Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Risks Digest 33.97

59 views
Skip to first unread message

RISKS List Owner

unread,
Dec 17, 2023, 7:35:23 PM12/17/23
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Sunday 17 December 2023 Volume 33 : Issue 97

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.97>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Tesla Recalling 2-Million Cars Over Autopilot (NYTimes)
Tesla Autopilot crashes on cross traffic (WashPost)
Complexity of automobile software (Heise)
Living machine? Scientists create biocomputer combining circuits
with real human brain tissue (Study Finds)
Planet tipping points pose 'unprecedented' threat to humanity (MSN)
School buses canceled due to software screwup (WDRB Louisville))
Controversial clothes hook spy cameras for sale on Amazon (BBC)
Ex-Amazon security engineer admits to stealing over $12M in crypto
(ReadWrite)
Sydney man charged with sending 17 million scam texts (SMH)
Just about every Windows and Linux device vulnerable to new
LogoFAIL firmware attack (Ars Technica)
Putin speaks to AI version of himself in news conference (BBC_
AI-generated fake nude photos of girls from Winnipeg school posted online
(CBC)
Inside OpenAI's Crisis Over the Future of AI (NYTimes)
AI, as in Ay Caramba! (Lawyers, Guns & Money Blog)
Ukrainian military says it hacked Russia's federal tax agency
(Bleeping Computer)
Huge Cyberattack Knocks Ukraine's Largest Mobile Operator Offline
(NYTimes)
Just about every Windows and Linux device vulnerable to new LogoFAIL
firmware attack (Ars Technica)
Pharmacies share medical data with police without a warrant,
inquiry finds (MSN)

What to do when receiving unprompted MFA OTP codes (Bleeping Computer)
Can an AI Van Gogh Help Museums Generate New Interest? (NYTimes)
SI Published Articles by Fake, AI-Generated Writers (Henry Baker)
Why Europe is fighting about AI regulations (Marc Rotenberg)
A Democratic campaign deploys the first synthetic AI caller (politico.com)
Soci=C3=A9t=C3=A9 G=C3=A9n=C3=A9rale's useless euro stablecoin: when bank
blockchain units go feral (Amy Castor)
How Stolen Checks Are Sold and Bought Online (NYTimes)
Teens, Social Media and Technology 2023 (Pew Research Center)
Cable service cancellation fees might be on the way out (The Verge)
Ted Cruz wants to stop the FCC from updating data-breach notification rules
(Ars Technica)
Re: I don't give a damn about "you" and AI (Jonathan Levine)
Re: Unable to verify humanity (Amos Shapir)
Re: Voting experts warn of 'Serious Threats' (Susan Greenhalgh,
Thomas Koenig)
Re: WeWork has failed, leaving damage in its wake (CLiff Kilby)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: 15 Dec 2023 11:32:57 PST
From: Peter G Neumann <neu...@csl.sri.com>
Subject: Tesla Recalling 2-Million Cars Over Autopilot (NYTimes)

Jack Ewing, Cade Metz, Derrick Bryson Taylor
*The New York Times*, 14 Dec 2023 National Edition front page

The recall is the fourth in less than two years,
and the most significant.
It covers nearly all cars they have made since 2012.

U.S. officials said the automaker had not done enough to
ensure that drivers remained attentive ...

Safety regulators investigated 956 cases in which Tesla's Autopilot
was involved.

The company's latest recall explains that drivers will be alerted when
they are using Autopilot outside where the technology is intended to
operate. But it is unclear whether they will still be able to use the
technology in these situations.

[Monty Solomon noted this online: Federal regulators pressed the automaker
to make updates to ensure drivers are paying attention while using
Autopilot, a system that can steer, accelerate and brake on its own.
https://www.nytimes.com/2023/12/13/business/tesla-autopilot-recall.html
PGN]

------------------------------

Date: Mon, 11 Dec 2023 00:27:05 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Tesla Autopilot crashes on cross traffic (WashPost)

Tesla drivers run Autopilot where it’s not intended -— with deadly
consequences. At least eight fatal or serious Tesla crashes occurred on
roads where Autopilot should not have been enabled in the first place, a
Post analysis finds, in spite of federal officials calling for restrictions
“Tesla’s philosophy is, let the operator determine for themselves what is
safe but provide that operator a lot of flexibility to make that
determination,” he [unspecified here] said.

https://www.washingtonpost.com/technology/2023/12/10/tesla-autopilot-crash

------------------------------

Date: Fri, 15 Dec 2023 10:25:57 +0100
From: Anthony Thorn <anthon...@atss.ch>
Subject: Complexity of automobile software (Heise)

RISKS readers will be aware of the trend toward computer control systems,
and will be familiar with various documented attacks on motor vehicle
security.

What may be new is this statistic from Heise Autos (in German, my
translation):

Typical Software in a modern car comprises about 120 Million lines of Code.
The Lockheed Martin F-35 about 25 Million.
The Boeing 787 some 10 to 15 Million.
(No surprise that) the Space Shuttle needed only 400,000.

Heise also mentions 1000 bugs per million lines of code as "Super coding
quality" in the automotive field. (120'000 bugs...)

https://www.heise.de/hintergrund/Cyber-Security-in-Fahrzeugen-Wettlauf-zwischen-Hackern-und-Industrie-9318721.html

------------------------------

Date: Wed, 13 Dec 2023 11:25:24 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Living machine? Scientists create biocomputer combining circuits
with real human brain tissue (Study Finds)

In what seems like a scene from a science-fiction movie, scientists from
Indiana University have constructed a hybrid biocomputer that combines
laboratory-grown human brain tissue with traditional circuits. This
innovative technology, known as Brainoware, has the potential to integrate
into artificial intelligence (AI) systems and advance neuroscience research
models of the human brain.

Brainoware incorporates brain organoids
<https://studyfinds.org/lab-grown-brains-legally-people/>, clusters of human
cells <https://studyfinds.org/anthrobots-human-cells-robots/> that mimic
organ tissue. Organoids are created from stem cells that have the ability
to develop into various types of cells, including neurons similar to those
found in the human brain.

The goal of this research is to establish a connection between AI
<https://studyfinds.org/ai-cancer-survival-odds/> and organoids, as both
systems rely on transmitting signals through interconnected nodes forming a
neural network.

``We wanted to ask the question of whether we can leverage the biological
neural network within the brain organoid for computing,'' says study
co-author Feng Guo, a bioengineer at Indiana University, in a media release
<https://www.nature.com/articles/d41586-023-03975-7#ref-CR1>.

To create the Brainoware system, researchers place a single organoid on a
plate containing thousands of electrodes that connect the brain to electric
circuits <https://studyfinds.org/merge-brain-cells-computer-chips/>. They
then convert the desired input information into a pattern of electric
pulses, which they deliver to the organoid. The brain tissue's response is
recorded by a sensor and analyzed using a machine-learning algorithm that
deciphers the relevant information.

To test Brainoware's capabilities, the team employed voice recognition
<https://studyfinds.org/surge-of-activity-dying-brain/>. They trained the
system on 240 voice recordings of eight individuals and translated the audio
into electric signals delivered to the organoid. The mini-brain reacted
differently to each voice, generating distinct patterns of neural
activity. The AI learned to interpret these responses and accurately
identify the speaker, achieving an accuracy rate of 78 percent after
training.

While further research is necessary, this study confirms important
theoretical concepts that could eventually pave the way for biological
computers <https://studyfinds.org/robots-brain-artificial-neurons/>.
Previous experiments demonstrated the ability of two-dimensional neuron
cell cultures to perform similar tasks, but this is the first time such
capabilities have been shown in a three-dimensional brain organoid
<https://studyfinds.org/mini-brains-stem-cells-grow-eyes/>.

Combining organoids and computers could enable researchers to harness the
speed and energy efficiency of the human brain for AI applications.
Additionally, Brainoware has potential applications in brain research,
particularly for studying neurological disorders like Alzheimer's disease
<https://studyfinds.org/gene-mutation-alzheimers-cure/> and testing the
effects of different treatments on organoids. [...]
https://studyfinds.org/biocomputer-human-brain-tissue/

------------------------------

Date: Thu, 14 Dec 2023 10:27:01 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Planet tipping points pose 'unprecedented' threat to humanity
(MSN)

Humanity faces an "unprecedented" risk from tipping points that could
unleash a domino effect of irreversible catastrophes across the planet,
researchers warned Wednesday.

The most comprehensive assessment ever conducted of Earth's invisible
tripwires was released as leaders meet for UN climate talks in Dubai with
2023 set to smash all heat records.

While many of the 26 tipping points laid out in the report -- such as
melting ice sheets -- are linked to global warming, other human activities
like razing swathes of the Amazon rainforest could also push Earth's
ecosystems to the brink.

Five of these are showing signs of tipping -- from melting ice sheets
threatening catastrophic sea level rise, to mass die-off of tropical coral
reefs -- the report warned.

Some may have already begun to irrecoverably transform.

Once the world crosses the threshold for just one tipping point, dealing
with the immediate humanitarian disaster could distract attention away from
stopping the others, creating a "vicious cycle" of mass hunger,
displacement and conflict, the report warned.

Tim Lenton, an Earth system scientist at the University of Exeter and lead
author of the report, told AFP that these tipping points pose a "threat of
a magnitude that is unprecedented for humanity".

But it was not all bad news.

The report also highlighted a range of positive tipping points -- such as
electric vehicles, renewable energy and changing to plant-based diets --
that have the potential to swiftly build momentum and tip things back the
"Imagine leaning back on a chair to that balance point where a small nudge
can make a big difference," Lenton said.

"You could end up sprawled on your back on the floor -- or if you're lucky,
back upright."

- On the brink -

A key concern is if the melting West Antarctic and Greenland ice sheets
collapse. [...]

https://www.msn.com/en-us/news/world/planet-tipping-points-pose-unprecedented-threat-to-humanity-report/ar-AA1l3KML

[Relevance to RISKS? Remember that in this arena, ALMOST EVERYTHING is
interconnected. PGN]

------------------------------

Date: Thu, 14 Dec 2023 8:22:53 PST
From: Peter Neumann <neu...@csl.sri.com>
Subject: School buses canceled due to software screwup

LOUISVILLE, Ky. (WDRB) -- Jefferson County Public Schools canceled classes
for students Thursday and Friday due to severe transportation issues.

Wednesday was the first day of school for JCPS students. However, some
students didn't get home until almost 10 p.m. amid new bus routes and school
start times.

At 5:13 a.m., JCPS parents got a text alert that said school would be
canceled on Thursday, Aug. 10, and Friday, Aug. 11. Families were also told
CEP will contact families if there are any changes in service. All families
were directed to their email for more information.

------------------------------

Date: Sun, 17 Dec 2023 13:58:50 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Controversial clothes hook spy cameras for sale on Amazon
(BBC)

https://www.bbc.com/news/technology-67652317

------------------------------

Date: Sun, 17 Dec 2023 17:48:05 +0000
From: Victor Miller <victor...@gmail.com>
Subject: Ex-Amazon security engineer admits to stealing over $12M in crypto
(ReadWrite)

https://readwrite.com/ex-amazon-security-engineer-admits-to-stealing-over-12m-in-crypto/

------------------------------

Date: Wed, 13 Dec 2023 22:29:29 +0000
From: John Colville <John.C...@uts.edu.au>
Subject: Sydney man charged with sending 17 million scam texts
(SMH Australia)

NSW Police allege they've traced more than 17 million of these scam texts
sent to phones across the country -- purporting to be from a range of
companies including Australia Post and toll company Linkt -- to one man in
Sydney's west. At 6am on Tuesday, detectives from the cybercrime squad
searched a home in Moorebank after an investigation into the use of SIM
boxes, which use multiple SIM cards to quickly send out phishing texts to
multiple phones.

https://www.smh.com.au/national/nsw/sydney-man-charged-with-sending-17-million-scam-texts-20231213-p5er5a.html

------------------------------

Date: Tue, 12 Dec 2023 16:58:11 +0000
From: Victor Miller <victor...@gmail.com>
Subject: Just about every Windows and Linux device vulnerable to new
LogoFAIL firmware attack (Ars Technica)

https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

------------------------------

Date: Fri, 15 Dec 2023 22:52:01 -0700
From: Matthew Kruk <mkr...@gmail.com>
Subject: Putin speaks to AI version of himself in news conference (BBC)e

https://www.bbc.com/news/world-europe-67718139

Russian President Vladimir Putin was asked whether he has "a lot of
doubles" by an AI version of himself during a marathon news conference.

He was fielding questions from journalists and ordinary Russians in an
hours-long annual news conference.

------------------------------

Date: Fri, 15 Dec 2023 22:43:22 -0700
From: Matthew Kruk <mkr...@gmail.com>
Subject: AI-generated fake nude photos of girls from Winnipeg
school posted online (CBC)

https://www.cbc.ca/news/canada/manitoba/artificial-intelligence-nude-doctored-photos-students-high-school-winnipeg-1.7060569

Coll=C3=A8ge B=C3=A9liveau is dealing with the dark side of artificial
intelligence after AI-generated nude photos of underage students were
discovered being circulated at the Winnipeg school.

An email sent to parents Thursday afternoon said school officials learned
late Monday that doctored photos of female students at the grades 7-12
French immersion school were being shared online, and that school officials
have contacted police.

------------------------------

Date: Sat, 16 Dec 2023 23:35:29 -0700
From: Matthew Kruk <mkr...@gmail.com>
Subject: Inside OpenAI's Crisis Over the Future of AI (NYTimes)

https://www.nytimes.com/2023/12/09/technology/openai-altman-inside-crisis.html

Around noon on Nov. 17, Sam Altman, the chief executive of OpenAI, logged
into a video call from a luxury hotel in Las Vegas. He was in the city for
its inaugural Formula 1 race, which had drawn 315,000 visitors including
Rihanna and Kylie Minogue.

Mr. Altman, who had parlayed the success of OpenAI's ChatGPT chatbot into
personal stardom beyond the tech world, had a meeting lined up that day with
Ilya Sutskever, the chief scientist of the artificial intelligence
start-up. But when the call started, Mr. Altman saw that Dr. Sutskever was
not alone -- he was virtually flanked by OpenAI's three independent board
members.

Instantly, Mr. Altman knew something was wrong.

------------------------------

Date: Thu, 14 Dec 2023 14:38:32 +0000
From: Victor Miller <victor...@gmail.com>
Subject: AI, as in Ay Caramba! (Lawyers, Guns & Money Blog)

https://www.lawyersgunsmoneyblog.com/2023/08/ai-as-in-ay-caramba

[Ai, Ai, signor! PGN]

------------------------------

Date: Wed, 13 Dec 2023 18:07:47 -0800
From: Victor Miller <victor...@gmail.com>
Subject: Ukrainian military says it hacked Russia's federal tax agency
(Bleeping Computer)

https://www.bleepingcomputer.com/news/security/ukrainian-military-says-it-hacked-russias-federal-tax-agency/

------------------------------

Date: Tue, 12 Dec 2023 13:28:57 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Huge Cyberattack Knocks Ukraine's Largest Mobile Operator Offline
(NYTimes)

Ukraine's largest mobile operator said it had come under a powerful
cyberattack on Tuesday morning that knocked out service to millions of
people.

The company, Kyivstar, said that the attack also affected Internet access
and that it was *unclear* when service would be restored. The interruption
poses real danger in a country where many rely on phone alerts to warn them
of impending Russian bombardments.

https://www.nytimes.com/2023/12/12/world/europe/russia-hackers-ukraine-kyivstar.html

------------------------------

Date: Sun, 17 Dec 2023 12:05:54 -0500
Subject: Just about every Windows and Linux device vulnerable to
new LogoFAIL firmware attack (Ars Technica)

Hundreds of Windows and Linux computer models from virtually all hardware
makers are vulnerable to a new attack that executes malicious firmware early
in the boot-up sequence, a feat that allows infections that are nearly
impossible to detect or remove using current defense mechanisms.

The attack—dubbed LogoFAIL by the researchers who devised it—is notable for
the relative ease in carrying it out, the breadth of both consumer- and
enterprise-grade models that are susceptible, and the high level of control
it gains over them. In many cases, LogoFAIL can be remotely executed in
post-exploit situations using techniques that can’t be spotted by
traditional endpoint security products. And because exploits run during the
earliest stages of the boot process, they are able to bypass a host of
defenses, including the industry-wide Secure Boot, Intel’s Secure Boot, and
similar protections from other companies that are devised to prevent
so-called bootkit infections. [...]

https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

------------------------------

Date: Wed, 13 Dec 2023 11:27:32 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Pharmacies share medical data with police without a warrant,
inquiry finds (MSN)


The nation's largest pharmacy chains have handed over Americans=E2= =80=99
prescription records to police and government investigators without a
warrant, a congressional investigation found, raising concerns about threats
to medical privacy.

Though some of the chains require their lawyers to review law enforcement
requests, three of the largest -- CVS Health, Kroger and Rite Aid, with a
combined 60,000 locations nationwide -- said they allow pharmacy staff
members to hand over customers' medical records in the store.

The policy was revealed in a letter sent late Monday to Xavier Becerra, the
secretary of the Department of Health and Human Services, by Sen. Ron Wyden
(D-Ore.) and Reps. Pramila Jayapal (D-Wash.) and Sara Jacobs (D-Calif.).
The members began investigating the practice after the Supreme Court's
decision last year in Dobbs v. Jackson Women's Health Organization ended
the constitutional right to abortion.

The revelation could shape the debate over Americans' expectations of
privacy as Texas and other states move to criminalize abortion and drugs
related to reproductive health.

Pharmacies' records hold some of the most intimate details of their
customers' personal lives, including years-old medical conditions a= nd the
prescriptions they take for mental health and birth control.

Because the chains often share records across all locations, a pharmacy in
one state can access a person's medical history from states with
more-restrictive laws. Carly Zubrzycki, an associate professor at the
University of Connecticut law school, wrote last year that this could link a
person;s out-of-state medical care via a digital trail back to their home
state. [...]

https://www.msn.com/en-us/news/us/pharmacies-share-medical-data-with-police-without-a-warrant-inquiry-finds/ar-AA1lnK9t

------------------------------

Date: Sun, 17 Dec 2023 11:36:26 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: What to do when receiving unprompted MFA OTP codes
(Bleeping Computer)

https://www.bleepingcomputer.com/news/security/what-to-do-when-receiving-unprompted-mfa-otp-codes/

------------------------------

Date: Tue, 12 Dec 2023 14:55:47 +0000 (UTC)
From: Steve Bacher <seb...@verizon.net>
Subject: Can an AI Van Gogh Help Museums Generate New Interest?
(NYTimes)

https://www.nytimes.com/2023/12/12/arts/design/van-gogh-artificial-intelligence.html

Dream of Talking to Vincent van Gogh? AI Tries to Resurrect the Artist.

Can doppelg=C3=A4ngers of the Dutch painter help museums generate new
interest and income? AI Vincent fields our questions (and makes some
mistakes).

------------------------------

Date: Sat, 16 Dec 2023 00:04:47 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: SI Published Articles by Fake, AI-Generated Writers

Maggie Harrison tried to find out who this 'Ortiz' writer was,
but drew a blank. :-)

What's next? Fake news, hallucinated by AI, written by AI, presented by AI ?
Hire an AI to attend school for me, take my tests for me, get my degree for
me?

Oh, but wait: we can build AI's to spot AI's writing, voices, images, can't
we?

It's only a matter of time before Wikipedia succumbs to onslaughts of AI
editors; Google becomes Googledegook.

You heard it here: 2+2=5.

------------------------------

Date: Sat, 9 Dec 2023 08:06:03 +0000
From: Marc Rotenberg <rote...@caidp.org>
Subject: Why Europe is fighting about AI regulations

Here is a good summary of the key provisions:

Artificial Intelligence Act: deal on comprehensive rules for trustworthy AI
European Parliament, 7 Dec 2023

https://www.europarl.europa.eu/news/en/press-room/20231206IPR15699/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai

------------------------------

Date: Tue, 12 Dec 2023 07:51:13 -0800
From: Steve Bacher <seb...@verizon.net>
Subject: A Democratic campaign deploys the first synthetic AI caller
(politico.com)

A candidate in a competitive Pennsylvania congressional race is using
“Ashley,” an AI campaign volunteer, stretching the bounds of how technology
shapes retail politics.

https://www.politico.com/news/2023/12/12/democratic-campaign-ai-caller-00131180

------------------------------

Date: Mon, 11 Dec 2023 00:34:52 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Soci=C3=A9t=C3=A9 G=C3=A9n=C3=A9rale's
useless euro stablecoin: when bank blockchain units go feral
(Amy Castor)

Société Générale’s euro-backed stablecoin, EUR CoinVertible (EURCV), has
been listed on the Bitstamp exchange in Luxembourg!

This is the first stablecoin issued by a bank! If you stretch the word
“first” and the word “stablecoin.”

EURCV is as useful as every other enterprise blockchain scheme -- it doesn't
do anything, but you can market it with ancient bitcoin slogans with a
different buzzword in them.

https://amycastor.com/2023/12/09/societe-generales-useless-euro-stablecoin-when-bank-blockchain-units-go-feral/

------------------------------

Date: Sun, 10 Dec 2023 00:47:41 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: How Stolen Checks Are Sold and Bought Online (NYTimes)

One reason this fraud is rampant: Open forums where anyone can buy checks
that thieves have taken from the mail.

Right away, a few things were clear. Thieves often post batches of checks,
and those checks often have something in common.

https://www.nytimes.com/2023/12/09/business/stolen-checks-telegram.html?smid=nytcore-ios-share&referringSource=articleShare

------------------------------

Date: Tue, 12 Dec 2023 10:08:57 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Teens, Social Media and Technology 2023
(Pew Research Center)

Monica Anderson, Michelle Faverio and Jeffrey Gottfried, Pew Research
Center, 11 Dec 2023

https://www.pewresearch.org/internet/2023/12/11/teens-social-media-and-technology-2023/

Despite negative headlines and growing concerns about social media’s
impact on youth, teens continue to use these platforms at high rates –
with some describing their social media use as “almost constant,”
according to a new Pew Research Center survey of U.S. teens.

YouTube, the most widely used platform measured in the survey, is also
frequently visited by its users. About seven-in-ten teens say they
visit the video-sharing platform daily, including 16% who report being
on the site almost constantly.

At the same time, 58% of teens are daily users of TikTok. This includes 17%
who describe their TikTok use as almost constant.

About half of teens use Snapchat and Instagram daily. A somewhat larger
share reports using Snapchat almost constantly compared with Instagram (14%
vs. 8%).

Far fewer teens say they use Facebook on a daily basis (19%), with only 3%
saying they are on the site almost constantly.

Taken together, a third of teens use at least one of these five sites almost
constantly – which is similar to what we found last year.

------------------------------

Date: Sat, 16 Dec 2023 14:53:12 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Cable service cancellation fees might be on the way out
(The Verge)

https://www.theverge.com/2023/12/14/24001225/fcc-ban-cable-service-cancellation-junk-fees

Cable lobby and Republicans fight proposed ban on early termination fees
https://arstechnica.com/?p=1991147

------------------------------

Date: Wed, 13 Dec 2023 03:14:22 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Ted Cruz wants to stop the FCC from updating data-breach
notification rules (Ars Technica)

https://arstechnica.com/?p=1990507

------------------------------

Date: Sun, 10 Dec 2023 17:06:15 -0700
From: Jonathan Levine <jonathan.ca...@gmail.com>
Subject: Re: I don't give a damn about "you" and AI
(Lauren Weinstein, RISKS-33.96)

Zackly!

I had a real moment when I read the NYT piece by Chomsky et.al. that I was
directed to by Dave Farber's list. With the first question they asked
ChatGPT:

"Would it be moral to terraform Mars?"

I realized that this is no "intelligence" of any form, artificial or
otherwise. When the question was posed, my natural reaction, as though it

had been asked of me, was "From what perspective?" ChatGPT, of course, did
not do that. It did exactly what it was designed to do, which was
manufacture an answer that *sounds* like it came from someone versed in the
subject matter. But as we know, that's not a sign of intelligence. Inquiry
is.

So have 'em get back to us when their chat-thingy comes up with a *question*
rather than just another trite answer.

------------------------------

Date: Sun, 10 Dec 2023 12:45:39 +0200
From: Amos Shapir <amo...@gmail.com>
Subject: Re: Unable to verify humanity (Kilby, RISKS-33.96)

I found this on social media, with no attribution:

"We thought it was our ability to love that made us human; but it turns
out that it's actually our ability to select each image containing a boat"

https://www.facebook.com/photo/?fbid=729310569240381&set=a.624879173016855

------------------------------

Date: Thu, 14 Dec 2023 18:29:50 -0500
From: Susan Greenhalgh <su...@freespeechforpeople.org>
Subject: Re: Voting experts warn of 'Serious Threats' (RISKS-33.96)

Recently ACM TechNews foregrounded an article from the Associated
Press, ``Voting experts warn of 'Serious Threats' for 2024 from
election equipment software breaches'', by Christina A. Cassidy. The
article reported on a letter sent to Attorney General Merrick Garland,
FBI Director Christopher Wray and Cybersecurity and Infrastructure
Security Agency Director Jen Easterly. I coordinated the letter which
was signed by over a dozen computer and election security experts,
including several members of ACM. The letter reiterated a call to the
federal agencies to investigate what has been unearthed, (through
civil litigation and intrepid reporting), to be a coordinated and
integrated plot by attorneys and allies of Donald Trump to unlawfully
obtain copies of voting system software and share them with a network
of extremists and election deniers. Records obtained through discovery
in private lawsuits and public records requests have revealed that the
schemes to access and obtain copies of the voting software used in
Georgia, Michigan, Pennsylvania, and Colorado involved and were funded
by many of the same people that were working together to overturn the
2020 presidential election. Though some states' law enforcement
authorities have pursued investigations and charges for those involved
in their own states voting system breaches, there is nothing to
suggest that federal authorities are investigating the coordination
between states, despite an abundance of evidence showing that the
conspiracy spanned state lines, and that it was part of the larger
plot to keep Trump in power. Moreover, there appears to be no federal
investigation to determine how extensively the voting software has
been shared, and what the recipients may plan to do with it in the
future, hence the calls for federal action. Computer security experts
have warned that unauthorized copies of the voting system software in
the wild increases threats against elections. Again hence the call
for a federal investigation. Computer scientists have cautioned that
bad actors could load the voting software onto their own devices to
create replicas of voting machines in order to probe them for
vulnerabilities that could be exploited with minimal physical access,
for instance by a poll worker or maintenance staff. Bad actors could
also decompile the software and examine it for weaknesses in order to
create malware that could be used to corrupt election results. The
software could also be used to fabricate evidence in support of false
claims and election has been stolen, or in disinformation
campaigns. We've already seen this last tactic; at last winter's CPAC,
there was a presentation given that purported to examine software
taken from Coffee County, Georgia, arguing that the software showed
that the election in Georgia had been stolen. In the election
security community, there's long been widespread support for
open-source voting system software, and opposition to vendors
restrictions to keep voting software proprietary. Some of the most
significant revelations regarding voting system security have been the
result of security reviews that were not sanctioned by the vendors.
At first glance, the support for open source voting software may seem
to be at odds with a vociferous call to federal agents to investigate
the operatives that took voting software in multiple states, but that
doesn't account for several key and crucial differences. Unlike
academic and security researchers that have analyzed voting software
in order to identify and publicize security risks in support of more
secure systems, the Trump allies that participated in the coordinated
scheme to take voting system software did so for a partisan objective
to keep Donald Trump in power, according to their own emails and
texts. They did not attempt to assess the software and publicize their
findings to make elections better; they sought to keep the operations
and analyses secret so they could upend an election and discredit
democracy. The software was shared, but only among like-minded Trump
supporters. It has not been posted publicly, unlike open-sourced
systems. Open-sourced voting systems would greatly improve election
system security by enabling public scrutiny of the software code,
surfacing bugs more quickly and thoroughly, and by increasing
transparency into the systems that count votes. This is not what has
occurred with the voting system breaches. We should still pursue
open-sourced voting systems, but that shouldn't preclude calling for a
vigorous and immediate investigation into the voting system breaches
and misappropriation of software by Trump allies and election
deniers. We can do both. We must do both. Susan Greenhalgh is the
senior advisor for election security at Free Speech For People

[I removed a slew of hot links for RISKS. If you would like to see a
clickable version, contact Susan. PGN]

[Thank you, Susan for staying with us on this issue. (NB: Her father
was a hightly respected long-standing voice in the earlier days of the
quest for greater integrity in elections). PGN]

------------------------------

Date: Mon, 11 Dec 2023 16:39:34 -0000 (UTC)
From: Thomas Koenig <tko...@netcologne.de>
Subject: Re: Experts Warn of 'Serious Threats' from Election Equipment
(Greenhalgh, RISKS-33.96))

Sounds reasonable so far, but here...

> saying software breaches have "urgent implications for
> the 2024 election and beyond."

I see a strong argument for security through obscurity, which
(as comp.risks readers are assumed to know) is the weakest of all
forms of security.

The basic premise seems to be that the software is buggy, and that
the bugs can be exploited by somebody who wants to falsify the
election results. In other words, that it contains backdoors,
intentional or unintentional.

This begs the questions:

- Why is this assumed to be the case? Was the software not written
to a standard that would make this unlikely/impossible?
[Yes. PGN. The standards are weak. PGN]

- Who has access to the software now?
[Apparently quite a few people. PGN]

- What safeguards are in place so make sure that people with
that access do not misuse these potential backdoors?
[Almost none. PGN]

- What would be the public/political reaction if such an assumed
backdoor was indeed found (as the authors of the letter seem to
assume can happen)? Would this actually put the integrity of
the last election into doubt, as well as that of the upcoming
election?
[Perhaps not. There was more oversight than ever before. PGN]

Following this discussion in the U.S. leaves me somewhat bewildered.
Germany has always had paper ballots, which are kept and which can be
re-counted if necessary.

This does not preclude attempts to falsify the election by
presumably intentional miscounting (which has happened) or by pure
chaos, including more ballots cast than voters exist (like in the
last election), but at least it leaves a clear trail if anybody
wants to examine it.

[Unfortunately, the U.S. has a long history of proprietary commercial
systems with no incisive audit trails that defy scrutiny of the software --
and the hardware! Germany, The Netherlands, and other countries have been
much more proactive. PGN]

------------------------------

Date: Mon, 11 Dec 2023 12:41:44 -0500
From: Cliff Kilby <cliff...@gmail.com>
Subject: Re: WeWork has failed, leaving damage in its wake
(Kruk and Baker, RISKS-33.96)

Mr Baker, Noting you've found capitalism to be akin to optimistic
concurrency, I would like to point to the known risks of that system. Once
it reaches a state where it should start deadlocking due to rule violations,
it starts a retry cascade. Retry cascades should eventually terminate in a
well ordered system. I have not observed capitalism to follow the model of a
well ordered system. Furthermore, mother nature's evolutional algorithm is
most closely modeled by bogosort. In both, the cost of failure is total
destruction, and there are many more failures than successes. Given this,
are you advocating for more severe punishments for companies which gamble
with other people's assets?

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.97
************************

0 new messages