[33229] in RISKS Forum
Risks Digest 34.16
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Thu Apr 11 01:57:03 2024
From: RISKS List Owner <risko@csl.sri.com>
Date: Wed, 10 Apr 2024 15:51:26 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Wednesday 10 April 2024 Volume 34 : Issue 16
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.16>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The total eclipse shows us how important solar energy is to the U.S.
(The Verge)
Chinese Hack of Microsoft Exchange Online Was Preventable, Reviwe Board
Finds (Kim S. Nash)
Dana-Farber Cancer Institute has retracted 7 studies amid controversy over
errors (NBC News)
A once-ignored community of science sleuths now has the research
community on its heels (NBC News)
Can AI help fill the therapist shortage? Mental health apps show
promise and pitfalls (CBS News)
Hackers stole 340,000 Social Security numbers from government consulting
firm (TechCrunch)
Critical takeover vulnerabilities in 92,000 D-Link devices under active
exploitation (ArsTechnica)
Targus says cyberattack is causing operational outage (TechCrunch)
After pushing cloud storage, TV provider to auto-delete 61-day-old DVR
recordings (ArsTechnica)
Texas Will Use Computers to Grade STAAR Tests (Keaton Peters)
Cheshire Cat GPS Jamming/Spoofing in Ukraine, Israel, ... (Henry Baker)
Scammers exploiting people who change their status to #OpenToWork
(Ben Rothke)
Mr Bates vs The Post Office now available on PBS in the U.S.
(PBS via Jeremy Epstein)
Why Open Source Can't Innovate (Dana F. Blankenhorn)
Elon Musk Didn't Want His Latest Deposition Released. Here It Is.
(HuffPost Latest News)
Russian trolls target U.S. support for Ukraine, Kremlin documents show
(WashPost)
California judge dismisses one of ‘Are We Dating the Same Guy?’ lawsuits
(NBC News)
YouTube is the most consequential technology in America (WashPost)
Yet another 419 variant (Rob Slade)
Tesla is settling with the family of the Apple engineer who died in an
Autopilot crash (The Verge)
Re: AI that targets civilians ... (Dylan Northrup)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 8 Apr 2024 20:53:45 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The total eclipse shows us how important solar energy is to the U.S.
(The Verge)
https://www.theverge.com/2024/4/8/24124189/solar-eclipse-renewable-energy-panels-electricity-grid
[And incidentally, Monty noted Internet Traffic Dipped as Viewers Took in
the Eclipse Internet -- it dropped by 40 percent or more during the
eclipse in states in the path of totality, including Maine, New Hampshire
and Ohio, Cloudflare found.
https://www.nytimes.com/2024/04/09/business/internet-traffic-eclipse-cloudflare.html
PGN]
------------------------------
Date: Wed, 10 Apr 2024 11:34:12 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Chinese Hack of Microsoft Exchange Online Was Preventable, Review
Board Finds (Kim S. Nash)
Kim S. Nash. *The Wall Street Journal*
https://cybersecurity.cmail20.com/t/d-l-eydzx-tjludishy-i/
Security missteps at Microsoft might pave the way for a cyber-overhaul of
the cloud sector.
"A cascade of security failures at Microsoft" allowed Chinese hackers to
penetrate the company's Exchange Online cloud-based email system last year,
according to the U.S. Cyber Safety Review Board.
The board spent seven months investigating the espionage incident, in which
the email accounts of 22 organizations and more than 500 individuals around
the world were compromised.
These included Commerce Secretary Gina Raimondo and U.S. Ambassador to
China, Nicholas Burns. Microsoft cooperated fully with the probe, the board
said in its report issued Tuesday.
Tactical and strategic decisions at Microsoft reflect "a corporate culture
that deprioritized enterprise security investments and rigorous risk
management, at odds with the company's centrality in the technology
ecosystem and the level of trust customers place in the company to protect
their data and operations," the board said.
Not only does the report include security recommendations for the tech giant,
but some for cloud providers generally as well. U.S. officials also plan to
convene major cloud players to hammer out baseline cyber practices and a
process for the companies to regularly attest they are complying.
------------------------------
Date: Tue, 9 Apr 2024 21:47:28 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Dana-Farber Cancer Institute has retracted 7 studies amid
controversy over errors (NBC News)
The episode has imperiled the reputation of the Harvard-affiliated
Dana-Farber Cancer Institute and raised questions about the work of one
high-profile researcher.
https://www.nbcnews.com/science/science-news/cancer-institute-dana-farber-retracts-studies-errors-rcna143922
------------------------------
Date: Tue, 9 Apr 2024 21:49:03 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A once-ignored community of science sleuths now has the research
community on its heels (NBC News)
Artificial intelligence tools are only making it easier to spot
problems. Some scientists say it’s time for universities and academic
publishers to reform how they address flawed research.
https://www.nbcnews.com/science/science-news/-ignored-community-science-sleuths-now-research-community-heels-rcna136946
------------------------------
Date: Wed, 10 Apr 2024 14:57:49 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Can AI help fill the therapist shortage? Mental health apps show
promise and pitfalls (CBS News)
Providers of mental health services are turning to AI-powered chatbots
designed to help fill the gaps amid a shortage of therapists and growing
demand from patients.
