RISKS-LIST: Risks-Forum Digest  Wednesday 1 December 2021  Volume 32 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/32.94>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
The End of Trust (The Atlantic)
The makers of EyeDetect promise a new era of truth-detection, but many
 experts are skeptical (WashPost)
Apple sues NSO Group over Pegasus spyware (WashPost)
The Car Key of the Future -- is still in your pocket (NYTimes)
Locked Out of God Mode, Runners Are Hacking Their Treadmills (WiReD)
Sorry I'm late, my car had a 500 error. (twitter)
Israel and Iran Broaden Cyberwar to Attack Civilian Targets (NYTimes)
India to ban almost all private cryptocurrencies including Bitcoin in new
 clampdown (Euronews)
Dutch Tax Office algorithm targeted low-income households (Kees Huyser)
Crowd-Sourced Suspicion Apps Are Out of Control (EFF)
GoDaddy says data breach exposed over a million user accounts (TechCrunch)
He Leaked U.S. Missile Secrets. It Turned Into ‘a Dark Comedy of Errors.’
 (DailyBeast)
Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD)
The Zelle Fraud Scam: How it Works, How to Fight Back (Krebs on Security)
Wikipedia Tests AI for Spotting Contradictory Claims in Articles
 (New Scientist)
Apple, Facebook, privacy, voter turnout efforts, and differential privacy
 (Rob Slade)
Google hacking (Wikipedia)
Devious *Tardigrade* Malware Hits Biomanufacturing Facilities (WiReD)
The unbearable fussiness of the smart home (staceyoniot)
YANCV: Yet Another New CoVID Variant (Rob Slade)
Re: Unconsidered automatic filtering creates damaging side-effects
 (John Levine)
Re: Scammers impersonate guest editors to get sham papers published
 (Martin Ward)
CISA Should Assess the Effectiveness of its Actions to Support the
 Communications Sector (GAO Critical Infrastructure Protection)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 27 Nov 2021 10:14:14 +0800
From: "Richard Stein" <rmst...@ieee.org>
Subject: The End of Trust (The Atlantic)

https://www.theatlantic.com/magazine/archive/2021/12/trust-recession-economy/620522/

"Trust. Without it, Adam Smith’s invisible hand stays in its pocket;
Keynes’s 'animal spirits' are muted. 'Virtually every commercial transaction
has within itself an element of trust,' the Nobel Prize–winning economist
Kenneth Arrow wrote in 1972.

"But trust is less quantifiable than other forms of capital. Its decline is
vaguely felt before it’s plainly seen. As companies have gone virtual during
the coronavirus pandemic, supervisors wonder whether their remote workers
are in fact working. New colleagues arrive and leave without ever having
met. Direct reports ask if they could have that casual understanding put
down in writing. No one knows whether the boss’s cryptic closing remark was
ironic or hostile."

Businesses deserve to fail, and governments convulse, when public trust
continues to be abused for selective advantage without accountability for
preventable technological maintenance and operational errors.

Proactive and effective Internet safeguards -- regulatory enforcement of
cybersecurity standards with strict oversight accountability for
non-compliance -- is essential to rebuild public trust, an essential social
virtue sensitized to spontaneously erode via multiple tipping points.

Every data breach, ransomware incident, and critical infrastructure assault
dilutes public trust in the Internet's utility. Without stern incentives to
comply, diminished accountability for these abuses and outrages, attributed
to both businesses and governments, feed a sense of popular
futility. Egregious and repeat oversight failures reveal their audacious
impunity.

As long as professional and business ethics remain trivialized by profit,
convenience, ignorance, and lassitude, organizational effectiveness and
accountability -- pillars of public trust resilience -- will remain
vulnerable to nefarious exploitation.

------------------------------

Date: Sat, 27 Nov 2021 15:17:52 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: The makers of EyeDetect promise a new era of truth-detection, but
 many experts are skeptical (WashPost)

Is the ocular product EyeDetect a leap ahead of the polygraph? Or just the
same dubiousness in a more high-tech box?

EyeDetect is the product of the Utah company Converus. “Imagine if you could
exonerate the innocent and identify the liars . . . just by looking into
their eyes,” the company’s YouTube channel promises. “Well, now you can!”
Its chief executive, Todd Mickelsen, says they’ve built a better
truth-detection mousetrap. He believes eye movements reflect their bearer
far better than the much older and mostly discredited polygraph. Its
popularity may be growing: The company says EyeDetect has gone from 500
customers in 2019 to 600 now.

