Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 33.00 (), Volume 33 summary REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Volume 33 : Issue 00 () FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 33 (8 Jan 2021 -- ) (NOTE: This summary is archived in ftp file risks-33.00 at ftp.sri.com, cd risks, and is also at http://catless.ncl.ac.uk/Risks/33.00.html.) ---------------------------------------------------------------------- Date: Wed, 17 Aug 2016 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ RISKS 33.00 Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. SUMMARY OF RISKS VOLUME 33 (ongoing) (archived in ftp file risks-33.00) RISKS 33.01 8 January 2022 Get This Thing Out of My Chest (ProPublica) Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide (Ars Technica) Old Hondas clocks are wrong: Y2K+22 --> Y2K+2 fix (The Register) Google Issues Warning For 2 Billion Chrome Users (Forbes) Boeing and Airbus warn US over 5G safety concerns (bbc.com) Tesla test drivers believe they're on a mission to make driving safer for everyone. Skeptics say they're a safety hazard. (WashPost) University Loses Valuable Supercomputer Research After Backup Error Wipes 77 Terabytes of Data (gizmodo) AI debates its own existence -- and loses? (TheConversation) UN Chief Urges Action on Lethal Autonomous Weapons as Geneva Talks Open (Reuters) Russia fines Google $100 million, and Facebook parent company $27 million, for content violations (WashPost) The Russian Anti-Satellite Demonstration -- a Month Later (circleid) Satellite operators criticize extreme satellite configurations (SpaceNews) Snow Closed the Highways. GPS Mapped a Harrowing Detour in the Sierra Nevada. (NYTimes) New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G (The Hacker News) NSFW! - Mozilla Founder Slams Mozilla Foundation For Adopting Cryptocurrency Payments (Slashdot) U.S. launches probe into Tesla letting drivers play video games (CBC) Alexa tells 10-year-old girl to touch live plug with penny (BBC) Are Apple AirTags Being Used to Track People and Steal Cars? (NYTimes) Criminals have stolen nearly $100 billion in Covid relief funds, Secret Service says (CNBC) Bugs in billions of WiFi, Bluetooth chips allow password/data theft (BleepingComputer) JetBlue tosses most passwords out the emergency exit (PCMag) Backups are not Backups until they can be restored (Bob Gezelter) Cats caused more than 100 house fires in the past 3 years, South Korea officials say (cnn.com) Uber ignores vulnerability that lets you send any email from Uber.com (BleepingComputer) Re: A $92,000 flying car can reach speeds of 63 miles per hour (John Levine) Re: Google finally knows which app to blame for Android's mysterious can't-call-911 bug (Henry Baker, Steve Singer) Re: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Rodney Parkin) RISKS 33.02 Saturday 15 January 2021 A High-Risk Medical Device Didn't Meet Federal Standards. The Government Paid Millions for More. (ProPublica) Software glitch snarls New York City schools (NYTimes) Why planes might soon have just one pilot (CNN Travel) How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App (Vice) Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware (CitizenLab) New Apple Warning Affects All iPhone Users (Forbes) German interior minister threatens to ban Telegram (Thomas Koenig) Fake QR Codes on Parking Meters (Bruce Schneier) Metaverse's Dark Side: Here Come Harassment and Assaults (NYTimes) Metro says timing for return of suspended railcars is unknown (WashPost) Norton 360 Now Comes With a Cryptominer (Krebs on Security) Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago (WiReD) New Chrome security measure aims to curtail an entire class of Web attack (Ars Technica) Black box that could record collapse of civilisation set to be installed on Earth (The Mirror) Automakers Rev Up Subscription Services (Washington Consumers' Checkbook) Biden Administration Warns Against Spyware Targeting Dissidents (NYTimes) Tackling Hard Computational Problems (Steve Nasis MIT News) How Game Theory Changed Poker (Oliver Roeder WSJ) Paper on finance and technology manias (Andrew Odlyzko) Wearing Many Hats: The Rise of the Professional Security Hacker (Gabriella Coleman via PGN) RISKS 33.03 Saturday 22 January 2022 Microsoft Warns of Destructive Cyberattack on Ukrainian Computer Networks (NYTimes) The Rise of AI Fighter Pilots (Sue Halpern) AI Hiring Bias Spurs Scrutiny, Regulations (Bloomberg) More Than Half of Medical Devices Have Critical Vulnerabilities (ZDNet) A Language for Quantum Computing (MIT) European Parliament uses Google Analytics, which is illegal in the EU (Handelsblatt) Hotel chain switches to Chrome OS to recover from ransomware attack (The Record) My 2020 app (Rob Slade with URL from Lauren Weinstein) Google Voice Authentication Scam Leaves Victims on the Hook (Threatpost) Spam, spam, spam, spam ... (Rob Slade) FAA/FCC food fight (John Levine) U.S. airline officials warn of crisis in aviation with new 5G service (paul cornish) FAA sets rules for some Boeing 787 landings near 5G service (techxplore) Palomar survey instrument analyzes impact of Starlink satellites (phys.org) Robot vacuum cleaner escapes from Cambridge Travelodge (bbc.com) Cross-country Exposure: Analysis of the MY2022 Olympics app (Citizen Lab) Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware (Jan Wolitzky) Re: Alexa tells 10-year-old girl to touch live plug with penny (Frank Sudia) Re: Automakers Rev Up Subscription Services (Martin Ward) Re: Fake QR Codes on Parking Meters (Jerry Leichter) Re: Metro says timing for return of suspended railcars is unknown (Martin Ward, dave russo) RISKS 33.04 Thursday 27 February 2022 First Felony Charges in Fatal Crash Involving Autopilot (AP) When Mind Melds With Machine, Who's in Control? (WiReD) Why the Belarus Railways Hack Marks a First for Ransomware (WiReD) Patched Safari Flaws Exposed Webcams, Online Accounts, and More (WiReD) Backdoor Found in Themes and Plugins from AccessPress Themes (Jetpack) A bug lurking for 12 years gives attackers root on every major Linux distro (Ars Technica) Automation Could Make 12 Million Jobs in Europe Redundant (ZDNet) AI's Potential Boon to Businesses (USC) Manufacturers have less than five days' supply of some computer chips, Commerce Department says (WashPost) High number of Omicron mutations render antibodies ineffective (JPost) Is the Media Doomed? (Politico) UK's Telecomm Provider(s) Switching to Digital Phone Lines (paul cornish) Google Assistant will now stop talking if you just say STOP! (Lauren Weinstein) Re: Spam, spam, spam, spam .... (Amos Shapir) Re: Alexa tells 10-year-old girl to touch live plug with penny (John Levine) Re: Fake QR Codes on Parking Meters (Bernie Cosell) Re: maybe not such a big crisis, was U.S. airline officials warn of crisis in aviation with new 5G service (John Levine) The 5G Airline Controversy: What Is It About? (James Fallows) Is 5G More Important Than Aircraft Safety? (Jon Nash) RISKS 33.05 Wednesday 9 February 2022 Tesla recalling 54000 vehicles (The Guardian via paul cornish) Tesla recalls more than 817,000 vehicles over seat-belt chime issue, which it will address remotely (WashPost) Ancient Programming Language Is Way More Common Than We Thought (Tech Radar) A Fight Over the Right to Repair Cars Turns Ugly (WiReD) Fiber cut takes out cell service to a large portion of SW Colorado (ouraynews) Seattle radio station reportedly transmits bad data, bricks Mazda radios (Seattle Times) European Oil Port Terminals Hit by Cyberattack (France 24) A crypto breakthrough? Western states consider taking digital currency (Politico) An inside look at how one person can control a swarm of 130 robots (PopSci) Security is top to bottom. An example of the need to keep firmware current (Bleeping Computer) $325 Million Vanishes From Crypto Platform Wormhole After Apparent Hack (Gizmodo) It's Not Just the IRS -- the US Government Wants Your Selfies (WiReD) IRS abandons ID.me facial recognition plans (WashPost) The Battle for the World's Most Powerful Cyberweapon (NYTimes) Twitter says it has quit taking action against lies about the 2020 election (CNN) Researchers Achieve 100 Million Quantum Operations (Francisco Pires) About Elon Musk and tracking of his private jet (:auren Weinstein) Social media scammers stole at least $770 million in 2021 (Engadget) Let's make the teen Tesla hack a teachable moment (TechCrunch) FBI Secretly Bought Israeli Spyware and Explored Hacking U.S. Phones (NYTimes) *The New York Times* Buys Wordle (NYTimes) Microsoft Says Windows May Need up to 8 Hours to Update (Tom's Hardware) Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers (The Hacker News) Re: U.S. airline officials warn of crisis in aviation with new 5G service (David Lesher) Re: When Mind Melds With Machine, Who's in Control? (Lars-Henrik Eriksson) Re: UK's Telecomm Providers Switching to Digital Phone Lines (Wol) Re: Manufacturers have less than five days' supply of some computer chips, Commerce Department says (Stanley Chow, Steve Klein) Re: Manufacturers have less than five days' supply of some computer Re: Alexandria VA red light cameras don't follow the law (Jeremy Epstein) RISKS 33.06 Friday 18 February 2022 Solar Storm Destroys 40 New SpaceX Satellites in Orbit (NYTimes) OneWeb founder plans to launch 100,000 satellites in space comeback (On) Some Mazda cars stuck on a Seattle Station due to bad meta-data broadcast (Yahoo) Serious Warning Issued For A Billion Apple iPhone Users (Forbes) As Automakers Add Technology to Cars, Software Bugs Follow (NYIimes) Chip errors are becoming more common and harder to track down (NYIimes) EU Chip Production Plan Aims to Ease Dependency on Asia (AP) 107 drivers recently complained about their Teslas making random, jolting stops (Protocol.com) Lessons from Post Office scandal: "computer-says-no culture runs the world" (The Guardian) The most widespread miscarriage of justice in British legal history (Adam Wildavsky) Really big electric power refund (BBC via Jeremy Epstein) Humans Find AI-Generated Faces More Trustworthy Than the Real Thing (Scientific American) True Story? Lie-Detection Systems Go High-Tech (BBC) Tiny Chips, Big Headaches (NYTimes) Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info (WiReD) IRA accounts drained of $36 million in cryptocurrency (Coindesk) IRS backlog hits nearly 24 million returns, further imperiling the 2022 tax filing season (WashPost) Algorithm amplifies trustworthy news content on social media without shielding bias (USouthFlorida) Two arrested for alleged conspiracy to launder $4.5B in stolen cryptocurrency (Justice.gov) Man wins big jackpot in Vegas, but doesn't know it. Gaming board tracked him down. (Gaming) DC Metro Did Not Intentionally Hide Faults In Railcars (Watchdog Annandale and VA Patch via Gabe Goldberg) Quantum Errors Made More Tolerable (ETH Zurich) Hertz claims thousands of renters steal cars. Customers argue they've been falsely accused. (WashPost) Amazon's Dark Secret: It Has Failed to Protect Your Data (WiReD) Their Bionic Eyes Are Now Obsolete and Unsupported (IEEE) Cryptocurrencies remain a gamble best avoided (Nikkei Asia) Re: Fiber cut takes out cell service to a large portion of SW Colorado (Andrew Duane0 Re: Teslas rolling through stop signs (Robert Wilson0 Re: Ancient Programming Language Is Way More Common Than We Thought (Amos Shapir) Re: A crypto breakthrough? Western states consider taking digital currency (Amos Shapir) Re: The New York Times Buys Wordle (Amos Shapir) RISKS 33.07 Friday 25 February 2022 The radiation will never be higher in Chernobyl? oops! (danny burstein) 3G shutdown will affect a host of everyday devices (Gabe Goldberg) TurboTax Maker Intuit Faces Tens of Millions in Fees in a Groundbreaking Legal Battle Over Consumer Fraud (ProPublica) Ukraine, computer risks, and the Space Station (Lauren Weinstein PGN-ed) How NASA plans to destroy the International Space Station, and the dangers involved (phys.org) Man versus machine: Human beings losing out as AI coldly fires under-performing workers (Straits Times) Robots are increasing mortality among US adults (phys.org) Difficult situation on campus: robots blockaded (Sean Hecht) Facial recognition firm Clearview AI tells investors it's seeking massive expansion beyond law enforcement (WashPost) Power outages (PGN) New Bill Would Bring Mobile Voting To WashDC (DCist) SSL protocol mismatch (Cliff Kilby) Inside the Lab Where Intel Tries to Hack Its Own Chips (WiReD) The CDC Isn't Publishing Large Portions of the Covid Data It Collects (NYTimes) $1.7 million in NFTs stolen in apparent phishing attack on OpenSea users (The Verge) Digital Wallet cartoon in *The New Yorker* (Jan Wolitzky) Re: Really big electric power refund (Steve Bacher, Morten Welinder) Re: Some Mazda cars stuck on a Seattle Station (David Lesher) RISKS 33.08 Saturday 5 March 2022 Massive satellite disruption affecting almost 6000 wind turbines in Europe (Market Screener) Surprisingly many risky infusion pumps? Are you part of the IoT? (PGN) Small cyberphysical watermarks could prevent huge headaches caused by fake meds (phys.org) Sophisticated new Chinese hacking tool found, spurring U.S. warning to allies (SCMP) DHS calls out firmware and open source as the biggest software risks (DHS) Researchers Can Steal Data During Homomorphic Encryption (NCState) Flaws Discovered in Cisco's Network Operating System for Switches (The Hacker News) Robust Radar: AI Sensor Technology for Autonomous Driving (Christoph Pelzl) Computer Security Researchers Aim to Prevent Tech Abuse (Cornell Chronicle) Stolen certificates (The Register) Ban from China Made Bitcoin Less Friendly to Climate (NYTimes) Surgeon General Demands Data on COVID-19 Misinformation From Major Tech Firms (The Hill) Humans Will Live In Metaverse Soon, Claims Mark Zuckerberg. What About Reality? (Washable) The metaverse will steal your identity (Unherd) Proctorio subpoenas digital rights group in legal spat with student (The Verge) Here Comes the Full Amazonification of Whole Foods (Cecilia Kang) Move Over Candy Bars, New York Vending Machine Now Sells NFT Art (Daniel Fasterberg) Relevant bumper crop in today's NYTimes (PGN) More on Ukraine-related risks (PGN-collected) Cyberwarfare likely to hit U.S., allies, say experts (Carolyn Said) As Tanks Rolled Into Ukraine, So Did Malware. Then Microsoft Entered the War (David E. Sanger et al.) The Impossible Suddenly Became Possible (Anne Applebaum) Ukraine's Vital Tech Industry Carries on Amid Russian Invasion (Sam Schechner) Google temporarily disables Google Maps live traffic data in Ukraine (Reuters) Conti Ransomware Source Code Leaked by Ukrainian Researcher (Bleeping Computer) Russia's War in Ukraine Could Spur Another Global Chip Shortage (WiReD) The Internet and Putin's War (Lauren Weinstein) Re: New Bill Would Bring Mobile Voting To WashDC (Jay Libowe) Re: Some Mazda cars stuck on a Seattle Station (Martin Ward) RISKS 33.09 Monday 14 March 2022 Medical, IoT Devices Vulnerable to Attack (Dark Reading) Who's Responsible if a Tesla on Autopilot Kills Someone? (NextGov) Q&A with a legal expert: When a Tesla on autopilot kills someone, who is responsible? (techxplore) Finnish govt agency warns of unusual aircraft GPS interference (BleepingComputer) Thermostat offline? Here's perhaps why ... (Lauren Weinstein) Encryption Meant to Protect Against Quantum Hackers Is Easily Cracked (New Scientist) Biden's cryptocurrency executive order sets stage for federal regulation (WashPost) How People Actually Make Money From Cryptocurrencies (WiReD) Fraud Is Flourishing on Zelle. The Banks Say It's Not Their Problem. (NYTimes) Linux Bug Gives Root on All Major Distros, Exploit Released (BleepingComputer) Samsung: Hackers breached company data, source code for Galaxy Warning: Objects in driverless car sensors may be closer than they devices (CNBC) Senate passes permanent Daylight Saving Time: Effects on school children of permanent Daylight Saving Time (Lauren Weinstein) 1974 -- The year Daylight Saving Time went too far (MercuryNews) Get rid of Daylight-Savings Time (Erik Honda) Docker, cgroups and the farce of SELinux (Bugzilla) Calvin Ridley's suspension raises betting concerns (WashPost) New tech could pull cars over, call first responders in emergencies (WTOP) Obfuscated URLs IArthur T.) Chernobyl Redux? (Henry Baker) Combat/t/ing Disinformation Can Feel Like a Lost Cause. It Isn't. (Jay Caspian King) Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols (US-CERT) A new iron curtain is descending across Russia's Internet (WashPost) Turmoil Over Ukraine Could Debilitate Russia's Space Program (WiReD) Ukraine and the Internet (sundry sources) The Race to Rescue Ukraine's Power Grid From Russia (WiReD) Putin's pre-war moves against U.S. tech giants laid groundwork for crackdown on free expression (WashPost) Pro-Putin Disinformation on Ukraine Is Thriving in Online Anti-Vax Groups (Mother Jones) Re: Here Comes the Full Amazonification of Whole Foods, or maybe not (John Levine) Re: Small cyberphysical watermarks could prevent huge headaches (Barry Gold) Re: New Bill Would Bring Mobile Voting To WashDC (Michael Kohne, Amos Shapir, Neil Youngman) MMS spam? (Rob Slade) RISKS 33.10 Monday 21 March 2022 It's 70 degrees warmer than normal in eastern Antarctica. Scientists are flabbergasted. (MSN) Russia Faces IT Crisis with Just 2 Months of Data Storage Left (Bill Toulas) Huge DDoS attack temporarily kicks Israeli government sites offline (The Register) Unix Rootkit Used to Steal ATM Banking Data (Two items combined) Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys in the Wild (Dan Goodin) Legislation to require hand-counting of ballots? (Douglas W. Jones) When It Comes to AI, Can We Ditch the Datasets? (Adam Zewe) The TikTok-Oracle Deal Would Set 2 Dangerous Precedents (WiReD) Find You: Building a stealth AirTag clone (Positive Security) Tired of Waiting for Driverless Vehicles? Head to a Farm (Scott McFetridge) *Time* Releases Full Magazine Issue as NFT on the Blockchain" (Time) Beware of QR Code Scams (Heidi Mitchell) Drone swarm forms clickable QR code (Hollywood Reporter) Re: Senate passes permanent Daylight Saving Time (John Levine) One problem with permanent daylight saving time: Geography (Lauren Weinstein) Re: MMS spam? (Jay Libove, Rob Slade) Re: Farewell Honeychild (Charles Jackson) RISKS 33.11 Monday 28 March 2022 I'm the Operator -- The Aftermath of a Self-Driving Tragedy (WiReD) Every Tesla Accident Resulting in Death (Tesla Deaths) How U.S. auto regulators played mind games with Tesla's Elon Musk (WashPost) Welcome to the Artificial Intelligence Incident Database (via Gabe Goldberg) Smart devices are watching you everywhere and violating your privacy, computer scientists warn (Study Finds) The fight over anonymity is about the future of the Internet (geoff goodfellow) Activist Publishes Redacted Version of Classified Military UFO Report (Vice) Hacker group Lapsus$ leaks 37GB of Microsoft source code for Bing and Cortana (XDA) Lapsus$ and Okta (Rob Slade) 30% of Apache Log4j Security Holes Remain Unpatched (The New Stack) Supply-chain crisis data (WiReD) U.S. Accuses Russians of Hacking Infrastructure, Including Nuclear Plant (NYTimes) Is Yandex, Russia's Largest Tech Company, Too Big to Fail (WiReD) Corrupted Open Source Software Enters Russian Battlefield (NYTimes) Veeam and Backups (Cliff Kilby) Germany warns against using Kaspersky software citing 'considerable' cyberrisk after Russia's invasion (TechCrunch) Russian Anti-Virus Company Kaspersky Officially Branded as National Security Threat (ITechpost) FCC puts Kaspersky on security threat list, says it poses "unacceptable risk" (Ars Technica) Re: MMS spam? (Amos Shapir) The US Tried Permanent Daylight Saving Time in the '70s. People Hated It (WashPost) Re: One problem with permanent daylight saving time: Geography (John Levine) Senate vote for permanent daylight saving time wasn't supposed to pass (Lauren Weinstein) URL problem on the Doug Jones op-ed (Mark Brader) RISKS 33.12 Friday 1 April 2022 This year there are apparently too many fools in the world. (PGN) CPAP murder mystery (Charles C. Mann) NYC Skyscraper's Elevator Breakdowns Strand Tenants (NYTimes) The never-stopping car (Geoff Kuenning) Please hold on to the handrails while entering or exiting the escalator (Brian Roemmele via PGN) Hackers Steal About $600 Million in One of the Biggest Crypto Heists (Blomberg) Cryptocurrency Cryptotheft (Reuters via Stephen J. Greenwald) A Sinister Way to Beat Multifactor Authentication Is on the Rise (WiReD) AI-Influenced Weapons Need Better Regulation (Scientific American) Waymo to Send Driverless Cars Through San Francisco (WSJ) Hackers who crippled Viasat modems in Ukraine are still active -- company official (Reuters) Apple & Meta Gave User Data to Hackers Who Used Forged Legal Requests (Bloomberg) Election officials targeted by phishing, according to FBI (A.J. Vicens) Hackers gaining subpoena power via fake emergency requests (Krebsonsecurity) Corporate Media Wants Copyright Law to Rewrite the Internet (EFF) Climate change: Wind and solar reach milestone as demand surges (Ember-climate) The Milky Way's 'thick disk' is 2 billion years older than scientists thought (Live Science) You're eating a credit card's worth of plastic every week, and it's altering your gut makeup (GutNews) Re: One problem with permanent daylight saving time: Geography (Henry Baker) Re: URL problem on the Doug Jones op-ed (Mark Brader) RISKS 33.13 Saturday 9 April 2022 'We Became Like a Big Startup.' How Kyiv Adapted Tech to Save Lives (Time) Microsoft reports disrupting hacking attempts on Ukrainian, EU, and U.S. targets (CBC) Russia Sees Tech Brain Drain, Other Nations Hope to Gain (AP) Apple Maps was sending me into Russian-controlled territory (Axios) Hackers' Path Eased as 600,000 U.S. Cybersecurity Jobs Sit Empty (Bloomberg) Researchers uncover a hardware security vulnerability on Android phones (techxplore.com) Chrome, Edge Hit with V8 Type Confusion Vulnerability with in-the-wild Exploit (ZDNet) D.C. Metro Fails To Meet Its Own Safety Requirements (Patch Watchdog Audit) Sports-Betting App Pays D.C. $500, 000 Over Super Bowl Mishap (DCist) Southwest apologizes for delays, cancellations, blames technology issues (FoxBusiness) JetBlue lacked staff to disembark stranded passengers off airplane: 'Embarrassing' (Fox Business) U.S. military wants AI to make battlefield medical decisions (WashPost) Machine learning and uncommon names (Arthur Flatau) The side effects of quantum error-correction and how to cope with them (phys.org) Squirrels and rats attacking AT&T fiber (PGN) Monash Develops Algorithm for Stronger Blockchains (Digital Nation) Improving software supply chain security with tamper-proofo builds (Google) Spreadsheets Are Hot -- and Cranking Out Complex Code (WiReD) Who's Behind the Okta Hack (WiReD) Hackers breach MailChimp's internal tools to target crypto customers (BleepingComputer) 'Trust No One: The Hunt for the Crypto King' Review: Coins and Misdemeanors (NYTimes) Who turned out the lights? (Cliff Kilby) Re: Hackers Steal About $600 Million in One of the Biggest... (Matthew Kruk) Re: Tesla Deaths and Apache Log4j instances unpatched (Andrew Duane) Re: NYC Skyscraper's Elevator Breakdowns Strand Tenants (John Murrell) Re: The never-stopping car (Andrew Duane0 'Trust No One: The Hunt for the Crypto King' Review: Coins and Misdemeanors (NYTimes) Review of Paul Van Oorschot's security book (Rik Farrow) The Internet Is Not What You Think It Is: A History, A Philosophy, A Warning (LA Review of Books) RISKS 33 14 Tuesday 12 April 2022 India's Inadvertent Missile Launch Underscores the Risk of Accidental Nuclear Warfare News and Research - Scientific American (SciAm) GM Cruise autonomous taxi without humans pulled over by police in San Francisco (Electrek) The U.S. opens a risky new front in cyberdefense (Tim Culpan) You're muted... or are you? Videoconferencing apps may listen even when mic is off (techxplore.com) Crypto Firms Have a Wish List. States are Turning It into Law. (NYTimes) An ex-cop fell for Alice. Then he fell for her $66 million crypto scam (WashPost) Binance cryptocurrency traders are pushing back after a crash (WashPost) Thieves Hit on a New Scam: Synthetic Identity Fraud (Pew Trusts) Scammers are texting you from your own number now -- here's what to do if that happens (CNBC) U.S. FBI Says It Disrupted Russian Hackers (Sarah N. Lynch) Does This AI Think Like a Human? (Adam Zewe) Keywords Can Hack the Hiring Process (Herb Booth) Re: Squirrels and rats attacking AT&T fiber (Susmit Jha) Re: Tesla Deaths and Apache Log4j instances unpatched (Dmitri Maziuk) Re: Security of lights-out managers (Anthony Thorn) Re: Quantum error-correction (Anthony Thorn) Re: Hackers Steal About $600 Million in One of the Biggest... (Mateos) Re: Machine learning and uncommon names and common ones, too (John Levine, Arthur Flatau) Re: Spreadsheets Are Hot -- and Cranking Out Complex Code (John Levine) RISKS 33.15 Monday 18 April 2022 SoCal man says car computer on his new Tesla froze, causing vehicle to be stuck at 83 mph on freeway (ABC7) Driverless Cars Can Be Tricked into Seeing Red Traffic Lights as Green (New Scientist) Risks of locust swarms (PGN) FBI removing malware surreptitiously (The Conversation) What Can Hackers Do With Stolen Source Code? (WiReD) U.S. officials preparing for potential Russian cyberattacks (CBSNews) Feds Uncover a Swiss Army Knife for Hacking Industrial Control Systems (WiReD) Google Bans Apps With Hidden Data-Harvesting Software (WSJ) Inside the Bitcoin Bust That Took Down the Web's Biggest Child Abuse Site (WiReD) The Uncanny Future of Romance With Robots Is Already Here (Yahoo!) In Race to Build Quantum Computing Hardware, Silicon Begins to Shine (Princeton) You agreed to what? Tax sites want your data for more than filing (WashPost) Those robot dogs got their first real job -- guarding Pompeii (NPR+PGN) Squirrely maintenance (PGN) Re: Spreadsheets are hot (Henry Baker) Re: Squirrels and rats attacking AT&T fiber (Charles Cazabon) History of Internet Security and AI for Cybersecurity 20 Apr 2022 (DrM) RISKS 33.16 Tuesday 19 April 2022 NASA Will Roll Back Its SLS Rocket for Repairs (WiReD) CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru (CitizenLab) Insteon is down and may not be coming back (Stacey on IoT) Creating an Information Security Program from Scratch (Walter Williams) Hundreds of Brockton drivers failed exam after getting licenses with no test (The Boston Globe) Why I deleted the ACM election email (Cliff Kilby) Crypto Is Poised to Reshape Taxes -- and Cities (WiReD) Beanstalk DAO falls to a corporate raid, funded by flash loan junk bonds: Attack of the 50-foot Blockchain (David Gerard) Re: recent NYT slips on tech coverage (Prashanth Mundkur) Re: The Uncanny Future of Romance With Robots Is Already Here (Rob Slade. Craig Cottingham) Re: What Can Hackers Do With Stolen Source Code? (Bernie Cosell) Re: Hackers Steal About $600 Million in One of the Biggest Crypto (Kevin Kostolo) Re: Driverless Cars Can Be Tricked into Seeing Red Traffic Lights as Green (Jan Wolitzky) RISKS 33.17 Saturday 23 April 2022 Tesla owner uses *Smart Summon* feature, crashes it into $3.5M jet (The Daily Dot) Tesla Autopilot stirs U.S. alarm as disaster waiting to happen (MSN) AI Drug Discovery Systems Might Be Repurposed to Make Chemical Weapons, Researchers Warn (Scientific American) MetroWest Medical Center Turned Away Ambulances & Patients (Framinghan Source) Oracle Java wins cryptography bug of the year for bypass flaw (The Register and Ars Technica) Lenovo security flaws risk >100 models *but* local access to the laptop is required for the attack (Ars Technica) Lenovo Patches UEFI Firmware Vulnerabilities Impacting Millions of devices (Ars Technica) Critical bug could have let hackers commandeer millions of Androido devices (Ars Technica) How Democracies Spy on Their Citizens (The New Yorker) Brave is bypassing Google AMP pages because they're harmful to users (The Verge) LinkedIn can't use anti-hacking law to block web scraping, judges rule (Ars Technica) CNN's new streaming service, CNNPlus, is already shutting down (WashPost) What You Don't Know About Amazon (NYTimes) Barack Obama Takes On a New Role: Fighting Disinformation (NYTimes) Re: Driverless Cars Can Be Tricked into Seeing Red Traffic Lights (Martin Ward) Re: Beanstalk DAO falls to a corporate raid, funded by flash (George Sicheman) Re: What Can Hackers Do With Stolen Source Code? (Michael Kohne, Bernie Cosell) RISKS 33.18 Friday 29 April 2022 How Software Saved a Stealth Fighter Jet -- and Its Pilot -- from Crashing in Alaska (PopSci) Older Honda and Acura models hit by Y2K+22 bug that resets clocks 20 years in the past (The Verge) The risks of attacks that involve poisoning training data for machine-learning models (techxplore.com) Power Use Reveals Harmful Chips Hidden on Circuit Boards (New Scientist) Chip Startups Using Light Instead of Wires Gain Speed, Investments (Reuters) NextDoor report on "Amazon Fresh store Just Walk Out" (Gabe Goldberg) CNN+ giving full refund, notices of this are going to spam in Gmail (Lauren Weinstein) An Old-Fashioned Economic Tool Can Tame Pricing Algorithms (SciAm) Bitcoin Is Unlikely to Go Green (Peter Coy) Must Watch Video: Carl Sagan on Technology, Society, and Politics, 1996 Lauren Weinstein) Random Twitter Chatter (PGN) How to Break Twitter (Lauren Weinstein) Gwyneth Paltrow, Mila Kunis are pushing women to invest in NFTs (WashPost) US + 60 Partners Launch Declaration for the Future of the Internet (The White House) CoVID possibilities and risk management (Rob Slade) Re: What Can Hackers Do With Stolen Source Code? (dmitri maziuk) Re: Driverless Cars Can Be Tricked into Seeing Red Traffic Lights (Martyn Thomas) RISKS 33.19 Saturday 7 May 2022 Japan Says It Needs Nuclear Power. Can Host Towns Ever Trust It Again? (NYTimes) AI goes to war in Ukraine (Fortune) The Information War in Ukraine is Far from Over (NYTimes) Russia struggles under unprecedented wave of hacking (WashPost) Microsoft Finds Linux Desktop Flaw That Gives Root to Untrusted Users (Dan Goodin) Google Docs crashed when fed 'And. And. And. And. And (The Register) Ordinary Copper Telephone Wire Could Carry Gigabit Broadband Speeds (Matthew Sparkes) The Weapon that Mistook a School Bus for an Ostrich (Science Diplomacy via Diego Latella) Smart Office Buildings Are Vulnerable to Hacks (Konrad Putzier) Every ISP in the US Must Block These 3 Pirate Streaming Services (WiReD) Problems with Elon Musk's Plan to Open-Source the Twitter Algorithm (MIT Tech Review) Elon Musk wants to 'authenticate all real humans' on Twitter. Here's what that could mean (CNN) Why is the U.S. still probing foreign visitors' social media accounts? (WashPost) Is your social network accurately reporting where you are? (Reddit) Can computers write product reviews with a human touch? (Techxplore.com) DeFi ponzinomics, Grayscale ETF comments, Binance and Russia, El Salvador -- Attack of the 50-Foot Blockchain (Sam Bankman-Fried) The Tale of a Crypto Executive Who Wasn't Who He Said He Was (NYTimes) What Is Happening to the People Falling for Crypto and NFTs (NYTimes) Wikimedia Foundation announces it will no longer accept cryptocurrency donations (Lauren Weinstein) Re: Bitcoin Is Unlikely to Go Green (Andrew Waught, John Beattie) RISKS 33.20 Friday 13 May 2022 Oops! Looks like your Mirror isn't connected to a network (geoff goodfellow) Companies envision taxis flying above jammed traffic (techxplore) Global cost of cybercrime topped $6 trillion in 2021 (techxplore) As Cryptocurrencies Melt Down, $300 Billion Evaporaites in Days (NYTimes) Crypto's Audacious Algorithmic Stablecoin Experiment Crumbles (Bloomberg) Decade-Old Bugs Discovered in Avast, AVG Antivirus Software (Charlie Osborne) Costa Rica Declares Emergency in Ongoing Cyberattack (ABC) Why Twitter May Be Doomed (Lauren Weinstein) Facebook is trying to capitalize on my grief (Rob Slade) EU plans to require backdoor to encrypted messages for child protection (Apple) Cellphones have no real off switch (Peter Gutmann) ICE 'now operates as a domestic surveillance agency,' think tank says (Engadget) ACM, Ethics, and Corporate Behavior (Moshe Vardi, CACM March 2022) Did bad interface design lead to the sinking of the Moskva? (Paul Robinson) Re: Bitcoin Is Unlikely to Go Green (John Levine) Re: Squirrels (Elinor Mills) Re: FBI Told Israel It Wanted Pegasus Hacking Tool for Investigations (Jan Wolitzky) RISKS 33.21 Monday 16 May 2022 The dangerous business of dismantling America's aging nuclear plants (WashPost) Crypto is dead (Spectator) Phishing attack pop-up targets MetaMask users visiting popular crypto sites (The Verge) The COVID Testing Company That Missed 96% of Cases (Propublica) Everything is somehow interrelated, redux (PGN) The Man Who Controls Computers with His Mind (Ferris Jabr) Some Top 100,000 Websites Collect Everything You Type -- Before You Hit Submit (Lily Hay Newman) Sad delivery robot gets lost in the woods (Futurism) Estimated $163 billion from pandemic unemployment benefits were misspent or stolen (WashPost) AI Employment Systems may reflect various forms of bias (EEOC Warning) Russians plunder $5M farm vehicles from Ukraine -- to find they've been remotely disabled (CNN) Russian troops are tracking Ukrainians' Chinese drones (CNN) Flytrex expands drone delivery into Texas (TechCrunch) Finding it hard to get a new job? Robot recruiters might be to blame (The Guardian) Radical Ruling Lets Texas Ban Social Media Moderation (WiReD) A magnet for rip-off artists: Fraud siphoned billions from pandemic unemployment benefits (WashPost) He gave Instagram photos of his baby. Instagram returned fear. (WashPost) Re: Companies envision taxis flying above jammed traffic (Steve Bacher) RISKS 33.22 Thursday 19 May 2022 Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF (The Hacker News) PDF election ballots (Andrew Appel) New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars (The Hacker News) When Your Smart ID Card Reader Comes With Malware (KrebsOnSecurity) Sadly, this food delivery robot got caught on the tracks while trying to cross (Twitter) Two-Card Monte: Why Mastercard And Visa Rarely Shut Down Scammers Who Are Ripping Off Consumers (Buzzfeed News) Crypto meltdown highlights need for urgent regulatory intervention (Dave Farber) Eavesdroppers Can Hack 6G Frequency with DIY Metasurface (Jake Boyd) China's Internet Censors Try a New Trick: Revealing Users' Locations? (NYTimes) Exposure through identity verification? (Geoff Keunning) 463 people's COVID benefits accidentally sent to one of them (Mark Brader) Zero-trust security: Assume everyone on the Internet is out to get you -- and already has (techxplore) DOJ says it will no longer prosecute good-faith hackers under CFAA (TechCrunch) Selfies Further Endanger Rare Phallic Plant, Conservationists Fear (Richard C. Paddock) Artificial Intelligence (Colbert/Gervais via Lauren Weinstein) Re: Companies envision taxis flying above jammed traffic (Martin Ward, John Levine, Barry Gold) Re: Finding it hard to get a new job? Robot recruiters might be to blame (Amos Shapir) RISKS 33.23 Friday 27 May 2022 3+ Years Later and Millions of U.S. Patient X-Rays are Still Exposed to Internet by Insecure PACS Servers" (Shawn Merdinger) Artificial intelligence predicts patients' race from their medical images (medicalxpress.com) Touch Screens in Cars Solve a Problem We Didn't Have (Jay Caspian Kang) Autonomous vehicles can be tricked into dangerous driving behavior (techxplore.com) Could contact lenses be the ultimate computer screen? (bbc.com) Accused of Cheating by an Algorithm, and a Professor She Had Never Met (NYTimes) 'Tough to Forge' Digital Driver's License Actually Easy to Forge (Dan Goodin) New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message (geoff goodfellow) Cyber-attacks could jeopardize global food supplies (techxplore.com) Crypto is a solution in search of a problem (WashPost) How Influencers Hype Crypto, Without Disclosing Their Financial Ties (NYTimes) Researchers Find Backdoor in WordPress Plugin for Schools (Dan Goodin) Scientists Learn to Kill Cyberattacks in Less Than a Second (Cardiff) Vigilante scratching out QR codes on illegally parked scooters around Denver (KMGH-TV) Apple shipped me a 79-pound iPhone repair kit to fix a 1.1 ounce battery (The Verge) A Face Search Engine Anyone Can Use Is Alarmingly Accurate (NYTimes) A tale of 31 burgers ordered from DoorDash by a 2-year old (WashPost) Russia's laser weapon claim derided as propaganda (BBC News) Russian Botnet Can Spam Social Media on 'Massive Scale' (Gizmodo) This Hacktivist Site Lets You Prank Call Russian Officials (WiReD) Is your face gay? Conservative? Criminal? AI researchers are asking the wrong questions (Trenton W. Ford) Grief fraud (Rob Slade) ACM makes back archives available for free (Lauren Weinstein) Cybercriminals target metaverse investors with phishing scams (CNBC) 'Elon Musk's Crash Course' shows the tragic cost of his leadership (NPR) Re: ACM, Ethics, and Corporate Behavior (Richard Stein) RISKS 33.24 Tuesday 31 May 2022 When a machine invents things for humanity, who gets the patent? (techxplore) Inside the Government Fiasco That Nearly Closed the U.S. Air System (ProPublica) Serious Warning Issued For Millions Of Google Gmail Users (Forbes) 2022 Data Breach Investigations Report (DBIR) Children's Rights Violations by Governments that Endorsed Online Learning During the Covid-19 Pandemic (HRW) Elon Musk: When He saw the Tesla CEO for who he really is. (S;ate) Help Wanted: State Misinformation Sheriff (Jose Maria Mateos) Microsoft Wants to Prove You Exist with Verified ID System, if You'll Let It (Kyle Barr) An Autonomous Car Blocked a Fire Truck Responding to an Emergency (WiReD) Re: Autonomous vehicles can be tricked into dangerous driving (Martin Ward, Richard Stein) Re: Artificial intelligence predicts patients' race from their medical images (Jan Wolitzky, Amos Shapir, Steve Bacher) Security and Human Behaviour 2022 (Jose Maria Mateos) RISKS 33.25 Saturday 4 June 2022 Firm proposes using Taser-armed drones to stop school shootings (NPR.ORG) Illumina Cybersecurity Vulnerability May Present Risks for Patient Results and Customer Networks: Letter to Health Care Providers (FDA) FBI blocked planned cyberattack on children's hospital (NBC) Three times in one year, gamers release classified military documents on game forum (Kotaku) Voting Software Vulnerable in Some States (Kate Brumback) Activists say cyber agency weakens voting tech advisory (AP News) The Airline Changed My Flight Itinerary -- for the Worse (NYTimes) Parameter Expansion Considered Dangerous (The Hacker News) I tried to read all my app privacy policies. It was 1 million words. (Geoffrey A. Fowler) D.C. stop-sign camera brought in $1.3 million in tickets in 2 years (WashPost) Tim Hortons app tracked too much personal information without adequate consent, investigation finds (CBC) Cape Cod Regional Transit Authority hit by ransomware attack (CapeCodTimes) Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 (WiReD) User Generated Content moderation? (Lauren Weinstein) Same Symptom -- Different Cause? (TUMunich) Google bans deepfake-generating AI from Colab (Techcrunch) Tech Experts Urge WashDC to Resist Cryptocurrency Industry's Influence (Scott Chipolina) She documented the alt-right. Now she's coming for cryptocurrency. (WashPost) Three NYU Tandon teams win $2.5 million from an NSF partnership to ensure resiliency is part of next-G wireless telecommunications (NYU) Racist and Violent Ideas Jump From Web's Fringes to Mainstream Sites (NYTimes) China is looking for 'other Earths' to colonize (CGTN) Why Silicon Valley's Tech Titans Are In 'Serious Trouble' (YouTube) With Cameras on Every Phone, Will Broadway' Nude Scenes Survive? (NYTimes) Re: Inside the Government Fiasco That Nearly Closed the U.S. Air System (John Levine) RISKS 33.26 Tuesday 7 June 2022 A New Kind of Genome Editing Is Here to Fine-Tune DNA (WiReD) California Regulators Approve First Driverless Taxi Fleet (AP) Google and Russia's delicate dance (CNN) Advancing security across Central and Eastern Europe (Google) Politicians and ulterior motives (Lauren Weinstein) The Theater of Bitcoin and Data Privacy (Siobhan Roberts) How Anonymous Is Bitcoin, Really? (NYTimes) Security News: Google May Owe You a Chunk of $100 Million Over Google Photos Privacy Violation (WiReD) Big Tech realities (Lauren Weinstein) Bolt Loaned Employees Thousands to Buy Stock -- Then Laid Them Off (WiReD) Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch (WiReD) Reno Trusting the Blockchain with Building Records (Gizmodo) Cryptocurrency (The Washington Post) It's still 2014 in crypto payments, and buying a burrito is now a taxable event (Davidger) Banning Lethal Autonomous Weapons (Stuart Russell) The Coming AI Hackers (Bruce Schneier) How Axon's plans for Taser drones blindsided its AI ethics board (Protocol) Axon Halts Plans to Sell Flying Taser Drones to Schools (Vice) Internal Documents Show Amazon's Dystopian System for Tracking Workers Every Minute of Their Shifts (Vice) The Race to Hide Your Voice (WiReD) Parameter Expansion Considered Dangerous (Cliff Kilby redux) How the Internet Turned Us Into Content Machines (Mony Solomon0 Re: WashDC stop-sign camera brought in $1.3 million in tickets in 2 years (Steve Bacher) RISKS 33.27 Friday 10 June 2022 AI Translates Math Problems into Code to Make Them Easier to Solve (Alex Wilkins) Making Blockchain Stop Wasting Energy by Getting It to Manage Energy (John Timmer) Hole in the ISS made by a meteorite the size of a grain of sand (geoff goodfellow) Tesla Employees' Cars Will Now Drive Them To Work Against Their Will (Babylon Bee) Meta Facing 8 Lawsuits That Allege Its Addictive Algorithms Harm Young Users (CNET) How Safe Are Systems Like Tesla's Autopilot. No One Knows. (NYTimes) Fraud and Identity Theft Trial to Test American Anti-Hacking Law (NYTimes) SSNDOB Marketplace Seized And Dismantled In International Operation (DOJ) The next step in a long march: Expanding mobile voting in WashDC (WashPost) Canada's favorite coffee chain was covertly data mining the sh*t out of people who just wanted cheap coffee, and they got outed by the government (twitter item via geoff goodfellow) Superworms Eat -- and --Survive on Polystyrene (Scientific American) Re: WashDC stop-sign camera brought in $1.3 million in tickets in 2 years (Steve Bacher) The Evolution of Money: Cryptocurrency Regulation (WashPost) The History of Information Security the Computer Age (Andrew J, Stewart, reviewed by Sven Dietrich) RISKS 33.28 Tuesday 14 June 2022 Long-term planning and optimization (PGN) Single beaver caused mass Internet, cell service outages in Northern B.C. (CTV News) Vulnerability discovered in Apple M1 chip (The Register via Tom Van Vleck) The Billionaires Seeking a U.S. Chip-Making Revival (Ephrat Livni) How Henry Ford Would Deal With Today's Supply Chain Upheaval (NYTimes) Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones (The Hacker News) A Story of a Bug Found Fuzzing (Microsoft Browser Vulnerability Research) I was able to access thousands of companies' passwords on #Azure and run code on their VMs. This includes access to Microsoft's own credentials (Tzah Pahima) New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using "Magic Packets" (The Hacker News) The surreal case of the disgruntled CIA hacker accused of exposing the agency's digital arsenal -- King Joshhn (The New Yorker) Coinbase lays off 1,100 employees in 18% cut (Lauren Weinstein) 'The Music Has Stopped': Crypto Firms Quake as Prices Fall (NYTimes) Jay-Z and Jack Dorsey launched a Bitcoin academy in a public housing complex (TechCrunch) Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware (The Hacker New) Thefts, Fraud, and Lawsuits at the World's Biggest NFT Marketplace (NYTimes) CRISPR-Based Map Ties Every Human Gene to Its Function (Eva Frederick) Self-Driving Truck Will Deliver Goods to 34 Sam's Club Locations (Alexandra Skores) Has the U.S. Learned Nothing From the UK's Gambling Woes (WiReD) Re: Parameter Expansion Considered Dangerous (Cliff Kilby with TomHVV) RISKS 33.29 Thursday 16 June 2022 Self-driving car crashes (NHTSA bia Monty Solomon) Musk Achs: Twitter, Tesla, and SpaceX (Lauren Weinstein via PGN) Two Israeli intel soldiers and a teenager charged with exposing classified information online (Haaretz) Crypto's Price Plunge Exposes Industry's Unstable Roots (NYTimes) Physics-Based Cryptocurrency Transmits Energy Through Blockchain (LLNL) The NSA Says that There are No Known Flaws in NIST's Quantum-Resistant Algorithms (Bruce Schneier) The "Sentient AI" story (Lauren Weinstein) DVFS and Hertzbleed (Cliff Kilby) Facebook Is Receiving Sensitive Medical Information from Hospital Websites (The Markup) Facebook plans to show content mainly from strangers (The Verge) BEREC network neutrality guidelines (Barbara via Schewick via LW) Privacy bill would set out rules on use of personal data, artificial intelligence (CBC) Executive Order 14028 and the death knell of jSCH (Cliff Kilby) Re: How Henry Ford Would Deal With Today's Supply Chain Upheaval (Amos Shapir) Re: Long-term planning and Optimization (Dick Mills, Amos Shapir) Re: The Billionaires Seeking a U.S. Chip-Making Revival (Arthur Flatau)) Re: 5GSec Convergence Accelerator Proposal (Cliff Kilby) RISKS 33.30 Monday 20 June 2022 We've only scratched the surface of how bad the crypto[currency] crime wave has gotten (Yaohoo!) FBI warns crypto fraud on LinkedIn is a 'significant threat' (Engadget) "Ethereum Mining Is Going Away (Bloomberg) Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage (The Hacker News) Micropatching on the fly (Tom Van Vleck) The Open Secret of Google Search (The Atlantic) Leaked Audio From 80 Internal TikTok Meetings Shows That U.S. User Data Has Been Repeatedly Accessed From China (Buzzfeednews) Lake Mead and Lake Powell, the 2 largest reservoirs in the US, which provide water to over 40 million Americans in Nevada, Arizona and California, are at their lowest levels ever. (twtiter via geoff goodfellow) Stronger Security for Smart Devices (Adam Zewe) New Mexico's Post-Certification Recounts (Annie Gowan) It is 2022. My coffee mug wants me to log in, wants to know my location, and if it can send me promotional emails... (Marc IRL) A Language Model Trained to Mimic 4chan Might Portend AI's Grim Future (Georgetown CSET)) A minor example of human factors in security (risks@sctb.net) Serious Warning Issued For Millions Of Google Gmail Users (Forbes) Re: the death knell of jSCH (Dmitri Maziuk) Re: Physics-Based Cryptocurrency Transmits Energy Through Blockchain (John Levine) RISKS 33.31 Saturday 2 July 2022 The Wheels Have Come Off Electric Vehicles (Bloomberg) Who Is Liable when AI Kills? (Scientific American) Four Takeaways From a Times Investigation Into China's Expanding Surveillance State (NYTimes) An Invisible Cage: How China Is Policing the Future (NYTimes) China lured graduate jobseekers into digital espionage (ArsTechnica) Internet Explorer Shutdown to Cause Japan Problems 'For Months' (Financial Times) School Surveillance Will Never Protect Kids From Shootings (WiReD) UK plan to scrap cookie consent boxes will make it easier to spy on web users (The Guardian) "Whoops. That Feeling When the AG of the most populous state publishes a list of where all the handguns are... (twitter viz geoff goodfellow) Supercookies Have Privacy Experts Sounding the Alarm (WiReD) Police sweep Google searches to find suspects. The tactic is facing its first legal challenge. (NBC News) DARPA report exposes blockchain vulnerabilities (exodus) 'Mystery rocket' that crashed into the Moon baffles NASA scientists (Chron) Mega says it can't decrypt your files. New POC exploit shows otherwise. (ArsTechnica) The Assessments of the Swiss Post E-Voting System (Andrew Appel) 2022 Zero-day in-the-wild exploitation (Maddie Stone) Ocean Freight Shipping Costs Are Driving Goods Prices Higher (ProPublica) ZuoRAT Trojan (WiReD) Sophisticated attacks against range of SOHO routers (ArsTechnica) Microsoft Plans to Eliminate Face Analysis Tools in Push for`Responsible AI' (NYTimes) The Race to Hide Your Voice (WiReD) Amazon demonstrates Alexa mimicking the voice of a deceased relative (CNBC) South Carolina mom says baby monitor was hacked; Experts say many devices are vulnerable (NPR) St. John's woman loses home after Phoenix pay fiasco (CBC) "These Period Tracker Apps Say They Put Privacy First. Here's What We Found. (Consumer Reports) FCC asks Google, Apple to remove TikTok due to data privacy concerns at Chinese-owned company TikTok (CBC) Lost and Found: USB Sticks With Data on 460,000 People (NYTimes) Some Crypto Exchanges Already Secretly Insolvent (Forbes) Unintended Centralities in Distributed [Blockchain] Ledgers (via Lauren W.) Crypto Crash Widens Divide Between Rich and Amateur Traders (NYTimes) Cryptocurrency Titan Coinbase providing "Geo Tracking Data" to ICE (The Intercept) Crypto traceability and market rules agreed by EU lawmakers (TechCrunch) Crypto investors' hot streak ends as harsh 'winter' descends (Boston Globe) Alex Mashinky's Celsius crypto bank draws probe by five states (WashPost) LOL Headline of the Day (LW) When customers say their money was stolen on Zelle, banks often refuse to pay (NYTimes) Planned Parenthood Privacy (WashPost) Re: Micropatching on the fly (John Levine) Re: A Periodic Issue (Steven J. Greenwald) Re: Long-term planning and Optimization (Martin Ward, Martin Ward) Re: It is 2022. My coffee mug wants me to log in, wants to know my location, and if it can send me promotional emails... (geoff goodfellow) AT&T Fiber Optic outage update (PGN) RISKS 33.32 Saturday 9 July 2022 Canadian network outage misunderstatement OTD (The Guardian) Mass layoff looms for Japanese researchers (Science) Cruise's Robot Car Outages Are Jamming Up San Francisco (WiReD) OpenSSL Security Advisory, 5 July 2022 (OpenSSL) In April 2022, a team of cyberattackers attempted to breach an undersea cable off the coast of Hawaii... (Twitter via geoff goodfellow) Japan to start jailing people for online insults (KyodoNews) Ransomware Switched Programming Languages From Go to Rust (ZDNet) Google Allowed a Sanctioned Russian Ad Company to Harvest User Data for Months (Propublica) A huge data leak of 1 billion records exposes China's vast surveillance state (TechCrunch) Computer glitch at American Airlines leads to triple pay (CNN via Jeremy Epstein) My Thoughts About Google's New Blog Post Regarding Health-Related Data Privacy (Lauren Weinstein) The major health care and cybersecurity risk of "Right-to-Repair" laws (The Hill) Lack of Chips Puts Big Dent in Auto Sales (Neal E. Boudette) Humans are making it hard to listen for aliens (NBC News) Even in Death, Internet Explorer Lives On in South Korea (NYTimes) Where's the herd immunity? Our research shows why Covid is still wreaking havoc (The Guardian) Re: China is looking for 'other Earths' to colonize (Martin D Kealey) Re: When customers say their money was stolen on Zelle, banks (King Ables) RISKS 33.33 Tuesday 19 July 2022 The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (Bloomberg) Driver says GPS made him turn onto train tracks in Everett; at least he was able to escape before train destroyed his car (UniversalHub) DeepMind AI Learns Simple Physics Like a Baby (Davide Castelvecchi) As AI Language Skills Grow, So Do Scientists' Concerns (Matt O'Brien) Researchers Defeat Facial Recognition Systems with Universal Face Mask (Zeljka Zorz) Pentagon UFO study led by researcher who believes in the supernatural (Science) Criminal Justice Algorithm Predicts Risk of Biased Sentencing (Jule Pattison-Gordon) The Long, Strange Relationship Between Psychedelics and Telepathy (Vice) How your brainwaves could be used in criminal trials (techxplore.com) New 'Retbleed' Speculative Execution Attack Affects AMD, Intel CPUs (Ravie Lakshmanan) New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook (The Hacker News) Choosing a non-Windows OS on Lenovo Secured-core PCs is trickier than it should be (The Register) How the FBI Wiretapped the World (Vice) Democracy dies behind a paywall (Poynter) User Generated Content (Lauren Weinstein) Cryptomining Capacity in U.S. Rivals Energy Use of Houston (Hiroko Tabuchi) How the fall of Celsius dragged down crypto investors (CNBC) Tech experts send letter to Congress urging them to resist crypto industry lobbying (Twitter) GM rebate on new Cadillac Lyriq if drivers sign NDA, agree to tracking (USA Today) Uber leveraged violent attacks against its drivers to pressure politicians (WashPost) About the Uber Files investigation (WashPost) Hit the kill switch: Uber used covert tech to thwart government raids (WashPost) GOOD! - Google bans deepfake-generating AI from Colab (TechCrunch) Google Voice problems (Lauren Weinstein) Full text of Google's proposal for political email to bypass Gmail spam filters -- and an interesting sentence MIT scientists think they've discovered how to fully reverse climate change (BGR) Meet the Lobbyist Next Door (WiReD) Facebook encrypting links to avoid URL-stripping (Henry Baker) Facebook, privacy and abortion (Reveal News) Nobody likes self-checkout. Here's why it's everywhere (The Atlantic) Major American Companies to Schools: Expand Access to Computer Science (Alyson Klein) FedEx bot apologizes for pending delivery' of missing human remains (WashPost) Re: Canadian network outage misunderstatement OTD (David W. Hodgins) ISODARCO 2023 (Diego.Latella) RISKS 33.34 'Drone Activity' Prompts Ground Stop At Reagan National Airport (Patch) The Unsolved Mystery Attack on Internet Cables in Paris (WiReD) Ransomware Attacks Against Higher Ed Increase (Inside Higher Ed) 37,800 people sent privacy breach notifications linked to Newfoundland/Labrador cyberattack (CBC) Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5mac) You've Been Served Via NFT: Court Gives OK to Sue on Blockchain (Katharein Gemmell) UK proposes new rule for AI (Law Gazette) The state of AI right now is absolutely ridiculous. This is terrifying (Twitter) Internet balkanization (Politico) It's Time to Ask Patients to Quit Social Media (LWW) The US military wants to understand the most important software on Earth (MIT Technology Review) Log4j Software Flaw 'Endemic,' Cyber Safety Panel Says (Alan Suderman) Apple's Butterfly Keyboard Fiasco Leads to a $50M Settlement (WiReD) On Google's proposal for political email (Joseph Brennan) Re: MIT scientists think they've discovered how to fully reverse climate change (geoff goodfellow) Google Fires Engineer Who Claims Its AI Is Conscious (Jan Wolitzky) Re: The Big Hack: How China Used a Tiny Chip to Infiltrate (Steve Klein, Michael Kohne and others included) RISKS 33.35 Monday 1 August 2022 Coding Error Caused Outage That Left Millions Without Service (Alexandra Posadzki) Push for innovation in artificial intelligence can create dangerous products (Channel News Asia) Drone Contraband Deliveries Are Rampant at US Prisons (WiReD) Politicians want to crack down on payment systems like Zelle. Here's why. (The Boston Globe) Starlink Satellites Get Upgrades To Prevent Interference With Astronomy (PCMag) "I Was Wrong" (NYTimes) China's Expanding Surveillance State (NYTimes) Voice Jammer Stops Anyone from Recording Your Speech (Matthew Sparkes) Tim Hortons Offers a Free Coffee and Pastry for Spying on People for Over a Year (Vice) Cyberattack Illuminates Shaky State of Student Privacy (Natasha Singer) Hospital IT melts in heatwave, leaving doctors without patient records (The Register) Google, Oracle cloud servers wilt in UK heatwave, take down websites (The Register) How to Prevent Another European Transport Meltdown (WiReD) Chess-playing robot grabs child opponent's finger and breaks it (TechSpot) BMW's Heated as a Service Model Has Drivers Seeking Hacks (WiReD) Online pricing algorithms are gaming the system, and could mean you pay more (npr.org) Lawsuit: Chicago police misused ShotSpotter in murder case (AP) Undersea Internet Cables Can Detect Earthquakes -- and May Soon Warn of Tsunamis (The New Yorker) Average Data Breach Costs Hit a Record $4.4 Million, Report Says (CNET) Messaging app JusTalk is spilling millions of unencrypted messages (TechCrunch) Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (Cloudsek) The Default Tech Settings You Should Turn Off Right Away (NYTimes) Uber avoids federal prosecution over data breach that exposed data of 57 million users (Engadget) Martin Shkreli Is Back With a Web3 Drug Discovery Platform (WiReD) It's Not Just Loot Boxes: Predatory Monetization Is Everywhere (WiReD) The Surprising Fight Over Google's Downtown West Development (WiReD) The price of solar modules has declined by 99.6% since 1976 (WholeMarsBlog) How online misinformation threatens Fortune 500 companies (Fortune) "Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Protect Against Infection' (VaxxedFox) 13 propositions on an Internet for a burning world (APNIC Blog) Chip shortages hit hard at Yamaha's musical instrument business (The Register) Jeopardy! player causes `at-home-disturbance' (Sundry sources abridged) Inside Ukraine's Thriving Tech Sector (The New York Times) Students and staff are entirely prohibited from using Google Search -- Data privacy concerns trigger restrictions on Google Chrome in Dutch schools (Android Police) Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (ZDNet) BMW's 3,854-Variable Problem Solved in Six Minutes with Quantum Computing (Francisco Pires) Re: UK proposes new rule for AI (Dick Mills) Re: MIT scientists think they've discovered how to fully reverse climate change (goldy) ACM Launches New Journal on Responsible Computing (Lauren Weinstein) On-demand education program of medical safety (MSPO) RISKS 33.36 Wednesday 3 August 2022 Today's Robotic Surgery Turns Surgical Trainees Into Spectators (IEEE Spectrum) Experts show how to unlock several Honda models via Rolling-PWN attack (Security Affairs) Post-quantum encryption contender is taken out by single-core PC and 1 hour (Ars Technica) Data Centers Are Facing a Climate Crisis (WiReD) The Default Tech Settings You Should Turn Off Right Away (NYTimes) Alex Jones' attorney mistakenly sent two years of his text messages to Sandy Hook family's lawyer (The Independent) About the W3C official Decentralized Identifier recommendation announced today (Lauren Weinstein) Study finds Wikipedia influences judicial behavior (MIT) Re: BMW's Heated as a Service Model Has Drivers Seeking Hacks (Barry Gold, John Levine, Gabe Goldberg, Pete Resiak) Re: Students and staff are entirely prohibited from using Google Search (Lars-Henrik Eriksson) Re: Tim Hortons Offers a Free Coffee and Pastry for Spying on People for Over a Year (Jonathan Levine, Steve Bacher) Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (Steve Bacher) Re: Drone Contraband Deliveries Are Rampant at U.S. Prisons (Amos Shapir) Re: Online pricing algorithms are gaming the system, and could mean you pay more (Amos Shapir) Re: Jeopardy! player causes `at-home-disturbance' (Steve Bacher, Amos Shapir) Re: "Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Protect Against Infection' (John Levine) RISKS 33.37 Sunday 7 August 2022 U.S. Air Force To Test Single-Pilot C-130 Flight Crews (FLYING Magazine) How a Trash-Talking Crypto Bro Caused a $40 Billion Crash (NYTimes) Nuclear Fusion Is Already Facing a Fuel Crisis (WiReD) Fighting Around Zaporizhzhia Nuclear Power Plant Is 'Out of Control' (Matthew Gault via Henry Baker) Nomad offers 10% bounty in $190M cryptocurrency hack (WashPost) WashDC Metrorail Routinely Skipped Safety Protocols, Putting Workers At Risk (DC Patch) Former T-Mobile store owner netted $25 million from 5-year scheme, which included tricking employees into resetting passwords (Fortune) California Regulator Accuses Tesla of Falsely Advertising Autopilot (NYTimes) North Korea-Backed Hackers Have Clever Way to Read Gmail (Dan Goodin) AI Does Not Have Thoughts, No Matter What You Think (Cade Metz) Algorithm Aces University Math Course Questions (Adam Zewe) Big Tech breakup legislation on hold (Lauren Weinstein) Class-action suit filed against Equifax after millions of scores were affected by glitch (NBC news) 'Horrible', 'Chaos': Former Oracle Employees Describe Recent Layoffs (Slashdot) Robinhood Lays Off 23 Percent of Its Staff, Blaming Crypto Meltdown (NYTimes) Bitcoin mining in the crypto crash -- mining companies' creative accounting (Amy Castor) Pearson says NFT textbooks will let it profit off secondhand sales (The Verge) The Bad Times Are Coming for Startups (WiReD) The Microsoft Team Racing to Catch Bugs Before They Happen (WiReD) French Scientist, distant star, and chorizo (People via Steve Greenwald) Rats deserve equal presence with Squirrels in RISKS (T.M. Brown via PGN) Robotic Surgery (Dr. Bob Fenichel) Re: Who is at fault when medical software gets it wrong? (Richard Marlon Stein) Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (John Levine) Re: BMW's Heated as a Service Model Has Drivers Seeking Hacks (San Steingold, Gabe Goldberg, Gabe Goldberg) Re: Study finds Wikipedia influences judicial behavior (John Levine) Kids Are Back in Classrooms and Laptops Are Still Spying on Them (Gabe Goldberg) Re: School Surveillance Will Never Protect Kids From Shootings (Gabe Goldberg) Re: Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Going to Protect Against Infection' (Lars-Henrik Eriksson, Steve Lamont) Book Review: America's Biggest Lottery Scam by Bob Sand (Douglas W. Jones) RISKS 33.38 Friday 12 August 2022 Tesla faces new probes into motorbike deaths, false advertising (Ars Technica) One of 5G's Biggest Features Is a Security Minefield (WiReD) Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang (The Hacker News) The Hacking of Starlink Terminals Has Begun (WiReD) A bug lurking for 12 years gives attackers root on every major Linux distro (Ars Technica) Coinbase reports 63% drop in revenues in second quarter (NYTimes) Rainwater everywhere on Earth unsafe to drink due to *forever chemicals*, study finds (Euronews) A Sydney high school banned mobile phones. It had dramatic results (Sydney Morning Herald) Math error overturns 100-year-old understanding of color perception (Phys) Sloppy Use of Machine Learning Is Causing a Reproducibility Crisis in Science (WiReD) MoFi has been using digital all along, a scandal in the audio community (WashPost) FEC approves Google's horrible political spam filter bypass plan (Lauren Weinstein) MoFi has been using digital all along, a scandal in the audio community (WashPost) Cryptocurrencies and the US Government Are Headed for a Decisive Showdown (WiReD) U.S. sanctions Tornado Cash and crypto shrieks in horro (Attack of the 50-Foot Blockchain) Just use voice calls or in person for sensitive communications (Lauren Weinstein) What about Signal or Whatsapp, etc. vs. voice callsignal or Whatsapp, etc. vs. voice calls privacy/security? (Lauren Weinstein) New Data Suggests Our Fundamental Model of the Universe Is Wrong, And Scientists Are Racing to Solve It (dnyuz) Danger: Metaverse Ahead! (Rob Slade) Amazon vacuums up more data and money with Roomba? (Lauren Weinstein) Re: "Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Protect Against Infection' (Steve Lamont) Re: Bad Batches (Judith Hemenway) Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (David E. Ross) Re: Who is at fault when medical software gets it wrong? (Gabe Goldberg) Re: Robotic Surgery (Gabe Goldberg) Re: Clipping wires to upgrade (Lindsay Marshall) Re: Book Review: America's Biggest Lottery Scam by Bob Sand (Mark Brader) RISKS 33.39 Tuesday 16 August 2022 'Ring Nation' Is Amazon's Reality Show for Our Surveillance Dystopia (Deadline) Meta finds new way of tracking users across websites (The Guardian) Amazon, Oracle shrug off lawmaker fears of abortion data sales (techxplore.com) Zoom's Auto-Update Feature Came With Hidden Risks on Mac (WiReD) A Single Flaw Broke Every Layer of Security in MacOS (WiReD) Michigan plot to breach voting machines points to a national pattern (WashPost) On TikTok, Election Misinformation Thrives Ahead of Midterms (NYTimes) How Frustration Over TikTok Has Mounted in Washington (NYTimes) A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave (WiReD) Workplace Productivity: Are You Being Tracked? (NYTimes) How thieves are using cell phones to see what's inside your car (The Hacker News) Sloppy Software Patches Are a Disturbing Trend (WiReD) Sloppy Use of Machine Learning Is Causing a Reproducibility Crisis in Science (WiReD) You can lose health data de-centrally as well (Debora Weber-Wulff) Buying real estate in the metaverse is 'dumbest' idea ever (Mark Cuban) What do ordinary computer users NOT care about? Breaking up Big Tech (Lauren Weinstein) It's Potentially Illegal: As Crypto Crashed, Coinbase Stopped Some Notifications (Mother Jones) It Might Be Our Data, But It's Not Our Breach (Krebs on Security) How Russia Took Over Ukraine's Internet in Occupied Territories (NYTimes) Why Is Web3 Security Such a Garbage Fire? Let Us Count the Ways (PCMag) The Danger of Posting Selfies (NowIKnow) Quote of The Day (Edward Snowden) CRYPTO-GRAM (Bruce Schneier PGN excerpted) Re: "Dr. Birx ADMITS She 'Knew' COVID... (Steve Lamont) Re: Tesla faces new probes into motorbike deaths, false advertising (Steve Bacher) Re: What about Signal or Whatsapp, etc. vs. voice callsignal or Whatsapp, etc. vs. voice calls privacy/security? (John Levine) Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (Arthur T.) Re: Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users (via geoff goodfellow) Re: Rainwater everywhere on Earth unsafe to drink due to *forever chemicals*, study finds (Craig S. Cottingham) Re; Doug Jones's review (Mark Brader) RISKS 33.40 Saturday 20 August 2022 Voters in the UK Cast Ballots Online, in Test for Internet Voting (WSJ) Plane fails to descend as pilots reportedly fell asleep during flight (CNN) Apple AirTag leads to arrest of airline worker accused of stealing at least $15,000 worth of items from luggage (NBC) 'Hackers Against Conspiracies': Cybersleuths Take Aim at Election Disinformation (Maggie Miller) Software dev cracks Hyundai encryption with Google Search (The Register) Cryptoverse: Blockchain bridges fall into troubled waters (Reuters) On the Dangers of Cryptocurrencies and the Uselessness of Blockchain (CRYPTO-GRAM) Starbucks NFTs, Reddit karma points on the blockchain, Saylor fired, Telegram ICO slight return. (David Gerard) Track carbon offsets with blockchain? (Rob Slade) Deepfakes Expose Vulnerabilities in Facial Recognition Technology (PSU) Email marketing firm hacked to steal crypto-focused mailing lists (Bleeping Computer) Pirates Infielder Suspended for Taking Cellphone Onto Basepaths (NYTimes) You can now tweet as you climb Mount Kilimanjaro thanks to new Wi-Fi network (NBC News) Massachusetts Registry of Motor Vehicles Cautions Customers to be Aware of Unofficial Third-Party Websites and Text/Phishing Scams (Monty Solomon) How a Third-Party SMS Service Was Used to Take Over Signal Accounts (Vice) Posing as Contractors, Nigerians Scammed Project Owners for Nearly $6M, FBI Says (Engineering News-Record) Just 1 of 25 Apps That Track Reproductive Health Protect Users' Data (Shirin Ali) FTC sued by firm allegedly selling sensitive data on abortion clinic visits (Ars Technica) An Explosive New Report Could Upend More than a Decade of Alzheimer's Research. How Did This Happen (Mother Jones) Dozens of Facebook contractors lost their jobs after an algorithm reportedly chose them 'at random' (Engadget) Microsoft Employees Exposed Own Company's Internal Logins (Vice) #DEFCON: How US Teen Rickrolled His High School District (Infosecurity Magazine) Apple Warns of Security Flaw for iPhones, iPads, Macs (AP) Apple security updates fix 2 zero-days used to hack iPhones, Macs (Bleeping Computer) A Janet Jackson Song Could Crash Windows XP Laptops (Michael Kan) Made-Up Words Trick AI Text-to-Image Generators (Discover) Re: Meta finds new way of tracking users across websites (Steve Bacher) RISKS 33.41 Tuesday 23 August 2022 Peiter "Mudge" Zatko's journey from hacker to Twitter whistleblower (WashPost with PGN comments) FBI Warns of Zeppelin Ransomware Attacks Targeting Bay Area Companies (SFStandard) How Secret Tesla Crash Data Might Make the Roads Safer (Cade Metz) Google Search Is Quietly Damaging Democracy (WiReD) How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps (Google) 'Anti-Reflective' Coating Allows Wi-Fi Through Walls (Tech Radar) HBO Max Crashes for Thousands in the Minutes After *House of the Dragon* Premieres (WSJ) A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. (The New York Times) Working from home has fueled a rise in porn addicts (Daily Mail) AI Model Can Detect Parkinson's From Breathing Patterns (Slashdot) Re: AI Model Can Detect Parkinson's From Breathing Patterns (Slashdot) Startup uses AI to transform call center workers' accents into "white voice" (BoingBoing) Hackers Used Deepfake of Binance CCO to Perform Exchange Listing Scams (Bitcoin.com) Unix legend, who owes us nothing, keeps fixing foundational AWK code (Ars Technica) Software dev cracks Hyundai encryption with Google Search (The Register) Re: Software dev cracks Hynudai encryption with Google Search (Steve Bacher) MS-DEFCON 3: Issues with bootloader patches @AskWoody (Susan Bradley) How 40,000 people used a Lockport woman's SSN: 078-05-1120. (Gabe Goldberg) Re: How 40,000 people used a Lockport woman's SSN (Li Gong) Re: Voters in the UK Cast Ballots Online, in Test for Internet Voting, (Alan Ralph) Re: An Explosive New Report ... Alzheimer's (Peter Bernard Ladkin) Re: A Janet Jackson Song Could Crash Windows XP Laptops (Martin Ward) RISKS 33.42 Saturday 27 August 2022 Another Post-Quantum approach bites the dust. VERY CLEVER. (Quantum Magazine) The Crypto[currency] World Can't Wait for Ethereum's Merge (The NY Times) 5G Networks Are Worryingly Hackable (Edd Gent) The next wave of wireless security worries: API-driven (Light Reading) Eight-Year-Old Linux Kernel Vulnerability Uncovered (Ravie Lakshmanan) Experimental Attack Can Steal Data from Air-Gapped Computers (Carly Page) Tesla demands video of cars hitting child-size mannequins be taken down (WashPost) Why are Tesla fanatics putting their children in the path of moving cars? (Arwa Mahdawi) Scanning students' homes during remote testing is unconstitutional -- judge says (Ars Technica) Congress approved $386 million to retrain veterans. Only 397 benefited. (WashPost) Weaponizing Middleboxes for TCP Reflected Amplification (Geoff Goodfellow) Keeping Up With the Vacuum Cleaners (Rob Slade) Let's think step by step in ML Reasoning (via Tom Van Vleck) 3D gun printing operation busted in Calgary (Jose Maria Mateos) Danger: Metaverse Ahead! -- Part 2 (Rob Slade) Dangers of the Metaverse -- Part 2b: "White voice?" (Rob Slade) Re: Startup uses AI to transform call center workers' accents into "white voice" (Gabe Goldberg) Re: A Janet Jackson Song Could Crash Windows XP Laptops (Steve Bacher) Re: Scans of Students' Homes During Tests Are Deemed Unconstitutional (Gabe Goldberg) RISKS 33.43 Sunday 4 September 2022 Australian aviation watchdog's report on death of American firefighters (SMH-AU) High Seas Deception: How Shady Ships Use GPS to Evade International Law (NYTimes) Amazon Solar Array Fires (Henry Baker) U.S. Freight Rail Crisis Threatens More Supply-Chain Chaos (WiReD) Email scammers bilked VCU out of nearly $470,000,U.S. officials say (WashPost) Tech tool offers police *mass surveillance on a budget* (AP News) FBI Warns Individuals Employed in the Healthcare Industry of the Ongoing Scam Involving the Impersonation of Law Enforcement and Government Officials (FBI) Electricity company controls customers' thermostat settings during a warm day in Denver. (The Denver Channel) Hand-counting elections riskier than computer counts? (CNN) Voting Machine Tampering Points to Concern for Fall Election (AP) A neighborhood's cryptocurrency mine: Never-ending noise (WashPost) LastPass, Password Manager with Millions of Users, Is Hacked (WS ) Face Recognition Struggles to Recognize Us After Five Years (Matthew Sparkes) Quantum AI Breakthrough: Theorem Shrinks Appetite for Training Data (LANL) Why the Twilio Breach Cuts So Deep (WiReD) Inside a Million-Dollar Instagram Verification Scheme (ProPublica) Facebook Misinformation Is Bad Enough. The Metaverse Will Be Worse (RAND) The FTC may -- finally -- protect Americans from data brokers (WiReD) Storing data on floppy disks? apan tells bureaucracy time to stop (Nikkei) Satellites Keep the World's Clocks on Time. What if They Fail (WiReD) Honda Clocks Are Stuck 20 Years In The Past; There Isn't A Fix (Gabe Goldberg) Ukraine celebrates its Independence Day hacking Russian cameras (twitter) The Family That Mined the Pentagon's Data for Profit (WiReD) Re: 3D gun printing operation busted in Calgary (Steve Bacher) Re: A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal. (Amos Shapir) Re: Why are Tesla fanatics putting their children in the path of moving cars? (ohn Levine) Re: The Crypto[currency] World Can't Wait for Ethereum's Merge, (Martin Ward) RISKS 33.44 Tuesday 13 September 2022 The Search for Dirt on the Twitter Whistle-Blower (Ronan Farrow via PGN) Twitter's testimony today (Lauren Weinstein) GM's Cruise Recalls Self-Driving Software Involved in June Crash (WiReD) Be afraid of the Internet of Everything (Gabe Goldberg) Samsung denies Social Security numbers involved in latest breach (The Record by Recorded Future) Careless Errors in Hundreds of Apps Could Expose Troves of Data (WiReD) Timing of Artemis launch may depend on emergency detonation system (WashPost) Artemis I launch scrubbed again, new attempt may not come till October (The Washington Post) Four vulnerabilities discovered in popular infusion pumps, WiF batteries (The Record via WashPo) Extreme California heat knocks key Twitter data center offline (CNN) How criminals are using jammers, deauthers to disrupt WiFi security cameras (Kiara Hay via Steve Stroh via Dewayne Hendricks via Dave Farber) Apple and eSIM (Rob Slade) Apple's recent iPhone security fix puts spotlight on transparency (USA Today) How Human Traffickers Force Victims Into Cyberscamming (ProPublica) Iranian authorities plan to use facial recognition to enforce new hijab law (The Guardian) Cloudflare drops KiwiFarms (The Washington Post) BBC report that UK Court IT system puts justice at risk (BBC) The 1,000 Chinese SpaceX engineers that existed only on LinkedIn (MIT Technology Review) Sky Cuts Queen Elizabeth II-Related Jokes From 'Last Week Tonight With John Oliver' in UK (Hollywood Reporter) Facebook has no idea where to find your data (DJC) Facebook and Google, they're SO public spirited... (Gabe Goldberg) Super-rich preppers' planning to save themselves from the apocalypse (The Guardian) Major telecoms sign deal to keep some phone services running during future outages (CBC Canada) Israel: Health Ministry website faces cyberattack, oversea access blocked (I14 News) Groove.cm Breaks the Internet (Paul Robinson) This $30 mouse jiggler makes it look like you're working when you're not (CNBC) Obsessively watching the news can make you mentally and physically sick (Study Finds) Re: High Seas Deception: How Shady Ships Use GPS to Evade International Law (John Stewart) Re: Hand-counting elections riskier than computer counts? (Craig Cottingham) Re: Honda Clocks Are Stuck 20 Years In The Past; There Isn't A Fix (Steve Bacher) Re: 3D gun printing operation busted in Calgary (Henry Baker) RISKS 33.45 Saturday 17 September 2022 Chinese and Russian ops (Two NYTimes items PGN-ed) Chinese spy convicted with help from iCloud backup of his iPhone (9to5Mac) Nuclear Power Still Doesn't Make Much Sense (NYTimes) Say Hello to Crazy-Thin Deep-Insert ATM Skimmers (Krebs on Security) Malware attack knocks out software for 6,000+ residential properties George Mannes) Patent troll attacks against open-source projects are up 100% since last year. Here's why (ZDNET) Alarms over healthcare cyberattacks are getting louder (The Verge) Microsoft Teams has been storing authentication tokens in plaintext (Engadget) Trojanized versions of PuTTY utility being used to spread backdoor (Ars Technica) iPhone Lockdown Mode can be easily detected, could make you a target (9to5Mac) WatchOS 9 Breaks Spotify Streaming, Apple Watch Users Urged Not to Update (MacRumors) Text Messaging Is Cool. But Where Are Its Boundaries? (NYTimes) Watch it! Legal issues arise with home security cameras (Hiawatha Bray) DHS built huge database from cellphones/computers seized at border (WashPost) Appeals court upholds Texas law regulating social media moderation (WashPost) Biden is completely wrong about Section 230 as relates to hate speech (Lauren Weinstein) Uber wasn't using security keys (Vice) Uber's hack shows the stubborn power of social engineering (The Verge) Chess Grandmaster accused of using anal beads to cheat receives offer to clear his name by playing nude (AVClub) We're stuck with this white elephant: A Wisconsin town's big bet on electronics maker Foxconn hasn't panned out as planned (Fortune) NSA Software Supply Chain Guidance (The New Stack) Re: Artemis I launch scrubbed again, new attempt may not come until October (Martin Ward) Re: How criminals are using jammers, deauthers to disrupt WiFi (Henry Baker) Re: Major telecoms sign deal to keep some phone services running during future outages (Steve Bacher) Re: Apple and other vendors and eSIM (John levine) Re: Groove.cm Breaks the Internet (Amos Shapir, Steve Bacher) Re: The Search for info, not just Dirt, on the Twitter Whistle-Blower (John Levine) Re: Facebook has no idea where to find your data (Ssteve Bacher) Re: 3D gun printing operation busted in Calgary (dmitri maziuk) RISKS 33.46 Thursday 29 September 2022 `Our world is in peril,' UN secretary general warns general assembly (CBC) The UN Wants to Curb Anti-Satellite Missile Tests (WiReD) Vulnerability of insulin pumps (Healio via Judith Hemenway) Optus' breach exposes 9.8M customers' data (ABC-AU) Tesla Megapack battery fire spurs shelter-in-place warning in California (The Verge) Multiple driverless Cruise cars block traffic in San Francisco (SanFranChron) Automakers are ignoring the simple solution to the rise of traffic deaths (The Verge) Egypt's submarine cable stranglehold (Sebastian Moss) 'Protestware' is on the rise, with programmers self-sabotaging their own code. Should we be worried? (Techxplore.com) Morgan Stanley Smith Barney to Pay $35 Million for Extensive Failures to Safeguard Personal Information of Millions of Customers (SEC) NY Suffolk Co. "911" system crippled by cyberattack, other gov't functions also (WNBC) American Airlines says hackers obtained some customer/employee data (Engadget) LastPass says hackers had internal access for four dayso (Bleeping Computer) 15-Year-Old Python Bug Allows Code Execution in 350k Projects (Ionut Ilascu) Artist finds private medical record photos in popular AI training data set (ArsTechnica) Uber blames contractor for hack (Lauren Weinstein) Luxury cars seized from 23-year-old 'Crypto King' as investors try to recoup millions (CBC) 33% of U.S. TikTok users say they regularly get their news on the app, up from 22% in 2020 (TechCrunch) TikTok's search engine repeatedly delivers misinformation to its majority-young user base, report says (CNN) A common phishing attack sources from Gmail (Lauren Weinstein) Wegmans Discontinues Self-Checkout App, Citing Losses (NYTimes) Health apps share your concerns with advertisers. HIPAA can't stop it. (WashPost) NTSB wants all new vehicles to check drivers for alcohol use (NPR) How vigilante *predator catchers* are infiltrating the criminal justice system (WashPost) Senators introduce a bill to protect open-source software (WashPost) Open-Source Software That Lasts a Thousand Years? (Liam Tung) The ITU's Secretary-General Election Could Shape the Internet's Future (WiReD) RISKS 33.47 Friday 7 October 2022 Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related Deaths. It Failed a Family of Three. (TexasTribune) Crash of Air France 447 redux (Jagan Jagannathan) Automatic emergency braking is not great at preventing crashes at normal speeds (The Verge) Chinese supply-chain tampering (Reuters) Nordstream Explosion: Robotic Sabotage from *Inside*? (Henry Baker) The Thorny Problem of Keeping the Internet's Time (David Mills) The Securities and Exchange Commission Obstructs National Security (Ari Schwartz) NY SBOE is buying ES&S barcoding voting machines (Rebecca Mercuri) Conspiracy theories muddy Louisiana voting machine debate (AP item) WashDC Metro system looking for solutions to fare evasion (WashPost) I wouldn't get on that DC-area bus (Gabe Goldberg) Microsoft Exchange 0-Day Attack Threatens 220,000 Servers (Dan Goodin) In the Battle With Robots, Human Workers Are Winning (NYTimes) A data-sharing agreement between the US and UK is now in effect (Engadget) More Bosses Spy on Quiet Quitters. It Could Backfire (WSJ) Canadian ransomware hacker sentenced to 20 years in U.S. prison (CBC) Few Customers Get Refunds for Rampant Zelle Fraud (Senator Warren) Are You a Victim of Crypto Crime? Good Luck Getting Help (WiReD) El_Salvador's Bitcoin Law -- one year on, with the World's Coolest Dictator: Attack of the 50-Foot Blockchain (David Gerard) SEC charges Kim Kardashian for allegedly not disclosing crypto promotion payday (WashPost) Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends (PCMag) Joe Sullivan guilty in Uber hacking case (WashPost) I Make Video Games. I Won't Let My Daughters Play Them. (NYTimes) Sorry, But Your Boss Is Pretty Hyped About Today's Most Annoying Tech Trends (PCMag) AI can now create any image in seconds, bringing wonder and danger (WashPost) Rethinking the Computer Chip in the Age of AI (Devorah Fischler) Leading Makers Pledge Not to Weaponize Their Robots (Joe Hernandez) Optus criticized for massive breach (Reuters) Re: Optus' breach exposes 9.8M customers' data (John Colville) Re: Wegmans Discontinues Self-Checkout App, Citing Losses (John Levine) Re: Egypt's submarine cable stranglehold (Amos Shapir) Re: Automakers are ignoring the simple solution to the rise of traffic deaths (Scott Dorsey) Castiglioncello 2022: Nuclear Weapons: New Risks (Diego Latella) RISKS 33.48 Tuesday 11 October 2022 Hospital networks computer outage in Pacific North West (Seattle Times) Rivian recalls 13,000 EVs due to potential steering control problem (Engadget) Russian hackers attack US airport Websites (NPR) Electronic gaming can trigger potentially lethal heart rhythm problems in susceptible children (Medical Press) Lufthansa Says Passengers Can't Use Apple AirTags to Track Checked Bags (NYTimes) Binance is hit by a $570M hack (Ephrat Livini) Cleaning up Cryptomining (Ben Arnoldy) Meta warns 1 million Facebook users their login info may have been compromised (WashPost) How a DJI Mini drone enabled a $147,000 ATM robbery (Dronedj) Presumptions of Intercontinental Broadband Availability are a significant business risk (RLGSC) The Problem With Mental Health Bots (WiReD) Uber bill for 35,000 GBP (Nick Brown) Unpatched Zimbra flaw under attack is letting hackers backdoor servers (Ars Technica) A physical DDoS attack on the Australian Postal system (Auspost) iPhones with iOS 14 call 911 from rollercoasters (The Verge) iPhones calling 911 from owners' pockets on rollercoasters (Paul Cornish) Are school "SWATting" calls discord attacks? (NPR) AI-driven 'thermal attack' system reveals computer and smartphone passwords in seconds (Techxplore) Linux kernel 5.19.12 code could cause permanent damage to some laptop displays (Ars Technica) A judge has decided that jurors who are asked to decide whether a man killed his wife in New Jersey will not be told that he was convicted earlier of having killed his first wife in Ohio (WFMJ) Twitter in China (Lauren Weinstein) Re: Shut-Off Switch Was Supposed to Prevent 99% of Generator-Related Deaths (Barry Gold) Re: Automakers are ignoring the simple solution to the rise of traffic deaths (Wol) Re: Automatic emergency braking is not great at preventing crashes at normal speeds (Steve Lamont) RISKS 33.49 Tuesday 25 October 2022 Nuclear War Simulator Creator Says Public Must Know Potential Destruction (Aristos Georgiou) Climate Change Threatens Supercomputers (Jacklin Kwan) The computer errors from outer space (bbc.com) NYC's Emerg. Med. Svc ("911") system was crippled 'cuz ... (danny burstein) AI Language Models Show Bias Against People with Disabilities, Study Finds (Penn State) A new AI model can accurately predict human response to novel drug compounds (phys.org) We Should Try to Prevent Another Alex Jones (Zeynep Tufekci) Alternatives to Twitter (Lauren Weinstein) A prudent approach to Musk and Twitter (Lauren Weinstein) Twitter reportedly has a user retention problem (Lauren Weinstein) TikTok and Facebook fail to detect election disinformation in the U.S., while YouTube succeeds (Global Witness) Behind TikTok's Boom: A legion of traumatised, $10-a-day content moderators (The Bureau Investigates) ACM Highlights Underuse of Risk-Limiting Audits in Confirming Accuracy of Election Results (ACM) Iran Hackers Behind Attempt on US Election Are Still Active (GovInfoSecurity) Internet Of Dangerous Things (Henry Baker) In the ultimate Amazon smart home, each device collects your data (WashPost) GPS interference caused the FAA to reroute Texas air traffic. Experts stumped (Ars Technica) Cuban Defector Flies Stolen An-2 To Florida (AVweb) How to miss potentially important Google Chat notifications (LW) Police Are Using DNA to Generate 3D Images of Suspects They've Never Seen (Vice) Even After $100 Billion, Self-Driving Cars Are Going Nowhere (Bloomberg) Eleven more crash deaths are linked to automated-tech vehicles (The Center for Auto Safety) High-Tech Cars Are Killing the Auto Repair Shop (WiReD) Heat from fingertips can be used to crack passwords, researchers find (Yahoo! News) Zillow bug (Jan Woliltzky) Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials (Dark Reading) Google drops Chrome support for Windows 7 (Lauren Weinstein) Too Many Drivers with Advanced Tech Expect Cars to Drive for Them (Car and Driver) Planned cuts at Twitter likely to hurt content moderation, user security (WashPost) Devastating Report: Twitter may fire 75% of workers, gut content moderation and decimate infrastructure (WashPost) The vulnerability of transformers-based malware detectors to adversarial attacks (techxplore.com) Thousands of GitHub Repositories Deliver Fake PoC Exploits with Malware (Bill Toulas) How a Microsoft blunder opened millions of PCs to potent malware attacks (Ars Technica) Microsoft Office 365 email encryption could expose message content (Bleeping Computer) Google's "passkey" effort (Twitter) How Your Shadow Credit Score Could Decide Whether You Get an Apartment (ProPublica) U.S. Chip Sanctions Kneecap China's Tech Industry (WiReD) The danger of advanced artificial intelligence controlling its own feedback (techxplore.com) Toyota exposed 300,000 customer email addresses for 5 years (Techcrunch) Parler leaked email addresses for Ivanka Trump, other 'VIPs' in Kanye West announcement (Mashable) Humans Beat DeepMind AI in Creating Algorithm to Multiply Numbers (Matthew Sparkes) Deception Detection (RAND) Re: AI-driven 'thermal attack' system reveals computer and smartphone passwords in seconds (Steve Bacher) Re: Lufthansa Says Apple AirTags Are Once Again Allowed in Checked Bags (Jan Wolitzky) Re: Not a physical DDoS attack on the Australian Postal system (John Levine) Re: Automatic emergency braking is not great at preventing crashes. at normal speeds (Martin Ward) Article about CHERI (Rik Farrow) U.S. National Security Strategy report (The White House) Book on Digital Ethics (Christian Fuchs) RISKS 33.50 Tuesday 1 November 2022 Tesla under US criminal investigation over self-driving claims, (The Guardian) Science Has a Nasty Photoshopping Problem (Elisabeth Bik) 'Deepfakes' of Celebrities Appearing in Ads (Patrick Coffee) Musk, Twitter, and Disinformation (Lauren Weinstein via PGN)a Facebook's Ad-Delivery Algorithm Discriminates Based on Race, Gender, Age (Northeastern) Confirming Election Results with Risk-Limiting Audits (Rice U.) Self-Driving Cars Face Uncertain Path to U.S. Deployment (Reuters) One month aftermath of the Nord Stream pipeline explosion (Switch-Plan) Square sells access to your inbox. No one seems toknow if the law cares. (Protocol) Steve Bannon and democracy? (Lauren W., PGN retitled) Many UFO Reports Are Just Spy Drones or Airborne Trash (NYTimes) Re: NYC's Emerg. Med. Svc 911 system was crippled 'cuz (Dick Mills) Re: GPS interference caused the FAA to reroute Texas air traffic. (Richard S. Russell) Re: Iran Hackers Behind Attempt on US Election Are Still Active (Steve Bacher) RISKS 33.51 Wednesday 9 November 2022 Ground Truth vs Ground-up Truth (PGN) What U.S. Democracy Can Learn from Brazil (Jack Nicas) Voting-system firms battle right-wing rage against the machines (Reuters) How Republicans Fed a Misinformation Loop About the Pelosi Attack (NYTimes) Blood oxygen monitors face scrutiny from FDA panel (The Verge) Medicare enrollees warned about deceptive marketing schemes (Amanda Seitz) The Hunt for the Dark Web's Biggest Kingpin (WiReD) Why the FBI Is So Far Behind on Cybercrime (NYTimes) Ransomware attacks on hospitals take toll on patients (NBC News) iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Krausefx) The Most Vulnerable Place on the Internet (WiReD) Security Loophole Allows Attackers to Use Wi-Fi to See Through Walls (U.Waterloo) Engineers ready innovative robotic servicing of geosynchronous satellites payload for launch (phys.org) Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces cybersecurity incident (CBC) Signal Says It Will Exit India Rather Than Compromise Its Encryption (Techdirt) Scientists Increasingly Can't Explain How AI Works (Vice) Billions Spent in Metaverse 'Land' Grab (BBC) Same New York lottery numbers drawn twice in one day (NYPost) Powerball winning numbers live drawing delayed for $1.9 billion jackpot due to 'security protocol issue' (ABC) There's a good chance Meta has your contact info. Here's how to delete it. (Mashable) Web Inventor Tim Berners-Lee Wants Us to 'Ignore' Web3 (CNBC) 'How much press are you worth?' New calculator tackles inequality in missing persons stories (msnbc.com) Federal government advised to pause Twitter ads after mass layoffs at company (CBC News) Websites Accepting Crypto for Child Sex Abuse Content Doubling Every Year (Gizmodo) Wireless meat thermometer: What could go wrong? (SharperImage via Gabe) Adobe Just Held a Bunch of Pantone Colors Hostage (WiReD) Gaming Is Booming. That's Catnip for Cybercriminals. (NYTimes) AI code assistants may not spawn as many bugs as feared (NYTimes) The Rise of Rust, the Virus-Secure Programming Language That's Taking Over Tech (WiReD) The Strange Death of the Uyghur Internet (WiReD) Algorithms Quietly Run the City of WashingtonDC -- and Maybe Your Hometown (WiReD) Jeppesen Cyber-Incident Affects Services (AVweb) RISKS 33.52 Sunday 13 November 2022 Internal Documents Show How Close the FBI Came to Deploying Spyware (NYTimes) Taking down a ransomware hacker (CBC) A Porcelain Sink, Then Chaos: Inside the Takeover of Twitter (NTYTimes-x2) Latest Laughs on on Twitter? (Lauren Weinstein collected by PGN) FTX Bankruptcy (NYTimes) He was hailed as crypto's saviour. Now he needs billions for a bailout (CBC) TrustCor Systems (David Lesher) Asteroids, climate change, killer robots: A handy guide to doomsday scenarios (*The Washington Post*) AI computations want 250kW densities per rack (Henry Baker) How to get better and more reliable telecommunications services (Fibrecoookery) Re: The Rise of Rust (Henry Baker) Re: Scientists Increasingly Can't Explain How AI Works (Henry Baker) Re: Same New York lottery numbers drawn twice in one day (Martin Ward) *Dark Ships* Emerge From the Shadows of the Nord Streaam Mystery (Gabe Goldberg) Re: There's a good chance Meta has your contact info. Here's how to delete it (Anthony Thorn, Dick Mills) RISKS 33.53 Wednesday 22 November 2022 Russian software disguised as American finds its way into U.S. Army, CDC apps (Jan Wolitzky) How North Korea became a mastermind of crypto cybercrime (Ars Technica) U.S. NSA recommends 'memory safe' languages (Media Defense) Re: Rust (dmitri maziuk) Cyber Vulnerability in Networks Used by Spacecraft, Aircraft, Energy Generation Systems (U.Michigan) Reducing Redundancy to Accelerate Complicated Computations (TJNAF) Vulnerabilities of electric vehicle charging infrastructure (techxplore.com) Cybercriminals Are Selling Access to Chinese Surveillance Cameras (Threatpost) Code grey: Inside a 'catastrophic' IT failure at the Queensway Carleton Hospital (CBC) Open-Source Software Has Never Been More Important (TechRadar) Autonomous Vehicles Join the List of U.S. National Security Threats (WiReD) Hotel barfs on two people with the same name (gcluley via Wendy M. Grossman) DeepMind says its new AI coding engine is as good as an average human programmer (The Verge) Time Has Run Out for the Leap Second (NYTimes) Timer on GE ovens automagically reprogrammed to gobble rather than ding (Business Wire) Akamai finds 13 million malicious newly observed domains a month (SC Media) Inside the turmoil at Sobeys-owned stores after ransomware attack (CBC) $10.7 Million Payment To Virginia In Google Privacy Settlement (VA Patch) Short Videos on Ethics in AI and Software Development (Gene Spafford) Electronic Health Record Legal Settlements (JAMA Health Forum) Is This the End Game for Cryptocurrency? (Paul Krugman via PGN et al.) Tuvalu Turns to Metaverse as Rising Seas Threaten Existence (Lucy Craymer) Smart Home Hubs Leave Users Vulnerable to Hackers (Leigh Beeson) Twitter update (Lauren Weinstein PGN-simmerized) In Memoriam: Drew Dean (Peter G. Neumann) In Memoriam: Frederick P. Brooks Jr. (Steve Bellovin) RISKS 33.54 Sunday 27 November 2022 Volume 33 : Issue 54 Why artificial intelligence is now a primary concern for Henry Kissinger (David Ignatius) Alphabet installed software on user devices without their knowledge, permission, or even data enabled. (Mark E Jeftovic via Peter Houppermans) Major tax-filing websites secretly share income data with Meta (Ars Technica) Thinking about taking your computer to the repair shop? Be very afraid (Ars Technica) The airport of the future is the airport of today -- and that's not good. (PapersPlease) What Riding in a Self-Driving Tesla Tells Us About the Future of Autonomy (NYTimes) ID.me made baseless pandemic fraud claims to win contracts, Congress says (Ars Technica) Redacted Documents Are Not as Secure as You Think (WiReD) The World Generates So Much Data, New Unit Measurements Were Created to Keep Up (NPR) Massive Twitter data breach was far worse than reported, reveal security researchers (9to5mac) Twitter, Mastodon Handle, and App (Paul Roberts) Idle Crypto Is the Devil's Workshop (The New York Times) What Happens When Crypto Meets Ted Lasso (NYTimes) U.S. authorities seize iSpoof, a call spoofing site that stole millions (Tech Crunch) How Amazon shopping ads are disguised as real results (WashPost) RansomExx joins the ranks of ransomware gangs switching to Rust (Cybernews) How a Jewish Group's Online Surveillance Uncovered a Synagogue Plot (NYTimes) Sundry twitter items (Lauren Weinstein PGN-culled) Elon's phone confusion (Lauren Weinstein) They Weren't Rich But They Wanted to invest. Then They Lost Everything on FTX (Mother Jones) Re: NordStream (Nicolas Flamant Yotti) RISKS 33.55 Friday 2 December 2022 Blockchains, What Are They Good For? (Paul Krugman) Idle Crypto is the Devil's Workshop (Connel Fullenkamp) El Salvador's Chivo Wallet: a slapstick saga of software disaster: Attack of the 50-Foot Blockchain (David Gerard) San Francisco Considers Allowing Use of Deadly Robots by Police (NYTimes) Going great in Texas: Entire City of Houston placed under boil-water notice after system outage (ABC23) Smart inverters' vulnerability to cyberattacks needs to be identified and countered, according to researchers (techxplore.com) We Need to Change the System That Keeps Pilots from Seeking Mental Health Care (Scientific American) Gig workers in India are uniting to take back control from algorithms (Rest of World) Eufy Cameras Have Been Uploading Unencrypted Footage to Cloud Without Owners Knowing (Gizmodo) Scientists are using facial recognition software to track and protect seals (Mathew Kruk) Alexa, is the voice-assistant industry doomed? (CBC) Golf Robot Putts Like a Pro (Edd Gent) Programming Tool Turns Handwriting into Computer Code (Louis DiPietro) Network-Crashing Leap Seconds to Be Abandoned by 2035, for at Least a Century (Ars Technica) Re: The World Generates So Much Data, New Unit Measurements Were Created to Keep Up (Amos Shapir) Re: Elon, Twitter, China, and human lives -- and more (Lauren Weinstein) RISKS 33.56 Sunday 4 December 2022 Doonesbury (Garry Trudeau) Quantifying a Large Rise in Hate Speech under Musk (NYTimes) MuskRat or MuskOx? (PGN-culled from Lauren Weinstein) Domestic terrorism in North Carolina (Lauren Weinstein) Sirius XM flaw could've let hackers remotely unlock and start cars (The Verge) Samsung and app-signing leakage (Ars Technica via Henry Baker) The more you submit, the more we get paid: How fintech fueled COVID aid fraud (WashPost) TSA now wants to scan your face at security. Here are your rights. (WashPost) Man Cashed His Dead Mother's Social Security Checks for 26 Years, (NYTimes) Re: Blockchains, What Are They Good For? (Peter Houppermans) Re: San Francisco Considers Allowing Use of Deadly Robots by Police (Amos Shapir) RISKS 33.57 Saturday 10 December 2022 Dreams of a Future in Big Tech Dim for Computer Science Students (NYTimes via PGN, Bruce DeBruhl) Metro May Resume Automatic Train Operation In 2023 (DCist) Amnesty International Canada hit by cyberattack out of China (CBC) Data breach of Ontario's vaccine booking system affects hundreds of thousands, province says (CBC) How the Global Spyware Industry Spiraled Out of Control (Sundry) It's Not Science, Just Surveillance -- and It's Under Your Desk (Techworker) Raspberry Pi hires a former cop, and responds poorly to the public response (Resetera) Apple to encrypt iCloud (The Washington Post) TSA argues for impunity for checkpoint staff who rape travelers (PaperPlease) Hertz to pay $168m for falsely accusing customers of theft (BBC) AI Learns To Write Computer Code In 'Stunning' Advance (Science) A Row Erupts Over Texas' Bold Bitcoin Battery Plan (WiReD) A Twitter data tracker inhabits tens of thousands of websites (WashPost) Sundry Musky Items (PGN-collected from Lauren Weinstein) RISKS 33.58 Sunday 18 December 2022 What Would Plato Think about ChatGPT? (Zeynep Tufekci via PGN) Re: Dreams of a Future in Big Tech Dim for Computer Science Students (Pete Resiak) Pretty-smart AI (Glenn Story) ChatGPT: Smart, but Not Smart Enough (The New Stack via Gabe Goldberg) A Literature Major's Experience as a Real-Estate AI Bot's Operator (n+1 Magazine) Why local elevator rescues have reached a new high (Sue Dremann) How a secret software change allowed FTX to use client money (Reuters) Researcher Exploits Power Supply to Transmit, Steal Data from PC (Michaek Kan) Russian Software Company Pretending to Be American (Bruce Schneier) Blockchain Fails to Gain Traction in the Enterprise (WSJ) Database of British Columbians' personal health information is 'disturbingly' vulnerable: privacy watchdog (CBC) Major Canadian grocery chain says cyberattack cost $25 million (CBC) Cyber Posture Trends in China, Russia, the United States and the EU (SIPRI via Diego Latella) RISKS 33.59 Monday 2 January 2023 Vint Cerf and the Internet (Emily Bobrow) Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme (WiReD) Biometric devices sold on eBay reportedly contained sensitive U.S. military data (NYTimes) Lawmakers Signal Inquiries Into U.S. Government's Use of Foreign Spyware (NYTimes) I bought a $15 router at Goodwill, and found a millionaire's dirty secrets (Erin Keller) FBI's Vetted Info-Sharing Network InfraGard Hacked (Krebs on Security) Southwest COO explained that the company's outdated scheduling software quickly became the main culprit of the cancellations once the storm cleared. (CNN with comments from Gabe Goldberg and Richard M Stein) Two Men Arrested For Conspiring With Russian Nationals To Hack the Taxi Dispatch System At JFK Airport (U.S. DoJ) Two men indicted for hacking a dozen Ring cameras and livestreaming swatting attacks (The Verge) As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing temps go viral (Yahoo!) Robocall company may receive the largest FCC fine ever (Engadget) Calculations on Maryland college savings plans lead to account freeze (WashPost via Jeremy Epstein) Ransomware devastates the ALMA Observatory (Physics Today) Windows: Still insecure after all these years (ZDNET) Scammers Are Scamming Other Scammers Out of Millions of Dollars (WiReD) Melbourne Lord Mayor says *vandalism* of QR codes for reporting graffiti ` *so frustrating* (ABC Australia) Meta's new AI is skilled at a ruthless power-seeking game (WashPost) Roomba with a View! (MIT Tech Review) As e-bike fires rise, calls grow for education and regulation (Smart Cities Dive) Samsung Recalls Top-Load Washing Machines Due to Fire Hazard; Software Repair Available (CPSC) Apple's 'unprecedented' engineering snafu reportedly spoiled plans for more powerful iPhone 14 Pro chip (Yahoo!) Studies flag environmental impact of reentry (SpaceNews) A Fight Over Automation Plans at U.S. Hydroelectric Dams (WiReD) Their children went viral. Now they wish they could wipe them from the Internet. (NBC News) A dangerous side of America's digital divide: Who receives emergency alerts (WashPost) DDoS-for-hire sting hits 50 domains, seven people detained (The Register) Card skimming devices found at 7-Eleven locations in Boston (The Globe) Users report Google Calendar bug creating random, fake events (The Verge) Server broke because it was invisibly designed to break (The Register) Bad Santa at Rockettes' Christmas Spectacular (Ars Technica) Celsius hearing, December 8: Selling GK8 to Galaxy Digital (Amy Castor) Bankman-Fried's Cabal of Roommates in the Bahamas Ran His Crypto Empire -- and Dated. Other Employees Have Lots of Questions (Coindesk) Sympathy for the crypto bros (Mother Jones via Gabe Goldberg) Twitter dissolves Trust and Safety Council, Yoel Roth flees home (WashPost) Cats disrupt satellite Internet service (Smithsonian Mag) How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets (NYTimes) Okta had another security incident, this time involving stolen source code (Engadget) There is great danger in training an AI to lie... (Alex Epstein) Code-Generating AI Can Introduce Security Vulnerabilities (Kyle Wiggers) Co-Pilot helps write insecure code (Rik Farrow) ChatGPT Explains Why AIs like ChatGPT Should Be Regulated (SciAm) New bot ChatGPT will force colleges to get creative to prevent cheating, experts say (NBC News) Re: Dreams of a Future in Big Tech Dim for Computer Science Students (Gene Spafford) Re: Pretty Smart AI (David Parnas, Steve Bacher) RISKS 33.60 Monday 15 January 2023 NASA just brought a spacecraft 23 billion kilometres away to LIFE and the results are Astonishing (ViralOnce) Remote Vulnerabilities in Automobiles (Bruce Schneier) Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites (Bill Toulas) Cops Hacked Thousands of Phones. Was It Legal? (WiReD) The next time scammers call your grandparents asking for money, it will be with your voice. (MPost) Ransomware group LockBit apologizes saying 'partner' was behind SickKids attack (CBC-CA) Matt Levine on Ransomware compliance (Joe Loughry) Programming Languages: Why This Old Favorite Is on the Rise Again (Liam Tung) 3rd-party Twitter apps stop working without warning, leaks indicate Twitter did this intentionally (Engadget) How ChatGPT Hijacks Democracy (*The New York Times*) ChatGPT-Written Malware (Bruce Schneier) Microsoft to challenge Google by integrating ChatGPT with Bing Search (The Verge) A New Area of AI Booms, Even Amid the Tech Gloom (NYTimes) Re: Pretty Smart AI (Jurek Kirakowski) State of the cybersecurity art (NCSC UK via Gary Hinson) Artist Banned from reddit/Art Because Mods Thought They Used AI (Vice) Re: Calculations on Maryland college savings plans lead to account freeze) (Martin Ward) Southwest airline disruption (Martin Ward) Amazing Southwest story... (Paul Saffo) The oven won't talk to the fridge: 'smart' homes struggle (techxplore.com) Colorado ski town emergency dispatch centers fielding dozens of automated 911 calls from skier iPhones (Jason Blevins via Paul Saffo) Re: As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing temps go viral (John Levine) Re: Cats disrupt satellite Internet service (Henry Baker) Re: I bought a $15 router at Goodwill, and found a millionaire's dirty secrets (Steve Bacher) RISKS 33.61 Sunday 5 February 2023 Historic Arctic outbreak crushes records in New England (WashPost) 'It had just vanished' -- the shock when tech fails (BBC News) Welcome to the Era of Internet Blackouts (WiReD) Ford recalls 462,000 SUVs over rearview camera issue (Engadget) The lights have been on at a Massachusetts school for over a year because no one can turn them off (Corky Siemaszko) FAA says unintentionally deleted files are to blame for nationwide ground stop (CNN) Wi-Fi Routers Can Detect Human Locations, Poses Within a Room (Mark Tyson) Hackers Can Make Computers Destroy Their Own Chips with Electricity (Matthew Sparkes) Decoding Brainwaves to Identify What Music Is Being Listened To (U.Essex) Remember Zoom-bombing? This is how Zoom tamed meeting intrusions. (WashPost) Google Fi warns customers that their data has been compromised (Engadget) Options trading desks 'flying blind' after derivatives platform hit by ransomware attack (MarketWatch) Mathematical Trick Lets Hackers Shame People into Fixing Software Bugs (Matthew Sparkes) Can You Trust Your Quantum Simulator? (Jennifer Chu) Widespread Logic Controller Flaw Raises the Specter of Stuxnet (Lily Hay Newman) Man Paid $20,000 in Bitcoin in Failed Attempt to Have 14-Year-Old Killed, U.S. Says (NYTimes) Developer pleads guilty to hacking his own company after pretending to to investigate himself (The Verge) to Know. (NYTimes) investigate himself (The Verge) Retirees Are Losing Their Life Savings to Romance Scams. Here's What to Know. (NYTimes) Cryptocurrency Founder Gamed Markets, FTX Rivals Say (NYTimes) How Charlie Javice Got JPMorgan to Pay $175 Million for What Exactly? (NYTimes) Massive nursing degree scheme leads to hunt for 2,800 fraudulent nurses (Ars Technica) Based on a True Story -- Except the Parts That Aren't (NYTimes) Citing Accessibility, State Department Ditches Times New Roman for Calibri (NYTimes via Jan Wolitzky) DNS Attack enabled by well-know passwords; An issue that should be long-resolved (Ars Technica and precursor note) U.S. No-Fly List Leaks After Being Left in an Unsecured Airline Server (Vice) Yet *another* T-Mobile data breach affects 37M accounts (CNET) Coming soon, Congress screws with the clock with permanent DST? (Lauren Weinstein) NET pushed reporters to be more favorable to advertisers, staffers say (The Verge) Twitter employees status -- and Musk on trial (Lauren Weinstein) Musk oversaw staged Tesla self-driving video, emails show (Ars Technica) How Smart Are the Robots Getting? (Cade Metz) Robot Cars Are Causing 911 False Alarms in San Francisco (WiReD) A news site used AI to write articles, and it was a journalistic disaster (WashPost) CNET Is Reviewing the Accuracy of All Its AI-Written Articles After Multiple Major Corrections (gizmodo) My Printer Is Extorting Me (The Atlantic via Steve Bacher) ChatGPT on a blog: huMansplaining on parade (Rob Lemos) ChatGPT Accuracy in the Movies! (Lauren Weinstein) Google and the rest of "Big Tech" need to step up and speak to the public, *now*! (Lauren Weinstein) Google laying off 12K workers (Google) Jan 6 committee suppressed information about how social media firms -- especially Twitter -- enabled the violent insurrection (WashPost) Meta, Twitter, Microsoft and others urge Supreme Court not to allow lawsuits against tech algorithms (CNN) Twitter's utter violation of Trust & Safety (Lauren Weinstein) Elon's Sick Twitter officially bans third-party clients, a foundational aspect of Twitter for many years (TechCrunch) Why the TikTok ban needs university exemptions (Statesman) Twitter admits it's breaking third-party apps, cites 'long-standing API rules' (Engadget) Tesla engineer testifies that 2016 video promoting self-driving was faked (TechCrunch) U.S. states blocking overseas taxpayer traffic (Dan Jacobson) As Deepfakes Flourish, Countries Struggle with Response (Tiffany Hsu) In the age of AI, major in being human (David Brooks) Race is on as Microsoft puts billions into OpenAI (Metz/Weise) Google is freaking out about ChatGPT (The Verge) ChatGPT user acquisition rate (Dan Geer) Artificial Intelligence and National Security (Reza Montasari book reviewed by Sven Dietrich) Cybersecurity Myths and Misperceptions: Avoiding the Hazards and Pitfalls that Derail Us (Gene Spafford) Re: Remote Vulnerabilities in Automobiles (Bernie Cosell) Re: Cats disrupt satellite Internet service (John Levine, Wol) RISKS 33.62 Sunday 19 February 2023 BBC News: Lufthansa tech failure leaves planes grounded (BBC) Amazing Southwest Air story (SW pilot via Paul Saffo) Tesla admits Full Self-Driving beta may cause crashes, recalls 363,000 vehicles (Engadget) Tesla Cofounder Calls Autopilot, FSD Software Risky 'Crap' (Business Insider) Bionic_nose may help people experiencing smell loss, researchers say (WashPost) Elon Musk created a special system for showing you all his tweets first (The Verge) Woman Died Trapped in Burning SUV After Vehicle Malfunctiono (Newsweek) Hyundai, Kia Cars Targeted In Fairfax County With Rise Of TikTok Trend (Kingstowne VA Patch) Mary Queen of Scots secret letters decoded (The Register) The Army Officer Email Chain that Caused Pandemonium (Military.com) How CISA plans to get tech firms to bake security into their products (WashPost) Digital pound likely this decade, Treasury says (BBC) SMS-Based Multi-Factor Authentication: What Could Go Wrong? Plenty (PCMag) Two women, one Social Security number, and a mighty big mess (NBC News) Here's how Musk could have dealt with SMS 2FA responsibly (Lauren Weinstein) JPMorgan Paid $175 Million for a Business It Now Says Was a Scam (NYTimes) The People Onscreen Are Fake. The Disinformation Is Real. (NYT) Peabody EDI Office responds to MSU shooting with email written using ChatGPT (The Vanderbilt Hustler) ChatGPT-Written Malware (Bruce Schneier) These 26 words 'created the Internet.' Now the Supreme Court may be coming for them (CNN) Re: How Smart Are the Robots Getting? (David Parnas, Amos Shapir) Why a Conversation With Bing's Chatbot Left Me Deeply Unsettled (Kevin Roose) Bing chatbot says it feels 'violated and exposed' after attack (BBC) Trying Microsoft's new AI chatbot search engine, some answers are uh-ohs (WashPost) Re: ChatGPT on a blog: huMansplaining on parade (Wol) Are chatbots coming for your job? (Chris Stokel-Walker) Re: rm -rf (Glen Story) Re: Dreams of a Future in Big Tech Dim for Computer Science Students (dmitri maziuk) Re: Historic Arctic outbreak crushes records in New England (Wol) Re: The Cloud (Jay R. Ashworth) Space Rogue: How the Hackers Known As L0pht Changed the World (Review by Richard Thieme) RISKS 33.63 Saturday 25 February 2023 Over 1,000 Trains Derail Each Year in America (NYTimes) Wearable fitness trackers could interfere with cardiac devices, study finds (The Guardian) U.S. Air Force Studies Autonomous Cargo Jets (AVweb) Put Electrical Transmission Lines Underground? Distributed is far cheaper (TDWorld) Power-Grid Attacks Surge and Are Likely to Continue, Study Finds (WSJ) Climate change hotspots and implications for the global subsea telecommunications network (M.A. Clare at al., Earth Science Reviews) Cox Cable phone follies (Gabe Goldberg) Google Issues article from 14 years ago, still relevant today (Lauren Weinstein) Amid cutbacks, desk sharing at Google Cloud, and office downsizing (Lauren Weinstein) Congress must act to keep kids off social media (Josh Hawley via Gabe Goldberg) Planting Undetectable Backdoors in Machine Learning Models (IEEE via Victor Miller) Microsoft's Bing AI Is Leaking Maniac Alternate Personalities Named Venom and Fury (Futurism) Is Your Smart Home Controlling You? 9Anna Kode') Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough (The Center for Auto Safety) macOS targeted by evasive crypto-jacking malware (Apple Insider) Sensitive U.S. military emails spill online (TechCrunch) Florida surgeon general fudged data for dubious COVID analysis, tipster says (Ars Technica) SpaceX faces a $175,000 fine for not submitting info ahead of a recent launch (TechCrunch) Generative AI Is Coming For the Lawyers (WiReD) U.S. says Google routinely destroyed evidence and lied about use of auto-delete (Ars Technica) Amazon hamstrings free app that makes Fire TV remotes reprogrammable (Ars Technica) The clever trick that turns ChatGPT into its evil twin (Will Oremus) AI Search Is a Disaster (The Atlantic) ChatGPT is a DDoS attack! (Gadi Evron) Re: Why a Conversation With Bing's Chatbot Left Me Deeply Unsettled (Kevin Roose) AI is starting to pick who gets laid off (WashPost) Re: BBC News: Lufthansa tech failure leaves planes grounded (J0hn Levine) In the Metaverse, Your Identity Can Be Revealed Just by Moving (Lewis Maddison) U.S. Census Data Vulnerable to Attack Without Enhanced Privacy Measures (U.Penn) Microsoft Researchers Use ChatGPT to Control Robots, Drones (Michael Kan) German Court Rules Police Use of Crimefighting Software Unlawful (Rachel More) Re: Belated decryption (Wendy M. Grossman) Re: These 26 words 'created the Internet.' Now the Supreme Court may be coming for them (Steve Bacher) Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? Plenty (Steve Bacher) Re: Peabody EDI Office responds to MSU shooting with email written using ChatGPT (Steve Bacher) Re: Trying Microsoft's new AI chatbot search engine, some answers are uh-ohs (Steve Bacher) Re: Re: rm -rf (Steve Bacher) RISKS 33.64 Tuesday 7 March 2023 Why I'm sticking up for science (Richard Dawkins) What Can We Do to Make Sure the FAA and Southwest Airlines Fiascos Never Happen Again? (Scientific American) FAA reports 'close call' between two planes at Logan Airport (Boston Globe) Pilot Error Caused an F-35C Crash in the South China Sea in 2022 (Popular Mechanics) How many satellites can we fit into space before it gets too much? (Jonathan McDowell) The Gare de Lyon Disaster (via Steve Bacher) North American rail operations *Peter Bernard Ladkin) Controller-level flaws can let hackers physically damage moving bridges (Waqas) Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough (NBC Chicago) A 120-year-old company is leaving Tesla in the dust (Ezra Dyer) Ford files patent for system that could remotely repossess a car (ArsTech) Apple Now Offering Depth and Water Seal Tests for Apple Watch Ultra (MacRumors) Apple Blocks Update of ChatGPT-Powered App, as Concerns Grow Over AI's Potential Harm (WSJ) How the Biggest Fraud in German History Unraveled (The New Yorker) U.S. Marshals Service target of 'major' cyber-attack (BBC) Indigo won't pay ransom for stolen employee data (CBC) LastPass Says DevOps Engineer Home Computer Hacked (SecurityWeek) U.S. Air Force Giving Military Drones the Ability to Recognize Faces (David Hambling) Researchers Find New Bug 'Class' in Apple Devices (Alex Scroxton) At Least One Open-Source Vulnerability Found in 84% of Code Bases (Apurva Venkat) The Satellite Hack Everyone Is Finally Talking About (Bloomberg) Inside the Lab Growing Mushroom Computers (Charlotte Hu) Fact check: A deepfake video falsely depicted Elizabeth Warren speaking about Republicans (The Boston Globe) Voice Deepfakes Of Everyone From Joe Rogan To Joe Biden Are Taking Over Social Media (Buzzfeed) How to make a bad situation worse: Developers Created AI to Generate Police Sketches. Experts Are Horrified (Vice) How I Broke Into a Bank Account With an AI-Generated Voice (vice.com) AI chatbots may have a liability problem (WashPost) Large Language Models Are Biased. Can Logic Help Save Them? (Rachel Gordon) Quantum Computers That Use 'Cat Qubits' May Make Fewer Errors (Karmela Padavic-Callaghan) The privacy loophole in your doorbell (Politico) iPhone thieves use social engineering to obtain passcode (Barrons) The Era of Faked CCTV Has Truly Arrived (WiReD) AI-powered watermark removal poses uncomfortable implications for content use (Jeremy Gray -- Digital Photography Review) ChatGPT Could Destroy Reality, According to Henry Kissinger (Mack DeGeurin -- Gizmodo) Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones (Gavin Scott, Goldy) Re: Power-Grid Attacks Surge and Are Likely to Continue, Study Finds (Steve Bacher) Re: Put Electrical Transmission Lines Underground? Distributed is a NIMBY fantasy (John Levine) Re: rm -rf (Charles Cazabon, Jose Maria Mateos) Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? (John Levine, Jay Lobove Alzina, Bernie Cosell) Re: Congress must act to keep kids off social media (Barry Gold0 Re: Google Issues article from 14 years ago, still relevant today (Barry Gold) Re: AI is starting to pick who gets laid off (Steve Bacher) Re: Cox Cable phone follies (Wol) RISKS 33.65 Saturday 11 March 2023 Noam Chomsky: The False Promise of ChatGPT (via Matthew Kruk) ChatGPT Convulses Big Tech with its Promise and its Peril (NYTimes) Two types of dataset poisoning attacks that can corrupt AI system results (techxplore.com) Detection Stays Ahead of Deepfakes -- for Now (Matthew Hutson) Tesla under investigation after Model Y steering wheels fall off (The Verge) Stablecoin Issuer Circle Reveals $3.3 Billion SVB Exposure (Bloomberg) Blackbaud Fined $3M For Misleading Disclosures Re: 2020 Ransomware (Ryan Naraine) Canada's tax revenue agency tries to ToS itself out of hacking liability (Risky Biz News) Data breach hits hundreds of lawmakers and staff on Capitol Hill (NBC) North Korean hackers target security researchers with a new backdoor (Ars Technica) Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 (Krebs on Security) When Low-Tech Hacks Cause High-Impact Breaches (Krebs on Security) TikTok whistleblower claims U.S. data privacy efforts are seriously flawed (Engadget) Tech Is Allowing Businesses to Overcharge You in Tips (NYTimes) Why the Floppy Disk Just Won't Die (WiReD) Union `increasingly alarmed' about Indigo cyberattack, demands further disclosure (CBC) Password changing considered harmful (WSJ) Teens are stealing more cars. They learn how on social media (NYT) UK online safety bill -- how to create a digital dictatorship (Lauren Weinstein) Terms of enscamment? (Rob Slade) Re: Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough (Richard S. Russell) Re: Why I'm sticking up for science (zeurkous) Re: rm -rf (Henry Baker, Steve Bacher) Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? (John Levine) Re: FAA reports 'close call' between two planes at Logan Airport (Jan Wolitzky) Re: Everyone is special, SMS-Based Multi-Factor Authentication: What Could Go Wrong? (John Levine) Re: The privacy loophole in your doorbell (Steve Bacher) RISKS 33.66 Thursday 16 March 2023 The EU's chat-control legislation is the most alarming proposal I've ever read (Matthew Green) Authors risk losing copyright if AI content is not disclosed, U.S. guidance says (Ars Technica) AI to act as doctor's second pair of eyes to spot nearly invisible colon cancer growths (The Straits Times) BlackMamba (Dark Reading) Welcome to the Big Blur (The Atlantic) Chat GPT4: Is the world prepared for the coming AI storm? (BBC) Botnet that knows your name and quotes your email is back with new tricks (Ars Technica) Personal info from data breach affecting lawmakers posted on hacker site (NBC News) A Spy Wants to Connect With You on LinkedIn (WiReD) Microsoft lays off an ethical AI team as it doubles down on OpenAI (TechCrunch) Tesla Model 3 unlocked and driven by the wrong owner (Autoblog) Ransomware Attacks Have Entered a Heinous New Phase (WiReD) Ransomware Group Claims Hack of Amazon's Ring (Vice) Samsung caught faking zoom photos of the Moon (The Verge) Cerebral admits to sharing patient data with Meta, TikTok, Google (The Verge) Vanishing phone customer support is driving us all insane (WashPost) Verizon Copies T-Mobile's Popular Offer -- With Two Big Catches (The Street) Noncompete clauses are everywhere, even for dancers and hair stylists (WashPost) Quebec residents can now freeze their credit files (Jose Maria Mateos) Re: Why I'm sticking up for science (elizabeth, Jurek Kirakowski, 3daygoaty) Re: Everyone is special, SMS-Based Multi-Factor Authentication (Jan Libove Alzina) Re: Why the Floppy Disk Just Won't Die (Steve Bacher) Re: rm -rf (Dan Astorian, Steve Bacher, Henry Baker, dmitri maziuk) Re: Terms of enscamment? (John Levine) RISKS 33.67 Saturday 1* April 2023 Speculative out-of-order execution on my part? (PGN) Airline baggage drops (JSX) How space storms miscue train signals (phys.org) Why Long Trains Keep Derailing (ProPublica) Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack (Sentinel One) Chinese fraudsters: evading detection and monetizing stolen credit-card information (ATT) A Front Company and a Fake Identity: How the U.S. Came to Use Spyware It Was Trying to Kill. (NYTimes) It's like children turned loose on a jungle gym (CBC) AI application ChatGPT temporarily banned in Italy over data collection concerns (CBC) Even More on Trust & Safety and AI (Lauren Weinstein) Australian mayor prepares world's first defamation lawsuit over ChatGPT content (The Guardian) Pausing AI Developments Isn't Enough. We Need to Shut It All Down (Eliezer Yudkowsky) Forgive or Forget: What Happens When Robots Lie? (Catherine Barzler) I am not afraid of robots. I am afraid of people. (Gary Marcus) Are robot waiters the future? Some restaurants think so. (AP News) It's Their Content,You're Just Licensing it, (NYTimes) Stupid physical risk (Nextdoor via Phil Smith III) Re: DC Metro Will Retrofit Faregates To Cut Down On Fare Evasion (Stan Brown) RISKS 33.68 Saturday 1 April 2023 Ifixme.com announces 'Right to Repair' program for your human body (via Henry Baker) In Gen Z's world of dupes, fake is fabulous -- until you try it on (WashPost) Grindr warns Egyptian police may be using fake accounts to trap users (WashPost) A scammer tricked Instagram into banning influencers with millions of followers. Then he made them pay to recover their accounts. (ProPublica) Amazon Begs Employees Not to Leak Corporate Secrets to ChatGPT (Futurism) People talking about what AI will do to society, here's a niche example that's happening right now (TJStebbing) Google and Microsoft's chatbots are already citing one another in a misinformation sh*tshow (The Verge) Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (The Hacker News) AI-Powered Vehicle Descriptions: Save Money, Save, Time, Sell More! (slisghtly redacted by PGN) Elon Musk and other tech leaders call for pausee on 'dangerous race' to make AI as advanced as humans (CNBC) On using Microsoft's Bing Chat for programming (PGN) Microsoft Patched Bing Vulnerability That Allowed Snooping on Email, Other Data (Robert McMillan) DC Metro Will Retrofit Faregates To Cut Down On Fare Evasion (DCist) Metro operator investigated for using automation system without clearance (The Washington Post) Biden Acts to Restrict U.S. Government Use of Spyware (NTTimes) Flight problems, not turbulence, found in death of former White House official (WashPost) Researchers exploit vulnerabilities of smart-device microphones and voice assistants (techxplore.com) OpenSSL KDF and secure by default (OpenSSL) All of your Internet usage will be subject to government tracking and control. (Lauren Weinstein) Cryptocurrencies (Amy Castor) Pwn2Own Hackers Breach a Tesla Twice (Marco Marcelline)> Voting vendor in Reality Winner's leak is coming to Texas (Texas Observer) Malicious Actors Use Unicode Support in Python to Evade Detection (Phylum via Monty Solomon) Progressives Across Nation Locked Out Of Accounts After CAPTCHA Asks 'Select All Squares That Contain A Woman' (Babylonbee) SF loses 150K daily office workers during pandemic (SanFranChron) Any friend that can be replaced by GPT-4 ... (Rob Slade) Friday 28 April 2023 Farmers crippled by satellite failure as GPS-guided tractors grind to a halt (Sydney Morning Herald) GPS clock turnover -- again and again (GPS) Russian pranksters posing as Zelensky trick Fed Chair Jerome Powell (WashPost) Large amount of content missing from RISKS-33.68 (Steve Bacher) There's a new form of keyless car theft that works in under 2 minutes (Ars Technica) eFile tax website served malware to visitors for weeks (AppleInsider) California Man Falls In Love With AI Chatbot Phaedra (India Times) Actor kicked out of Facebook for impersonating his stage character (Amos Shapir) *Intelligence leak* (Rob Slade) Fox News vs Dominion Voting Systems (NYTimes articles via PGN) The Crypto Detectives Are Cleaning Up (The New York Times) To avoid an AI *arms race*, the world needs to expand scientific collaboration (Charles Oppenheimer) ChatGPT falsely told voters their mayor was jailed for bribery. (WashPost) Why regulators in Canada and Italy are digging into ChatGPT's use of personal information (CBC) ChatGPT is making up fake Guardian articles. Here's how we are responding (The Guardian) ChatGPT detector tools resulting in false accusations of students for cheating (USA Today) On the Impossible Security of Very Large Foundation Models (El-Mhamedi via Prashanth Mundkur) AI vs the culture industry (Politico) In AI Race, Microsoft and Google Choose Speed Over Caution (NYTimes) AI is now indistinguishable from reality (via geoff goodfellow) In Defense of Merit in Science (via geoff goodfellow) ICE Records Reveal How Agents Abuse Access to Secret Data (WiReD) Security breaches covered up by 30% of companies, reveals study (9to5mac) Why it's hard to defend against AI prompt in ection (The Register) Lawmakers Introduce Bill to Keep AI from Going Nuclear (nextgov.com) Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say (Tech Crunch) Chinese spy balloon gathered intelligence from sensitive U.S. military sites, despite U.S. efforts to block it (NBC News) Nearly eight years of breath test results cannot be used in drunk-driving prosecutions, SC rules (The Boston Globe) The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks (WiReD) Re: Metro operator investigated for using automation system without clearance (Steve Bacher) Re: OpenSSL KDF and secure by default (Cliff Kilby) RISKS 33.70 Saturday 13 May 2023 Microsoft Bets That Fusion Power Is Closer Than Many Think (WSJ) Tourists follow GPS, drive car into Hawaii harbor (WashPost) Near collision embarrasses Navy, so they order public San Diego webcams taken down (Fox5) A Tennessee company is refusing a U.S. request to recall 67 million air-bag inflators (npr.org) Automakers are starting to admit that drivers hate touch screens. Buttons are back! (Slate) The federal government is not doing their job, NTSB chair says about automated driving tech (cnn.co) MASSIVE Toyota vehicles location data breach (BleepingComputer) Critical-rated security flaw in Illumina DNA sequencing tech exposes patient data (techcrunch.com) Ohio Man Sentenced for Stealing Over 712 Bitcoin Subjected to Forfeiture (USAO-DC Department of Justice) Major e-problems in Dallas courts (Reuters) Navy doctors and dentists are told they owe 3 more years of service after military admits to another record-keeping error (NBC News) The Untold Story of the Boldest Supply-Chain Hack Ever (WiReD) Major psychologists' group warns of social media's potential harm to kids (NPR) Three Companies Supplied Fake Comments to FCC (NY AG) Chinese hackers outnumber FBI cyber staff 50 to 1, bureau director says (cnbc.com) What Exactly Are the Dangers Posed by AI? (NYTimes) Doctors warn about AI's "existential threat to humanity (Axios) ChatGPT Will See You Now: Doctors Using AI to Answer Patient Questions (WSJ) Re: ChatGPT Will See You Now: Doctors Using AI to Answer Patient Questions (Tom Van Vleck) Re: ChatGPT detector tools resulting in false accusations of students for cheating (Amos Shapir) Italy reinstates an `improved' ChatGPT (PGN) Wendy's Turns to AI-Powered Chatbots for Drive-Thru Orders (Bloomberg) Re: AI is now indistinguishable from reality (Steve Bacher) Dominion tells its Fox story: Axios exclusive interview (PGN) Re: Security breaches covered up by 30% of companies, reveals study Jose Maria Mateos) Re: Farmers crippled by satellite failure as GPS-guided tractors grind to a halt (John Levine, Brian Inglis) Re: Farmers crippled by satellite failure as GPS-guided tractors Re: GPS clock turnover -- again and again (Terje Mathisen, Brian Inglis) Software Obsolescence (Ross Anderson) Stop Ransomware (CISA) Correctness-by-Construction - How Can We Build Better Software? (PGN) RISKS 33.71 Tuesday 16 May 2023 Your DNA Can Now Be Pulled From Thin Air. Privacy Experts Are Worried (Elizabeth Anne Brown) An EFF Investigation: Mystery GPS Tracker On A Supporter's Car (via GG) *Philadelphia Inquirer* hack prevents printing the Sunday paper (Sundry) CEO of OpenAI calls for US to regulate artificial intelligence (Sam Altman) ChatGPT Is a Blurry JPEG of the Web (The New Yorker) Cybersecurity faces a challenge from AI'S rise (MSN) Entering the singularity: Has AI reached the point of no return? (The Hill) Research finds AI assistants may be able to influence users without them being aware, akin to humans swaying each other through collaboration and social norms (WSJ) Rip and Replace: The Tech Cold War Is Upending Wireless Carriers (NYTimes) Vice Media Group files for bankruptcy protection (Matthew Kruk) Re: Near collision embarrasses Navy, so they order public San Diego webcams taken down (Steve Bacher) Re: Three Companies Supplied Fake Comments to FCC (Steve Bacher) Interfaces: The Dangers of Ethical AI in Healthcare (S. Scott Graham) RISKS 33.72 Sunday 4 June 2023 How A Dark Fleet Moves Russian Oil (The New York Times) Metro Breach Linked To Computer In Russia, Report Finds (DCIST) Kaspersky Says New Zero-Day Malware Hit iPhones, Including Its Own (WiReD) $528 Billion Nuclear Cleanup Plan at Hanford Site in Jeopardy (NYTimes) Secret industry documents reveal that makers of PFAS 'forever chemicals' covered up their health dangers (phys.org) Japanese Moon Lander Crashed Because of a Software Glitch (NYTimes) Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor (WiReD) Fake students stealing aid from colleges (Nanette Asimov) Tesla leak reportedly shows thousands of Full Self-Driving safety complaints (The Verge) Tesla data leak reportedly details Autopilot complaints (LATimes) Social Media and Youth Mental Health (U.S. Surgeon General) Meta slapped with record $1.3 billion EU fine over data privacy (CNN) Flaws Found in Using Source Reputation for Training Automatic Misinformation Detection Algorithms (Carol Peters) Failed Expectations: A Deep Dive Into the Internet's 40 Years of Evolution (Geoff Huston) AI Poses 'Risk of Extinction,' Industry Leaders Warn (Kevin Roose) What we *should* be worrying about with AI (Lauren Weinstein) Artificial intelligence system predicts consequences of gene modifications (medicalxpress.com) How to fund and launch your AI startup (Meetup) Rise of the Newsbots: AI-Generated News Websites Proliferating Online (NewsGuard) Some thoughts on the current AI storm und drang (Gene Spafford) Massachusetts hospitals, doctors, medical groups pilot ChatGPT technology (The Boston Globe) The benefits and perils of using artificial intelligence to trade and other financial instruments (TheConversation.com) Professor Flunks All His Students After ChatGPT Falsely Claims It Wrote Their Papers (Rolling Stone) Top French court backs AI-powered surveillance cameras for Paris Olympics (Politico) Meta's Big AI Giveaway (Metz/Isaac) Meta hit with record fine by Irish regulator over U.S. data transfers (CBC) AI scanner used in hundreds of US schools misses knives (BBC) Milton resident's against CVS raises questions about the use of AI lie detectors in hiring (The Boston Globe) EPIC on Generative AI (Prashanth Mundkur) Reality check: What will generative AI really do for cybersecurity? (Cyberscoop) Moody's cites credit risk from state-backed cyber intrusions into U.S. critical infrastructure (cybersecuritydive.com) What Happens When Your Lawyer Uses ChatGPT (NYTimes) Anger over airports' passport e-gates not working (BBC News) Longer and longer trains are blocking emergency services and killing people (WashPost) Denials of health-insurance claims are risingm and getting weirder (WashPost) Small plane crashes after jet fighter chase in WashDC area (WashPost) Response from American Airlines for delay (Steven J. Greenwald) Microsoft Finds macOS Bug That Lets Hackers Bypass SIP Root Restrictions (Sergiu Gatlan) Apps for Older Adults Contain Security Vulnerabilities (Patrick Lejtenyi) India official drains entire dam to retrieve phone (BBC) Google's Privacy Sandbox (Lauren Weinstein) WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities (Apple) Q&A: Why is there so much hype about the quantum computer? (phys.org) Report Estimates Trillions in Indirect Losses Would Follow Quantum Computer Hack (nextgov.com) Don't Store Your Money on Venmo, U.S. Govt Agency Warns (Gizmodo) Re: An EFF Investigation: Mystery GPS Tracker (Steve Lamont) Re: Three Companies Supplied Fake Comments to FCC (NY AG), but John Oliver didn't (John Levine) Re: Near collision embarrasses Navy, so they order public San Diego (Michael Kohne) RISKS 33.73 Saturday 24 June 2023 OceanGate: Insufficient prototype testing? (Henry Baker) Henry Petroski, Whose Books Decoded Engineering, is dead at 81 (Richard Sandomir via PGN) Why is There a Data Trust Deficit? (ACM) 92% of Programmers Use AI Tools: Survey (Steven Vaughan-Nichols) ChatGPT can now generate working Windows 11 keys for free (digitaltrends) Do chatbot avatars prompt bias in health care? (MedicalXpress.com) OpenAI Sued for Libel Over ChatGPT's Hallucinations (Gizmodo) Is America Ready For AI-Powered Politics? (Huffpost.com) What could go wrong? - The people paid to train AI are outsourcing their work ... to AI (Technology Review) Waymo Robo-Taxi Kills Dog in San Francisco (DMV Report) LockBit digital gang named top ransomware threat by Canada and other nations (CBC) TV meteorologist quits after receiving threats and harassment over climate change coverage (CNN) Continuing cover-up of elections software breach in Coffee City, GA (Douglas Lucas) Re: Tesla leak reportedly shows thousands of Full Self-Driving safety complaints (Steve Bacher) My book won an award (Space Rogue) RISKS 33.74 Saturday 1 July 2023 Android 13 "Emergency SOS" Implementations Leading to Problems Peter Bernard Ladkin) UK police blame Android SOS feature for influx of false emergency calls (The Verge) FAA lifts ground stop at DC-area airports after pausing departures for repairs at air traffic control facility (CNN) Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers (NIST) The cleaner did it: an uncool act. (Times Union) Single points of failure and the repercussions of "silencing the alarm" (CNN) How Do Kwon, a Crypto Fugitive, Upended the Politics of Montenegro (*The New York Times*) Petro-Canada payment problems continue, but company says it's 'making progress' on fix (CBC) $118K water bill has name of woman who died in 2007 on it; water company wants new owner to pay it (WSBTV) Cyberstalkers shielded by SCOTUS ruling on speech and online threats (Ars Technica) Barred from Grocery Stores by Facial Recognition (NYTimes) Indigo lost $50M last year, in large part due to February 2023 cyberattack (CBC) Europe Opens AI 'Crash Test' Centers (ACM TechNews) AI's Use in Elections Sets Off a Scramble for Guardrails (NYTimes) How Secure Are Voice Authentication Systems? (U.Waterloo) LastPass users furious after being locked out due to MFA resets (BleepingComputer) "The EU AI Act: A Critical Assessment" (Lauren Weinstein) OpenAI, maker of ChatGPT, hit with proposed class-action lawsuit alleging it stole people's data (CNN) Re: Is America Ready For AI-Powered Politics? (Martin Ward) Re: The people paid to train AI are outsourcing their work ... to ... to AI (Steve Bacher) Re: Do chatbot avatars prompt bias in health care? (Arthur Flatau) Re: Is America Ready For AI-Powered Politics? (David Alexander) Re: Tesla leak reportedly shows thousands of Full Self-Driving, safety complaints (Martin Ward) RISKS 33.75 Monday 10 July 2023 A Myth About Innovation May Have Doomed the Titan (Naomi Oreskes) OceanGate's safety culture (Robert Dorsett) High-altitude upset Robotaxi haters in San Francisco are disabling the AVs with traffic cones (TechCrunch) Tesla Autopilot tricked with wheel weights; Amazon, Alibaba pull listings (WashPost) How Tom Brady's Crypto Ambitions Collided With Reality' (NYTimes) Chatbots without guardrials open next round of AI debate (Stuart A. Thompson) ChatGPT getting dumber? (Rik Farrow) The Risk from AI Isn't just existential (Evgeny Morozov) Gödel, Escher, Bach, and AI (Douglas Hofstadter) Why Car Repairs Have Become So Expensive (NYTimes) The mystery of the Ain Dubai, the_world's largest -- broken -- Ferris wheel (WashPost) Suncor swaps out laptops after cybersecurity incident as energy sector takes stock of risks (CBC) Unauthorized party' obtained Petro-Points members' contatc information in IT breach, company says (CBC) One Careless Act of War Could Destroy All Satellites in Just 40 Years (ScienceAlert) EV Charger Hacking Poses a Catastrophic Risk (WiReD) Georgia won't, can't certify voting update addressing Halderman report (Douglas Lucas) India's religious chatbots condone violence using the voice of god (CBC) Re: Three Companies Supplied Fake Comments to FCC (Rebecca Mercuri) Re: The cleaner did it: an uncool act. (Mike Scott) Re: Is America Ready For AI-Powered Politics? (Amos Shapir) RISKS 33.76 Saturday 15 July 2023 Defective train safety controls lead to bus rides for South Auckland commuters (Gary Hinson) Blocked Rail Crossings Snarl Towns, but Congress Won't Act (NYTimes) Key Management problem leads to major security breach (WiReD) Artificial Intelligence at the Crossroads (Lauren Weinstein) It's not just Hollywood -- AI is coming for us all (Lauren Weinstein) Satellite Security Lags Decades Behind the State of the Art (Julia Weiler) Idaho helicopter crash likely caused by dropped iPad (Monty Solomon) 3 tax-prep firms shared 'extraordinarily sensitive' data about taxpayers with Meta, lawmakers say (The Boston Globe) How addictive, endless scrolling is bad for your mental health (WashPost) Your printing service might read your documents. Here's what to know. (WashPost) Printer ink is a scam. Here's how to spend less. (WashPost) WordPress plugin installed on 1 million+ sites logged plaintext passwords (Ars Technica) Re: OceanGate's safety culture (DJC) Re: A Myth About Innovation ... (3daygoaty, Martyn Thomas, John Levine, Mark Lutton) Re: G=C3=B6del, Escher, Bach (3daygoaty) Re: Italian Data Protection Authority has ordered ChatGPT to stop processing Italian users' (Rich Kulawiec) ACM Technology Policy Council Releases Principles for Generative AI Technologies (ACM) RISKS 33.77 Friday 11 August 2023 Volume 33 : Issue 77 Failed communications left Maui residents trapped by fire, unable to escape (LATimes) Firmware vulnerabilities in millions of computers could give hackers superuser status (Ars Technica) Cyberattack Sabotages Medical Sites in Four States (Rebecca Carballo) UK electoral register hacked in August 2021 (The Guardian) New acoustic attack steals data from keystrokes with 95% (Bleeping Computer) Downfall Attacks on Intel CPUs Steal Encryption Keys, Data (Ionut Ilascu) California privacy regulator’s first case: Probing Internet-connected cars (WashPost) Hackers Stole $6M from Connecticut public school system Lola Fadulu) VR Headsets Are Vulnerable to Hackers (UC Riverside) Security and Human Behavior -- SHB 2023 (Bruce Schneier) Typo sends millions of U.S. military emails to Russian ally Mali (BBC) Bots and Spam attack Meta's Threads (TechCrunch) Facebook sent information on visitors to police *anonymous' reporting* site (The Guardian) Tech companies acknowledge machine-learning algorithms can perpetuate discrimination and need improvement. (NYTimes) Wikipedia's Moment of Truth? (NYTimes) Why AI detectors think the U.S. Constitution was written by AI (Ars Technica) ChatGPT's Accuracy Has Gotten Worse (Andrew Paul) In the Age of AI, Tech’s Little Guys Need Big Friends (NYTimes) OpenAI's trust and safety lead is leaving the company (Engadget) AI That Teaches Other AI (Greg Hardesty) Researchers Find Deliberate Backdoor in Police Radio Encryption Algorithm (Kim Zetter) Researchers Poke Holes in Safety Controls of ChatGPT, Othoer Chatbots (Cade Metz) Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrade (Brandon Hill) Eight-Months Pregnant Woman Arrested After False Facial Recognition Match (Kashmir Hill) MIT Makes Probability-Based Computing a Bit Brighter (IEEE Spectrum) Wikipedia’s Moment of Truth (NYTimes) Possible Typo Leads to Actual Scam (Bob Smith) 'Redacted Redactions' Strike Again (Henry Baker) Re: Defective train safety controls lead to bus rides for South Auckland commuters (George Neville-Neil) Re: Myth about innovation ... (Henry Baker, Martyn Thomas, John Levine) Internet censorship (Gene Spafford) RISKS 33.78 Tuesday 14 August 2023 Metrorail Safety Commission Says Automatic Train Operation Not Ready For Primetime (DCist) Freight Railroads Seek Changes to Federal Safety Program Before Joining It (NYTimes) Activist Group Is Protesting Driverless Cars by Disabling Them With Traffic Cones (Vice) Hackers Can Talk Computers into Misbehaving with AI (Robert McMillan) San Francisco's North Beach streets clogged as long line of Cruise robotaxis come to a standstill (LA Times) Cellphone Radiation Is Harmful, but Few Want to Believe It (Neuroscience News) Hackers Rig Casino Card Shuffling Machines for Full Control -- Cheating (WiReD) Pepco Violation Could Cost Solar Owners Thousands (DCist) Dangers of Trusting Encryption Supply Chains (Bob Gezelter) Microsoft finds vulnerabilities it says could be used to shut down power plants (Ars Technica) Has Microsoft cut security corners once too often? (Computerworld) Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found. (NYTimes) A Clever Honeypot Tricked Hackers Into Revealing Their Secrets (WiReD) Medicare replaces 47,000 patients' ID numbers, because of MOVEit data breach (CMS) Spreadsheet blunder reveals sensitive law enforcement information (Belfast Telegraph) The future is certain; it is only the past that is unpredictable (Henry Baker) Social Media Influencers Are Holding Restaurants Hostage (NYTimes) AI Causes Real Harm. Let's Focus on That over the End-of-Humanity Hype (Scientific American) Canadian AI pioneer brings plea to U.S. Congress: Pass a law now (CBC) Chatbots: Why does White House want hackers to trick AI? (BBC) Hospital bosses love AI. Doctors and nurses are worried (WashPost) The AI firms are pushing too hard, and the result could be ... (Lauren Weinstein) A Zoom Call, Fake Names and an AI Presentation Gone Awry (NYTimes) AI Drift: Study Reveals ChatGPT's Struggles with Basic Math -- as accuracy declines (Cryptopolitan) Don't use our content to train AI systems (*The New York Times*) Cigna Uses AI To Improperly Deny CA Claims, Lawsuit Contends (Patch) Zoom's Updated Terms of Service Permit Training AI on User Content Without Opt-Out (StackDiary) Google and Universal Music Discuss Making an AI Tool to Replicate Artists' Voices (Gizmodo via Lauren Weinstein) Hello? It’s ‘Telemarketers,’ Here to Tell You About an Amazing Scam (NYTimes) Re: Why AI detectors think the U.S. Constitution was written by AI Steve Bacher) Re: 'Redacted Redactions' Strike Again (Steve Bacher) Re: Possible Typo Leads to Actual Scam (Steve Bacher, John Levine, Dick Mills, Jay Libove Alzina) Elon Musk's Unmatched Power in the Stars (Matthew Kruk) Elon wants my cryptos (Gavin Scott) RISKS 33.79 Saturday 19 August 2023 Voyager 2: NASA Loses Contact With Probe After Sending Wrong Command (Business Insider) American Airlines flight from Logan delayed Monday after close call with Spirit Airlines (The Boston Globe) Birds and fish competing with squirrels for power failures (Fox) Lahaina: single points of failure (Henry Baker) More than 134,000 Mass. residents part of data security breach (The Boston Globe) Windows feature that resets system clocks based on random data is wreaking havoc (Ars Technica) For the Good of Society, Hackers Prod AI to Be Bad (NYTimes) San Francisco robotaxi traffic jam is a warning to the world, says city official (CBC) CA DMV orders Cruise to reduce robotaxi fleet in SF by 50% after collision with fire truck, injuring passenger (TechCrunch) The rapid expansion of robotaxis in major cities MUST BE STOPPED (Lauren Weinstein) Potential NYT lawsuit could force OpenAI to wipe ChatGPT and start over (Ars Technica) An Iowa school district is using ChatGPT to decide which books to ban (The Verge) Not AI? (Cliff Kilby) Crypto smart contracts still stupid (Amy Castor) Attackers find new ways to deliver DDoSes with "alarming" sophistication () (Ars Technica) `Bitcoin Bonnie and Clyde' plead guilty in `spy novel'-like laundering case (WashPost) Microsoft pulls article recommending Ottawa Food Bank to tourists (CBC) Cheese and chips: parmesan producers fight fakes with microtransponders (The Guardian) Ukraine busts bot farm spreading Russian infowar propaganda and frauds (The Register) Imposter scams are the top U.S. fraud (NPR) Good reason to keep BMC LAN connections on an isolated LAN (Ars Technica) Internet Archive's legal woes mount as record labels sue for $400M (Ars Technica) AI chatbot scares Snapchat users by posting mysterious video (Ars Technica) Re: Don't use our content to train AI systems (Amos Shapir) Re: Cellphone Radiation Is Harmful, but Few Want to Believe It (PGN) RISKS 33.80 Wednesday 23 August 2023 'Near Collisions' of Commercial Jets Happen All the Time, Horrifying FAA Records Show (Gizmodo plus NYTimes) Cruise Agrees to Reduce Driverless Car Fleet in San Francisco After Crash (NYTimes) How a hacking crew overtook a satellite from inside a Las Vegas convention center and won $50,000 (Cyberscoop) Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI (Cyberscoop) Hackers exploit WinRAR zero-day bug to steal funds from broker accounts (TechCrunch) Grieving widow sues Tesla over deadly Model 3 crash and explosion (TechCrunch) The Case of the Internet Archive vs. Book Publishers (NYTimes) Google announces new algorithm that makes FIDO encryption safe from quantum computers (Ars Technica) Google and YouTube are trying to have it both ways with AI and copyright (The Verge) ICANN warns UN may sideline tech community from future Internet governance (The Register) ``We can always turn off bad AI's'': *NOT* (Henry Baker) Researchers Demo Fake Airplane Mode Exploit That Trickse iPhone Users (Alex Scroxton) American Airlines sues a travel site to crack down on consumers who use this travel hack to save money (APNews) Research Hack Reveals Call Security Risk in Smartphones (Texas A&M) Our health care system may soon receive a much-needed cybersecurity boost (Lily Hay Newman) Tesla points to insider wrongdoing as cause of massive employee data leak (The Verge) Wegmans Double Charging Affects Credit Card Customers In VA, DC (Old Town Alexandria VA Patch) Buyers of Bored Ape NFTs sue after digital apes turn out to be bad investment (Ars Technica) Wi-Fi sniffers strapped to drones -- Mike Lindell's odd plan to stop election fraud (Ars Technica) How X Is Suing Its Way Out of Accountability (WiReD) Re: Voyager 2: NASA Didn't Lose Contact With Probe After Sending Wrong Command (John Levine, Lars-Henrik Eriksson) Re: Cellphone Radiation Is Harmful, but Few Want to Believe It Martin Ward) Re: Lahaina: single points of failure (John Levine, Henry Baker, Dick Mills_ Re: Google/AI -- sundry items PGN-ed (Lauren Weinsteain) Unpacking Cyber Capacity-Building Needs (via Diego Latella) RISKS 33.81 Saturday 26 August 2023 'Pibot' Better Than Human Pilots Say Researchers (AVweb) WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April (Ars Technica) Windows 11 has made the *clean Windows* install an oxymoron (Ars Technica) A Right-to-Repair Car Law Makes a Surprising U-Turn in Massachusetts (WiReD) How NightOwl for Mac Added a Botnet (Gimodo) Whoops: DEA Falls for Crypto Scam, Hands Fraudster $55,000 in Stolen Funds (Gizmodo) Feds Charge Tornado Cash Crypto Mixer Devs With Money Laundering (Gizmodo) TSA slows push to require additional ID checks for some travelers (WashPost) The College Board Tells TikTok and Facebook Your SAT Scores (Gizmodo) Google Passkeys Weakness (Lauren Weinstein) AI brings researchers one step closer to restoring speech in people with paralysis (CBC) Internet Archiving and Radiocarbon dating (Martin Ward) Re: Hawaii needs better siren codes (Clive Page) Re: Buyers of Bored Ape NFTs sue after digital apes turn out to be bad investment (Gabe Goldberg) More detail on Lindell wants to fly drones near polling places to monitor voting machines (Gabe Goldberg) Re: Wegmans Double Charging Affects Credit Card Customers In VA,DC (John Levine, Gabe Goldberg, Phil Smith III) RISKS 33.82 Monday 4 September 2023 The Titan's Submersible Disaster Was Years in the Making, New Details Reveal (Susan Casey in Vanity Fair) Hundreds of Flights Into Britain Canceled After ‘Technical Issue’ With UK Air Traffic Control (NYTimes) 5,000 pilots suspected of hiding major health issues. Most are still flying. (WashPost) AI Brings the Robot Wingman to Aerial Combat (The New York Times) National Academies releases Testing, Evaluating and Assessing AI systems for the US Air Force (via Simson Garfinkel) Mushroom pickers urged to avoid foraging books on Amazon that appear to be written by AI (The Guardian) A battery catches fire on an Air France flight, the staff reacts in a few minutes (Euro) Electric cars catch fire in Florida after flooding (ABC) Security, Social or routing? (David Lesher) The decline of social media (Lauren Weinstein) Prescription drug ads on TV (Lauren Weinstein) NYTimes Spoofed to Hide Russian Disinformation Campaign (Dark Reading) Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It (The New York Times) Food delivery robots under attack from vandals, thieves (YouTube) Tesla owners are angry about buying their vehicles right before the latest big price cuts and are letting Elon Musk know: I feel completely duped. (Finance) Eversource Notice of Data Security Incident (via Monty Solomon) Mass. woman files class action lawsuit against StarnMarket for allegedly sending her marketing texts after she opted out (The Boston Globe) Saudi man sentenced to death for tweets in harshest verdict yet for online critics (NPR) The endless battle to banish the world's most notorious stalker website' (WashPost) Dragon Pizza owner on Portnoy feud: 'I'm receiving death threats' (The Boston Globe) FCC says *too bad* to ISPs complaining that listing every fee is too hard (Ars Technica) Re: Lahaina: single points of failure: cell phones! (PGN) RISKS 33.83 Sunday 10 September 2023 Pedestrian dies after Cruise cars block ambulance (San Francisco Chronicle) Ryanair boss calls air traffic chaos report rubbish (BBC News) WHAT COULD GO WRONG? - Pipeline safety agency's proposed pilot for ChatGPT in rulemaking raises questions (Lauren Weinstein) A Rube Goldberg chain of failures led to breach of Microsoft-hosted government emails (The Verge) Update your iPhone: Apple just pushed out a significant security update (APNews) Active North Korean campaign targeting security researchers (Google) The NYPD will police Labor Day parties with surveillance drones (The Verge) Porn age verification law is unconstitutional, says judge (The Verge) Over 100 Connecticut state troopers accused of faking traffic stops (The Boston Globe) Sourcegraph Administrator Access compromised by Credentials in Publicly Available Code (Ars Technica) Don't fall for firms pushing "voice verification" bypasses (Lauren Weinstein) Silicon Valley vs. Old People (NYTimes) Crypto Collapse Winners? The Lawyers (NYTimes) Cyberprofessionals say industry urgently needs to confront mental health crisis (Cyberscoop) Another AI Mess: growing reliance on language apps jeopardizes some asylum applications (The Guardian) U.S.-China Competition and Military AI. How Washington Can Manage Strategic Risks amid Rivalry with Beijing (CNAS) An update on Squares outage (danny burstein) San Franciscans Are Having Sex in Robotaxis, and Nobody Is Talking About It (SFStandard) Your car wants to know about your sex life (Politico) FCC proceedings on encrypted over the air TV -- how too comment (Lauren Weinstein) Re: Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It (Mike Smith) Re: Electric cars catch fire in Florida after flooding (Henry Baker) Re: A battery catches fire on an Air France flight, the staff reacts in a few minutes (Steve Bacher) Re: Eversource Notice of Data Security Incident (Steve Bacher) Re: Saudi man sentenced to death for tweets in harshest verdict yet for online critics (Steve Bacher) Re: UK ATC outage (Jim Geissman) Re: Lahaina: single points of failure (Steve Bacher) Re: The Titan's Submersible Disaster Was Years in the Making (Martin Ward) Magic (Rob Slade) RISKS 33.84 Wednesday 13 September 2023 Pratt Engine Flaw to Idle Hundreds of A320 Planes for Years (Yahoo!) China Uses AI to Spread Lies about U.S. fire (NYTimes) AI voices are taking over the Internet (The Verge) Another group of writers is suing OpenAI over copyright claims (The Verge) Some things to talk with your kids about AI (MIT Tech Review) How the Navy Spent Billions on Failed Littoral Combat Ship Program (ProPublica) Voting rights activists sound alarms over private tool that could lead to canceling voter registrations (CNN) Teen's Smart Pill Bottle Reminds People to Take Their Medication on Time (The Institute Alert) How to Navigate Apple's Shift From Lightning to USB-C (NYTimes) FTC says Elon Musk may have jeopardized data privacy and security at Twitter (Enqadget) Susanna Gibson Saga: So What if a Candidate Livestreamed Sex Acts with Her Husband? (Politico) Re: San Franciscans Are Having Sex in Robotaxis (Henry Baker) Re: Pedestrian dies after Cruise cars block ambulance (Steve Lamont) Re: Vintage Car prices (Anthony Thorn) RISKS 33.85 Tuesday 19 September 2023 Bots are Better than Humans at CAPCHAS (Bruce Schneier) Cryptocurrency Startup Loses Encryption Key for Electronice Wallet (Schneier via Gabe Goldberg) What politicians are doing about the Internet, RIGHT NOW (Lauren Weinstein) Microsoft AI researchers accidentally exposed terabytes of internal sensitive data (TechCrunch) In Risky Hunt for Secrets, U.S. and China Expand Global Spy Operations (NYTimes) Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) Scientists warn entire branches of the 'Tree of Life' are going extinct (Yahoo! News) Can the free market ensure artificial intelligence won't wipe out human workers? (CBC) DHS Issues Privacy/Civil Liberties Guidelines, *and* DHS Spies Trouble in 2024 in election security (Politico) Old Google vs. New Google (Lauren Weinstein) Re: Pedestrian dies after Cruise cars block ambulance (Geoff Kuenning, Henry Baker) Re: Vintage Car prices (Joe Gwinn) RISKS 33.86 Saturday 23 September 2023 Driverless Car Company Using Chatbots to Make Its Vehicles Smarter (MIT Tech Review) ChatGPT Can Now Generate Images (NYTimes) Prominent Authors Sue OpenAI Google Search first result for "Tank Man" is e fake AI image rather than actual image from China (404Media + Lauren Weinstein) Misinformation research is buckling under GOP legal attacks (WashPost) Egyptian presidential hopeful targeted by Predator spyware (WashPost) It's 2030, and digital wallets have replaced every card in our purses and pockets (ZDNET) Google accused of directing motorist to drive off collapsed bridge (BBC) Typeface trolls shaking down users of Adobe's font platform (BoingBoing) Bitcoin conspiracy theory (PGN via John Markoff) Re: Pedestrian dies after Cruise cars block ambulance (Amos Shapir, John Levine) RISKS 33.87 Friday 29 September 2023 Cal. Gov. vetoes autonomous trucking bill (TechCrunch) Search for phone signal caused oil spill, say Japanese investigators (The Register) The UK passes massive online safety bill (The Verge) Egyptian presidential hopeful targeted by Predator spyware (WashPost) Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised Exploit: All Details (MIT Technology News) Cryptocurrency's First Year After the FTX Blowup: `It’s Been Miserable’ (Bloomberg) The FTX trial is bigger than Sam Bankman-Fried (The Verge) The risks of machine learning psychotherapy with voice interfaces (Gizmodo) Artificial intelligence poses 'risk ofextinction,' tech execs and experts warn (CBC) AI adapters and opponents debate the future of work (CBC) AI will soon be able to cover public meetings. But should it? (Nieman Lab) GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen) MGM and Caesars casino hacks point to an alliance of teens and ransomware gangs (WashPost) GPUs from all major suppliers are vulnerable to new pixel-stealing attack (Ars Technica) A food delivery robot's footage led to a criminal conviction in LA (Engadget) Apple warns Russian journalists of Pegasus iPhone infections (Monty Solomon) Is there really an information security jobs crisis? (Ben Rothke) Metaverse: What happened to Mark Zuckerberg's next big thing? (BBC) New York Bans Facial Recognition in Schools (AP) Re: Misinformation research is buckling under GOP legal attacks (Amos Shapir) Re: Google accused of directing motorist to drive off collapsed bridge (David Landgren) RISKS 33.88 Saturday 7 October 2023 False news spreads faster than the truth (Science) Millions of Exim mail servers exposed to zero-day RCE attacks (Bleeping Computer) RSA, Other Crypto Systems Vulnerable to Side-Channel Attack (Cliff Saran) State Dept e-mails hacked (CISAC via BackgroundBriefing) Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection (The Hacker News) 23andMe User Data Stolen (WiReD) Kia and Hyundai Blame TikTok and Instagram For Their Cars Getting Stolen (Vice) Rooftop Solar ongoing maintenance issues (Henry Baker) U.S. issues first ever fine for space junk to Dish Network (bbc.com) Tesla Autopilot arbitration win could set legal benchmark in auto industry (TechCrunch) Conspiracy theories about FEMA’s Oct. 4 emergency alert test spread online (The Boston Globe) Blackbaud agrees to $49.5 million settlement for ransomware data breach (Bleeping Computer) North Korea's Lazarus Group Launders $900 Million in Cryptocurrency (The Hacker News) Bankman-Fried and Crypto[currency] Go on Trial (NYTimes) Takeaways From a New Book on Sam Bankman-Fried (NYTimes) Why Silicon Valley Falls for Frauds (WiReD) Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (The Hacker News) Chinese self-driving car testing in California stirs controversy (NBC News) Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station (Fox) W3LL phishing kit hijacks thousands of Microsoft 365accounts, bypasses MFA (Bleeping Computer) NYPD Robot Gets Tryout to Patrol Times Square Subway (NYimes) Dead grandma locket request tricks Bing Chat's AI into solving security puzzle (Ars Technica) AI Designs New Robot from Scratch in Seconds (Northwestern News) Remember Marvin the paranoid android? (Gabe Goldberg) Thousands of Android devices come with unkillable backdoor preinstalled (Ars Technica) Hundreds of U.S. schools hit by potentially organized swatting hoaxes, report says (Ars Technica) Re: Google accused of directing motorist to drive off collapsed bridge (John Levine) Re: Cal. Gov. vetoes autonomous trucking bill (Steve Bacher) Quote of The Day (Adyashanti -- and Cicero) Quotes of The Day (Nisargadatta) ACM subdomain abused? (Chiki Ishikawa) RISKS 33.89 Wednesday 11 October 2023 Autonomous Vehicles Are Driving Blind (NYTimes) How a Series of Air Traffic Control Lapses Nearly Killed 131 People (NYTimes) A private jet took evasive action to avoid a fighter plane in Austin (WashPost) How Israel's Feared Security Services Failed to Stop Hamas~<'s Attack (NYTimes) What was 60 Minutes thinking, in that interview with Geoff Hinton? (Substack) Your Medical Devices Are Getting Smarter. Can the FDA Keep Them Safe? (WSJ) Fake at scale: Generative AI looms over global elections cycle (Politico Europe) Amazon's Alexa has been claiming the 2020 election was stolen (WashPost) Verified accounts spread fake news release about a Biden $8-billion aid package to Israel (NBC News) Airworthiness Directive Mandates Garmin Autopilot Software Fix (AVweb) Inside the final seconds of a deadly Tesla Autopilot crash (WashPost) Why a search engine that scans your face is dangerous (NPR) How Amazon's Ring camera network alters L.A. neighborhoods (LA Times) Connected cars' dirty little secret: They're the trailing edge of 5G adoption (Light Reading) Vermont Utility Plans to End Outages by Giving Customers Batteries (NYTimes) Google is making their weak and flawed passkey system the default login method -- I urge you NOT to use them! (Lauren Weinstein) Vietnam tried to hack U.S. officials, CNN with posts on X, probe finds (WashPost) California's 'right to repair' bill is now California's 'right to repair' law (Engadget) Airbnb guest in luxury rental has refused to leave or pay (L.A. Times) WhatsApp says warnings of a cyberattack targeting Jewish people are baseless (NBC News) Inside FTX's All-Night Race to Stop a Billion Crypto Heist (WiReD) Re: False news spreads faster than the truth (Martin Ward) Re: Rooftop Solar ongoing maintenance issues (David E. Ross) Re: Google accused of directing motorist to drive off collapsed bridge (Jim Geissman) RISKS 33.90 Thursday 19 October 2023 How ChatGPT and other AI tools could disrupt scientific publishing (Nature) `Algorithmic destruction' and the deep algorithmic problems of AI and copyright (San Francisco Chronicle) A Chatbot Encouraged Him to Kill the Queen. It's Just the Beginning (WiReD) Dilemma of the Artificial Intelligence Regulatory Landscape (CACM Vol 66 No 9) Experts Worry as Facial Recognition Comes to Airports and and Cruises (NYTimes) Deepfake Election Interference in Slovakia (Bruce Schneier) A big win in our fight to reclaim the Internet! (Mozilla) Win $12k by rediscovering the secret phrases that secure the Internet (New Scientist) Your old phone is safe for longer than you think (WashPost) How do you get out of a $28,000 timeshare mistake? (Eliott) The TSA wants to put a government tracking app on your smartphone (PapersPlease) New York Bill Would Require a Criminal Background Check to Buy a 3D Printer (Gizmodo) Burned-out parents seek help from a new ally: ChatGPT (geoff goodfellow) Allied Spy Chiefs Warn of Chinese Espionage Targeting Tech Firms (NYTimes) Top crypto firms named in $1bn fraud lawsuit (BBC) The secret life of Jimmy Zhong, who stole and lost more than $3B (CNBC) Why do people fall for grief scams? (Rob Slade) Remote Driving Is a Sneaky Shortcut to the Robotaxi (WiReD) Re: Autonomous Vehicles Are Driving Blind (Chris Volpe) Re: False news spreads faster than the truth (Amos Shapir) Re: Vermont Utility Plans to End Outages by Giving Customers Batteries (John Levine) RISKS 33.91 Sunday 22 October 2023 Failed software upgrade stops Toronto-area trains (Mark Brader) How AI reduces the world to stereotypes (RestofWorld) Another reason ChatGPT needs to ace the LSAT (Henry Baker) AI and the end of photographic truth (Politico) AI training vs intellectual property rights (Peter Knoppers) From High Life Hackers to National Menace: The Rise and Fall of Digital Bandits 'ACG' (40media) The Botched Hunt for the Gilgo Beach Killer (NYTimes) The Race to Save Our Secrets From the Computers of the Future (NYTimes) How to find and book mistake airfares (WashPost) The origin of hacking attempts (Turgut Kalfaoglu) The Great Zelle Pool Scam (via Monty Solomon) Re: False news spreads faster than the truth (back and forth with Shapir, Ward, Shapir, Ward, Shapir, Ward, Shapir) Re: Your old phone is safe for longer than you think (Bacher) RISKS 33.92 Saturday 4 November 2023 2 Jets Collide at Houston Airport After One Took Off Without Permission (NYTimes) Apple Disables Maps Features in Israel and Gaza (Gizmodo) California halts operations of Cruise self-driving robotaxis (NBC News) Porsche is adding Google to its cars as VW's software problems worsen? (The Verge) Toyota has built an EV with a fake transmission, and we've driven it (Ars Technica) Oveview of the iLeakage Attack (Jason Kim et al.) The Internet Worm at 35 (Gene Spafford) AI Firms Must Be Held Responsible for Harm They Cause, 'Godfathers' Say (Dan Milmo) President Biden Issues Executive Order one Safe, Secure, and Trustworthy Artificial Intelligence (Whitehouse.gov) Executive Order on AI (Alan Butler) Humans Find AI-Generated Faces More Trustworthy Than the Real Thing (Scientific American) AI Muddies Israel-Hamas War in Unexpected Way (NYTimes) AI generated allegations against Big Four consulting firms (The Guardian) AI voice clones mimic politicians and celebrities, reshapingo reality (WashPost) AI has arrived in your doctor's office. Washington doesn't know what to do about it. (Politico) The AI-Generated Child Abuse Nightmare Is Here (WiReD) Small outtakes from a big war (Amos Shapir) Cybercriminal group claims responsibility for ransomware attack as hospital CEO says recovery will take weeks (CBC) Meta Accused by States of Using Features to Lure Children to Instagram and Facebook (NYTimes) IRA accounts drained of $36 million in cryptocurrency (CoinDesk) A Year of Musk (a trifecta in *The NYTimes*) Gannett takes down Reviewed articles after outcry from staff (Angela Fu) Reddit finally takes its API war where it belongs: to AI companies (Ars Technica) They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird. (WiReD) FCC robocall enforcement does little to stop illegal calls, Senate hears (Ars Technica) Pervasive North Korean programmers in U.S.? (Kim Zetter via Paul Burke) Amazon, Microsoft, and India crack down on tech support scams (The Verge) U.S. House Republicans Had Their Phones Confiscated to Stop Leaks (WiReD) Top Philips Executive Approved Sale of Defective Breathing Machines by Distributors, Despite Tests Showing Health Risks (ProPublica)o How a Big Pharma Company Stalled a Potentially Lifesaving Vaccine in Pursuit of Bigger Profits (PeoPublica) Education Department penalizes Missouri lender for error that made 800,000 student loan borrowers delinquent (CNBC) How a Lucrative Surgery Took Off Online and Disfigured Patients (NYTimes) Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 (AssetNote) YouTube fumbles NFL Sunday Ticket streaming (Ars Technica) Google promises a rescue patch for Android 14's ransomware bug (Ars Technica) This Florida School District Banned Cellphones. Here's What Happened. (NYTimes) New Laws on Kids and Social Media Are Stymied by Industry Lawsuits (NYTimes) Tesla Wins Suit That Blamed Its Software for Deadly Crash (NYTimes) The Telegram app has been a key platform for Hamas. Now it's being restricted there (NPR) Gaza's 34-hour phone and Internet blackout, as told in voice memos (NPR) YouTube's NFL Sunday Ticket streams are failing today? (The Verge) Re: Zoom vulnerability (Victor Miller) Re: The origin of hacking attempts (Lars-Henrik Eriksson) RISKS 33.93 Saturday 11 November 2023 Man crushed to death by robot in South Korea (BBC News) Risk of all your communication eggs in one basket (Sundry) Recognizing Fake News Now a Required Subject in California Schools (IJPR) How Russian disinformation toppled multiple governments in Africa (WashPost) Russia fines Google $100 million, and Facebook parent company $27 million, for content violations (The Washington Post) Cloudflare Outage: There's Plenty Of Blame To Go Around (Data Center Frontier) Essays: Decoupling for Security (Schneier on Security) U.S. Drones Are Flying Over Gaza to Aid in Hostage Recovery, Officials Say (The New York Times) Look, Up in the Sky! Amazon's Drones Are Delivering Cans of Soup! (*The New York Times) Five big carmakers beat lawsuits alleging infotainment systems invade privacy (Ars Technica) Multiple Python Obscuration Tools that are not trustable (Ars Techica) Data on 267,000 Sarnia patients going back 3 decades among cyberattack thefts at 5 Ontario hospitals (CBC) Brothel compromises (Sundry items from Monty Solomon) Android 14's storage disaster gets patched, but your data might be gone (Ars Technica) Man vs. Musk: A Whistleblower Creates Headaches for Tesla (NYTimes) Don't trust *Find my apps* or location trackers like AirTags (WashPost) Why Banks Are Suddenly Closing Down Customer Accounts (NYTimes) Virginia State Police Prepares Team To Monitor Voter Removals (DCist) The impasse over who controls your car data (WashPost) This smart garage door controller is no longer very smart (The Verge) Critical vulnerability in Atlassian Confluence server is under *mass exploitation* (Ars Technica) Re: A $92,000 flying car can reach speeds of 63 miles (John Levine) Re: Toyota has built an EV with a fake transmission, and we've driven it (Martin Ward) Re: They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird. (Dick Mills) Re: Comments on RISKS-33.92 (Jericho) Hiring: One Jamaican Bobsled Team -- and Weird Job Descriptions (Cliff Kilby) RISKS 33.94 Saturday 18 November 2023 How the Railroad Industry Intimidates Employees Into Putting Speed Before Safety (ProPublica) Hikers Rescued After Following Nonexistent Trail on Google Maps (NTimes) Admission of the state of software (David Lamkin) 500 chatbots read the news and discussed it on social media. Guess how that went. (Business Insider) The Problem with Regulating AI (Tim Wu) ChatGPT Created a Fake Dataset With Skewed Results (MedPage Today) Researchers Discover New Vulnerability in Large Language Models (Carnegie Mellon University) Ten ways AI will change democracy (Bruce Schneier) Fake Reviews Are Rampant Online. Can a Crackdown End Them? (NYTimes) OpenAI co-founder & president Greg Brockmane quits after firing of CEO Altman (TechCrunch) The AI Pin (Rob Slade) Ukraine's 'Secret Weapon' Against Russia Is a U.S. Tech Company (Vera Bergengruen) Cryptographic Keys Protecting SSH Connections Exposed (Dan Goodin) Developers can't seem to stop exposing credentials in publicly accessible code (Ars Technica) Hacking Some More Secure USB Flash Drives -- Part II (SySS Tech Blog) Social media gets teens hooked while feeding aggression and impulsivity, and researchers think they know why (CBC) X marks the non-spot? (PGN adapted from Lauren Weinstein) It's Still Easy for Anyone to Become You at Experian (Krebs on Security) Paying ransom for data stolen in cyberattack bankrolls further crime, experts caution (CBC) Toronto Public Library cyber-attack (Mark Brader) People selling cars via Internet get phished (CBC) Data breach of Michigan healthcare giant exposes millions of records (Engadget) More on iLeakage (Victor Miller) Using your iPhone to start your car is about to get a lot easier (The Verge) Massive cryptomining rig discovered under Polish court's floor, stealing power (Ars Technica) A Coder Considers the Waning Days of the Craft (The New Yorker via Steve Bacher) Re: Industrial Robot Crushes Worker to Death (PGN) Re: Toyota has built an EV with a fake transmission (Peter Houppermans) Re: Data on 267,000 Sarnia patients going back 3 decades among cyberattack thefts at 5 Ontario hospitals Digest (Mark Brader) RISKS 33.95 Saturday 2 December 2023 Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) G7 and EU countries pitch guidelines for AI cybersecurity (Joseph Bambridge) U.S. and UK Unveil AI Cyber-Guidelines (Politico via PGN) Was Argentina the First AI Election? (NYTimes) As AI-Controlled Killer Drones Become Reality, Nations Debate Limits, (The New York Times) Reports that Sports Illustrated used AI-generated stories and fake authors are disturbing, but not surprising (Poynter) Is Anything Still True? On the Internet, No One Know Anymore (WSJ) ChatGPT x 3 (sundry sources via Lauren Weinstein) Texas Rejects Science Textbooks Over Climate Change, Evolution Lessons (WSJ) A `silly' attack made ChatGPT reveal real phone numbers and email addresses (Engadget) Meta/Facebook profiting from sale of counterfeit U.S. stamps (Mich Kabay) Chaos in the Cradle of AI (The New Yorker) Impossibility of Strong watermarks for Generative AI Intel hardware vulnerability (Daniel Moghimi at Google_ Hallucinating language models (Victor Miller) USB worm unleashed by Russian state hackers spreads worldwide (Ars Technica) AutoZone warns almost 185,000 customers of a data breach (Engadget) Okta admits hackers accessed data on all customers during recent breach (TechCrunch) USB worm unleashed by Russian state hackers spreads worldwide (Ars Technica) Microsoft’s Windows Hello fingerprint authentication has been bypassed (The Verge) Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet (Ars Technica) A Postcard From Driverless San Francisco (Steve Bacher) Voting machine trouble in Pennsylvania county triggers alarm ahead of 2024 (Politico via Steve Bacher) Outdated Password Practices are Widespread (Georgia Tech) THE CTIL FILES #1 (Shellenberger via geoff goodfellow) Judge rules it's fine for car makers to intercept your text messages (Henry Baker) Protecting Critical Infrastructure from Cyber Attacks (RMIT) Crypto Crashed and Everyone's In Jail. Investors Think It's Coming Back Anyway. (Vice) Feds seize Sinbad crypto mixer allegedly used by North Korean e hackers (TechCrunch) A lost bitcoin wallet passcode helped uncover a major security flaw (WashPost) Ontario's Crypto King still jet-setting to UK, Miami, and soon Australia despite bankruptcy (CBC) British Library confirms customer data was stolen by hackers, with outage expected to last months (TechCrunch) PSA: Update Chrome browser now to avoid an exploit already in the wild (The Verge) WeWork has failed. Like a lot of other tech startups, it left damage in its wake (CBC) Re: The AI Pin (Rob Slade) Re: Social media gets teens hooked while feeding aggression and impulsivity, and researchers think they know why (C.J.S. Hayward) Re: Garble in Schneier's AI post (Steve Singer) Re: Using your iPhone to start your car is about to get a lot easier (Sam Bull) Re: Oveview of the iLeakage Attack (Sam Bull) RISKS 33.96 Saturday 9 December 2023 Experts Warn of 'Serious Threats' from Election Equipment Software Breaches (Christia A. Cassidy) Woman enters MRI with concealed gun, to predictable results (Gizmodo) One Year in, it’s Clear the iPhone’s Satellite SOS Feature Is Saving Lives (BackPacker) Verizon fell for fake search warrant, gave victim's phone data to stalker (Ars Technica) Bluetooth Keyboard attack vector (Apple Insider) Google calls Drive data loss *fixed*, locks forum threads saying otherwise (Ars Technica) Hugging Face API tokens exposed, major projects vulnerable (The Register) DC's public library computerized book index crippled, not by malware.. (danny burstein) The big lie of millions of information security jobs (Ben Rothke) U.S. indicts alleged Russian hackers for years-long cyber-espionage campaign against Western countries (TechCrunch) Unable to verify humanity (Cliff Kilby) Ego, Fear and Money: How the AI Fuse Was Lit (The NYTimes) Personal Information Can Be Accessed Through ChatGPT Queries (James Farrell) Popular Retailers Accused Of Using AI To Illegally Record Customers (Patch) Bruce Schneier on AI and Spying (via PGN) I don't give a damn about "you" and AI (Lauren Weinstein) Re: Guidelines for AI cybersecurity (David Parnas) Re: Crypto Crashed and Everyone's In Jail. Investors Think It's Coming Back Anyway. (Martin Ward) Re: WeWork has failed, leaving damage in its wake (Henry Baker) Re: PSA: Update Chrome browser now to avoid an exploit already in Re: Outdated Password Practices are Widespread but so what (John Levine) Re: Meta/Facebook profiting from sale of counterfeit U.S. stamps (John Levine) Re: G7 and EU countries pitch guidelines (Bob Smith) RISKS 33.97 Sunday 17 December 2023 Tesla Recalling 2-Million Cars Over Autopilot (NYTimes) Tesla Autopilot crashes on cross traffic (WashPost) Complexity of automobile software (Heise) Living machine? Scientists create biocomputer combining circuits with real human brain tissue (Study Finds) Planet tipping points pose 'unprecedented' threat to humanity (MSN) School buses canceled due to software screwup (WDRB Louisville)) Controversial clothes hook spy cameras for sale on Amazon (BBC) Ex-Amazon security engineer admits to stealing over $12M in crypto (ReadWrite) Sydney man charged with sending 17 million scam texts (SMH) Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica) Putin speaks to AI version of himself in news conference (BBC_ AI-generated fake nude photos of girls from Winnipeg school posted online (CBC) Inside OpenAI's Crisis Over the Future of AI (NYTimes) AI, as in Ay Caramba! (Lawyers, Guns & Money Blog) Ukrainian military says it hacked Russia's federal tax agency (Bleeping Computer) Huge Cyberattack Knocks Ukraine's Largest Mobile Operator Offline (NYTimes) Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica) Pharmacies share medical data with police without a warrant, inquiry finds (MSN) What to do when receiving unprompted MFA OTP codes (Bleeping Computer) Can an AI Van Gogh Help Museums Generate New Interest? (NYTimes) SI Published Articles by Fake, AI-Generated Writers (Henry Baker) Why Europe is fighting about AI regulations (Marc Rotenberg) A Democratic campaign deploys the first synthetic AI caller (politico.com) Soci=C3=A9t=C3=A9 G=C3=A9n=C3=A9rale's useless euro stablecoin: when bank blockchain units go feral (Amy Castor) How Stolen Checks Are Sold and Bought Online (NYTimes) Teens, Social Media and Technology 2023 (Pew Research Center) Cable service cancellation fees might be on the way out (The Verge) Ted Cruz wants to stop the FCC from updating data-breach notification rules (Ars Technica) Re: I don't give a damn about "you" and AI (Jonathan Levine) Re: Unable to verify humanity (Amos Shapir) Re: Voting experts warn of 'Serious Threats' (Susan Greenhalgh, Thomas Koenig) Re: WeWork has failed, leaving damage in its wake (CLiff Kilby)