But not all chatbots are equal: some can offer helpful advice while others
can be ineffective, or even potentially harmful. Woebot Health uses AI to
power its mental health chatbot, called Woebot. The challenge is to protect
people from harmful advice while safely harnessing the power of artificial
intelligence. [...]
The National Eating Disorders Association's AI-powered chatbot, Tessa, was
taken down after it provided potentially harmful advice to people seeking
help.
https://www.cbsnews.com/news/ai-chatbots-mental-health-therapy-pitfalls-60-minutes/
They're so proud -- rules-based bot gives deterministic response. Same
input, same output. Guidelines/guardrails protect against anything bad --
except when they're modified and don't. GPT bot improvises.
What could go wrong?
[Well, they might need a Woebot Wabbit? PGN]
------------------------------
Date: Mon, 8 Apr 2024 21:09:17 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Hackers stole 340,000 Social Security numbers from government
consulting firm (TechCrunch)
https://techcrunch.com/2024/04/08/hackers-stole-340000-social-security-numbers-from-government-consulting-firm/
------------------------------
Date: Mon, 8 Apr 2024 21:16:32 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Critical takeover vulnerabilities in 92,000 D-Link devices under
active exploitation (ArsTechnica)
https://arstechnica.com/?p=2015480
------------------------------
Date: Mon, 8 Apr 2024 21:09:45 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Targus says cyberattack is causing operational outage (TechCrunch)
https://techcrunch.com/2024/04/08/targus-says-cyberattack-causing-operational-outage/
------------------------------
Date: Mon, 8 Apr 2024 21:17:40 -0400
From: Monty Solomon <monty@roscom.com>
Subject: After pushing cloud storage, TV provider to auto-delete
61-day-old DVR recordings (ArsTechnica)
https://arstechnica.com/?p=2015412
------------------------------
Date: Wed, 10 Apr 2024 11:50:04 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Texas Will Use Computers to Grade STAAR Tests (Keaton Peters)
Keaton Peters, *The Texas Tribune*, 9 Apr 2024
The Texas Education Agency (TEA) this year will use an "automated scoring
engine" that uses natural language processing technology to assess and grade
open-ended questions on the State of Texas Assessment of Academic Readiness
(STAAR) for reading, writing, science, and social studies. TEA gathered
3,000 responses that went through two rounds of human scoring, and used them
to teach the automated scoring engine the characteristics of responses. It
is programmed to assign the same scores a human would have given.
[Texas is leaning to STAARBOARD for a change? But this loo ks more like
any PORT in a storm. What was the quality of the 3,000 human scorings?
The system could have been trained on sloppy grading, and assigning the
same scores may be really wrong-headed. Once again, we desperately need
sound evidence-based results. PGN]
------------------------------
Date: Tue, 09 Apr 2024 18:02:23 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Cheshire Cat GPS Jamming/Spoofing in Ukraine, Israel, ...
"If you don't know where you're going, any road will take you there."
-- Cheshire Cat in Alice's Wonderland
Isn't this jamming/spoofing a fraud on the location-based advertisers ?
How soon before we have GPS 'swatting' on Carmen Sandiego ?
https://en.wikipedia.org/wiki/Swatting
https://www.newscientist.com/article/2415318-ukraine-will-spoof-gps-across-the-country-to-stop-russian-drones/
Ukraine will spoof GPS across the country to stop Russian drones
------------------------------
Date: Mon, 8 Apr 2024 18:25:46 -0400
From: Ben Rothke <brothke@gmail.com>
Subject: Scammers exploiting people who change their status to
#OpenToWork
Many job seekers often change their LinkedIn status to #OpenToWork.
Scammers look for people who do that and launch scams against them.
Most often around resume building, executive coaching, and job
introductions.
https://brothke.medium.com/when-opentowork-is-really-opentoscam-598ef27dd628?sk=b65fb880100304aa67a53a0590c7b162
------------------------------
Date: Mon, 8 Apr 2024 22:16:30 -0400
From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
Subject: Mr Bates vs The Post Office now available on PBS in the U.S.
The Horizon post office scandal in the UK has been discussed periodically
in RISKS over the years. The docudrama that caused the UK parliament to
finally take action is now available in the US on PBS.
https://www.pbs.org/wgbh/masterpiece/shows/mr-bates-vs-the-post-office/
I'm curious to see whether viewers will see the parallel to trusting AI
systems, and the risks those bring.
------------------------------
Date: Tue, 9 Apr 2024 14:06:39 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Why Open Source Can't Innovate (Dana F. Blankenhorn)
How The Commons Was Closed for the Benefit of the Few
https://danafblankenhorn.substack.com/p/why-open-source-cant-innovate
------------------------------
Date: Tue, 9 Apr 2024 17:05:16 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Elon Musk Didn't Want His Latest Deposition Released.
Here It Is. (HuffPost Latest News)
Musk is being sued for falsely suggesting a 22-year-old Jewish man was part
of a neo-Nazi brawl.
The lawsuit against the billionaire, filed in October, alleges that Musk
used his colossal social media platform to amplify a false far-right
conspiracy theory linking 22-year-old Ben Brody to a brawl in Oregon between
the neo-Nazi group Rose City Nationalists and the Proud Boys, a neo-fascist
fight club. The brawl occurred during Oregon City’s first Pride Night Fest,
when both groups came to disrupt the event and spew anti-LGBTQ+ rhetoric.
Brody wasn't even in the same state when the June 24 brawl occurred. But his
world was turned upside down when far-right X accounts, magnified by Musk,
falsely identified him as a member of Rose City Nationalists (and an
undercover federal agent) and posted his personal information online.
Musk amplified the conspiracy theory repeatedly to his more than 180 million
followers, suggesting Brody was a fresh-faced federal agent pretending to be
a neo-Nazi in a “false flag situation,” a phrase used to suggest a harmful
event was deliberately set up to misrepresent a group or person. [...]
Brody said he and his family were forced to flee their home amid the fallout
from Musk’s posts. He’s seeking more than $1 million in damages. The next
court hearing is scheduled for April 22. [...]
“People are attacked all the time in the media, online media, social media,
but it is rare that that actually has a meaningful negative impact on their
life,” Musk testified.
https://www.huffpost.com/entry/elon-musk-didnt-want-his-latest-deposition-released-here-it-is_n_66133d2ce4b0d81853f9a766
------------------------------
Date: Tue, 9 Apr 2024 19:54:05 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Russian trolls target U.S. support for Ukraine, Kremlin
documents show (WashPost)
In a campaign stoking anti-Ukraine sentiment in the U.S., Russia-directed
trolls have written thousands of fabricated news articles and social media
posts.
https://www.washingtonpost.com/world/2024/04/08/russia-propaganda-us-ukraine/
------------------------------
Date: Tue, 9 Apr 2024 21:52:54 -0400
From: Monty Solomon <monty@roscom.com>
Subject: California judge dismisses one of ‘Are We Dating the Same Guy?’
lawsuits (NBC News)
Stewart Lucas Murrey is suing more than 50 women for sharing stories about
him in multiple private Facebook groups.
https://www.nbcnews.com/tech/judge-dismisses-are-we-dating-same-guy-facebook-group-lawsuit-rcna147043
------------------------------
Date: Tue, 9 Apr 2024 20:04:36 -0400
From: "Monty Solomon" <monty@roscom.com>
Subject: YouTube is the most consequential technology in America
This is the most consequential technology in America
This is America’s most popular social app by a mile, the top way to listen
to music, the healthiest economy on the Internet and essential AI training
fuel.
(Spoiler alert: It’s YouTube.)
You think you know YouTube. It’s where billions of people learn how to
change a tire, follow a favorite yoga workout or catch footage of Monday’s
solar eclipse.
But maybe you don’t know that YouTube is also the most popular way to hear
music and one of the country’s largest cable TV providers. YouTube is the
healthiest economy on the Internet. And it has been rocket fuel for
artificial intelligence.
I’m digging into YouTube’s identity because it’s essential to understand the
influence of technologies in our lives. As popular as YouTube is, its power
over the Internet and us is somehow still underrated.
Let me try to persuade you that YouTube is the most consequential technology
in America: [...]
https://www.washingtonpost.com/technology/2024/04/09/most-important-app-youtube/
------------------------------
Date: Tue, 9 Apr 2024 09:46:09 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Yet another 419 variant
So, I got this email inviting me to a Trello workspace. I assume Trello is
something like Slack or MS Teams. I initially assumed that this was yet
another instance of someone assuming that "rslade@gmail.com" was *their*
email address, rather than mine. But then I saw the included note:
"Greetings, I am Brian Smith, a seasoned attorney at Piccadilly's
Attorneys Firm and Personal attorney to a deceased member of your family
who died and left behind an Estate claim. You have been designated as a
devisee. Please contact me via email for further information.
[attorneybriansmith96@gmail.com]"
OK, right, it's just another version of the "your rich relative died"
advance fee fraud.
But I found it interesting that they are trying yet another workaround to
get by standard spam filters ...
------------------------------
Date: Mon, 8 Apr 2024 20:52:36 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tesla is settling with the family of the Apple engineer
who died in an Autopilot crash (The Verge)
https://www.theverge.com/2024/4/8/24124744/tesla-autopilot-lawsuit-settlement-huang-death
------------------------------
Date: Tue, 9 Apr 2024 09:45:10 -0400
From: Dylan Northrup <northrup@gmail.com>
Subject: Re: AI that targets civilians ... (RISKS-34.15)
> Actually, using face-recognition methods may be the most humane way to
> tell apart terrorists who hide among the civilian population. Especially
> when the alternative older methods were more like "kill them all and let
> God sort them out".
Facial recognition should be forbidden from use by law enforcement unless
and until it is able to be used on white collar criminals (tax evasion,
securities fraud, insider trading, etc.). The actual losses from those
crimes dwarfs losses from all other types of crime facial recognition will
pitched as the solution for.
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.16
************************
