precedence: bulk Subject: Risks Digest 28.00 (28.98), Volume 28 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 28 : Issue 00 (98) FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 28 (11 Jun 2014 - 29 Sep 2015) (NOTE: This summary is archived in ftp file risks-28.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/28.00.html.) ---------------------------------------------------------------------- Date: Mon, 17 Nov 2014 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 28.00 SUMMARY OF RISKS VOLUME 28 (ongoing) (archived in ftp file risks-28.00) RISKS 28.01 Thursday 11 June 2014 Total Parenteral Nutrition software recall (Richard I Cook) A Computer Risk to Your Sleeping (jared gottlieb) Web browsing is copyright infringement, publishers argue (David Kravets via Dewayne Hendricks) When the Landline Is a Lifeline (Jon Brodkin via Dewayne Hendricks) IT pro gets 4 years in prison for sabotaging ex-employer's system (Chris Kanaracus via Monty Solomon) "Serious flaw in GnuTLS library endangers SSL clients and systems" (Lucian Constantin via Gene Wirchenko) Smart TVs subverted by radio attack (Michel Kabay) USDA and Submachine Guns: Latest Example of Mission Creep as Federal Policing Expands (Dave Farber) Computer passes Turing Test for first time by convincing judges it is a 13-year-old boy (Dante D'Orazio via Dewayne Hendricks) Would a Google car sacrifice you for the sake of the many? (David Weinberger via David Farber, Andrew Lippman) Internet Giants Erect Barriers to Spy Agencies (David Sanger and Nicole Perlroth via Lauren Weinstein) Cellphone operator reveals scale of government snooping (AP item via Lauren Weinstein) U.S. Marshals Seize Cops' Spying Records to Keep Them From the ACLU (Kim Zetter via Dewayne Hendricks) Why Are the US Marshals at the Center of All These Pen Registers? (emptywheel via David S. H. Rosenthal) Google Offers New Encryption Tool (Nicole Perlroth via Monty Solomon) "Redmond is patching Windows 8 but NOT Windows 7, say security bods" (Darren Pauli via Gene Wirchenko) EPIC reports Google to advertise on Nest thermostat, etc. (EPIC via Harry Hochheiser) FBI informant's role in cyberattacks by AntiSec (Prashanth Mundkur) RISKS 28.02 Thursday 12 June 2014 `Switch incompatibility' leads to two helicopter ditchings (Ian Chard) Interconnection of Three Previously Separated Networks in Boeing 737 (Joe Loughry) Feedly and Evernote attacked for ransom, Feedly still down (Lauren Weinstein) You shouldn't use a spreadsheet for important work (Daniel Lemire via Henry Baker) "Unofficial XP update has Microsoft up in arms" (Serdar Yegulalp via Gene Wirchenko) "Apple devices held hostage using Find My iPhone" (Loek Essers via Gene Wirchenko) Cell phones as TEMPEST analyzers (David Shamah via Olin Sibert) Contactless Credit Cards causing increase in crime (Jeremy Ardley) NSA: Our systems are so complex we can't stop them from deleting data wanted for lawsuit! (Dave Farber)J Turning everyone's home router into a WiFi hotspot (Jeremy Epstein) Comcast is turning your home router into a public WiFi hotspot (Henry Baker) Controlling Your Smart Home With One Hub (Molly Wood via Monty Solomon) "The FCC's Net neutrality plan is much worse than it looks" (Paul Venezia via Gene Wirchenko) Aereo wants a TV revolution, if the Supreme Court will let it (Scott Helman via Monty Solomon) 60 new state privacy laws in last 12 months (Robert Ellis Smith) International Snowden analysis report (Simon Davies) Re: Computer passes Turing Test ... (security curmudgeon, Tony Finch, Craig Burton) Risks of ignoring electrical utility energy storage history (Kelly Bert Manning) TrueCrypt.com reported compromised -- Caution Advised (Bob Gezelter) Re: real but not very valuable certs: was Forged SSL Certs (John Levine) Re: German Green Energy, also Car 'Dash Cams' (Anthony) Brute force attack actually selected plaintext? (Fred Cohen) Deadline Approaching - Call for Papers: LASER 2014 (Sean Peisert) RISKS Digest 28.03 Tuesday 17 June 2014 Danger: Robots Working (John Markoff and Claire Cain Miller) Yet another EMR debacle (Robert L Wears) AT&T: We need to buy DirecTV because U-verse TV is a failure (Ars Technica) "Woman creates fake Facebook profile, discovers niece wants to kill her" (Review Journal via Gene Wirchenko) "Google Chrome's experiment with killing URLs appears to be on hold" (Ian Paul) Losing the Key (Steven Kurutz via Monty Solomon) P.F. Chang's turns to vintage 1970s tech after credit card breach (Ars via Sean Peisert) "Apple devices held hostage using Find My iPhone" (Loek Essers) "Evernote hit by denial-of-service attack" (Tim Hornyak) "Tech giants finally grow a spine and resist NSA spying" (Bill Snyder) Sign of the Times: The Intimacy of Anonymity (Tim Wum) The Privacy Paradox, a Challenge for Business (Steve Lohr) Web Site with no Password Change Option (Richard Karash) Ars tests Internet surveillance-by spying on an NPR reporter (Sean Gallagher) "Here's One Big Way Your Mobile Phone Could Be Open To Hackers" (Steve Henn) Court Rules Warrantless Cell Tracking Unconstitutional (HuffPost via Dave Farber) Re: You shouldn't use a spreadsheet for important work (Bob Frankston, Walter Bushell) Re: Would a Google car sacrifice you for the sake of the many? (fred) Re: Turning everyone's home router into a WiFi hotspot (Anthonys Lists, Bill Gunshannon, John R. Levine, Bob Frankston, Chris Drewe) Re: Renewable energy and electricity storage (Chris Drewe) RISKS 28.03 Tuesday 17 June 2014 Danger: Robots Working (John Markoff and Claire Cain Miller) Yet another EMR debacle (Robert L Wears) AT&T: We need to buy DirecTV because U-verse TV is a failure (Ars Technica) "Woman creates fake Facebook profile, discovers niece wants to kill her" (Review Journal via Gene Wirchenko) "Google Chrome's experiment with killing URLs appears to be on hold" (Ian Paul) Losing the Key (Steven Kurutz via Monty Solomon) P.F. Chang's turns to vintage 1970s tech after credit card breach (Ars via Sean Peisert) "Apple devices held hostage using Find My iPhone" (Loek Essers) "Evernote hit by denial-of-service attack" (Tim Hornyak) "Tech giants finally grow a spine and resist NSA spying" (Bill Snyder) Sign of the Times: The Intimacy of Anonymity (Tim Wum) The Privacy Paradox, a Challenge for Business (Steve Lohr) Web Site with no Password Change Option (Richard Karash) Ars tests Internet surveillance-by spying on an NPR reporter (Sean Gallagher) "Here's One Big Way Your Mobile Phone Could Be Open To Hackers" (Steve Henn) Court Rules Warrantless Cell Tracking Unconstitutional (HuffPost via Dave Farber) Re: You shouldn't use a spreadsheet for important work (Bob Frankston, Walter Bushell) Re: Would a Google car sacrifice you for the sake of the many? (fred) Re: Turning everyone's home router into a WiFi hotspot (Anthonys Lists, Bill Gunshannon, John R. Levine, Bob Frankston, Chris Drewe) Re: Renewable energy and electricity storage (Chris Drewe) RISKS 28.04 Tuesday 24 June 2014 Bloomberg News index of stories on health RISKS (Ed Ravin) Badly engineered missile defense systems deployed ``because there was a rush'' (Gabe Goldberg) Various aircraft disappeared from controllers' purview (Reuters via PGN) Pervasive drone failures (Craig Whitlock via PGN) Is There a Crisis in Computer-Science Education? (Jonah Newman) Shortage of Cybersecurity Professionals: Risk to National Security (PhysOrg) Hong Kong electronic voting system cyber-attacked (SCMP via Lauren Weinstein, Gordon Peterson via Dave Farber) Wrong e-mail address: 35,000 student records misaddressed (danny burstein) London transport authority acknowledges contactless technology risk (Wm) "Murder in the Amazon cloud" (Paul Venezia via Gene Wirchenko) PKI Compromised on Blackberry 9900 Series Devices (Alan Boritz) Poorly anonymized logs reveal NYC cab drivers' detailed whereabouts (Ars Technica via Lauren Weinstein) Stingrays nab cellular activities (dan farmer) Free Wi-Fi from Xfinity and AT&T also frees you to be hacked (Sean Gallagher via Henry Baker) Hong Kong electronic voting system cyber-attacked (Christian Huitema via Dave Farber) Bank online banking garbles outgoing payments (danny burstein) Re: Trouble with firefox updates (Joe Durusau) RISKS 28.05 Thursday 26 June 2014 Norway abandons Internet voting experiments (PGN) Re: Hong Kong electronic voting system cyber-attacked (Steve Lamont) Major Ruling Shields Privacy of Cellphones (Adam Liptak) High Court Ruling On Search Warrants Is Broader Than Cellphones (NPR via NNSquad) Researchers Find/Decode Spy Tools Governments Use to Hijack Phones (Kim Zetter via Dewayne Hendricks) "Foolproof" system to authenticate bank customers by their voice (Michael Bacon) Did you know Equifax buys and sells real-time employment data? (Deborah Peel) "Privacy concerns loom over 'new' Google domain registration service" (Woody Leonhard via Gene Wirchenko) "Two months later, 300K servers still vulnerable to Heartbleed" (Ian Paul via Gene Wirchenko) Google Glass Snoopers Can Steal Your Passcode With a Glance (Andy Greenberg) "Researchers expect large wave of rootkits targeting 64-bit systems" (Gene Wirchenko) Re: Trouble with firefox updates (Dimitri Maziuk) RISKS 28.06 Saturday 5 July 2014 Train strikes car in Clifton after GPS leads driver onto tracks (Kathryn Brenzel via Gene Wirchenko) SSH keys lying around? (PGN) Movie Theaters Are Banning Google Glass Because They Don't Understand It (Will Oremus via Dewayne Hendricks) Buffer overflows in 20-year-old LZ decompression code (Don A. Bailey via Henry Baker) Unix "*" wildcards considered harmful (Henry Baker) Houston Astros victim of security breach (MLB via Jim Reisert) T-Mobile accused of making millions with bogus charges (Anne Flaherty via Monty Solomon) Corrupt personalization on Facebook (Christian Sandvig) Facebook purposely manipulated news feeds to experiment with users' emotions (*The Atlantic* via Lauren Weinstein) Facebook Tinkers With Users' emotions in News Feed Experiment, Stirring Outcry (Vindu Goel via Lauren Weinstein) No-IP's Formal Statement on Microsoft Takedown (Lauren Weinstein) Microsoft returns most domains it improperly confiscated ... (Lauren Weinstein) Microsoft Disconnects Me, a non-MS User, From My Hardware (Kent Borg) Re: Hong Kong electronic voting system cyber-attacked (Jonathan Kamens, Amos Shapir, Rogier Wolff) Re: Trouble with firefox updates (Carlos G Mendioroz, Alexander Klimov) Can the abuse, please: was Re: Trouble with firefox... (Steve McIntyre) RISKS 28.07 Tuesday 15 July 2014 14,000 Draft Notices Sent To Pennsylvania Men Born In 1800s (Doug Hosking) Birth control of the future could be activated with wireless remote (Sarah Gray via Henry Baker) Crypto weakness in smart LED lightbulbs exposes Wi-Fi passwords (Dan Goodin) Private crypto key stashed in Cisco VoIP manager allows network hijacking (Dan Goodin via Monty Solomon) FCC's awful website crashes on last day for initial net neutrality comments (Jon Brodkin via Lauren Weinstein) Pew Research: Global Opinions of U.S. Surveillance (Richard Forno) GCHQ hacks online polls (Glenn Greenwald via Henry Baker) Report: Rare leaked NSA source code reveals Tor servers targeted (Cyrus Farivar via Monty Solomon) Should hospitals investigate their patients? (danny burstein) Designing water slides is not the same as designing roller coasters (Ben Rothke) Female Cyber Sleuths Hack Into Silicon Valley's Boys Club" (Jordan Robertson) Site catalogues links being censored from Google by EU (Lauren Weinstein) The right to be forgotten will turn the Internet into a work of fiction (David Mitchell via Lauren Weinstein) WashPost: In NSA-intercepted data, those not targeted far outnumber the foreigners who are (Lauren Weinstein) Chinese Hackers Broke Into U.S. Personnel Networks, NYT Reports (AP via David Farber) Germany 'may revert to typewriters' to counter hi-tech espionage (Henry Baker) Re: Hong Kong electronic voting system ... (nick brown, Michael Bacon) Re: Unix "*" wildcards considered harmful (Dave Horsfall, PGN) RISKS 28.08 Saturday 19 July 2014 Dreams of rescuing a retired NASA probe come to an end (Tom Warren via Dewayne Hendricks) Lethal Weapon: The Self Driving Car (Steve Lamont) FRANCE: Blogger fined over review's Google search placement (BBC via Lauren Weinstein) Vint Cerf on The Colbert Report (Bill Daul) Boleto malware may lose Brazil $3.75bn (Chris J Brady) Disk-sniffing dogs find thumb drives, DVD's? (Katie Mulvaney via Henry Baker) Paid Android Wear apps don't work, thanks to DRM (Ron Amadeo via Monty Solomon) Goldman Sachs demands Google unsend one of its e-mails (Casey Johnston via Monty Solomon) Court-approved wiretaps defeating encryption, feds say (David Kravets via Monty Solomon) "Sex, spies, and the cloud: NSA revelations continue to weaken confidence" (David Linthicum via Gene Wirchenko) "Massachusetts high court orders suspect to decrypt his computers" (Cyrus Farivar via Gene Wirchenko) Congress is overdue in dealing with the cybersecurity threat (WashPost) "Better patch Flash: 'Rosetta Flash' attack can steal site cookies" (Serdar Yegulalp via Gene Wirchenko) Scholarly journal retracts 60 articles, smashes peer review ring (Fred Barbash via Henry Baker) It's Twitter vs. Free Speech, And Free Speech Is Losing - ReadWrite (Gabe Goldberg) "Microsoft zaps bogus SSL certs with emergency patch 2982792" (Woody Leonhard via Gene Wirchenko) "Horrifying confessions of a security sleuth" (Eric Knorr via Gene Wirchenko) Re: Unix "*" wildcards considered harmful (Gene Wirchenko, Michael Kohne, Dave Horsfall) Re: Facebook purposely manipulated news feeds to experiment with users' emotions (Bill Gunshannon) RISKS 28.09 Tuesday 22 July 2014 New online tracking method difficult to block (ProPublica via Suzanne Johnson) Travis County Developing Electronic Voting System With a Paper Trail (Andra Lim) Racy Photos Were Often Shared at NSA (Michael S. Schmidt) NASDAQ Network Intrusion Installed Attack Malware (Bob Gezelter) How to Flawlessly Predict Anything on the Internet (Lauren Weinstein) Exec. Order 12333: Yet another rule that lets NSA spy on Americans (John Napier Tye via Henry Baker) All your Apple iOS data is still available unencrypted (Dennis Fisher via Henry Baker) Domain Registry Of America Suspended By ICANN (Lauren Weinstein) Routing around insanity & mendacity (Henry Baker) Re: Unix "*" wildcards considered harmful (Lindsay Harris) Re: Disk-sniffing dogs find thumb drives, DVD's? (Barry Gold) Re: Lethal Weapon: The Self Driving Car (John Mainwaring) Risks of apps versus web browsers, deja vu (Rex Sanders) "New variant of malware, Gyges, can quietly exfiltrate government data" (Candice So via Gene Wirchenko) Calling All Hackers: Help Us Build an Open Wireless Router (David Farber) Stop Sneaky Online Tracking with EFF's Privacy Badger (EFF) Silver Bullet 100 launches 23 Jul 2014 (Gary McGraw) RISKS 28.10 Friday 25 July 2014 Something ... wrong with US Passport computers (danny burstein) How Big Telecom came to fear one Tennessee town (Lauren Lyster via geoff goodfellow) Smart grid hack worries to raise insurance rates? (Suzanne Johnson via Dave Farber) How Hackers Hid a Money-Mining Botnet in Amazon's Cloud (Andy Greenberg via Dewayne Hendricks) Re: How Hackers Hid a Money-Mining Botnet in Amazon's Cloud (Ross Stapleton-Gray) Black Hat conference Tor presentation canceled (Clay Wells via Dave Farber) Russian government offers huge reward for help unmasking anonymous Tor users (Lauren Weinstein) iOS devices are still safe -- from everybody except Apple and NSA (Serdar Yegulalp via Gene Wirchenko) When is a fire not a fire? (Michael Bacon) Re: Unix "*" wildcards considered harmful (John Levine) Re: Disk-sniffing dogs find thumb drives, DVDs? (Scott Miller) RISKS 28.11 Wednesday 30 July 2014 Harry R. Lewis, The Internet and Hieronymus Bosch (PGN) Right to be forgotten: Wikipedia chief enters Internet censorship row (Rowena Mason via Dewayne Hendricks) Comcast Used This 'Spooky' Propaganda to Kill Off a Local Internet Competitor (Vice via NNSquad) Software engineering and the lack thereof (Ken Shotting) Lawful Hacking: Using Existing Vulnerabilities for Wiretapping n the Internet (Henry Baker) Built for Speed: Designing Exascale Computers (Brian Hayes) "Another botched Microsoft patch: Office 365 ProPlus says 'Something went wrong' '' (Woody Leonhard via Gene Wirchenko) Spain's 'Google tax' could kill Facebook and Twitter (Sharecast) "Oracle's new database patch could cost you $23,000 per processor" (Serdar Yegulalp via Gene Wirchenko) Broadband bullies: Cable companies, lawmakers gang up on local providers (Caroline Craig via Gene Wirchenko) Thousands of sites compromised through WordPress plug-in vulnerability (Lucian Constantin via Gene Wirchenko) Re: Smart grid hack worries to raise insurance rates? (Geoffrey Keating, Steve Lamont, Geoffrey Keating) Re: Disk-sniffing dogs find thumb drives, DVDs? (John Rivard, Geoff Kuenning, Scott Miller) RISKS 28.12 Thursday 31 July 2014 'Big Brother' airport installs world's first real-time passenger tracking system (Soo Kim via Henry Baker) Federal review stalled after finding forensic errors by FBI lab unit spanned two decades (The Washington Post) NSA's Impact on the Economy, Internet Freedom & Cybersecurity (New America via Henry Baker) The NSA's Cyber-King Goes Corporate (Foreign Policy via Lauren Weinstein) EFF Releases Privacy Badger (Justin C. Klein Keane) Fouling the NEST; Who's roo(s)ting in your home? (Henry Baker) Tor Security Breach found from January to July 2014 (Bob Gezelter) "Surface Pro 3 problems linger despite three firmware patches in a month" (Woody Leonhard via Gene Wirchenko) "Android vulnerability allows malware to compromise most devices and apps" (Lucian Constantin via Gene Wirchenko) The Security of USB Is Fundamentally Broken (Andy Greenberg via Henry Baker) "Cyber criminals ride Google coattails in DDoS attacks" (Antone Gonsalves via Gene Wirchenko) "No patch yet for zero day in Symantec Endpoint Protection software driver" (Jeremy Kirk via Gene Wirchenko) "Privacy groups call for action to stop Facebook's off site user tracking plans" (Loek Essers via Gene Wirchenko) When Web Experiments Violate User Trust, We're All Victims (Lauren Weinstein) "I accidentally started a Wikipedia hoax" (Daily Dot) When Web Experiments Violate User Trust, We're All Victims (Lauren Weinstein) "Why are fraudsters targeting your child's identity?" (Lindsey Boerma via Gene Wirchenko) Re: Built for Speed: Designing Exascale Computers (Gene Wirchenko) Re: Disk-sniffing dogs find thumb drives, DVDs? (Tom Russ, Henry Baker) RISKS 28.13 Tuesday 5 August 2014 Canada: China hacked into National Research Council computers (Larry Werring) CIA admits to spying on Senate (TheHill via David Farber) Driverless cars and speed limits (Michael Bacon) Tappan Zee Bridge: Left Coast Lifter gets tech upgrade? (Theresa Juva-Brown via Gene Wirchenko) "The EPA doesn't know what clouds it has -- and neither do you" (David Linthicum via Gene Wirchenko) BBC: Russia enacts 'draconian' law for bloggers and online media (Lauren Weinstein) Chinese Communist Party-Backed Tech Giants Bring Censorship To The Global Stage (Techcrunch via NNSquad) It's Legal to Unlock Your Cell Phone (*The White House* via Dave Farber) How safe are your quantified selfies? (Symantec item via Henry Baker) Google scans your e-mail for child porn, and reports to law enforcement when it finds same (Herb Lin via Dave Farber) The Visual Microphone: Passive Recovery of Sound from Video (YouTube via NNSquad) Forget "Heart Bleed"; meet "Heart Rate" (Henry Baker) Re: 'Big Brother' airport installs world's first ... (Adam Shostack, Rob Bailey) Re: Fouling the NEST; Who's roo(s)ting in your home? (Alister Wm Macintyre) Re: Smart grid hack worries to raise insurance rates? (Brian Inglis) RISKS 28.14 Thursday 7 August 2014 Computer Programming Is a Trade; Let's Act Like It (Christopher Mims) Expanding the Breadth and Impact of Cybersecurity and Privacy Research (NSF via ACM TechNews If you like NSA, Facebook & Google, you're gonna love Singapore (Shane Harris via Henry Baker) "User beware: That mobile app is spying on you" (Bill Snyder via Gene Wirchenko) "Network-attached storage devices more vulnerable than home routers" (Lucian Constantin via Gene Wirchenko) "Most USB thumb drives can be reprogrammed to infect computers" (Lucian Constantin via Gene Wirchenko) "The battle against stupid software patents is on" (Bill Snyder via Gene Wirchenko) Smart Meters / Sask Power / BC Hydro (Mark Fraser) Change your passwords- big data breach: Russian Gang Amasses Over a Billion Internet Passwords (geoff goodfellow) "Is your Dropcam live feed being watched by someone else?" (Jeremy Kirk via Gene Wirchenko) Wikipedia announces a page detailing Wikipedia pages censored by EU Right To Be Forgotten (Lauren Weinstein) Re: Google scans your e-mail for child porn and reports to law enforcement when it finds same (Alister Wm Macintyre) Re: Fouling the NEST; Who's roo(s)ting in your home? (Eric Sosman) RISKS 28.15 Monday 11 August 2014 Cybersecurity as Realpolitik: Black Hat keynote (Dan Geer) RISKS 28.16 Tuesday 12 August 2014 Drone crashes into famed hot spring at Yellowstone National Park (Laura Zuckerman via Gene Wirchenko) Hackers Unveil Their Plan To Change E-mail Forever (Denver Nicks via Steve Goldstein) Russian Hackers Amass Over a Billion Internet Passwords (Perlroth/Gelles) via Monty Solomon) Re: Breach of 1.2 billion user names and passwords (Tice DeYoung via DF) Visit the Wrong Website, and the FBI Could End Up in Your Computer (Kevin Poulsen via Herb Lin) Russia demands Internet users show ID to access public Wifi (Reuters via Lauren Weinstein) Re: Russia+US demand users show ID to access public facilities (John Gilmore) Voice Recognition Still a Top Complaint, Study Says (Monty Solomon) NSA Is Funding a Project to Roll All Programming Languages Into One (David Farber) "On sale: False sense of Internet security, for the low, low price of $120" (Gene Wirchenko) New Site Recovers Files Locked by CryptoLocker Ransomware (Krebs via Lauren Weinstein) Top Geer: Re: Cybersecurity as Realpolitik (Henry Baker) Re: Google scanning e-mail for child porn (Michael Kohne, Michael Kohne replying to Herb Lin) Re: Computer Programming Is a Trade; Let's Act Like It (Gene Spafford, Fredric Rice) Spoofed Called ID (marty) MUST NOT say "***** REBOOT LINUX *****" before safe to do so (Dan Jacobson) RISKS 28.17 Thursday 14 August 2014 Pilot's artificial arm became detached while landing plane (Doug Hosking) Hacking commercial-aircraft SATCOM systems at Black Hat (Peter Bernard Ladkin) In UK, Experimenting With Heart Attack Victims Without Consent (Lauren Weinstein) BGP hijack steals $89K of BitCoins (Drew Dean) BGP Routing Table Size Limit Blamed for Tuesday's Website Outages (DCK via Lauren Weinstein) Companies Are Pushing Women Out Of Engineering Jobs (Bruce Covert via Dewayne Hendricks) How hackers used Google to steal corporate data (Antone Gonsalves via Gene Wirchenko) The US Intelligence Community has a Third Leaker (Bruce Schneier) Story in *Wired* by James Bamford (David Farber) Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously (David Farber, Peter Trei, Gene Spafford) Snowden: US developed dangerous cyberwar tool, hacked Chinese hospitals and knocked Syria offline (David Meyer via Dewayne Hendricks) NSA was responsible for 2012 Syrian Internet blackout (Snowden via Henry Baker) As Data Overflows Online, Researchers Grapple With Ethics (Monty Solomon) Millions of PCs Affected by Mysterious Computrace Backdoor (Brian Donohue via Gene Wirchenko) The biggest iPhone security risk could be connecting one to a computer (Jeremy Kirk via Gene Wirchenko) "4 cloud horror stories -- and how to survive them" (Gene Wirchenko) Some taking a hard line against paying by E-ZPass (Martine Powers via Jim Reisert) Re: Computer Programming Is a Trade; Let's Act Like It (Max Timchenko, Jeremy Epstein) Re: Russian Hackers Amass Over a Billion Internet Passwords (Scott Miller) Re: Google scanning e-mail for child porn (Dimitri Maziuk, Mark Fineman) RISKS 28.18 Monday 18 August 2014 Human cryptography is the key to online voting (Xavier Boyen) Vote! You Just Might Win $50,000 (Lauren Weinstein) E-mail Is Still the Best Thing on the Internet (*The Atlantic*) What caused today's Internet hiccup & how stable is the Internet? (bgpmon via geoff goodfellow) Smarter than Siri: Viv promises a truly intelligent assistant (Caroline Craig via Gene Wirchenko) Pervasive Medicare Fraud Proves Hard to Stop (Abelson/Lichtblau) Humans Need Not Apply, and Robot Swarms (Rodney Van Meter via Dave Farber) In Exposing Followers, Medium Fails Readers (ReadWrite via Lauren Weinstein) Community Health Systems hacked. 4.5M Records with PII compromised (Bob Gezelter) Shaw Star Market Admit Credit Card Data Breach (Monty Solomon) EFF Cell Phone Guide For US Protesters, Updated 2014 Edition (EFF) Re: Informed consent for resuscitation trials (Robert R. Fenichel) Re: Meet MonsterMind, the NSA Bot That Could Wage Cyberwar (Peter Houppermans) Re: Some taking a hard line against paying by E-ZPass (Chris Drewe, Scott Miller) Re: Breach of 1.2 billion user names and passwords (Barry Gold) Re: Computer Programming Is a Trade; Let's Act Like It (Richard A. O'Keefe) Re: Cybersecurity as Realpolitik: Black Hat keynote (Barry Gold) Re: NSA Is Funding a Project to Roll All Programming Languages Into One (Amos Shapir) Re: Google scanning e-mail for child porn (Bob Brown) RISKS 28.19 Thursday 21 August 2014 Computer Eyesight Gets a Lot More Accurate (John Markoff via Dewayne Hendricks) This chart shows the world's Internet usage shifting to smartphones (Jon Russell via Dewayne Hendricks) Hacking Traffic Lights is Amazingly Really Easy (David Farber) How to Save the Net: Don't Give In to Big ISPs (Reed Hastings via NNSquad) Customer data may have been exposed by malware at UPS stores in 24 states (HuffPost via David Farber) Leaked Docs Show Spyware Used to Snoop on U.S. Computers (Propublica via Monty Solomon) Google Map Tracks Your Every Move. Check Your 'Location History' to Verify It (David Farber) Microsoft yanks botched Black Tuesday patches KB 2982791, KB 2970228, KB 2975719, and KB 2975331 (Woody Leonhard via Gene Wirchenko) Re: Pervasive Medicare Fraud Proves Hard to Stop (Abelson/Lichtblau via Kevin Fu) Re: Human cryptography is the key to online voting (Lyndon Nerenberg) Re: Lawful Hacking ... (Eric Amick) Re: Google scanning e-mail (Dimitri Maziuk) Re: Some taking a hard line against paying by E-ZPass (Stephen Bryant) Re: Cybersecurity as Realpolitik: Black Hat keynote (Alister Wm Macintyre) Re: Breach of 1.2 billion user names and passwords (Alister Wm Macintyre) RISKS 28.20 Sunday 24 August 2014 A Better Credit Card (NYT) U.S. finds hacker tool "Backoff" widespread (Nicole Perlroth) Re: Cyberattack that hit Target affecting 1,000 US businesses (Bob Frankston) The New Editors of the Internet (Dan Gillmor via Dewayne Hendricks) Reverse-engineering censorship in China: Randomized experimentation and participant observation (David Farber) CyberSec Coordinator Tells Why Lack of Tech Know-How Helps (Henry Baker) Asimov's Three Laws of Robotics Supplemented for 21st Century Care Robots (Peter Dunn via ACM TechNews) Read This: "How Verizon lets its copper network decay to force phone customers onto fiber" (Ars Technica) Re: Hacking Traffic Lights is Amazingly Really Easy (Edward Vielmetti) "Many Chrome browser extensions do sneaky things" (Jeremy Kirk via Gene Wirchenko) Hands On with the HTC One M8 for Windows: The first OS-agnostic phone (Ars Technica via Bob Frankston, Farooq Butt) Google: "That's not the download you're looking for..." (Lauren Weinstein) Re: Google Map Tracks Your Every Move ... (Dimitri Maziuk, Jonas M Luster) Re: Vote! You Just Might Win $50,000 (Mark Thorson) RISKS 28.21 Tuesday 26 August 2014 Satellite in wrong orbit / digitalization disaster (Debora Weber-Wulff) Hackers Divert Sony Exec's Plane, Launch DoS Attack on PlayStation Network (Marc Schneider via Deborah Newman) Researchers demo 92% success rate in hacking smartphone apps (Sean Nealon via Geoff Goodfellow) A Single Android App Is Crippling the Nat'l Weather Service's Website (David Farber) "Facebook patching vulnerability that could force iPhones to make calls" (Candice So via Gene Wirchenko) "Netcore, Netis routers at serious risk from hardcoded passwords" (Jeremy Kirk via Gene Wirchenko) The Surveillance Engine: How the NSA Built Its Own Secret Google (Ryan Gallagher) Hands Up, Don't Snoop! (Henry Baker) CyberSec Coordinator Tells Why Lack of Tech Know-How Helps (Don Norman) Re: Google Map Tracks Your Every Move ... (Devon McCormick) Re: Computer Programming Is a Trade; Let's Act? (Ed Ravin) Re: This is what the future of a drone-filled America could look like (David Josephson) Re: A Better Credit Card (David E. Ross) Re: Vote! You Just Might Win $50,000 (R. G. Newbury) RISKS 28.22 Wednesday 27 August 2014 Dutch bank to enable money transfers via Facebook and text messages (Peter Fokker) Time Warner Cable online after widespread Net outage (Molina and Snider via Jim Reisert) What are wi-fi connections revealing about you? (BBC News via Brian Randell) TWC botched 'maintenance' could set off MonsterMind? (Henry Baker) Discovery of backups for `missing' Lois Lerner IRS e-mail (Henry Baker) Securing the (Profits of) the US Electrical Grid -- against Tesla & solar panels (Henry Baker) Re: CyberSec Coordinator Tells Why Lack of Tech Know-How Helps (Henry Baker) Re: Digitalization Disaster (Dan Geer) RISKS 28.23 Thursday 28 August 2014 Why Internet voting is a very dangerous idea (Marc Ambinder via PGN) Denmark's most devastating hacker attack (zapkatakonk1943) JPMorgan and Other Banks Struck by Cyberattack (Monty Solomon) Feds warn first responders of dangerous hacking tool: Google Search (Sean Gallagher) "Microsoft ships replacement patch KB 2993651 with two known bugs" (Woody Leonhard via Gene Wirchenko) Stealing Encryption Keys Through the Power of Touch (Peter Bright) The Future Could Work, if We Let It (Matthew Kruk) Leaving Money and Privacy on the Table (Adam Tanner via Monty Solomon) Why zero-day bounties won't secure the Internet (Henry Baker) Regarding Tesla's cash cow (danny burstein) Baker's doesn't? (via PGN) RISKS 28.24 Wednesday 4 September 2014 Squirrels are now performing coordinated attacks (Jerry Saltzer) Software errors in Galileo Satellites (Debora Weber-Wulff) Computer Glitch Voids 17K Red Light Tickets in NJ (Monty Solomon) Stars' Nude Photos (Zeb Eckert and others, via Gabe Goldberg) Bar exam software failure sets off wave of lawsuits (Gabe Goldberg) Hackers Build a Skype That's Not Controlled by Microsoft (Klint Finley) Salem College professor Spring-Serenity Duvall banned students from e-mailing and got more engagement from class. (Carl Straumsheim) Staged Blackout Drills (Dick Mills) JPMorgan and Other U.S. Banks Are Hit by Hackers (*TheNYTimes*) JPMorgan Hack Spanned Months Via Multiple Flaws (Blookberg via Henry Baker) An Iranian Grand Ayatollah Issues Fatwa Stating High-Speed Internet is Sharia (Lauren Weinstein) California Governor signs law requiring a kill switch on smartphones (Monty Solomon) Another Target Credit Card problem (Tim Duncan) Home Depot investigates potential hacking of credit card data (Robert Lemos via Monty Solomon) Long memories can be a pain (Paul Wallich) "CryptoWall held over half a million computers hostage, encrypted 5 billion files" (Lucian Constantin via Gene Wirchenko) "Reconnaissance code on industrial software site points to watering hole attack" (Lucian Constantin via Gene Wirchenko) Re: zero-day bounties (jericho) Re: Feds warn first responders of dangerous hacking tool (Scott Miller) Re: Why Internet voting is a very dangerous idea (Ken Shotting, John Stanley, Mike Jeays, Jay Ashworth) Re: Regarding Tesla's cash cow (Ivan Jager, Anthony) Re: Stealing Encryption Keys Through the Power of Touch (Anthony Thorn) Paper on novel technologies and slow diffusion of information (Andrew Odlyzko) Quantum Networking book published (Rodney Van Meter) RISKS 28.25 Tuesday 9 September 2014 Space station launches satellites without permission (Irene Klotz via Paul Saffo) Hacker Breached HealthCare.gov Insurance Site (Monty Solomon) Hackers Breach Security of a Health Exchange Server (Monty Solomon) UCLA, Cisco & more join forces to replace TCP/IP (Lauren Weinstein) Kill switches for weaponry (Jonathan Zittrain) Fake cell towers discovered (PGN) BBC: ISPs should assume that heavy VPN users are pirates (Lauren Weinstein) "Apple iCloud backup quirk could have allowed hackers to access 'deleted' files" (John E. Dunn via Gene Wirchenko) Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Brian X. Chen via Monty Solomon) Redactions in U.S. Memo Leave Doubts on Data Surveillance Program (Monty Solomon) Online Privacy: Maybe Not So Unreasonable, After All (NYT via Monty Solomon) "Data shows Home Depot breach could be largest ever" (Jaikumar Vijayan via Gene Wirchenko) "Data shows Home Depot breach could be largest ever" (Jaikumar Vijayan) "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard via Gene Wirchenko) GM to Introduce Hands-Free Driving in Cadillac Model (Gabe Goldberg, Phil Smith III) Re: Software errors in Galileo Satellites (Erling Kristiansen) Re: Regarding Tesla's cash cow (Richard I Cook, Erling Kristiansen) Huffington continues trying to "disappear" their discredited "email creator" series (Lauren Weinstein) "Why Is Huffington Post Running A Multi-Part Series To Promote The Lies Of A Guy Who Pretended To Invent Email?" (Techdirt via Lauren Weinstein) Re: zero-day bounties (Henry Baker) Live Webinar: Building a Software Security Initiative (Cigital) RISKS 28.26 Thursday 11 September Nancy Pelosi urges FCC to reclassify broadband as a utility (Verge) "Microsoft patch KB 2918614 triggers 'key not valid for use,' more errors" (Woody Leonhard via Gene Wirchenko) Apple - Update to Celebrity Photo Investigation (Monty Solomon) Apple Announces Apple Pay (Monty Solomon) iPod classic is dead, and the 30-pin connector along with it (Casey Johnston via Monty Solomon) Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Kurt Seifried) Amazon's Fire Phone falls to 99 cents on a two-year contract (Roy Amadeo via Monty Solomon) Feds say NSA "bogeyman" did not find Silk Road's servers (David Kravets via Monty Solomon) AT&T/Verizon say 10Mbps is too fast for "broadband," 4Mbps is enough (Jon Brodkin via Monty Solomon) Penalty for driving while texting in Long Island-a disabled cell phone (David Kravets via Monty Solomon) NOBUS BOGUS: "Do You Feel Lucky, Punk?" (Henry Baker) The Case for Resign Switches for Politicians (Henry Baker) "Predictive" Technology Used to ID Troubled Cops (Henry Baker) Re: GM to Introduce Hands-Free Driving in Cadillac Model (Gabe Goldberg) Re: This chart shows the world's Internet usage shifting to smartphones (Rodney Van Meter) RISKS 28.27 Monday 15 September 2014 Lessons for the Future: Harvard Computer Science intro course (ACM TechNews) Lessons From the Past for a Future in Smart Cars (Monty Solomon) Steve Jobs Was a Low-Tech Parent (Nick Bilton via Monty Solomon) Software glitch sends regular Colorado driver's licenses to immigrants (Kirk Mitchell via Jim Reisert) NFL's finicky WiFi connections frustrate some coaches (David Tarabar) Airlines Take the Bump Out of Turbulence (Monty Solomon) Trying to Hit the Brake on Texting While Driving (Monty Solomon) NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide (Bruce Schneier) The Mystery of Apple Watch's Battery Life (*NYTimes* via Monty Solomon) iPwned: How easy is it to mine Apple services, devices for data? (Ars Technica via Monty Solomon) Banks Did It Apple's Way in Payments by Mobile (Monty Solomon) Senator demands US courts recover 10 years of online public records (David Kravets via Monty Solomon) How the cybercrime industry fueled Target breach (Jeff Marganteen) After e-mail takeover, copycats demand cash to expose Bitcoin's creator (Ars Technica via Monty Solomon) US gov't threatened Yahoo with $250K daily fine if it didn't use PRISM (Ars Technica via Monty Solomon) Supreme Court ruling has wiped out 11 "do it on a computer" patents so far (Ars Technica via NNSquad) Turning the tables on "Windows Support" scammers by compromising their PCs (Ars Technica via Monty Solomon) Google Play and lack of version numbers (Dan Jacobson) Canon printers `Doom'ed (Henry Baker) Analysis Of Volunteer's Metadata Stream Reveals His Life In Detail, Allows Passwords To Be Guessed (TechDirt via Kenneth R. Mayer Jr.) Keep Your Data Yours While Traveling (Monty Solomon) "Privacy Commissioner unearths apps demanding too many permissions" (Candice So via Gene Wirchenko) 60 percent of apps fail basic privacy tests, finds international cross-governmental study (geoff goodfellow) Re: Apple Says It Will Add New iCloud Security Measures After Celebrity Hack (Steven Klein) Re: The Case for Resign Switches for Politicians (Michael Kohne) Re: zero-day bounties (Paul Edwards) RISKS 28.28 Tuesday 30 September 2014 There's not a creativity deficit in science (Chris Lee via Dewayne Hendricks) "6 challenges 3D printing has yet to overcome" (Anna Gale via Gene Wirchenko) Bug in Bash shell creates big security hole on anything with *nix in it (Lauren Weinstein) New wiretap resistance in iOS 8? (John Gilmore) Re: Wanted: Astronomer with Top Secret Clearance (Whitfield Diffie) Android L will have device encryption on by default (Monty Solomon) Hack runs Android apps on Windows, Mac, and Linux computers (Ars via Monty Solomon) iOS 8: 'Wave' Wireless Microwave Charging Feature for iPad and iPhone is Not Real (Monty Solomon) iOS 8's iCloud Drive reveals the dark side of empowered users (Gene Wirchenko) Reports suggest the iPhone 6 and 6 Plus may bend in your pocket (Andrew Cunningham via Monty Solomon) Russia to be disconnected from the Internet? (Lauren Weinstein) Court blasts US Navy for scanning civilians' computers for child porn (Monty Solomon) Giant MQ-4C Triton surveillance drone flies across the United States (Monty Solomon) "Feds seek expanded PC hacking powers for criminal investigations" (Serdar Yegulalp via Gene Wirchenko) Texas man must pay $40.4M for running Bitcoin-based scam (Ars) US courts agree to restore 10 years of deleted online public records (Ars) FAA bars drone from delivering game ball to college football matchup (Ars) iFixit tears new iPhones apart, finds they're pretty easy to fix (Ars) A not-so-friendly reminder from the gov't: Yelp is not for kids (Ars) Comcast calls rumor that it disconnects Tor users `wildly_inaccurate' (Ars) Apple puts up support page to get U2 album out of your iTunes (Ars) Bill would limit reach of US search warrants for data stored abroad (Ars) Why big data evangelists should be sent to re-education camps (Farooq Butt) The Internet of Thugs (Henry Baker, Jonathan Zittrain) Allow Full Access for "SwiftKey" Keyboards? (Gabe Goldberg) Re: Software ... sends ... Colorado driver's licenses to immigrants (Amos Shapir) Re: zero-day bounties (Patrick O'Beirne) MiniReview: The Design and Implementation of the FreeBSD Operating System by McKusick, Neville-Neil, and Watson (PGN) REVIEW: Georgia Weidman: Penetration Testing (Richard Austin) RISKS 28.29 Thursday 9 October 2014 Remote automobile shutdown shuts down emergency-room visit (Gabe Goldberg) TripAdvisor's Viator card data breach affects 1.4M customers (Dave Farber) Shellshock DHCP RCE Proof of Concept (Gene Wirchenko) 'Spike' toolkit seeks routers, Internet of things for DDoS botnet (Antone Gonsalves via Gene Wirchenko) Apple pulls back first update to iOS 8 (Brian Jackson via Gene Wirchenko) World's #1 champion most complicated password requirements (Dan Jacobson) Fast Lane, Slow Lane -- "No Lane" -- End Game in Telecommunications (Dewayne Hendricks) California Amends Data Breach Notification Law (Dan Appelman) The NSA's Yada Yada Bytes (Henry Baker) Holder urges tech companies to leave device backdoors open for police (Craig Timberg via Henry Baker) "LTE Direct": Is that a Stingray in your pocket, or are you just happy to see me? (Henry Baker) *A Question of DNS Protocols* (Geoff Huston via PGN) FDA workshop on medical device security (Kevin Fu) RISKS 28.30 Thursday 23 October 2014 Texas Hospital blames software for ebola error (Fox/Johnson via Paul Saffo) Release of Dallas ebola patient due to user interface error (Politico via Jeremy Epstein) Risks of EHR software and ebola, what could possibly go wrong? (Kevin Fu) Safeguarding implanted medical devices. Or at least... (danny burstein) FDA final guidance on cybersecurity in pre-market submissions (Kevin Fu) FDA: Medical device cybersecurity necessary, but optional (Monty Solomon) Amtrak Reservations System outage (Jim O'Donnell) Should Airplanes Be Flying Themselves? (William Langewiesche via Bob Frankston) Driving with voice-activated infotainment is really distracting (Megan Geuss via Monty Solomon) Google Glass "no safer" than phones for texting while driving (Katie Collins via Monty Solomon) Y2K redux: Why thousands of 911 calls got lost (Jeremy Epstein) This is what happens when 911 fails (Colin Lecher via Monty Solomon) The Delusions of Big Data and Other Huge Engineering Efforts (Michael Jordan via Prashanth Mundkur) The NSA and Me, James Bamford (Monty Solomon) Retired NSA Technical Director Explains Snowden Docs (John Young) Dozens of European ATMs rooted, allowing criminals to easily cash out (Robert Lemos via Monty Solomon) Donald MacKenzie on high-frequency trading (Prashanth Mundkur) Video Poker Exploitable Bug (Chuck Weinstock) Firedrive has gone down taking millions of files with it (Chris J Brady) Firedrive has gone down: more (Chris J Brady) Facebook Promises a Deeper Review of Its User Research (Monty Solomon) After blocking personal hotspot at hotel, Marriott to pay FCC $600K (Cyrus Farivar via Monty Solomon) AT&T's congestion magically disappears when it's signing up new customers (Jon Brodkin via Monty Solomon) Price of Bitcoin tumbles (Monty Solomon) At 650% interest, that online payday loan is a steal (Ars Technica) "Windows 9 Reportedly Skipped as Name Would Have Created Code Bugs" (Jason Mick via Gene Wirchenko) Risks of daylight saving (Dave Horsfall) Re: Remote automobile shutdown shuts down emergency-room visit (Kurt Seifried, Dick Mills) Re: Software sends Colorado driver's licenses to immigrants (Dan Geer) Re: *A Question of DNS Protocols* (PGN) RISKS 28.31 Friday 24 October 2014 Audi Recalls 850,000 Cars Over Airbag Software Flaw (NYT via Monty Solomon) Feds examining medical devices for fatal cybersecurity flaws (David Kravets via Monty Solomon) NOAA is having major weather satellite data feed issues (danny burstein) Belkin routers around the globe unable to connect to the Internet (Myce) India probes identity card for monkey god Hanuman (BBC via Prashanth Mundkur) Machine Tasked with Getting Rid of Spam Could End Humanity (Elon Musk) The Exascale Revolution (Tiffany Trader) Dangers of an IT monoculture (Robert L Wears) IoT as a Hazard: Smart Meters prove vulnerable (Bob Gezelter) Hackers' Attack Cracked 10 Financial Firms in Major Assault (NYT) Cyberattack on JPMorgan Raises Alarms at White House and on Wall Street (NYT) The Unpatchable Malware That Infects USBs Is Now on the Loose (Andy Greenberg) ComputerCOP: dubious "Internet Safety Software" given to US families (Ars) iOS 8.1 plugs security hole that made it easy to install emulators (Kyle Orland) "Cisco, Oracle find dozens of their products affected by Shellshock" (Lucian Constantin) "Mayhem malware spreads through Linux servers via Shellshock exploits" (Lucian Constantin) Bug in Bash shell creates big security hole on anything with *nix in it (Brett Mahar) Samsung printer sniffers (David Lesher) Twitter Sues U.S. Government Over Data Disclosure Rules (Monty Solomon) Dozens of European ATMs rooted, allowing criminals to easily cash out (Robert Lemos) Using new Corvette's valet-recording tech could be a felony in some states (Megan Geuss) "The Dark Market for Personal Data" (Frank Pasquale) "Patent trolls have one fewer legal loophole to hide behind" (Simon Phipps via Gene Wirchenko) The "he said, she said" of how the FBI found Silk Road's servers (Ars) New York City orders Bluetooth beacons in pay phones to come down (Ars) Seeing where the last taxi passenger went (Jeremy Epstein) JPMorgan Discovers Further Cyber Security Issues (Monty Solomon) 7 million Dropbox username/password pairs apparently leaked (Ars) Russia's Sandworm Hack Spying on Foreign Governments for Years (WiReD) Google report on EU "right to be forgotten" requests (Lauren Weinstein) This POODLE bites: exploiting the SSL 3.0 fallback (Google) Re: Firedrive and Cloudflare (Jay Grizzard) Re: Firedrive has gone down taking millions of files with it (Henry Baker) RISKS 28.32 Friday 31 October 2014 Rocket Heading to International Space Station Explodes; No One Is Hurt (NYT via Monty Solomon) Dallas hospital alters account of failure to diagnose first US Ebola case (David Tarabar) Cars become uninsurable due to their weak security (Jeremy Epstein) HP accidentally signed malware, will revoke certificate (Ars) Clueless FBI sabotages its own anti-encryption campaign (Caroline Craig) FBI director says Chinese hackers are like a "drunk burglar" (Ars) Report Reveals Wider Tracking of Mail in U.S. (NYT via Monty Solomon) ComputerCOP: dubious "Internet Safety Software" given to US families (Ars via NNSquad) Adobe is Spying on Users, Collecting Data on Their eBook Libraries; Adobe Responds to Reports of Their Spying, Offers Half Truths and Misleading Statements (Nate Hoffelder via Gene Wirchenko) Adobe tracks your e-book reading habits -- sends logs in plain text (Ars) Bugzilla 0-day can reveal 0-day bugs in OSS giants such as Mozilla and Red Hat (Ars) White hat claims Yahoo and WinZip hacked by "shellshock" exploiters (Ars) Severe Security Problem in Drupal 7.x (Bob Gezelter) Chip&Pin^H^H^HDip: Replay It Again Sam (Henry Baker) Apple will face $350M trial over iPod DRM (Ars) Apple updates definitions to prevent "iWorm" botnet malware on Macs (Ars) APPLE-SA-2014-09-29-1 OS X bash Update 1.0 (Monty Solomon) APPLE-SA-2014-09-23-1 OS X: Flash Player plug-in blocked (Monty Solomon) "One week after patch, Flash vulnerability already exploited in large-scale attacks" (Lucian Constantin) 2 Drug Chains Disable Apple Pay, as a Rival Makes Plans (NYT) Apple Pay Runs Afoul of MCX, a Group With a Rival Product (Monty Solomon) Hackers swipe e-mail addresses from Apple Pay-competitor CurrentC (Ars) How Apple Pay and Google Wallet actually work (Ars Technica) Reddit-powered botnet infected thousands of Macs worldwide (Sean Gallagher) Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7 (Andrew Cunningham) Shellshock fixes beget another round of patches as attacks mount (Andrew Cunningham) Executing the Messenger (Henry Baker) Even a built-in keylogger! -- "Microsoft's Windows 10 has permission to spy on you!" (Techworm) More on Windows 10 /preview/ data collection (Lauren Weinstein) "Four more botched Microsoft patches (Woody Leonhard) "Microsoft yanks botched patch KB 2949927, re-issues KB 2952664" (Woody Leonhard) "Microsoft warns users to kill botched KB 2949927 patch" (Woody Leonhard) "Microsoft misses Windows bug, hackers slip past patch" (Gregg Keizer) Windows Update intentionally destroys chips (Brian Benchoff via Henry Baker) Re: Windows 9 Reportedly Skipped as Name Would Have Created Code Bugs (Mark Thorson) "12 surprising ways personal technology betrays your privacy" (Andy Patrizio) "Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws" (Lucian Constantin) Adobe's e-book reader sends your reading logs back to Adobe -- in plain text (Sean Gallagher) DHS No Longer Needs Permission Slips to Monitor Other Agencies' Networks (Henry Baker) The NSA has no interest in protecting you & me (Henry Baker) Law Lets I.R.S. Seize Accounts on Suspicion, No Crime Required (Monty Solomon) How Facebook Is Changing the Way Its Users Consume Journalism (Monty Solomon) Re: where last passenger went (Dimitri Maziuk) Re: Should Airplanes Be Flying Themselves? (John Levine) Taylor Swift Tops Canadian iTunes Chart With 8 Seconds of White Noise (Lorena O'Neil via Henry Baker) RISKS 28.33 Tuesday 4 November 2014 Online voting rife with hazards (Barbara Simons) Risks of assuming votes are accurate (John Long) Open Surveillance (Bryan Ford) Smart Televisions are highly susceptible to hacking by radio transmission (robert schaefer) "Cyber espionage group launches sophisticated phishing attacks against Outlook Web App users" (Lucian Constantin via Gene Wirchenko) "Tor Project flags Russian 'exit node' server delivering malware" (Jeremy Kirk) "Advisory says to assume all Drupal 7 websites are compromised" (Steve Ragan) "Drupal sites, assume you've been hacked" (Serdar Yegulalp) How a dumb software glitch kept thousands from reaching 911 (Brian Fung) Verizon, AT&T tracking their users with 'supercookies' (Craig Timberg) Somebody's Already Using Verizon's ID to Track Users (Angwin and Larson) Cell carrier was weakest link in hack of Google, Instagram accounts (Sean Gallagher) Critics chafe as Macs send sensitive docs to iCloud without warning (Dan Goodin) AT&T's outdated unlock policies cost it a loyal customer: me (Lee Hutchinson) With School Ban Nearing End, New York City Works on How and When to Allow Cellphones (NYT) "Have we gotten so pathetically lame that you need to be notified by email that your laundry is done?" *Matthew Kruk) Why Adobe got away with monitoring users (Kurt Seifried) Windows Update intentionally destroys chips (Michael Kohne) Re: The NSA has no interest in protecting you & me (Gene Spafford) Did anyone call a taxi? (Ed Ravin) The 7th annual Underhanded C Contest is now open (robert schaefer) RISKS 28.34 Thursday 6 November 2014 Digital Security and Source Protection for Journalists (Susan McGregor) "All governments must protect the ability of journalists to write and speak freely" (digby) Virginia Police Have Been Secretively Stockpiling Private Phone Records (G.W. Schultz) Google ordered to pay a woman $2,250 for Street View image showing cleavage (Megan Geuss) Virginia judge: Police can demand a suspect unlock a phone with a fingerprint (Megan Geuss) Cop charged with stealing nude pics from women's phones (Cyrus Farivar) "The icky part of tech support: Porn and other NSFW surprises" (Tam Harbert) After massive Danish hack, Gottfrid Svartholm Warg sentenced to 3.5 years (Cyrus Farivar) Which Messaging Technologies Are Truly Safe and Secure? (EFF) Critics bash the EFF Secure Messaging Scorecard (Lauren Weinstein) FBI wants black hats for digital black bag ops (Ed Pilkington) $750k Fine for exporting crypto (Jeroen van der Ham) An Unprecedented Look at Stuxnet -- the World's First Digital Weapon? (Matthew Kruk) Skipping the Front Desk, and Checking In With a Click (Monty Solomon) Fall of the Banner Ad: The Monster That Swallowed the Web (Monty Solomon) Malicious Software Campaign Targets Apple Users in China (Monty Solomon) Augmenting Your Password-Protected World (Monty Solomon) NSA Director Makes Another Visit to Silicon Valley (Monty Solomon) Re: "Have we gotten so pathetically lame that you need to be notified by an email that your laundry is done?" (Amos Shapir) Absentee ballot of deceased Boston mayor not counted (Wexelblat) Online voting rife with hazards (Amos Shapir) Re: Risks of assuming votes are accurate (Rodney Van Meter, Rashid Motala) RISKS 28.35 Thursday 13 November 2014 "Docking with a non-cooperative object" - Salyut 7 rescue (Ed Ravin) Ontario Provincial Police Recommend Ending Anonymity on the Internet (Michael Geist) Fire Eye Map of Very Recent Cyber Attacks (Alister Wm Macintyre) Peeping: 73K unsecured security cameras thanks to default passwords (Network World) ``Internet is a Dark and Ungoverned Space'' (Sir Bernard Hogan-Howe) quoted via Chris Drewe) German spy agency seeks millions to monitor social networks outside Germany and crack SSL (IT World) Users can't tell Facebook from a scam (ZDNet via NNSquad) Major new Windows TLS bug (Ars Technica) Microsoft reports CRITICAL Vulnerability in Windows 7/2003 and later TLS implementations (MS via Bob Gezelter) ISPs reportedly interfering with customer use of STARTTLS (RFC 3207) Kapersky reports sophisticated attacks using forged certificates against targeted high-value individuals (Bob Gezelter) ISPs Removing Their Customers' Email Encryption (EFF) "Apple security checks may still miss iWorm malware" (Jeremy Kirk via Gene Wirchenko) "Google releases tool to test apps, devices for SSL/TLS weaknesses" (Lucian Constantin) "Device loss, not hacking, poses greatest risk to health care data" (Serdar Yegulalp) "Home Depot says 53 million email addresses compromised during breach" (Steve Ragan) The Home Depot Reports Findings in Payment Data Breach Investigation (Jim Reisert) "Tor Project mulls over how law enforcement took down hidden websites" (Jeremy Kirk) Ontogeny recapitulates Prodigy? (Ed Ravin) Fearing Bombs That Can Pick Whom to Kill (NYT via Matthew Kruk) The $11M Tool That Could Help Computers Write Their Own Code (Klint Finley) Galois report on Internet voting hack (PGN) Re: Risks of assuming votes are accurate (Dimitri Maziuk, Steven Jay Klein) Re: Online voting rife with hazards (John Sebes) No risk of overturning a Senator's election due to dead voters (Mark E. Smith) Re: "Have we gotten so pathetically lame that you need to be notified by an email that your laundry is done?" (Bob Frankston) Re: $750k Fine for exporting crypto (Amos Shapir) RISKS 28.36 Monday 17 November 2014 Crypto Wars II (Bruce Schneier) 81% of Tor users can be de-anonymized by analyzing router information, (The Stack via NNSquad) The GCHQ boss's assault on privacy is promoting illegality on the Net (Eben Moglen via Brian Randell) More Federal Agencies Are Using Undercover Operations (NYT via Monty Solomon) State Department Targeted by Hackers in 4th Agency Computer Breach (NYT) Americans' Cellphones Targeted in Secret U.S. Spy Program (Devlin Barrett) Lost Key? Copies From the Cloud! (Monty Solomon) Internet Voting Hack Alters PDF Ballots In Transmission (Michael Mimoso via Jim Reisert) Bloomberg: Forex Investors May Face $1 Billion Loss as Trade Site Vanishes (Gabe Goldberg) FileVault 2: Mac users' unsaved files and screenshots are automatically uploaded (Gabe Goldberg) For Guccifer, Hacking Was Easy. Prison Is Hard (Monty Solomon) Americans Say They Want Privacy, but Act as if They Don't (NYT via Monty Solomon) Debts Canceled by Bankruptcy Still Mar Consumer Credit (NYT via Monty Solomon) Poor systems design may kill... (Jay Ashworth) "Vulnerability leaves iPhones and iPads open to fake app attack" (Martyn Williams via Gene Wirchenko) "Malware doesn't discriminate when it comes to Web ads" (Serdar Yegulalp via Gene Wirchenko) Only Half of USB Devices Have an Unpatchable Flaw But No One Knows Which Half (Andy Greenberg) `Masque Attack' Bug Threatens iOS Users (Stephanie Mlot) ISPs Removing Their Customers' Email Encryption (Jacob Hoffman-Andrews) Re: ISPs Removing Their Customers' Email Encryption (Suresh Ramasubramanian via Dave Farber, Scott Miller via Bob Gezelter) Re: Risks of assuming votes are accurate (Rashid Motala, John Levine) Re: $11M Tool That Could Help Computers Write Their Own Code (Joseph Barrett, Erling Kristiansen) RISKS 28.37 Friday 21 November 2014 Australia rules out e-voting (Dave Horsfall) Electronic Election Fraud Apparent in Brazil; Done in America Today? (Andre Carezia) Twitter used to pass election polling information? (Harry Hochheiser) Auckland 'NewCore' project a year late and $100 million over budget (Richard A. O'Keefe) Drones Sighted by Pilots Landing at JFK Airport in NYC Show New Risks (Monty Solomon) Ian Urbina: The Secret Life of Passwords (NYT via PGN) Android source of spreading malware (NYT via PGN) Why mobile and consumer ISPs shouldn't censor encryption or the Net (John Gilmore) "Microsoft does it again, botches KB 2992611 SChannel patch" (Woody Leonhard via Gene Wirchenko) "Malware served through rogue Tor exit node tied to cyber espionage group" (Lucian Constantin via Gene Wirchenko) "ISACA survey shows security disconnect for breaches, wearables" (Maria Korolov via Gene Wirchenko) "How to lose customers with excessive security" (Galen Gruman via Gene Wirchenko) "CASL restricts freedom of speech, academic paper argues" (Brian Jackson via Gene Wirchenko) High-school RISKS courses? (William Ehrich) China blocks websites as Internet meeting begins (Lauren Weinstein) Pay Phones in New York City Will Become Free Wi-Fi Hot Spots (Monty Solomon) Privacy Concerns for ClassDojo and Other Tracking Apps for Schoolchildren (Monty Solomon) Re: 81% of Tor users can be de-anonymized by analyzing router ... (PGN) Re: The GCHQ boss's assault on privacy (Chris Drewe) RISKS 28.38 Tuesday 25 November 2014 Catastrophic Vodafone technical fault shuts down raft of key phone services including police 101 and NHS 111 numbers AND Barclays, RAC and First Great Western (Richard I Cook) Spy cable revealed: how telecoms firm worked with GCHQ (Brian Randell) Woman Scammed Out of $8K Through Instagram Job Hoax, Police Say (Monty Solomon) Mobile malware: One in six smartphone users victim of cyber attack (PGN) Malware-hosting e-cigs could be bad for your computer's health (Bob Frankston) House Republicans just passed a bill forbidding scientists from advising the EPA on their own research (Lindsay Abrams via Bob Frankston) The safest computers are iPhones and iPads (Galen Gruman) 'Bug' spies on computers (Jim Warren) Re: "How to lose customers with excessive security" (Paul Wallich) Re: risks of lobbyist blogs, was "CASL restricts freedom of speech (John Levine) Book review: Ivan Ristic, Bulletproof SSL and TLS ... (Ben Rothke) RISKS 28.39 Friday 28 November 2014 Now, Anyone Can Buy a Drone. Heaven Help Us. (Monty Solomon) USPS Played Cat And Mouse With Cyber Attacker (InformationWeek via Gabe Goldberg) The branded bug: Meet the people who name vulnerabilities (Gabe Goldberg) FBI Phone Hacks Could Hurt Intelligence Gathering (Patrick Tucker via Henry Baker) Happy Tracksgiving! (Craig Timberg via Henry Baker) Uber's Underhanded App reporting data back w/o permission (Loz Blain via Henry Baker) Recent RISKS Problematic Posts (Fred Cohen, PGN) Re: safest computers (Dimitri Maziuk) RISK 28.40 Friday 5 December 2014 These 31 Builders Made Mistakes That Will Leave You BAFFLED (Gabe Goldberg) NTSB report on Boeing 787 (Jeremy Epstein) SmartDriver: a 16-year-old can see the risks (Richard A. O'Keefe) Hacked vs. Hackers: Game On (Nicole Perlroth) Hackers Pirate Sony Films and Leak Studio Salaries (Monty Solomon) Sony Pictures' computers are still locked as hackers demand equality (engadget via Dave Farber) It Gets Worse: Newest Sony Data Breach Exposes Thousands Of Passwords (Charlie Warzel via Monty Solomon) Argument preview: Social media as a crime scene (scotusblog via Monty Solomon) "Gangnam Style overflows INT_MAX, forces YouTube to go 64-bit" (Peter Bright) "How to crash the data center with one word" (`Anonymous') Apple entering a `whack-a-mole' era of malware defense (ZDNet via Bob Frankston) "Fraudulent apps stalk Apple's App Store" (Simon Phipps via Gene Wirchenko) "BYOD Brings Corporate Contradictions" (Tom Kaneshige) New Snowden docs: GCHQ's ties to telco gave spies global surveillance reach (Sean Gallagher) NSA subverts GSM standards processes with vulnerabilities (Ryan Gallagher) 'Regin' malware comes from western intelligence agency, say experts (Brian Randell) The triumph of hope -- or hype? -- over experience (Robert L Wears) The Trolls Among Us (Anne Applebaum) This Net was Made for You and Me ??? (Julian Assange via Henry Baker) I thought fleeting messages were bad (Dan Jacobson) Re: Recent RISKS Problematic Posts (Martin Ward) Re: "Silicon Valley's combination of power and irresponsibility (Chris Drewe) Re: Uber's Underhanded App reporting data back w/o permission (George Sigut) RISKS 28.41 Tuesday 16 December 2014 Power outages hit federal buildings in D.C. - CNN.com (Gabe Goldberg) "Lenovo recalls more than 500,000 power cords due to spark, burn risk" (Ian Paul via Gene Wirchenko) Copenhagen Lighting the Way to Greener, More Efficient Cities (Monty Solomon) Sen. Wyden: No Hackdoors! (Henry Baker) Sony Hack Reveals Health Details on Employees and Their Children (Deborah Peel) The triumph of hope -- or hype? -- over experience (Donald B. Wagner) "Sony admits employees' personal data may have been compromised by breach" (Steve Ragan) Alberta health-records systems woefully inadequate (Darcy Henton) When strong passwords are the fake front behind a hollow system (Jeremy Epstein) "Your cell phone number: To give or not to give" (Galen Gruman) "NSA spy program targets mobile networks worldwide" (Marc Ferranti) "A shadowy consortium opposes your Internet privacy" (Simon Phipps) Verizon's Encrypted Calling App Comes Pre-Hacked for the NSA (Joshua Brustein) Some Drawbacks in Tapping the Phone to Deposit a Check (Monty Solomon)M Phone Scam Nets Almost $2,000 from BU Student (Monty Solomon) Amazon glitch leads to rush over 1p 'bargains' (*The Telegraph* via Gabe Goldberg) Some TLS variants vulnerable to version of POODLE (CVE-2014-8730) (Bob Gezelter) "The Turla espionage operation infected Linux systems with malware" (Lucian Constantin) "Over 30 vulnerabilities found in Google App Engine" (Lucian Constantin) Multiple Microsoft items (Woody Leonhard via Gene Wirchenko compiled by PGN) 7 Largest U.S. Districts to Teach Computer Science (Josh Lederman via ACM TechNews) Scholarships for Women Studying Information Security (Jeremy Epstein) We Can't Trust Uber? (NYTimes via Matthew Kruk) Re: This Net was Made for You and Me (Peter Houppermans) Re: SmartDriver: a 16-year-old can see the risks (David Brodbeck, Geoffrey Keating) Stasi Santa on the Shelf: NSA's Dream Naughty/Nice Daemon (Pinto/Nemorin via Henry Baker) RISKS 28.42 Friday 19 December 2014 Drone blimps over Washington DC (Marc Rotenberg, PGN) Interesting slip from *The NYTimes* on Sony and North Korea? (Sanger/Perlroth via Prashanth Mundkur) From thehill.com: FBI accuses North Korea of hack (Armando Stettner) ICANN e-mail accounts, zone database breached in spearphishing attack (Dan Goodin via Werner U) Ars Technica public stmt and reaction to hack on 14 Dec ... (Werner U) "Misfortune Cookie" CVE-2014-9222 (Bob Gezelter) "12 million home and business routers vulnerable to critical hijacking hack" (Dan Goodin via Gene Wirchenko) German Researchers Discover a Flaw That Could Let Anyone Listen to Your Cell Calls (Craig Timberg) SS7 hackdoors allow ANYONE to listen to your calls (Henry Baker) "Microsoft vs. DoJ: The battle for privacy in the cloud" (Simon Phipps via Gene Wirchenko) LU Wei editorial in the *HuffPost* (Dave Farber) Public Reactions to Snowden (Bruce Schneier) FBI Agents Pose as Repairmen to Bypass Warrant Process (Bruce Schneier) After Silk Road takedowns, Dark Web drug sites still thriving (Cyrus Farivar via Dewayne Hendricks) Emergency? DNS TTL < 6 months? (Henry Baker) Re: SmartDriver: a 16-year-old can see the risks (Bob Frankston) Re: Lenovo recalls more than 500,000 power cords due to spark, burn risk (Morten Welinder) Re: "Your cell phone number: To give or not to give" (John Levine, David E. Ross, Kelly Bert Manning) RISKS 28.43 Monday 5 January 2015 Cyber attack damages German blast furnace (Thomas Koenig) German Researchers Discover a Flaw That Could Let Anyone Listen to Your Cell Calls (Craig Timberg via ACM TechNews) "Misfortune Cookie" CVE-2014-9222 (Bob Gezelter) "12 million home and business routers vulnerable to critical hijacking hack" (Dan Goodin via Gene Wirchenko) SS7 hackdoors allow ANYONE to listen to your calls (Henry Baker) "Microsoft vs. DoJ: The battle for privacy in the cloud" (Simon Phipps via Gene Wirchenko) LU Wei editorial in the *HuffPost* (Dave Farber) Public Reactions to Snowden (Bruce Schneier) FBI Agents Pose as Repairmen to Bypass Warrant Process (Bruce Schneier) After Silk Road takedowns, Dark Web drug sites still thriving Cyrus Farivar via Dewayne Hendricks) SMB-spreadable malware: TA14-353A (Bob Gezelter) ICANN e-mail accounts, zone database breached in spearphishing attack (Dan Goodin via Werner U) Ars Technica public statement and reaction to 14 Dec hack (Werner U) Danielle Keats Citron: Hate Crimes in Cyberspace (PGN) Marc Goodman: FUTURE CRIMES: Everything is Connected, ... (PGN) Richard A, Clarke: Sting of the Drone (Review by Marc Rotenberg) RISKS 28.44 Tuesday 6 January 2015 [Apologies for R-28.43 dupes. I took my break too seriously.] Too many pilots can't handle an emergency (David Learmount via Chris Drewe) Brouhaha brewing over single-operator trains (Jay Ashworth) "Could e-voting be on its way in the UK?" (Andy Walker) Quick book recommendation (David Jefferson) How Laws Restricting Tech Actually Expose Us to Greater Harm (WiReD via Lauren Weinstein) Risks in Using Social Media to Spot Signs of Mental Distress (NYTimes via NNSquad) Indian government blocks dangerous websites like Github, Dailymotion, Pastebin (Vijay via Prashanth Mundkur) U.S. Social-Media Giants Are Resisting Russia Censors (WSJ via NNSquad) Low-risk 'worm' removed at hacked South Korea nuclear operator (Reuters via Richard I Cook) Iran expands 'smart' Internet censorship (Reuters via NNSquad) FBI Investigating Whether Companies Are Engaged in Revenge Hacking (Gabe Goldberg) Inadvertent Algorithmic Cruelty (Gabe Goldberg) Hackers claim they can copy fingerprints from photos (Bob Frankston) Toy Story and digital preservation (Mark Thorson) NSA has VPNs in Vulcan death grip--no, really,that's what they call it (Ars via Lauren Weinstein) Smart grid powers up privacy worries (David Perera via Henry Baker) Romanian version of EU cybersecurity directive allows warrantless access to data (NNSquad) Her Task Is to Wean the White House Off Floppy Disks (Julie Hirschfeld Davis quoting Megan J. Smith) Gogo issues fake HTTPS certificate to users visiting YouTube (Ars) I added grandma to a NSFW group (Dan Jacobson) Silicon Valley's Mirror Effect (Bob Frankston) The Biggest Security Threats We'll Face in 2015? (WiReD via Matthew Kruk) "Critical vulnerability in Git clients puts developers at risk" (Lucian Constantin via Gene Wirchenko) Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators (slashdot via Lauren Weinstein) AP: Sony emails show a studio ripe for hacking (Lauren Weinstein) Sony's North Korea "comedy assassination" film available online (Lauren Weinstein) Re: ICANN e-mail accounts, zone database breached in spearphishing attack (John Levine) Re: dual-SIM cell phones (danny burstein) Re: Emergency? DNS TTL < 6 months? (Amos Shapir) Re: Lenovo recalls more than 500,000 power cords (Leonard Finegold, Chris Drewe) RISKS 28.45 Monday 12 January 2015 Ford recalls SUVs because drivers are accidentally turning them off (Ben Rothke) Green Bank, WV: The Town Without Wi-Fi (Monty Solomon) Risks in Using Social Media to Spot Signs of Mental Distress (Monty Solomon) EU response to free speech killings? More Internet censorship! (Gigaom via Lauren Weinstein) Snowden: U.S. puts too much emphasis on cyber-offense, needs defense (Dewayne Hendricks) Biometric Identification (Anthony Thorn) Memory corruption (Martyn Thomas) Morgan Stanley Breach Put Client Data Up for Sale on Pastebin, an Online Site (Nathaniel Popper via Monty Solomon) US banks trace credit fraud to Chick-fil-A locales in possible data breach (Ars via Monty Solomon) Re: "Could e-voting be on its way in the UK?" (Amos Shapir, Tony Finch) An oldie but goodie ODBC risk (Bernard Peek) Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm (Cieply and Barnes via Monty Solomon) World's first *known* bootkit for OS X can permanently backdoor Macs (Dan Goodin) Spotlight search in OS X Yosemite exposes private user details to spammers (Monty Solomon) Apps Everywhere, but No Unifying Link (Monty Solomon) Re: Gogo Issues False SSL Certificates, Allowing them to decode SSL Traffic (Bob Gezelter) ASUS Routers reportedly vulnerable to local area network command execution exploit (Bob Gezelter) Re: Too many pilots can't handle an emergency (Craig Burton) Re: Lenovo recalls more than 500,000 power cords (david lewis, Dick Mills) Risks Digest 28.46 Wednesday 21 January 2015 Potential nationwide weakness in hospital emergency power (Gerrit Muller) The Patient Will See You Now (Eric Topol via Gabe Goldberg) Today's Apps Are Turning Us Into Sociopaths? (Matthew Kruk) Getting the Most Out of Apple iOS 8 (Monty Solomon) Wireless device in two million cars wide open to hacking (Ars via Lauren Weinstein) Schneider Electric SCADA Gateway contains hardcoded credentials (Bob Gezelter) IoT silliness: Headless devices without a UI (Galen Gruman via Gene Wirchenko) The NY Times reports establishment of an "Exchange" for Hacking Tasks (Bob Gezelter) David Cameron seemingly calls for ban or weakening of Internet crypto (Lauren Weinstein) WhatsApp and iMessage could be banned under new surveillance plans (Lauren Weinstein) Why Western Governments Want to Destroy Computer Security -- and Your Security Along the Way (Lauren Weinstein) ISIS Is Cited in Hacking of Central Command's Twitter and YouTube Accounts (Monty Solomon) Report Finds No Substitute for Mass Data Collection (Monty Solomon) Passengers' Personal Data At Risk (Gabe Goldberg) Algorithms now have PR (Christian Sandvig) FCC wants to RELAX telemarketing rules for cell phones (Lauren Weinstein) Need Some Espionage Done? Hackers Are for Hire Online (Monty Solomon) 4th-Party Collection: NSA's Wink Wink Nod Nod to the 4th Amendment (Henry Baker) Ethics related to malware (George Ledin via PGN) RISKS 28.47 Monday 26 January 2015 Unwitting trusted travelers and drug smuggling (AP via PGN) UK Commission recommends digital voting by 2020 (Peter Bernard Ladkin) People upset that the E-911 folk want to use GLONASS (danny burstein) F-35 software is a buggy mess (Henry Baker) Implementation of Gas Station Remote Inventory Monitoring Systems vulnerable to attack (Ars via Bob Gezelter) California must lead on cybersecurity (Jonathan Mayer and Edward W. Felten via Henry Baker) Government Health Care Website Quietly Sharing Personal Data (ABC via Monty Solomon) AMA et al., on medical records? (Harry Hochheiser) Risks in uninformed legislation and governance (Jay Ashworth) Calls for ISPs to filter content could be illegal, EU council documents suggest (Lauren Weinstein) Autonomous Bot Seized For Illegal Purchases: Who's Liable When A Bot Breaks The Law? (Mike Masnick via robert schaefer) Mozilla tweaks `referer headers' in bid to limit website privacy grabs (Ars via Monty Solomon) 2014: The year of living cable TV-free (chron.com via Monty Solomon) Google discloses three severe vulnerabilities in Apple OS X (Monty Solomon) Cuba demonstrates the future of the Internet (Henry Baker) The Internet isn't the only one with a DNS/Certificate problem... (Henry Baker) Re: 4th-Party Collection: NSA's Wink Wink Nod Nod to the 4th Amendment (Dick Mills) Re: Today's Apps Are Turning Us Into Sociopaths? (Peter Houppermans) Re: Schneider Electric SCADA Gateway contains hardcoded credentials (Henry Baker, Bob Gezelter) RISKS 28.48 Thursday 29 January 2015 Lack of encryption makes official NFL mobile app spearphisher's dream (Ars via Lauren Weinstein) plofkraak, or blowing up ATMs for fun and profit (Ed Ravin) Verizon's Mobile Supercookies Seen as Threat to Privacy (Natasha Singer and Brian X Chen via Dave Farber) France wants to make Google and Facebook accountable for hate speech (The Verge via Lauren Weinstein) IETF promotes ARPANET RFC 20 /ASCII format/ to Internet Standard! (Lauren Weinstein) Being clever vs. being smart (Geoff Kuenning) U.S. Spies on Millions of Cars (Devlin Barrett via Dewayne Hendricks, Lauren Weinstein, David S. H. Rosenthal, Rich Kulawiec) Re: Who owns your computer? (Anthony Thorn) Kaspersky: Regin malware likely from 5Eyes (Henry Baker) Re: Schneider ... hardcoded credentials (Dimitri Maziuk, Wols) Re: People upset that the E-911 folk want to use GLONASS (Richard I. Cook) RISKS 28.49 Monday 2 February 2015 BMW ConnectedDrive using http not https (William Brodie-Tyrrell) First Officer Lands Delta Jet As Captain Locked Out Of Cockpit (Gabe Goldberg) China Further Tightens Grip on the Internet (Andrew Jacobs) Sustained Investment in Research Is Needed to Combat Cyberthreats (Brian Mosley) Your Coding Style Can Give You Away (Phil Johnson) Anonymizing Identifiers are not anonymous (Bob Gezelter) "80% of Canadians will choose a business on its privacy reputation, survey says" (Howard Solomon via Gene Wirchenko) "'Ghost' vulnerability poses high risk to Linux distributions" (Jeremy Kirk via Gene Wirchenko) FTC Releases "Internet of Things: Privacy and Security in a Connected World" (Bob Gezelter) Breach of Ethics (John Bohannon via Henry Baker) "CRTC bans Bell, Videotron from giving their customers subsidies for watching their content on mobile devices" (Candice So via Gene Wirchenko) Man Lost Contact With White House Drone (Michael D. Shear via Henry Baker) Re: "Will your expensive new headphones soon be obsolete?" (Chris Drewe) Re: People upset that the E-911 folk want to use GLONASS (Richard A. O'Keefe) Re: Schneider ... contains hardcoded credentials (Gabe Goldberg) Re: plofkraak (Craig Burton) RISKS 28.50 Friday 6 February 2015 Dangers of emoticons that we Had Not Considered (Mark Brader) The curious case of the disappearing Polish S*? (Gene Spafford) "New High-Tech Farm Equipment Is a Nightmare for Farmers" (Kyle Wiens via Prashanth Mundkur) Hackers could open doors of BMW's with "Connected Drive" option (Anthony Thorn) Huge Security Flaw Leaks VPN Users' Real IP-Addresses (TorrentFreak via David Farber) Anthem hacked, millions of records likely stolen (Lauren Weinstein) Anthem: Experts Suspect Lax Security Left Anthem Vulnerable to Hackers (NYT via NNSquad) Sony Hack: Koreans? Russians? Tricksy foreigners? (Chris Beck) "The worst of the worst phishing scams" (Stu Sjouwerman via Gene Wirchenko) "Adware found in Google Play store app that has been downloaded millions of times" (Candice So via Gene Wirchenko) Susan Crawford: The Internet Is Back to Solid Regulatory Ground (Seth Johnson) Tom Wheeler makes history with full-on Net neutrality proposal (Paul Venezia via Gene Wirchenko) UK access to NSA mass surveillance data was illegal, court rules (David Meyer via Dewayne Hendricks) PSA: Your crypto apps are useless unless you check them for backdoors (Dan Goodin via Dewayne Hendricks) Why Nadella's Second Year as Microsoft CEO Will Be a Lot Harder (Gabe Goldberg) NSA/FBI will want you to "vaccinate" your computer (Henry Baker) We *literally* have nothing to fear but fear itself (Yuval Noah Harari) via Henry Baker) Re: Sustained Investment in Research Is Needed to Combat Cyberthreats (Martyn Thomas) RISKS 28.51 Thursday 12 February 2015 Can Open-Source Voting Tech Fix the U.S. Elections System? (Techonomy) Stop the Mass Hacks Attacks: Use Strong 2-Factor Authentication or Go to Jail! (Lauren Weinstein) Study concludes use of GOTOs in code is *not* harmful in practice (Peerj) Report Sees Weak Security in Cars' Wireless Systems (Aaron M. Kessler) NSA datacenter said to provoke attacks against Utah state (Mark Thorson) Sites featuring terrorism or child pornography to be blocked in France (Lauren Weinstein) Internet providers lobby against backup power rules for phone lines (Ars) Report Sees Weak Security in Cars' Wireless Systems (Aaron M. Kessler via Monty Solomon) Uncovering security flaws in digital education products for schoolkids (NYTimes via Monty Solomon) New Microsoft Outlook app could infringe on businesses' privacy (Candice So via Gene Wirchenko) Microsoft Active Directory bug permits remote code execution (Bob Gezelter) Samsung's privacy policy warns: customers' smart TVs are listening (Lauren Weinstein) Samsung SmartTV voice commands could present an intrusion into user privacy (Candice So via Gene Wirchenko) How a Lone Hacker Shredded the Myth of Crowdsourcing (Lauren Weinstein) Jeb Bush publishes e-mail personal info of Florida residents online (The Verge) Outflow-valve controllers (Craig Burton) Re: Dangers of emoticons that we Had Not Considered (Dmitri Maziuk) RISKS 28.52 Monday 16 February 2015 The End of Privacy, *Science*, 30 Jan 2015 (PGN) Turning off encryption to improve interoperability (Jeremy Epstein) Can Open-Source Voting Tech Fix the U.S. Elections System? (Barry Gold) Require dash cams in aircraft, pointed inward (Dan Jacobson) Romanian diplomat fired after calling guests 'ghastly' and 'undesirable' in invitation email (hrgrapevine via Monty Solomon) A Crypto Trick That Makes Software Nearly Impossible to Reverse Engineer (Andy Greenberg) Legislators Want Computer Science to Count for Language Requirement (Dian Schaffhauser) AT&T charges $29 more for gigabit fiber that doesn't watch your Web browsing (Ars Technica) How One Stupid Tweet Blew Up Justine Sacco's Life (NYTimes) "Vint Cerf Warns of 'Digital Dark Age'" (Pallab Ghosh) Digital data storage may leave future in dark about us, warns Cerf (Lauren Weinstein) Security Gaps Found in 39,890 Online Databases Containing Customer Data (SaarlandU) "OpenDNS sounds warning on the most sophisticated PayPal scam yet" (Brian Jackson) "DDoS malware for Linux systems comes with sophisticated custom-built rootkit" (Lucian Constantin) Google updates disclosure policy after Windows, OS X zero-day controversy (Ars) "Microsoft yanks KB 2920732 patch for killing PowerPoint 2013 on Windows RT" (Woody Leonhard) "Microsoft's SSL 3.0 Poodle-busting patch KB 3023607 breaks popular Cisco VPN client" (Woody Leonhard) "Visual Studio patch rollup KB 3001652 causes widespread freezing problems" (Woody Leonhard) "Dangerous IE vulnerability opens door to powerful phishing attacks" (Lucian Constantin) "Mozilla reveals Firefox add-on lockdown" (Gregg Keizer) Re: Internet providers lobby against backup power rules for phone lines (paul wallich) Re: Stop the Mass Hacks Attacks: Use Strong 2-Factor Authentication or Go to Jail! (Richard M Stein) RISKS 28.53 Monday 23 February 2015 Too-real simulation (David Magda) "Regulating the Drone Economy" (NYTimes) Obama hedges position on encryption. It's good. It's bad. (David Kravets) Scottish Police Blame Program Error for Deleted 20,000 Records (Slate via Monty Solomon) Bank hackers' malware steals millions (Sanger and Perlroth) Recent $1 billion international cyber bank robbery could have been prevented with simple security steps, expert says (GSN) Russian Researchers Expose Breakthrough U.S. Spying Program: Equation Group (Joseph Menn) Gemalto is Shocked, Shocked re NSA Sim Card hacking (Mark Scott via Henry Baker) Spies Can Track You Just by Watching Your Phone's Power Use (Andy Greenberg via Dewayne Hendricks) Paedo Spy Barbie (Iain Thomson via Henry Baker) Visa wants to track your smartphone to combat fraud (AP) Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections (Ars via NNSquad) "Lenovo shows us why we need to reinvent Web security" (Paul Venezia) Lenovo says Superfish not a 'security concern', own advisory marks it highly severe (Chris Duckett via Bob Frankston) "Lenovo: 'We were as surprised as you'" (Simon Phipps) Superfish points fingers over ad software security flaws (Lauren Weinstein) Samsung's smart TVs fail to encrypt voice commands (BBC) "Millennials becoming known as Generation Leaky" (Taylor Armerding) Hard disk firmware infection campaign detected (Peter Houppermans) More "Right To Be Forgotten" nonsense from "The Guardian" (Lauren Weinstein) Welcome to CMU_NOT (DKross) Future Crimes (Marc Goodman) Re: "Vint Cerf Warns of 'Digital Dark Age'" (Amos Shapir) Re: Microsoft patch killed Powerpoint (Peter Houppermans) Re: Internet providers lobby against backup power rules for phone lines (Ted Blank) PSA: Your crypto apps are useless unless you check them for backdoors (David Gillett) Re: Jeb Bush publishes e-mail personal info of Florida residents online (Vassilis Prevelakis) Re: "Can Open-Source Voting Tech Fix the U.S. Elections System?" (John Sebes) Re: KB 3023607 breaks Cisco VPN (Dimitri Maziuk) Re: Study concludes use of GOTOs in code is *not* harmful in practice (Bob Frankston) "Remember when URLs were short?" (Simson Garfinkel) RISKS 28.54 Monday 2 March 2015 Google and tech's elite are living in a parallel universe (John Naughton) What will happen when the Internet of things becomes artificially intelligent? (Stephen Balkam) Spy Research Agency Is Building Psychic Machines to Predict Hacks (Aliya Sternstein) US government and private sector developing 'precrime' system to anticipate cyber-attacks (The Stack) Belarus bans Tor and all anonymising Internet technologies (The Stack) U.S. and British Agencies May Have Tried to Get SIM Encryption Codes, Gemalto Says (The NYTimes) Uber Driver Database Breached by Someone Outside Company (The NYTimes) White House Proposes Broad Consumer Data Privacy Bill (The NYTimes) Will we never learn? H&R Block software on Windows 8.1 (Jeremy Epstein) The big money behind Iran's Internet censorship (Daily Dot) Internet of Obnoxious Things.... (Mike O'Dell) When Driver Error Becomes Programming Error (Joel Shurkin) Thief Steals $15,000 Bike in Sausalito With Tap of Hand (Alyssa Goard) Blaming the Internet for Terrorism: So Wrong and So Dangerous (Lauren Weinstein) Phishing attacks target developers (Paul McIntire) "Hackers force death of Canadian Bitcoin exchange" (Howard Solomon) Crying "wolf" when reporting browser security flaws (Arthur) "Flaw in popular Web analytics plug-in exposes WordPress sites to hacking" (Lucian Constantin) Unblined e-mail from National Park Service, DEath VAlley (Leonard Finegold) Journal Accepts Paper Reading "Get Me Off Your F***ing Mailing List" (Stephen Luntz) Re: Hard disk firmware infection campaign detected (Geoff Kuenning) Re: Jeb Bush publishes e-mail personal info of Florida residents online (John Levine, R. G. Newbury) Re: "Regulating the Drone Economy" (Mike Spencer) Re: More "Right To Be Forgotten" nonsense from "The Guardian" (Amos Shapir) Re: ... use of GOTOs in code is *not* harmful ... (Richard A. O'Keefe) Re: Too-real simulation (Erling Kristiansen) "Lenovo shows us why we need to reinvent Web security" (Scott Dorsey) "Patent trolls are on the run, but not vanquished yet" (Bill Snyder) "Net neutrality triumphs as ISPs weep" (Paul Venezia) FCC votes for net neutrality, a ban on paid fast lanes, and Title II (Ars) Bruce Schneier's *Data and Goliath* excerpt (PGN) RISKS 28.55 Tuesday 10 March 2015 E-voting in Australia (Dave Horsfall) FAA Needs to Address Weaknesses in Air Traffic Control Systems (Gabe Goldberg) Smart house DoS-ed by light bulb (Prashanth Mundkur) Tech Blog GigaOm Abruptly Shuts Down (Monty Solomon) Cybersecurity and the Age of Privateering: A Historical Analogy (Florian Egloff via Prashanth Mundkur) Tor-pedo project? (Henry Baker) Facebook rant lands U.S. man in UAE jail (Amos Shapir) Risks of committing a crime while carrying a cell phone (David Tarabar) Cell phone user arrested at border (Labmanager) Who Spewed That Abuse? Anonymous Yik Yak App Isn't Telling (The NYTimes) Florida moving to unmask anonymous websites to combat online piracy (Ars via Lauren Weinstein) China Blocks Web Access to 'Under the Dome' Pollution Documentary (The NYTimes via NNSquad) Don't trust timestamps (Dan Jacobson) DDR3 modules found to be vulnerable to designed intensive memory accesses; alter other contents (Bob Gezelter) India Censors a Rape Documentary; the Streisand Effect Goes Nuclear (Lauren Weinstein) 'FREAK' Flaw Undermines Security for Apple and Google Users, Researchers Discover (Craig Timberg) Re: FREAK attack (PGN) To locate bank robber, FBI unusually asked for warrant to use stingray (Monty Solomon) Re: Trojaned blackmails from PCs. Japanese Police arrested PC owners (Chiaki Ishikawa) Re: Japanese Satellite Broadcasting scramble protection cracked (Chiaki Ishikawa) Hillary's Secret Email Was a Cyberspy's Dream Weapon (Henry Baker) Re: Jeb Bush publishes e-mail personal info of Florida residents online (John Levine, John Levine) Re: Belarus bans Tor and all anonymising Internet technologies (Dan Jacobson) Re: Internet of Obnoxious Things (R. G. Newbury) Re: When Driver Error Becomes Programming Error (John Levine) RISKS 28.56 Thursday 19 March 2015 Vigilance device fooled by horn automation (Mark Brader) TAFE students left in limbo by computer glitch (Dave Horsfall) Facebook to introduce payments in instant messages (Vindu Goel) Lawsuit seeks damages against automakers and their hackable cars (Lucas Mearian) Americans' Privacy Strategies Post-Snowden (Pew Internet) Config error leaked Google whois data for 280K domains (Ars) "Researchers find same RSA encryption key used 28,000 times" (Jeremy Kirk) "Can you trust Canadian ISPs with your privacy?" (Nestor Arellano) Plans to censor South Africa internet unconstitutional? (HTXT) How Netflix Broke The Unbreakable Spoiler Alert (Medium.com) "IBM discloses vulnerability in Dropbox's Android SDK" (Serdar Yegulalp) Taking on the Food Industry, One Blog Post at a Time (NYTimes) EPA Wants to Monitor How Long Hotel Guests Spend in the Shower (Henry Baker) The problem with beacons ... (robert schaefer) "Ancient help-file format carries new CryptoWall attacks into PCs" (Woody Leonhard) "First CASL fine hits Quebec spammer for more than $1 million" (Nestor Arellano) "Rowhammer hardware bug threatens to smash notebook security" (Serdar Yegulalp) "In search of: A Silicon Valley scandal, juicy and ripe" (Robert X. Cringely) As We Age, Smartphones Don't Make Us Stupid -- They're Our Saviors (Lauren Weinstein) Kali Linux security is a joke! (Henry Baker) Jurisdictional risks (William Brodie-Tyrrell) Re: Ian Urbina, Secret Life of Passwords (PGN) Re: Timestamps (Dan Jacobson) IS/IEC 61508 and many other standards availability (Pekka Pihlajasaari via Martyn Thomas) Full text of new FCC Net Neutrality Rules (FCC) Bruce Schneier's Data and Goliath (reviewed by Richard Austin) RISKS 28.57 Wednesday 25 March 2015 Software says "'Dr' Must Be Male"! (Chris Drewe) Computer "glitch" meant info not shared with defense lawyers (Jeremy Epstein) Australia's iVote subject to FREAK? (Rob Slade) Australia's iVote is busted already (Dave Horsfall) Amazon Wins Approval to Test Delivery Drones Outdoors (NYTimes) Scientists Seek Ban on Method of Making Gene-Edited Babies (NYTimes) "Unconstitutional": [India] Supreme Court Scraps Section 66A, Protects Online Freedom of Speech (Lauren Weinstein) EFF: International Coalition Launches 'Manila Principles' to Protect Freedom of Expression Worldwide (David Farber) Penn State Fraternity's Secret Facebook Photos May Lead to Criminal Charges (NYTimes) Westjet Knows How To Play Along (Lyndon Nerenberg) Cancer genetic tests offered on websites often not all they promise to be, Dana-Farber study finds (The Boston Globe via John Day) Web: Amazon Adds Fire TV, Stick Features (Gabe Goldberg) Google warns of unauthorized TLS certificates trusted by almost all OSes (Ars) Pointing Fingers in Apple Pay Fraud (NYTimes) Cell towers lack emergency contact signage (Dan Jacobson) FCC issues RFC on CSRIC IV Cybersecurity Risk Management and Assurance Recommendations (Werner U) FTC opens new office to protect you from the Internet of Things (Werner U) "GoDaddy accounts vulnerable to social engineering and Photoshop" (Steve Ragan) Apple Pay: Bridging Online and Big Box Fraud (Krebs) Hacking BIOS Chips Isn't Just the NSA's Domain Anymore (Kim Zetter via ACM TechNews) Government Spies Admit That Cyber Armageddon Is Unlikely (Slashdot) House Judiciary Committee tries to be cool, fails oh so miserably (Lauren Weinstein) Researchers Uncover Way to Hack BIOS and Undermine Secure OSs (WiReD) Twitter puts trillions of tweets up for sale to data miners (The Guardian) Cisco: Tor for US SnailMail needed? (Darren Pauli) 911's deadly flaw: Lack of location data (USA Today) Re: As We Age, Smartphones Don't Make Us Stupid ... (Gene Wirchenko) RISKS 28.58 Wednesday 1 April 2015 The Apple zero-button mouse -- and related innovations? (PGN) No liability for exchange rate software error by United (Jeremy Epstein) Digital currency risks (William Brodie-Tyrrell) Fraudster escapes jail by forging bail e-mail (Chris Drewe) Manipulating Wikipedia to Promote a Bogus Business School (Newsweek) DDoS against Rutgers University, and perpetrator claims credit (danny burstein) FTC Rules Jerk, LLC and John Fanning Deceived Consumers, Violated FTC Act (Gabe Goldberg) "Washington is coming for your personal data" (Caroline Craig) "Dell support tool put PCs at risk of malware infection" (Lucian Constantin) "Cisco IP phones open to remote eavesdropping, calling" (Lucian Constantin) Australia passes data retention into law (Lauren Weinstein)D Re: Jurisdictional risks (Doug Montalbano) Re: Kali Linux security is a joke! (Ian Jackson) Re: House Judiciary Committee tries to be cool, fails oh so miserably (Devon McCormick) Re: As We Age, Smartphones Don't Make Us Stupid ... (Rob Slade) Re: "GoDaddy accounts vulnerable to social engineering and Photoshop" (Craig Burton) Re: Software says "'Dr' Must Be Male"! (Thomas Koenig) Risky Business: Virgin Galactic (William Langewiesche) Book: Peter Carey, Amnesia (PGN) Subject: Risks Digest 28.59 Wednesday 22 April 2015 Passenger, avionics networks still not separated in B787, A350, A380 (Mary Shaw) GAO report on FAA vulnerabilities to Cyberattack, and a news report on a claimed attack method (Peter Bernard Ladkin) First F-35 Jets Lack Ground-Combat Punch of 1970s-Era A-10s (Gabe Goldberg) Driver follows GPS off demolished bridge, killing wife (Gabe Goldberg) Automakers Say You Don't Really Own Your Car (Gabe Goldberg) Tweeting Fridges and Web Controlled Rice Cookers: 9 of the Stupidest Smart Home Appliances (Gabe Goldberg) "Smart home hacking is easier than you think" (Colin Neagle) Virginia decertified WinVote voting system (Jeremy Epstein) Australia government attacks researchers who reveal online election flaws (Lauren Weinstein) Curious election statistical observation (danny burstein) Bob Wachter on Technology and Hospitals at Medium (Prashanth Mundkur) Lawyers smell blood in electronic medical records (Lauren Weinstein) `Routine maintenance' and the EMR (Robert L Wears) "End-To-End Web Crypto: A Broken Security Model" (Indolering) Banks undermine chip and PIN security (Steven Murdoch via Prashanth Mundkur) Tewksbury police pay bitcoin ransom to hackers (Bob Frankston) State of the Internet (Akamai) The Internet Ruined April Fool's Day (The Atlantic) Hacked French TV network admits "blunder" that exposed YouTube password (Gabe Goldberg) Tech companies are sending your secrets to crowdsourced armies of low-paid workers (Gabe Goldberg) ISOS mass-defaceng websites (PGN) "How ICANN enabled legal Website extortion" (Cringely) "GitHub still recovering from massive DDoS attacks" (Jeremy Kirk) FBI would rather prosecutors drop cases than disclose stingray details (Cyrus Farivar) Cyberspace and the American Dream: A Magna Carta for the Knowledge Age (Daniel Berninger) "Lost in the clouds: 7 examples of compromised personal information" (Steve Ragan) French Senate Backs Bid To Force Google To Disclose Search Algorithm Workings (Lauren Weinstein) "4 no-bull facts about Microsoft's HTTP.sys vulnerability" (Serdar Yegulalp) Congress cannot be taken seriously on cybersecurity (Trevor Timm) How the New York Times is eluding censors in China (Lauren Weinstein) "Large-scale Google malvertising campaign hits users with exploits" (Lucian Constantin) Insurance co. wants to track you 24/7 for a discount (CNN) Fire TV Stick OS 1.5 Update (Gabe Goldberg) Internet Naming Body Moves to Crack Down on '.sucks' (Ars) Good news and bad news: Android Security State of the Union 2014 (Lauren Weinstein) Re: Kali Linux security is a joke! (Henry Baker) RISKS 28.60 Monday 27 Apr 2015 Obama's unclassified e-mail hacked by Russians (NYTimes via PGN) Computer Attacks Spur Congress to Act on Cybersecurity Bill Years in the Making (NYTimes via Monty Solomon) How computerized trading in the hands of a nobody in Britain allegedly crashed the stock market (WashPost via Gene Spafford) Next-Gen Navigation - CEA (Gabe Goldberg) Civilization near collapse; all Starbucks stores close due to point-of-sale failure (Jeremy Epstein) Wi-Fi software security bug could leave Android, Windows, Linux open to attack (Ars Technica via Lauren Weinstein) "HTTPS snooping flaw affected 1,000 iOS apps with millions of users" (Lucian Constantin via Gene Wirchenko) "Apple's OS X 'Rootpipe' patch flops, fails to fix flaw" (Gregg Keizer Gene Wirchenko) Shamir Reveals Sisyphus Algorithm (John Young) 'Flash Crash' 101: How could one guy do that? (CNBC via Monty Solomon) All times are in UTC, any included timezone is ignored (Dan Jacobson) Court: Iowa casino doesn't have to pay $41M jackpot error (StLToday) Security scholarship awardees announced (Jeremy Epstein) Re: "Bob Wachter on Technology and Hospitals at Medium" (Gene Wirchenko) Re: Kali Linux security is a joke! (Henry Baker) RISKS 28.61 Friday 1 May 2015 An iPad glitch grounded several dozen American Airlines planes (Adam Pasick via Jim Reisert) At least one American Airlines plane is grounded because the pilots' iPads crashed (Ben Moore) FAA Orders Fix for Possible Power Loss in Boeing 787 (Jad Mouawad via Jan Wolitzky) Re: Software Overflow Could Cause Complete Power Loss in 787 (Richard Karash) Congressman with computer science degree: Encryption back doors are ``technologically stupid'' (Andrea Peterson via Lauren Weinstein) Cybersecurity mandated by those who don't use it (*The Guardian via Devon McCormick) Public wifi & man-in-the-middle (Henry Baker) Preparing for Warfare in Cyberspace (*The New York Times* via Monty Solomon) All cars must have tracking devices to cut road deaths, says EU (Chris Drewe) Doctors don't like EHRs? (DKross) Now you can embed classic MS-DOS games in tweets (Ian Paul via Jim Reisert) Re: Iowa casino doesn't have to pay $41M jackpot error (Craig Burton) Re: Starbucks Outage (Clay Jackson) RISKS 28.62 Friday 8 May 2015 Dealing with rogue drones, Copping a 'copter (The Economist) Computer Scientists Use Twitter to Predict UK General Election Result (Lee Page) Vint Cerf on ACM, Internet Issues, Quantum Machine Computing (Stephan Ibarki) ACLU sues Fairfax County police over license-plate data (Jim Reisert) The man who wants to outlaw encryption (Daily Dot via Lauren Weinstein) Boxing Match: Video Piracy Battle Enters Latest Round -- Mobile Apps (NYTimes via Monty Solomon) Now you can embed classic MS-DOS games in tweets (Ian Paul via Jim Reisert) ZPM Espresso and the Rage of the Jilted Crowdfunder (NYTimes via Monty Solomon) Re: Doctors don't like EHRs (James Geissman) Re: All cars must have tracking devices ... (Alister Wm Macintyre) Re: FAA Orders Fix for Possible Power Loss in Boeing 787 (Jeff Makey) Re: At least one American Airlines plane is grounded because the pilots' iPads crashed (Michael Kohne) Authentication vs Identification: South Korean ID system in disarray (Jay Ashworth) RISKS 28.63 Monday 11 May 2015 Ed Felten joining WH OSTP (Richard Forno) Real-time emotion tracking by webcam (Nick Brown) Flawed encryption leaves millions of smart grid devices at risk of cyberattacks (ZDNet via Bob Frankston) Gustavo Duarte Blog Recommendation: "Brain Food for Hackers" (Lauren Weinstein) HTTPS: the end of an era (Medium via Lauren Weinstein) Another reason why any moves toward forced https: are so potentially dangerous (Google via NNSquad) Re: Authentication vs Identification ... (David Brodbeck) Re: Doctors don't like EHRs (Richard I Cook, Alister Wm Macintyre) Re: All cars must have tracking devices ... (Wols, John Levine) REVIEW: "Security for Service Oriented Architectures", Walter Williams (Rob Slade) RISKS 28.64 Saturday 16 May 2015 Amtrak Says It Was Just Months Away From Installing Safety System (NYTimes) Self-driving cars are getting into accidents in California (LATimes) Worker fired for disabling GPS app that tracked her 24 hours a day (David Kravets via Jim Reisert) Banned Researcher Commandeered a Plane (Kim Zetter) United launches bug bounty (but in-flight systems off limits) (Jeremy Kirk) A Phantom Offer Sends Avon's Shares Surging (NYTimes) The big drug database in the sky: One firefighter's year-long legal nightmare (Gabe Goldberg) "Rombertik malware destroys computers if detected" (Jeremy Kirk) Extremely serious virtual machine bug threatens cloud providers everywhere (Ars Technica) "Google Confirms Cops Can Wiretap Your Hangouts" (Vice.com) Cybersecurity company accused of extortion (Henry Baker) Former federal employee busted for attempted cyber-attack to sell nuclear secrets (Gabe Goldberg) Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked (Krebs via Lauren Weinstein) Team cracks Nvidia GPUs with malware for Windows and OS X (Digital Trends) Penn State severs engineering network after "incredibly serious" intrusion (Ars Technica) Anonymous accused of running a botnet using thousands of hacked home routers (Daily Dot) Witness Accounts in Midtown Hammer Attack Show the Power of False Memory (NYTimes) Trains re: All cars must have tracking devices (David Damerell) Re: Computer Scientists Use Twitter to Predict UK General Election Result (Gene Wirchenko) Re: Dealing with rogue drones, Copping a 'copter (Dick Mills) Re: Authentication vs Identification ... (John Levine) RISKS 28.65 Tuesday 25 May 2015 The atrocious security of Trident nuclear subs (Henry Baker) Amtrak, After Derailment, Told to Expand Automatic Brake Use (NYTimes via Monty Solomon) A world ripe for the picking / Diploma mill edition (NYTimes via Bob Frankston) Fake Diplomas, Real Cash: Pakistani Company Axact Reaps Millions (more) Axact, Fake Diploma Company, Threatens Pakistani Bloggers Who Laugh at Its Expense (more) Text of Axact's Response to The New York Times (more) Net Neutrality (Melissa Silmore via Dewayne Hendricks) John Deere: of course you "own" your tractor, but only if you agree to let ... (Gabe Goldberg) Inside Google's Secret War Against Ad Fraud (Adage) Risks of online test taking (Jeremy Epstein) Secret files reveal police feared that Trekkies could turn on society (Elizabeth Roberts via Henry Baker) HTTPS-crippling attack threatens ten thousands of Web and mail servers (Ars Technica) Paranoid defence controls could criminalise teaching encryption (The Conversation) US proposes tighter export rules for computer security tools (Jeremy Kirk via Richard Forno) Africa's Worst New Internet Censorship Law Could be Coming to S.A. (EFF) "The Venom vulnerability: Little details bite back" (Paul Venezia) Only 3% of people aced Intel's phishing quiz (Jeff Jedras) URL-spoofing bug in Safari could enable phishing attacks (Lucian Constantin) New LogJam encryption flaw puts Web surfers at risk" (Jeremy Kirk) Critical vulnerability in NetUSB driver exposes millions of routers to hacking (Lucian Constantin) The Body Cam Hacker Who Schooled the Police (Medium) Cybersecurity letter to the President 19-May-2015 (John Denker) Is security really stuck in the Dark Ages? (Network World) Adult dating site hack exposes millions of users (Geoff White via Henry Baker) Man tries to report Starbucks vulnerability, is accused of fraud (Sakurity) A Russian Smartphone Has to Overcome Rivals and Jokes About Its Origin (NYTimes) Some People Do More Than Text While Driving (NYTimes) Re: Drug database: third-party doctrine (Harlan Rosenthal) Re: All cars must have tracking devices (Chris Drewe) Re: Banned Researcher Commandeered a Plane (Erling Kristiansen) RISKS 28.66 Monday 1 June 2015 Airbus confirms A440M transport plane downed by badly configured SW (Gabe Goldberg) Belgian air traffic outage (Werner U) Software Glitch Pauses LightSail Test Mission (Jason Davis via (Prashanth Mundkur) Volvo horrible self-parking car accident (Fusion via Jim Reisert) Boston water main break disrupts telecommunication services for thousands throughout Massachusetts (MassLive via Monty Solomon) How Is Critical 'Life or Death' Software Tested? (Motherboard via Gene Spafford) Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim (robert schaefer) Even Tiny Updates to Tech Can Be Obstacles for the Disabled (WiReD via Lauren Weinstein) Woman plans to sue after Fla. license labels her a sex offender (Baynews9 via Bob Frankston) When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure. (National Journal via NNSquad) House of Discards: Wikipedia pre-election edits (Henry Baker) New incredibly cumbersome online voting system (Readwrite via NNSquad) A Tech Boom Aimed at the Few, Instead of the World (NYT via Monty Solomon) Americans Don't Trust Government and Companies to Protect Privacy (Pew in NYT via Monty Solomon) The Government's Consumer Data Watchdog (NYT) IRS says thieves stole tax info from >100,000 taxpayers (Henry Baker) Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst (NYT via Monty Solomon) Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden) Large-scale attack hijacks routers through users' browsers (Lucian Constantin via Gene Wirchenko) Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense (NYT) Elizabeth Warren's official website is untrusted by Firefox (Henry Baker) One-Tap Giving? Extra Steps Mire Mobile Donations (Monty Solomon) Partners launches $1.2 billion electronic health records system (The Boston Globe) Could wearing a smartwatch behind the wheel land you in hot water? (Hayley Tsukayama) Hacked billboard gets rude (Gawker via robert schaefer) Uber Closes In on Its Last Frontier: Airports (NYT) Driving Uber Mad (NYT) Behind the Downfall at BlackBerry (NYT) Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait & Switch -- Read the Fine Print (Bruce Kushnick) Anti-NSA Pranksters Planted Tape Recorders Across New York and Published Your Conversations (Andy Greenberg) The Age Of Disinformation (James Spann via Dewayne Hendricks) BBC: The generation that tech forgot (Lauren Weinstein) A badly designed centralized desktop management can cause health risks (Chiaki Ishikawa) CONTRARY WARNING! - "How Google Finally Got Design" (FastCodesign) NYTimes.com is a very expensive "wall wart" (Henry Baker) This Ad for Banned Food in Russia Can Hide Itself From the Cops (gismodo via robert schaefer) Re: Only 3% of people aced Intel's phishing quiz (David Damerell) Re: All cars must have tracking devices (Alister Wm Macintyre) RISKS Digest 28.67 Thursday 4 June 2015 Simple String of Characters Crashes Skype (PCMag) You Can Be Prosecuted for Clearing Your Browser History (The Nation) Artificial Pancreas and Risks (IEEE Spectrum item via Werner U) EHR Costs More $ Billions Piled On For "Security" (Politico via D Kross) Long, detailed expose regarding Russia's massive, dangerous, professional Internet trolling misinformation operations (The NY Times) Cybersecurity Views from a National Intelligence Officer (Jon Oltsik via Werner U) NOBUS can shoot ourselves in the foot like this (Henry Baker) U.S. Surveillance in Place Since 9/11 Is Sharply Limited (The NY Times) "You haven't seen anything yet" Thought for the Day (Lauren Weinstein) Questions and Answers About Newly Approved USA Freedom Act (The NY Times) Article: How I tracked FBI aerial surveillance (PGN) Little Brothers are watching you: Nexar (Geektime via Amos Shapir) Intel's new Fortran Extended with Crap Algorithmic Language (Simon Sharwood via Henry Baker) Apple now dominates consumer digital video viewing, says new Adobe report (Jackie Dove) EU wants to kill open Wi-FI (Lauren Weinstein) Re: Volvo horrible self-parking car accident (Andrew Pam) Re: This Ad for Banned Food in Russia Can Hide Itself From the Cops (Amos Shapir) Re: Only 3% of people aced Intel's phishing quiz (Amos Shapir) Re: Woman plans to sue after Fla. license labels her a sex offender (Amos Shapir) Re: House of Discards: Wikipedia pre-election edits (Peter Bernard Ladkin) RISKS 28.68 Thursday 11 June 2015 All U.S. United Flights Grounded Over Mysterious Problem (PGN) Airbus transport crash caused by "wipe" of critical engine control data (Ars Technica) Man dies in Corvette after battery cable becomes loose (Khou via Mark Thorson) Traffic Hacking: Caution Light Is On (Nicole Perlroth) OpenSesame: 10-sec universal garage door opener (Dennis Fisher) Amtrak Engineer Not on Phone at Time of Derailment, Investigators Find (NYTimes) After Silences and Setbacks, the LightSail Spacecraft Is Revived (NYT) Evidence of Healthcare Breaches Lurks On Infected Medical Devices (Werner U) New exploit leaves most Macs vulnerable to permanent backdooring (Dan Goodin) Breach in a Federal Computer System Exposes Personnel Data (NYTimes) Chinese Hackers Behind Breach at Insurers Are Also Responsible for Government Attack (NYTimes) Single Test for All Virus Exposure Opens Doors for Researchers (NYT) Kaspersky Lab cybersecurity firm is hacked (BBC) Consumers Dislike Data-Mining but Feel Helpless to Stop It (NYT) Exclusive: In 'year of Apple Pay', many top retailers remain skeptical (Reuters) "Governments of the World Agree: Encryption Must Die!" (Lauren Weinstein) Japanese pension organization phished, 1.25M people's data leaked (chiaki ishikawa) Twitter Advertisers Can Now Target You Based on the Other Phone Apps (recode) Re: "NOBUS can shoot ourselves in the foot like this" (Chris Drewe) Re: Volvo has an accident, but not the one you thought (Peter Ladkin) Re: EU wants to kill open Wi-Fi (Peter Ladkin) Re: You Can Be Prosecuted for Clearing Your Browser History (Henry Baker) Re: House of Discards: Wikipedia pre-election edits (Henry Baker) REVIEW - "The Florentine Deception", Carey Nachenberg (Rob Slade) RISKS 28.69 Monday 15 June 2015 Chris Roberts and Avionics Security (Bruce Schneier) Deja Vu All Over Again: The_Attack on Encryption (Gene Spafford) Why the OPM Breach is such a Security and Privacy Debacle (*WiReD*) Just Say "NON!" - France Demands Right of Global Google Censorship (Lauren Weinstein) US Navy wants 0Day Vulnerabilities (Henry Baker) White House Weighs Sanctions After Second Breach of a Computer System (Shear and Shane) Chinese Hackers Circumvent Popular Web Privacy Tools (Nicole Perlroth via Monty Solomon) If Google was really serious about Google Earth Pro now being free (Dan Jacobson) The Logjam Vulnerability against Diffie-Hellman Key Exchange (Bruce Schneier) Re: Man dies in Corvette after battery cable becomes loose (Kurt Seifried) Re: Japanese pension organization phished, 1.25M people's data leaked (Alister Wm Macintyre) RISKS 28.70 Tuesday 16 June 2015 Armenia loses Internet access (PGN) Encryption "would not have helped" at OPM, says DHS official (Ars) Report: Russia, China Crack Snowden Docs (Daily Beast via LW) LastPass hacked -- here's what to do now (ComputerWorld via LW) Sex, lies and debt potentially exposed by OPM data hack -- and more (Arshad Mohammed and Joseph Menn plus Conor Friedersdorf via Henry Baker) St. Louis Cardinals Investigated by FBI for Hacking Astros (Michael S. Schmidt via Gabe Goldberg) "Be paranoid: 10 terrifying extreme hacks" (Roger A. Grimes) Re: Chris Roberts and Avionics Security (Rogier Wolff) Re: Corvette battery cable (Dimitri Maziuk) RISKS 28.71 Saturday 20 June 2015 Major League Baseball cancels 60 million all-star votes (PGN) L.A. plans potentially disastrous switch to "electronic" voting (Ars) No ticket with a long name (Debora Weber-Wulff) UN: Encryption a Fundamental Right (Eric Burger) Samsung Keyboard Security Risk - 600M+ devices affected (NowSecure) Payments to RBS customers missing (Richard I Cook) Shooting over cellphone: case is 'extreme', say police (CBC News) Heinz says sorry for ketchup QR code that links to porn site (Appy-geek) Zero-day exploit lets App Store malware steal OS X and iOS passwords (Glenn Fleishman) Don't pay your bills all at once (paul wallich) Officials say security lapses left OMB system open to hackers (PGN) Re: Report: Russia, China Crack Snowden Docs (William Brodie-Tyrrell) Liars trust cheaters, Re: sex, lies, debt exposed by OPM (Mark E. Smith) OPM: Gone Phishing: Shoot the Wounded (Lisa Rein via Henry Baker) RISKS 28.72 Monday 22 June 2015 Polish airline LOT hacked, flights suspended for hours (Michal Rosa) 8 Indicted in Identity Thefts of Patients at Montefiore Medical Center (NYT via Monty Solomon) US agency plundered by Chinese hackers made one of the dumbest security moves possible (Business Insider) Australia passes controversial anti-piracy web censorship law (Ars Technica) Reason.com hit with federal subpoena to identify online commenters (Steve Golson) "Help, I'm Trapped in Facebook's Absurd Pseudonym Purgatory" (WiReD) Michael Bacon The Titanic and the Ark -- Re: pension org phished (Michael Bacon) Re: L.A. plans potentially disastrous switch to "electronic" voting (Steve Lamont) Subject: Re: Major League Baseball cancels 60 million all-star votes (Harlan Rosenthal, RISKS-28.71) RISKS 28.73 Friday 26 June 2015 PITA: How Encryption Keys Could Be Stolen by Your Lunch (Jeremy Kirk) "Critical flaw in ESET products shows why spy groups are interested in antivirus programs" (Lucian Constantin) "Samsung sneakily disables Windows Update on some PCs" (Jared Newman) Major Internet providers slowing traffic speeds for thousands across U.S. (The Guardian) High-5s for OPM from govts lusting for control of the Internet (Henry Baker) "Help, I'm Trapped in Facebook's Absurd Pseudonym Purgatory" (Michael Bacon) Bootleggers & Baptists; Spooks & Copyrights wrt anti-virus (Henry Baker) Allstate patents spying on driver's physio data (Henry Baker)_ Re: Weinstein on "L.A. plans potentially disastrous switch to 'electronic' voting" (John Sebes) Re: The Titanic and the Ark (Gary Hinson) Re: OPM Hack: L0pht Testifies 17 Years Ago (Henry Baker) Cyber Security Hall of Fame ((Gene Spafford) RISKS 28.74 Wednesday 1 July 2015 Israel's comptroller: Biometric database full of flaws (Hanan Cohen) Most Internet anonymity [VPN service] software leaks users' details (QMUL) The latest RISKS items from TechWeekEurope (Werner U) *The Washington Post* to Deploy More Secure HTTPS Across Site (Gabe Goldberg) WiFi Offloading is Skyrocketing (Werner U) The sharp elbows of driverless cars (Mark Thorson) "Sad day for developers: SCOTUS denies Google's appeal on APIs" (Simon Phipps) "Microsoft quietly pushes 17 new trusted root certificates to all Windows systems" (Woody Leonhard) "Tap your iPad to order: Restaurant automation nobody needs" (Galen Gruman) Automation dependency: Children of the Magenta (Henry Baker) The Future of Car Keys? Smartphone Apps, Maybe (NYTimes) ISIS and the Lonely Young American (NYTimes) Leap Second problem (Bob Frankston) Growing opposition to the Leap Second (oMark Thorson) California mandatory vaccination harbinger of anti-virus software? (Henry Baker) Analyses of root causes? (Martyn Thomas) RISKS 28.75 Tuesday 7 July 2015 Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (multiple authors) David Cameron: Twitter and Facebook privacy is unsustainable (Politics) Cameron reaffirms there will be no "safe spaces" from UK snooping (Ars) Kenya to require users of Wi-Fi to register with government (Ars Technica) "Terrorism, the Internet, and Google" (Lauren Weinstein) Hacking Team responds to data breach, issues public threats and denials (Steve Ragan) 'Digital amnesia' on the rise as we outsource our memory to the Web (Science Alert via Lauren Weinstein) Mac OS Malware Exploits MacKeeper (BAE Systems via Werner U) Windows 10 will share your Wi-Fi key with your friends' friends (The Register) DVD drive in PC fire hazard (mctaylor) Embracing the Internet of Things Means Managing Privacy Risks With Care (HuffPost) Russian parliament adopts law forcing search engines to remove search results upon request (USNews) Researcher Who Reported E-voting Vulnerability Targeted by Police Raid in Argentina (Slashdot) Harvard announces data breach (The Boston Globe) Cisco leaves its Unified CDM software open to hackers (ComputerWorld) New MOOC: MediaLIT: Overcoming Information Overload (Dan Gillmor) RISKS 28.76 Wednesday 8 July 2015 Modal design leads to death of Marine (Steve Golson) Man killed by a factory robot in Germany; human error blamed (Ars via Richard I Cook) TransAsia flight: Shutdown Wrong Engine! (PGN) NYSE troubles predicted (Alister Wm Macintyre) "Technical issues" @ NYSE, UA, other places (Alister Wm Macintyre) United grounded (PGN) Is Cyber-Armageddon Upon Us? 3 Glitches Today Have Some Saying Yes (WiReD) Why back doors are a bad idea (PGN) More on Keys Under Doormats (PGN) Senate Judiciary "Going Dark" site is untrusted! (Henry Baker) FBI, Justice Dept. Take Encryption Concerns to Congress (Privacy) Hackers take over German missile battery in Turkey (Mark Thorson ) Screen Addiction Is Taking a Toll on Children (NYTimes) Senior Tech: A Tablet for Aging Hands Falls Short (NYTimes) Facing a Selfie Election, Presidential Hopefuls Grin and Bear It (NYTimes) Days of Our Digital Lives (NYTimes) Chicago's 'cloud tax' makes Netflix and other streaming services more expensive (The Verge) Cyber "Deterrence" considered harmful & mad (Henry Baker) NZ Harmful Digital Communications Bill (Richard A. O'Keefe) Some heads-up to consider for RISKS (found at Slashdot) Early adopters of Apple Music find playlists, album art, and metadata corrupted (mike) "OpenSSL tells users to prepare for a high severity flaw" (Lucian Constantin) Senate advances secret plan forcing Internet services to report terror activity (Ars) Matt Bonner Blames New iPhone 6 for Injury, Poor Shooting (Kyle Newport) Re: Windows 10 will share your Wi-Fi key with your friends' friends (Bob Frankston) Leap Second Causes Sporadic Outages Across the Internet (Cade Metz) Re: "Leap Second Problem" and "Growing opposition to the Leap Second" (David E. Ross) Re: DVD drive in PC fire hazard (Henry Baker) Re: Overcoming Information Overload (Mark E. Smith) RISKS 28.77 Saturday 11 July 2015 Outages continue: USDA; Amazon (Alister Wm Macintyre) When Computers Go Down, It's Not Always a Hack (takingnote) An Offline NYSE. Makes Barely a Ripple in a Day's Trading (NYTimes) Moxie Marlinspike (WSJ) The Massive OPM Hack Actually Hit 25 Million People (WiReD) OpenSSL Patches Critical Certificate Forgery Bug (SlashDot) Hackdoors & Crypto Wars (Eric Geller via Henry Baker) Senator: OPM Hack Gave China a Spy Recruiting Database (Ben Sasse via Henry Baker) Privacy risks in healthcare (PGN) EFF report on the Going Dark Senate hearing (PGN) Cyber criminals adopt recently patched zero-day exploit in a flash (Lucian Constantin) Map of Cyber Attacks (Norsecorp via Alister Wm Macintyre) India's Supreme Court May Ban Porn Viewing, Even in Private Homes (HuFfpost) Facing a Selfie Election, Presidential Hopefuls Grin (NYTimes) Your next selfie could be your last, Russia warns (Amar Toor) Re: NZ Harmful Digital Communications Bill (Macintyre, O'Keefe) Leap Second Causes Sporadic Outages Across the Internet (Brian Inglis, Bob Frankston) Re: Samsung is being sued in China (Wols) Ada Lovelace and Babbage (PGN) RISKS-Forum Digest Tuesday 14 July 2015 The Use of Encrypted, Coded, and Secret Communications is an `Ancient Liberty' Protected by the United States Constitution (VJoLT) The Dangers of Internet voting (Hans A. von Spakovsky) Report on Internet voting (U.S. Vote Foundation) U.N. body agrees to U.S. norms in cyberspace (Joseph Marks via Joly MacFie) Scent Received, With a Tap of a Smartphone (NYTimes) Theaters Struggle With Patrons' Phone Use During Shows (NYTimes) Addicted to Your Phone? There's Help for That (NYTimes) Sundar Pichai of Google Talks About Phone Intrusion (NYTimes) How China stopped its bloggers (AFR) Sports wearables may affect athletes' privacy, paycheques as well as performance (Christine Wong) Securing networks is harder than it was two years ago (BetaNews) Bitcoin wallets vulnerable to double-spending bug (BetaNews) Casper Bowden has died (BetaNews) Re: NZ Harmful Digital Communications Bill (Chris Drewe) Re: Chicago's 'cloud tax' makes Netflix ... more expensive (John Levine) RISKS 28.79 Monday 20 July 2015 The Golden Age of Surveillance (Peter Swire via Henry Baker) The history of backdoors and exceptional access (Matt Green) Nice little biz you got there, Apple. Hate for any laws to mess it up. (Benjamin Wittes) Code first, see how it looks later... (GovWatch via Gabe Goldberg) U.S. vs. Hackers: Still Lopsided... (Shear and Perlroth) Cameron --> Cameroff (PGN) Flaw in British school Internet monitoring software (The Guardian) Twitter privacy fail exposes private phone numbers (Lauren Weinstein) You Need to Speak Up For Internet Security. Right Now. (Katie Moussouris) Controversial new law on 'right to be forgotten' stirs debate in Russia (RBTH) FireEye ex-intern arrested for Darkode malware (Darren Pauli via Henry Baker) Oracle fixes zero-day Java flaw and over 190 other vulnerabilities (Lucian Constantin) Dog Bites Man; Surveillance Software Hacked (Thomas Fox-Brewster) Hairless Head in a Clueless Photo Booth (The NY Times) Trying to Win the Public's Trust With Autonomous Cars, at 120 MPH (NYT) California Firefighters impeded by drones (Gizmodo) Gun-Firing Drone Raises Some Eyebrows (PGN) Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware (Slashdot) Boeing: "P0wn drops keep falling on my head" (Cora Currier) Swindlers Target Older Women on Dating Websites (NYT) PayPal Notice of policy update (Gabe Goldberg) How a Simple Browser Add-On is Changing the Way Visually Impaired People Use the Web (good) Win10 updates to be mandatory for Home users (Peter Bright) New York Stock Exchange System Failure Draws Attention to Staff Cuts (NYT) Hacking Team hacked, attackers claim 400GB in dumped data (Steve Ragan) Why the Islamic State leaves tech companies torn between free speech and security (WashPost) Heartbleed and beyond: Marine Corps 'cyber range' trains to fight off hackers (WashPost) NSA Summer Camp: More Hacking Than Hiking (NYT) U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent Push (NYT) Civil Liability for End2End Encryption? (Conor Friedersdorf via Henry Baker) Re: Securing networks is harder than it was two years ago (Bob Frankston) RISKS 28.80 Wednesday 22 July 2015 Hackers Remotely Kill a Jeep on the Highway -- With Me in It (Andy Greenberg) Remote Exploitation of an Unaltered Passenger Vehicle (Anthony Thorn) Re: Self-driving cars (Dan Geer) Blumenthal/Markey legislation on auto security (PGN) More Senators' websites untrusted -- including Markey's (Henry Baker) Lufthansa flight has near-miss with drone near Warsaw (PGN) Re: Gun-Firing Drone Raises Some Eyebrows (PGN) Reign of terror: An online troll destroyes a family's offline life (WashPost) Ex-Lottery Worker Convicted of Programming System To Win $14M (Werner U) OPM: China not to blame; all's fair (Ellen Nakashima via Henry Baker) RedStar OS Watermarking (Florian Grunow) Shocking way to stop terrorists/hackers/researchers/... (Henry Baker) Microsoft Will Remove Revenge Porn From Search Results (Pavithra Mohan) Why Deleting Personal Information On The Internet Is A Fool's Errand (Daniel Terdiman) Google Street View Exposes a Man Who Told His Wife He Quit Smoking (GQ) Limits at Gawker? Rules at Reddit? Wild West Web Turns a Page (NYT) 3D-Printed Missiles (Shapeways via Henry Baker) Constitutional Malware (Jonathan Mayer) RISKS 28.81 Saturday 25 July 2015 Fiat Chrysler Issues Recall Over Hacking (Aaron M. Kessler) The Web-Connected Car Is Cool, Until Hackers Cut Your Brakes (Aaron M. Kessler) Fiat Chrysler "connected car" bug lets hackers take over Jeep remotely (Ars) Re: Jeep hack: The cure can be worse than the disease if the doctor is a quack (USA Today) Re: Hackers Remotely Kill a Jeep on the Highway (Mark Kramer) What's Wrong With the Internet and How We Can Fix It: Lori Emerson's Interview With Internet Pioneer John Day When the Internet's Moderators Are Anything But (Adrian Chen) Facebook blocked from challenging search warrants targeting its users (Lauren Weinstein) HP's ZDI discloses 4 new vulnerabilities in Internet Explorer (Woody Leonhard) Bug exposes OpenSSH servers to brute-force password guessing attacks (Werner U) Google: New research: Comparing how security experts and non-experts stay safe online (GoogleOnline via Lauren Weinstein) What My Landlord Learned About Me From Twitter (Haley Mlotek) "The messy truth about BYOD" (Galen Gruman) Looks like a bad idea: "Self-Destructing Gmail Possible With Free Chrome Extension" (ABC via LW) For .sucks Web domains, currency seems to be paid in reputations (BetaBoston via Bob Frankston) Court: You Have No Right To Privacy When You Butt Dial Someone (Mary Beth Quirk) Cellphone Ordinance Puts Berkeley at Forefront of Radiation Debate (NYT) Bison selfies are a bad idea: Tourist gored in Yellowstone as another photo goes awry (WashPost) Silver Bullet 112: Green and Bellovin on Crypto Back Doors (Gary McGraw) DMCA Takedown Notice for 127.0.0.1 (Wikipedia) Verizon's evil exposed yet again: "Is Verizon Planning on Becoming an All-Wireless-Only Company: Who Needs the Wires Anyway?" *HuffPost* RISKS 28.82 Wednesday 29 July 2015 *WashPost* Op-Ed on Crypto Disappeared (McConnell/Chertoff/Lynn) Chertoff & Leiter disagree with Comey (Henry Baker) Cyber "Defense" from Glass Houses (Henry Baker) Android Stagefright Flaws Put 950 million devices at risk (ThreatPost) Westpac missing out on $1m a day from computer deficiency (Dave Horsfall) Office 365 outage (Jeremy Epstein) Is There Such a Thing as `Ethical Cheating'? (NYTimes) For Ransom, Bitcoin Replaces the Bag of Bills (Nathaniel Popper) Spelling checkers don't catch everything, not even on Pluto (Thomas Koenig) Problems Riddle System to Check Buyers of Guns (NTYimes) Sweat the small stuff: anti-drones (ABC7 via Henry Baker) Chinese Tourist's Drone Crashes Into Taipei 101 Skyscraper (Slashdot) Don't bring your drone to New Zealand (Slashdot) PanoptiCity, USA: Municipal Surveillance (Henry Baker) "iPhone and Registration Please" (WiReD) Costco Photo Center compromised (David Farber) A Clinton Story Fraught With Inaccuracies: How It Happened and What Next? (NYTimes) Fiat Chrysler Issues Recall Over Hacking (NYTimes) Re: Hackers Remotely Kill a Jeep (David Lesher) The hackable car (Michael Bacon) Re: What's Wrong With the Internet (Dimitri Maziuk) Re: Facebook blocked from challenging search warrants targeting its users (R. G. Newbury) Re: For .sucks Web domains, currency seems to be paid in reputations (John Levine, Bob Frankston) RISKS 28.83 Digest Sunday 2 August 2015 Space Ship Two crash investigation results (NTSB via Alister Wm Macintyre) GW 9525 EASA crash report *Alister Wm Macintyre) FDA says don't use Hospira infusion pump due to hacking (Jeremy Epstein) Smart rifle can be hacked (Mark Thorson) Why you shouldn't trust your Intel/AMD/ARM chips (Henry Baker) Chertoff Feb 2015: No Backdoors! (Henry Baker) Re: Op-Ed Disappeared: *WaPo* production error (*WaPo via PGN) In Microsoft's Nokia Debacle, a View of an Industry's Feet of Clay (NYTimes) Windows XP: Embedded systems, what fun... (Gabe Goldberg) Windows 10 uses your bandwidth to send other people updates (TheNextWeb) Windows 10 Wi-Fi Sense feature shares your Wi-Fi network (Chris J Brady) Win10: Advertisers&FBI are the customers; you are the product (Henry Baker) U.S. Decides to Retaliate Against China's Hacking (NYTimes) Group that hacked Anthem shared weaponized 0-days with rival attackers (Ars) Vizio IPO plan shows how its TVs track what you're watching (Gabe Goldberg) OwnStar: Researcher hijacks remote access to OnStar (Ars) Study Of Spain's 'Google Tax' On News Shows How Much Damage It Has Done (TechDirt) SaaS: Surveillance as a Service (Henry Baker) Major flaw could let lone-wolf hacker bring down swaths of Internet (Ars) Wassenar on hold: Commerce caves on export rules (PGN) "Most Android phones can be hacked with a simple MMS message or multimedia file" (Lucian Constantin) Re: Android Stagefright Flaws Put 950 million devices at risk (Wol) Re: NZ Harmful Digital Communications Bill -- now Spain (Chris Drewe) Re: Hackable Car (Anthony Thorn) RISKS 28.84 Tuesday 4 August 2015 Lottery chief resigns in scandal (Wikipedia) Doctors Still In the Dark After Electronics Records Hack Exposes Data on 4 Million (Security Ledger) Google Cloud Platform to Let Customers Control Encryption Keys (DataCenterKnowledge) Counterterrorism expert says it's time to give companies offensive cybercapabilities (IT World) Nice item on Going Dark (Nick Weaver via PGN) Struggling to Disconnect From Our Digital Lives (NYTimes) Steep Discounts a Boon for Customers, but a Gamble for Start-Ups (NYTimes) Mark Karpeles, Chief of Mt. Gox Bitcoin Exchange, Arrested in Tokyo (NYTimes) UK peer calls for universal Internet delete button, may also want unicorns (Ars Technica) Why Consumers Should Tread Carefully with Samsung Galaxy's Price Cut? (NYTimes) Siri's new voice, new name: Comey (James Cook via Henry Baker) CISA could 'sweep away' Internet users' privacy (Sam Thielman) 'Hack Back' NACK (Grant Gross) Stolen Consumer Data Is a Smaller Problem Than It Seems (NYTimes) Vehicular connectivity system vulnerabilities may be far more widespread than Fiat Chrysler Jeep (Reuters) DDR3 modules found to be vulnerable to designed intensive memory accesses; alter other contents (Reuters) Re: Space Ship Two crash investigation results (Peter Bernard Ladkin) Re: Why you shouldn't trust your Intel/AMD/ARM chips (Bob Eager) Re: GW 9525 EASA crash report (Dick Mills) Re: Windows 10 and Wifi Sense (David Damerell) Re: Windows XP: Embedded systems, what fun... (Geoff Kuenning) Re: Don't bring your drones to New Zealand (Richard A. O'Keefe) RISKS 28.85 Wednesday 12 August 2015 Why `Smart' Objects May Be a Bad Idea (Zeynep Tufekci) Web's Random Numbers Are Too Weak, Researchers Warn (Mark Ward) Widespread voting machine election fraud? (AmericaBlog) Google's Search Algorithm Could Steal the Presidency (Adam Rogers) Algorithms and Bias: Q&A With Cynthia Dwork (Claire Cain Miller) What Attorneys and Their Clients Need to Know About Windows 10 and Microsoft's New Privacy Policies (Corhon Law) A key reason the new Microsoft Windows 10 privacy policies are so problematic for existing Windows 7 users Nine Charged in Insider Trading Case Tied to Hackers (NYTimes) BMW servers overloaded by Google's ALPHABET Inc. announcement (LW) Russian Cyberattack Targets Pentagon E-mail Systems (NBCNews) ICANN hacked -- again! (TheHackerNews) Researchers find major security flaw with ZigBee smarthome devices (Engadget) DefCon ProxyHam Talk Disappears but Technology is No Secret (Sean Michael Kerner) 'Santa Ana police officers sue to quash video of pot shop raid' (Scott Schwebke) Facebook and Twitter accounts seen as property (ABQ) IBM Locks Up Cloud Processes With [Obvious] Patents (InfoWeek) Code 'transplant' could revolutionise programming (WiReD) How to make a possible break-in worse: Rover rolls over (David Lesher) Mobile phone security moves in slow motion (Beta Boston) Deterrence Considered Harmful (John Arquilla via Henry Baker) An AT&T problem allegedly caused outage on Verizon, Sprint, T-Mobile Under Pressure, Google Promises To Update Android Security Regularly (Ars) Controversial cybersecurity bill would do little to stop hackers (The Guardian) Self-driving cars (xkcd 1559 via Gene Wirchenko) Among the States, Self-Driving Cars Have Ignited a Gold Rush (NYTimes) Re: Fiat Chrysler Issues Recall Over Hacking (Ivan Jager) Re: Space Ship Two crash investigation results (Don Norman) Re: Windows 10 and Wifi Sense (Bob Frankston) Re: Siri's new voice, new name: Comey (Jeremy Epstein) RISKS 28.86 Friday 14 August 2015 Security Researchers Hack a Car and Apply the Brakes Via Text (Samuel Gibbs) Vulnerability in Automobile immobiliser transponders (Anthony Thorn) Moscow-based antivirus firm Kaspersky Lab faked malware to harm rivals, claim ex-employees (Joseph Menn) Harvard student loses Facebook internship after pointing out privacy flaws (The Boston Globe) "IBM finds another Android phone bug" (Tim Greene) Mass. pot dispensary accidentally shares patients' email addresses (Adam Vaccaro) FTC Files complaints against Sequoia One and Gen X Marketing Group for Misuse of Financial Data (Bob Gezelter) If This is Accurate, It's Unbelievably Bad: "A Traffic Analysis of Windows 10" (Local Ghost) Even when told not to, Windows 10 just can't stop talking to Microsoft (Ars Technica) Lenovo puts crapware (malware?) in the BIOS (Chris Williams via Henry Baker) Audit Shows Extent of Snail Mail Surveillance (Ron Nixonaug) Denmark's most devastating hacker attack? (Donald B. Wagner) Retaliation against China is the wrong reaction to OPM hack (Jeffrey Carr via Henry Baker) RISKS 28.87 Monday 17 August 2015 Technical Problem Suspends Flights Along East Coast (NYTimes) Failing light rail safety system (Gerrit Muller) Re: Space Ship Two crash investigation results (Rogier Wolff) Backdoors Won't Solve Comey's Going Dark Problem (Bruce Schneier) NSA - AT&T relationship (PGN) Re: AT&T Helped N.S.A. Spy on an Array of Internet Traffic (John Gilmore) gmail policy on BCCs, related to Mass. pot dispensary (George Sigut) Frontier's e-mail password reset system is a guy named "Shawn" (Ars) Chico and Groucho Marx on the security of passwords (Lauren Weinstein) Wikipedia Hates Women: 4 Dark Sides of The Site We All Use (Cracked) Doubt Starts Chipping Away at the Market's Mind-Set (NYTimes) Data-Crunching Is Coming to Help Your Boss Manage Your Time (NYTimes) Where Clicks Reign, Audience Is King (NYTimes) Inside Amazon: Wrestling Big Ideas in a Bruising Workplace (NYTimes) Get Windows 10 (Anthony Thorn) RISKS 28.88 Tuesday 18 August 2015 Supreme Court's Free-Speech Expansion Has Far-Reaching Consequences (Adam Liptak) IRS `Get Transcript' hacked (PGN) SPARK want to shut down the paging service (Richard A. O'Keefe) The Google Search That Made the CIA Spy on the US Senate (Jason Leopold) Sundar Pichai is now Google CEO, but Wikipedia is fighting over his school (Indian Express via Lauren Weinstein) More thoughts on a Wikipedia alternative (Lauren Weinstein) Re: Sundar Pichai is now Google CEO, but Wikipedia is fighting over his school (Ron Teitelbaum) "Bug-free code: Another computer security lie" (Roger A. Grimes) Re: Space Ship Two crash investigation results (Don Norman, Roderick A Rees) Re: gmail policy on BCCs, related to Mass. pot dispensary (John Levine) RISKS 28.89 Wednesday 19 August 2015 Technical problem suspends flights along east coast (PGN) Could Hackers Take Down a City? (Andrea Peterson) Hackers Say They Have Released Ashley Madison Files (NYTimes) Ashley Madison hack affects more than 33 million users (PGN) Voting risk in UK Labour Leadership Election (Paul Gittins) Wikipedia freedom-of-editing (Ken Knowlton) Intel to customers: We listen to you... All The Time! (Ariha Setalvad) Ad Blockers and the Nuisance at the Heart of the Modern Web (NYTimes) Re: Supreme Court's Free-Speech Expansion Has Far-Reaching Consequences (Henry Baker) RISKS 28.90 Thursday 20 August 2015 Bitcoin is on the verge of a constitutional crisis (Timothy B. Lee) Uber Missed Criminal Records of Drivers, Prosecutors Assert (NYTimes) Lightning storm security risks (Morten Welinder) Recent Wikipedia items in RISKS (Denis Bloodnok) The Covert World of People Trying to Edit Wikipedia--for Pay (Lauren Weinstein) Socially controversial science topics on Wikipedia draw edit wars (Lauren Weinstein) Why the "Right To Be Forgotten" is the Worst Kind of Censorship (Lauren Weinstein) Data from hack of Ashley Madison cheater site purportedly dumped online (Ars Technica) Re: Could Hackers Take Down a City? (Alister Wm Macintyre) Re: Failing light rail safety system (Geoff Kuenning) Re: Supreme Court's Free-Speech Expansion ... (R. G. Newbury) Re: gmail policy on BCCs, related to Mass. pot dispensary (Geoff Kuenning) Re: IRS Get Transcript (Harlan Rosenthal) Re: Intel to customers: We listen to you... All The Time! (Edwin Slonim, Dimitri Maziuk) RISKS 28.91 Friday 21 August 2015 Ashley Madison needs Smarter Cheating??? (PGN on Jennifer Weiner) Dealing with the Devastation from the Ashley Madison Hack (Josh Barro and Justin Wolfers) ATM security risk: nonfinalization (Alister Wm Macintyre) Consumers are Cutting the Cord to Gain Choices and Pay Less (NYT) UK orders Google to `forget' 9 news articles about RTBF (Consumerist) Re: Could Hackers Take Down a City? (Peter Ladkin) Re: gmail policy on BCCs, related to Mass. pot dispensary (Robert L. Wilson) Re: Intel to customers: We listen to you... All The Time! (Baker, Slonim, Baker, Maziuk, Baker) RISKS 28.92 Air Traffic Ctlr directs pilot to.. nonexistent runway (danny burstein) FTC can sue for non-encryption? (Ars Technica via HB) Should Cops Be Allowed to Take Control of Self-Driving Cars? (Slate via LW) Car information security is a complete wreck (Cory Doctorow via HB) Your Car Network == CAN of Worms (Sean Gallagher via HB) Twitter's Right to Be Forgotten Move (Paul Alan Levy via Dave Farber) Political Tweets: Fuhgeddaboudem Danziger Bridge prosecutors' misconduct, anonymous comments unmasked; convictions overturned (Henry Baker) Recursive UnJournalism; RTBF Story is Forgotten (Mike Masnick via HB) Virtualization doubles the cost of security breach (Maria Korolov) DEFCON23: Mass /Virtual/ Murder (Chris Rock via HB) ATT hotspots injecting ads by tampering with HTTP (Jonathan Mayer) Win10 stops piracy & privacy, so why should I care? (Henry Baker) Crypto is hard ... (Rogier Wolff) Re: Failing light rail safety system (David Alexander) Re: gmail policy on BCCs, related to Mass. pot dispensary (Steve Peterson) Re: Ad Blockers and the Nuisance at the Heart of the Modern Web (David Alexander) Re: ATM security risk: nonfinalization (Alister Wm Macintyre, Geoff Kuenning) RISKS 28.93 Thursday 3 September 2015 Bloomberg: HSBC Fault Keeps 275,000 People From Payday (Gabe Goldberg) Automating Oil Drilling (Forbes) It's A Bird... It's A Plane... It's NonLethalDrone (Justin Glawe via Henry Baker) Drone-Killing Laser Cannon (Jordan Golson via Henry Baker) Comey high 5's Turkey for arresting encrypting journalists (Umut Uras) Breaking Wyndham (FTC via Henry Baker) A Roadmap for a World Without Drivers (Medium via Lauren Weinstein) Google's Driverless Cars Run Into Problem: Cars With Drivers (NYTimes) Uber Hires Two Engineers Who Showed Car Hackings (Isaac/Perlroth) Vehicles with keyless ignition systems may continue to run unattended (Bob Gezelter) Many new top-level domains have become Internet's `bad neighborhoods' (Ars Technica) Popular Belkin Wi-Fi routers plagued by unpatched security flaws (Lucian Constantin) Act Now To Save WiFi From The FCC (Brian Benchoff) Two-Factor Authentication Phishing From Iran (Citizen Lab) Heidelberg Laureate Forum on data collection (Katherine Noyes) No gigabyte nets for autonomous vehicles (Mike Liebhold, Ross Stapleton-Gray) Tools for Tailored Learning May Expose Students' Personal Details (NYTimes) Zuckerberg cheers as 1 billion suckers login to Facebook in 24 hours (Matthew Kruk) Windows 7, 8, and 10: Now all collecting user data for Microsoft (Fahmida Y. Rashid) Windows Creepy Spying extended to Win7/8 Unwanted data transmissions by Windows 10 (Joe Durusau) U.S. Senate Report on Target breach (Alister Wm Macintyre) Ashley Madison Hack Creates Ethical Conundrum For Researchers (HuffPost) Re: Data from hack of Ashley Madison cheater site (Dan Jacobson) Re: ATM security risk: nonfinalization (Dan Jacobson) RISKS 28.94 Sunday 20 September 2015 America's Voting Machines at Risk (Brennan Center) Hanging chad redux? US heading for 2000-style election catastrophe, report finds (Ed Pilkington) Leaked NSC Memo on Encryption (WashPost) Obama faces growing momentum to support widespread encryption (Nakashima and Peterson) WH Realizes Mandating Backdoors To Encryption Isn't Going To Happen (Tech Dirt) Why We Positively, Absolutely, Can't Trust the Government with Encryption (Lauren Weinstein) CISA on OPM: ``responding to a bear attack by stockpiling honey'' (Eric Geller via Henry Baker) Tech Companies Resist Govt Surveillance (Calo and Penuela) Kilton Public Library Reactivates Tor Node (Nora Doyle-Burr) Major Internet outage strikes again (Matthew Reed) American Airlines flew wrong plane to chawaii (WashPost) Hack on United Airlines Makes CIA's Job More Difficult (Cybersecintell) Drug lord may be in Costa Rica, based on tweet (Dan Jacobson) Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos (WiReD) Researcher Hacks Self-driving Car Sensors (IEEE Spectrum) Russian Hackers Hijack Satellite to Steal Data from Thousands of Hacked Computers (PGN) FireEye Malware Protection System hacked with malware (Henry Baker) Programming errors allow cracking of 11 million+ Ashley Madison passwords (Dan Goodin) Buffer Overflows: Blast from the Past (Henry Baker) "Attackers install highly persistent malware implants on Cisco routers" (Lucian Constantin) Brain Hacking state-of-art (Lovett in Analog) How Can a Netizen be Responsible and Secure? (Dick Mills) How to make the Internet worse for everyone except the slimeballs (Lauren Weinstein) One Symptom in New Medical Codes: Doctor Anxiety (NYTimes) Watch Out: If You've Got a Smart Watch, Hackers Could Get Your Data (David Robertson) "How Microsoft's data case could unravel the US tech industry" (Zack Whittaker) Mozilla: data stolen from hacked bug database was used to attack Firefox (Ars Technica) How Ashley Madison Hid Its Fembot Con From Users and Investigators (Gizmodo) "The Web's 10 most dangerous neighborhoods" (Maria Korolov) Faults Sense of Security (Henry Baker) Facebook's Like Buttons Will Soon Track Your Web Browsing to Target Ads (Technology Review) Boston still tracks vehicles, lies about it, and leaves sensitive resident data exposed online (Dig Boston) HP didn't get the security memo re HTTPS (Henry Baker) FBI Safety: Disconnect IoT Devices from the Internet (Henry Baker) Need to install a font on Windows 10? Turn on the firewall (SuperUser) Microsoft is downloading Windows 10 to your machine 'just in case' (LW) Re: Windows 7, 8, and 10: Now all collecting user data for Microsoft (Erling Kristiansen) Re: Unwanted data transmissions by Windows 10 (Wol) Re: No gigabyte nets for autonomous vehicles (Dimitri Maziuk, Wol) Re: Vehicles with keyless ignition systems... (Chris Drewe) Re: Google's Driverless Cars Run Into Problem: Lack of appreciation of "social" (Bob Frankston) RISKS 28.95 Thursday 24 September 2015 Crooked software: VW Is Said to Cheat on Diesel Emissions; U.S. to Order Big Recall (NYTimes) Ethics in Engineering: Volkswagen's Diesel Fiasco (Hackaday via LW) OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought Sensors You Can Swallow Could Be Made of Nutrients and Powered by Stomach Acid (Neil Savage) Trojan targets online poker sites, peeks at players' cards (Ars Technica) India Draft Encryption Policy Doc lays out horrendous requirements (Deity) Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes (Data Breaches) Researchers say South Korea-backed child monitoring app was wide open to hackers (AP) D-Link Oops (Help Net) AVG privacy -not- policy (Softpedia) "Sloppy dev practices allowed malware into Apple App Store" (Fahmida Y. Rashid) Apple Confirms Discovery of Malicious Code in Some App Store Products (NYTimes) Skype Service Problems for Some Users Worldwide (NYTimes) Syndry risky thoughts caused by weekend's SLASHDOT articles (Werner U) Symantec employees fired for issuing rogue HTTPS certificate for Google (Ars Technica) iPhone 6s's Hands-Free Siri Is an Omen of the Future (NYTimes) As Head-Up Displays Become Common, Distraction Becomes an Issue (NYTimes) France tells Google to remove search results globally, or face big fines (Ars Technica) Yes, the FCC might ban your operating system (PRPL) Re: One Symptom in New Medical Codes: Doctor Anxiety (William Ehrich) Re: Researcher Hacks Self-driving Car Sensors (Martin Ward, LW) Re: "The Web's 10 most dangerous neighborhoods" (John Levine) Re: Why We Positively, Absolutely, Can't Trust the Government with Encryption (William Ehrich) Re: Unwanted data transmissions by Windows 10 (Carl Byington) Re: How to make the Internet worse for everyone except the slimeballs (Dan Jacobson, Lauren Weinstein) Re: Vehicles with keyless ignition systems... (Dan Jacobson) RISKS 28.96 Monday 28 September 2015 Parallel testing for VW-like voting systems? (Zeynep Tufekci) VW Scandal: Premature Evaluations (Jean-Louis Gassée) U.S. and China establish cyber working group with Cold War-esque 'hotline' (Daily Dot) China-US hacking accord is tall on rhetoric, short on substance (David Kravets) Automated voice imitation can fool humans and machines (Science Daily) Cyber Costs Exceed Cyber Benefits Beyond 2019 (Zurich Insurance via Tom Gray) TV vs. the Internet: Who Will Win? (Jacob Weisberg) Obama administration on encryption backdoors (WashPo) Smaller, Faster, Cheaper, Over: The Future of Computer Chips (John Markoff) Re: How to make the Internet worse for everyone except the slimeballs (David E. Ross) RISKS 28.97 Tuesday 29 September 2015 EPA v VW cheatware, AI & "machine learning" (Henry Baker) Volkswagen Law (Bloomberg) Security Standards: cars, voting, medical, critical infrastructure, etc. (Alister Wm Macintyre) Re: VW Scandal (Robert Schaefer) Gaming security (Michael Albaugh) Storing secret crypto keys in the Amazon cloud? New attack can steal them (Ars Technica) GCHQ operation "Karma Police" (Slashdot) Network scientists have discovered how social networks can create the illusion that something is common when it is actually rare (MIT) Law Enforcement's Love/Hate Relationship with Cloud Auto Backup (Lauren Weinstein) Hello Barbie (The Week) Re: U.S. and China cyber establish 'hotline' (Henry Baker) Re: Ad-blocking (L. Mark Stone) RISKS 28.98 and RISKS 28.00 29 Sep 2015 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 28 (11 Jun 2014 - 29 Sep 2015) ------------------------------ End of RISKS-FORUM Digest 28.00 (28.98) ************************ .