Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.21 RISKS-LIST: Risks-Forum Digest Friday 21 August 2020 Volume 32 : Issue 21 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' (The Independent) What would happen to Earth if humans went extinct? (Live Science) Would you like to live forever? (The Sun) A typo created a 212-story monolith in Microsoft Flight Simulator (Engadget) Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security) "Driverless cars are coming soon." (The Telegraph) How Your Phone Is Used to Track You, and What You Can Do About It (NYTimes) Tokyo's latest attraction: Transparent public toilets (cnn.com) DC No Longer Has Online Voter Registration (DCist) GOP-led Senate panel details ties between 2016 Trump campaign and Russian interference (NYTimes) Trump's 2016 campaign chair was a 'grave counterintelligence threat' (WashPost) Postal Service backs down on changes as at least 20 states sue over potential mail delays ahead of election (CNN) America Has Two Feet. It’s About to Lose One of Them. (NYTimes) U.S. Secret Service buys location data that would otherwise need a warrant (Ars Technica) Booze and cruise providers are the latest to be hit by ransomware scourge (Ars Technica) Researchers Can Duplicate Keys from the Sounds They Make (Kottke) Bluetooth update could turn wearables into COVID-19 trackers (Engadget) USPS filed a patent for Blockchain voting system (Decrypt) Russian opposition leader Alexei Navalny 'poisoned' (BBC) Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) U.S. COVID-19 and World War 2 mortality rates, interim comparison (Richard Stein) Israeli gargle trial gives COVID results in 1 sec., 95% accuracy (Henry Crun) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 17 Aug 2020 17:15:56 -1000 From: geoff goodfellow Subject: Groundbreaking new material 'could allow artificial intelligence to merge with the human brain' (The Independent) Technology could enable new health diagnostics and achieve Elon Musk's goal of integrating with artificial intelligence Scientists have discovered a ground-breaking bio-synthetic material that they claim can be used to merge artificial intelligence with the human brain. The breakthrough, presented today at the American Chemical Society Fall 2020 virtual expo, is a major step towards integrating electronics with the body to create part human, part robotic "cyborg" beings. Connecting electronics to human tissue has been a major challenge due to traditional materials like gold, silicon and steel causing scarring when implanted. Scars not only cause damage but also interrupt electrical signals flowing between computers and muscle or brain tissue. The researchers from the University of Delaware were able to overcome this after various types of polymers. [...] https://www.independent.co.uk/life-style/gadgets-and-tech/news/artificial-intelligence-brain-computer-cyborg-elon-musk-neuralink-a9673261.html ------------------------------ Date: Mon, 17 Aug 2020 17:09:42 -1000 From: geoff goodfellow Subject: What would happen to Earth if humans went extinct? (Live Science) *Nature always finds a way* Deep within Guatemala's rainforest sits one of the most famous remnants of the *Maya* civilization: a roughly 2,000-year-old citadel turned to ruins called *Tikal* . When Alan Weisman hiked through the surrounding region, he discovered something fascinating along the way: "You're walking through this really dense rainforest, and you're walking over hills," said Weisman, author and journalist. "And the archaeologists are explaining to you that what you're really walking over are pyramids and cities that haven't been excavated." In other words, we know about sites like Tikal because humans have gone to great efforts to dig up and restore their remains. Meanwhile, countless other ruins remain hidden, sealed beneath forest and earth. "It's just amazingly thrilling how fast nature can bury us," Weisman told *Live Science*. This scene from the rainforest allows us a glimpse of what our planet could look like, if humans simply stopped existing. Lately, that idea has been especially pertinent, as the global COVID-19 *pandemic* has kept people inside, and emboldened animals to return to our quieter urban environments -- giving us a sense of what life might look like if we retreated further into the background. Weisman, who wrote "The World Without Us" (Thomas Dunne Books, 2007), spent several years interviewing experts and systematically investigating this question: What would happen to our planet -- to our cities, to our industries, to nature -- if humans disappeared? *A different kind of skyline*. [...] https://www.livescience.com/earth-without-people.html ------------------------------ Date: Mon, 17 Aug 2020 17:18:48 -1000 From: geoff goodfellow Subject: Would you like to live forever? (The Sun) BIO-UPGRADABLE: Meet the super-rich biohackers turning into cyborgs with in-built armour and injecting teenagers' *blood* to stay young >From daily sessions in sub-zero cryo-chambers to stem cell injection and transfusions of teenagers' blood, their bizarre attempts to become superhuman have fueled a multi-million dollar industry. It may sound like something out of a sci-fi novel, but there's a growing band of Silicon Valley billionaires who believe they can achieve eternal life through *biohacking* -- the process of making alterations to your body to keep it younger. Netflix's new drama Biohackers, released on Thursday, (20 Aug) seizes on the terrifying trend by imagining a secretive lab where a young student, played by Luna Wedler, discovers a sinister experiment using the techniques on an entire town. Here we meet the real Silicon Valley biohackers - the men who want to be immortal. [...] https://www.the-sun.com/news/1323518/silicon-valley-biohackers-injecting-teenage-blood/ ------------------------------ Date: Fri, 21 Aug 2020 14:39:41 +0800 From: Dan Jacobson Subject: A typo created a 212-story monolith in Microsoft Flight Simulator (Engadget) Flight Simulator users recently found an unusual landmark: a 212-story monolith towering over an otherwise nondescript suburb in Melbourne, Australia. After some sleuthing, the title's community found what had caused the tower to appear in Flight Simulator. When developer Asobo Studio built its detailed recreation of the globe, they pulled data from OpenStreetMap, a free map of the world to which anyone can contribute. About a year ago, a user named nathanwright120 added a tag that said this one building in Melbourne had 212 floors instead of two. Based on their other contributions, it appears the edit was a simple typo, not them trying to mislead anyone. The error was later corrected by another OpenStreetMap contributor, but not before it made its way into Flight Simulator. https://www.engadget.com/flight-simulator-open-street-map-building-205545509.html ------------------------------ Date: Mon, 17 Aug 2020 17:12:47 -1000 From: geoff goodfellow Subject: Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security) A security flaw in the way *Microsoft Windows* guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on the 11 Aug Patch Tuesday [NOTED IN RISKS-32.20. PGN] was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs. Code signing is the method of using a certificate-based digital signature to sign executable files and scripts in order to verify the author's identity and ensure that the code has not been changed or corrupted since it was signed by the author. Microsoft said an attacker could use this spoofing vulnerability to bypass security features intended to prevent improperly signed files from being loaded. Microsoft's advisory makes no mention of security researchers having told the company about the flaw, which Microsoft acknowledged was actively being exploited. [...] https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/ ------------------------------ Date: Wed, 19 Aug 2020 22:16:44 +0100 From: Chris Drewe Subject: "Driverless cars are coming soon." (The Telegraph) Old news for RISKS readers, but just announced in the UK. Driverless cars are coming soon, and will bring a host of ethical and moral dilemmas with them https://www.telegraph.co.uk/cars/comment/driverless-cars-coming-soon-will-bring-host-ethical-moral-dilemmas/ A driverless future is not far away, but what are the implications for passengers and pedestrians? Whether drivers like them or not, autonomous cars are coming soon to a road near you. Well, actually, they are already here. Many modern vehicles have the ability to 'see' white lines, kerbs, pedestrians, other cars and obstacles, and can steer, brake and accelerate in accordance with the road and surrounding traffic. They already have all the hardware needed for Level 3 autonomy (although a software update would likely be needed before it could be fully activated) but legislation prohibits the use of it. Currently, a driver must be in control of the vehicle at all times regardless of how clever the vehicle's autonomous systems may be. That could be about to change. Ministers in the UK are considering plans that could see drivers being allowed to take their hands off the wheel in Level 3 autonomous cars, as early as next spring. This is what puzzles me. When I'm driving a car, the driving takes my full attention (I have to explain to passengers that my conversation may be a little erratic), whereas if I'm a passenger then I try to avoid looking at the road so as not to be a mental back-seat driver. If I'm riding in an autonomous vehicle, I would have difficulty in keeping close-enough attention to be able to take over instantly if needed. If I have a crash, who is liable? One example that springs to mind is if the car was approaching a red traffic light; I would initially assume that the car will stop, but if it doesn't, I may not realise until it's too late. ------------------------------ Date: Fri, 21 Aug 2020 07:00:00 -0600 From: "Matthew Kruk" Subject: How Your Phone Is Used to Track You, and What You Can Do About It (NYTimes) Smartphone location data, often used by marketers, has been useful for studying the spread of the coronavirus. But the information raises troubling privacy questions. https://www.nytimes.com/2020/08/19/technology/smartphone-location-tracking-opt-out.html?surface=home-living-vi&fellback=false&req_id=845505994&algo=identity&imp_id=61664156&action=click&module=Smarter%20Living&pgtype=Homepage ------------------------------ Date: Tue, 18 Aug 2020 23:59:09 +0800 From: Richard Stein Subject: Tokyo's latest attraction: Transparent public toilets (cnn.com) https://edition.cnn.com/travel/article/tokyo-toilet-project-transparent-toilets/index.html Light valves control opacity electrically or optically. When not energized, the valve is dark. Energize the valve to expose the toilet interior when the door is unlocked. Lock the door to power-down the valve, and the walls darken in ~1-3 seconds. Not hard to imagine a lock bypass when occupied. There might be a backup interlock using an motion detector to defeat door lock shorts/bypasses. Doubt this prank would arise in Tokyo given civility and group cohesion. Regardless of culture or country, an uneventful bio-break should be a guaranteed human right. [Smart loos? What could possibly go wrong? PGN] ------------------------------ Date: Tue, 18 Aug 2020 17:33:38 -0400 From: Gabe Goldberg Subject: DC No Longer Has Online Voter Registration (DCist) But as Jackson, 27, tried to use the app and its companion portal online, neither would work. And he soon learned why: In a move that wasn't widely publicized, the D.C. Board of Elections recently discontinued the long-troubled app, killing the only means for residents to register online to vote in the process. ``I was just frustrated that there was no information online. There was no clear communication.'' Election officials say the app was notoriously buggy and no longer reliable. And they concede it isn't likely that the elections board will be able to roll out a new app before the Nov. 3 election, potentially making it more difficult for new residents to register to vote or for existing voters to change their information. ``We are working to identify a new possible vendor, but significant testing would need to be done prior to launch, and we’re not sure this will be doable before the general [election],'' said Rachel Coll, a spokeswoman for the elections board, in an email. ``We're actively looking, though.'' https://dcist.com/story/20/08/18/dc-no-longer-has-online-voter-registration/ ------------------------------ Date: Tue, 18 Aug 2020 14:02:54 PDT From: "Peter G. Neumann" Subject: GOP-led Senate panel details ties between 2016 Trump campaign and Russian interference (NYTimes) https://www.nytimes.com/2020/08/18/us/politics/senate-intelligence-russian-interference-report.html ------------------------------ Date: Tue, 18 Aug 2020 09:14:28 -0700 From: Lauren Weinstein Subject: Trump's 2016 campaign chair was a 'grave counterintelligence threat' (WashPost) Trump's 2016 campaign chair was a 'grave counterintelligence threat,' had repeated contact with Russian intelligence, Senate panel finds https://www.washingtonpost.com/national-security/senate-intelligence-trump-russia-report/2020/08/18/62a7573e-e093-11ea-b69b-64f7b0477ed4_story.html ------------------------------ Date: Tue, 18 Aug 2020 11:45:23 -0700 From: Lauren Weinstein Subject: Postal Service backs down on changes as at least 20 states sue over potential mail delays ahead of election (CNN) https://www.cnn.com/2020/08/18/politics/post-office-dejoy/index.html ------------------------------ Date: Wed, 19 Aug 2020 15:05:30 -0400 From: Gabe Goldberg Subject: America Has Two Feet. It’s About to Lose One of Them. (NYTimes) For decades, U.S. metrologists have juggled two conflicting