor Authentication (Tidbits) Google Chrome Now Blocks Irksome Ads. That's a Good Thing, Right? (NYTimes) Federal Judge Says Embedding a Tweet Can Be Copyright Infringement (EFF) How a fight over Star Wars download codes could reshape copyright law (Ars Technica) How Samsung moved beyond its exploding phones (Ars Technica) "Fail-slow at scale: When the cloud stops working" (Robin Harris) Apple Repair Center Barrages Sacramento's 911 Operators (CBS) Convention registration leaks information (Medium via Arthur T) Banking Nightmare: Chase Glitch Gives Online Access to Random People (Fly&Dine) "iPhone explodes at Vietnamese hair salon, thankfully only injures Apple fans' pride" (RocketNews) Cyberstalking via unsolicited anonymous Amazon deliveries (The Boston Globe) The Car of the Future Will Sell Your Data (Bloomberg) Don't blindly follow your GPS -- Sylvan Lake State Park staff offers winter route advice (Pam Boyd) Before Hitting the Road, Self-Driving Cars Should Have to Pass a Driving Test (Scientific American) Re: mystery deliveries from Amazon (Kelly Manning) RISKS 30.57 Thursday 1 March 2018 Using a Laser to Wirelessly Charge a Smartphone Safely Across a Room (James Orton) Bill Gates: Cryptocurrency is super-risky over the long-term (Emmie Martin) "Wine lovers cannot buy Burgundy as Google cracks down on 'gun' searches" (The Telegraph via Chris Drewe) "SAML protocol bug let hackers log in as other users" (Zack Whittaker via Gene Wirchenko) 23,000 HTTPS certificates axed after CEO emails private keys (Ars Technica) New Orleans alleged to have secretly used Palantir predictive policing (CSO) Voice Assistants Are Being Built Into New Smart Home Products at CES 2018 (Consumer Reports via Gabe Goldberg) I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick (TroyHunt) Weird attachment on ATM (Dave Horsfall) Artificial intelligence and national security (Allen/Chan via Diego Latella) Chrome Lets Hackers Phish Even 'Unphishable' Yubikey Users (WiReD) Re: The Myth of the Hacker-Proof Voting Machine (Mark E. Smith) Re: US Border Patrol Hasn't Validated E-Passport Data For Years (John Levine) Re: mystery deliveries from Amazon (John Levine) RISKS 30.58 Thursday 15 March 2018 Root Cause Behind Downtown Line Glitch Still Unknown (Straits Times) GPS Isn't Very Secure. Here's Why We Need A Backup (WiReD) Hedge Funds That Use AI Just Had Their Worst Month Ever (Bloomberg) AI-Aided Cameras Mean No More Car Mirrors, No More Blind Spots (Spectrum) "Researchers find security flaws in popular smart cameras" (ZDNet) "IT beware: University finds new 4G security holes" (Evan Schuman via Gene Wirchenko) Spooks' Superposition Principle (Henry Baker) GitHub Survived the Biggest DDoS Attack Ever Recorded (Lily Hay Newman) Memcached-fueled 1.3 Tbps attacks (Drew Dean) Major data breach at Marine Forces Reserve impacts thousands (Gabe Goldberg) Report highlights how deep packet inspection could be subverted by cybercriminals (Tara Seals via geoff goodfellow) "More privacy-busting bugs found in popular VPN services" (Zack Whittaker) More on Google and Military Drones (Lauren Weinstein) Egyptian jamming of Sinai cell phones affects Israel, Gaza (Dan Williams) All of Oculus's Rift headsets have stopped working due to an expired certificate (TechCrunch) Officer sent to wrong address by 911 system -- and dies (Paul Saffo) Years After Sept. 11, Critical Incidents Still Overload Emergency Radios (via NPR.org) The European electrical grid is having time problems (danny burstein) In reported breakthrough, Israeli tech can now unlock any phone (Times of Israel) Israeli AI software whips expert lawyers in contract analysis (ditto) Egyptian Military Activity Affecting Israeli Cell Networks (Hamodia via Mike Rechtman) Cryptocurrency Thief Stole 7 Bitcoins from Steve Wozniak (Fortune) "Australians used bitcoin to pay AU$50k-worth of fake ATO tax debts in 2017" (ZDNet) Clocks in telephones at higher altitudes don't actually run faster (Dan Jacobson) Bug in HP Remote Management Tool Leaves Servers Open to Attack (Threatpost) Cisco's Talos Intelligence Group Blog: Vulnerability Spotlight: Adobe Acrobat Reader DC Document ID Remote Code Execution Vulnerability (Talos) Apple acknowledges serious iOS bug linked to Telugu character (The Hindu) Adversarial patches: colorful circles that convince machine-learning vision system to ignore everything else (BoingBoing) Left-right mouse mapping programs and permanent effects (Dan Jacobson) In the US v. Microsoft Supreme Court Case, an Old Law Leaves Few Good Options (WiReD) Chinese mom 'locked out' of phone for incredible 47 years (ECNS) Usual infile-outfile clobber accident (Dan Jacobson) MoviePass CEO proudly says the app tracks your location before and after movies (TechCrunch) A first look at browser-based Cryptojacking ( Eskandari et al. via Jose Maria Mateos) "After Oracle WebLogic miner attack, critical Apache Solr bug is now targeted" (ZDNet) "Has Alexa snapped? Why your Echo sometimes does creepy things" (David Gewirtz) "Ransomware for robots is the next big security nightmare" (Danny Palmer) Most Americans See Artificial Intelligence as a Threat to Jobs -- Just Not Theirs (Niraj Chokshi) New tracking technology could make lost belongings a thing of the past (The Washington Post via Gabe Goldberg) Apple: Former Engineer Will Unlock iPhone For $15.000 (Fortune) "Google's DoubleClick outage should force marketers to ask some hard questions" (Larry Dignan) Alexa briefly lost its voice on Friday (The Verge) Malicious software hits Connecticut court system's computers (The Boston Globe) Regulation of Internet Companies?!? (Chris Drewe) RISKS 30.59 Saturday 17 March 2018 Hacking critical infrastructures (Nicole Perlroth et al. via PGN) Lessons for RISKS from the Florida bridge collapse (PGN) The Controversial CLOUD Act: Privacy Plus or Minus? (Lauren Weinstein) Cybercriminals spotted hiding cryptocurrency mining malware in forked projects on GitHub (Danny Palmer) Linus Torvalds slams CTS Labs over AMD vulnerability report (Steven J. Vaughan-Nichols) FCC Accuses Stealthy Startup of Launching Rogue Satellites (Gabe Goldberg) FCC Accuses Stealthy Startup of Launching Rogue Satellites (danny burstein) How social media spread a historical lie (WashPo) How Trump Consultants Exploited the Facebook Data of Millions (NYTimes) Microsoft still doesn't get it (Phil Smith III) Meet the Scarlett Johansson PostgreSQL malware attack (Steven J. Vaughan-Nichols) New system to help commuters avoid crowds at MRT stations (Richard M. Stein) Australia warns South-east Asia of high-tech terror threat (Straits Times) Vancouver BC Transit system says tap your card, not your wallet (Kelly Bert Manning) Re: Usual infile-outfile clobber accident (B. Elijah Griffin) Re: British Teen Accessed U.S. Middle East Intelligence Ops (Nick Sizemore) Re: AI-Aided Cameras Mean No More Car Mirrors, No More Blind Spots (Michael Bacon) RISKS 30.60 Tuesday 20 March 2018 Reverse-Engineers Cuban Sonic Weapon (Fu/Xu/Yan) "IBM's fraud-fighter is so tiny, it's almost invisible" (ZDNet) Uber car in autonomous mode kills pedestrian (WashPo) More info re: the Uber car fatality (Lauren Weinstein) "Self-driving Uber kills Arizona woman, autonomous tests halted" (Gene Wirchenko) When Self-Driving Cars Can't Help Themselves, Who Takes the Wheel? (NYTimes) U.S. Government Launches Investigation Into Hyundai And Kia Airbags (NPR.ORG) Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach (The Guardian) Facebook apologises for search suggestions of child abuse videos (The Guardian) Cambridge Analytica Suspends C.E.O. Amid Facebook Data Scandal (NYTimes) 3 Simple Ways We Give Up A Ton Of Very Personal Information To Facebook And Random Apps (buzzfeed) "Seriously, It's Time to Ditch Facebook and Give Google+ a Try" (Lauren Weinstein) Unsecured AWS S3 bucket managed by Walmart jewelry partner exposes data of 1.3M customers (SecurityAffairs) Look-Alike Domains and Visual Confusion (Krebs on Security) Re: Lessons for RISKS ... (Chris Samuel) Re: AI-Aided Cameras (Dmitri Maziuk) Re: Microsoft still doesn't get it (Michael Schmitt) Re: New system to help commuters avoid crowds at MRT stations (Geoffrey Keating) RISKS 30.61 Tuesday 27 March 2018 Self-Driving Car Had a Fatal Accident: Now What? (Don Norman) Re: Uber car in autonomous mode kills pedestrian (WashPo) Re: The Unstoppable Momentum of Self-Driving Cars (Shapir, R 30.53) "Why Big Tech Needs Big Ethics -- Right Now!" (Lauren's Blog) Even Without Cambridge Analytica, the Trump Campaign Already Had Everyone's Data (Emily Taylor via Diego Latella) Yet another security vulnerability afflicts India's citizen database (Prashanth Mundkur) Schools Are Using AI to Check Students' Social Media for Warning Signs of Violence (Gizmodo) Bad science puts innocent people in jail -- and keeps them there (WashPo) GrayKey iPhone unlocker poses serious security concerns (Malwarebytes Labs) History Shows DDoS Volumes to Keep Rising Despite Mitigation Efforts (EWeek) "The new social media imperative: Distance yourself" (Mike Elgan) $1 million worth of Iron Dome missiles fired at nothing due to 'oversensitivity' (The Times of Israel) "Cryptocurrency mining malware uses five-year old vulnerability to mine Monero on Linux servers" (Danny Palmer) Tamper-proof currency wallet backdoored by a 15-year-old (Ars Technica) Cybersecurity key to S'pore's survival: CSA chief (Straits Times) Electronic footrest traps customer, who later dies (Jennifer Hassan) Theranos fraud duped billionaires, but Silicon Valley culture blamed (Tom Foremski) "Google Assistant now lets you send and request money from your contacts" (Stephanie Condon) Electric chairs in England? (Yahoo!) Sex Trafficking Bill Heads to Trump, Over Silicon Valley Concerns (NYTimes) Re: Look-Alike Domains and Visual Confusion (Kurt Seifried) Re: Lessons for RISKS from the Florida bridge collapse (Dick Mills) RISKS 30.62 Friday 30 March 2018 A Cyberattack Hobbles Atlanta, and Security Experts Shudder (Alan Blinder and Nicole Perlroth) Baltimore's 9-1-1 System Hacked in Ransomware Attack (Baltimore Sun) Under Armour announces data breach, affecting 150 million MyFitnessPal app accounts (WashPo) Facebook's Cambridge Analytica problems are nothing compared to what's coming for all of online publishing (Harvard) Growth At Any Cost: Top Facebook Executive Defended Data Collection In 2016 Memo -- And Warned That Facebook Could Get People Killed (buzzfeed) Facebook deathwatch: a decade ago, it was impossible to imagine the fall of Myspace (BoingBoing) ``Maybe someone dies'': Facebook VP justified bullying, terrorism as costs of network's `growth' (Avi Selk) Ecuador cutting off WikiLeaks founder's communications (Chicago Sun Times) Self-driving car passenger slapped with ticket in San Francisco (Fox News) Uber Disabled Volvo's Safety System Before Fatality, Aptiv Says (TTNews) Uber reportedly reduced the number of sensors on its autonomous cars (Engadget) Re: "Why Big Tech Needs Big Ethics -- Right Now!" (Martin Ward) Re: Self-Driving Car Had a Fatal Accident: Now What? (Ian Jackson, Paul Fenimore) Re: Self-Driving Car Had a Fatal Accident CORRECTION (Don Norman) Re: The Unstoppable Momentum of Self-Driving Cars (3daygoaty) Government wants to know the Risks of IoT (Arthur T.) RISKS 30.63 Sunday 1 April 2018 Google launches GoogleCoin cryptocurrency (Mark Thorson) GoogleExchange hacked, GoogleCoins worth USD$104B stolen (Mark Thorson) By 2020, More Than 30% of World's Electricity Consumption Will Be Spent Explaining Bitcoin (EFF) Celebrate The Calendar That Saved Us From Disaster (Mark Thorson) Cloudflare launches 1.1.1.1 consumer DNS service with a focus on privacy Georgia Passes Anti-Infosec Legislation (EFF) Hacking voting machine vendors (CSO Online) Despite privacy concerns, Israel to put nation's medical database online (The Times of Israel) Driverless vehicles and aircraft (Michael Bacon) Virtual reality shopping is here (Gabe Goldberg) RISKS 30.64 Monday 2 April 2018 Software Bug Behind Biggest Telephony Outage In US History (Slashdot via Gabe Goldberg) Card Data Stolen From 5 Million Saks and Lord & Taylor Customers (NYTimes) WannaCry my ground Boeing? (Dominic Gates) The MyFitnessPal Hack May Affect 150 Million People. It Could've Been Even Worse. (Slate) This Is So Much Bigger Than Facebook Data misuse is a feature, not a bug -- and it's plaguing our entire culture (Ethan Zuckermann) Yonatan Zunger: "Ethics Crisis" (PGN) New malware aimed at Linux servers (Mike Rechtman) Re: Lessons for RISKS from the Florida bridge collapse (Chris Drewe) Re: Tamper-proof currency wallet backdoored by a 15-year-old (Mark Jackson) RISKS 30.65 Saturday 14 April 2018 Half of European flights delayed due to system failure (BBC) Atlanta Airport Shuts Down Wi-Fi Following Cyber Attack on City (Conde-Nast) Bridges and privacy (Gizmodo) Chinese man caught by facial recognition at pop concert (BBC) Is Science Hitting a Wall? (Scientific American) Prescribing error in EHR results in death of man (Healthcare IT) Elon Musk: Do you trust this computer? (Ed DeWath, Grady Booch) "Flaw exposes cities' emergency alert sirens to hackers" (ZDNet) "How safe is your air-gapped PC? Attackers can now suck data out via power lines" (Liam Tung) DHS finds suspected phone spying in Washington (ABC News) "Windows security: Microsoft patch for Outlook password leak bug 'not a full fix'" (Liam Tung) The biggest Black Lives Matter page on Facebook is fake (CNN) Fox News accidentally puts up a poll graphic that shows how they are the least trusted network (BoingBoing) "On Facebook, Zuckerberg gets privacy and you get nothing" (Zack Whittaker) Facebook exec: If you want privacy, expect to pay for it (NYPost) Facebook Suspends Another Data Analytics Firm As Scandal Widens (NPR) Cambridge Analytica Could Also Access Private Facebook Messages (WiReD) Protecting Democracy Using Firewalls (Mark Rockman) A New AI "Journalist" Is Rewriting the News to Remove Bias (Kristin Houser) People must retain control of autonomous vehicles (Nature) Waze's crazy routing over a 32% grade road (Gabe Goldberg) Relevant Comic? (Freefall) "LG's 'Software Upgrade Center' feels slightly too familiar" (J.R. Raphael) Richest 1% on target to own two-thirds of all wealth by 2030 (Michael Savage) The dots do matter: how to scam a Gmail user (James H Fisher) "A bad day with mobile 2FA" (Evan Schuman) RISKS 30.66 Sunday 22 April 2018 Don't Blame Me for Facebook's Privacy Crisis (Ross Anderson) Facebook and Cambridge Analytica (CRYPTO-GRAM) Cambridge Analytica and the Coming Data Bust (NY Times) Palantir Knows Everything About You (Bloomberg) American elections are too easy to hack. We must take action now (Bruce Schenier) Instant Runoff Voting (Stephen H. Unger) Time for airplane engine diversity? (Christine Negroni) Deutsche Bank Inadvertently Made a $35 Billion Payment in a Single Transaction (Bloomberg) Blockchain Kiddy Porn (Rebecca Mercuri) Browser Standard WebAuthn Could Usher in a Password-Free Future (WiReD) Teen charged in Nova Scotia government breach says he had 'no malicious intent' (CBC News) Two vendors now sell iPhone cracking technology and police are buying (Lucas Mearian) "12+ things you can do with a locked iPhone" (Jonny Evans) France builds WhatsApp rival due to surveillance risk (Reuters) "Android security: Your phone's patch level says you're up to date, but that may be a lie" (Liam Tung) In a Leaked Memo, Apple Warns Employees to Stop Leaking Information (Mark Gurman) "Fake Android apps used for targeted surveillance found in Google Play" (Zack Whittaker) "Swim at your own risk: How botched IoT can sink your precious first-world life" (Jason Perlow) Police use Experian Marketing Data for AI Custody Decisions (Big Brother Watch) A call to regulate the use of AI (Nature) Yahoo and AOL just gave themselves the right to read your emails *again* (CNET) FCC dings T-Mobile $40M for faking rings on calls that never connected (TechCrunch) The EU's horrific and tyrannical "Right To Be Forgotten" -- as described in 1944 George Orwell (Lauren Weinstein) China's Xi says Internet control key to stability (Reuters) Moscow State University Team Wins Gold in ACM ICPC Programming Contest (ACM Bulletins) Re: "A bad day with mobile 2FA" (Dmitri Maziuk) Re: Fox News accidentally puts up a poll graphic that shows how they are the least-trusted network (Bob Rahe) Re: Windows security: Microsoft patch for Outlook password leak bug 'not a full fix' (Kelly Bert Manning) RISKS 30.67 Sunday 29 April 2018 Lightning Hazards Prompt Boeing to Fix 787 Jets (WSJ) Facebook's dark-ads problem is systemic (Techcrunch) Facebook's Ties With Kogan and Cambridge Were Even Cozier Than We Thought (Slate) How merchants use Facebook to flood Amazon with fake reviews (WashPo) How Looming Privacy Regulations May Strengthen Facebook and Google (NYTimes) How Fake Mark Zuckerbergs Scam Facebook Users Out of Their Cash (NYTimes) Malicious Amazon Alexa Skills Can Record Everything a User Says (EWeek) The Golden State Killer Is Tracked Through a Thicket of DNA, and Experts Shudder (NYTimes) TSB fiasco (Charles Mann on Naked Capitalism) TSB week-long disruption (The Guardian) Brain-Computer Interfaces: 'The Last Frontier of Human Privacy' (WSJ) Viewpoint: The pitfalls of India's biometric ID scheme (BBC) Zelle, the Banks' Answer to Venmo, Proves Vulnerable to Fraud (NYTimes) Blockchains for journalism (CJR via Prashanth Mundkur) ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying (The Register) Cyberwarfare may be less dangerous than we think (WashPo) Defending Hospitals against Life-Threatening Cyber-attacks (Scientific American) 'Operation GhostSecret': North Korea Is Suspected in Intensifying Global Cyberattack (WSJ) "Mysterious cyber-worm targets medical systems, is found on X-ray machines and MRI scanners" (ZDNet) Comcast partners with Independence Health to create digital health company (Healthcare IT News) Medical transcription service leaves patient records open (Krebs) Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency (Ars Technica) Amazon Launches In-Car Delivery (Business Wire) A One-Minute Attack Let Hackers Spoof Hotel Master Keys (WiReD) Hackers have found a way to jailbreak the Nintendo Switch (WashPo) The state of patch management (HPE) Backlash prompts Eventbrite to drop demand to crash events, record them (Ars Technica) Re: Regulate AI? (Craig Burton) Re: ACM ICPC Programming Contest (Martyn Thomas) Re: Instant Runoff Voting (Wols) Re: American elections are too easy to hack. We must take action now (Mark E. Smith) Re: "A bad day with mobile 2FA" (John Levine, Dimitri Maziuk) RISKS 30.68 Saturday 5 May 2018 Iowa Lottery fraud resolved (PGN on NYTimes item) "Online voting is impossible to secure. So why are some governments using it?" (Porup) Lightning Struck Her Home. Then Her Brain Implant Stopped Working (NY Times) KRACK Wi-Fi vulnerability can expose medical devices, patient records (Charlie Osborne) "A critical security flaw in popular industrial software put power plants at risk" (Zack Whittaker) "Oracle Access Manager security bug so serious it let anyone access protected data" (Lian Tung) How not to announce a loss of secure information (SMH) Why Silicon Valley can't fix itself (The Guardian) "Google Maps user? Beware attackers using URL-sharing to send you to shady sites" (Lian Tung) China's bungled drone display breaks world record (via BBC.com) When a stranger takes your face, Facebook failed crackdown on fake accounts (WashPo) The Era of Fake Video Begins (Franklin Foer) Souped-up smartphones, robots to help police fight crime more effectively (Straits Times) "GitHub says bug exposed some plaintext passwords" (ZDNet) "Gaming: The System" (NY Times) France seizes France.com from man who's had it since 1994, so he sues (Ars Technica) Transparent Eel-Like Soft Robot Can Swim Silently Underwater (ACM Technews) He Drove a Tesla on Autopilot From the Passenger Seat. The Court Was Not Amused. (NYTimes) Is My Not-So-Smart House Watching Me? (NYTimes) Following the Trail of Online Ads, Wherever It Leads (NYTimes) Criminals Used Flying Robots to Disrupt FBI Hostage Operation (Fortune) Facebook's dating service is a chance to meet the catfisher, advertiser, or scammer of your dreams (WashPo) Blockchain Will Be Theirs, Russian Spy Boasted at Conference (Nathaniel Popper) Blockchain is not only crappy technology but a bad vision for the future (Kai Stinchcombe, John Levine) Keeping your *Twitter* account secure (Gabe Goldberg) Against Trendism: how to defang the social media disinformation complex (Medium via John Ohno) Letter to *Consumer Reports* responding to June article about connected cars (Gabe Goldberg) RISKS 30.69 Wednesday 16 May 2018 America continues to ignore the risks of election hacking (The New Yorker) Russia Tried to Undermine Confidence in Voting Systems, Senators Say (NYTimes) Virginia election officials assigned 26 voters to the wrong district (WashPo) Securing Elections (Bruce Schneier) Australian Emergency Calls Fail due to lightning strike (ABC AU) Self-driving cars' shortcomings revealed in DMV reports (Merc) VW bugs: "Unpatchable" remote code pwnage (TechBeacon) Software bug led to death in Uber's self-driving crash (Ars Technica) Deadly Convenience: Keyless Cars and Their Carbon Monoxide Toll (NYT) The risk from robot weapons (via The Statesman/Asia News Network, published in The Straits Times) Is technology bringing history to life or distorting it? (WashPo) 2,000 wrongly matched with possible criminals at Champions League (BBC AU) KRACK Wi-Fi vulnerability can expose medical devices, patient records (Osborne, R 30 68) Nigerian Email Scammers Are More Effective Than Ever (WiReD) Dark code (DW) Postmortem of Fortnite Service Outage (Epic Games) Collateral damage (538) Dozens of security cameras hacked in Japan (Mainichi) Technology turns our cities into spies for ICE, whether we like it or not (LATimes) The Digital Vigilantes Who Hack Back (The New Yorker) Bring in the Nerds: EFF Introduces Actual Encryption Experts to U.S. Senate Staff (EFF) Email Encryption Tools Are No Longer Safe, Researchers Say (Fortune) Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw (EFF) Once Again, Activists Must Beg the Government to Preserve the Right to Repair (Motherboard) Widespread Misunderstanding of x86-64 Privileged Instruction Leads to Widespread Escalation Hazard (MITRE CVE 2018-8897) Alexa and Siri Can Hear This Hidden Command Audio Attacks (NYTimes) Buckle Up, Prime Members: Amazon Launches In-Car Delivery (Business Wire) Meant to Monitor Inmates' Calls Could Track You Too (NYTimes) Cell Phone Location data reportedly available to law enforcement without verification/process (Ars Technica) During disasters, active Twitter users likely to spread falsehoods: Study examines Boston Marathon bombing, Hurricane Sandy; also finds most users fail to correct misinformation (Science Daily) Face recognition police tools 'staggeringly inaccurate' (BBC.com) Intel Documentation Blamed for Multiple Operating System Security Flaws (IT Pro) The Problem with Chinese GPS (Now I Know) U.S. identifies suspect in major leak of CIA hacking tools (WashPo) RISKS 30.70 Saturday 26 May 2018 Boy, 9, dies in accident involving motorized room partition at his Fairfax school (WashPo) Don't Put That in My Heart Until You're Sure It Really Works (NYT) "Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets" (Liam Tung) "This malware is harvesting saved credentials in Chrome, Firefox browsers" (ZDNet) Student awarded $36,000 for remote execution flaw in Google App Engine (Charlie Osborne) "This cryptocurrency phishing attack uses new trick to drain wallets" (Danny Palmer) Ex-JPMorgan Chase Blockchain Duo Unveil New Startup Clovyr (Fortune) ICE abandons its dream of ‘extreme vetting’ software that could predict whether a foreign visitor would become a terrorist (WashPo) E-Mail Clients are Insecure, PGP and S/MIME 100% secure (Keith Medcalf) E-mail Encryption Tools Are No Longer Safe, Researchers Say (Fortune) Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw (EFF) "T-Mobile bug let anyone see any customer's account details" (Zack Whittaker) "Senator wants to know how police can locate any phone in seconds without a warrant" (Zach Whittaker) US cell carriers are selling access to your real-time phone location data (Zach Whittaker) Hundreds of Apps Can Empower Stalkers to Track Their Victims (NYTimes) "Voice squatting attacks: Hacks turn Amazon Alexa, Google Home into secret eavesdroppers" (CSO Online) So, Umm, Google Duplex's Chatter Is Not Quite Human (Scientific American) Henry Kissinger Is Scared of 'Unstable' Artificial Intelligence (The Wrap) Service Meant to Monitor Inmates' Calls Could Track You, Too (NYT) Gunshot Sensors Pinpoint Destructive Fish Bombs (SciAm) Most GDPR emails unnecessary and some illegal, say experts (The Guardian) The Pentagon Has a Big Plan to Solve Identity Verification in Two Years (Defense One) Unplug Your Echo! (Ars Technica) FBI dramatically overstates how many phones they can't get into (WaPo) "Google to remove "secure" indicator from HTTPS pages on Chrome" (ZDNet) Google's Selfish Ledger is an unsettling vision of Silicon Valley social engineering (The Verge) "A flaw in a connected alarm system exposed vehicles to remote hacking" (ZDNet) Syrian hackers who tricked reporters indicted (WashPo) Cisco critical flaw warning: These 10/10 severity bugs need patching now (ZDNet) Is technology bringing history to life or distorting it? (WashPo) Massachusetts ponders hiring a computer to grade MCAS essays. What could go wrong? (The Boston Globe) Grocery store censors cake with request for 'summa cum laude' (The Boston Globe) The surprising return of the repo man (WashPo) Trump feels presidential smartphone security is too inconvenient (Ars Technica) Trump Jr. and Other Aides Met With Gulf Emissary Offering Help to Win Election (NY Times) Re: Securing Elections (Mark E. Smith) Re: Dark code (Kelly Bert Manning, Richard O'Keefe) Fitness App Leads To Arrest For Attack On McLean Cyclist (McLean VA Patch) Man Is Charged With Hacking West Point and Government Websites (NYT) Fake Facebook accounts and online lies multiply in hours after Santa Fe school shooting (WashPo) Re: "Warning: Dangerous Fake Emails About Google Privacy Changes" (Wol) Re: Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw (Yooly) Re: Deadly Convenience: Keyless Cars and Their Carbon Monoxide Toll (NYT) Re: Chinese GPS (Dimitri Maziuk) Re: The risk from robot weapons (Amos Shapir) Will You Be My Emergency Contact Takes On a Whole New Meaning (NYT) This fertility doctor is pushing the boundaries of human reproduction -- with little regulation (WashPo) As DIY Gene Editing Gains Popularity, `Someone Is Going to Get Hurt' RISKS Digest 30.71 Tuesday 5 May 2018 Microsoft to acquire GitHub for $7.5 billion (Lauren Weinstein) Bitcoin backlash as 'miners' suck up electricity, stress power grids in Central Washington (Seattle Times) Every cryptocurrency's nightmare scenario is happening to Bitcoin Gold (Joon Ian Wong) Google to remove "secure" indicator from HTTPS pages on Chrome (Keith Medcalf, (Gene Wirchenko, John Levine) "How your web browser tells you when it's safe" (Gregg Keizer) "Smart lock user? Z-wave pairing flaw lets attackers open your doors from yards away" (Liam Tung) FBI tells router users to reboot now to kill malware infecting 500k devices (Dan Goodin) Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes) How One Company Scammed Silicon Valley. And How It Got Caught. (John Carreyrou) Jaron Lanier: How Can We Repair The Mistakes Of The Digital Era? (NPR) YouTube stars' fury over algorithm tests (BBC.com) Amazon Toilet Paper Order of Over $7,000 Refunded 2 Months Later (Fortune) Amazon's Echo privacy flub has big implications for IT (Evan Schuman) "Bank of Montreal, CIBC's Simplii Financial report customer data breaches" (Asha McLean) "CBA sent over 650 emails holding data on 10k customers in error" (Asha McLean) License Plate Risks (Jeremy Ardley) "Jira bug exposed private server keys at major companies, researcher finds" (Zack Whittaker) Google Started a Political Sh*tstorm Because of Its Over-Reliance on Wikipedia (Motherboard) Signs of sophisticated cellphone spying found near White House, U.S. officials say (WaPo) Massive Visa Outage Shows the Fragility of Global Payments (WiReD) How can criminals manipulate cryptocurrency markets? (The Conversation) Ad Blocker Ghostery Celebrates GDPR Day by Revealing Hundreds of User Email Addresses (Gizmodo) Commentary: GDPR Misses the Point (Fortune) GDPR, Privacy, and CISSPforum vs "Community" (Rob Slade) German spy agency can keep tabs on Internet hubs: court (Phys) Trendism and cognitive stagnation (John Ohno) Re: Securing Elections (Amos Shapir) RISKS 30.72 Tuesday 12 June 2018 Another risk of driverless cars (PGN) Emirates looks to windowless planes (bbc.com) 180,000 Voters accidentally left off LA County polling place rosters (Irfan Khan) Ontario election results Not a Number (Tony Marmic) Florida skips gun background checks for a year after employee forgets login (Naked Security) All accredited journalists at the #KimTrumpSummit get a free USB fan (YCombinator) Israelis nabbed in Philippines are tip of iceberg in alleged fraud gone global (The Times of Israel) Sweden Tries to Halt Its March to Total Cashlessness (Bloomberg) Cryptocurrencies Lose Billions In Value After An Exchange Is Hacked (NPR) "Cryptocurrency theft malware is now an economy worth millions" (Charlie Osborne) Quebec Halts Bitcoin Mining Power Requests Amid Booming Demand (Bloomberg) The Spanish Liga uses the phone microphone of millions of fans to spy on bars (El Diario) Navy Contractor Hacked: Reams of Secret Documents Taken (WashPo) G Suite leaks in 10,000+ orgs: Google UX blamed, fury at no-bug defense (TechBeacon) "Password reset flaw at Internet giant Frontier allowed account takeovers" (Zack Whittaker) Why a DNA data breach is much worse than a credit card leak (The Verge) "Facebook gave some companies extended access to user data" (Stephanie Condon) Facebook bug made up to 14 million users' posts public for days (WiReD) "Cisco fixes critical bug that exposed networks to hackers" (Zack Whittaker) "Meet Norman, the world's first 'psychopathic' AI" (Charlie Osborne) Should We Always Trust What We See in Satellite Images? (Scientific American) The NSA Just Released 136 Historical Propaganda Posters (Motherboard) Unproven facial-recognition companies target schools, promising an end to shootings (WashPo) The Zip Slip vulnerability: what you need to know (Naked Security) All the people Apple just pissed off to better protect your privacy (Fast Company) Recounting 'Horror Stories' Over Guitar Center's Warranties (NYT) Add Bryan Colangelo to the long list who have been burned by social media *ESPN) Microsoft, Github, & distributed revision control (Medium) How the body could power pacemakers and other implantable devices (Charles Q. Choi) Having better risk-based analysis for your banks and credit cards (David Strom, Phil Smith III) Re: Securing Elections (Chris Drewe) RISKS 30.73 Tuesday 26 June 2018 Tim Cook on Why Apple News Needs Human Editors (The Wrap) Facial Recognition Company Kairos CEO argues that technology's bias and capacity for abuse make it too dangerous for use by law enforcement (Slashdot) Police Use of Facial Recognition With License Databases Spur Privacy Concerns (WSJ via WaPo) Thermostats, Locks and Lights: Digital Tools of Domestic Abuse (NYTimes) Adverse Events in Robotic Surgery: A Retrospective Study of 14 Years of FDA Data (arxiv.org) When the Robot Doesn't See Dark Skin (NY Times) Having better risk-based analysis for your banks and credit cards (Rex Sanders) It's time to stop laughing at Nigerian scammers, because they're stealing billions of dollars (Cleve R. Wootson Jr.) Those Chinese-language robocalls are a scam to get your bank information, officials say (WashPo) How a company outed China's spies: David Sanger (Gabe Goldberg) Chinese Fans Paid Dearly for World Cup Tickets That Never Materialized. (NYTimes) Germany becomes the last big Western power to buy killer robots (Innocence lost -- The Economist) Orlando Airport Becomes 1st In US To Require Face Scan Of All International Travelers (Talking Points Memo) Cryptocurrency exchange hacks in 2018 (Taipei Times) Bitcoin Could Break the Internet, Central Banks' Overseer Says (Bloomberg) West Virginia Becomes First State to Test Mobile Voting by Blockchain in a Federal Election (GovTech) The Tractors that Turn Farmers into Hackers (Now I Know) "Three-month-old Drupal vulnerability is being used to deploy cryptojacking malware" (Danny Palmer) Hacker figured out how to brute-force iPhone passcode (ZDNet) Supreme Court says police need a warrant for historical cell location records (Zach Whittaker) Why Hackers Aren't Afraid of Us (David E. Sanger) Beijing subways to get bio-ID system (StraitsTimes) Scanning immigrants old fingerprints, U.S. threatens to strip thousands of citizenship (WashPo) M&A isn't what it used to be (Fortune) A new way to do big data with entity resolution (Web Informant) Tesla sues former employee for allegedly stealing gigabytes of data, making false claims to media. (CNBC) Show me the money (Fortune) Visa fingers 'very rare' datacentre switch glitch for payment meltdown (The Register) Recounting Horror Stories? Over Guitar Center's Warranties (NYTimes) The Guy Who Robbed Someone at Gunpoint for a Domain Name Is Getting 20 Years in Jail (Motherboard) Clarinetist discovers his ex-girlfriend faked a rejection letter from his dream school (The Washington Post) Internet TV firmware update/soft power-switch failure (Richard M Stein) Ghost Cytometry May Improve Cancer Detection, Enable New Experiments (SciAm) Creating bizarre interfaces (Rob Slade) More dodgy numbers - LinkedIn this time (Tony Harminc) Maybe they'll accept postcard calls for help (Gabe Goldberg) Re: Another risk of driverless cars (Ed Ravin) Re: Microsoft, Github, & distributed revision control (Wol) Re: Florida skips gun background checks for a year after employee (R A Lichtensteiger, Gabe Goldberg) RISKS 30.74 Thursday 5 July 2018 Cyber-researchers Don't Think Feds or Congress Can Protect Against Cyberattacks (Defense One) Babylon claims its chatbot beats GPs at medical exam (bbc.com) Medical device security: Hacking prevention measures (HPE) Exactis said to expose 340-million records, more than Equifax breach (CNET) Supreme Court requires warrant for cellphone location data (Henry Baker) ICE hacked its algorithmic risk-assessment tool, so it recommended detention for everyone (BoingBoing) Energy company vulnerability allows access to customer accounts (Donald Mackie) Internet TV firmware update/soft powerswitch failure (Richard M Stein) Widespread Google Home outage: What NOT to do! (Lauren Weinstein) Cruel pranksters made NYC Internet kiosks play ice-cream truck tunes (Engadget) Swann home security camera sends video to wrong user (BBC) Hidden Microsoft Office 365 data gathering (LMG Security) Protecting civilians in cyberspace (Just Security) Rash of Fortnite cheaters infected by malware that breaks HTTPS encryption (Ars Technica) Really dumb malware targets cryptocurrency fans using Macs (Ars Technica) Sony Blunders By Uploading Full Movie to YouTube Instead of Trailer (TorrentFreak) Homeland Security subpoenas Twitter for data breach finder's account (Zack Whittaker) Wikipedia Italy Blocks All Articles in Protest of EU's Ruinous Copyright Proposals (Gizmodo) How a Major Computer Crash Showed the Vulnerabilities of EHRs (Medscape via Fr. Stevan Bauman) Apple 'Family Sharing' feature used by scammers to make purchases with hacked Apple IDs (Business Insider) ``Trump administration tells FCC to block China Mobile from U.S.'' (Corinne Reichert) Google is training machines to predict when a patient will die (Los Angeles Times) So What The Heck Does 5G Actually Do? And Is It Worth What The Carriers Are Demanding? (Harold Fel) Leaks, riots, and monocles: How a $60 in-game item almost destroyed EVE Online (Ars Technica) Gaming disorder is only a symptom of a much larger problem (WaPo) Ticketmaster: How not to manage customers after a data breach. (Michael Kent) Re: Police, Law Enforcement, and corporate use of facial recognition and facial images in court (Kelly Bert Manning) Re: Florida skips gun background checks for a year after employee (Kelly Bert Manning) RISKS 30.75 Saturday 14 July 2018 The return of Spectre (ZDNet) Grand Pwning Unit: Accelerating microarchitectural attacks with the GPU (Colyer) Now-fixed iOS 11.3 bug reveals how Apple censors the Taiwanese flag on Chinese iPhones (9to5Mac) FAA pushes back on Boeing exemption for 787 safety flaw (FlightGlobal) Regulation of facial-recognition software? (WashPo) FACEPTION (Facial Personality Analytics) How Smart TVs in Millions of Homes Track More Than What's Onoo Tonight (NYTimes) Meet Scrub 50, the robot cleaner (StraitsTimes) Video: Gavin Williamson hilariously interrupted by Siri during statement to Parliament (9to5Mac) How Voice-Activated Assistants Pose Security Threats in Home, Office (EWeek) A Revised View of the IoT Ecosystem (Vinton Cerf, Computing Edge) Plan to use AI to help emergency call operators (The Straits Times) Hamas uses fake Facebook friends to dupe 100 soldiers into downloading spyware (The Times of Israel) Chinese hackers infiltrate systems at Australian National University (John Colville) Data encryption: How to avoid common workarounds (HPE) CRTC levies fines against two companies under Canada's anti-spam law (Kelly Bert Manning) Cameras to be deployed to detect illegal smoking (The Straits Times) PayPal Apologizes for Letter Demanding Payment From Woman Who Died of Cancer (NYTimes) ExxonMobil Bungles Rewards Card Debut (Krebs on Security) This keyboard attack steals passwords by reading heat from your fingers (Charlie Osborne) iOS 11.4 seems to have a battery drain problem (ZDNet) Watch that keyboard! (Web Informant) How the Pentagon Keeps Its App Store Secure (WiReD) Inside China Dystopian Dreams (NYTimes) Egypt Sentences Lebanese Tourist to 8 Years in Prison for Facebook Video (NYTimes) The Complexity of Simply Searching For Medical Advice (WiReD) According to Apple's digital assistant Siri, Marvel comic book legend Stan Lee had apparently died on Monday (Business Insider Singapore) Risk and cost/benefit ... *Rob Slade) Employees as subjects in clinical trials (Bob Fenichel) Re: Google is training machines to predict when a patient will die (John R. Levine, Richard M Stein, John R. Levine) RISKS 30.76 Friday 20 July 2018 Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (Kim Zetter) Rosenstein reveals how the Justice Department is fighting attacks on US elections (CNBC) How the Russians hacked the DNC and passed its emails to WikiLeaks (WashPo) Russia exploited Twitter for disinformation as early as 2014, targeting local news (Boingboing) We've unleashed AI. Now we need a treaty to control it. (latimes.com) AI Innovators Take Pledge Against Autonomous Killer Weapons (npr.org) The cameras that know if you're happy - or a threat (bbc.com) Millions of Verizon customer records exposed in security lapse (ZDNet) Ticketmaster breach was part of a larger credit card skimming effort, analysis shows (ZDNet) Doctors, hospitals sue patients posting negative online comments (USA Today) Facial Recognition Shows Promise for Data Center Security (EWeek) Shutting down an entire ATM network (JapanTimes) Some food stamp recipients may soon lose access to farmers market benefits (WashPo) Tesla Powerwall2 home battery hacking? (Henry Baker) China Expands Surveillance of Sewage to Police Illegal Drug Use (Scientific American) Hunting the Con Queen of Hollywood (Hollywood Reporter) Micro SD cards silently switching to read-only when they're "too old" (Benoit Goas) Birds are making expensive roaming calls (The Register) Robo-calls are getting worse. And some big businesses soon could start calling you even more. (WashPo) Smart Mouthguard Senses Muscle Fatigue (Scientific American) Risks on a Friday the 13th ... (Rob Slade) We're not allowed to die anymore (NYTimes) 'Data is a fingerprint': why you aren't as anonymous as you think online (Olivia Stein) Re: FACEPTION (Rob Slade) Re: Employees as subjects in clinical trials (Dmitiri Maziuk) Re: Video: Gavin Williamson hilariously interrupted by Siri (Amos Shapir) Sami Saydjari: Engineering Trustworthy Systems (PGN) RISKS 30.77 Monday 30 July 2018 California Wants to Reinvent the Power Grid. So What Could Go Wrong? (NYTimes) Reporter Shows The Links Between The Men Behind Brexit And The Trump Campaign (NPR) Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say (WSJ) Israeli researchers say they've found better way to spot malicious emails (The Times of Israel) Man in the middle (Forbes e-news) Senator vs. Flash (Fortune) Decade-Old Bluetooth Flaw Lets Hackers Steal Data Passing Between Devices (Dan Goodin) Today, 100 Americans Will Likely Die on Our Roads (New York Times) The Ordinary License Plate's Days May Be Numbered (NYTimes) LifeLock Bug Exposed Millions of Customer Email Addresses (Krebs) For Sale: Survey Data on Millions of High School Students (NYTimes) First Ringless Voicemail Message TCPA Decision Sides With Plaintiff (Manatt) Travelodge data hacked in 'security incident' (The Caterer) Indictment: Wichita Attorney Brad Pistotnik, software engineer charged in alleged cyberattacks (KWCH) When a Stranger Decides to Destroy Your Life (Gizmodo) Second-hand land rover data may stay under control of first owner (The Register) This company is building a massive pack of robot dogs for purchase starting in 2019 (WashPo) Waymo partners with Walmart to shuttle customers in self-driving cars (WashPo) Cox phone service alert (Gabe Goldberg) Nintendo to ROM sites: Forget cease-and-desist, now we're suing (Ars Technica) Venmo's terrible idea (Ars Technica) Boston woman temporarily becomes a millionaire after an account mix-up (The Boston Globe) A few extra zeroes causes a big headache (The Boston Globe) Uber driver is livestreaming riders without their knowledge or consent (StL Today via Lauren Weinstein) Wild About Tech, China Even Loves Robot Waiters That Can't Serve (NY Times) MASSIVE ethical failure and privacy violation by Dropbox (WiReD) Was It Ethical for Dropbox to Share Customer Data with Scientists? (WiReD) Why is Google Translate spitting out sinister religious prophecies? (Motherboard) Google DRM for Email can be disabled by ticking a few boxes in Firefox (Boing Boing) How Google's Safe Browsing Helped Build a More Secure Web (WiReD) Orrin Hatch tweeted at Google that he's not dead (Insider) Nationals' Trea Turner is the latest MLB player to have ugly tweets uncovered (WashPo) Braves' Sean Newcomb addresses ugly old tweets right after just missing a no-hitter (WashPo) Data allowing people to print out their own guns temporarily blocked from Internet in PA, after legal pressure. (WashPo) Re: employees as subjects in clinical trials (Robert R. Fenichel) A few short replies to RISKS-30.76 (Jeff Jonas) RISKS 30.78 Wednesday 1 August 2018 Facebook says it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections (WashPo) How Silicon Valley Became a Den of Spies (Zach Dorfman) Amazon Face Recognition Falsely Matches 28 Lawmakers With Mugshots, ACLU Says (Sam Levin) Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security (SSRN) The robot chemist that does its own research (bbc.com) How a Hacker Allegedly Stole Millions by Hijacking Phone Numbers (Motherboard) How Cryptojacking Can Corrupt the Internet of Things (Scientific American) Cyberinsurance (Rob Slade) Vaginal Laser Treatments Can Cause Burns and Scarring, the FDA Says (New York Times) Federal judge blocks posting of blueprints for 3-D printed guns hours before they were to be published. (WashPo) Re: "I hacked your webcam and have naughty videos of you" scam (Jose Maria Mateos) Re: The Ordinary License Plate's Days May Be Numbered (Amos Shapir) Re: Robo-calls are getting worse. (Chris Drewe) I did not say that (Dimitri Maziuk) RISKS 30.79 Wednesday 8 August 2018 The Midterm Elections Are in Serious Danger of Being Hacked, Thanks to Trump (Mother Jones) West Virginia to introduce mobile phone voting for midterm elections (Money.CNN) Election screw-up (McClatchy) Traceability (Vint Cerf) Putin is afraid of one thing ... (Michael Morell) FBI charges 3 Ukrainians with hacking U.S. chains, stealing customers' credit card data. (WashPo) Old credit-bureau breaches (The New York Times) Tech Company Sees Autonomous GA Aircraft (Russ Niles) 2 Blasts, a Stampede and a 'Flying Thing': Witnesses Tell of Attack on Maduro (NYTimes) An Alaskan borough turns to typewriters and handwriting after its computers were hacked (WashPo) HP Inkjet Printers Remote CodeEx (HP) "German police hacking hit by volley of complaints: Can 'state trojan' law survive?" (ZDnet) Disney's 'Christopher Robin' Won't Get China Release Amid Pooh Crackdown (Hollywood Reporter) South Korea longs for a train to Europe but U.S. sanctions on North Korea block the way (WashPo) Magical thinking about machine learning won't bring the reality of AI any closer (The Guardian) Keeping Zuckerberg Safe Now Costs an Extra $10 Million a Year (Bloomberg) Your Company Needs a Digital Ombudsman. Pronto. (Medium) To Fight Fake News, SETI Researchers Update Alien-Detection Scale (SciAm) An Alaskan borough turns to typewriters and handwriting after its computers were hacked. (WashPo) UK F-35 secrets said leaked after Tinder account hacked (The Times of Israel) "New Wi-Fi attack cracks WPA2 passwords with ease" (Charlie Osborne) How a bunch of lava lamps protect us from hackers (WiReD) The Information on School Websites Is Not as Safe as You Think (NYTimes) Rich Irony from an "Unwitting" Liar (Henry Baker) Socially engineering a whale ... (Rob Slade) Re: The Ordinary License Plate's Days May Be Numbered (Wol) Re: Employees as subjects in clinical trials (Robert R. Fenichel) RISKS 30.80 Saturday 18 August 2018 BlockChain Security (Rob Slade) How Blockchain is Empowering Cyberpunks and Governments Alike (Bloomberg) Is a Truly Decentralized Internet Possible? How It Could Work With Blockchain (MakeUseOf) West Virginia to offer mobile blockchain voting app for overseas voters in November election. (WashPost) An 11-Year-Old Changed The Results Of Florida's Presidential Vote At A Hacker Convention. Discuss. (BuzzFeed News) Can hackers tamper with your vote? Researchers show it's possible in nearly 30 states (McClatchy) Hacking the US mid-terms? It's child's play (BBC.com) Are Blockchains the answer for secure elections? Probably not! (Scientific American) Russian Military Spy Software is on Hundreds of Thousands of Home Routers (Defense One) In-the-wild router exploit sends unwitting users to fake banking site (Ars Technica) Not all level-2 edriver assists are equal, IIHS finds after testing. (Ars Technica) How China Found CIA Spies Leak (David Choi) Blowing spy networks (Foreign Policy) Hacking firm sues ex-employee over work on antidote to its spyware (Straits Times) A New Pacemaker Hack Puts Malware Directly On the Device (WiReD) Foreshadow, which foreshadows the depth of our security problems (PGN) God/NSA Mode backdoors (Paul Wagenseil) Black Hat: IoT Control Hubs Expose Smart City Systems to Risk (E-Week) Netflix launches tool for monitoring AWS credentials. (Techtarget) A Botnet of Smart Irrigation Systems Can Deplete a City's Water Supply (HelpNetSecurity) Fax machines may be vulnerable to hackers, new report finds (WashPo) The wild and wacky world of cyber-insurance (Web Informant) Apple Invents an Augmented Reality Windshield that will even Support FaceTime Calls between Different Vehicles (Patently Apple) AOL & Verizon (CNET) Florida man arrested in alleged multi-state SIM card hacking ring (The Verge) "Instagram hack is locking hundreds of users out of their accounts" (Charlie Osborne) Child drownings in Germany linked to parents phone fixation (The Guardian) Non-disclosure (Rob Slade) Ohio Council Member Wants to Implant Microchips in People Awaiting Trial (The Appeal) Mozilla wipes 23 Firefox add-ons off the map for tracking user activity (Charlie Osborne) Everybody hates their cable company, unless the company is Google, or the city, or a tiny mom-and-pop (Boingboing) WPA3: How and why the Wi-Fi standard matters (HPE) Google records your location even when you tell it not to (AP) A Tweet About Hacking Gets a Google Engineer in Trouble (WiReD) When I say "because" my cellphone types it as "cuz" (Dan Jacobson) Ahoy! Software banning ahead! (TorrentFreak) Taiwanese cops give malware-laden USB sticks as prizes for security quiz (The Register) Computerized Chemical Toxicity Prediction Beats Animal Testing (Scientific American) Hacking a Brand New Mac Remotely, Right Out of the Box (WiReD) Yet another squirrel incident (vtdigger) What3words: putting geographical addresses behind a closed API (Dan Jacobson) The Flourishing Business of Fake YouTube Views. (TheNewYorkTimes) Machine Learning Can Identify the Authors of Anonymous Code (WiReD) "Apple macOS vulnerability paves the way for system compromise with a single click" (Charlie Osborne) Hey you kids! Get off my LAWN! (Rob Slade) Police body cam problems (Rob Slade) Hackers can infiltrate police body cameras to tamper with evidence (Charlie Osborne) All that's old is new again -- was: How a bunch of lava lamps protect us from hackers (Jeremy Epstein) RISKS 30.81 Saturday 25 August 2018 Verizon throttled fire department's unlimited data during California wildfire (Ars Technica) Blowing smoke? (Rob Slade) How social media took us from Tahrir Square to Donald Trump (Zeynep Tufekci) SwissPost invites you to hack a developing online voting system (PGN) Tech Giants Are Becoming Defenders of Democracy. Now What? (WiReD) As Facebook Use Goes Up in Germany, So Do Attacks on Refugees (NYtimes) Researchers Help Close Security Hole in Popular Encryption Software (John Toon) This firm already microchips employees. Could your ailing relative be next? (WashPo) New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds (Bleeping Computer) Software fault discovered -- never-tested "race" condition (ProRail) Edge case paralyses train network around Amsterdam (ProRail) Hackers Target Fax Machines (Miranda Moore) Just say no: Wi-Fi-enabled appliance botnet could bring power grid to its knees. (Ars Technica) Hack attempt on DNC voter database was a false alarm. (WashPo) 1,464 Western Australian government officials used Password123 as their password (WashPo) Facebook Identifies New Influence Operations Spanning Globe. (NYTimes) Google sued for tracking you, even when 'location history' is off (Liam Tung) As Cars Collect More Data, Companies Try to Move It All Faster (NYTimes) Self-driving cars need to learn how humans drive (NPR.org) Blockchain Security (Rob Slade) Bitcoin and Ether are both down more than two-thirds from their peaks. (Ars Technica) Cellphones, blockchain, Bitcoin ... bingo. (Fortune) Improved keyless entry system could replace car key fob with iPhone (Gabe Goldberg) I just hacked a state election. I'm 17. And I'm not even a very good hacker (River O'Connor) In fight against ISIS's propaganda machine, raids and online trench warfare (WashPo) The Font Which Toppled a Government (Now I Know) Expiration of Major Cybersex Patent Could Set Off Explosive Innovation (Fortune) Watch that browser add-on (Web Informant) Credit-card skimmers now need to fear the Reaper. (Ars Technica) Caring for Aging Parents, With an Eye on the Broker Handling Their Savings (NYTimes) Comments on RISKS-30.79 (Chris Drewe) Re: Yet another squirrel incident (Gene Wirchenko) Re: Second-hand Land-Rover data may stay under control of first owner (Genoit Goas) Re: What3words: putting geographical addresses behind a closed API (Eli the Bearded) Re: Child drownings in Germany linked to parents phone fixation (Wendy M. Grossman) RISKS 30.82 Tuesday 4 September 2018 Five Eyes' governments call on tech giants to build encryption backdoors -- or else (TechCrunch) The Untold Story of NotPetya, the Most Devastating Cyberattack in History (WiReD) Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers (NYTimes) US accuses China of 'super aggressive' spy campaign on LinkedIn (CNBC) E.U. Will Let Countries Decide Whether to Use Daylight Saving (NYTimes) How FireEye Helped Facebook Spot a Disinformation Campaign (NYTimes) Europe Worries as Facebook Fights Manipulation Worldwide (NYTimes) Hackers Stole Personal Data of 2 Million T-Mobile Customers (Motherboard) Facebook Bans Quiz App That Captured Data of Four Million Users (WSJ) White House "looking at" whether to regulate Google search (CBS) Didi Chuxing suspends Hitch service after passenger murder (ZDnet) U.S. students need a cellphone detox (WashPo) A disturbing photo and a leaky can of pepper spray ruined this flight to Hawaii (CNN) Linux Kernel Developer Criticizes Intel's Meltdown Disclosure (E-Week) 3-D Printed Gun Plans Must Stay Off Internet for Now, Judge Rules (NYTimes) Racist Robocalls Target Andrew Gillum, Democratic Nominee for Florida Governor (NYTimes) Groundbreaking algorithm to share data without breaching privacy (AE) Electric shock collars for pets to be banned (bbc.com) How do you get people to trust autonomous vehicles? This company is giving them virtual eyes. (WashPo) U.S. regulation of auto technologies (Car and Driver) Franken-algorithms: the deadly consequences of unpredictable code (TheGuardian.com) Re: Self-driving cars need to learn how humans drive (Amos Shapir) Re: Self driving cars (Dick Mills) Comment on Improved keyless entry system could replace car key fob with iPhone (JC Cantrell) Re: Yet another squirrel incident (Dan Jacobson) Re: SwissPost invites you to hack a developing online voting system J0hn Levine) Re: Caring for Aging Parents, With an Eye on the Broker Handling Their Savings (John Levine) Re: Comments on RISKS-30.79 (David E. Ross) Re: What3words: putting geographical addresses behind a closed API (Amos Shapir) RISKS 30.83 Thursday 13 September 2018 Takeaways from Bruce Schneier's new book (Tim Starks) How to Rig an Election (Victoria Collier, Harpers) John Kerry: 2004 Vote Tampering in Ohio? (PGN) Crypto Wars, Again -- and again, and again, and again ... (Rob Slade) MSpy, Which Builds Software To Spy On Phones, Allegedly Leaked Millions Of Records (Gizmodo Australia) Officials unveil new facial recognition system at Dulles International Airport (WashPost) Israel's National Insurance suspends plan for spy system (Haaretz) Your canines' barks may be worse then their bites (DefenseOne) Japan Embraces eVTOL Vision (Mary Grady) "Tesla sued: Woman wants $300k for crashing on Autopilot while reading phone" (Liam Tung) Driver: GPS Made Me Go Wrong Way Onto I-93, Crash (Patch) Wireshark fixes serious security flaws that can crash systems (Charlie Osborne) "Premera Blue Cross accused of destroying evidence in data breach lawsuit" (ZDnet) Vicious Rumors Spread Like Wildfire On WhatsApp -- And Destroyed A Village (Buzzfeed) "Vodafone: You used 1234 as your password and were hacked? You cover the cost" (Charlie Osborne) "MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys" (Catalin Cimpanu) Tens of iOS apps caught collecting and selling location data (ZDNet) The EU's copyright plans will let anyone mass-censor the Internet (Boingboing) The story of why Chrome and Firefox will soon block sites with certain SSL certificates (Templarbit) While Cybercriminals Continue To Target Real Estate Transactions, Take These Protective Measures (Forbes) The explosive problem with recycling old electronics (WashPo) Didi Chuxing introduces new safety measures after passenger death (Cyrus Lee) Are Digital Devices Altering Our Brains? (Scientific American) These People Were Just Trying To Get To Maui When They Got On Horrible Flight Where Everything Went Wrong (Buzzfeed) BA Hack Leaves Airline Open to Fines Under Tough Data Rules (Bloomberg) New Home Dream Destroyed: Fraud Victims Fighting Back After Losing $89,000 (NBC Bay Area) Google's Doors Hacked Wide Open By Own Employee (Forbes) São Paulo subway operator gets sued for collecting passenger data (Angelica Mari) Frustration and Finger-Pointing as GOP Pulls Out of Deal Talks on Hacked Materials (NYTimes) Huawei busted for cheating over P20, Honor Play performance benchmarks (Liam Tung) A stranger meant to donate $15 to a GoFundMe page. He accidentally gave more than $15,000 (WashPost) "'Father of Zeus' Kronos malware exploits Office bug to hijack your bank account" (Charlie Osborne) Logged off: meet the teens who refuse to use social media (The Guardian) Watch: Rascally Rat Jumps and Pulls Fire Alarm at DC Condo (NBC DC) Two Daily WTF Comments (Gene Wirchenko) Re: How FireEye Helped Facebook Spot a Disinformation Campaign (Richard Stein) Re: How do you get people to trust autonomous vehicles? (Martyn Thomas) Re: What3words: putting geographical addresses behind a closed API (Dan Jacobson) Re: Personal domain names (Keith F. Lynch) Re: The Untold Story of NotPetya, the Most Devastating Cyberattack in History (Dan Jacobson) RISKS 30.84 Friday 28 September 2018 The Plot to Subvert an Election (NYTimes) In Georgia, a legal battle over electronic vs. paper voting (WashPo) Wisconsin Officials Prepare for Potential Election Hackers (USNews) Here's the science behind the Brexit vote and Trump's rise (Michele Gelfand, The Guardian) Democrat pushes changes to protect senators' personal accounts from continued threats (WashPo) Electronic temporary registration (Phil Smith III) GM Recalls One Million Pickups and SUVs in U.S. for Crash Risk (WSJ) How Can AI Help to Prepare for Floods in a Climate-Changed World (SciAm) Major Japanese ramen chain's logo confuses Honda cars' AI (Master Blaster) Florence: At least 13 deaths reported as storm slogs across Carolinas (WashPo) EU Preliminarily Passes Horrific Articles 11 & 13 (Lauren Weinstein) Seeing Is Now Not Believing Anymore: Researchers Come Out With Yet Another Unnerving, New Deepfake Method (Gizmodo) Google Knows Where You've Been, but Does It Know Who You Are? (NYT) Uber Glitch Stops Payments To Drivers, Prices Surge (Slashdot) Bay Area city blocks 5G deployments over cancer concerns (TechCrunch) Elon Musk said a Tesla could drive itself across the country by 2018. One just crashed backing out of a garage (LATimes) Phishing attacks are targeting students' financial aid, officials say (WashPo) Stealing From a Cashierless Store -- Without You, or the Cameras, Knowing It (New York Times) New Research Can Identify Extremists Online, Even Before They Post Dangerous Content (ForensicMag) Weather Channel: Seeing Is Not Believing, Take 2 (GatewayPundit) Bug in Bitcoin code also opens smaller cryptocurrencies to attacks (ZDNet) Quantum computing may *not* be better ... (Rob Slade) What cardiologists think about the Apple Watch's heart-tracking feature (WashPo) "This Windows file may be secretly hoarding your passwords and emails" (ZDnet) Bloat (Rob Slade) How to Keep Forever the Music, Movies or Ebooks You 'Buy' on Amazon or iTunes (Gabe Goldberg) Re: "Are Digital Devices Altering Our Brains? (Gene Wirchenko) RISKS 30.85 Tuesday 2 October 2018 Kim Zetter, The Crisis of Election Security (NYTimes) Voting Machine Used in Half of U.S. Is Vulnerable to Attack (WSJ) Facebook hack exposed info on up to 50 million users (Engadget) Don't go to New Zealand (Henry Baker) Feds Force Suspect To Unlock Apple iPhone X With Their Face (Forbes) Facebook wins court battle over law enforcement access to encrypted phone calls (WashPost) A Quebecer spoke out against the Saudis -- then learned he had spyware on his iPhone (CBC) "Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12" (ComputerWorld) Criminal Behavior: How Facebook Steals Your Security Data to Violate Your Privacy (Lauren Weinstein) "Uber to pay $148 million in settlement over 2016 data breach and cover-up" (ZDNet) "Telstra refunds customers AU$9.3m for billing practices" (Corinne Reichert) "Monero bug could have allowed hackers to steal massive amounts of cryptocurrency" (Catalin Cimpanu) "Wendy's faces lawsuit for unlawfully collecting employee fingerprints" (Catalin Cimpanu) "Man gets two years in prison for sabotaging US Army servers with 'logic bomb'" (Catalin Cimpanu) Coding Error Sends 2019 Subaru Ascents To the Car Crusher (Slashdot) AI security camera detects guns and identifies shooters (zdnet) Will LA's Anti-Terrorist Subway Scanners Be Adopted Everywhere (Scientific American) Delta 'Technology Issue' Temporarily Disrupts Travel and Enrages Customers (NYTimes) The scientific method (NPR) Instagram has a drug problem. Its algorithms make it worse. (WashPost) Why buy bankrupt corporate servers on craigslist when you can "rent the room" containing them? (Kelly Bert Manning) Road to Zero: A Vision for Achieving Zero Roadway Deaths by 2050 (NSC) Sometimes still good to have international borders indicated on maps (Dan Jacobson) Tardy responses, security failings led to SingHealth breach (StraitsTimes) Perspective: A Heart Device Can Save Lives, But Doctors Need To Explain The Downsides (NPR.org) Re: Randomized clinical trial of epinephrine in treatment of cardiac arrest (Robert R. Fenichel) Re: bloat (Dmitri Maziuk) Re: How do you get people to trust autonomous vehicles? (Richard Stein) Re: Bay Area city blocks 5G deployments over cancer concerns (Richard Stein) Report on Artificial Intelligence and Human Rights: Opportunities and Risks (Raso et al.) RISKS 30.86 Thursday 11 October 2018 Doctors are surprisingly bad at reading lab results. It's putting us all at risk. (WashPost) FDA approves over-the-counter hearing aid from Bose (endgadget) Russian hackers were caught in the act -- and the results are devastating (WashPost) Chinese chip spying report shows the supply chain remains the ultimate weakness (TechCrunch) Chipping away at the spy business ... (Rob Slade) "The one serious MacBook Pro security flaw that nobody is talking about" (David Gewirtz) Microsoft Delays Latest Version of Windows 10 After Reports of Mass File Deletion (Gizmodo) Noise about Quiet Skies program (The Boston Globe) If a Vizio TV spied on what you watch, you might be in line for a cash payout (The Los Angeles Times) "Mission impossible: Can you regain access after Twitter lockout?" (Michael Krigsman) Lapses in IT systems, organisations must be fixed (P.M. Lee) Fitbit data used to charge US man with murder (BBC) The Next Great Digital Extinction (WiReD) New Macbooks and Imacs will brick themselves if they think they're being repaired by an independent technician (BoingBoing) Weak passwords banned in California from 2020 (BBC News) More than 250 people worldwide have died taking selfies, study finds (WashPost) Facebook Hack Puts Thousands of Other Sites at Risk (NYTimes) System upgrade means more calls etc. (Donald Mackie) "What real people think about the iPhone XS" (ZDNet) Mortgage fraud is getting worse as more people lie about their income (CNBC) Dealing with spam callers (Lauren Weinstein) Huh? Carbon Dioxide Emissions Raise Risk of Satellite Collision That sign telling you how fast (Richard Stein) My Wed 30 Apr 2014 warning: back in the news!! (Yvo Desmedt) Molecule resonance and cellphone radiation (Alan Louis Scheinine) Declaration of Internet Rights -- Italian Parliament (Karl Auerbach) Re: Don't go to New Zealand (Dan Jacobson) Re: How do you get people to trust autonomous vehicles? (Barry Gold) RISKS 30.87 Friday 19 October 2018 Election Integrity (The New Yorker Radio Hour) Election Security (Paul Burke) "US voter records from 19 states sold on hacking forum" (ZDNet) Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable to Attack, GAO Says (NPR) US weapons systems can be 'easily hacked' (BBC News) "Why Internet Tech Employees Are Rebelling Against Military Contracts (Lauren Weinstein) Sky battles: Fighting back against rogue drones (bbc.com) "Autonomous cars on US roads with no brake pedals, steering wheels just edged closer" (ZDNet) Why you have (probably) already bought your last car (bbc.com) Ford tests technology that could render traffic lights obsolete (autoblog.com and ieee.org) Amazon Atlas (Gabe Goldberg) Turkey obtains recordings of Saudi journalist's purported killing (Yahoo) Apple VoiceOver iOS vulnerability permits hacker access to user photos (Charlie Osborne) Code Signing: Did Someone Hijack Your Software? (Forbes) When Your Boss Is an Algorithm (The New York Times) Facebook's former security chief warns of plan to help solve negative impacts (WashPost) The Eight Best Smart Plugs to Buy in 2018 (Lifewire) The impending war over deepfakes (Axios) What the heck is it with Windows updates? (Computerworld) Proof-of-concept code published for Microsoft Edge remote code execution bug (ZDNet) Donald Daters (Naked Security) Paramedic agrees Apple Watch Series 4 will save lives; false positives not a problem (9to5Mac) Genome Researchers Show No One's DNA Is Anonymous Anymore (Megan Moteni) Algorithms Designed to Fight Poverty Can Actually Make It Worse (Scientific American) Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (ZDNet) Experian credit freeze unfrozen by hackers? (Veridium) DC Think Tank Used Fake Social Media Accounts, A Bogus Expert, And Fancy Events To Reach The NSA, FBI, And White House (BuzzfeedNews) I fell for Facebook fake news. Here's why millions of you did, too. (WashPost) Jury duty (Rob Slade) Re: Molecule resonance and cellphone radiation (Richard Stein) Re: Fwd: NYTimes: The Auto Industry's VHS-or-Betamax Moment? (Gabe Goldberg) Re: innumeracy, or More than 250 people worldwide have died taking selfies (John R. Levine) RISKS 30.88 Tuesday 23 October 2018 Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD) Internet of Things (Don Wagner) Toward Human-Understandable, Explainable AI (computer.org) When AI Misjudgment Is Not an Accident (Scientific American) Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van will scoop you up afterward. (WashPost) 3D Printers Have Fingerprints, a Discovery That Could Help Trace 3D-Printed Guns, Counterfeit Goods (University of Buffalo) SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday) Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet) Disrupting cyberwar with open-source intelligence (HPE) U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (NYTimes) Twitter publishes dump of accounts tied to Russian, Iranian influence campaigns (Ars Technica) Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes) Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes) IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang) Microsoft's problem isn't how often it updates Windows -- it's how it develops it (Ars Technica) Susan Wojcicki on the EU's horrific Article 13 (Lauren Weinstein) Now Apps Can Track You Even After You Uninstall Them (Bloomberg) These Researchers Want to Send Smells Over the Internet (ieee.org) Risks of voting systems (Stewart Fist) Re: Election Security (John Levine, Paul Burke) Re: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months (Keith Medcalf) RISKS 30.89 Tuesday 30 October 2018 MTR East Rail disruption caused by failure of both primary and backup (Hong Kong Free Press) Train stops in exactly the wrong place (Mark Brader) Texas straight-ticket voters report ballot concerns (Arthur Flatau, MikeA) Australian risks of voting systems (Sheldon) Re: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections (Monty Solomon) Tech support -- Hubble telescope (Rob Slade) Login glitch behind Tokyo Stock Exchange snafu (Nikkei Asian Review) State surveillance company leaked its own data, its customers' data, and its customers' victims' data (BoingBoing) "New Windows 10 1809 bug: Zip data-loss flaw is months old but Microsoft missed it" (Liam Tung via Gene Wirchenko) Driverless cars: Who should die in a crash? (bbc.com) Every minute for three months, GM secretly gathered data on 90,000 drivers' radio-listening habits and locations (BoingBoing) Surgery students 'losing dexterity to stitch patients' (bbc.com) In Cyberwar, There are No Rules (Foreign Policy) Lawmakers Seek Review of Pentagon Contract Thought to Favor Amazon (WiReD) The customer is always right ... re: Apple iPhones (Rob Slade) Fun with source code (Medium) A Dark Consensus About Screens and Kids Begins to Emerge in Silicon Valley (The New York Times) When Trump Phones Friends, the Chinese and the Russians Listen and Learn (NYTimes) Apple appears to have blocked GrayKey iPhone hacking tool (Lucas Mearian) Re: Toward Human-Understandable, Explainable AI (DJC) Re: Explainable AI Simulation for AVs (Richard Stein) RISKS 30.90 Thursday 2 November 2018 Oops! on RISKS issues with missing subject lines (PGN) "Why a Helium Leak Disabled Every iPhone in a Medical Facility" (Daniel Oberhaus) Chinese spies orchestrated massive hack that stole aviation secrets (Ars Technica) How'd this government agency get infected with malware? 9,000 pages of porn. (WashPost) The spreading scourge of broken SSL implementation (Mark Thorson) Feds took woman's iPhone at border, she sued, now they agree to delete data (Ars Technica) Feds Also Using 'Reverse Warrants' To Gather Location/Identifying Info On Thousands Of Non-Suspects (TechDirt) The ethics of who to kill in a crash ... (Rob Slade) Robot backpack: How this Fusion bot aids collaboration (bbc.com) Bolton says he is conducting offensive cyber-action to thwart would-be election disrupters (WashPost) A new study finds potentially manipulative ads in apps for preschoolers (WashPost) Re: Explainable AI Simulation for AVs (Amos Shapir) Re: Toward Human-Understandable, Explainable AI (Richard Stein) RISKS 30.91 Tuesday 6 November 2018 Like clockwork: How daylight saving time stumps hospital record keeping (Sydney Lupkin) Daylight Savings results in hospital records shutdown (New Yorker) How Daylight Saving Time Messes With Hospitals (Fortune) File-Sharing Software on State Election Servers Could Expose Them to Intruders (ProPublica) Your brain: The next hacking frontier (TechBeacon) Selfie attempt results in damage to artwork by Dali and Goya (CNN) Facebook adding extra CGI parameters to other people's links (ycombinator) What it's like to use Tesla's newest self-driving tech (Gabe Goldberg) Why Big Tech pays poor Kenyans to programme self-driving cars (bbc.com) EU border `lie detector' system criticised as pseudoscience (The Guardian) Credit Card Chips Have Failed to Halt Fraud, Survey Shows (Fortune) Check this out: Radisson Hotel Group 'fesses up to `security incident' (The Register) A new study finds potentially manipulative ads in apps for preschoolers (WashPost) Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability (Cisco) The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box. (The Register) T Wi-Fi kit bit by TI chip slip: Wireless gateways open to hijacking via BleedingBit chipset vulnerability (The Register) ISP pissed at Elsevier Takedowns/blocks, so... (danny burstein) Re: Ethics of whom to kill (Wol) Re: Explainable AI Simulation for AVs (Richard Stein, Erling Kristiansen) Re: Toward Human-Understandable, Explainable AI (John Beattie) Re: Driverless cars: Who should die in a crash? (John Beattie) Re: The spreading scourge of broken SSL implementation (Sergio Gelato, Julian Bradfield) Jury duty, recidivus (Rob Slade) RISKS 30.92 Wednesday 21 November 2018 Commentary on Florida Election Recounts (Rebecca Mercuri) 670 ballots in a precinct with 276 voters, and other tales from Georgia's primary (MSN) Voting Machine Manual Instructed Election Officials to Use Weak Passwords (Kim Zetter) Electionland/ProPublica had a lovely collection of election problems already in the wee hours of election evening (PGN) At Doomed Flight's Helm, Pilots May Have Been Overwhelmed in Seconds (NYTimes) Boeing issues warning on potential instrument malfunction after Indonesia crash (WashPost) A Runway Train Traveled 57 Miles Through Australia's Outback (WiReD) Rules of the Road Evade Driverless Cars (WashPost) Siri Shortcuts can now be used with the VW Car-Net app to remotely control a vehicle (AppleInsider) Russia suspected of jamming GPS signal in Finland (BBC) Why Google Internet Traffic Rerouted Through China and Russia (WiReD) Operation Infektion (The New York Times) GPS week field roll-over (David Magda) System error: Japan cybersecurity minister admits he has never used a computer (TheGuardian.com) Tech CEOs Are in Love With Their Principal Doomsayer (Nellie Bowles) "IoT botnet infects 100,000 routers to send Hotmail, Outlook, and Yahoo spam" (Catalin Cimpanu) Buffer Overflows and Spectre (Henry Baker) Police decrypt 258,000 messages after breaking pricey IronChat crypto app (Ars Technica) Guns, drones, and surveillance equipment: Big Brother steps out in Tel Aviv (The Times of Israel) The House That Spied on me (Gizmodo) A DJI Bug Exposed Drone Photos and User Data (WiReD) Fake fingerprints can imitate real ones in biometric systems (The Guardian) Public Attitudes Toward Computer Algorithms (Pew Research Center) Guarding Against Backdoors and Malicious Hardware (Security Boulevard) U.S. Declines to Sign Declaration Discouraging Use of Cyberattacks (NYTimes) 'The Cleaners' Looks At Who Cleans Up The Internet's Toxic Content (npr.org) HealthCare.gov breach compromised applicants' financial, immigration data (Washington Times) Apple IDs locked for unknown reasons for a number of iPhone users (Apple Insider) Debate in Germany over allowing Chinese to bid on 5G (Taipei Times) Bug bounty (Fortune) A thing to worry about: sleep study (Tom Van Vleck) A robot scientist will dream up new materials to advance computing and fight pollution (MIT Technology Review) AI News Anchor Makes Debut In China (npr.org) 3 Crazy Excel Formulas That Do Amazing Things (MakeUseOf) Dementia risk: Five-minute scan 'can predict cognitive decline' (bbc.com) MAS issues principles to guide use of AI, data analytics in finance (The Straits Times) Awful AI is a curated list to track current scary usages of AI -- hoping to raise awareness (David Dao) Google accused of 'trust demolition' over health app (BBC) AI Could Make Cyberattacks More Dangerous, Harder to Detect (WSJ) AmazonBasics Microwave Review: It's a Little Undercooked (WiReD) Elon Musk's SpaceX wins FCC approval to put Starlink Internet satellites into orbit (WashPost) Customer Complains About Tesla Forums, Tesla Accidentally Gives Him Control Over Them (Motherboard ) Google had a secret bug (WashPost) For the first time, researchers say Facebook can cause depression (Brett Arends) Mozilla - *privacy not included (Gabe Goldberg) The digital epidemic killing Indians (bbc.com) Police: Woman remotely wipes phone in evidence after shooting (The Daily Gazette) He Helped People Cheat at Grand Theft Auto. Then His Home Was Raided. (NYTimes) MoneyGram agrees to pay $125 million for failing to crack down on fraudulent money transfers (WashPost) Report: Could Your Online Behavior Affect What You Pay for Car Insurance? (San Antonio Business Journal) Couple, homeless man in viral GoFundMe charged (BostonGlobe) The Dating Brokers (TacticalTech) Osaka woman terrifyingly attacked by intruder while playing video games in her home late at night (Sora News) Re: EMV card fraud statistics (David Alexander) Re: Ethics of whom to kill (Arthur T.) Re: Tesla (Wol) Re: Credit Card Chips Have Failed to Halt Fraud, Survey Shows (Phil Smith III) Re: Risks in Using Social Media to Spot Signs of Mental Distress (Richard Stein) Book review: You'll see this message when it is too late, by Josephine Wolff (Web Informant) RISKS 30.93 Saturday 1 December 2018 Belfast plane incident could have been 'catastrophic' (BBC News) Indonesian JT610 Flight Data (Robert Dorsett) China Copied This Russian Jet Fighter (And It Has All Sorts of Problems (Yahoo) Medical device rules need 'drastic change' to protect patients (BBC) Marriott discloses massive data breach affecting up to 500M guests (WashPost) The US Postal Service exposed data of 60 million users (TechCrunch) Constructive software engineering? (Tom Van Vleck) Israeli artificial intelligence company improves highway safety in Las Vegas (The Times of Israel) Potentially Disastrous Rowhammer Bitflips Can Bypass ECC Protections (Dan Goodin) Climate Change and the Savage Human Future (NYTimes) Now it's Office's turn to have a load of patches pulled (Ars Technica) Windows 10 October 2018 Update is back, this time without deleting your data (Ars Technica) E-commerce site is infected not by one, but two card skimmers (Ars Technica) The Snowden Legacy, part one: What's changed, really? (Ars Technica) Christmas spirit triumphs over data law (CNN) Apple pitches 9M VA medical records on iPhone format (Fortune) A Clearer Message on Cochlear Implants (NY Times) This new weapon alerts police as soon as it's fired (WashPost) How The Wall Street Journal is preparing its journalists to detect deepfakes (NiemanLab.Org) Huron Daily Tribune reporter Brenda Battel fired over voicemail for Republican candidate (John James, WashPost) You snooze, you lose: Insurers make the old adage literally true (Ars Technica) GMail's spam filter is getting vicious? (Rob Slade FCC Launches New Offensive Against Scam, Robo Calls (EWeek) Who lives with you? Facebook seeks to patent software to figure out profiles of households (Los Angeles Times) This bill includes prison for CEOs who fail to take consumer privacy seriously (Los Angeles Times) Can The Police Remotely Drive Your Stolen Car Into Custody? (Slashdot) Free Software Messiah Richard Stallman: We Can Do Better Than Bitcoin (CoinDesk) Mobile Application/Social Media Addiction Freedom Experiment (TechCrunch.com and The Economist) China Creating Gene-Edited Babies (MIT Technology Review) British Parliament seizes internal Facebook documents by threatening to jail a different CEO (Rob Slade) The Dangerous Junk Science of Vocal Risk Assessment (The Intercept) Can The Police Remotely Drive Your Stolen Car [or you?] Into Custody? (Slashdot) LinkedIn used 18 million non-user e-mails to target Facebook ads (The Verge) Study: Smart Speakers Make Passive Listeners (Melanie Lefkowitz) Re: 670 ballots in a precinct with 276 voters (David Tarabar) Re: Russia suspected of jamming GPS signal in Finland (Henry Baker) Re: Japan cybersecurity minister admits he has never used a computer (Attila the Hun) Re: Tesla (Attila the Hun) Re: Awful AI is a curated list to track current scary usages of AI (Amos Shapir) Re: The Cleaners' Looks At Who Cleans Up The Internet's Toxic Content (NPR) Book review: EFF's The End of Trust (David Strom) RISKS 30.94 Monday 3 December 2018 Volume 30 : Issue 94 Ping of Death comes to aircraft avionics (John Clear) Tesla driver asleep at the wheel on automatic (PaloAltoOnline) Overtrust as a safety issue: The dangers of Autonomous Vehicles (Don Norman) Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says (NYT) Sec. Def. Mattis: Putin tried to "muck around" with U.S. midterms (The Hill) How Trump, ISIS, and Russia have mastered the Internet as a weapon (WashPo) How creative foreign hackers crack into a vulnerable U.S. (John P. Carlin) After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology (NYTimes) Justice Department charges Iranians with hacking attacks on U.S. cities, companies (WashPost) Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor (WiRed) DriveSavers claims it can break into any locked iPhone (The Verge) Risks of Airport Wi-Fi (LATimes) How I changed the law with a GitHub pull request (ArsTechnica) When the Internet Archive Forgets (Gizmodo) Payless prank: Social media influencers thought they were buying Palessi (WashPost) "Human intelligence is needed." Want to Purge Fake News? Try Crowdsourcing (NYTimes) U.S. Asks, Are You a Terrorist? Scottish Grandfather Gives Wrong Answer (NYTimes) AI thinks like a corporation -- and that's worrying (The Economist) Chinese genomics scientist defends his gene-editing research in first public appearance (WashPost) Be careful how you make DMCA complaints (The Register) How long fumbling with cellphone before monkeys close in? (Dan Jacobson) Chinese businesswoman accused of jaywalking after AI camera spots her face on an advert (The Telegraph) EU data rules have not stopped spam emails, Nesta survey finds (The Telegraph) Re: The Cleaners' Looks At Who Cleans Up The Internet's (Richard Stein) Re: Constructive software engineering? (Toby Douglass) Re: EMV card fraud statistics (Phil Smith III) Re: GMail's spam filter is getting vicious? (Rex Sanders) Inside the futuristic restaurant where a robot has replaced the bartender (WashPost) A QA engineer walks into a bar... (Gabe Goldberg) RISKS Digest 30.95 Saturday 8 December 2018 Deadly Soul of a New Machine: Bots, AI, and Algorithms (Timothy Egan) How to train an AI (Mark Thorson) Texas straight-ticket voters report ballot concerns (Austin American Statesman) O2 outage: more than 30m mobile customers unable to get online (The Guardian et al.) Homeland Security Will Let Computers Predict Who Might Be a Terrorist on Your Plane -- Just Don't Ask How It Works (The Intercept) A Dark Consensus About Screens and Kids Begins to Emerge in Silicon Valley (NYTimes) Rudy Giuliani Says Twitter Sabotaged His Tweet. Actually, He Did It Himself. (NYTimes) Teen electrocuted while using headphones on plugged-in mobile phone (yahoo.com) Auto theft on the rise in Toronto area, and a security expert thinks he knows why (CBC News) Starbucks and passwords ... (Rob Slade) New Attack Could Make Website Security Captchas Obsolete (ACM Tech News) Teachers Say There's a Disconnect in Computer Science Education (Tina Nazerian) Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes) The backdrop of Jamal Khashoggi's killing: A chilling cyberwar (WashPost) Re: EU data rules have not stopped spam emails (DJC) Re: "Human intelligence is needed." Want to Purge Fake News? Try Crowdsourcing (Tom Russ) Re: Risks of Airport Wi-Fi (Jay Libove) RISKS 30.96 Wednesday 12 December 2018 A note on submissions to RISKS (PGN) The War on Truth Spreads (NYTimes) Annoyed Baltimore Drivers Want City To Crack Down On 'Squeegee Kids' (npr.org) Your apps know where you were last night, and they're not keeping it secret (NYTimes) The 'Weird Events' That Make Machines Hallucinate (Linda Geddes) Barclays customers can now 'switch off' spending (bbc.com) Ships infected with ransomware, USB malware, worms (Catalin Cimpanu) Taylor Swift tracked stalkers with facial recognition tech at her concert (The Verge) What Happens When You Reply All to 22,000 State Workers[?] (NYTimes) U.S. border officers don't always delete collected traveler data (Engadget.com) Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing (NYTimes) Starwood Hotels (PGN via Mabry Tyson) Why I'm done with Chrome / A Few Thoughts on Cryptographic Engineering (Cryptography Engineering) Screen Time Changes Structure of Kids' Brains: Groundbreaking study (Bloomberg) Re: Teen electrocuted while using headphones on plugged-in mobile phone (Richard M Stein) Re: Toronto auto theft ... (Steve Lamont) Re: Rudy Giuliani Says Twitter Sabotaged His Tweet (Amos Shapir) RISKS 30.97 Thursday 20 December 2018 Sneaky parrot uses Amazon Alexa to shop while owner is away (WFLA) The GPS wars are here (Foreign Policy) Both engines on Virgin Australia ATR 72 "flame out" (SMH) Drone shatters passenger jet's nose-cone, radar (RT) Uber exec warned of rampant safety problems before fatal crash (Ars Technica) Ingestible Capsule Can Be Controlled Wirelessly (MIT News) How a National Security Investigation of Huawei Set Off an International Incident (NYTimes) Apache Misconfig Leaks Data on 120 Million Brazilians (InfoSecurity) "Market volatility: Fake news spooks trading algorithms" (Tom Foremski) "Rhode Island sues Google after latest Google+ API leak" (Catalin Cimpanu) New Zealand courts banned naming Grace Millane's accused killer; Google just emailed it out. (The Guardian) Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail (Ars Technica) Turning on 2FA potentially harmful (Toby Douglass) Top 10 worst password FAILS of 2018 (CSO) She'd just had a stillborn child. Tech companies wouldn't let her forget it (Chris Matyszczyk) Thousands of Jenkins servers will let anonymous users become admins (Catalin Cimpanu) "Bing recommends piracy tutorial when searching for Office 2019" (Catalin Cimpanu) "Big Brother is driving with you!" (Rob Hull) Delivery robot bursts into flames at UC Berkeley, students hold it a vigil (SanFranChronicle) Re: Your apps know where you were last night, and they're not (Kelly Bert Manning) Re: Rudy Giuliani Says Twitter Sabotaged His Tweet (Kurt Seifried) Re: What Happens When You Reply All to 22,000 State Workers (Amos Shapir) Re: Annoyed Baltimore Drivers Want City To Crack Down On `Squeegee Kids' (Richard M Stein, John R. Levine, David Waitzman) RISKS 30.98 Friday 27 December 2018 Largest car recalls in 2018 (Car and Driver) Best Cyber Stories of 2018 (Motherboard) How Much of the Internet Is Fake? Turns Out, a Lot of It, Actually. (Geoff Goodfellow) Inspector General audit finds basic cybersecurity lax for US ballistic missile defense systems (Rob Wilcox) Our Cellphones Aren't Safe (Cooper Quintin, The New York Times) Our Cellphones Aren't Safe (2018) and The Electronic Serial Number: A cellular 'sieve' -- 'spoofers' can defraud users and carriers (June 1987) Parachutes are no better than backpacks-- randomized trial (BMJ) Facebook shared even more than previously known (NYTimes) UK security researchers find lax security in app-controlled consumer hot tubs (BBC) Apple Watch ECG is putting a lot of health control in consumers' hands (CNBC) Innovation and Immigration (W.A. Griffin on Wiiliam Kerr) Tesla Mobile Service (Rob Slade) Computers Determine States of Consciousness (Scientific American) Facebook, recidivus -- again -- and yet again .. (Rob Slade)) IRS Linux move delayed by lingering Oracle Solaris systems (ZDNet) Canada: OPC publishes guidance for organizations and individualso related to protecting personal information collected during cannabis transactions (GC) FCC Launches New Offensive Against Scam, Robo Calls (EWeek) This patent shows Amazon may seek to create a database of suspicious persons using facial-recognition technology (WashPost) Re: Sneaky parrot uses Amazon Alexa to shop ... (danny burstein) Re: Drone shatters passenger jet's nose-cone, radar (Amos Shapir) Re: The GPS wars are here (Erling Kristiansen) Re: "Market volatility: Fake news spooks trading algorithms" (paul wallich) Re: New Zealand courts banned ...; Google just emailed it out. (Dick Mills) Re: Rudy Giuliani Says Twitter Sabotaged His Tweet (Amos Shapir) Re: Risks of `Reply All' and failing to BCC (Paul Robinson) Re: She'd just had a stillborn child. Tech companies wouldn't let her forget it (Amos Shapir)