RISKS Forum mailing list archives
Risks Digest 33.87
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 29 Sep 2023 19:34:37 PDT
RISKS-LIST: Risks-Forum Digest Friday 29 September 2023 Volume 33 : Issue 87 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.87> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Cal. Gov. vetoes autonomous trucking bill (TechCrunch) Search for phone signal caused oil spill, say Japanese investigators (The Register) The UK passes massive online safety bill (The Verge) Egyptian presidential hopeful targeted by Predator spyware (WashPost) Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised Exploit: All Details (MIT Technology News) Cryptocurrency's First Year After the FTX Blowup: `It’s Been Miserable’ (Bloomberg) The FTX trial is bigger than Sam Bankman-Fried (The Verge) The risks of machine learning psychotherapy with voice interfaces (Gizmodo) Artificial intelligence poses 'risk ofextinction,' tech execs and experts warn (CBC) AI adapters and opponents debate the future of work (CBC) AI will soon be able to cover public meetings. But should it? (Nieman Lab) GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen) MGM and Caesars casino hacks point to an alliance of teens and ransomware gangs (WashPost) GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) A food delivery robot's footage led to a criminal conviction in LA (Engadget) Apple warns Russian journalists of Pegasus iPhone infections (Monty Solomon) Is there really an information security jobs crisis? (Ben Rothke) Metaverse: What happened to Mark Zuckerberg's next big thing? (BBC) New York Bans Facial Recognition in Schools (AP) Re: Misinformation research is buckling under GOP legal attacks (Amos Shapir) Re: Google accused of directing motorist to drive off collapsed bridge (David Landgren) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 27 Sep 2023 16:51:39 +0000 From: Henry Baker <hbaker1 () pipeline com> Subject: Cal. Gov. vetoes autonomous trucking bill (TechCrunch) Governor Gavin Newsom just vetoed a bill banning fully driverless AV trucks. https://techcrunch.com/2023/09/24/california-governor-vetoes-bill-to-ban-driverless-av-trucks/ California governor vetoes bill to ban driverless AV trucks Rebecca Bellan@rebeccabellan, 24 Sep 2023 "California Gov. Gavin Newsom vetoed a bill Friday that would have required a human safety operator to be present any time a self-driving truck operated on public roads in the state." https://legiscan.com/CA/text/AB316/id/2789644 I'm very concerned that the risks associated with driverless trucks have not been fully vetted, e.g.,Timothy McVeigh. For those of you who weren't born yet, Timothy McVeigh blew up the Alfred P. Murrah Federal Building in Oklahoma City in 1995, killing 168 people, using a rental truck full of an improvised fertilizer bomb. https://en.wikipedia.org/wiki/Timothy_McVeigh It's not clear whether forcing AV's to also have human drivers ('featherbedders'?) would have stopped a McVeigh-type attack, but it would have thrown up an additional barrier. California (and most other states) have severe penalties for driving while 'impaired' -- e.g., under the influence of alcohol or marijuana. Truck drivers have substantial additional requirements in training, licensing and records keeping -- e.g., number of continuous hours on the roads, etc. How do you even test an AI driver for `impairment'? Do you use a `hackalyzer'? Does the AI have to get out of the vehicle and walk a straight line? Is AI impairment even decidable? How does a patrol car even `pull over' an AV? At least for the moment, AI's have no 4th and 5th amendment rights, so there are no civil rights to violate when asking ``Ihre Papiere, bitte?'', but apparently there are no mechanisms to actually check the credentials of AI truck drivers before they enter the Yerba Buena Tunnel or the Holland Tunnel? Many tunnels don't want RV's with propane tanks, but zombie AV's are OK? Starlink now offers high-speed Internet for vehicles, including trucks. Yet Elon Musk was roundly criticized for prohibiting Ukraine's use of Starlink for AV weapons. Perhaps Elon's worries about weaponized AV's shouldn't be dismissed out of hand? https://tuckstruck.net/truck-and-kit/geekery/starlink-mobile-roaming/ https://apnews.com/article/spacex-ukraine-starlink-russia-air-force-fde93d9a69d7dbd1326022ecfdbc53c2 Elon Musk's refusal to have Starlink support Ukraine attack in Crimea raises questions for Pentagon Tara Copp, Updated 3:42 PM PDT, 11 Sep 2023 https://www.reuters.com/technology/musk-experts-urge-pause-training-ai-systems-that-can-outperform-gpt-4-2023-03-29/ I hate to sound like a Luddite, but I don't think that these breathless AV aficionados have completely thought all of these risks through. ------------------------------ Date: Fri, 29 Sep 2023 15:57:49 -0600 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: Search for phone signal caused oil spill, say Japanese investigators (The Register) Laura Dobberstein, *The Register*, 29 Sep 2023 Japan’s Transport Safety Board on Thursday judged that a cargo ship that spilled 1,000 tons of fuel oil into a pristine marine environment off the coast of Mauritius in 2020 was traveling off course in search of a cell phone signal. https://www.theregister.com/2023/09/29/signal_search_caused_oil_spill/ ------------------------------ Date: Wed, 20 Sep 2023 02:29:35 -0400 From: Monty Solomon <monty () roscom com> Subject: The UK passes massive online safety bill (The Verge) https://www.theverge.com/2023/9/19/23880919/uk-passes-massive-online-safety-bill ------------------------------ Date: Wed, 27 Sep 2023 13:32:17 -0400 From: Monty Solomon <monty () roscom com> Subject N:ew Green Line extension already so defective that trains are forced to move at walking pace (The Boston Globe) https://www.bostonglobe.com/2023/09/26/metro/mbta-green-line-extension-new-slow-zones/ [Walking is appropriate for Green Parties. PGN] ------------------------------ Date: Fri, 29 Sep 2023 19:31:40 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Egyptian presidential hopeful targeted by Predator spyware (*The Washington Post*) Rare ‘zero-day’ exploit used in failed hacking attempt that researchers say was probably conducted by the Egyptian government https://www.washingtonpost.com/investigations/2023/09/23/predator-egypt-hack-spyware-iphone/ ------------------------------ Date: Mon, 25 Sep 2023 09:18:37 -0700 From: Victor Miller <victorsmiller () gmail com> Subject: Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised Exploit: All Details (MIT Technology News) https://www.gadgets360.com/cryptocurrency/news/web3-firm-mixin-network-hacked-usd-200-million-stolen-centralised-exploit-4422486 [Monty Solomon noted this: Hackers steal $200M from crypto company Mixin https://techcrunch.com/2023/09/25/hackers-steal-200-million-from-crypto-company-mixin/ ------------------------------ Date: Fri, 29 Sep 2023 19:02:34 -0400 From: Monty Solomon <monty () roscom com> Subject: Cryptocurrency's First Year After the FTX Blowup: `It’s Been Miserable’ (Bloomberg) As Sam Bankman-Fried heads to trial, many digital-asset players remain in survival mode. https://www.bloomberg.com/news/features/2023-09-29/sam-bankman-fried-trial-crypto-s-first-year-after-ftx-blowup-miserable ------------------------------ Date: Thu, 28 Sep 2023 20:46:27 -0400 From: Monty Solomon <monty () roscom com> Subject: The FTX trial is bigger than Sam Bankman-Fried (The Verge) https://www.theverge.com/2023/9/28/23893269/ftx-sam-bankman-fried-trial-evidence-crypto ------------------------------ Date: Thu, 28 Sep 2023 13:29:50 -0700 From: Rob Wilcox <robwilcoxjr () gmail com> Subject: The risks of machine learning psychotherapy with voice interfaces (Gizmodo) OpenAI Employee Discovers Eliza Effect, Gets Emotional ChatGPT's new text-to-voice feature has one OpenAI's head of safety systems feeling *heard & warm*, while other experiments with AI therapy have been a disaster. Designing a program in such a way that it can truly convince someone that another human is on the other side of the screen has been a goal of AI developers since the concept took its first steps toward reality. Research company OpenAI recently announced that its flagship product ChatGPT would be getting eyes, ears, and a voice in its quest to appear more human. Now, an AI safety engineer at OpenAI says she got “quite emotional” after using the chatbot’s voice mode to have an impromptu therapy session."" https://gizmodo.com/openai-employee-discovers-eliza-effect-gets-emotional-1850877739 ------------------------------ Date: Tue, 26 Sep 2023 18:22:45 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Artificial intelligence poses 'risk of extinction,' tech execs and experts warn (CBC) https://www.cbc.ca/news/world/artificial-intelligence-extinction-risk-1.6859118 ------------------------------ Date: Wed, 27 Sep 2023 14:39:25 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: AI adapters and opponents debate the future of work (CBC) Artificial intelligence is becoming a major part of our world and has the potential to change work forever, but is it a threat or an opportunity? The National brings together people using AI to improve their work or workplace and others who see it as a hazard to their jobs. http://www.cbc.ca/player/play/2267202115683 ------------------------------ Date: Tue, 26 Sep 2023 11:33:23 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: AI will soon be able to cover public meetings. But should it? (Nieman Lab) AI will soon be able to cover public meetings. But should it? <#> “Is it ready for primetime, ready to be released to the masses? Absolutely not...But can it be done? Can you design an AI system that attends a city meeting and generates a story? Yeah, I did it.” https://www.niemanlab.org/2023/06/ai-will-soon-be-able-to-cover-public-meetings-but-should-it/ ------------------------------ Date: Tue, 26 Sep 2023 19:44:01 -0700 From: Victor Miller <victorsmiller () gmail com> Subject: GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/ ------------------------------ Date: Fri, 29 Sep 2023 11:26:54 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen) Lucas Laursen, *IEEE Spectrum*, 27 Sep 2023, via ACM TechNews, 29 Sep 2023 A group of Nigerian hacker-activists aims to collect and share data to increase public awareness of pollution caused by oil spills. The Media Awareness and Justice Initiative (MAJI) is organizing a low-cost air pollution monitoring network, and last year the group began installing the first of 15 air quality sensors in and around the city of Port Harcourt. The sensors monitor particulate matter, temperature, humidity, and atmospheric pressure to test for air pollution and hopefully determine its origin. MAJI has deployed two community networks to provide Internet access. MAJI's Okoro Onyekachi said the organization releases its data through a Web portal, radio, and social and print media in the hope of having a greater impact on polluters. ------------------------------ Date: Sat, 23 Sep 2023 22:03:22 -0400 From: Monty Solomon <monty () roscom com> Subject: MGM and Caesars casino hacks point to an alliance of teens and ransomware gangs (WashPost) Security experts worry a group of English-speaking hackers has allied itself with forces responsible for the Colonial Pipeline ransomware attack. https://www.washingtonpost.com/technology/2023/09/22/mgm-hack-laid-to-star-fraud/ ------------------------------ Date: Tue, 26 Sep 2023 19:44:01 -0700 From: Victor Miller <victorsmiller () gmail com> Subject: GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/ ------------------------------ Date: Thu, 28 Sep 2023 20:55:16 -0400 From: Monty Solomon <monty () roscom com> Subject: A food delivery robot's footage led to a criminal conviction in LA (Engadget) https://www.engadget.com/a-food-delivery-robots-footage-led-to-a-criminal-conviction-in-la-190854339.html ------------------------------ Date: Wed, 20 Sep 2023 02:25:35 -0400 From: Monty Solomon <monty () roscom com> Subject: Apple warns Russian journalists of Pegasus iPhone infections https://appleinsider.com/articles/23/09/16/apple-warns-russian-journalists-of-pegasus-iphone-infections ------------------------------ Date: Sun, 24 Sep 2023 10:28:23 -0400 From: Ben Rothke <brothke () gmail com> Subject: Is there really an information security jobs crisis? There are countless reports that there are millions of open information security jobs. My take on the situation is that the numbers being touted are way, way off. https://brothke.medium.com/is-there-really-an-information-security-jobs-crisis-a492665f6823?sk=9dfae4d5614a4ad4681bbfb8e58a99dc ------------------------------ Date: Mon, 25 Sep 2023 19:48:27 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Metaverse: What happened to Mark Zuckerberg's next big thing? (BBC) https://www.bbc.com/news/technology-66913551 " Reality Labs -- which as the name suggests is Meta's virtual and augmented reality branch -- has lost a staggering $21 billion since last year." ------------------------------ Date: Fri, 29 Sep 2023 11:26:54 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: New York Bans Facial Recognition in Schools (AP) Carolyn Thompson, *Associated Press*, 27 Sep 2023, via ACM TechNews, 29 Sep 2023 New York State has prohibited facial recognition in schools, following last month's report by the state's Office of Information Technology Services acknowledging that the risks of the technology's use may outweigh its security benefits. The analysis cited facial recognition's "potentially higher rate of false positives for people of color, non-binary and transgender people, women, the elderly, and children." The report added that biotechnology would not prevent students from entering schools "unless an administrator or staff member first noticed that the student was in crisis, had made some sort of threat, or indicated in some other way that they could be a threat to school security." Decisions on digital fingerprinting and other biometric solutions are left up to local districts, per New York Education Commissioner Betty Rosa's directive. ------------------------------ Date: Sun, 24 Sep 2023 12:49:52 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Misinformation research is buckling under GOP legal attacks (RISKS-33.86) "... they had planned to use the grants to fund projects on noncontroversial topics such as nutritional guidelines..." -- Sorry, too late! See for example: https://www.theguardian.com/environment/2023/aug/18/gigantic-power-of-meat-industry-blocking-green-alternatives-study-finds Nothing is non-political any more... ------------------------------ Date: Mon, 25 Sep 2023 14:00:57 +0200 From: David Landgren <david () landgren net> Subject: Re: Google accused of directing motorist to drive off collapsed bridge (Kruk, RISKS-33.86) The obvious question to ask is what happens to a driver who *wasn't* using a Google app and drove off the collapsed bridge and died? The only third party who could be held responsible is the municipality that failed to block off the access in a way that no car could get through. And that would still hold true regardless of what method of navigation the person was using. A couple of large blocks of concrete would do the job. Can't really fault Google here. ------------------------------ Date: Sat, 1 Jul 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.87 ************************
Current thread:
- Risks Digest 33.87 RISKS List Owner (Sep 29)