Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Controllers assessing the probe's sent data have now declared that Voyager 1 is once again delivering accurate telemetry data to Earth. From the very beginning, it was clear that the problem was connected to the mechanism responsible for ensuring that the probeâs antenna was always pointed towards Earth. If the antenna were to flip, we would lose communication with the spaceship (and the history of space exploration knows too many such cases). The engineers discovered that this antenna control system had resumed transmitting telemetry data via an on-board computer that had been decommissioned for many years. This computer was responsible for distorting the data, which ultimately arrived on Earth as a succession of nonsensical facts. Once this was determined, the engineers issued a command to the probe instructing it to send the data via the appropriate computer. As he withdrew his hand, the issue disappeared. Obviously, it takes time to determine if the cure was effective. In fact, Voyager 1 is already almost 23 billion kilometers from Earth, which implies that the signal from Earth takes 22 hours to reach the probe. The signal verifying the command's execution is also traveling towards the Earth. After the probe's health was fully restored, the issue emerged as to how it could suddenly begin using a long-forgotten computer. In the next weeks, experts will examine all computer logs from the spacecraft's onboard systems to determine the source of the misunderstanding. https://viralonce.xyz/nasa-just-brought-a-spacecraft-23-billion-kilometres-away-to-life-and-the-results-are-astonishing/ The risks? Out-of-warranty equipment too remote for service calls, decommissioned computers suddenly awakening. The good news, of course—a valuable lesson—is system logs.
This group has found a ton of remote vulnerabilities in all sorts of automobiles. It' enough to make you want to buy a car that is not Internet-connected. Unfortunately, that seems to be impossible. https://www.schneier.com/blog/archives/2023/01/remote-vulnerabilities-in-automobiles.html DC Auto Show is this week—it'll be interesting grilling executives and boothsters about this.
When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe. https://www.wired.com/story/encrochat-phone-police-hacking-encryption-drugs
Summary: VALL-E is a transformer-based TTS model that can generate speech in any voice after hearing only a three-second sample of that voice. This could routinely enable participation in hearings & trials, bad actors might replace an unfriendly witness with a live deepfake of that same person, testifying against the interest of the person being faked. [Garbled e-mail PGN-ed] Link: https://mpost.io/vall-e-microsofts-new-zero-shot-text-to-speech-model-can-duplicate-everyones-voice-in-three-seconds/ It might be trite, but never more apt, to say “The risks are obvious.''
A global ransomware operator has issued a rare apology after it claims one of its "partners" was behind a cyberattack on Canada's largest pediatric medical centre. LockBit, a ransomware group the U.S. Federal Bureau of Investigation has called one of the most active and destructive in the world, posted a brief statement on what cybersecurity experts say is its data leak site claiming it has blocked its partner responsible for the attack on Toronto's Hospital for Sick Children and offering the code to restore the system. https://www.cbc.ca/news/canada/toronto/ransomware-group-sickkids-cybersecurity-update-1.6701688
In Matt Levine's "Money Stuff" newsletter, 5 January 2023, he wrote about cybercriminals' need to balance aggressiveness and risk: Ransomware compliance I continue to be fascinated by the role of chief compliance officer at a ransomware company. In general, the chief compliance officer at any company has a dial in front of her that she can turn to get More Crime or Less Crime, and at a normal company—a bank, for instance—her job consists of (1) turning it most of the way toward Less Crime, but (2) not all the way, and (3) acting very contrite when politicians and regulators yell at her about the residual crime. “We have a zero-tolerance policy for crime,'' she will say, and almost mean. But the chief compliance officer at a ransomware company—I assume that this is not an actual job, but rather one of many hats worn by some senior executive at the ransomware company, though what do I know—will turn the dial most of the way toward More Crime, since after all a ransomware company's whole business is crime, but, again, not all the way. Sometimes she will say no to crime, or at least act very contrite after doing crime. She will have, like, a 98% tolerance policy for crime. We have talked about this before, and one category of crime that a ransomware compliance officer might reject is “hacks that are so big and disastrous that they could call down the wrath of the US government and shut down the whole business.'' But another category of off-limits crime appears to be hacks that are so morally reprehensible that they will lead to other criminals boycotting you business.'' Here is a wild story about a ransomware attack on Toronto's Hospital for Sick Children, which is really the sort of name that ought to make you immune from hacking: A global ransomware operator issued an apology and offered to unlock the data targeted in a ransomware attack on Toronto's Hospital for Sick Children, a move cybersecurity experts say is rare, if not unprecedented, for the infamous group. LockBit, a ransomware group the U.S. Federal Bureau of Investigation has called one of the world's most active and destructive, issued the brief apology on Dec. 31 to what cybersecurity experts say is the dark web page where it posts about its ransoms and data leaks. In the statement, reviewed directly by The Canadian Press, LockBit claimed to have blocked the partner responsible for the attack and offered SickKids a free decryptor to unlock its data. LockBit's apology, meanwhile, appears to be a way of managing its image, said [cybersecurity researcher Chester] Wisniewski. The group is competing with other high-profile malware operators who are also trying to court hackers to use their system to carry out lucrative cyberattacks, he said. Hackers appear to move between the operators frequently. He suggested the move could be directed at those partners who might see the attack on a children's hospital as a step too far. “My instinct would be this is more aimed at criminal affiliates themselves trying to not disgust them into switching into a different ransom group,'' said Wisniewski. The way the ransomware business is organized seems to be that there are a couple of, like, malware-as-a-service providers like LockBit and DarkSide that provide software and expertise to independent hacker customers who pick the targets and do the hacks; the providers and the hackers split the ransoms. If you are one of the providers, you have to choose your hacker partners carefully so that they do the right amount of crime: You don't want incompetent or unambitious hackers who can't make any money, but you also don't want overly ambitious hackers who hack, you know, the US Department of Defense, or the Hospital for Sick Children. Meanwhile you also have to market yourself to hacker partners so that they choose your services, which again requires that you have a reputation for being good and bold at crime, but not too bold. Your hacker partners want to do crime, but they have their limits, and if you get a reputation for murdering sick children that will cost you some criminal business.
Liam Tung, ZDNet, 6 Jan 2023, via ACM Tech News, 6 Jan 2023 Software-testing firm Tiobe has selected C++ as its programming language of 2022. Reported Tiobe use rose faster than all other languages last year, up by 4.26% compared with January 2022, yet in this year's first monthly index, it was ranked at No. 3. C++ rose in popularity faster than other languages last year, a result of "its excellent performance while being a high-level object-oriented language," according to Tiobe CEO Paul Jensen. Added Jensen, "Because of this, it is possible to develop fast and vast software systems (over millions of lines of code) in C++ without necessarily ending up in a maintenance nightmare."
3rd party Twitter apps stop working without warning, leaks indicate Twitter did this intentionally https://www.engadget.com/twitter-may-have-deliberately-cut-off-tweetbot-and-other-third-party-clients-165048001.html?src=rss [PGN-ed excerpt: Earlier LW item: In desperate attempt to increase Twitter revenue, Elon moves to expand political and cause-based ads (without taking his promised poll before such a change). (5 Jan 2023)]
Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails, college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligence replacing humans in the democratic processes â not through voting, but through lobbying. https://www.nytimes.com/2023/01/15/opinion/ai-chatgpt-lobbying-democracy.html
PGN-excerpted From Bruce Schneier's CRYPTO-GRAM, 15 Jan 2023 [https://www.schneier.com/blog/archives/2023/01/chatgpt-written-malware.html] I don't know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild, [https://arstechnica.com/information-technology/2023/01/chatgpt-is-enabling-script-kiddies-to-write-functional-malware/] ...within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web company. However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.'' Last month one forum participant posted what they claimed was the first script they had written, and credited the AI chatbot with providing a nice [helping] hand to finish the script with a nice scope. The Python code combined various cryptographic functions including code signing encryption and decryption. One part of the script generated a key using elliptic curve cryptography and the curve ed25519 for signing files. Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. A third used RSA keys and digital signatures message signing and the blake2 hash function to compare various files.
ChatGPT made conversational AI accessible, now Microsoft is rumored to be integrating the machine learning techniques behind it into Bing search queries. Even OpenAI CEO Sam Altman has cautioned that "it's a mistake to be relying on [ChatGPT] for anything important right now." Exactly how Microsoft plans to integrate ChatGPT into Bing will be important, and it's likely the company will start with beta tests and a limited amount of integration before itâs ready for all Bing users to take advantage of. https://www.theverge.com/2023/1/4/23538552/microsoft-bing-chatgpt-search-google-competition
An investment frenzy over *generative artificial intelligence* in response to short prompts seize the imagination. Now OpenAI is in the midst of a new gold rush. Five weeks ago, OpenAI, a San Francisco artificial intelligence lab, released ChatGPT, a chatbot that answers questions in clear, concise prose. The AI-powered tool immediately caused a sensation, with more than a million people using it to create everything from poetry to high school term papers to rewrites of Queen songs. Now OpenAI is in the midst of a new gold rush. [...] Five weeks ago, OpenAI, a San Francisco artificial intelligence lab, released ChatGPT, a chatbot that answers questions in clear, concise prose. The AI-powered tool immediately caused a sensation, with more than a million people using it to create everything from poetry to high school term papers to rewrites of Queen songs. Now OpenAI is in the midst of a new gold rush. [...] Five weeks ago, OpenAI, a San Francisco artificial intelligence lab, released ChatGPT, a chatbot that answers questions in clear, concise prose. The AI-powered tool immediately caused a sensation, with more than a million people using it to create everything from poetry to high school term papers to rewrites of Queen songs. Now OpenAI is in the midst of a new gold rush. More than 450 start-ups are now working on generative AI, by one venture capital firm's count. And the frenzy has been compounded by investor eagerness to find the next big thing in a gloomy environment. https://www.nytimes.com/2023/01/07/technology/generative-ai-chatgpt-investments.html
> Those answers appear inconsistent with one another. Google demonstrates > that adagio is faster than either lento or largo, but GPT-3's response > seems to claim that adagio is slower than lento. Maybe GPT-3 is going by > the principle that "slow" is slower than "slower," but that's not how one > reads it when the statements are adjacent to one another. This discussion is terribly wrong. 'Lento', 'Largo' and 'Adagio' are descriptions not only of the pulse of the music *as notated* but also the mood: each word conjures up a different kind of sense in the mind of the experienced musician of how the piece is to be performed. And what would Google make of 'Andante Cantabile' or 'Largo Sostenuto'? As Prof Newman would explain to his first-year music students at Edinburgh University :)# Yes, regrettable that these subtle descriptive terms are reduced to metronome markings—but in a way characteristic of how technology can eliminate the subjective human dimension. [Beware of Artificial Oversimplification. The real stuff is bad enough. PGN]
https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits "So long and thanks for all the bits" is a lengthy, well-written parting blog by Ian Levy, [former] Technical Director of the UK's National Cyber Security Centre, lamenting the sorry state of cybersecurity while holding out some hope of progress through approaches currently being used and developed.
Moderators for the 22 million member forum banned someone for making an illustration that too closely resembled AI-generated art. https://www.vice.com/en/article/y3p9yg/artist-banned-from-art-reddit
> The calculations of account values seem to have been incorrect, and > the state is having a hard time figuring out the correct values. > The calculations for value must be pretty complex Writing provably correct code for a complex financial calculation is one of the simpler tasks for an expert in formal methods. But it seems likely that the programmers of the Maryland state college savings plan are not familiar with formal methods, or indeed, with mathematics in general, given that they are having a hard time figuring out the correct values.
The most chilling line from this article: > “The tools we use to recover from disruption serve us well, 99 > percent of the time,'' You are an *airline*! Working 99% of the time is not good enough! I would not like to fly in an airplane that reaches its destination in one piece only 99% of the time.
Might be risks-worthy, tho I expect others will have better sourcing for the same issue. Anyway, this from a friend on FB. (I have no idea how many times it has been indirected, so take with a grain of salt!) -p This remarkable tale from a Southwest pilot: “My friend's husband is a pilot with Southwest. He just posted this an hour ago. I'm not including his name or the photos he shared of packed SWA employee rooms at the airports over the past couple of days (in case his post comes back to bite him with the company—even though he's stating facts). He also posted a screenshot of a fellow pilot on hold with SWA Scheduling for over 22 hours. Anyway, here's some insight for those wondering if this massive round of SWA cancellations is really all due to weather and staffing issues: “I don't know what to say. Southwest Airlines has imploded. Their antiquated software system has completely fried. Planes are parked. Crews are stranded in the airports with the passengers, volunteering to take the passengers in the parked planes but the software won't accept it. Phone lines are overwhelmed for both passenger and crews. I personally spent over two hours trying to get hold of anyone in the company last night after midnight. A Captain and I did manage to get the one flight put together on Christmas night and got people home. Kudos to the ops agent and dispatcher for making it happen. We had to manually input a lot of the data and it took over an hour to coordinate with dispatch going back and forth running numbers. We spent hours trying to get the company to answer and get us a hotel when we landed as they're all sold out. We were put in a call queue for hours before hanging up. I found one hotel with 4 rooms and we bought our own rooms at 2:30am. I even paid for a Flight Attendants room. We literally have crews sleeping on the airport floors all over the country with nowhere to go. Crews have been calling to fly anyone, anywhere, but the company says the system needs a reset. They have effectively shut down the operations for the rest of year, running 1/3 of the flights so that they can let the computer find and locate the crews and aircraft. Gate agents are in tears. They've been yelled at, cussed at, slapped and spit on. Flight attendants have been taking a beating. The frontline employees have had little support or communication. Terminals are standing room only with people having been there for days. Pilot lounges are packed with pilots ready to fly and nowhere to go. Embarrassing is an understatement. I’m going on my second of three days off, still stuck on the east coast and still expected to show up in the morning with no schedule. And I’m willing to fly all day if needed. Because that’s nothing compared to the passengers needing meds in bags that are lost and mothers traveling with kids, having been stuck for the same amount of days in the terminal. In 24 years, I’ve never seen anything like this. Heads need to roll! Rumors on media are floating that there is a lack of crews and pilots are staging sick calls. Absolutely not true at all. This is a computer system meltdown. Thousands of crew members are sitting in hotels and airports with nowhere to go. This airline has failed miserably.
https://techxplore.com/news/2023-01-oven-wont-fridge-smart-homes.html The Matter protocol apparently solves the long-standing interoperability issue preventing seamless home-appliance device integration through WiFi. I wonder if this protocol will be deployed among hospital refrigerators that store blood, plasma, vaccines, and other temperature sensitive health products? IoT device exploit perimeter expansion.
And another: https://www.skyhinews.com/news/colorado-ski-town-emergency-dispatch-centers-fielding-dozens-of-automated-911-calls-from-skier-iphones/
Someone once commented that we are lucky that the car industry grew up in Detroit. If it were in Miami, cars would fail whenever it freezes. If it were in Los Angeles they'd fail whenever it rains.
Apparently, some personnel assigned to the 'DEW Line' in Alaska & other arctic locations sometimes kept warm by standing in front of the radar transmitters. https://en.wikipedia.org/wiki/Distant_Early_Warning_Line While this activity can result in *cooking* one's insides and producing eye cataracts, it did eventually lead to the invention of *microwave ovens*. Google "Hazard of Electromagnetic Radiation to Personnel", i.e., "HERP" The Starlink uplink frequencies (14GHz) are higher than those used in microwave ovens (2.4GHz), but the Starlink does require a 100-watt power supply—and a significant fraction of this power ends up being converted into microwave energy . I'd be worried about cute cats with not-so-cute eye cataracts. I've heard of 'cats on a hot tin roof', but ...
I found it hard to believe that the headline would refer to a backup device as a router, but Wikipedia says it's true: https://en.wikipedia.org/wiki/AirPort_Time_Capsule "The *AirPort Time Capsule* (originally named *Time Capsule*) is a wireless router <https://en.wikipedia.org/wiki/Wireless_router> which was sold by Apple Inc. <https://en.wikipedia.org/wiki/Apple_Inc.>, featuring network-attached storage <https://en.wikipedia.org/wiki/Network-attached_storage> (NAS) and a residential gateway router <https://en.wikipedia.org/wiki/Residential_gateway>, and is one of Apple's AirPort <https://en.wikipedia.org/wiki/AirPort> products. They are, essentially, versions of the AirPort Extreme <https://en.wikipedia.org/wiki/AirPort_Extreme> with an internal hard drive <https://en.wikipedia.org/wiki/Hard_drive>. Apple describes it as a "Backup Appliance", designed to work in tandem with the Time Machine <https://en.wikipedia.org/wiki/Time_Machine_(macOS)> backup software utility introduced in MacOS 10.5 <https://en.wikipedia.org/wiki/Mac_OS_X_10.5>.^" Seems there is an inherent privacy risk in having a device function as both a network router and a local backup drive.
Please report problems with the web pages to the maintainer