RISKS-LIST: Risks-Forum Digest Wednesday 9 November 2022 Volume 33 : Issue 51
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.51> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Ground Truth vs Ground-up Truth (PGN) What U.S. Democracy Can Learn from Brazil (Jack Nicas) Voting-system firms battle right-wing rage against the machines (Reuters) How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes) Blood oxygen monitors face scrutiny from FDA panel (The Verge) Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz) The Hunt for the Dark Web's Biggest Kingpin (WiReD) Why the FBI Is So Far Behind on Cybercrime (NYTimes) Ransomware attacks on hospitals take toll on patients (NBC News) iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Krausefx) The Most Vulnerable Place on the Internet (WiReD) Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls (U.Waterloo) Engineers ready innovative robotic servicing of geosynchronous satellites payload for launch (phys.org) Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces cybersecurity incident (CBC) Signal Says It Will Exit India Rather Than Compromise Its Encryption (Techdirt) Scientists Increasingly Can't Explain How AI Works (Vice) Billions Spent in Metaverse 'Land' Grab (BBC) Same New York lottery numbers drawn twice in one day (NYPost) Powerball winning numbers live drawing delayed for $1.9 billion jackpot due to 'security protocol issue' (ABC) There's a good chance Meta has your contact info. Here's how to delete it. (Mashable) Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC) 'How much press are you worth?' New calculator tackles inequality in missing persons stories (msnbc.com) Federal government advised to pause Twitter ads after mass layoffs at company (CBC News) Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year (Gizmodo) Wireless meat thermometer: What could go wrong? (SharperImage via Gabe) Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD) Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes) AI code assistants may not spawn as many bugs as feared (NYTimes) The Rise of Rust, the Virus-Secure Programming Language That's Taking Over Tech (WiReD) The Strange Death of the Uyghur Internet (WiReD) Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown (WiReD) Jeppesen Cyber-Incident Affects Services (AVweb) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 9 Nov 2022 10:40:50 PST From: Peter Neumann <neum...@csl.sri.com> Subject: Ground Truth vs Ground-up Truth It's time for a little levity after months of ugly campaign disinformation and gigantic fund-raising efforts in the U.S. I offer this limerick, and beg your indulgence. Relections on the U.S. Midterm Election Campaigns Peter G. Neumann (a.k.a. Lim[b]erRick), Election Day, 8 November 2022 There once was a notion of "ground truth", Which the DNA linked up with "found tooth". But old farts with no heart Took the ground truth apart, While leaving the future to "frowned youth". [Your choice of alternatives in the last line: crowned, gowned, sound, bound, towned, ... I liked "frowned" <upon>] old fart: Tribal elder. A title self-assumed with remarkable frequency ... This is a term of insult in the second or third person, but one of pride in first person. "Ground Truth" is becoming like Ground-up Meat -- You have no idea what it entails (or entrails?). Are the contents just FAKE NEWS? or REALLY-FAKE NEWS? An earlier draft version of my doggerel had the last line as: "Forsooth" took the meaning of "found truth". forsooth [WordNet] adv 1: an archaic word originally meaning *in truth* but now usually used to express *disbelief* [emphasis mine] forsooth formerly used as An expression of deference or respect, especially to woman; now used ironically or contemptuously. [1913 Webster] Our old English word "forsooth" has been changed for the French madam. -- Guardian. [1913 Webster] Dad-to-Kid-joke: Diner: Waiter, This coffee tastes like mud. Waiter: It should. It was *GROUND* this morning. ------------------------------ Date: Mon, 7 Nov 2022 9:16:00 PST From: Peter Neumann <neum...@csl.sri.com> Subject: What U.S. Democracy Can Learn from Brazil (Jack Nicas) Jack Nicas, *The New York Times*, 6 Nov 2022 https://www.nytimes.com/2022/11/05/world/americas/brazil-election-us-democracy.html Given that there are no computer systems that cannot be hacked through unsecure hardware, software, and apps, *and* the reality that the federal government cannot control state elections -- which the existing Supreme Court would pretty much guarantee -- there are no realistic solutions. The research community understands some of the machine-related issues, but (not surprisingly) ignores most of the total-system issues -- which include insider misuse, clever disenfranchisement, and devastating effects of pervasive disinformation. The commercial vendors for the most part don't care, although Dominion's defense and monster defensive lawsuits (a recent 60 Minutes interviewed the head of Dominion) seem to make a case that they were brutally trashed by false attacks for which they are seeking BILLIONS of dollars in damages. ------------------------------ Date: Sun, 6 Nov 2022 15:12:01 PST From: Peter Neumann <neum...@csl.sri.com> Subject: Voting-system firms battle right-wing rage against the machines (Reuters) https://www.reuters.com/world/us/voting-system-firms-battle-right-wing-rage-against-machines-2022-11-06/ ------------------------------ Date: Sun, 6 Nov 2022 10:50:45 -0500 From: Monty Solomon <mo...@roscom.com> Subject: How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes) https://www.nytimes.com/interactive/2022/11/05/us/politics/pelosi-attack-misinfo-republican-politicians.html ------------------------------ Date: Thu, 3 Nov 2022 19:53:44 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Blood oxygen monitors face scrutiny from FDA panel (The Verge) https://www.theverge.com/2022/11/3/23438808/blood-oxygen-monitor-fda-bias-regulation ------------------------------ Date: Sat, 5 Nov 2022 19:36:10 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz) With Medicare's open enrollment underway, health experts are warning older adults about an uptick in misleading marketing tactics that might lead some to sign up for Medicare Advantage plans that don't cover their doctors or prescriptions and drive up their out-of-pocket costs https://www.washingtonpost.com/politics/medicare-enrollees-warned-about-deceptive-marketing-schemes/2022/11/05/d54ffa70-5cbf-11ed-bc40-b5a130f95ee7_story.html ------------------------------ Date: Fri, 4 Nov 2022 10:24:46 -0400 From: Monty Solomon <mo...@roscom.com> Subject: The Hunt for the Dark Web's Biggest Kingpin (WiReD) The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow '' The notorious Alpha02 oversaw millions of dollars a day in online narcotic sales. For cybercrime detectives, he was public enemy number oneâand a total mystery. https://www.wired.com/story/alphabay-series-part-1-the-shadow/ The Hunt for the Dark Webâs Biggest Kingpin, Part 2: Pimp_alex_91 On the trail of AlphaBay's mastermind, a tip leads detectives to a suspect in Bangkok -- and to the daunting task of tracing his millions in cryptocurrency. https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/ ------------------------------ Date: Sun, 6 Nov 2022 19:39:01 -0700 From: Matthew Kruk <mkr...@gmail.com> Subject: Why the FBI Is So Far Behind on Cybercrime (NYTimes) https://www.nytimes.com/2022/11/06/opinion/ransomware-fbi.html There are many factors behind the stunning rise of ransomware. Our reporting found that one of the most important is the Federal Bureau of Investigation's outmoded approach to computer crime targeting people and institutions in the United States. State and local police generally can't handle a sophisticated international crime that locks victims' data remotely -- from patients' medical histories and corporate trade secrets to police evidence and students' performance records -- and demands payment for a key. Many police departments have themselves been hamstrung by ransomware attacks. Federal investigators, especially the FBI, are responsible for containing the threat. They need to do better. When ransomware gained traction a decade ago, individual attackers were hitting up home users for a few hundred dollars. In 2015, as the crime was evolving into something more, the bureau still dismissed ransomware as an ankle-biter. That year, about a dozen frustrated Cyber Division agents warned James Comey, who was then the director of the F.B.I., that institutional lack of respect for their skills was spurring their departures. Now well-organized gangs, with hierarchies mirroring those of traditional businesses, are paralyzing the computer networks of high-profile targets and demanding millions of dollars in ransom. ------------------------------ Date: Tue, 8 Nov 2022 10:21:30 -0500 From: Monty Solomon <mo...@roscom.com> Subject: Ransomware attacks on hospitals take toll on patients (NBC News) https://www.nbcnews.com/tech/security/ransomware-attacks-hospitals-take-toll-patients-rcna54090 ------------------------------ Date: Wed, 9 Nov 2022 09:35:28 -0500 From: Monty Solomon <mo...@roscom.com> Subject: iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Krausefx) https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser ------------------------------ Date: Fri, 4 Nov 2022 09:45:43 -0400 From: Monty Solomon <mo...@roscom.com> Subject: The Most Vulnerable Place on the Internet (WiReD) Underwater cables keep the internet online. When they congregate in one place, things get tricky https://www.wired.com/story/submarine-internet-cables-egypt/ ------------------------------ Date: Fri, 4 Nov 2022 12:47:51 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls (U.Waterloo)a University of Waterloo (Canada), 13 Nov 2022, via ACM TechNews; 4 Nov 2022 A drone-powered device developed by researchers at Canada's University of Waterloo can see through walls by accessing Wi-Fi networks. The Wi-Peep device can fly close to a building and identify all Wi-Fi-enabled devices inside using the building's Wi-Fi network by taking advantage of the "polite Wi-Fi" loophole, in which smart devices automatically respond to contact attempts from any device within range. Comprised of a store-bought drone and $20 of hardware, Wi-Peep can pinpoint the location of a device within one meter by measuring response times to the messages it sends to devices while in flight. Said Waterloo's Ali Abedi, "We need to fix the Polite Wi-Fi loophole so that our devices do not respond to strangers. We hope our work will inform the design of next-generation protocols." [... and will greatly enhance the accuracy of drone bombers?] ------------------------------ Date: Thu, 10 Nov 2022 00:37:42 +0000 From: Richard Marlon Stein <rmst...@protonmail.com> Subject: Engineers ready innovative robotic servicing of geosynchronous satellites payload for launch (phys.org) https://phys.org/news/2022-11-ready-robotic-geosynchronous-satellites-payload.html "Ace Satellite Repair Co's" first gig was in April, 1984 -- the "Solar Max" satellite needed a tune up. The Solar Max was in low earth orbit (~200 km), close enough for the Space Shuttle Challenger to capture. Intrepid space-walkers swapped out and replaced a circuit board or two. Geo-synchronous orbit, @ ~35K km, is where a lot of communications, weather, and other satellite payloads park and operate. No bus for a repair person to ride. Send a robot. DARPA funded "Robotic Servicing of Geosynchronous Satellites" program relies on a two-armed bot. A sophisticated robotic simulator and qualification mechanism, including environment chamber conditions, applied to boost mission objective achievement. Risks: Cosmic radiation, software defects, hardware failure ------------------------------ Date: Mon, 7 Nov 2022 13:11:40 -0700 From: Matthew Kruk <mkr...@gmail.com> Subject: Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces cybersecurity incident (CBC) https://www.cbc.ca/news/canada/nova-scotia/sobeys-safeway-maple-leaf-foods-cybersecurity-incident-1.6642937 Some stores across Canada owned by Empire Company Ltd., including Sobeys, Safeway and affiliated pharmacy services, continue to experience disruptions <http://cbc.ca/1.6642540> due to an information technology systems issue. Empire, which owns Sobeys, Lawtons, IGA, Safeway, Farm Boy, Foodland and FreshCo, among other brands, announced Monday an IT problem is preventing some of its pharmacies from filling prescriptions. ... Meanwhile, Maple Leaf Foods announced in a news release late Sunday night that a "cybersecurity incident" caused a system outage at the company. The company said it became aware of the issue over the weekend and immediately began working with cybersecurity and recovery experts, information systems professionals and third-party specialists to investigate the outage. ------------------------------ Date: Fri, 28 Oct 2022 21:05:02 +0900 From: David Farber <far...@keio.jp> Subject: Signal Says It Will Exit India Rather Than Compromise Its Encryption (Techdirt) https://www.techdirt.com/2022/10/26/signal-says-it-will-exit-india-rather-than-compromise-its-encryption/ ------------------------------ Date: Wed, 2 Nov 2022 08:07:31 -0700 From: geoff goodfellow <ge...@iconia.com> Subject: Scientists Increasingly Can't Explain How AI Works (Vice) AI researchers are warning developers to focus more on how and why a system produces certain results than the fact that the system can accurately and rapidly produce them. What's your favorite ice cream flavor? You might say vanilla or chocolate, and if I asked why, you'd probably say it's because it tastes good. But why does it taste good, and why do you still want to try other flavors sometimes? Rarely do we ever question the basic decisions we make in our everyday lives, but if we did, we might realize that we can't pinpoint the exact reasons for our preferences, emotions, and desires at any given moment. There's a similar problem in artificial intelligence: The people who develop AI are increasingly having problems explaining how it works and determining why it has the outputs it has. Deep neural networks (DNN) -- made up of layers and layers of processing systems trained on human-created data to mimic the neural networks of our brains -- often seem to mirror not just human intelligence but also human inexplicability. Most AI systems are black box models, which are systems that are viewed only in terms of their inputs and outputs. Scientists do not attempt to decipher the black box, or the opaque processes that the = system undertakes, as long as they receive the outputs they are looking for. For example, if I gave a black box AI model data about every single ice cream flavor, and demographic data about economic, social, and lifestyle factors for millions of people, it could probably guess what your favorite ice cream flavor is or where your favorite ice cream store is, even if it wasn't programmed with that intention. These types of AI systems notoriously have issues because the data they are trained on are often inherently biased, mimicking the racial and gender biases that exist within our society. The haphazard deployment of them leads to situations where, to use just one example, Black people are disproportionately misidentified by facial recognition technology. It becomes difficult to fix these systems in part because their developers often cannot fully explain how they work, which makes accountability difficult. As AI systems become more complex and humans become less able to understand them, AI experts and researchers are warning developers to take a step back and focus more on how and why a system produces certain results than the fact that the system can accurately and rapidly produce them. [...] <https://www.vice.com/en/article/n7jwx7/even-the-government-admits-facial-recognition-is-racially-biased> https://www.vice.com/en/article/y3pezm/scientists-increasingly-cant-explain-how-ai-works ------------------------------ Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST) From: ACM TechNews <technews-edi...@acm.org> Subject: Billions Spent in Metaverse 'Land' Grab (BBC) Joe Tidy, BBC News, 3 Nov 2022, via ACM TechNews, 7 Nov 2022 Research by DappRadar indicates that over the past year, people and companies have spent $1.93 billion in cryptocurrency to purchase virtual "real estate" in the metaverse. In Decentraland, parcels of "land" can sell for millions of dollars, and are being bought by companies like Samsung, UPS, and Sotheby's to build virtual shops. Adidas, Atari, Ubisoft, Binance, Warner Music, and Gucci have purchased virtual property in Sandbox, while Gucci also has created a town in Roblox. Said Amber Jae Slooten of *The Fabricant*, a digital design house, "There will be for sure a mass market in this because if you think about the younger generation, they already play games. For them there's no distinction between virtual and real. But it still needs to be built." [No distinction? Wow! That is scary, especially when it comes to voting and living in the real world (whatever that may be). PGN] ------------------------------ Date: Thu, 3 Nov 2022 13:50:00 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Same New York lottery numbers drawn twice in one day (NYPost) https://nypost.com/2022/10/28/1-in-331-billion-chance-same-new-york-lottery-numbers-drawn-twice-in-one-day/ ------------------------------ Date: Mon, 7 Nov 2022 23:34:00 -0500 From: Monty Solomon <mo...@roscom.com> Subject: Powerball winning numbers live drawing delayed for $1.9 billion jackpot due to 'security protocol issue' (ABC) https://abc7ny.com/1-9-billion-lottery-powerball-jackpot-today-how-big-is-the-drawing-time/12426091/ ALSO: Powerball: Winning numbers for the record $1.9 billion jackpot have yet to be announced after drawing was delayed https://www.cnn.com/2022/11/08/us/powerball-lottery-record-delayed-drawing-tuesday-trnd/index.html ------------------------------ Date: Tue, 1 Nov 2022 20:43:57 -0400 From: Monty Solomon <mo...@roscom.com> Subject: There's a good chance Meta has your contact info. Here's how to delete it. (Mashable) https://mashable.com/article/facebook-how-to-delete-contact-info-meta ------------------------------ Date: Mon, 7 Nov 2022 12:25:35 -0500 (EST) From: ACM TechNews <technews-edi...@acm.org> Subject: Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC) Ryan Browne, CNBC News, 04 Nov 2022, via ACM TechNews, 7 Nov 2022 ACM A.M. Turing Award recipient Tim Berners-Lee, credited with inventing the World Wide Web, considers Web3 nonviable for building the next iteration of the Internet. At the Web Summit in Lisbon, Portugal, Berners-Lee called Web3 a vague term to describe a theoretical Internet that is more decentralized than the current Web, incorporating technologies like blockchain, cryptocurrencies, and nonfungible tokens. Berners-Lee described blockchain protocols as "too slow, too expensive, and too public." He said people frequently confuse Web3 with his Web 3.0 framework for reconfiguring the Internet. His new Inrupt startup intends to allow users to control their own data via a global single sign-on feature for universal logins, login IDs that let users exchange data, and a "common universal application programming interface." [Don't forget the putting all-of-your-eggs-in-one-basket risks of single sign-on, e.g., RISKS-32.93, -33.11. PGN] ------------------------------ Date: Fri, 04 Nov 2022 02:07:09 +0000 From: Richard Marlon Stein <rmst...@protonmail.com> Subject: 'How much press are you worth?' New calculator tackles inequality in missing persons stories (msnbc.com) https://www.nbcnews.com/news/us-news/-much-press-are-new-calculator-tackles-inequality-missing-persons-stor-rcna55517 If you went missing, how much press would you be 'worth'? *The Columbia Journalism Review( unveiled a tool that calculates the number of stories your disappearance would net, based on demographics. https://areyoupressworthy.com/ calculates news coverage based on select rules. Each missing person's report is a potential crime with a tragic outcome. Somewhat greater likelihood that extensive coverage will lead to discovery, and eventual happy ending. Turns out that "missing white person syndrome" generates more headlines than non-white minority disappearances. Not hard to imagine an AI applying this tool to determine whether or not to compose a news chyron, or invoke GPT-3 to (not) cook a story, based on computed merit. Risk: Algorithm-driven news headlines ------------------------------ Date: Sun, 6 Nov 2022 16:20:15 -0700 From: Matthew Kruk <mkr...@gmail.com> Subject: Federal government advised to pause Twitter ads after mass layoffs at company (CBC News) A media and marketing agency that is responsible for buying and planning much of the government's advertising has advised federal departments to pause activity on Twitter, citing mass layoffs at the company. Cossette, which is the government's "media agency of record," issued guidance Friday to "pause activity immediately and monitor the situation over the weekend" due to "unknown continuity plans for moderation" and a "heightened risk of brand safety," according to an internal document seen by CBC News. https://www.cbc.ca/news/politics/cossette-agency-government-ads-twitter-layoffs-1.6642527 ------------------------------ Date: Tue, 1 Nov 2022 20:40:59 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year (Gizmodo) https://gizmodo.com/crypto-1849727577 ------------------------------ Date: Wed, 2 Nov 2022 17:03:26 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Wireless meat thermometer: What could go wrong? Wireless meat thermometer -- use in oven or on barbecue, charges via USB. $100. https://www.sharperimage.com/view/product/Wireless+Meat+Thermometer/206969 Electronics survive repeated baking/grilling/washing? USB plug smeared with sauce/gravy? [Worse yet, Made in China or Russia, broadcasting kitchen conversations, and compromising your Internet of Things devices? See the Thunderclap paper: https://www.ndss-symposium.org/ndss-paper/thunderclap-exploring-vulnerabilities-in-operating-system-iommu-protection-via-dma-from-untrustworthy-peripherals/ PGN] ------------------------------ Date: Wed, 2 Nov 2022 23:47:58 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD) Certain Pantone collections now require users to pay $15 a month to access them -- with colors turned black unless you pay up. Since the 1950s, the company Pantone has helped designers match the colors they see onscreen to what they see in the real world. This color standardization process means that, for example, a poster made in Adobe InDesign looks exactly the same when it's printed out as a giant billboard. And it worked just fineâuntil last week, when everything went dark. Scores of Photoshop and Illustrator users who have used certain Pantone color collections in their works have recently been confronted with the fallout of a disagreement between Adobe and Pantone. The result? Where once there were vibrant hues there is now only the color black. The change is the latest twist in a long-running dispute between the design software giant and the color-standard-setting organization. In December 2021, Adobe announced it would be removing Pantone colors from its app. Why that happened was never certain; rumors spread that it was over the cost of including Pantone in Adobe software, while Pantone publicly said that it felt Adobe wasnât keeping pace with the plethora of new colors it released. Adobeâs chief product officer, Scott Belsky, has tweeted that Pantone asked Adobe to remove the colors, âas they want to charge customers directly.â https://www.wired.com/story/adobe-pantone-color-subscription-fee [Transomware? PGN] ------------------------------ Date: Thu, 3 Nov 2022 23:36:44 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes) Cybersecurity experts warn that threats lurk in cheat codes, microtransactions and messages from fellow players. Millions of people escaped the drudgery of the Covid-19 pandemic's first year by turning to video games, where they could cast spells, kill zombies and compete as their favorite athletes. These virtual worlds also lured in a different kind of enthusiast -- the kind who sought to steal people' personal information and real-world dollars. In recent months, cybersecurity firms have warned that cybercrime in gaming has increased substantially since the start of the pandemic, and that the vulnerabilities -- for game studios as well as players --are far from being vanquished. https://www.nytimes.com/2022/10/13/technology/gamers-malware-minecraft-roblox.html ------------------------------ Date: Thu, 3 Nov 2022 23:44:15 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: AI code assistants may not spawn as many bugs as feared (NYTimes) They can't be any worse than some human developers Machine-learning models that power next-gen code-completion tools like GitHub Copilot can help software developers write more functional code, without making it less secure. That's the tentative result of an albeit small 58-person survey conducted by a group of New York University computer scientists. https://www.theregister.com/2022/10/07/machine_learning_code_assistance ------------------------------ Date: Sat, 5 Nov 2022 00:27:16 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: The Rise of Rust, the Virus-Secure Programming Language That's Taking Over Tech (WiReD) Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough. https://www.wired.com/story/rust-secure-programming-language-memory-safe [Just don't believe that all Rust-generated code is secure! PGN] ------------------------------ Date: Sat, 5 Nov 2022 19:04:23 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: The Strange Death of the Uyghur Internet (WiReD) China's Muslim minority used to have its own budding cluster of websites, forums, and social media. Now thatâs been erased. https://www.wired.com/story/uyghur-internet-erased-china ------------------------------ Date: Sat, 5 Nov 2022 19:15:01 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown (WiReD) A new report finds that municipal agencies in Washington deploy dozens of automated decision systems, often without residents' knowledge. Washington, DC, is the home base of the most powerful government on earth. It's also home to 690,000 peopleâand 29 obscure algorithms that shape their lives. City agencies use automation to screen housing applicants, predict criminal recidivism, identify food assistance fraud, determine if a high schooler is likely to drop out, inform sentencing decisions for young people, and many other things. [...] The findings are notable beyond DC because they add to the evidence that many cities have quietly put bureaucratic algorithms to work across their departments, where they can contribute to decisions that affect citizensâ lives. [...] EPIC says governments can help citizens understand their use of algorithms by requiring disclosure anytime a system makes an important decision about a personâs life. And some elected officials have favored the idea of requiring public registries of automated decisionmaking systems used by governments. Last month, lawmakers in Pennsylvania, where a screening algorithm had accused low-income parents of neglect, proposed an algorithm registry law. [...] Winters says algorithm registries can work, if rules or laws are in place to require government departments take them seriously. ``It's great format, but it's extremely incomplete.'' https://www.wired.com/story/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown [Oh no, algorithms! OBSCURE algorithms! BUREAUCRATIC ones! As opposed to ... obscure and bureaucratic government employees. Gabe] ------------------------------ Date: Tue, 8 Nov 2022 16:00:17 -0500 From: Gabe Goldberg <g...@gabegold.com> Subject: Jeppesen Cyber-Incident Affects Services (AVweb) Jeppesen says it has addressed some issues caused by a cyber-incident, and is still working on other services. The disruption also affected ForeFlight's NOTAM service but that was fixed Sunday. ForeFlight's NOTAM services have been fully restored; all new and updated NOTAMs are now being processed and displayed in ForeFlight Mobile and ForeFlight Web. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.51 ************************