Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #191: Just type 'mv * /dev/null'.

comp / comp.risks / Risks Digest 33.41

SubjectAuthor
o Risks Digest 33.41RISKS List Owner

1
Subject: Risks Digest 33.41
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Wed, 24 Aug 2022 00:20 UTC
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.41
Date: 24 Aug 2022 00:20:09 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 466
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1661300143.risko@chiron.csl.sri.com8246>
Injection-Info: reader2.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="11510"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Tuesday 23 August 2022 Volume 33 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.41>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Peiter "Mudge" Zatko's journey from hacker to Twitter whistleblower
(WashPost with PGN comments)
FBI Warns of Zeppelin Ransomware Attacks Targeting Bay Area Companies
(SFStandard)
How Secret Tesla Crash Data Might Make the Roads Safer (Cade Metz)
Google Search Is Quietly Damaging Democracy (WiReD)
How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps
(Google)
'Anti-Reflective' Coating Allows Wi-Fi Through Walls (Tech Radar)
HBO Max Crashes for Thousands in the Minutes After *House of the Dragon*
Premieres (WSJ)
A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as
a Criminal. (The New York Times)
Working from home has fueled a rise in porn addicts (Daily Mail)
AI Model Can Detect Parkinson's From Breathing Patterns (Slashdot)
Re: AI Model Can Detect Parkinson's From Breathing Patterns (Slashdot)
Startup uses AI to transform call center workers' accents into "white voice"
(BoingBoing)
Hackers Used Deepfake of Binance CCO to Perform Exchange Listing Scams
(Bitcoin.com)
Unix legend, who owes us nothing, keeps fixing foundational AWK code
(Ars Technica)
Software dev cracks Hyundai encryption with Google Search (The Register)
Re: Software dev cracks Hynudai encryption with Google Search (Steve Bacher)
MS-DEFCON 3: Issues with bootloader patches @AskWoody (Susan Bradley)
How 40,000 people used a Lockport woman's SSN: 078-05-1120. (Gabe Goldberg)
Re: How 40,000 people used a Lockport woman's SSN (Li Gong)
Re: Voters in the UK Cast Ballots Online, in Test for Internet Voting,
(Alan Ralph)
Re: An Explosive New Report ... Alzheimer's (Peter Bernard Ladkin)
Re: A Janet Jackson Song Could Crash Windows XP Laptops (Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 23 Aug 2022 11:30:14 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Peiter "Mudge" Zatko's journey from hacker to Twitter whistleblower

https://www.washingtonpost.com/technology/2022/08/23/peiter-mudge-zatko-twitter-whistleblower/
Full text of (redacted) whistleblower disclosure re Twitter (84 pages)
https://s3.documentcloud.org/documents/22186683/twitter-whistleblower-disclosure.pdf [From Lauren Weinstein]

[This item deserves some discussion here. Mudge and his L0pht folks
testified for the U.S. Senate Government Affairs Committee (as did
I just before them) on 19 May 1998 in a hearing about how everything
relating to computer and network security was badly broken.
There is a youtube of the L0pht testimony and subsequent discussion,
running 59 minutes: https://www.youtube.com/watch?v=VVJldn_MmMY
The L0pht were remarkably insightful pro-bono whistleblowers even then.
The Russian state-sponsored hacker groups are now doing exactly what
was being discussed 24 years ago in the oral testimony at about 28
minutes into the hour. Senator Fred Thompson asked whether they could
actually make the Internet unusable in less than 30 minutes, and
the answer was that one of them could indeed do that with just a few
inserted packets. Another Senator (Lieberman?) returns to that around
49 minutes in. The L0pht written testimony is also on line:
https://nsarchive.gwu.edu/briefing-book/cyber-vault/2019-01-09/cybersecuritcy-when-hackers-went-hill-revisiting-l0pht-hearings-1998
Space-Rogue noted to me that a transcript of the original testimony is here:
https://www.spacerogue.net/wordpress/?p=602
However, much of what is fascinating here are the Senators' responses. All
of this is worth reviewing today, primarily illustrating how little
fundamental work has been done since then. It was very refreshing for me
to revisit this archival material. The good news might be that the L0pht
video has had almost a half-million views, and it is nice to know that our
RISKS readers seem to be much more aware than nonreaders. Incidentally,
my written testimony is on my website and in the searchable Congressional
Record, but I had looked for a video of my oral testimony, and i did not
find one. I am delighted I could find the L0pht's one so easily. PGN]

------------------------------

Date: Tue, 23 Aug 2022 11:55:55 -0700
From: Li Gong <ligongsf@gmail.com>
Subject: FBI Warns of Zeppelin Ransomware Attacks Targeting Bay Area Companies
(SFStandard)

The evolution of ransomware business models: ransomware-as-a-service

https://sfstandard.com/business/fbi-warns-of-zeppelin-ransomware-attacks-targeting-bay-area-companies/

Two new trends raised alarm bells with law enforcement and cybersecurity
professionals. One is a new focus on attacks on health care facilities and
organizations already burdened by the pandemic. The other is an evolution in
the business models around ransomware, with the Zeppelin software creating
an ecosystem of cybercrime-- whereby actors research at-risk organizations,
conduct attacks, negotiate ransoms and launder payments -- that Chan dubbed
*ransomware-as-a-service*.

------------------------------

Date: Mon, 22 Aug 2022 16:36:58 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: How Secret Tesla Crash Data Might Make the Roads Safer (Cade Metz)

Data and video recorded by Tesla and other automakers to hone
driver-assistance systems can also be an investigative tool for
regulators and lawyers.

[On the other hand, the article discusses someone ``whose startup is
trying to monetize performance data.'' We seem to be entering an era
where *almost everything* can be monetized. PGN]

------------------------------

Date: Mon, 22 Aug 2022 01:31:20 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Google Search Is Quietly Damaging Democracy (WiReD)

A series of incremental changes over the years has transformed the tool from
an explorative search function to one that is ripe for deception.

https://www.wired.com/story/google-search-quietly-damaging-democracy

------------------------------

Date: Sun, 21 Aug 2022 09:57:03 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: How Google Cloud blocked the largest Layer 7 DDoS attack at 46
million rps

https://cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps

------------------------------

Date: Mon, 22 Aug 2022 13:03:12 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: 'Anti-Reflective' Coating Allows Wi-Fi Through Walls

Steve McCaskill, *TechRadar*, 18 Aug 2022,
via From: ACM TechNews

Scientists at Austria's Vienna University of Technology (TU Wien) and
France's University of Rennes have enabled Wi-Fi signals to pass through
walls more effectively. The method calculates an anti-reflective invisible
structure to a wall, which TU Wien's Stefan Rotter likened to "the
anti-reflective coating on your pair of glasses." The researchers
transmitted microwaves through a labyrinth of obstacles, then calculated a
matching anti-reflective structure that almost completely removed the
signals' reflection. "We were able to show that this information can be used
to calculate a corresponding compensating structure for any medium that
scatters waves in a complex way, so that the combination of both media
allows waves to pass through completely," explained TU Wien's Michael
Horodynski.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f12cx2356a9x069966&

------------------------------

Date: Mon, 22 Aug 2022 08:42:59 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: HBO Max Crashes for Thousands in the Minutes After *House of the
Dragon* Premieres (WSJ)

*The wait for the *Game of Thrones* prequel lasted a little longer for some;
HBO Max says the show had millions of viewers*

Some users said they were close to a breakdown!

https://www.wsj.com/articles/hbo-max-crashes-house-of-the-dragon-game-of-thrones-prequel-11661172989

[Unnecessarily long item truncated for RISKS. PGN]

------------------------------

Date: Sun, 21 Aug 2022 14:05:12 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Dad Took Photos of His Naked Toddler for the Doctor.
Google Flagged Him as a Criminal. (The New York Times)

Google has an automated tool to detect abusive images of children. But the
system can get it wrong, and the consequences are serious.

A Google spokeswoman said the company stands by its decisions, even though
law enforcement cleared the two men.

https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html

[Long explicit version for those who wish to dig into this story:
https://dnyuz.com/2022/08/21/a-dad-took-photos-of-his-naked-toddler-for-the-doctor-google-flagged-him-as-a-criminal/
PGN]


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor