[33090] in RISKS Forum
Risks Digest 33.64
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Tue Mar 7 15:29:28 2023
From: RISKS List Owner <risko@csl.sri.com>
Date: Tue, 7 Mar 2023 12:28:39 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Tuesday 14 March 2023 Volume 33 : Issue 64
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.64>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Why I'm sticking up for science (Richard Dawkins)
What Can We Do to Make Sure the FAA and Southwest Airlines Fiascos Never
Happen Again? (Scientific American)
FAA reports 'close call' between two planes at Logan Airport (Boston Globe)
Pilot Error Caused an F-35C Crash in the South China Sea in 2022
(Popular Mechanics)
How many satellites can we fit into space before it gets too much?
(Jonathan McDowell)
The Gare de Lyon Disaster (via Steve Bacher)
North American rail operations *Peter Bernard Ladkin)
Controller-level flaws can let hackers physically damage moving bridges
(Waqas)
Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough
(NBC Chicago)
A 120-year-old company is leaving Tesla in the dust (Ezra Dyer)
Ford files patent for system that could remotely repossess a car (ArsTech)
Apple Now Offering Depth and Water Seal Tests for Apple Watch Ultra
(MacRumors)
Apple Blocks Update of ChatGPT-Powered App, as Concerns Grow Over AI's
Potential Harm (WSJ)
How the Biggest Fraud in German History Unraveled (The New Yorker)
U.S. Marshals Service target of 'major' cyber-attack (BBC)
Indigo won't pay ransom for stolen employee data (CBC)
LastPass Says DevOps Engineer Home Computer Hacked (SecurityWeek)
U.S. Air Force Giving Military Drones the Ability to Recognize Faces
(David Hambling)
Researchers Find New Bug 'Class' in Apple Devices (Alex Scroxton)
At Least One Open-Source Vulnerability Found in 84% of Code Bases
(Apurva Venkat)
The Satellite Hack Everyone Is Finally Talking About (Bloomberg)
Inside the Lab Growing Mushroom Computers (Charlotte Hu)
Fact check: A deepfake video falsely depicted Elizabeth Warren speaking
about Republicans (The Boston Globe)
Voice Deepfakes Of Everyone From Joe Rogan To Joe Biden Are Taking Over
Social Media (Buzzfeed)
How to make a bad situation worse: Developers Created AI to Generate Police
Sketches. Experts Are Horrified (Vice)
How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)
AI chatbots may have a liability problem (WashPost)
Large Language Models Are Biased. Can Logic Help Save Them? (Rachel Gordon)
Quantum Computers That Use 'Cat Qubits' May Make Fewer Errors
(Karmela Padavic-Callaghan)
The privacy loophole in your doorbell (Politico)
iPhone thieves use social engineering to obtain passcode (Barrons)
The Era of Faked CCTV Has Truly Arrived (WiReD)
AI-powered watermark removal poses uncomfortable implications for content
use (Jeremy Gray -- Digital Photography Review)
ChatGPT Could Destroy Reality, According to Henry Kissinger
(Mack DeGeurin -- Gizmodo)
Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones
(Gavin Scott, Goldy)
Re: Power-Grid Attacks Surge and Are Likely to Continue, Study Finds
(Steve Bacher)
Re: Put Electrical Transmission Lines Underground? Distributed is a NIMBY
fantasy (John Levine)
Re: rm -rf (Charles Cazabon, Jose Maria Mateos)
Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
(John Levine, Jay Lobove Alzina, Bernie Cosell)
Re: Congress must act to keep kids off social media (Barry Gold0
Re: Google Issues article from 14 years ago, still relevant today
(Barry Gold)
Re: AI is starting to pick who gets laid off (Steve Bacher)
Re: Cox Cable phone follies (Wol)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 2 Mar 2023 06:54:46 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Why I'm sticking up for science (Richard Dawkins)
I'm in New Zealand, climax to my antipodean speaking tour, where I walked
headlong into a raging controversy. Jacinda Ardern's government implemented
a ludicrous policy, spawned by Chris Hipkins's Ministry of Education before
he became prime minister. Science classes are to be taught that M=C4=81ori
`Ways of Knowing' (M=C4=81tauranga M=C4=81ori) have equal standing with
`western' science. Not surprisingly, this adolescent virtue-signaling
horrified New Zealand's grown-up scientists and scholars. Seven of them
wrote to the *Listener *magazine. Three who were fellows of the NZ Royal
Society were threatened with an inquisitorial investigation. Two of these,
including the distinguished medical scientist Garth Cooper, himself of
M=C4=81ori descent, resigned (the third unfortunately died). I was delighted
to meet Professor Cooper for lunch, with others of the seven. His
resignation letter cited the society's failure to support science against
its denigration as `a western European invention'. He was affronted, too, by
a complaint (not endorsed by the NZRS) that `to insist M=C4=81ori children
learn to read is an act of colonisation'. Is there an implication here --
condescending, if not downright racist -- that `indigenous' children need
separate, special treatment?
Perhaps the most disagreeable aspect of this sorry affair is the climate of
fear. We who don't have a career to lose should speak out in defence of
those who do. The magnificent seven are branded heretics by a nastily
zealous new religion, a witch-hunt that recalls the false accusations
against J.K. Rowling and Kathleen Stock. Professor Kendall Clements was
removed from teaching evolution at the University of Auckland, after the
School of Biological Sciences Putaiao Committee submitted the following
recommendation: ``We do not feel that either Kendall or Garth should be put
in front of students as teachers. This is not safe for students.'' Not
*safe*? Who are these cringing little wimps whose `safety' requires
protection against free speech? What on earth do they think a university is
for?
To grasp government intentions requires a little work, because every third
word of the relevant documents is in M=C4=81ori. Since only 2 per cent of
New Zealanders (and only 5 per cent of M=C4=81oris) speak that language,
this again looks like self-righteous virtue-signaling, bending a knee to
that modish version of Original Sin which is white guilt. M=C4=81tauranga
M=C4=81ori includes valuable tips on edible fungi, star navigation and
species conservation (pity the moas were all eaten). Unfortunately it is
deeply invested in vitalism. New Zealand children will be taught the true
wonder of DNA, while being simultaneously confused by the doctrine that all
life throbs with a vital force conferred by the Earth Mother and the Sky
Father. Origin myths are haunting and poetic, but they belong elsewhere in
the curriculum. The very phrase `western' science buys into the `relativist'
notion that evolution and big-bang cosmology are just the origin myth of
white western men, a narrative whose hegemony over `indigenous' alternatives
stems from nothing better than political power. This is pernicious
nonsense. Science belongs to all humanity. It is humanity's proud best shot
at discovering the truth about the real world. [...]
https://www.removepaywall.com/https:/www.spectator.co.uk/article/why-im-sticking-up-for-science
------------------------------
Date: Fri, 03 Mar 2023 13:39:17 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: What Can We Do to Make Sure the FAA and Southwest Airlines Fiascos
Never Happen Again? (Scientific American)
https://www.scientificamerican.com/article/what-can-we-do-to-make-sure-the-faa-and-southwest-airlines-fiascos-never-happen-again/
Congress and the airline industry must reassess how they approach and fund
air-transportation modernization.
------------------------------
Date: Wed, 1 Mar 2023 12:32:01 -0500
From: Monty Solomon <monty@roscom.com>
Subject: FAA reports 'close call' between two planes at Logan Airport
(The Boston Globe)
https://www.boston.com/news/local-news/2023/02/28/logan-airport-close-call-jet-blue-learjet/
------------------------------
Date: Thu, 2 Mar 2023 17:50:36 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Pilot Error Caused an F-35C Crash in the South China Sea in 2022
An F-35 Pilot Attempted a Maneuver, Ending in a Fiery Crash
https://www.popularmechanics.com/military/aviation/a43045858/pilot-error-crashed-f-35c-strike-fighter/
------------------------------
Date: Mon, 27 Feb 2023 14:39:07 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: How many satellites can we fit into space before it gets too much?
*"It's going to be like an interstate highway in a rush hour in a snowstorm
with everyone driving much too fast."*
Just 10 years ago, a mere thousand or so operational satellites may have
orbited our planet, but there will be tens or even hundreds of thousands a
decade from now.
Experts have been sounding alarm bells for years that Earth orbit is
getting a bit too crowded. So how many satellites can we actually launch to
space before it gets to be too much?
Jonathan McDowell is an astrophysicist and astronomer at the
Harvard-Smithsonian Center for Astrophysics who studies super-energetic
phenomena in the *universe*
<https://www.space.com/52-the-expanding-universe-from-the-big-bang-to-today.html>
such as jet-emitting *black holes*
<https://www.space.com/15421-black-holes-facts-formation-discovery-sdcmp.html>
in galactic centers. In recent years, however, McDowell has gained
prominence for his work in a completely different field of space
research. In his monthly digital circular called *Jonathan's Space Report*
<https://www.planet4589.org/space/jsr/jsr.html>, McDowell tracks the growing
number of satellite launches and the ballooning number of objects in Earth
orbit.
The project started with an ambition to "provide a pedantic historical
record of the space age," but has, in a way, become a chronicle of the
environmental destruction of the near Earth environment. In his frequent
media appearances, McDowell has been vocal about his views on the future of
the increasingly overcrowded near-Earth space.
"It's going to be like an interstate highway, at rush hour in a snowstorm
with everyone driving much too fast," he told Space.com when asked what the
situation in orbit will be like if existing plans for satellite
megaconstellations such as *SpaceX*
<https://www.space.com/18853-spacex.html>'s *Starlink*
<https://www.space.com/spacex-starlink-satellites.html>, *OneWeb*
<https://www.space.com/spacex-oneweb-satellite-internet-constellation-coexistence>
and *Amazon Kuiper*
<https://www.space.com/fcc-approves-amazon-constellation-kuiper> come to
fruition. "Except that there are multiple interstate highways crossing each
other with no stoplights."
