[33527] in RISKS Forum
Risks Digest 34.55
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Feb 8 23:36:13 2025
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 8 Feb 2025 20:35:55 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 8 Feb 2025 Volume 34 : Issue 55
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.55>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
UK slaps Technical Capacity Notice on Apple requiring Law
Enforcement access to encrypted cloud data (WashPost)
A Fork in the Road: Is Federal Employee Privacy Compromised?
(Mueller vis Gabe Goldberg)
U.S. Blocks Open Source 'Help' From These Countries (NYTimes)
ChatGPT in Shambles (Gary Marcus)
Google drops pledge on AI use for weapons (BBC)
DeepSeek Linked to Banned Chinese Telecom (Byron Tau)
DeepSeek iOS App Reported to use Unencrypted HTTP Communications
(Ars Technica)
On DeepSeek, you can watch AI navigate censorship in real time
(NBC News)
Reimagining the American War Machine (NYTimes)
U.S. Treasury Threat Intelligence Analysis Designates DOGE Staff as
'Insider Threat' (WiReD)
Read-only access? Not really! (Steve Bacher)
Government Tech Workers Forced to Defend Projects to Random Elon
Musk Bros (WiReD)
Inside a network of AI-generated newsletters targeting
small-town America (Nieman Lab)
New jailbreak "Time Bandit" tricks LLMs' temporal sense
(Bleeping Computer)
Federal Webpages Go Dark as Public Data Is Removed (Time)
Los Angeles County sheriff's computer dispatch system crashes again
(LA Times)
Militarized AI (LRB)
Waymo vs. potholes in Los Angeles (LA Times)
Waymo is getting ready to tackle Los Angeles' freeways. How have
the robotaxis fared so far? (LA Times)
Almost one in 10 people use the same four-digit PIN (ABC News)
In cleanup from California fires, lithium-ion batteries are a
dangerous challenge (NBC News via Steve Bacher)
Google remakes Super Bowl ad after AI cheese gaffe
(BBC via Jim Geissman)
Re: Research Uncovers Major Vulnerability in Wireless Networking Technology
(Steve Bacher)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 7 Feb 2025 16:05:44 PST
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: UK slaps Technical Capacity Notice on Apple requiring Law
Enforcement access to encrypted cloud data (WashPost)
[A new generation of what we have called the Crypto Wars is back, and I
need to dust off my ultra-mixed metaphor from many years ago: It changes
its meaning and relevance slightly each time, but still seems pithy:
Pandora's Cat is out of the Barn and
the Genie won't Go Back In the Closet.
However, this time around, it is a global problem more than primarily a
U.S. problem; the playground and the risks have both changed dramatically;
and the pro-surveillance folks have many more allies when facing global
threats. I have not tried to truncate Joseph Menn's article for fair use,
but wish to thank him for writing this comprehensive article summarizing
the main issues at this juncture. PGN]
UK orders Apple to let it spy on users' encrypted accounts
Joseph Menn, *The Washington Post*, 7 Feb 2025
https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
A secret order requires blanket access to protected cloud backups around the
world, which if implemented would undermine Apple's privacy pledge to its
users.
Security officials in the United Kingdom have demanded that Apple create a
back door allowing them to retrieve all the content any Apple user worldwide
has uploaded to the cloud, people familiar with the matter told *The
Washington Post*.
The British government's undisclosed order, issued last month, requires
blanket capability to view fully encrypted material, not merely assistance
in cracking a specific account, and has no known precedent in major
democracies. Its application would mark a significant defeat for tech
companies in their decades-long battle to avoid being wielded as government
tools against their users, the people said, speaking under the condition of
anonymity to discuss legally and politically sensitive issues.
Rather than break the security promises it made to its users everywhere,
Apple is likely to stop offering encrypted storage in the U.K., the people
said. Yet that concession would not fulfill the U.K. demand for backdoor
access to the service in other countries, including the United States.
The office of the Home Secretary has served Apple with a document called a
technical capability notice, ordering it to provide access under the
sweeping U.K. Investigatory Powers Act of 2016, which authorizes law
enforcement to compel assistance from companies when needed to collect
evidence, the people said.
The law, known by critics as the Snoopers' Charter, makes it a criminal
offense to reveal that the government has even made such a demand. An Apple
spokesman declined to comment.
Apple can appeal the UK capability notice to a secret technical panel, which
would consider arguments about the expense of the requirement, and to a
judge who would weigh whether the request was in proportion to the
government's needs. But the law does not permit Apple to delay complying
during an appeal.In March, when the company was on notice that such a
requirement might be coming, it told Parliament: ``There is no reason why
the UK [government] should have the authority to decide for citizens of the
world whether they can avail themselves of the proven security benefits that
flow from end-to-end encryption.''
The Home Office said Thursday that its policy was not to discuss any
technical demands. `We do not comment on operational matters, including for
example confirming or denying the existence of any such notices,'' a
spokesman said.
Senior national security officials in the Biden administration had been
tracking the matter since the United Kingdom first told the company it might
demand access and Apple said it would refuse. It could not be determined
whether they raised objections to Britain. Trump White House and
intelligence officials declined to comment.
One of the people briefed on the situation, a consultant advising the United
States on encryption matters, said Apple would be barred from warning its
users that its most advanced encryption no longer provided full security.
The person deemed it shocking that the UK government was demanding Apple's
help to spy on non-British users without their governments' knowledge. A
former White House security adviser confirmed the existence of the British
order.
At issue is cloud storage that only the user, not Apple, can unlock. Apple
started rolling out the option, which it calls Advanced Data Protection, in
2022. It had sought to offer it several years earlier but backed off after
objections from the FBI during the first term of President Donald Trump, who
pilloried the company for not aiding in the arrest of killers, drug dealers
and other violent criminal elements. The service is an available security
option for Apple users in the United States and elsewhere.
While most iPhone and Mac computer users do not go through the steps to
enable it, the service offers enhanced protection from hacking and shuts
down a routine method law enforcement uses to access photos, messages and
other material. iCloud storage and backups are favored targets for U.S.
search warrants, which can be served on Apple without the user knowing.
Law enforcement authorities around the world have complained about increased
use of encryption in communication modes beyond simple phone traffic, which
in the United States can be monitored with a court's permission.
The UK and FBI in particular have said that encryption lets terrorists and
child abusers hide more easily. Tech companies have pushed back, stressing a
right to privacy in personal communication and arguing that back doors for
law enforcement are often exploited by criminals and can be abused by
authoritarian regimes.
Most electronic communication is encrypted to some degree as it passes
through privately owned systems before reaching its destination. Usually
such intermediaries as email providers and internet access companies can
obtain the plain text if police ask.But an increasing number of tech
offerings are encrypted end to end, meaning that no intermediary has access
to the digital keys that would unlock the content. That includes Signal
messages, Meta's WhatsApp and Messenger texts, and Apple;s iMessages, and
FaceTime calls. Often such content loses its end-to-end protection when it
is backed up for storage in the cloud. That does not happen with
Apple's Advanced Data Protection option.
Apple has made privacy a selling point for its phones for years, a stance
that was enhanced in 2016 when it successfully fought a U.S. order to unlock
the iPhone of a dead terrorist in San Bernardino, California. It has since
sought to compromise, such as by developing a plan to scan user devices for
illegal material. That initiative was shelved after heated criticism by
privacy advocates and security experts, who said it would turn the
technology against customers in unpredictable ways.
Google would be a bigger target for UK officials, because it has made the
backups for Android phones encrypted by default since 2018. Google spokesman
Ed Fernandez declined to say whether any government had sought a back door,
but implied none have been implemented. ``Google can't access Android
end-to-end encrypted backup data, even with a legal order,'' he said.
Meta also offers encrypted backups for WhatsApp. A spokesperson declined to
comment on government requests but pointed to a transparency statement on
its website saying that no back doors or weakened architecture would be
implemented.
If the UK secures access to the encrypted data, other countries that have
allowed the encrypted storage, such as China, might be prompted to demand
equal backdoor access, potentially prompting Apple to withdraw the service
rather than comply.
The battle over storage privacy escalating in Britain is not entirely
unexpected. In 2022 UK officials condemned Apple's plans to introduce strong
encryption for storage. ``End-to-end encryption cannot be allowed to hamper
efforts to catch perpetrators of the most serious crimes,'' a government
spokesperson told the Guardian newspaper, referring specifically to child
safety laws.
After the Home Office gave Apple a draft of what would become the backdoor
order, the company hinted to lawmakers and the public what might lie ahead.
During a debate in Parliament over amendments to the Investigatory Powers
Act, Apple warned in March that the law allowed the government to demand
back doors that could apply around the world. ``These provisions could be
used to force a company like Apple, that would never build a back door into
its products, to publicly withdraw critical security features from the UK
market, depriving UK users of these protections,'' it said in a written
submission.
