info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 33.59
65 views
Skip to first unread message
RISKS List Owner
Jan 2, 2023, 7:25:02 PM1/2/23
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Monday 2 January 2023 Volume 33 : Issue 59
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.59>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: HAPPY NEW YEAR, with fewer risks? but perhaps more RISKS?
Vint Cerf and the Internet (Emily Bobrow)
Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme (WiReD)
Biometric devices sold on eBay reportedly contained sensitive U.S. military
data (NYTimes)
I bought a $15 router at Goodwill, and found a millionaire's dirty secrets
(Erin Keller)
FBI's Vetted Info-Sharing Network InfraGard Hacked (Krebs on Security)
Southwest COO explained that the company's outdated scheduling software
quickly became the main culprit of the cancellations once the storm
cleared. (CNN with comments from Gabe Goldberg and Richard M Stein)
Two Men Arrested For Conspiring With Russian Nationals To Hack the Taxi
Dispatch System At JFK Airport (U.S. DoJ)
Two men indicted for hacking a dozen Ring cameras and livestreaming swatting
attacks (The Verge)
As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing
temps go viral (Yahoo!)
Robocall company may receive the largest FCC fine ever (Engadget)
Calculations on Maryland college savings plans lead to account freeze
(WashPost via Jeremy Epstein)
Ransomware devastates the ALMA Observatory (Physics Today)
Windows: Still insecure after all these years (ZDNET)
Scammers Are Scamming Other Scammers Out of Millions of Dollars (WiReD)
Melbourne Lord Mayor says *vandalism* of QR codes for reporting graffiti `
*so frustrating* (ABC Australia)
Meta's new AI is skilled at a ruthless power-seeking game (WashPost)
Roomba with a View! (MIT Tech Review)
As e-bike fires rise, calls grow for education and regulation
(Smart Cities Dive)
Samsung Recalls Top-Load Washing Machines Due to Fire Hazard; Software
Repair Available (CPSC)
Apple's 'unprecedented' engineering snafu reportedly spoiled plans for more
powerful iPhone 14 Pro chip (Yahoo!)
Studies flag environmental impact of reentry (SpaceNews)
A Fight Over Automation Plans at U.S. Hydroelectric Dams (WiReD)
Their children went viral. Now they wish they could wipe them from the
Internet. (NBC News)
A dangerous side of America's digital divide: Who receives emergency alerts
(WashPost)
DDoS-for-hire sting hits 50 domains, seven people detained (The Register)
Card skimming devices found at 7-Eleven locations in Boston (The Globe)
Users report Google Calendar bug creating random, fake events (The Verge)
Server broke because it was invisibly designed to break (The Register)
Bad Santa at Rockettes' Christmas Spectacular (Ars Technica)
Celsius hearing, December 8: Selling GK8 to Galaxy Digital (Amy Castor)
Bankman-Fried's Cabal of Roommates in the Bahamas Ran His Crypto Empire --
and Dated. Other Employees Have Lots of Questions (Coindesk)
Sympathy for the crypto bros (Mother Jones via Gabe Goldberg)
Twitter dissolves Trust and Safety Council, Yoel Roth flees home (WashPost)
Cats disrupt satellite Internet service (Smithsonian Mag)
How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets (NYTimes)
Okta had another security incident, this time involving stolen source code
(Engadget)
There is great danger in training an AI to lie... (Alex Epstein)
Code-Generating AI Can Introduce Security Vulnerabilities (Kyle Wiggers)
Co-Pilot helps write insecure code (Rik Farrow)
ChatGPT Explains Why AIs like ChatGPT Should Be Regulated (SciAm)
New bot ChatGPT will force colleges to get creative to prevent cheating,
experts say (NBC News)
Re: Dreams of a Future in Big Tech Dim for Computer Science Students
(Gene Spafford)
Re: Pretty Smart AI (David Parnas, Steve Bacher )
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 19 Dec 2022 11:55:21 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Vint Cerf and the Internet (Emily Bobrow)
Vint Cerf Helped Create the Internet on the Back of an Envelope. Now
He's Calling for More Critical Thinking About How We Use It
Emily Bobrow, *The Wall Street Journal*, 16 Dec 2022
via ACM TechNews, 19 Dec 2022
Google Chief Internet Evangelist and 2004 ACM A.M. Turing Award co-recipient
Vint Cerf helped invent the Internet but acknowledges its downsides,
including its use for spreading misinformation and disinformation. Cerf says
addressing this "propagation problem" requires Google and similar companies
to better "understand how these mechanisms influence the way people behave."
He observes that although commercialization has broadened the Internet's
scope, feedback algorithms appear to be directing people toward "more
divisive and extreme stuff." Cerf urges more critical thinking to rein in
the Internet's sociological and psychological effects, while businesses must
make better efforts to contain online trolling, lying, bullying, and
surveillance.
[Is Emily a niece of Danny Bobrow (BBN, Xerox PARC, etc.), who was a
friend and colleague of Vint way back? PGN]
------------------------------
Date: Sun, 25 Dec 2022 02:53:06 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme
(WiReD)
According to prosecutors, two Queens men, Daniel Abayev and Peter Leyman,
worked with Russian hackers to gain access to the taxi dispatch system for
New York'sJFK airport. They then allegedly created a group chat where
drivers could secretly pay $10 to skip the sometimes hours-long line to be
assigned a pickupâabout a fifth of the $52 flat fee passengers pay for rides
from the airport to elsewhere in NYC. The indictment against the two men
doesn't name the Russians or detail exactly how they gained access to JFK's
dispatch system. But it notes that since 2019, Abayev and Leyman allegedly
schemed to get access to the system by multiple methods, including bribing
someone to insert a USB drive with malware into one of the dispatch
operators' computers, gaining unauthorized access to their systems via
Wi-Fi, and stealing one of their tablet computers. ``I know that the
Pentagon is being hacked,'' Abayev wrote to his Russian contacts in November
2019, according to the indictment, ``So, can't we hack the taxi
industry[?]''
Before the scheme was shut down, prosecutors say it was enabling as many as
a thousand fraudulent line-skips a day for drivers,
https://www.wired.com/story/russia-jfk-taxi-hack-security-roundup
[Monty noted this:
https://www.theverge.com/2022/12/22/23522275/nyc-russian-hack-jfk-airport-taxi-dispatch-system
]
------------------------------
Date: Wed, 28 Dec 2022 13:59:59 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Biometric devices sold on eBay reportedly contained sensitive U.S.
military data (NYTimes)
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html
By Kashmir Hill, John Ismay, Christopher F. Schuetze and Aaron Krolik,
*The New York Times*, 27 Dec 2022l
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html
The shoebox-shaped device, designed to capture fingerprints and perform iris
scans, was listed on eBay for $149.95. A German security researcher,
Matthias Marx, successfully offered $68, and when it arrived at his home in
Hamburg in August, the rugged, hand-held machine contained more than what
was promised in the listing.
The device's memory card held the names, nationalities, photographs,
fingerprints and iris scans of 2,632 people.
[Also noted by Jan Wolitzky, PGN]
------------------------------
Date: Wed, 28 Dec 2022 15:35:27 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Lawmakers Signal Inquiries Into U.S. Government's Use of Foreign
Spyware (NYTimes)
Senior lawmakers said they would investigate the government's purchase and
use of powerful spyware made by two Israeli hacking firms, as Congress
passed a measure in recent days to try to rein in the proliferation of the
hacking tools.
Representative Adam Schiff, the California Democrat who is chairman of the
House Intelligence Committee, sent a letter last week to the head of the
Drug Enforcement Administration asking for detailed information about the
agency's use of Graphite, a spyware tool produced by the Israeli company
Paragon.
``Such use could have potential implications for U.S. national security, as
well as run contrary to efforts to deter the broad proliferation of powerful
surveillance capabilities to autocratic regimes and others who may misuse
them,'' Mr. Schiff wrote in the letter.
Graphite, like the better-known Israeli hacking tool Pegasus, can penetrate
the mobile phones of its targets and extract messages, videos, photos and
other content. The New York Times revealed this month that the DEA was using
Graphite in its foreign operations. The agency has said it uses the tool
legally and only outside the United States, but has not answered questions
about whether American citizens can be targeted with the hacking tool.
https://www.nytimes.com/2022/12/28/us/politics/spyware-israel-dea-fbi.htm
------------------------------
Date: Fri, 30 Dec 2022 10:32:59 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: I bought a $15 router at Goodwill, and found a millionaire's
dirty secrets (Erin Keller)
Erin Keller, *The New York Post*, 28 Decee 2022
A German TikToker, who goes by the name @dankeunextgay on the platform, is
going viral for detailing the juicy documents and photos he claims to have
found on a $15 Apple Time Capsule he allegedly purchased from the thrift
retailer.
In his 14 Dec 2022 video, the TikToker showed viewers his MacBook being
backed up by the previous owner's files that dated back to 2010, when the
wireless router was reportedly last used.
https://nypost.com/2022/12/28/i-bought-a-15-router-at-goodwill-and-found-a-millionaires-dirty-secrets/
------------------------------
Date: Thu, 15 Dec 2022 01:01:35 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: FBI's Vetted Info-Sharing Network InfraGard Hacked
(Krebs on Security)
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI)
to build cyber and physical threat information sharing partnerships with the
private sector, this week saw its database of contact information on more
than 80,000 members go up for sale on an English-language cybercrime forum.
