Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Pournelle must die!

computers / comp.risks / Risks Digest 34.08

SubjectAuthor
o Risks Digest 34.08RISKS List Owner

1
Risks Digest 34.08

<CMM.0.90.4.1708488522.risko@chiron.csl.sri.com10283>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=29&group=comp.risks#29

  copy link   Newsgroups: comp.risks
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 34.08
Date: 21 Feb 2024 04:11:36 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 560
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1708488522.risko@chiron.csl.sri.com10283>
Injection-Info: reader1.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="3675"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
 by: RISKS List Owner - Wed, 21 Feb 2024 04:11 UTC

RISKS-LIST: Risks-Forum Digest Tuesday 20 February 2024 Volume 34 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.08>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
How persuasive is AI-generated propaganda? (Lauren Weinstein)
New Era of AI Deepfakes Complicates 2024 Elections (WSJ)
Cybercriminals are stealing iOS users' face scans to break into mobile
banking accounts (The Register)
Air Canada chatbot makes up travel rules
Big Tech tells politicians: We'll control the deepfakes (Politico)
New bill would let defendants inspect algorithms used against them in court
(The Verge)
Chinese hackers infiltrated home wifi routers to attack infrastructure, FBI
warns (MSN)
DOJ quietly removed Russian malware from routers in U.S. homes and
businesses (ArsTechnica)
TETRA Radio Code Encryption Has a Flaw: A Backdoor (WiReD)
Chinese hackers infiltrated home wifi routers to attack
infrastructure, FBI warns (MSN)
The $50K Scam: FTC, CIA, and Amazon Weigh In on NY Magazine's Charlotte
Cowles (The New York Times)
TETRA Radio Code Encryption Has a Flaw: A Backdoor (WiReD)
Powerball Posted the Wrong Numbers. Now He’s Suing for $340M (NYTimes)
`Most Wanted’ man pleads guilty in cyberattack that upended Vermont hospital
(The Globe)
Nginx core developer quits project in security dispute, starts free-nginx
fork (ArsTechnica)
Officials Investigate How a Woman Flew to Los Angeles Without a Ticket
(NYTimes)
This Is Why Tesla's Stainless Steel Cybertrucks May Be Rusting (WiReD)
The Tech Friend: Apple's nanny state (WashPost)
An Important Security Message from Wyze (via Victor Miller)
Report on Intelligent Vehicle Dependability and Security
(Chuck Weinstock)
Re: Odometers: A voting machine analogue (Wol)
Re: Tesla's latest screwup (Andrew)
Re: Waymo recalls software after two self-driving cars hit
the same truck (Ned Harris, Sam Bull)
Re: Software bloat (Roderick Rees)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 20 Feb 2024 17:20:28 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: How persuasive is AI-generated propaganda?

A LOT. -L

https://academic.oup.com/pnasnexus/article/3/2/pgae034/7610937?searchresult=1&login=false

------------------------------

Date: Thu, 15 Feb 2024 08:43:03 -0500
From: Monty Solomon <monty@roscom.com>
Subject: New Era of AI Deepfakes Complicates 2024 Elections
(WSJ)

Deceptive videos, audio and images are more sophisticated, easier to make as
tech industry wrestles with how to keep up

https://www.wsj.com/tech/ai/new-era-of-ai-deepfakes-complicates-2024-elections-aa529b9e

------------------------------

Date: Sun, 18 Feb 2024 12:50:14 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Cybercriminals are stealing iOS users' face scans to
break into mobile banking accounts (The Register)

Deepfake-enabled attacks against Android and iPhone users are netting
criminals serious cash.

https://www.theregister.com/2024/02/15/cybercriminals_stealing_face_id/

------------------------------

Date: Fri, 16 Feb 2024 20:41:32 -0500
From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
Subject: Air Canada chatbot makes up travel rules (ArsTechnica)

A customer asked the Air Canada chatbot about the rules for bereavement
fares. The customer believed the chatbot's answer (basically "buy the
ticket and then ask for a credit"), but Air Canada refused to honor the
guidance, since elsewhere on the site it had a different set of rules. The
court ruled that Air Canada had to honor the instructions provided by the
chatbot, rejecting Air Canada's statement that the customer never should
have trusted the chatbot and the airline should not be liable for the
chatbot's misleading information because Air Canada essentially argued that
"the chatbot is a separate legal entity that is responsible for its own
actions."

"Air Canada argues it cannot be held liable for information provided by one
of its agents, servants, or representatives -- including a chatbot," [= the
judge] wrote. "It does not explain why it believes that is the case" or "why
the webpage titled 'Bereavement travel' was inherently more trustworthy than
its chatbot."

The chatbot is apparently no longer active on the Air Canada site.

This was a case in Canada involving a Canadian and a Canadian company.
IANAL, so curious what the analogous results would be in the US or other
countries. This certainly won't be the only case where a chatbot will give
erroneous advice. This isn't to say that human customer service agents
never make mistakes (we all do!), but the attempt to avoid responsibility
is troubling.

https://arstechnica.com/tech-policy/2024/02/air-canada-must-honor-refund-po=
licy-invented-by-airlines-chatbot/

[Matthew Kruk noted this:
Air Canada found liable for chatbot's bad advice
on airline tickets
https://www.cbc.ca/news/canada/british-columbia/air-canada-chatbot-lawsuit-1.7116416
Monty Solomon found this:
Air Canada must honor refund policy invented by airline’s chatbot
https://arstechnica.com/tech-policy/2024/02/air-canada-must-honor-refund-policy-invented-by-airlines-chatbot/
PGN]

------------------------------

Date: Fri, 14 Feb 2024 17:42:11 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Big Tech tells politicians: We'll control the deepfakes
(Politico)

Laurens Cerulus, Antoaneta Roussi, Gian Volpicelli,
Politico, 16 Feb 2024,

Munich -- The world's largest technology companies on Friday announced an
industry alliance to stop AI-generated pictures and clips from disrupting
elections taking place around the world in 2024.

------------------------------

Date: Sat, 17 Feb 2024 20:23:27 -0500
From: Monty Solomon <monty@roscom.com>
Subject: New bill would let defendants inspect algorithms used
against them in court (The Verge)

https://www.theverge.com/2024/2/15/24074214/justice-in-forensic-algorithms-act-democrats-mark-takano-dwight-evans

------------------------------

Date: Thu, 15 Feb 2024 16:08:18 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Chinese hackers infiltrated home wifi routers to attack
infrastructure, FBI warns

On Wednesday, the FBI said Volt Typhoon had used its malware to disguise the
fact that the hack had been conducted by the Chinese government, adding that
the “vast majority” of routers affected were out-of-date Cisco and NetGear
machines that had not received recent security updates.

Unlike previous attacks, the hack was directed at internet routers in small
businesses and home offices, rather than at government agencies or
infrastructure providers.

https://www.msn.com/en-us/money/other/chinese-hackers-infiltrated-home-wifi-routers-to-attack-infrastructure-fbi-warns/ar-BB1hza67

------------------------------

Date: Sat, 17 Feb 2024 21:44:44 -0500
From: Monty Solomon <monty@roscom.com>
Subject: DOJ quietly removed Russian malware from routers in US
homes and businesses (ArsTechnica)

https://arstechnica.com/?p=2003936

------------------------------

Date: Thu, 15 Feb 2024 16:09:46 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: TETRA Radio Code Encryption Has a Flaw: A Backdoor (WiReD)

A secret encryption cipher baked into radio systems used by critical
infrastructure workers, police, and others around the world is finally
seeing sunlight. Researchers say it isn’t pretty.

https://www.wired.com/story/tetra-radio-encryption-backdoor/

------------------------------

Date: Thu, 15 Feb 2024 16:08:18 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Chinese hackers infiltrated home wifi routers to attack
infrastructure, FBI warns (MSN)

On Wednesday, the FBI said Volt Typhoon had used its malware to disguise the
fact that the hack had been conducted by the Chinese government, adding that
the “vast majority” of routers affected were out-of-date Cisco and NetGear
machines that had not received recent security updates.

Unlike previous attacks, the hack was directed at Internet routers in small
businesses and home offices, rather than at government agencies or
infrastructure providers.

https://www.msn.com/en-us/money/other/chinese-hackers-infiltrated-home-wifi-routers-to-attack-infrastructure-fbi-warns/ar-BB1hza67

------------------------------

Date: Sat, 17 Feb 2024 14:07:51 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The $50K Scam: FTC, CIA, and Amazon Weigh In
on NY Magazine's Charlotte Cowles (The New York Times)

What Amazon, FTC, and CIA Won't Say When You've Been Scammed

New York magazine’s money columnist wrote about being conned out of $50,000
by crooks pretending to be from Amazon and government agencies. We asked
the company and agencies for comment.


Click here to read the complete article

computers / comp.risks / Risks Digest 34.08

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor