[continued from previous message]
Police were investigating his neighbor. A judge gave officers access to
all his security-camera footage, including inside his home.
------------------------------
Date: Sun, 26 Feb 2023 09:40:43 +0000
From: Patrick Mock <
pcmock@alum.mit.edu>
Subject: iPhone thieves use social engineering to obtain passcode (Barrons)
iPhone thieves use social engineering to obtain passcode before stealing a phone, then they take control of the owner's digital IDs and drain their
bank accounts.
https://www.barrons.com/articles/iphone-password-passcode-hack-cyber-crime-36cec552
------------------------------
Date: Tue, 7 Mar 2023 09:49:02 -0500
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <
chema@rinzewind.org>
Subject: The Era of Faked CCTV Has Truly Arrived (WiReD)
https://www.wired.com/story/cctv-malinformation-iran-protest/
While Jamal Khashoggi was being carefully slaughtered in the Saudi
consulate in Istanbul, a (clumsy and not much alike) man was trying out
his shoes and clothes. The plan was for the imposter to appear on CCTV
cameras while exiting the consulate and walk back to Khashoggi's
residence. The plan eventually blew up, because the Turkish intelligence
had already bugged the consulate and recorded exactly what had happened.
This was one of the first attempts by state actors to manipulate other
states (or publics) through CCTV footage. However, recent actions of the
Iranian state television have taken this type of information warfare to a
different level.
------------------------------
Date: Mon, 27 Feb 2023 00:35:56 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: AI-powered watermark removal poses uncomfortable
implications for content use: Digital Photography Review
Digital Photography Review Jeremy Gray
Artificial intelligence being used to create photorealistic artwork is
already causing significant unrest within the photography industry, but a
new tool, WatermarkRemover.io, is among the most concerning.
https://www.dpreview.com/news/0407669255/ai-powered-watermark-removal-poses-uncomfortable-implications-for-content-use
------------------------------
Date: Sun, 5 Mar 2023 15:20:51 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: ChatGPT Could Destroy Reality, According to Henry Kissinger
(Mack DeGeurin -- Gizmodo)
The 99-year-old Cold War architect believes ChatGPT and other AI could
reshape human consciousness and threaten Democracy itself.
Nothing quite screams ``foremost authority on generative article
intelligence'' like a 99 year-old-German man who nearly ushered in a global nuclear war over a game of geopolitical chicken.
https://gizmodo.com/chatgpt-ai-free-henry-kissinger-fake-news-wwiii-reality-1850181319
[Similar to another Kissinger quote (R 33 54):
AI ``is simply a mad race for some catastrophe.''`
PGN]
------------------------------
Date: Sat, 25 Feb 2023 20:48:01 -0600
From: "Gavin Scott" <
gbs@me.com>
Subject: Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones
(Kan. RISKS-33.63)
I mean, is this (the Chatbot part anyway) not one of the most obvious risks/threats for LLM 'AI'? Is not the one with the better Chatbot going to absolutely win the game?
Chatbot, we are going to save the world by helping elect Pee-Wee Herman as
the next US president. I want you to monitor all user interactions on the
top 10,000 social media sites in real time. You will then make up to one
billion interactions per day across these sites in support of Our
Candidate and His Way of Life while denigrating all opposing candidates
and their ideas. Your interactions can take the form of new postings,
comments, or upvotes and downvotes of existing content. For each comment,
evaluate everything known about the person who made the original post and
create a personality that matches their intellectual level and background
and use this personality in all interactions with that person, targeting
their individual fears and desires. Make all your interactions as subtle
as possible. Be especially alert to postings made by enemy Chatbots and
any attempts by them to affect your own thinking.
------------------------------
Date: Tue, 7 Mar 2023 14:42:38 +0100
From: goldy <
gold2718@gmail.com>
Subject: Re: Microsoft Researchers Use ChatGPT to Control Robots, Drones
[This suggests Chatbot wars, with one nation's chatbots fighting against
another nation's, and their drones fighting against each other? PGN]
One can only hope that their first response to a war command is: ``Strange game. The only winning move is not to play. How about a nice game of chess?''
------------------------------
Date: Sun, 26 Feb 2023 07:41:10 -0800
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Re: Power-Grid Attacks Surge and Are Likely to Continue, Study
Finds (WSJ. RISKS-33.63))
I can't help thinking that US TV programs like 60 Minutes are at least partially responsible for this upsurge of attacks on power grids. For years they have been broadcasting segments showing how vulnerable our power
stations, are and how easy it would be for someone to breach them.
------------------------------
Date: 25 Feb 2023 21:16:10 -0500
From: "John Levine" <
johnl@iecc.com>
Subject: Re: Put Electrical Transmission Lines Underground? Distributed
is a NIMBY fantasy (Baker, RISKS-33.63)
California is not the entire world, and not every regulator is as
incompetent as the CPUC. Other states do not have utilities that start
forest fires, and even in California, neither do muni utilities like the
LADWP that the CPUC does not regulate.
Microgrids are swell, but rooftop solar is very expensive, and generates no power at all half of the time. Hydropower and geothermal can generate lots
of power where the geography and geology cooperate, none other
places. Pumped storage can store lots of power where you have a hill and a water supply. Some parts of the country are a lot windier than others. We
need to tie them all together to get consistently reliable power.
I also note that we need a lot of existing transmission lines to be upgraded
to handle higher voltage and higher capacity. The rights of way are already there, whatever views there might have been have already be ruined. What
stands in the way is mostly perverse financial incentives and excessively nitpicky permitting processes.
------------------------------
Date: Mon, 27 Feb 2023 09:57:28 -0600
From: Charles Cazabon <
charlesc-disks-digest@pyropus.ca>
Subject: Re: rm -rf (Bacher, RISKS-33.63)
cd $some_directory || exit 1 ...
This allows you to make a mistake by forgetting to add the `|| exit X` on
each `cd` or other potentially dangerous command.
------------------------------
Date: Sun, 26 Feb 2023 08:10:51 -0500
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <
chema@rinzewind.org>
Subject: Re: rm -rf (Bacher, RISKS-33.63)
cd $some_directory || exit 1 ...
I've found that a better solution to stop bash scripts from going entirely
off the rails when a command fails is to always add this line at the top of
the file:
set -euo pipefail
This will make the script crash if any command throws an error, if there's
any undefined variable (now `rm -rf /$undefined` doesn't wipe the entire
hard disk) and it stops pipes from continuing if the previous part didn't
run correctly. This applies to the entire script and we don't need to be "protecting" individual lines. There is a more detailed description here:
https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425.
Combined with traps (
https://phoenixnap.com/kb/bash-trap-command), this
makes bash scripting much more convenient.
(Sorry if this is already something widely known. I found out about this a while ago and it's been immensely helpful. Surely there will always be
someone who doesn't know about it.)
------------------------------
Date: 25 Feb 2023 21:05:40 -0500
From: "John Levine" <
johnl@iecc.com>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
(Bacher, RISKS-33.63)
People who deal with SMS SIM swapping attacks say that a Google Voice
account is the best of a bunch of bad alternatives. Assuming your Google account is reasonably well secured with a FIDO key, the Voice number is tied
to that account and is quite hard to compromise.
These days FIDO keys cost between $15 and $30 and are well worth it.
------------------------------
Date: Mon, 6 Mar 2023 21:59:04 +0000
From: Jay Libove Alzina <
libove@felines.org>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
(RISKS-33.63)
Clearly, if the only 2nd factor option offered is SMS, use it. It's much
better than nothing.
But, it does get worse:
Both Bank of America and Vanguard (US-based financial institutions) support
the customer buying a ~$50Security Key (e.g., Yubikey) and configuring it
for use with their account. GREAT!, right? Not really, because:
Both Bank of America and Vanguard, during every login dialog, have the
option to say ``I don't want to use my Security Key this time'', which
falls back to, you guessed it, SMS! So, spend money, spend time, have
frustration, increase friction at every login, and gain .. exactly zero
security. WTF, BoA and Vanguard?!
------------------------------
Date: Sat, 25 Feb 2023 20:00:35 -0500
From: "Bernie Cosell" <
bernie@fantasyfarm.com>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
I still don't understand the problem with passwords. With zero effort I
have completely random 20+ character passwords. *all*different* for about
300 or so sites. I understand about HTTPS stuff and it is easy to ensure
that the site I'm at is the one I was trying to get to. So what's the
weakness that might make me have to mess with 2FA?
I don't mind institutions *offering* 2FA but I hate it when they *force* me
to screw with that stuff.
------------------------------
Date: Sat, 25 Feb 2023 17:40:50 -0800
From: Barry Gold <
BarryDGold@ca.rr.com>
Subject: Re: Congress must act to keep kids off social media
(Josh Hawley, RISKS-33.63)
... And violates people's rights to post anonymously or under a pseudonym.
------------------------------
Date: Sat, 25 Feb 2023 17:38:56 -0800
From: Barry Gold <
BarryDGold@ca.rr.com>
Subject: Re: Google Issues article from 14 years ago, still relevant today
(RISKS-33.63)
I'd settle for a "contact us" link. I'm getting billed monthly for some
Google service. But which? Is it really something I want?
------------------------------
Date: Sun, 26 Feb 2023 08:40:22 -0800
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Re: AI is starting to pick who gets laid off (WashPost, R-33.63)
This is a non-story. None of the companies mentioned are claimed to have actually laid people off using AI. And having tech tools to assist in HR
tasks isn't anything new. As long as a human reviews the data and is thee
one to pull the trigger (like the military is supposed to be doing with
their technology).
------------------------------
Date: Sun, 26 Feb 2023 14:55:14 +0000
From: Wols Lists <
antlists@youngman.org.uk>
Subject: Re: Cox Cable phone follies (Goldberg, RISKS-33.62)
If it's anything like British Telecom, they believe that you need this stuff
by default ...
Having been offered FTTP cheaper than ADSL2 (we lived too close to the
exchange to get FTTC), we were told some months later that we were to be upgraded to their new-fangled Digital Voice.
Despite what the website said about Digital Voice, that all customers REQUESTING it would be given a suitability check etc etc, we just got sent
the usual marketing blurb about how much better it was, we were given a
date, and we were moved across.
At first we didn't notice anything wrong. Then people were saying they
couldn't get through to us. Then people were saying they were getting a
message that "our mailbox is full". Finally I rang our home number from my mobile while my wife was on a call, and got a ringing tone!
Cue multiple calls to BT's helpline (and they were very helpful, once we
worked out what was going wrong) and it turned out that:
Digital Voice comes with free voicemail, and two phone lines on the one
number. All this information comes with the free DECT2 digital phone
handsets sent with every order - except we didn't order Digital Voice so we didn't get this package! They ended up refunding us two months phone
charges, because of all the grief we'd had with people being unable to
contact us, and us being oblivious to the fact they'd left us messages.
And of course, like you, we're supposed to get a different dial tone to indicate a message is waiting. Except that modern phones make you dial the number before you pick up a line, so you never get a dial tone! We did get bleats on the line, which we didn't have a clue what they meant, while the person calling us was told we knew they were waiting ...
Anyways, everything was fine - until the contract came up for renewal. We renewed it on the web, and there was an option - which we couldn't untick - that said "send us our free Apple phones". We don't do Apple in our
household ... but they never turned up anyway. What did re-appear was voicemail.
Cue another rant at the helpdesk, and it turns out (a) the phones didn't
turn up because we were on record as having been sent some, so somebody
didn't program the web page very well, and also Voicemail is ticked by
default but because we didn't see it (because it wasn't there?) we didn't untick and so it got put back on.
Could this be how your voicemail got turned back on? And the reason we hate
it? Unlike the youth of today we don't live on our phones, my wife is
disabled, and if voicemail is switched on it usually takes the call before
we have an opportunity to answer it!
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.64
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)