RISKS Forum mailing list archives
Risks Digest 34.23
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 6 May 2024 13:36:06 PDT
RISKS-LIST: Risks-Forum Digest Monday 6 May 2024 Volume 34 : Issue 23 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.23> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Could the Covid-19 Vaccines Have Caused Some People Harm? Thousands think that their cases have been ignored. (Apoorva Mandavilli) Electric car driver turned away from hospital car park (BBC) Drones Changed Myanmar Civil War, Linked Rebels to the World (NYTimes) Hacker Free-for-All in Fight for Routers (Dan Goodin) Politicians Use Social Media to 'Buy' Votes (New Scientist) Zeekill: From teenage cyber-thug to Europe's most wanted? (BBC) What Happens When a Romance Writer Gets Locked Out of Google Docs (WiReD) Apple Password Reset Propagations (Marvin Schaefer) AI Lobbying Frenzy in Washington Dominated by Big Tech (Will Henshall) When grief and AI collide: These people are communicating with the dead (CNN Business) The Sam Altman Playbook (Gary Marcus on AI) Tiffany Haddish started tracking down her online trolls and calling them on the phone (NBC News) Microsoft announces ZTDNS (Cliff Kilby) Former 'Employee Express' Phone Number Being Used by Fraudsters, Warns IG (FedWeek) How Scammers Are Stealing Food Stamps From Struggling Americans (NYTimes) Medical Debt Shows Up Less Often on Credit Reports (NYTimes) More on Google Chrome and the vanishing UNDO function! Universal Music Artists Will Return to TikTok (NYTimes) If your iPhone alarm has gone quiet, Apple says it's working on a fix (The Verge) Re: Phone Keyboard Exploits Leaves Billion Users Exposed Martin Ward) Re: Boeing's problems (Martin Ward) Re: Can AI-powered drive-throughs save the day for fast food operators? (Steve Bacher) Re: Developers seethe as Google surfaces buggy AI-written code operators (Steve Bacher) Re: Net Neutrality and Black Boxes (Bob Rahe) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 5 May 2024 14:06:16 PDT From: Peter Neumann <neumann () csl sri com> Subject: Could the Covid-19 Vaccines Have Caused Some People Harm? Thousands think that their cases have been ignored. (Apoorva Mandavilli) Apoorva Mandavilli, *The New York Times*, 5 May 2024, National Edition front page [This a really important article. The notable sections of this article lengthy article are these, with brief PGN-ed summaries:] ``I'm not real.'' Patients who they experienced bad side effects say they have received little support or acknowledgment. Listening for Signals. There are gaps in the official reporting, e.g., individual shots were not recorded in mass vaccinations. A Red Flag. Other countries have sought out reports of bad side effects and reached conclusions the U.S. has not. Pervasive Misinformation. The rise in the anti-vax movement has made it difficult ... to candidly address potential side effects. [several fascinating individual cases are noted in some detail.] [This article affects quite a few people who apparently were seriously impacted -- e.g., death or long-term Lyme-disease-like co-infections -- resulting from vaccination. One extreme case was one of my old friends who was one of 9 people who were vaccinated at the same time by a clinic, 6 of who died soon thereafter from what appears to have been a bad batch. If you browse on How Bad Is My Batch, you might get this URL, into which you can put your batch IDs: https://knollfrank.github.io/HowBadIsMyBatch/HowBadIsMyBatch.html) My own conclusion is that much of the conventional medical response is what has happened in the history of Lyme disease -- for many years, doctors refused to admit that chronic Lyme disease even existed (e.g., it had crossed the blood-brain barrier and was mostly untreatable), characteristically attributing it to psychological problems. I think bad-batch reactions and long-Covid have both have received the same general reaction -- they are anomalies and were typically discounted -- although now perhaps the medical profession is seeing a glimmer of credibility in some of the reports. PGN] [PS. I am not an anti-vaxxer, just a questioner of the blind one-size-fits-all approach. PGN] ------------------------------ Date: Sun, 5 May 2024 16:57:56 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Electric car driver turned away from hospital car park (BBC) A father who was taking his child to Alder Hey hospital in Liverpool says he was turned away from the car park because he was driving an electric vehicle (EV). Paul Freeman-Powell said he was told to park next to nearby grass because his car *could explode*. The hospital says it has temporarily banned access to the car park while it improves its sprinkler system. But industry figures have challenged the decision, pointing to research that indicates petrol cars are considerably more likely to catch fire than EVs. https://www.bbc.com/news/articles/c90zjne2v0jo The risk? Progress? Misinformation? Cluelessness? [Mono-lith-ium Phobia? PGN] ------------------------------ Date: Mon, 6 May 2024 11:35:16 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Drones Changed Myanmar Civil War, Linked Rebels to the World (NYTimes) Hannah Beech and Paul Mozur, *The New York Times*, 4 May 2024, via ACM TechNews Rebel drone units have managed to turn the tables on the military in Myanmar. Drone pilots in Myanmar describe turning to groups on chat apps to download 3D printing blueprints for fixed-wing drones. They also gain insight there on how to hack through the default software on commercial drones that could give away their locations. The drone pilots also post videos taken from drones on social media to boost morale and help raise money. ------------------------------ Date: Mon, 6 May 2024 11:35:16 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Hacker Free-for-All in Fight for Routers (Dan Goodin) Dan Goodin, *Ars Technica*, 1 My 2024, via ACM TechNews Hackers are surreptitiously coexisting inside compromised routers as they use the devices to disguise attacks motivated both by financial gain and state-backed espionage, according to researchers at U.S.-Japanese cybersecurity software company Trend Micro. In some cases the co-existence is peaceful, with financially motivated hackers providing spies access to already compromised routers in exchange for a fee. In other cases, state-backed hackers take control of devices previously hacked by the cybercrime groups. ------------------------------ Date: Mon, 6 May 2024 11:35:16 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Politicians Use Social Media to 'Buy' Votes (New Scientist) Chris Stokel-Walker, New Scientist, 2 May 2024, via ACM TechNews A study of political advertisements on social media by researchers at Germany's Ludwig Maximilian University of Munich found that German political parties could sway an individual voter with just ?4 ($4.31) of advertising spend. The researchers looked at more than 21,000 advertisements posted on Facebook and Instagram during Germany's 2021 federal elections. Using a statistical model, they determined that a candidate's votes rose 2.1% for every 200,000 times their advertisements were seen. ------------------------------ Date: Sat, 4 May 2024 18:11:46 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Zeekill: From teenage cyber-thug to Europe's most wanted? (BBC) https://www.bbc.com/news/articles/cyxe9g4zlgpo A notorious hacker who was one of Europe=E2=80=99s most wanted criminals has been jailed for blackmailing 33,000 therapy patients with their stolen session notes. Julius Kivim=C3=A4ki's imprisonment brings to an end an 11-year cyber-crime spree that started when he rose to prominence in a network of anarchic teenage hacking gangs at the age of just 13. ------------------------------ Date: Sun, 5 May 2024 18:24:08 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: What Happens When a Romance Writer Gets Locked Out of Google Docs (WiReD) In March, an aspiring author got a troubling message: All of her works in progress were no longer accessible. What happened next is every writer’s worst fear. [...] When she saw the word *inappropriate* in the notification, Renee worried her work had been dinged for its spice. “I thought I was the problem,” she says. “I thought I had somehow messed it up.” But she hadn’t. At least, she hadn’t messed it up in any way she could hope to avoid in the future. Google never specified which of her 222,000 words was inappropriate. There were no highlighted sections, no indicators of what had rendered her documents unshareable. Had one of her readers flagged the content without discussing it with her first? Was it a malicious attack on the files? Had someone at Google decided her content was too spicy? Renee hadn’t turned on any of the AI functions in Google Workspace, so she doubted it could be chalked up to a bot banning her books. After all, a 2016 paper coauthored by Google researchers revealed that its recurrent neural network language models had been fed thousands of romances. If for some reason a bot was crawling her work, wouldn’t it recognize what it was looking at? https://www.wired.com/story/what-happens-when-a-romance-author-gets-locked-out-of-google-docs/ ------------------------------ Date: Sun, 5 May 2024 20:16:16 +0000 (UTC) From: "Marvin Schaefer" <bwapast () verizon net> Subject: Apple Password Reset Propagations It appears that Apple’s new programme to encourage iPhone users to reset their AppleID passwords has consequences beyond being simply consequential. Indeed, the new password then generates a family of additional passwords (I count 16) that then self-propagate to other Apple-related devices, in some cases changing or modifying properties of already installed applications and backups. My desktop Mac, sleeping on the day that I installed the new password suffered from the propagation via the device network Apple constructs, and as a consequence when I awoke my Mac last night I discovered that the contents of the Notes application had been supplanted completely by unrelated readable garbage. But the valued notes had all been eliminated. Worse, no luck retrieving the original application data from my system backup files…. Reset in haste, repent at leisure. ADDED REMEDIATION: The Sweet Misery of Strife has just been resolved through the black arts of my 7th Apple Support contact over the last [lost] 3 days. The Black arts to which she resorted were irreproducible -- she had me simply reset the arcane apple ID while I was logged into my Mac and it magically held and did what was apparently needed. No good explanation here, no idea of what is in the all new set of 16 generated passwords. No idea of how long, if during my shortening lifespan, this approach will hold water. ------------------------------ Date: Mon, 6 May 2024 11:35:16 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: AI Lobbying Frenzy in Washington Dominated by Big Tech (Will Henshall) Will Henshall, *Time*, 30 Apr 2024, via ACM TechNews A report from nonprofit OpenSecrets revealed an almost threefold increase in the number of organizations lobbying the U.S. government on AI from 158 in 2022 to 451 in 2023. Among the 334 organizations that lobbied on AI for the first time last year were startups like OpenAI, big corporations like Visa and GSK, industry trade associations, and numerous civil society organizations. Meanwhile, OpenSecrets found that Amazon, Meta, Alphabet, and Microsoft each spent more than $10 million on lobbying. ------------------------------ Date: Mon, 6 May 2024 10:22:52 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: When grief and AI collide: These people are communicating with the dead (CNN Business) As artificial intelligence gets smarter, some people are turning to the technology to simulate the personality and behavior of a deceased loved one. https://www.cnn.com/2024/05/06/tech/ai-communicating-with-dead/index.html ------------------------------ Date: Sun, 5 May 2024 17:12:00 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: The Sam Altman Playbook (Gary Marcus on AI) Fear, The Denial of Uncertainties, and Hype How do you convince the world that your ideas and business might ultimately be worth $7 trillion dollars? Partly by getting some great results, partly by speculating about unlimited potential, and partly by downplaying and ignoring inconvenient truths. Sam Altman is on a tour to raise money and raise valuations, and he’s plying these moves day after day, in a city after city, at some of top universities in the world. Aside from a minor upgrade to GPT-4, he doesn’t have a newly released product, so he is selling vision and promise. Let’s start with the promises. A few days ago at Stanford, Sam promised that AGI will be worth it, no matter how much it costs: https://garymarcus.substack.com/p/the-sam-altman-playbook ------------------------------ Date: Sat, 4 May 2024 09:17:34 -0400 From: Monty Solomon <monty () roscom com> Subject: Tiffany Haddish started tracking down her online trolls and calling them on the phone (NBC News) https://www.nbcnews.com/news/nbcblk/tiffany-haddish-tracking-online-trolls-calling-rcna150574 ------------------------------ Date: Sat, 4 May 2024 14:40:23 -0400 From: Cliff Kilby <cliffjkilby () gmail com> Subject: Microsoft announces ZTDNS I wonder how this is any less overhead to manage than a traditional router/firewall/proxy/gpo/domain combination thats been capable of doing this exact thing circa 2000. I am also failing to see how this change would allow a company to do away with any of that in order to simplify operation. https://arstechnica.com/security/2024/05/microsoft-plans-to-lock-down-windows-dns-like-never-before-heres-how/2/ ------------------------------ Date: Sun, 5 May 2024 18:40:33 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Former 'Employee Express' Phone Number Being Used by Fraudsters, Warns IG (FedWeek) The Inspector General’s office at OPM has posted a warning against calling a phone number once associated with the agency’s Employee Express FEHB enrollment site (888-353-9450), saying the number “is currently in use by fraudsters/bad actors who have practiced financial exploitation tactics.” “This phone number was provided on U.S. Department of State human resources notices to employees and Foreign Service retirees. It may also be or have been provided on other participating federal agencies’ human resources or information. This customer service phone number is no longer in use by OPM or the federal government,” it says. https://www.fedweek.com/fedweek/former-employee-express-phone-number-being-used-by-fraudsters-warns-ig/ ------------------------------ Date: Sun, 5 May 2024 17:47:20 -0400 From: Monty Solomon <monty () roscom com> Subject: How Scammers Are Stealing Food Stamps From Struggling Americans (NYTimes) Thieves are using skimmers to drain millions in food stamps and other public benefits from the neediest Americans. https://www.nytimes.com/2024/05/04/business/food-stamps-skimming-scam.html ------------------------------ Date: Sun, 5 May 2024 17:52:24 -0400 From: Monty Solomon <monty () roscom com> Subject: Medical Debt Shows Up Less Often on Credit Reports (NYTimes) But the Consumer Financial Protection Bureau said 15 million people still had medical bills in their files, which can make it hard to qualify for loans. https://www.nytimes.com/2024/05/03/your-money/medical-debt-credit-reports.html ------------------------------ Date: Sat, 4 May 2024 11:55:09 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: More on Google Chrome and the vanishing UNDO function! [See RISKS-34.20. PGN] Google apparently has removed (as far as I can tell) the incredibly standard and important UNDO function from Chrome right-click context menus, replacing it with a useless "Help me write" AI choice. UNBELIEVABLE. If you're in the know, you can do an UNDO with Control-Z. If you're not in the know and depend on context menus -- apparently Google just doesn't care. Surprise! -L ... Even more on Google context menus and UNDO To be even more precise, context menus can vary based on the current app, of course. An example of an app where UNDO is no longer available in the context menu, but "Help me write" now is present, is -- you guessed it -- in Gmail. UNDO also appears to be absent in the right-click context menus for Google Docs text input as well, but I'm less certain that this has been a recent change -- Control-Z functions as UNDO there also. App/browser interactions can be complex, but having UNDO suddenly vanish from any apps without any explanation to users is a terrible user experience. -L [... and still more] In case you're trying to test the UNDO situation yourself, note that this apparently is dependent on a variety of variables. The rollout status of Gmail. Browser version. System type. Maybe more. So some may still see Undo, others may not. And this could change. For reference, here's what my Gmail text input right-click context menu looks like currently on an Ubuntu desktop. Obviously, Undo has gone missing, replaced with "Help me write": https://mastodon.laurenweinstein.org/@lauren/112384616439563174 ------------------------------ Date: Sun, 5 May 2024 17:54:01 -0400 From: Monty Solomon <monty () roscom com> Subject: Universal Music Artists Will Return to TikTok (NYTimes) The two companies reached a new licensing deal, ending a three-month stalemate that kept some of pop’s biggest stars off the platform. https://www.nytimes.com/2024/05/02/arts/music/tiktok-universal-music-deal.html ------------------------------ Date: Tue, 30 Apr 2024 23:31:33 -0400 From: Monty Solomon <monty () roscom com> Subject: Change Healthcare hackers broke in using stolen credentials -- and no MFA, says UHG CEO (TechCrunch) https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/ ------------------------------ Date: Tue, 30 Apr 2024 23:26:33 -0400 From: Monty Solomon <monty () roscom com> Subject: If your iPhone alarm has gone quiet, Apple says it's working on a fix (The Verge) https://www.theverge.com/2024/4/30/24145296/apple-iphone-alarm-sounds-broken-ios-bug-fix-coming ------------------------------ Date: Sun, 5 May 2024 19:05:33 +0100 From: Martin Ward <mwardgkc () gmail com> Subject: Re: Phone Keyboard Exploits Leaves Billion Users Exposed
The Chinese-language keyboards use character-prediction features that rely
on cloud computing resources, Why does a character prediction feature need cloud computing resources? Why do I feel that the "improperly secured communications" were part of the plan all along? ------------------------------ Date: Sun, 5 May 2024 12:31:36 +0100 From: Martin Ward <mwardgkc () gmail com> Subject: Re: Boeing's problems In response to the engine cover falling off and hitting a wing flap, Boeing said: "We place our highest priority on ultimate Safety for our Customers and Employees," There are two possibilities here: either (1) they are lying and safety has actually been a very low priority, or (2) the company really is trying its absolute hardest at every level to fly safely and is utterly incompetent and incapable of doing so. In the first case, the solution includes firing the top executives. In the second case, the solution is much more difficult and probably means closing and disbanding the company altogether! So, I guess, we have to hope that they are lying! ------------------------------ Date: Sun, 5 May 2024 09:24:49 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: Can AI-powered drive-throughs save the day for fast food operators? (LATimes) The item in RISKS 34.22 is incomplete and is missing the link to the article. Here it is. https://www.latimes.com/business/story/2024-05-01/ai-powered-drive-thru-fast-food-operators-20-minimum-wage-california-carls-el-pollo-loco Not that AI-led drive-through is quite ready for prime time. As it is today, the system can have trouble with people’s accents and ambient noise, making it hard to recognize speech and translate it into text. Pilot programs run by McDonald’s and others thus far often have backed up the AI technology with an employee, like the Wizard of Oz man behind the curtain. The unseen worker from as far away as the Philippines monitors and sometimes intervenes to complete an order if AI falters. ------------------------------ Date: Sun, 5 May 2024 10:15:09 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: Developers seethe as Google surfaces buggy AI-written code (The Register) Why doesn't Pulumi just prevent Google from indexing their site with a noindex meta tag? ------------------------------ Date: Sat, 4 May 2024 15:24:33 -0400 From: Bob Rahe <bob () dtcc edu> Subject: Re: Net Neutrality and Black Boxes (RISKS-34.22) In the item about net neutrality coming back the phrasing seemed a bit... pointed (?) I.e. "The rules reflect those imposed by the FCC in 2015 but rescinded by the Trump administration in 2017." It would seem if they were rescinded by an "administration" the were probably also imposed by an administration (Obama). Or by the FCC. Why the difference? In the item about the AI tool being used in criminal cases this line kind of just flew off the page: ``Black-box software with no audit trail and no peer review seems to be a critical piece of prosecutors' cases... Judges are now tossing the `evidence'.'' Sounds like some of the issues with voting machines in the 2020 election, except for there not being judges throwing out evidence.... ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.23 ************************
Current thread:
- Risks Digest 34.23 RISKS List Owner (May 06)