Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
A pedestrian injured in a traffic collision in San Francisco died; EMTs allege that they would have survived had two Cruise cars and an unoccupied police car not prevented the ambulance from leaving promptly. https://www.sfgate.com/bayarea/article/cruise-cars-reportedly-block-first-responders-18343475.php
How did airport chaos unfold? In its initial report published on Wednesday, Nats said that at 08:32 on 28 August, its system received details of a flight which was due to cross UK airspace later that day. Airlines submit every flight path to the national control centre; these should automatically be shared with Nats controllers, who oversee UK airspace. The system detected that two markers along the planned route had the same name - even though they were in different places. As a result, it could not understand the UK portion of the flight plan. This triggered the system to automatically stop working for safety reasons, so that no incorrect information was passed to Nats' air-traffic controllers. The backup system then did the same thing. https://www.bbc.com/news/business-66723586 Fault tolerance? What's that? One bad flight plan craters the system?
https://fedscoop.com/pipeline-safety-agencys-proposed-pilot-for-chatgpt-in-rulemaking-raises-questions/ [Gabe Goldberg gave me the entire article. I try not to beat dead horses in AI misuse, when you can simply click it. PGN]
https://apnews.com/article/apple-iphone-security-update-0964e8bd5264e5b66c3908d4 9fdf404a https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ Apple security updates macOS Ventura 13.5.2 https://support.apple.com/kb/HT213906 iOS 16.6.1 and iPadOS 16.6.1 https://support.apple.com/kb/HT213905 watchOS 9.6.2 https://support.apple.com/kb/HT213907
Auditors found tens of thousands of apparently falsified traffic stop records, many of white drivers. They suspect the officers were trying to appear more productive. https://www.boston.com/news/national-news/2023/09/04/over-100-connecticut-state-troopers-accused-of-faking-traffic-stops/
ArsTechnica reports that a recent security breach at Sourcegraph was facilitated by credentials embedded in publicly-available source code. Credentials visible in source or executable code is an obviously bad practice. Besides the fact that it is obviously dangerous, it has been on the OWASP list for many years. The tragedy is that this class of security breach is completely preventable. There is no reason for putting credentials in source or executable code. The ArsTechnica article can be found at: https://arstechnica.com/security/2023/09/pii-leaked-after-sourcegraph-an-ai-driv en-service-for-code-development-is-hacked/
A suggestion. If a firm you deal with offers to sign you up for a *voice verification* service that bypasses PINs, passwords, etc., you would be wise to decline. There are increasing reports of online AI voice generators being used to defraud customers via these systems. And the situation is likely to be getting only worse. -L
What Mark Zuckerberg Doesn't Understand About Old People https://www.nytimes.com/2023/09/06/opinion/seniors-tech-silicon-valley.html
David Yaffe-Bellany and Yiwen Lu *The New York Times* Business front page, National Edition, 6 Sep 2023 Profiting while billing over $700M in fees since last year to untangle bankruptcies of 5 industrial firms [including the FTX exchange -- RISKS-33.75]
https://cyberscoop.com/cyber-professionals-mental-health/ Despite a growing awareness of mental health struggles within the industry, sources said there still aren't enough resources inside companies or across the broader cybersecurity community for professionals dealing with burnout, stress and the intense anxiety of working in a high-pressure environment.
Jacob Stokes, Alexander Sullivan and Noah Greene Center for a New American Security, 25 Jul 2023 https://www.cnas.org/publications/reports/u-s-china-competition-and-military-ai
> ---------- Forwarded message ---------- > Date: Fri, 8 Sep 2023 14:10:25 +0000 > From: Square <email@example.com> > Subject: An update on Squares outage [ID snipped] We are writing to apologize. Due to a systems outage within Square, sellers have been unable to log into their accounts or process payments since around noon Pacific Time on Thursday. We know that you trust us with your business, and these types of situations add challenges to running your operations. For that, we are truly sorry. Our services are now starting to come back online. As a reminder, you can use offline mode to continue accepting payments during these types of outages. =A0 Once the outage has been fully investigated, we plan to publish a full review of this issue and determine what steps we can take to prevent it from happening again. In the meantime, we will continue to keep you up to date on the status of the outage and next steps via email, as well as through our social media channels and on issquareup.com. Thank you for bearing with us and for your continued partnership.
