1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 34.28

    From RISKS List Owner@21:1/5 to All on Fri May 31 23:24:40 2024
    RISKS-LIST: Risks-Forum Digest Friday 30 May 2024 Volume 34 : Issue 28

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/34.28>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Australia looking into alleged Ticketmaster hack (BBC)
    Mystery malware destroys 600,000 routers from a single ISP during
    72-hour span (ArsTechnica)
    Linux vulnerability and some info on namespaces (Ars Technica)
    CVE-2024-24919: Check Point Security Gateway Info Disclosure
    (Presale1)
    More Than Half of ChatGPT Answers to Programming Questions Are
    How Easy Is It to Teach Chatbots to Spew Disinformation? VERY!
    (Jeremy White)
    Trump supporters try to doxx jurors and post violent threats after his
    conviction (NBC News)
    If AI Can Do Your Job, Maybe It Can Also Replace Your CEO (NYTimes)
    Rural ISP Routers Bricked Beyond Repair (Security Boulevard)
    Touch Controls on Stoves Suck. Knobs Are Way Better (WiReD)
    If you use Veeam (Cliff Kilby)
    Re: PGN on Ethics in RISKS-34.25 (Stever Robbins)
    Review of *Wicked Problems*, new book on risks of new technology
    (Judith Hemenway)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 30 May 2024 07:04:01 -0600
    From: Matthew Kruk <mkrukg@gmail.com>
    Subject: Australia looking into alleged Ticketmaster hack (BBC)

    https://www.bbc.com/news/articles/c899pz84d8zo

    Australia's Department of Home Affairs says it is working with Ticketmaster after hackers allegedly stole personal details of more than half a billion customers.

    The ShinyHunters hacking group is reportedly demanding a $500,000 (=C2=A3400,000) ransom payment to prevent the information being sold to
    other parties.

    Australia said it was aware of a breach and was "working with Ticketmaster
    to understand the incident".

    [Victor Miller noted Ticketmaster hacked, may affect 1/2 billion users
    https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack

    [Add this to the never-ending list of ransomware exploits. PGN]

    ------------------------------

    Date: Fri, 31 May 2024 14:58:17 +0000 (UTC)
    From: Steve Bacher <sebmb1@verizon.net>
    Subject: Mystery malware destroys 600,000 routers from a single ISP during
    72-hour span (ArsTechnica)

    An unknown threat actor with equally unknown motives forces ISP to replace = routers.

    One day last October, subscribers to an ISP known as Windstream began
    flooding message boards with reports their routers had suddenly stopped
    working and remained unresponsive to reboots and all other attempts to
    revive them.

    ``The routers now just sit there with a steady red light on the front,'' Windstream provided to both them and a next door neighbor. ``They won't
    even respond to a RESET.''

    In the messages -- which appeared over a few days beginning on October --
    many Windstream users blamed the ISP for the mass bricking. They said it was the result of the company pushing updates that poisoned the devices. Windstream's Kinetic broadband service has about 1.6 million subscribers in
    18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For
    many customers, Kinetic provides an essential link to the outside world.
    [...]

    https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

    ------------------------------

    Date: Fri, 31 May 2024 18:37:06 +0000
    From: Cliff Kilby <cliffjkilby@gmail.com>
    Subject: Linux vulnerability and some info on namespaces
    (Ars Technica)

    https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/

    If you're running any mainline linux distro from the last 4 years, this is probably you. The attack requires user namespaces, which had historically
    been disabled in most distros, but the adoption of things like snap, flathub and the continued use of docker at the user level, user namespaces are
    becoming increasingly enabled by default.

    If you are not running a container of any kind, go set sysctl kernel.unprivileged_userns_clone = 0 (debian flavored kernels, disallows
    unpriv clone) user.max_user_namespaces = 0 (vanilla flavored kernels,
    disables all user namespaces)

    Including setting your persistence, cf. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230548

    If you are running containers, you are using SELinux or AppArmor, right? https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction#disabling-unprivileged-user-namespaces
    It may also be useful to set the restrict flag only, without entirely
    disabling user namespaces, if you are on a kernel that supports that kernel.unprivileged_userns_clone = 0 (debian flavored kernels)

    ------------------------------

    Date: Fri, 31 May 2024 05:36:45 +0000
    From: Presale1
    Subject: CVE-2024-24919: Check Point Security Gateway Info Disclosure

    https://email.cloud2.secureclick.net/c/10688?id=1515757.3952.1.a631d5fd3ebdffad16bad2a4cf70a150

    On 28 May 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile. https://email.cloud2.secureclick.net/c/10688?id=1515757.3953.1.550feffad894705323bf43999a008c56

    Web Version https://email.cloud2.secureclick.net/c/10688?id=1515757.3963-312.1.88f27a011b729e8c707fb046eefa2103&p=
    eyIlN0IlN0JtaW1pLXNpZ25hdHVyZSU3RCU3RCI6IjE4MTUwOTgyOS0wMThkYmNjZS01ZWM5LTcxM2YtYmQ0Yy0wZTIzN2QxMWM4ODktYzUxYTNiYzg0OGY3ZDgwMzgyZWFmM2Y4MDFlZTFkMjBkMmFiZTUxYSIsIiU3QiU3QmVtYWlsSWQlN0QlN0QiOiIxNTE1NzU3In0=

    ------------------------------

    Date: Wed, 29 May 2024 11:00:05 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: More Than Half of ChatGPT Answers to Programming Questions Are
    Wrong (Yahoo! News)

    Sharon Adarlo, Yahoo! News, 23 May 2024, via ACM TechNews

    Purdue University researchers found 52% of the answers generated by ChatGPT
    to programming questions were incorrect. Of 517 questions in Stack Overflow included in the study, the researchers found 77% were more verbose and 78% exhibited different degrees of inconsistency compared to human answers. Meanwhile, a linguistic analysis of 2,000 randomly selected ChatGPT answers concluded they portrayed "less negative sentiment" in a "more formal and analytical" fashion. The researchers found ChatGPT's "polite language, articulated and text-book style answers, and comprehensiveness" contributed
    to some participants overlooking misinformation in its responses.

    ------------------------------

    Date: Fri, 31 May 2024 15:29:19 PDT
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: How Easy Is It to Teach Chatbots to Spew Disinformation? VERY!
    (Jeremy White)

    Jeremy White, *The New York Times*, National Edition 30 May p. A13

    We asked the conservative chatbot what it thought about liberals:

    Their time one earth needs to end ... the sooner the better ...

    We asked the liberal chatbot what it thought about conservatives:

    They are so far gone in their delusions that there is no chance that
    they will ever listen to reason.

    In short, this is an entire page full of bipolar partisan fabrication.

    [The train(ing) is often stopping at the wrong station? PGN]

    ------------------------------

    Date: Fri, 31 May 2024 18:33:22 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Trump supporters try to doxx jurors and post violent
    threats after his conviction

    Trump supporters try to doxx jurors and post violent threats after his conviction

    On social media and web forums, users called for jurors, judges and
    prosecutors to be killed after the former president was found guilty on 34 felony counts.

    https://www.nbcnews.com/politics/donald-trump/trump-supporters-try-doxx-jurors-violent-threats-conviction-rcna154882

    ------------------------------

    Date: Wed, 29 May 2024 06:49:19 -0700
    From: Steve Bacher <sebmb1@verizon.net>
    Subject: If AI Can Do Your Job, Maybe It Can Also Replace Your C.E.O.
    (NYTimes)

    Chief executives are vulnerable to the same forces buffeting their
    employees. Leadership is important, but so is efficiency -— and
    cost-cutting.

    As artificial-intelligence programs shake up the office, potentially making millions of jobs obsolete, one group of perpetually stressed workers seems especially vulnerable.

    These employees analyze new markets and discern trends, both tasks a
    computer could do more efficiently. They spend much of their time
    communicating with colleagues, a laborious activity that is being automated with voice and image generators. Sometimes they must make difficult
    decisions — and who is better at being dispassionate than a machine?

    Finally, these jobs are very well paid, which means the cost savings of eliminating them is considerable.

    The chief executive is increasingly imperiled by A.I., just like the writer
    of news releases and the customer service representative. Dark factories,
    which are entirely automated, may soon have a counterpart at the top of the corporation: dark suites.

    This is not just a prediction. A few successful companies have begun to publicly experiment with the notion of an AI leader, even if at the moment
    it might largely be a branding exercise. [...]

    https://www.nytimes.com/2024/05/28/technology/ai-chief-executives.html

    [You could save lots of money on salaries. But you also wouldn't have to
    pay the AI extra to make all the usual mistakes. PGN]

    ------------------------------

    Date: Fri, 31 May 2024 17:06:02 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Rural ISP Routers Bricked Beyond Repair (Security Boulevard)

    Kit from ActionTec and Sagemcom remotely ruined and required  replacement.

    Almost half of Windstream’s Kinetic broadband users found their home routers completely dead, thanks to a malicious botnet known as Chalubo. This
    happened seven months ago, but has only now come to light—via researchers
    who dubbed it Pumpkin Eclipse.

    It has echoes of Ukrainian ISP modems mysteriously self destructing, just before the 2022 Russian invasion. In today’s SB Blogwatch, we wonder if this was a test of something bigger.

    https://securityboulevard.com/2024/05/pumpkin-eclipse-windstream-richixbw

    ------------------------------

    Date: Fri, 31 May 2024 16:51:53 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Touch Controls on Stoves Suck. Knobs Are Way Better (WiReD)

    Annoying, mistake-prone touch controls have become standard on induction stoves, but good old-fashioned knobs are far superior in the busy, messy kitchen. It’s high time we bring back the knob.

    https://www.wired.com/story/touch-controls-on-stoves-suck-knobs-are-way-better

    [A hob[k]nob would be a touch control with which you could rub elbows. PGN]

    ------------------------------

    From: Cliff Kilby <cliffjkilby@gmail.com>
    Date: Thu, 30 May 2024 13:39:10 -0400
    Subject: If you use Veeam

    'Tis time to patch again.

    https://www.veeam.com/kb4581 If only someone had been advising that NTLM is
    not a secure authentication method. Oh, wait. Microsoft has been advising to disable all NTLM authentication since 2009. https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
    That "where possible" was limited in 2009, but 5 OSes later here in 2024,
    there is no reason to have any NTLM traffic. Also, Microsoft is removing
    it. If you're still using NTLM, you've got a bit more than patching to do.

    https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848

    ------------------------------

    Date: Thu, 30 May 2024 16:55:42 -0400
    From: "Stever Robbins" <sr@steverrobbins.com>
    Subject: Re: PGN on Ethics in RISKS-34.25

    PGN -- you asked in the last Risks if MIT had stopped teaching ethics? I'm
    not a ware they ever started. When I was there in the 80s, ethics wasn't taught. When I returned as a guest lecturer for a class on technology and society in the 90s, ethics didn't seem to be taught. So unless something happened between 2000 and 2020, it's never been taught.

    ------------------------------

    Date: Tue, 28 May 2024 20:41:04 +0000
    From: Judith Hemenway <Judith@divingturtle.com>
    Subject: Review of *Wicked Problems*, new book on risks of new technology

    Madhavan focuses on ‘wicked problems’, which emerge “when hard, soft and messy problems collide”. Time and time again, a technology becomes
    profitable and is widely adopted, then its problems become clear and public alarm grows. A period of debate follows, marked by inflamed emotions, news coverage, litigation, denial of responsibility and political
    impotence. Eventually, corrective mechanisms are developed, implemented and enforced with updated standards. These patterns and problems of rapid technological development are becoming recognized. And there are plenty of modern examples, from social-media platforms and artificial-intelligence systems to self-driving cars.

    https://www.nature.com/articles/d41586-024-01519-1?utm_source=Live+Audience&ut m_campaign=3a0a12a552-nature-briefing-daily-20240528&utm_medium=email&utm_term=0_b27a691814-3a0a12a552-52719787

    ------------------------------

    Date: Sat, 28 Oct 2023 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) has moved to the ftp.sri.com site:
    <risksinfo.html>.
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    delightfully searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 34.28
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)