AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page
   Networked Database  Computer Support/Help/Discussion...   [93 / 1628] RSS
 From   To   Subject   Date/Time 
Message   Sean Dennis    All   RISKS Digest 31.18   April 13, 2019
 11:56 AM *  

RISKS-LIST: Risks-Forum Digest  Thursday 11 April 2019  Volume 31 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/31.18>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt&...

  Contents:

Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 11 Apr 2019 12:30:00 -0400
From: danny burstein <dannyb@panix.com>
Subject: NOAA Monitoring Stations Are Off-Line from a GPS Y2K Moment

NOAA = National Oceanic and Atmospheric Administration
[eos.org  - from the American Geophysical Union]

Many of the world's older GPS devices had a Y2K moment on 6 April.  Devices
made more than 10 years ago had a finite amount of storage for their date
accounting system, and that number maxed out on Saturday, 6 April.

Nineteen National Oceanic and Atmospheric Administration (NOAA) coastal and
marine automated stations were not updated to mitigate the issue, and those
stations are out of commission until workers can service them on
location. The outage has the National Weather Service (NWS) office in
Anchorage, Alaska, hurrying to fix their downed stations before bad weather
comes in this week.

rest:
https://eos.org/articles/noaa-monitoring-stat...
oment

------------------------------

Date: Thu, 11 Apr 2019 00:44:19 -0400
From: danny burstein <dannyb@panix.com>
Subject: That GPS rollover that everyone poo-pooed?  Well, NYC... (NYTimes)

New York City Has a Y2K-Like Problem, and It Doesn't Want You to Know About It

On 6 Apr 6, something known as the GPS rollover, a cousin to the dreaded Y2K
bug, mostly came and went, as businesses and government agencies around the
world heeded warnings and made software or hardware updates in advance.

But in New York, something went wrong -- and city officials seem to not want
anyone to know.

At 07:59pm EDT on Saturday, the New York City Wireless Network, or NYCWiN,
went dark, waylaying numerous city tasks and functions, including the
collection and transmission of information from some Police Department
license plate readers.

The shutdown also interrupted the ability of the Department of
Transportation to program traffic lights, and prevented agencies such as the
sanitation and parks departments to stay connected with far-flung offices
and work sites.

https://www.nytimes.com/2019/04/10/nyregion/n...

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Wed, 10 Apr 2019 01:30:52 -0400
From:  Monty Solomon <monty@roscom.com>
Subject: Somebody forgot to upgrade: Flights delayed, canceled by GPS rollover

https://arstechnica.com/information-technolog...
cause-of-multiple-flight-delays-groundings/

------------------------------

Date: Wed, 10 Apr 2019 14:28:03 -0400
From: Monty Solomon <monty@roscom.com>
Subject: 24 Charged in $1.2 Billion Medicare Scheme, U.S. Says.

https://www.nytimes.com/2019/04/09/us/billion...

The scheme, which involved the prescribing of unnecessary back, shoulder, 
wrist and knee braces, spanned multiple continents, according to the 
authorities.

------------------------------

Date: Thu, 11 Apr 2019 10:31:30 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Israeli election problem

Earlier Thursday, a technical error on the Central Elections Committee's
website prevented publicly available numbers on the vote count from
reflecting the real results of the election, sparking hours of confusion and
a lack of clarity on whether the soldiers' votes changed the final results
on Thursday.  [....] At about 11 a.m., the elections committee announced it
had finished counting the double envelopes [including absentee ballots] and
that it was starting a [routine] review of the figures entered into the
computers.  [...]  The source of the technical problem seemed to be that the
Central Elections Committee website was based on the format from the
previous elections, and the number of votes -- both in total and in
individual ballot boxes -- was unable to be updated, such that the
percentages were wrong on the website. This also explained why some towns
had a voting rate of over 100%.

https://www.jpost.com/Israel-Elections/New-Ri...
unting-soldiers-votes-586463

------------------------------

Date: April 11, 2019 at 8:24:26 PM GMT+9
From: Richard Forno <rforno@infowarrior.org>
Subject: EU Tells Internet Archive That Much Of Its Site Is 'Terrorist 
Content'

We've been trying to explain for the past few months just how absolutely
insane the new EU Terrorist Content Regulation will be for the Internet.
Among many other bad provisions, the big one is that it would require
content removal within one hour as long as any "competent authority" within
the EU sends a notice of content being designated as "terrorist"
content. The law is set for a vote in the EU Parliament just next week.

And as if they were attempting to show just how absolutely insane the law
would be for the Internet, multiple European agencies (we can debate if
they're "competent";) decided to send over 500 totally bogus takedown demands
to the Internet Archive last week, claiming it was hosting terrorist
propaganda content.

https://www.techdirt.com/articles/20190410/14...
e-that-much-site-is-terrorist-content.shtml

------------------------------

Date: Thu, 11 Apr 2019 11:07:24 +0300
From: turgut@kalfaoglu.com
Subject: Amazon' Alexa isn't just AI; thousands of humans are listening

What Amazon doesn't tell you explicitly, as highlighted by an in-depth
investigation from /Bloomberg/ published this evening
<https://www.bloomberg.com/news/articles/2019-...
on-alexa-a-global-team-reviews-audio>
is that one of the only, and often the best, ways Alexa improves over time
is by having human beings listen to recordings of your voice requests. Of
course, this is all buried in product and service terms few consumers will
ever read, and Amazon has often downplayed the privacy implications of
having cameras and microphones in millions of homes around the globe

https://www.theverge.com/2019/4/10/18305378/a...
otation-listen-private-recordings

------------------------------

Date: Thu, 11 Apr 2019 01:36:35 -0400
From: Mark Brader <msb@vex.net>
Subject: Not a burglar after all

A guest in someone's house in Oregon was there alone when he heard noises
coming from the bathroom.  He called police to report a possible burglary.
They arrived and approached the bathroom with drawn guns and two dogs.  When
nobody responded to their shouts, they opened the door... and found a
Roomba.

http://www.npr.org/2019/04/10/711819433/any

------------------------------

Date: Thu, 11 Apr 2019 13:49:03 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Computers Turn an Ear on New York City (Scientific American)

https://www.scientificamerican.com/podcast/ep...
-york-city/

"'Over the past two years, our sensors collected huge amounts of urban sound
data.' But computers don't know what different sounds mean -- until they're
trained by people.

"That's where citizen science comes in: SONYC needs members of the public to
listen to ambient sounds picked up by noise monitors and label the sounds so
the computers can learn to independently recognize them.

"Labeling sound is harder than labeling images because sound is invisible
and ephemeral."

Music or voice synthesizers can certainly be programmed to emulate sounds.
Individual culture and ecosystem surroundings are applied to authenticate
sounds. Hypothetically, some animals (mammals/birds) can sing or holler like
a siren, and vice-versa.

The SONYC project might be applied as an early warning platform by criminals
to detect if the "cops are rolling" assuming is it a public common deployed
to help law enforcement or people identify gunfire v.  backfire, chemical
explosions v. structural collapse, live assaults v.  movie screeches, etc.

Risk: Incorrect or inaccurate metadata audio content tags/labels by pollutes
the repository. Need editorial oversight/confirmation to authenticate audio
origin/source before record can serve as a baseline system of record.

------------------------------

Date: Tue, 9 Apr 2019 12:05:53 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: The language of InfoSec

Ann Johnson, Corporate Vice President (Cybersecurity Solutions Group) over
at Microsoft, is concerned that we are using too much jargon in
information/cyber security work.  People don't understand what we're talking
about.
https://www.microsoft.com/security/blog/2019/...

(Of course, "Cybersecurity Solutions Group" sounds like "marketing," so it's
quite possible that Ann Johnson doesn't actually know what actual security
people are talking about ...)

I do sympathize, in general.  There are people in security, as in any field,
who actually create jargon in order to hide the fact that a) they don't
actually know what they are talking about, or b) they are only talking about
the same stuff you are, but they want it to sound like they know a secret
you don't.  (See pretty much any episode of "Yes, Prime Minister."  YouTube
is your friend.)

However, as the psycholinguistics people note, if you don't have a word for
it, you can't really think about it.  We have lots of concepts that we have
to know about, and which are important to the protect of the systems under
our care.  We have to have our infosec language.

And that is, after all, why I wrote the dictionary ...

  Postscript: So I'm talking about words and dictionaries
https://community.isc2.org/t5/Career/The-lang...
  and check that mine is still on Amazon, and note that someone, slanging
  mine, says that all you need is Google, "just enter DEFINE:word to be
  defined, and wallah," and realize that when she says "wallah" she actually
  is trying to use "voila,"and I find it hysterical that in trashing a
  glossary she doesn't know what word she is trying to use ...

------------------------------

Date: Tue, 9 Apr 2019 17:26:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: New wire-fraud scam targets your direct deposit info, reroutes your
  paycheck (CNBC)

  * Fraudsters are targeting the HR functions of businesses of all types
    and convincing employees to swap out your direct deposit banking
    information to an offshore account.
  * One nonprofit in Kansas City describes several attempts per month,
    involving scammers trying to convince payroll personnel to change
    information about where to send employee pay.
  * The IRS has warned of an uptick in a wide range of fraud attempts
    involving payroll information.

https://www.cnbc.com/2019/04/09/new-wire-frau...
-info-paycheck.html

------------------------------

Date: Wed, 10 Apr 2019 09:01:53 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Verizon issues patch for vulnerabilities on millions of Fios routers

https://www.cnet.com/news/verizon-issues-patc...
of-fios-routers/

------------------------------

Date: Thu, 11 Apr 2019 08:13:31 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Assange arrested and charged after Ecuador rescinds asylum

https://www.washingtonpost.com/world/europe/w...
rom-ecuador-embassy-in-london/2019/04/11/1bd87b58-8f5f-11e8-ae59-01880eac5f1d_s
tory.html

  British authorities arrested WikiLeaks founder Julian Assange on Thursday
  in response to a U.S. extradition request, and a U.S. federal court
  unsealed an indictment charging him with a single count of conspiracy to
  disclose classified information that could be used to injure the United
  States.  Assange was taken into custody by British police after Ecuador
  rescinded his asylum at its embassy in London, ending a standoff that
  lasted nearly seven years.

------------------------------

Date: Thu, 11 Apr 2019 00:14:47 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Re: Are We Ready For An Implant That Can Change Our Moods?
  (npr.org, RISKS-31.16)

 > Deep Brain Stimulation is a recognised treatment for Parkinsons
 > Dyskinesia -- indeed one of my friends has an implant -- and can be very
 > effective. It has massively improved my friend's quality of life.

Consider your friend to be VERY FORTUNATE that the implantation achieved a
favorable therapeutic outcome!

The PRODUCTCODE (PC) and DEVICENAME fields I list below, extracted from FDA
MAUDE
(https://www.accessdata.fda.gov/scripts/cdrh/c...
possess terms related to brain stimulation for Parkinson's treatment/tremor,
or for behaviorial changes through electro-stimulus. I won't name the
manufacturers shown in the pareto aggregate analysis below; you can get
these details from MAUDE records yourself.

PC      DEVICENAME
MFR     Stimulator, Brain, Implanted, For Behavior Modification
MHY     Stimulator, Electrical, Implanted, For Parkinsonian Tremor
NHL     Stimulator, Electrical, Implanted, For Parkinsonian Symptoms
OLM     Deep Brain Stimulator For Obsessive Compulsive Disorder (Ocd)
PFN     Implanted Brain Stimulator For Epilepsy
PJS     Stimulator, Electrical, Implanted, For Essential Tremor

FDA's MAUDE enumerates events arising from medical devices as: DEATH (D),
INJURY (I), MALFUNCTION (M), OTHER (O), and NO ANSWER SUPPLIED (N).

I note that the MAUDE pareto analysis below shows a surprising result for
PRODUCTCODE == MHY: 80 Deaths, 3732 Injuries, and 5032 Malfunction reports
between 01JAN2017-31MAR2019. I picked this reporting interval arbitrarily to
explore "production defect escape density." The pareto aggregate values
strongly suggest that something in those devices is seriously
under-performing. Total device implant sales/counts are closely guarded by
manufacturers.

I believe the MAUDE reports are distinct: Device INJURY reports are unique,
and separate from MALFUNCTION reports. This means that a device implant
recipient can experience multiple events.

Over 8700 patients unfortunately experienced at least one clinical issue
from their DBS implant device. How has their quality of life been impacted?

PC   EVENT/COUNT  EVENT/COUNT  EVENT/COUNT  EVENT/COUNT  EVENT/COUNT
MFR  D/1          I/24         M/19         O/0          N/44
MHY  D/80         I/3732       M/5032       O/0          N/0
NHL  D/0          I/96         M/7          O/0          N/0
OLM  D/6          I/2          M/3          O/0          N/0
PFN  D/0          I/119        M/7          O/0          N/0
PJS  D/0          I/1          M/0          O/0          N/0

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.18
************************
 
--- MultiMail/Win
 * Origin: Outpost BBS * Limestone, TN, USA (618:618/1)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Computer Support/Help/Discussion...  <--  <--- Return to Home Page

VADV-PHP
Execution Time: 0.0206 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
v2.1.241108