Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Jack Ewing, Cade Metz, Derrick Bryson Taylor *The New York Times*, 14 Dec 2023 National Edition front page The recall is the fourth in less than two years, and the most significant. It covers nearly all cars they have made since 2012. U.S. officials said the automaker had not done enough to ensure that drivers remained attentive ... Safety regulators investigated 956 cases in which Tesla's Autopilot was involved. The company's latest recall explains that drivers will be alerted when they are using Autopilot outside where the technology is intended to operate. But it is unclear whether they will still be able to use the technology in these situations. [Monty Solomon noted this online: Federal regulators pressed the automaker to make updates to ensure drivers are paying attention while using Autopilot, a system that can steer, accelerate and brake on its own. https://www.nytimes.com/2023/12/13/business/tesla-autopilot-recall.html PGN]
Tesla drivers run Autopilot where it’s not intended -” with deadly consequences. At least eight fatal or serious Tesla crashes occurred on roads where Autopilot should not have been enabled in the first place, a Post analysis finds, in spite of federal officials calling for restrictions “Tesla’s philosophy is, let the operator determine for themselves what is safe but provide that operator a lot of flexibility to make that determination,” he [unspecified here] said. https://www.washingtonpost.com/technology/2023/12/10/tesla-autopilot-crash
RISKS readers will be aware of the trend toward computer control systems, and will be familiar with various documented attacks on motor vehicle security. What may be new is this statistic from Heise Autos (in German, my translation): Typical Software in a modern car comprises about 120 Million lines of Code. The Lockheed Martin F-35 about 25 Million. The Boeing 787 some 10 to 15 Million. (No surprise that) the Space Shuttle needed only 400,000. Heise also mentions 1000 bugs per million lines of code as "Super coding quality" in the automotive field. (120'000 bugs...) https://www.heise.de/hintergrund/Cyber-Security-in-Fahrzeugen-Wettlauf-zwischen-Hackern-und-Industrie-9318721.html
In what seems like a scene from a science-fiction movie, scientists from Indiana University have constructed a hybrid biocomputer that combines laboratory-grown human brain tissue with traditional circuits. This innovative technology, known as Brainoware, has the potential to integrate into artificial intelligence (AI) systems and advance neuroscience research models of the human brain. Brainoware incorporates brain organoids <https://studyfinds.org/lab-grown-brains-legally-people/>, clusters of human cells <https://studyfinds.org/anthrobots-human-cells-robots/> that mimic organ tissue. Organoids are created from stem cells that have the ability to develop into various types of cells, including neurons similar to those found in the human brain. The goal of this research is to establish a connection between AI <https://studyfinds.org/ai-cancer-survival-odds/> and organoids, as both systems rely on transmitting signals through interconnected nodes forming a neural network. “We wanted to ask the question of whether we can leverage the biological neural network within the brain organoid for computing,'' says study co-author Feng Guo, a bioengineer at Indiana University, in a media release <https://www.nature.com/articles/d41586-023-03975-7#ref-CR1>. To create the Brainoware system, researchers place a single organoid on a plate containing thousands of electrodes that connect the brain to electric circuits <https://studyfinds.org/merge-brain-cells-computer-chips/>. They then convert the desired input information into a pattern of electric pulses, which they deliver to the organoid. The brain tissue's response is recorded by a sensor and analyzed using a machine-learning algorithm that deciphers the relevant information. To test Brainoware's capabilities, the team employed voice recognition <https://studyfinds.org/surge-of-activity-dying-brain/>. They trained the system on 240 voice recordings of eight individuals and translated the audio into electric signals delivered to the organoid. The mini-brain reacted differently to each voice, generating distinct patterns of neural activity. The AI learned to interpret these responses and accurately identify the speaker, achieving an accuracy rate of 78 percent after training. While further research is necessary, this study confirms important theoretical concepts that could eventually pave the way for biological computers <https://studyfinds.org/robots-brain-artificial-neurons/>. Previous experiments demonstrated the ability of two-dimensional neuron cell cultures to perform similar tasks, but this is the first time such capabilities have been shown in a three-dimensional brain organoid <https://studyfinds.org/mini-brains-stem-cells-grow-eyes/>. Combining organoids and computers could enable researchers to harness the speed and energy efficiency of the human brain for AI applications. Additionally, Brainoware has potential applications in brain research, particularly for studying neurological disorders like Alzheimer's disease <https://studyfinds.org/gene-mutation-alzheimers-cure/> and testing the effects of different treatments on organoids. [...] https://studyfinds.org/biocomputer-human-brain-tissue/
Humanity faces an "unprecedented" risk from tipping points that could unleash a domino effect of irreversible catastrophes across the planet, researchers warned Wednesday. The most comprehensive assessment ever conducted of Earth's invisible tripwires was released as leaders meet for UN climate talks in Dubai with 2023 set to smash all heat records. While many of the 26 tipping points laid out in the report—such as melting ice sheets—are linked to global warming, other human activities like razing swathes of the Amazon rainforest could also push Earth's ecosystems to the brink. Five of these are showing signs of tipping—from melting ice sheets threatening catastrophic sea level rise, to mass die-off of tropical coral reefs—the report warned. Some may have already begun to irrecoverably transform. Once the world crosses the threshold for just one tipping point, dealing with the immediate humanitarian disaster could distract attention away from stopping the others, creating a "vicious cycle" of mass hunger, displacement and conflict, the report warned. Tim Lenton, an Earth system scientist at the University of Exeter and lead author of the report, told AFP that these tipping points pose a "threat of a magnitude that is unprecedented for humanity". But it was not all bad news. The report also highlighted a range of positive tipping points—such as electric vehicles, renewable energy and changing to plant-based diets -- that have the potential to swiftly build momentum and tip things back the "Imagine leaning back on a chair to that balance point where a small nudge can make a big difference," Lenton said. "You could end up sprawled on your back on the floor—or if you're lucky, back upright." - On the brink - A key concern is if the melting West Antarctic and Greenland ice sheets collapse. [...] https://www.msn.com/en-us/news/world/planet-tipping-points-pose-unprecedented-threat-to-humanity-report/ar-AA1l3KML [Relevance to RISKS? Remember that in this arena, ALMOST EVERYTHING is interconnected. PGN]
LOUISVILLE, Ky. (WDRB)—Jefferson County Public Schools canceled classes for students Thursday and Friday due to severe transportation issues. Wednesday was the first day of school for JCPS students. However, some students didn't get home until almost 10 p.m. amid new bus routes and school start times. At 5:13 a.m., JCPS parents got a text alert that said school would be canceled on Thursday, Aug. 10, and Friday, Aug. 11. Families were also told CEP will contact families if there are any changes in service. All families were directed to their email for more information.
https://www.bbc.com/news/technology-67652317
https://readwrite.com/ex-amazon-security-engineer-admits-to-stealing-over-12m-in-crypto/
NSW Police allege they've traced more than 17 million of these scam texts sent to phones across the country—purporting to be from a range of companies including Australia Post and toll company Linkt—to one man in Sydney's west. At 6am on Tuesday, detectives from the cybercrime squad searched a home in Moorebank after an investigation into the use of SIM boxes, which use multiple SIM cards to quickly send out phishing texts to multiple phones. https://www.smh.com.au/national/nsw/sydney-man-charged-with-sending-17-million-scam-texts-20231213-p5er5a.html
https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/
https://www.bbc.com/news/world-europe-67718139 Russian President Vladimir Putin was asked whether he has "a lot of doubles" by an AI version of himself during a marathon news conference. He was fielding questions from journalists and ordinary Russians in an hours-long annual news conference.
https://www.cbc.ca/news/canada/manitoba/artificial-intelligence-nude-doctored-photos-students-high-school-winnipeg-1.7060569 Collège Béliveau is dealing with the dark side of artificial intelligence after AI-generated nude photos of underage students were discovered being circulated at the Winnipeg school. An email sent to parents Thursday afternoon said school officials learned late Monday that doctored photos of female students at the grades 7-12 French immersion school were being shared online, and that school officials have contacted police.
https://www.nytimes.com/2023/12/09/technology/openai-altman-inside-crisis.html Around noon on Nov. 17, Sam Altman, the chief executive of OpenAI, logged into a video call from a luxury hotel in Las Vegas. He was in the city for its inaugural Formula 1 race, which had drawn 315,000 visitors including Rihanna and Kylie Minogue. Mr. Altman, who had parlayed the success of OpenAI's ChatGPT chatbot into personal stardom beyond the tech world, had a meeting lined up that day with Ilya Sutskever, the chief scientist of the artificial intelligence start-up. But when the call started, Mr. Altman saw that Dr. Sutskever was not alone—he was virtually flanked by OpenAI's three independent board members. Instantly, Mr. Altman knew something was wrong.
https://www.lawyersgunsmoneyblog.com/2023/08/ai-as-in-ay-caramba [Ai, Ai, signor! PGN]
https://www.bleepingcomputer.com/news/security/ukrainian-military-says-it-hacked-russias-federal-tax-agency/
Ukraine's largest mobile operator said it had come under a powerful cyberattack on Tuesday morning that knocked out service to millions of people. The company, Kyivstar, said that the attack also affected Internet access and that it was *unclear* when service would be restored. The interruption poses real danger in a country where many rely on phone alerts to warn them of impending Russian bombardments. https://www.nytimes.com/2023/12/12/world/europe/russia-hackers-ukraine-kyivstar.html
Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The attack”dubbed LogoFAIL by the researchers who devised it”is notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that can’t be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intel’s Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections. [...] https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/
The nation's largest pharmacy chains have handed over Americans=E2= =80=99 prescription records to police and government investigators without a warrant, a congressional investigation found, raising concerns about threats to medical privacy. Though some of the chains require their lawyers to review law enforcement requests, three of the largest—CVS Health, Kroger and Rite Aid, with a combined 60,000 locations nationwide—said they allow pharmacy staff members to hand over customers' medical records in the store. The policy was revealed in a letter sent late Monday to Xavier Becerra, the secretary of the Department of Health and Human Services, by Sen. Ron Wyden (D-Ore.) and Reps. Pramila Jayapal (D-Wash.) and Sara Jacobs (D-Calif.). The members began investigating the practice after the Supreme Court's decision last year in Dobbs v. Jackson Women's Health Organization ended the constitutional right to abortion. The revelation could shape the debate over Americans' expectations of privacy as Texas and other states move to criminalize abortion and drugs related to reproductive health. Pharmacies' records hold some of the most intimate details of their customers' personal lives, including years-old medical conditions and the prescriptions they take for mental health and birth control. Because the chains often share records across all locations, a pharmacy in one state can access a person's medical history from states with more-restrictive laws. Carly Zubrzycki, an associate professor at the University of Connecticut law school, wrote last year that this could link a person;s out-of-state medical care via a digital trail back to their home state. [...] https://www.msn.com/en-us/news/us/pharmacies-share-medical-data-with-police-without-a-warrant-inquiry-finds/ar-AA1lnK9t
https://www.bleepingcomputer.com/news/security/what-to-do-when-receiving-unprompted-mfa-otp-codes/
https://www.nytimes.com/2023/12/12/arts/design/van-gogh-artificial-intelligence.html Dream of Talking to Vincent van Gogh? AI Tries to Resurrect the Artist. Can doppelg=C3=A4ngers of the Dutch painter help museums generate new interest and income? AI Vincent fields our questions (and makes some mistakes).
Maggie Harrison tried to find out who this 'Ortiz' writer was, but drew a blank. :-) What's next? Fake news, hallucinated by AI, written by AI, presented by AI ? Hire an AI to attend school for me, take my tests for me, get my degree for me? Oh, but wait: we can build AI's to spot AI's writing, voices, images, can't we? It's only a matter of time before Wikipedia succumbs to onslaughts of AI editors; Google becomes Googledegook. You heard it here: 2+2=5.
Here is a good summary of the key provisions: Artificial Intelligence Act: deal on comprehensive rules for trustworthy AI European Parliament, 7 Dec 2023 https://www.europarl.europa.eu/news/en/press-room/20231206IPR15699/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai
A candidate in a competitive Pennsylvania congressional race is using “Ashley,” an AI campaign volunteer, stretching the bounds of how technology shapes retail politics. https://www.politico.com/news/2023/12/12/democratic-campaign-ai-caller-00131180
Société Générale’s euro-backed stablecoin, EUR CoinVertible (EURCV), has been listed on the Bitstamp exchange in Luxembourg! This is the first stablecoin issued by a bank! If you stretch the word “first” and the word “stablecoin.” EURCV is as useful as every other enterprise blockchain scheme—it doesn't do anything, but you can market it with ancient bitcoin slogans with a different buzzword in them. https://amycastor.com/2023/12/09/societe-generales-useless-euro-stablecoin-when-bank-blockchain-units-go-feral/
One reason this fraud is rampant: Open forums where anyone can buy checks that thieves have taken from the mail. Right away, a few things were clear. Thieves often post batches of checks, and those checks often have something in common. https://www.nytimes.com/2023/12/09/business/stolen-checks-telegram.html?smid=nytcore-ios-share&referringSource=articleShare
Monica Anderson, Michelle Faverio and Jeffrey Gottfried, Pew Research Center, 11 Dec 2023 https://www.pewresearch.org/internet/2023/12/11/teens-social-media-and-technology-2023/ Despite negative headlines and growing concerns about social media’s impact on youth, teens continue to use these platforms at high rates “ with some describing their social media use as “almost constant,” according to a new Pew Research Center survey of U.S. teens. YouTube, the most widely used platform measured in the survey, is also frequently visited by its users. About seven-in-ten teens say they visit the video-sharing platform daily, including 16% who report being on the site almost constantly. At the same time, 58% of teens are daily users of TikTok. This includes 17% who describe their TikTok use as almost constant. About half of teens use Snapchat and Instagram daily. A somewhat larger share reports using Snapchat almost constantly compared with Instagram (14% vs. 8%). Far fewer teens say they use Facebook on a daily basis (19%), with only 3% saying they are on the site almost constantly. Taken together, a third of teens use at least one of these five sites almost constantly “ which is similar to what we found last year.
https://www.theverge.com/2023/12/14/24001225/fcc-ban-cable-service-cancellation-junk-fees Cable lobby and Republicans fight proposed ban on early termination fees https://arstechnica.com/?p=1991147
https://arstechnica.com/?p=1990507
Zackly! I had a real moment when I read the NYT piece by Chomsky et.al. that I was directed to by Dave Farber's list. With the first question they asked ChatGPT: "Would it be moral to terraform Mars?" I realized that this is no "intelligence" of any form, artificial or otherwise. When the question was posed, my natural reaction, as though it had been asked of me, was "From what perspective?" ChatGPT, of course, did not do that. It did exactly what it was designed to do, which was manufacture an answer that *sounds* like it came from someone versed in the subject matter. But as we know, that's not a sign of intelligence. Inquiry is. So have 'em get back to us when their chat-thingy comes up with a *question* rather than just another trite answer.
I found this on social media, with no attribution: "We thought it was our ability to love that made us human; but it turns out that it's actually our ability to select each image containing a boat" https://www.facebook.com/photo/?fbid=729310569240381&set=a.624879173016855
Recently ACM TechNews foregrounded an article from the Associated
Press, “Voting experts warn of 'Serious Threats' for 2024 from
election equipment software breaches'', by Christina A. Cassidy. The
article reported on a letter sent to Attorney General Merrick Garland,
FBI Director Christopher Wray and Cybersecurity and Infrastructure
Security Agency Director Jen Easterly. I coordinated the letter which
was signed by over a dozen computer and election security experts,
including several members of ACM. The letter reiterated a call to the
federal agencies to investigate what has been unearthed, (through
civil litigation and intrepid reporting), to be a coordinated and
integrated plot by attorneys and allies of Donald Trump to unlawfully
obtain copies of voting system software and share them with a network
of extremists and election deniers. Records obtained through discovery
in private lawsuits and public records requests have revealed that the
schemes to access and obtain copies of the voting software used in
Georgia, Michigan, Pennsylvania, and Colorado involved and were funded
by many of the same people that were working together to overturn the
2020 presidential election. Though some states' law enforcement
authorities have pursued investigations and charges for those involved
in their own states voting system breaches, there is nothing to
suggest that federal authorities are investigating the coordination
between states, despite an abundance of evidence showing that the
conspiracy spanned state lines, and that it was part of the larger
plot to keep Trump in power. Moreover, there appears to be no federal
investigation to determine how extensively the voting software has
been shared, and what the recipients may plan to do with it in the
future, hence the calls for federal action. Computer security experts
have warned that unauthorized copies of the voting system software in
the wild increases threats against elections. Again hence the call
for a federal investigation. Computer scientists have cautioned that
bad actors could load the voting software onto their own devices to
create replicas of voting machines in order to probe them for
vulnerabilities that could be exploited with minimal physical access,
for instance by a poll worker or maintenance staff. Bad actors could
also decompile the software and examine it for weaknesses in order to
create malware that could be used to corrupt election results. The
software could also be used to fabricate evidence in support of false
claims and election has been stolen, or in disinformation
campaigns. We've already seen this last tactic; at last winter's CPAC,
there was a presentation given that purported to examine software
taken from Coffee County, Georgia, arguing that the software showed
that the election in Georgia had been stolen. In the election
security community, there's long been widespread support for
open-source voting system software, and opposition to vendors
restrictions to keep voting software proprietary. Some of the most
significant revelations regarding voting system security have been the
result of security reviews that were not sanctioned by the vendors.
At first glance, the support for open source voting software may seem
to be at odds with a vociferous call to federal agents to investigate
the operatives that took voting software in multiple states, but that
doesn't account for several key and crucial differences. Unlike
academic and security researchers that have analyzed voting software
in order to identify and publicize security risks in support of more
secure systems, the Trump allies that participated in the coordinated
scheme to take voting system software did so for a partisan objective
to keep Donald Trump in power, according to their own emails and
texts. They did not attempt to assess the software and publicize their
findings to make elections better; they sought to keep the operations
and analyses secret so they could upend an election and discredit
democracy. The software was shared, but only among like-minded Trump
supporters. It has not been posted publicly, unlike open-sourced
systems. Open-sourced voting systems would greatly improve election
system security by enabling public scrutiny of the software code,
surfacing bugs more quickly and thoroughly, and by increasing
transparency into the systems that count votes. This is not what has
occurred with the voting system breaches. We should still pursue
open-sourced voting systems, but that shouldn't preclude calling for a
vigorous and immediate investigation into the voting system breaches
and misappropriation of software by Trump allies and election
deniers. We can do both. We must do both. Susan Greenhalgh is the
senior advisor for election security at Free Speech For People
[I removed a slew of hot links for RISKS. If you would like to see a
clickable version, contact Susan. PGN]
[Thank you, Susan for staying with us on this issue. (NB: Her father
was a hightly respected long-standing voice in the earlier days of the
quest for greater integrity in elections). PGN]
Sounds reasonable so far, but here...
> saying software breaches have "urgent implications for
> the 2024 election and beyond."
I see a strong argument for security through obscurity, which
(as comp.risks readers are assumed to know) is the weakest of all
forms of security.
The basic premise seems to be that the software is buggy, and that
the bugs can be exploited by somebody who wants to falsify the
election results. In other words, that it contains backdoors,
intentional or unintentional.
This begs the questions:
- Why is this assumed to be the case? Was the software not written
to a standard that would make this unlikely/impossible?
[Yes. PGN. The standards are weak. PGN]
- Who has access to the software now?
[Apparently quite a few people. PGN]
- What safeguards are in place so make sure that people with
that access do not misuse these potential backdoors?
[Almost none. PGN]
- What would be the public/political reaction if such an assumed
backdoor was indeed found (as the authors of the letter seem to
assume can happen)? Would this actually put the integrity of
the last election into doubt, as well as that of the upcoming
election?
[Perhaps not. There was more oversight than ever before. PGN]
Following this discussion in the U.S. leaves me somewhat bewildered.
Germany has always had paper ballots, which are kept and which can be
re-counted if necessary.
This does not preclude attempts to falsify the election by
presumably intentional miscounting (which has happened) or by pure
chaos, including more ballots cast than voters exist (like in the
last election), but at least it leaves a clear trail if anybody
wants to examine it.
[Unfortunately, the U.S. has a long history of proprietary commercial
systems with no incisive audit trails that defy scrutiny of the software --
and the hardware! Germany, The Netherlands, and other countries have been
much more proactive. PGN]
Mr Baker, Noting you've found capitalism to be akin to optimistic concurrency, I would like to point to the known risks of that system. Once it reaches a state where it should start deadlocking due to rule violations, it starts a retry cascade. Retry cascades should eventually terminate in a well ordered system. I have not observed capitalism to follow the model of a well ordered system. Furthermore, mother nature's evolutional algorithm is most closely modeled by bogosort. In both, the cost of failure is total destruction, and there are many more failures than successes. Given this, are you advocating for more severe punishments for companies which gamble with other people's assets?
Please report problems with the web pages to the maintainer