The RISKS Digesturn:uuid:54091d81-d8df-9326-348c-2531b31b53c12024-03-16T22:01:03+00:00daily1Peter G. NeumannSFO-bound flight returns to AustraliaJordan Parker PGN-edurn:uuid:60bd6041-2ca9-2967-b1be-18cb1da251e52024-03-16T22:01:04+00:00Jordan Parker, *The San Franciso Chronicle*, 14 Mar 2024 (Pi Day)
[PGN-ed]
* A maintenance issue forced a Boeing 777-300 United Flight 830 with
167 passengers to return to Australia on Monday 11 Mar 2024 in the
seventh incident in a week.
* On Saturday 9 Mar, a United flight from Chicago's O'Hare returned
after a maintenance issue
* On Friday 8 Mar, a United flight from SFO to Mexico City
made an emergency landing in Los Angeles due to a hydraulic
issue.
* Also on 8 Mar, a United plane rolled off the runway and was
stuck in the grass at George Bush International in Houston.
* On Thursday 7 Mar, a United jet bound for Japan lost a wheel
during takeoff.
* On Monday 4 Mar, a United flight from Houston to Florida made
an emergency landing after an engine went up in flames in midair.
* Also on 4 Mar, an SFO-bound United flight from Honolulu landed
safely after an engine failed in mid-flight.
[Jim Geissman notes:
United Airlines flight 433 lands safely without panel in Oregon
The missing panel went undetected during the flight on 15 Mar 2023.
https://www.bbc.com/news/world-us-canada-68584134
PGN]]]>Latam flight eventJim Geissmanurn:uuid:58cb50c3-6507-5880-7485-00026cafbaaa2024-03-16T22:01:04+00:00Boeing plane drops suddenly injuring several. Crew member quoted as saying
the instruments briefly went black.
https://www.nzherald.co.nz/nz/nz-passenger-on-latam-flight-saw-man-with-bloo
d-streaming-down-his-face/EXGL5PBCD5E2NBIUDFQZ76MYSQ/]]>Boeing tells pilots to check seats after Latam planeBBCurn:uuid:5dea711a-5951-5efb-6fc2-2deb208489512024-03-16T22:01:04+00:00https://www.bbc.com/news/business-68580950
Boeing has told airlines operating 787 Dreamliners that pilots need to
check their seats as an investigation into an incident on a Latam flight
continues.
It comes after 50 people were hurt this week when a 787 dropped suddenly
during a Latam Airlines flight.
*The Wall Street Journal* reported that a flight attendant accidentally hit a
switch on the pilot's seat, which pushed the pilot into the controls,
forcing down the plane's nose.]]>Alaska Airlines Flight Was Scheduled for Safety Check on Day Panel Blew OffNYTimesurn:uuid:456883b1-ab24-658e-0f72-e3187654bddf2024-03-16T22:01:04+00:00https://www.nytimes.com/2024/03/12/us/politics/alaska-airlines-flight-door.html]]>Hackers Breached Key Microsoft SystemsSean Lyngaasurn:uuid:248042eb-204b-1969-70d6-4183728bc4842024-03-16T22:01:04+00:00Sean Lyngaas, *CNN*, 8 Mar 2024, via ACM TechNews
Microsoft revealed that a breach of its systems by Russian state-backed
hackers was more extensive than previously thought when first disclosed in
January. Microsoft believes the hackers have used information stolen from
Microsoft's corporate email systems to access "some of the company's source
code repositories and internal systems," the company said in a filing with
the U.S. Securities and Exchange Commission. An accompanying blog post said
the hacker group may be using the information it stole "to accumulate a
picture of areas to attack and enhance its ability to do so."]]>Missing Authorurn:uuid:c193fe03-2ece-1d68-ba7b-2712eb0c904b2024-03-16T22:01:04+00:00https://www.theverge.com/2024/3/6/24092191/microsoft-ai-engineer-copilot-designer-ftc-safety-concerns]]>Cut submarine cables cause web outages across Africa; 6 countries still affectedArsTechnicaurn:uuid:cdb365c4-573c-a750-c23d-4e84865c91fa2024-03-16T22:01:04+00:00https://arstechnica.com/?p=2010677]]>McDonald's hit by outages at stores worldwideBBCurn:uuid:4ce281e0-60b3-f9cb-8078-17c60a7515932024-03-16T22:01:04+00:00https://www.cbc.ca/news/business/mcdonalds-outage-1.7144768
Many McDonald's stores in Japan stopped taking in-person and mobile
customer orders because of the system disruption, a spokesperson at
McDonald's Holdings Company Japan said, adding that the company was working
to restore operations soon.
A McDonald's Australia spokesperson said they were also aware of a
technology outage impacting its restaurants nationwide and were working to
resolve this issue.
The company operates nearly 3,000 stores across Japan and roughly 1,000 in
Australia, its websites for the regions show.]]>McDonald's blames global outage on third partyBBCurn:uuid:a3a00845-9803-4244-058f-cb861dd6fb4d2024-03-16T22:01:04+00:00https://www.bbc.com/news/business-68573106
McDonald's has revealed the technical problems which brought much of its
fast food chain to a standstill on Friday were caused by a third party
provider.
The international restaurant said the global outage happened during a
"configuration change" and stopped stores taking orders in the UK,
Australia and Japan—amongst others.
McDonald's stressed the issue was not caused by a cyberattack.]]>Phony Billionaires on Facebook Are Scamming Americans Out of Their Life SavingsWashPosturn:uuid:1c92e896-5c8d-d386-b9df-869a9b50d0f12024-03-16T22:01:04+00:00A fake Bill Ackman, a bogus Cathie Wood and a false Steve Cohen are among
the impersonators luring victims on social media, and their real-life
counterparts can’t keep up. ‘It’s like a game of whack-a-mole.’
https://www.wsj.com/tech/fake-bill-ackman-cathie-wood-scam-a8df6ce7]]>Amid explosive demand, America is running out of powerWashPosturn:uuid:4bd7b540-9e33-6665-487d-4dc814d062aa2024-03-16T22:01:04+00:00An interesting example: airports will need vast electricity to charge the
rental cars!
Artificial intelligence, data centers and the boom in clean-tech
manufacturing are pushing America's aging power grid to the brink. Utilities
can't keep up.
https://wapo.st/3IqeK6P]]>CISA hackedSean Lungaasurn:uuid:26e2ae59-2a94-45aa-3da1-caa602b0850c2024-03-16T22:01:04+00:00https://www.cnn.com/profiles/sean-lyngaas>
The Homeland Security Department headquarters in northwest Washington, DC,
on February 25, 2015. CNN
A federal agency in charge of cybersecurity discovered it was hacked last
month and was forced to take two key computer systems offline, an agency
spokesperson and US officials familiar with the incident told CNN.
One of the US Cybersecurity and Infrastructure Security Agency’s affected
systems runs a program that allows federal, state and local officials to
share cyber and physical security assessment tools, according to the US
officials briefed on the matter. The other holds information on security
assessment of chemical facilities, the sources said.
A CISA spokesperson said in a statement that “there is no operational impact
at this time” from the incident and that the agency continues to “upgrade
and modernize our systems.”
“This is a reminder that any organization can be affected by a cyber
vulnerability and having an incident response plan in place is a necessary
component of resilience,” the spokesperson said, adding that the impact from
the hack “was limited to two systems, which we immediately took offline.”
The two systems run on older technology that was already set to be replaced,
sources told CNN.
Part of the Department of Homeland Security, CISA investigates cyber
intrusions at federal agencies and advises private critical infrastructure
firms on how to bolster their security.
The Record first reported on the hack.
<https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise>
It was not immediately clear who was behind the hack, but it occurred
through vulnerabilities in popular virtual private networking software made
by Utah-based IT firm Ivanti. For several weeks, CISA has urged federal
agencies and private firms to update their software or take other defensive
measures in response to widespread exploitation of Ivanti vulnerabilities by
hackers.
Among the hackers exploiting the flaws are a Chinese group focused on
espionage, private researchers have previously told CNN.
<https://www.cnn.com/2024/01/10/politics/chinese-hackers-research-organization/index.html>
While there is some irony in it, even cybersecurity agencies or officials
can be victims of hacking. After all, they rely on the same technology that
others do. The U.S.’s top cybersecurity diplomat Nate Fick said last year that
his personal account on social media platform X was hacked,
calling it part of the “perils of the job.”
<https://www.cnn.com/2023/02/05/politics/nate-fick-twitter-hack-cybersecurity/index.html>]]>Even a security expert can get phishedPluralisticurn:uuid:f532444f-6cb6-4677-63e8-63132a6062982024-03-16T22:01:04+00:00First-person account of someone who fell for a phishing scam,
https://pluralistic.net/2024/02/05/cyber-dunning-kruger/
"The fact that the fraudsters knew where I banked, knew my name, and had
my phone number had really caused me to let down my guard."
You are NOT paranoid when they really are after you (well, your money).]]>Microsoft says Kremlin-backed hackers accessed its source and internal systemsArsTechnicaurn:uuid:9bde8a49-823c-6a38-0e4a-cc94039477c72024-03-16T22:01:04+00:00https://arstechnica.com/security/2024/03/microsoft-says-kremlin-backed-hackers-accessed-its-source-and-internal-systems/]]>Spate of Mock News Sites With Russian Ties Pop Up in U.S (NYTimes) companiesNYTimesurn:uuid:5b7a859f-e24f-3178-fe5a-fa6e00a36f5e2024-03-16T22:01:04+00:00https://www.nytimes.com/2024/03/07/business/media/russia-us-news-sites.html?unlocked_article_code=1.a00.QkKu.YLemQ0Rxkj5X&smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb]]>Missing Authorurn:uuid:fc1a5dcb-ee18-d426-b7a6-41313973aa7e2024-03-16T22:01:04+00:00https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html?unlocked_article_code=1.c00.2coE.yOfXipHA21Jp&smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb]]>Aescape's Robot-Arm-Powered Massage TableWiReDurn:uuid:f145aa7d-68fe-f4d4-b650-1547d366a3ee2024-03-16T22:01:04+00:00The Aescape has robot arms designed to deliver a custom spa-like
massage”all for $60.
https://www.wired.com/story/hands-on-aescape-automated-massage/
What could go ... wrong?]]>ATT outage under FCC investigationWashPosturn:uuid:123bb84d-7b25-dc19-002f-3ab7cb8395622024-03-16T22:01:04+00:00The Federal Communications Commission has opened a formal investigation into
last month's nationwide AT&T outage that left millions of people without
cellphone service for hours.
https://www.washingtonpost.com/business/2024/03/07/fcc-att-outage-investigat
ion/]]>The AI-generated hell of the 2024 electionThe Vergeurn:uuid:65adf2ac-6bc0-4119-6ea7-acdb7655fe8f2024-03-16T22:01:04+00:00https://www.theverge.com/policy/24098798/2024-election-ai-generated-disinformation]]>New Hampshire voters sue Biden deepfake robocall creatorsNBCNewsurn:uuid:4fdfd315-4227-31a7-7585-850390eae8412024-03-16T22:01:04+00:00Based on NBC News reporting, the League of Women Voters is suing the
creators of a deepfake robocall impersonating Joe Biden that told voters not
to vote.
https://www.nbcnews.com/politics/2024-election/new-hampshire-voters-sue-biden-deepfake-robocall-creators-rcna143662]]>Google Restricts Gemini Chatbot Election AnswersPeter Hoskinsurn:uuid:211aa958-47f8-599c-a15e-7577998c0cad2024-03-16T22:01:04+00:00Peter Hoskins, BBC, 13 Mar 2024, via ACM TechNews
Google announced in a blog post it is limiting the types of
election-related questions its Gemini chatbot can be asked. The
restriction has been implemented in India, where elections will be
held next month. BBC staff asked the AI chatbot questions about the
upcoming elections in the U.S., U.K., and South Africa, to which
Gemini responded, "I'm still learning how to answer this question. In
the meantime, try Google Search." Gemini provided more detailed
responses when asked follow-up questions about India's major parties.]]>Robot Ships Are Setting SailBBCurn:uuid:ccf827dd-17f5-a62c-a5f1-1bd90dadf5442024-03-16T22:01:04+00:00Jonathan Amos, Rebecca Morelle. Alison Francis et al., BBC, 6 Mar
2024, via ACM TechNews
In Norway, U.S. and U.K. researchers at Ocean Infinity are testing a robotic
ship equipped with cameras, microphones, radar, GPS, and satellite
technology that eventually will be part of a fleet of 23 such vessels used
to assess the seabed for offshore wind farm operators and perform underwater
infrastructure inspections for oil and gas companies. The 255-foot ship has
just 16 crew members, and that figure ultimately could decline further as
more roles are performed remotely using gaming-like controls and touch
screens. Reducing the number of crew members can allow for smaller ships
that use less fuel and have a smaller carbon footprint.]]>Your Doctor's Office Might Be BuggedJesse Pinesurn:uuid:11b0c09b-633a-4e90-78d7-3354ec043af12024-03-16T22:01:04+00:00Jesse Pines, *Forbes*, 4 Mar 2024, via ACM TechNews
More physician practices are implementing ambient AI scribing, in which AI
listens to patient visits and writes clinical notes summarizing them. In a
recent study of the Permanente Medical Group in Northern California, more
than 3,400 doctors have used ambient AI scribes in more than 300,000 patient
encounters since October. Doctors reported that the technology reduced the
amount of time spent on after-hours note writing and allowed for more
meaningful patient interactions. However, its use raises concerns about
security, privacy, and documentation errors.]]>AI Is Being Built on Dated, Flawed Motion-Capture DataJulianne Pepitoneurn:uuid:28682a55-9187-2435-4f4e-8553fd3030b12024-03-16T22:01:04+00:00Julianne Pepitone, *IEEE Spectrum*, 1 Mar 2024, via ACM TechNews
A study by a University of Michigan-led research team found that the
motion-capture data used to design some AI-based applications is flawed and
could endanger users outside the parameters of the preconceived "typical"
body type. The benchmarks and standards used by developers of fall detection
algorithms for smartwatches and pedestrian-detection systems for
self-driving vehicles, among other technologies, do not include
representations of all body types. In a systemic literature review of 278
studies as far back as the 1930s, the researchers found that the data
captured for most motion-capture systems were from white able-bodied men "of
unremarkable weight." Some studies used data from dismembered cadavers.]]>Researchers Jailbreak Chatbots with ASCII ArtMark Tysonurn:uuid:41f2cb6d-221b-ddcb-edc8-c685ae15db672024-03-16T22:01:04+00:00Mark Tyson, *Tom's Hardware*, 7 Mar 2024, via ACM TechNews
ArtPrompt, developed by researchers in Washington and Chicago, can bypass
large language models' (LLMs) built-in security features. The tool generates
ASCII art prompts to get AI chatbots to respond to queries they are supposed
to reject, like those referencing hateful, violent, illegal, or harmful
content. ArtPrompt replaces the "safety word" (the reason for rejecting the
submission) with an ASCII art representation of the word, which does not
trigger the ethical or security measures that would prevent a response from
the LLM.]]>Nvidia sued over AI training data as copyright clashes continueArsTechnicaurn:uuid:40e6c879-8c11-a11b-623d-fe69c09fb51d2024-03-16T22:01:04+00:00https://arstechnica.com/?p=2009239]]>Reports of DJI data breach turn out to be false apparentlyLauren Weinsteinurn:uuid:a2d2e2ff-8ab6-ba87-5b78-d1fc5dd0d8df2024-03-16T22:01:04+00:00There were reports of a massive DJI data breach involving corporate
and customer data. Apparently no such breach has occurred, and the
original claims of stolen data were reportedly part of an effort to
get ransom paid for a database of stolen data that did not actually
exist. -L]]>Pornhub disables website in Texas amid legal battle with attorney general's officeNBCNewsurn:uuid:8f6fd3f0-8f4b-d322-8a49-c7db7e32bee12024-03-16T22:01:04+00:00Pornhub disables website in Texas amid legal battle with attorney general's
office
“Unfortunately, the Texas law for age verification is ineffective,
haphazard, and dangerous,” a statement on Pornhub's website read.
https://www.nbcnews.com/tech/pornhub-disables-website-texas-rcna143502]]>Massively Popular Safe Locks Have Secret Backdoor CodesVictor Millerurn:uuid:d36fc071-a721-8382-08fd-102308bc31cb2024-03-16T22:01:04+00:00Not exactly computing related, but still of interest.
https://www.404media.co/massively-popular-safe-locks-have-secret-backdoor-codes/
[Keys under Doormats strikes again. Blockchain Cryptocurrency should have
done that to recover lost Bitcoin, but that would be a horrible
vulnerability, not a feature? PGN]]]>D-Wave Says Its Quantum Computers Can Solve Otherwise Impossible Tasks (Matthew Sparkesurn:uuid:b5ffe243-b89a-8d82-d3ab-342598230e952024-03-16T22:01:04+00:00Matthew Sparkes, *New Scientist* (03/07/24), via ACM TechNews
D-Wave is claiming its Advantage quantum computer and prototype Advantage2
achieved "computational supremacy" by calculating transverse field Ising
model problems faster than the world's most powerful classical
computer. D-Wave researchers contend it would take millions of years for the
Frontier supercomputer to solve the same problems. D-Wave's "quantum
annealing" computers differ from quantum computers produced by others, and
have been criticized as only being able to solve certain classes of
optimization problem.]]>Re: End-to-End Encryption under attack in NevadaJohn Levineurn:uuid:b51c407e-ffef-68ff-3f82-c54535a53e3f2024-03-16T22:01:04+00:00It's more a failure of imagination. If your mental model of security is
telephone wiretaps, asking for crypto backdoors seems like the same thing.
I blogged about this a few years ago:
https://jl.ly/Internet/catastrophe.html
PS: bonus points to anyone who recognizes the reference in the title]]>Re: A Vending Machine Error Revealed Secret Face Recognition TechSteve Bacherurn:uuid:0dc14d8c-ea3d-a4b4-ce00-5ec2140e77182024-03-16T22:01:04+00:00> The risks? Error messages. Like airport displays, billboards, etc.
> showing fatal Windows errors.
Also, the risk of naming your software components too transparently.
These are risks to the perpetrators, not to the consumer population.
Perhaps they should be considered blessings.]]>Re: comp.risks via Panix?Steve Bacherurn:uuid:78e97d57-9b08-1432-ceb1-e7c63512feb12024-03-16T22:01:04+00:00You may also view the comp.risks newsgroup via the NovaBBS (RockSolid) web
interface:
https://www.novabbs.com/computers/thread.php?group=comp.risks
Also note that if you replace http: with https: in the catless link, it will
run into the expired cert problem. This is one case where the insecure
version is to be preferred, at least for now.]]>Re: More than 2 Million Research Papers Have Disappeared from the InternetMartin Wardurn:uuid:21acf3d7-4330-bda6-19a1-029836e85e712024-03-16T22:01:04+00:00I am guessing that they do not count Sci-Hub as a "major digital archive"
since Sci-Hub currently has 77.8% coverage of 51 million journal articles
and 79.7% of 5 million proceedings articles:
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5832410/]]>Re: Risks of Leap Years and Dumb Digital WatchesAmos Shapirurn:uuid:85e1c6b5-7469-03b4-449f-5c1cd7a9668c2024-03-16T22:01:04+00:00I don't know why those dumb watches were even made in the first place, I
had a Seiko watch which had a year counter back in the late 1970's.
However, those less-dumb watches use only the last digits of the year to
track Feb.29 every four years, a formula which would break on March 1, 2100.]]>Re: Risks of hype, 'Keytrap' DNS bug threatens widespreadJohn Levineurn:uuid:bf69975b-5672-1d5c-db88-fc56fd395d922024-03-16T22:01:04+00:00Keytrap is a real bug but it's been grossly overhyped. Yes, specially
created DNS responses can cause a naive DNS cache to do a huge amount
of work, but there's nothing new about that. A CNAME loop can do that,
too.
This particular trick has been possible since the current version of DNSSEC
was defined 20 years ago. The fact that nobody ever noticed it until late
2023 suggests that it was never that bad, and now that all of the widely
used cache software has added it to the list of things to limit it's a
non-issue.
ISC wrote a good blog post about keytrap and the general issue of
DNS scalability:
https://www.isc.org/blogs/2024-bind-security-release/]]>