RISKS Forum mailing list archives

(no subject)

From: RISKS List Owner <risko () csl sri com>
Date: Tue, 29 Jul 2025 15:43:51 PDT
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.74

RISKS-LIST: Risks-Forum Digest  Tuesday 29 July 2025  Volume 34 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/34.74>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Tom Lehrer was living proof that when satire becomes reality
 (Lauren Weinstein)
A very personal view of Tom Lehrer (PGN)
Trump wants to mess with Texas' Congressional Maps (
China-backed hackers used Microsoft flaw in attacks, defenders say
Researchers Bypass Anti-Deepfake Markers on AI Images
Tesla Testing if Its Robotaxis Can Be Hacked Remotely
Paramount-Skydance merger approved after payment to Trump clears
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 27 Jul 2025 10:29:13 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Tom Lehrer was living proof that when satire becomes reality,
 reality becomes satire. 

Mathematician and Musical Satirist Tom Lehrer dies at 97.  Peace. I've been
dreading this day for years. It's impossible for me to fully explain how
much his songs impacted my life growing up and right through to this day. I
have much more to say about him but I won't right now, except to note the
following references:

New York Times obit:
https://www.nytimes.com/2025/07/27/arts/music/tom-lehrer-dead.html?unlocked_article_code=1.Zk8.TYYp.gl4ekMMTpL1R&smid=url-share

Tom's website where he placed his body of work (songs, etc.) in the
public domain:
https://tomlehrersongs.com/

Live performances:
Copenhagen:
https://www.youtube.com/watch?v=QHPmRJIoc2k

Oslo:
https://www.youtube.com/watch?v=a1IiVF6Ehw8

ADDED LATER:

How Tom Lehrer Escaped the Transience of Satire
https://www.newyorker.com/culture/postscript/how-tom-lehrer-escaped-the-transience-of-satire

------------------------------

Date: Tue 28 Jul 2025 14:55:43 PDT
From: "Peter G. Neumann" <Neumann () CSL SRI COM>
Subject: A very personal view of Tom Lehrer

    Tom was a quasi-mentor for me beginning long before I first met him.  I
    adopted playing and singing the early songs, with numerous live
    performances once I arrived at Harvard in September 1950, including his
    *Freshman Smoker* gig that fall.  I was unable to get into his Harvard
    calculus course as a math major in the fall of 1950, but I had many
    first-hand exposures and occasional chats -- including one evening when
    we sat together for two hours at someone else's performance.  The book
    (Too Many Songs by Tom Lehrer) came out in 1981 after the three records,
    but I played everything I could remember by ear once I had heard it.
    The Boston subway song (HCKC-PW, expectorantly pronounced, to the tune
    of *Mother* -- see my website), Fight Fiercely Harvard, etc.  I
    augmented some of his songs with foreign-language insertions for German-
    speaking audiences (e.g., some fractured German attributable to Gustav
    (on Alma, Das ist die Fraulein I mustav) and Alma (on Gropius's Bauhaus,
    Was am I running, ein Chowhaus?), in the wonderful biographical Alma
    Mahler Gropius Werfel song (incidentally, Tom's mother's name was
    Alma!), and some pigeon-Russian for Lobachevsky.

    After seven years as a grad-student teaching fellow in the Harvard Math
    Dept, Tom was drafted into the Army during the Korean War.  (Whit Diffie
    noted out of band that a mutual friend of theirs at the National
    Security Agency was able to keep him out of active battle.)  I was at
    Harvard for eight years, spanning much of Tom's initial graduate
    years as a lecturer.  When he came back, the Math Dept refused to
    re-admit him as a PhD thesis candidate, presumably because no grad
    student had ever failed to get a PhD in seven years.  Fred Mosteller
    took Tom on in the Statistics Department, which led to five more years
    of trying to finish his PhD -- until Tom apparently decided it was not
    worth it.

    Why is this a special item for RISKS?  Tom was way ahead of everyone
    else -- on dope peddling, pollution, technology, war, religion, evil,
    and much more: Implicitly high-lighting the truth (which has always been
    sacred to RISKS).  Tom's extraordinary sense of constructive satire had
    a really powerful message.  He had a unique ability to capture the
    moment -- especially in his way of exposing the right and wrong.  (His
    annual Harvard Physics Reviews were incisive, but not widely known, as
    were his trips to MIT.)  When my friend and mentor Dave Huffman was at
    U.C. Santa Cruz in the final stage of his professoring after his tenure
    at MIT, he would call me up in the morning once a year and let me know
    that this was the day that Tom would perform at Dave's Crowell College,
    which Tom would apparently do on very short notice to avoid big crowds.
    (Dave Huffman greatly enjoyed Tom's humor.  He also had his own sense of
    humor, one day declaring to me that there had just been a merger of
    Honeywell and Fairchild, and it was being called Fairwell Honeychild.)

There was a flurry of discussion out of band on whether the open-sourcing of
Tom's archives were in any way redacted to meet earlier or even current
"norms".  I think not, although there were some protests, particularly
on the first item in the following list that I have pulled together here:
What could possibly require Redacting?

Here are just a few that illustrated Tom's incisive satire:

* The Vatican Rag
* National Brotherhood Week (with examples of equal-opportunity hatred)
* The Irish Ballad about the lass who killed her entire family
* The Old Dope Peddler (way ahead its time)
* I Got It from Agnes [I heard him sing the precursor of that in the
    Freshman Smoker in 1951, as *John Gave it to Mary, and She Got It
    from George ...*  It was one of the few songs that he nursed along
    over the years.]
* Be Prepared -- The Boy Scouts Marching Song (a bunch of racy lines)
* My Home Town (with a bunch of racy lines)
* Werner von Braun (Nazi, Schmazi!)
* Alma Mahler Gropius Werfel (there were three famous ones that 
    she married and God knows how many between)
* The Hunting Song (precursor of the anti-gun movement)
* Poisoning Pigeons in the Park
* I Hold Your Hand In Mine (and take a bite of your dainty finger tips)
* Pollution -- Don't drink the water and don't breath the air.
    Tom used to vary a few lines to suit the audience, as in the local 
    San Francisco night-club version:
      The breakfast garbage you throw in the Bay
      They drink for lunch in San Jose.
  [That was a polymorphic line that Tom adapted in real-time.
  But the entire song would have to be buried today as a harbinger
  of the defanging of climate change.]
* And many other amazingly diverse potshots at almost everything else that
  came into his unusual mind.  In that it is now all open-sourced, you can
  make your own changes, toning it down or adding your own local variants.
  But everything he wrote stands on its own.

  [From Steve Bellovin (and in a different venue, Peter Wayner):
    To PGN from SMB:
    You may not have seen this:  [This generated some discussion.]
    https://bsky.app/profile/opalescentopal.bsky.social/post/3luxxx27xhe23]

  [From George Neville-Neil:
    American musical satirist Tom Lehrer dies at 97, U.S. media report (BBC)
    https://www.bbc.co.uk/news/articles/cpv02yd2714o
    https://www.bbc.com/news/articles/cpv02yd2714o.amp
    I was privileged enough to get to email him a few years ago for 
    permission to use a bit of Lobachevsky in my Kode Vicious book.]

All in all, we have lost an absolutely amazing mind -- even if heavily
slanted to sometimes dark satire.  His legacy deserves to be carried on
forever by hand and mouth (a la Fahrenheit 451 if nothing else).
(Carry-on Carrion was of course the subject of the Hunting song:
    We tied them to the fender, and got them home somehow ...
    And there's ten stuffed heads in my trophy room right now,
    two game wardens, seven hunters, and a pure-bred Guernsey cow.)

And then was the song that he never wrote, for which he had only the title:
     If I Had It To All Over Again, I'd do it all over you!

I hope that this issue of RISKS lives as long as Tom Lehrer's anthology.
PGN

------------------------------

Date: Date: Tue, 29 Jul 2025 14:55:43 PDT
From: Peter G Neumann <neumann () csl sri com>
Subject: Trump wants to mess with Texas' Congressional Maps
 (Burt Solomons)

Burt Solomons, *The New York Times*, Opinion, 29 Jul 2025
Caving into partisan demands erosdes the public trust in government.

As a former Texas lawmaker and a current constituent, I urge them to
reject this clear partisan manipulation, one that smacks of
authoritarian overreach.  I urge them to do the Texas way.  Don't let
others tell you what to do or how to do it.  Re-affirm that Texans --
not the president -- get to choose their congressional
representatives.

------------------------------

Date: Tue, 22 Jul 2025 17:53:20 PDT
From: PGN RISKS List Owner <risko () csl sri com>
Subject: China-backed hackers used Microsoft flaw in attacks, defenders say
 (NYTimes)

Researchers say Chinese actors, along with other criminal hackers, exploited
a security flaw in SharePoint software widely used by governments and
businesses.

Ellen Nakashima, Joseph Menn, Yvonne Wingett Sanchez,
 *The Washington Post* (07/20/25), via ACM TechNews

Hackers exploited a zero-day vulnerability in widely-used Microsoft
SharePoint server software to launch a global attack on government agencies
and businesses in the past few days, breaching U.S. federal and state
agencies, universities, and energy companies. Tens of thousands of servers
are at risk, experts said, and Microsoft has issued no patch for the flaw.
Researchers said the hackers gained access to keys that may allow them to
regain entry even after a system is patched.

  [Also, 
  SharePoint Attacks Include Ransomware Infections (Jessica Lyons)
  The Register (U.K.) (07/24/25), via ACM TechNews
  Microsoft confirmed late Wednesday that a threat group it tracks as
  China-based Storm-2603 is abusing vulnerable on-premises SharePoint
  servers to deploy ransomware. The security holes affect SharePoint
  Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server
  Subscription Edition. Fixes for all three have been issued. More than 400
  organizations have been compromised thus far, according to Belgium's Eye
  Security, including the U.S. Department of Energy's National Nuclear
  Security Administration, which maintains U.S. nuclear weapons.]

------------------------------

Date: Fri, 25 Jul 2025 11:42:33 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: Researchers Bypass Anti-Deepfake Markers on AI Images
 (Anja Karadeglija)

Anja Karadeglija, CBC News (Canada) (07/23/25), via ACM TechNews

Researchers at the University of Waterloo in Canada developed a tool that
can quickly remove watermarks identifying artificially generated
content. The UnMarker tool can remove watermarks without knowing anything
about the system that generated them or anything about the
watermarks. Explained Waterloo's Andre Kassis, "We can just apply this tool
and within two minutes max, it will output an image that is visually
identical to the watermark image" but without the watermark indicating its
artificial origin.

------------------------------

Date: Fri, 25 Jul 2025 11:42:33 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: Tesla Testing if Its Robotaxis Can Be Hacked Remotely
 (Emily Forlini)

Emily Forlini, PC Mag (07/21/25), via ACM TechNews

Tesla has received U.S. Federal Communications Commission approval to test
its robotaxis for vulnerabilities to cellular and radio frequency (RF)
hacking. The company will simulate RF attacks to assess how resilient its
autonomous vehicles are to malicious interference. The tests aim to
strengthen cybersecurity measures ahead of broader autonomous vehicle
deployment.

------------------------------

Date: Thu, 24 Jul 2025 15:51:21 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Paramount-Skydance merger approved after payment to Trump clears
 and Colbert fired

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) has moved to the ftp.sri.com site:
   <risksinfo.html>.
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    delightfully searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.74
************************
Current thread:

(no subject) RISKS List Owner (Jul 07)
- <Possible follow-ups>
- (no subject) RISKS List Owner (Jul 19)
- (no subject) RISKS List Owner (Jul 22)
- (no subject) RISKS List Owner (Jul 29)
- (no subject) RISKS List Owner (Jul 31)
- (no subject) RISKS List Owner (Aug 18)