RISKS-LIST: Risks-Forum Digest Tuesday 19 September 2023 Volume 33 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

<http://catless.ncl.ac.uk/Risks/33.85>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Bots are Better than Humans at CAPCHAS (Bruce Schneier)
Cryptocurrency Startup Loses Encryption Key for Electronice
Wallet (Schneier via Gabe Goldberg)
What politicians are doing about the Internet, RIGHT NOW
(Lauren Weinstein)
Microsoft AI researchers accidentally exposed terabytes of internal
sensitive data (TechCrunch)
In Risky Hunt for Secrets, U.S. and China Expand Global Spy Operations
(NYTimes)
Chinese hackers have unleashed a never-before-seen Linux backdoor
(Ars Technica)
Scientists warn entire branches of the 'Tree of Life' are going extinct
(Yahoo! News)
Can the free market ensure artificial intelligence won't wipe out human
workers? (CBC)
DHS Issues Privacy/Civil Liberties Guidelines, *and* DHS Spies
Trouble in 2024 in election security (Politico)
Old Google vs. New Google (Lauren Weinstein)
Re: Pedestrian dies after Cruise cars block ambulance
(Geoff Kuenning, Henry Baker)
Re: Vintage Car prices (Joe Gwinn)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 15 Sep 2023 11:06:31 +0000
From: Bruce Schneier <schneier@schneier.com>
Subject: Bots are Better than Humans at CAPCHAS

[PGN-Excerpted from Bruce's latest issue. But why does Bruce have to
encode commas as "=2C"???? What is so special for Bruce's computer? As
Gertrude Stein might have written, a comma is a comma is a comma. PGN]

Abstract: For nearly two decades, CAPTCHAS have been widely used as a MEANS
OF PROTECTION AGAINST bots. Throughout the years, as their use grew,
techniques to defeat or bypass CAPTCHAS have continued to improve.
Meanwhile, CAPTCHAS have also evolved in terms of sophistication and
diversity, becoming increasingly difficult to solve for both bots (machines)
and humans. Given this long-standing and still-ongoing arms race, it is
critical to investigate how long it takes legitimate users to solve modern
CAPTCHAS, and how they are perceived by those users.

In this work, we explore CAPTCHAS *in the wild* by evaluating users' solving
performance and perceptions of *unmodified currently-deployed* CAPTCHAS. We
obtain this data through manual inspection of popular websites and user
studies in which 1,400 participants collectively solved 14,000
CAPTCHAS. Results show significant differences between the most popular
types of CAPTCHAS: surprisingly, solving time and user perception are not
always correlated. We performed a comparative study to investigate the
effect of experimental context specifically the difference between solving
CAPTCHAS directly versus solving them as part of a more natural task, such
as account creation. Whilst there were several potential confounding
factors, our results show that *experimental context* could have an impact
on this task, and must be taken into account in future CAPTCHA
studies. Finally, we investigate CAPTCHA-induced user task *abandonment* by
analyzing participants who start and do not complete the task.

Slashdot thread
[https://hardware.slashdot.org/story/23/08/10/0439241/bots-are-better-than-humans-at-cracking-are-you-a-robot-captcha-tests-study-f
inds].

And let's all rewatch this great ad
[https://www.youtube.com/watch?v=lhUuzWbrCgU] from 2022.

------------------------------

Date: Sat, 16 Sep 2023 16:37:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cryptocurrency Startup Loses Encryption Key for Electronic
Wallet (Schneier on Security)

The cryptocurrency fintech startup Prime Trust lost the encryption key to
its hardware wallet—and the recovery key—and therefore $38.9 million. It is
now in bankruptcy.

I can’t understand why anyone thinks these technologies are a good idea.

https://www.schneier.com/blog/archives/2023/09/cryptocurrency-startup-loses-encryption-key-for-electronic-wallet.html

I mean, nobody could have anticipated that happening... [!!!]

------------------------------

Date: Sun, 10 Sep 2023 08:11:37 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: What politicians are doing about the Internet, RIGHT NOW

Keep in mind that right now, at this very moment, politicians in BOTH
PARTIES are pushing legislation to require you to show a government ID to
use most major Internet sites. Some of these laws have already been passed,
and litigation all the way up to the Supreme Court is very likely. The goal
of BOTH PARTIES is to create a Chinese-style Internet with everyone fully
identified, all anonymity effectively lost (irrespective of the "safeguards"
U.S. officials will promise), and all content tightly micromanaged by
officials on the Left and Right not only to "protect the children" but to
keep all Internet users firmly under the government's control. Yes, it's
that bad. -L

------------------------------

Date: Mon, 18 Sep 2023 15:30:26 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Microsoft AI researchers accidentally exposed terabytes of internal
sensitive data (TechCrunch)

https://techcrunch.com/2023/09/18/microsoft-ai-researchers-accidentally-exposed-terabytes-of-internal-sensitive-data/

[Monty Solomon spotted the above and also found this:
Microsoft AI team accidentally leaks 38TB of private company data:
https://mashable.com/article/microsoft-ai-researchers-leaked-private-data-azure-link-github
PGN]

------------------------------

Date: Mon, 18 Sep 2023 10:34:42 -0400
From: Monty Solomon <monty@roscom.com>
Subject: In Risky Hunt for Secrets, U.S. and China Expand Global Spy Operations
(NYTimes)

The nations are taking bold steps in the espionage shadow war to try to
collect intelligence on leadership thinking and military capabilities.

https://www.nytimes.com/2023/09/17/us/politics/us-china-global-spy-operations.html

------------------------------

Date: Mon, 18 Sep 2023 19:55:29 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Chinese hackers have unleashed a never-before-seen Linux backdoor
(Ars Technica)

https://arstechnica.com/?p=1969201

------------------------------

Date: Tue, 19 Sep 2023 09:02:26 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Scientists warn entire branches of the 'Tree of Life'
are going extinct (Yahoo! News)

Humans are driving the loss of entire branches of the "Tree of Life,"
according to a new study published on Monday which warns of the threat of a
sixth mass extinction.

"The extinction crisis is as bad as the climate change crisis. It is not
recognized," said Gerardo Ceballos, professor at the National Autonomous
University of Mexico, and co-author of the study published in Proceedings
of the National Academy of Sciences (PNAS).

"What is at stake is the future of mankind," he told AFP.

The study is unique because instead of merely examining the loss of a
species, it examines the extinction of entire genera.

In the classification of living beings, the genus lies between the rank of
species and that of family. For example, dogs are a species belonging to
the genus canis -- itself in the canid family.

"It is a really significant contribution, I think the first time anyone has
attempted to assess modern extinction rates at a level above the species,"
Robert Cowie, a biologist at the University of Hawaii who was not involved
in the study, told AFP.

"As such it really demonstrates the loss of entire branches of the Tree of
Life," a representation of living things first developed by Charles Darwin.

The study shows that "we aren't just trimming terminal twigs, but rather
are taking a chainsaw to get rid of big branches," agreed Anthony Barnosky,
professor emeritus at the University of California, Berkeley.

The researchers relied largely on species listed as extinct by the
International Union for Conservation of Nature (IUCN). They focused on
vertebrate species (excluding fish), for which more data are available.

Of some 5,400 genera (comprising 34,600 species), they concluded that 73
had become extinct in the last 500 years -- most of them in the last two
centuries.

The researchers then compared this with the extinction rate estimated from
the fossil record over the very long term. [...]

https://news.yahoo.com/scientists-warn-entire-branches-tree-011943508.html

[If the skunks don't prevail, they will become Ex-Stinked. PGN]

------------------------------

Date: Mon, 18 Sep 2023 19:00:06 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Can the free market ensure artificial intelligence
won't wipe out human workers? (CBC)

https://www.cbc.ca/news/business/post-ai-jobs-column-don-pittis-1.6962905

What will you be doing only a decade from now when advanced versions of the
artificial intelligence program ChatGPT have wormed their way into the
fabric of life?