precedence: bulk Subject: Risks Digest 29.00 (97), Volume 29 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 29 : Issue 00 (97) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 29 (3 Oct 2015 -- 10 Dec 2016) (NOTE: This summary is archived in ftp file risks-29.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/29.00.html.) ---------------------------------------------------------------------- Date: Wed, 17 Aug 2016 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 29.00 SUMMARY OF RISKS VOLUME 29 (ongoing) (archived in ftp file risks-28.00) RISKS 29.01 Saturday 3 October 2015 NSA's Trojan Horse Scored Gold at Athens Olympics (Henry Baker) Xerox "more secure" Supply Chain (Gizmodo via AlMac) Newly found TrueCrypt flaw allows full system compromise (PGN) Google's Cute Cars And The Ugly End Of Driving (Lauren Weinstein) Nerves rattled by highly suspicious Windows Update (Ars) France pushes for global surveillance (EFF) Michael Chertoff on encryption, etc. (HuffPost) Experian hack exposes 15 million people's personal information (The Guardian and Ars Technica) Gigabytes of user data from hack of Patreon donations site dumped online (Dan Goodin) A billion Android phones are vulnerable to new Stagefright bugs (Dan Goodin) Drop-dead simple exploit completely bypasses Macs malware Gatekeeper (Dan Goodin) UN proposes massive Internet censorship (WashPo) Open Office on Ubuntu (SMB via PGN) Re: EPA v VW cheatware, AI & "machine learning" (Paul Fenimore) Re: VW Scandal (Pete Kaiser) Adblock sells out -- refuses to identify the buyer (NextWeb) The ad-block-alypse has arrived: a mobile carrier has for the first time begun blocking *all* ads on its customers' phones (Monty Solomon) Re: Ad-blocking (John Levine) RISKS 29.02 Tuesday 6 October 2015 Your MRI machine has already been pwned (Scott Erven and Mark Collao via Henry Baker) European court of Justice bans "Safe Harbor" decision (Thomas Koenig) Top EU court says US privacy protections are inadequate in landmark ruling (Amar Toor) How Many Deaths Did Volkswagen's Deception Cause in the U.S.? (NYTimes) Engine Shortfall Pushed Volkswagen to Evade Emissions Testing (NYTimes) Peeple Risks (Rob Slade) The Athens Affair shows why we need encryption without backdoors (Trevor Timm, Dorothy Denning, Grady Booch) Got 'Em! Researchers Steal Crypto Keys From Amazon Cloud (Fahmida Y. Rashid) Identifying Problems With National Identifiers: Supposedly Encrypted Numbers Can Be Easily Decrypted (Harvard) Study Rates UW CSE ... Most Practically Relevant (U.Wash) US Customs collecting info on every Amtrak passenger (Al Mac) Scottrade had no idea about data breach until the feds showed up (PCWorld) Sherry Turkle's Reclaiming Conversation (NYTimes) Business Technology Starts to Get Personal (NYTimes) Re: Open Office on Ubuntu (Henry Crun) Re: How to make the Internet worse for everyone except the slimeballs (David Canzi) Putting Mobile Ad Blockers to the Test (NYTimes) Re: Adblock sells out -- refuses to identify the buyer (Alan Ralph) RISKS 29.03 Wednesday 14 October 2015 Obama Won't Seek Door to Encrypted User Data (Perlroth/Sanger) Voting Machines and the VW Emission Controversy (Rebecca Mercuri) DMCA/TPP: How Do You Cross-Examine Proprietary Software? (Rebecca Wexler via Henry Baker) Southwest Flights Grounded by Sunday Computer Glitch (Jonathan Spira) Leak site Cryptome accidentally leaks its own visitor IP addresses (Daily Dot) Rickety SHA-1 dead at age 20 after long zombie illness (Dan Goodin) Unintentional cheating by compilers (Robert Wilson) Cyber Insecurity at Civil Nuclear Facilities (Henry Baker) Buying a new laptop causes a massive increase in Chevy truck cellular data usage (Steve Golson) Mail merge needs to actually merge (Geoff Kuenning) Undercover New Hampshire police nab cellphone ban violators (Monty Solomon) Re: Top EU court says US privacy protections are inadequate in landmark ruling (Robert Levine) Re: Obama administration on encryption backdoors (Amos Shapir) Re: EPA v VW cheatware, AI & "machine learning" (Amos Shapir) Outlook.com OAuth vulnerability, now fixed (JC Chu) Re: Your MRI machine has already been pwned (Kevin Fu) Re: Putting Mobile Ad Blockers to the Test (Alan Ralph) Apple Approves An App That Blocks Ads In Native Apps, Including Apple News (Tech Crunch) RISKS 29.04 Saturday 17 October 2015 Flight MH17 downed by Russian-built missile (PGN) ACARS pen-tester reports vulnerabilities according to EASA (PGN) U.S. Navy teaching celestial navigation in case computers infected (Mark Thorson) Lessons from Ten Years of IT Failure (Robert Charette) How the NSA can break trillions of encrypted Web and VPN connections (Ars Technica quoting Alex Halderman and Nadia Heninger) Reducing risks in national elections? (NYTimes) Tesla Adds High-Speed Autonomous Driving to Its Bag of Tricks (NYTimes) Software fault causes UK drivers to be banned from driving (The Guardian) Robber uses Uber as getaway car (Mark Thorson) UltraDNS Server Problem Pulls Down Websites, Including Netflix, for 90 Minutes (NYTimes) Compulsive Texting Takes Toll on Teenagers (NYTimes) The Deception Behind Illegal Bets (NYTimes) Art Forgers Beware: DNA Could Thwart Fakes (NYTimes) Apple Is Said to Deactivate Its News App in China (NYTimes) Majority of ISPs not ready for metadata laws that come into force (Australian ABC) If you're not Flash Player "free" by now, you REALLY oughta be... (AppleInsider via Geoff Goodfellow) Credit Rules (US gov via AlMac) Video Explainer: How Criminals Can Easily Hack Your Chip & PIN Card (Gizmodo) FBI's statement on microchip-enabled credit cards (Armando Stettner) FBI takes down alert on chip credit cards after bankers complain (John Levine) Social Media Abuse Stories to Shrivel Your Soul (NYTImes) Re: Undercover New Hampshire police nab cellphone ban violators (Bob Frankston) Apple removes Been Choice and other ad blockers from its app store (Monty Solomon) RISKS 29.05 Monday 26 October 2015 Now we know the NSA blew the black budget breaking crypto, how can you defend yourself? (Cory Doctorow) Most NHS depression apps are unproven, warn health experts (Chris Drewe DoD tries to upgrade cyberdefenses (IHLS via Alister Wm Macintyre) US Copyright Office outage - *not* a breach (Jeremy Epstein) Senator Wonders If 'Pro-Botnet' Caucus Derailed His CISA Amendment (HuffPost) Most Americans would be fine with some Internet surveillance if they were notified (Daily Dot) CCTV cameras worldwide used in DDoS attacks (ZDNet) Thailand reacts badly to protests via Internet (IHLS) Privatizing censorship in fight against extremism is risk to press freedom (CPJ) Russia 'tried to cut off' World Wide Web (*The Telegraph) CIA and DHS directors' personal email reported hacked; China's "character scores (WYFF4) Hackers Prove They Can Pwn the Lives of Those Not Hyperconnected (NYT) Western Digital self-encrypting hard drives riddled with security flaws (Ars Technica) "Tricky new malware replaces your entire browser with a dangerous Chrome lookalike" (Jared Newman) FTD's -- Fitbit Transmitted Diseases (Henry Baker) NTP Attacks: It's Earlier Than You Think (Jeremy Kirk) Hackers Make Cars Safer. Don't Ban Them From Tinkering (*WiReD*) Driverless cars, auto insurance, electric cars (Gabe Goldberg) UK Govt's Surveillance -- Who's Doing It? (Fraser Nelson via Chris Drewe) UK TalkTalk hacked again (IHLS) Encrypted VoIP Leaks: Can You Hear Me Now? (Henry Baker) Feds to Apple: Game Over; EULA LUSA (Richard Chirgwin) Identity Chaos, Courtesy of Your Federal Government (Ron Lieber) Cops are asking Ancestry.com and 23andMe for their customers' DNA (Kashmir Hill) Re: Art Forgers Beware: DNA Could Thwart Fakes (Gary Hinson) Re: Reducing risks in national elections? (Michael L. Cook) Re: Tesla Adds High-Speed Autonomous Driving to Its Bag of Tricks (Stephen Kent) RISKS 29.06 Friday 30 October 2015 China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems (The Onion) EFF Wins Petition to Inspect and Modify Car Software (EFF) Brain-dead email from medical practice (Gabe Goldberg) It ain't just squirrels vs. power lines. Now it's drones (LA Times) World Series Drama: A Four-Minute Blackout (NYTimes) Report says "You've been hacked!" (Merrill Lynch RIC) Allegations of San Francisco voter fraud (EFF) Xen patch addresses 7-year old privilege escalation flaw (Ars Technica) Cars' Voice-Activated Systems Distract Drivers (NYTimes) Re: Most Americans would be fine with some Internet surveillance if .. (PGN) E-mail encryption is still an oxymoron (SIGCOMM paper and Joseph Cox via Henry Baker) Re: Encrypted VoIP Leaks: Can You Hear Me Now? (Jeremy Epstein, Henry Baker) Re: Cops are asking Ancestry.com and 23andMe for their customers' DNA (R. G. Newbury) If You REALLY Want to Change the World ... (Kressel and Winarsky via PGN) RISKS 29.07 Tuesday 3 November 2015 UK: Internet firms to be banned from offering unbreakable encryption under new laws (The Telegraph) Weather radios down; severe weather a possibility (Ben Moore) Of cats and cliffs: the ethical dilemmas of the driverless car (Gabe Goldberg) Fyunch(click)-jacking [1]: The Internet of Ears (Daniel Dern) What We Know About the Computer Formulas Making Decisions in Your Life (Lauren Kirchner via Judy Clark) Chase Fraud *Protection*? (HASM) Risks of banks not practising what they preach (Steve Loughran) RushCard outage (Alister Wm Macintyre) $1 million iPhone Zero-day Bounty (Henry Baker) World's biggest tech companies get failing grade on data-privacy rights ... from me! (Tim Libert) S.Korea pulls plug on government-mandated child surveillance app (USNews via Lauren Weinstein) Wikipedia and Deepak Chopra: Open-Source Character Assassination (HuffPost) ISIS Hackers can target Critical Infrastructure? (IHLS) Arbitration Everywhere, Stacking the Deck of Justice (NYTimes) Re: E-mail encryption is still an oxymoron (Dimitri Maziuk, David E. Ross) RISKS 29.08 Monday 9 November 2015 Cybersecurity Firm FireEye Blames Tanking Stock On U.S.-China Hacking Deal (Robert Hackett via Prashanth Mundkur) Helping victims who used encrypted privacy (Scripps via AlMac) Anonymity of Crooks (Knujon) Trade Pact Could Bar Governments From Auditing Source Code (WiReD) TPP Details made public (NZ) Net Of Insecurity: The kernel of the argument (Craig Timberg) German & US spy scandals make us paranoid (IBTimes et al. via AlMac) UK Health Minister announces a review of NHS IT (Martyn Thomas) Why haven't our medical records entered the digital age (538) Programmers: Stop Calling Yourselves Engineers (Ian Bogost) More and more audio enthusiasts hitting fast forward (Boston Globe) When Neighbors Tangle Online (NYTimes) Volkswagen Says Whistle-Blower Pushed It to Admit Broader Cheating (NYTimes) The EC is preparing a frontal attack on the hyperlink (Julia Reda) Ransomware: Newest viral marketing gimmick (Dan Goodin via Henry Baker) Re: Internet of Ears / OK Google (William Brodie-Tyrrell) Re: Wikipedia and Deepak Chopra: Open-Source Character Assassination (Rob Slade) Re: $1 million iPhone Zero-day Bounty (Brian Inglis) RISKS 29.09 Friday 13 November 2015 Another failed software project: DHS online immigration forms (WashPo via Jeremy Epstein) Driverless car stopped by officer in traffic (PGN) Toyota's A.I. Research Efforts Could Mean Cars That Anticipate Traffic, Pedestrian Moves (Sharon Gaudin) Windows 3.1 Is Still Alive, And It Just Killed a French Airport (Peter Longeray via Jim Reisert) Aircraft maintenance -- and making sausages? (PGN) Ukraine Cyberwar's Hottest Front (Coker and Sonne) UK law will allow secret backdoor orders for software, imprison you for disclosing them (BoingBoing) UK Snooper's Charter would devastate computer security (Ars Technica) Court Says Tracking Web Histories Can Violate Wiretap Act (WiReD) Linux users targeted by new Linux.Encoder.1 encryption ransomware (Mark Wilson) "Crackas With Attitude" claim they hacked the FBI's LEEP portal (ted byfield) Anatomy of an Incident Website on Industrial Process Control Incidents Launched (Rob Wilcox) 10 reasons why phishing attacks are nastier than ever (InfoWorld) Apple and Google yank Instagram password-stealing app from app stores (ZDNet) Encouraging trends and emerging threats in email security (Lauren Weinstein) It's Way Too Easy to Hack the Hospital (Reel and Robertson) Oz 'My Health Record': more surveillance than health (Richard Chirgwin) Re: UK Health Minister announces a review of NHS IT (Prashanth Mundkur) My first purchase with a chipped card (Paul Robinson) Tor Users Matter (Matthew Green) Microsoft: Self-Righteously Reformed Privacy Advocate (Henry Baker) New Microsoft Country Clouds Won't Bring Reign (Henry Baker) Vizio TV spies on you whether you agree or not (Dan Goodin via HB) Re: Helping victims who used encrypted privacy (Barry Gold) Re: Wikipedia and Deepak Chopra (3daygoaty) Re: German & US spy scandals ... (Clint Chaplin) RISKS 29.10 Tuesday 17 November 2015 Microsoft Helps Out Healthcare Sector With New Data Encryption Algorithm (Softpedia) Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks (David E. Sanger and Nicole Perlroth) Edward Snowden and spread of encryption blamed after Paris terror attacks (MacDailyNews) Politicians blame Snowden for Paris attacks (DailyDot) Let's flush privacy down the toilet (Russell Brandom) Police body cams found pre-installed with notorious Conficker worm (Ars Technica) NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard (Scientific American republishing) Re: In wake of Paris attacks, renewed calls for encryption backdoors (The Guardian) ICANN policy problems (CircleID via AlMac) The Microcomplaint: Nothing Too Small to Whine About (NYTimes) Re: Software is forever (Wendy M. Grossman) Re: Driverless car stopped by officer in traffic ... (AlMac, Clint Chaplin, Dan Geer) Re: Wikipedia and Deepak Chopra (Dan Jacobson) Re: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC (Doug Humphrey) Re: My first purchase with a chipped card (Carl Byington, Chris Drewe) Re: Encouraging trends and emerging threats in email security (Dimitri Maziuk) Bruce Schneier's CRYPTO-GRAM, 15 Nov 2015 (PGN) RISKS 29.11 Thursday 19 November 2015 House panel examines safety risks and benefits of the Internet of Cars (USA Today) Signs Point to Unencrypted Communications Between Terror Suspects (Bob Hinden) Anonymous vs. ISIS: Netpolitik After the Pari s Attacks (Charlie Firestone) DO SOMETHING: After Paris, flailing to protect us (Ashley Carman and others u via Henry Baker) CIA snooping on Congress (EPIC and the NYTimes via PGN) Feds bugged steps of Silicon Valley courthouse (Dan Goodin) When TV Turns Itself Off (NYTimes) CMU cybersecurity warrant canary dies (Henry Baker) Carnegie Mellon denies it was paid to help the FBI crack Tor (Ashley Carman) On Fake Instagram, a Chance to Be Real (NYTimes) Re: My first purchase with a chipped card (John Levine) RISKS 29.12 Wednesday 25 November 2015 Laser damages pilot's eye (The Guardian) Data breach in Georgia could affect 6 million voters (MYAJC) Tech group rejects post-Paris call for data encryption backdoors (Volz) After Lenovo now Dell PCs and Laptops are shipping with rogue root level CA (Techworm) Dell provides cert removal tool nightmare (Ars Technica) SSL Safer (SHA2TEST.com) The Right to Tinker With Cars' Software (NYTimes) Dyre for Win 10 (Help Net & Heimdal) Federal privacy law lags far behind personal-health technologies (WashPo) The 911 System Isn't Ready for the iPhone Era (NYTimes) Bank fined: automated electronic foreign exchange trading misconduct (DFS.NY via The Conversation) IRS cyber security challenges (GAO & Gov Info Security) Net of Insecurity (Craig Timberg) Government minister poses with his password on a PostIt note (Diomidis Spinellis) Multiple Paris Attackers were on US Watch Lists (Free Beacon) Re: Beware of ads that use inaudible sound... (Chris Drew) RISKS 29.13 Thursday 26 November 2015 HIPAA Settlement Reinforces Lessons for Users of Medical Devices (HHS) China Cuts Mobile Service of Xinjiang Residents Evading Internet Filters (*NYTimes*) Who's right on crypto? An American prosecutor or a Lebanese coder? (Kieren McCarthy) Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10 (*The Register*) Black Friday Falters as Consumer Behaviors Change (*NYTimes*) RISKS 29.14 Wednesday 2 December 2015 NTSB: Controllers, Software Complicit In Wrong-Runway Landings (Aviation Week via Steve Golson) Database Error Complicit In Turkish Airlines Landing Accident (Steve Golson) Software Cut Off Fuel Supply In Stricken A400M (Steve Golson) Everyone is lying about the downed Russian jet (Motherboard) Tech fails led to 'Spooky' strike on Drs Without Borders hospital (Sean Gallagher) One-person one-vote principle in Texas (Voting News Weekly) Hacking in Argentina (Nicole Perlroth) China accused of hacking Australian Bureau of Meteorology and more (IBTimes) Hello Barbie can spy for crooks (*The Guardian*) VTech hacker exposes the personal information of more than 200,000 kids and millions of parents (Lorenzo Franceschi-Bicchierai) Google Maps hacked to show "Kalusunan" instead of Luzon (Dan Jacobson) Embedded vulnerability (Sec-Consult & Carnegie CERT/CC) MagSpoof disables chip and pin (Help Net) Electrical incompatibility (Android) Cops complain about civilian encryption use, but conduct tactical ops in the clear (NNSquad) After Paris attacks, US politics shift on government phone data collection; Rubio sees opening (AP) L.A. License Plate Readers proposed for john-shaming (Nick Selby) The Serial Swatter (NYTimes) UK ISP boss points out massive technical flaws in Investigatory Powers Bill (Ars Technica) Reply@not.possible? For how long? (Dan Jacobson) Re: The Right to Tinker With Cars' Software (Steve Lamont) RISKS 29.15 Wednesday 9 December 2015 Reboot not a solution -- especially for commercial aviation (Mark Richards) Working on Cheaper Sensors, Deeper Learnings (Gabe Goldberg) How Electronic Health Records Are Harming Patients (CIO) Hopeless failure of Dutch telecom providers & Phone House to protect personal data: How I could access 12+ million records (Kees Huyser) Car calls 911 to report accident after Florida hit and run (ABC) Fired Kemp worker says he is a scapegoat re: Massive Georgia data breach (AJC) Trend Micro finds security bugs in over 6M devices (Help Net) "New payment card malware hard to detect and remove" (Jeremy Kirk) The attack that broke Tor, and how Tor plans to fix it (Kashmir Hill) France looking at banning Tor, blocking public Wi-Fi (Sebastian Anthony) Interesting hack to gain backstage access (BBC via Ken Olthoff) "I gave my students iPads -- then wished I could take them back" (WashPost) "Why Node.js waited for OpenSSL security update before patching" (Fahmida Y. Rashid) I thought it was "https://" (Dan Jacobson) Road to Robotic Parking Is Littered With Faulty Projects (UK National Crime Agency *via The New York Times*) Your child is a CYBER-CRIMINAL! (UK National Crime Agency via Lauren Weinstein) How not to report on the encryption 'debate' (CJR) Terrorists Mock Bids to End Use of Social Media (NYTimes) Re: Database Error Complicit In Turkish Airlines Landing Accident (Dan Jacobson) "Post on Facebook - and get a tax bill." (Kate Palmer via Chris Drewe) Re: Everyone is lying about the downed Russian jet? (David Damerell) Re: reply@not.possible (Dimitri Maziuk) Voter Privacy in the Age of Big Data (Ira Rubenstein) RISKS 29.16 Monday 14 December 2015 Tablet computer zoom error lets plane fly 13 hours with 46cm hole (*The Register*) Boston Red Line train leaves station without operator (*The Boston Globe*) VW Says Emissions Cheating Was Not a One-Time Error (*NYTimes*) The Moral Failure of Computer Scientists (Phillip Rogaway, *The Atlantic*) Twitter says it was target of state-sponsored hack (*The Boston Globe*) "Europe Could Kick Majority of Teens Off Social Media, and That Would Be Tragic" (HuffPost) Maine General Health Breach (Gov Info Sec) Medical privacy: small scale violations (Propublica via Suzanne Johnson) Cloud Lock inspects security by industry (Help Net via Al Mac) Malvertising: these advertisers *really* want your business (*WiReD*) AT&T Fools Entire Media With Giant Gigabit Fiber Bluff (DSLreports via Lauren Weinstein) New York State Health Insurance site implemented with elementary security flaws, blames the whistleblower (Gothamist) Massive DDoS attack on core Internet servers was 'zombie army' botnet from popular smartphone app (*IBTimes* via Bob Frankston) Microsoft pulls botched patch KB 3114409 that triggered problems with Outlook 2010 (Woody Leonhard) "Microsoft Edge has inherited many of Internet Explorer's security holes" (Woody Leonhard) Discrimination by Airbnb Hosts Is Widespread, Report Says (*NYTimes*) Your iPhone Is Ruining Your Posture -- and Your Mood (*NYTimes*) America's secret cyberarsenal (*NYTimes* via Henry Baker) Re: "I gave my students iPads -- then wished I could take them back (Gene Wirchenko) Re: Voter Privacy in the Age of Big Data (Mark E. Smith) Re: Working on Cheaper Sensors, Deeper Learnings (Amos Shapir) Re: Your child is a CYBER-CRIMINAL! (Amos Shapir, Simon Wright, Henry Baker) RISKS 29.17 Tuesday 15 December 2015 Former National Security Officials Urge Government to Embrace Risks of Encryption (Ellen Nakashima) What the government should've learned about backdoors from the Clipper Chip (Sean Gallagher) "Final cyber security bill paves way for the surveillance state" (Caroline Craig) Lightbulb DRM: Philips Locks Purchasers Out Of Third-Party Bulbs With Firmware Update (TechDirt) Personalized news hits home (Quealy and Sanger-Katz via Charles C Mann) European Space Agency records leaked for amusement, attackers say (CSO) FAA Wants Your Credit Card Number when you register your drones (Lauren Weinstein) Thai Man May Go to Prison [for 37 years] for Insulting King's Dog on social media (NYTimes) 13 million MacKeeper users exposed after MongoDB door was left open (Ars Technica) Bangladesh extends social media ban, blocking Twitter and Skype (Lauren Weinstein) Hackers actively exploit critical vulnerability in sites running Joomla (Ars Technica) Small, community banks using machine learning to reduce fraud (NetworkWorld) Lie-detecting Software uses Machine Learning to Achieve 75 Percent Accuracy (Scientific Computing) British government admits selling Internet addresses to Saudi Arabia and says it can't stop ISIS extremists using them Your iPhone Is Ruining Your Posture -- and Your Mood (David Damerell) Google links back to itself (Peter Houppermans) A looming anniversary, and an offer (Gene Spafford) Re: America's secret cyberarsenal (Henry Baker) RISKS 29.18 Thursday 24 December 2015 Power failure and equipment damage causing continuing major shutdowns at U.S. Patent and Trademark Office (USPTO) The Strangest, Most Spectacular Bridge Collapse -- and How We Got It Wrong (Motherboard) Driverless Cars (Analog) Driverless cars: too safe at any speed? (Keith Naughton) How difficult it is to do crypto properly (Steve Bellovin) Juniper backdoor (PGN) Apple Pushes Against British Talk of Softening Encryption (NYTimes) Meet the woman in charge of the FBI's most controversial high-tech tools (WashPost) MIT's Vuvuzela Messaging System Uses 'Noise' to Ensure Privacy (Tim Greene) Believe it -- or don't: InterApp: The Gadget That Can Spy on Any Smartphone (Softpedia) Vulnerability in popular bootloader puts locked-down Linux computers at risk (Lucian Constantin) The Mystery of India's Deadly Exam Scam (TheGuardian via Ashish Gehani) Cisco shocker: Some network switches may ELECTROCUTE you (The Register) European Space Agency records leaked (Clive Page) Database leak exposes 3.3-million Hello Kitty fans (CSO) Idiot naughty word filter strikes again (Gabe Goldberg) New cybercrime thread, forging deeds using online records (nasdaq item via Robert Schaefer) Super-literate software reads and comprehends better than humans (New Scientist) Hotmail and how not to block spam (Turgut Kalfaoglu) President of China calls for the world to cooperate with China to censor the entire Internet (USNews) Wish list app from Target springs a major personal data leak (Ars Technica) Comcast Users Beware (Malwarebytes & Help Net) US Politics: redirecting URLs (Politico) Re: British government admits selling Internet addresses to Saudi Arabia (Amos Shapir) Re: The Moral Failure of Computer Scientists (Karl Auerbach) Re: Philips Locks Purchasers ... (Chris Drewe) Re: Lie-detecting Software uses Machine Learning to Achieve 75% ... (Stephen Doig) Re: Lie-detecting Software uses Machine Learning to Achieve 75 Percent Accuracy (Gene Wirchenko) Re: A looming anniversary, and an offer (David Gillett) RISKS 29.19 Monday 28 December 2015 "Listen up, FBI: Juniper code shows the problem with backdoors" (Fahmida Rashid) NSA Helped British Spies Find Security Holes In Juniper Firewalls (Gallagher and Greenwald) More on Juniper backdoor (Henry Baker) China passes law requiring tech firms to hand over encryption keys (Mark Wilson via Henry Baker) China's New Big Brother Law Is A Clone Of The West's Bad Ideas (HuffPo) Dangerous helicopter bird strikes on the rise, FAA warns (KSL via LW) Techno-skeptics objection growing louder (WashPo) U.S. Says Hacker Stole IDs and Unreleased Scripts From Host of Celebrities (NYTimes) Re: Reply by Karl Auerbach to The Moral Failure of Computer Scientists (Gene Wirchenko) Re: Super-literate software reads and comprehends better than humans (Gene Wirchenko) Re: Vulnerability in popular bootloader puts locked-down Linux, computers at risk (Mike Rechtman) Re: Lie-detecting Software uses Machine Learning to Achieve 75% accuracy (Erling Kristiansen) Re: Hotmail and how not to block spam (John Levine) Re: Driverless Cars (John Levine) RISKS 29.20 Tuesday 5 January 2016 Dutch government defers on dumbing down security (EDRi) Bug in prison-release calculations unknown for 10 years, unfixed for 3 more (Mark Brader) Kid Racks Up $5,900 Bill on Dad's iPad Playing Jurassic World (PCMag) Payment Card Protocols Wide Open to Fraud (OnTheWire) IRS insider crime (Tax Law Prof Blog) Risks of Facial Recognition (Consumer Reports via Al Mac) "Tim Peake said a spreadsheet error had caused his prank call from space" (Sarah Knapton) Video of L.A. hoverboard fire (Al Mac) Cisco joins Juniper in thorough checking (Bank Info Sec) Analysis of VW Dieselgate SW (Henry Baker) Millions of Voter Records Posted, and Some Fear Hacker Field Day (NYTimes) 2 Bankers Charged With Creating AT Cards to Steal From Accounts (NYTimes) Microsoft may have your encryption key; here's how to take it back (Ars Technica) Re: Hotmail and how not to block spam (Gene Wirchenko) Re: Lie-detecting Software uses Machine Learning to Achieve 75% accuracy (Dan Geer) Re: Driverless Cars (Al Mac, John Levine) Scholarships for Women Studying Information Security (Jeremy Epstein and Rebecca Wright) RISKS 29.21 Thursday 14 January 2016 Ex-NSA boss Michael Hayden says FBI director is wrong on encryption Ukraine electric grid down via malware (Data Breach Today) Fed STAR system flunks cyber security audit (GovInfoSec) Oregon Benefit Information System mess (AlMac) Michigan gets a damning cyber audit (Detroit Free Press) What do we know about medical errors related to EMRs? (HealthCareBlog) Skylake processors appear to have some glitches (Ars Technica) Google Opens Up About When Its Self-Driving Cars Have Nearly Crashed (Matt McFarland) Clickjacking Campaign Plays on European Cookie Law (MalwareBytes) `Smart' Guns: What Could Possibly Go Right? (Henry Baker) Can Computer Games Improve the Ability to Study? (Cathy Farmer) Ballot Battles: The History of Disputed Elections in the U.S. (Luther Weeks) FTC vs. dental practice software (Bank Info Sec) TurboTax and gmail and the conflation of two accounts (Stephen Bryant) Twitter Considering 10,000-Character Limit for Tweets (Recode via LW) URL query string parameters hanging on for dear life (Dan Jacobson) Calculating your threat 'score' (Justin Jouvenal via Henry Baker) Routers could soon help police solve crimes (Ryan O'Hare) Another fixed-width field problem (Steve Summit) USC students required to detail sexual history before registering for classes (Anthony Gockowski) Security of IoT: "always listening" devices in the office (Security Week) Fortinet Firewalls seem to have a hardwired SSH Password issue (Ars Technica via Bob Gezelter) Re: FTC's "Privacy Con" kicks out those who care about privacy (John Gilmore) Re: Dutch government defers on dumbing down security (Paul van Keep) Re: Analysis of VW Dieselgate SW (Dan Pritts) Re: Hotmail and how not to block spam (Jeremy Epstein, John Levine) Re: Risks of Facial Recognition (AlMac) RISKS 29.22 Sunday 24 January 2016 Roger Kemp on the Lancaster Floods (Peter Bernard Ladkin) Nest Thermostats Are Having Battery Problems and There's No Fix Yet (Kate Knibbs) The Internet of Things that Talk About You Behind Your Back (Bruce Schneier) Automakers increasing efforts to enhance safety and defend against cyberattacks (Gabe Goldberg) Affinity sues Trustwave (security news media) Why no secure architectures in commodity systems? (Nick Sizemore) Overhaul Puts Pentagon in Charge of Protecting Federal Security Clearance Data (Damian Paletta) French seem to have rejected crypto/security backdoors (The Register) Royal Melbourne Hospital virus attack (The Age) Virus hits TRMC computers (PGN) As More Pay by Smartphone, Banks Scramble to Keep Up (NYTimes) Rarely Patched Software Bugs in Home Routers Cripple Security (WSJ) Android bug (Martin Schaef) "Windows 10 Spying is worse than I ever imagined" (Gene Wirchenko) Instagram negatively impacting survival of big cats in the wild (Kaleigh Rogers) Facebook vs Indian Internet regulators (Prashanth Mundkur) Pakistan lifts ban on Youtube after launch of own version (Lauren Weinstein) "Understandable but Very Wrong: Google Enables Government YouTube Censorship in Pakistan" (Lauren Weinstein) 74% of leading US 2016 Presidential Candidates flunk privacy & data security (Trust Alliance) Linux bug imperils tens of millions of PCs, servers, Android phones (Ars Technica) ColoSpgs NCIC national hub for cybersecurity (Warren Pearce) Why do people keep coming to this couple's home looking for lost phones (Kashmir Hill) Time Inc. Is in the Midst of a Replyallpocalypse (Monty Solomon) Risks of impostors (Dave Kristol) The resolution of the Bitcoin experiment (Mike Hearn) Pound vs. Dollar vs. ASCII (Dan Jacobson) Re: Ballot Battles: The History of Disputed Elections in the U.S. (Mark E. Smith) Re: Michigan IT security audit (Dimitri Maziuk) Re: USC students required to detail sexual history before registering for classes (John Levine) Privacy, Safety, Security & Healthcare --> Seeking Your Scholarship (Robert Mathews) RISKS 29.23 Monday 25 January 2016 British Family Refused Entry To The USA -- upgrade screwup (Chris J Brady) The Boston Globe delivery disaster caused by software (Steve Golson) Belgian Crelan Bank loses 75.8-million dollars in CEO fraud (Al Mac) Re: Why no secure architectures in commodity systems? (Mark Thorson, Michael Marking) Re: Ballot Battles: The History of Disputed Elections in the U.S. (Amos Shapir) Internet of Things security is so bad, there's a search engine for sleeping kids (Ars Technica) RISKS 29.24 Saturday 30 January 2016 F-35 software overrun with bugs, DoD testing chief warns (Ars Technica) A plane that's become just too complicated (Ken Knowlton) Errors in Scientific Software May Be More Serious Than Suspected (Tech Dirt via Paul Robinson) Cops hate encryption but the NSA loves it when you use PGP (Iain Thomson) 2015: one in three Americans had health records hacked---all because HIPAA enables endless aggregation and collection of health data (Deborah Peel) Documents Uncover NYPD's Vast License Plate Reader Database (Dave Farber) Israel's electric grid hit by severe hack attack (Dan Goodin) Accidental sharing -- the plague of the always-connected era (Paul Venezia) Microsoft says odd behavior in Outlook 2010 calendar is a feature,~ not a bug (Woody Leonhard) Hacking into Supervisors of Elections Office (Fox) Vanishing electronic journal (Al Stangenberger) Report identity theft and get a personal recovery plan at IdentityTheft.gov (Al Mac) Re: Why no secure architectures in commodity systems? (Fred Cohen, Al Mac) Re: Belgian Crelan Bank loses 75.8-million dollars in CEO fraud (John Levine, Al Mac) Re: Ballot Battles: The History of Disputed Elections in the U.S. (Mark E. Smith) Re: date formats (Simson Garfinkel) Re: The Boston Globe delivery disaster caused by software (Larry Sheldon) Re: Documents Uncover NYPD's Vast License Plate Reader Database (Thomas Leavitt) Re: Roger Kemp on the Lancaster Floods (Dick Mills) Re: Why do people keep coming to this couple's home looking for lost (Al Mac) RISKS 29.25 Thursday 11 February 2016 Asiana: Secondary Cause of Crash Was Poor Software Design (Gabe Goldberg) More than 100 crashes caused by confusing gear shifters -- Jeep, Chrysler, Dodge (Gabe Goldberg) Conclusions of research on oldest ancient homo sapiens DNA study revised due to data-processing error (Bob Gezelter) IoT Insecurity by design (TechDirt via Alister Wm Macintyre) Fake Online Locksmiths May Be Out to Pick Your Pocket, Too (NYTimes) Dodgy USB Type-C cable fries vigilante engineer's $1,000 laptop (Ian Paul) Live in the EU? You probably should start accessing Google through a VPN or proxy. (Reuters) Hackers Get Employee Records at Justice and Homeland Security Depts (Eric Lichtblau) Hackers claim to have hacked NASA, hijacked one of its drones (danny burstein) Hacked Toy Company VTech's TOS Now Says It's Not Liable for Hacks (Lorenzo Franceschi-Bicchierai via Richard Forno) Hack-Proof RFID Chips (Larry Hardesty) "KB 3123862 eerily resembles Microsoft's earlier Get Windows 10 patch" (Woody Leonhard) AFCEA on cybersecurity (Warren Pearce) University of California traffic stored for up to 30 days (Christopher Brooks) At Berkeley, a New Digital Privacy Protest (NYTimes) Why "Let's Encrypt" free SSL certs are worse than useless -- actually dangerous -- to many sites (Lauren Weinstein) Shopping Mall SMS Parking Notifications Could Be Used To Track Any Car (Slashdot via Dan Jacobson) Increasingly popular update technique for iOS apps puts users at risk (Lucian Constantin) EAC exec director on voter registration (Voting News Weekly) Amazon's customer service backdoor (Medium.Com) "rm -rf /" Can Brick Your UEFI System (Henry Baker) Re: Errors in Scientific Software May Be More Serious Than Suspected (Mike Crawford) Re: Israel's electric grid hit by severe hack attack (Mike Rechtman) Re: On Facebook normally one can only see others' public groups (Dan Jacobson) Re: Date formats (J R Stockton) Re: Why do people keep ... looking for lost cellphones (Michael Kohne, Al Mac) Blackout rehearsals: let's start with GPS (Martyn Thomas) Doing University exams on computers? (Richard A. O'Keefe) RISKS 29.26 Monday 15 February 2016 Indian Supreme Court says nothing wrong with banning the Internet (Prashanth Mundkur) UK politicians green-light plans to record every citizen's Internet history (James Vincent) US intel chief: we might use the Internet of Things to spy on you (Spencer Ackerman and Sam Thielman) Tesla Updates Self-Parking Software After Consumer Reports Raises Concerns (Consumerist) Wrong number of hits in Bing (M. E. Kabay) Lack of reproducibility of research (Anthony Thorn) Pirate Bay of science? (Fiona Macdonald) Apple owns up to '1 January 1970' iPhone bricking bug (Monty Solomon) Motorcycle software recall (Mike Tashker) Office 2013 patch KB 3114717 freezes 32-bit Word 2013 on Win 7, 8.1, 10 (Woody Leonhard) Creative Cloud deletes files you *really* wanted (Barry Gold) And Then There Were 4: Phone Booths Saved on Upper West Side Sidewalks (Monty Solomon) Russian hackers, Kazan-based Energobank, and Ruble-$ exchange rate (HackerNews) Re: Asiana: Secondary Cause of Crash Was Poor Software Design (Peter Bernard Ladkin) Re: IoT Insecurity by design (John Beattie) Re: Doing University exams on computers? (3daygoaty, Len Finegold, Rogier Wolff) RISKS 29.27 Thursday 18 February 2016 U.S. vs. iPhone security (statement by Apple's Tim Cook) Google CEO: FBI's request of Apple could set a 'troubling precedent' (Engadget) Extremely severe bug leaves dizzying number of software and devices vulnerable (Ars Technica) "Windows 10 forced update KB 3135173 changes browser and other default settings" (Woody Leonhard) VTech back stabs customers (Gov Info Sec) Hollywood Presbyterian Medical Center Pays Hackers $17K Ransom (NBC News) Fatal German train crash caused by human error, prosecutor says (Reuters) SKYNET is already live (Ars Technica via William Brodie-Tyrrell) Steam Gauges are Safer (Erling Kristiansen) NSA's TAO Head on Internet Offense and Defense (Bruce Schneier) Worldwide Encryption Products Survey (Bruce Schneier) Re: Asiana: Secondary Cause of Crash Was Poor Software Design (Amos Shapir) Re: Lack of reproducibility of research (C. Titus Brown) Re: Doing University exams on computers? (Gene Wirchenko, Al Mac) RISKS 29.28 Thursday 25 February 2016 Great Interview on Safety+Security (Braband/Harner via Peter Bernard Ladkin) "Volvo recalls 59,000 cars over software fault" (Martyn Thomas) Nissan Leaf vulnerable to unauthenticated queries (Jeremy Epstein, Gabe Goldberg) A 19-year-old made a free robot lawyer that has appealed $3 million in parking tickets (Leanna Garfield) Hacked mid-air while writing an Apple-FBI story (Steven Petrow via geoff goodfellow) Apple's external and internal messages about "FBI vs. Apple" (TechCrunch) Popular home security system SimpliSafe can be easily disabled by burglars (Lucian Constantin) Reporting Cyber Risks in USA (DHS via Al Mac) Is it time to consider key escrow again? (Tad Taylor) Robots Are Reading Trader Chats to Stop Next Wave of Bank Fines (Bloomberg) *WarGames* and Cybersecurity's Debt to a Hollywood Hack (NYTimes) N Korea nuke tests & the volcano (Al Mac) Trimble date problem (Tim Young via Donald B. Wagner) Re: KB 3123862 eerily resembles Microsoft's earlier Get Windows 10 patch (Jack Christensen) Re: NSA's TAO Head on Internet Offense and Defense (Rogier Wolff) Re: Doing University exams on computers? (Rogier Wolff) RISKS 29.29 Friday 26 February 2016 Best Explanation for the Apple FBI Hack I've Seen and What It Means (Rebecca Mercuri) Re: key escrow (Dimitri Maziuk) Re: Robots Are Reading Trader Chats to Stop Next Wave of Bank Fines (Jeff Jonas) Re: Hacked mid-air while writing an Apple-FBI story (David Damerell) Re: Trimble date problem (Bob Rahe) RISKS 29.30 Monday 29 February 2016 Risks of Leap Years and Dumb Digital Watches (Mark Brader) A 12-year-old girl is facing criminal charges for using certain emoji. She's not alone. (WashPo via Gabe Goldberg) Google Wants Less Reliable Hard Disks (Thomas Claburn) Asus lawsuit puts entire industry on notice over shoddy router security (Ars Technica) The FBI wants a backdoor only it can use, but wanting it doesn't make it possible (The Guardian) It Really Doesn't Matter What Apple's Motivations Are -- Idealistic or Other Wise (NYMag) Re: Best Explanation for the Apple FBI Hack ... (Taed Wynnell, DrM, Ted Lee, AlMac, DrM, Simson Garfinkel) Risks 29.31 Thursday 3 March 2016 Navigation app sends Israeli soldiers into Palestinian area, two dead (YNetNews via Mark Thorson) Over a thousand suitcases not transported on Leap Day (Debora Weber-Wulff) Palo Alto school's medical privacy case (John R Levine) No Surprise: Health IT in the ER, new `error' categories (Erik Hollnagel) SSLv2 Support Compromises TLS Connections (Ars Technica) IRS identity theft story -- wanna bet it is much, much bigger? (Paul Saffo) "OpenSSL update fixes Drown vulnerability" (Fahmida Y. Rashid) Hack the Pentagon (Alister Wm Macintyre) Re: A 12-year-old girl is facing criminal charges for using certain emoji. She's not alone. (David Weil) Court orders Facebook to release WhatsApp data (James Hughes) ISIS turns to foreign encryption products as Apple-FBI fight rages in U.S. (Daily Dot) Amazon Quietly Removes Encryption Support from its Gadgets (Motherboard) NY Judge rules in Apple's favor (Alister Wm Macintyre Re: Best Explanation for the Apple FBI Hack ... (John Levine, Ted Lee, Simson Garfinkel) EFF and 46 Technology Experts Ask Court To Throw Out Unconstitutional Apple Order (EFF) Apple vs FBI - the Apple logo obscures the issue (Peter Houppermans) RISKS 29.32 Monday 7 March 2016 Risk to babies' health due to an alleged cover up of patient information system failures: Israeli clinics converted to new system (Omer Zak) Cisco NX-OS switch risk (Martyn Thomas) France to Jail Tech Execs over Encryption (The Register) Big Brother is tracking all of us...except for terrorists (via Paul Saffo) Apple vs FBI -- Another Constitutional Issue (David E. Ross) Apple VP: The FBI wants to roll back safeguards that keep us a step ahead of criminals (WashPo) Competing Interests on Encryption Divide Top Obama Officials (NYTimes) Joining Together to Avoid a Troubling Legal Precedent (Google) Re: ISIS turns to foreign encryption products as Apple-FBI fight rages in U.S. (Amos Shapir) Re: NY Judge rules in Apple favor (John Levine) Re: Apple vs FBI ... (Peter Bernard Ladkin, Keith Medcalf, Henry Baker) Re: IRS identity theft story -- wanna bet it is much, much bigger? (John Levine) Drone conflict update (ACLU+ via AlMac) RISKS 29.33 Wednesday 9 March 2016 Last week's House Judiciary hearings (Susan Landau) Speech by Robert Hannigan, Director GCHQ, delivered at MIT (LW) Encryption: Selected Legal Issues (Thompson II/Jaikaran) Apple vs. FBI primer on info extraction (Muckrock) FBI quietly changes its privacy rules for accessing NSA data on Americans (Spencer Ackerman) France: prison sentences for noncompliant tech execs? (USNews) Re: France to Jail Tech Execs over Encryption (Mark Brader) Hacking industrial vehicles from the Internet (JCarlosNorte) Risks to our industry re: CVE (Kurt Seifried) Multiple iOS apps found to be harvesting Snapchat user credentials (geoff goodfellow) Mac 'Ransomware' Attack Exposes Vulnerability of Apple Users (NYTimes) Florida Senate endorses making computer coding a foreign language (Kristen Clark, PGN) Apple loses e-books USSC appeal (NPR) Apple iOS Has PINs; But has not adopted Duress Codes (Bob Gezelter) Re: Apple vs FBI (Peter Houppermans) RISKS 29.34 Tuesday 15 March 2016 Great encryption segment from John Oliver, with Matt Blaze cameo (LW) Facebook, Google and WhatsApp plan to increase encryption of user data (The Guardian) Kremlin Falls for Its Own Fake Satellite Imagery (Dan Jacobson) Typosquatters Running .om Domain Scam To Push Mac Malware (ThreatPost) 139+ breaches in 2016 thru Mar-8 (ITRC) Online Leak of N.C.A.A. Tournament Bracket Upstages CBS Selection Show (NYTimes) Web security company breached, client list -- including KKK -- dumped, hackers mock inept security (BoingBoing) WhatsApp Encryption Said to Stymie Wiretap Order (NYTimes) Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (Tom's) Interesting Bamford piece on life at the NSA (Dave Farber) President Obama at SXSW (Henry Baker) Doctorow on POTUS' infatuation with magic ponies (Richard Forno) Researchers Spoof Phone's Fingerprint Readers Using Inkjet Printers" (Todd Weiss) Hey Siri, Can I Rely on You in a Crisis? Not Always, a Study Finds (NYT) "Nations Ranked on Their Vulnerability to Cyberattacks" (Matthew Wright) Kalamazoo shootings: Uber driver blames app (BBC) Hooray for Hollywood Robots: Movie Machines May Boost Robot Acceptance (Matt Swayne) Re: Florida Senate endorses making computer coding a foreign language (Michael Bacon, Craig Burton) Re: Why no secure architectures in commodity systems? (Nick Sizemore) RISKS 29.35 Wednesday 16 March 2016 Apple's Brief Hits the FBI With a Withering Fact Check (WiReD) Apple and Justice Dept. Trade Barbs in iPhone Privacy Case (NYTimes) Spontaneous Windows 10 Upgrade (Martin Fong) City's Public Wi-Fi Raises Privacy Concerns (NYCLU) Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank ... (WashPo) Yet another reason why expiring and reusing domain names is a really bad idea (ZDNet) Heat Scanning vs. Privacy (Harper's) ICANN -- "Time for America to relinquish custody of the Internet" (James Titcomb) Internet mismanagement (The Independent) Stealing Nude Pics From iCloud Requires Zero Hacking Skills -- Just Some YouTube Guides (Forbes) "YOGA* - A Software Development Process Based On Ancient Principles" (ACM Learning Center) Threat Intelligence & AI (Business Wire) Re: Florida Senate endorses making computer coding a foreign language (Dan Geer) Re: President Obama at SXSW (Mark E. Smith) Re: Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (John Levine) Re: Why no secure architectures in commodity systems? (Dick Mills, Henry Baker) RISKS 29.36 Friday 18 March 2016 China bans wordplay in attempt at pun control (Tania Branigan) Pentagon skips tests on key component of U.S.-based missile defense system (David Willman) Microsoft servers to bottom of ocean (I-HLS) U.S. war on Tor encryption (I-HLS) Brazen Heist of Millions Puts Focus on the Philippines (NYTimes) Denver Police Caught Misusing Databases Got Light Punishments (NYTimes) Where Computers Defeat Humans, and Where They Can't (NYTimes) How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest (The Register) Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist (NYTimes) This is the phone NSA suggested Clinton use: A $4,750 Windows CE PDA (Ars Technica) CRYPTO-GRAM, March 15, 2016 (Bruce Schneier) Bangladesh Bank Chief Resigns After Cyber Theft of $81 Million (NYTimes) Re: Hackers steal $81M from Bangladesh (John Levine) Re: Typo thwarts hackers in $1 billion cyber heist on Bangladesh central bank ... (Bob Frankston) RISKS 29.37 Monday 21 March 2016 Flaw in iMessage fixed in today's release of iOS 9.3 (Ellen Nakashima via PGN) Printer Error Triggered Bangladesh Race to Halt Cyber Heist (Bloomberg) Hackers Stalked Bangladesh Bank for Two Weeks Before Big Heist (Bloomberg) Indian parliament passes bill that enables mass domestic surveillance (Jean Drčze via Prashanth Mundkur) A View of ISIS's Evolution in New Details of Paris Attacks (NYTimes) Child-safety risk due to hyphenation (Mark Brader) How a Fitbit May Make You a Bit Fit (NYTimes) AI detects Twitter tweets sent under influence of alcohol (Mark Thorson) Spoofing the boss (Al Macintyre) Ukraine Electric SANS Report (Dark Reading via Al Mac)) American Express 3rd-party breach (Al Macintyre) Re: Apple vs FBI (Carl Byington) Re: Pentagon skips tests on key component of U.S.-based missile defense system (Wols) Re: U.S. war on Tor encryption (David Brunberg) Re: Great encryption segment from John Oliver, with Matt Blaze cameo (Gary Barnes) RISKS 29.38 Tuesday 22 March 2016 British teenager social engineers top US officials (Matt Zapotosky and Ellen Nakashima via Cipher) More on the Apple iMessage vulnerability (Monty Solomon) DOJ Says It May Not Need Apple's Help to Unlock iPhone (Fortune) Canadian Implementation of Chip and Pin and NFC (Sheldon) Tapping ATM cvommunications (Krebs via Al Mac) Will apps become the next disability lawsuit target? (TechCrunch) Fifth Amendment does not cover Domestic Staff, Human or Electronic (The Atlantic via Bob Gezelter) Re: Printer Error Triggered Bangladesh Race to Halt Cyber Heist (Drew Dean) Re: Ukraine Electric SANS Report (Al Mac, Rogier Wolff) Re: Pentagon skips tests on key component of U.S.-based missile (Geoffrey Sinclair) Re: American Express 3rd-party breach (Richard Bos, Duncan Gibson) Bitcoin book and course (Monty Solomon) Craig Smith, The Car Hacker's Handbook: A Guide for the Penetration Tester (reviewed by Richard Austin) RISKS 29.39 Wednesday 23 March 2016 Why Hackers Might Help FBI and not Apple (Perlroth/Benner) Re: Why Hackers Might Help FBI and not Apple: Cellebrite (PGN) Radio Attack Lets Hackers Steal 24 Different Car Models (Andy Greenberg, Steven Sprague, James Hughes) Re: American Express 3rd-party breach (John Levine) Re: Ukraine Electric SANS Report (Peter Bernard Ladkin) Way to Go, FCC. Now Manufacturers Are Locking Down Routers (WiReD via Lauren Weinstein) New York has just opened a massive public spying network (Kirsty Styles) Utilization at Internet Interconnection Points (Nick Feamster) RISKS 29.40 Friday 25 March 2016 Michael Hayden video comes out REALLY STRONG for Apple and encryption (PGN) Apple Worries That Spy Technology Has Been Secretly Added To The Computer Servers It Buys (LW) France demands right to be *global* Google censor (FT) Ransomware shuts restaurant (WTOP via Jeremy Epstein) Insurance Limits (IB Times) "America's obsession with social media is undermining the democratic process" (QZ) Children as young as seven caught sexting at school, study reveals (The Guardian) The Uber model, it turns out, doesn't translate ( Bangladesh bank heist investigator alive (IB Times) Hacker sells data stolen from Verizon's enterprise customers (Engadget) The Amateur Radio Operators Preparing for Disaster (The Atlantic) Utah Republicans conducting online primary voting (WashPo) FBI to use NAND mirroring to crack terrorist's iPhone (MacWorld) Verizon 2015 DBIR (Al Mac) Re: Pentagon skips tests on key component of U.S.-based missile (Anthony) Re: Radio Attack Lets Hackers Steal 24 Different Car Models (John Rivard, Steven Sprague) Re: American Express 3rd-party breach (Tony Finch) RISKS 29.41 Tuesday 29 March 2016 MedStar Washington Health turning away patients because computers shut down (WashPost) Japanese space agency loses track of $265 million satellite (CSMonitor) Dangerous drone incidents up to 100 per month (FAA) FBI Unlocks San Bernardino Attacker's iPhone Without Apple;s Help, Ending Court Case (Various sources) Law enforcement investigators seek out private DNA databases (WTOP) Beating Ransomware with backup restore (Alister Wm Macintyre) Driverless delivery robots could be hitting D.C. sidewalks soon (Gabe Goldberg) American Tech Giants Face Fight in Europe Over Encrypted Data (NYTimes) Cyber Edge CTDR (Data Breach Today) Why Doesn't AT&T Require Email Verification Before Sending Sensitive Account Information? (Consumerist via Gabe Goldberg) US gov annual cyber security report (Al Mac) Netflix Is No Net-Neutrality Hypocrite for Slowing Down Video (WiReD) Microsoft keeps Google search terms (Erling Kristiansen) We're More Honest With Our Phones Than With Our Doctors (NYTimes) Amazon Echo's next frontier is banking -- yes, banking (Business Insider) Hacker Says He Printed Anti-Semitic and Racist Fliers at Colleges Across U.S. (NYTimes) Cybersecurity vendor statistics (Stiennon's Security Scorecard) Re: NAND mirroring (Harlan Rosenthal) Re: France demands right to be *global* Google censor (Chris Drewe) Re: "How one yanked JavaScript package wreaked havoc" (Michael Kohne) Re: Andy Grove's Warning to Silicon Valley (Teresa Tritch) RISKS 29.42 Friday 1 April 2016 Anonymous hacks NSA's Bluffdale facility (Henry Baker) "Apple Offers to Buy CryptoWall for $10 Billion" (Henry Baker) Apple Agrees to DoJ Encryption Demands (Mark Thorson) Apple, FBI reach historic public key escrow agreement (Henry Baker) Advances in Autonomous Burgerdom? (PGN) Re: Pentagon skips tests on key component of U.S.-based missile defense system (Fred Cohen) Heating up deep sea water to reduce global warming (Fred Cohen) 1,418 remotely exploitable flaws found in automated medical supply system (Darlene Storm via Drew Dean) 2000 tons of nuclear materials `just aren't secure as they need be' (Al Mac) How to Hack an Election (Bloomberg) Tech titans release new email security standard (Michelle Goodman via DH) CNBC passwords, mother board (boingboing) The Apple-FBI Battle Is Over, But the Crypto Wars Have Just Begun (WiReD) Should hackers help the FBI? (NYTimes) Hackers Seek Ransom From Two More California Hospitals (Chad Terhune) Smooth Criminal: Meet USB Thief, Malware That Can Attack Systems Without Leaving Any Trace (Santiago Tiongco) More background on the MedStar fiasco (Al Mac) Why Ransomware loves Hospitals (Al Mac) Re: Bangladesh bank heist to Philippines to Chinese (sundry sources via Al Mac) Stefan Savage receives RISKS-relevant award (ACM/Infosys Foundation) RISKS 29.43 Friday 1 April 2016 Keeping technology real -- in the movies (Avi Rubin) New variant of ransomware spreading, please do not share (Kevin Fu) RISKS 29.44 Tuesday 5 April 2016 Wrecking crew demolishes wrong house due to Google Maps error (Softpeedia) WhatsApp adopts default encryption *WiReD* With Hospital Ransomware Infections, the Patients Are at Risk (TechReview) Ransomware vs. US government agencies (Al Mac) US State Dept database vulnerabilities (Al Mac) Technology Upgrades Get White House Out of the 20th Century (NYTimes) Hayden on encryption v. metadata (Henry Baker) Panama Papers (Al Mac) Many law firms hacked (Al Mac) Risks of car manufacturers adding flash (Steve Loughran) Why I Don't Make Financial Decisions on My Smartphone? (NYTimes) Man gets free holidays and car rentals after changing surname to 'Null' (Caroline Mcguire via Chris Drewe) How one programmer broke the Internet by deleting a tiny piece of code (QZ) DoD Picks HackerOne to Operate Bug Bounty Pilot Program (HackerOne) Satellite Images Can Pinpoint Poverty Where Surveys Can't (NYTimes) "Node.js alert: Google engineer finds flaw in NPM scripts" (Fahmida Y. Rashid) Google April Fool's prank backfires -- possibly? (Peter Houppermans) April fools? (Martyn Thomas) RISKS 29.45 Monday 11 April 2016 Japanese computer system problems left many flight passengers stranded (Chiaki Ishikawa) MedStar Disputes Reports That "Simple" Fix Would've Prevented Hack (Gabe Goldberg) Alaska cancels all K-12 standardized tests for the year: "technical problems" (WashPo via Jeremy Epstein) When IP addresses lie (Fusion via Charles Mann) How a Cashless Society Could Embolden Big Brother (The Atlantic via NNSq) Top executives not interested in having good cyber security (CNBC via AlMac) To dodge crypto, undercover UK cops simply asked to see terror convict's iPhone (Ars Technica) Judge calls Uber algorithm "genius," green-lights surge-pricing lawsuit (Ars Technica) NJ Transit is audio recording thousands of its riders (Larry Higgs via Henry Baker) Republicans Hijack an Election Agency (NYTimes) Stanford data breach (Randy Livingston via Paul Saffo) Cyber insurance rates fall with lull in major hacks (Reuters) New Jersey University Was Fake, but Visa Fraud Arrests Are Real (NYTimes) Yours sincerely, yourself (Dan Jacobson) The Panama Papers Expose the Hidden Wealth of the World's Super-Rich (Chuck Collins) Excellent *Salon* article about the Panama Papers (Severo Ornstein) The Panama Papers: Here's What We Know? (NYTimes) Re: Panama Papers Explainer (NYTimes) Re: Panama Papers law firm PR statemenmt (Al Mac) Re: Panama Papers / major links (Al Mac) How a Cryptic Message, 'Interested in Data?,' Led to the Panama Papers (NYTimes) Obama calls for international tax reform amid Panama Papers revelations (Rupert Neate and David Smith) Re: Man with Null name (Henry Baker) Re: Wrecking crew demolishes wrong house due to Google Maps error (David Landgren) Make the most of your 0 credits! (Dan Jacobson) The Deluge of Spurious Correlations in Big Data: Randomness in Nature and Data (Diego Latella) E-borders and successor programmes: a UK NAO Report (Diego Latella) RISKS 29.46 Thursday 14 April 2016 President Obama's Commission on Enhancing National Cybersecurity (Michael Daniel Ed Felten and Tony Scott) Burr-Feinstein bill draft (PGN) Senate Cybersecurity panel unveils long-awaited encryption bill (The Hill) Feds say they hired a hardware hacker to crack the San Bernardino phone (WashPo) Online election hacking (BBW) Failure in bank security (Corwyn) Re: Japanese computer system problems left many flight passengers stranded (Alister Macintyre) Re: The Panama Papers and Barbara Streisand (Michael Bacon) RISKS 29.47 Monday 18 April 2016 Drone collides with BA 320 approaching London Heathrow airport (The Guardian) Report: SS7 still vulnerable more than a year after hack first reported (Fiercewireless) Hackers use Congressman's iPhone to demo ability to listen into calls, monitor texts, track location? (9to5mac via Geoff Goodfellow) Man accidentally 'deletes his entire company' with one line of bad code (Andrew Griffin) Bank back stabbing (Alister Wm Macintyre) Uber Gave Government Millions Of Users' Data (HuffPo) Researchers cracked Microsoft's Google-shortened URLs ... (WiReD) Apple to deprecate QuickTime for Windows after discovery of two flaws (Apple Insider) House GOP Passes Anti-Net Neutrality Bill Despite Obama Veto Threat (Motherboard) Guess what? URL shorteners short-circuit cloud security (Sean Gallagher) BMW's car-sharing service launches--and almost lands Ars a ticket (Ars) First came the Breathalyzer, now meet the roadside police *textalyzer* (David Kravets) Out-of-date apps put 3 million servers at risk of crypto ransomware infections (Dan Goodin) Apple stops patching QuickTime for Windows despite 2 active vulnerabilities (Dan Goodin) 5 Things To Know About Ransomware (The Boston Globe) OK, panic -- newly evolved ransomware is bad news for everyone (Sean Gallagher) The Top Google Updates in 2016 You'll Want to Know About (MakeUseOf via Gabe Goldberg) Andrew Appel TEDx Talk: Internet Voting? Really? (PGN) Re: Online election hacking (Mark E. Smith) Re: Senate Cybersecurity panel unveils long-awaited encryption bill (AlMac) RISKS 29.48 Monday 25 April 2016 Newcastle servers downed by water-main flood early last week (Lindsay Marshall) 55-million Philippine voters' personal information exposed (PGN) Personal info of 93.4-million Mexicans exposed on Amazon ( Marc Rotenberg) Bucking the Trend on Voting Rights (NYTimes editorial) The E.U.'s Dangerous Data Rules (Daphne Keller and Bruce D. Brown) Night-vision goggles case cause plane crash (WashPost) U.S. carriers mum on 60 Minutes report on vulnerability in SS7 (FierceWireless via Geoff Goodfellow) U.S. Cyberwar aims to cripple ISIS operations (David Sanger) FBI admits it paid $1.3m to hack into that iPhone (*The Guardian* via danny burstein) Facebook bug bounty hunter find bug -- and exploit in progress (Peter Houppermans) Kindle Unlimited Scam (Ann Christy via Charles B. Weinstock) If Emoji Are the Future of Communication Then We're Screwed (NYMag) Hacker: This is how I broke into Hacking Team (CSOonline via Monty Solomon) The big picture on software backdoors (Mark Thorson) Air Force blames deadly crash on goggles case (CNN via Monty Solomon) The Burr-Feinstein Proposal Is Simply Anti-Security (Electronic Frontier Foundation via David Farber) No Phones for You! Chic Businesses Are Abandoning Landlines (NYT) Windows Users - Apple and Govt say to remove Quicktime from your PC (Chris J Brady) Re: BMW's car-sharing service launches--and almost lands Ars a ticket (Richard Bos) Re: Bank Back Stabbing (Alister Wm Macintyre) Re: Man accidentally deletes his entire company with one line of bad code: *NOT TRUE* (Martin Ward, John Levine, Rick Steeves, Matt Bishop) RISKS 29.49 Friday 29 April 2016 SWIFT system software compromised in order to hide the Bangladeshi Bank fraud (Peter Ladkin) What you need to know about election apps and your personal data (Cynthia Chen) Kuwait to impose genetic testing on all visitors and residents (Thomas Koenig) Trust in the Cloud Could Be Pinned to Online Scoring System (David Ellis) Latest Headlines on DATABREACHES.NET (Werner U.) DARPA Is Looking for the Perfect Encryption App; It's Willing to Pay (Lorenzo Franceschi-Bicchierai) Behind Mitsubishi's Faked Data, Fierce Competition (NYTimes) VW Presentation in '06 Showed How to Foil Emissions Tests (NYTimes) Social Media, Where Sports Fans Congregate and Misogyny Runs Amok (NYTimes) Malware reporting mailbox rejects emails containing malware (Martin Ward) Obama to make 'Nanny guns' push (Sarah Wheaton) Re: FBI admits it paid $1.3m to hack into that iPhone (Henry Baker) BeautifulPeople Dating Website records for sale (Chris Vickery) Re: If Emoji Are the Future of Communication Then We're Screwed (Martin Ward) Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (Paul Black) Deepwater Horizon: A Systems Analysis of the Macondo Disaster (Earl Boebert and James M. Blossom) Update on the catless.ncl.ac.uk outage (PGN) RISKS 29.50 Tuesday 3 May 2016 Scary wifi SSID clears Qantas plane (The Telegraph via Henry Baker) Snowden on encryption: Without it everything stops! (Slashdot) RNC eschews use of electronic voting at their convention (Politico) Dilbert and voting machines (Donald B. Wagner) 20 Years Ago, A Senator Became the First US Lawmaker to Use Encryption (Motherboard) FBI granted federal court warrant forcing suspect to unlock iPhone using Touch ID (Ben Lovejoy) Risks of doing live TV without the most recent Windows upgrade (YouTube via David Tarabar) The last non-Internet Generation (Paul Robinson) Autonomous cat-killer robot (Mark Thorson) Re: If Emoji Are the Future of Communication Then We're Screwed (Gene Wirchenko) RISKS 29.51 Friday 6 May 2016 Building Security Into Cyber-Physical Systems: NIST Researchers Suggest Approach for Trustworthy Modern Infrastructure (Evelyn Brown) White House Worries about Bad AI Coding (Patrick Thibodeau) Artificial Intelligence: Where's the Philosophical Scrutiny? (Vincent Conitzer) Jennifer the Robot (McSweeneys via Mark Thorson) Security Analysis of Emerging Smart Home Applications (U.Michigan) Indian boy dies after shooting himself while taking a selfie (The Indian Express) Medical errors still abound (WashPost) Voter ID Laws May Have Actually Increased The Likelihood Of Voter Fraud by Hackers (FastCompany) Dilbert on voting machines (Mark Thorson) RF-emission-based device identification (Phys.Org) Data exposure of AfD members leads to harassment, death threat (Thomas Koenig) "Warrantless searches surge as online privacy dwindles" (Caroline Craig) "Windows 10 updates are now ruining pro-gaming streams" (The Guardian) Re: The last non-Internet Generation (Paul Russell) Re: Update on the catless.ncl.ac.uk outage (Olivier MJ Crepin-Leblond, Chuck_Petras) Superb for Risks Readers - The Blame Game - BBC Radio 4 (Lindsay Marshall) RISKS 29.52 Tuesday 10 May 2016 Italian Mathematician escorted off flight for doing mathematics (David Millward) Whistleblowing is overshadowed when SQL injection gives way to unauthorized access (Dan Goodin) Exclusive: Big data breaches found at major email services (Eric Auchard) UAE Bank Suffers Massive Data Breach (SlashDot) Russian spies using steganography? (The Guardian via IanG, George Sadowsky) IBM is making a quantum computer available for anyone to play with (The Economist) "Mystery solved: KB 3150513 is another Windows 10 update-enabling patch" (Woody Leonhard) ADP clients breached, including 5th largest U.S. Bank (AlMac) Re: The last non-Internet Generation (Wols, Chuck Petras) Re: RF-emission-based device identification (Lyndon Nerenberg) Re: Security Analysis of Emerging Smart Home Applications (Mark Kramer) RISKS 29.53 Friday 20 May 2016 Heart monitor disruption (Ars Technica) AV interfering with mission-critical healthcare system (Dan Goodin) Why an Amtrak Train Derailed in Philadelphia (NYTimes) "Arizona may force CIOs to adopt the cloud" (David Linthicum) Why a staggering number of Americans have stopped using the Internet the way they used to (WashPost) NTIA: Lack of Trust in Internet Privacy and Security May Deter Economic and Other Online Activities Released Emails Show Use of Unclassified Systems Was Routine (NYTimes) Doing security research on cars could land you in jail for life (GWU) Windows 10 goes full malware (Iamthecheese) It's Trivially Easy To Identify You Based On Records Of Your Calls and Texts (erier2003) Critical Flaw In Symantec Antivirus Engine Makes Hacking Easy *itwbennett) Is the online ad bubble starting to pop? (Harvard) Man charged with hacking United Airlines website, stealing travel vouchers (Pat Reavy) Details Emerge on Global Bank Heists by Hackers (NYTimes) "Google's driverless cars may use human flypaper in road accidents" (Charlie Osborne) The NYPD was systematically ticketing legally parked cars, Open Data put an end to it (Ben Wellington) 117M passwords from Linked-in from 2012 are now for sale! (TechCrunch) OkCupid Study Reveals the Perils of Big-Data Science (WiReD) Wendy's Breach Affected 525 of Restaurants (Krebs) Video Exposes Officials' Mistakes but Can't Undo Blown Calls. Yet. (NYT) In Oracle v. Google, a Nerd Subculture Is on Trial (Motherboard) China Quietly Targets U.S. Tech Companies in Security Reviews (NYT) FBI Neither Confirms Nor Denies Wiretapping Amazon Echo (Matt Novak) Theoretical Breakthrough Made in Random Number Generation (msm1267) "Why Uber is watching your smartphone's battery level" (Adrian Kingsley-Hughes) Belgian police have asked citizens to shun Facebook's "Reactions" buttons (The Independent) Another Risk of Self-Driving Cars; Clogged Highways?!? (ABC News) Risks of red-light cameras and violation detection (PGN) Computer Science Teachers Need Cybersecurity Education (Evan Koblentz) Anti-tamperproof bottles aren't (Jeremy Epstein) The great ad-blocking arms race (TechDirt via Mark Thorson) Re: Big data breaches NOT found at major email services (John Levine) Re: Whistleblowing is overshadowed when SQL injection gives way to, unauthorized access... (Fred Cohen) Re: The last non-Internet Generation (Chris Drewe, Dan Jacobson) RISKS 29.54 Sunday 29 May 2016 Connected Car Security (Gabe Goldberg) Nest to deliberately brick old smart hubs (Adrian Kingsley-Hughes) Are tighter rules needed on recording devices in cars? (Gabe Goldberg) Catch 22 in the Courtrooms: FBI and Tor malware (Cyrus Farivar) Dronebuster (Ars Technica) Attackers Steal $12.7M In Massive ATM Heist (EditorDavid) The risk of blaming the messenger (Rogier Wolff) Edward Snowden, John Crane, and Whistle-Blowing (McLaughlin/Froomkin) Student Exposes Bad Police Encryption, Gets Sentenced (EditorDavid) Armed FBI agents raid home of researcher who found unsecured (Ars) What the U.S. Gov really thinks about encryption (Christian Science Monitor) DARPA Extreme DDoS Project Transforming Network Attack Mitigation (Slashdot) Worm Takes Control Of Wireless ISPs Around the Globe (Dan Goodin) Untangling the Web: the NSA's supremely weird, florid guide to the Internet (Michael) Real-Life RoboCop Guards Shopping Centers In California (BeauHD) AI causes more unemployment and lower standards of living (Slashdot) "This unusual botnet targets scientists, engineers, and academics" (Danny Palmer) TOR to use improved RNG algorithm (Catalin Cimpanu) You Can Run, But You Can't Hide (Cyrus Farivar) Risk of Talking Like a Terrorist (Peter Bright) France's Guillotining of Global Free Speech Continues (Lauren Weinstein) "Why Free Speech Is Even More Important Than Privacy" (Lauren Weinstein) Major Cell Phone Radiation Study Reignites Cancer Questions (Sci Am via LW) The Thai cleaning lady facing prison for 'I see' (BBC) Robot Cause Unemployment in Hitech - tagged iPhone7, Foxconn, Apple (Softpedia) Facebook begins tracking non-users around the Internet (The Verge) "5 active mobile threats spoofing enterprise apps" (Ryan Francis) About Android [In]Security (Softpedia) Latest news / Hot right now (Softpedia) Ransomware Adds DDoS Attacks (Softpedia via EditorDavid on Slashdot) More Bad News.... for someone (Softpedia) Opera, VPN and sale to Chinese investors (Softmedia, May 26) TOR to use improved RNG algorithm (Catalin Cimpanu) You Can Run, But You Can't Hide (Cyrus Farivar) How copyright law is being misused to remove Internet material (The Guardian) China's scary lesson to the world: Censoring the Internet works (WashPost) Microsoft accused of Windows 10 upgrade "nasty trick" (BBC) PayPal refuses to deliver online purchases to UK addresses containing "Isis" (BoingBoing via Gabe Goldberg) Google's Paris HQ raided in tax probe (BBC) Censorship by Copyright claim to Google (The Guardian) Expect a Change of Google password policy (The Guardian) Stanford Computer Scientists Show Telephone Metadata Can Reveal (Bjorn Carey) PasteJacking and JavaScript.... (Softpedia) Politically Incorrect, April Fools, a rejected X-Files script, or.... just a Bad Dream ?!? (via Slashdot) Norwegian Consumer rights institute protests app terms, reading them for 24 hours on a live broadcast (via Slashdot) WPAD Protocol Bug Puts Windows Users at Risk (Catalin Cimpanu) Protect Your PC from Malware by Running Applications Inside a Sandbox (Softpedia) The elderly are way savvier with password security than millennials (QZ) Robots also Destroy Low-Tech Jobs (Sam Machkovech) How Genius annotations undermined web security (The Verge) Major DNS provider NS1 hit by mysterious focused DDoS attack (Sean Gallagher) China's Government Fabricates About 488 Million Social Media Posts Every Year (NPR) "More than 22 BILLION vehicle photos in UK database" (Daily Mail) Re: Video Exposes Officials' Mistakes but Can't Undo Blown Calls. Yet. (Paul van Keep) Re: It's Trivially Easy To Identify You Based On Records Of Your Calls and Texts (Chris Drewe) Re: Another Risk of Self-Driving Cars; Clogged Highways?!? (Amos Shapir) Re: The last non-Internet Generation (Anthony) Re: Theoretical Breakthrough Made in Random Number Generation (Mark Thorson) Re: In Oracle v. Google, a Nerd Subculture Is on Trial (Amos Shapir) Windows into the Soul: new book (Gary T. Marx) Risks 29.55 Tuesday 7 June 2016 An expensive Pivot Table (Patrick O'Beirne) Nanaimo hospital health-care system problems (dkross) Hackers disrupt Russian Internet Primaries (RT) "Push for encryption law falters despite Apple case spotlight" (via John Gilmore) "FBI pushes for more power to crush your privacy" (Caroline Craig) Yahoo Announces Public Disclosure of National Security Letters (LW) "Judge sends two to prison for 7 years for H-1B fraud" (Patrick Thibodeau) App to get PII from CAC card (Jeremy Epstein) "Android gets patches for serious flaws in hardware drivers and mediaserver" (Lucian Constantin) Geopolitical Hedging as a Service (JEBruner) TeamViewer users are being hacked in bulk, and we still don't know how (Ars Technica) Dutch Firm Trains Eagles to Take Down High-Tech Prey: Drones (NYTimes) Dodgers using a global positioning device to situate their fielders (NYTimes) This 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip (Andy Greenberg) Password app developer overlooks security hole to preserve ads (Engadget) Facebook, Twitter, YouTube and Microsoft agree to remove hate speech across the EU (techcrunch) Samsung: Don't install Windows 10. REALLY (The Register) Phones and Badges, whatever could go wrong...wrong....wrong (David Lesher) "Oracle employee says she was sacked for refusing to fiddle cloud accounts" (John Ribeiro) "NSW government playing Big Brother with citizens' data" (Asha Barbaschow) "Right to be forgotten" extends to newspaper archives (Flanders Today) Holiday Fun_"glitch" at Kennedy_pen and paper check in (dkross) OPM and US gov breach theater (Alister Wm Macintyre) Re: Major Cell Phone Radiation Study Reignites Cancer Questions (David Brodbeck) Re: The risk of blaming the messenger (Jay Libove) Re: France's Guillotining of Global Free Speech (Chris Drewe) The Oracle Effect: 'isis' (Daily WTF, PGN) Re: Microsoft accused of Windows 10 upgrade "nasty trick" (Jack Christensen) Re: Another Risk of Self-Driving Cars; Clogged Highways?!? (Craig Burton) Re: Connected Car Security (John Levine) Re: In Oracle v. Google, a Nerd Subculture Is on Trial (John Levine) Re: Theoretical Breakthrough Made in Random Number Generation (John Levine) RISKS 29.56 Wednesday 15 June 2016 GPS jamming and aircraft control systems (R A Lichtensteiger) "Tesla Model X autonomously crashes into building, owner claims" (Lucas Mearian) Lexus Owners Say Update Bricked Cars' Navigation Systems (Consumerist via Gabe Goldberg) Scary glitch affects luxury cars (Bob Frankston) Faulty update breaks Lexus cars' maps and radio systems (Martyn Thomas) Re: Faulty update breaks Lexus cars' maps and radio systems (Mike Ellims) Car Hacking / VW fun theory (Alister Wm Macintyre) Are we really sure drones are safe? (Charley Kline) Lancaster UK power outage (RAEng) Monkey in Kenya Survives After Setting Off Nationwide Blackout (NYTimes) And why would anyone sign up for this service? (Jeremy Epstein) David Dill: Why Online Voting is a Danger to Democracy (PGN) Tech firms say FBI wants browsing history without warrant (engadget) DEA Wants Inside Your Medical Records to Fight the War on Drugs (DailyBeast) The Internet is blurring the content/metadata distinction into meaninglessness (Steve Bellovin et al. via SSRN) Father of the Internet Worries Our Digital History Is Disappearing (Newsweek via Geoff Goodfellow) Oklahoma Highwaymen Seize Bank Accounts from Drivers (Henry Baker) Takedown, Staydown would be a disaster, Internet Archive Warns (Torrentfreak) Internet greybeards and upstarts gather to redecentralize the Internet (Boingboing) Parents are worried the Amazon Echo is conditioning their kids to be rude (Alice Truong) Morocco bans reading newspapers in public (The Telegraph) Snooper's Charter, aka the Investigatory Powers Bill, UK law (Betanews) Russian penetration of political networks (WashPo) "Let's Encrypt" exposes almost 8K user email addresses (LW, Charlie Osborne) "Hackers could have changed Facebook Messenger chat logs" (Peter Sayer) One of the World's Largest Botnets Has Vanished (Joseph Cox) "Empty DDoS threats earn extortion group over $100,000" (Lucian Constantin) EU Exploring Idea of Using Government ID Cards as Mandatory Online Logins (Softpedia) Local stations' commercial break shorter than national's (Dan Jacobson) Re: This 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip (Jeff Jonas) Re: App to get PII from CAC card (Dan Pritts) Re: Another Risk of Self-Driving Cars; Clogged Highways?!? (Jeff Jonas) Isodarco 2017: ADVANCED AND CYBER WEAPONS SYSTEMS: TECHNOLOGY AND ARMS CONTROL (Carlo Shaerf) RISKS 29.57 Saturday 18 June 2016 FBI Needs Better Hackers to Solve Encryption Standoff (Joshua Eaton) "Surveillance reform measure blocked in the wake of Orlando killings" (John Ribeiro) London Mayoral count resorted to spreadsheets (Martyn Thomas) Intel x86s hide another CPU that can take over your machine -- you can't audit it (BoingBoing) Physical Key Extraction Attacks on PCs (CACM) Lawyers who yanked "Happy Birthday" into public domain now sue over "This Land" (Ars Technica) The Air Force Had a Totally Accidental Computer Disaster (Gizmodo) "Home invasion? Three fears about Google Home" (Fahmida Y. Rashid) Best Korea's Social Network hacked after using worst ID and password possible (Rocket News) The average cost of a data breach is now $4 million (Help Net Security) "Companies pay out billions to fake-CEO email scams" (Michael Kan) 'Spam King' Sanford Wallace gets 2.5 years in prison for 27M Facebook scam messages (BoingBoing) Cormac Herley, "Unfalsifiability of security claims" (Bruce Schneier) Henry Baker Privacy not possible with increasing financial surveillance (Sarah Jeong) Re: Tesla Model X autonomously crashes into building, owner claims (Gary Hinson) Re: Russian penetration attack on DNC: NOT! (Ars Technica) Re: Lancaster UK power outage (Martin Ward) RISKS 29.58 Tuesday 21 June 2016 A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency (NYTimes) Technician broke the Internet by thinking Hong Kong was in the USA (Dagens Nyheter via Debora Weber-Wulff) Attacking NYC by computer (NY Magazine via Jeremy Epstein) One Million IP Addresses Used In Brute-Force Attack On A Bank (Slashdot) Critical MSDOS program can't get license renewed (Henry Baker) Russian bill requires encryption backdoors in all messenger apps (Daily Dot) Citing Attack, GoToMyPC Resets All Passwords (Krebs on Security) Man Inadvertently Broadcasts His Own Killing on Facebook Live (NYTimes) Autonomous harmful robot (Daily Mail via Mark Thorson) Re: Tesla Model X autonomously crashes into building, owner claims (Ian Macky) Re: The Air Force Had a Totally Accidental Computer Disaster (Steve Lamont) Risks Digest 29.59 Tuesday 28 June 2016 Petition for second EU referendum may have been manipulated (Nicola Slawson via Henry Baker) FAA Officials Discuss Standards to Neutralize Cyberattacks (Gabe Goldberg) Healthcare workers prioritize helping people over information security (BoingBoing) Hacker Advertises Slew of Alleged Healthcare Organization Records (Motherboard) Clinton's private e-mail was blocked byspam filters, so State IT turned them off (Sean_Gallagher) Woman Wins $10,000 From Microsoft After Unwanted Windows 10 Upgrade (Gizmodo) "Swagger stumbles: Flaw enables remote code execution" (Fahmida Y. Rashid) "Severe flaws in widely used open source library put many projects at risk" (Lucian Constantin) "Over half of world's top domains weak against email spoofing" (Charlie Osborne) "US Customs wants foreign nationals to reveal their social media handles" (Chris Duckett) What are the risks guns could be banned from video games? (Paul Robinson) Vacationing Security Researcher Exposes Austrian ATM Skimmer (SlashDot) Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes (SlashDot) Yet another study showing old hard drives should be destroyed (Benoit Goas) Cryptography pioneer Marty Hellman calls for compassion in personal, cyber, and international threats (TechCrunch) Crypto Ransomware Attacks Have Jumped 500% In The Last Year (SlashDot) Why You Should Stop Using Telegram Right Now (SlashDot) More Redacted Redactions (LA Times via Henry Baker) The "Cobra Effect" that is disabling paste on password fields (Troy Hunt) Writing aid for the blind provides a case study for "compassionate engineering" at Carnegie Mellon (TechCrunch) What if we're all forced to be average? (IEEE Spectrum via Bob Frankston) Re: Tesla Model X autonomously crashes into building (Amos Shapir) RISKS 29.60 Thursday 14 July 2016 Tesla driver dies in crash while operating on Autopilot (PGN) Self-driving car fatal accident (AlMac) US Regulators Investigating Tesla Over Use of 'Autopilot' Mode... (Slashdot) The Moral Dilemma of Driverless Cars: Save The Driver or Save The Crowd? (SlashDot) "Federal agency probing Tesla's Autopilot feature after fatal crash" (Stephanie Condon) People Want Driverless Cars with Utilitarian Ethics, Unless They're a Passenger (Gabe Goldberg) Risks of AI too complex to make sense of (Motherboard via Werner) Stanford Mall robot runs over small child (Jean Nowell PGN-ed) Dallas Shooter Killed By Bomb Robot In Policing First (Allee Manning) Move over, sapient pearwood (Gizmag via paul wallich) "Volkswagen to pay up to $14.7 billion in US emissions scandal probe" (Charlie Osborne) Swiss trains fail on curious corner case (PGN) Faulty image analysis software may invalidate 40,000 fMRI studies (Bruce Horrocks) Web-Impac's would-be voting software deeply flawed (PGN) Multitasking Drains Your Brain's Energy Reserves (Quartz via SlashDot) Truth is in danger as new techniques used to stop journalists covering the news (Eurekalert) "How technology disrupted the truth" (The Guardian) Adventures in SRE-land: Welcome to Google Mission Control (CloudPlatform) Your Car's Studying You Closely and Everyone Wants the Data (Bloom via Gabe Goldberg) Uber Plans To Start Monitoring Their Drivers' Behavior (SlashDot) RISKS 29.61 Friday 15 July 2016 New Micro-Cameras... Pose Surveillance Concerns (SlashDot) Massive Botnet of CCTV Cameras Involved In Ferocious DDoS Attacks (SlashDot) UK surveillance bill includes powers to limit end-to-end encryption (Techcrunch) UK cops routinely raided police databases to satisfy personal interest or make money on the side (BoingBoing) America Expands Its Freedom of Information Act (SlashDot) China restricts online news sites from sourcing stories on social media (Ars Technica) American Cities Are Installing DHS-Funded Audio Surveillance (Christian Science Monitor) Europol's online censorship unit is haphazard and unaccountable says NGO (Ars Technica) Facebook/Twitter/YouTube blocked in Turkey during coup attempt (Techcrunch) "Facebook wins appeal over tracking non-members in Belgium" (Peter Sayer) Bulgaria Got a Law Requiring Open Source (Bozhidar Bozhanov via Henry Baker) "US courts didn't reject a single wiretap request in 2015" (Zack Whittaker) "Fearing surveillance, man allegedly shot at Google and set self-driving car ablaze" (Martyn Williams) "Eyefi leaves some card owners stranded, highlighting IoT hazards" (Stephen Lawson) Liability of Internet 'intermediaries' in developing countries {Science Daily) Spam filters and state departments and Clintons--oh, my! (Rob Slade) FBI director says Guccifer admitted he lied about hacking Hillary Clinton's email (Daily Dot) Re: "We mustn't open a chasm with Europe on data protection" (Chris Drewe) Re: "Over half of world's top domains weak against email spoofing" (John Levine) Re: Great, Now Someone Can Steal Your Car Using A Laptop Computer (Lars Poulsen) RISKS 29.62 Tuesday 19 July 2016 Senatorial celestial GPS silliness (Paul Saffo) More than $3.1 billion lost in bogus 2014 IRS tax refunds (Joe Davidson via Henry Baker) U.S. Efforts To Regulate Encryption Have Been Flawed... (SlashDot via Werner U) Putin goes full Stasi; wants encryption keys for the Internet (Henry Baker) SMOP / Time Edition (Bob Frankston) IRS hacked again -- say goodbye to that PIN system! (Lisa Vaas) 2-million-person terror database leaked online (SlashDot) Security Issue at Redis Installations (RskBasedSecurity.com via SlashDot) Food chain Wendy's hit by massive hack (Dave Lee) Why Twitter Can't Even Protect Tech CEOs From Getting Hacked (SlashDot) Security researcher uncovers high-risk BIOS vulnerability in Lenovo PCs -- yet again!! (The Tech Portal) Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (Fortune) You Can Now Browse Through 427 Million Stolen MySpace Passwords (SlashDot) Home computers connected to the Internet aren't private -- court ruling (Michael Winser) Netherlands Gets First Nationwide 'Internet of Things' (SlashDot) Another Installment from the Internet-of-Not-Very-Secure-Things: D-Link Escalation Hazard (Bob Gezelter) "ACLU lawsuit challenges U.S. computer hacking law" (Grant Gross) How Sony, Microsoft, and Other Gadget Makers Violate Federal Warranty Law (SlashDot) UK bill introduces 10 year prison sentence for online pirates (TorrentFreak) "Google, Viacom win appeal in lawsuit over children's privacy" (Stephanie Condon) Teen girl who texted friend to commit suicide must stand trial (Ars Technica) "Firmware exploit can defeat new Windows security features on Lenovo ThinkPads" and "Nasty Lenovo UEFI exploit also affects products from other vendors" (Lucian Constantin) "Android's full disk encryption can be brute-forced on devices with Qualcomm chips" (Lucian Constantin) Android Malware Pretends To Be WhatsApp, Uber and Google Play (SlashDot) Interview With An 'NSA Hacker' Published By The Intercept (SlashDot) I just posted a note on the subject of Internet fragmentation (Karl Auerbach) Researchers Sue the Government Over Computer Hacking Law (WiReD) RISKS 29.63 Thursday 21 July 2016 More on Web-Impac's voter software (PGN) EFF Lawsuit Takes on DMCA Section 1201: Research and Technology Restrictions Violate the First Amendment (EFF) Laugh of the Day: Snowden Designs a Device to Warn If Your iPhone's Radios Are Snitching (*WiReD* via NNSquad) MIT Says Their Anonymity Network Is More Secure Than Tor (PC-Magazine) US government declares ransomware a breach by default (Kevin Fu) "Apple patent could prevent 'illegal' iPhone recording" (Zach Whittaker) M&S: an unacceptable extremely unfortunate error (Mark Vandevelde) "This Android Trojan blocks victims from alerting banks" (Michael Kan) "Salesforce1 update will leave many mobile devices out in the cold" (Katherine Noyes) Security Researcher Publishes How-To Guide To Crack Android Full Disk Encryption (SlashDot) "Here's how secret voice commands in YouTube videos could hijack your smartphone" (Michael Kan) Study: 98% of us will sign away our firstborn because we don't read the terms of service (Consumerist via Gabe Goldberg) Password Reuse Tool "Shard" Makes It Easy To ID Vulnerable Accounts On Other Sites (Dan Goodin) You've been punked: Company boasts of experimenting on us with fake videos (Gabe Goldberg) Bloomberg: Do You Own Your Own Fingerprints? (Gabe Goldberg) Critical bug threatens to bite mobile phones and networks (Ars) Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (SlashDot) "Oracle issues largest patch bundle ever, fixing 276 security flaws" (Lucian Constantin) How Oracle's business as usual is threatening to kill Java (Ars) Lenovo Scrambling To Get a Fix For BIOS Vulnerability (Richard Chirgwin) A New Corporate AI Can Read Your Emails - and Your Mind (Fortune) Steam Warns Users Against Gambling Site After YouTube Stars Discovered As Owners (EuroGamer) "Amazon isn't saying if Echo has been wiretapped" (Zach Whittaker) Security researcher gets threats over Amazon review (TechCrunch) "Hidden 'backdoor' in Dell security software gives hackers full access" (Zack Whittaker) Apple Patents Technology To Disable iPhone Cameras At Concerts (Stereogum via Gabe Goldberg) Congressman Wants Ransomware Attacks To Trigger Breach Notifications (BeauJD) The midnight rollover problem -- solved (Paul Robinson) Google's My Activity Reveals How Much It Knows About You (SlashDot) Europe's 'Net Neutrality' Rules Fail to Ban Throttling (SlashDot) "How Ancient Monopolies Keep You from Getting Decent Internet Service" (LW) UN Council: Seriously, Nations, Stop Switching Off the Internet! (The Register) For Facebook, violating users' privacy is going to backfire someday (Evan Schuman) The Man Who Nailed Jello to the Wall (Foreign Policy via Suzanne Johnson) How China Took Control of Bitcoin (NYTimes) "Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash" (Iain Thomson) "Win7 and 8.1 patch KB 3173040 throws full-screen Win10 upgrade warning" (InfoWorld) "Dell stops selling Android devices, won't deliver patches" (Agam Shah) "Why CIOs should care about click fraud" (Paul Rubens) Ashley Madison Admits It Lured Customers With 70,000 Fake 'Fembots' (Ars Technica) Risk of being sent to house address 404 if Page Not Found (Dan Jacobson) chmod 0 (Dan Jacobson) Re: Stanford Mall robot runs over small child (Ian Macky) Re: Self-driving cars, accepting the moral dilemma (David Mitchell) Re: UK bill introduces 10 year prison sentence for online pirates (Keith Medcalf) Re: Faulty image analysis software may invalidate 40,000 fMRI studies (Amos Shapir) Re: Dallas Shooter Killed By Bomb Robot In Policing First (Gary Barnes, Amos Shapir) RISKS 29.64 Monday 25 July 2016 Russia accused of playing in US politics (Sanger/Perlroth) Joker in the Pack: If Financial Systems Were Hacked (Dewayne Hendricks) "Leaked FBI documents reveal secret rules for spying on journalists with National Security Letters" (Trevor Timm) "The Sensible Safeguards Needed Now for Pokemon GO" (Lauren Weinstein) Chasing Pokemon, a Baby Step Toward Virtual Reality (NYTimes) Transistors Will Stop Shrinking in 2021, Moore's Law Roadmap Predicts (Rachel Courtland) HSBC Bank Executives Face Charges in $3.5 Billion Currency Case (NYTimes) America's broken digital copyright law is about to be challenged in court (Cory Doctorow) FCC Backs Swedish Company to Run American Phone Routing System (NYTimes) Re: Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (Carl Byington) Re: Self-driving cars, accepting the moral dilemma (Barry Gold) Re: Faulty image analysis software may invalidate 40,000 fMRI studies (Amos Shapir) RISKS 29.65 Thursday 28 July 2016 Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (HHS) Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University (HHS) "Osram's Lightify smart bulbs suffer from serious security flaws" (Brad Chacos) Mozilla off-by-one error on the Web anniversary! (Gene Wirchenko) No treat for you: Pets miss meals after auto-feeding app PetNet glitches (Nicky Woolf) Scary Report from CMU on AI Robots (Marc Rotenberg) "Flaw with password manager LastPass could hand over control to hackers" (Michael Kan) Donald Trump to Russia: Please Hack Hillary! (Mother Jones) "DNC Hack, and Lessons for Our Next President" (Motherboard) Donald Trump Challenges Russia to Find Hillary Clinton's Missing Emails" (NYTimes) Can foreign powers hack our elections? (Jack Goldsmith) Spy Agency Consensus Grows That Russia Hacked D.N.C. (NYTimes) Master key used by TSA to open Safe Skies luggage locks revealed (Werner U) "New attack bypasses HTTPS protection on Macs, Windows, and Linux" (Dan Goodin) Millions of Wireless Keyboards Let Hackers See What You're Typing (Gizmodo) "Hackers can snoop and even type keystrokes from at least 8 wireless keyboard vendors" (Tim Greene) Some unusually level-headed computer security advice (Bloomberg) Beware of default settings (Pro Publica) $1 Billion for Dollar Shave Club: Why Every Company Should Worry (NYTimes) "You can't turn off Cortana in the Windows 10 Anniversary Update"... (Ian Paul) TEPCO urges Pokémon Go players to keep out of Fukushima disaster zone (The Guardian) Nintendo Shares Drop 18% After It Reminds Investors It Did Not Develop Pokémon Go (Anime) Re: Self-driving cars, accepting the moral dilemma (Roger Strong, PGN, Al Mac, US NTSB via Al Mac) Re: Study: 78% of Resold Drives Still Contain Readable Personal, or Business Data (Eric Sosman, Alexander Klimov) Re: Swiss trains fail on curious corner case (Dave Horsfall) Mike Hinchey Discusses "Evolving Critical Systems" (Werner U) RISKS 29.66 Friday 5 August 2016 "Commercial drones: Four looming legal concerns" (Mary Schacklett) "Robot control: There's an app for that" (Bob Violino) "NTSB: Tesla in fatal crash was speeding with Autopilot on" (Lucas Mearian) "Hackers hijack Jeeps once more, your brakes belong to them" (Charlie Osborne) Driverless buses in Denmark (CPHPost via Donald B. Wagner) The Russians and the DNC (PGN) NSA Fans: Be careful what you wish for (Henry Baker) FBI took months to warn Democrats of suspected Russian role in hack (Reuters) Australian 2016 census to retain identifying information (William Brodie-Tyrrell) Interpol arrests Nigerian email scammer who swindled $60M (Michael Kan) Hack Brief: Hackers Breach the Ultra-Secure Messaging App Telegram in Iran (WiReD) User Interfaces *designed* to trick you (Ars Technica) "Bitfinex bitcoin exchange offline after potentially costly security breach" (Asha McLean) Social Security Administration cutting off users who can't receive text messages (Lauren Weinstein) Comments on SSA requiring text messaging to access online accounts (LW) SSA launches text message authentication system that doesn't work with Verizon Wireless (LW) Your device's battery status can be used to track you online (TheNextWeb) Frequent password changes are the enemy of security, FTC technologist says (Ars Technica) MS faces two new lawsuits over aggressive Windows 10 upgrade tactics (Ian Paul) "Windows 10 upgrade: Don't use Express settings if you value your privacy" (Jared Newman) "More forced advertising creeps into Windows 10 Pro" (Woody Leonhard) "Microsoft won't fix Windows flaw that lets hackers steal your username and password" (Zach Whittaker) Re: Self-driving cars, accepting the moral dilemma (Martyn Thomas) Re: Detecting When a Smartphone Has Been Compromised (Steven Schear) Re: Pets miss meals after auto-feeding app PetNet glitches (Richard Bos) Re; Mozilla off-by-one error on the Web anniversary! (Larry Werring) Re: Billion dollar shave club risk (Craig Burton) Re: Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (Dan Jacobson) How many geeks does it take to change a lightbulb? (Rob Slade) RISKS 29.67 Monday 9 August 2016 The "internet" and the "associated press": Mini-editorial (PGN) "The Internet vs. "the internet" (Lauren Weinstein) How to hack an election in seven minutes (Ben Wofford) Cyber Protections Contemplated for U.S. Election Systems (Mark Rockwell) FTC vows to crack down on sponsored internet [Internet!] posts (Engadget) Risk From Linux Kernel Hidden in Windows 10 Exposed at Black Hat (EWeek) Young man [shot to death] while playing Pokemon at [San Francisco] tourist attraction (USNews) If you're at the Rio Olympics, you've probably already been hacked (Daily Dot) US military uses 8-inch floppy disks to coordinate nuclear force operations (CNBC) "Flaw in Samsung Pay lets hackers wirelessly skim credit cards" (Zack Whittaker) Re: NSA Fans: Be careful what you wish for (Peter Houppermans) Re: BBC to deploy detection vans to snoop on [I]nternet users (Chris Drewe) Re: Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (Wols) RISKS 29.68 Thursday 11 August 2016 DoJ Official Tells 100 Fed Judges to Use Tor (Joseph Cox) Delta Struggles to Take Flight After Global System Outage (ABC) El Faro Cargo Ship VDR recovered (Al Mac) Australia GPS coordinates moving -- for driverless cars (ABC Australia) Millions of VW cars at risk: Wireless hack lets crooks clone Volkswagen keys (Liam Tung) Tesla Tampering (DefCon) A New Hack Can Unlock 100 Million Volkswagens (Andy Greenberg) Hack of Democrats' Accounts Was Wider Than Believed, Officials Say (NYT) More on the DNC e-mail and WikiLeaks (PGN) "Emailgate: How media mistakes created Hillary Clinton's fake, fake identity" (David Gewirtz) MICROS POS Breach (Krebs) Monitors Are Vulnerable to Hijacking and Spying (Motherboad) Irish Police systems hacked (Patrick O'Beirne) Now even your sex toys are spying on you (Zack Whittaker) Flawed Designs (ProPublica) Susan Crawford on wireless vis-a-vis cable (BackChannel) U.S. broadband: Still no ISP choice for many, especially at higher speeds (Ars Technica) Encryption's Quantum Leap: The Race to Stop the Hackers of Tomorrow (Steve Ranger) Samsung is all talk, no fix after researcher finds Pay flaw (Zach Whittaker) New Nigerian Fraud Scheme Revealed -- by Self-Infection (IEEE Spectrum) Facebook will bypass web adblockers, but offer ad targeting opt-outs (TechCrunch) "Secure Boot proves insecurity of backdoors" (Fahmida Y. Rashid) Microsoft's giving you just 10 days now, not 31, to change your mind about Windows 10 (Mark Hachman) Microsoft researchers enable secure data exchange in the cloud (LW) Once Taunted by Steve Jobs, Companies Are Now Big Customers of Apple (NYT) "The Internet" vs "internet" and other sundry thoughts (PGN) Re: How to hack an election in seven minutes (Ben Wofford) Re: 8-inch floppies (Dimitri Maziuk) RISKS 29.69 Tuesday 16 August 2016 The $47 Billion Network That's Already Obsolete (Steven Brill) Tesla Spontaneously Catches Fire! (Alister Macintyre) Tesla and Troubles (Alister Macintyre) Re: A New Hack Can Unlock 100 Million Volkswagens (Jim Geissman) Hacker Releases More Democratic Party Documents (Lillie Coney) Hackers claim to have stolen NSA cyberweapons, auctioning them to highest bidder (BoingBoing) 80% of Android Linux users vulnerable (Digital Trends) "Now data-stealing Marcher Android malware is posing as security update" (Danny Palmer) New air-gap jumper covertly transmits data in hard-drive sounds (Ars Technica) More on Air-Gap Security Threats (Security Week) "Linux TCP flaw lets 'anyone' hijack Internet traffic" (Steven J. Vaughan-Nichols) "How an IP mapping glitch turned a farm into federal hell" (Charlie Osborne) Windows 10 re-problems Internet connection (Rob Slade) Thai Plan to Track All Foreigners By SIM Cards Moves Forward (Dan Jacobson) Hacking the Vote: the Security of Our Election Systems (Bruce Schneier) Statistical study of voting results (PGN) Re: How to hack an election in seven minutes (Robert I. Eachus) Social Security Administration REMOVES highly criticized cell phone access requirement (Lauren Weinstein) RISKS 29.70 Thursday 18 August 2016 Pentagon Cannot Account For $6.5 Trillion Dollars (Jay Syrmopoulos via Mark E. Smith) 'Shadow Brokers' Leak Raises Alarming Question: Was the NSA Hacked? (NYTimes) EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy (via PGN) "Donald Trump's Lack of Respect for Science Is Alarming" (*Scientific American*) Squirrel blamed for power outage in Menlo Park CA (PGN) China launches first quantum-enabled satellite (BBC via Rob Slade) "Clinic won't pay breach protection for victims; CEO says it would be death of company" (John Fontana) Australia rising (Alister Wm Macintyre) 42 infants found in secret CalGang gang database (Henry Baker) A Distracted-Driving Ban in New Jersey? Some Say It Threatens a Way of Life (NY Times) Ford to offer self-driving cars without steering wheels to Uber by 2021 (Computer World via Gregory Aharonian) Re: Ford to offer self-driving cars without steering wheels to Uber by 2021 (Lauren Weinstein) Re: "Tesla and Troubles" (Michel Bouckaert) Re: Tesla "autopilot" (Barry Gold) Re: Hacking the Vote: the Security of Our Election Systems (Mark E. Smith) Re: Thai Plan to Track All Foreigners By SIM Cards Moves Forward (Henry Baker) RISKS 29.71 Monday 22 August 2016 Aviation Experts Urge Caution on Releasing Self-Driving Cars (WSJ) I Just Drove Eight Hours on Tesla Autopilot and Lived to Tell the Tale (Bloomberg) The New York Times and The Associated Press!! (PGN) "The Internet" vs "internet" and other sundry thoughts (Richard Bos) "Android malware being spread via Google Adsense" (InfoWorld) Snowden Junior (motherboard) The NSA leak is real, Snowden documents confirm (Sam Biddle) Cisco confirms NSA-linked zeroday targeted its firewalls for years (Ars Technica) "Microsoft changes Win7/8.1 updates, pushes even harder for Windows 10" (Woody Leonhard) People ignore software security warnings up to 90% of the time (BYU) Comcast's $70 gigabit offer good only in cities with Google Fiber (Ars) Chemistry group throws out election results after fears of vote rigging (PGN) Re: How to hack an election in seven minutes (Richard Bos) Re: Facebook will bypass web adblockers, but offer ad targeting opt-outs (Richard Bos) RISKS 29.72 Wednesday 24 August 2016 CALTRANS, the FCC, and the GAO on inter-auto comms (S Candice Hoke) 'Smart' Power Outlets Are Now Botnets (techdirt via Al Mac) "New Approach Needed to IT, Says NIST's Top Cyber Scientist" (ACM TechNews) In India users may get 3-yrs in jail for viewing torrent site, blocked URL (SoftLinkWeb) Airlines' reservation systems (Werner U) France, Germany Want Encrypted App Makers to Help Stop IS (NYT) Closely Watched Ballots (Jon Grinspan) Which Way Do you Vote? Facebook Has an Idea (Jeremy Merrill) NSA-linked Cisco exploit poses bigger threat than previously thought (Ars Technica) Three relevant items on NSA hacking (PGN) Lawyer: Dark Web Child Porn Site Ran Better When It Was Taken Over by the FBI (Motherboard) HTTPS and OpenVPN face new attack that can decrypt secret cookies (Ars Technica) Why you *still* can't trust password strength meters (Naked Security) "When Hiding Passwords Is Stupid -- or Worse!" (LW's blog) Private lives are exposed as WikiLeaks spills its secrets (BigStory) Secret cameras record Baltimore's every move from above (Bloomberg) With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive (EFF) Self-driving motorcycle (WiReD via Al Mac) Re: Self-driving cars, accepting the moral dilemma (Martyn Thomas) Re: The Internet (Richard S. Russell) Re: Snowden Junior (John Levine) Re: "Android malware being spread via Google AdSense" (John Levine) Re: Facebook bypass adblockers/ Google ad settings/ need for ad-blockers/ growing impossibility of using ad-blockers (Jay Libove) Should You Charge Your Phone Overnight? (NYT) Sleep 'resets' brain connections crucial for memory and learning (Ian Sample) RISKS 29.73 Tuesday 29 August 2016 World's biggest aircraft crashes on landing (*The Guardian*) Russia's Powerful Weapon to Hurt Rivals: Falsehoods (Neil MacFarquahar) Good thing this wasn't one of those nuclear bomb/EMP detectors... (danny burstein) "U.S. convicts Russian hacker in credit card theft scheme" (Michael Kan) Russian hackers breached a computer used by county elections officials in Arizona, a state official said (WashPost) FL state election officials deny problems even as databases are hacked (PGN) Fundamental flaw in neuroscience research (Kate Murphy) Self-Driving Cars don't care about your moral dilemmas (Herns and Science via WU) They really did remove the streets from Google Maps (Dan Jacobson) How to shut down a 911 center? Hit the off button (NBC News) 4 decades after a computer in the Bay Area connected to one in Boston, the effect of The Internet on our lives is hard to overstate (Jessica Floum) "Medical device security disclosure ignites an ethics firestorm" (Michael Kan) "New collision attacks against triple-DES, Blowfish break HTTPS sessions" (Fahmida Y. Rashid) DC 911 Outage Caused by Contractor Hitting Emergency Shutoff Button (NBC) Researchers use Excel to mangle gene names into dates (GenomeBiology via Patrick O'Beirne) "Baltimore cops using private company's aerial cameras to conduct secret surveillance" (Computerworld) Microsoft's maps lost Melbourne because it used bad Wikipedia data (Gabriel Goldberg) "Unauthorized, mislabeled Microsoft support tool leaks; could cause more trouble than it cures" (Ed Bott) "Fake resumes, jobs, lead to real guilty plea in H-1B fraud case" (Patrick Thibodeau) Apple patents technique for grabbing iPhone thieves' fingerprints and photo (Adrian Kingsley-Hughes) "The Dirt" about iOS 9.3.5 (ZDnet) GozNym Trojan spreads to attack German banks (Charlie Osborne) "Is your Android phone being controlled by a rogue Twitter account? Botnet is first to receive commands via tweets" (ZDnet) Inside Facebook's -- Totally Insane, Unintentionally Gigantic, Hyperpartisan -- Political-Media Machine (NYTimes) Parking garage makes it easier for stalkers (Jeremy Epstein) Opera resets passwords after sync server hacked (Zack Whittaker) More Airline Outages Seen As Carriers Grapple With Aging Technology (Reuters via SlashDot) Re: Airlines' reservation systems (John Levine, Jeff S. Jonas) Re: Excel garbles microarray experiment data (Joe Loughry) Re: "When Hiding Passwords Is Stupid -- or Worse!" (Don Norman) Re: Why you *still* can't trust password strength meters (Barry Gold) Re: Sleep 'resets' brain connections crucial for memory and learning (Jeff S. Jonas) Re: "Smart Power Outlets" (Peter Bernard Ladkin, Al Mac) RISKS 29.74 Friday 2 September 2016 Voice Pitch and Voting Patterns (Casey Klofstad et al.) "Hackers had a chance to hamper voting by deleting records" (Michael Kan) We should be worried about the hacking of electronic voting machines (Lieberman/Finkelstein) Hacking elections is easy! (CyberAttackSquad) 2016 US financial cyber security (Security Score Card) New hacking technique stealthily changes memory of virtual servers (HomelandSecurityNewswire) Facebook exposes identity of psychiatric patients (Fusion.Net) Staff breach at OneLogin exposes password storage feature (CSO) SWIFT Discloses More Cyber Thefts, Pressures Banks on Security (NYTimes) Dropbox hack leads to leaking of 68m user passwords on The Internet (The Guardian) 43 million passwords hacked in Last.fm breach (John Mannes via Sam Wood) Check whether you have an account that has been pwned (Sam Wood) "This data-stealing Trojan is the first to also infect you with ransomware" (Danny Palmer) New cloud attack takes full control of virtual machines with little effort (Ars Technica) Kimpton Payment Card Incident (Kimpton) "Poisoned Word docs deploy rogue web proxies to hijack your encrypted traffic" (Lucian Constantin) "Kaspersky fixes antivirus crash bug" (Zack Whittaker) "Google won't fix login page flaw that can lead to malware download" (Zack Whittaker) Half of people click anything sent to them (Ars Technica) "Perth cop accessed restricted computer" (Aimee Chanthadavong) "Update: Apple must repay $14.5B in underpaid taxes in Ireland" (Peter Sayer) How Tech Giants Are Devising Real Ethics for Artificial Intelligence (John Markoff) "Kawasaki developing AI motorcycles that can talk with, learn from their riders" (Casey Baseel) You Can Now Chat With Your Hotel Room, and It's Only Going to Get Better (Bloomberg) AP Computer Science Principles Course Aims to Attract More Students to the Field (Amy Golod) Feist vs Paxfire (PGN) Choice Hotels: Beyond CAPTCHAs to frustration (Jeremy Epstein) How One GMO Nearly Took Down the Planet (Gabe Goldberg) Re: They really did remove the streets from Google Maps (Al Stangenberger) RISKS 29.75 Tuesday 6 September 2016 Big, make that BIG, military secrets leak in Austrialis/France (The Australian via danny burstein) Defense Science Board Summer Study on Autonomy (Diego Latella) How Spy Tech Firms Let Governments See Everything on a Smartphone (NYTimes) The DNC Hack Shows How Weůve Dropped the Ball on Cyberdefense (Slate) Facebook Engineers Crash Data Centers in Real-World Stress Test (Tekla S. Perry) You're How Old? We'll Be in Touch (NYTimes) Feds Spend Nearly $500K To 'Combat Online Trolling' (Elizabeth Harrington) Another NSF study: Group Communication in High-Stakes Settings (Elizabeth Harrington) Re: How to shut down a 911 center? Hit the off button (taruss) "Google patches critical bug on Android Nexus 5X devices" (Fahmida Y. Rashid) "Samsung announces exchange program for Galaxy Note 7 after defective batteries halt sales" (Ian Paul) What is your phone telling your rental car? (Lisa Weintraub Schifferle) Is WhattsApp sharing phone numbers with Facebook or not? (Martyn Thomas) Re: Half of people click anything sent to them (Adam Shostack) Re: Kawasaki developing AI motorcycles that can talk with, learn from their riders (Jeff Jonas) Re: Voice Pitch and Voting Patterns (Barry Gold) Re: How One GMO Nearly Took Down the Planet (John Levine, Eli the Bearded) Re: You Can Now Chat With Your Hotel Room, and It's Only Going to Get Better (DJC, Henry Baker) Re: New hacking technique stealthily changes memory of virtual servers (Anthony Thorn) The Boebert/Blossom book on Deepwater Horizon (PGN) RISKS 29.76 Monday 12 September 2016 GM recalls 4M cars because of a software fault (Martyn Thomas) "Volkswagen engineer behind 'defeat device' pleads guilty in US court" (Charlie Osborne) Elon Musk Says Pending Tesla Updates Could Have Prevented Fatal Crash (NYT) Your Car's New Software Is Ready. Update Now? (NYT) Galaxy Note 7 (Martyn Thomas) AirAsia X flight from Sydney to Malaysia ends up in Melbourne after navigational error (SMH) AirAsia flight bound for Malaysia landed in Melbourne after pilot error (CNN) The Roomba did the Rumba all over the Room: Bah! (Paul Wexelblat) 5,300 Wells Fargo employees fired over 2 million phony accounts (WCTI12) Phoenix Pay System Disaster Leads to Real Tears (John C. Bauer) "Researchers warn that hackers can DDoS 911 emergency phone service" (Computerworld) "This USB stick will fry your unsecured computer" (Lucas Mearian) "Consumers have no right to buy a PC without an OS, European court rules" (Peter Sayer) "Brazilian government could ban Waze" (Angelica Mari) "Apple, Fox News, and ACLU join Microsoft's fight against secret data demands" (Zach Whittaker) "YouTube disappearing from 50 Sony Bravia sets highlights why smart TVs suck" (Ian Paul) "Stealthy, tricky-to-remove rootkit targets Linux systems on ARM and x86" (Lucian Constantin) Stealing login credentials from a locked PC or Mac just got easier (Dan Goodin) "Data hoarders are shining a spotlight on past breaches" (Michael Kan) How Fake Stories Reported in Russia's News Media Regularly Fool Everyone (Global Voices) Revote required; no glue code was involved (Bertrand Meyer) A cautionary tale about humans creating biased AI models (TechCrunch) Re: You Can Now Chat With Your Hotel Room, and It's Only Going to Get Better (Erling Kristiansen) Re: Big, make that BIG, military secrets leak in Australia/France (danny burstein) Re: Parking garage makes it easier for stalkers (RWolff) Re: Falsehoods and disinformation (Harlan Rosenthal) RISKS 29.77 Friday 16 September 2016 Tesla fatal crash in Baarn, The Netherlands (Erling Kristiansen) Self-driving cars would cause 4.1 million jobs to disappear (PGN) Modern healthcare commentary on medical device security (Kevin Fu) Colin Powell, in Hacked Emails, Shows Scorn for Trump and Irritation at Clinton (NYTimes) After Colin Powell's Hacked Emails, am I Next? (Shear/Fandossept via Henry Baker) Russian Hackers Leak U.S. Star Athletes' Medical Information (NYTimes) New Documents Released From Hack of Democratic Party (NYTimes) Sowing Doubt Is Seen as Prime Danger in Hacking Voting System (NYTimes) Fire drill knocks ING bank's data centre offline (paul cornish) Data center crippled by loud noise (BBC via Mark Trumpler) Free Wi-Fi Kiosks Were to Aid New Yorkers. An Unsavory Side Has Spurred a Retreat (NYTimes) 'Command and Control': Common Errors, Nuclear Arms and Consequences (NYTimes via Monty Solomon) Bloomberg: This Loophole Ends the Privacy of SSNs (Gabe Goldberg) Re: Dangerous Galaxy Note 7 & AirAsia X flight from Sydney to Malaysia ends up in Melbourne (PGN) Re: PC without OS (Dimitri Maziuk) Re: How One GMO Nearly Took Down the Planet (Chris Drewe) Risks 29.78 Thursday 22 September 2016 FBI overpaid $999,900 to crack San Bernardino iPhone 5c password (Dan Jacobson) Yahoo! confirms major breach that could be the largest hack ever: at least 500 million people (Business Insider) Microsoft dismisses Exchange vulnerability report (Peter Houppermans) How a few words to Siri unlocked a man's front door and exposed a major security flaw in Apple's HomeKit (Forbes) Police try to arrest robot (Al Macintyre) Chicago woman launches lawsuit against Canadian maker of app-based vibrator (CTVnews via Jim Reisert) The risks of getting your email address wrong (Amrith Kumar) For the Debaters: What Shall We Do About the Tech Careening Our Way? (NYTimes) The Success of the Voter Fraud Myth (NYTimes) Wells Fargo Warned Workers Against Sham Accounts, but 'They Needed a Paycheck' (NYTimes) World Economy at RISK? new TiSA-leaks (Wikileaks via Werner U) Re: Tesla fatal crash in Baarn, The Netherlands (Kurt Seifried, Martin Ward) Re: PC without OS (Dimitri Maziuk, Martin Ward) REVIEW: How to Measure Anything in Cybersecurity Risk, Douglas W. Hubbard and Richard Seiersen (Richard Austin) RISKS 29.79 Saturday 24 September 2016 We Have to Start Thinking About Cybersecurity in Space (Zeljka Zorz) "5 Tech Trends That Have Turing Award Winners Worried" (Katherine Noyes) Tesla tones down Autopilot (San Francisco Chronicle) Krebs on Security hit by a huge DDoS attack (ZDnet via PGN) "Seagate NAS hack should scare us all" (Roger A. Grimes) Australian Police warn of malware-laden USB sticks in letterboxes (The Register via Werner U) Russian intelligence services seem responsible for hacking German political groups (The Cyberwire) China teen killing sparks Internet *addiction* boot camp debate (BBC) Banks want to make the Internet less secure for everybody (Thomas Koenig) Rogue Algorithms -- and the Dark Side of Big Data (Wharton Knowledge) WikiLeaks uploads 300+ pieces of malware among email dumps (Werner U) Re: Police try to arrest robot (Martin Ward) Re: The risks of getting your email address wrong (John Levine) Re: Microsoft dismisses Exchange vulnerability report (Bill Stewart) Re: PC without OS (Martin Ward, Dmitri Maziuk) RISKS 29.80 Monday 3 October 2016 The Deepwater Horizon movie and Boebert-Blossom book (PGN) A thought-provoking piece on collective creeping complacency (Richard Hesketh) Hoboken Train Crash (Al Mac) SpaceX fingers helium as cause of Falcon 9 rocket explosion (NewAtlas via geoff goodfellow) NTSB concludes 5 Mar 2015 Delta 1086 landing accident investigation (Al Mac) Make that traffic light green for me! (Debora Weber-Wulff) National Cyber Security Centre to shift UK to 'active' defence (The Register via Werner U) The Computer Voting Revolution Is Already Crappy, Buggy, and Obsolete (Bloomberg) Switzerland votes for meatier surveillance law by large margin (Ars Technica) Goodwill breach and more (PGN) Revealed: How one Amazon Kindle scam made millions of dollars (ZDnet) More than 400 malicious apps infiltrate Google Play (Ars Technica) BT's Wi-Fi Extender works great, at extending your password to hackers (Juhn Leyden) Criminals posing as bank customer service staff on social media (Alisha Rouse) "Microsoft finally fixes double-print bug, but more patching problems loom" (Woody Leonhard) "Armies of hacked IoT devices launch unprecedented DDoS attacks" (Lucian Constantin) Risks of using spammer URLs in posts (Keith F. Lynch) German Privacy Regulator Orders Facebook Stop Collecting German WhatsApp User Data (Werner U) "Yahoo's claim of 'state-sponsored' hackers meets with skepticism" (Michael Kan) "Yahoo says hack of 500 million users "state-sponsored", but a security firm calls bull****" (Lauren Weinstein) "Sort of gives 'driving safely' a whole new meaning" (ComputerWorld) The 15-Point Federal Checklist for Self-Driving Cars (The NYTimes) The psychological reasons behind risky password practices (Lab42) Robot Ransomware? (Robert Schaefer) Re: Krebs on Security hit by a huge DDoS attack (Peter Ludemann) Re: PC without OS (Michael Marking) Re: The risks of getting your email address wrong (DJC, Don Gingrich, Andrew Pam, Richard Bos) RISKS 29.81 Tuesday 4 October 2016 Internet: Quo Vadis -- Where are you going? (Karl Auerbach via Geoff Goodfellow) Two items on election system integrity (PGN) Source code for IoT botnet Mirai Released Krebs 1 Oct (Werner U) Leaking Beeps: Here's A Reason to Kick Pagers out of Hospitals (Natasha Hellberg via Werner U) AMPAS's Work on Digital Preservation (Lauren Weinstein) Re: Risks of using URLs that people imagine are spammers in posts (John Levine, Keith F. Lynch, John Levine) RISKS 29.82 Saturday 8 October 2016 J&J warns of vulnerability in insulin pump (Jeremy Epstein) Samsung device ignites during SW flight (Wave 3) U.S. government officially accuses Russia of hacking campaign to interfere with elections (Ellen Nakashima) Undetectable election hacking? (ComputerWorld) Gene Spafford: Many hurdles preventing emergence of online voting (PGN) Bruce Schneier: Economics of security and the IoT (PGN) Alex Stamos: Yahoo's scanning program (PGN) "Yahoo's email snooping: It's all legal" (Caroline Craig) Yahoo scanned customer e-mails for U.S. Intelligence (Michael Marking) Apple, Google, Microsoft: We Have No Government Email Scanning Program Like Yahoo's (vocativ) National Cyber Security Awareness Month (NCSAM) -- supported by he Mozilla Project (Werner U) "IoT botnet highlights the dangers of default passwords" (Michael Kan) Re: Source code for IoT botnet Mirai Released Krebs 1 Oct (Chiaki Ishikawa) Windows 10 update traps some systems in a boot loop, Microsoft promises fix (Extreme Tech) NSA Contractor Arrested in Possible New Theft of Secrets (NYTimes) How hard is it to hack the average DVR? Sadly, not hard at all (Ars Technica) RISKS 29.83 Monday 10 October 2016 Smart machines and the future of jobs (Jeffrey D. Sachs) Dutch Police connected to private cameras (Jurjen N. E. Bos) World's largest co-op of unfiltered flight data (Dan Jacobson) More on Samsung's battery problems (USA Today) Re: Undetectable election hacking? (Mark E. Smith) Yahoo: Buggy NSA rookit; they did not install an NSA email scanner (NNSquad) Re: We have no Government email scanning programs (Peter Houppermans) Re: Yahoo scanned customer e-mails (Dimitri Maziuk) Re: A thought-provoking piece on collective creeping complacency (Robert I. Eachus) RISKS 29.84 Wednesday 12 October 2016 How computers are setting us up for disaster (Tim Harford via Wendy M. Grossman) Harbinger of The Internet of Things? Tempest in a Teapot? (The Guardian) English man spends 11 hours trying to make cup of tea with Wi-Fi kettle (BoingBoing via LW) NSA could put undetectable "trapdoors" in millions of crypto keys (Dan Goodin) Samsung Halts Galaxy Note 7 Production as Battery Problems Linger (NYT) Samsung discontinues Galaxy Note 7 after battery debacle (Gene Wirchenko) Better Software Security and Privacy by Law(suit)?!!? (Catalin Cimpanu via Werner U) Censorship by Legal Trickery (Catalin Cimpanu) Publishing Malware Open-Source on GitHub... (Catalin Cimpanu) Re: Bruce Schneier: Economics of security and the IoT (Al Mac) Re: Dutch Police connected to private cameras (Peter Houppermans) Re: Yahoo scanned customer e-mails (Michael Marking) Re: Undetectable election hacking? (John Sebes, Mark Kramer, Michael Kohne, Mark E. Smith) RISKS 29.85 Saturday 15 October 2016 Hacking elections? Merrilly we loll along!?? (PGN) Hacking elections, the CIA, Russians, Chinese, and more (Sean Gallagher on Jack Goldsmith) Re: Undetectable election hacking? (3daygoaty, Mark E. Smith) San Francisco Muni to replace malfunctioning buses after computer error led to crash (Steve Brack) 5,761 Online Stores Currently Infected with Card-Data-Stealing Malware (Catalin Cimpanu) Old SSH-Bug resurrected for IoT botnets (Catalin Cimpanu) Android Banking Trojan Acecard - Submit a Selfie Holding ID Card (Catalin Cimpanu) Google: Building on Surveillance Reform (via Lauren Weinstein) GlobalSign screw-up cancels top websites' HTTPS certificates (The Register) Police Use Surveillance Tool to Scan Social Media (The NYT) U.S. Athletes Reassured After New Russian Hack (The NYT) More on Samsung (The NYT) Re: Samsung discontinues Galaxy Note 7 after battery debacle (Erling Kristiansen) RISKS 29.86 Wednesday 19 October 2016 Automated machine-guns to be deployed at Turkish-Syrian border (Michael Weiner) Self-driving cars shouldn't have to choose who to protect in a crash (Frank Pasquale) Bacteria on Device Said to Infect at Least 12 Patients in Pennsylvania (The NYT) 97% of Java apps harbor a known security hole (Fortune via Lillie Coney) Russian Hackers Faked Gmail Password Form To Invade DNC Email System (Buzzfeed via Joly MacFie) Krebs on IoT security (PGN) Re: Undetectable election hacking? (John Levine, Anthony Youngman, Mark E. Smith) Re: Samsung discontinues Galaxy Note 7 after battery debacle (Anthony Youngman, Al Mac, David Brodbeck) Re: Lithium batteries (Peter Miller) Re: The risks of getting your email address wrong (Lindsay Marshall) RISKS 29.87 21 October 2016 Internet DDoS attacks (The NYTimes) Blame The Internet of Things for today's Web blackout (engadget) Trove of Stolen Data Is Said to Include Top-Secret U.S. Hacking Tools (The NYTimes) 9-year old Linux Kernel race condition creates Copy-on-Write Privilege Escalation Hazard (Ars Technica via Bob Gezelter) Blame the computer: Italian Space Agency (Roberto Bagnara) Private security group says Russia was behind John Podesta email hack (The NYTimes) Whoever Wins the White House, This Year's Big Loser Is Email (The NYTimes) Obama administration unveils new rules to protect air travelers (The WashPost) Samsung exploding washing machines (CBS Boston) Samsung exploding phone issue extends past Note 7, lawsuit says (The Guardian) Re: Samsung discontinues Galaxy Note 7 after battery debacle (Al Mac) Re: Galaxy note 7 battery (Dimitri Maziuk) Stop talking about the trolley problem (Ian Jackson) The Trolley Problem and altruism (John Sebes) Re: Self-driving Cars and the Trolley Problem (Peter Bernard Ladkin, 3daygoaty) Re: Self-driving cars shouldn't have to choose who[m] to protect in a crash (David Damerell) Election rigging? (The Hill) Re: Undetectable election hacking? (Mark E. Smith, Mark Kramer, Michael Kohne, 3daygoaty, Chris Drewe) Re: E-mail Security (Chris Drewe) RISKS 29.88 Tuesday 25 October 2016 Russian Suspected of Hacking U.S. Tech Companies Is Indicted (The NYTimes) Radio interference disables cars and cell phones in Evanston (ARRL via Ed Ravin) Report on "Ethics of AI" (John Horgan) As Artificial Intelligence Evolves, So Does Its Criminal Potential (The NYTimes) Pittsburgh's new artificially intelligent stoplights could mean no more pointless idling (Chris Weller) Re: Self-driving cars shouldn't have to choose who to protect in a crash (tanner andrews) Samsung washing machines in Australasia hot issue since 2013 (Donald Mackie) China's Total Information Awareness? (Simon Denyer) Every LTE call, text, can be intercepted, blacked out, hacker finds (The Register) Unneeded Services Foster Botnets and other security problems (Bob Gezelter) Kevin Marks: Internet becoming unreadable, lighter thinner fonts (LW, Al Mac) Dyn Statement on the 21 Oct 2016 DDoS Attack (Kyle York PGN-ed) Hacked Cameras, DVRs Powered Today's Massive Internet Outage (Brett Glass) German voting system, for comparison (Thomas Koenig) Re: Undetectable election hacking? (Mark Brader, Paul Edwards, David Brodbeck) The Right to be Forgotten for posts sitting in a moderator's queue (Dan Jacobson) RISKS 29.89 Monday 31 October 2016 My view on the Mirai DDoS botnet attack exploiting Dyn and others (PGN) UK Lottery ticket scanner missing winning tickets (Patrick Cain) Amtrak agrees to $265M settlement in Philadelphia crash that killed eight (The New York Times) Even Anonymous Labels can have adverse meanings (The Atlantic via Bob Gezelter) Man `sells' car to his fake company, to avoid speeding ticket (Chris Drewe) Isn't it time to "Start Over" ... or "Give Up ALL Hope"? (Werner U) Relief at Last for U.S. Owners of Diesel Volkswagens (NYTimes) Australian Red Cross leak (SMH via Dave Horsfall) Broadband Providers Will Need Permission to Collect Private Data (NYTimes) Yahoo invents spying billboard (Alternet) Google Brain AI develops cryptographic algorithms (Ars Technica) Managing Driving's Many Distractions (WSJ) Re: Self-driving cars shouldn't have to choose who to protect in a crash (Gary Hinson) SQL injection and Buffer Overflow Risk Assessments (Peter Bright) OCC Notifies Congress of Incident Involving Unauthorized Removal of Information (Jim Reisert) New FCC rules on privacy (The Washington Post) Re: Pittsburgh's new artificially intelligent stoplights could mean no more pointless idling (Dave Horsfall) Re: Undetectable election hacking? (Mark E. Smith, John Colville, 3daygoaty, Al Mac) Re: Internet becoming unreadable, lighter thinner fonts (Wendy M. Grossman) Re: Unneeded services (Dimitri Maziuk) Re: The Trolley Problem and altruism (Michael Marking) Samsung Holdouts Won't Give Up Their Fire-Prone Galaxy Notes (WSJ) More Wretched News for Newspapers as Advertising Woes Drive Anxiety (NYT) RISKS 29.90 Tuesday 8 November 2016 "Your WiFi-connected thermostat can take down the whole Internet. We need new regulations." (Bruce Schneier) Hack Your Own Car in USA (IEEE Spectrum) TSA biometrics (Detroit CBS) "XSS flaw on Wix leaves the door open to worms" (Fahmida Y. Rashid) Blockchain is Eating Wall Street (Alex Tapscott) Re: denied jackpot -- this number seems familiar! (Walter Hunt) Trolley challenge in Indiana (TV news via Al Mac) Hack-a-day stingray (Eli the Bearded) Squirrels and voting (Mark Thorson) Re: German voting system, for comparison (Sheldon) Re: Undetectable election hacking? (David Brodbeck, Rob Slade, Jim Hickstein, Paul Edwards) Re: Mirai and Anna Senpai (Derek J Decker) RISKS 29.91 Sunday 13 November 2016 Why Light Bulbs May Be the Next Hacker Target (John Markoff) DDoS on a Finnish water distribution system (Gadi Evron) Researchers just demonstrated how to hack the official vote count with a $30 card (geoff goodfellow) How to block the ultrasonic signals you didn't know were tracking you (Lily Hay Newman via Werner U) Fake shopping apps are invading the iPhone (James Covert) GCHQ wants Internet providers to rewrite systems to block hackers (The Telegraph via Chris Drewe) Tesco Banks halts online transactions after theft from 20,000 accounts (Kelly Fiveash) Offensive Words Filter Data Blocked By Offensive Words Filter (Chris Drewe) "Executive dilemma: Approve the cloud, get a pay cut" (David Linthicum) Browsers nix add-on after Web of Trust is caught selling users' browsing histories (The Register) Department of Chromeland Security to the rescue... (Andy Greenberg via Werner U) How to get Google to come out of their hole and say something (Dan Jacobson) How the Internet Is Loosening Our Grip on the Truth (The New York Times) Two ambulances speeding toward the same crossroads (Google via Dan Jacobson) This evil office printer hijacks your cellphone connection (Ars Technica) Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, PINs (Bleeping Computer) Oauth 2.0 hack exposed 1 billion mobile apps to account hijacking (Threatpost) Russian Hackers Launch Targeted Cyberattacks Hours After Trump's Win (Motherboard via Suzanne Johnson) $0.02 due to Daylight Savings Time (Dan Jacobson) Re: "Your WiFi-connected thermostat can take down the whole Internet... (Stanley Chow) RISKS 29.92 Wednesday 16 November 2016 Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say (Matt Apuzzo and Michael S. Schmidt) Information Overload Chronicles: Hit Reply to All Shut Down UK National Health Service (Gabe Goldberg) Election Math (Rebecca Mercuri) "Update your Belkin WeMo devices before they become botnet zombies" (Lucian Constantin) Cameroonian Government Launches Campaign Against Social Media, Calls It "A New Form of Terrorism" (GlobalVoices) Adult Friend Finder and Penthouse hacked in massive personal data breach (The Guardian) $5 tool ransacks password-protected computers (Dan Goodin) If your iPhone screen is flickering, it might have touch disease (Bogdan Popa) Surveillance technology has advanced far beyond the laws that govern it (Ars Technica) Insulin pump vulnerabilities could lead to overdose (ZDnet) Securing the IoT (DHS) Re: Offensive Words Filter Data Blocked By Offensive Words Filter (Kurt Fredriksson) Re: Executive dilemma: Approve the cloud, get a pay cut" (R. G. Newbury) Re: TSA biometrics (Arthur Flatau) Deepwater Horizon revisited (Earl Boebert) RISKS 29.93 Monday 21 November 2016 *Fake News* gives new meaning to *No news is good news*?!! (PGN) Programmers are having a huge discussion about the unethical and illegal things they've been asked to do (Business Insider) Nobody has real friends anymore (NYPost via Geoff Goodfellow) 8 million GitHub profiles were leaked from GeekedIn's MongoDB - (Troy Hunt) Zuckerberg dies temporarily due to glitch (The Guardian) Vigilante who aided Steubenville football website hack to plead guilty (Ars Technica) In two weeks, it will be easier for Uncle Sam to search your computer (Ars Technica) IMSI Catcher Report Calls for Transparency, Proportionality, and Minimization Policies (CitizenLab) Chinese company installed secret backdoor on hundreds of thousands of phones (Ars Technica) The Cyber-War on the Tibetan Community - a case study (CyberLab) NSO Group's iPhone Zero Days used against a UAE Human Rights Defender (Bill Marczak and John Scott-Railton) Office Depot insider speaks out about unnecessary computer fixes (JesseJones) Kryptowire discovers mobile phone firmware that transmitted PII (Jim Reisert) Risks to toilets in computing systems (Toby Douglass) Testimony last week for a U.S. House Committee on IoT Security by Kevin Fu and Bruce Schneier (PGN) Hackers Claim Theft of Data from Gorilla Glue (Motherboard) Biggest Spike in Traffic Deaths in 50 Years? Blame Apps (The NYTimes) iPhones Secretly Send Call History to Apple, Security Firm Says (Kim Zetter) Re: iPhone 'Touch Disease' (Brian Clark via Werner U) RISKS 29.94 Friday 25 November 2016 Mars lander crash caused by 1-second inertial measurement error (European Space Agency via Geoff Goodfellow) CompSci Prof. Halderman: Want to Know if the Election was Hacked? (Medium.com) Election Audit in Wisconsin (PGN) More on election integrity (PGN) Russian propaganda effort helped spread 'fake news' during election, experts say (The Washington Post) Enough is Enough (Lauren Weinstein) According to Snopes, Fake News Is Not the Problem (Jessi Hempel) How The 2016 Election Blew Up In Facebook's Face (Buzzfeed) PM Threatens to sue unemployed citizen over Facebook share (JPost via Amos Shapir) Computer System Chaos At Shelby County Criminal Justice Center (Ben Moore) US Navy warns 134,000 sailors of data breach after HPE laptop is compromised (Ars Technica) Skoda driver decapitated after claiming car's cruise control was stuck (The Guardian via Martyn Thomas) Driver's last moments recorded in 999 call as he tells operator car's cruise control 'stuck' at 119mph (The Telegraph via Ian Halliday) Auto Safety Regulators Seek a Driver Mode to Block Apps (The New York Times) Distracted by holiday stress? E-mail hackers are banking on it (The Boston Globe) Is Social Media Disconnecting Us From the Big Picture? (The New York Times) UMass to pay $650K in HIPAA settlement (SCMagazine via Monty Solomon) Google warns journalists and professors: Your account is under attack (Ars Technica) Amazon.com - privacy not so private (Gabe Goldberg) Miniature Wi-Fi Device Developed by Stanford Engineers Supplies Missing Link for the Internet of Things (Andrew Myers) Facebook Said to Create Censorship Tool to Get Back Into China (The New York Times) India demonetization (Alister Macintyre) Bruce Schneier: 'The Internet era of fun and games is over' (Austin Powell) RISKS 29.95 Tuesday 29 November 2016 Hacker demanded ransom from San Francisco Muni Metro (PGN) Locky ransomware uses decoy image files to ambush Facebook, LinkedIn (Tom Mendelsohn) New Variants of Cerber and Locky ransomware launched simultaneously (Check Point) NTSB on Aviation: Risks of checklists, especially when ignored (PGN) Brooklyn prosecutor caught wiretapping a love interest (The New York Times) Mr. Trump's Lies About the Vote (The New York Times) Inside a Fake News Sausage Factory: 'This Is All About Income' (Lauren Weinstein) Trump's presidential hires and advisors own a hell of a lot of fake news sites (BoingBoing) Fake News and the Internet Shell Game (The New York Times) Do away with the FCC? (The Washington Post via Eric Burger) Forget Net Neutrality, Trump FCC Advisor Wants to Kill the FCC Itself (Motherboard) Did Russian Agents Influence the U.S. Election with Fake News? (Vanity Fair) Re: Russian propaganda effort helped spread 'fake news' during election, experts say (Dick Mills) Why Trump and Fake News are Putting the Pressure on Facebook (Bloomberg) "How Fake and False News Distort Google and Others" (Lauren Weinstein) Macy's Website Suffers Disruptions During Critical Shopping_Day (Bloomberg via Gabe Goldberg) Good at Skipping Ads? No, You're Not (The New York Times) Research Says Samsung Galaxy S7 Safest Smartphone, iPhone 7 Worst (Inquisitr) Re: More on election integrity (Mark E. Smith) RISKS 29.96 Saturday 10 December 2016 NASA's Power Supply Mistake on the ISS Was Totally Avoidable (WiReD) "Yamanote Line train temporarily suspended after carriage fills with smoke in Tokyo" (Oona McGee) How a rogue subway train in Singapore was caught with data (Adam Wildavsky) Boeing Dreamliner 787 should be reboot every 21 days (PGN) These Toys Don't Just Listen To Your Kid, They Send What They Hear To A Defense Contractor (Consumerist) Taking Action: Huntsville-Madison County EMA says computer code error left sirens silent during Tuesday's storms (WHNT) Audi Cars Now Talk To Stop Lights In Vegas (IEEE Spectrum via Gabe Goldberg) BMW traps thief by remotely locking him inside car (cnet) Pentagon: Looking for a Few Good Hackers (The New York Times) Ball-bearings policy analogy to cryptography policy (Ronald L. Rivest) Phone encryption: Police 'mug' suspect to get data (BBC via Brian Randell) How a Grad Student Found Spyware That Could Control Anybody's iPhone from Anywhere in the World (Vanity Fair) US police enhanced hacking authority (Ars Technica) The Neuroscientist Who's Building a Better Memory for Humans (WiReD) "Time is running out for NTP" (Fahmida Y. Rashid) Lawyers: New court software is so awful it's getting people wrongly arrested (Ars Technica) When a system upgrade gets you arrested (BBC via Jose Maria Mateos) Google accounts hacked (Check Point) Amazon Gets Real About Counterfeits (Bloomberg) Why Russia Is Using the Internet to Undermine Western Democracy (Slate) CIA assessment: Russia intervened in the 2016 election (The Washington Post) Trump supporters bought bogus Obama conspiracy theory peddled by Fox Business (The Washington Post) Spread of Fake News Provokes Anxiety in Italy (The New York Times) Police use 'fake news' in sting aimed at California gang (WBTV) Google, democracy and the truth about Internet search (The Guardian) Tech companies target online terrorist propaganda (Tami Abdollah) Big risk in nomenclature: fake news vs lies! (Harlan Rosenthal) Fake news (Joel Achenbach via Jim Geissman) "After we left the ship, I had an uneasy feeling" (Elliott) Re: NTSB on Aviation: Risks of checklists, especially when ignored (Jay Grizzard) Weapons of Math Destruction (Cathy O'Neil via Diego Latella) RISKS 29.97 and RISKS 29.00 12 Dec 2016 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 29 (3 Oct 2015 -- 10 Dec 2016) ------------------------------ End of RISKS-FORUM Digest 29.00 (29.97) ************************ .