[33590] in RISKS Forum
Risks Digest 34.62
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sun May 11 19:53:28 2025
From: RISKS List Owner <risko@csl.sri.com>
Date: Sun, 11 May 2025 16:54:29 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Sunday 11 May 2025 Volume 34 : Issue 62
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.62>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
The Newark Airport Crisis Started When Controllers Lost Contact With Planes
(NY Mag)
Newark Air Traffic Control Faces Risks (The NY Times)
`Everybody's worst nightmare': Air traffic controllers say outages have
become too frequent (NBC News)
Iberian Electric Grid Blackout 4/28/2025 Grid Engineering Presentation
(YouTube)
Self-Driving Cars Have New Rules in the U.S. Here' Why That Matters
(Scientific American)
Cable Theft in Spain Disrupts Train Travel for Thousands (NY Times)
Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD)
Apple, Meta Fined for Breach of EU Law (Reuters)
Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools
(Frances Vinall)
U.S. Asks Judge to Break Up Google (David McCabe)
North Koreans Use Real-time Deepfakes to Secure Remote Jobs
(Cyber Security News)
Italian Newspaper Gives Free Rein to AI (Crispian Balmer)
FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter)
Ransomware site gets hacked (via Victor Miller)
Airlines Are Collecting Your Data And Selling It To ICE (LeverNews)
Millions of Canadians' health data available for sale to pharmaceutical
industry, study shows (CBC)
Everyone Is Cheating Their Way Through College (NYMag)
DOGE aims to pool federal data, putting personal information at risk
(WashPost)
The leaning tower of arrogance (Lucian Truscott)
Hegseth's Use of Passwords Raises New Security Concerns (NY Times)
DOGE software engineer's computer infected by info-stealing malware
(ArsTechnica)
New Zealand's prime minister proposes social media ban for under-16s
(The Guardian)
Satya Nadella says as much as 30% of Microsoft code is written by AI (CNBC)
Google Plans to Roll Out Gemini AI Chatbot to Children Under 13
(The New York Times)
Hilarious Google AI Overview stupidity, as demonstrated regarding the
film *Our Man Flint* (Lauren Weinstein)
California Supreme Court orders state bar to revert to national
exams after testing debacle (LA Times)
Open-Source projects are being inundated with AI-garbage "bug" reports --
here's one example. (ArsTechnica)
A Staggering Number of Gen Z Think AI Is Already Conscious (via geoff)
After an Arizona man was shot, an AI video of him addresses his killer in
court (NPR)
AT&T ending text to e-mail gateway (via PGN)
Apple, Meta Fined for Breach of EU Law (Reuters)
Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools
(Frances Vinall)
U.S. Asks Judge to Break Up Google (David McCabe)
North Koreans Use Real-time Deepfakes to Secure Remote Jobs
(Cyber Security News)
In 2025, venture capital can't pretend everything is fine any more
(Pivot to AI)
Italian Newspaper Gives Free Rein to AI (Crispian Balmer)
FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter)
Ransomware site gets hacked (via Victor Miller)
Colorado postal worker pleads guilty to rigging 2024 presidential election
(two items from Jim H, The Gateway Pundit)
New Zealand's prime minister proposes social media ban for inder-16s
(The Gurdian)
A Staggering Number of Gen Z Think AI Is Already Conscious
(via geoff goodfellow)
After an Arizona man was shot, an AI video of him addresses his killer in
court (NPR)
School boards hit with ransom demands linked to PowerSchool cyberattack
(Matthew Kruk)
UnitedHealth's Move to End Cyberattack Loan Lifeline Upsets Medical
Providers (The New York Times)
Ransomware site gets hacked (via Victor Miller)
Anthropic CEO Admits We Have No Idea How AI Works (Futurism)
Next time you're loading nuclear weapons ... (YouTube via Lauren Weinstein))
Voice clones pose an 'existential crisis' for actors: 'It's a violation of
our humanity' (LA Times)
Van freed after being trapped in car park for more than two years (BBC)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 6 May 2025 22:44:35 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: The Newark Airport Crisis Started When Controllers Lost Contact
With Planes (NY Mag)
The reason for the delays at Newark airport are worse than you thought.
Last Monday, the air-traffic controllers union stated that they lost all
contact with planes flying into Newark.
Since last Monday [28 May 2025], Newark Liberty Airport has been a mess,
with as many as 30 percent of flights delayed and 10 percent canceled each
day. The acute problem was reported by the press as a walkout among a group
of air-traffic controllers who stopped working over the weekend due to
chronic labor shortages faced in the industry. One air-traffic controller
told MSNBC that it was “not safe to fly” into the nation’s 12th-busiest
airport.
A week later, the real cause for the delays —- and that controller’s
alarm -— became known. [...]
https://nymag.com/intelligencer/article/newark-airport-lost-contact-with-incoming-planes-last-monday.html
EARLIER ITEM: The breakdown that resulted in air traffic controllers losing
communications with the pilots of planes they were guiding into Newark
International Airport has happened at least two other times since August
2024, a current veteran controller told NBC News.
https://www.nbcnews.com/news/us-news/newark-air-traffic-control-lost-contact-pilots-least-twice-source-says-rcna205126
------------------------------
Date: Wed, 7 May 2025 20:36:31 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: Newark Air Traffic Control Faces Risks (The NY Times)
Newark airport in New Jersey is very busy. People arrive in the New York
City metro at large capacity airports JFK, La Guardia and Newark. All are
connected to the NYC subway and other ground transportation systems.