Its critics, however, say the EyeDetect is just the polygraph in more
algorithmic clothing. The machine is fundamentally unable to deliver on its
claims, they argue, because human truth-telling is too subtle for any data
set.

And they worry that relying on it can lead to tragic outcomes, like
punishing the innocent or providing a cloak for the guilty.

EyeDetect raises a question that draws all the way back to the Garden of
Eden: Are humans so wired to tell the truth we’ll give ourselves away when
we don’t?

https://www.washingtonpost.com/technology/2021/11/15/lie-detector-eye-movements-converus/

------------------------------

Date: Tue, 23 Nov 2021 14:44:46 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: Apple sues NSO Group over Pegasus spyware (WashPost)

The lawsuit comes just weeks after the U.S. Commerce Department added
NSO to its list of entities barred from doing business with American
companies.  ...

“State-sponsored actors like the NSO Group spend millions of dollars on
sophisticated surveillance technologies without effective accountability.
That needs to change,” said Craig Federighi, Apple’s senior vice president
of Software Engineering, in a blog post announcing the lawsuit.

“Apple devices are the most secure consumer hardware on the market — but
private companies developing state-sponsored spyware have become even more
dangerous,” he wrote. “While these cybersecurity threats only impact a very
small number of our customers, we take any attack on our users very
seriously, and we’re constantly working to strengthen the security and
privacy protections in iOS to keep all our users safe.”

https://www.washingtonpost.com/technology/2021/11/23/apple-pegasus-lawsuit-spyware-nso/

------------------------------

Date: Sun, 28 Nov 2021 16:22:32 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: The Car Key of the Future -- is still in your pocket (NYTimes)

They’re in fobs or on phones, and digital or “smart,” and they can do
far more than just open doors and start the engine.

Sometimes, however, one might wish for a real key; the alternatives are
not bulletproof. Tesla drivers recently punched up the smartphone app
they use to unlock and start their cars. The app was not responding, as
a server had gone down. The Tesla key “card” would work — Tesla’s
version of a fob — but drivers who depended on their phones were stuck.
The problem was sorted out fairly quickly, and Elon Musk, the company’s
chief, tweeted apologies.

...

Several vehicle operating functions have already been outsourced to
smartphones. For example, an app for some BMWs can remotely start the
auto; it will run for 15 minutes, heating or cooling the cabin, before
automatically shutting off. But some type of hardware — a wireless fob,
round or square, with tiny buttons to open and close doors, hatches,
windows and sunroofs, and perhaps a “panic” function to set off the
car’s alarm system — will most likely remain until mobile devices
“eliminate the need for a physical piece of hardware altogether,” said
Todd Parker, director of global design for General Motors.

https://www.nytimes.com/2021/11/25/business/car-keys-fobs.html

Eliminate need for hardware? Mobile devices look to me like pieces of
"hardware", just more prone to failure or compromise than a key or fob.

------------------------------

Date: Sun, 21 Nov 2021 15:36:57 -0500
From: Gabe Goldberg <g...@gabegold.com>
Subject: Locked Out of God Mode, Runners Are Hacking Their Treadmills
 (WiReD)

NordicTrack customers were watching Netflix using a simple trick—until the
company blocked their access.

https://www.wired.com/story/nordictrack-ifit-treadmill-privilege-mode/

What next? Fox (or MSNBC)-only TV sets? Cell phones only able to call people
on same network?

------------------------------

Date: Tue, 23 Nov 2021 10:22:16 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Sorry I'm late, my car had a 500 error.

Tesla servers throwing 500 errors. People unable to unlock their cars.
https://twitter.com/switch_d/status/1461823823695777797
via
https://twitter.com/internetofshit/status/1463159474961760273

------------------------------

Date: Sun, 28 Nov 2021 05:50:48 -0500
From: Jan Wolitzky <jan.wolit...@gmail.com>
Subject: Israel and Iran Broaden Cyberwar to Attack Civilian Targets
 (NYTimes)

Millions of ordinary people in Iran and Israel recently found themselves
caught in the crossfire of a cyberwar between their countries. In Tehran, a
dentist drove around for hours in search of gasoline, waiting in long lines
at four gas stations only to come away empty.

In Tel Aviv, a well-known broadcaster panicked as the intimate details of
his sex life, and those of hundreds of thousands of others stolen from an
LGBTQ dating site, were uploaded on social media.

For years, Israel and Iran have engaged in a covert war, by land, sea, air
and computer, but the targets have usually been military or government
related.  Now, the cyberwar has widened to target civilians on a large
scale.

https://www.nytimes.com/2021/11/27/world/middleeast/iran-israel-cyber-hack.html

------------------------------

Date: Tue, 23 Nov 2021 14:41:50 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: India to ban almost all private cryptocurrencies including Bitcoin
 in new clampdown (Euronews)

India is on track to ban all but a few private cryptocurrencies after the
government announced on Tuesday it was introducing a new financial
regulation bill.

The 'Cryptocurrency and Regulation of Official Digital Currency' bill
will create a facilitative framework for an official digital currency to
be issued by the Reserve Bank of India, and ban all private
cryptocurrencies, such as Bitcoin and Ethereum.

Earlier this month, Prime Minister Narendra Modi said all democratic nations
must work together to ensure cryptocurrency "does not end up in wrong hands,
which can spoil our youth" - his first public comments on the subject.  ...

The new rules are also likely to discourage marketing and advertising of
cryptocurrencies, to dull their allure for retail investors, said an
industry source who was part of a separate parliamentary panel discussion
held on Monday.

https://www.euronews.com/next/2021/11/23/india-is-planning-to-tighten-crypto-regulation-to-deter-trading-in-a-new-clampdown-sources

But ... banning cigarette ads on TV didn't ban smoking. Cryptocurrency
"spoiling youth"? Ah, this is for the children...

------------------------------

Date: Tue, 23 Nov 2021 13:19:03 +0100
From: "Kees Huyser" <k...@huyser.net>
Subject: Dutch Tax Office algorithm targeted low-income households

The tax office specifically targeted people with low incomes when checking
for potential fraud involving childcare benefits.

Between 2013 and July 2020, the tax office used a self-learning algorithm
based on a risk classification system to decide who should face extra
checks. The system was scrapped last year following a damning report.

https://www.dutchnews.nl/news/2021/11/tax-office-singled-out-low-income-households-for-extra-fraud-checks/

------------------------------

Date: Wed, 24 Nov 2021 00:08:47 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: Crowd-Sourced Suspicion Apps Are Out of Control
 (Electronic Frontier Foundation)

Technology rarely invents new societal problems. Instead, it digitizes them,
supersizes them, and allows them to balloon and duplicate at the speed of
light. That’s exactly the problem we’ve seen with location-based,
crowd-sourced “public safety” apps like Citizen.

These apps come in a wide spectrum—some let users connect with those around
them by posting pictures, items for sale, or local tips. Others, however,
focus exclusively on things and people that users see as “suspicious” or
potentially hazardous. These alerts run the gamut from active crimes, or the
aftermath of crimes, to generally anything a person interprets as helping to
keep their community safe and informed about the dangers around them.

https://www.eff.org/deeplinks/2021/10/crowd-sourced-suspicion-apps-are-out-control

That's sure NextDoor here -- Fairfax County, VA -- which is pretty safe and
yet people exaggerate/amplify incidents to bogus catastrophic statistics and
trends.

------------------------------

Date: Mon, 22 Nov 2021 10:19:17 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: GoDaddy says data breach exposed over a million user accounts
 (TechCrunch)

GoDaddy says data breach exposed over a million user accounts

https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/

------------------------------

Date: Thu, 25 Nov 2021 10:16:06 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: He Leaked U.S. Missile Secrets. It Turned Into ‘a Dark Comedy of
 Errors.’  (DailyBeast)

A former Raytheon missile defense engineer
<https://www.thedailybeast.com/former-raytheon-missile-engineer-james-robert-schweitzer-accused-of-leaking-classified-info>
who recently pleaded guilty to leaking U.S. military secrets claims he did
so only because his desperate attempts to correct a potentially deadly
software error he accidentally made went completely unheeded by authorities.

“My approach and code were not adequately reviewed,” James Robert
Schweitzer told The Daily Beast in his first public comments since his
arrest. “I was told to ignore the anomaly that I introduced.”

The federal government, however, saw things quite differently. At the time,
Schweitzer was at loggerheads with the Pentagon over his use of medical
marijuana, which caused him to be stripped of his top secret security
clearance. Unable to continue working in his chosen field, Schweitzer, who
had hoped to stay at Raytheon until he retired, decided instead to exact
revenge on the company by exposing classified information he believed he
shouldn’t have had access to in the first place, according to prosecutors
<https://www.documentcloud.org/documents/21112618-schweitzer-dod-ig-hotline>.
The government’s court filings assert that Schweitzer’s motive was simply
to get back at Raytheon for shunting him aside. To that end, Schweitzer
told investigators he wanted to bring his supervisors down with him for
“illegally” demanding he work on a classified project.

A Missile Engineer’s ‘Dark Fantasy’ and Alleged Revenge Plot
<https://www.thedailybeast.com/former-raytheon-missile-engineer-james-robert-schweitzer-accused-of-leaking-classified-info?via=rss&source=articles_fancylink>

Today, Schweitzer, who says he sees himself not as a traitor but a
whistleblower, is still reeling from being hauled in by the feds last year,
describing the nightmarish experience as “a comedy of errors, as far as I’m
concerned—a dark comedy of errors.”

As The Daily Beast exclusively reported at the time
<https://www.thedailybeast.com/former-raytheon-missile-engineer-james-robert-schweitzer-accused-of-leaking-classified-info>,
Schweitzer, 58, was arrested and charged in December 2020 with malicious
mischief and destruction of government property for sharing “national
defense information” regarding U.S. missile sensors. Prosecutors said
Schweitzer knew some of what he exposed
<https://www.documentcloud.org/documents/21112436-usa-v-schweitzer> “could
result in American casualties abroad or in the United States,” which
Schweitzer freely admits, insisting that’s why he was so eager to sound the
alarm.

Schweitzer, a California resident, claims he reported the alleged software
bug to the DoD hotline, the Army, the FBI, and every single member of
Congress to no avail. According to him, authorities said they would take
care of it, but never did in order to save face after deploying a
supposedly broken system that was being used to, among other things,
protect the airspace in the Washington, D.C., area, and could have cost
thousands of lives. Court filings by investigators and prosecutors, who
would not comment on the case, do not mention anything about this supposed
anomaly. [...]

https://www.yahoo.com/news/leaked-u-missile-secrets-turned-225131446.html

------------------------------

Date: Wed, 24 Nov 2021 00:11:18 -0500
From: "Gabe Goldberg" <g...@gabegold.com>
Subject: Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD)

Voyeurs. Sabotaged accounts. Backdoor schemes. For years, the retail giant
has handled your information less carefully than it handles your packages.

At that very moment inside Amazon, the division charged with keeping
customer data safe for the company's retail operation was in a state of
turmoil: understaffed, demoralized, worn down from frequent changes in
leadership, and—by its own leaders' accounts—severely handicapped in its
ability to do its job. That year and the one before it, the team had been
warning Amazon's executives that the retailer's information was at risk. And
the company's own practices were fanning the danger.

According to internal documents reviewed by Reveal from the Center for
Investigative Reporting and WIRED, Amazon's vast empire of customer
data—its metastasizing record of what you search for, what you buy, what
shows you watch, what pills you take, what you say to Alexa, and who's
at your front door—had become so sprawling, fragmented, and
promiscuously shared within the company that the security division
couldn't even map all of it, much less adequately defend its borders.

https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/

------------------------------

Date: Sat, 20 Nov 2021 07:24:34 -0800
From: Tom Van Vleck <t...@multicians.org>
Subject: The Zelle Fraud Scam: How it Works, How to Fight Back
 (Krebs on Security)

Another damn thing to worry about.  Faked text messages and phone calls
"from your bank."

https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/

------------------------------

Date: Wed, 24 Nov 2021 12:05:30 -0500 (EST)
From: ACM TechNews <technews-edi...@acm.org>
Subject: Wikipedia Tests AI for Spotting Contradictory Claims in Articles
 (New Scientist)

Matthew Sparkes, *New Scientist*, 19 Nov 2021
via ACM TechNews, Wednesday, November 24, 2021

Researchers at Taiwan's National Cheng Kung University, in conjunction with
the Wikimedia Foundation, have developed artificial intelligence technology
which they say can identify contradictory claims in Wikipedia articles and
flag them for human review. The researchers found 2,321 contradiction
warnings in all English Wikipedia articles posted by March 2020. They used
80% of 1,105 examples of contradictions and solutions by human editors to
train the neural network to detect contradictions on its own. The remaining
20% of the data then was used to test the neural network, which was found to
have an accuracy rate of up to 65%.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2d791x22fa56x074532&;

  [65%???  For anyone weak in math, That means the INACCURACY rate is *at
  least* 35%, and probably much more, based on the lacunae of the approach.
  Wow!  No surprise there.  PGN]

------------------------------

Date: Mon, 22 Nov 2021 11:42:59 -0800
From: Rob Slade  <rmsl...@shaw.ca>
Subject: Apple, Facebook, privacy, voter turnout efforts, and differential
 privacy

Apple is trying to position itself as "the privacy company."  One of the
ways it is doing that is, purportedly, by using differential privacy in a
big way.

However, what Apple is *mostly* doing is making trouble for other companies
(like Facebook) trying to get user data.  Recently, Apple's iOS devices
started *not* sending click-through and other data to Facebook.

Facebook seems to have responded by *not* presenting click-thorough type ads
to iOS devices.  Which has created a problem for various advertisers,
including both political parties and social activists.

https://www.protocol.com/policy/apple-facebook-voter-turnout

The thing is, if Apple truly *were* using differential privacy, it would be
easy to resolve this fight by using "privacy by randomized response," a
protocol long used by social scientists.  Local differential privacy would
add noise to the data, but it could be mathematically removed by companies
to provide user privacy, while still allowing a lot of useful overall
consumer data to be collected.

The bottom line is, Apple, while pushing its use of differential privacy,
doesn't seem to understand it or use it effectively.  (And Facebook still
doesn't care about your privacy at all ...)

------------------------------

Date: Mon, 22 Nov 2021 15:01:50 -0500
From: Gabe Goldberg <g...@gabegold.com>
Subject: Google hacking (Wikipedia)

Google hacking, also named Google dorking,[1][2] is a hacker technique that
uses Google Search and other Google applications to find security holes in
the configuration and computer code that websites are using.[3] Google
dorking could also be used for OSINT.

"Google hacking" involves using advanced operators in the Google search
engine to locate specific errors of text within search results. Some of the
more popular examples are finding specific versions of vulnerable Web
applications. A search query with intitle:admbook intitle:Fversion
filetype:php would locate all web pages that have that particular text
contained within them. It is normal for default installations of
applications to include their running version in every page they serve, for
example, "Powered by XOOPS 2.2.3 Final".

Devices connected to the Internet can be found. A search string such as
inurl:"ViewerFrame?Mode=" will find public web cameras.

Another useful search is following intitle:index.of followed by a search
keyword. This can give a list of files on the servers. For example,
intitle:index.of mp3 will give all the MP3 files available on various types
of servers.

https://en.wikipedia.org/wiki/Google_hacking

------------------------------

Date: Mon, 22 Nov 2021 19:42:47 -0500
From: Gabe Goldberg <g...@gabegold.com>
Subject: Devious *Tardigrade* Malware Hits Biomanufacturing Facilities (WiReD)

The surprisingly sophisticated attack is “actively spreading” throughout
the industry.

When ransomware hit a biomanufacturing facility this spring, something
didn't sit right with the response team. The attackers left only a
halfhearted ransom note, and didn't seem all that interested in actually
collecting a payment. Then there was the malware they had used: a shockingly
sophisticated strain dubbed Tardigrade.

As the researchers at biomedical and cybersecurity firm BioBright dug
further, they discovered that Tardigrade did more than simply lock down
computers throughout the facility. The found that the malware could adapt to
its environment, conceal itself, and even operate autonomously when cut off
from its command and control server. This was something new.

https://www.wired.com/story/tardigrade-malware-biomanufacturing/

------------------------------

Date: Tue, 23 Nov 2021 10:40:17 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: The unbearable fussiness of the smart home (staceyoniot)

As we head into another gifting season and more and more connected devices
make their way onto gift guides, I want to offer a cautionary note. The
smart home is like a cat — mostly self-sufficient and nice to have, but also
possessing a mind of its own that can lead to frustration and confusion for
its owner. Indeed, when you gift or get a connected device, ownership turns
into active participation with the device and various other ecosystems.

What do I mean? Three weeks ago, three of my devices stopped working — all
for different reasons — and required different steps to fix them. This week,
one device suddenly start working again, another connected after some
initial struggles, and a third became so intrusive I had to move it to
another room.

This isn’t a device or brand problem. It’s an industry problem. Smart home
products look like hardware but are really software, subject to updates and
changes that will break integrations, contain bugs, and add new, unwanted
features. For most consumers, there’s a gap between what they expect from
hardware and what they get with smart home devices that leads to
dissatisfaction, returns, and poor user experiences.

