Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
A LOT. -L
https://academic.oup.com/pnasnexus/article/3/2/pgae034/7610937?searchresult=1&login=false
Deceptive videos, audio and images are more sophisticated, easier to make as tech industry wrestles with how to keep up
https://www.wsj.com/tech/ai/new-era-of-ai-deepfakes-complicates-2024-elections-aa529b9e
Deepfake-enabled attacks against Android and iPhone users are netting criminals serious cash.
https://www.theregister.com/2024/02/15/cybercriminals_stealing_face_id/
A customer asked the Air Canada chatbot about the rules for bereavement fares. The customer believed the chatbot's answer (basically “buy the ticket and then ask for a credit”), but Air Canada refused to honor the guidance, since elsewhere on the site it had a different set of rules. The court ruled that Air Canada had to honor the instructions provided by the chatbot, rejecting Air Canada's statement that the customer never should have trusted the chatbot and the airline should not be liable for the chatbot's misleading information because Air Canada essentially argued that “the chatbot is a separate legal entity that is responsible for its own actions.”
“Air Canada argues it cannot be held liable for information provided by one of its agents, servants, or representatives—including a chatbot,” [= the judge] wrote. “It does not explain why it believes that is the case” or “why the webpage titled ‘Bereavement travel’ was inherently more trustworthy than its chatbot.”
The chatbot is apparently no longer active on the Air Canada site.
This was a case in Canada involving a Canadian and a Canadian company. IANAL, so curious what the analogous results would be in the US or other countries. This certainly won't be the only case where a chatbot will give erroneous advice. This isn't to say that human customer service agents never make mistakes (we all do!), but the attempt to avoid responsibility is troubling.
https://arstechnica.com/tech-policy/2024/02/air-canada-must-honor-refund-po= licy-invented-by-airlines-chatbot/
Laurens Cerulus, Antoaneta Roussi, Gian Volpicelli, Politico, 16 Feb 2024,
Munich—The world's largest technology companies on Friday announced an industry alliance to stop AI-generated pictures and clips from disrupting elections taking place around the world in 2024.
On Wednesday, the FBI said Volt Typhoon had used its malware to disguise the fact that the hack had been conducted by the Chinese government, adding that the “vast majority” of routers affected were out-of-date Cisco and NetGear machines that had not received recent security updates.
Unlike previous attacks, the hack was directed at internet routers in small businesses and home offices, rather than at government agencies or infrastructure providers.
https://arstechnica.com/?p=2003936
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
https://www.wired.com/story/tetra-radio-encryption-backdoor/
On Wednesday, the FBI said Volt Typhoon had used its malware to disguise the fact that the hack had been conducted by the Chinese government, adding that the “vast majority” of routers affected were out-of-date Cisco and NetGear machines that had not received recent security updates.
Unlike previous attacks, the hack was directed at Internet routers in small businesses and home offices, rather than at government agencies or infrastructure providers.
What Amazon, FTC, and CIA Won't Say When You've Been Scammed
New York magazine’s money columnist wrote about being conned out of $50,000 by crooks pretending to be from Amazon and government agencies. We asked the company and agencies for comment.
There's much here that makes this hard to believe; it's a collection of every scam red flag that says, Run away.
Amazon—>FTC—>CIA? $50,000 cash? Don't tell family?
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
https://www.wired.com/story/tetra-radio-encryption-backdoor/
Powerball organizers in Washington DC said they “mistakenly posted” winning numbers in January 2023. The holder of those numbers is suing for negligence and emotional distress.
https://www.nytimes.com/2024/02/20/us/powerball-lottery-lawsuit.html
Vyacheslav Igorevich Penchukov, 37, of Ukraine, pleaded guilty in federal court for his role in two separate malware schemes that caused tens of millions of dollars in losses.
https://arstechnica.com/?p=2003602
The woman bypassed a Transportation Security Administration check and boarded an American Airlines flight in Nashville, officials said.
https://www.nytimes.com/2024/02/16/us/tsa-security-breach-nashville.html
Who knew stainless steel might not be such a good idea for the exterior of an electric SUV? The entire automotive industry, that’s who.
Posting on the Cybertruck Owners Club forum, a user named Raxar risked the wrath of the Tesla faithful”already exercised by the Cybertruck's numerous alleged design flaws”by stating that when they collected the $61,000 truck, “the advisor specifically mentioned the Cybertrucks develop orange rust marks in the rain.”
In a separate thread, the user vertigo3pc reported that “corrosion was forming on the metal” of his Cybertruck after it spent 11 days in the rain in Los Angeles.
Raxar, who also lives in California, posted what appeared to be close-up, rust-flecked images of his truck after driving it for two days in rain.
The Cybertruck does not ship with clear coat, that outermost layer of transparent paint that comes as standard on almost every new motor vehicle on the planet. Instead, each Cybertruck owner has the option to purchase a $5,000 urethane-based film to “wrap your Cybertruck in our premium satin clear paint films. Only available through Tesla.” […]
Once the chromium oxide barrier is breached, corrosion takes hold. And caveat emptor, because Tesla's owner's manual advises promptly removing corrosive substances, emphasizing not to wait until the Cybertruck is scheduled for a “complete wash,” whatever that is.
The documentation says: “To prevent damage to the exterior, immediately remove corrosive substances (such as grease, oil, bird droppings, tree resin, dead insects, tar spots, road salt, industrial fallout, etc.). Do not wait until Cybertruck is due for a complete wash. If necessary use denatured alcohol to remove tar spots and stubborn grease stains, then immediately wash the area with water and a mild, non-detergent soap to remove the alcohol.”
Pigeon poo is a well-known corrosive agent”guano is no friend to the fastidious car owner”but tree sap and bugs? Maybe that $5,000 Cybertruck wrap should ship as standard.
Other care instructions”highlighted in this YouTube video at 23 minutes in”reveal how delicately Cybertruck owners need to treat their stainless steel electric SUVs. The washing stipulations alone include, somewhat amazingly, “Do not wash in direct sunlight,” “Some cleaners and car shampoos contain chemicals that can cause damage or discoloration,” and even “Do not <use hot water.”
Tesla was asked to comment on this story but did not respond.
https://www.wired.com/story/this-is-why-teslas-stainless-steel-cybertrucks-may-be-rusting/
The Internet in the United States leans toward permissiveness within the bounds of the law. But with your iPhone apps, Apple makes the rules. […] In other words, iPhone apps could become a little more like the web ” for better and for worse.
Apple says this is a bad idea. Drop her a line and let her know what you think.
<https://ablink.hello.wyze.com/ss/c/joL5H43QPq7w8NAgPNQc7L5-zVtqg3G8XOS6RbH= m1SANPpTujMKJ283b9YZ7J_QQ/43z/iKjB1p0UQCm55attfNtlIQ/h20/Rmb1buuTQBw8PdQgpp= vDjomyNKfhGyxeO5DclvIHNd0>
Wyze Friends,
On Friday morning, we had a service outage that led to a security incident. Your account and over 99.75% of all Wyze accounts were not affected by the security event, but we wanted to make you aware of the incident and let you know what we are doing to make sure it doesn't happen again.
The outage originated from our partner AWS and took down Wyze devices for several hours early Friday morning. If you tried to view live cameras or Events during that time, you likely weren't able to. We're very sorry for the frustration and confusion this caused.
As we worked to bring cameras back online, we experienced a security issue. Some users reported seeing the wrong thumbnails and Event Videos in their Events tab. We immediately removed access to the Events tab and started an investigation.
We can now confirm that as cameras were coming back online, about 13,000 Wyze users received thumbnails from cameras that were not their own and 1,504 users tapped on them. Most taps enlarged the thumbnail, but in some cases an Event Video was able to be viewed. All affected users have been notified. Your account was not one of the accounts affected. The incident was caused by a third-party caching client library that was recently integrated into our system. This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.
To make sure this doesn't happen again, we have added a new layer of verification before users are connected to Event Videos. We have also modified our system to bypass caching for checks on user-device relationships until we identify new client libraries that are thoroughly stress tested for extreme events like we experienced on Friday.
We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze. We built a security team, implemented multiple processes, created new dashboards, maintained a bug bounty program, and were undergoing multiple 3rd party audits and penetration testing when this event occurred.
We must do more and be better, and we will. We are so sorry for this incident and are dedicated to rebuilding your trust.
If you have questions about your account, please visit support.wyze.com.
Wyze Team
I retired from the SEI in February 2022 and then rejoined part-time in April 2022. Independent of the SEI I’ve been working with colleagues at IFIP WG10.4 (specifically Jay Lala, John Meyer, Carl Landwehr, Wilfried Steiner) on an internal-to-the Working Group project on intelligent vehicle dependability and security. The project has just concluded and issued a final report which can be found at https://ivds.dependability.org/final-report.html .
Principal findings of the project, conducted over the past four plus years, point to significant shortfalls in technologies, cost, governance, and societal aspects in achieving the end goal of safe and secure SAE Level 4 or 5 self-driving intelligent vehicles.
In the UK, there is now a requirement for the odometer reading to be logged at the annual road safety check. This is available on line. So if you roll it back to less than the previous year's reading, it will show up.
We have been quite lucky - the last two second-hand cars we purchased were three years old and had known-genuine readings of 6000 and 1250 miles — absolute bargains.
Ford, GM and others have been caught out by this regulation in the past
They argued that whilst their vehicles did not comply with the letter of the law, the impact was inconsequential, so they petitioned to ignore the issue in existing cars and not perform a recall.
The request to ignore was granted.
Tesla simply fixed the issue over the air for American vehicles. No change was made to non-americas vehicles where the move to pure English language indications (as opposed to icon-with-English) would not be appropriate.
I can hear the discussion (many times, as a former software developer and then quality consultant) among the software developers: Question from the software quality guy: “Well what if the car being towed is at an angle to the tow truck?” Response from the developers (who've never had their car towed): “Oh, no, that's not going to happen! The towed car is ALWAYS directly behind the truck.”
It's interesting that Waymo, not long ago, was trying to sound like their software was years ahead of Tesla's, because this seems to highlight some things that Tesla have moved away from.
Bloat has been a problem for a long time for two reasons. One is that there seems to be little teaching of how to recognise simple and direct expression of any intended idea. It is not natural because the thinking behind conversation is extremely old—probably several hundred thousand years — and because working programmers are under pressure to produce results quickly. That's because managers themselves are under pressure to get to market before the competition.
So the environment is the basic cause of inefficient software. It is made more critical because any idea (or legal requirement) is basically a set of descriptions — and all descriptions, though useful and necessary, are inherently incomplete and wrong.
I can't suggest a way to overcome either influence. Anybody have any ideas?
Please report problems with the web pages to the maintainer