Cars are increasingly filming, recording and tracking drivers and passengers, new report finds. https://www.politico.eu/article/car-manufacturer-data-privacy-driver-passenger-sexual-activity-report/ Car manufacturers are collecting troves of data on drivers and passengers ”- some even tracking drivers' sexual activity -” according to a new report. In a review <https://linklock.titanhq.com/analyse?url=https://foundation.mozilla.org/privacynotincluded/categories/cars/&data=eJxNTLsKwjAU_Zpks1RtAw4ZXArd1MU53sR4Nc0NeRT0603FoXDgcJ4gRde3AL2-iUO35VoGcpgRqDGFT_I6nDbi3LeXeRQ8yZeZ0bOuneiDzqk7Fa9VRvINRcujBEvlqaKulfVPkY-cQ2L7I9sNFavd_2nZ1yBEnBW8PWX04Io2upqgsrEU0aSfiAt9AYRVQBg%> of 25 car brands and 15 car companies published by Mozilla Foundation on Wednesday, researchers found that Japanese car manufacturer Nissan said it could sell information about drivers and passengers’ sexual activity, intelligence and health diagnosis to data brokers, law enforcement agencies and other companies. German manufacturer Volkswagen said it could record drivers’ voices to profile them for targeted ads. “The amount of data that these car companies blatantly said that they could collect was shocking,” said Jen Caltrider, lead researcher at Mozilla Foundation, the nonprofit owner of the company running the Firefox Browser. “It's like nobody's ever challenged them or asked them questions about privacy, and so they just include everything.” [...] Caltrider and other researchers looked at car companies’ privacy policies and downloaded their apps in Germany, France, the U.S., Japan and South Korea. They found that the industry hoovered up massive amounts of data through dozens of sensors and technology built into newer car models that calculate people's weight as they sit down, filmed the car inside and outside with cameras, listened to conversations through microphones and tracked users via connected apps on smartphones.
It's important to realize that even if you never watch over the air TV, many people depend on it due to the unavailability of other options in their locations, or due to cost issues. The broadcasting industry has been making inane excuses for encryption of free channels, including (get this!) blaming *deep fake* AI. Uh huh. This article explains how to comment to the FCC. NOTE that everything entered there become public record, including names, addresses, etc. https://www.tvtechnology.com/news/pearl-tv-responds-to-critics-of-30-encryption
Increased car theft is happening in Canada, too. CBC reports many of them are being shipped to overseas markets within days or even hours of being stolen: https://www.cbc.ca/news/world/auto-theft-canada-1.6953242 "Police sources tell CBC News that large, established organized criminal gangs based in Montreal are behind most of the thefts, though it's become so lucrative, other groups with less technical skill are becoming involved. This partially explains what the police sources say is an increase in home invasions and violent attacks to obtain a vehicle and its keys. ... Small teams sometimes mark cars in mall parking lots during the day by using GPS trackers similar to the ones people can buy and place in their luggage or on key chains to track lost items. Then, typically at night, they use the trackers to follow the marked vehicles and take them from streets and driveways, quickly cramming multiple vehicles into shipping containers, which are then moved by truck or train to the Port of Montreal and loaded onto ships. "Most thieves use one of three methods of attack. The first type is a relay attack, which involves "capturing" the signal of a key fob, then replicating it to enter and start a vehicle. Thieves used to hold a large antenna in front of a house door, scanning for keys left inside, but the technology has advanced in the past year, becoming smaller and easier to use at a distance. Then there is the onboard diagnostic port, accessible via a small door under the steering wheel in all vehicles. Typically used by a mechanic to connect a handheld computer that can diagnose a problem, the access point is being used by thieves to reprogram the car to understand a new key they've made for it. The latest attack method involves the Controller Area Network (CAN bus), which acts similar to a nervous system for vehicles, enabling communication between various components of the car. Thieves connect to one of multiple nodes from the exterior of the vehicle, commanding it to unlock and start the engine. The process may take only seconds."