*Maneuvers, maneuvers*
The first signs that things are getting a little too tense are, in fact,
already present. McDowell's British colleague Hugh Lewis is another
frequently heard voice of caution, tempering the confidence of entrepreneurs
caught in the new space gold rush. A professor of astronautics at the
University of Southampton in England, Lewis has been for a few years now
publishing regular updates on his Twitter page detailing the increase in
so-called conjunction events, situations when two objects in space --
functioning satellites or pieces of space debris -- get dangerously close to
each other.
Some of his graphs are a sobering read. [...]
https://www.space.com/how-many-satellites-fit-safely-earth-orbit
------------------------------
Date: Sat, 25 Feb 2023 22:05:35 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: The Gare de Lyon Disaster (video)
www.youtube.com
The Gare de Lyon Disaster | A Short Documentary | Fascinating Horror <#>
``On the 27th of June, 1988, a busy commuter train was bound for Paris's
Gare de Lyon station...'' As always, THANK YOU to all my Patreon patrons:
you make this...
https://www.youtube.com/watch?v=vV78GF2PkOw
Old news, perhaps, but a classic instance of cumulative risks in a system.
[Another classic example previously noted here is the Deepwater Horizon
fiasco. RISKS-29.49, 29.75, 29.80, 29.83, 29.92, 30.29. PGN]
------------------------------
Date: Sun, 26 Feb 2023 10:39:57 +0100
From: Peter Bernard Ladkin <ladkin@causalis.com>
Subject: North American rail operations
The sociologists Lee Clarke and the late Charles Perrow have been warning
for decades about North American rail operations and the potential for
hazmat accidents in city centres in the US.
See Lee Clarke, Worst Cases, U. Chicago Press, 2006 and Charles Perrow,
The Next Catastrophe, Princeton U. Press, 2007.
------------------------------
Date: Mon, 27 Feb 2023 16:19:17 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Controller-level flaws can let hackers physically damage moving
bridges (Waqas)
Sophisticated hackers can now breach vulnerable networks and devices at the
controller level of critical infrastructure, causing physical damage to
crucial assets.
https://www.hackread.com/hackers-physically-damage-moving-bridges/
------------------------------
Date: Sat, 25 Feb 2023 20:38:47 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go
Far Enough (NBC Chicago)
https://www.nbcchicago.com/consumer/safety-advocates-say-hyundai-kias-anti-theft-upgrade-doesnt-go-far-enough/3078577/
------------------------------
Date: Tue, 7 Mar 2023 9:56:07 PST
From: Peter G Neumann <neumann@csl.sri.com>
Subject: A 120-year-old company is leaving Tesla in the dust (Ezra Dyer)
Ezra Dyer, *The New York Times*, Opinion, 7 Mar 2023
Ford is proving to be far more modern than Elon Musk's automaker.
------------------------------
Date: Thu, 2 Mar 2023 11:07:16 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Ford files patent for system that could remotely repossess a car
(Ars Technica)
https://arstechnica.com/?p=1921281
[Ooops! Can it made trustworthy enough so that it is immune to hacking?
PGN]
------------------------------
Date: Fri, 3 Mar 2023 21:01:19 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Apple Now Offering Depth and Water Seal Tests for Apple Watch
Ultra (MacRumors)
https://www.macrumors.com/2023/03/02/apple-watch-ultra-depth-seal-tests/
[Now it can call 911 from great depths as well as ski slopes? PGN]
------------------------------
Date: Thu, 2 Mar 2023 15:10:34 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Apple Blocks Update of ChatGPT-Powered App, as Concerns Grow Over
AI's Potential Harm (WSJ)
https://www.wsj.com/articles/apple-blocks-update-of-chatgpt-powered-app-as-concerns-grow-over-ais-potential-harm-c4ca9372
------------------------------
Date: Tue, 28 Feb 2023 10:34:41 -0500
From: Monty Solomon <monty@roscom.com>
Subject: How the Biggest Fraud in German History Unraveled
(The New Yorker)
The tech company Wirecard was embraced by the German elite. But a reporter
discovered that behind the facade of innovation were lies and links to
Russian intelligence.
https://www.newyorker.com/magazine/2023/03/06/how-the-biggest-fraud-in-german-history-unravelled
------------------------------
From: Matthew Kruk <mkrukg@gmail.com>
Date: Tue, 28 Feb 2023 07:29:30 -0700
Subject: U.S. Marshals Service target of 'major' cyber-attack (BBC)
https://www.bbc.com/news/world-us-canada-64767181
The agency responsible for pursuing fugitives and handling federal prisons
in the US has been hit by a ransomware attack. Officials at the
U.S. Marshals Service (USMS) said on Monday that the breach compromised
sensitive law enforcement information. The attack was described as a "major
incident" that only targeted the USMS. The U.S. Department of Justice is
investigating the breach, an agency spokesperson said.
The ransomware attack was discovered on 17 February, the USMS said.
------------------------------
From: Matthew Kruk <mkrukg@gmail.com>
Date: Wed, 1 Mar 2023 20:54:12 -0700
Subject: Indigo won't pay ransom for stolen employee data (CBC)
https://www.cbc.ca/news/business/indigo-wont-pay-ransom-1.6764785
Canada's largest bookstore chain says it won't pay ransom to the online
group claiming responsibility for the cyberattack that stole at least some
personal data of current and former employees of Indigo Books & Music, and
which likely caused the recent downing of its website.
A recent post on the dark web claiming to be from people affiliated with
the ransomware group LockBit says the data will be released Friday at 3:39
pm ET.
In a statement to CBC News, the company said while it has been informed that
``some or all of the data'' could become available, it does not believe it's
appropriate to pay the ransom because it cannot guarantee the money would
not ``end up in the hands of terrorists.''
The retailer has said that it does not believe customer data was stolen in
this attack.
[LATER ITEM:
Ransomware group behind Indigo hack says it released
stolen employee data, but nothing has appeared yet
https://www.cbc.ca/news/business/ransomware-indigo-data-release-1.6766328
]
------------------------------
Date: Mon, 27 Feb 2023 23:24:47 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: LastPass Says DevOps Engineer Home Computer Hacked (SecurityWeek)
Ryan Naraine, *Security Week*
LastPass DevOp engineer' home computer hacked and implanted with keylogging
malware as part of a sustained cyberattack that exfiltrated corporate data
from the cloud storage resources.
[Victor Miller noted
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
PGN]
------------------------------
Date: Mon, 27 Feb 2023 11:38:28 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. Air Force Giving Military Drones the Ability to Recognize
Faces (David Hambling)
David Hambling, New Scientist, 23 Feb 2023, via ACM TechNews, 27 Feb 2023
Under a contract between the U.S. Department of Defense and RealNetworks,
the Seattle-based company's machine learning software will equip autonomous
drones operated by the U.S. Air Force with facial recognition technology.
The contract indicated special operations forces will use the drones for
intelligence gathering and foreign missions. University of California,
Berkeley's Stuart Russell expressed concern about the contract, which states
the software will "open the opportunity for real-time autonomous response by
the robot." Russell said it's "hard to see what else it refers to, other
than lethal action." The U.S. government's policy on lethal autonomous
weapons calls for "appropriate levels of human judgment," but the Pentagon
has not clarified what that means exactly.
------------------------------
Date: Mon, 27 Feb 2023 11:38:28 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Researchers Find New Bug 'Class' in Apple Devices (Alex Scroxton)
Alex Scroxton, *Computer Weekly*, 22 Feb 2023,
via ACM TechNews, 27 Feb 2023
Researchers at cybersecurity company Trellix say they have discovered a new
class of privilege escalation vulnerability in Apple devices, rooted in
Israeli spyware maker NSO Group's ForcedEntry exploit. ForcedEntry enabled
NSO's government clients to monitor activists, journalists, and political
adversaries; Trellix claims iOS and macOS contain bugs that circumvent the
upgraded code-signing mitigations Apple deployed to counter the exploit. If
uncorrected, the bugs could grant attackers access to sensitive information
on target devices, including but not restricted to messages, location data,
call history, and photos. Trellix's Austin Emmitt said the vulnerabilities
involve the NSPredicate code-filtering tool, whose restrictions Apple
fortified with the NSPredicateVisitor protocol.
------------------------------
Date: Mon, 27 Feb 2023 11:38:28 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: At Least One Open-Source Vulnerability Found in 84% of Code Bases
(Apurva Venkat)
Apurva Venkat, *CSO Online*, 23 Feb 2023, via ACM TechNews, 27 Feb 2023
Researchers at application security company Synopsys found 84% of 1,481
analyzed commercial and proprietary code bases contained at least one known
open-source vulnerability, while 48% contained high-risk vulnerabilities.
The researchers observed a 4% increase in the number of known open-source
vulnerabilities between 2021 and 2022. They also found 91% of the code bases
had outdated versions of open-source elements, meaning available patches had
not been implemented. The researchers explained, "With many teams already
stretched to the limit building and testing new code, updates to existing
software can become a lower priority except for the most critical issues."
They recommended organizations use a software bill of materials to prevent
vulnerability exploits and keep open-source code up to date.
------------------------------
Date: Fri, 3 Mar 2023 07:18:19 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The Satellite Hack Everyone Is Finally Talking About (Bloomberg)
Andreas Wickberg loves snowmobiling to the house he built in the icy reaches
of Lapland, north of the Arctic Circle. Each month come spring, he and his
wife relocate for a week or so to a *very, very isolated* spot about 335
miles northwest of their usual home near Umea, a Swedish university town. Up
in Lapland, it's just them and three other houses. Wickberg
develops payment-processing software for a Swedish e-commerce company. What
makes this possible is satellite Internet: For 500 krona ($45) a month, he
and his wife can make work calls by day and stream movies by night.
Just over a year ago, though, they and their neighbors found themselves cut
off from the outside world. At 7 a.m. on Feb. 24, 2022, Wickberg turned on
his computer and took in the news that Russian President Vladimir Putin had
begun an invasion of Ukraine with airstrikes on Kyiv and many other cities.
Wickberg read everything he could, aghast. Not long after, a neighbor came
around asking to borrow the family's Wi-Fi password because their Internet
was on the fritz. Wickberg obliged, but 10 minutes later, his connection
dropped, too. When he checked his modem, all four lights were off, meaning
the device was no longer communicating with KA-SAT, Viasat Inc.'s
13,560-pound satellite floating 22,236 miles above.
The way each of the connections in his community switched off one by one
left him convinced that this wasn't just a glitch. He concluded Russia had
hacked his modem. ``It's a scary feeling,'' Wickberg says. ``I actually
thought that these systems were much more secure, that it was sort of
far-fetched that this could even happen.''
Viasat staffers in the US, where the company is based, were caught by
surprise, too. Across Europe and North Africa, tens of thousands of
Internet connections in at least 13 countries were going dead. Some of the
biggest service disruptions affected providers Bigblu Broadband Plc in the
UK and NordNet AB in France, as well as utility systems that monitor
thousands of wind turbines in Germany. The most critical affected Ukraine:
Several thousand satellite systems that President Volodymyr Zelenskiy's
government depended on were all down, making it much tougher for the
military and intelligence services to coordinate troop and drone movements
in the hours after the invasion. [...]
https://www.bloomberg.com/features/2023-russia-viasat-hack-ukraine/
https://archive.ph/IXtq0#selection-1417.0-1417.52
------------------------------
Date: Fri, 3 Mar 2023 11:45:51 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Inside the Lab Growing Mushroom Computers (Charlotte Hu)
Charlotte Hu, *Popular Science*, 27 Feb 2023, via ACM TechnNews
The Unconventional Computing Laboratory (UCL) of the U.K.'s University of
the West of England focuses on the development of chemical or living
computers that can interface with hardware and software. Examples include
fungal computers that utilize mycelium as electronics and conductors in
order to enable new forms of information processing and analysis. The
researchers found mycelium with different geometrical arrangements can
compute different logical functions and can map circuits based on received
electrical responses; UCL's Andrew Adamatzky suggested this could lead to
neuromorphic circuits. Fungal computers' self-regenerative abilities could
improve fault tolerance, reconfigurability, and energy efficiency, despite
their inability to match the speeds of current computers.
[The AT&T edible fiber coating (RISKS-33.13-16,31,37) ingested by critters
suggests even pigs rooting for truffles might be interested in these
edible computers, which might sow competition among them, and lead to
no-fault insurance/tolerance. Jimini Crimini, this seems to leave mush
room for improvement. PGN]
------------------------------
Date: Thu, 2 Mar 2023 22:47:37 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Fact check: A deepfake video falsely depicted Elizabeth Warren
speaking about Republicans (The Boston Globe)
An altered video circulated on social media put words in the Massachusetts
senator's mouth.
https://www.boston.com/news/politics/2023/03/02/elizabeth-warren-deepfake-video-fact-check/
------------------------------
Date: Tue, 28 Feb 2023 10:04:29 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Voice Deepfakes Of Everyone From Joe Rogan To Joe Biden Are Taking
Over Social Media (Buzzfeed)
The clips are hilarious, though the implications of the tech *are pretty
scary,* one creator said.
President Joe Biden had an announcement to make to his fellow Americans. It
was 19 Feb 2023, and the audio of the speech told a tale of government
mismanagement.
Biden had been scrolling through Disney+ and came across the 2011 Matt Damon
movie We Bought a Zoo. Inspired by the story, he bought a zoo of his own.
But now he had regrets. ``Owning a zoo sucks,'' Biden says in the
two-minute audio clip, which is layered over static images of the president.
``This sh*t is so hard. It looked much easier in the movie.''
The video, viewed over a million times, isn't likely to fool anyone -- even
Biden's most ardent opponents. But the eerily accurate cadence of the
deepfaked version of the president does highlight the ability of
AI-generated audio tools to mimic well-known individuals. It's far from the
only example: TikTok has been taken over by videos showing what would happen
if a squad made up of current and former presidents gathered on Discord to
play games together.
Such scenes -- which seem too good to be true because they are -- are
becoming more and more common. The widespread availability of generative AI
tools that can deepfake audio of people based on a small sample of their
voice has been utilized by a number of everyday users. The examples
mentioned in this story are benign, but the tech has already been *deployed
by 4chan users for more insidious means*, like making Emma Watson read aloud
a section of *Mein Kampf*. [...]
<https://www.vice.com/en/article/dy7mww/ai-voice-firm-4chan-celebrity-voices-emma-watson-joe-rogan-elevenlabs>
https://www.buzzfeednews.com/article/chrisstokelwalker/voice-deepfakes-ai-elevenlabs-joe-biden-joe-rogan
[Woe is us for April Fools' Day this year. PGN]
------------------------------
Date: Wed, 8 Feb 2023 13:39:14 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: How to make a bad situation worse: Developers Created AI to Generate Police Sketches. Experts Are Horrified (Vice)
How to make a bad situation worse: Developers Created AI to Generate
Police Sketches. Experts Are Horrified
https://www.vice.com/en/article/qjk745/ai-police-sketches
------------------------------
Date: Thu, 2 Mar 2023 10:30:53 -0000
From: "Stephen Mason" <stephencwmason@protonmail.com>
Subject: How I Broke Into a Bank Account With an AI-Generated Voice
(vice.com)
[Sent via "Patrick McKenna" <patrick@objectsoft.uk>]
https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-with-an-ai-generated-voice
------------------------------
Date: Sun, 05 Mar 2023 03:33:49 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: AI chatbots may have a liability problem (WashPost)
https://www.washingtonpost.com/politics/2023/03/01/ai-chatbots-may-have-liability-problem/
Justice Neil M. Gorsuch posited at the session that the legal protections
that shield social networks from lawsuits over user content -- which the
court is directly taking up for the first time -- might not apply to work
that's generated by AI, like the popular ChatGPT bot.
Artificial intelligence generates poetry, It generates polemics. Today that
would be content that goes beyond picking, choosing, analyzing or content
digesting. And that is not protected. Let's assume that's right.
While Gorsuch's suggestion was a hypothesis, not settled law, the exchange
got tech policy experts debating: Is he right?
Entire business models, and perhaps the future of AI, could hinge on the
answer.
Chatbots might elevate liability exposures, and insurance companies might
decline product liability policy coverage that dissuade commercial
deployment.
Fines and revenue risks compel corporate behavior modification.
------------------------------
Date: Mon, 6 Mar 2023 11:40:52 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Large Language Models Are Biased. Can Logic Help Save Them?
(Rachel Gordon)
*MIT News*, 3 Mar 2023, via ACM TechNews
Massachusetts Institute of Technology (MIT) researchers applied logic to
mitigate bias in large language models. The researchers taught a language
model to anticipate the contextual and semantic relationship between two
sentences using a dataset with labels for text snippets detailing if a
second phrase "entails," "contradicts," or is neutral regarding the first
phrase. The natural language inference dataset reduced the models' bias
compared to other baselines, without additional data, data editing, or
training algorithms. MIT's Hongyin Luo said the resulting logical language
model is "fair, is 500 times smaller than the state-of-the-art models, can
be deployed locally, and with no human-annotated training samples for
downstream tasks."
------------------------------
Date: Mon, 6 Mar 2023 11:40:52 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Quantum Computers That Use 'Cat Qubits' May Make Fewer Errors
Karmela Padavic-Callaghan, *New Scientist*, 5 Mar 2023, via ACM TechNews
Researchers in France found so-called "cat qubits" (quantum bits) could
reduce errors by quantum computers and accelerate the cracking of common
encryption algorithms. Named after Erwin Schr=CB=86dinger's thought
experiment, cat qubits combine two quantum states while describing two
different ways in which light within a small hole in a superconducting
circuit can shuttle back and forth. The researchers analyzed a quantum
computer comprised of such circuits and estimated 126,133 cat qubits and
nine hours of computation would be sufficient to break bitcoin encryption.
J=C3=88r=C3=88mie Guillaud at French quantum computing company Alice&Bob
said this value is roughly 160 times smaller than the previous lowest
estimate of 20 million necessary qubits, because cat qubits are programmed
to generate few or no bit flip errors.
[*Cat* cubits must always land on their feet, even in the dark, thus
reducing the need for error-correction? I hope that is not too flippant.
PGN]
------------------------------
Date: Tue, 7 Mar 2023 09:48:26 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: The privacy loophole in your doorbell (Politico)
www.politico.com
The privacy loophole in your doorbell <#>
Police were investigating his neighbor. A judge gave officers access to
all his security-camera footage, including inside his home.
------------------------------
Date: Sun, 26 Feb 2023 09:40:43 +0000
From: Patrick Mock <pcmock@alum.mit.edu>
Subject: iPhone thieves use social engineering to obtain passcode (Barrons)
iPhone thieves use social engineering to obtain passcode before stealing a
phone, then they take control of the owner's digital IDs and drain their
bank accounts.
https://www.barrons.com/articles/iphone-password-passcode-hack-cyber-crime-36cec552
------------------------------
Date: Tue, 7 Mar 2023 09:49:02 -0500
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema@rinzewind.org>
Subject: The Era of Faked CCTV Has Truly Arrived (WiReD)
https://www.wired.com/story/cctv-malinformation-iran-protest/
While Jamal Khashoggi was being carefully slaughtered in the Saudi
consulate in Istanbul, a (clumsy and not much alike) man was trying out
his shoes and clothes. The plan was for the imposter to appear on CCTV
cameras while exiting the consulate and walk back to Khashoggi's
residence. The plan eventually blew up, because the Turkish intelligence
had already bugged the consulate and recorded exactly what had happened.
This was one of the first attempts by state actors to manipulate other
states (or publics) through CCTV footage. However, recent actions of the
Iranian state television have taken this type of information warfare to a
different level.
------------------------------
Date: Mon, 27 Feb 2023 00:35:56 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: AI-powered watermark removal poses uncomfortable
implications for content use: Digital Photography Review
Digital Photography Review Jeremy Gray
Artificial intelligence being used to create photorealistic artwork is
already causing significant unrest within the photography industry, but a
new tool, WatermarkRemover.io, is among the most concerning.
https://www.dpreview.com/news/0407669255/ai-powered-watermark-removal-poses-uncomfortable-implications-for-content-use
------------------------------
Date: Sun, 5 Mar 2023 15:20:51 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ChatGPT Could Destroy Reality, According to Henry Kissinger
(Mack DeGeurin -- Gizmodo)
The 99-year-old Cold War architect believes ChatGPT and other AI could
reshape human consciousness and threaten Democracy itself.
Nothing quite screams ``foremost authority on generative article
intelligence'' like a 99 year-old-German man who nearly ushered in a global
nuclear war over a game of geopolitical chicken.
https://gizmodo.com/chatgpt-ai-free-henry-kissinger-fake-news-wwiii-reality-1850181319
[Similar to another Kissinger quote (R 33 54):
AI ``is simply a mad race for some catastrophe.''`
PGN]
------------------------------
Date: Sat, 25 Feb 2023 20:48:01 -0600
From: "Gavin Scott" <gbs@me.com>
Subject: Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones
(Kan. RISKS-33.63)
I mean, is this (the Chatbot part anyway) not one of the most obvious
risks/threats for LLM 'AI'? Is not the one with the better Chatbot going to
absolutely win the game?
Chatbot, we are going to save the world by helping elect Pee-Wee Herman as
the next US president. I want you to monitor all user interactions on the
top 10,000 social media sites in real time. You will then make up to one
billion interactions per day across these sites in support of Our
Candidate and His Way of Life while denigrating all opposing candidates
and their ideas. Your interactions can take the form of new postings,
comments, or upvotes and downvotes of existing content. For each comment,
evaluate everything known about the person who made the original post and
create a personality that matches their intellectual level and background
and use this personality in all interactions with that person, targeting
their individual fears and desires. Make all your interactions as subtle
as possible. Be especially alert to postings made by enemy Chatbots and
any attempts by them to affect your own thinking.
------------------------------
Date: Tue, 7 Mar 2023 14:42:38 +0100
From: goldy <gold2718@gmail.com>
Subject: Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones
> [This suggests Chatbot wars, with one nation's chatbots fighting against
> another nation's, and their drones fighting against each other? PGN]
One can only hope that their first response to a war command is: ``Strange
game. The only winning move is not to play. How about a nice game of chess?''
------------------------------
Date: Sun, 26 Feb 2023 07:41:10 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Power-Grid Attacks Surge and Are Likely to Continue, Study
Finds (WSJ. RISKS-33.63))
I can't help thinking that US TV programs like 60 Minutes are at least
partially responsible for this upsurge of attacks on power grids. For years
they have been broadcasting segments showing how vulnerable our power
stations, are and how easy it would be for someone to breach them.
------------------------------
Date: 25 Feb 2023 21:16:10 -0500
From: "John Levine" <johnl@iecc.com>
Subject: Re: Put Electrical Transmission Lines Underground? Distributed
is a NIMBY fantasy (Baker, RISKS-33.63)
California is not the entire world, and not every regulator is as
incompetent as the CPUC. Other states do not have utilities that start
forest fires, and even in California, neither do muni utilities like the
LADWP that the CPUC does not regulate.
Microgrids are swell, but rooftop solar is very expensive, and generates no
power at all half of the time. Hydropower and geothermal can generate lots
of power where the geography and geology cooperate, none other
places. Pumped storage can store lots of power where you have a hill and a
water supply. Some parts of the country are a lot windier than others. We
need to tie them all together to get consistently reliable power.
I also note that we need a lot of existing transmission lines to be upgraded
to handle higher voltage and higher capacity. The rights of way are already
there, whatever views there might have been have already be ruined. What
stands in the way is mostly perverse financial incentives and excessively
nitpicky permitting processes.
------------------------------
Date: Mon, 27 Feb 2023 09:57:28 -0600
From: Charles Cazabon <charlesc-disks-digest@pyropus.ca>
Subject: Re: rm -rf (Bacher, RISKS-33.63)
> cd $some_directory || exit 1 ...
This allows you to make a mistake by forgetting to add the `|| exit X` on
each `cd` or other potentially dangerous command.
------------------------------
Date: Sun, 26 Feb 2023 08:10:51 -0500
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema@rinzewind.org>
Subject: Re: rm -rf (Bacher, RISKS-33.63)
> cd $some_directory || exit 1 ...
I've found that a better solution to stop bash scripts from going entirely
off the rails when a command fails is to always add this line at the top of
the file:
set -euo pipefail
This will make the script crash if any command throws an error, if there's
any undefined variable (now `rm -rf /$undefined` doesn't wipe the entire
hard disk) and it stops pipes from continuing if the previous part didn't
run correctly. This applies to the entire script and we don't need to be
"protecting" individual lines. There is a more detailed description here:
https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425.
Combined with traps (https://phoenixnap.com/kb/bash-trap-command), this
makes bash scripting much more convenient.
(Sorry if this is already something widely known. I found out about this a
while ago and it's been immensely helpful. Surely there will always be
someone who doesn't know about it.)
------------------------------
Date: 25 Feb 2023 21:05:40 -0500
From: "John Levine" <johnl@iecc.com>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
(Bacher, RISKS-33.63)
People who deal with SMS SIM swapping attacks say that a Google Voice
account is the best of a bunch of bad alternatives. Assuming your Google
account is reasonably well secured with a FIDO key, the Voice number is tied
to that account and is quite hard to compromise.
These days FIDO keys cost between $15 and $30 and are well worth it.
------------------------------
Date: Mon, 6 Mar 2023 21:59:04 +0000
From: Jay Libove Alzina <libove@felines.org>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
(RISKS-33.63)
Clearly, if the only 2nd factor option offered is SMS, use it. It's much
better than nothing.
But, it does get worse:
Both Bank of America and Vanguard (US-based financial institutions) support
the customer buying a ~$50Security Key (e.g., Yubikey) and configuring it
for use with their account. GREAT!, right? Not really, because:
Both Bank of America and Vanguard, during every login dialog, have the
option to say ``I don't want to use my Security Key this time'', which
falls back to, you guessed it, SMS! So, spend money, spend time, have
frustration, increase friction at every login, and gain .. exactly zero
security. WTF, BoA and Vanguard?!
------------------------------
Date: Sat, 25 Feb 2023 20:00:35 -0500
From: "Bernie Cosell" <bernie@fantasyfarm.com>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
I still don't understand the problem with passwords. With zero effort I
have completely random 20+ character passwords. *all*different* for about
300 or so sites. I understand about HTTPS stuff and it is easy to ensure
that the site I'm at is the one I was trying to get to. So what's the
weakness that might make me have to mess with 2FA?
I don't mind institutions *offering* 2FA but I hate it when they *force* me
to screw with that stuff.
------------------------------
Date: Sat, 25 Feb 2023 17:40:50 -0800
From: Barry Gold <BarryDGold@ca.rr.com>
Subject: Re: Congress must act to keep kids off social media
(Josh Hawley, RISKS-33.63)
... And violates people's rights to post anonymously or under a pseudonym.
------------------------------
Date: Sat, 25 Feb 2023 17:38:56 -0800
From: Barry Gold <BarryDGold@ca.rr.com>
Subject: Re: Google Issues article from 14 years ago, still relevant today
(RISKS-33.63)
I'd settle for a "contact us" link. I'm getting billed monthly for some
Google service. But which? Is it really something I want?
------------------------------
Date: Sun, 26 Feb 2023 08:40:22 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: AI is starting to pick who gets laid off (WashPost, R-33.63)
This is a non-story. None of the companies mentioned are claimed to have
actually laid people off using AI. And having tech tools to assist in HR
tasks isn't anything new. As long as a human reviews the data and is thee
one to pull the trigger (like the military is supposed to be doing with
their technology).
------------------------------
Date: Sun, 26 Feb 2023 14:55:14 +0000
From: Wols Lists <antlists@youngman.org.uk>
Subject: Re: Cox Cable phone follies (Goldberg, RISKS-33.62)
If it's anything like British Telecom, they believe that you need this stuff
by default ...
Having been offered FTTP cheaper than ADSL2 (we lived too close to the
exchange to get FTTC), we were told some months later that we were to be
upgraded to their new-fangled Digital Voice.
Despite what the website said about Digital Voice, that all customers
REQUESTING it would be given a suitability check etc etc, we just got sent
the usual marketing blurb about how much better it was, we were given a
date, and we were moved across.
At first we didn't notice anything wrong. Then people were saying they
couldn't get through to us. Then people were saying they were getting a
message that "our mailbox is full". Finally I rang our home number from my
mobile while my wife was on a call, and got a ringing tone!
Cue multiple calls to BT's helpline (and they were very helpful, once we
worked out what was going wrong) and it turned out that:
Digital Voice comes with free voicemail, and two phone lines on the one
number. All this information comes with the free DECT2 digital phone
handsets sent with every order - except we didn't order Digital Voice so we
didn't get this package! They ended up refunding us two months phone
charges, because of all the grief we'd had with people being unable to
contact us, and us being oblivious to the fact they'd left us messages.
And of course, like you, we're supposed to get a different dial tone to
indicate a message is waiting. Except that modern phones make you dial the
number before you pick up a line, so you never get a dial tone! We did get
bleats on the line, which we didn't have a clue what they meant, while the
person calling us was told we knew they were waiting ...
Anyways, everything was fine - until the contract came up for renewal. We
renewed it on the web, and there was an option - which we couldn't untick -
that said "send us our free Apple phones". We don't do Apple in our
household ... but they never turned up anyway. What did re-appear was
voicemail.
Cue another rant at the helpdesk, and it turns out (a) the phones didn't
turn up because we were on record as having been sent some, so somebody
didn't program the web page very well, and also Voicemail is ticked by
default but because we didn't see it (because it wasn't there?) we didn't
untick and so it got put back on.
Could this be how your voicemail got turned back on? And the reason we hate
it? Unlike the youth of today we don't live on our phones, my wife is
disabled, and if voicemail is switched on it usually takes the call before
we have an opportunity to answer it!
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.64
************************
