RISKS-LIST: Risks-Forum Digest Monday 4 September 2023 Volume 33 : Issue 82
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/33.82>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Happy Labor Day. This is not work. I do this pro bono. PGN]
The Titan's Submersible Disaster Was Years in the Making,
New Details Reveal (Susan Casey in Vanity Fair)
Hundreds of Flights Into Britain Canceled After Technical Issue
With UK Air Traffic Control (NYTimes)
5,000 pilots suspected of hiding major health issues. Most are still flying.
(WashPost)
AI Brings the Robot Wingman to Aerial Combat (The New York Times)
National Academies releases Testing, Evaluating and Assessing AI
systems for the US Air Force (via Simson Garfinkel)
Mushroom pickers urged to avoid foraging books on Amazon
that appear to be written by AI (The Guardian)
A battery catches fire on an Air France flight, the staff
reacts in a few minutes (Euro)
Electric cars catch fire in Florida after flooding (ABC)
Security, Social or routing? (David Lesher)
The decline of social media (Lauren Weinstein)
Prescription drug ads on TV (Lauren Weinstein)
NYTimes Spoofed to Hide Russian Disinformation Campaign (Dark Reading)
Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It
(The New York Times)
Food delivery robots under attack from vandals, thieves (YouTube)
Tesla owners are angry about buying their vehicles
right before the latest big price cuts and are letting Elon
Musk know: I feel completely duped. (Finance)
Eversource Notice of Data Security Incident (via Monty Solomon)
Mass. woman files class action lawsuit against StarnMarket for
allegedly sending her marketing texts after she opted out
(The Boston Globe)
Saudi man sentenced to death for tweets in harshest verdict yet for online
critics (NPR)
The endless battle to banish the world's most notorious stalker website'
(WashPost)
Dragon Pizza owner on Portnoy feud: 'I'm receiving death threats'
(The Boston Globe)
FCC says *too bad* to ISPs complaining that listing every fee is too hard
(Ars Technica)
Re: Lahaina: single points of failure: cell phones! (PGN)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 28 Aug 2023 17:02:28 -0500
From: Robert Dorsett
Subject: The Titan's Submersible Disaster Was Years in the Making,
New Details Reveal (Susan Casey in Vanity Fair)
[It just gets worse and worse...]
To many in the tight-knit deep-sea exploration community, OceanGate's submersible dives were reckless and often dangerous, writes best-selling
author Susan Casey. *Vanity Fair*, 17 Aug 2023
https://www.vanityfair.com/news/2023/08/titan-submersible-implosion-warnings
------------------------------
Date: Mon, 28 Aug 2023 15:08:11 -0400
From: "Jan Wolitzky" <
jan.wolitzky@gmail.com>
Subject: Hundreds of Flights Into Britain Canceled After Technical Issue
Airlines were forced to cancel hundreds of flights and delay hundreds more
on Monday after Britains air traffic control service experienced a *technical issue* that caused widespread disruption on one of the
countrys busiest travel days of the year.
More than 200 flights departing from Britain were canceled, according to Cirium, the aviation analytics company, along with 271 that were scheduled
to arrive in the country on Monday. Many other flights would be delayed by
more than eight hours, which will inevitably result in a cancellation, Cirium added.
NATS, Britains National Air Traffic Service, said a technical problem had affected its ability to automatically process flight plans, which meant
that the information had to be entered manually, slowing down the process.
https://www.nytimes.com/2023/08/28/world/europe/uk-airport-flight-delays.html
[Monty Solomon spotted
UK flights delayed after air-traffic control suffers technical
issue (The Verge)
https://www.theverge.com/2023/8/28/23848721/uk-air-traffic-control-issues-flight-delays
PGN]
------------------------------
Date: Sun, 27 Aug 2023 09:44:19 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: 5,000 pilots suspected of hiding major health issues. Most are
still flying. (WashPost)
Federal authorities have been investigating nearly 5,000 pilots suspected of falsifying their medical records to conceal that they were receiving
benefits for mental health disorders and other serious conditions that could make them unfit to fly, documents and interviews show.
The pilots under scrutiny are military veterans who told the Federal
Aviation Administration that they are healthy enough to fly, yet failed to report as required by law that they were also collecting veterans benefits for disabilities that could bar them from the cockpit.
Veterans Affairs investigators discovered the inconsistencies more than two years ago by cross-checking federal databases, but the FAA has kept many details of the case a secret from the public. [...]
https://www.washingtonpost.com/politics/2023/08/27/faa-pilots-health-conditions-va-benefits/
------------------------------
Date: Sun, 27 Aug 2023 12:10:59 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: AI Brings the Robot Wingman to Aerial Combat (The New York Times)
An Air Force program shows how the Pentagon is starting to embrace the potential of a rapidly emerging technology, with far-reaching implications
for war-fighting tactics, military culture and the defense industry.
It is powered into flight by a rocket engine. It can fly a distance equal to the width of China. It has a stealthy design and is capable of carrying missiles that can hit enemy targets far beyond its visual range.
But what really distinguishes the Air Forces pilotless XQ-58A Valkyrie experimental aircraft is that it is run by artificial intelligence, putting
it at the forefront of efforts by the U.S. military to harness the
capacities of an emerging technology whose vast potential benefits are
tempered by deep concerns about how much autonomy to grant to a lethal
weapon. [...]
The Pentagon has a miserable record on building advanced software and trying
to start its own artificial intelligence program. Over the years, it has
cycled through various acronym-laden program offices that are created and
then shut down with little to show.
------------------------------
Date: Tue, 29 Aug 2023 12:24:47 +0000
From: Simson Garfinkel <
simsong@alum.mit.edu>
Subject: National Academies releases Testing, Evaluating and Assessing AI
systems for the US Air Force
This is a major accomplishment and a must-read for anyone concerned about
the use of AI by the US military.
https://www.nationalacademies.org/our-work/testing-evaluating-and-assessing-= artificial-intelligence-enabled-systems-under-operational-conditions-for-the= -department-of-the-air-force
------------------------------
Date: Fri, 1 Sep 2023 13:03:15 -0400
From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <
chema@rinzewind.org>
Subject: Mushroom pickers urged to avoid foraging books on Amazon
that appear to be written by AI (Fungi, The Guardian)
https://www.theguardian.com/technology/2023/sep/01/mushroom-pickers-urged-to-avo
id-foraging-books-on-amazon-that-appear-to-be-written-by-ai
Amateur mushroom pickers have been urged to avoid foraging books sold on Amazon that appear to have been written by artificial intelligence
chatbots. Amazon has become a marketplace for AI-produced tomes that are being passed off as having been written by humans, with travel books among the popular categories for fake work. Now a number of books have appeared
on the online retailers site offering guides to wild mushroom foraging that also seem to be written by chatbots. [...]
[If you are for aging faster, a toxic mushroom may suffice. And you will
no longer be a fun-guy. Sorry, it's not funny. The risks of erroneous
ChatBots are enormous, and it may be difficult to sue anyone for false
representaions. PGN]
------------------------------
Date: Sat, 2 Sep 2023 16:50:50 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: A battery catches fire on an Air France flight, the staff
reacts in a few minutes (Euro)
It was minus one! On Monday August 21, during Air France flight AF914 to
Accra, the capital of Ghana, a fire on board could have cost the lives of
all the passengers. While the bulk of the travelers doze at an altitude of nearly 10,000 meters, a hostess detects the battery of a mans telephone about to ignite. You have to react without wasting a second. Its smoking,
its going to explode! sees Marie-Ccile Zinsou, president of the Zinsou
Foundation for Contemporary Art in Ouidah, Benin, who was on board the
plane. With the Figaro, she says: I looked through the window and I saw that we were too high, at 32,000 feet, to escape.
https://euro.dayfr.com/trends/760027.html
[Strangely written article -- maybe ChatGPT or badly translated.]
------------------------------
Date: Sat, 2 Sep 2023 16:52:27 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Electric cars catch fire in Florida after flooding (ABC)
EVs that come into contact with salt water are at risk of catching fire in the days and weeks after storm
FLORIDA In just the last couple of days after the storm, two electric vehicles, one in Pinellas Park and a Tesla in Palm Harbor, caught fire after the storm surge pushed a wall of saltwater inland.
Carfax spokesperson Patrick Olsen said owners need to understand the fire
risk doesn't go away after the vehicle dries out.
https://www.abcactionnews.com/idalia/electric-cars-catch-fire-in-florida-after-flooding
------------------------------
Date: Tue, 29 Aug 2023 19:41:31 -0400
From: David Lesher <
wb8foz@panix.com>
Subject: Security, Social or routing?
I got a call "from Social Security".
Or was it?
The call was from a local Maryland {301} prefix. (That number belongs to
Envoy, a telecom carrier I'm aware of.) But she wants my data (SSN, etc.) before she'll talk & I want proof of her status before... Mexican Standoff.
She suggested I call my local office to verify she is an employee. She gave
me her "800" number, and a ten-digit (!) extension. {The extension's first 3 digits were an N00, ergo not a valid NPA {area code}.
Now SSA has a web page, and I have more faith in DNS et.al than easily
forged CNID. That page says their main number is 800-772-1213. If I look up
my local SSA office, I get told a third 800 number, not a local number
there, nor the one she had given me. Hmmm.
So I called 800-772-1213, and waited 50 minutes. Then the human there told
me she was an employee and confirmed her name and 10-digit extension. Turns
out she works in a Denver facility BUT he could not transfer me.
So I called the Envoy number, got an auto attendant. Entered the 10D
extension she had given me, and got her voicemail. She called back a day
later, same Envoy number, same voice. FINALLY, we could discuss the question
at hand.
How hard would it be for attackers to use some BGP'ish attack to divert a
slew of inbound VOIP-carried calls to them?
I'm no crypto expert [I can spell 'PGP'...], but would tools such as
offering "the sum of the first 3 digits", "Consonant, vowel, vowel,
consonant" for a place of birth etc. be safer/safe enough?
Reflections on Trusting Trust came to mind. How should an 'average Jill/Joe' have any confidence that it *is* SSA calling? Granted SSA must
have a huge phone system, and given Federal procurement regs, it is divvied
up between multiple vendors, but should the core security be the 1213 number they dial, when it won't get you where you need to be, 50 minutes later?
May we live in interesting times.
------------------------------
Date: Wed, 30 Aug 2023 08:17:44 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: The decline of social media
When you really think about it, a fundamental reason why most social
media seems to have turned into an increasingly painful chore rather
than a joy to be anticipated, is that on most platforms they have
devolved into advertising, group and self-promotion, and commercial
content delivery systems (and worse) -- rather than venues to engage
in polite discussion with other individuals about areas of common
interest. In many cases, they've quite obviously degraded from happy serendipity to abysmal stupidity. That's just the reality. -L
------------------------------
Date: Fri, 1 Sep 2023 10:17:52 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Prescription drug ads on TV
Advertising of prescription drugs on television is an absolute travesty,
drives viewers nuts, and makes doctors' jobs even more difficult. The
decision to permit these ads at the behest of Big Pharma was one of the
worst ever.
The list of side effects in many TV prescription drug ads starts to
sound like a Monty Python script, especially when they include
completely OPPOSITE effects in the same list that goes on and on and
on. "Do not take if you or anyone in your immediate family suffers
from Dyatical Frombolini's Syndrome A-4Z031B3 or are allergic to
giraffes."
------------------------------
Date: Thu, 31 Aug 2023 17:18:25 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: NYTimes Spoofed to Hide Russian Disinformation Campaign
(Dark Reading)
"Operation Doppelganger" has convincingly masqueraded as multiple news sites with elaborate fake stories containing real bylines of journalists, blasting them out on social media platforms.
https://www.darkreading.com/threat-intelligence/new-york-times-spoofed-russian-disinformation-campaign
------------------------------
Date: Fri, 1 Sep 2023 16:51:49 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Kia and Hyundai Helped Enable a Crime Wave. They
Should Pay for It (*The New York Times*)
In a recent analysis of data from 37 American cities, the Council on
Criminal Justice, a nonpartisan think tank, suggested a hopeful trend the pandemic-era spike in crime may have peaked. The homicide rate has dropped significantly over the last year, based on data from 30 American cities. In many places, just about all types of violent crimes are down, in some areas substantially in Atlanta, for instance, there have been 21 percent fewer aggravated assaults, 28 percent fewer homicides and 56 percent fewer rapes
than at this point in 2022, according to police department data.
But theres a glaring exception: auto thefts. According to the Council on Criminal Justice, The number of vehicle thefts during the first half of 2023 was 33.5 percent higher, on average, than during the same period in
2022 representing 23,974 more vehicle thefts in the cities that reported data. In Philadelphia, Washington, D.C., Chicago, New Orleans, Buffalo and Durham, N.C., motor vehicle thefts this year have more than doubled relative
to last year, according to stats collected by Jeff Asher, a crime data
analyst. This week, The Baltimore Sun reported that auto thefts are on pace to more than double the total from last year, as reports through the first eight months of 2023 are already up 88 percent compared to all of 2022.
Why are so many cars getting stolen? Police departments and city officials point to this: Millions of Kias and Hyundais are ridiculously easy to steal.
https://www.nytimes.com/2023/09/01/opinion/kia-hyundai-tiktok.html?smid=nytcore-
ios-share&referringSource=articleShare
------------------------------
Date: Sat, 2 Sep 2023 17:06:13 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Food delivery robots under attack from vandals, thieves (YouTube)
The popularity of remote food delivery skyrocketed during the COVID-19 pandemic, and the trend has continued to help businesses thrive years
later. Unfortunately, some of the robotic delivery vehicles are taking a beating, with several viral videos showing people kicking the autonbots over and even stealing the products inside.
https://www.youtube.com/watch?v=X3C_rpUTYuk
I saw food delivery robots years ago on George Mason University campus. I
saw a student chasing one for his order because he forgot to update his
address so the robot wasn't going to where he lived.
That video is amazing -- worst interviewers I've seen. Inarticulate and just dumb. After being told the robots travel seven miles per hour, newsdroidette commented that it would take an hour to deliver a mile away.
------------------------------
Date: Sun, 3 Sep 2023 12:03:25 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Tesla owners are angry about buying their vehicles
right before the latest big price cuts and are letting Elon
Musk know: I feel completely duped. (Finance)
When Tesla slashes prices, as it did this week, shoppers looking for
electric vehicles generally benefit. But for anyone who buys a Tesla right before such price cuts, the frustration can be acute. Waiting just a little longer to buy, after all, could have saved them a significant amount of moneybut they had no way of knowing.
A risk for Elon Musks carmaker, which has repeatedly cut prices on its high-end models this year, is that existing customers will feel resentmentnot to mention see their vehicle lose valuewhile some shoppers
hesitate to buy because another price cut might be right around the corner.
After the carmaker made its latest price cuts on Thursday, new Tesla owners vented their frustration on social media, often addressing Musk in posts on
X (formerly Twitter), the social network he owns.
One tweet posted on Friday reads: Tesla screws with people so much when they drop price by $20k+. I just picked up my Model S Plaid one day ago,
drove less than 100 miles on it and I'm shafted by over $20k. TESLA NEVER AGAIN.
https://uk.finance.yahoo.com/news/tesla-owners-angry-buying-vehicles-210317476.html
[Monty found this item on Fortune:
https://fortune.com/2023/09/02/tesla-owners-angry-at-elon-musk-after-new-price-cuts/
PGN]
------------------------------
Date: Mon, 28 Aug 2023 19:13:16 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Eversource Notice of Data Security Incident
From: Eversource Energy
Date: August 28, 2023
Subject: Notice of Data Security Incident
Reply-To: communications@eversource.com
The security of our customers information is of paramount importance to
us. We recently learned that one of our vendors was among the companies that experienced a data breach incident directly related to the MOVEit data
transfer software vulnerability hack that has affected many other companies globally. The vendor, CLEAResult, is contracted to provide services to
energy efficiency programs for utilities in Massachusetts, including Eversource. Some of your information was contained in the CLEAResult files, such as your name, address, contact information
[Rest PGN-truncated. CLEARly written by a Chatbot?]
------------------------------
Date: Sat, 2 Sep 2023 20:33:09 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Mass. woman files class action lawsuit against StarnMarket for
allegedly sending her marketing texts after she opted out
(The Boston Globe)
It is illegal for companies to send consumers marketing text messages after they've opted out. They can be ordered to pay up to $1,500 per illegal text.
https://www.boston.com/news/local-news/2023/08/23/star-market-class-action-lawsuit-marketing-text-messages-opt-out-massachusetts/
------------------------------
Date: Sat, 2 Sep 2023 12:34:07 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Saudi man sentenced to death for tweets in harshest
verdict yet for online critics (NPR)
https://www.npr.org/2023/08/31/1196776390/saudi-arabia-man-death-sentence-tweets
[In Saudim, There's No Gomorrah, there's just ToPay. PGN]
------------------------------
Date: Sun, 3 Sep 2023 13:24:53 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: The endless battle to banish the world's most notorious
stalker website (WashPost)
For a year, a former Kiwi Farms user worked with transgender engineers to
keep the stalker site offline. Still, the website has endured.
https://www.washingtonpost.com/technology/2023/09/03/kiwifarms-website-offli= ne/
------------------------------
Date: Sat, 2 Sep 2023 03:44:54 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: Dragon Pizza owner on Portnoy feud: 'I'm receiving death threats'
(The Boston Globe)
https://www.boston.com/food/food/2023/09/01/barstools-dave-portnoy-gets-in-feud-with-dragon-pizza-owner/
ALSO: The story behind that profanity-laced pizza review video in Davis
Square
https://www.bostonglobe.com/2023/09/01/metro/story-behind-that-profanity-laced-pizza-review-video-davis-square/
------------------------------
Date: Wed, 30 Aug 2023 21:55:25 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: FCC says *too bad* to ISPs complaining that listing every fee is
too hard (Ars Technica)
https://arstechnica.com/?p=1964377
------------------------------
Date: Sun, 3 Sep 2023 19:43:25 PDT:
From: Peter G Neumann
Subject: Re: Lahaina: single points of failure (RISKS-33.81)
Maui Evacuation Alert Shows Limits of a Warning System
Dependent on Cellphones
Mike Baker, Sergio Olmos, and Eileen Sullivan
*The New York Times*, 3 Sep 2023
------------------------------
Date: Sat, 1 Jul 2023 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an
alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for
guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.82
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)