[RISKS] (no subject)

2024-04-19 Thread RISKS List Owner

[RISKS] (no subject)

2021-05-21 Thread RISKS List Owner

[RISKS] (no subject)

2021-05-04 Thread RISKS List Owner

[RISKS] (no subject)

2018-10-30 Thread RISKS List Owner 
23-Oct-2018 21:40:01-GMT,18244;
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.89

RISKS-LIST: Risks-Forum Digest  Tuesday 30 October 2018  Volume 30 : Issue 89

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

* See last item for further information, disclaimers, caveats, etc. *
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/30.89>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
MTR East Rail disruption caused by failure of both primary and backup
  (Hong Kong Free Press)
Train stops in exactly the wrong place (Mark Brader)
Texas straight-ticket voters report ballot concerns (Arthur Flatau, MikeA)
Australian risks of voting systems (Sheldon)
Re: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting
  Elections (Monty Solomon)
Tech support -- Hubble telescope (Rob Slade)
Login glitch behind Tokyo Stock Exchange snafu (Nikkei Asian Review)
State surveillance company leaked its own data, its customers' data, and
  its customers' victims' data (BoingBoing)
"New Windows 10 1809 bug: Zip data-loss flaw is months old but Microsoft
  missed it" (Liam Tung via Gene Wirchenko)
Driverless cars: Who should die in a crash? (bbc.com)
Every minute for three months, GM secretly gathered data on 90,000
  drivers' radio-listening habits and locations (BoingBoing)
Surgery students 'losing dexterity to stitch patients' (bbc.com)
In Cyberwar, There are No Rules (Foreign Policy)
Lawmakers Seek Review of Pentagon Contract Thought to Favor Amazon (WiReD)
The customer is always right ... re: Apple iPhones (Rob Slade)
Fun with source code (Medium)
A Dark Consensus About Screens and Kids Begins to Emerge in Silicon Valley
  (The New York Times)
When Trump Phones Friends, the Chinese and the Russians Listen and Learn
  (NYTimes)
Apple appears to have blocked GrayKey iPhone hacking tool (Lucas Mearian)
Re: Toward Human-Understandable, Explainable AI (DJC)
Re: Explainable AI Simulation for AVs (Richard Stein)
Abridged info on RISKS (comp.risks)

--

Date: Mon, 29 Oct 2018 22:06:46 +0800
From: Richard Stein 
Subject: MTR East Rail disruption caused by failure of both primary and
  backup (Hong Kong Free Press)

https://www.hongkongfp.com/2018/01/11/mtr-east-rail-disruption-caused-failure-primary-backup-servers/

--

Date: Mon, 29 Oct 2018 14:56:29 -0400
From: Mark Brader 
Subject: Train stops in exactly the wrong place (Modern Railways)

According to a short item on page 87 of the October issue of "Modern
Railways", on August 21 a suspected shoplifter was chased into a train
tunnel at Amsterdam's Schiphol Airport, requiring the train service to be
temporarily shut down.  But when they went to restart it, the entire
computerized train management system crashed and would not come back up.  As
a result, all trains throughout the greater Amsterdam area were halted from
some time in the evening rush hour until after midnight when the bug was
finally identified and fixed.

"It transpired", the article says, "that one train had been stopped
at exactly the point where the software determines which platform a
train should use" and hence "the software continuously detected a train
arriving at the spot and proceeded to try and allocate the non-existent
arrival (the train was already there!) 32,000 times before the system
crashed."

--

Date: Sat, 27 Oct 2018 08:07:15 -0500
From: Arthur Flatau 
Subject: Texas straight-ticket voters report ballot concerns

Austin American Statesman

The idea that using hitting a button or other control while a screen is
rendering is a user error is astounding.  If the machine incorrectly
interprets user input it is a bug plain and simple.

Amid scattered complaints by straight-ticket early voters of both parties
that their ballots did not, at first, correctly record their choice of
either Democrat Beto O'Rourke or Republican Ted Cruz for U.S. Senate, state
and local election officials are cautioning voters to take their time in
voting and check the review screen for accuracy before casting ballots.

The elections officials say the problems resulted from user error in voting
on the Hart eSlate machines widely used in Texas -- including in Travis,
Hays and Comal counties -- and are not the result of a machine glitch or
malfunction.

``The Hart eSlate machines are not malfunctioning,'' said Sam Taylor,
communications director for the Texas secretary of state's office.  ``The
problems being reported are a result of user error -- usually voters hitting
a button or using the selection wheel before the screen is finished
rend

[RISKS] (no subject)

2018-10-23 Thread RISKS List Owner 
20-Oct-2018  0:23:38-GMT,165138;0004
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.88

RISKS-LIST: Risks-Forum Digest  Tuesday 23 October 2018  Volume 30 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

* See last item for further information, disclaimers, caveats, etc. *
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/30.88>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do (WiReD)
Internet of Things (Don Wagner)
Toward Human-Understandable, Explainable AI (computer.org)
When AI Misjudgment Is Not an Accident (Scientific American)
Drink too much beer at a Dallas Cowboys game? Now a free robot-driven van
  will scoop you up afterward. (WashPost)
3D Printers Have Fingerprints, a Discovery That Could Help Trace
  3D-Printed Guns, Counterfeit Goods (University of Buffalo)
SSH Authentication Bug Opens Door If You Say You're Logged-In (ITProToday)
Hackers steal data of 75,000 users after Healthcare.gov FFE breach (ZDNet)
Disrupting cyberwar with open-source intelligence (HPE)
U.S. Begins First Cyberoperation Against Russia Aimed at Protecting
  Elections (NYTimes)
Twitter publishes dump of accounts tied to Russian, Iranian influence
  campaigns (Ars Technica)
Saudis' Image Makers: A Troll Army and a Twitter Insider (NYTimes)
Banks Adopt Military-Style Tactics to Fight Cybercrime (NYTimes)
IBM Proves a Quantum Computing Advantage Over Classical (Brian Wang)
Microsoft's problem isn't how often it updates Windows -- it's how it
  develops it (Ars Technica)
Susan Wojcicki on the EU's horrific Article 13 (Lauren Weinstein)
Now Apps Can Track You Even After You Uninstall Them (Bloomberg)
These Researchers Want to Send Smells Over the Internet (ieee.org)
Risks of voting systems (Stewart Fist)
Re: Election Security (John Levine, Paul Burke)
Re: Researcher finds simple way of backdooring Windows PCs and nobody
  notices for ten months (Keith Medcalf)
Abridged info on RISKS (comp.risks)

--

Date: Sat, 20 Oct 2018 23:01:23 -0400
From: Gabe Goldberg 
Subject: Drivers Wildly Overestimate What 'Semiautonomous' Cars Can Do
  (WiReD)

Cars are getting smarter and more capable. They're even starting to drive
themselves, a little. And they're becoming a cause of concern for European
and American safety agencies and groups. They're all for putting better tech
on the road, but automakers are selling systems like Tesla's Autopilot, or
Nissan's Pro Pilot Assist, with the implied promise that they'll make
driving easier and safer, and a new study is the latest to say that may not
always be the case. More worryingly, drivers think these systems are far
more capable than they really are.

https://www.wired.com/story/semi-autonomous-systems-safety-research-euro-ncap-thatcham/

--

Date: Sun, 21 Oct 2018 15:08:37 +0200
From: Zap Katakonk 
Subject: Internet of Things

In the Wild West, a cowboy was a man who, if he had to go a mile north,
would walk two miles south to get a horse, so he could ride there. The IoT
appears to be a product of computer cowboys.

Don Wagner <http://donwagner.dk>

--

Date: Sat, 20 Oct 2018 20:26:36 +0800
From: Richard Stein 
Subject: Toward Human-Understandable, Explainable AI (computer.org)

http://www.computer.org/csdl/mags/co/2018/09/index.html

Explainable AI (XAI), as defined by Hani Hagras, possesses these
characteristics:

"Transparency: We have a right to have decisions affecting us explained to
us in terms, formats, and languages we can understand.

"Causality: If we can learn a model from data, can this model provide us
with not only correct inferences but also some explanation for the
underlying phenomena?

"Bias: How can we ensure that the AI system has not learned a biased view of
the world based on shortcomings of the training data or objective function?

"Fairness: If decisions are made based on an AI system, can we verify that
they were made fairly?

"Safety: Can we gain confidence in the reliability of our AI system without
an explanation of how it reaches conclusions?"

These XAI characteristics, if demonstrably deterministic, can aid triage and
reconstruction of an AI platform's processing activities. A platform's XAI
compliance certification may deter and preclude worst-case, post-deployment
consequences.

AI platform publishers can serve public health and welfare by demonstrating
XAI characteristics prior to deployment. A public service that operates a
compliance simulation can enhance public safety, and reinforce social trust
for AI.  XAI certifi