Pages: [1]   Go Down
Author Topic: Risks Vol 27 Issue 3  (Read 914 times)
0 Members and 1 Guest are viewing this topic.
Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3940
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Several interesting items from the current issue:

The Risks Digest
Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 27: Issue 3
Saturday 29 September 2012


Fake sign causes real outage
John Carr <jfc@mit.edu>
Tue, 18 Sep 2012 08:46:55 -0400

"High voltage" signs next to Verizon cable conduits were a bluff to
keep homeless people away.  They did not work.  Instead they kept
firefighters from extinguishing a mattress fire.  Regional phone and
Internet service went out as the cables melted.

<http://www.eagletribune.com/latestnews/x550073983/Something-that-valuable-has-to-be-secured>


New Jersey bans smiling
Mark Thorson <eee@sonic.net>
Mon, 24 Sep 2012 08:55:28 -0700

Since January, New Jersey banned smiling for driver's license
photographs because it can't be handled by new facial recognition
software.

http://articles.philly.com/2012-09-21/news/33978387_1_smile-motor-vehicle-commission-facial-expressions

What good is facial recognition software that can be defeated
by a smile?  If I see someone with a forced smile at an airport,
does that meant they're likely to be a terrorist?


20% of new PCs in China come with malware pre-installed
Jim Reisert AD1C <jjreisert@alum.mit.edu>
Mon, 24 Sep 2012 14:41:32 -0600

Wolfgang Gruener, 24 Sep 2012 (source: Microsoft)

"In China, there is not much you have to do to contract a virus on your
PC. Plus, you have a one in five chance that you will get that first virus
on your brand new PC right out of the box."
[Excerpted, follow link for entire text ... jc]
Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

CO, USA
Offline Offline
God Member
*****
Karma: 5
Posts: 711
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Holy cats! I used to read that all the time. Can't think, now, why I would've stopped. And then I forgot all about it.

Thanks for bringing that back to mind.
Logged

... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

Grand Blanc, MI, USA
Offline Offline
Faraday Member
**
Karma: 92
Posts: 3940
CODE is a mass noun and should not be used in the plural or with an indefinite article.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

My pleasure. It's been around for quite a while, hasn't it. Always some good stuff, makes a person think.
« Last Edit: October 03, 2012, 09:38:00 pm by Jack Christensen » Logged

MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

CO, USA
Offline Offline
God Member
*****
Karma: 5
Posts: 711
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Yeah, lots of food for thought. That and Schneier's Crypt-O-Gram. I was just scanning the archives. Here's a gem:

Hi-tech toilet swallows woman

And I'm reminded of what I read earlier today about the Android remote-wipe being not limited to Samsung phones.

Quote
The problem appears to be the Android dialer itself. Websites are able to link characters with a special prefix in order to pass digits to the dialer in a phone — the same functionality that allows you to initiate a phone call from a site, for example. However, the dialers in phones also support specialized strings of characters that can do anything from displaying a phone's IMEI code to wiping the device itself. In devices vulnerable to the attack, the dialer treats these special codes the same as any other phone number, allowing a website to initiate a reset without the user authorizing it to do so.

http://tinyurl.com/not-just-samsung

Again, the common theme, of convenience taking precedence over security. And, apparently, the web browser can dial the phone without any user interaction at all? Nah ... that couldn't be risky, could it?
Logged

... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

Pages: [1]   Go Up
Jump to: