RISKS-LIST: Risks-Forum Digest Wednesday 9 November 2022 Volume 33 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.51>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Ground Truth vs Ground-up Truth (PGN)
What U.S. Democracy Can Learn from Brazil (Jack Nicas)
Voting-system firms battle right-wing rage against the machines (Reuters)
How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes)
Blood oxygen monitors face scrutiny from FDA panel (The Verge)
Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz)
The Hunt for the Dark Web's Biggest Kingpin (WiReD)
Why the FBI Is So Far Behind on Cybercrime (NYTimes)
Ransomware attacks on hospitals take toll on patients (NBC News)
iOS Privacy: Instagram and Facebook can track anything you do on any website
in their in-app browser (Krausefx)
The Most Vulnerable Place on the Internet (WiReD)
Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls
(U.Waterloo)
Engineers ready innovative robotic servicing of geosynchronous satellites
payload for launch (phys.org)
Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces
cybersecurity incident (CBC)
Signal Says It Will Exit India Rather Than Compromise Its Encryption
(Techdirt)
Scientists Increasingly Can't Explain How AI Works (Vice)
Billions Spent in Metaverse 'Land' Grab (BBC)
Same New York lottery numbers drawn twice in one day (NYPost)
Powerball winning numbers live drawing delayed for $1.9 billion jackpot due
to 'security protocol issue' (ABC)
There's a good chance Meta has your contact info. Here's how to delete it.
(Mashable)
Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC)
'How much press are you worth?' New calculator tackles inequality in missing
persons stories (msnbc.com)
Federal government advised to pause Twitter ads after mass layoffs at
company (CBC News)
Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year
(Gizmodo)
Wireless meat thermometer: What could go wrong? (SharperImage via Gabe)
Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD)
Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes)
AI code assistants may not spawn as many bugs as feared (NYTimes)
The Rise of Rust, the Virus-Secure Programming Language That's Taking Over
Tech (WiReD)
The Strange Death of the Uyghur Internet (WiReD)
Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown
(WiReD)
Jeppesen Cyber-Incident Affects Services (AVweb)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 9 Nov 2022 10:40:50 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Ground Truth vs Ground-up Truth

It's time for a little levity after months of ugly campaign disinformation
and gigantic fund-raising efforts in the U.S. I offer this limerick, and
beg your indulgence.

Relections on the U.S. Midterm Election Campaigns
Peter G. Neumann (a.k.a. Lim[b]erRick),
Election Day, 8 November 2022

There once was a notion of "ground truth",
Which the DNA linked up with "found tooth".
But old farts with no heart
Took the ground truth apart,
While leaving the future to "frowned youth".

[Your choice of alternatives in the last line:
crowned, gowned, sound, bound, towned, ... I liked "frowned" <upon>]

old fart:
Tribal elder. A title self-assumed with remarkable frequency ...
This is a term of insult in the second or third person, but one of
pride in first person.

"Ground Truth" is becoming like Ground-up Meat --
You have no idea what it entails (or entrails?).
Are the contents just FAKE NEWS? or REALLY-FAKE NEWS?

An earlier draft version of my doggerel had the last line as:
"Forsooth" took the meaning of "found truth".

forsooth [WordNet]
adv 1: an archaic word originally meaning *in truth* but now
usually used to express *disbelief* [emphasis mine]

forsooth formerly used as
An expression of deference or respect, especially to woman;
now used ironically or contemptuously.
[1913 Webster]

Our old English word "forsooth" has been changed for the French
madam. -- Guardian.
[1913 Webster]

Dad-to-Kid-joke:
Diner: Waiter, This coffee tastes like mud.
Waiter: It should. It was *GROUND* this morning.

------------------------------

Date: Mon, 7 Nov 2022 9:16:00 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: What U.S. Democracy Can Learn from Brazil (Jack Nicas)

Jack Nicas, *The New York Times*, 6 Nov 2022

https://www.nytimes.com/2022/11/05/world/americas/brazil-election-us-democracy.html

Given that there are no computer systems that cannot be hacked through
unsecure hardware, software, and apps, *and* the reality that the federal
government cannot control state elections -- which the existing Supreme
Court would pretty much guarantee -- there are no realistic solutions. The
research community understands some of the machine-related issues, but (not
surprisingly) ignores most of the total-system issues -- which include
insider misuse, clever disenfranchisement, and devastating effects of
pervasive disinformation. The commercial vendors for the most part don't
care, although Dominion's defense and monster defensive lawsuits (a recent
60 Minutes interviewed the head of Dominion) seem to make a case that they
were brutally trashed by false attacks for which they are seeking BILLIONS
of dollars in damages.

------------------------------

Date: Sun, 6 Nov 2022 15:12:01 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Voting-system firms battle right-wing rage against the machines
(Reuters)

https://www.reuters.com/world/us/voting-system-firms-battle-right-wing-rage-against-machines-2022-11-06/

------------------------------

Date: Sun, 6 Nov 2022 10:50:45 -0500
From: Monty Solomon <monty@roscom.com>
Subject: How Republicans Fed a Misinformation Loop About the Pelosi Attack
(NYTimes)

https://www.nytimes.com/interactive/2022/11/05/us/politics/pelosi-attack-misinfo-republican-politicians.html

------------------------------

Date: Thu, 3 Nov 2022 19:53:44 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Blood oxygen monitors face scrutiny from FDA panel (The Verge)

https://www.theverge.com/2022/11/3/23438808/blood-oxygen-monitor-fda-bias-regulation

------------------------------

Date: Sat, 5 Nov 2022 19:36:10 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Medicare enrollees warned about deceptive marketing schemes
(Amanda Seitz)

With Medicare's open enrollment underway, health experts are warning
older adults about an uptick in misleading marketing tactics that might
lead some to sign up for Medicare Advantage plans that don't cover
their doctors or prescriptions and drive up their out-of-pocket costs

https://www.washingtonpost.com/politics/medicare-enrollees-warned-about-deceptive-marketing-schemes/2022/11/05/d54ffa70-5cbf-11ed-bc40-b5a130f95ee7_story.html

------------------------------

Date: Fri, 4 Nov 2022 10:24:46 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The Hunt for the Dark Web's Biggest Kingpin (WiReD)

The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow ''

The notorious Alpha02 oversaw millions of dollars a day in online narcotic
sales. For cybercrime detectives, he was public enemy number oneâand a total
mystery. https://www.wired.com/story/alphabay-series-part-1-the-shadow/

The Hunt for the Dark Webâs Biggest Kingpin, Part 2: Pimp_alex_91
On the trail of AlphaBay's mastermind, a tip leads detectives to a suspect
in Bangkok -- and to the daunting task of tracing his millions in
cryptocurrency.

https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/

------------------------------

Date: Sun, 6 Nov 2022 19:39:01 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Why the FBI Is So Far Behind on Cybercrime (NYTimes)

https://www.nytimes.com/2022/11/06/opinion/ransomware-fbi.html

There are many factors behind the stunning rise of ransomware. Our reporting
found that one of the most important is the Federal Bureau of
Investigation's outmoded approach to computer crime targeting people and
institutions in the United States.

State and local police generally can't handle a sophisticated international
crime that locks victims' data remotely -- from patients' medical histories
and corporate trade secrets to police evidence and students' performance
records -- and demands payment for a key. Many police departments have
themselves been hamstrung by ransomware attacks. Federal investigators,
especially the FBI, are responsible for containing the threat. They need to
do better.