Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose

computers / comp.risks / Risks Digest 34.09

SubjectAuthor
o Risks Digest 34.09RISKS List Owner

1
Risks Digest 34.09

<CMM.0.90.4.1709785452.risko@chiron.csl.sri.com1251>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=30&group=comp.risks#30

  copy link   Newsgroups: comp.risks
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!.POSTED.panix1.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 34.09
Date: 7 Mar 2024 04:27:39 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 524
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1709785452.risko@chiron.csl.sri.com1251>
Injection-Info: reader1.panix.com; posting-host="panix1.panix.com:166.84.1.1";
logging-data="7028"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
 by: RISKS List Owner - Thu, 7 Mar 2024 04:27 UTC

RISKS-LIST: Risks-Forum Digest Wednesday 6 March 2024 Volume 34 : Issue 09

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.09>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: BACKLOGGED -- MORE TO COME
White House urges developers to dump C and C++ (Steve Bacher)
NZ Leap Day Self Pay Petrol Pump Failures (sundry via
Jim Geissman and Brian Inglis)
Risks of Leap Years and Dumb Digital Watches (Mark Brader)
Health-care hack spreads pain across hospitals and doctors
nationwide (WashPost via Jan Wolitzky)
Cyberattack Paralyzes the Largest U.S. Health Care Payment System
(NYTimes.com via Jim Geissman)
Re: Healthcare Cyberattack (Doug McIlroy)
More than 2 Million Research Papers Have Disappeared from the
Internet (Sarah Wild)
GitHub Besieged by Millions of Malicious Repositories in
Ongoing Attack (Dan Goodin)
A Vending Machine Error Revealed Secret Face Recognition Tech (WiReD)
Vending machines had eyes all over this Ontario campus until the students
wised up (CBC)
End-to-End Encryption under attack in Nevada (Mastodon)
1-million books and 4-months later, Toronto's library recovers from a
cyberattack (CBC via Matthew Kruk)
Anycubic 3D Printers Hacked in Attempt to Inform Owners of
Security Hole (Christopher Harper)
'Keytrap' DNS bug threatens widespread Internet outages (Becky Bracken)
Wyze security issue exposed private cameras to strangers (Heather Kelly)
Fingerprints Recreated from Sounds of Swiping a Touchscreen (Mark Tyson)
Algorithm Reveals What's Hidden (Rizwan Choudhury)
'AI Godfather', Others Urge More Deepfake Regulation (Amy Tong)
AI feedback loop will spell death for future generative models (TechSpot)
Malware Worm Can Poison ChatGPT, Gemini-Powered Assistants (Kate Irwin)
"AI Warfare Is Already Here" (Katrina Manson)
I'm begging you not to Google for airline customer service numbers
(Monty Solomon on a WashPost item)
comp.risks via Panix? (Ed Ravin on the servers)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 28 Feb 2024 11:18:38 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: White House urges developers to dump C and C++

Biden administration calls for developers to embrace memory-safe programing
languages and move away from those that cause buffer overflows and other
memory access vulnerabilities.

The new 19-page report from ONCD gave C and C++ as two examples of
programming languages with memory safety vulnerabilities, and it named Rust
as an example of a programming language it considers safe. In addition, an
NSA cybersecurity information sheet from November 2022 listed C#, Go, Java,
Ruby, and Swift, in addition to Rust, as programming languages it considers
to be memory-safe.
<https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF>
https://www.infoworld.com/article/3713203/white-house-urges-developers-to-dump-c-and-c.html

(About time!  I've been griping about C and C++ design for decades. SB)

[The White House press release said: “Future Software Should Be Memory
Safe”. I might add that the report “Back to the Building Blocks: A Path
toward Secure and Measurable Software” explicitly recommends the
UofCambridgeUK/SRI CHERI over MTE, on page 9. That is a really nice plug.
https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/
PGN]

------------------------------

Date: Thu, 29 Feb 2024 09:21:08 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: NZ Leap Day Self Pay Petrol Pump Failures (sundry)

Dozens of unattended fuel stations across the country stopped working on
Thursday for hours because of a software issue.

https://www.nytimes.com/2024/02/29/world/asia/new-zealand-leap-year-glitch-g
as-pumps.html
[Noted by quite a few of you.]
https://www.nzherald.co.nz/hawkes-bay-today/news/february-29-allied-fuel-pum
ps-around-nz-ground-to-a-halt-as-systems-forget-leap-year/XEQBK5JLBZG6LO3VGU
Q6Q2WGC4/
Brian Inglis noted
https://arstechnica.com/gadgets/2024/02/leap-year-glitch-broke-self-pay-pumps-across-new-zealand-for-over-10-hours/
PGN]

------------------------------

Date: Thu, 29 Feb 2024 06:24:19 -0500 (EST)
From: Mark Brader <msb@Vex.Net>
Subject: Risks of Leap Years and Dumb Digital Watches

[1] saw a previous version of this message in RISKS-6.34, 13.21, 17.81,
20.83, 23.24, 25.07, 26.75, 29.30, and/or 31.60;

[2] still wear a wristwatch instead of using a cellphone or something
as a pocket watch;

[3] have the kind that needs to be set back a day because (unlike the
smarter types that track the year or receive information from
external sources) it went directly from February 28 to March 1;

and

[4] *hadn't realized it yet*?

(For myself, point 3 no longer applies. I replied my old, worn-out Timex
with a superficially identical new one and found that it does track the
year.)

------------------------------

Date: Mon, 4 Mar 2024 07:19:41 -0500
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Health-care hack spreads pain across hospitals and doctors
nationwide (WashPost)

The fallout from the hack of a little-known but pivotal health-care company
is inflicting pain on hospitals, doctor offices, pharmacies and millions of
patients across the nation, with government and industry officials calling
it one of the most serious attacks on the health-care system in U.S.
history.

The 21 Feb 2024 cyberattack on Change Healthcare, owned by UnitedHealth
Group, has cut off many health-care organizations from the systems they rely
on to transmit patients' health-care claims and get paid. The ensuing outage
doesn't appear to affect any of the systems that provide direct, critical
care to patients. But it has laid bare a vulnerability that cuts across the
U.S. health-care system, frustrating patients unable to pay for their
medications at the pharmacy counter and threatening the financial solvency
of some organizations that rely heavily on Change's platform.

<https://wapo.st/48UdFzj>

------------------------------

Date: Tue, 5 Mar 2024 18:46:21 -0800
From: "Jim" <jgeissman@socal.rr.com>
Subject: Cyberattack Paralyzes the Largest U.S. Health Care Payment System
(NYTimes.com)

[Explore this gift article from The New York Times. You can read it for free
without a subscription.]

The hacking shut down the nation's biggest health care payment system,
causing financial chaos that affected a broad spectrum ranging from large
hospitals to single-doctor practices.

https://www.nytimes.com/2024/03/05/health/cyberattack-healthcare-cash.html?u
nlocked_article_code=1.ak0.DC0g.Vjacvvma4SOQ

[Lauren Weinstein found: Ransomware attack on U.S. health care payment
processor 'most serious incident of its kind'
https://www.nbcnews.com/tech/security/ransomware-attack-us-health-care-payment-processor-serious-incident-ki-rcna141322
REALLY??? PGN]

------------------------------

Date: Wed, 6 Mar 2024 10:04:42 -0500
From: Douglas McIlroy <douglas.mcilroy@dartmouth.edu>
Subject: Re: Healthcare Cyberattack

This article came as a complete surprise, although it's about an attack
that happened two weeks ago:
https://www.nytimes.com/2024/03/05/health/cyberattack-healthcare-cash.html

How did UnitedHealth (the parent of Change Healthcare) keep it out of the
news so long? Or have these things become so common that they're no longer
newsworthy?

[I believe that the combination of AI hype, Bitcoin reaching an all-time
high, and all the rampant cyberattacks has so overwhelmed the media that
they no longer have a sense of what is most important. The Change
Healthcare fiasco is surely a sign of the times (lower case) and of The
Times. Doug, were you really surprised? PGN]

------------------------------

Date: Wed, 6 Mar 2024 12:48:32 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: More than 2 Million Research Papers Have Disappeared from the
Internet (Sarah Wild)

Sarah Wild, *Nature*, 4 Mar 2024, via ACM TechNews

Martin Eve of the U.K.'s University of London assessed whether 7,438,037
research papers with digital object identifiers (DOIs) were held in archives
and determined that around 28%, or more than 2 million, were not held in a
major digital archive despite having an active DOI. Only 58% of the sample
had been stored in at least one archive. However, Eve's research focuses
only on articles with DOIs and did not involve a search of every digital
repository.

------------------------------

Date: Wed, 6 Mar 2024 12:48:32 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: GitHub Besieged by Millions of Malicious Repositories in
Ongoing Attack (Dan Goodin)

Dan Goodin, *Ars Technica*, 28 Feb 2024, via ACM TechNews


Click here to read the complete article

computers / comp.risks / Risks Digest 34.09

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor