RISKS-LIST: Risks-Forum Digest Sunday 19 February 2023 Volume 33 : Issue 62
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/33.62>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
BBC News: Lufthansa tech failure leaves planes grounded (BBC)
Amazing Southwest Air story (SW pilot via Paul Saffo)
Tesla admits Full Self-Driving beta may cause crashes, recalls 363,000
vehicles (Engadget)
Tesla Cofounder Calls Autopilot, FSD Software Risky 'Crap'
(Business Insider)
Bionic_nose may help people experiencing smell loss, researchers say
(WashPost)
Elon Musk created a special system for showing you all his tweets first
(The Verge)
Woman Died Trapped in Burning SUV After Vehicle Malfunctiono (Newsweek) Hyundai, Kia Cars Targeted In Fairfax County With Rise Of TikTok Trend
(Kingstowne VA Patch)
Mary Queen of Scots secret letters decoded (The Register)
The Army Officer Email Chain that Caused Pandemonium (Military.com)
How CISA plans to get tech firms to bake security into their products
(WashPost)
Digital pound likely this decade, Treasury says (BBC)
SMS-Based Multi-Factor Authentication: What Could Go Wrong? Plenty (PCMag)
Two women, one Social Security number, and a mighty big mess (NBC News)
Here's how Musk could have dealt with SMS 2FA responsibly (Lauren Weinstein) JPMorgan Paid $175 Million for a Business It Now Says Was a Scam (NYTimes)
The People Onscreen Are Fake. The Disinformation Is Real. (NYT)
Peabody EDI Office responds to MSU shooting with email written using ChatGPT
(The Vanderbilt Hustler)
ChatGPT-Written Malware (Bruce Schneier)
These 26 words 'created the Internet.' Now the Supreme Court may be coming
for them (CNN)
Re: How Smart Are the Robots Getting? (David Parnas, Amos Shapir)
Why a Conversation With Bing's Chatbot Left Me Deeply Unsettled
(Kevin Roose)
Bing chatbot says it feels 'violated and exposed' after attack (BBC)
Trying Microsoft's new AI chatbot search engine, some answers are uh-ohs
(WashPost)
Re: ChatGPT on a blog: huMansplaining on parade (Wol)
Are chatbots coming for your job? (Chris Stokel-Walker)
Re: rm -rf (Glen Story)
Re: Dreams of a Future in Big Tech Dim for Computer Science Students
(dmitri maziuk)
Re: Historic Arctic outbreak crushes records in New England (Wol)
Re: The Cloud (Jay R. Ashworth)
Space Rogue: How the Hackers Known As L0pht Changed the World
(Review by Richard Thieme)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 15 Feb 2023 18:19:51 -0000
From: Paul Cornish <
paul.a.cornish@googlemail.com>
Subject: BBC News: Lufthansa tech failure leaves planes grounded (BBC)
200 Lufthansa flights grounded at Frankfurt airport after engineering
works on a nearby railway line mistakenly cut a bundle of cables, taking
down the airlines
https://www.bbc.co.uk/news/business-64652835
I wonder if this could be a case of a gradual increase in the criticality of infrastructure as its use gets closer and closer to the minute-by-minute operations of the airline? I've seen it happen in other industries where
tools to *advise* operators as demand rises they become increasingly
critical to continuing safe operation. However, all the safety/reliability analyses may not get updated from the original *advisory* tool use case.
[Also noted by Jan Wolitzky:
Severed Cable Forces Lufthansa to Cancel Its Flights, NYTimes:
https://www.nytimes.com/2023/02/15/business/lufthansa-it-problem-cancelled-flights.html
Gabe Goldberg noted
[... the airline said all of its systems were now back up.
https://sports.yahoo.com/lufthansa-tech-failure-leaves-planes-145450227.html
PGN]
------------------------------
Date: Tue, 27 Dec 2022 18:22:22 -0800
From: "Paul Saffo" <
paul@saffo.com>
Subject: Amazing Southwest Air story
This remarkable tale from a Southwest pilot:
My friend's husband is a pilot with Southwest. He just posted this an hour
ago. I'm not including his name or the photos he shared of packed SWA
employee rooms at the airports over the past couple of days (in case his
post comes back to bite him with the company -- even though he's stating facts.) He also posted a screenshot of a fellow pilot on hold with SWA Scheduling for over 22 hours. Anyway, here's some insight for those
wondering if this massive round of SWA cancelations is really all due to weather and staffing issues: ``I don't know what to say. Southwest Airlines
has imploded. Their antiquated software system has completely fried. Planes are parked. Crews are stranded in the airports with the passengers, volunteering to take the passengers in the parked planes but the software
won't accept it. Phone lines are overwhelmed for both passenger and crews. I personally spent over two hours trying to get ahold of anyone in the company last night after midnight. A Captain and I did manage to get the one flight
put together on Christmas night and got people home. Kudos to the ops agent
and dispatcher for making it happen. We had to manually input a lot of the
data and it took over an hour to coordinate with dispatch going back and
forth running numbers.
``We spent hours trying to get the company to answer and get us a hotel when
we landed as they're all sold out. We were only put in a call que for hours before hanging up. I found one hotel with 4 rooms and we bought our own
rooms at 2:30am. I even paid for a Flight Attendants room. We literally have crews sleeping on the airport floors all over the country with nowhere to
go. Crews have been calling to fly anyone, anywhere, but the company says
the system needs a reset. They have effectively shut down the operations for the rest of year, running 1/3 of the flights so that they can let the
computer find and locate the crews and aircraft. Gate agents are in
tears. They've been yelled at, cussed at, slapped and spit on. Flight attendants have been taking a beating. The frontline employees have had
little support or communication. Terminals are standing room only with
people having been there for days. Pilot lounges are packed with pilots
ready to fly and nowhere to go. Embarrassing is an understatement. I'm
going on my second of three days off, still stuck on the east coast and
still expected to show up in the morning with no schedule. And I'm willing
to fly all day if needed. Because that's nothing compared to the passengers needing meds in bags that are lost and mothers traveling with kids, having
been stuck for the same amount of days in the terminal. In 24 years, I've never seen anything like this. Heads need to roll! Rumors on media are
floating that there is a lack of crews and pilots are staging sick calls. Absolutely not true at all. This is a computer system meltdown. Thousands of crew members are sitting in hotels and airports with nowhere to go. This airline has failed miserably.''
------------------------------
Date: Thu, 16 Feb 2023 20:12:09 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Tesla admits Full Self-Driving beta may cause crashes, recalls
363,000 vehicles (Engadget)
Who could have possibly seen this coming?
Tesla will release an OTA update, free of charge to its customers to rectify the issue, Reuters reports. This recall follows a litany of similar
corrective actions taken throughout 2022 for everything from funky tail
lights to overheating infotainment systems to noisy seat belt chimes -- even that gimmick Cyberquad for Kids got the regulatory hook.
https://www.engadget.com/tesla-recalls-over-360000-vehicles-for-full-self-driving-crash-risk-180110819.html
------------------------------
Date: Sun, 19 Feb 2023 15:03:44 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Tesla Cofounder Calls Autopilot, FSD Software Risky 'Crap'
(Business Insider)
Tesla cofounder Martin Eberhard said he's "not a big fan" of autonomous
cars. He said self-driving cars were not a part of Tesla's mission when he cofounded the company in 2003. The Tesla cofounder said it's a "mistake to think of a car as a software platform."
Elon Musk has made autonomous driving a top priority at Tesla, but one of
the carmaker's original founders doesn't approve.
https://www.businessinsider.com/tesla-fsd-full-self-driving-autopilot-risk-criticism-martin-eberhard-2023-2
------------------------------
Date: Sat, 28 Jan 2023 03:08:25 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: Bionic_nose may help people experiencing smell loss, researchers
say (WashPost)
https://www.washingtonpost.com/wellness/2023/01/26/smell-loss-covid-bionic-nose -brain/
"Two scientists are working on a neuroprosthetic that may help millions with anosmia, such as those who lost their sense of smell because of covid."
Neurostimulators implants present numerous risks for the recipient. The
FDA's TPLC platform yields the following patient and device problem counts
(in CSV format) from 01JAN2018 to 31DEC2022 for product doce MHY: Device stimulator, electrical, implanted, for parkinsonian tremor, a class 3 device
-- meaning life critical incident outcome potential.
Three items of note: (1) Implanted medical device manufacturers are required
to report adverse events/incidents, but NOT the number of procedures
performed with their products. Auto manufacturers report the number of
vehicles they manufacturer and the NHTSA reports the number of auto-related incidents (accidents, fatalities, etc.)
(2) Both a parkinson stimulator and an artificial odor detector require
amplified/modulated electrical stimulus to various portions of the brain
to generate/control nerve response using a feedback loop. While Nobel
Prizes in Medicine/Physiology have been awarded for odor detection, a
commercially viable artificial sensor product that mimics human odor
sensation/interpretation, let alone a miniaturized mass spectrometer/gas
chromatograph, has not been produced to date.
(3) A quick glance at the device problem reports reveals at least one report
of pacemaker/icd patient recipient experiencing interactions after deep
brain stimulator implantation (see
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfm
aude/detail.cfm?mdrfoi__id=16073378&pc=MHY, reported on 29DEC2022).
Why this particular adverse event is assigned to the "Adverse Event Without Identified Device or Use Problem (2993)" category is, IMHO, illustrative of regulatory capture. The same report also characterizes the patient problems field as:
"Fall (1848); Intracranial Hemorrhage (1891); Dysphasia (2195);
Insufficient Information (4580)" -- clearly significant patient impacts.
The manufacturer reports incidents. They also create the labeling metadata values used to characterize the report content.
Device Problems,MDRs with this Device Problem,Events in those MDRs
Adverse Event Without Identified Device or Use Problem,3662,3662
High impedance,2251,2251
Battery Problem,1578,1578
Insufficient Information,1204,1204
Failure to Deliver Energy,1101,1101
Charging Problem,944,944
Low impedance,845,845
Component Misassembled,827,827
Communication or Transmission Problem,777,777
Break,702,702
Inappropriate/Inadequate Shock/Stimulation,614,614
Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Known Impact Or Consequence To Patient,3423,3423
No Clinical Signs,Symptoms or Conditions,2454,2454
Unspecified Infection,1310,1311
Shaking/Tremors,1110,1111
No Consequences Or Impact To Patient,988,988
Inadequate Pain Relief,912,912
Complaint,Ill-Defined,893,893
Therapeutic Response,Decreased,750,750
Therapeutic Effects,Unexpected,698,698
Insufficient Information,602,602
Electric Shock,596,596
------------------------------
Date: Wed, 15 Feb 2023 14:16:10 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Elon Musk created a special system for showing you all his
tweets first (The Verge)
After his Super Bowl tweet did worse numbers than President Biden's,
Twitter's CEO ordered major changes to the algorithm.
In recent weeks, Musk has been obsessed with the amount of engagement his
posts are receiving. Last week, Platformer broke the news that he fired one
of two remaining principal engineers at the company after the engineer told
him that views on his tweets are declining in part because interest in Musk
has declined in general.
By Monday afternoon, "the problem" had been "fixed." Twitter deployed code
to automatically greenlight tweets, meaning his posts will bypass Twitter's filters designed to show people the best content possible. The algorithm now artificially boosted Musk's tweets by a factor of 1,000 -- a constant score that ensured his tweets rank higher than anyone else's in the feed.
Internally, this is called a "power user multiplier," although it only
applies to Elon Musk, we're told. The code also allows Musk's account to
bypass Twitter heuristics that would otherwise prevent a single account from flooding the core ranked feed, now known as "For You."
https://www.theverge.com/2023/2/14/23600358/elon-musk-tweets-algorithm-changes- twitter
------------------------------
Date: Thu, 9 Feb 2023 16:41:11 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Woman Died Trapped in Burning SUV After Vehicle Malfunction
(Newsweek)
A 73-year-old woman died in Wisconsin on December 9 after her 2009 Dodge Journey caught fire, shortly after telling her fiance on her cellphone that
she couldn't unlock the doors or open the windows.
https://www.newsweek.com/woman-died-trapped-burning-suv-after-vehicle-malfunction-1774291
------------------------------
Date: Sun, 22 Jan 2023 20:31:32 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Hyundai, Kia Cars Targeted In Fairfax County With Rise Of TikTok
Trend (Kingstowne VA Patch)
TikTok instructional videos on how to hot-wire Hyundai and Kia models could
be linked to an increase in vehicle thefts in Fairfax County.
Over the past several months, thieves have posted videos to TikTok demonstrating that by inserting a USB cable into a broken steering column,
they can hot-wire an engine. In the past, thieves have used a screwdriver to hot-wire an engine.
https://patch.com/virginia/kingstowne/hyundai-kia-cars-targeted-fairfax-county- rise-tiktok-trend
------------------------------
Date: Fri, 10 Feb 2023 14:03:13 PST
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Mary Queen of Scots secret letters decoded (The Register)
https://www.theregister.com/2023/02/09/codebreakers_mary_queen_of_scots/
[Thanks to Li Gong:]
A lesson for those who ignore one of the reasons for stronger crypto --
not having something broken years later?
------------------------------
Date: Sat, 11 Feb 2023 13:34:05 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The Army Officer Email Chain that Caused Pandemonium
(Military.com)
It was the "reply-all" heard around the world. ...
Someone will inevitably figure out how to shut down this distribution list
and stop our inboxes from being flooded, but there are a few clear lessons:
1. There are far too many technically illiterate captains who would benefit from learning how to properly use Microsoft Outlook (particularly how to set
up sorting rules) instead of replying like boomers using new technology.
2. Army officers have the undeniable ability to create greatness out of
chaos, creatively organizing and collaborating to make the best of any situation.
3. If the Functional Area 57 managers did this on purpose, this was some brilliant viral marketing.
4. The Army needs to leverage technology to create more networking opportunities for company-grade officers. While some love to reminisce about the old days of networking at the local officers' club, there are plenty of modern technology-enabled opportunities to connect.
5. Finally, this event proves the point that if you put a bunch of soldiers
or officers of the same rank in one room (including generals), they will
revert to acting like privates within 15 minutes.
https://www.military.com/daily-news/opinions/2023/02/09/army-officer-email-chai n-caused-pandemonium.html
------------------------------
Date: Thu, 09 Feb 2023 02:19:59 +0000
From: Richard Marlon Stein <
rmstein@protonmail.com>
Subject: How CISA plans to get tech firms to bake security into their
products (WashPost)
https://www.washingtonpost.com/politics/2023/02/06/how-cisa-plans-get-tech-firm s-bake-security-into-their-products/
CISA plans to identify what secure-by-design secure-by-default everyone can shoot for those goals, agency officials told me in an interview last week. ``They also plan to hail success stories in the tech industry,'' they said.
The entire technology supply chain must achieve and sustain NIST SP 800-53 compliance for CISA's effort to merit success. NIST SP 800-53 control family practices, if conscientiously applied, can promote CISA objectives. This Foreign Affairs essay (
https://www.foreignaffairs.com/united-states/stop-passing-buck-cyber
security) provides additional rationale.
Whether or not critical infrastructure and application stack suppliers
embrace and adopt cyber-risk mitigations is anyone's guess. Doubtful that
open source suppliers will apply them. The bulk of commercialized
applications stacks (and operating systems/drivers/board management control/remote monitoring stacks) originate from open source repositories. Original design manufacturers must adopt NIST SP 800-53 control families to prevent CISA efforts from amounting to security theater. Most of these ODMs
are outside the US.
Domestic US computer platform manufacturers, what's left of them,
restructured their business/engineering operations long-ago. End-to-end
product life cycle domestic fulfillment (design + manufacture) no longer exists. Instead, to be price competitive, brands out-source/off-shore
hardware engineering and stack integration via contract and statement of
work, then slap their label on the finished product to sell as if
domestically cooked.
Modern capitalism enables the cybersecurity "buck passing" life
cycle. Perhaps CxO accountability enforcement for preventable cyber security incidents might suppress "buck passing" more effectively?
[Will "secure-by-design" and "secure-by-default" attributes be quantified
with smileys or stars to simplify procurement choice?]
------------------------------
Date: Mon, 6 Feb 2023 21:59:58 -0700
From: Matthew Kruk <
mkrukg@gmail.com>
Subject: Digital pound likely this decade, Treasury says (BBC)
https://www.bbc.com/news/technology-64536593
*A state-backed digital pound is likely to be launched later this decade, according to the Treasury and the Bank of England.*
Both institutions want to ensure the public has access to safe money that
is easy to use in the digital age.
Chancellor Jeremy Hunt said the central-bank digital currency (CBDC) could
be a new "trusted and accessible" way to pay.
But it will not be built until at least 2025.
[Trusted by whom? Apparently Trustworthy is too difficult a word to use.
Well, we'll give them a digital pound in the back for trying to keep the
dogs from eating up the pound. PGN]
------------------------------
Date: Sat, 18 Feb 2023 15:39:54 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: SMS-Based Multi-Factor Authentication: What Could Go Wrong? Plenty
(PCMag)
At Black Hat, a research duo from FYEO demonstrate a technique they call smishmash to prove that using text messaging for your second factor is very risky.
Multi-factor authentication is chic these days. All the websites are asking
you to turn it on, and with good reason. When a data breach exposes the fact that your password is "password," malefactors still won't get into your
account because they don't have the other authentication factor. Typically that's a code either texted to your phone or sent through an authenticator
app. <
https://www.pcmag.com/picks/the-best-authenticator-apps
Those two methods seem similar, but the former turns out to be a big
security risk. In an engaging tag-team presentation at Black Hat <
https://www.pcmag.com/events/black-hat>, Thomas Olofsson and Mikael Bystr=C3=B6m, CTO and head of OSINT at FYEO, respectively, demonstrated a technique they call smishmash to prove that using text messaging for your second factor is very risky.
*What's FYEO? What's OSINT? What's Smishing?*
According to its website, FYEO is ``Cybersecurity for Web 3.0, <
https://www.pcmag.com/how-to/what-is-web3-and-how-will-it-work> meaning it promotes a decentralized Internet, along with decentralized finance and security. FYEO is also used by some to mean For Your Eyes Only -- shades of James Bond.
As for OSINT, that's short for open-source intelligence <
https://www.pcmag.com/encyclopedia/term/osint>, and the term was much in evidence at Black Hat. It means gathering and analysis of openly available Information to develop useful intelligence. It's amazing what a dedicated researcher can come up with based on information that's not hidden in any
way.
You've heard of phishing <
https://www.pcmag.com/how-to/how-to-avoid-phishing-scams> -- that technique where clever fraudsters trick you into logging into a replica of a bank site
or other secure site, thereby stealing your login credentials. Phishing
links typically come through emails, but SMS messages are sometimes the carrier. In that case, we use the lovely term smishing. <
https://www.pcmag.com/opinions/dont-get-caught-how-to-spot-email-and-sms-phishing-attempts>
*Why Are Texts Insecure?*...
[...]
https://www.pcmag.com/news/sms-based-multi-factor-authentication-what-could-go-wrong-plenty
------------------------------
Date: Sat, 18 Feb 2023 12:07:45 -0800
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Two women, one Social Security number, and a mighty big mess (NBC)
Stella Kim and Corky Siemaszko, NBC News
https://www.nbcnews.com/news/us-news/two-women-one-social-security-number-mighty-big-mess-rcna70808
They have the same name. They were born on the same day in South Korea. And they were both assigned the same Social Security number after they emigrated
to the United States. This bureaucratic bungle has bedeviled Jieun Kim, of
Los Angeles, and Jieun Kim, who lives just outside Chicago in Evanston, Illinois, for almost as long as they've been in this country.
Over the past five years, the 31-year-old women have had their banking and savings accounts shut down. They have had their credit cards blocked. They
have been suspected of engaging in identity theft. And, they say, the
Social Security Administration has been either unable, or unwilling, to
rectify its mistake.
------------------------------
Date: Sat, 18 Feb 2023 16:41:13 -0800
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Here's how Musk could have dealt with SMS 2FA responsibly
[The back story on Musk's handling of this issue is murky. Lauren started
with ``In windfall for hackers, Twitter will disable 2 factor
authentication by sms if you don't pay them.'' Here are two of his recent
items on this thread combined into one item. PGN]
1. Imagine the glee of hackers who have previously tried to access #Twitter
accounts of users whose account credentials have already been
compromised, but where the hackers were blocked by SMS 2FA from getting
into those accounts. On the day that SMS 2FA is disabled by Twitter on
those accounts, it becomes Twitter Hacking Golden Day for the hackers! -L
2. Here's how Musk could have dealt with SMS 2FA costs on Twitter without
putting current users at risk:
* Announce that starting on such-and-such a date (at least 30 days in the
future, let's say) new Twitter accounts cannot use SMS 2FA. This will
result in fewer and fewer accounts using SMS 2FA over time by
attrition. This change would NOT affect existing accounts already
depending on SMS 2FA.
and ...
* Announce that as an incentive if you switch from SMS 2FA to a different
SMS system (auth codes, security key) you will receive a year of Twitter
Blue at no charge. Once you switch off SMS 2FA you can't turn it back
on.
------------------------------
Date: Sun, 22 Jan 2023 20:34:38 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: JPMorgan Paid $175 Million for a Business It Now Says Was a Scam
(The New York Times)
A young founder promised to simplify the college financial aid process. It
was a compelling pitch. Especially, as now seems likely, to those with
little firsthand knowledge of financial aid.
When JPMorgan Chase paid $175 million to acquire a college financial
planning company called Frank in September 2021, it heralded the "unique opportunity for deeper engagement" with the five million students Frank
worked with at more than 6,000 American institutions of higher education.
Then last month, the biggest bank in the country did something
extraordinary: It said it had been conned.
In a lawsuit, JPMorgan claimed that Frank's young founder, Charlie Javice,
had engaged in an elaborate scheme to stuff that list of five million
customers with fakery.
"To cash in, Javice decided to lie," the suit said. "Including lying abou Frank's success, Frank's size and the depth of Frank's market penetration."
Ms. Javice, through her lawyer, has said the bank's claims are untrue.
https://www.nytimes.com/2023/01/21/business/jpmorgan-chase-charlie-javice-fraud .html
------------------------------
Date: Fri, 10 Feb 2023 11:24:04 -0500 (EST)
From: ACM TechNews <
technews-editor@acm.org>
Subject: The People Onscreen Are Fake. The Disinformation Is Real. (NYT)
Adam Satariano and Paul Mozur, *The New York Times*, 07 Feb 2023,
via ACM TechNews; 10 Feb 2023
Two news anchors for an outlet called Wolf News that were featured in videos posted last year by social media bot accounts were computer-generated
avatars used for a pro-China disinformation campaign, according to Graphika,
a research firm that studies disinformation. Graphika's Jack Stubbs said,
"This is the first time we've seen this in the wild." Stubbs said the availability of easy-to-use and inexpensive artificial intelligence (AI) software "makes it easier to produce content at scale." The fake anchors
were created using Synthesia's AI software, which generates "digital twins" primarily used for human resources and training videos. Synthesia's Victor Riparbelli said it is increasingly difficult to detect disinformation and
that deepfake technology eventually will be advanced enough to "build a Hollywood film on a laptop."
------------------------------
Date: Sun, 19 Feb 2023 14:54:12 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Peabody EDI Office responds to MSU shooting with email written
using ChatGPT (The Vanderbilt Hustler)
The email stated at the bottom that it had been written using ChatGPT, an AI text generator.
A note at the bottom of a Feb. 16 email from the Peabody Office of Equity, Diversity and Inclusion regarding the recent shooting at Michigan State University stated that the message had been written using ChatGPT, an AI
text generator.
Associate Dean for Equity, Diversity and Inclusion Nicole Joseph sent a follow-up, apology email to the Peabody community on Feb. 17 at 6:30
p.m. CST. She stated using ChatGPT to write the initial email was "poor judgment."
"While we believe in the message of inclusivity expressed in the email,
using ChatGPT to generate communications on behalf of our community in a
time of sorrow and in response to a tragedy contradicts the values that characterize Peabody College," the follow-up email reads. "As with all new technologies that affect higher education, this moment gives us all an opportunity to reflect on what we know and what we still must learn about
AI."
https://vanderbilthustler.com/2023/02/17/peabody-edi-office-responds-to-msu-shooting-with-email-written-using-chatgpt/
The risk? Drawing wrong conclusions about exercising poor judgment.
------------------------------
Date: Sun, 15 Jan 2023 14:29:07 PST
From: Peter G Neumann <
neumann@csl.sri.com>
Subject: ChatGPT-Written Malware (Bruce Schneier)
From Bruce Schneier's CRYPTO-GRAM, 15 Jan 2023
[
https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html]
I don't know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild, [
https://arstechnica.com/information-technology/2023/01/chatgpt-is-enabling-script-kiddies-to-write-functional-malware/]
...within a few weeks of ChatGPT going live, participants in cybercrime
forums -- some with little or no coding experience -- were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.
``It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web company.
However, the cybercriminal community has already shown significant interest
and are jumping into this latest trend to generate malicious code.''
Last month one forum participant posted what they claimed was the first
script they had written, and credited the AI chatbot with providing a nice [helping] hand to finish the script with a nice scope.
The Python code combined various cryptographic functions including code
signing encryption and decryption. One part of the script generated a key
using elliptic curve cryptography and the curve ed25519 for signing files. Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. A third used RSA keys and digital
signatures message signing and the blake2 hash function to compare various files.
------------------------------
Date: Sat, 18 Feb 2023 18:14:28 -0800
From: Lauren Weinstein <
lauren@vortex.com>
Subject: These 26 words 'created the Internet.' Now the Supreme Court may be
coming for them
How to destroy the Internet. -L
https://www.cnn.com/2023/02/18/tech/section-230-explainer/index.html
------------------------------
Date: Sun, 5 Feb 2023 23:56:23 +0000
From: "Parnas, David" <
parnas@mcmaster.ca>
Subject: Re: How Smart Are the Robots Getting? (RISKS-33.61)
I am not a great fan of Turing but I think that people who write things like the items quoted below need to read his article (again?). Turing understood that science requires agreement on how to measure the properties being discussed. Turing rejected ``Can machines think?'' as an unscientific
question because there was no measurement-based definition of *think*. That question is not one that a scientist should try to answer. He then went on
to write, ``Instead of attempting such a definition I shall replace the question by another, which is closely related to it and is expressed in relatively unambiguous words.'' Note that he said *closely related*, not *equivalent*. Further, in a moment of inconsistency he never supplied a measurement-based definition of *closely related*. I think it is obvious
that an unscientific question cannot be equivalent to a scientific (measurement-based) one. Turing was only trying to show what he meant by "measurement based" and was not proposing a test for Intelligence.
With Eliza, Joe Weizenbaum tried to make it obvious that Turing's question
was not even closely-related to the original question. I was present at a meeting where he exposed his code and showed that his chatbot had no understanding of the words it was printing. The meeting was in Germany and
the fluently bilingual Weizenbaum even did a demo in which Eliza appeared to
be learning German. The code made it obvious that it was doing no such
thing.
Sadly, many people have missed the point that both of these men were making.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)