I don't want to minimize the risk of EV's catching fire during/after floods/accidents/recharging/shipping/aging/parking..., but let's keep things in perspective. It's taken well over 100 years to deal with gasoline-powered vehicles exploding during/after refueling/accidents/shipping/parking... Have a gander at newpapers and *movies* from 1920's, 1930's, 1940's, etc., to see how many of these problems there were, and how long it took society to design gas tanks, filling stations, tankers, etc., to minimize these risks. https://www.latimes.com/archives/la-xpm-1992-09-21-mn-832-story.html Gasoline is perhaps the *worst* possible choice for a retail fuel, due to its quick vaporization and subsequent tendency to explode. Better choices would have been diesel and alcohol. Indeed, some gasoline-powered racing cars were replaced in 1965 by alcohol-powered racing cars due to the inherent risks of gasoline. https://www.motortrend.com/how-to/ctrp-1201-alcohol-fuel-basics/ >From the 20/20 perspective of hindsight, one can only marvel at the politics and economics that enabled such an inherently dangerous fuel like gasoline to become ubiquitous. There is an inherent risk of *any* energy-storage mechanism powerful enough to propel a 5000 lb vehicle 500 miles at 70 mph; e.g., Lucid's new 113kwh battery: https://www.caranddriver.com/news/a33797162/2021-lucid-air-517-mile-range-113-kw h-battery/ Let's put this Lucid battery in perspective. A small fireplace might generate perhaps 1.5 kwatts, so a Lucid battery fire might burn for *three 24-hour days* with heat equivalent to a small fireplace. The inherent risks of large quantities of energy storage were already being explored in 1940's/1950's scifi—e.g., the use of short-circuited 'blaster' handguns as 'IED' bombs.
Definitely badly translated. ChatGPT would never write in such a way. (Still wondering what the Figaro could be.) The article recommends keeping your devices charged to no more than 30% and/or not charging during flight. With all due respect, that is not going to happen unless you want to see a long line at the airport filled with departing passengers looking for a phone recharging spot (which is almost certainly going to be poisoned with malware anyway).
We've received similar notices from two financial companies with which we have significant dealings. It's pretty widespread due to the exposure from MOVEit. If everyone is relying on boilerplate to send out the notices, I don't have a problem with that. It doesn't necessarily mean they're using AI.
But... Elon promised free speech for everybody ...
A flight plan has two different waypoints mistakenly given the same ID. Equals invalid flight plan. Response? Crash the entire ATC system. No comment would seem to be necessary. [Tell that to the ATC system folks. PGN]
Looks like the article is N/A at *The NY Times*, but it's available at the Seattle Times: https://www.seattletimes.com/nation-world/maui-evacuation-alert-shows-limits-of-a-warning-system-dependent-on-cellphones/
In the late 1970's I joined a diving club. In the first training session we were taught the meaning of the saying: “There are old divers and there are bold divers, but there are no old bold divers.''
Abstract (aka tl:dr) Life is unpredictable (so eat dessert first). Our modern world is unpredictable, and uncertain. The increasing uncertainty drives fatalism, which various political actors use to increase their own power and reduce the possibility of opposition. Information technology, based upon logical computers, could provide more certainty. Unfortunately, marketing decisions frequently make the use of computers, and the results from computers, more uncertain. We, in information technology, should address these issues, and work towards greater knowledge and certainty. https://fibrecookery.blogspot.com/2023/09/magic.html
Please report problems with the web pages to the maintainer