Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

The world is not octal despite DEC.

computers / comp.risks / Risks Digest 33.83

SubjectAuthor
o Risks Digest 33.83RISKS List Owner

1
Risks Digest 33.83

<CMM.0.90.4.1694406120.risko@chiron.csl.sri.com20572>

  copy mid

http://rslight.i2p/computers/article-flat.php?id=12&group=comp.risks#12

  copy link   Newsgroups: comp.risks
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!.POSTED.panix1.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.83
Date: 11 Sep 2023 04:26:50 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 596
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1694406120.risko@chiron.csl.sri.com20572>
Injection-Info: reader2.panix.com; posting-host="panix1.panix.com:166.84.1.1";
logging-data="26978"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
 by: RISKS List Owner - Mon, 11 Sep 2023 04:26 UTC

RISKS-LIST: Risks-Forum Digest Sunday 10 September 2023 Volume 33 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.83>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Pedestrian dies after Cruise cars block ambulance
(San Francisco Chronicle)
Ryanair boss calls air traffic chaos report rubbish (BBC News)
WHAT COULD GO WRONG? - Pipeline safety agency's proposed pilot for
ChatGPT in rulemaking raises questions (Lauren Weinstein)
A Rube Goldberg chain of failures led to breach of Microsoft-hosted
government emails (The Verge)
Update your iPhone: Apple just pushed out a significant security update
(APNews)
Active North Korean campaign targeting security researchers (Google)
The NYPD will police Labor Day parties with surveillance drones
(The Verge)
Porn age verification law is unconstitutional, says judge (The Verge)
Over 100 Connecticut state troopers accused of faking traffic stops
(The Boston Globe)
Sourcegraph Administrator Access compromised by Credentials in
Publicly Available Code (Ars Technica)
Don't fall for firms pushing "voice verification" bypasses
(Lauren Weinstein)
Silicon Valley vs. Old People (NYTimes)
Crypto Collapse Winners? The Lawyers (NYTimes)
Cyberprofessionals say industry urgently needs to confront mental health
crisis (Cyberscoop)
Another AI Mess: growing reliance on language apps jeopardizes
some asylum applications (The Guardian)
U.S.-China Competition and Military AI. How Washington Can Manage Strategic
Risks amid Rivalry with Beijing (CNAS)
An update on Squares outage (danny burstein)
San Franciscans Are Having Sex in Robotaxis, and Nobody Is Talking About It
(SFStandard)
Your car wants to know about your sex life (Politico)
FCC proceedings on encrypted over the air TV -- how too comment
(Lauren Weinstein)
Re: Kia and Hyundai Helped Enable a Crime Wave. They Should Pay for It
(Mike Smith)
Re: Electric cars catch fire in Florida after flooding (Henry Baker)
Re: A battery catches fire on an Air France flight, the staff
reacts in a few minutes (Steve Bacher)
Re: Eversource Notice of Data Security Incident (Steve Bacher)
Re: Saudi man sentenced to death for tweets in harshest verdict yet
for online critics (Steve Bacher)
Re: UK ATC outage (Jim Geissman)
Re: Lahaina: single points of failure (Steve Bacher)
Re: The Titan's Submersible Disaster Was Years in the Making
(Martin Ward)
Magic (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 05 Sep 2023 17:50:54 -0700
From: Geoff Kuenning <geoff@cs.hmc.edu>
Subject: Pedestrian dies after Cruise cars block ambulance
(San Francisco Chronicle)

A pedestrian injured in a traffic collision in San Francisco died; EMTs
allege that they would have survived had two Cruise cars and an unoccupied
police car not prevented the ambulance from leaving promptly.

https://www.sfgate.com/bayarea/article/cruise-cars-reportedly-block-first-responders-18343475.php

------------------------------

Date: Thu, 7 Sep 2023 16:36:41 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Ryanair boss calls air traffic chaos report rubbish (BBC News)

How did airport chaos unfold?

In its initial report published on Wednesday, Nats said that at 08:32 on 28
August, its system received details of a flight which was due to cross UK
airspace later that day.

Airlines submit every flight path to the national control centre; these
should automatically be shared with Nats controllers, who oversee UK
airspace.

The system detected that two markers along the planned route had the same
name - even though they were in different places. As a result, it could not
understand the UK portion of the flight plan.

This triggered the system to automatically stop working for safety reasons,
so that no incorrect information was passed to Nats' air-traffic
controllers. The backup system then did the same thing.

https://www.bbc.com/news/business-66723586

Fault tolerance? What's that? One bad flight plan craters the system?

------------------------------

Date: Tue, 5 Sep 2023 12:35:26 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: WHAT COULD GO WRONG? - Pipeline safety agency's proposed pilot for
ChatGPT in rulemaking raises questions

https://fedscoop.com/pipeline-safety-agencys-proposed-pilot-for-chatgpt-in-rulemaking-raises-questions/

[Gabe Goldberg gave me the entire article. I try not to beat dead horses
in AI misuse, when you can simply click it. PGN]

------------------------------

Date: Wed, 6 Sep 2023 22:45:12 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A Rube Goldberg chain of failures led to breach of
Microsoft-hosted government emails

https://www.theverge.com/2023/9/6/23861890/microsoft-azure-data-breach-investigation-failures-outlook

------------------------------

Date: Thu, 7 Sep 2023 22:49:17 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Update your iPhone: Apple just pushed out a significant
security update (APNews)

https://apnews.com/article/apple-iphone-security-update-0964e8bd5264e5b66c3908d4
9fdf404a

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/

Apple security updates

macOS Ventura 13.5.2
https://support.apple.com/kb/HT213906

iOS 16.6.1 and iPadOS 16.6.1
https://support.apple.com/kb/HT213905

watchOS 9.6.2
https://support.apple.com/kb/HT213907

------------------------------

Date: Fri, 8 Sep 2023 08:56:44 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Active North Korean campaign targeting security researchers
(Google)

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

------------------------------

Date: Mon, 4 Sep 2023 00:49:55 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The NYPD will police Labor Day parties with surveillance drones
(The Verge)

https://www.theverge.com/2023/8/31/23318832/nypd-drones-parties-jouvert-west-indian-labor-day-weekend

------------------------------

Date: Mon, 4 Sep 2023 00:52:04 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Porn age verification law is unconstitutional, says judge
(The Verge)

https://www.theverge.com/2023/8/31/23854369/texas-porn-age-verification-law-blocked-judge

------------------------------

Date: Mon, 4 Sep 2023 14:04:05 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Over 100 Connecticut state troopers accused of faking traffic
stops (The Boston Globe)

Auditors found tens of thousands of apparently falsified traffic stop
records, many of white drivers. They suspect the officers were trying to
appear more productive.

https://www.boston.com/news/national-news/2023/09/04/over-100-connecticut-state-troopers-accused-of-faking-traffic-stops/

------------------------------

Date: Mon, 4 Sep 2023 23:57:12 -0400
From: Bob Gezelter <gezelter@rlgsc.com>
Subject: Sourcegraph Administrator Access compromised by Credentials in
Publicly Available Code (Ars Technica)

ArsTechnica reports that a recent security breach at Sourcegraph was
facilitated by credentials embedded in publicly-available source code.

Credentials visible in source or executable code is an obviously bad
practice. Besides the fact that it is obviously dangerous, it has been on
the OWASP list for many years.

The tragedy is that this class of security breach is completely
preventable. There is no reason for putting credentials in source or
executable code.

The ArsTechnica article can be found at:

https://arstechnica.com/security/2023/09/pii-leaked-after-sourcegraph-an-ai-driv
en-service-for-code-development-is-hacked/

------------------------------

Date: Fri, 8 Sep 2023 08:37:19 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Don't fall for firms pushing "voice verification" bypasses

A suggestion. If a firm you deal with offers to sign you up for a *voice
verification* service that bypasses PINs, passwords, etc., you would be wise
to decline. There are increasing reports of online AI voice generators being
used to defraud customers via these systems. And the situation is likely to
be getting only worse. -L

------------------------------

Date: Sat, 9 Sep 2023 14:33:04 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Silicon Valley vs. Old People

What Mark Zuckerberg Doesn't Understand About Old People

https://www.nytimes.com/2023/09/06/opinion/seniors-tech-silicon-valley.html

------------------------------

Date: Wed, 6 Sep 2023 16:22:44 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Crypto Collapse Winners? The Lawyers (NYTimes)

David Yaffe-Bellany and Yiwen Lu
*The New York Times* Business front page, National Edition, 6 Sep 2023


Click here to read the complete article

computers / comp.risks / Risks Digest 33.83

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor