Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #46: waste water tank overflowed onto computer

comp / comp.risks / Risks Digest 33.47

SubjectAuthor
o Risks Digest 33.47RISKS List Owner

1
Subject: Risks Digest 33.47
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Sat, 8 Oct 2022 03:45 UTC
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.47
Date: 8 Oct 2022 03:45:17 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 791
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1665200346.risko@chiron.csl.sri.com21352>
Injection-Info: reader2.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="21167"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Friday 7 October 2022 Volume 33 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.47>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related Deaths.
It Failed a Family of Three. (TexasTribune)
Crash of Air France 447 redux (Jagan Jagannathan)
Automatic emergency braking is not great at preventing crashes at normal
speeds (The Verge)
Chinese supply-chain tampering (Reuters)
Nordstream Explosion: Robotic Sabotage from *Inside*? (Henry Baker)
The Thorny Problem of Keeping the Internet's Time (David Mills)
The Securities and Exchange Commission Obstructs National Security
(Ari Schwartz)
NY SBOE is buying ES&S barcoding voting machines (Rebecca Mercuri)
Conspiracy theories muddy Louisiana voting machine debate (AP item)
WashDC Metro system looking for solutions to fare evasion (WashPost)
I wouldn't get on that DC-area bus (Gabe Goldberg)
Microsoft Exchange 0-Day Attack Threatens 220,000 Servers (Dan Goodin)
In the Battle With Robots, Human Workers Are Winning (NYTimes)
A data-sharing agreement between the US and UK is now in effect (Engadget)
More Bosses Spy on Quiet Quitters. It Could Backfire (WSJ)
Canadian ransomware hacker sentenced to 20 years in U.S. prison (CBC)
Few Customers Get Refunds for Rampant Zelle Fraud (Senator Warren)
Are You a Victim of Crypto Crime? Good Luck Getting Help (WiReD)
El_Salvador's Bitcoin Law -- one year on, with the World's Coolest Dictator:
Attack of the 50-Foot Blockchain (David Gerard)
SEC charges Kim Kardashian for allegedly not disclosing crypto promotion
payday (WashPost)
Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends
(PCMag)
Joe Sullivan guilty in Uber hacking case (WashPost)
I Make Video Games. I Won't Let My Daughters Play Them. (NYTimes)
Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends
(PCMag)
AI can now create any image in seconds, bringing wonder and danger
(WashPost)
Rethinking the Computer Chip in the Age of AI (Devorah Fischler)
Leading Makers Pledge Not to Weaponize Their Robots (Joe Hernandez)
Optus criticized for massive breach (Reuters)
Re: Optus' breach exposes 9.8M customers' data (John Colville)
Re: Wegmans Discontinues Self-Checkout App, Citing Losses (John Levine)
Re: Egypt's submarine cable stranglehold (Amos Shapir)
Re: Automakers are ignoring the simple solution to the rise of traffic
deaths (Scott Dorsey)
Castiglioncello 2022: Nuclear Weapons: New Risks (Diego Latella)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 4 Oct 2022 09:59:09 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related
Deaths. It Failed a Family of Three. (TexasTribune)

A Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related
Deaths. It Failed a Family of Three.

The generator industry has touted automatic shut-off switches as a
lifesaving fix for carbon monoxide poisoning. But the voluntary standard
falls short of what federal regulators say is necessary to eliminate deaths.

https://www.texastribune.org/2022/09/21/generators-carbon-monoxide-shutoff-switch-texas-cpsc

------------------------------

Date: Mon, 3 Oct 2022 07:59:16 -0700
From: Jagan Jagannathan <jagan@ahista.com>
Subject: Crash of Air France 447 redux

https://admiralcloudberg.medium.com/the-long-way-down-the-crash-of-air-france-flight-447-8a7678c37982

------------------------------

Date: Fri, 30 Sep 2022 14:09:16 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Automatic emergency braking is not great at preventing crashes at
normal speeds (The Verge)

https://www.theverge.com/2022/9/29/23377376/automatic-emergency-braking-average-speed-study-aaa

------------------------------

Date: Sun, 2 Oct 2022 03:33:35 -0400
From: "Steven J. Greenwald" <greenwald.steve@gmail.com>
Subject: Chinese supply-chain tampering (Reuters)

Suspected Chinese hackers tampered with widely used software distributed
by a small Canadian customer service company, another example of a "supply
chain compromise" made infamous by the hack on U.S. networking company
SolarWinds.

Via Reuters:
https://www.reuters.com/technology/exclusive-suspected-chinese-hackers-tampered-with-widely-used-canadian-chat-2022-09-30/

------------------------------

Date: Fri, 30 Sep 2022 16:11:15 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Nordstream Explosion: Robotic Sabotage from *Inside*?

An intriguing possibility is that the Nordstream LNG pipelines were
sabotaged by robots *from the inside* !

This type of sabotage would not require submarines (robotic or otherwise),
frogmen, etc., but would only require the ability to insert a modern 'pig'
(inspection robot) into the pipeline from the Russian end controlled by
Gazprom.

This type of sabotage could have been performed during the recent
*maintenance shutdowns* over the past several months, and the explosions
later set off by remote control.

https://www.dw.com/en/denmark-sweden-view-nord-stream-pipeline-leaks-as-deliberate-actions/a-63251217

Denmark, Sweden view Nord Stream pipeline leaks as 'deliberate actions'
27 Sep 2022

Mikhail Krutikhin, an energy analyst from the RusEnergy consultancy, told DW
that initial evidence clearly pointed to sabotage, and said that a key
question going forward would be whether the damage originated inside or
outside the pipe. He said the shape of the damaged segments of pipe should
indicate this.

https://oilprice.com/Energy/Energy-General/Oil-Pipelines-To-Be-Inspected-By-Robots.html

------------------------------

Date: Mon, 03 Oct 2022 09:59:20 -0400
From: scs@eskimo.com (Steve Summit)
Subject: The Thorny Problem of Keeping the Internet's Time (David Mills)

David Mills, TNY on NTP

https://www.newyorker.com/tech/annals-of-technology/the-thorny-problem-of-keeping-the-internets-time

There are a few bobbles: the author seems a bit confused over whether NTP is
an Internet RFC or a piece of software, and whether NTP is the IETF's only
concern. *The New Yorker*'s predilection for diereses in English is rather
comically distracting when ritually applied to the phrase "Coordinated
Universal Time". Nevertheless, it's a nice read, covering both the
technical issues and the people involved, with a particularly touching
portrait of Mills himself. And the RISKS relevance is the points made --
not for the first time, but not badly -- about the difficulties involved in
placing the maintenance of core protocols, upon which millions of computers
depend, in the decentralized hands of nearly anonymous, unpaid volunteers
who can't always even agree on who's in charge, let alone how the protocols
should evolve.

------------------------------

Date: Fri, 30 Sep 2022 09:11:48 -0400
From: dan@geer.org
Subject: The Securities and Exchange Commission Obstructs National Security
(Ari Schwartz)

Editorial:

The Securities and Exchange Commission Obstructs National Security
Public disclosure of cyber attacks shows weakness to enemies.
Ari Schwartz, https://www.wsj.com, 29 September 2022

The Securities and Exchange Commission seems to have missed a key principle
of fighting crime: Investigators don't release all the details of an
incident before it's solved because it would make it harder to catch the
criminal. This is true in cybersecurity too. You don't want hackers to know
they've been discovered or to highlight a company's weakness to other bad
actors. Yet a new rule from the SEC would require public disclosure of an
incident within four days of discovery, even if the hack is still under
investigation and hasn't been remedied.

Those of us who have dealt with actual cyber incidents know that a fix is
unlikely to materialize in four days. These reporting requirements will
place a spotlight on the vulnerability in the hacked company's
cybersecurity, putting the business at greater risk of suffering successive
attacks before the exploited weakness can be fixed. That comes with a
national security risk too, as nation states often engage in or aid
cyberattacks against companies. The SEC's new rule will help states cover
their tracks by alerting them to any discovery. And it'll make it easier for
them to find targets by highlighting what businesses are vulnerable and how.

The goal of the SEC's new rule is to inform investors about attacks, which
is a fine idea in principle. Investors should be informed about firms'
cybersecurity risks and sharing information about attacks can help other
businesses optimize their own cyber defenses. Reporting is important, but
companies should be allowed to resolve an incident before making it public.


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor