RISKS-LIST: Risks-Forum Digest Friday 29 September 2023 Volume 33 : Issue 87

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.87>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Cal. Gov. vetoes autonomous trucking bill (TechCrunch)
Search for phone signal caused oil spill, say Japanese investigators
(The Register)
The UK passes massive online safety bill (The Verge)
Egyptian presidential hopeful targeted by Predator spyware (WashPost)
Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised
Exploit: All Details (MIT Technology News)
Cryptocurrency's First Year After the FTX Blowup: `It’s Been Miserable’
(Bloomberg)
The FTX trial is bigger than Sam Bankman-Fried (The Verge)
The risks of machine learning psychotherapy with voice interfaces (Gizmodo) Artificial intelligence poses 'risk ofextinction,' tech execs and experts
warn (CBC)
AI adapters and opponents debate the future of work (CBC)
AI will soon be able to cover public meetings. But should it?
(Nieman Lab)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
(Ars Technica)
Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen)
MGM and Caesars casino hacks point to an alliance of teens and ransomware
gangs (WashPost)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
(Ars Technica)
A food delivery robot's footage led to a criminal conviction in LA
(Engadget)
Apple warns Russian journalists of Pegasus iPhone infections
(Monty Solomon)
Is there really an information security jobs crisis? (Ben Rothke)
Metaverse: What happened to Mark Zuckerberg's next big thing? (BBC)
New York Bans Facial Recognition in Schools (AP)
Re: Misinformation research is buckling under GOP
legal attacks (Amos Shapir)
Re: Google accused of directing motorist to drive off collapsed
bridge (David Landgren)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 27 Sep 2023 16:51:39 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Cal. Gov. vetoes autonomous trucking bill (TechCrunch)

Governor Gavin Newsom just vetoed a bill banning fully driverless AV trucks.

https://techcrunch.com/2023/09/24/california-governor-vetoes-bill-to-ban-driverless-av-trucks/

California governor vetoes bill to ban driverless AV trucks
Rebecca Bellan@rebeccabellan, 24 Sep 2023

"California Gov. Gavin Newsom vetoed a bill Friday that would have
required a human safety operator to be present any time a self-driving
truck operated on public roads in the state."

https://legiscan.com/CA/text/AB316/id/2789644

I'm very concerned that the risks associated with driverless trucks have not been fully vetted, e.g.,Timothy McVeigh.

For those of you who weren't born yet, Timothy McVeigh blew up the Alfred
P. Murrah Federal Building in Oklahoma City in 1995, killing 168 people,
using a rental truck full of an improvised fertilizer bomb.

https://en.wikipedia.org/wiki/Timothy_McVeigh

It's not clear whether forcing AV's to also have human drivers ('featherbedders'?) would have stopped a McVeigh-type attack, but it would
have thrown up an additional barrier.

California (and most other states) have severe penalties for driving while 'impaired' -- e.g., under the influence of alcohol or marijuana. Truck
drivers have substantial additional requirements in training, licensing and records keeping -- e.g., number of continuous hours on the roads, etc.

How do you even test an AI driver for `impairment'? Do you use a
`hackalyzer'? Does the AI have to get out of the vehicle and walk a
straight line? Is AI impairment even decidable?

How does a patrol car even `pull over' an AV?

At least for the moment, AI's have no 4th and 5th amendment rights, so there are no civil rights to violate when asking ``Ihre Papiere, bitte?'', but apparently there are no mechanisms to actually check the credentials of AI truck drivers before they enter the Yerba Buena Tunnel or the Holland
Tunnel?

Many tunnels don't want RV's with propane tanks, but zombie AV's are OK?

Starlink now offers high-speed Internet for vehicles, including trucks. Yet Elon Musk was roundly criticized for prohibiting Ukraine's use of Starlink
for AV weapons. Perhaps Elon's worries about weaponized AV's shouldn't be dismissed out of hand?

https://tuckstruck.net/truck-and-kit/geekery/starlink-mobile-roaming/

https://apnews.com/article/spacex-ukraine-starlink-russia-air-force-fde93d9a69d7dbd1326022ecfdbc53c2

Elon Musk's refusal to have Starlink support Ukraine attack in Crimea raises questions for Pentagon

Tara Copp, Updated 3:42 PM PDT, 11 Sep 2023

https://www.reuters.com/technology/musk-experts-urge-pause-training-ai-systems-that-can-outperform-gpt-4-2023-03-29/

I hate to sound like a Luddite, but I don't think that these breathless AV
aficionados have completely thought all of these risks through.

------------------------------

Date: Fri, 29 Sep 2023 15:57:49 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Search for phone signal caused oil spill, say Japanese
investigators (The Register)

Laura Dobberstein, *The Register*, 29 Sep 2023

Japan’s Transport Safety Board on Thursday judged that a cargo ship that spilled 1,000 tons of fuel oil into a pristine marine environment off the
coast of Mauritius in 2020 was traveling off course in search of a cell
phone signal.

https://www.theregister.com/2023/09/29/signal_search_caused_oil_spill/

------------------------------

Date: Wed, 20 Sep 2023 02:29:35 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The UK passes massive online safety bill (The Verge)

https://www.theverge.com/2023/9/19/23880919/uk-passes-massive-online-safety-bill

------------------------------

Date: Wed, 27 Sep 2023 13:32:17 -0400
From: Monty Solomon <monty@roscom.com>
Subject N:ew Green Line extension already so defective that trains are
forced to move at walking pace (The Boston Globe)

https://www.bostonglobe.com/2023/09/26/metro/mbta-green-line-extension-new-slow-zones/

[Walking is appropriate for Green Parties. PGN]

------------------------------

Date: Fri, 29 Sep 2023 19:31:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Egyptian presidential hopeful targeted by Predator spyware
(*The Washington Post*)

Rare ‘zero-day’ exploit used in failed hacking attempt that researchers say was probably conducted by the Egyptian government

https://www.washingtonpost.com/investigations/2023/09/23/predator-egypt-hack-spyware-iphone/

------------------------------

Date: Mon, 25 Sep 2023 09:18:37 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised
Exploit: All Details (MIT Technology News)

https://www.gadgets360.com/cryptocurrency/news/web3-firm-mixin-network-hacked-usd-200-million-stolen-centralised-exploit-4422486

[Monty Solomon noted this:
Hackers steal $200M from crypto company Mixin https://techcrunch.com/2023/09/25/hackers-steal-200-million-from-crypto-company-mixin/

------------------------------

Date: Fri, 29 Sep 2023 19:02:34 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Cryptocurrency's First Year After the FTX Blowup:
`It’s Been Miserable’ (Bloomberg)

As Sam Bankman-Fried heads to trial, many digital-asset players remain in survival mode.

https://www.bloomberg.com/news/features/2023-09-29/sam-bankman-fried-trial-crypto-s-first-year-after-ftx-blowup-miserable

------------------------------

Date: Thu, 28 Sep 2023 20:46:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The FTX trial is bigger than Sam Bankman-Fried
(The Verge)

https://www.theverge.com/2023/9/28/23893269/ftx-sam-bankman-fried-trial-evidence-crypto

------------------------------

Date: Thu, 28 Sep 2023 13:29:50 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: The risks of machine learning psychotherapy with voice
interfaces (Gizmodo)

OpenAI Employee Discovers Eliza Effect, Gets Emotional

ChatGPT's new text-to-voice feature has one OpenAI's head of safety
systems feeling *heard & warm*, while other experiments with AI therapy have been a disaster.

Designing a program in such a way that it can truly convince someone that another human is on the other side of the screen has been a goal of AI developers since the concept took its first steps toward reality. Research company OpenAI recently announced that its flagship product ChatGPT would be getting eyes, ears, and a voice in its quest to appear more human. Now, an
AI safety engineer at OpenAI says she got “quite emotional” after using the chatbot’s voice mode to have an impromptu therapy session.""

https://gizmodo.com/openai-employee-discovers-eliza-effect-gets-emotional-1850877739

------------------------------

Date: Tue, 26 Sep 2023 18:22:45 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Artificial intelligence poses 'risk of extinction,' tech execs and
experts warn (CBC)

https://www.cbc.ca/news/world/artificial-intelligence-extinction-risk-1.6859118

------------------------------

Date: Wed, 27 Sep 2023 14:39:25 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: AI adapters and opponents debate the future of work (CBC)

Artificial intelligence is becoming a major part of our world and has the potential to change work forever, but is it a threat or an opportunity? The National brings together people using AI to improve their work or workplace
and others who see it as a hazard to their jobs.

http://www.cbc.ca/player/play/2267202115683

------------------------------

Date: Tue, 26 Sep 2023 11:33:23 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: AI will soon be able to cover public meetings. But should it?
(Nieman Lab)

AI will soon be able to cover public meetings. But should it? <#>

“Is it ready for primetime, ready to be released to the masses? Absolutely not...But can it be done? Can you design an AI system that attends a city meeting and generates a story? Yeah, I did it.”

https://www.niemanlab.org/2023/06/ai-will-soon-be-able-to-cover-public-meetings-but-should-it/

------------------------------

Date: Tue, 26 Sep 2023 19:44:01 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: GPUs from all major suppliers are vulnerable to new pixel-stealing
attack (Ars Technica)

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/

------------------------------

Date: Fri, 29 Sep 2023 11:26:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen)

Lucas Laursen, *IEEE Spectrum*, 27 Sep 2023,
via ACM TechNews, 29 Sep 2023

A group of Nigerian hacker-activists aims to collect and share data to
increase public awareness of pollution caused by oil spills. The Media Awareness and Justice Initiative (MAJI) is organizing a low-cost air
pollution monitoring network, and last year the group began installing
the first of 15 air quality sensors in and around the city of Port
Harcourt. The sensors monitor particulate matter, temperature,
humidity, and atmospheric pressure to test for air pollution and
hopefully determine its origin. MAJI has deployed two community
networks to provide Internet access. MAJI's Okoro Onyekachi said the organization releases its data through a Web portal, radio, and social
and print media in the hope of having a greater impact on polluters.

------------------------------

Date: Sat, 23 Sep 2023 22:03:22 -0400
From: Monty Solomon <monty@roscom.com>
Subject: MGM and Caesars casino hacks point to an alliance of teens
and ransomware gangs (WashPost)

Security experts worry a group of English-speaking hackers has allied
itself with forces responsible for the Colonial Pipeline ransomware attack.

https://www.washingtonpost.com/technology/2023/09/22/mgm-hack-laid-to-star-fraud/

------------------------------

Date: Tue, 26 Sep 2023 19:44:01 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: GPUs from all major suppliers are vulnerable to new pixel-stealing
attack (Ars Technica)

https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/

------------------------------

Date: Thu, 28 Sep 2023 20:55:16 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A food delivery robot's footage led to a criminal conviction in LA
(Engadget)

https://www.engadget.com/a-food-delivery-robots-footage-led-to-a-criminal-conviction-in-la-190854339.html

------------------------------

Date: Wed, 20 Sep 2023 02:25:35 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Apple warns Russian journalists of Pegasus iPhone infections

https://appleinsider.com/articles/23/09/16/apple-warns-russian-journalists-of-pegasus-iphone-infections

------------------------------

Date: Sun, 24 Sep 2023 10:28:23 -0400
From: Ben Rothke <brothke@gmail.com>
Subject: Is there really an information security jobs crisis?

There are countless reports that there are millions of open information security jobs.

My take on the situation is that the numbers being touted are way, way off.

https://brothke.medium.com/is-there-really-an-information-security-jobs-crisis-a492665f6823?sk=9dfae4d5614a4ad4681bbfb8e58a99dc

------------------------------

Date: Mon, 25 Sep 2023 19:48:27 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Metaverse: What happened to Mark Zuckerberg's next big thing?
(BBC)

https://www.bbc.com/news/technology-66913551

" Reality Labs -- which as the name suggests is Meta's virtual and augmented reality branch -- has lost a staggering $21 billion since last year."

------------------------------

Date: Fri, 29 Sep 2023 11:26:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: New York Bans Facial Recognition in Schools (AP)

Carolyn Thompson, *Associated Press*, 27 Sep 2023,
via ACM TechNews, 29 Sep 2023

New York State has prohibited facial recognition in schools, following
last month's report by the state's Office of Information Technology
Services acknowledging that the risks of the technology's use may
outweigh its security benefits. The analysis cited facial
recognition's "potentially higher rate of false positives for people
of color, non-binary and transgender people, women, the elderly, and
children." The report added that biotechnology would not prevent
students from entering schools "unless an administrator or staff
member first noticed that the student was in crisis, had made some
sort of threat, or indicated in some other way that they could be a
threat to school security." Decisions on digital fingerprinting and
other biometric solutions are left up to local districts, per New York Education Commissioner Betty Rosa's directive.

------------------------------

Date: Sun, 24 Sep 2023 12:49:52 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: Misinformation research is buckling under GOP
legal attacks (RISKS-33.86)

"... they had planned to use the grants to fund projects on noncontroversial topics such as nutritional guidelines..." -- Sorry, too late!

See for example: https://www.theguardian.com/environment/2023/aug/18/gigantic-power-of-meat-industry-blocking-green-alternatives-study-finds

Nothing is non-political any more...

------------------------------

Date: Mon, 25 Sep 2023 14:00:57 +0200
From: David Landgren <david@landgren.net>
Subject: Re: Google accused of directing motorist to drive off collapsed bridge
(Kruk, RISKS-33.86)

The obvious question to ask is what happens to a driver who *wasn't* using a Google app and drove off the collapsed bridge and died? The only third party who could be held responsible is the municipality that failed to block off
the access in a way that no car could get through. And that would still
hold true regardless of what method of navigation the person was using. A couple of large blocks of concrete would do the job.

Can't really fault Google here.

------------------------------

Date: Sat, 1 Jul 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.87
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)