Meanwhile, the hackers responsible are communicating directly with members
through the InfraGard portal online -- using a new account under the assumed
identity of a financial industry CEO that was vetted by the FBI itself.
https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/
------------------------------
Date: Wed, 28 Dec 2022 12:38:28 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Southwest COO explained that the company's outdated scheduling
software quickly became the main culprit of the cancellations once the
storm cleared.
The extreme cold, ice and snow grounded planes and left some crew members
stranded, so Southwest's crew schedulers worked furiously to put a new
schedule together, matching available crew with aircraft that were ready to
fly. But the Federal Aviation Administration strictly regulates when flight
crews can work, complicating Southwest's scheduling efforts.
``The process of matching up those crew members with the aircraft could not
be handled by our technology,'' Watterson said. ``The process of matching
up those crew members with the aircraft could not be handled by our
technology.''
Southwest ended up with planes that were ready to take off with available
crew, but the company's scheduling software wasn't able to match them
quickly and accurately, Watterson added. ``As a result, we had to ask our
crew schedulers to do this manually, and it's extraordinarily difficult.
That is a tedious, long process.'' Watterson noted that manual scheduling
left Southwest building an incredibly delicate house of cards that could
quickly tumble when the company encountered a problem. ``They would make
great progress, and then some other disruption would happen, and it would
unravel their work. So, we spent multiple days where we kind of got close
to finishing the problem, and then it had to be reset.''
https://amp.cnn.com/cnn/2022/12/27/business/southwest-airlines-service-meltdown/index.html
[Richard Marlon Stein noted this item:
Southwest didn't heed calls to upgrade tech before meltdown, unions say
https://www.washingtonpost.com/transportation/2022/12/28/southwest-airlines-flight-cancellations/
``The tools we use to recover from disruption serve us well, 99 percent of
the time,''
[Gabe Goldberg noted this item:
The Shameful Open Secret Behind Southwest's Failure (NYTimes)
https://www.nytimes.com/2022/12/31/opinion/southwest-airlines-computers.html
ore than 15,000 of its flights were canceled starting on Dec. 22,
including more than 2,300 canceled this past Thursday -- almost a week
after the storm had passed.
PGN]
------------------------------
Date: Fri, 23 Dec 2022 07:16:09 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Two Men Arrested For Conspiring With Russian Nationals To Hack
the Taxi Dispatch System At JFK Airport (U.S. DoJ)
Department of Justice U.S. Attorney's Office
Southern District of New York, 20 Dec 2022
https://www.justice.gov/usao-sdny/pr/two-men-arrested-conspiring-russian-nationals-hack-taxi-dispatch-system-jfk-airport
At all relevant times, taxi drivers who sought to pick up a fare at JFK
were required to wait in a holding lot at JFK before being dispatched to a
specific terminal by the Dispatch System. Taxi drivers were frequently
required to wait several hours in the lot before being dispatched to a
terminal and were dispatched in approximately the order in which they
arrived at the holding lot.
Beginning in 2019, ABAYEV and LEYMAN explored and attempted various
mechanisms to access the Dispatch System, including bribing someone to
insert a flash drive containing malware into computers connected to the
Dispatch System, obtaining unauthorized access to the Dispatch System via
a Wi-Fi connection, and stealing computer tablets connected to the
Dispatch System.
------------------------------
Date: Wed, 21 Dec 2022 10:04:13 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Two men indicted for hacking a dozen Ring cameras and livestreaming
swatting attacks (The Verge)
https://www.theverge.com/2022/12/20/23517973/ring-doorbells-swatting-yahoo-email-arrest
------------------------------
Date: Tue, 27 Dec 2022 16:23:20 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: As Tesla stock tanks, videos of Teslas malfunctioning in
below-freezing temps go viral
https://news.yahoo.com/videos-teslas-malfunctioning-below-freezing-215149907.html
------------------------------
Date: Sun, 25 Dec 2022 15:39:42 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Robocall company may receive the largest FCC fine ever (Engadget)
https://www.engadget.com/robocall-company-may-receive-the-largest-fine-ever-from-the-fcc-110759522.html
------------------------------
Date: Wed, 21 Dec 2022 22:07:43 -0500
From: Jeremy Epstein <jeremy.j...@gmail.com>
Subject: Calculations on Maryland college savings plans lead to account freeze
(WashPost)
https://www.washingtonpost.com/education/2022/12/21/maryland-529-college-tuition-savings/
Maryland, like most US states, offers a college savings plan. The
calculations of account values seem to have been incorrect, and the state is
having a hard time figuring out the correct values. In the meantime,
accounts are frozen, as is the ability to make withdrawals to pay for
college.
The only thing surprising about this to me is that it doesn't happen more
often -- the calculations for value must be pretty complex, and once a small
bug gets in, figuring out the right numbers can't be easy.
------------------------------
Date: Wed, 21 Dec 2022 15:36:01 +0000 (UTC)
From: Patrick Mock <pcm...@yahoo.com>
Subject: Ransomware devastates the ALMA Observatory (Physics Today)
Ransomware has shutdown the ALMA Observatory for over a month.
https://physicstoday.scitation.org/do/10.1063/PT.6.2.20221212a/full/
------------------------------
Date: Fri, 16 Dec 2022 01:53:19 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Windows: Still insecure after all these years (ZDNET)
OPINION: With every Windows release, Microsoft promises better security.
And, sometimes, it makes improvements. But then, well then, we see truly
ancient security holes show up yet again.
https://www.zdnet.com/article/windows-still-insecure-after-all-these-years/
------------------------------
Date: Sun, 11 Dec 2022 01:20:44 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Scammers Are Scamming Other Scammers Out of Millions of Dollars
(WiReD)
On cybercrime forums, user complaints about being duped may accidentally
expose their real identities.
Pretty funny: Nobody is immune to beingscammed online -- not even the people
running the scams. Cybercriminals using hacking forums to buy software
exploits and stolen login details keep falling for cons and are getting
ripped off thousands of dollars at a time, a new analysis has revealed. And
what's more, when the criminals complain that they are being scammed,
they're also leaving a trail of breadcrumbs of their own personal
information that could reveal their real-world identities to police and
investigators.
Hackers and cybercriminals often gather on specific forums and marketplaces
to do business with each other. They can advertise upcoming work they need
help with, sell databases of people's stolen passwords and credit card
information, or tout new security vulnerabilities that can be used to break
into people's devices or systems. However, these deals often donn't go to
plan.
The new research, published today by cybersecurity firm Sophos, examines
these failed transactions and the complaints people have made about them.
``Scammers scamming scammers on criminal forums and marketplaces is much
bigger than we originally thought it was,'' says Matt Wixey, researcher with
Sophos X-Ops who studied the marketplaces.
https://www.wired.com/story/cybercrime-hackers-scams-forums/
------------------------------
Date: Mon, 2 Jan 2023 08:20:07 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Melbourne Lord Mayor says *vandalism* of QR codes for reporting
graffiti *so frustrating* (ABC Australia)
Emma D'Agostino, ABC News Australia, Updated 1 Jan 2023
The City of Melbourne is investigating how much of a system for reporting
graffiti, using QR codes, has been vandalised. ,.. QR codes posted around
the Melbourne CBD have been overlaid with alternative codes. These codes,
which the ABC has seen, lead to a documentary about hip hop culture on
YouTube that explores graffiti as part of hip hop culture.
Melbourne Lord Mayor Sally Capp said it was not yet known how many of the QR
codes had been vandalised, but believed it was still small in number.
------------------------------
Date: Sun, 11 Dec 2022 23:46:47 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Meta's new AI is skilled at a ruthless power-seeking game
(WashPost)
The model is adept at negotiation and trickery. One expert called it "super
scary."
https://www.washingtonpost.com/technology/2022/12/01/meta-diplomacy-ai-cicero/
------------------------------
Date: Thu, 22 Dec 2022 14:55:18 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Roomba with a View! (MIT Tech Review)
[A Roomba cleaning robot with an imaging camera; what could possibly go
wrong?]
Eileen Guo, 19 Dec 2022
A Roomba recorded a woman on the toilet. How did screenshots end up on
Facebook?
https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/
In the fall of 2020, gig workers in Venezuela posted a series of images to
online forums where they gathered to talk shop. The photos were mundane, if
sometimes intimate, household scenes captured from low -- including some you
really wouldn't want shared on the Internet.
In one particularly revealing shot, a young woman in a lavender T-shirt sits
on the toilet, her shorts pulled down to mid-thigh. The images were not
taken by a person, but by development versions of iRobot's Roomba J7 series
robot vacuum. They were then sent to Scale AI, a startup that contracts
workers around the world to label audio, photo, and video data used to train
artificial intelligence. [...]
[There's always Room-ba for Improve-ment. PGN]
------------------------------
Date: Sun, 25 Dec 2022 02:46:51 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: As e-bike fires rise, calls grow for education and regulation
(Smart Cities Dive)
Li-ion batteries are "pretty unique fire hazards," said a spokesperson for
the National Fire Protection Association.
An increase in battery fires linked to electric bicycles has caught the
attention of municipal and federal officials, who point to public education
rather than bans as the best way to keep people safe.
As of late December, there were 206 e-bike fires in New York City in 2022,
more than double the number of fires that occurred the year prior, according
to a New York Fire Department spokesperson. Those e-bike fires are blamed
for 142 injuries in 2022, almost 80% more than in 2021, and six deaths. In
2020, there were just 44 e-bike fires, which were associated with 23
injuries and no deaths, the department said.
https://www.smartcitiesdive.com/news/e-bike-fires-rise-calls-grow-education-regulation-scooters-micromobility/639411/
------------------------------
Date: Fri, 23 Dec 2022 12:49:18 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Samsung Recalls Top-Load Washing Machines Due to Fire Hazard;
Software Repair Available (CPSC)
https://www.cpsc.gov/Recalls/2023/Samsung-Recalls-Top-Load-Washing-Machines-Due-to-Fire-Hazard-Software-Repair-Available
------------------------------
Date: Sun, 25 Dec 2022 15:41:14 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Apple's 'unprecedented' engineering snafu reportedly spoiled plans
for more powerful iPhone 14 Pro chip (Yahoo!)
https://news.yahoo.com/videos-teslas-malfunctioning-below-freezing-215149907.html
------------------------------
Date: Sat, 24 Dec 2022 12:18:22 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Studies flag environmental impact of reentry (SpaceNews)
*Megaconstellations promise a steady flow of de-orbiting debris. Can the sky
take it?*
Space hardware tumbling out of orbit may lead to unforeseen environmental
and climate impacts. Due to the growing scale and pace of launch activities,
what is needed is better monitoring of the situation, as well as regulation
to create an environmentally sustainable space industry.
Making that case is Jamie Shutler, associate professor of Earth observation
at the University of Exeter, Cornwall.
Shutler and colleagues authored the research paper Atmospheric Impacts of
the Space Industry Require Oversight in the August issue of the journal
*Nature Geoscience.*
Decreased satellite costs have led to large spacecraft constellations,
thereby creating a constant flow of de-orbiting debris as craft die and are
replaced. ``This debris could double the annual injection of aerosol
particle mass into the mesosphere,'' the paper explains, thereby increasing
the number of aluminum particles that can reach the stratosphere, where they
promote ozone loss.
Shutler told *SpaceNews, ``We are now realizing the full benefits of access
to space, but our understanding of the environmental impact of these
activities is currently limited. Maximizing these benefits whilst
minimizing the environmental impact is likely to become increasingly
important for science and industry.'' [...]
https://spacenews.com/studies-flag-environmental-impact-of-reentry/
------------------------------
Date: Tue, 13 Dec 2022 20:43:19 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A Fight Over Automation Plans at U.S. Hydroelectric Dams (WiReD)
The U.S. government says replacing staff with automation and remote
monitoring saves taxpayers money. Some workers fear accidents and
cyberattacks.
https://www.wired.com/story/a-fight-over-automation-plans-at-us-hydroelectric-dams
Maybe Tesla's full-function utterly safe automatic driving software can be
adapted to run hydro dams...
------------------------------
Date: Sun, 25 Dec 2022 19:02:25 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Their children went viral. Now they wish they could wipe them
from the Internet. (NBC News)
Children don't know about the Internet. hey don't know that their images
are going to live on forever."
https://www.nbcnews.com/pop-culture/influencers-parents-posting-kids-online-privacy-security-concerns-rcna55318
------------------------------
Date: Thu, 22 Dec 2022 17:58:34 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: A dangerous side of America's digital divide: Who receives
emergency alerts (WashPost)
People with little to no cellphone service, particularly in rural areas,
face danger as storms approach and they are unable to receive alerts and
make calls.
https://www.washingtonpost.com/climate-environment/2022/12/21/weather-alerts=
-storms-disasters/
------------------------------
Date: Mon, 19 Dec 2022 01:36:49 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: DDoS-for-hire sting hits 50 domains, seven people detained
(The Register)
https://www.theregister.com/2022/12/15/ddos_sites_takedown_fbi_europol/
------------------------------
Date: Fri, 23 Dec 2022 11:23:35 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Card skimming devices found at 7-Eleven locations in Boston
(The Globe)
Police said they expect other devices to be found in the city and beyond.
Card skimming devices are used to steal personal financial information.
https://www.boston.com/news/local-news/2022/12/22/card-skimming-devices-found-7-eleven-boston/
------------------------------
Date: Sun, 25 Dec 2022 15:38:30 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Users report Google Calendar bug creating random, fake events
(The Verge)
https://www.theverge.com/2022/12/23/23524555/google-calendar-ios-android-app-spam-events
------------------------------
Date: Mon, 19 Dec 2022 01:32:24 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Server broke because it was invisibly designed to break
(The Register)
https://www.theregister.com/2022/12/16/on_call/
------------------------------
Date: Fri, 23 Dec 2022 02:47:29 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Bad Santa at Rockettes' Christmas Spectacular (Ars Technica)
Bad Santa does facial recognition at Radio City Music Hall (owned by James
Dolan, as is MSG Entertainment):
He sees you when you are suing
He knows when you litigate
He knows if you've been bad or good
So be good for goodness sake
You better watch out, you better not cry
You better not pout, I'm telling you why
Santa Claus is kicking you down town
https://arstechnica.com/tech-policy/2022/12/facial-recognition-flags-girl-scout-mom-as-security-risk-at-rockettes-show/
------------------------------
Date: Sun, 11 Dec 2022 01:49:39 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Celsius hearing, December 8: Selling GK8 to Galaxy Digital
(Amy Castor)
Celsius is bankrupt, with liabilities that are hugely greater than its
assets. So they're selling what can be sold -- such as subsidiaries that are
solvent going concerns.
Celsius bought Israeli crypto custody company GK8 in October 2021 for $115
million -- $100 million in cash, and the rest in their own CEL tokens. Now
Celsius wants to sell GK8 to Mike Novogratz's Galaxy Digital for $44
million, plus $100,000 assumed liabilities (debts that Galaxy will be
responsible for). This is a huge loss -- but Galaxy was the only qualified
bidder. [...]
It's important to keep in mind that this week's hearings have been furious
arguments over the alignment of the deck chairs on the Titanic. But the
iceberg is still there. Celsius is flat broke. There's no business. There
are pennies left for creditors at best. Celsius is a shambling zombie. It
should have been liquidated in July.
https://amycastor.com/2022/12/10/celsius-hearing-december-8-selling-gk8-to-galaxy-digital/
I sure can't completely follow these narratives but the writing is
brilliant and details are grimly laughable.
------------------------------
Date: Tue, 13 Dec 2022 20:27:27 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Bankman-Fried's Cabal of Roommates in the Bahamas Ran His Crypto
Empire -- and Dated. Other Employees Have Lots of Questions (Coindesk)
CoinDesk spoke to several current and former FTX and Alameda employees who
agreed to talk on the condition of anonymity, citing ongoing harassment and
death threats due to the exchangeâs solvency issues. And they said
essentially this: It's a place full of conflicts of interest, nepotism and
lack of oversight.
``The whole operation was run by a gang of kids in the Bahamas,'' a person
familiar with the matter told CoinDesk on the condition of anonymity.
FTX and Alameda employees CoinDesk interviewed say they have been kept in
the dark about the events of the past week, adding that only CEO
Bankman-Fried's inner circle may have had knowledge that the exchange, as
reported by the Wall Street Journal, siphoned customer funds into corporate
sibling Alameda.
https://www.coindesk.com/business/2022/11/10/bankman-frieds-cabal-of-roommates-in-the-bahamas-ran-his-crypto-empire-and-dated-other-employees-have-lots-of-questions/
------------------------------
Date: Tue, 13 Dec 2022 20:38:06 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Sympathy for the crypto bros (Mother Jones)
Things are falling apart for Sam Bankman-Fried, the FTX founder who
allegedly defrauded investors before filing bankruptcy and spelling
financial ruin for crypto investors, including, as my colleague Ali Breland
has reported, those who weren't very rich to start out with.
Yesterday, SBF, as he's known, was arrested in the Bahamas. Today, federal
prosecutors filed eight charges against him, including wire fraud, money
laundering, and making illegal campaign donations. This is all very bad, but
I have mainly been interested in SBF's apparent relationships with
co-workers and business associates, which, as Intelligencer pointed out, are
more than just salacious details and actually pretty important to
understanding the company's power dynamics.
While it's easy to dismiss the plight of people who invested in
cryptocurrency, you can't really blame people for investing in
get-rich-quick schemes when wealth inequality is widening and home ownership
is a pipe dream for many members of the younger generations. "The moral
question upon seeing the gap between owners and buyers, between the poor and
ultra-rich, between capitalist owners and workers, is how do we end it?" Ali
wrote last year. "Yet in an economy where most people work long hours, are
struggling to get by, and have deeply internalized the status quo, that
question becomes: How do I get in?"
https://link.motherjones.com/view/5eb475c1b01fd7378a674535hufgc.sdi/02467db4
Not all victims were downtrodden proles. How about the well-off who should
have known better? Or did, just figuring there's be bigger fools to buy
them out nicely. Then the music stopped.
------------------------------
Date: Mon, 12 Dec 2022 20:50:16 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Twitter dissolves Trust and Safety Council, Yoel Roth flees home
(WashPost)
Meanwhile, a former top Twitter official fled his home amid attacks
following Musk tweets.
https://www.washingtonpost.com/technology/2022/12/12/musk-twitter-harass-yoel-roth
------------------------------
Date: Mon, 2 Jan 2023 13:29:44 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Cats disrupt satellite Internet service (Smithsonian Mag)
Okay, enough with the stories of rats chewing through data cables and
squirrels self-immolating to cause power blackouts. Here's a story of cats
disrupting satellite Internet service because they discovered that Elon
Musk's Starlink dishes are heated (to prevent snow build-up disrupting
Satellite Internet service [!!!]). Cute cat pix included.
https://www.smithsonianmag.com/smart-news/outdoor-cats-are-using-500-starlink-satellite-dishes-as-self-heating-beds-180979401/
------------------------------
Date: Mon, 19 Dec 2022 14:53:52 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets
(NYTimes)
How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets
https://www.nytimes.com/interactive/2022/12/19/technology/twitter-bots-china-protests-elon-musk.html
------------------------------
Date: Thu, 22 Dec 2022 14:44:22 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Okta had another security incident, this time involving stolen
source code (Engadget)
Okta had another security incident, this time involving stolen source code
https://www.engadget.com/okta-stolen-source-code-205601214.html
ALSO:
Okta says source code for Workforce Identity Cloud service was copied
(Ars Technica)
https://arstechnica.com/information-technology/2022/12/okta-says-source-code-for-workforce-identity-cloud-service-was-copied/
------------------------------
Date: Sat, 24 Dec 2022 08:43:29 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: There is great danger in training an AI to lie...
https://twitter.com/AlexEpstein/status/1606347326624215040
------------------------------
Date: Fri, 30 Dec 2022 12:09:31 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Code-Generating AI Can Introduce Security Vulnerabilities
(Kyle Wiggers)
Kyle Wiggers, TechCrunch, 28 Dec 2022, via ACM TechNews, 30 Dec 2022
Software engineers who use code-generating artificial intelligence (AI)
systems are more likely to cause security vulnerabilities in the apps they
develop, according to researchers affiliated with Stanford University. Their
study looked at Codex, an AI code-generating system developed by research
lab OpenAI. The researchers recruited developers to use Codex to complete
security-related problems across programming languages, including Python,
JavaScript, and C. Participants who had access to Codex were more likely to
write incorrect and *insecure* solutions to programming problems compared to
a control group, and they were more likely to say that their insecure
answers were secure compared to the people in the control.
------------------------------
Date: Tue, 27 Dec 2022 09:35:15 -0700
From: Rik Farrow <r...@rikfarrow.com>
Subject: Co-Pilot helps write insecure code
An article in *The Register* (including the word 'boffins') describes two
papers that show that programmers using Co-Pilot think they write more
secure code, but actually are doing the opposite:
https://www.theregister.com/2022/12/21/ai_assistants_bad_code/
Does this suggest that if Skynet becomes a reality, it can be hacked? More
likely, that the training code used for Co-Pilot started out as insecure
and buggy.
------------------------------
Date: Thu, 29 Dec 2022 02:18:52 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: ChatGPT Explains Why AIs like ChatGPT Should Be Regulated
(Scientific American)
https://www.scientificamerican.com/article/chatgpt-explains-why-ais-like-chatgpt-should-be-regulated/
I'm surprised ChatGPT -- AI generally -- didn't suggest self-regulation. The
AI-authoring industry appears to favor that approach versus explainability
via Hagras' criteria
(https://www.researchgate.net/publication/328088140_Toward_Human-Understandable_Explainable_AI)
or the equivalent.
------------------------------
Date: Sun, 25 Dec 2022 18:38:42 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: New bot ChatGPT will force colleges to get creative to prevent
cheating, experts say (NBC News)
New bot ChatGPT will force colleges to get creative to prevent cheating,
experts say
Those who work with AI in their classrooms said they're not panicking about
ChatGPT, which went viral after its launch last week.
https://www.nbcnews.com/tech/chatgpt-can-generate-essay-generate-rcna60362
------------------------------
Date: Sun, 11 Dec 2022 11:45:24 -0500
From: Gene Spafford <sp...@purdue.edu>
Subject: Re: Dreams of a Future in Big Tech Dim for Computer Science
Students (RISKS-33.57)
> I have no idea how many computer science curricula include relevant
> courses today.
ABET certification requires coverage of ethics. The ACM/IEEE curricular
recommendations include ethics. So, common curricula generally include the
topic.
Of course, that doesn't mean that it is covered in any meaningful way. I
know some institutions give it only a passing mention. At others, it is
likely a topic at the end of some courses that is viewed as expendable when
there is more to cover from the syllabus than there is class time in the
semester. Thankfully, this is not the case everywhere.
I haven't found meaningful coverage in many textbooks, which means it is
easy to overlook. For faculty who are uncomfortable with the topic, or who
have no experience in presenting it, this often means the topic is given
superficial (if any) coverage in classes.
In a sense, professional ethics is a CS topic similar to writing safe code:
It is in the syllabi at most schools but given only a vague hand wave at too
many schools because the potential employers of students are more interested
in a few more weeks of instruction in some fad topic. In the view of
faculty, students are more likely to get employed if they know how to build
a blockchain or ML system rather than spend time learning how to employ them
in an ethical manner, and recent news continues to illustrate the problems
with that approach.
To relate a particular positive example: I include a section on professional
ethics in every course I have taught at Purdue since I got here 35 years
ago. I have created both an undergrad and a grad course that include
multi-week discussions of ethics (and bias, logical fallacies, and
misinformation, among other topics) that seem to be well-received by
students, although both are electives. A decade ago, the department adopted
an ethics requirement for grad students. This involves an introductory
lecture that I give and a requirement to complete the CITI course on
responsible conduct of research.
I'm told by people at companies and government agencies (and by alumni) that
they wish other schools devoted time and resources to the topic the way we
do. Meanwhile, I know we could do more at the undergrad level.
(I'm writing this as someone who has participated in the development of the
last 2 iterations of the ACM Code of Professional Ethics, as an attendee of
Terry Bynum's '81 conference[*], and as leader of ACM's committee on
publication ethics. So I cannot make any claim to being a *typical* faculty
member in this regard or that the Purdue experience is more generalizable.)
The science-fiction stories of rogue AI, concerns about autonomous weapons
systems, issues of cryptocurrency fraud, and the other topics we have seen
for decades in RISKS (thanks, Peter) are not solely traceable to technical
faults -- or even primarily traceable to the technology. They are based on
choices and decisions by people who, too often, are thinking about whether
they can do something rather than whether it is proper to do those things,
and evaluating the consequences.
We can definitely do better.
[Thanks, Spaf. Having known you for so long, this is very helpful.
Please note:
Ethics, Liability, and Responsibility (Gene Spafford),
RISKS-5.60 18 Nov 87
* Also, two of Terry Bynum's meetings that we both attended were
NSF Ethics Panel, 1 Nov 1989 at SRI WashDC, and
The National Conference on Computing and Values, 12-16 Aug 1991 New Haven.
PGN]
------------------------------
Date: Mon, 19 Dec 2022 06:18:51 +0000
From: Parnas, David <par...@mcmaster.ca>
Subject: Re: Pretty Smart AI (RISKS-33.58)
> A more interesting question is, ``What would Joe Weizenbaum think about
> ChatGPT?" I think he would be turning over in his grave seeing his
> lessons about Eliza forgotten.
An even more interesting question is, ``Would anyone trust that technology
if the results mattered?'' Who?
------------------------------
Date: Tue, 20 Dec 2022 13:06:23 -0800
From: Steve Bacher <seb...@verizon.net>
Subject: Re: Pretty Smart AI (RISKS-33.58)
> Q: What is the difference between lento and adagio?//
> A: Lento is a tempo marking that indicates a slow and leisurely pace, while
> adagio is a tempo marking that indicates a slower and more solemn pace.
> C: Correct.
> G: *Lento -- slowly (40--45 BPM)**
> *Largo -- Broadly (45--50 BPM)*//*
> *Adagio --slow and stately (literally, at ease=) (55--65 BPM)*/(
Those answers appear inconsistent with one another. Google demonstrates that
adagio is faster than either lento or largo, but GPT-3's response seems to
claim that adagio is slower than lento. Maybe GPT-3 is going by the
principle that "slow" is slower than "slower," but that's not how one reads
it when the statements are adjacent to one another.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.59
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.59>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: HAPPY NEW YEAR, with fewer risks? but perhaps more RISKS?
Vint Cerf and the Internet (Emily Bobrow)
Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme (WiReD)
Biometric devices sold on eBay reportedly contained sensitive U.S. military
data (NYTimes)
I bought a $15 router at Goodwill, and found a millionaire's dirty secrets
(Erin Keller)
FBI's Vetted Info-Sharing Network InfraGard Hacked (Krebs on Security)
Southwest COO explained that the company's outdated scheduling software
quickly became the main culprit of the cancellations once the storm
cleared. (CNN with comments from Gabe Goldberg and Richard M Stein)
Two Men Arrested For Conspiring With Russian Nationals To Hack the Taxi
Dispatch System At JFK Airport (U.S. DoJ)
Two men indicted for hacking a dozen Ring cameras and livestreaming swatting
attacks (The Verge)
As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing
temps go viral (Yahoo!)
Robocall company may receive the largest FCC fine ever (Engadget)
Calculations on Maryland college savings plans lead to account freeze
(WashPost via Jeremy Epstein)
Ransomware devastates the ALMA Observatory (Physics Today)
Windows: Still insecure after all these years (ZDNET)
Scammers Are Scamming Other Scammers Out of Millions of Dollars (WiReD)
Melbourne Lord Mayor says *vandalism* of QR codes for reporting graffiti `
*so frustrating* (ABC Australia)
Meta's new AI is skilled at a ruthless power-seeking game (WashPost)
Roomba with a View! (MIT Tech Review)
As e-bike fires rise, calls grow for education and regulation
(Smart Cities Dive)
Samsung Recalls Top-Load Washing Machines Due to Fire Hazard; Software
Repair Available (CPSC)
Apple's 'unprecedented' engineering snafu reportedly spoiled plans for more
powerful iPhone 14 Pro chip (Yahoo!)
Studies flag environmental impact of reentry (SpaceNews)
A Fight Over Automation Plans at U.S. Hydroelectric Dams (WiReD)
Their children went viral. Now they wish they could wipe them from the
Internet. (NBC News)
A dangerous side of America's digital divide: Who receives emergency alerts
(WashPost)
DDoS-for-hire sting hits 50 domains, seven people detained (The Register)
Card skimming devices found at 7-Eleven locations in Boston (The Globe)
Users report Google Calendar bug creating random, fake events (The Verge)
Server broke because it was invisibly designed to break (The Register)
Bad Santa at Rockettes' Christmas Spectacular (Ars Technica)
Celsius hearing, December 8: Selling GK8 to Galaxy Digital (Amy Castor)
Bankman-Fried's Cabal of Roommates in the Bahamas Ran His Crypto Empire --
and Dated. Other Employees Have Lots of Questions (Coindesk)
Sympathy for the crypto bros (Mother Jones via Gabe Goldberg)
Twitter dissolves Trust and Safety Council, Yoel Roth flees home (WashPost)
Cats disrupt satellite Internet service (Smithsonian Mag)
How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets (NYTimes)
Okta had another security incident, this time involving stolen source code
(Engadget)
There is great danger in training an AI to lie... (Alex Epstein)
Code-Generating AI Can Introduce Security Vulnerabilities (Kyle Wiggers)
Co-Pilot helps write insecure code (Rik Farrow)
ChatGPT Explains Why AIs like ChatGPT Should Be Regulated (SciAm)
New bot ChatGPT will force colleges to get creative to prevent cheating,
experts say (NBC News)
Re: Dreams of a Future in Big Tech Dim for Computer Science Students
(Gene Spafford)
Re: Pretty Smart AI (David Parnas, Steve Bacher )
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 19 Dec 2022 11:55:21 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Vint Cerf and the Internet (Emily Bobrow)
Vint Cerf Helped Create the Internet on the Back of an Envelope. Now
He's Calling for More Critical Thinking About How We Use It
Emily Bobrow, *The Wall Street Journal*, 16 Dec 2022
via ACM TechNews, 19 Dec 2022
Google Chief Internet Evangelist and 2004 ACM A.M. Turing Award co-recipient
Vint Cerf helped invent the Internet but acknowledges its downsides,
including its use for spreading misinformation and disinformation. Cerf says
addressing this "propagation problem" requires Google and similar companies
to better "understand how these mechanisms influence the way people behave."
He observes that although commercialization has broadened the Internet's
scope, feedback algorithms appear to be directing people toward "more
divisive and extreme stuff." Cerf urges more critical thinking to rein in
the Internet's sociological and psychological effects, while businesses must
make better efforts to contain online trolling, lying, bullying, and
surveillance.
[Is Emily a niece of Danny Bobrow (BBN, Xerox PARC, etc.), who was a
friend and colleague of Vint way back? PGN]
------------------------------
Date: Sun, 25 Dec 2022 02:53:06 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Russians Hacked JFK Airport Taxi Dispatch in Line-Skipping Scheme
(WiReD)
According to prosecutors, two Queens men, Daniel Abayev and Peter Leyman,
worked with Russian hackers to gain access to the taxi dispatch system for
New York'sJFK airport. They then allegedly created a group chat where
drivers could secretly pay $10 to skip the sometimes hours-long line to be
assigned a pickupâabout a fifth of the $52 flat fee passengers pay for rides
from the airport to elsewhere in NYC. The indictment against the two men
doesn't name the Russians or detail exactly how they gained access to JFK's
dispatch system. But it notes that since 2019, Abayev and Leyman allegedly
schemed to get access to the system by multiple methods, including bribing
someone to insert a USB drive with malware into one of the dispatch
operators' computers, gaining unauthorized access to their systems via
Wi-Fi, and stealing one of their tablet computers. ``I know that the
Pentagon is being hacked,'' Abayev wrote to his Russian contacts in November
2019, according to the indictment, ``So, can't we hack the taxi
industry[?]''
Before the scheme was shut down, prosecutors say it was enabling as many as
a thousand fraudulent line-skips a day for drivers,
https://www.wired.com/story/russia-jfk-taxi-hack-security-roundup
[Monty noted this:
https://www.theverge.com/2022/12/22/23522275/nyc-russian-hack-jfk-airport-taxi-dispatch-system
]
------------------------------
Date: Wed, 28 Dec 2022 13:59:59 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Biometric devices sold on eBay reportedly contained sensitive U.S.
military data (NYTimes)
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html
By Kashmir Hill, John Ismay, Christopher F. Schuetze and Aaron Krolik,
*The New York Times*, 27 Dec 2022l
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.html
The shoebox-shaped device, designed to capture fingerprints and perform iris
scans, was listed on eBay for $149.95. A German security researcher,
Matthias Marx, successfully offered $68, and when it arrived at his home in
Hamburg in August, the rugged, hand-held machine contained more than what
was promised in the listing.
The device's memory card held the names, nationalities, photographs,
fingerprints and iris scans of 2,632 people.
[Also noted by Jan Wolitzky, PGN]
------------------------------
Date: Wed, 28 Dec 2022 15:35:27 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Lawmakers Signal Inquiries Into U.S. Government's Use of Foreign
Spyware (NYTimes)
Senior lawmakers said they would investigate the government's purchase and
use of powerful spyware made by two Israeli hacking firms, as Congress
passed a measure in recent days to try to rein in the proliferation of the
hacking tools.
Representative Adam Schiff, the California Democrat who is chairman of the
House Intelligence Committee, sent a letter last week to the head of the
Drug Enforcement Administration asking for detailed information about the
agency's use of Graphite, a spyware tool produced by the Israeli company
Paragon.
``Such use could have potential implications for U.S. national security, as
well as run contrary to efforts to deter the broad proliferation of powerful
surveillance capabilities to autocratic regimes and others who may misuse
them,'' Mr. Schiff wrote in the letter.
Graphite, like the better-known Israeli hacking tool Pegasus, can penetrate
the mobile phones of its targets and extract messages, videos, photos and
other content. The New York Times revealed this month that the DEA was using
Graphite in its foreign operations. The agency has said it uses the tool
legally and only outside the United States, but has not answered questions
about whether American citizens can be targeted with the hacking tool.
https://www.nytimes.com/2022/12/28/us/politics/spyware-israel-dea-fbi.htm
------------------------------
Date: Fri, 30 Dec 2022 10:32:59 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: I bought a $15 router at Goodwill, and found a millionaire's
dirty secrets (Erin Keller)
Erin Keller, *The New York Post*, 28 Decee 2022
A German TikToker, who goes by the name @dankeunextgay on the platform, is
going viral for detailing the juicy documents and photos he claims to have
found on a $15 Apple Time Capsule he allegedly purchased from the thrift
retailer.
In his 14 Dec 2022 video, the TikToker showed viewers his MacBook being
backed up by the previous owner's files that dated back to 2010, when the
wireless router was reportedly last used.
https://nypost.com/2022/12/28/i-bought-a-15-router-at-goodwill-and-found-a-millionaires-dirty-secrets/
------------------------------
Date: Thu, 15 Dec 2022 01:01:35 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: FBI's Vetted Info-Sharing Network InfraGard Hacked
(Krebs on Security)
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI)
to build cyber and physical threat information sharing partnerships with the
private sector, this week saw its database of contact information on more
than 80,000 members go up for sale on an English-language cybercrime forum.
Meanwhile, the hackers responsible are communicating directly with members
through the InfraGard portal online -- using a new account under the assumed
identity of a financial industry CEO that was vetted by the FBI itself.
https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/
------------------------------
Date: Wed, 28 Dec 2022 12:38:28 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Southwest COO explained that the company's outdated scheduling
software quickly became the main culprit of the cancellations once the
storm cleared.
The extreme cold, ice and snow grounded planes and left some crew members
stranded, so Southwest's crew schedulers worked furiously to put a new
schedule together, matching available crew with aircraft that were ready to
fly. But the Federal Aviation Administration strictly regulates when flight
crews can work, complicating Southwest's scheduling efforts.
``The process of matching up those crew members with the aircraft could not
be handled by our technology,'' Watterson said. ``The process of matching
up those crew members with the aircraft could not be handled by our
technology.''
Southwest ended up with planes that were ready to take off with available
crew, but the company's scheduling software wasn't able to match them
quickly and accurately, Watterson added. ``As a result, we had to ask our
crew schedulers to do this manually, and it's extraordinarily difficult.
That is a tedious, long process.'' Watterson noted that manual scheduling
left Southwest building an incredibly delicate house of cards that could
quickly tumble when the company encountered a problem. ``They would make
great progress, and then some other disruption would happen, and it would
unravel their work. So, we spent multiple days where we kind of got close
to finishing the problem, and then it had to be reset.''
https://amp.cnn.com/cnn/2022/12/27/business/southwest-airlines-service-meltdown/index.html
[Richard Marlon Stein noted this item:
Southwest didn't heed calls to upgrade tech before meltdown, unions say
https://www.washingtonpost.com/transportation/2022/12/28/southwest-airlines-flight-cancellations/
``The tools we use to recover from disruption serve us well, 99 percent of
the time,''
[Gabe Goldberg noted this item:
The Shameful Open Secret Behind Southwest's Failure (NYTimes)
https://www.nytimes.com/2022/12/31/opinion/southwest-airlines-computers.html
ore than 15,000 of its flights were canceled starting on Dec. 22,
including more than 2,300 canceled this past Thursday -- almost a week
after the storm had passed.
PGN]
------------------------------
Date: Fri, 23 Dec 2022 07:16:09 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Two Men Arrested For Conspiring With Russian Nationals To Hack
the Taxi Dispatch System At JFK Airport (U.S. DoJ)
Department of Justice U.S. Attorney's Office
Southern District of New York, 20 Dec 2022
https://www.justice.gov/usao-sdny/pr/two-men-arrested-conspiring-russian-nationals-hack-taxi-dispatch-system-jfk-airport
At all relevant times, taxi drivers who sought to pick up a fare at JFK
were required to wait in a holding lot at JFK before being dispatched to a
specific terminal by the Dispatch System. Taxi drivers were frequently
required to wait several hours in the lot before being dispatched to a
terminal and were dispatched in approximately the order in which they
arrived at the holding lot.
Beginning in 2019, ABAYEV and LEYMAN explored and attempted various
mechanisms to access the Dispatch System, including bribing someone to
insert a flash drive containing malware into computers connected to the
Dispatch System, obtaining unauthorized access to the Dispatch System via
a Wi-Fi connection, and stealing computer tablets connected to the
Dispatch System.
------------------------------
Date: Wed, 21 Dec 2022 10:04:13 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Two men indicted for hacking a dozen Ring cameras and livestreaming
swatting attacks (The Verge)
https://www.theverge.com/2022/12/20/23517973/ring-doorbells-swatting-yahoo-email-arrest
------------------------------
Date: Tue, 27 Dec 2022 16:23:20 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: As Tesla stock tanks, videos of Teslas malfunctioning in
below-freezing temps go viral
https://news.yahoo.com/videos-teslas-malfunctioning-below-freezing-215149907.html
------------------------------
Date: Sun, 25 Dec 2022 15:39:42 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Robocall company may receive the largest FCC fine ever (Engadget)
https://www.engadget.com/robocall-company-may-receive-the-largest-fine-ever-from-the-fcc-110759522.html
------------------------------
Date: Wed, 21 Dec 2022 22:07:43 -0500
From: Jeremy Epstein <jeremy.j...@gmail.com>
Subject: Calculations on Maryland college savings plans lead to account freeze
(WashPost)
https://www.washingtonpost.com/education/2022/12/21/maryland-529-college-tuition-savings/
Maryland, like most US states, offers a college savings plan. The
calculations of account values seem to have been incorrect, and the state is
having a hard time figuring out the correct values. In the meantime,
accounts are frozen, as is the ability to make withdrawals to pay for
college.
The only thing surprising about this to me is that it doesn't happen more
often -- the calculations for value must be pretty complex, and once a small
bug gets in, figuring out the right numbers can't be easy.
------------------------------
Date: Wed, 21 Dec 2022 15:36:01 +0000 (UTC)
From: Patrick Mock <pcm...@yahoo.com>
Subject: Ransomware devastates the ALMA Observatory (Physics Today)
Ransomware has shutdown the ALMA Observatory for over a month.
https://physicstoday.scitation.org/do/10.1063/PT.6.2.20221212a/full/
------------------------------
Date: Fri, 16 Dec 2022 01:53:19 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Windows: Still insecure after all these years (ZDNET)
OPINION: With every Windows release, Microsoft promises better security.
And, sometimes, it makes improvements. But then, well then, we see truly
ancient security holes show up yet again.
https://www.zdnet.com/article/windows-still-insecure-after-all-these-years/
------------------------------
Date: Sun, 11 Dec 2022 01:20:44 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Scammers Are Scamming Other Scammers Out of Millions of Dollars
(WiReD)
On cybercrime forums, user complaints about being duped may accidentally
expose their real identities.
Pretty funny: Nobody is immune to beingscammed online -- not even the people
running the scams. Cybercriminals using hacking forums to buy software
exploits and stolen login details keep falling for cons and are getting
ripped off thousands of dollars at a time, a new analysis has revealed. And
what's more, when the criminals complain that they are being scammed,
they're also leaving a trail of breadcrumbs of their own personal
information that could reveal their real-world identities to police and
investigators.
Hackers and cybercriminals often gather on specific forums and marketplaces
to do business with each other. They can advertise upcoming work they need
help with, sell databases of people's stolen passwords and credit card
information, or tout new security vulnerabilities that can be used to break
into people's devices or systems. However, these deals often donn't go to
plan.
The new research, published today by cybersecurity firm Sophos, examines
these failed transactions and the complaints people have made about them.
``Scammers scamming scammers on criminal forums and marketplaces is much
bigger than we originally thought it was,'' says Matt Wixey, researcher with
Sophos X-Ops who studied the marketplaces.
https://www.wired.com/story/cybercrime-hackers-scams-forums/
------------------------------
Date: Mon, 2 Jan 2023 08:20:07 -0700
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Melbourne Lord Mayor says *vandalism* of QR codes for reporting
graffiti *so frustrating* (ABC Australia)
Emma D'Agostino, ABC News Australia, Updated 1 Jan 2023
The City of Melbourne is investigating how much of a system for reporting
graffiti, using QR codes, has been vandalised. ,.. QR codes posted around
the Melbourne CBD have been overlaid with alternative codes. These codes,
which the ABC has seen, lead to a documentary about hip hop culture on
YouTube that explores graffiti as part of hip hop culture.
Melbourne Lord Mayor Sally Capp said it was not yet known how many of the QR
codes had been vandalised, but believed it was still small in number.
------------------------------
Date: Sun, 11 Dec 2022 23:46:47 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Meta's new AI is skilled at a ruthless power-seeking game
(WashPost)
The model is adept at negotiation and trickery. One expert called it "super
scary."
https://www.washingtonpost.com/technology/2022/12/01/meta-diplomacy-ai-cicero/
------------------------------
Date: Thu, 22 Dec 2022 14:55:18 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Roomba with a View! (MIT Tech Review)
[A Roomba cleaning robot with an imaging camera; what could possibly go
wrong?]
Eileen Guo, 19 Dec 2022
A Roomba recorded a woman on the toilet. How did screenshots end up on
Facebook?
https://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/
In the fall of 2020, gig workers in Venezuela posted a series of images to
online forums where they gathered to talk shop. The photos were mundane, if
sometimes intimate, household scenes captured from low -- including some you
really wouldn't want shared on the Internet.
In one particularly revealing shot, a young woman in a lavender T-shirt sits
on the toilet, her shorts pulled down to mid-thigh. The images were not
taken by a person, but by development versions of iRobot's Roomba J7 series
robot vacuum. They were then sent to Scale AI, a startup that contracts
workers around the world to label audio, photo, and video data used to train
artificial intelligence. [...]
[There's always Room-ba for Improve-ment. PGN]
------------------------------
Date: Sun, 25 Dec 2022 02:46:51 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: As e-bike fires rise, calls grow for education and regulation
(Smart Cities Dive)
Li-ion batteries are "pretty unique fire hazards," said a spokesperson for
the National Fire Protection Association.
An increase in battery fires linked to electric bicycles has caught the
attention of municipal and federal officials, who point to public education
rather than bans as the best way to keep people safe.
As of late December, there were 206 e-bike fires in New York City in 2022,
more than double the number of fires that occurred the year prior, according
to a New York Fire Department spokesperson. Those e-bike fires are blamed
for 142 injuries in 2022, almost 80% more than in 2021, and six deaths. In
2020, there were just 44 e-bike fires, which were associated with 23
injuries and no deaths, the department said.
https://www.smartcitiesdive.com/news/e-bike-fires-rise-calls-grow-education-regulation-scooters-micromobility/639411/
------------------------------
Date: Fri, 23 Dec 2022 12:49:18 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Samsung Recalls Top-Load Washing Machines Due to Fire Hazard;
Software Repair Available (CPSC)
https://www.cpsc.gov/Recalls/2023/Samsung-Recalls-Top-Load-Washing-Machines-Due-to-Fire-Hazard-Software-Repair-Available
------------------------------
Date: Sun, 25 Dec 2022 15:41:14 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Apple's 'unprecedented' engineering snafu reportedly spoiled plans
for more powerful iPhone 14 Pro chip (Yahoo!)
https://news.yahoo.com/videos-teslas-malfunctioning-below-freezing-215149907.html
------------------------------
Date: Sat, 24 Dec 2022 12:18:22 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: Studies flag environmental impact of reentry (SpaceNews)
*Megaconstellations promise a steady flow of de-orbiting debris. Can the sky
take it?*
Space hardware tumbling out of orbit may lead to unforeseen environmental
and climate impacts. Due to the growing scale and pace of launch activities,
what is needed is better monitoring of the situation, as well as regulation
to create an environmentally sustainable space industry.
Making that case is Jamie Shutler, associate professor of Earth observation
at the University of Exeter, Cornwall.
Shutler and colleagues authored the research paper Atmospheric Impacts of
the Space Industry Require Oversight in the August issue of the journal
*Nature Geoscience.*
Decreased satellite costs have led to large spacecraft constellations,
thereby creating a constant flow of de-orbiting debris as craft die and are
replaced. ``This debris could double the annual injection of aerosol
particle mass into the mesosphere,'' the paper explains, thereby increasing
the number of aluminum particles that can reach the stratosphere, where they
promote ozone loss.
Shutler told *SpaceNews, ``We are now realizing the full benefits of access
to space, but our understanding of the environmental impact of these
activities is currently limited. Maximizing these benefits whilst
minimizing the environmental impact is likely to become increasingly
important for science and industry.'' [...]
https://spacenews.com/studies-flag-environmental-impact-of-reentry/
------------------------------
Date: Tue, 13 Dec 2022 20:43:19 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A Fight Over Automation Plans at U.S. Hydroelectric Dams (WiReD)
The U.S. government says replacing staff with automation and remote
monitoring saves taxpayers money. Some workers fear accidents and
cyberattacks.
https://www.wired.com/story/a-fight-over-automation-plans-at-us-hydroelectric-dams
Maybe Tesla's full-function utterly safe automatic driving software can be
adapted to run hydro dams...
------------------------------
Date: Sun, 25 Dec 2022 19:02:25 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Their children went viral. Now they wish they could wipe them
from the Internet. (NBC News)
Children don't know about the Internet. hey don't know that their images
are going to live on forever."
https://www.nbcnews.com/pop-culture/influencers-parents-posting-kids-online-privacy-security-concerns-rcna55318
------------------------------
Date: Thu, 22 Dec 2022 17:58:34 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: A dangerous side of America's digital divide: Who receives
emergency alerts (WashPost)
People with little to no cellphone service, particularly in rural areas,
face danger as storms approach and they are unable to receive alerts and
make calls.
https://www.washingtonpost.com/climate-environment/2022/12/21/weather-alerts=
-storms-disasters/
------------------------------
Date: Mon, 19 Dec 2022 01:36:49 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: DDoS-for-hire sting hits 50 domains, seven people detained
(The Register)
https://www.theregister.com/2022/12/15/ddos_sites_takedown_fbi_europol/
------------------------------
Date: Fri, 23 Dec 2022 11:23:35 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Card skimming devices found at 7-Eleven locations in Boston
(The Globe)
Police said they expect other devices to be found in the city and beyond.
Card skimming devices are used to steal personal financial information.
https://www.boston.com/news/local-news/2022/12/22/card-skimming-devices-found-7-eleven-boston/
------------------------------
Date: Sun, 25 Dec 2022 15:38:30 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Users report Google Calendar bug creating random, fake events
(The Verge)
https://www.theverge.com/2022/12/23/23524555/google-calendar-ios-android-app-spam-events
------------------------------
Date: Mon, 19 Dec 2022 01:32:24 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Server broke because it was invisibly designed to break
(The Register)
https://www.theregister.com/2022/12/16/on_call/
------------------------------
Date: Fri, 23 Dec 2022 02:47:29 +0000
From: Henry Baker <hba...@pipeline.com>
Subject: Bad Santa at Rockettes' Christmas Spectacular (Ars Technica)
Bad Santa does facial recognition at Radio City Music Hall (owned by James
Dolan, as is MSG Entertainment):
He sees you when you are suing
He knows when you litigate
He knows if you've been bad or good
So be good for goodness sake
You better watch out, you better not cry
You better not pout, I'm telling you why
Santa Claus is kicking you down town
https://arstechnica.com/tech-policy/2022/12/facial-recognition-flags-girl-scout-mom-as-security-risk-at-rockettes-show/
------------------------------
Date: Sun, 11 Dec 2022 01:49:39 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Celsius hearing, December 8: Selling GK8 to Galaxy Digital
(Amy Castor)
Celsius is bankrupt, with liabilities that are hugely greater than its
assets. So they're selling what can be sold -- such as subsidiaries that are
solvent going concerns.
Celsius bought Israeli crypto custody company GK8 in October 2021 for $115
million -- $100 million in cash, and the rest in their own CEL tokens. Now
Celsius wants to sell GK8 to Mike Novogratz's Galaxy Digital for $44
million, plus $100,000 assumed liabilities (debts that Galaxy will be
responsible for). This is a huge loss -- but Galaxy was the only qualified
bidder. [...]
It's important to keep in mind that this week's hearings have been furious
arguments over the alignment of the deck chairs on the Titanic. But the
iceberg is still there. Celsius is flat broke. There's no business. There
are pennies left for creditors at best. Celsius is a shambling zombie. It
should have been liquidated in July.
https://amycastor.com/2022/12/10/celsius-hearing-december-8-selling-gk8-to-galaxy-digital/
I sure can't completely follow these narratives but the writing is
brilliant and details are grimly laughable.
------------------------------
Date: Tue, 13 Dec 2022 20:27:27 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Bankman-Fried's Cabal of Roommates in the Bahamas Ran His Crypto
Empire -- and Dated. Other Employees Have Lots of Questions (Coindesk)
CoinDesk spoke to several current and former FTX and Alameda employees who
agreed to talk on the condition of anonymity, citing ongoing harassment and
death threats due to the exchangeâs solvency issues. And they said
essentially this: It's a place full of conflicts of interest, nepotism and
lack of oversight.
``The whole operation was run by a gang of kids in the Bahamas,'' a person
familiar with the matter told CoinDesk on the condition of anonymity.
FTX and Alameda employees CoinDesk interviewed say they have been kept in
the dark about the events of the past week, adding that only CEO
Bankman-Fried's inner circle may have had knowledge that the exchange, as
reported by the Wall Street Journal, siphoned customer funds into corporate
sibling Alameda.
https://www.coindesk.com/business/2022/11/10/bankman-frieds-cabal-of-roommates-in-the-bahamas-ran-his-crypto-empire-and-dated-other-employees-have-lots-of-questions/
------------------------------
Date: Tue, 13 Dec 2022 20:38:06 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Sympathy for the crypto bros (Mother Jones)
Things are falling apart for Sam Bankman-Fried, the FTX founder who
allegedly defrauded investors before filing bankruptcy and spelling
financial ruin for crypto investors, including, as my colleague Ali Breland
has reported, those who weren't very rich to start out with.
Yesterday, SBF, as he's known, was arrested in the Bahamas. Today, federal
prosecutors filed eight charges against him, including wire fraud, money
laundering, and making illegal campaign donations. This is all very bad, but
I have mainly been interested in SBF's apparent relationships with
co-workers and business associates, which, as Intelligencer pointed out, are
more than just salacious details and actually pretty important to
understanding the company's power dynamics.
While it's easy to dismiss the plight of people who invested in
cryptocurrency, you can't really blame people for investing in
get-rich-quick schemes when wealth inequality is widening and home ownership
is a pipe dream for many members of the younger generations. "The moral
question upon seeing the gap between owners and buyers, between the poor and
ultra-rich, between capitalist owners and workers, is how do we end it?" Ali
wrote last year. "Yet in an economy where most people work long hours, are
struggling to get by, and have deeply internalized the status quo, that
question becomes: How do I get in?"
https://link.motherjones.com/view/5eb475c1b01fd7378a674535hufgc.sdi/02467db4
Not all victims were downtrodden proles. How about the well-off who should
have known better? Or did, just figuring there's be bigger fools to buy
them out nicely. Then the music stopped.
------------------------------
Date: Mon, 12 Dec 2022 20:50:16 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Twitter dissolves Trust and Safety Council, Yoel Roth flees home
(WashPost)
Meanwhile, a former top Twitter official fled his home amid attacks
following Musk tweets.
https://www.washingtonpost.com/technology/2022/12/12/musk-twitter-harass-yoel-roth
------------------------------
Date: Mon, 2 Jan 2023 13:29:44 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: Cats disrupt satellite Internet service (Smithsonian Mag)
Okay, enough with the stories of rats chewing through data cables and
squirrels self-immolating to cause power blackouts. Here's a story of cats
disrupting satellite Internet service because they discovered that Elon
Musk's Starlink dishes are heated (to prevent snow build-up disrupting
Satellite Internet service [!!!]). Cute cat pix included.
https://www.smithsonianmag.com/smart-news/outdoor-cats-are-using-500-starlink-satellite-dishes-as-self-heating-beds-180979401/
------------------------------
Date: Mon, 19 Dec 2022 14:53:52 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets
(NYTimes)
How Bots Pushing Adult Content Drowned Out Chinese Protest Tweets
https://www.nytimes.com/interactive/2022/12/19/technology/twitter-bots-china-protests-elon-musk.html
------------------------------
Date: Thu, 22 Dec 2022 14:44:22 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Okta had another security incident, this time involving stolen
source code (Engadget)
Okta had another security incident, this time involving stolen source code
https://www.engadget.com/okta-stolen-source-code-205601214.html
ALSO:
Okta says source code for Workforce Identity Cloud service was copied
(Ars Technica)
https://arstechnica.com/information-technology/2022/12/okta-says-source-code-for-workforce-identity-cloud-service-was-copied/
------------------------------
Date: Sat, 24 Dec 2022 08:43:29 -0700
From: geoff goodfellow <ge...@iconia.com>
Subject: There is great danger in training an AI to lie...
https://twitter.com/AlexEpstein/status/1606347326624215040
------------------------------
Date: Fri, 30 Dec 2022 12:09:31 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Code-Generating AI Can Introduce Security Vulnerabilities
(Kyle Wiggers)
Kyle Wiggers, TechCrunch, 28 Dec 2022, via ACM TechNews, 30 Dec 2022
Software engineers who use code-generating artificial intelligence (AI)
systems are more likely to cause security vulnerabilities in the apps they
develop, according to researchers affiliated with Stanford University. Their
study looked at Codex, an AI code-generating system developed by research
lab OpenAI. The researchers recruited developers to use Codex to complete
security-related problems across programming languages, including Python,
JavaScript, and C. Participants who had access to Codex were more likely to
write incorrect and *insecure* solutions to programming problems compared to
a control group, and they were more likely to say that their insecure
answers were secure compared to the people in the control.
------------------------------
Date: Tue, 27 Dec 2022 09:35:15 -0700
From: Rik Farrow <r...@rikfarrow.com>
Subject: Co-Pilot helps write insecure code
An article in *The Register* (including the word 'boffins') describes two
papers that show that programmers using Co-Pilot think they write more
secure code, but actually are doing the opposite:
https://www.theregister.com/2022/12/21/ai_assistants_bad_code/
Does this suggest that if Skynet becomes a reality, it can be hacked? More
likely, that the training code used for Co-Pilot started out as insecure
and buggy.
------------------------------
Date: Thu, 29 Dec 2022 02:18:52 +0000
From: Richard Marlon Stein <rms...@protonmail.com>
Subject: ChatGPT Explains Why AIs like ChatGPT Should Be Regulated
(Scientific American)
https://www.scientificamerican.com/article/chatgpt-explains-why-ais-like-chatgpt-should-be-regulated/
I'm surprised ChatGPT -- AI generally -- didn't suggest self-regulation. The
AI-authoring industry appears to favor that approach versus explainability
via Hagras' criteria
(https://www.researchgate.net/publication/328088140_Toward_Human-Understandable_Explainable_AI)
or the equivalent.
------------------------------
Date: Sun, 25 Dec 2022 18:38:42 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: New bot ChatGPT will force colleges to get creative to prevent
cheating, experts say (NBC News)
New bot ChatGPT will force colleges to get creative to prevent cheating,
experts say
Those who work with AI in their classrooms said they're not panicking about
ChatGPT, which went viral after its launch last week.
https://www.nbcnews.com/tech/chatgpt-can-generate-essay-generate-rcna60362
------------------------------
Date: Sun, 11 Dec 2022 11:45:24 -0500
From: Gene Spafford <sp...@purdue.edu>
Subject: Re: Dreams of a Future in Big Tech Dim for Computer Science
Students (RISKS-33.57)
> I have no idea how many computer science curricula include relevant
> courses today.
ABET certification requires coverage of ethics. The ACM/IEEE curricular
recommendations include ethics. So, common curricula generally include the
topic.
Of course, that doesn't mean that it is covered in any meaningful way. I
know some institutions give it only a passing mention. At others, it is
likely a topic at the end of some courses that is viewed as expendable when
there is more to cover from the syllabus than there is class time in the
semester. Thankfully, this is not the case everywhere.
I haven't found meaningful coverage in many textbooks, which means it is
easy to overlook. For faculty who are uncomfortable with the topic, or who
have no experience in presenting it, this often means the topic is given
superficial (if any) coverage in classes.
In a sense, professional ethics is a CS topic similar to writing safe code:
It is in the syllabi at most schools but given only a vague hand wave at too
many schools because the potential employers of students are more interested
in a few more weeks of instruction in some fad topic. In the view of
faculty, students are more likely to get employed if they know how to build
a blockchain or ML system rather than spend time learning how to employ them
in an ethical manner, and recent news continues to illustrate the problems
with that approach.
To relate a particular positive example: I include a section on professional
ethics in every course I have taught at Purdue since I got here 35 years
ago. I have created both an undergrad and a grad course that include
multi-week discussions of ethics (and bias, logical fallacies, and
misinformation, among other topics) that seem to be well-received by
students, although both are electives. A decade ago, the department adopted
an ethics requirement for grad students. This involves an introductory
lecture that I give and a requirement to complete the CITI course on
responsible conduct of research.
I'm told by people at companies and government agencies (and by alumni) that
they wish other schools devoted time and resources to the topic the way we
do. Meanwhile, I know we could do more at the undergrad level.
(I'm writing this as someone who has participated in the development of the
last 2 iterations of the ACM Code of Professional Ethics, as an attendee of
Terry Bynum's '81 conference[*], and as leader of ACM's committee on
publication ethics. So I cannot make any claim to being a *typical* faculty
member in this regard or that the Purdue experience is more generalizable.)
The science-fiction stories of rogue AI, concerns about autonomous weapons
systems, issues of cryptocurrency fraud, and the other topics we have seen
for decades in RISKS (thanks, Peter) are not solely traceable to technical
faults -- or even primarily traceable to the technology. They are based on
choices and decisions by people who, too often, are thinking about whether
they can do something rather than whether it is proper to do those things,
and evaluating the consequences.
We can definitely do better.
[Thanks, Spaf. Having known you for so long, this is very helpful.
Please note:
Ethics, Liability, and Responsibility (Gene Spafford),
RISKS-5.60 18 Nov 87
* Also, two of Terry Bynum's meetings that we both attended were
NSF Ethics Panel, 1 Nov 1989 at SRI WashDC, and
The National Conference on Computing and Values, 12-16 Aug 1991 New Haven.
PGN]
------------------------------
Date: Mon, 19 Dec 2022 06:18:51 +0000
From: Parnas, David <par...@mcmaster.ca>
Subject: Re: Pretty Smart AI (RISKS-33.58)
> A more interesting question is, ``What would Joe Weizenbaum think about
> ChatGPT?" I think he would be turning over in his grave seeing his
> lessons about Eliza forgotten.
An even more interesting question is, ``Would anyone trust that technology
if the results mattered?'' Who?
------------------------------
Date: Tue, 20 Dec 2022 13:06:23 -0800
From: Steve Bacher <seb...@verizon.net>
Subject: Re: Pretty Smart AI (RISKS-33.58)
> Q: What is the difference between lento and adagio?//
> A: Lento is a tempo marking that indicates a slow and leisurely pace, while
> adagio is a tempo marking that indicates a slower and more solemn pace.
> C: Correct.
> G: *Lento -- slowly (40--45 BPM)**
> *Largo -- Broadly (45--50 BPM)*//*
> *Adagio --slow and stately (literally, at ease=) (55--65 BPM)*/(
Those answers appear inconsistent with one another. Google demonstrates that
adagio is faster than either lento or largo, but GPT-3's response seems to
claim that adagio is slower than lento. Maybe GPT-3 is going by the
principle that "slow" is slower than "slower," but that's not how one reads
it when the statements are adjacent to one another.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.59
************************
0 new messages