RISKS-LIST: Risks-Forum Digest  Saturday 14 April 2018  Volume 30 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/30.65>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Half of European flights delayed due to system failure (BBC)
Atlanta Airport Shuts Down Wi-Fi Following Cyber Attack on City (Conde-Nast)
Bridges and privacy (Gizmodo)
Chinese man caught by facial recognition at pop concert (BBC)
Is Science Hitting a Wall? (Scientific American)
Prescribing error in EHR results in death of man (Healthcare IT)
Elon Musk: Do you trust this computer? (Ed DeWath, Grady Booch)
"Flaw exposes cities' emergency alert sirens to hackers" (ZDNet)
"How safe is your air-gapped PC? Attackers can now suck data out via
  power lines" (Liam Tung)
DHS finds suspected phone spying in Washington (ABC News)
"Windows security: Microsoft patch for Outlook password leak bug
  'not a full fix'" (Liam Tung)
The biggest Black Lives Matter page on Facebook is fake (CNN)
Fox News accidentally puts up a poll graphic that shows how they
  are the least trusted network (BoingBoing)
"On Facebook, Zuckerberg gets privacy and you get nothing" (Zack Whittaker)
Facebook exec: If you want privacy, expect to pay for it (NYPost)
Facebook Suspends Another Data Analytics Firm As Scandal Widens (NPR)
Cambridge Analytica Could Also Access Private Facebook Messages (WiReD)
Protecting Democracy Using Firewalls (Mark Rockman)
A New AI "Journalist" Is Rewriting the News to Remove Bias (Kristin Houser)
People must retain control of autonomous vehicles (Nature)
Waze's crazy routing over a 32% grade road (Gabe Goldberg)
Relevant Comic? (Freefall)
"LG's 'Software Upgrade Center' feels slightly too familiar" (J.R. Raphael)
Richest 1% on target to own two-thirds of all wealth by 2030
  (Michael Savage)
The dots do matter: how to scam a Gmail user (James H Fisher)
"A bad day with mobile 2FA" (Evan Schuman)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 03 Apr 2018 20:27:26 -0400
From: Jose Maria Mateos <ch...@rinzewind.org>
Subject: Half of European flights delayed due to system failure (BBC)

The unspecified problem was with the Enhanced Tactical Flow Management
System, which helps to manage air traffic by comparing demand and capacity
of different air traffic control sectors.

It manages up to 36,000 flights a day. Some 29,500 were scheduled on Tuesday
when the fault occurred.

When the system failed, Eurocontrol's contingency plan for a failure in the
system deliberately reduced the capacity of the entire European network by
10%. It also added what it calls "predetermined departure intervals" at
major airports.

http://www.bbc.com/news/world-europe-43633094

------------------------------

Date: Thu, 5 Apr 2018 08:07:49 -0400
From: "Dave Farber" <far...@gmail.com>
Subject: Atlanta Airport Shuts Down Wi-Fi Following Cyber Attack on City
  (Conde-Nast Traveler)

https://apple.news/AZbvgYA59TV2-4JvrTzOhnA

------------------------------

Date: Tue, 03 Apr 2018 00:40:20 -0400
From: "Arthur T." <risks201802.10.ats...@xoxy.net>
Subject: Bridges and privacy (Gizmodo)

Here's an article about a city about to install a pedestrian bridge built
with a new technique. The article doesn't mention the collapse of a
pedestrian bridge with a new design which collapsed in Florida just a few
weeks ago.

But of more interest to this RISKS group is the fact that they'll be
installing a "series of smart sensors [...] so the bridge will actually know
how many people are walking on it and how quickly they're moving." I wonder
if this could be a privacy concern, especially since it's being built in
"the largest and best-known red-light district in Amsterdam."

http://gizmodo.com/the-first-3d-printed-steel-bridge-looks-like-it-broke-o-1824252512

------------------------------

Date: Sat, 14 Apr 2018 18:08:37 +0800
From: Richard M Stein <rmst...@ieee.org>
Subject: Chinese man caught by facial recognition at pop concert (BBC)

http:/www.bbc.com/news/world-asia-china-43751276

  "Chinese police have used facial recognition technology to locate and
  arrest a man who was among a crowd of 60,000 concert goers."  "China has a
  huge surveillance network of over 170 million CCTV cameras."

1 - (1/60000) ~= 0.999983; an impressive match rate given historically
published facial recognition achievement. CIA's World Fact Book states, as
of 2017, PRC population @ ~1.38B folks. 1.38 Bpeople/170 Mcameras ~= 8.1
people/camera surveillance density!

------------------------------

Date: April 7, 2018 at 5:20:24 PM EDT
From: John Horgan <jhor...@stevens.edu>
Subject: Is Science Hitting a Wall? (Scientific American)

Economists show that increased research efforts are yielding decreasing
returns.

Once again, I'm brooding over science's limits. I recently posted Q&As with
three physicists with strong opinions on the topic -- David Deutsch, Marcelo
Gleiser and Martin Rees -- as well as this column: Is Science Infinite?
Then, in March I attended a two-day brainstorming session -- which I'll call
The Session -- with 20 or so science-y folks over whether science is slowing
down and what we can do about it.

The Session was inspired in part by research suggesting that scientific
progress is stagnating. In Are Ideas Getting Harder to Find?, four
economists claim that ``a wide range of evidence from various industries,
products, and firms show[s] that research effort is rising substantially
while research productivity is declining sharply.''  The economists are
Nicholas Bloom, Charles Jones and Michael Webb, all from Stanford, and John
Van Reenen of MIT.

As an counter-intuitive example, they cite Moore's Law, noting that
the ``number of researchers required today to achieve the famous
doubling every two years of the density of computer chips is more than 18
times larger than the number required in the early 1970s.''  The
researchers found similar trends in research related to agriculture and
medicine. More and more research on cancer and other illnesses has produced
fewer and fewer lives saved....

https://blogs.scientificamerican.com/cross-check/is-science-hitting-a-wall/

------------------------------

Date: Thu, 5 Apr 2018 22:36:41 -0700
From: Stephen McCallister <steve.mccallis...@frontier.com>
Subject: Prescribing error in EHR results in death of man (Healthcare IT)

http://www.healthcareit.com.au/article/electronic-prescribing-error-month-ol

------------------------------

Date: April 7, 2018 at 1:19:27 PM EDT
From: Dewayne Hendricks <dewa...@warpspeed.com>
Subject: Elon Musk: Do you trust this computer?

  [via Dave Farber]

Note: This item comes from friend Ed DeWath.  Again, the window to view this
video on YouTube is just this weekend.  Have at it!  DLH]

Elon Musk, YouTube, 6 Apr 2018
Do you trust this computer?
https://www.youtube.com/watch%3Fv%3D_McBS1NlHJM

Elon Musk -- who believes artificial intelligence could help trigger the
next world war -- has issued another severe warning about how
super-intelligent machines could come to dominate the world. Those super
computers could become "an immortal dictator from which we would never
escape," Musk passionately warns in the new documentary "Do You Trust This
Computer?"

In the documentary, directed by Chris Paine (the man behind 2006's "Who
Killed The Electric Car?"), Musk joins a growing chorus of experts warning
that intelligent machines are already fundamentally changing our society by
amassing personal data, advancing science and medicine and beginning to
create new forms of super intelligence.

Musk paid for "Do You Trust This Computer" to be streamed free on YouTube over 
the weekend.

------------------------------

Date: April 7, 2018 at 2:34:31 PM EDT
From: Grady Booch <egr...@booch.com>
Subject: Elon Musk -- Do you trust this computer?

  [Follow-up in Dave Farber's IP list]

I followed Elon's thread in Twitter, and had an extended dialog with some
there after.