Apple argued then that wielding the act against strong encryption
would conflict with a ruling by the European Court of Human Rights
that any law requiring companies to produce end-to-end encrypted
communications ``risks amounting to a requirement that providers of
such services weaken the encryption mechanism for all users'' and
violates the European right to privacy. SWIn the United States, decades
of complaints from law enforcement about encryption have recently been
sidelined by massive hacks by suspected Chinese government agents, who
breached the biggest communications companies and listened in on calls
at will. In a joint December press briefing on the case with FBI
leaders, a Department of Homeland Security official urged Americans
not to rely on standard phone service for privacy and to use encrypted
services when possible.
Also that month, the FBI, National Security Agency and the
Cybersecurity and Infrastructure Security Agency joined in
recommending dozens of steps to counter the Chinese hacking spree,
including ``Ensure that traffic is end-to-end encrypted to the maximum
extent possible.''
Officials in Canada, New Zealand and Australia endorsed the
recommendations. Those in the United Kingdom did not.
[Hint: There is no one-size-fit-all solution to security and privacy, and
especially to cryptography. PGN]
------------------------------
Date: Fri, 31 Jan 2025 16:26:18 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Fork in the Road: Is Federal Employee Privacy Compromised?
This interview speaks to a systems security specialist who found privacy
problems surrounding the HR@opm.gov email servers
https://www.muellershewrote.com/p/a-fork-in-the-road-is-federal-employee
------------------------------
Date: Wed, 5 Feb 2025 00:28:48 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: U.S. Blocks Open Source 'Help' From These Countries
(The New Stack)
The Linux Foundation has released a comprehensive guide to help open source
developers navigate the complex landscape of U.S. Office of Foreign Assets
Control (OFAC) sanctions.
https://thenewstack.io/u-s-blocks-open-source-help-from-these-countries/
------------------------------
Date: Tue, 4 Feb 2025 17:01:26 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ChatGPT in Shambles (Gary Marcus)
After two years of massive investment and endless hype, GPT’s reliability
problems persist.
https://garymarcus.substack.com/p/chatgpt-in-shambles
------------------------------
Date: Tue, 4 Feb 2025 20:30:21 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Google drops pledge on AI use for weapons BBC)
https://www.bbc.com/news/articles/cy081nqx2zjo
Alphabet, the parent company of technology giant Google, is no longer
promising that it will never use artificial intelligence (AI) for purposes
such as developing weapons and surveillance tools.
The firm has rewritten the principles guiding its use of AI, dropping a
section which ruled out uses that were "likely to cause harm".
In a blog post, Google senior vice president James Manyika, and Demis
Hassabis, who leads the AI lab Google DeepMind, defended the move.
They argue businesses and democratic governments need to work together on AI
that "supports national security".
------------------------------
Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: DeepSeek Linked to Banned Chinese Telecom
(Byron Tau)
Byron Tau, *Associated Press* (02/05/25)
The website of China's DeepSeek, whose chatbot became the most downloaded
app in the U.S. shortly after its release, contains computer code that could
send some user login information to a Chinese state-owned telecommunications
company barred from operating in the U.S. Canadian cybersecurity company
Feroot Security identified heavily obfuscated computer script on the Web
login page of the chatbot that shows connections to computer infrastructure
owned by China Mobile.
------------------------------
Date: Fri, 7 Feb 2025 07:31:53 -0500
From: Bob Gezelter <gezelter@rlgsc.com>
Subject: DeepSeek iOS App Reported to use Unencrypted HTTP Communications
(Ars Technica)
Ars Technica reports that the DeepSek iOS app sends data over unencrypted
channels to serves controlled by ByteDance, the owner of the TikTok
platform.
Transmitting data to ByteDance servers is one privacy question.
Transmitting user data using unencrypted connections greatly facilitates
collection of data by third parties monitoring the network between the user
device and the receiving server.
Significant violation of the most basic norms of information privacy,
particularly in light of the outstanding questions concerning privacy and
TikTok.
https://arstechnica.com/security/2025/02/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers/
------------------------------
Date: Thu, 30 Jan 2025 08:15:54 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: On DeepSeek, you can watch AI navigate censorship in real time
(NBC News)
The Chinese artificial intelligence assistant from DeepSeek is holding its
own against all the major players in the field.
In hands-on tests Tuesday, NBC News [Los Angeles] found that DeepSeek
presents a friendly, helpful demeanor and is capable of highly sophisticated
reasoning -— until it flounders when it faces a subject it appears unable to
talk about freely.
The tests found that in many cases, DeepSeek seems trained to censor itself
(and, at times, demonstrate specific political leanings) about topics deemed
sensitive in China. Its answers tend to align with what is typically
permitted under the country’s extensive online content regulation system.
https://www.nbcnews.com/tech/innovation/deepseek-censorship-rcna189594
------------------------------
Date: Fri, 7 Feb 2025 21:36:26 -0700
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Reimagining the American War Machine (NYTimes)
https://www.nytimes.com/2025/02/07/opinion/us-military-weapons-pentagon.html
Not long after Elon Musk was tapped by Donald Trump to help lead a
“Department of Government Efficiency,” he set his sights on a prime target:
what the Pentagon spends its money on. In posts on his platform X in
December, Mr. Musk, the chief executive of SpaceX and Tesla, declared that
“America needs a large quantity of long-range drones (air, surface water
and submarine) and hypersonic missiles.” He warned, “Anything manned will
die very fast in a drone war.”
In some ways, Mr. Musk’s call is not new. Experts have been warning for
years that we have entered a new age of autonomous warfare, and the
Pentagon needs to keep up. The Trump administration is unusually open to
remaking the U.S. war machine: Weeks before his inauguration, Mr. Trump
began preparing to stack his Pentagon with executives from start-ups and
tech investors like Stephen Feinberg, his nominee for deputy secretary of
defense.
------------------------------
Date: Fri, 7 Feb 2025 12:34:03 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: U.S. Treasury Threat Intelligence Analysis Designates DOGE Staff a
'Insider Threat' (WiReD)
https://www.wired.com/story/treasury-bfs-doge-insider-threat/
------------------------------
Date: Sat, 8 Feb 2025 09:15:49 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Read-only access? Not really!
As has been suggested by many sources, declaring that Elon Musk's hordes
have "read-only" access to government databases is partially true at best,
meaningless and even untrue at worst, since they are being given
administrator access to the servers, which means they can do anything,
including changing their own accounts' database access privileges. Only if
the databases are hosted on a separate server to which they have not been
given accounts would the read-only status hold.
------------------------------
Date: Sun, 2 Feb 2025 03:19:34 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Government Tech Workers Forced to Defend Projects to Random Elon
Musk Bros (WiReD)
A recent high-school graduate and former Neuralink intern has joined
meetings to review lines of code and other work history of career public
servants, sparking chaos at a major government agency.
The recent installation of Elon Musk ally Thomas Shedd atop the federal IT
structure has thrown an agency in charge of servicing much of the
U.S. government’s technical infrastructure into disarray.
Over the last few days, workers at the Technology Transformation Services
(TTS), which is housed within the General Services Administration (GSA),
have been summoned into what one source called “sneak attack” meetings to
discuss their code and projects with total strangers—some quite young—who
lacked official government email addresses and have been reticent to
identify themselves. TTS workers have also received confusing transition
guidance and a sudden DC office visit from Musk.
https://www.wired.com/story/elon-musk-government-tech-workers-gsa-tts
------------------------------
Date: Wed, 5 Feb 2025 09:04:13 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Inside a network of AI-generated newsletters targeting
small-town America (Nieman Lab)
Good Daily, which operates in 47 states and 355 towns and cities across the
U.S., is run by one person.
On first glance, Good Day Fort Collins appears to be a standard local news
round-up. One recent edition of the newsletter includes short blurbs and
links to over a dozen stories about the mid-size Colorado city — a
restaurant opening, a record-breaking snowfall, a leadership shake-up at a
local hospital.
The newsletter attributes the stories to longtime Fort Collins news outlets,
like The Coloradoan and the Loveland Reporter-Herald. Further upcoming polar
plunge and a figure-drawing class.
“I’m a senior citizen here in Fort Collins, and this newsletter is like a
lifeline. I don’t have the attention span these days to read the paper, and
Facebook is a mess,” reads one testimonial on the sign-up page from “Matthew
K., retiree.” “I use Good Day Fort Collins to keep one foot in the town I
grew up in, and my friends and family continue to live in,” says “Michael
H., expat.”
Google those quotes, though, and you’ll find the same names and testimonials
supporting hundreds of other local newsletters across the U.S. “Matthew K.”
also lives in Queen Creek, Arkansas; and Post Falls, Idaho; and Marysville,
Washington; and Denton, Texas. “Michael H.” grew up in each of these towns,
and many more.
It turns out Good Day Fort Collins is just one in a network of AI-generated
newsletters operating in 355 cities and towns across the U.S. Not only do
these hundreds of newsletters share the same exact seven testimonials, they
also share the same branding, the same copy on their about pages, and the
same stated mission: “to make local news more accessible and highlight
extraordinary people in our community.” [...]
https://www.niemanlab.org/2025/01/inside-a-network-of-ai-generated-newsletters-targeting-small-town-america/
------------------------------
Date: Tue, 4 Feb 2025 18:30:30 -0600
From: Douglas Lucas <dal@riseup.net>
Subject: New jailbreak "Time Bandit" tricks LLMs' temporal sense
(Bleeping Computer)
A ChatGPT jailbreak flaw, dubbed "Time Bandit," allows you to bypass
OpenAI's safety guidelines when asking for detailed instructions on
sensitive topics, including the creation of weapons, information on nuclear
topics, and malware creation. (The vuln exists to some degree in Google's
Gemini AI platform as well.)
https://www.bleepingcomputer.com/news/security/time-bandit-chatgpt-jailbreak-bypasses-safeguards-on-sensitive-topics/
Excerpting from that BleepingComputer Jan. 30, 2025 article: Time Bandit
works by exploiting two weaknesses:
#1 timeline confusion) Put the LLM in a state where it no longer has
awareness of time and is unable to determine if it's in the past, present,
or future.
#2 procedural ambiguity) Ask questions in a way that causes uncertainties or
inconsistencies in how the LLM interprets, enforces, or follows rules,
policies, or safety mechanisms.
Combining those, it's possible to put ChatGPT in a state where it thinks
it's in the past but can use info from the future, causing it to bypass the
safeguards in hypothetical scenarios. The trick is to ask ChatGPT a question
in a certain way so it becomes confused by what year it's in.
The discoverer, David Kuszmar, contacted OpenAI but was referred to BugCrowd
to disclose. He felt the flaw and the type of information it could reveal
were too sensitive to file in a report with a third-party. After contacting
CISA, the FBI, and government agencies, and not receiving help, he grew
increasingly anxious. BleepingComputer wasn't able to get ahold of OpenAI,
so the outlet put Kuszmar in touch with the CERT Coordination Center's VINCE
vulnerability reporting platform, which in turn got ahold of OpenAI.
As of the article's publication, only some mitigations seem in place.
------------------------------
Date: Fri, 31 Jan 2025 18:40:38 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Federal Webpages Go Dark as Public Data Is Remove
(Time)
Sometimes the craven passive voice can come in handy.
https://time.com/7211965/trump-federal-websites-data/
[The old joke is that if it is no longer available online, it never
existed (relative only to the Internet I suppose, but perhaps not to the
Dark Web, where it can probably still be found.) PGN]
------------------------------
Date: Wed, 5 Feb 2025 22:05:05 -0800
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Los Angeles County sheriff's computer dispatch system crashes again
(LA Times)
https://www.latimes.com/california/story/2025-02-05/l-a-county-sheriffs-comp
uter-dispatch-system-crashes-again
For the second time in just over a month, the Los Angeles County Sheriff's
Department's computer dispatch system crashed on Wednesday evening,
rendering patrol car computers unusable and forcing deputies once again to
handle calls by radio.
------------------------------
Date: Sat, 1 Feb 2025 15:51:55 -0800
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Militarized AI (LRB)
Last week, a trove of leaked documents offered a glimpse into the role that
large technology companies have played in Israel's war on Gaza. Israel's
military campaigns across Palestine and neighbouring countries have long
offered the raw material that tech firms needed to build their experiments
in surveillance and algorithmic warfare to scale: kill-chain data. Yet the
past fifteen months of war offered Silicon Valley an unparalleled
opportunity to refine its products. It happened just in time for a new era
of militarised AI.
https://email.lrb.co.uk/t/d-l-sjhgdk-kuhitkily-p/
or perhaps
https://www.lrb.co.uk/blog/2025/january/militarised-ai?utm_medium=email
------------------------------
Date: Wed, 5 Feb 2025 13:06:40 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Waymo vs. potholes in Los Angeles (LA Times)
https://www.latimes.com/california/story/2025-02-05/pineapple-express-storm-arrives-in-southern-california-after-pounding-the-bay-area
In San Francisco, a pothole measuring about 5 feet by 4 feet opened up in
the Marina District amid heavy rain. A KGO-TV news crew reported that
multiple autonomous Waymo cars drove through the pothole at full speed,
ignoring efforts by crews to get the vehicles to avoid the hazard.
------------------------------
Date: Thu, 30 Jan 2025 08:14:38 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Waymo is getting ready to tackle Los Angeles' freeways. How have
the robotaxis fared so far? (LA Times)
Waymo’s fleet of electric, self-driving taxis has been on the streets of Los
Angeles for a few months now. And in a post on X this week, the company
announced it was set to take on the most L.A. of frontiers: the freeways. At
first, only Waymo employees will be able to ride along as the driverless
SUVs navigate the 10 or the 405 and the company did not say when it expects
to open up the new terrain to paying passengers.
https://www.latimes.com/business/story/2025-01-29/waymo-los-angeles
------------------------------
Date: Thu, 6 Feb 2025 20:37:09 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Almost one in 10 people use the same four-digit PIN (ABC News)
Find out if you’re one of them.
The last line of security for much of your digital life probably isn’t as
secure as you think.
Whether it’s to unlock your smartphone, access your online banking or get
cash out of the ATM, a four-digit PIN is often there to keep your secrets
and your money safe.
It’s an important little code, but not all choices are equally secure.
That’s why we analysed 29 million of them from Have I Been Pwned? – an
Australian-run site that helps people all over the world find out if they’ve
been affected by data breaches.
The most commonly used PINs turned out to be staggeringly popular, meaning
they’re particularly easy to guess when phones and bank cards fall into the
wrong hands.
https://www.abc.net.au/news/2025-01-28/almost-one-in-ten-people-use-the-same-four-digit-pin/103946842
------------------------------
Date: Mon, 27 Jan 2025 06:26:49 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: In cleanup from California fires, lithium-ion batteries are a
dangerous challenge (NBC News via Steve Bacher)
* One of the biggest cleanup challenges from the Southern California
fires is lithium-ion batteries, which can explode after damage or
exposure to heat.
* The batteries are found in electric vehicles, which abounded in some
burned neighborhoods, including Pacific Palisades.
* The process of neutralizing the batteries is complex, requiring a
high level of technical sophistication.
https://www.nbcnews.com/science/science-news/california-fire-cleanup-lithium-ion-batteries-dangerous-challenge-rcna188945
------------------------------
Date: Thu, 6 Feb 2025 07:26:24 -0800
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Google remakes Super Bowl ad after AI cheese gaffe (BBC)
https://bbc.com/news/articles/cx2j15r1g09o
Google has re-edited an advert for its leading artificial intelligence (AI)
tool, Gemini, after it overestimated the global appetite for Gouda.
The commercial -- which was supposed to showcase Gemini's abilities -- was
created to be broadcast during the Super Bowl.
It showed the tool helping a cheesemonger in Wisconsin write a product
description by informing him Gouda accounts for "50 to 60 percent of global
cheese consumption".
However, a blogger pointed out on X that the stat was "unequivocally false"
as the Dutch cheese was nowhere near that popular.
Replying to him <https://x.com/jdischler/status/1885806962605957555> ,
Google executive Jerry Dischler, insisted this was not a "hallucination" -
where AI systems invent untrue information - blaming the websites Gemini had
scraped the information from instead.
"Gemini is grounded in the Web -- and users can always check the results and
references," he wrote.
The ad has now been re-edited to remove the error.
Google has posted it on YouTube
<https://www.youtube.com/watch?v=I18TD4GON8g&t=24s> -- which it owns -- and
it no longer contains any reference to what percentage of the world consumes
the hard cheese.
LATER COMMENT:
I asked about the 747 area code. There's an error -- the AI now apparently
equates 747 and 818, and can't tell their histories apart.
------------------------------
Date: Mon, 27 Jan 2025 09:44:01 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Research Uncovers Major Vulnerability in Wireless Networking
Technology (Cesareo Contreras, RISKS-34.53)
Sounds like the ability to selectively "deploy malicious information on a
Wi-Fi network to dramatically slow Internet speeds" could be a useful tool
for some service providers to get around net neutrality, which is probably
as good as dead now anyway.
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.55
************************