For the manufacturers, there’s a lack of tools and/or research to ensure
that software updates don’t cause problems or that new features don’t
frustrate users. I’ll offer up a few examples of fussy devices to illustrate
these issues. Let me be your cautionary tale before purchasing a smart bulb
or speaker.   [...]

https://staceyoniot.com/the-unbearable-fussiness-of-the-smart-home/

------------------------------

Date: Fri, 26 Nov 2021 11:24:56 -0800
From: Rob Slade <rsl...@gmail.com>
Subject: YANCV: Yet Another New CoVID Variant

A new CoVID variant (B.1.1.529) (and named omicron, possibly to avoid "nu"
jokes) has arisen.  It *may* be more transmissible.  It *may* be that the
existing vaccines are somewhat less effective at protecting against it.

World stock markets are tumbling, and the end of the world is upon us.
Just like last time.

Look, we know how to deal with this.

I tend to use the ransomware example: it doesn't matter who is trying to
hit you with what new version of ransomware: if you've got a backup, you're
good.

The existing vaccines may be slightly less effective.  But they will be
somewhat effective, and you should get them.  Although I would add defence
in depth or layered defence.  Vaccines aren't perfect, so wash your hands.
Handwashing isn't perfect so wear a mask.  Masks aren't perfect so avoid
crowds.  It isn't *one* of the Five Heroic Acts, it's *all* of them.
https://www.who.int/campaigns/connecting-the-world-to-combat-coronavirus/safehands-challenge/5-heroic-acts

And remember the "Hitchhiker's Guide to the Galaxy": DON'T PANIC!

  [I have eschewed another rather less RISKS-relevant item from Rob on the
  naming of the COVID variants.  Who's "xi"?  What's "nu"?  omic<h>ron
  didn't show up with my NYTimes last Thursday?  PGN]

------------------------------

Date: 23 Nov 2021 15:41:27 -0500
From: "John Levine" <jo...@iecc.com>
Subject: Re: Unconsidered automatic filtering creates damaging side-effects
 (RISKS-32.93)

>have the sequence "ass" removed, yielding "pion", "ociation", and "ume",
>among others.

This is generally known as the Scunthorpe problem, after a town in England
which is chronically blocked by badly written obscenity filters.  It has has
two Wikipedia pages, one for the town, one for the filtering errors which
date from 1996:

https://en.wikipedia.org/wiki/Scunthorpe
https://en.wikipedia.org/wiki/Scunthorpe_problem

  [Similar comment from Craig S. Cottingham.  Of course, the S***thorpe
  problem cropped up in RISKS-15.13, RISKS-18.07, RISKS-18.08, RISKS-20.68,
  RISKS-26.89, RISKS-31.74, and RISKS-32.54.  PGN]

------------------------------

Date: Thu, 25 Nov 2021 14:38:42 +0000
From: "Martin Ward" <mar...@gkc.org.uk>
Subject: Re: Scammers impersonate guest editors to get sham papers published
 (RISKS-32.93)

A related article ("Predatory publishers’ latest scam: bootlegged and
rebranded papers") suggests: "Instead of repeatedly severing heads for new
ones to regrow, policy that combats predatory publishing should focus on
starving the Hydra of resources."

An article published in "Nature" cannot, of course, suggest the simplest and
most effective solution to the problem: completely starve the Hydra by
taking money out of the article publishing enterprise altogether.  Authors
and reviewers already provide their work for free: this is then "monetized"
by predatory journals, such as Nature, who charge exorbitant amounts for
copies of papers and make substantial profits out of other people's work
without adding any value. (For example, one of the referenced papers listed
in this paper is available as a downloadable PDF for a mere £29.95 including
VAT).

Make all journals free to access and free to publish in, and take the
pressure off academics to continually publish ("publish or perish").  The
costs of providing access can be met via small charitable foundations
supported by donations from University libraries.  The libraries can easily
afford these donations since they will no longer have to pay exorbitant
subscription fees to journals.  The rest of the money that they save can go
to fund more research, instead of publisher's profits.

With money taken out of the equation, the main incentive to produce sham
papers and sham publications disappears.

Until then, we will have the "legitimate" publishers wringing their hands
and complaining about all these "predatory" publishers.  They sound to me
like so many "legitimate" protection racketeers complaining about all the
"predatory" protection racketeers that keep cropping up on their turf!

------------------------------

Date: Mon, 29 Nov 2021 09:19:48 +0100
From: "Diego.Latella" <diego.late...@isti.cnr.it>
Subject: CISA Should Assess the Effectiveness of its Actions to Support
 the Communications Sector (GAO Critical Infrastructure Protection)

https://www.gao.gov/products/gao-22-104462?utm_campaign=usgao_email&utm_content=topic_homelandsecurity&utm_medium=email&utm_source=govdelivery

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: risks-requ...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.94
************************

Reply via email to