[33253] in RISKS Forum
Risks Digest 34.23
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Mon May 6 16:36:26 2024
From: RISKS List Owner <risko@csl.sri.com>
Date: Mon, 6 May 2024 13:36:06 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Monday 6 May 2024 Volume 34 : Issue 23
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.23>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Could the Covid-19 Vaccines Have Caused Some People Harm?
Thousands think that their cases have been ignored. (Apoorva Mandavilli)
Electric car driver turned away from hospital car park (BBC)
Drones Changed Myanmar Civil War, Linked Rebels to the World (NYTimes)
Hacker Free-for-All in Fight for Routers (Dan Goodin)
Politicians Use Social Media to 'Buy' Votes (New Scientist)
Zeekill: From teenage cyber-thug to Europe's most wanted? (BBC)
What Happens When a Romance Writer Gets Locked Out of Google Docs (WiReD)
Apple Password Reset Propagations (Marvin Schaefer)
AI Lobbying Frenzy in Washington Dominated by Big Tech (Will Henshall)
When grief and AI collide: These people are communicating with the dead
(CNN Business)
The Sam Altman Playbook (Gary Marcus on AI)
Tiffany Haddish started tracking down her online trolls and calling them on
the phone (NBC News)
Microsoft announces ZTDNS (Cliff Kilby)
Former 'Employee Express' Phone Number Being Used by Fraudsters, Warns IG
(FedWeek)
How Scammers Are Stealing Food Stamps From Struggling Americans (NYTimes)
Medical Debt Shows Up Less Often on Credit Reports (NYTimes)
More on Google Chrome and the vanishing UNDO function!
Universal Music Artists Will Return to TikTok (NYTimes)
If your iPhone alarm has gone quiet, Apple says it's working on a fix
(The Verge)
Re: Phone Keyboard Exploits Leaves Billion Users Exposed Martin Ward)
Re: Boeing's problems (Martin Ward)
Re: Can AI-powered drive-throughs save the day for fast food operators?
(Steve Bacher)
Re: Developers seethe as Google surfaces buggy AI-written code operators
(Steve Bacher)
Re: Net Neutrality and Black Boxes (Bob Rahe)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sun, 5 May 2024 14:06:16 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Could the Covid-19 Vaccines Have Caused Some People Harm?
Thousands think that their cases have been ignored. (Apoorva Mandavilli)
Apoorva Mandavilli, *The New York Times*, 5 May 2024,
National Edition front page
[This a really important article. The notable sections of this
article lengthy article are these, with brief PGN-ed summaries:]
``I'm not real.'' Patients who they experienced bad side effects say
they have received little support or acknowledgment.
Listening for Signals. There are gaps in the official reporting,
e.g., individual shots were not recorded in mass vaccinations.
A Red Flag. Other countries have sought out reports of bad side
effects and reached conclusions the U.S. has not.
Pervasive Misinformation. The rise in the anti-vax movement has
made it difficult ... to candidly address potential side effects.
[several fascinating individual cases are noted in some detail.]
[This article affects quite a few people who apparently were
seriously impacted -- e.g., death or long-term Lyme-disease-like
co-infections -- resulting from vaccination. One extreme case was
one of my old friends who was one of 9 people who were vaccinated at
the same time by a clinic, 6 of who died soon thereafter from what
appears to have been a bad batch. If you browse on How Bad Is My
Batch, you might get this URL, into which you can put your batch IDs:
https://knollfrank.github.io/HowBadIsMyBatch/HowBadIsMyBatch.html)
My own conclusion is that much of the conventional medical response
is what has happened in the history of Lyme disease -- for many
years, doctors refused to admit that chronic Lyme disease even
existed (e.g., it had crossed the blood-brain barrier and was mostly
untreatable), characteristically attributing it to psychological
problems. I think bad-batch reactions and long-Covid have both have
received the same general reaction -- they are anomalies and were
typically discounted -- although now perhaps the medical profession
is seeing a glimmer of credibility in some of the reports. PGN]
[PS. I am not an anti-vaxxer, just a questioner of the blind
one-size-fits-all approach. PGN]
------------------------------
Date: Sun, 5 May 2024 16:57:56 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Electric car driver turned away from hospital car park (BBC)
A father who was taking his child to Alder Hey hospital in Liverpool says he
was turned away from the car park because he was driving an electric vehicle
(EV).
Paul Freeman-Powell said he was told to park next to nearby grass because
his car *could explode*.
The hospital says it has temporarily banned access to the car park while it
improves its sprinkler system.
But industry figures have challenged the decision, pointing to research that
indicates petrol cars are considerably more likely to catch fire than EVs.
https://www.bbc.com/news/articles/c90zjne2v0jo
The risk? Progress? Misinformation? Cluelessness?
[Mono-lith-ium Phobia? PGN]
------------------------------
Date: Mon, 6 May 2024 11:35:16 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Drones Changed Myanmar Civil War, Linked Rebels to the World
(NYTimes)
Hannah Beech and Paul Mozur, *The New York Times*, 4 May 2024,
via ACM TechNews
Rebel drone units have managed to turn the tables on the military in
Myanmar. Drone pilots in Myanmar describe turning to groups on chat apps to
download 3D printing blueprints for fixed-wing drones. They also gain
insight there on how to hack through the default software on commercial
drones that could give away their locations. The drone pilots also post
videos taken from drones on social media to boost morale and help raise
money.
------------------------------
Date: Mon, 6 May 2024 11:35:16 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Hacker Free-for-All in Fight for Routers (Dan Goodin)
Dan Goodin, *Ars Technica*, 1 My 2024, via ACM TechNews
Hackers are surreptitiously coexisting inside compromised routers as they
use the devices to disguise attacks motivated both by financial gain and
state-backed espionage, according to researchers at U.S.-Japanese
cybersecurity software company Trend Micro. In some cases the co-existence
is peaceful, with financially motivated hackers providing spies access to
already compromised routers in exchange for a fee. In other cases,
state-backed hackers take control of devices previously hacked by the
cybercrime groups.
------------------------------
Date: Mon, 6 May 2024 11:35:16 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Politicians Use Social Media to 'Buy' Votes (New Scientist)
Chris Stokel-Walker, New Scientist, 2 May 2024, via ACM TechNews
A study of political advertisements on social media by researchers at
Germany's Ludwig Maximilian University of Munich found that German political
parties could sway an individual voter with just ?4 ($4.31) of advertising
spend. The researchers looked at more than 21,000 advertisements posted on
Facebook and Instagram during Germany's 2021 federal elections. Using a
statistical model, they determined that a candidate's votes rose 2.1% for
every 200,000 times their advertisements were seen.
------------------------------
Date: Sat, 4 May 2024 18:11:46 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Zeekill: From teenage cyber-thug to Europe's most wanted? (BBC)
https://www.bbc.com/news/articles/cyxe9g4zlgpo
A notorious hacker who was one of Europe=E2=80=99s most wanted criminals has
been jailed for blackmailing 33,000 therapy patients with their stolen
session notes. Julius Kivim=C3=A4ki's imprisonment brings to an end an
11-year cyber-crime spree that started when he rose to prominence in a
network of anarchic teenage hacking gangs at the age of just 13.
------------------------------
Date: Sun, 5 May 2024 18:24:08 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: What Happens When a Romance Writer Gets Locked Out of
Google Docs (WiReD)
In March, an aspiring author got a troubling message: All of her works in
progress were no longer accessible. What happened next is every writer’s
worst fear. [...]
When she saw the word *inappropriate* in the notification, Renee worried her
work had been dinged for its spice. “I thought I was the problem,” she
says. “I thought I had somehow messed it up.”
But she hadn’t. At least, she hadn’t messed it up in any way she could hope
to avoid in the future. Google never specified which of her 222,000 words
was inappropriate. There were no highlighted sections, no indicators of what
had rendered her documents unshareable. Had one of her readers flagged the
content without discussing it with her first? Was it a malicious attack on
the files? Had someone at Google decided her content was too spicy? Renee
hadn’t turned on any of the AI functions in Google Workspace, so she doubted
it could be chalked up to a bot banning her books. After all, a 2016 paper
coauthored by Google researchers revealed that its recurrent neural network
language models had been fed thousands of romances. If for some reason a bot
was crawling her work, wouldn’t it recognize what it was looking at?
https://www.wired.com/story/what-happens-when-a-romance-author-gets-locked-out-of-google-docs/
------------------------------
Date: Sun, 5 May 2024 20:16:16 +0000 (UTC)
From: "Marvin Schaefer" <bwapast@verizon.net>
Subject: Apple Password Reset Propagations
It appears that Apple’s new programme to encourage iPhone users to reset their AppleID passwords has consequences beyond being simply consequential. Indeed, the new password then generates a family of additional passwords (I count 16) that then self-propagate to other Apple-related devices, in some cases changing or modifying properties of already installed applications and backups.
My desktop Mac, sleeping on the day that I installed the new password suffered from the propagation via the device network Apple constructs, and as a consequence when I awoke my Mac last night I discovered that the contents of the Notes application had been supplanted completely by unrelated readable garbage. But the valued notes had all been eliminated. Worse, no luck retrieving the original application data from my system backup files….
Reset in haste, repent at leisure.
ADDED REMEDIATION:
The Sweet Misery of Strife has just been resolved through the black arts of
my 7th Apple Support contact over the last [lost] 3 days. The Black arts to
which she resorted were irreproducible -- she had me simply reset the arcane
apple ID while I was logged into my Mac and it magically held and did what
was apparently needed. No good explanation here, no idea of what is in the
all new set of 16 generated passwords. No idea of how long, if during my
shortening lifespan, this approach will hold water.
------------------------------
Date: Mon, 6 May 2024 11:35:16 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: AI Lobbying Frenzy in Washington Dominated by Big Tech
(Will Henshall)
Will Henshall, *Time*, 30 Apr 2024, via ACM TechNews
A report from nonprofit OpenSecrets revealed an almost threefold increase in
the number of organizations lobbying the U.S. government on AI from 158 in
2022 to 451 in 2023. Among the 334 organizations that lobbied on AI for the
first time last year were startups like OpenAI, big corporations like Visa
and GSK, industry trade associations, and numerous civil society
organizations. Meanwhile, OpenSecrets found that Amazon, Meta, Alphabet, and
Microsoft each spent more than $10 million on lobbying.
------------------------------
Date: Mon, 6 May 2024 10:22:52 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: When grief and AI collide: These people are communicating with the
dead (CNN Business)
As artificial intelligence gets smarter, some people are turning to the
technology to simulate the personality and behavior of a deceased loved one.
https://www.cnn.com/2024/05/06/tech/ai-communicating-with-dead/index.html
------------------------------
Date: Sun, 5 May 2024 17:12:00 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Sam Altman Playbook (Gary Marcus on AI)
Fear, The Denial of Uncertainties, and Hype
How do you convince the world that your ideas and business might ultimately
be worth $7 trillion dollars? Partly by getting some great results, partly
by speculating about unlimited potential, and partly by downplaying and
ignoring inconvenient truths.
Sam Altman is on a tour to raise money and raise valuations, and he’s plying
these moves day after day, in a city after city, at some of top universities
in the world. Aside from a minor upgrade to GPT-4, he doesn’t have a newly
released product, so he is selling vision and promise.
Let’s start with the promises. A few days ago at Stanford, Sam promised that
AGI will be worth it, no matter how much it costs:
https://garymarcus.substack.com/p/the-sam-altman-playbook
------------------------------
Date: Sat, 4 May 2024 09:17:34 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tiffany Haddish started tracking down her online trolls and
calling them on the phone (NBC News)
https://www.nbcnews.com/news/nbcblk/tiffany-haddish-tracking-online-trolls-calling-rcna150574
------------------------------
Date: Sat, 4 May 2024 14:40:23 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Microsoft announces ZTDNS
I wonder how this is any less overhead to manage than a traditional
router/firewall/proxy/gpo/domain combination thats been capable of doing
this exact thing circa 2000.
I am also failing to see how this change would allow a company to do away
with any of that in order to simplify operation.
https://arstechnica.com/security/2024/05/microsoft-plans-to-lock-down-windows-dns-like-never-before-heres-how/2/
------------------------------
Date: Sun, 5 May 2024 18:40:33 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Former 'Employee Express' Phone Number Being Used by
Fraudsters, Warns IG (FedWeek)
The Inspector General’s office at OPM has posted a warning against calling a
phone number once associated with the agency’s Employee Express FEHB
enrollment site (888-353-9450), saying the number “is currently in use by
fraudsters/bad actors who have practiced financial exploitation tactics.”
“This phone number was provided on U.S. Department of State human resources
notices to employees and Foreign Service retirees. It may also be or have
been provided on other participating federal agencies’ human resources or
information. This customer service phone number is no longer in use by OPM
or the federal government,” it says.
https://www.fedweek.com/fedweek/former-employee-express-phone-number-being-used-by-fraudsters-warns-ig/
------------------------------
Date: Sun, 5 May 2024 17:47:20 -0400
From: Monty Solomon <monty@roscom.com>
Subject: How Scammers Are Stealing Food Stamps From Struggling Americans
(NYTimes)
Thieves are using skimmers to drain millions in food stamps and other public
benefits from the neediest Americans.
https://www.nytimes.com/2024/05/04/business/food-stamps-skimming-scam.html
------------------------------
Date: Sun, 5 May 2024 17:52:24 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Medical Debt Shows Up Less Often on Credit Reports (NYTimes)
But the Consumer Financial Protection Bureau said 15 million people still
had medical bills in their files, which can make it hard to qualify for
loans.
https://www.nytimes.com/2024/05/03/your-money/medical-debt-credit-reports.html
------------------------------
Date: Sat, 4 May 2024 11:55:09 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: More on Google Chrome and the vanishing UNDO function!
[See RISKS-34.20. PGN]
Google apparently has removed (as far as I can tell) the incredibly
standard and important UNDO function from Chrome right-click context
menus, replacing it with a useless "Help me write" AI choice.
UNBELIEVABLE.
If you're in the know, you can do an UNDO with Control-Z. If you're not in
the know and depend on context menus -- apparently Google just doesn't
care. Surprise! -L
... Even more on Google context menus and UNDO
To be even more precise, context menus can vary based on the current app, of
course. An example of an app where UNDO is no longer available in the
context menu, but "Help me write" now is present, is -- you guessed it -- in
Gmail. UNDO also appears to be absent in the right-click context menus for
Google Docs text input as well, but I'm less certain that this has been a
recent change -- Control-Z functions as UNDO there also. App/browser
interactions can be complex, but having UNDO suddenly vanish from any apps
without any explanation to users is a terrible user experience. -L
[... and still more]
In case you're trying to test the UNDO situation yourself, note that
this apparently is dependent on a variety of variables. The rollout
status of Gmail. Browser version. System type. Maybe more. So some may
still see Undo, others may not. And this could change.
For reference, here's what my Gmail text input right-click context
menu looks like currently on an Ubuntu desktop. Obviously, Undo has
gone missing, replaced with "Help me write":
https://mastodon.laurenweinstein.org/@lauren/112384616439563174
------------------------------
Date: Sun, 5 May 2024 17:54:01 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Universal Music Artists Will Return to TikTok (NYTimes)
The two companies reached a new licensing deal, ending a three-month
stalemate that kept some of pop’s biggest stars off the platform.
https://www.nytimes.com/2024/05/02/arts/music/tiktok-universal-music-deal.html
------------------------------
Date: Tue, 30 Apr 2024 23:31:33 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Change Healthcare hackers broke in using stolen credentials -- and
no MFA, says UHG CEO (TechCrunch)
https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/
------------------------------
Date: Tue, 30 Apr 2024 23:26:33 -0400
From: Monty Solomon <monty@roscom.com>
Subject: If your iPhone alarm has gone quiet, Apple says it's
working on a fix (The Verge)
https://www.theverge.com/2024/4/30/24145296/apple-iphone-alarm-sounds-broken-ios-bug-fix-coming
------------------------------
Date: Sun, 5 May 2024 19:05:33 +0100
From: Martin Ward <mwardgkc@gmail.com>
Subject: Re: Phone Keyboard Exploits Leaves Billion Users Exposed
> The Chinese-language keyboards use character-prediction features that rely
on cloud computing resources,
Why does a character prediction feature need cloud computing resources?
Why do I feel that the "improperly secured communications" were part
of the plan all along?
------------------------------
Date: Sun, 5 May 2024 12:31:36 +0100
From: Martin Ward <mwardgkc@gmail.com>
Subject: Re: Boeing's problems
In response to the engine cover falling off and hitting a wing flap, Boeing
said: "We place our highest priority on ultimate Safety for our Customers
and Employees,"
There are two possibilities here: either (1) they are lying and safety has
actually been a very low priority, or (2) the company really is trying its
absolute hardest at every level to fly safely and is utterly incompetent
and incapable of doing so.
In the first case, the solution includes firing the top executives.
In the second case, the solution is much more difficult and probably means
closing and disbanding the company altogether!
So, I guess, we have to hope that they are lying!
------------------------------
Date: Sun, 5 May 2024 09:24:49 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Can AI-powered drive-throughs save the day for fast food
operators? (LATimes)
The item in RISKS 34.22 is incomplete and is missing the link to the
article. Here it is.
https://www.latimes.com/business/story/2024-05-01/ai-powered-drive-thru-fast-food-operators-20-minimum-wage-california-carls-el-pollo-loco
Not that AI-led drive-through is quite ready for prime time. As it is today,
the system can have trouble with people’s accents and ambient noise, making
it hard to recognize speech and translate it into text. Pilot programs run
by McDonald’s and others thus far often have backed up the AI technology
with an employee, like the Wizard of Oz man behind the curtain. The unseen
worker from as far away as the Philippines monitors and sometimes intervenes
to complete an order if AI falters.
------------------------------
Date: Sun, 5 May 2024 10:15:09 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Developers seethe as Google surfaces buggy AI-written code (The
Register)
Why doesn't Pulumi just prevent Google from indexing their site with a
noindex meta tag?
------------------------------
Date: Sat, 4 May 2024 15:24:33 -0400
From: Bob Rahe <bob@dtcc.edu>
Subject: Re: Net Neutrality and Black Boxes (RISKS-34.22)
In the item about net neutrality coming back the phrasing seemed a
bit... pointed (?) I.e. "The rules reflect those imposed by the FCC in 2015
but rescinded by the Trump administration in 2017." It would seem if they
were rescinded by an "administration" the were probably also imposed by an
administration (Obama). Or by the FCC. Why the difference?
In the item about the AI tool being used in criminal cases this line kind of
just flew off the page:
``Black-box software with no audit trail and no peer review seems to be a
critical piece of prosecutors' cases... Judges are now tossing the
`evidence'.''
Sounds like some of the issues with voting machines in the 2020 election,
except for there not being judges throwing out evidence....
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.23
************************
