Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
*To stop the spread of false news, first we have to understand it.* A new study published in *Science* <http://science.sciencemag.org/content/359/6380/1146> finds that false news online travels “farther, faster, deeper, and more broadly than the truth.'' And the effect is more pronounced for false political news than for false news about terrorism, natural disasters, science, urban legends, or financial information. Falsehoods are 70 percent more likely to be retweeted on Twitter than the truth, researchers found. And false news reached 1,500 people about six times faster than the truth. The study, by Soroush Vosoughi and associate professor Deb Roy, both of the MIT Media Lab, and MIT Sloan professor Sinan Aral, is the largest-ever longitudinal study of the spread of false news online. It uses the term *false news* instead of *fake news* because the latter “has lost all connection to the actual veracity of the information presented, rendering it meaningless for use in academic classification,'' the authors write. To track the spread of news, the researchers investigated all the true and false news stories verified by six independent fact-checking organizations that were distributed on Twitter from 2006 to 2017. They studied approximately 126,000 cascades—defined as “instances of a rumor spreading pattern that exhibits an unbroken retweet chain with a common, singular origin''—on Twitter about contested news stories tweeted by 3 million people more than 4.5 million times. Twitter provided access to data and provided funding for the study. The researchers removed Twitter bots before running their analysis. They then included the bots and ran the analysis again and found “none of our main conclusions changed.'' “This suggests that false news spreads farther, faster, deeper, and more broadly than the truth because humans, not robots, are more likely to spread it,'' the researchers wrote. So what to do? In an interview <http://mitsloanexperts.mit.edu/watch-now-the-truth-about-fake-news-with-sinan-aral-and-tim-oreilly/> for the MIT Sloan Experts video series, Aral said possible solutions include labeling fake news much as food is labeled, creating financial disincentives such as reducing the flow of advertising dollars to accounts that spread fake news, and using algorithms to find and dampen the effect of fake news. [...] https://mitsloan.mit.edu/ideas-made-to-matter/study-false-news-spreads-faster-truth
https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-servers-exposed-to-zero-day-rce-attacks/ [Monty spotted this one, somewhat fewer servers! Critical vulnerabilities in Exim threaten over 250k email servers worldwide https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/ PGN]
Cliff Saran, *Computer Weekly*, 3 Oct 2023, via ACM TechNews, 4 Oct 2023 Hubert Kario at open source solutions provider Red Hat found a flaw dating from 1998 that enables a "padding mode" side-channel attack targeting RSA encryption. The exploit cracks the Transport Layer Security (TLS) protocol's confidentiality when used with RSA encryption, and researchers in 2019 highlighted the continued vulnerability of many Internet servers to tweaks of the original attack. Kario said attackers can leverage the flaw to decrypt RSA ciphertexts and forge signatures, and record sessions on a TLS server that defaults to RSA encryption key exchanges for decryption later. He also said hackers can apply the exploit to other interfaces that automatically execute RSA decryption, including Secure/Multipurpose Internet Mail Extensions, JavaScript Object Notation web tokens, and hardware tokens. Said Kario," We have identified the vulnerability in multiple implementations and confirmed fixes in a few of them but believe that most cryptographic implementations are vulnerable in practice."
With 60,000 Emails Hacked From the State Department, An Assessment of the Government’s Cybersecurity 28 Sep 2023, https://www.backgroundbriefing.org/ Then finally with the State Department revealing that 60,000 of its emails were hacked along with the emails of the Secretary of Commerce, we assess the state of the government’s cybersecurity with *Dr. Herb Lin* <http://cisac.fsi.stanford.edu/people/herbert_lin>, a senior research scholar for cyber policy and security at the Center for International Security and Cooperation at Stanford University. He is Chief Scientist Emeritus for the Computer Science and Telecommunications Board at the National Research Council of the National Academies and, in 2016, served on President Obama’s Commission on Enhancing National Cybersecurity. He was also a professional staff member and staff scientist for the House Armed Services Committee where his portfolio included defense policy and arms control issues.