Here is partly what I had to say:

While well-produced, it is indeed rather alarmist (and offers little balance
as to the good therein); it also muddles the role of AI (many of the moments
in the documentary could be said of non-AI software-intensive systems).
Furthermore it radically ignores history (one gets the impression that AI
began in Silicon Valley with Google/Facebook/etc.) and finally, while it
hammers the emotional elements, it offers nothing actionable for the viewer.

------------------------------

Date: Tue, 10 Apr 2018 10:17:07 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Flaw exposes cities' emergency alert sirens to hackers" (ZDNet)

http://www.zdnet.com/article/radio-flaw-exposed-cities-emergency-alert-sirens-to-hackers/

Zack Whittaker for Zero Day, Apr 10, 2018
San Francisco -- and other cities and campuses -- had hackable
radio-controlled sirens.

------------------------------

Date: Thu, 12 Apr 2018 09:50:48 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "How safe is your air-gapped PC? Attackers can now suck data
  out via power lines" (Liam Tung)

Liam Tung, ZDNet, 12 Apr 2018
You'll now need to monitor the power cables connecting to isolated
computers holding sensitive information.
http://www.zdnet.com/article/how-safe-is-your-air-gapped-pc-attackers-can-now-suck-data-out-via-power-lines/

selected text:

Researchers from Israel's Ben Gurion University of the Negev have shown once
again that air-gapped PCs are not safe from a determined and patient
attacker.

Techniques they've proven work include a drone-assisted attack on a
computer's flashing LEDs, using a CPU's low-frequency magnetic radiation to
leak data through a Faraday cage, and attacking the very CCTV cameras used
to monitor air-gapped computers.

  [Another bonus risk in a risk with the CCTV cameras being subverted.]

------------------------------

Date: Tue, 3 Apr 2018 11:10:45 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: DHS finds suspected phone spying in Washington (ABC News)

[DUH!] via NNSquad
http://abcnews.go.com/Technology/wireStory/apnewsbreak-dhs-finds-suspected-phone-spying-washington-54208110

  For the first time, the U.S. government has publicly acknowledged the
  existence in Washington of what appear to be rogue devices that foreign
  spies and criminals could be using to track individual cellphones and
  intercept calls and messages.  The use of such cellphone-site simulators
  by foreign powers has long been a concern, but American intelligence and
  law enforcement agencies -- which use such eavesdropping equipment
  themselves -- have been silent on the issue until now.

------------------------------

Date: Wed, 11 Apr 2018 09:40:28 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "Windows security: Microsoft patch for Outlook password leak
  bug 'not a full fix'" (Liam Tung)

Liam Tung, ZDNet, 11 Apr 2018
Attackers can make Outlook leak password hashes just by previewing an
RTF-formatted email.
http://www.zdnet.com/article/windows-security-microsoft-patch-for-outlook-password-leak-bug-not-a-full-fix/

selected text:

Microsoft has fixed an important Outlook bug it's known about for over a
year, capable of leaking password hashes when users preview a Rich Text
Format (RTF) email with remotely hosted OLE objects.

However, Dormann notes that Microsoft's fix for the vulnerability
CVE-2018-0950 doesn't prevent all remote SMB attacks.

Microsoft is of the view that this bug is "more likely" to be exploited now
that it's known.

  [Really?  (Did the Microsoft spokesperson think about the matter before
  stating this last bit?)]

------------------------------

Date: Mon, 9 Apr 2018 15:28:51 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: The biggest Black Lives Matter page on Facebook is fake (CNN)
NNSquad
http://money.cnn.com/2018/04/09/technology/fake-black-lives-matter-facebook-page/index.html

  The page, titled simply "Black Lives Matter," had almost 700,000 followers
  on Facebook, more than twice as many as the official Black Lives Matter
  page. It was tied to online fundraisers that brought in at least $100,000
  that supposedly went to Black Lives Matter causes in the U.S. At least
  some of the money, however, was transferred to Australian bank accounts,
  CNN has learned. Fundraising campaigns associated with the Facebook page
  were suspended by PayPal and Patreon after CNN contacted each of the
  companies for comment.  Donorbox and Classy had already removed the
  campaigns. The discovery raises new questions about the integrity of
  Facebook's platform and the content hosted there.

------------------------------

Date: Mon, 9 Apr 2018 15:52:04 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Fox News accidentally puts up a poll graphic that shows how they
  are the least trusted network

[Oops!] via NNSquad
http://boingboing.net/2018/04/09/fox-news-accidentally-puts-up.html

  When host Howard Kurtz asked for a poll to be put up on the screen that
  asks if the media reports fake news, viewers got a look at the wrong poll
  - one put out by Monmouth University that asks people which network they
  trust more, CNN, MSNBC, or Fox News. Not surprising but a knee-slapper
  nonetheless, the graphic for the poll showed that people trusted CNN most,
  at 48%, followed by MSNBC at 45%. Fox came in last place with a mere 30%
  of those polled thinking that the network was trustworthy. Kurtz quickly
  said, "This is not the graphic we're looking for - hold off. Take that
  down please!"

------------------------------

Date: Wed, 11 Apr 2018 10:08:06 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "On Facebook, Zuckerberg gets privacy and you get nothing"
  (Zack Whittaker)

   [Not that this is a surprise, but.]

Zack Whittaker for Zero Day, 10 Apr 2018
Opinion: Facebook's way of showing how little it cares about its users'
privacy is by doing something only when it gets caught.
http://www.zdnet.com/article/facebook-two-tier-privacy-one-rule-for-zuckerberg/

Facebook just can't catch a break -- not that many think it should.

BuzzFeed described it best: Facebook has a "two-tier privacy system" that
favors its leaders and executives.

The rest of us can, in other words, go to hell.

What's clear is that there's a trend of Facebook and its executives
distancing themselves from facing up to their users and taking
responsibility for their mistakes. Facebook isn't even trying to get ahead
of the story -- or stories, as the scandal keeps getting bigger -- and only
acts when it's caught with its hand in the cookie jar.  And, even then, the
company is only slapping a Band-Aid on to save face amid pressure from
governments and shareholders -- the only two things that Facebook is
vulnerable to.

What better way to show how little the company cares about its users'
privacy than by acting only when it gets caught.

------------------------------

Date: Sat, 7 Apr 2018 00:01:08 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Facebook exec: If you want privacy, expect to pay for it (NYPost)

NNSquad
http://nypost.com/2018/04/06/facebook-exec-if-you-want-privacy-expect-to-pay-for-it/

  Want privacy on Facebook? Cough up some cash. The social-media site plans
  to extort users who want to keep their personal data away from advertisers
  -- by demanding they pay for the privilege, the company's second in
  command, Sheryl Sandberg, revealed on Friday.

I've got a better idea. Get the hell off of Facebook!
"Seriously, It's Time to Ditch Facebook and Give Google+ a Try"

http://lauren.vortex.com/2018/03/20/seriously-its-time-to-ditch-facebook-and-give-google-a-try

------------------------------

Date: Mon, 9 Apr 2018 11:40:21 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Facebook Suspends Another Data Analytics Firm As Scandal Widens (NPR)

via NNSquad
http://www.npr.org/sections/thetwo-way/2018/04/09/600833691/report-facebook-suspends-another-data-analytics-firm-as-scandal-widens

  As the Facebook scandal over Cambridge Analytica's misuse of the personal
  data of millions of users continues to unfold, Facebook is suspending
  another data analytics firm over similar allegations.  According to
  reporting by CNBC, Cubeyou collected data from Facebook users through
  personality quizzes "for non-profit academic research" developed with
  Cambridge University -- then sold the data to advertisers.

------------------------------

Date: Tue, 10 Apr 2018 09:55:22 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Cambridge Analytica Could Also Access Private Facebook Messages
  (WiReD)

[Worse and worse] via NNSquad
http://www.wired.com/story/cambridge-analytica-private-facebook-messages/

  The Data Consulting firm Cambridge Analytica, which harvested as many as
  87 million Facebook users' personal data, also could have accessed the
  private inbox messages of some of those affected. Facebook slipped this
  previously undisclosed detail into the notifications that began appearing
  at the top of News Feeds on Monday. These alerts let users know whether
  they or their friends had downloaded a personality quiz app called This Is
  Your Digital Life, which would have caused their data to be collected and
  passed on to Cambridge Analytica.  Facebook buried the disclosure in the
  details about what information was compromised: "A small number of people
  who logged into 'This Is Your Digital Life' also shared their own News
  Feed, timeline, posts and messages which may have included posts and
  messages from you."

------------------------------

Date: Sun, 8 Apr 2018 20:37:02 -0400
From: Mark Rockman <userm...@mdrsesco.biz>
Subject: Protecting Democracy Using Firewalls

In the United States federal elections are managed separately by the 50
states.  Protections from hacking into voter registration rolls are left in
the hands of state legislatures and understaffed IT departments.  The state
legislatures provide just enough money to get the elections done. They don't
provide for upgrading equipment and software to keep hackers out.  They
don't provide guidelines on configuration.  They don't advise people to
change their passwords frequently nor enforce such policy nor advise
rightful end users not to reply to an e-mail or phone call with a password.
And how about rules against running operating systems that don't get regular
patches to plug holes called "vulnerabilities."  There are appliances that
can be stationed between a LAN and the Internet that are very effective, if
properly configured, in keeping the Russians out.  SSLs and VPNs are very
handy.  News reports make hacking sound as if it is the inevitable result of
using high technology when the problem is really with ignorance and
technophobia on the part of election managers and pennywise-pound-foolish
state legislatures.

------------------------------

Date: April 8, 2018 at 8:15:36 AM EDT
From: Dewayne Hendricks <dewa...@warpspeed.com>
Subject: A New AI "Journalist" Is Rewriting the News to Remove Bias
  (Kristin Houser)

  [Note:  This item comes from friend Robert Berger.  DLH]

Kristin Houser, Futurism, 6 Apr 2018
https://futurism.com/ai-journalist-media-bias-news-knowhere/

Want your news delivered with the icy indifference of a literal robot? You
might want to bookmark the newly launched site Knowhere News. Knowhere is a
startup that combines machine learning technologies and human journalists to
deliver the facts on popular news stories.

Here's how it works. First, the site's artificial intelligence (AI) chooses
a story based on what's popular on the Internet right now. Once it picks a
topic, it looks at more than a thousand news sources to gather
details. Left-leaning sites, right-leaning sites -- the AI looks at them
all.

Then, the AI writes its own *impartial* version of the story based on what
it finds (sometimes in as little as 60 seconds). This take on the news
contains the most basic facts, with the AI striving to remove any potential
bias. The AI also takes into account the trustworthiness of each source,
something Knowhere's co-founders preemptively determined. This ensures a
site with a stellar reputation for accuracy isn't overshadowed by one that
plays a little fast and loose with the facts.

For some of the more political stories, the AI produces two additional
versions labeled Left and Right.  Those skew pretty much exactly how you'd
expect from their headlines:

 * Impartial: U.S. to add citizenship question to 2020 census
 * Left: California sues Trump administration over census citizenship
   question
 * Right: Liberals object to inclusion of citizenship question on 2020
   census

Some controversial but not necessarily political stories receive
Positive and Negative spins:

 * Impartial: Facebook scans things you send on messenger, Mark Zuckerberg
   admits
 * Positive: Facebook reveals that it scans Messenger for inappropriate content
 * Negative: Facebook admits to spying on Messenger, scanning' private
   images and links

Even the images used with the stories occasionally reflect the content's
bias. The Positive Facebook story features CEO Mark Zuckerberg grinning,
while the Negative one has him looking like his dog just died.

Knowhere's AI isn't putting journalists out of work, either.

Editor-in-chief and co-founder Nathaniel Barling told Motherboard that a
pair of human editors review every story. This ensures you feel like you're
reading something written by an actual journalist, and not a Twitter
chatbot. Those edits are then fed back into the AI, helping it improve over
time. Barling himself then approves each story before it goes live. ``The
buck stops with me,'' he told Motherboard.

This human element could be the tech's major flaw. As we've seen with other
AIs, they tend to take on the biases of their creators, so Barling and his
editors will need to be as impartial as humanly possible -- literally -- to
ensure the AI retains its impartiality.

------------------------------

Date: Fri, 6 Apr 2018 08:35:39 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: People must retain control of autonomous vehicles (Nature)

NNSquad
http://www.nature.com/articles/d41586-018-04158-5

  Policymakers need to work more closely with academics and manufacturers to
  design appropriate regulations. This is extremely challenging because the
  research cuts across many disciplines.  Here, we highlight two areas --
  liability and safety -- that require urgent attention.

------------------------------

Date: Sat, 7 Apr 2018 11:47:13 -0400
From: Gabe Goldberg <g...@gabegold.com>
Subject: Waze's crazy routing over a 32% grade road

It's a common story of small towns and residents living on once-quiet
streets are sometimes annoyed by the influx of traffic that Waze, traffic
way-finding apps, and ride-hailing services have wrought.
http://www.wired.com/2016/07/better-ways-kill-traffic-lying-waze/

But residents along Baxter Street in Los Angeles' Echo Park neighborhood --
reportedly one of the steepest streets in America (comprising two
major hills) -- are now banding together to try to change local traffic
patterns. Neighbors have contacted city officials and Waze's parent company,
Google, to try to mitigate the problem. ...

According to a Wednesday report in the *Los Angeles Times*, locals say that
they've noticed an uptick in serious accidents.
http://www.latimes.com/local/california/la-me-lopez-echo-park-traffic-20180404-story.html

``The car came through our garden, went through two fences, and ended up
backwards hanging over our driveway,'' resident Jason Luther told the paper.
``Rain is a huge problem,'' another resident, Robbie Adams, said.  ``People
start skidding and spinning. We had our garden wall knocked down twice, and
my wife's car got hit in our own driveway. I've seen five or six cars smash
into other cars, and it's getting worse.''

The street, which dates back to 1872, has a 32-percent grade -- more than
double what current city law allows for today.

http://arstechnica.com/tech-policy/2018/04/waze-blamed-for-rise-in-accidents-along-one-of-steepest-streets-in-us/

------------------------------

Date: Tue, 03 Apr 2018 14:12:54 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: Relevant Comic? (Freefall)

Scotty and La Forge never had this problem:

http://freefall.purrsia.com/ff3200/fc03104.png
What a tangled Web we weave.

------------------------------

Date: Fri, 13 Apr 2018 10:09:10 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "LG's 'Software Upgrade Center' feels slightly too familiar"
  (J.R. Raphael)

JR Raphael, Computerworld. 12 Apr 2018
How many times can a company cry wolf before we all stop listening?
http://www.computerworld.com/article/3268610/android/lg-software-upgrade-center-android.html

selected text:

By my calculations, seeing this morning's news that LG is opening up a
"Software Upgrade Center" -- the industry's "first such facility aimed at
providing customers worldwide with faster, timelier smartphone operating
system and software updates" (!) -- could result in three distinct
reactions.

First is the woefully uninformed, overly positive reception -- the one LG
clearly hopes to elicit with its over-the-top press release: "Whoa! Look at
LG! It's breaking new ground and showing just how committed to customers it
really is."

Second is the guardedly optimistic view: "Look, I know LG has never been the
best with Android upgrades, but it always tries. Maybe this will be a new
beginning. Maybe things are about to get great!"

And third is the seriously skeptical view: "Riiiiight. LG always talks a
good game with Android upgrades, but it never actually delivers.  Looks like
more of the same ol' silliness we see every year."

Me? As someone who's tracked and analyzed Android upgrades closely since the
start, I tend to veer more toward that final view of skepticism.

As a certain smart-alecky writer once put it, the company truly does excel
at one thing in this domain: being the first to announce a new OS
rollout. ["announce" was in italics.]

----------------------------------------

Date: Sat, Apr 7, 2018 at 3:42 PM
From: Dewayne Hendricks <dewa...@warpspeed.com>
Subject: Richest 1% on target to own two-thirds of all wealth by 2030
  (Michael Savage)

[Note:  This item comes from friend Robert Berger.  DLH]

Michael Savage, *The Guardian*, 7 Apr 2018
World leaders urged to act as anger over inequality reaches a `tipping
point'
http://www.theguardian.com/business/2018/apr/07/global-inequality-tipping-point-2030

The world's richest 1% are on course to control as much as two-thirds of the
world's wealth by 2030, according to a shocking analysis that has lead to a
cross-party call for action.

World leaders are being warned that the continued accumulation of wealth at
the top will fuel growing distrust and anger over the coming decade unless
action is taken to restore the balance.

An alarming projection produced by the House of Commons library suggests
that if trends seen since the 2008 financial crash were to continue, then
the top 1% will hold 64% of the world's wealth by 2030. Even taking the
financial crash into account, and measuring their assets over a longer
period, they would still hold more than half of all wealth.

Since 2008, the wealth of the richest 1% has been growing at an average of
6% a year -- much faster than the 3% growth in wealth of the remaining 99%
of the world's population. Should that continue, the top 1% would hold
wealth equating to $305 trillion -- up from $140 trillion today.

Analysts suggest wealth has become concentrated at the top because of
recent income inequality, higher rates of saving among the wealthy, and the
accumulation of assets. The wealthy also invested a large amount of equity
in businesses, stocks and other financial assets, which have handed them
disproportionate benefits.

New polling by Opinium suggests that voters perceive a major problem with
the influence exerted by the very wealthy. Asked to select a group that
would have the most power in 2030, most (34%) said the super-rich, while 28%
opted for national governments. In a sign of falling levels of trust, those
surveyed said they feared the consequences of wealth inequality would be
rising levels of corruption (41%) or the ``super-rich enjoying unfair
influence on government policy'' (43%).

The research was commissioned by Liam Byrne, the former Labour cabinet
minister, as part of a gathering of MPs, academics, business leaders, trade
unions and civil society leaders focused on addressing the problem.

The actor Michael Sheen, who has opted to scale back his Hollywood career
to campaign against high-interest credit providers, was among those
supporting the calls.

The hope is to create pressure for global action when leaders of the G20
group of nations gather for a summit in Buenos Aires in November. Byrne,
who organised the first OECD global parliamentary conference on inclusive
growth, said he believed global inequality was ``now at a tipping point''.

``If we don't take steps to rewrite the rules of how our economies work,
then we condemn ourselves to a future that remains unequal for good.  That's
morally bad, and economically disastrous, risking a new explosion in
instability, corruption and poverty.''

In a sign of the concern about the accumulation of wealth in the hands of
so few, the move has gained support from across the political divide.

George Freeman, the Tory MP and former head of the prime minister's policy
board, said: ``While mankind has never seen such income inequality, it is
also true that mankind has never experienced such rapid increases in living
standards. Around the world billions of people are being lifted out of
poverty at a pace never seen before. But the extraordinary concentration of
global wealth today -- fueled by the pace of technological innovation and
globalisation -- poses serious challenges.

``If the system of capitalist liberal democracy which has triumphed in the
west is to pass the big test of globalisation -- and the assault from
radical Islam as well as its own internal pressures from post-crash
austerity -- we need some new thinking on ways to widen opportunity, share
ownership and philanthropy. Fast.''

Demands for action from the group include improving productivity to ensure
wages rise and reform of capital markets to promote greater equality. [...]

------------------------------

Date: Sat, 7 Apr 2018 18:40:51 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: The dots do matter: how to scam a Gmail user

NNSquad
http://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html

  Where is the security flaw here? Some would say it's Netflix's fault; that
  Netflix should verify the email address on sign up. But using someone
  else's address on signup only cedes control of the account to that
  person. Others would say that Netflix should disallow the registration of
  james.hfis...@gmail.com, but this would force Netflix and every other
  website to have insider knowledge of Gmail's canonicalization algorithm.
  Actually, the blame lies with Gmail, and specifically Gmail's "dots don't
  matter" feature.  The scam fundamentally relies on the Gmail user
  responding to an email with the assumption that it was sent to their
  canonical address, and not to some other address from their infinite
  address set.

This has been a problem with Gmail for ages. Even if you are not scammed by
crooks exploiting this, it can be a vector for yet more spam, not all of
which Gmail will detect. Gmail users have long needed a way to control this
feature, and to specify precisely which dotted forms should be considered as
their valid Gmail addresses.

------------------------------

Date: Mon, 09 Apr 2018 10:45:47 -0700
From: Gene Wirchenko <ge...@telus.net>
Subject: "A bad day with mobile 2FA" (Evan Schuman)

http://www.computerworld.com/article/3268134/mobile-wireless/a-bad-day-with-mobile-2fa.html

Evan Schuman, Computerworld, 9 Apr 2018
Texting confirmation numbers is a very weak link;
texting them to my landline is just dumb.
The Zen of Mobile

selected text:

One of my favorites -- a small and little-known site -- asked for my login
and password. I complied, and it then escalated to 2FA. It didn't give me
any options about the second factor (which is mobile 2FA problem number one)
and insisted on texting me a confirmation number.

I waited but nothing arrived. So I asked it to do it again and again.
Nothing. That's when I realized that the site was likely trying to text my
landline. And that is mobile 2FA problem number two: If you're asking for my
phone number so that you can text me sometime down the road, tell me that,
and I'll give you my cellphone number. Otherwise, you'll get the number I
most often answer, my landline, and it will do you no good when it's really
needed.

And this is where problem number one bumps up against problem number two: If
texting doesn't work, users need another option, at the very least a support
number to call.

But wait, there's more. I next tried to post to Google Plus. Thoughts of my
recent 2FA problem flitted through my head, but I thought to myself, fear
not, Google uses an excellent 2FA that doesn't rely on texting confirmation
numbers. It knows that process is far too susceptible to man-in-the-middle
attacks. No, for Google, I have a trusty USB fob. And when I tried logging
in, it insisted on the fob. But it was just not my 2FA day; when the fob was
inserted, nothing happened.

And that's when I learned that I was giving Google too much credit for being
security-conscious. When Google couldn't see the fob, it just defaulted to a
texted confirmation number. (It turned out that a laptop reboot made the
invisible USB device visible again.)

Companies need to have a human-managed backup to security so that legitimate
users aren't locked out with no way back in. If you can't justify a call
center, then at least have an email address pop up -- and make sure that
inbox is watched aggressively.

2FA is a great idea, but companies need to think through these issues
better. For starters, if you want a mobile phone number, just say so.

------------------------------

Date: Tue, 10 Jan 2017 11:11:11 -0800
From: risks-requ...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-30.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
  <http://the.wiretapped.net/security/info/textfiles/risks-digest/>
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 30.65
************************

Reply via email to