RISKS Forum mailing list archives
Risks Digest 34.16
From: RISKS List Owner <risko () csl sri com>
Date: Wed, 10 Apr 2024 15:51:26 PDT
RISKS-LIST: Risks-Forum Digest Wednesday 10 April 2024 Volume 34 : Issue 16 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.16> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: The total eclipse shows us how important solar energy is to the U.S. (The Verge) Chinese Hack of Microsoft Exchange Online Was Preventable, Reviwe Board Finds (Kim S. Nash) Dana-Farber Cancer Institute has retracted 7 studies amid controversy over errors (NBC News) A once-ignored community of science sleuths now has the research community on its heels (NBC News) Can AI help fill the therapist shortage? Mental health apps show promise and pitfalls (CBS News) Hackers stole 340,000 Social Security numbers from government consulting firm (TechCrunch) Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation (ArsTechnica) Targus says cyberattack is causing operational outage (TechCrunch) After pushing cloud storage, TV provider to auto-delete 61-day-old DVR recordings (ArsTechnica) Texas Will Use Computers to Grade STAAR Tests (Keaton Peters) Cheshire Cat GPS Jamming/Spoofing in Ukraine, Israel, ... (Henry Baker) Scammers exploiting people who change their status to #OpenToWork (Ben Rothke) Mr Bates vs The Post Office now available on PBS in the U.S. (PBS via Jeremy Epstein) Why Open Source Can't Innovate (Dana F. Blankenhorn) Elon Musk Didn't Want His Latest Deposition Released. Here It Is. (HuffPost Latest News) Russian trolls target U.S. support for Ukraine, Kremlin documents show (WashPost) California judge dismisses one of ‘Are We Dating the Same Guy?’ lawsuits (NBC News) YouTube is the most consequential technology in America (WashPost) Yet another 419 variant (Rob Slade) Tesla is settling with the family of the Apple engineer who died in an Autopilot crash (The Verge) Re: AI that targets civilians ... (Dylan Northrup) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 8 Apr 2024 20:53:45 -0400 From: Monty Solomon <monty () roscom com> Subject: The total eclipse shows us how important solar energy is to the U.S. (The Verge) https://www.theverge.com/2024/4/8/24124189/solar-eclipse-renewable-energy-panels-electricity-grid [And incidentally, Monty noted Internet Traffic Dipped as Viewers Took in the Eclipse Internet -- it dropped by 40 percent or more during the eclipse in states in the path of totality, including Maine, New Hampshire and Ohio, Cloudflare found. https://www.nytimes.com/2024/04/09/business/internet-traffic-eclipse-cloudflare.html PGN] ------------------------------ Date: Wed, 10 Apr 2024 11:34:12 PDT From: Peter Neumann <neumann () csl sri com> Subject: Chinese Hack of Microsoft Exchange Online Was Preventable, Review Board Finds (Kim S. Nash) Kim S. Nash. *The Wall Street Journal* https://cybersecurity.cmail20.com/t/d-l-eydzx-tjludishy-i/ Security missteps at Microsoft might pave the way for a cyber-overhaul of the cloud sector. "A cascade of security failures at Microsoft" allowed Chinese hackers to penetrate the company's Exchange Online cloud-based email system last year, according to the U.S. Cyber Safety Review Board. The board spent seven months investigating the espionage incident, in which the email accounts of 22 organizations and more than 500 individuals around the world were compromised. These included Commerce Secretary Gina Raimondo and U.S. Ambassador to China, Nicholas Burns. Microsoft cooperated fully with the probe, the board said in its report issued Tuesday. Tactical and strategic decisions at Microsoft reflect "a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations," the board said. Not only does the report include security recommendations for the tech giant, but some for cloud providers generally as well. U.S. officials also plan to convene major cloud players to hammer out baseline cyber practices and a process for the companies to regularly attest they are complying. ------------------------------ Date: Tue, 9 Apr 2024 21:47:28 -0400 From: Monty Solomon <monty () roscom com> Subject: Dana-Farber Cancer Institute has retracted 7 studies amid controversy over errors (NBC News) The episode has imperiled the reputation of the Harvard-affiliated Dana-Farber Cancer Institute and raised questions about the work of one high-profile researcher. https://www.nbcnews.com/science/science-news/cancer-institute-dana-farber-retracts-studies-errors-rcna143922 ------------------------------ Date: Tue, 9 Apr 2024 21:49:03 -0400 From: Monty Solomon <monty () roscom com> Subject: A once-ignored community of science sleuths now has the research community on its heels (NBC News) Artificial intelligence tools are only making it easier to spot problems. Some scientists say it’s time for universities and academic publishers to reform how they address flawed research. https://www.nbcnews.com/science/science-news/-ignored-community-science-sleuths-now-research-community-heels-rcna136946 ------------------------------ Date: Wed, 10 Apr 2024 14:57:49 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Can AI help fill the therapist shortage? Mental health apps show promise and pitfalls (CBS News) Providers of mental health services are turning to AI-powered chatbots designed to help fill the gaps amid a shortage of therapists and growing demand from patients. But not all chatbots are equal: some can offer helpful advice while others can be ineffective, or even potentially harmful. Woebot Health uses AI to power its mental health chatbot, called Woebot. The challenge is to protect people from harmful advice while safely harnessing the power of artificial intelligence. [...] The National Eating Disorders Association's AI-powered chatbot, Tessa, was taken down after it provided potentially harmful advice to people seeking help. https://www.cbsnews.com/news/ai-chatbots-mental-health-therapy-pitfalls-60-minutes/ They're so proud -- rules-based bot gives deterministic response. Same input, same output. Guidelines/guardrails protect against anything bad -- except when they're modified and don't. GPT bot improvises. What could go wrong? [Well, they might need a Woebot Wabbit? PGN] ------------------------------ Date: Mon, 8 Apr 2024 21:09:17 -0400 From: Monty Solomon <monty () roscom com> Subject: Hackers stole 340,000 Social Security numbers from government consulting firm (TechCrunch) https://techcrunch.com/2024/04/08/hackers-stole-340000-social-security-numbers-from-government-consulting-firm/ ------------------------------ Date: Mon, 8 Apr 2024 21:16:32 -0400 From: Monty Solomon <monty () roscom com> Subject: Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation (ArsTechnica) https://arstechnica.com/?p=2015480 ------------------------------ Date: Mon, 8 Apr 2024 21:09:45 -0400 From: Monty Solomon <monty () roscom com> Subject: Targus says cyberattack is causing operational outage (TechCrunch) https://techcrunch.com/2024/04/08/targus-says-cyberattack-causing-operational-outage/ ------------------------------ Date: Mon, 8 Apr 2024 21:17:40 -0400 From: Monty Solomon <monty () roscom com> Subject: After pushing cloud storage, TV provider to auto-delete 61-day-old DVR recordings (ArsTechnica) https://arstechnica.com/?p=2015412 ------------------------------ Date: Wed, 10 Apr 2024 11:50:04 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Texas Will Use Computers to Grade STAAR Tests (Keaton Peters) Keaton Peters, *The Texas Tribune*, 9 Apr 2024 The Texas Education Agency (TEA) this year will use an "automated scoring engine" that uses natural language processing technology to assess and grade open-ended questions on the State of Texas Assessment of Academic Readiness (STAAR) for reading, writing, science, and social studies. TEA gathered 3,000 responses that went through two rounds of human scoring, and used them to teach the automated scoring engine the characteristics of responses. It is programmed to assign the same scores a human would have given. [Texas is leaning to STAARBOARD for a change? But this loo ks more like any PORT in a storm. What was the quality of the 3,000 human scorings? The system could have been trained on sloppy grading, and assigning the same scores may be really wrong-headed. Once again, we desperately need sound evidence-based results. PGN] ------------------------------ Date: Tue, 09 Apr 2024 18:02:23 +0000 From: Henry Baker <hbaker1 () pipeline com> Subject: Cheshire Cat GPS Jamming/Spoofing in Ukraine, Israel, ... "If you don't know where you're going, any road will take you there." -- Cheshire Cat in Alice's Wonderland Isn't this jamming/spoofing a fraud on the location-based advertisers ? How soon before we have GPS 'swatting' on Carmen Sandiego ? https://en.wikipedia.org/wiki/Swatting https://www.newscientist.com/article/2415318-ukraine-will-spoof-gps-across-the-country-to-stop-russian-drones/ Ukraine will spoof GPS across the country to stop Russian drones ------------------------------ Date: Mon, 8 Apr 2024 18:25:46 -0400 From: Ben Rothke <brothke () gmail com> Subject: Scammers exploiting people who change their status to #OpenToWork Many job seekers often change their LinkedIn status to #OpenToWork. Scammers look for people who do that and launch scams against them. Most often around resume building, executive coaching, and job introductions. https://brothke.medium.com/when-opentowork-is-really-opentoscam-598ef27dd628?sk=b65fb880100304aa67a53a0590c7b162 ------------------------------ Date: Mon, 8 Apr 2024 22:16:30 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Mr Bates vs The Post Office now available on PBS in the U.S. The Horizon post office scandal in the UK has been discussed periodically in RISKS over the years. The docudrama that caused the UK parliament to finally take action is now available in the US on PBS. https://www.pbs.org/wgbh/masterpiece/shows/mr-bates-vs-the-post-office/ I'm curious to see whether viewers will see the parallel to trusting AI systems, and the risks those bring. ------------------------------ Date: Tue, 9 Apr 2024 14:06:39 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Why Open Source Can't Innovate (Dana F. Blankenhorn) How The Commons Was Closed for the Benefit of the Few https://danafblankenhorn.substack.com/p/why-open-source-cant-innovate ------------------------------ Date: Tue, 9 Apr 2024 17:05:16 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Elon Musk Didn't Want His Latest Deposition Released. Here It Is. (HuffPost Latest News) Musk is being sued for falsely suggesting a 22-year-old Jewish man was part of a neo-Nazi brawl. The lawsuit against the billionaire, filed in October, alleges that Musk used his colossal social media platform to amplify a false far-right conspiracy theory linking 22-year-old Ben Brody to a brawl in Oregon between the neo-Nazi group Rose City Nationalists and the Proud Boys, a neo-fascist fight club. The brawl occurred during Oregon City’s first Pride Night Fest, when both groups came to disrupt the event and spew anti-LGBTQ+ rhetoric. Brody wasn't even in the same state when the June 24 brawl occurred. But his world was turned upside down when far-right X accounts, magnified by Musk, falsely identified him as a member of Rose City Nationalists (and an undercover federal agent) and posted his personal information online. Musk amplified the conspiracy theory repeatedly to his more than 180 million followers, suggesting Brody was a fresh-faced federal agent pretending to be a neo-Nazi in a “false flag situation,” a phrase used to suggest a harmful event was deliberately set up to misrepresent a group or person. [...] Brody said he and his family were forced to flee their home amid the fallout from Musk’s posts. He’s seeking more than $1 million in damages. The next court hearing is scheduled for April 22. [...] “People are attacked all the time in the media, online media, social media, but it is rare that that actually has a meaningful negative impact on their life,” Musk testified. https://www.huffpost.com/entry/elon-musk-didnt-want-his-latest-deposition-released-here-it-is_n_66133d2ce4b0d81853f9a766 ------------------------------ Date: Tue, 9 Apr 2024 19:54:05 -0400 From: Monty Solomon <monty () roscom com> Subject: Russian trolls target U.S. support for Ukraine, Kremlin documents show (WashPost) In a campaign stoking anti-Ukraine sentiment in the U.S., Russia-directed trolls have written thousands of fabricated news articles and social media posts. https://www.washingtonpost.com/world/2024/04/08/russia-propaganda-us-ukraine/ ------------------------------ Date: Tue, 9 Apr 2024 21:52:54 -0400 From: Monty Solomon <monty () roscom com> Subject: California judge dismisses one of ‘Are We Dating the Same Guy?’ lawsuits (NBC News) Stewart Lucas Murrey is suing more than 50 women for sharing stories about him in multiple private Facebook groups. https://www.nbcnews.com/tech/judge-dismisses-are-we-dating-same-guy-facebook-group-lawsuit-rcna147043 ------------------------------ Date: Tue, 9 Apr 2024 20:04:36 -0400 From: "Monty Solomon" <monty () roscom com> Subject: YouTube is the most consequential technology in America This is the most consequential technology in America This is America’s most popular social app by a mile, the top way to listen to music, the healthiest economy on the Internet and essential AI training fuel. (Spoiler alert: It’s YouTube.) You think you know YouTube. It’s where billions of people learn how to change a tire, follow a favorite yoga workout or catch footage of Monday’s solar eclipse. But maybe you don’t know that YouTube is also the most popular way to hear music and one of the country’s largest cable TV providers. YouTube is the healthiest economy on the Internet. And it has been rocket fuel for artificial intelligence. I’m digging into YouTube’s identity because it’s essential to understand the influence of technologies in our lives. As popular as YouTube is, its power over the Internet and us is somehow still underrated. Let me try to persuade you that YouTube is the most consequential technology in America: [...] https://www.washingtonpost.com/technology/2024/04/09/most-important-app-youtube/ ------------------------------ Date: Tue, 9 Apr 2024 09:46:09 -0700 From: Rob Slade <rslade () gmail com> Subject: Yet another 419 variant So, I got this email inviting me to a Trello workspace. I assume Trello is something like Slack or MS Teams. I initially assumed that this was yet another instance of someone assuming that "rslade () gmail com" was *their* email address, rather than mine. But then I saw the included note: "Greetings, I am Brian Smith, a seasoned attorney at Piccadilly's Attorneys Firm and Personal attorney to a deceased member of your family who died and left behind an Estate claim. You have been designated as a devisee. Please contact me via email for further information. [attorneybriansmith96 () gmail com]" OK, right, it's just another version of the "your rich relative died" advance fee fraud. But I found it interesting that they are trying yet another workaround to get by standard spam filters ... ------------------------------ Date: Mon, 8 Apr 2024 20:52:36 -0400 From: Monty Solomon <monty () roscom com> Subject: Tesla is settling with the family of the Apple engineer who died in an Autopilot crash (The Verge) https://www.theverge.com/2024/4/8/24124744/tesla-autopilot-lawsuit-settlement-huang-death ------------------------------ Date: Tue, 9 Apr 2024 09:45:10 -0400 From: Dylan Northrup <northrup () gmail com> Subject: Re: AI that targets civilians ... (RISKS-34.15)
Actually, using face-recognition methods may be the most humane way to tell apart terrorists who hide among the civilian population. Especially when the alternative older methods were more like "kill them all and let God sort them out".
Facial recognition should be forbidden from use by law enforcement unless and until it is able to be used on white collar criminals (tax evasion, securities fraud, insider trading, etc.). The actual losses from those crimes dwarfs losses from all other types of crime facial recognition will pitched as the solution for. ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.16 ************************
Current thread:
- Risks Digest 34.16 RISKS List Owner (Apr 10)