measurements for the foot. Henceforth, only one shall rule. https://www.nytimes.com/2020/08/18/science/foot-surveying-metrology-dennis.html [Who's going to foot the bill? Or, do we need a bill for the foot? Could this become a partisan issue in the U.S. Congress? PGN] ------------------------------ Date: Tue, 18 Aug 2020 17:59:01 -0400 From: Monty Solomon Subject: U.S. Secret Service buys location data that would otherwise need a warrant (Ars Technica) Agencies' ability to purchase any data on the open market is a big loophole. https://arstechnica.com/tech-policy/2020/08/secret-service-other-agencies-buy-access-to-mobile-phone-location-data/ ------------------------------ Date: Tue, 18 Aug 2020 17:53:48 -0400 From: Monty Solomon Subject: Booze and cruise providers are the latest to be hit by ransomware scourge (Ars Technica) Jack Daniel's distiller and Carnival cruise operator both warn of personal data theft. https://arstechnica.com/information-technology/2020/08/booze-and-cruise-providers-are-the-latest-to-be-hit-by-ransomware-scourge/ ------------------------------ Date: Wed, 19 Aug 2020 10:05:56 -0400 From: Tom Van Vleck Subject: Researchers Can Duplicate Keys from the Sounds They Make (Kottke) https://kottke.org/20/08/researchers-can-duplicate-keys-from-the-sounds-they-make-in-locks ------------------------------ Date: Wed, 19 Aug 2020 12:44:19 -0400 From: Monty Solomon Subject: Bluetooth update could turn wearables into COVID-19 trackers (Engadget) https://www.engadget.com/covid-bluetooth-sig-ens-wearables-plan-120555994.html ------------------------------ Date: Thu, 20 Aug 2020 9:03:54 PDT From: "Peter G. Neumann" Subject: USPS filed a patent for Blockchain voting system (Decrypt) https://decrypt.co/39162/usps-blockchain-voting-not-ready-primetime [This keeps getting sillier. PGN] ------------------------------ Date: Thu, 20 Aug 2020 13:07:07 PDT From: Lauren Weinstein Subject: Russian opposition leader Alexei Navalny 'poisoned' (BBC) https://www.bbc.com/news/world-europe-53844958 Why is this relevant to RISKS? Because the truth is a precursor to avoiding risks. Dissent into hell? PGN] ------------------------------ Date: Fri, 21 Aug 2020 14:26:57 -0400 From: Gabe Goldberg Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) Before public health officials can manage the pandemic, they must deal with a broken data system that sends incomplete results in formats they can't easily use. https://www.nytimes.com/2020/07/13/upshot/coronavirus-response-fax-machines.html Doesn't mention eFax and similar services which at least eliminate paper mountains. But they cost $ for these volumes. GG ------------------------------ Date: Tue, 18 Aug 2020 17:40:53 +0800 From: Richard Stein Subject: U.S. COVID-19 and World War 2 mortality rates, interim comparison [Note: I undertook this historical comparison out of curiosity. I am not an epidemiologist. The calculations yield average mortality rate measures based on accumulated public epidemiological reports and historical US government sources.] COVID-19 represents a mortal threat, analogous to an enemy combatant in battle. nUS involvement in World War 2, per Congressional Research Service (see https://fas.org/sgp/crs/natsec/RL32492.pdf), identifies 291,557 battle deaths between 07DEC1941 and 14AUG1945 (192 weeks and 2 days). Total deaths are much higher: 405,399 (which includes 113,842 "Other Deaths" arising from accidents, disease, and infections). The arithmetic yields: 291,557 battle deaths/192.29 weeks ~= 1516 battle deaths per week. Since 22JAN2020 until 18AUG2020 (29 weeks, 6 days), Johns Hopkins (https://coronavirus.jhu.edu/data/new-cases active since 22JAN2020, see US tracker) reports 170,584 deaths from COVID-19. These casualty rate figures shock my senses. Consider the reporting time interval ratio (COVID-19 29.86 weeks/WW2 192.29 weeks) ~= 0.16, or ~1/6th the total duration of World War 2. The ratio of COVID-19 to WW2 battle deaths per week: 5712/1516 ~= 3.77. The casualty rate ratio shatters my senses! Without a viable and effective vaccine, the US COVID-19 casualty risk will accumulate until effective disease prophylactic measures are adopted and applied with civility. ------------------------------ Date: Tue, 18 Aug 2020 13:58:05 +0300 From: Henry Crun Subject: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy Championing it as instant, cheap and reliable, innovators at Israel's largest hospital say their invention could become the world's standard COVID screening method. [No source given. PGN] ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.21 ************************