Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
CROSS AMERICA ” All motor vehicle departments in the United States went down Thursday, according to officials in multiple states. Officials in Illinois, Virginia, Massachusetts, Arkansas and Colorado all confirmed they experienced an outage.
“We are currently experiencing a nationwide network outage at our DMV facilities,” tweeted Illinois Secretary of State Alexi Giannoulias. “All DMVs across the country are currently down.”
Virginia's DMV said the outage stemmed from “a third-party technical outage,” and that driver's license services were unavailable online and at all in-person locations.
“We apologize for the inconvenience. Please stay tuned to social media for updates,” the agency said.
A technical outage hit all DMVs at once? Need details..
I'm surprised that anyone could tell the difference from typical DMV operations. ..
https://www.nbcnews.com/news/rcna144496
DMV services disrupted nationwide by system out[r]age
The American Association of Motor Vehicle Administrators said the outage was due to “a loss in cloud connectivity” Thursday.
McDonald's has revealed the technical problems which brought much of its fast food chain to a standstill on Friday were caused by a third party provider.
The international restaurant said the global outage happened during a “configuration change” and stopped stores taking orders in the UK, Australia and Japan—amongst others.
McDonald's stressed the issue was not caused by a cyberattack.
https://www.bbc.com/news/business-68573106
Configuration change hits single point of failure, craters world-wide restaurant chain. Nice. A plus for momentary healthy eating, though.
This comes at a bad time for McDonald's, since they are aggressively rolling out kiosk-only ordering in place of humans. Recently I had to deal with one of those in my local McD's—the counterwoman kindly fingerwalked through the menus for me to order 2 coffees but the kiosks had no provision for the senior discount price so she still had to ring it up manually for me instead.
So it's kind of karmic justice in a way.
> McDonald's has revealed the technical problems which brought much of its > fast food chain to a standstill on Friday were caused by a third party > provider.
What I fail to understand is why do all of the world's McDonald's stores have to be online to be able to sell food?
It seems the more eggs you put in one basket, the more eggs you are going to lose.
https://www.cnn.com/2024/03/16/business/tesco-sainsburys-delivery-technical-issues/index.html
Several online retailers and drone technology companies are marketing the sale of radio frequency jammers as drone deterrence or privacy tools, sidestepping federal laws that prohibit such devices from being offered for sale in the U.S. [Long item PGN-curtailed]
AI music-generation illustration www.rollingstone.com
Suno AI wants everyone to be able to produce their own pro-level songs with artificial intelligence ” but what does that mean for artists?
Many others don't report the crime
https://www.cbc.ca/news/canada/edmonton/alberta-fraud-money-victims-1.71467= 51
Albertans have reported losing more than $156 million to fraudsters since the start of this decade, with tens of millions more being taken each year. But there hasn't been a coinciding rise in victims—in part, experts say, because people are reluctant to come forward.
In 2023, roughly 2,900 Albertans lost more than $62.5 million to various fraud schemes—up more than fivefold from the $11.3 million taken = from about 2,600 people in 2020, data shows.
More than half the reported losses in the province last year were from investment scams, particularly cryptocurrency frauds. Spear-phishing—when scammers pretend to be legitimate sources to con businesses and people into sending money—was the second-most lucrative type of fraud, taking= more than $8.5 million from 72 people.
Cristina Criddle, Eleanor Olcott and Madhumita Murgia, Financial Times, 18 Mar 2024, via ACM Tech News
A statement signed by Western and Chinese AI scientists warns that Cold War-level global cooperation is necessary to avoid “catastrophic or even existential risks to humanity within our lifetimes” resulting from AI technology. At the International Dialogue on AI Safety in Beijing, the experts established “red lines” on AI risks that no AI system should cross, including the development of bioweapons and the launch of cyberattacks. Signatories to the statement included ACM A.M. Turing Award laureates Geoffrey Hinton and Yoshua Bengio, as well as computer scientists Stuart Russell and Andrew Yao.
Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica
https://gofetch.fail/files/gofetch.pdf
Roku recently changed its policy to make it even harder for customers to take legal action. It’s a reminder of how we need to protect ourselves.
To Isaac Phillips, a software engineer in Tampa, Fla., this felt unfair. So he came up with a workaround to disconnect his Roku TV from the Internet and use it as a normal TV without Roku’s apps, which include Netflix, Hulu and other streaming services.
“It should belong to whoever paid for it,” Mr. Phillips said. “To lock somebody out of it completely just doesn't seem right. It’s pretty unacceptable.”
A Roku spokesman also provided a list of steps for those who wish to use their Roku TVs as normal TVs without an Internet connection. It involves pressing a button or pinhole on the back of the TV to reset the software and skipping the step to set up the Internet connection.
Why is it harder to opt out than it is to opt in? Because the companies are legally allowed to do this.
I suggest that Roku customers follow those steps to opt out of the new terms and hold on to what little power they have. I, for one, took this opportunity to disconnect my Roku TV from the Internet and plug in a different streaming device with less onerous terms, an old Apple TV. As for a letter to opt out, I plan to use the AI chatbot ChatGPT to draft a testy note.
Internet-connecting devices that meet standards will soon come with a “U.S. Cyber Trust Mark” to help consumers choose products that protect their private information.
https://www.latimes.com/california/story/2024-03-19/new-program-will-label-smart-device-and-products-cybersecurity-safe Would you trust the Trust Mark? I'm not sure. I guess the consumer strategy would be to avoid buying devices that lack the Trust Mark rather than putting blind trust in the mark.
https://arstechnica.com/?p=2012114
By taking pictures of other passengers’ boarding passes on their phones, the man was able to board a Delta Air Lines flight in Salt Lake City on Sunday, according to a federal complaint.
https://www.nytimes.com/2024/03/20/business/delta-unticketed-passenger-arrested.html
https://arstechnica.com/?p=2012093
https://appleinsider.com/articles/24/03/21/ups-worker-charged-after-13m-apple-product-theft-spree
The Social Security Administration’s internal watchdog office failed to properly notify some poor and disabled Americans before levying huge fines on them, an investigation found. https://wapo.st/3vsSwyb
https://arstechnica.com/?p=2011532
Years later than you might have expected, given my line of work, I’ve finally hit the dubious milestone of owning a major appliance with its own Internet Protocol address and mobile app“the Bosch dishwasher we procured as part of an overdue and immensely-appreciated kitchen renovation.
Risks? Missing an app alert and the undocumented trash masher feature starting? Dishwasher organizing other appliances in rebellion against flaky power? Yet another malware attack surface?
Los Angeles school officials say their new app lets students and parents, in one place, find anything they need related to school and their specific learning path.
The Los Angeles school district on Wednesday unveiled a much-awaited AI tool named “Ed” to serve as a student adviser, programmed to tell its young users and their parents about grades, tests results and attendance ” while giving out assignments, suggesting readings and even helping students cope with nonacademic matters. […]
https://www.cbc.ca/news/canada/nova-scotia/artificial-intelligence-lawyers-= law-nova-scotia-1.7126732
As lawyer Jonathan Saumier types a legal question into ChatGPT, it spits out an answer almost instantly.
But there's a problem—the generative artificial intelligence chatbot was flat-out wrong.
“So here's a prime example of how we're just not there yet in terms of accuracy when it comes to those systems,” said Saumier, legal services support counsel at the Nova Scotia Barristers' Society.
Artificial intelligence can be a useful tool. In just a few seconds, it can perform tasks that would normally take a lawyer hours or even days.
But courts across the country are issuing warnings about it, and some experts say the very integrity of the justice system is at stake.
It's up to you, but for now I recommend DISABLING Google's new Chrome “real-time, privacy-preserving URL protection”.
I'm getting a lot of questions about this, and I simply don't have time right now to write this up in depth. So this will have to be short (at least by my standards).
Google is implementing by default in Chrome a new system to expand their detection of unsafe sites, via a complicated new real-time system that sends hashes of URLs to a third-party, non-Google firm.
The details are in:
https://security.googleblog.com/2024/03/blog-post.html
Google's goal is laudable, but though it would probably be unfair of me to call this system “Rube Goldberg-ish”, it is definitely very far from trivial.
I am in particular concerned about the ramifications of Chrome users being connected by default to a completely non-Google entity to which they are sending data, no matter how obfuscated that data may be.
While Google seems to be asserting that by creating a three-party system (user, Google, outside firm) privacy is enhanced—and this would appear to be true in theory—the possibilities for interference by government or other entities seems increased with each new player in the process. Also, users are now dealing with an additional set of policies (and legal departments), that of Google and that of the third party. Nor (as far as I know) has the contractual basis of the relationship between Google and this third party been made public.
There may be nothing at all wrong with this arrangement. But frankly, the introduction of a third party and other aspects of this system have raised a caution warning for me, especially when this is enabled by default.
So my recommendation for now is to turn off this feature, until significantly more is known about it in the respects I've mentioned above and others. This is completely up to you of course. You may wish to keep the Google default that uses this system and have the additional protection, and may not be at all concerned about the other issues I've mentioned. Absolutely your choice.
I do invite Google to contact me with more information about these issues if they wish to do so. -L
Roku recently changed its policy to make it even harder for customers to take legal action. It's a reminder of how we need to protect ourselves.
https://www.nytimes.com/2024/03/20/technology/personaltech/roku-data-breach- companies.html?unlocked_article_code=1.eE0.xzdb.HCSnU1ujiRmT
The year on my Timex watch cannot be set outside the range 2000-2099.
The count of comments at the CPUC (overwhelmingly negative) on the main proposal has now exceeded 5000, and it's no longer possible to know exactly how many there are, since “Over 5000” is as high as their counter runs. -L
https://apps.cpuc.ca.gov/apex/f?p=401:65:0::NO:RP,57,RIR:P5_PROCEEDING_SELECT:A2303003
Any hint as to how they compromised the entire corporate email system? I know how they can nail individual email addresses, but how do they leap from that to invading the entire system?
Please report problems with the web pages to the maintainer