https://thehackernews.com/2023/10/researcher-reveal-new-technique-to.html
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, n23andMe says it's working to verify the data. The genetic testing company 23andMe confirmed on Friday that data from a subset of its users has been compromised. The company said its system were not breached and that attackers gathered the data by guessing the login credentials of a group of users and then scraping more people's information from a feature known as DNA Relatives. Users opt into sharing their information through DNA Relatives for others to see. Hackers posted an initial data sample on the platform BreachForums earlier this week, claiming that it contained 1 million data points exclusively about Ashkenazi Jews. There also seem to be hundreds of thousands of users of Chinese descent impacted by the leak. On Wednesday, the actor began selling what it claims are 23andMe profiles for between $1 and $10 per account, depending on the scale of the purchase. The data includes things like a display name, sex, birth year, and some details about genetic ancestry results. [...] https://www.wired.com/story/23andme-credential-stuffing-data-stolen
Aaron Gordon,*Vice*, September 29, 2023 Kia and Hyundai say it is not their fault that their cars are being stolen in an unprecedented theft surge made possible by the vehicles lacking a basic anti-theft technology virtually every other car has, according to a recent court filing. Instead, the companies point the finger at social media companies, such as TikTok and Instagram, where instructions on how to steal the cars have been widely shared an thieves show off their stolen cars. The lawyers representing the two corporations”which are owned by the same parent company”are not subtle about this argument. The filing”in which the company is arguing a roughly $200 million class-action settlement ought to be approved by the court”includes an entire section heading titled “Social Media and Intervening Third-Party Criminals Caused An Unprecedented Increase In Thefts.” The lawyers argue i section that because Kia and Hyundai vehicles have “not been the subject of significant theft” before the Kia Boys social media trend, social media and the people who steal the cars”and not the car companies”are to blame for the thefts. This argument is summarized in the section titled “Social Media Incited Unprecedented Rise In Thefts.” The filing broadly reflects both the public communications strategy Kia and Hyundai have used throughout this crisis and some of the national news headlines that have covered the story, https://www.vice.com/en/article/bvj5jv/kia-and-hyundai-blame-tiktok-and-instagram-for-their-cars-getting-stolen
I'm a huge fan of rooftop solar, so the following recent article really
depressed me regarding rooftop solar's future.
The problems:
Alana Semuels, 26 Sep, 2023 8:42 AM EDT
Rooftop Solar Power Has a Dark Side
https://time.com/6317339/rooftop-solar-power-failure/
* Rooftop solar installs are *custom* installations, with large upfront
costs
* Rooftop solar systems are complex, requiring 'vigilance' and maintenance
* 'truck rolls' are incredibly expensive, with too few technicians available
* The 'leasing business model' for rooftop solar is bankrupt, leaving home
owners in the clutches of yet another monopolist PE 'rentier' (just like
cable and the local monopoly electric company the homeowner wanted to
avoid!
* Solar systems degrade over time (just ask NASA's Mars Rovers !) * the 3G
-> 4G/5G cellphone transition killed a lot of older rooftop installations
This particular article doesn't mention it, but electric utility
monopolies *hate* rooftop solar, so they spend all of their lobbying
money trying to kill it!
[... Huge text omitted. PGN]
https://www.bbc.com/news/technology-66993647 FCC enforcement latency needs refinement.
https://techcrunch.com/2023/10/02/tesla-autopilot-arbitration-win-could-set-legal-benchmark-in-auto-industry/ [Maybe their lawyers were Chatbots. PGN]
One popular video shows a woman claiming the test will somehow switch on technology that has been introduced into people’s bodies. https://www.boston.com/news/technology/2023/10/03/conspiracy-theories-fema-emergency-alert-test/
https://www.bleepingcomputer.com/news/security/blackbaud-agrees-to-495-million-settlement-for-ransomware-data-breach/
https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html
*The New York Times* Business, 3 Oct 2023 with Two articles under that caption: David Yaffe-Bellany and Matthew Goldstein The FTX founder's court battle starts Tuesday, after he's come to symbolize the chaos and dubiousness of the industry Erin Griffith Nobody is rooting harder against the onetime mogul than his cryptocurrency peers and rivals
“Going Infinite,” by Michael Lewis, offers a behind-the-scenes account of Mr. Bankman-Fried’s rise and fall. https://www.nytimes.com/2023/10/02/technology/going-infinite-michael-lewis-sbf-takeaways.html?smid=nytcore-ios-share&referringSource=articleShare
FTX’s Sam Bankman-Fried will stand trial on charges of overseeing fraud that sucked in high-profile investors and hundreds of thousands of clients. Why do smart people buy into bad companies? https://www.wired.com/story/why-silicon-valley-falls-for-frauds ...not so smart?
https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html
https://www.nbcnews.com/tech/tech-news/chinese-self-driving-car-testing-china-california-pony-ai-waymo-cruise-rcna102787 SAN FRANCISCO—The race on American streets to develop self-driving cars has attracted increasing scrutiny in recent months, but some competitors -- China-based tech startups—have received little mainstream attention. China-based companies have driven hundreds of thousands of test miles on California's roads in recent years, according to California Department of Motor Vehicles records. Of the 40 companies with licenses to try out autonomous vehicles in California, 10 of them are firms based in China—a bigger share than any other foreign country (Germany, Israel and Japan follow China, and each has two licensed companies in the state). The China-linked companies operated 124 cars in the state and drove 438,379 miles in the most recently reported year, the 12 months ending Nov. 30, 2022, according to reports that they filed with state authorities.'' The Chinese test cars haven't drawn much public attention because of the smaller scale of their tests compared to their U.S. competitors, including Cruise and Waymo, which operate fleets in major cities such as San Francisco and Phoenix. But scrutiny of Chinese autonomous vehicles is increasing among lawmakers, as U.S.-China relations have deteriorated in recent years and as self-driving car tech develops. Some members of Congress are pushing for a crackdown on the Chinese car startups, raising concerns about competition, data privacy and China's human rights record and echoing complaints about other Chinese-controlled companies, such as TikTok. And the Biden administration is expressing similar worries. The fears about Chinese autonomous vehicles are theoretical and wide-ranging: from concerns about what type of data Chinese tech companies are collecting to how Beijing might use a fleet of robot cars in the worst-case scenario of an armed conflict with the United States. [...]
https://www.fox2detroit.com/news/detroit-man-steals-800-gallons-using-bluetooth-to-hack-gas-pumps-at-station
https://www.bleepingcomputer.com/news/security/w3ll-phishing-kit-hijacks-thousands-of-microsoft-365-accounts-bypasses-mfa/
Privacy rights advocates remain skeptical. In May, the Legal Aid Society requested that the Police Department’s inspector general investigate the department’s use of surveillance technology, contending that it violated the Public Oversight of Surveillance Technology Act, a city law requiring the department to publish details about how new technology is being used and the data it collects. Mr. Cahn said he was wary that the K5 might eventually employ facial recognition technology. “If the mayor thinks there aren't enough cameras in Times Square, then he’s more out of touch than I realized,” Mr. Cahn said. “It’s more surveillance theater,” he added. “This is a mayor who doubles down on public relations stunts rather than public safety any chance he gets.” Major crime on the subways is down 4.5 percent, police officials said. https://www.nytimes.com/2023/09/22/nyregion/police-robot-times-square-nyc.html?smidnytcore-ios-share&referringSource=articleShare There must be risks here somewhere...
https://arstechnica.com/information-technology/2023/10/sob-story-about-dead-grandma-tricks-microsoft-ai-into-solving-captcha/
*Northwestern Now* (10/02/23), via ACM TechNews A research team led by Northwestern University scientists created an artificial intelligence (AI) capable of designing robots from scratch almost immediately. The researchers prompted the algorithm to design a robot from a block about the size of a bar of soap, which generated a successful design in 26 seconds. Northwestern's Sam Kriegman said, "We told the AI that we wanted a robot that could walk across land. Then we simply pressed a button and presto!" The algorithm operates on a lightweight personal computer; other AI systems often require power-hungry supercomputers and huge datasets. The researchers fabricated the robot from the AI's blueprint, validating its real-world performance. [But is it trustworthy: safe and sound, secure, reliable, etc. PGN]
Introducing: Zoom AI Companion Meet Zoom AI Companion, your new AI assistant that helps revolutionize the way you work and communicate. With AI Companion, you can get help drafting email and chat messages, summarizing meetings and chat threads, brainstorming creatively and much more—all in the simple, easy-to-use Zoom experience you know and love. Upgrade to Zoom One Pro to get access to AI Companion. Once you are a paid Zoom customer, you’ll get access to AI Companion at no additional cost.* [...] "Revolutionize" isn't the first word coming to mind. Nor have I used "know and love" about the Zoom "experience".
https://arstechnica.com/?p=1974179
https://arstechnica.com/?p=1973632
According to David Landgren <david@landgren.net>: >The obvious question to ask is what happens to a driver who *wasn't* using a >Google app and drove off the collapsed bridge and died? The only third party >who could be held responsible is the municipality that failed to block off >the access in a way that no car could get through. And that would still >hold true regardless of what method of navigation the person was using. A >couple of large blocks of concrete would do the job. > >Can't really fault Google here. If you read the articles, you'll find plenty of blame to go around. The bridge in question was a private one, not a public one. It had been blocked but someone (vandals?) had removed the blocks. The bridge had collapsed many years before and Google had been notified, I think more than once, that the bridge was out but had not updated the map. So on the one hand, Google shouldn't have sent him to the bridge. On the other, if he'd gotten there on his own, it's not clear he'd have been able to tell it was out before it was too late.
Quoth Henry Baker <hbaker1@pipeline.com>:
> I hate to sound like a Luddite, but I don't think that these breathless
> AV aficionados have completely thought all of these risks through.
But aren't we on the RISKS list all Luddites, in a way? Our guiding
philosophy is to warn the public about the RISKS of technology and thwart it
where possible, isn't it?
[You might recall that the Luddites believed in damaging
machinery, not just getting their nose in the news:
One of the 19th century English workmen who destroyed laborsaving
machinery that they thought would cause unemployment.
PGN]
Enlightenment is a destructive process. It has nothing to do with becoming better or being happier. Enlightenment is the crumbling away of untruth. It's seeing through the facade of pretence. It's the complete eradication of everything we imagined to be true. https://twitter.com/_anandaonly/status/1710437279238689263 [... and this from Cicero also via Geoff:: “The closer the collapse of an Empire, the crazier its laws." https://x.com/Tabassoem/status/1380106112762933250 PGN]
“How little does man know of his Self [the one, immortal, formless substratum of all that exists], how he takes the most absurd statements about himself for holy Truth." “Man is told that he is the body, was born, will die, has parents, duties; learns to like what others like and fear what others fear. Totally a creature of heredity and society, he lives by memory and acts by habits." “Ignorant of his Self and his true nature, man pursues false aims and is always frustrated. His life and death are meaningless and painful, and there seems to be no way out." https://twitter.com/GnothiSea/status/1709831934476529918
This morning I tried the following google search and was quite surprised. Ada toaster +site:acm.org +site:sitedomainname is a google search feature to restrict the search to the said domain. Instead of showing only hits from "acm.org" domain, google returned many commercial hits. That was my initial thought. Well, when I looked at the google result page carefully, I learned the google search feature was not broken, but it dutifully listed hit results from ACM.org subdomains. I mean all the hits about commercial toasters come from the SUBDOMAINs of ACM.org domain. - isoft.hosting.acm.org - tehran.acm.org - insat.hosting.acm.org - chitkara.acm.org - msmu.acm.org - on and on Oh well. DNS management security is difficult and error-prone when it is done via dashboard of web hosting services. Et tu, ACM? You can try the following google search and notice the difference immediately. Ada toaster +site:ieee.org [...]
Please report problems with the web pages to the maintainer