Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.12 RISKS-LIST: Risks-Forum Digest Monday 20 July 2020 Volume 32 : Issue 12 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: `Friendliest,' not fittest, is key to evolutionary survival, scientists argue in their new book (The Hour) Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say intelligence agencies (CBC) Cloudflare DNS goes down, taking a large piece of the Internet with it (TechCrunch) Boeing's future is cloudy as it tries to restore credibility (WashPost) Seven 'no log' VPN providers accused of leaking -- yup, you guessed it -- 1.2TB of user logs onto the Internet (The Register) Outlook Woes: I have no email and I must scream (Computerworld) The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD) Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) The Role of Cognitive Dissonance in the Pandemic (The Atlantic) Machine Learning (MIT Tech Review) Re: The Dark Secret at the Heart of AI (Matthew Kruk) Re: An invisible hand: Patients aren't being told about the AI systems advising their care (Amos Shapir) Re: When tax prep is free, you may be paying with your privacy (Amos Shapir, Chris Drewe) Re: Why Some Birds Are Likely To Hit Buildings (Richard Stein, Craig S. Cottingham) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 20 Jul 2020 08:41:10 -1000 From: geoff goodfellow Subject: `Friendliest,' not fittest, is key to evolutionary survival, scientists argue in their new book (The Hour) British naturalist Charles Darwin got it right, but maybe we got Darwin wrong. Most people assume that Darwin was talking about physical strength when referring to *survival of the fittest*, meaning that a tougher, more resilient species always will win out over its weaker counterparts. But what if he didn't mean that at all? Scientists Brian Hare and Vanessa Woods, both researchers at Duke University's Center for Cognitive Neuroscience, believe something else has been at work among species that have thrived throughout history, successfully reproducing to sustain themselves, and it has nothing to do with beating up the competition. Their new book, Survival of the Friendliest: Understanding Our Origins and Rediscovering Our Common Humanity , posits that friendly partnerships among species and shared humanity have worked throughout centuries to ensure successful evolution. Species endure -- humans, other animals and plants - they write, based on friendliness, partnership and communication. And they point to many life examples of cooperation and sociability to prove it. ``Survival of fittest, which is what everyone has in mind as evolution and natural selection, has done the most harm of any folk theory that has penetrated society,'' Hare says. ``People think of it as strong alpha males who deserve to win. That's not what Darwin suggested, or what has been demonstrated. The most successful strategy in life is friendliness and cooperation, and we see it again and again.'' ``Dogs are exhibit A. They are the extremely friendly descendants of wolves. They were attracted to humans and became friendly to humans, and changed their behavior, appearance and developmental makeup. Sadly, their close relative, the wolf, is threatened and endangered in the few places where they live, whereas there are hundreds of millions of dogs. Dogs were the population of wolves that decided to rely on humans - rather than hunting - and that population won big.'' In nature, for example, flowering plants attract animals to spread their pollen, forming a partnership that benefits both. ``The plants provide food and energy, while the animals provide transportation for the pollen,'' Hare says. [...] https://www.thehour.com/news/article/Friendliest-not-fittest-is-key-to-15419832.php [Tom Van Vleck suggests Darwin's statement is a tautology: the fittest are by definition the ones that survive! PGN] ------------------------------ Date: Thu, 16 Jul 2020 19:06:09 -0600 From: "Matthew Kruk" Subject: Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say intelligence agencies (CBC) A hacker group *almost certainly* backed by Russia is trying to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries. The Communications Security Establishment (CSE), responsible for Canada's foreign signals intelligence, said APT29 - also known as Cozy Bear and the Dukes - is behind the malicious activity. The group was accused of hacking the Democratic National Committee before the 2016 U.S. election. https://www.cbc.ca/news/politics/tunney-russia-alleged-attack-vaccine-canada-us-uk-1.5651697 [See also Julian E. Barnes, *The New York Times*, 17 July 2020, Hackers sought data from companies trying to eradicate coronavirus PGN] ------------------------------ Date: Fri, 17 Jul 2020 15:13:13 -0700 From: Lauren Weinstein Subject: Cloudflare DNS goes down, taking a large piece of the Internet with it (TechCrunch) https://techcrunch.com/2020/07/17/cloudflare-dns-goes-down-taking-a-large-piece-of-the-internet-with-it/ ------------------------------ Date: Sun, 19 Jul 2020 18:24:52 -0400 From: Gabe Goldberg Subject: Boeing's future is cloudy as it tries to restore credibility (WashPost) Boeing is also scrambling to prove it can fly astronauts safely to low Earth orbit. In December, a test flight of its Starliner spacecraft without any astronauts onboard ran into trouble as soon as it reached orbit. A software problem reminiscent of the issues with the 737 Max made the spacecraft think it was at a different point in the mission. As engineers moved to fix that problem, they uncovered another that could have caused the service module to collide with the crew module when they separated in flight. They were able to quickly send up a software fix to that problem so that the two modules separated cleanly. The problems prevented the spacecraft from docking with the International Space Station, and Boeing had to bring the spacecraft home after just two days. Since then, NASA and Boeing launched an investigation, and Boeing said it has better integrated its hardware and software teams, and has taken a hard look at its culture and processes. It's also reviewed all 1 million lines of code in the spacecraft ``resulting in increased robustness of flight software,'' the company said in a statement to The Post. [...] Nearly a decade after winning the Air Force contract to build a fleet of KC-46 Pegasus aerial refueling tankers, Boeing's assembly lines outside of Seattle have been busy. The company has delivered 34 of the planes so far. But the military has said it won't be able to use them for most missions until at least 2023 because of persistent technical flaws. The plane's boom, the long tube through which fuel is transferred, isn't flexible enough to safely link up with smaller jets. And the Defense Department's testing office has determined that the complex camera system that guides the boom into place isn't accurate enough. The Air Force also has repeatedly found trash, wrenches and other debris scattered inside newly delivered jets. http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx ------------------------------ Date: Sat, 18 Jul 2020 08:20:36 -0700 From: Lauren Weinstein Subject: Seven 'no log' VPN providers accused of leaking -- yup, you guessed it -- 1.2TB of user logs onto the Internet (The Register) https://www.theregister.com/2020/07/17/ufo_vpn_database/ [Gabe Goldberg noted this as well: VPN with 'strict no-logs policy' exposed millions of user log files including account passwords https://betanews.com/2020/07/15/ufo-vpn-data-leak/ PGN] ------------------------------ Date: Sun, 19 Jul 2020 15:32:35 -0400 From: Gabe Goldberg Subject: Outlook Woes: I have no email and I must scream (Computerworld) It turns out someone in Microsoft's quality assurance team (There is one, RIGHT!?) didn't bother to test the newest edition of Outlook with the latest version of Windows. I mean why would you want to check that e-mail, an application almost no one uses today, actually works with your main operating system?? The truth is there was never anything wrong with your PST files. Somehow, the combination of the newest versions of Outlook and Windows led to a total failure. The fix required you to manually edit your registry – always a fun job for a user who's miles away from the closest tech support staff. https://www.computerworld.com/article/3567355/outlook-woes-i-have-no-email-and-i-must-scream.html ------------------------------ Date: Sun, 19 Jul 2020 15:39:10 -0400 From: Gabe Goldberg Subject: The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD) By tearing down bootleg network switches, researchers found ample opportunity for malice -- but no signs of a backdoor this time. https://www.wired.com/story/counterfeit-cisco-switch-teardown/ ------------------------------ Date: Sat, 18 Jul 2020 10:32:02 -0400 From: Monty Solomon Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes) Before public health officials can manage the pandemic, they must deal with a broken data system that sends incomplete results in formats they can't easily use. https://www.nytimes.com/2020/07/13/upshot/coronavirus-response-fax-machines.html ------------------------------ Date: Sat, 18 Jul 2020 12:52:48 -0400 From: Monty Solomon Subject: The Role of Cognitive Dissonance in the Pandemic (The Atlantic) The minute we make any decision —- I think COVID-19 is serious; no, I'm sure it is a hoax -- we begin to justify the wisdom of our choice and find reasons to dismiss the alternative. https://www.theatlantic.com/ideas/archive/2020/07/role-cognitive-dissonance-pandemic/614074/ ------------------------------ Date: Thu, 16 Jul 2020 18:02:25 PDT From: "Peter G. Neumann" Subject: Machine Learning (MIT Tech Review) Machine learning is a black box. That makes it a double-edged sword? https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai?utm_source=pocket-newtab ------------------------------ Date: Sun, 19 Jul 2020 13:04:26 -0600 From: "Matthew Kruk" Subject: Re: The Dark Secret at the Heart of AI (RISKS-32.11) In 2016, a strange self-driving car was released onto the quiet roads of Monmouth County, New Jersey. The experimental vehicle, developed by researchers at the chip maker Nvidia, didn't look different from other autonomous cars, but it was unlike anything demonstrated by Google, Tesla, or General Motors, and it showed the rising power of artificial intelligence. The car didn't follow a single instruction provided by an engineer or programmer. Instead, it relied entirely on an algorithm that had taught itself to drive by watching a human do it. https://getpocket.com/explore/item/the-dark-secret-at-the-heart-of-ai ------------------------------ Date: Sun, 19 Jul 2020 11:04:29 +0300 From: Amos Shapir Subject: Re: An invisible hand: Patients aren't being told about the AI systems advising their care (RISKS-32.11) A somewhat apocryphal story I've heard (but now cannot verify), at the time when AI systems were just making their first steps in the world: A graduate student was tasked with generating an AI system to distinguish between benign and malignant cells in microscope images, for research at a local hospital. The hospital gave him a pile of images, and an oncologist doctor to help him decipher them. So they sat down, and the doctor started to go over the images, stating ``this is malignant, this is not, this is malignant...'' The student had to stop her ``but can you please explain a bit more about how you make the distinction?'' She looked at him sternly and said ``Look, young man; I've been doing this for 30 years now, and when I say it's malignant, it's malignant!.'' I hope AI systems had improved since then! [AI has actually improved, but the over-hyping has not? PGN] ------------------------------ Date: Sun, 19 Jul 2020 11:06:57 +0300 From: Amos Shapir Subject: Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11) It seems that the old principle is still valid: ``If you're not paying, you're not the customer, you're the merchandise.'' ------------------------------ Date: Sun, 19 Jul 2020 18:10:02 +0100 From: Chris Drewe Subject: Re: When tax prep is free, you may be paying with your privacy (RISKS-32.11) No such thing as a free lunch, as the saying goes. This has been the case for many other topics over the years; just from my memory: * Since I was a kid, garages have been offering ``have a free safety check on your car from us'', which makes cynics wonder how the 'free' offer is paid for. * Not sure if this is still the case, but in the UK banks often used to provide travel insurance as one of the benefits of holding an account, either 'free' or with a modest additional payment. Reportedly the problem is that this will likely be a minimum-cost generic policy which may not actually meet your needs and/or may have unexpected limitations, e.g. 'hazardous activities', which could be anything. If you've actually paid for your insurance, you're more likely to get what you wanted. * Historically, buying a house in the UK was strictly controlled; mortgages were generally only obtainable from building societies (non-profit organisations run like credit unions) and only proper lawyers could do conveyancing (handling the sale contract and title deed documents). In the early 1980s these controls were relaxed so loads of financial organisations now offer mortgages. As it happened, a work colleague was buying his first house at the time, and a common offer was ``if you get your mortgage from us we'll give you free conveyancing,'' but as he said, if you are paying for the lawyer yourself, you know who he/she is working for. * Businesses offering maintenance and repair work may offer fixed-price jobs, which appear to have the attraction of avoiding any nasty surprises with the bill, but I have a feeling that unexpected costs may be against your interests and in favour of the business, in the sense that the business will try to do the work as cheaply as possible as this is to their benefit, while they may be less inclined to put in any extra effort to deal with unexpected difficulties. ------------------------------ Date: Fri, 17 Jul 2020 18:33:28 +0800 From: Richard Stein Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11) The *bird strike* term labels a cruel and unfortunate incident in use since 1988 per https://en.wikipedia.org/wiki/Bird_strike. The FAA's wildlife strike reporting mechanism was a serendipitous discovery via web search query for *bird strike* while composing. I was surprised to learn of the reporting system's existence, and supposed a simple calculation of incident rate would inform the flying public. ------------------------------ Date: Fri, 17 Jul 2020 08:14:49 -0500 From: "Craig S. Cottingham" Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11) While I assume that the correspondent's tongue is planted in their cheek, I would like to point out that according to maritime rules of the road (and I would guess that aviation rules are similar), the more maneuverable craft is supposed to give way to the less maneuverable craft should their courses intersect. If I, operating a personal watercraft such as what is colloquially referred to as a *jet ski*, were mowed down by a Panamax-class container ship under the command of the correspondent, the latter would likely not be held responsible, as I should have given way to the bloody big fat and fast moving other vessel. (Removing *my* tongue from my cheek at this point.) ------------------------------ Date: Mon, 1 Jun 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.12 ************************