The RISKS Digest
Volume 33 Issue 91

Sunday, 22nd October 2023

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Failed software upgrade stops Toronto-area trains
Mark Brader
How AI reduces the world to stereotypes
Another reason ChatGPT needs to ace the LSAT
Henry Baker
AI and the end of photographic truth
AI training vs intellectual property rights
Peter Knoppers
From High Life Hackers to National Menace: The Rise and Fall of Digital Bandits ‘ACG’
The Botched Hunt for the Gilgo Beach Killer
The Race to Save Our Secrets From the Computers of the Future
How to find and book mistake airfares
The origin of hacking attempts
Turgut Kalfaoglu
The Great Zelle Pool Scam
via Monty Solomon
Re: False news spreads faster than the truth
back and forth with Shapir Ward Shapir Ward Shapir Ward Shapir
Re: Your old phone is safe for longer than you think
Info on RISKS (comp.risks)

Failed software upgrade stops Toronto-area trains

Mark Brader <msb@Vex.Net>
Fri, 20 Oct 2023 01:02:38 -0400 (EDT)

This happened on 3 Oct 2023, but I don't think it's come up in RISKS.

Trains to and from Toronto are operated by several companies or organizations:

- GO Transit (Metrolinx) for suburban/regional commuter trains - UP Express for trains serving the international airport - VIA Rail Canada for long-distance trains

But all of them depend at least partly on Canadian National Railway (CN) for dispatching and signals.

At 12:30 pm that day, CN attempted to perform an “internal systems upgrade”, which “affected CN's ability to connect to the Internet” with the result that trains could not be authorized to proceed and had to stop and wait at stations. It took until 3:45 pm to get some trains moving, and hours after that to restore normal services.

At least the TTC's subway is completely separate and was not affected.

How AI reduces the world to stereotypes (RestofWorld)

Monty Solomon <>
Sun, 22 Oct 2023 02:07:18 -0400

Rest of World analyzed 3,000 AI images to see how image generators visualize different countries and cultures.

Another reason ChatGPT needs to ace the LSAT

Henry Baker <>
Sun, 22 Oct 2023 21:22:04 +0000

So-called ‘Section 230’, the Gardol invisible shield which protects Microsoft/Google/X(nee Twitter)/etc., from liability, apparently won't cover AI's which mouth off on their own, thereby putting the AI's owner at risk. Forget about simply ‘pulling the plug’; perhaps much of the danger from AI's will be averted by lawsuits bankrupting their owners/developers. Can AI's also face criminal penalties and be incarcerated?

Section 230 Won't Protect ChatGPT

Generative AI products won't receive the same Section 230 protections as other tech products

Matt Perault, LawFare, 22 Feb 2023, 1:11 PM

The emergence of products fueled by generative artificial intelligence (AI) such as ChatGPT will usher in a new era in the platform liability wars. Previous waves of new communication technologies—from websites and chat rooms to social media apps and video sharing services—have been shielded from legal liability for content posted on their platforms, enabling these digital services to rise to prominence. But with products like ChatGPT, critics of that legal framework are likely to get what they have long wished for: a regulatory model that makes tech platforms responsible for online content. […]

AI and the end of photographic truth (Politico)

Peter Neumann <Neumann@CSL.SRI.COM>
Sat, 21 Oct 2023 12:13:19 +0007

Gian Volpicelli, Politico, 20 Oct 2023

Call it The Tale of Two Selfies.

Shortly after two members of the Indian wrestling team were arrested in New Delhi while protesting alleged sexual harassment by the president of the national wrestling federation, two nearly identical photos of the duo began circulating online.

Both showed the two women inside a police van among officers and other members of their team. But in one they looked glum. In the other, they were beaming gleefully—as if the arrest had been nothing more than a charade.

For hours, the picture of the smiling wrestlers zipped across social media, reposted by supporters of the federation president, even as journalists, fact-checkers and the two women derided it as fake. It was only much later that an analysis comparing their smiles with earlier photos proved the grins were not genuine. They had been added afterward, most likely<> by free, off-the-shelf software such as FaceApp, which uses artificial intelligence to digitally manipulate images.

Stories like this one point to a rapidly approaching future in which nothing can be trusted to be as it seems. AI-generated images, video and audio are already being deployed in election campaigns. These include fake pictures of former President Donald Trump hugging and kissing the country's top Covid adviser Anthony Fauci; a video in Poland mixing real footage of right-wing Prime Minister Mateusz Morawiecki with AI-generated clips of his voice; and a deepfake recording of the British Labour Party leader Keir Starmer throwing a fit.

AI training vs intellectual property rights

Peter Knoppers <>
Fri, 20 Oct 2023 14:21:33 +0200

I sincerely dislike the way that AI tools are routinely trained by scraping the web without permission, without proper crediting and without compensation to the creators of the parsed documents. Hoping that, someday, I'll be able to “get even” I've added the following copyright sting paragraph to the end of the main page of my web site:

The information on this site was written by Peter Knoppers and—per the Berne Convention for the Protection of Literary and Artistic Works <>—is copyrighted by me. Any use related to the development, or training of AI systems without prior, written permission is prohibited. Personal use, indexing for Internet search engines, etc. is intended, permitted and encouraged. Any reproduction of the documents on this site should be clearly marked as copied from this site.

The hyperlink points to the Wikipedia page about the Berne Convention. I encourage anyone in charge of a website to add a similar sting paragraph. This abuse of our intellectual work without prior, explicit permission is dishonest and must be stopped. Disclaimer: I am not a lawyer.

From High Life Hackers to National Menace: The Rise and Fall of Digital Bandits ‘ACG’ (40media)

Monty Solomon <>
Sun, 22 Oct 2023 02:05:50 -0400

Hackers ‘ACG’ popped champagne and bought sports cars. Then the group and its associates ushered in a bold new era of crime where anything is possible.

The Botched Hunt for the Gilgo Beach Killer (NYTimes)

Monty Solomon <>
Sun, 22 Oct 2023 11:24:45 -0400

For 13 years, police failed to scrutinize the man now accused of the infamous murders. Why did it take so long?

The Race to Save Our Secrets From the Computers of the Future (NYTimes)

Monty Solomon <>
Sun, 22 Oct 2023 18:40:42 -0400

Quantum technology could compromise our encryption systems. Can America replace them before it’s too late?

How to find and book mistake airfares (WashPost)

Gabe Goldberg <>
Sun, 22 Oct 2023 14:31:14 -0400

Christmas morning started off rather uneventfully for Paul Jebara. In 2014, the New York-based travel writer was scanning flight fares online in the hopes of stumbling across some bargain beckoning him to a part of the globe he had yet to explore. Nothing out of the ordinary, given his chosen line of work. After landing on the Etihad Airways site, however, he was about to receive the holiday gift of a lifetime.

“I saw this number on the screen and just couldn’t believe it: $180 round-trip between New York and Abu Dhabi,” he recalls. “It was one of those things that was just too good to be true. It had to be a mistake.” […]

Thankfully for Jebara, Etihad Airways didn’t deploy a similar disclaimer. As it turns out, he wasn’t the only recipient of an outsize gift on that fateful Christmas morning. In fact, enough on-the-spot bargain hunters seized the mistake fare to warrant a public response from the airline. “A system filing issue caused ticket prices for a promotion in the USA to be temporarily listed incorrectly,” said a spokesperson at the time. “The issue has since been rectified. Etihad Airways will honor these fares.”

Jebara respects the carrier for accepting the financial repercussions of its gaffe. “If you mess up and accidentally book the wrong day of travel as a passenger, the airlines are all too willing to hold you accountable, so it should cut both ways,” he adds. “If an airline didn’t honor a mistake fare, it would definitely change my perception of them.”

Nevertheless, cancellation is increasingly becoming the standard industry response. So, file your would-be good fortune under: “If something seems too good to be true, it most often is.” And if you haven’t learned that by now, that’s your mistake.

[The risk? Remote debugging and can't make service call…]~<

The origin of hacking attempts

Turgut Kalfaoglu <>
Fri, 20 Oct 2023 12:36:26 +0300

I often see otherwise sensible authors writing prose such as

> “Countries such as Russian and Chinese hackers often test their attacks…”

whereas the reality is that these two countries are not where the majority of attacks originate.

As a system administrator of a hosting firm, I'm seeing many attacks from the USA, UK, Ukraine, Turkey and a host of African countries as well.

So, perhaps when the authors choose to generalize, they should do so with unbiased data in their hands.

[Also later appendage:]

I wrote a five line script to find out whose IP's were blocked recently from our systems, resolved them into hostnames (the ones that were resolvable) and I'm putting the list at

If a hostname is repeated, that means they tried multiple times.

The Great Zelle Pool Scam (Re: RISKS-33.47)

Monty Solomon <>
Sun, 22 Oct 2023 02:24:43 -0400

All I wanted was a status symbol. What I got was a $31,000 lesson in the downside of payment apps.

Re: False news spreads faster than the truth

Amos Shapir <>
Fri, 20 Oct 2023 17:47:37 +0300Fr

The latter conclusion is logically correct only if A and B are completely independent of each other. Besides, “low or unknown” probability is not a defined quantity which can lead to any conclusion.

Re: False news spreads faster than the truth

Martin Ward <>
Fri, 20 Oct 2023 16:50:50 +0100

If the conjunction (A and B) is of low probability, while B is of high probability, then necessarily it follows that A and B are independent of each other.

The meaning of “low or unknown probability” is given in Alvin Plantinga's essay. For a detailed explanation, see for example, “A defense of Alvin Plantinga's evolutionary argument against naturalism”:

Re: False news spreads faster than the truth

Amos Shapir <>
Sat, 21 Oct 2023 10:29:53 +0300

I'm sorry, but this still doesn't make sense to me. Plantinga's argument completely mixes up the probability of existence of cognitive agents, with the actuality of being one.

It is true that this probability is low, and indeed very few creatures on Earth are reliable cognitive agents. But that does not affect the reliability or veracity of ideas expressed by someone (or something) who is a reliable cognitive agent, no matter how he came into being, and what was the probability of that happening.

Re: False news spreads faster than the truth

Martin Ward <>
Sat, 21 Oct 2023 11:27:25 +0100

Plantinga's argument is a proof by contradiction, and the distinction between “the probability of existence of cognitive agents” with “actually being one” is absolutely central to his argument.

His argument starts by assuming A: Naturalism and B: Evolution from which he deduces that C: the probability that our minds are reliable is low or inscrutable. So the conjunction (A and B) implies C. Here is a detailed exposition of the argument:

You claim (correctly) that B is a scientific theory which has been strongly confirmed by observation and evidence. You also claim (also correctly) that cognitive agents exist (therefore C is false).

Logically, if (A and B) implies C, C is false and B is true, then it must be the case that A is false.

QED (by contradiction).

So Naturalism has a low probability of being correct.

Re: False news spreads faster than the truth

Amos Shapir <>
Sat, 21 Oct 2023 18:43:38 +0300

Note that I'm responding (like in our previous discussion) from the POV of a logician—if terms are not logically well defined, and logic is not followed correctly, there's no point in getting into the actual theist arguments at hand.

Anyway, what's wrong with the latest argument, is that A and B are not independent of each other, and more importantly, C isn't false!

If C has low probability, the most we can say about A or B is that they may have low probability, but the relationship between their probabilities is not defined here (there's a branch of set theory called “Fuzzy Sets” which deals with such items). But regardless of whether our minds are generally reliable or not, the fact that evolution had been experimentally proven to be true, demonstrates that the particular minds who devised it, from Darwin onwards, in fact were reliable.

I haven't watched this clip through, because at 7:30 I encountered what IMHO is Plantinga's main misconception about Naturalism. He says that Naturalism can be viewed as “the Theistic world picture minus God”. But Naturalism is not a view, opinion, nor belief. It is a working assumption—THE working assumption—upon which the whole scientific method is based. Science is a work method, meant to find truth by way of observation and experiment; its basic assumption is that there is no external force (conscious, intelligent nor otherwise) which affects our experiments and observations. We have to assume that whatever worked in 1910 should work in 2030, or that a meter in Iowa is the same length as a meter on the moon. Science cannot be done otherwise (as anyone who owns a cat can tell you).

As an assumption, there's no claim to the truthfulness of Naturalism; it could well be that God exists, and had created Science, including Evolution, to perform exactly as predicted by experiments; but in that case, it's impossible to confirm or deny his existence. Even if it could be proven (I have no idea how) that God does exist, would the whole of Science become false? Will trains stop in their tracks, and planes fall out of the sky?

The bottom line is, it doesn't matter whether Science, and therefore Evolution, is philosophically valid. It works! Evolution is a theory, but so is Electricity… Electricity works, and so is Evolution—it's used i.a. in searching for oil, developing drugs, etc. So anyone who lives in the modern world, travels in cars and takes medicine (most likely including Plantinga), does not have to believe in evolution, he uses it!

Re: False news spreads faster than the truth

Martin Ward <>
Sat, 21 Oct 2023 18:55:38 +0100
> But Naturalism is not a view, opinion, nor belief.  It is a working
> assumption—THE working assumption—upon which the whole scientific
> method is based.

It is certainly not the assumption upon which the whole scientific method is based: none of the first scientists held this assumption! In fact: under Naturalism and Evolution there is a very low probability that our cognitive faculties are reliable in determining truth, so a very low probability that the scientific method would work.

There are certain assumptions, which cannot be proved scientifically, but upon which the whole scientific enterprise is based. These include: the laws of logic, the orderly nature of the external world, the reliability of our cognitive faculties in knowing the world, and the objectivity of the moral values used in science. These assumptions are all denied by Naturalism (for example, Plantinga's argument shows that the reliability of our cognitive faculties is inconsistent with Naturalism and Evolution).

The practical success of the scientific method can be argued as experimental confirmation of the assumptions upon which it is based. Which leads to the “scientific argument for God”:

First, recall how any scientific argument works: a scientist proposed a theory about the nature of reality and suggests an experiment or observation, the outcome of which will either confirm or disconfirm the theory. To put it in probabilistic form, if T is a theory, e is an experimental observation, and k is the set of relevant background knowledge, then if:

P(e|T&k) >> P(e|~T&k)

then we say that the evidence confirms the theory.

(i.e. If the epistemic probability of e given T and k is much greater than the epistemic probability of e given not T and k then the evidence confirms the theory)

The first scientists had a particular theory about the nature of reality (that the world was created by a God who had certain characteristics of trustworthiness etc.) and they deduced that the physical world would also have certain characteristics: that there would be discoverable regularities called “Laws of Nature” that could be confirmed or disconfirmed by experiment.

These properties entailed that the scientific method would work. They set out to test their theory by applying the scientific method.

The subsequent development of science has spectacularly confirmed the first scientists' theories about the nature of reality: so if we accept the scientific method as a valid way to confirm theories in every other area of science, we should (on pain of contradiction) accept it here as well.

Under the negation of their theory: e.g., under an atheistic world view, there is no reason to expect that the universe would have these properties, and therefore no reason to expect the “scientific method” to work in any meaningful way.

The history of science has dramatically confirmed the theistic hypothesis and disconfirmed the atheist hypothesis.

This is the “Scientific Argument for God”. As with any scientific argument it is not an absolute proof, but it is a strong confirmation.

Re: False news spreads faster than the truth

Amos Shapir <>
Sun, 22 Oct 2023 13:28:46 +0300

Again, this is a misrepresentation of Naturalism and the principles of science. First of all, contrary to Plantinga's definition, Naturalism does requires reviews and encourages criticism. Ideally, the same experiment should produce the same results no matter who performs it, including the aliens from the planet Coosebane… And again, the fact that generally, the reliability of our cognitive faculties is not great, has no bearing on the scientific method itself, as long as it is assumed that the scientists who actually do it are reliable. This is not a matter of belief either, an essential part of the scientific method is devoted to ensuring such reliability.

Science doesn't assume any pre-ordained order and logic in Nature, except what has been shown experimentally to exist; so for example, Quantum theory is proven to work by different rules than would be assumed by common logic. not assume that God does not exist, so its inability to prove this cannot be considered a failure. Naturalism only assumes that even if God does exist, He doesn't interfere with the world in unexpected ways.

Science definitely does NOT rely on any specific human ability; that's why there are specific rules on what constitutes a fact, a proof etc., it It is true that early scientists believed that the world works by divine rules, and set out to prove that; but despite their beliefs, they never Did. They have shown that such order does exist, which had strengthened their beliefs (and it seems also Plantinga's and yours)—they called this “the Laws of Nature” and believed that this implies the existence of a Lawmaker; but calling it by a neutral term like “structure” may have produced a different conclusion.

As far as I understand the “Scientific Argument for God”', it goes like that:

1. We believe in God. 2. We believe that God had imposed Rules of Order on the world. 3. Such rules enable employment of the scientific method. 4. The scientific method is successful 5. Therefore, these rules exist 6. Hence God exists.

The trouble with this logic is in stage 6: We assume that G->R, we have proven R is true—but there is no proof that R->G ! Without contradicting any of the logic in stages 2-5, R could be true while G is still false.

Considering that the theistic view also leads to some very unscientific conclusions—such as that the age of the Universe is 6000 years (or 5784 or 6500) and other stuff which would fit better in the Marvel Universe, I find the claim that science confirms it, a bit troubling.

Re: Your old phone is safe for longer than you think (WashPost)

Steve Bacher <>
Sat, 21 Oct 2023 18:31:45 +0000 (UTC)

Corrected link:

Please report problems with the web pages to the maintainer