Newark is having technical and people management problems, resulting in
serious stress on the air traffic controllers and severe safety incidents.
It is a life-safety risk, thankfully no loss of life to date from the
system failures.
"On a recent afternoon in Philadelphia, an air traffic controller began
shouting that he had lost his radar feed for planes flying in and out of
Newark Liberty International Airport. Some of his colleagues still had
radar but their radios went dead, prompting frantic calls to their
counterparts in New York urging them to keep their planes away from Newark's
airspace.
Then, for 30 harrowing seconds until the radios came back, there was nothing
more to do but hope -- as they had no means of telling pilots how to avoid
crashing their planes into one another.
Shortly after that, one controller discovered a trainee, who had been
directing Newark traffic under supervision just moments earlier, shaking in
the hallway."
(Article continues...)
https://www.nytimes.com/2025/05/07/us/politics/newark-airport-delays.html?unlocked_article_code=1.Fk8.UbbZ.muh2c0UQhb_f&smid=url-share
------------------------------
Date: Thu, 8 May 2025 06:39:45 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: `Everybody's worst nightmare': Air traffic controllers say outages
have become too frequent (NBC News)
(The latest update on the Newark story. This one contains lots of detail.)
Days after an equipment malfunction left planes flying blind over Newark
airport, worried pilots and air traffic controllers are imploring the FAA to
fix aging infrastructure.
https://www.nbcnews.com/news/us-news/air-traffic-controllers-say-outages-become-frequent-rcna205418
------------------------------
Date: Sat, 10 May 2025 10:10:04 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: Iberian Electric Grid Blackout 4/28/2025 Grid Engineering
Presentation (YouTube)
The electric grid is a complex system to deliver an invisible commodity
just in time between generators and each individual load, safely and
reliably. My interests include the grid operator interface, control
systems, markets, and the internal culture.
If the generation is greater than the load, the 50 or 60Hz frequency
increases, if the generation is less than the load the frequency decreases.
If the frequency is too high, or low, the generators disconnect themselves
to prevent mechanical damage. The control systems also manage Voltage, and
the relative phase of the Voltage and current.
The real time operators watch over nested layers of distributed control
systems and have preplanned processes to bring the system back to
stability. If generators begin to take themselves offline, that can lead to
a cascading loss of more generators until the grid goes dark, or divides
into dark and operating islands.
Once the grid goes dark, the operators have preplanned processes to open
switches to make the dark areas into islands. Then the black start
generators are turned on as each island is energized, in exact balance of
load and generation.
Operators train on black start, generation control, failure response, and
planned maintenance switching on grid simulators. It has similarities to
airplane pilot training.
On Monday April 28, there was a large grid blackout. The grid is
instrumented with the state of every switch, loads, and generator
performance, and sub-second data from synchrophasors, so the data on what
happened is there to be analyzed. It is like a much, much, more detailed
flight data recorder.
Risks readers may enjoy this early readout on what is known so far in very
technical grid terminology. It is a good look into the culture of the grid.
The electricity system is a local monopoly. The result is that there is
continuous cooperation to improve it, rather than competition found in
other industries.
https://www.youtube.com/watch?v=LNStOXAsiDo
------------------------------
Date: Sat, 03 May 2025 00:28:19 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Self-Driving Cars Have New Rules in the U.S. Here' Why That Matters
(Scientific American)
https://www.scientificamerican.com/article/self-driving-cars-have-new-rules-in-the-u-s-heres-why-that-matters/
Diminished reporting requirements entrenches corporate accountability
avoidance for minor accidents and injuries. Sunshine is the best
disinfectant.
------------------------------
Date: Mon, 5 May 2025 07:33:16 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: Cable Theft in Spain Disrupts Train Travel for Thousands (NY Times)
More than 10,000 people were left stranded in Spain after cable thefts along
a train route and a technical issue disrupted high-speed rail travel on
Sunday and Monday, officials said.
It was the latest ordeal for Spain, which is still reeling from a power
outage last week, one of the worst in recent European history. The cause of
the blackout remains unclear.
<https://www.nytimes.com/2025/04/30/world/europe/power-outage-spain-portugal-cause.html>
Oscar Puente, the transport minister, called the thefts a "serious act of
sabotage" in a social media post
<https://x.com/oscar_puente_/status/1919117678285078722> .
Mr. Puente said that the Spanish national police force was investigating
thefts at five locations
<https://x.com/oscar_puente_/status/1919314642381287878> on the line between
Madrid and Seville. He said those were partly responsible for widespread
travel interruptions on Sunday, which is observed as Mother's Day in Spain.
It was unclear who had stolen the cables, and why, but Mr. Puente described
the episode as a theft of "low-value cable" most likely meant to cause
havoc.
------------------------------
Date: Sat, 10 May 2025 07:13:52 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD)
Amazingly, reaction times using screens while driving are worse than being
drunk or high—no wonder 90 percent of drivers hate using touchscreens in
cars. Finally the auto industry is coming to its senses.
https://www.wired.com/story/why-car-brands-are-finally-switching-back-to-buttons/
(Another rare piece of good news reducing risks.)
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Apple, Meta Fined for Breach of EU Law (Reuters)
Foo Yun Chee and Jan Strupczewski, Reuters (04/23/25). via ACM TechNews
The European Commission on Wednesday fined Apple 500 million euros (US$568
million) and fined Meta 200 million euros (US$227 million) in its first
sanctions under the Digital Markets Act (DMA). The EC said Apple must remove
restrictions that prevent app developers from steering users to cheaper
deals outside the App Store, and that Meta's binary pay-or-consent model
breached the DMA.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools
(Frances Vinall)
The Washington Post (04/22/25) Frances Vinall
A draft circulated by the White House to several federal agencies on Monday
suggests U.S. President Trump is considering an executive order that would
create a policy integrating AI into K-12 schools. Under the draft executive
order, federal agencies would be instructed to take steps to train students
in using AI and to incorporate it into teaching-related tasks. The agencies
would also be asked to partner with the private sector to develop relevant
programs in schools.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. Asks Judge to Break Up Google (David McCabe)
David McCabe, The New York Times (04/21/25)
The U.S. Department of Justice on Monday said the best way to address
Google's monopoly in Internet search was to force it to sell its Chrome Web
browser. Judge Amit P. Mehta of the U.S. District Court for D.C. ruled in
August that Google had broken antitrust laws to maintain its dominance in
online search. He is now hearing arguments from the government and the
company over how to best fix Google's monopoly and is expected to order
"remedies" by the end of the summer.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: North Koreans Use Real-time Deepfakes to Secure Remote Jobs
(Cyber Security News)
Tushar Subhra Dutta, Cyber Security News (04/21/25)
Researchers at Palo Alto Networks' Unit 42 found North Korean threat actors
are shifting from the use of static fake profiles and stolen credentials to
real-time deepfake technology to secure remote IT jobs at companies across
the globe. The technology could enable a single threat actor to interview
for the same position several times through the use of multiple synthetic
personas.
------------------------------
Date: Sat, 3 May 2025 15:49:37 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: In 2025, venture capital can't pretend everything is fine any more
(Pivot to AI)
Venture capital is screwed. A bubble in AI is their last hope, and they’re
betting everything on Sam Altman. It’s heartwarming.
https://pivot-to-ai.com/2025/05/03/in-2025-venture-capital-cant-pretend-everything-is-fine-any-more/
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Italian Newspaper Gives Free Rein to AI (Crispian Balmer)
Crispian Balmer, Reuters (04/18/25), via ACM TechNews
Claudio Cerasa, editor of Italian newspaper Il Foglio, said a four-page
daily insert written entirely by mAI and sold with the normal newspaper over
a one-month span led to increased sales, prompting it to publish a separate
weekly section written by AI. Cerasa said AI would not replace journalists
in his newsroom and praised the AI program's sense of irony and ability to
produce insightful book reviews within minutes, but added that the program
lacked critical thinking and occasionally generated content with factual
errors.
------------------------------
Date: Fri, 25 Apr 2025 11:56:22 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: FBI Says Cybercrime Costs Surpassed $16 Billion in 2024
(Raphael Satter)
Raphael Satter, Reuters (04/23/25), via ACM TechNews
The Internet Crime Complaint Center of the U.S. Federal Bureau of
Investigation (FBI) said global cybercrime costs topped $16 billion in 2024,
up a third from the prior year. Low-tech, tech support, and romance scams
accounted for much of the losses, according to an FBI report based on almost
860,000 complaints, most from the U.S. The FBI noted that its calculations
were incomplete, especially regarding ransomware.
[Just a thought: Would better hardware and software that are more
trustworthy help reduce the cost? Probably, but nothing is ever perfect,
and even wonderful security is easily misused. PGN]
------------------------------
Date: Fri, 9 May 2025 15:20:08 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Ransomware site gets hacked
https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link
------------------------------
Date: Fri, 9 May 2025 15:15:40 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Airlines Are Collecting Your Data And Selling It To ICE (LeverNews)
https://www.levernews.com/airlines-are-collecting-your-data-and-selling-it-to-ice/
An aviation industry clearinghouse is collecting passenger information from
billions of past and future flights and selling it to Trump's immigration
enforcers.
A massive aviation industry clearinghouse that processes data for 12-billion
passenger flights per year is selling that information to the Trump
administration amid the White House's new immigration crackdown, according
to documents reviewed by The Lever.
The data -- including full flight itineraries, passenger name records, and
financial details, which are otherwise difficult or impossible to obtain for
past and future flights -- is fed into a secretive government intelligence
operation called the Travel Intelligence Program and provided to Immigration
and Customs Enforcement (ICE) and other federal agencies, records reveal.
Details of this program were outlined in procurement documents released
Wednesday by ICE, which is a division of the Department of Homeland
Security.
------------------------------
Date: Fri, 9 May 2025 06:32:50 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Millions of Canadians' health data available for sale to
pharmaceutical industry, study shows (CBC)
https://www.cbc.ca/news/health/health-data-records-pharmaceutical-private-clinics-1.7529955
Going to the doctor can involve sharing your most personal information,
including details about your health, medical history and prescriptions.
It all ends up in your medical record -- but a new study by researchers at
Women's College Hospital in Toronto found that in some cases, private
companies are accessing parts of that data and selling it to pharmaceutical
companies.
------------------------------
Date: Thu, 8 May 2025 15:38:18 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Everyone Is Cheating Their Way Through College (NY Mag)
(Long read but worth it.)
In only two years, ChatGPT and the surge of AI-generated cheating from
college students it has created have unraveled the entire academic project.
https://nymag.com/intelligencer/article/openai-chatgpt-ai-cheating-education-college-students-school.html
[As we have often suggested here, individualized education is worth its
weight in gold [medals? The same is true for health care and many other
disciplines. PGN.]
------------------------------
Date: Wed, 7 May 2025 16:30:32 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: DOGE aims to pool federal data, putting personal information at risk
(WashPost)
The goal -- a centralized system with unprecedented access to data about
Social Security, taxes, medical diagnoses and other private information --
would create a multitude of vulnerabilities, experts say.
The U.S. DOGE Service is racing to build a single centralized database with
vast troves of personal information about millions of U.S. citizens and
residents, a campaign that often violates or disregards core privacy and
security protections meant to keep such information safe, government workers
say.
The team overseen by Elon Musk is collecting data from across the
government, sometimes at the urging of low-level aides, according to
multiple federal employees and a former DOGE staffer, who all spoke on the
condition of anonymity for fear of reprisals. The intensifying effort to
unify systems into one central hub aims to advance multiple Trump
administration priorities, including finding and deporting undocumented
immigrants and rooting out fraud in government payments. And it follows a
March executive order to eliminate "information silos" as DOGE tries to
streamline operations and cut spending.
At several agencies, DOGE officials have sought to merge databases that had
long been kept separate, federal workers said. For example, longtime Musk
lieutenant Steve Davis told staffers at the Social Security Administration
that they would soon start linking various sources of Social Security data
for access and analysis, according to a person briefed on the conversations,
with a goal of "joining all data across government." Davis did not respond
to a request for comment.
https://www.washingtonpost.com/business/2025/05/07/doge-government-data-immigration-social-security/
------------------------------
Date: Sun, 4 May 2025 23:06:03 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The leaning tower of arrogance (Lucian Truscott)
Well, that didn't take long. An enterprising hacker has already penetrated
whatever security that supposedly protected the third-party communications
app used by Mike Waltz to send text messages on Signal to the Secretary of
State, the Vice President and the Director of National Intelligence during
the White House cabinet meeting last week. The hack was reported earlier
today by 404 Media, the new journalism website covering cybersecurity, the
intelligence and surveillance business, and other topics involving the
rapidly changing terrain of the tech industry.
https://luciantruscott.substack.com/p/the-leaning-tower-of-arrogance
------------------------------
Date: Wed, 7 May 2025 15:36:09 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Hegseth's Use of Passwords Raises New Security Concerns (NY Times)
Some of the passwords that Defense Secretary Pete Hegseth used to register
for websites were exposed in cyberattacks on those sites and are available
on the Internet, raising new questions about his use of personal devices to
communicate military information.
Mr. Hegseth did not appear to use those passwords for sensitive accounts,
like banking. But at least one password appears to have been used multiple
times for different personal email accounts maintained by Mr. Hegseth. If
hackers gain access to email accounts, they can often reset other passwords.
Like many Americans, Mr. Hegseth appears to have reused passwords to
remember them more easily. At least one of them is, or was, a simple,
lower-case alphanumeric combination of letters followed by numbers,
potentially representing initials and a date. The same password was leaked
in two separate breaches of personal email accounts, one in 2017 and
another in 2018.
https://www.nytimes.com/2025/05/07/us/politics/hegseth-phone-security.html
[Longer version submitted by Jim Geissman. PGN]
------------------------------
Date: Fri, 9 May 2025 07:04:09 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: DOGE software engineer's computer infected by info-stealing malware
(ArsTechnica)
Login credentials belonging to an employee at both the Cybersecurity and
Infrastructure Security Agency and the Department of Government Efficiency
have appeared in multiple public leaks from info-stealer malware, a strong
indication that devices belonging to him have been hacked in recent years.
Kyle Schutt is a 30-something-year-old software engineer who, according to
<https://www.dropsitenews.com/p/doge-fema-funding-access-social-security-num
bers> Dropsite News, gained access in February 2025 to a "core financial
management system" belonging to the Federal Emergency Management Agency. As
an employee of DOGE, Schutt accessed FEMA's proprietary software for
managing both disaster and non-disaster funding grants. Under his role at
CISA, he likely is privy to sensitive information regarding the security of
civilian federal government networks and critical infrastructure throughout
the U.S.
A steady stream of published credentials
According to journalist Micah Lee
<https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/> , user names and passwords for logging in
to various accounts belonging to Schutt have been published at least four
times since 2023 in logs from stealer malware. Stealer malware typically
infects devices through trojanized apps, phishing, or software exploits.
Besides pilfering login credentials, stealers can also log all keystrokes
and capture or record screen output. The data is then sent to the attacker
and, occasionally after that, can make its way into public credential dumps.
https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
------------------------------
Date: Mon, 5 May 2025 20:44:19 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: New Zealand's prime minister proposes social media ban for
under-16s (The Guardian)
The draft bill is modeled on Australian laws and would force digital
platforms to verify the age of users or face heavy fines
New Zealand's prime minister has proposed banning children under 16 years
old from using social media, in an effort to protect young people from harms
account, or face fines of up to NZ$2m ($1.2m).
While good things could come from social media, it was not always a safe
place for young people and the onus was on tech companies to be socially
responsible, Luxon said.
"This is about protecting our children. It's about making sure social media
companies are playing their role in keeping our kids safe," Luxon said.
Teachers and parents had raised issues with him including cyberbullying,
exposure to violent and inappropriate content, exploitation and social media
addiction.
"Parents are constantly telling us that they are really worried about the
impact that social media is having on their children," Luxon said. "And they
say they are really struggling to manage access to social media."
The author of the bill, National MP Catherine Wedd, said there are no
legally enforceable age verification measures for social media platforms in
New Zealand and her bill would better support families to have oversight of
their children's online use.
The Guardian 5 May 2025
------------------------------
Date: Wed, 30 Apr 2025 08:50:41 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: Satya Nadella says as much as 30% of Microsoft code is written by
AI (CNBC)
https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-as-30percent-of-microsoft-code-is-written-by-ai.html=20
[When will AI-generated code be memory-safe? Perhaps when
evidence-based AI arrives in the next century? PGN]
------------------------------
Date: Sun, 4 May 2025 02:13:20 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Google Plans to Roll Out Gemini AI Chatbot to Children Under 13
(The New York Times)
The tech giant said it would make its Gemini chatbot available to children
next week, and warned families in an email about the changes.
Google plans to roll out its Gemini artificial intelligence chatbot next
week for children under 13 who have parent-managed Google accounts, as tech
companies vie to attract young users with AI products.
“Gemini Apps will soon be available for your child,” the company said in an
email this week to the parent of an 8-year-old. “That means your child will
be able to use Gemini” to ask questions, get homework help and make up
stories.
The chatbot will be available to children whose parents use Family Link, a
Google service that enables families to set up Gmail and opt into services
like YouTube for their child. To sign up for a child account, parents
provide the tech company with personal data like their child’s name and
birth date.
Gemini has specific guardrails for younger users to hinder the chatbot from
producing certain unsafe content, said Karl Ryan, a Google spokesman. When a
child with a Family Link account uses Gemini, he added, the company will not
use that data to train its A.I.
Introducing Gemini for children could accelerate the use of chatbots among a
vulnerable population as schools, colleges, companies and others grapple
with the effects of popular generative AI technologies. Trained on huge
amounts of data, these systems can produce humanlike text and
realistic-looking images and videos.
Google and other AI chatbot developers are locked in a fierce competition to
capture young users. President Trump recently urged schools to adopt the
tools for teaching and learning. Millions of teenagers are already using
chatbots as study aids, writing coaches and virtual companions. Children’s
groups warn the chatbots could pose serious risks to child safety. The bots
also sometimes make stuff up.
https://www.nytimes.com/2025/05/02/technology/google-gemini-ai-chatbot-kids.html?smid=nytcore-ios-share&referringSource=articleShare
[Maybe we need a department of education again? PGN]
------------------------------
Date: Sat, 3 May 2025 17:56:22 -0700
From: Lauren Weinstein <lauren@vortex.com>
To: nnsquad-dist@vortex.com
Subject: Hilarious Google AI Overview stupidity, as demonstrated regarding
the film *Our Man Flint*
In the classic 1966 James Bond parody "Our Man Flint" starring James
Coburn, the following exchange takes place between the debonair Flint
and intelligence agency head Cramden:
Cramden: Your code book.
Flint: If you don't mind, sir, I'd prefer to use my own personal code.
Cramden: I'd much rather you use the government code.
Flint: I already know mine, sir. It's a mathematical progression,
40-26-36. It's based on ...
Cramden: I can imagine what it's based on.
A cab driver in France later makes the same statement, when Flint
describes those three numbers as being the basis of his "lottery
system".
Yes, we can imagine what it's based on -- because, well, we're human
beings.
Now, what happens if you ask Google Search about this? What does the
Google Brain AI Overview have to say about why Flint has based his
code on those particular three numbers?
Hilariously, Google AI makes up convoluted and 100% wrong sets of
conclusions, having absolutely nothing to do with reality. It doesn't
have a damned clue, so it just makes up nonsense.
THIS is the fundamental flaw in the entire Big Tech generative AI scam!
bonus! How many fingers and toes?
[I kept this separate: Note in the answers referenced previously, how many
fingers and toes Google AI thinks humans have total on their bodies? 40!
Yup. Dumber than a brick. -L]
------------------------------
Date: Sun, 4 May 2025 07:07:41 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: California Supreme Court orders state bar to revert to national
exams after testing debacle (LA Times)
The State Bar of California announced Friday that its embattled leader, who
has faced growing pressure to resign over the botched February roll out of a
new bar exam, will step down in July.
https://www.latimes.com/california/story/2025-05-02/california-state-bar-leader-to-step-down-after-exam-fiasco
(This is an update on the ongoing story of using AI to generate bar exam
questions.)
------------------------------
Date: Wed, 7 May 2025 09:58:04 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Open-Source projects are being inundated with AI-garbage "bug"
reports -- here's one example.
https://arstechnica.com/gadgets/2025/05/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
------------------------------
Date: Sat, 10 May 2025 12:42:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: A Staggering Number of Gen Z Think AI Is Already Conscious
*Do they... know something we don't?*
Generation Z, or the cohort of people born between 1997 and 2012, has a
very weird relationship with artificial intelligence.
In the latest sign of just how strange things are getting, a new study by
the paper-writing service EduBirdie found, upon asking 2,000 Gen Z-ers a
battery of questions about AI, that a quarter believe the technology is
"already conscious."
What's more, 52 percent -- or more than half of the respondents -- think AI
is not yet conscious but will become so in the years to come. Plus a
whopping 58 percent of the Zoomers surveyed said they think the technology
will "take over" the world, and 44 percent said they believe that takeover
could happen within the next 20 years.
------------------------------
Date: Sat, 10 May 2025 12:35:13 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: After an Arizona man was shot, an AI video of him addresses his
killer in court (NPR)
For two years, Stacey Wales kept a running list of everything she would say
at the sentencing hearing for the man who killed her brother in a road rage
incident in Chandler, Ariz.
But when she finally sat down to write her statement, Wales was stuck. She
struggled to find the right words, but one voice was clear: her brother's.
"I couldn't help hear his voice in my head of what he would say," Wales
told NPR.
That's when the idea came to her: to use artificial intelligence to
generate a video of how her late brother, Christopher Pelkey, would address
the courtroom and specifically the man who fatally shot him at a red light
in 2021.
On Thursday, Wales stood before the court and played the video -- in what AI
experts say is likely the first time the technology has been used in the
U.S. to create an impact statement read by an AI rendering of the deceased
victim... [...]
https://www.npr.org/2025/05/07/g-s1-6464/ai-impact-statement-murder-victim
[Also noted by Matthew Kruk. PGN]
------------------------------
Date: Sat, 10 May 2025 07:13:52 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD)
Amazingly, reaction times using screens while driving are worse than being
drunk or high—no wonder 90 percent of drivers hate using touchscreens in
cars. Finally the auto industry is coming to its senses.
https://www.wired.com/story/why-car-brands-are-finally-switching-back-to-buttons/
(Another rare piece of good news reducing risks.)
------------------------------
Date: Sat, 19 Apr 2025 17:03:38 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: AT&T ending text to e-mail gateway
https://www.att.com/support/article/wireless/KM1061254/
What to know
On June 17, 2025, our email-to-text and text-to-email service is
going away. This means you wont be able to use email to send or
receive texts. Also, others who have AT&T WirelessSM wont be able
to use email to send you a text or use text to send you an email.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Apple, Meta Fined for Breach of EU Law (Reuters)
Foo Yun Chee and Jan Strupczewski, Reuters (04/23/25). via ACM TechNews
The European Commission on Wednesday fined Apple 500 million euros (US$568
million) and fined Meta 200 million euros (US$227 million) in its first
sanctions under the Digital Markets Act (DMA). The EC said Apple must remove
restrictions that prevent app developers from steering users to cheaper
deals outside the App Store, and that Meta's binary pay-or-consent model
breached the DMA.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools
(Frances Vinall)
The Washington Post (04/22/25) Frances Vinall
A draft circulated by the White House to several federal agencies on Monday
suggests U.S. President Trump is considering an executive order that would
create a policy integrating AI into K-12 schools. Under the draft executive
order, federal agencies would be instructed to take steps to train students
in using AI and to incorporate it into teaching-related tasks. The agencies
would also be asked to partner with the private sector to develop relevant
programs in schools.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. Asks Judge to Break Up Google (David McCabe)
David McCabe, The New York Times (04/21/25)
The U.S. Department of Justice on Monday said the best way to address
Google's monopoly in Internet search was to force it to sell its Chrome Web
browser. Judge Amit P. Mehta of the U.S. District Court for D.C. ruled in
August that Google had broken antitrust laws to maintain its dominance in
online search. He is now hearing arguments from the government and the
company over how to best fix Google's monopoly and is expected to order
"remedies" by the end of the summer.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: North Koreans Use Real-time Deepfakes to Secure Remote Jobs
(Cyber Security News)
Tushar Subhra Dutta, Cyber Security News (04/21/25)
Researchers at Palo Alto Networks' Unit 42 found North Korean threat actors
are shifting from the use of static fake profiles and stolen credentials to
real-time deepfake technology to secure remote IT jobs at companies across
the globe. The technology could enable a single threat actor to interview
for the same position several times through the use of multiple synthetic
personas.
------------------------------
Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Italian Newspaper Gives Free Rein to AI (Crispian Balmer)
Crispian Balmer, Reuters (04/18/25), via ACM TechNews
Claudio Cerasa, editor of Italian newspaper Il Foglio, said a four-page
daily insert written entirely by mAI and sold with the normal newspaper over
a one-month span led to increased sales, prompting it to publish a separate
weekly section written by AI. Cerasa said AI would not replace journalists
in his newsroom and praised the AI program's sense of irony and ability to
produce insightful book reviews within minutes, but added that the program
lacked critical thinking and occasionally generated content with factual
errors.
------------------------------
Date: Fri, 25 Apr 2025 11:56:22 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: FBI Says Cybercrime Costs Surpassed $16 Billion in 2024
(Raphael Satter)
Raphael Satter, Reuters (04/23/25), via ACM TechNews
The Internet Crime Complaint Center of the U.S. Federal Bureau of
Investigation (FBI) said global cybercrime costs topped $16 billion in 2024,
up a third from the prior year. Low-tech, tech support, and romance scams
accounted for much of the losses, according to an FBI report based on almost
860,000 complaints, most from the U.S. The FBI noted that its calculations
were incomplete, especially regarding ransomware.
[Just a thought: Would better hardware and software that are more
trustworthy help reduce the cost? Probably, but nothing is ever perfect,
and even wonderful security is easily misused. PGN]
------------------------------
Date: Fri, 9 May 2025 15:20:08 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Ransomware site gets hacked
https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link
------------------------------
Date: 8 May 2025
From: geoff goodfellow's cell phone
Subject: Colorado postal worker pleads guilty to rigging 2024 presidential election
(Jim H, The Gateway Pundit)
https://www.thegatewaypundit.com/2025/05/colorado-postal-worker-pleads-guilty-rigging-2024-presidential/
59-year-old Sally Jane Maxedon and 64-year-old Vicki Lyn Stuart
were arrested on 6 Nov 2024, accused of stealing Mesa County Ballots.
A former U.S. Postal Service employee from Mesa County, Colorado, has
admitted to stealing and fraudulently casting mail-in ballots during the
2024 presidential election. Vicki Stuart, 64, entered a guilty plea on 5
May 2025 to charges of identity theft and forgery.
The charges stem from a scheme in which Stuart, along with her associate,
Sally Jane Maxedon, intercepted mail-in ballots intended for voters, forged
signatures, and submitted them as legitimate votes.
The duo claimed their actions were intended to test the state’s signature
verification system.
[Geoff also sent another item in the same text:]
Patty McMurray: SEVEN DETROIT RESIDENTS and a Pastor Appear Before MI
House Election Integrity Committee to Reveal Shocking First-hand
Testimonhy about Massive Election Stealing Scheme (video) [256 comments]
------------------------------
Date: Mon, 5 May 2025 20:44:19 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: New Zealand's prime minister proposes social media ban for under-16s
(The Guardian)
The draft bill is modeled on Australian laws and would force digital
platforms to verify the age of users or face heavy fines
New Zealand's prime minister has proposed banning children under 16 years
old from using social media, in an effort to protect young people from harms
account, or face fines of up to NZ$2m ($1.2m).
While good things could come from social media, it was not always a safe
place for young people and the onus was on tech companies to be socially
responsible, Luxon said.
"This is about protecting our children. It's about making sure social media
companies are playing their role in keeping our kids safe," Luxon said.
Teachers and parents had raised issues with him including cyberbullying,
exposure to violent and inappropriate content, exploitation and social media
addiction.
"Parents are constantly telling us that they are really worried about the
impact that social media is having on their children," Luxon said. "And they
say they are really struggling to manage access to social media."
The author of the bill, National MP Catherine Wedd, said there are no
legally enforceable age verification measures for social media platforms in
New Zealand and her bill would better support families to have oversight of
their children's online use.
The Guardian 5 May 2025
------------------------------
Date: Sat, 10 May 2025 12:42:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: A Staggering Number of Gen Z Think AI Is Already Conscious
*Do they... know something we don't?*
Generation Z, or the cohort of people born between 1997 and 2012, has a
very weird relationship with artificial intelligence.
p
In the latest sign of just how strange things are getting, a new study by
the paper-writing service EduBirdie found, upon asking 2,000 Gen Z-ers a
battery of questions about AI, that a quarter believe the technology is
"already conscious."
What's more, 52 percent -- or more than half of the respondents -- think AI
is not yet conscious but will become so in the years to come. Plus a
whopping 58 percent of the Zoomers surveyed said they think the technology
will "take over" the world, and 44 percent said they believe that takeover
could happen within the next 20 years.
------------------------------
Date: Sat, 10 May 2025 12:35:13 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: After an Arizona man was shot, an AI video of him addresses his
killer in court (NPR)
https://www.npr.org/2025/05/07/g-s1-64640/ai-impact-statement-murder-victim
For two years, Stacey Wales kept a running list of everything she would say
at the sentencing hearing for the man who killed her brother in a road rage
incident in Chandler, Ariz.
But when she finally sat down to write her statement, Wales was stuck. She
struggled to find the right words, but one voice was clear: her brother's.
"I couldn't help hear his voice in my head of what he would say," Wales
told NPR.
That's when the idea came to her: to use artificial intelligence to
generate a video of how her late brother, Christopher Pelkey, would address
the courtroom and specifically the man who fatally shot him at a red light
in 2021.
On Thursday, Wales stood before the court and played the video -- in what AI
experts say is likely the first time the technology has been used in the
U.S. to create an impact statement read by an AI rendering of the deceased
victim. [...]
https://www.npr.org/2025/05/07/g-s1-64640/ai-impact-statement-murder-victim
------------------------------
Date: Wed, 7 May 2025 21:36:36 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: School boards hit with ransom demands linked to PowerSchool cyberattack
Canada's largest school board and others across North America have received
ransom demands connected to the massive PowerSchool cybersecurity breach
that hit during the winter break -- this after the company paid hackers a
ransom to delete the stolen data.
Despite assurances that the data was deleted, it turns out that's not the
case, the Toronto District School Board (TDSB) said Wednesday.
The board said in an email to families on Wednesday it had received a
ransom demand "from a threat actor" using data from the December 2024
breach.
------------------------------
Date: Mon, 5 May 2025 13:39:15 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: UnitedHealth's Move to End Cyberattack Loan Lifeline Upsets Medical
Providers (The New York Times)
The company lent roughly $9 billion to practices affected by a vast
cyberattack on its payment systems last year. Medical practices are now
suing the health care colossus, saying it is pressuring them to repay funds.
https://www.nytimes.com/2025/05/05/health/unitedhealth-cyberattack-loans-lawsuits.html
------------------------------
Date: Fri, 9 May 2025 15:20:08 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Ransomware site gets hacked
https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link
------------------------------
Date: Sat, 10 May 2025 12:45:48 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Anthropic CEO Admits We Have No Idea How AI Works (Futurism)
The CEO of one of the world's leading artificial intelligence labs just
said the quiet part out loud: that nobody really knows how AI works.
In an essay published to his personal website, Anthropic CEO Dario Amodei
announced plans to create a robust "MRI on AI" within the next decade. The
goal is not only to figure out what makes the technology tick, but also to
head off any unforeseen dangers associated with what he says remains its
currently enigmatic nature.
"When a generative AI system does something, like summarize a financial
document, we have no idea, at a specific or precise level, why it makes the
choices it does -- why it chooses certain words over others, or why it
occasionally makes a mistake despite usually being accurate," the Anthropic
CEO admitted.
On its face, it's surprising to folks outside of AI world to learn that the
people building these ever-advancing technologies "do not understand how our
own AI creations work," he continued -- and anyone alarmed by that ignorance
is "right to be concerned."
But on another level, maybe it isn't; all the image and text generators that
have exploded in popularity over the last few years work under the same
principle of feeding in a gigantic pile of data and letting statistical
systems mine it for patterns that can be reproduced. The whole thing is
driven by ingested human creative works, not from first principles of
machine intelligence.
"This lack of understanding," Amodei wrote, "is essentially unprecedented in
the history of technology." In Amodei's telling, that ignorance about how
AI works and what unforeseen risks it may pose is a driving factor behind
Anthropic.
In late 2020, the CEO and his sister Daniela left OpenAI amid concerns about
the Sam Altman-run company's safety practices and in particular, that it was
casting aside those concerns in pursuit of profit. The Amoideis and five
other ex-OpenAI-ers founded Anthropic the next year to work on building
safer AI -- and part of that work seems to have been focused on figuring
out the technology's nuts and bolts. [...]
https://futurism.com/anthropic-ceo-admits-ai-ignorance
------------------------------
Date: Fri, 9 May 2025 21:00:31 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Next time you're loading nuclear weapons ... (YouTube)
https://www.youtube.com/watch?v=Sj4tEj5aV7c
Next time you're loading nuclear weapons ...
If I've told you guys once I've told you a hundred times! When you're
going to load nuclear weapons onto planes, PLEASE follow the official
procedures and not some idiotic hallucinatory instructions from Google
Gemini AI or other generative AI systems. C'mon, this is just common
sense! -L
------------------------------
Date: Sat, 10 May 2025 08:02:38 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Voice clones pose an 'existential crisis' for actors: 'It's a
violation of our humanity' (LA Times)
Nearly a dozen voice actors interviewed ... said voice replication
technology is reducing paid job opportunities and stripping them of their
agency. Many found their voices cloned without their consent, knowledge or
compensation.
https://www.latimes.com/entertainment-arts/story/2025-03-24/ai-voice-clones-replication-voice-actors-job-loss-siri-tiktok
------------------------------
Date: Fri, 25 Apr 2025 19:36:24 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Van freed after being trapped in car park for more than two years
(BBC)
It is thought up to 40 vehicles were left trapped in a car park stack since
December 2022.
A family business has regained its van after it was trapped in a central
London car park for nearly two and a half years.
Steve Davies and Mark Lucas collected the vehicle from Rathbone Square's
mechanical stacking car park on Thursday afternoon.
Mr Davies said he was glad to finally have the van back but HCS Furniture's
"coffers are now fairly low" after spending close to £50,000 on renting,
then buying, a new van.
Rathbone Square's management, CBRE, declined to comment - but the BBC has
seen an email that confirmed other trapped vehicles will be released over
the next month.
One resident in the Rathbone Square development told BBC London up to 40
vehicles were trapped in the stack -- but CBRE did not respond when asked to
confirm.
A stacked car park is a system in which cars are parked on top of each other
using mechanical platforms and lifts to make the most of the available
space.
Mr Davies and Mr Lucas had been concerned the battery of their electric van
would not work, but Mr Lucas said: "It fired up and it had enough juice to
drive itself out of the bay - which we're very pleased about as it could've
been quite awkward otherwise."
Mr Davies said the van will be taken for servicing and assessment of any
damage. [...]
https://www.bbc.com/news/articles/c20z46p0p6jo
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.62
************************
