RISKS Forum mailing list archives
Risks Digest 34.25
From: RISKS List Owner <risko () csl sri com>
Date: Sun, 19 May 2024 21:42:12 PDT
RISKS-LIST: Risks-Forum Digest Sunday 19 May 2024 Volume 34 : Issue 25 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.25> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Ex-CDC Director Says It's High Time To Admit Significant Side Effects* of COVID-19 Vaccines (zerohedge) Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (Peter Bernard Ladkin) A woman was dragged by a self-driving Cruise taxi in San Francisco. (LA Times) U.S. Fears Undersea Cables Are Vulnerable to Espionage From Chinese Repair Ships (WSJ) Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach (ArsTechnica) Lethal AI weapons are here: how can we control them? (Nature) Artificial Intelligence Trained To Deceive Humans, Lie (StudyFinds) American IT Scammer Helped North Korea Fund Nuclear Weapons Program, U.S. Says (WSJ) Half of calls to gambling helpline were for help placing mobile bets (The Boston Globe) An identity thief stole $5,000 from me. I spent two years tracking down how. (The Boston Globe) Schumer's AI Roadmap now online (PGN) UnitedHealth Top Executive Slammed Over Cyberattack (NYTimes) Cape Cod Hospital to pay $24.4 million for Medicare billing issues (The Boston Globe) At-Home IV-Drip Therapy Is the Latest Luxury Building issues Amenity (The New York Times) Is the news media picking on Tesla? (LATimes/YouTube) Smarter Vehicles Could Mean Changes to Traffic Lights (Jeff McMurray) Is Your Car Spying on You? Dale Harrington (AP) Tech Giants Treat Southeast Asia Like Next Big Thing (Bloomberg) Will Chatbots Eat India's IT Industry? (The Economist) Newspaper conglomerate Gannett is adding AI-generated summaries to the top of its articles (The Verge) The Night That Sotheby's Was Crypto-Punked (NYImes) MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says (Ars Technica) What Meltdown? Crypto Comes Roaring Back in the Philippines. (NYTimes) OpenAI disbands team devoted to artificial intelligence risks (AFP)(NYTimes) ChatGPT Gets Real (NYMag) The man who turned his dead father into a chatbot (BBC) Dell Hell Redux -- More Personal Info Stolen by Menelik (Security Boulevard) Link Rot and Digital Decay on Government, News and Other Webpages (Pew Research Center) The Rise of Large-Language-Model Optimization backups (ArsTechnica) Unprecedented Google Cloud event wipes out customer account and its optimi (ArsTechnica) A horrifying software bug (trofi) New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrad Attacks (The Hacker News) Deleted photos of former owners reappearing on sold iPads -- and probably iPhones (PhoneArena) As AI becomes more human-like, experts warn users must think more critically about its responses (CBC) AI turned a Ukrainian into Russian propaganda (BBC) Two unlikely U.S. states are leading the charge on regulating AI (Politico) Google tests AI to detect scam phone calls. Privacy advocates are terrified (NBC News) Flood of Fake Science Forces Multiple Journal Closures (WSJ) Newspaper groups warn Apple over ad-blocking plans (Financial Times) Slack users horrified to discover messages used for AI training (ArsTechnica) Tractors that don't know where they are (John Levinw) She was accused of faking an incriminating video of teenage cheerleaders. The problem? Nothing was fake after all (The Guadian) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 19 May 2024 10:20:18 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Ex-CDC Director Says It's High Time To Admit *Significant Side Effects* Of COVID-19 Vaccines (zerohedge) Dr. Robert Redfield, former director of the Centers for Disease Control and Prevention (CDC), said Thursday that many officials who tried to warn the public about potential problems with COVID-19 vaccines were pressured into silence and that it's high time to admit that there were significant side effects that made people sick. Dr. Redfield made the remarks in a May 16 interview with Chris Cuomo on NewsNation, during which he lamented the loss of public confidence in public health agencies because of a lack of transparency around the vaccines, which he said saved a lot of lives, but also made some people quite ill. ``Those of us that tried to suggest there may be significant side effects from vaccines ... we kind of got canceled because no one wanted to talk about the potential that there was a problem from the vaccines, because they were afraid that that would cause people not to want to get vaccinated,'' Dr. Redfield said. In his role as head of the CDC, Dr. Redfield was part of the Trump administration's Operation Warp Speed, a project to surge COVID-19 vaccine development at a time during the pandemic when little was known about the virus and rapid vaccine rollout was widely seen as key to getting the outbreak under control and lockdowns lifted. [...] https://www.zerohedge.com/covid-19/ex-cdc-director-says-its-high-time-admit-significant-side-effects-covid-19-vaccines ------------------------------ Date: Sun, 12 May 2024 12:45:04 +0200 From: "Prof. Dr. Peter Bernard Ladkin" <ladkin () causalis com> Subject: Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (Gwinn, RISKS-34.24) Joseph Gwinn writes "note that COVID vaccines have measured serious problem rates of order [of] a part per million" Unfortunately, this seems to be out by an order of magnitude. (However, this should not logically detract from the message which Gwinn wished to convey.) The initial adverse reactions to viral vector vaccines (AstraZeneca) were of the order of 2-3 per 100,000 for what is now called CSTV, and to mRNA vaccines for myocarditis and pericarditis of a few more per 100,000, also correlated to some extent with gender and age when first noted. The most K. Faksova, D. Walsh, Y.Jiang, COVID-19 vaccines and adverse events of special interest: A multinational Global Vaccine Data Network (GVDN) cohort study of 99 million vaccinated individuals, Vaccine 92(9):2200-2211, April 2024, available open-access at https://www.sciencedirect.com/science/article/pii/S0264410X24001270 There are two main points to note about vaccines and adverse events. First, such statistical studies look at correlated events, not causation. The no rmal way to report events is what is called the OE ratio: observed to expected events. For example, a certain proportion of people are going to get myocarditis or pericarditis over a particular time period; it is when the number of observed events goes over this proportion just after people have received a Covid-19 mRNA vaccine that one speaks of correlated "adverse events" (or, less rigorously, "adverse reactions"). The study looks at three classes of OE ratio: 1 or less (colored green in their tables); 1 to 1.5 (yellow); over 1.5 (red). It should be pretty obvious why these colours were chosen. Second, clinical trials through Phase 3, which are necessary in most countries for vaccine approval, recruited tens of thousands of participants. They were thus likely to miss adverse events which occur at a frequency of a couple per 100,000, or more rarely. Which seems to be what happened with Gillain-Barre' syndrome and CSTV for viral vector vaccines and myocarditis and pericarditis with the mRNA vaccines. (There are also adverse events besides these which turn up yellow and red in the study.) ------------------------------ Date: Fri, 17 May 2024 06:52:05 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: A woman was dragged by a self-driving Cruise taxi in San Francisco. (LA Times) The company is paying her millions (LA Times) [This case from October 2023 was mentioned in passing in RISKS-34.20. PGN] Autonomous taxi company Cruise agrees to pay millions to a woman who was dragged by one of its self-driving cars in San Francisco last year. https://www.latimes.com/california/story/2024-05-16/woman-gets-millions-after-getting-dragged-by-self-driving-taxi-in-san-francisco ------------------------------ Date: Sun, 19 May 2024 07:29:20 -0700 From: geoff goodfellow <geoff () iconia com> Subject: U.S. Fears Undersea Cables Are Vulnerable to Espionag From Chinese Repair Ships (WSJ) Google, Meta Platforms and others partially own many cables, but they rely on maintenance specialists, including some with foreign ownership U.S. officials are privately delivering an unusual warning to telecommunications companies: Undersea cables that ferry Internet traffic across the Pacific Ocean could be vulnerable to tampering by Chinese repair ships. State Department officials said a state-controlled Chinese company that helps repair international cables, S.B. Submarine Systems, appeared to be hiding its vessels' locations from radio and satellite tracking services, which the officials and others said defied easy explanation. The warnings highlight an overlooked security risk to undersea fiber-optic cables, according to these officials: Silicon Valley giants, such as Google and Meta Platforms, partially own many cables and are investing in more. But they rely on specialized construction and repair companies, including some with foreign ownership that U.S. officials fear could endanger the security of commercial and military data. The Biden administration's focus on the repair ships is part of a wide-ranging effort to address China's maritime activities in the western Pacific. Beijing has taken steps in recent decades to counter U.S. military power in the region, often by seeking ways to stymie the Pentagon's communications and other technological advantages in case of a clash over Taiwan or another flashpoint, officials say. [...] https://www.wsj.com/politics/national-security/china-internet-cables-repair= -ships-93fd6320?st=qsuy4n4dpm3nlev ------------------------------ Date: Wed, 15 May 2024 12:10:15 -0700 From: Victor Miller <victorsmiller () gmail com> Subject: Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach (ArsTechnica) https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/ ------------------------------ Date: Fri, 17 May 2024 13:46:48 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Lethal AI weapons are here: how can we control them? (Nature) Autonomous weapons guided by artificial intelligence are already in use. Researchers, legal experts and ethicists are struggling with what should be allowed on the battlefield. In the conflict between Russia and Ukraine <https://www.nature.com/articles/d41586-023-02031-8>, video footage has shown drones penetrating deep into Russian territory, more than 1,000 kilometres from the border, and destroying oil and gas infrastructure. It's likely, experts say, that AI is helping to direct the drones to their targets. For such weapons, no person needs to hold the trigger or make the final decision to detonate. <https://www.nature.com/immersive/d41586-023-03017-2/index.html> The development of lethal autonomous weapons (LAWs), including AI-equipped drones, is on the rise. The US Department of Defense, for example, has earmarked US$1 billion so far for its Replicator programme, which aims to build a fleet of small, weaponized autonomous vehicles. Experimental submarines, tanks and ships have been made that use AI to pilot themselves and shoot. Commercially available drones can use AI image recognition to zero in on targets and blow them up. LAWs do not need AI to operate, but the technology adds speed, specificity and the ability to evade defences. Some observers fear a future in which swarms of cheap AI drones could be dispatched by any faction to take out a specific person, using facial recognition. Warfare is a relatively simple application for AI. <https://www.nature.com/articles/d41586-024-01087-4> ``The technical capability for a system to find a human being and kill them is much easier than to develop a self-driving car. It's a graduate-student project'', says Stuart Russell, a computer scientist at the University of California, Berkeley, and a prominent campaigner against AI weapons. He helped to produce a viral 2017 video called *Slaughterbots* that highlighted the possible risks. The emergence of AI on the battlefield has spurred debate among researchers, legal experts and ethicists. Some argue that AI-assisted weapons could be more accurate than human-guided ones, potentially reducing both collateral damage -- such as civilian casualties and damage to residential areas -- and the numbers of soldiers killed and maimed, while helping vulnerable nations and groups to defend themselves. Others emphasize that autonomous weapons could make catastrophic mistakes. And many observers have overarching ethical concerns about passing targeting decisions to an algorithm. [...] https://www.nature.com/articles/d41586-024-01029-0 ------------------------------ Date: Tue, 14 May 2024 06:50:25 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Artificial Intelligence Trained To Deceive Humans, Lie (StudyFinds) AI's increasing capabilities at deception pose serious risks, ranging from short-term, such as fraud and election tampering, to long-term, such as losing control of AI systems. Artificial intelligence systems are fast becoming increasingly sophisticated, with engineers and developers working to make them as human as possible. Unfortunately, that can also mean *lying* just like a person. AI platforms are reportedly learning to deceive us in ways that can have far-reaching consequences. A new study by researchers from the Center for AI Safety in San Francisco delves into the world of AI deception, exposing the risks and offering potential solutions to this growing problem. <https://studyfinds.org/digital-deception-9-in-10-americans-have-been-victimized-by-an-online-scam/> At its core, deception is the luring of false beliefs from others to achieve a goal other than telling the truth. When humans engage in deception, we can usually explain it in terms of their beliefs and desires -- they want the listener to believe something false because it benefits them in some way. But can we say the same about AI systems? The study, published in the open-access journal *Patterns* <https://www.cell.com/patterns/fulltext/S2666-3899(24)00103-X#%20>, argues that the philosophical debate about whether AIs truly have beliefs and desires is less important than the observable fact that they are increasingly exhibiting deceptive behaviors that would be concerning if displayed by a human. <https://studyfinds.org/robots-lie-apology-humans/> ------------------------------ Date: Sun, 19 May 2024 00:19:23 -0400 From: Monty Solomon <monty () roscom com> Subject: American IT Scammer Helped North Korea Fund Nuclear Weapons Program, U.S. Says (WSJ) Justice Department alleges Arizona woman and others helped foreign workers with North Korean connections get freelance gigs at U.S. companies https://www.wsj.com/politics/national-security/american-it-scammer-helped-north-korea-fund-nuclear-weapons-program-u-s-says-65430aa7 ------------------------------ Date: Thu, 16 May 2024 21:12:06 -0400 From: Monty Solomon <monty () roscom com> Subject: Half of calls to gambling helpline were for help placing mobile bets (The Boston Globe) Of the 2,069 calls since sports betting was legalized, 1,043 were callers “looking for technical support for their sports wagering mobile applications and platforms.” https://www.boston.com/news/local-news/2024/05/16/half-of-recent-calls-to-states-gambling-helpline-were-for-help-placing-mobile-sports-bets-new-report-shows/ ------------------------------ Date: Sun, 19 May 2024 12:48:55 -0400 From: Monty Solomon <monty () roscom com> Subject: An identity thief stole $5,000 from me. I spent two years tracking down how. (The Boston Globe) When a stranger got $5,000 of my money from a bank teller, it sent me on a two-year odyssey to figure out who was impersonating me and how. https://www.bostonglobe.com/2024/05/15/magazine/on-the-trail-of-my-identity-thief/ ------------------------------ Date: Wed, 15 May 2024 12:28:49 +0000 From: Peter Neumann <neumann () csl sri com> Subject: Schumer's AI Roadmap now online A one-page summary of the new Senate AI Roadmap Report is online: <https://www.young.senate.gov/wp-content/uploads/One_Pager_Roadmap.pdf>. The pdf is online: http://www.young.senate.gov/wp-content/uploads/Roadmap_Electronic1.32pm.pdf [The first reactions: punt the ball down the field where possible. PGN] ------------------------------ Date: Wed, 8 May 2024 12:44:30 PDT From: Peter Neumann <neumann () csl sri com> Subject: UnitedHealth Top Executive Slammed Over Cyberattack (NYTimes) Reed Abelson and Noah Weiland, *The New York Times" National Edition Business Section front page, 2 May 2024 Senators from both parties questioned whether the 21 Feb 2024 ransomware cyberattack of Change Healthcare (which manages a third of all U.S. patient records and 15 billion transactions a year, with its parent Unitedhealth having reported $372B in revenues in 1923) i deeply embedded in almost every aspect of U.S. healthcare. [PGN-ed] They had to shut down for several weeks, despite having paid the $22M ransom. [No backup-and-recovery procedures? We might expect that a company with that much revenue would invest in something significantly better than the alleged so-called industry *best practices*, which are obviously rather mediocre, and nowhere near good enough. PGN] ------------------------------ Date: Fri, 17 May 2024 09:16:41 -0400 From: Monty Solomon <monty () roscom com> Subject: Cape Cod Hospital to pay $24.4 million for Medicare billing issues (The Boston Globe) ... following DOJ investigation into Medicare billing practices https://www.bostonglobe.com/2024/05/16/business/cape-cod-hospital-investigation-settlement/ ------------------------------ Date: Sun, 19 May 2024 17:28:34 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: At-Home IV-Drip Therapy Is the Latest Luxury Building Amenity (The New York Times) High-end condos and rentals now offer the medically dubious therapy as a regular wellness practice, not just a vacation splurge. IV drip therapy was first popularized about a decade ago as a novelty reserved for vacations and bachelorette parties, but it has since become embedded in the wellness sphere. The 30-to-45-minute treatments cost anywhere from $100 to $1,000, depending on the concoction and provider, and have been embraced by the Hollywood elite — Gwyneth Paltrow, Chrissy Teigen and Harry Styles have all partaken. Today, IV drip therapy is a staple at medical spas, resort hotels and strip malls. Some companies even make house calls. And over the last several months, a handful of high-end residential buildings in Los Angeles, Miami and Manhattan began offering the treatments in house, allowing tenants to make them a core feature of their personal wellness routine. At the Park, which started offering the service at the end of 2023, tenants can schedule an IV drip in their apartment or in a treatment room where they can also book massages, Botox or fillers. “If you are a healthy person, you really can’t do it too often, unless you’re doing it three or four times a day,” said Danielle Remington, director of events and partnerships at Drip Hydration, the service provider for the Park. Drip Hydration and other providers market their formulas as elixirs that can improve sleep and mental clarity, brighten your skin and boost your athletic performance. However, there is scant scientific research to bolster these claims. Critics argue that at best, IV drips are a wildly overpriced alternative to drinking a glass of water, and at worst, they could harm people with underlying health conditions like kidney disease or hypertension. In 2018, Kendall Jenner was hospitalized after a bad reaction to an IV drip. And last year, a woman died after receiving IV drip therapy at Luxe Med Spa in Wortham, Texas; its medical director’s license was later temporarily restricted by the state’s medical board. https://www.nytimes.com/2024/05/14/realestate/iv-drip-therapy-luxury-building.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb [What's next? Do-it-yourself surgery with AI assistance? PGN] ------------------------------ Date: Sat, 18 May 2024 06:41:41 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Is the news media picking on Tesla? (LATimes/YouTube) Take this story, for example: A Tesla going more than 100 mph. A suspended license. Three young lives cut short. Inside the Pasadena crash. The 22-year-old driver ran through a red light while driving over 100 mph before the fatal car crash in east Pasadena last weekend. If you read it you see that this accident was due to irresponsible driving habits and there is nowhere any suggestion that features of the car unique to Tesla were involved. Mentioning the make of the car in the headline and the story would never normally happen, except we are conditioned to seeing bad news about Teslas. It seems more than a little unfair to me. https://www.latimes.com/california/story/2024-05-14/what-we-know-about-the-deadly-tesla-crash-in-east-pasadena [That URL no longer works, but https://www.youtube.com/watch?v=I5aScTiR3Dg says alcohol involved in 35-mph zone, 3 died, 3 injured, driver lost control, crashed into a building. Only one or two wearing seatbelts. PGN] [It seems to me no car with the ability for automated controls would allow the driver to turn off the automation completely on a road with red lights or drive at 200% over the speed limit. PGN] ------------------------------ Date: Mon, 13 May 2024 11:08:39 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Smarter Vehicles Could Mean Changes to Traffic Lights (Jeff McMurray) Jeff McMurray, *Associated Press*, 11 May 2024, via ACM Technews The advent of connected and automated vehicles could bring major changes to traditional traffic signals. North Carolina State University's Ali Hajbabaie, for example, suggests adding a fourth light to indicate when there are enough autonomous vehicles on the road to take charge and lead the way. A pilot program by University of Michigan researchers in the Detroit suburb of Birmingham found that adjusting the timing of traffic lights by just a few seconds reduced congestion. [That last sentence seems to run counter to queueing theory in an imperfect world, but could work in the presumed perfect world of only autonomous vehicles on the road, with no mechanical or computer-glitch breakdowns. Who is worrying about hybrid avenues with conventional cars intermingled with self-driving cars? Weaving conventional or doctored autonomous motorcycles slipping in between everything else at much faster speeds? Hybrid automated toll-roads in the realistically non-perfect worlds? What could possibly go wrong? PGN] ------------------------------ Date: Sun, 12 May 2024 02:41:32 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Is Your Car Spying on You? Dale Harrington (AP) CUG Wednesday Workshop - YouTube Is Your Car Spying on You? Why Your Car Collects and Shares Data. Dale Harrington, MICRO-PC Program Chair A car (and its app, if you installed one on your phone) can collect all sorts of data in the background without you realizing it. This, in turn, may be shared for various purposes, including advertising and risk assessment for insurance companies. The data collection list is long and depends on the car's make, model, and trim. But if you look through any car maker's privacy policy, you'll see some trends. Dale will talk about what types of data may be shared with, among others, dealers, repair companies, emergency services, advertising, and insurance companies. https://www.youtube.com/watch?v=Ve5szJXc9sw APCUG, an international cross-platform (Windows, OSX, Linux, iOS, Android, and Chrome) association, is a valuable resource for technology and computer user groups, helping them stay connected, informed, and effective in their mission to support and educate their members. ------------------------------ Date: Mon, 13 May 2024 11:08:39 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Tech Giants Treat Southeast Asia Like Next Big Thing (Bloomberg) Olivia Poh and Suvashree Ghosh, *Bloomberg*, 10 May 1024, via ACM TechNews Southeast Asia is drawing more tech investment than ever. As China turns more hostile to U.S. firms and India remains tougher to navigate politically, tech companies are focusing on business-friendly regimes in Southeast Asia. As the advent of AI is spurring tech leaders to pursue new sources of growth, the world's biggest companies are set to spend up to US$60 billion on datacenters over the next few years to meet the demands of Southeast Asia's young population. ------------------------------ Date: Mon, 13 May 2024 11:08:39 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Will Chatbots Eat India's IT Industry? (The Economist) The Economist, 9 May 2024, via ACM TechNews A paper last year by Alexander Copestake of the IMF and colleagues identified "near-exponential growth" in demand for AI-related skills in India's service sector since 2016, yet there are concerns that generative AI technology could erode India's tech industry. Seven of India's IT companies collectively laid off 75,000 employees last year, equivalent to about 4% of their combined workforce. The companies say that reflects the broader slowdown in the tech sector. ------------------------------ Date: Sat, 18 May 2024 00:41:41 -0400 From: Monty Solomon <monty () roscom com> Subject: Newspaper conglomerate Gannett is adding AI-generated summaries to the top of its articles (The Verge) https://www.theverge.com/2024/5/16/24158531/gannett-ai-generated-overviews-usa-today-memo [All the news that fits we print? PGN] ------------------------------ Date: Sun, 19 May 2024 14:24:25 -0400 From: Monty Solomon <monty () roscom com> Subject: The Night That Sotheby's Was Crypto-Punked (NYImes) The auction that was supposed to be an art world coming-out party for NFTs instead exposed the instability at the heart of the crypto world. https://www.nytimes.com/2024/05/18/business/sothebys-crypto-nfts-auction.html ------------------------------ Date: Thu, 16 May 2024 15:20:56 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says (Ars Technica) Brothers charged in novel crypto[currency] scheme potentially face decades in prison. Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the U.S. Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it ``calls the very integrity of the blockchain into question. The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of ethereum users across the globe,'' Williams said. Once they put their plan into action, their heist took only 12 seconds to complete. https://arstechnica.com/tech-policy/2024/05/sophisticated-25m-ethereum-heist-took-about-12-seconds-doj-says/ The risk? Specialized skills. [Also spotted by Matthew Kruk: U.S. brothers arrested for stealing $25m in crypto in just 12 seconds: Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, are accused of wire fraud and money laundering. https://www.bbc.com/news/world-us-canada-69018575 To Slightly paraphrase what Bob Morris once said to John Markoff in 1988, "sounds like the work of bored graduate students. PGN] I guess MIT is not teaching ethics any more. Perhaps this was indeed a class project? PGN] ------------------------------ Date: Sun, 19 May 2024 16:10:33 -0400 From: Monty Solomon <monty () roscom com> Subject: What Meltdown? Crypto Comes Roaring Back in the Philippines. (NYTimes) NYTimes, 18 Mar 2024 Two years after the cryptocurrency market crashed, Internet cafes for playing crypto-earning video games are opening and farmers have started harvesting virtual crops from the games for income. https://www.nytimes.com/2024/03/18/technology/crypto-video-games-philippines.html ------------------------------ Date: Sat, 18 May 2024 18:37:02 -0700 From: geoff goodfellow <geoff () iconia com> Subject: OpenAI disbands team devoted to artificial intelligence risks (AFP) OpenAI on Friday confirmed that it has disbanded a team devoted to mitigating the long-term dangers of super-smart artificial intelligence. OpenAI weeks ago began dissolving the so-called "superalignment" group, integrating members into other projects and research, according to the San Francisco-based firm. Company co-founder Ilya Sutskever and team co-leader Jan Leike announced their departures from the ChatGPT-maker this week. The dismantling of an OpenAI team focused on keeping sophisticated artificial intelligence under control comes as such technology faces increased scrutiny from regulators and fears mount regarding its dangers. [...] https://www.yahoo.com/tech/openai-team-devoted-future-risks-221336168.html ------------------------------ Date: Sat, 18 May 2024 11:01:18 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: ChatGPT Gets Real (NYMag) The bot is now capable of a normal (human) conversation. Is that fun or terrifying? Maybe you think you know ChatGPT; after all, over half of Americans have tried it or one of its competitors. But this week, a new version debuted that changes ChatGPT from a chatbot into more of a chat/human, by incorporating ingredients like emotion, musicality, lilt, sarcasm, laughter, and attention. https://nymag.com/intelligencer/article/chatgpt-gets-real.html [I'm waiting for puns, although really good intelligent topical ones seem unlikely. PGN] ------------------------------ Date: Thu, 16 May 2024 07:32:50 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: The man who turned his dead father into a chatbot (BBC) https://www.bbc.com/news/business-68944898 Back in 2016, James Vlahos received some terrible news - his father was diagnosed with terminal cancer. "I loved my dad, I was losing my dad," says James, who is based in Oakland, California. He was determined to make the most of the remaining time he had with his father. "I did an oral history project with him, where I just spent hours, and hours, and hours just audio recording his life story." This coincided with a time when James was starting to explore a career in AI, so his project soon evolved. "I thought, gosh, what if I could make something interactive out of this?" he says. "For a way to more richly keep his memories, and some sense of his personality, which was so wonderful, to keep that around." ------------------------------ Date: Wed, 15 May 2024 15:13:30 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Dell Hell Redux -- More Personal Info Stolen by Meneli (Security Boulevard) Hacker took advantage of Dell’s lack of anti-scraping defense. A hacker with the pseudonym Menelik has admitted to stealing the data of 49 million Dell customers—we told you about that hack last week. But now he says he’s also grabbed a bunch more. https://securityboulevard.com/2024/05/dell-hell-redux-menelik-richixbw ------------------------------ Date: Sun, 19 May 2024 07:39:20 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Link Rot and Digital Decay on Government, News and Other Webpages (Pew Research Center) When Online Content Disappears A quarter of all webpages that existed at one point between 2013 and 2023 are no longer accessible. https://www.pewresearch.org/data-labs/2024/05/17/when-online-content-disappears/ [Cf More than 2 Million Research Papers Have Disappeared from the Internet (R 34 09)] ------------------------------ Date: Wed, 15 May 2024 12:49:55 -0400 From: Tom Van Vleck <thvv () multicians org> Subject: The Rise of Large-Language-Model Optimization (Schneier on Security) This is very good. https://www.schneier.com/blog/archives/2024/04/the-rise-of-large.html ------------------------------ Date: Sat, 18 May 2024 06:36:47 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Unprecedented Google Cloud event wipes out customer account and its backups (ArsTechnica) Bringing new meaning to "Killed By Google" -- UniSuper, a $135 billion pension account, details its cloud compute nightmare. Buried under the news from Google I/O this week is one of Google Cloud's biggest blunders ever: Google's Amazon Web Services competitor accidentally deleted a giant customer account for no reason. UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service. UniSuper thankfully had some backups with a different provider and was able to recover its data, but according to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15. [...] https://arstechnica.com/gadgets/2024/05/google-cloud-accidentally-nukes-customer-account-causes-two-weeks-of-downtime [Also noted by Victor Miller, Google Accidentally Deleted $125 Billion Pension Fund's Account https://gizmodo.com/google-cloud-pension-fund-unisuper-1851476649 !< What's 10 Billion here or there between the two items? PGN] ------------------------------ Date: Mon, 13 May 2024 10:57:37 -0700 From: Victor Miller <victorsmiller () gmail com> Subject: A horrifying software bug (trofi) I don't expect you to read this in detail, but you can skip to the end to find the final (?) diagnosis. I find this pretty horrifying. I liken this to a heroic firefighter going into a burning building. I'm afraid that our software chain has gotten so baroque that it may be impossible to certify anything with high confidence. https://trofi.github.io/posts/312-the-sagemath-saga.html ------------------------------ Date: Thu, 16 May 2024 10:10:43 -0700 From: geoff goodfellow <geoff () iconia com> Subject: New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (The Hacker News) Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols. The method "involves downgrading victims to a less secure network by spoofing a trusted network name (SSID) so they can intercept their traffic or carry out further attacks," TopVPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef. <https://www.top10vpn.com/research/wifi-vulnerability-ssid/>~<, "A successful SSID Confusion attack also causes any VPN with the functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed." The issue underpinning the attack is the fact that the Wi-Fi standard does not require the network name (SSID or the service set identifier) to always be authenticated and that security measures are only required when a device opts to join a particular network. The net effect of this behavior is that an attacker could deceive a client into connecting to an untrusted Wi-Fi network than the one it intended to connect to by staging an adversary-in-the-middle (AitM) attack. [...] https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html [Victor Miller noted New Wifi vulnerability: https://www.top10vpn.com/research/wifi-vulnerability-ssid/ PGN] ------------------------------ Date: Sat, 18 May 2024 02:03:14 +0000 From: Victor Miller <victorsmiller () gmail com> Subject: Deleted photos of former owners reappearing on sold iPad -- and probably iPhones (PhoneArena) Deleted photos of former owners reappearing on sold iPads (and probably iPhones) - PhoneArena https://www.phonearena.com/news/Deleted-photos-of-former-owners-reappearing-on-sold-iPads-and-probably-iPhones_id158441 ------------------------------ Date: Wed, 15 May 2024 06:38:29 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: As AI becomes more human-like, experts warn users must think more critically about its responses (CBC https://www.cbc.ca/news/business/google-openai-search-1.7204014 Tech giant Google has announced upgrades to its artificial intelligence technologies, just a day after rival OpenAI announced similar changes to its offerings, with both companies trying to dominate the quickly emerging market where human beings can ask questions of computer systems -- and get answers in the style of a human response. [...] But researchers in the technology and artificial intelligence sector warn that as people get information from AI systems in more user-friendly ways, they also have to be careful to watch for inaccurate or misleading responses to their queries. ------------------------------ Date: Wed, 15 May 2024 13:52:28 +0100 From: Julia Segal <julia () flydiem com> Subject: AI turned a Ukrainian into Russian propaganda (BBC) https://www.bbc.co.uk/news/articles/c25rre8ww57o ------------------------------ Date: Thu, 16 May 2024 10:36:28 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Two unlikely U.S. states are leading the charge on regulating AI (Politico) Connecticut’s ambitious legislation regulating the emerging industry got derailed. Now, the tech industry is trying to kill Colorado’s bill. [...] In the absence of federal legislation, more than 40 states — including the AI epicenter of California — are considering some 400 bills related to artificial intelligence, as the emerging technology has potential to remake vast swaths of the economy. But the struggles in Connecticut and Colorado highlight the perils of trying to put guardrails around the rapidly evolving industry with powerful lobbying forces. [...] https://www.politico.com/news/2024/05/15/ai-tech-regulations-lobbying-00157676 ------------------------------ Date: Fri, 17 May 2024 06:59:14 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Google tests AI to detect scam phone calls. Privacy advocates are terrified. (NBCNews) Some privacy advocates say they’re terrified by Google’s announcement this week that it’s testing a way to scan people’s phone calls in real time for signs of financial scams. Google unveiled the idea Tuesday at Google I/O, its conference for software developers. Dave Burke, a Google vice president for engineering, said the company is trying out a feature that uses artificial intelligence to detect patterns associated with scams and then alert Android phone users when suspected scams are in progress. Burke described the idea as a security feature and provided an example. Onstage, he got a demonstration call from someone impersonating a bank who suggested that he move his savings to a new account to keep it safe. Burke’s phone flashed a notification: “Likely scam: Banks will never ask you to move your money to keep it safe,” with an option to end the call. “Gemini Nano alerts me the second it detects suspicious activity,” Burke said, using the name of a Google-developed AI model. He didn’t specify what signals the software uses to determine a conversation is suspicious. [...] https://www.nbcnews.com/tech/security/google-io-phone-ai-scan-privacy-signal-android-rcna152426 ------------------------------ Date: Wed, 15 May 2024 09:59:52 -0400 From: Monty Solomon <monty () roscom com> Subject: Flood of Fake Science Forces Multiple Journal Closures (WSJ) Wiley to shutter 19 more journals, some tainted by fraud Fake academic studies are turning the publishing industry on its head—forcing publishers to issue retractions and close journals. They are losing millions of dollars. https://www.wsj.com/science/academic-studies-research-paper-mills-journals-publishing-f5a3d4bc FOLLOWED BY The Business of Scientific Publishing https://www.science.org/content/blog-post/business-scientific-publishing ------------------------------ Date: Sun, 12 May 2024 11:29:59 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Newspaper groups warn Apple over ad-blocking plans UK press says proposed *web eraser* tool in next iOS update threatens journalism's financial sustainability. British newspaper groups have warned Apple that any move to impose a so-called *web eraser* tool to block advertisements would put the financial sustainability of journalism at risk. Apple is preparing to include an AI-based privacy feature in the Safari browser in the next iOS 18 software update that will remove ads or other unwanted website content, according to reports. In a letter sent on Friday to Apple's government affairs chief in the UK, the News Media Association, which represents 900 national, regional and local titles, raised concerns about how this would affect digital revenues in the industry. The letter, seen by the Financial Times, said professional journalism required funding ``and advertising is a key revenue stream for many publishers''. Members of the NMA include The Times, The Guardian and The Daily Telegraph. Online platforms such as web browsers and social networks are important routes for the public to access journalism, the NMA argues, but also for publishers to ``monetise their content in the digital marketplace.'' The prospect of an automatic block on online ads has caused considerable alarm among publishers, which are already facing a squeeze on revenues given separate moves by tech groups that have throttled news traffic and a broader slowdown in spending in many parts of the market. Apple declined to comment. https://on.ft.com/3QGg5eq ------------------------------ Date: Sat, 18 May 2024 11:25:21 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Slack users horrified to discover messages used for AI training (ArsTechnica) *Slack says policy changes are imminent amid backlash.* After launching <https://slack.com/blog/news/slack-ai-has-arrived> Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers' data -- including messages, content, and files -- to train Slack's global AI models. [..] <https://slack.com/intl/en-gb/trust/data-management/privacy-principles> https://arstechnica.com/tech-policy/2024/05/slack-defends-default-opt-in-for-ai-training-on-chats-amid-user-outrage/ [...] https://on.ft.com/3QGg5eq ------------------------------ Date: 12 May 2024 15:34:39 -0400 From: "John Levine" <johnl () iecc com> Subject: Tractors that don't know where they are
[The almost unprecedented Friday evening Solar Flares caused some very spectacular Northern Lights much farther south, as predicted. I wonder if fires or power outages were related. PGN]
Well, since you asked: tractors use GPS to get precise locations so they can plant with an accuracy of a few cm and come back later knowing exactly where the crops are. Except that if there's a huge solar storm the week you need to plant your corn, which screws up the GPS signal so the tractors' locations are several feet off, you have a big problem: https://www.404media.co/solar-storm-knocks-out-tractor-gps-systems-during-peak-planting-season/ [Also noted by geoff goodfellow and Jan Wolitzky: Solar Storm Fried GPS Systems Used by Some Farmers, Stalling Planting https://www.nytimes.com/2024/05/13/us/solar-storm-tractor-break-nebraska.html PGN] ------------------------------ Date: Thu, 16 May 2024 08:20:16 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: She was accused of faking an incriminating video of teenage cheerleaders. The problem? Nothing was fake after all (The Guardian) She was accused of faking an incriminating video of teenage cheerleaders. She was arrested, outcast and condemned. The problem? Nothing was fake after all. The moral panic following Raffaella Spone’s ‘deepfake’ video spread around the world. She talks for the first time about being the centre of a story in which nothing was as it seemed. https://www.theguardian.com/technology/article/2024/may/11/she-was-accused-of-faking-an-incriminating-video-of-teenage-cheerleaders-she-was-arrested-outcast-and-condemned-the-problem-nothing-was-fake-after-all ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.25 ************************
Current thread:
- Risks Digest 34.25 RISKS List Owner (May 19)