Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Good news from afar can bring you a welcome visitor.

comp / comp.risks / Risks Digest 33.40

SubjectAuthor
o Risks Digest 33.40RISKS List Owner

1
Subject: Risks Digest 33.40
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Sat, 20 Aug 2022 23:43 UTC
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!panix!.POSTED.panix2.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.40
Date: 20 Aug 2022 23:43:46 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 683
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1661038610.risko@chiron.csl.sri.com16134>
Injection-Info: reader2.panix.com; posting-host="panix2.panix.com:166.84.1.2";
logging-data="4964"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Saturday 20 August 2022 Volume 33 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.40>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Voters in the UK Cast Ballots Online, in Test for Internet Voting (WSJ)
Plane fails to descend as pilots reportedly fell asleep during flight (CNN)
Apple AirTag leads to arrest of airline worker accused of stealing at least
$15,000 worth of items from luggage (NBC)
'Hackers Against Conspiracies': Cybersleuths Take Aim at Election
Disinformation (Maggie Miller)
Software dev cracks Hyundai encryption with Google Search (The Register)
Cryptoverse: Blockchain bridges fall into troubled waters (Reuters)
On the Dangers of Cryptocurrencies and the Uselessness of Blockchain
(CRYPTO-GRAM)
Starbucks NFTs, Reddit karma points on the blockchain, Saylor fired,
Telegram ICO slight return. (David Gerard)
Track carbon offsets with blockchain? (Rob Slade)
Deepfakes Expose Vulnerabilities in Facial Recognition Technology (PSU)
Email marketing firm hacked to steal crypto-focused mailing lists
(Bleeping Computer)
Pirates Infielder Suspended for Taking Cellphone Onto Basepaths (NYTimes)
You can now tweet as you climb Mount Kilimanjaro thanks to new Wi-Fi network
(NBC News)
Massachusetts Registry of Motor Vehicles Cautions Customers to be Aware of
Unofficial Third-Party Websites and Text/Phishing Scams (Monty Solomon)
How a Third-Party SMS Service Was Used to Take Over Signal Accounts (Vice)
Posing as Contractors, Nigerians Scammed Project Owners for Nearly $6M, FBI
Says (Engineering News-Record)
Just 1 of 25 Apps That Track Reproductive Health Protect Users' Data
(Shirin Ali)
FTC sued by firm allegedly selling sensitive data on abortion clinic visits
(Ars Technica)
An Explosive New Report Could Upend More than a Decade of Alzheimer's
Research. How Did This Happen (Mother Jones)
Dozens of Facebook contractors lost their jobs after an algorithm reportedly
chose them 'at random' (Engadget)
Microsoft Employees Exposed Own Company's Internal Logins (Vice)
#DEFCON: How US Teen Rickrolled His High School District
(Infosecurity Magazine)
Apple Warns of Security Flaw for iPhones, iPads, Macs (AP)
Apple security updates fix 2 zero-days used to hack iPhones, Macs
(Bleeping Computer)
A Janet Jackson Song Could Crash Windows XP Laptops (Michael Kan)
Made-Up Words Trick AI Text-to-Image Generators (Discover)
Re: Meta finds new way of tracking users across websites (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 20 Aug 2022 08:28:27 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Voters in the UK Cast Ballots Online, in Test for Internet Voting
(WSJ)

In the prime-minister race, Conservative Party wants to make voting more
convenient for its 160,000 eligible members; no U.S. state permits universal
online voting.

Members of the UK's ruling Conservative Party who are voting to decide the
country's next prime minister are for the first time casting ballots online
in a leadership election, a rarity among democracies wary of Internet voting
because of cybersecurity concerns

Over a several-week period, the party is offering Internet voting alongside
voting by mail, in part to provide greater convenience during August weeks
when Britons take vacation and to avoid disruptions by striking postal
workers. The results are to be announced Sept. 5.

The Conservatives are sending qualifying members a ballot pack in the mail
that will include a paper ballot to be returned by mail and information and
security codes for voting online. ``We recommend online voting where
possible,'' the party states on its website.

The party sought guidance from Britain's National Cyber Security Centre, or
NCSC, and a Tory spokesman said the party was confident the leadership
election would be secure. ``We have consulted with the NCSC throughout this
process,'' the spokesman said.

Election security analysts fear the system is vulnerable to interference by
hackers.

``We do not have the technology to conduct voting securely online and so it
should not be deployed for high-stakes elections. And I count this as
rather high stakes,'' said Peter Ryan, a professor of applied security at
the University of Luxembourg. [...]

https://www.wsj.com/articles/voters-in-u-k-cast-ballots-online-in-test-for-internet-voting-11660993200

[I expect there will be some attempts to hack into the Conservative Party
leadership election. If the software allows write-in votes, the Duke of
Windsor (Edward VIII), Winston Churchill, and Princess Diana would seem to
be particularly likely choices, along with some well-known still-active
athletes -- e.g., David Beckham (soccer) and James Anderson (cricket), and
a few leading liberals. Perhaps the Russians will re-use their skills
that evidently influenced the Brexit election. We'll have only just a few
more weeks to find out. PGN]

------------------------------

Date: Fri, 19 Aug 2022 19:28:22 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Plane fails to descend as pilots reportedly fell asleep during
flight (CNN)

Two pilots are believed to have fallen asleep and missed their landing
during a flight from Sudan to Ethiopia on Monday, according to a report by
commercial aviation news site Aviation Herald.
<http://avherald.com/h?article=4fd127fe>

The incident took place on board an Ethiopian Airlines Boeing 737-800 en
route from Khartoum to Addis Ababa, the report said, "when the pilots fell
asleep" and "the aircraft continued past the top of descent." Data obtained
by the website indicates that the aircraft was cruising at 37,000 feet on
autopilot when it failed to descend at Addis Ababa Bole International
Airport, its scheduled destination, on August 15. Air traffic control were
apparently unable to reach the crew despite making several attempts at
contact. However, an alarm was triggered when the plane overshot the runway
and continued along the route. The aircraft subsequently began to descend,
landing safely around 25 minutes later.

Automatic Dependent Surveillance-Broadcast (ADS-B) data shows the aircraft
overflying the runway, before beginning its descent and maneuvering for
another approach. [...]

http://www.cnn.com/travel/article/pilots-reported-to-fall-asleep-ethiopian-airlines/index.html

------------------------------

Date: Sat, 20 Aug 2022 10:56:46 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Apple AirTag leads to arrest of airline worker accused of stealing
at least $15,000 worth of items from luggage (NBC)

Elisha Fieldstadt, NBC News, Aug. 17, 2022, 12:12 PM MDT

An Apple AirTag led to the arrest of an airline subcontractor accused of
stealing thousands of dollars' worth of items from luggage at a Florida
airport.

Giovanni De Luca, 19, was charged with two counts of grand theft after
authorities recovered the stolen items from his home, the Okaloosa County
Sheriff’s Office said in a news release last week.

Authorities said a traveler reported last month that her luggage never
made it to her destination. The items inside were worth about $1,600. She
said an Apple AirTag, a tracking device that triggers alerts on iPhones,
iPads and Apple computers, had been in her luggage and showed that it was
on Kathy Court in Mary Esther, about 50 miles east of Pensacola.

https://www.nbcnews.com/news/us-news/airtag-leads-arrest-airline-worker-accused-stealing-least-15000-items-rcna43547

------------------------------

Date: Fri, 19 Aug 2022 12:03:58 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: 'Hackers Against Conspiracies': Cybersleuths Take Aim at Election
Disinformation (Maggie Miller)

Maggie Miller, *Politicom* 15 Aug 2022,
via ACM TechNews, Friday, August 19, 2022

The annual DEF CON hacking conference's "Voting Machine Village," has been a
feature since 2017, with attendees attempting to break into registration
databases, ballot-casting machines, and other voting equipment to identify
vulnerabilities. However, in the wake of the 2020 U.S. presidential election
and the resulting false claims of election fraud, the focus of this year's
event was how to detect vulnerabilities without fueling election
misinformation. Said Harri Hursti, co-founder of the Voting Machine
Village, "All the security improvements [have been] hampered by all the
false claims, conspiracies--and fighting those." Hursti noted that clips
from DEF CON were used in the media after the election to cast doubt on
election security. This year's Voting Village featured officials from
Maricopa County, AZ, among others, who discussed ongoing, though debunked,
conspiracy theories. Hursti explained, "What we try to do is to make certain
that the right message gets out."


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor