Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #186: permission denied

comp / comp.risks / Risks Digest 33.18

SubjectAuthor
o Risks Digest 33.18RISKS List Owner

1
Subject: Risks Digest 33.18
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Fri, 29 Apr 2022 22:09 UTC
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!panix!.POSTED.panix2.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.18
Date: 29 Apr 2022 22:09:42 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 467
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1651269779.risko@chiron.csl.sri.com21544>
Injection-Info: reader1.panix.com; posting-host="panix2.panix.com:166.84.1.2";
logging-data="23043"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Friday 29 April 2022 Volume 33 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.18>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
How Software Saved a Stealth Fighter Jet -- and Its Pilot -- from Crashing
in Alaska (PopSci)
Older Honda and Acura models hit by Y2K+22 bug that resets clocks 20 years
in the past (The Verge)
The risks of attacks that involve poisoning training data for
machine-learning models (techxplore.com)
Power Use Reveals Harmful Chips Hidden on Circuit Boards (New Scientist)
Chip Startups Using Light Instead of Wires Gain Speed, Investments (Reuters)
NextDoor report on "Amazon Fresh store Just Walk Out" (Gabe Goldberg)
CNN+ giving full refund, notices of this are going to spam in Gmail
(Lauren Weinstein)
An Old-Fashioned Economic Tool Can Tame Pricing Algorithms (SciAm)
Bitcoin Is Unlikely to Go Green (Peter Coy)
Must Watch Video: Carl Sagan on Technology, Society, and Politics, 1996
Lauren Weinstein)
Random Twitter Chatter (PGN)
How to Break Twitter (Lauren Weinstein)
Gwyneth Paltrow, Mila Kunis are pushing women to invest in NFTs (WashPost)
US + 60 Partners Launch Declaration for the Future of the Internet
(The White House)
CoVID possibilities and risk management (Rob Slade)
Re: What Can Hackers Do With Stolen Source Code? (dmitri maziuk)
Re: Driverless Cars Can Be Tricked into Seeing Red Traffic Lights
(Martyn Thomas)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 20 Apr 2022 11:55:08 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: How Software Saved a Stealth Fighter Jet -- and Its Pilot --
from Crashing in Alaska (PopSci)

Rob Verger, *Popular Science*, 18 Apr 2022, via ACM TechNews, 20 Apr 2022

The U.S. Air Force Safety Center confirmed that the Automatic Ground
Collision Avoidance System (Auto GCAS), developed by Lockheed Martin, NASA,
and the U.S. Air Force Research Laboratory, saved the life of an F-22 pilot
flying in Alaska in June 2020. The pilot was operating the jet in Instrument
Meteorological Conditions and experienced spatial disorientation. When the
F-22 was at an altitude of 13,520 feet above sea level and traveling about
600 mph with its nose pointed downwards, the onboard Auto GCAS software
initiated an automatic fly-up, steering the plane out of its rapid
descent. The system finished the recovery process when the aircraft was
about 2,600 feet above ground.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e77dx2333f7x073609&

------------------------------

Date: Mon, 25 Apr 2022 12:53:13 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Older Honda and Acura models hit by Y2K+22 bug that resets
clocks 20 years in the past (The Verge)

The problem might not be fixed until August of this year.

https://www.theverge.com/2022/1/8/22873403/honda-acuras-y2k22-bug-clocks-reset-2002

Yup -- my 2007 Honda Accord forgot to change to DST this year and I can't
set clock to correct time. Planned obsolescence; they surely figure people
will replace cars when clock is wrong.

[Be grateful that if the car thinks it is 2002, then the engine might
not run if the car thinks it was not built for another five years. Just
sip a little YN2K (wine tokay) and everything will seem better. But not
YL driving. PGN]

------------------------------

Date: Tue, 26 Apr 2022 16:46:52 +0800
From: "Richard Stein" <rmstein@ieee.org>
Subject: The risks of attacks that involve poisoning training data for
machine-learning models (techxplore.com)

https://techxplore.com/news/2022-04-involve-poisoning-machine.html

"Researchers at Google, National University of Singapore, Yale-NUS College,
and Oregon State University have recently carried out a study evaluating the
risks of these type of attacks, which essentially entail 'poisoning' machine
learning models to reconstruct the sensitive information hidden within their
parameters or predictions. Their paper, pre-published on arXiv, highlights
the alarming nature of these attacks and their ability to bypass existing
cryptographic privacy tools."

------------------------------

Date: Wed, 20 Apr 2022 11:55:08 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Power Use Reveals Harmful Chips Hidden on Circuit Boards
(New Scientist)

Matthew Sparkes, *New Scientist*, 18 Apr 2022, via ACM TechNews, 20 Apr 2022

A circuit board's power consumption can reveal malicious tampering designed
to facilitate Trojan attacks to steal sensitive data or crash a device when
triggered. Huifeng Zhu and colleagues at Washington University created the
PDNPulse test to analyze a printed circuit board's power consumption in
order to identify tampering by comparing it to a device known to be secure.
PDNPulse looks for small variations in such a so-called "fingerprint" of
power consumption, based on measurement at several points. Using the test,
the researchers were able to detect Trojan modifications on various circuit
boards with perfect accuracy. While no firm evidence has been found to prove
a circuit board-based Trojan attack has actually happened, Theodore
Markettos at the UK's University of Cambridge said he believes in the
concept's feasibility.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e77dx233401x073609&

[NOTE: Huifeng Zhu is a PhD candidate with 14 publications.]

[Theo Markettos is the principal author of the Thunderclap paper. He
commented to me that he actually had not yet seen Xhu's paper, and as
quoted was referring to ASIC design in general, not PCB design. He wrote
me: "The paper, which seemingly hasn't been peer reviewed, highlights a
plausible threat in that malicious board fabrication can 'brown out'
selected parts of the circuit, and cause potentially exploitable
malfunctions. The paper does present interesting ways to analyze
anomalies in board fabrication. Theo" PGN]

------------------------------

Date: Wed, 27 Apr 2022 12:09:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Chip Startups Using Light Instead of Wires Gain Speed, Investments
(Reuters)

Jane Lanhee Lee, Reuters, 26 Apr 2022
via ACM TechNews, 27 Apr 2022

Momentum and capital are building for startups developing chips that process
data via light rather than wires. Ayar Labs, which is developing silicon
photonics technology that harnesses photons in chips, said it had raised
$130 million from investors, including chip behemoth Nvidia. Other startups
using silicon photonics to construct quantum computers, supercomputers, and
chips for driverless vehicles also are attracting major investment. "What
the Ayar Labs guys do so well...is they solved the data interconnect problem
for traditional high-performance [computing]," said Peter Barrett at venture
capital firm Playground Global. "But it's going to be a while before we have
pure digital photonic compute for non-quantum systems."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e829x2336afx073784&

[What about denial-of-service attacks? reliability? interference? PGN]

------------------------------

Date: Sun, 24 Apr 2022 00:54:34 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: NextDoor report on "Amazon Fresh store Just Walk Out"

Someone posted:

Amazon Fresh -- BEWARE "Just Walk Out" Went on Tuesday to check out the new
Amazon Fresh store in Fairfax and try out their "Just Walk Out". It is a
complete failure. It charged us for two packages of expensive steaks that we
picked up to look at and then put back. It also charged us for a box of
strawberries that we didn't touch and didn't catch a jar of olives that we
did get. Then expected a receipt emailed to us by the time we walked to our
car. Instead we didn't get an actual receipt until five hours later. So you
have *no* way to verify before you leave the parking lot that you got
charged accurately. Fortunately we got through on the phone to a very
helpful customer service person (800-250-0688) and got the incorrect charges
reversed. But why go through this hassle. If you try this new store just go
through the normal checkout line! 10440-10450 Fairfax Boulevard, Fairfax VA

[...plenty more gripes from others.]

[Amaz-off rather that Amaz-on? PGN]

------------------------------

Date: Thu, 28 Apr 2022 08:07:51 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: CNN+ giving full refund, notices of this are going to spam in Gmail

CNN+ is giving a full refund to original payment methods by May 28.
HOWEVER, Gmail appears to be sending the email explaining this to Spam
in many (or all) cases.

------------------------------


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor