RISKS Forum mailing list archives
Risks Digest 33.82
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 4 Sep 2023 11:20:35 PDT
RISKS-LIST: Risks-Forum Digest Monday 4 September 2023 Volume 33 : Issue 82 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.82> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [Happy Labor Day. This is not work. I do this pro bono. PGN] The Titan's Submersible Disaster Was Years in the Making, New Details Reveal (Susan Casey in Vanity Fair) Hundreds of Flights Into Britain Canceled After ����Technical Issue���� With UK Air Traffic Control (NYTimes) 5,000 pilots suspected of hiding major health issues. Most are still flying. (WashPost) AI Brings the Robot Wingman to Aerial Combat (The New York Times) National Academies releases Testing, Evaluating and Assessing AI systems for the US Air Force (via Simson Garfinkel) Mushroom pickers urged to avoid foraging books on Amazon that appear to be written by AI (The Guardian) A battery catches fire on an Air France flight, the staff reacts in a few minutes (Euro) Electric cars catch fire in Florida after flooding (ABC) Security, Social or routing? (David Lesher) The decline of social media (Lauren Weinstein) Prescription drug ads on TV (Lauren Weinstein) NYTimes Spoofed to Hide Russian Disinformation Campaign (Dark Reading) Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It (The New York Times) Food delivery robots under attack from vandals, thieves (YouTube) Tesla owners are angry about buying their vehicles right before the latest big price cuts and are letting Elon Musk know: I feel completely duped. (Finance) Eversource Notice of Data Security Incident (via Monty Solomon) Mass. woman files class action lawsuit against StarnMarket for allegedly sending her marketing texts after she opted out (The Boston Globe) Saudi man sentenced to death for tweets in harshest verdict yet for online critics (NPR) The endless battle to banish the world's most notorious stalker website' (WashPost) Dragon Pizza owner on Portnoy feud: 'I'm receiving death threats' (The Boston Globe) FCC says *too bad* to ISPs complaining that listing every fee is too hard (Ars Technica) Re: Lahaina: single points of failure: cell phones! (PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 28 Aug 2023 17:02:28 -0500 From: Robert Dorsett Subject: The Titan's Submersible Disaster Was Years in the Making, New Details Reveal (Susan Casey in Vanity Fair) [It just gets worse and worse...] To many in the tight-knit deep-sea exploration community, OceanGate's submersible dives were reckless and often dangerous, writes best-selling author Susan Casey. *Vanity Fair*, 17 Aug 2023 https://www.vanityfair.com/news/2023/08/titan-submersible-implosion-warnings ------------------------------ Date: Mon, 28 Aug 2023 15:08:11 -0400 From: "Jan Wolitzky" <jan.wolitzky () gmail com> Subject: Hundreds of Flights Into Britain Canceled After ����Technical Issue���� Airlines were forced to cancel hundreds of flights and delay hundreds more on Monday after Britain����s air traffic control service experienced a *technical issue* that caused widespread disruption on one of the country����s busiest travel days of the year. More than 200 flights departing from Britain were canceled, according to Cirium, the aviation analytics company, along with 271 that were scheduled to arrive in the country on Monday. Many other flights would be delayed by more than eight hours, ����which will inevitably result in a cancellation,���� Cirium added. NATS, Britain����s National Air Traffic Service, said a technical problem had affected its ability to automatically process flight plans, which meant that the information had to be entered manually, slowing down the process. https://www.nytimes.com/2023/08/28/world/europe/uk-airport-flight-delays.html [Monty Solomon spotted UK flights delayed after air-traffic control suffers technical issue (The Verge) https://www.theverge.com/2023/8/28/23848721/uk-air-traffic-control-issues-flight-delays PGN] ------------------------------ Date: Sun, 27 Aug 2023 09:44:19 -0400 From: Monty Solomon <monty () roscom com> Subject: 5,000 pilots suspected of hiding major health issues. Most are still flying. (WashPost) Federal authorities have been investigating nearly 5,000 pilots suspected of falsifying their medical records to conceal that they were receiving benefits for mental health disorders and other serious conditions that could make them unfit to fly, documents and interviews show. The pilots under scrutiny are military veterans who told the Federal Aviation Administration that they are healthy enough to fly, yet failed to report ���� as required by law ���� that they were also collecting veterans benefits for disabilities that could bar them from the cockpit. Veterans Affairs investigators discovered the inconsistencies more than two years ago by cross-checking federal databases, but the FAA has kept many details of the case a secret from the public. [...] https://www.washingtonpost.com/politics/2023/08/27/faa-pilots-health-conditions-va-benefits/ ------------------------------ Date: Sun, 27 Aug 2023 12:10:59 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: AI Brings the Robot Wingman to Aerial Combat (The New York Times) An Air Force program shows how the Pentagon is starting to embrace the potential of a rapidly emerging technology, with far-reaching implications for war-fighting tactics, military culture and the defense industry. It is powered into flight by a rocket engine. It can fly a distance equal to the width of China. It has a stealthy design and is capable of carrying missiles that can hit enemy targets far beyond its visual range. But what really distinguishes the Air Force����s pilotless XQ-58A Valkyrie experimental aircraft is that it is run by artificial intelligence, putting it at the forefront of efforts by the U.S. military to harness the capacities of an emerging technology whose vast potential benefits are tempered by deep concerns about how much autonomy to grant to a lethal weapon. [...] The Pentagon has a miserable record on building advanced software and trying to start its own artificial intelligence program. Over the years, it has cycled through various acronym-laden program offices that are created and then shut down with little to show. ------------------------------ Date: Tue, 29 Aug 2023 12:24:47 +0000 From: Simson Garfinkel <simsong () alum mit edu> Subject: National Academies releases Testing, Evaluating and Assessing AI systems for the US Air Force This is a major accomplishment and a must-read for anyone concerned about the use of AI by the US military. https://www.nationalacademies.org/our-work/testing-evaluating-and-assessing-= artificial-intelligence-enabled-systems-under-operational-conditions-for-the= -department-of-the-air-force ------------------------------ Date: Fri, 1 Sep 2023 13:03:15 -0400 From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema () rinzewind org> Subject: Mushroom pickers urged to avoid foraging books on Amazon that appear to be written by AI (Fungi, The Guardian) https://www.theguardian.com/technology/2023/sep/01/mushroom-pickers-urged-to-avo id-foraging-books-on-amazon-that-appear-to-be-written-by-ai
Amateur mushroom pickers have been urged to avoid foraging books sold on Amazon that appear to have been written by artificial intelligence chatbots. Amazon has become a marketplace for AI-produced tomes that are being passed off as having been written by humans, with travel books among the popular categories for fake work. Now a number of books have appeared on the online retailer����s site offering guides to wild mushroom foraging that also seem to be written by chatbots. [...]
[If you are for aging faster, a toxic mushroom may suffice. And you will no longer be a fun-guy. Sorry, it's not funny. The risks of erroneous ChatBots are enormous, and it may be difficult to sue anyone for false representaions. PGN] ------------------------------ Date: Sat, 2 Sep 2023 16:50:50 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: A battery catches fire on an Air France flight, the staff reacts in a few minutes (Euro) It was minus one! On Monday August 21, during Air France flight AF914 to Accra, the capital of Ghana, a fire on board could have cost the lives of all the passengers. While the bulk of the travelers doze at an altitude of nearly 10,000 meters, a hostess detects the battery of a man����s telephone about to ignite. You have to react without wasting a second. ����It����s smoking, it����s going to explode!���� sees Marie-C��cile Zinsou, president of the Zinsou Foundation for Contemporary Art in Ouidah, Benin, who was on board the plane. With the Figaro, she says: ����I looked through the window and I saw that we were too high, at 32,000 feet, to escape. https://euro.dayfr.com/trends/760027.html [Strangely written article -- maybe ChatGPT or badly translated.] ------------------------------ Date: Sat, 2 Sep 2023 16:52:27 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Electric cars catch fire in Florida after flooding (ABC) EV����s that come into contact with salt water are at risk of catching fire in the days and weeks after storm FLORIDA ���� In just the last couple of days after the storm, two electric vehicles, one in Pinellas Park and a Tesla in Palm Harbor, caught fire after the storm surge pushed a wall of saltwater inland. Carfax spokesperson Patrick Olsen said owners need to understand the fire risk doesn't go away after the vehicle dries out. https://www.abcactionnews.com/idalia/electric-cars-catch-fire-in-florida-after-flooding ------------------------------ Date: Tue, 29 Aug 2023 19:41:31 -0400 From: David Lesher <wb8foz () panix com> Subject: Security, Social or routing? I got a call "from Social Security". Or was it? The call was from a local Maryland {301} prefix. (That number belongs to Envoy, a telecom carrier I'm aware of.) But she wants my data (SSN, etc.) before she'll talk & I want proof of her status before... Mexican Standoff. She suggested I call my local office to verify she is an employee. She gave me her "800" number, and a ten-digit (!) extension. {The extension's first 3 digits were an N00, ergo not a valid NPA {area code}. Now SSA has a web page, and I have more faith in DNS et.al than easily forged CNID. That page says their main number is 800-772-1213. If I look up my local SSA office, I get told a third 800 number, not a local number there, nor the one she had given me. Hmmm. So I called 800-772-1213, and waited 50 minutes. Then the human there told me she was an employee and confirmed her name and 10-digit extension. Turns out she works in a Denver facility BUT he could not transfer me. So I called the Envoy number, got an auto attendant. Entered the 10D extension she had given me, and got her voicemail. She called back a day later, same Envoy number, same voice. FINALLY, we could discuss the question at hand. How hard would it be for attackers to use some BGP'ish attack to divert a slew of inbound VOIP-carried calls to them? I'm no crypto expert [I can spell 'PGP'...], but would tools such as offering "the sum of the first 3 digits", "Consonant, vowel, vowel, consonant" for a place of birth etc. be safer/safe enough? ����Reflections on Trusting Trust���� came to mind. How should an 'average Jill/Joe' have any confidence that it *is* SSA calling? Granted SSA must have a huge phone system, and given Federal procurement regs, it is divvied up between multiple vendors, but should the core security be the 1213 number they dial, when it won't get you where you need to be, 50 minutes later? May we live in interesting times. ------------------------------ Date: Wed, 30 Aug 2023 08:17:44 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: The decline of social media When you really think about it, a fundamental reason why most social media seems to have turned into an increasingly painful chore rather than a joy to be anticipated, is that on most platforms they have devolved into advertising, group and self-promotion, and commercial content delivery systems (and worse) -- rather than venues to engage in polite discussion with other individuals about areas of common interest. In many cases, they've quite obviously degraded from happy serendipity to abysmal stupidity. That's just the reality. -L ------------------------------ Date: Fri, 1 Sep 2023 10:17:52 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Prescription drug ads on TV Advertising of prescription drugs on television is an absolute travesty, drives viewers nuts, and makes doctors' jobs even more difficult. The decision to permit these ads at the behest of Big Pharma was one of the worst ever. The list of side effects in many TV prescription drug ads starts to sound like a Monty Python script, especially when they include completely OPPOSITE effects in the same list that goes on and on and on. "Do not take if you or anyone in your immediate family suffers from Dyatical Frombolini's Syndrome A-4Z031B3 or are allergic to giraffes." ------------------------------ Date: Thu, 31 Aug 2023 17:18:25 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: NYTimes Spoofed to Hide Russian Disinformation Campaign (Dark Reading) "Operation Doppelganger" has convincingly masqueraded as multiple news sites with elaborate fake stories containing real bylines of journalists, blasting them out on social media platforms. https://www.darkreading.com/threat-intelligence/new-york-times-spoofed-russian-disinformation-campaign ------------------------------ Date: Fri, 1 Sep 2023 16:51:49 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It (*The New York Times*) In a recent analysis of data from 37 American cities, the Council on Criminal Justice, a nonpartisan think tank, suggested a hopeful trend ���� the pandemic-era spike in crime may have peaked. The homicide rate has dropped significantly over the last year, based on data from 30 American cities. In many places, just about all types of violent crimes are down, in some areas substantially ���� in Atlanta, for instance, there have been 21 percent fewer aggravated assaults, 28 percent fewer homicides and 56 percent fewer rapes than at this point in 2022, according to police department data. But there����s a glaring exception: auto thefts. According to the Council on Criminal Justice, ����The number of vehicle thefts during the first half of 2023 was 33.5 percent higher, on average, than during the same period in 2022 ���� representing 23,974 more vehicle thefts in the cities that reported data.���� In Philadelphia, Washington, D.C., Chicago, New Orleans, Buffalo and Durham, N.C., motor vehicle thefts this year have more than doubled relative to last year, according to stats collected by Jeff Asher, a crime data analyst. This week, The Baltimore Sun reported that ����auto thefts are on pace to more than double the total from last year, as reports through the first eight months of 2023 are already up 88 percent compared to all of 2022.���� Why are so many cars getting stolen? Police departments and city officials point to this: Millions of Kias and Hyundais are ridiculously easy to steal. https://www.nytimes.com/2023/09/01/opinion/kia-hyundai-tiktok.html?smid=nytcore- ios-share&referringSource=articleShare ------------------------------ Date: Sat, 2 Sep 2023 17:06:13 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Food delivery robots under attack from vandals, thieves (YouTube) The popularity of remote food delivery skyrocketed during the COVID-19 pandemic, and the trend has continued to help businesses thrive years later. Unfortunately, some of the robotic delivery vehicles are taking a beating, with several viral videos showing people kicking the autonbots over and even stealing the products inside. https://www.youtube.com/watch?v=X3C_rpUTYuk I saw food delivery robots years ago on George Mason University campus. I saw a student chasing one for his order because he forgot to update his address so the robot wasn't going to where he lived. That video is amazing -- worst interviewers I've seen. Inarticulate and just dumb. After being told the robots travel seven miles per hour, newsdroidette commented that it would take an hour to deliver a mile away. ------------------------------ Date: Sun, 3 Sep 2023 12:03:25 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Tesla owners are angry about buying their vehicles right before the latest big price cuts and are letting Elon Musk know: I feel completely duped. (Finance) When Tesla slashes prices, as it did this week, shoppers looking for electric vehicles generally benefit. But for anyone who buys a Tesla right before such price cuts, the frustration can be acute. Waiting just a little longer to buy, after all, could have saved them a significant amount of money����but they had no way of knowing. A risk for Elon Musk����s carmaker, which has repeatedly cut prices on its high-end models this year, is that existing customers will feel resentment����not to mention see their vehicle lose value����while some shoppers hesitate to buy because another price cut might be right around the corner. After the carmaker made its latest price cuts on Thursday, new Tesla owners vented their frustration on social media, often addressing Musk in posts on X (formerly Twitter), the social network he owns. One tweet posted on Friday reads: ����Tesla screws with people so much when they drop price by $20k+. I just picked up my Model S Plaid one day ago, drove less than 100 miles on it and I'm shafted by over $20k. TESLA NEVER AGAIN.���� https://uk.finance.yahoo.com/news/tesla-owners-angry-buying-vehicles-210317476.html [Monty found this item on Fortune: https://fortune.com/2023/09/02/tesla-owners-angry-at-elon-musk-after-new-price-cuts/ PGN] ------------------------------ Date: Mon, 28 Aug 2023 19:13:16 -0400 From: Monty Solomon <monty () roscom com> Subject: Eversource Notice of Data Security Incident
From: Eversource Energy Date: August 28, 2023 Subject: Notice of Data Security Incident Reply-To: communications () eversource com
The security of our customers���� information is of paramount importance to us. We recently learned that one of our vendors was among the companies that experienced a data breach incident directly related to the MOVEit data transfer software vulnerability hack that has affected many other companies globally. The vendor, CLEAResult, is contracted to provide services to energy efficiency programs for utilities in Massachusetts, including Eversource. Some of your information was contained in the CLEAResult files, such as your name, address, contact information [Rest PGN-truncated. CLEARly written by a Chatbot?] ------------------------------ Date: Sat, 2 Sep 2023 20:33:09 -0400 From: Monty Solomon <monty () roscom com> Subject: Mass. woman files class action lawsuit against StarnMarket for allegedly sending her marketing texts after she opted out (The Boston Globe) It is illegal for companies to send consumers marketing text messages after they've opted out. They can be ordered to pay up to $1,500 per illegal text. https://www.boston.com/news/local-news/2023/08/23/star-market-class-action-lawsuit-marketing-text-messages-opt-out-massachusetts/ ------------------------------ Date: Sat, 2 Sep 2023 12:34:07 -0400 From: Monty Solomon <monty () roscom com> Subject: Saudi man sentenced to death for tweets in harshest verdict yet for online critics (NPR) https://www.npr.org/2023/08/31/1196776390/saudi-arabia-man-death-sentence-tweets [In Saudim, There's No Gomorrah, there's just ToPay. PGN] ------------------------------ Date: Sun, 3 Sep 2023 13:24:53 -0400 From: Monty Solomon <monty () roscom com> Subject: The endless battle to banish the world's most notorious stalker website (WashPost) For a year, a former Kiwi Farms user worked with transgender engineers to keep the stalker site offline. Still, the website has endured. https://www.washingtonpost.com/technology/2023/09/03/kiwifarms-website-offli= ne/ ------------------------------ Date: Sat, 2 Sep 2023 03:44:54 -0400 From: Monty Solomon <monty () roscom com> Subject: Dragon Pizza owner on Portnoy feud: 'I'm receiving death threats' (The Boston Globe) https://www.boston.com/food/food/2023/09/01/barstools-dave-portnoy-gets-in-feud-with-dragon-pizza-owner/ ALSO: The story behind that profanity-laced pizza review video in Davis Square https://www.bostonglobe.com/2023/09/01/metro/story-behind-that-profanity-laced-pizza-review-video-davis-square/ ------------------------------ Date: Wed, 30 Aug 2023 21:55:25 -0400 From: Monty Solomon <monty () roscom com> Subject: FCC says *too bad* to ISPs complaining that listing every fee is too hard (Ars Technica) https://arstechnica.com/?p=1964377 ------------------------------ Date: Sun, 3 Sep 2023 19:43:25 PDT: From: Peter G Neumann Subject: Re: Lahaina: single points of failure (RISKS-33.81) Maui Evacuation Alert Shows Limits of a Warning System Dependent on Cellphones Mike Baker, Sergio Olmos, and Eileen Sullivan *The New York Times*, 3 Sep 2023 ------------------------------ Date: Sat, 1 Jul 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.82 ************************
Current thread:
- Risks Digest 33.82 RISKS List Owner (Sep 04)