[33077] in RISKS Forum

home help back first fref pref prev next nref lref last post

Risks Digest 33.60

daemon@ATHENA.MIT.EDU (RISKS List Owner)
Mon Jan 16 15:26:07 2023

From: RISKS List Owner <risko@csl.sri.com>
Date: Mon, 16 Jan 2023 12:18:40 PST
To: risks@mit.edu

RISKS-LIST: Risks-Forum Digest  Monday 15 January 2023  Volume 33 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/33.60>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
NASA just brought a spacecraft 23 billion kilometres away to LIFE  and the
 results are Astonishing (ViralOnce)
Remote Vulnerabilities in Automobiles (Bruce Schneier)
Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites
 (Bill Toulas)
Cops Hacked Thousands of Phones. Was It Legal? (WiReD)
The next time scammers call your grandparents asking for money, it will be
 with your voice. (MPost)
Ransomware group LockBit apologizes saying 'partner' was behind SickKids
 attack (CBC-CA)
Matt Levine on Ransomware compliance (Joe Loughry)
Programming Languages: Why This Old Favorite Is on the Rise Again
 (Liam Tung)
3rd-party Twitter apps stop working without warning, leaks indicate Twitter
 did this intentionally (Engadget)
How ChatGPT Hijacks Democracy (*The New York Times*)
ChatGPT-Written Malware (Bruce Schneier)
Microsoft to challenge Google by integrating ChatGPT with Bing Search
 (The Verge)
A New Area of AI Booms, Even Amid the Tech Gloom (NYTimes)
Re: Pretty Smart AI (Jurek Kirakowski)
State of the cybersecurity art (NCSC UK via Gary Hinson)
Artist Banned from reddit/Art Because Mods Thought They Used AI (Vice)
Re: Calculations on Maryland college savings plans lead to account freeze)
 (Martin Ward)
Southwest airline disruption (Martin Ward)
Amazing Southwest story... (Paul Saffo)
The oven won't talk to the fridge: 'smart' homes struggle (techxplore.com)
Colorado ski town emergency dispatch centers fielding dozens of automated
 911 calls from skier iPhones (Jason Blevins via Paul Saffo)
Re: As Tesla stock tanks, videos of Teslas malfunctioning in below-freezing
 temps go viral (John Levine)
Re: Cats disrupt satellite Internet service (Henry Baker)
Re: I bought a $15 router at Goodwill, and found a millionaire's dirty
 secrets (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 9 Jan 2023 01:44:56 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: NASA just brought a spacecraft 23 billion kilometres away to LIFE
 and the results are Astonishing (ViralOnce)

Controllers assessing the probe's sent data have now declared that Voyager 1
is once again delivering accurate telemetry data to Earth.

From the very beginning, it was clear that the problem was connected to the
mechanism responsible for ensuring that the probeâs antenna was always
pointed towards Earth. If the antenna were to flip, we would lose
communication with the spaceship (and the history of space exploration knows
too many such cases).

The engineers discovered that this antenna control system had resumed
transmitting telemetry data via an on-board computer that had been
decommissioned for many years. This computer was responsible for distorting
the data, which ultimately arrived on Earth as a succession of nonsensical
facts.

Once this was determined, the engineers issued a command to the probe
instructing it to send the data via the appropriate computer. As he withdrew
his hand, the issue disappeared. Obviously, it takes time to determine if
the cure was effective.

In fact, Voyager 1 is already almost 23 billion kilometers from Earth, which
implies that the signal from Earth takes 22 hours to reach the probe. The
signal verifying the command's execution is also traveling towards the
Earth.

After the probe's health was fully restored, the issue emerged as to how it
could suddenly begin using a long-forgotten computer. In the next weeks,
experts will examine all computer logs from the spacecraft's onboard systems
to determine the source of the misunderstanding.

https://viralonce.xyz/nasa-just-brought-a-spacecraft-23-billion-kilometres-away-to-life-and-the-results-are-astonishing/

  The risks? Out-of-warranty equipment too remote for service calls,
  decommissioned computers suddenly awakening. The good news, of course -- a
  valuable lesson -- is system logs.

------------------------------

Date: Sun, 15 Jan 2023 15:55:00 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Remote Vulnerabilities in Automobiles (Bruce Schneier)

This group has found a ton of remote vulnerabilities in all sorts of
automobiles.

It' enough to make you want to buy a car that is not Internet-connected.
Unfortunately, that seems to be impossible.

https://www.schneier.com/blog/archives/2023/01/remote-vulnerabilities-in-automobiles.html

DC Auto Show is this week -- it'll be interesting grilling executives and
boothsters about this.

------------------------------

Date: Wed, 4 Jan 2023 11:44:01 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites
 (Bill Toulas)

Bill Toulas, BleepingComputer, 30 Dec 2022,
via ACM TechNews; Wednesday, January 4, 2023

Antivirus vendor Dr. Web disclosed a new Linux malware that exploits 30
flaws in multiple outdated WordPress plugins and themes to inject malicious
JavaScript and give attackers remote command capabilities. The vendor said
the trojan targets 32-bit and 64-bit Linux systems; it is mainly designed to
penetrate WordPress websites via a series of hardcoded exploits that run
successively until one breaks through. If the sites run outdated or
vulnerable plugins, the malware automatically injects malicious JavaScript
from its command-and-control server. The exploit is most effective on
abandoned sites, because infected pages can redirect visitors to a location
of the hacker's choosing. Dr. Web advised WordPress website admins to update
to the latest available version of the themes and plugins running on the
site, and to replace those that are no longer developed with alternatives
now being supported.

------------------------------

Date: Thu, 5 Jan 2023 16:03:16 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cops Hacked Thousands of Phones. Was It Legal? (WiReD)

When police infiltrated the EncroChat phone system in 2020, they hit an
intelligence gold mine. But subsequent legal challenges have spread across
Europe.

https://www.wired.com/story/encrochat-phone-police-hacking-encryption-drugs

------------------------------

Date: Mon, 9 Jan 2023 10:47:43 -0500
From: Steve Klein <steven@klein.us>
Subject: The next time scammers call your grandparents asking for money,
 it will be with your voice. (MPost)

Summary: VALL-E is a transformer-based TTS model that can generate speech in
any voice after hearing only a three-second sample of that voice.  This
could routinely enable participation in hearings & trials, bad actors might
replace an unfriendly witness with a live deepfake of that same person,
testifying against the interest of the person being faked.  [Garbled e-mail
PGN-ed]

Link: https://mpost.io/vall-e-microsofts-new-zero-shot-text-to-speech-model-can-duplicate-everyones-voice-in-three-seconds/

  It might be trite, but never more apt, to say ``The risks are obvious.''

------------------------------

Date: Mon, 2 Jan 2023 22:25:45 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Ransomware group LockBit apologizes saying 'partner' was behind
 SickKids attack (CBC-CA)

A global ransomware operator has issued a rare apology after it claims one
of its "partners" was behind a cyberattack on Canada's largest pediatric
medical centre.

LockBit, a ransomware group the U.S. Federal Bureau of Investigation has
called one of the most active and destructive in the world, posted a brief
statement on what cybersecurity experts say is its data leak site claiming
it has blocked its partner responsible for the attack on Toronto's Hospital
for Sick Children and offering the code to restore the system.

https://www.cbc.ca/news/canada/toronto/ransomware-group-sickkids-cybersecurity-update-1.6701688

------------------------------

Date: Fri, 6 Jan 2023 14:04:20 -0700
From: Joe Loughry <joe.loughry@gmail.com>
Subject: Matt Levine on Ransomware compliance

In Matt Levine's "Money Stuff" newsletter, 5 January 2023, he wrote about
cybercriminals' need to balance aggressiveness and risk:

  Ransomware compliance

  I continue to be fascinated by the role of chief compliance officer at a
  ransomware company. In general, the chief compliance officer at any
  company has a dial in front of her that she can turn to get More Crime or
  Less Crime, and at a normal company -- a bank, for instance -- her job
  consists of

    (1) turning it most of the way toward Less Crime, but (2) not all the
    way, and (3) acting very contrite when politicians and regulators yell
    at her about the residual crime.  ``We have a zero-tolerance
    policy for crime,'' she will say, and almost mean.

  But the chief compliance officer at a ransomware company -- I assume that
  this is not an actual job, but rather one of many hats worn by some senior
  executive at the ransomware company, though what do I know -- will turn
  the dial most of the way toward More Crime, since after all a ransomware
  company's whole business is crime, but, again, not all the way. Sometimes
  she will say no to crime, or at least act very contrite after doing crime.
  She will have, like, a 98% tolerance policy for crime.

  We have talked about this before, and one category of crime that a
  ransomware compliance officer might reject is ``hacks that are so big and
  disastrous that they could call down the wrath of the US government and
  shut down the whole business.''  But another category of off-limits crime
  appears to be hacks that are so morally reprehensible that they will lead
  to other criminals boycotting you business.''  Here is a wild story about
  a ransomware attack on Toronto's Hospital for Sick Children, which is
  really the sort of name that ought to make you immune from hacking:

  A global ransomware operator issued an apology and offered to unlock the
  data targeted in a ransomware attack on Toronto's Hospital for
  Sick Children, a move cybersecurity experts say is rare, if not
  unprecedented, for the infamous group.

  LockBit, a ransomware group the U.S. Federal Bureau of Investigation has
  called one of the world's most active and destructive, issued the
  brief apology on Dec. 31 to what cybersecurity experts say is the dark web
  page where it posts about its ransoms and data leaks.

  In the statement, reviewed directly by The Canadian Press, LockBit claimed
  to have blocked the partner responsible for the attack
  and offered SickKids a free decryptor to unlock its data.

  LockBit's apology, meanwhile, appears to be a way of managing its image,
  said [cybersecurity researcher Chester] Wisniewski.

  The group is competing with other high-profile malware operators who are
  also trying to court hackers to use their system to carry out lucrative
  cyberattacks, he said. Hackers appear to move between the operators
  frequently.

  He suggested the move could be directed at those partners who might see
  the attack on a children's hospital as a step too far.

  ``My instinct would be this is more aimed at criminal affiliates
  themselves trying to not disgust them into switching into a different
  ransom group,'' said Wisniewski.

  The way the ransomware business is organized seems to be that there are a
  couple of, like, malware-as-a-service providers like LockBit and DarkSide
  that provide software and expertise to independent hacker customers who
  pick the targets and do the hacks; the providers and the hackers split the
  ransoms. If you are one of the providers, you have to choose your hacker
  partners carefully so that they do the right amount of crime: You don't
  want incompetent or unambitious hackers who can't make any money, but you
  also don't want overly ambitious hackers who hack, you know, the US
  Department of Defense, or the Hospital for Sick Children. Meanwhile you
  also have to market yourself to hacker partners so that they choose your
  services, which again requires that you have a reputation for being good
  and bold at crime, but not too bold. Your hacker partners want to do
  crime, but they have their limits, and if you get a reputation for
  murdering sick children that will cost you some criminal business.

------------------------------

Date: Fri, 6 Jan 2023 11:36:47 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Programming Languages: Why This Old Favorite Is on the Rise Again
 (Liam Tung)

Liam Tung, ZDNet, 6 Jan 2023, via ACM Tech News, 6 Jan 2023

Software-testing firm Tiobe has selected C++ as its programming language of
2022. Reported Tiobe use rose faster than all other languages last year, up
by 4.26% compared with January 2022, yet in this year's first monthly index,
it was ranked at No. 3. C++ rose in popularity faster than other languages
last year, a result of "its excellent performance while being a high-level
object-oriented language," according to Tiobe CEO Paul Jensen. Added Jensen,
"Because of this, it is possible to develop fast and vast software systems
(over millions of lines of code) in C++ without necessarily ending up in a
maintenance nightmare."

------------------------------

Date: Sun, 15 Jan 2023 15:03:47 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: 3rd-party Twitter apps stop working without warning, leaks indicate
 Twitter did this intentionally (Engadget)

3rd party Twitter apps stop working without warning, leaks indicate
Twitter did this intentionally

https://www.engadget.com/twitter-may-have-deliberately-cut-off-tweetbot-and-other-third-party-clients-165048001.html?src=rss

  [PGN-ed excerpt: Earlier LW item:
  In desperate attempt to increase Twitter revenue, Elon moves to expand
  political and cause-based ads (without taking his promised poll before
  such a change).  (5 Jan 2023)]

------------------------------

Date: Sun, 15 Jan 2023 12:55:53 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How ChatGPT Hijacks Democracy (*The New York Times*)

Launched just weeks ago, ChatGPT is already threatening to upend how we
draft everyday communications like emails, college essays and myriad other
forms of writing.

Created by the company OpenAI, ChatGPT is a chatbot that can automatically
respond to written prompts in a manner that is sometimes eerily close to
human.

But for all the consternation over the potential for humans to be replaced
by machines in formats like poetry and sitcom scripts, a far greater threat
looms: artificial intelligence replacing humans in the democratic processes
â not through voting, but through lobbying.

https://www.nytimes.com/2023/01/15/opinion/ai-chatgpt-lobbying-democracy.html

------------------------------

Date: Sun, 15 Jan 2023 14:29:07 PST
From: Bruce Schneier <schneier@schneier.com>
Subject: ChatGPT-Written Malware (Bruce Schneier)

  PGN-excerpted From Bruce Schneier's CRYPTO-GRAM, 15 Jan 2023

[https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html]

I don't know how much of a thing this will end up being, but we are seeing
ChatGPT-written malware in the wild,
[https://arstechnica.com/information-technology/2023/01/chatgpt-is-enabling-script-kiddies-to-write-functional-malware/]

...within a few weeks of ChatGPT going live, participants in cybercrime
forums -- some with little or no coding experience -- were using it to write
software and emails that could be used for espionage, ransomware, malicious
spam, and other malicious tasks.

``It's still too early to decide whether or not ChatGPT capabilities will
become the new favorite tool for participants in the Dark Web company.
However, the cybercriminal community has already shown significant interest
and are jumping into this latest trend to generate malicious code.''

Last month one forum participant posted what they claimed was the first
script they had written, and credited the AI chatbot with providing a nice
[helping] hand to finish the script with a nice scope.

The Python code combined various cryptographic functions including code
signing encryption and decryption. One part of the script generated a key
using elliptic curve cryptography and the curve ed25519 for signing files.
Another part used a hard-coded password to encrypt system files using the
Blowfish and Twofish algorithms. A third used RSA keys and digital
signatures message signing and the blake2 hash function to compare various
files.

------------------------------

Date: Thu, 5 Jan 2023 15:57:51 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Microsoft to challenge Google by integrating ChatGPT with Bing
 Search (The Verge)

ChatGPT made conversational AI accessible, now Microsoft is rumored to be
integrating the machine learning techniques behind it into Bing search
queries.

Even OpenAI CEO Sam Altman has cautioned that "it's a mistake to be relying
on [ChatGPT] for anything important right now." Exactly how Microsoft plans
to integrate ChatGPT into Bing will be important, and it's likely the
company will start with beta tests and a limited amount of integration
before itâs ready for all Bing users to take advantage of.

https://www.theverge.com/2023/1/4/23538552/microsoft-bing-chatgpt-search-google-competition

------------------------------

Date: Sat, 7 Jan 2023 23:14:28 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A New Area of AI Booms, Even Amid the Tech Gloom (NYTimes)

An investment frenzy over *generative artificial intelligence* in response
to short prompts seize the imagination.  Now OpenAI is in the midst of a new
gold rush.

Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than
a million people using it to create everything from poetry to high school
term papers to rewrites of Queen songs.

Now OpenAI is in the midst of a new gold rush.   [...]

Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than
a million people using it to create everything from poetry to high school
term papers to rewrites of Queen songs.

Now OpenAI is in the midst of a new gold rush.   [...]

Five weeks ago, OpenAI, a San Francisco artificial intelligence lab,
released ChatGPT, a chatbot that answers questions in clear, concise
prose. The AI-powered tool immediately caused a sensation, with more than a
million people using it to create everything from poetry to high school term
papers to rewrites of Queen songs.

Now OpenAI is in the midst of a new gold rush.

More than 450 start-ups are now working on generative AI, by one venture
capital firm's count. And the frenzy has been compounded by investor
eagerness to find the next big thing in a gloomy environment.

https://www.nytimes.com/2023/01/07/technology/generative-ai-chatgpt-investments.html

------------------------------

Date: Wed, 4 Jan 2023 14:36:19 +0000
From: Jurek Kirakowski <jzk@uxp.ie>
Subject: Re: Pretty Smart AI (Bacher, RISKS-33.58)

 > Those answers appear inconsistent with one another. Google demonstrates
 > that adagio is faster than either lento or largo, but GPT-3's response
 > seems to claim that adagio is slower than lento.  Maybe GPT-3 is going by
 > the principle that "slow" is slower than "slower," but that's not how one
 > reads it when the statements are adjacent to one another.

This discussion is terribly wrong. 'Lento', 'Largo' and 'Adagio' are
descriptions not only of the pulse of the music *as notated* but also the
mood: each word conjures up a different kind of sense in the mind of the
experienced musician of how the piece is to be performed. And what would
Google make of 'Andante Cantabile' or 'Largo Sostenuto'?

As Prof Newman would explain to his first-year music students at Edinburgh
University :)#

  Yes, regrettable that these subtle descriptive terms are reduced to
  metronome markings -- but in a way characteristic of how technology can
  eliminate the subjective human dimension.

    [Beware of Artificial Oversimplification.  The real stuff is bad enough.
    PGN]

------------------------------

Date: Wed, 4 Jan 2023 15:31:59 +1300
From: Gary Hinson <gary@isect.com>
Subject: State of the cybersecurity art

https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits

"So long and thanks for all the bits" is a lengthy, well-written parting
blog by Ian Levy, [former] Technical Director of the UK's National Cyber
Security Centre, lamenting the sorry state of cybersecurity while holding
out some hope of progress through approaches currently being used and
developed.

------------------------------

Date: Sat, 7 Jan 2023 03:31:42 -0700
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Artist Banned from reddit/Art Because Mods Thought They Used AI
(Vice)

Moderators for the 22 million member forum banned someone for making
an illustration that too closely resembled AI-generated art.

https://www.vice.com/en/article/y3p9yg/artist-banned-from-art-reddit

------------------------------

Date: Tue, 3 Jan 2023 14:55:26 +0000
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Calculations on Maryland college savings plans lead to account
 freeze (RISKS-33.59)

> The calculations of account values seem to have been incorrect, and
> the state is having a hard time figuring out the correct values.
> The calculations for value must be pretty complex

Writing provably correct code for a complex financial calculation is one of
the simpler tasks for an expert in formal methods.

But it seems likely that the programmers of the Maryland state college
savings plan are not familiar with formal methods, or indeed, with
mathematics in general, given that they are having a hard time figuring out
the correct values.

------------------------------

Date: Tue, 3 Jan 2023 14:54:17 +0000
From: Martin Ward <martin@gkc.org.uk>
Subject: Southwest airline disruption (Re: RISKS-33.59)

The most chilling line from this article:

> ``The tools we use to recover from disruption serve us well, 99
> percent of the time,''

You are an *airline*! Working 99% of the time is not good enough!

I would not like to fly in an airplane that reaches its destination
in one piece only 99% of the time.

------------------------------

Date: Tue, 27 Dec 2022 18:22:22 -0800
From: "Paul Saffo" <paul@saffo.com>
Subject: Amazing Southwest story...

  Might be risks-worthy, tho I expect others will have better sourcing for
  the same issue.  Anyway, this from a friend on FB. (I have no idea how
  many times it has been indirected, so take with a grain of salt!)  -p

This remarkable tale from a Southwest pilot: ``My friend's husband is a
pilot with Southwest. He just posted this an hour ago. I'm not including his
name or the photos he shared of packed SWA employee rooms at the airports
over the past couple of days (in case his post comes back to bite him with
the company -- even though he's stating facts).  He also posted a screenshot
of a fellow pilot on hold with SWA Scheduling for over 22 hours. Anyway,
here's some insight for those wondering if this massive round of SWA
cancellations is really all due to weather and staffing issues: ``I don't
know what to say. Southwest Airlines has imploded. Their antiquated software
system has completely fried.  Planes are parked. Crews are stranded in the
airports with the passengers, volunteering to take the passengers in the
parked planes but the software won't accept it. Phone lines are overwhelmed
for both passenger and crews. I personally spent over two hours trying to
get hold of anyone in the company last night after midnight. A Captain and I
did manage to get the one flight put together on Christmas night and got
people home. Kudos to the ops agent and dispatcher for making it happen. We
had to manually input a lot of the data and it took over an hour to
coordinate with dispatch going back and forth running numbers.  We spent
hours trying to get the company to answer and get us a hotel when we landed
as they're all sold out.  We were put in a call queue for hours before
hanging up. I found one hotel with 4 rooms and we bought our own rooms at
2:30am. I even paid for a Flight Attendants room. We literally have crews
sleeping on the airport floors all over the country with nowhere to
go. Crews have been calling to fly anyone, anywhere, but the company says
the system needs a reset. They have effectively shut down the operations for
the rest of year, running 1/3 of the flights so that they can let the
computer find and locate the crews and aircraft. Gate agents are in
tears. They've been yelled at, cussed at, slapped and spit on. Flight
attendants have been taking a beating. The frontline employees have had
little support or communication. Terminals are standing room only with
people having been there for days. Pilot lounges are packed with pilots
ready to fly and nowhere to go.  Embarrassing is an understatement. I’m
going on my second of three days off, still stuck on the east coast and
still expected to show up in the morning with no schedule. And I’m willing
to fly all day if needed. Because that’s nothing compared to the passengers
needing meds in bags that are lost and mothers traveling with kids, having
been stuck for the same amount of days in the terminal.  In 24 years, I’ve
never seen anything like this. Heads need to roll! Rumors on media are
floating that there is a lack of crews and pilots are staging sick calls.
Absolutely not true at all. This is a computer system meltdown. Thousands of
crew members are sitting in hotels and airports with nowhere to go. This
airline has failed miserably.

------------------------------

Date: Sun, 08 Jan 2023 02:39:57 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: The oven won't talk to the fridge: 'smart' homes struggle
 (techxplore.com)

https://techxplore.com/news/2023-01-oven-wont-fridge-smart-homes.html

The Matter protocol apparently solves the long-standing interoperability
issue preventing seamless home-appliance device integration through WiFi.

I wonder if this protocol will be deployed among hospital refrigerators that
store blood, plasma, vaccines, and other temperature sensitive health
products?

IoT device exploit perimeter expansion.

------------------------------

Date: Tue, 27 Dec 2022 20:28:31 -0800
From: Paul Saffo <paul@saffo.com>
Subject: Colorado ski town emergency dispatch centers fielding dozens of
 automated 911 calls from skier iPhones (Jason Blevins in The Colorado Sun)

And another:

https://www.skyhinews.com/news/colorado-ski-town-emergency-dispatch-centers-fielding-dozens-of-automated-911-calls-from-skier-iphones/

------------------------------

Date: 2 Jan 2023 21:52:06 -0500
From: "John Levine" <johnl@iecc.com>
Subject: Re: As Tesla stock tanks, videos of Teslas malfunctioning in
 below-freezing temps go viral (RISKS-33.59)

Someone once commented that we are lucky that the car industry grew up in
Detroit.  If it were in Miami, cars would fail whenever it freezes.  If it
were in Los Angeles they'd fail whenever it rains.

------------------------------

Date: Tue, 03 Jan 2023 20:23:05 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Cats disrupt satellite Internet service (RISKS-33.59)

Apparently, some personnel assigned to the 'DEW Line' in Alaska &amp; other
arctic locations sometimes kept warm by standing in front of the radar
transmitters.

https://en.wikipedia.org/wiki/Distant_Early_Warning_Line

While this activity can result in *cooking* one's insides and producing eye
cataracts, it did eventually lead to the invention of *microwave ovens*.

Google "Hazard of Electromagnetic Radiation to Personnel", i.e., "HERP"

The Starlink uplink frequencies (14GHz) are higher than those used in
microwave ovens (2.4GHz), but the Starlink does require a 100-watt power
supply -- and a significant fraction of this power ends up being converted
into microwave energy .

I'd be worried about cute cats with not-so-cute eye cataracts.

I've heard of 'cats on a hot tin roof', but ...

------------------------------

Date: Thu, 5 Jan 2023 09:28:54 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: I bought a $15 router at Goodwill, and found a millionaire's
 dirty secrets (RISKS 33.59)

I found it hard to believe that the headline would refer to a backup device
as a router, but Wikipedia says it's true:

https://en.wikipedia.org/wiki/AirPort_Time_Capsule

"The *AirPort Time Capsule* (originally named *Time Capsule*) is a wireless
router <https://en.wikipedia.org/wiki/Wireless_router> which was sold by
Apple Inc. <https://en.wikipedia.org/wiki/Apple_Inc.>, featuring
network-attached storage
<https://en.wikipedia.org/wiki/Network-attached_storage> (NAS) and a
residential gateway router
<https://en.wikipedia.org/wiki/Residential_gateway>, and is one of Apple's
AirPort <https://en.wikipedia.org/wiki/AirPort> products. They are,
essentially, versions of the AirPort Extreme
<https://en.wikipedia.org/wiki/AirPort_Extreme> with an internal hard drive
<https://en.wikipedia.org/wiki/Hard_drive>. Apple describes it as a "Backup
Appliance", designed to work in tandem with the Time Machine
<https://en.wikipedia.org/wiki/Time_Machine_(macOS)> backup software utility
introduced in MacOS 10.5 <https://en.wikipedia.org/wiki/Mac_OS_X_10.5>.^"

  Seems there is an inherent privacy risk in having a device function as
  both a network router and a local backup drive.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.60
************************

home help back first fref pref prev next nref lref last post