RISKS-LIST: Risks-Forum Digest Saturday 13 January 2024 Volume 34 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.03>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Alaska cockpit recording overwritten; limited to 2hrs (Reuters
via Henry Baker)
United finds loose bolts on plug doors during 737 Max 9 inspections
(The Air Current)
Security of Georgia's Dominion Voting Machines on Trial (CBS)
Linux devices are under attack by a never-before-seen worm
(ArsTechnica)
OpenAI Quietly Deletes Ban on Using ChatGPT for Military and Warfare
(The Intercept)
Pennsylvania government workers will start using ChatGPT in test program
(The Verge)
AI firms' pledges to defend customers from IP issues have real limits
(ArsTechnica)
Microsoft's Image Creator makes violent AI images of Biden, the Pope and
more (The Washington Post)
CLEAR wants to scan your face at airports. Privacy experts are worried.
(The Washington Post)
Advances in Mind-Decoding Technologies Raise Hopes -- and Worries (Undark)
More Police Are Using Your Cameras for Video Evidence
(The Marshall Project)
UK Post Office Horizon scandal now on TV (Jeremy Epstein)
How Astronomers Are Saving Astronomy From Satellites -- For Now
(NYTimes)
U.S. School Shooter Emergency Plans Exposed in a Highly Sensitive Database
Leak (WiReD)
FTC bans major data broker from selling invasive location tracking details
(The Verge)
U.S. Criminally Charges EBay in Cyberstalking Case (NYTimes)
Needham police warn residents to stop using mail collection boxes
(The Globe)
AI fears creep into finance, business and law (WashPost)
Google is removing 17 'underutilized' Assistant features (TechCrunch)
Bitcoin ETF ads have already begun. (Lauren Weinstein)
Courts Forced SEC Into This Disaster (Better Markets)
Taylor Swift deepfake used for Le Creuset giveaway scam (Engadet)
Hackers can infect network-connected wrenches to install ransomware
(ArsTechnica)
Apple was warned of AirDrop flaws before China's hack (Monty Solomon)
Re: The NY Subway crash and derailment (George Neville-Neil)
Re: How Tracking and Technology in Cars Is Being Weaponized by Abusive
Partners (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 08 Jan 2024 21:24:55 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Alaska cockpit recording overwritten; limited to 2hrs

As of 2024, a 2-hour limit on voice recordings is disastrously silly. Even
without compression, 2 hours is only 2 audio CD's worth of data or ~1.4 GB.
I normally fly with my cellphone and 60 GB's worth of podcasts (equivalent
to 1000 *hours* @ 1 MB/min MP3 rates), and I'm only one of several hundred
passengers on any given flight.

Indeed, an Apple iPhone with at least this data capacity *from this very
airplane* fell to the ground from 16,000' and was still working perfectly --
the screen wasn't even cracked!

Perhaps voice recorders (or at least a USB stick/uSD card) should be
*ejected* from the airplanes which have an anomalous event?

https://www.reuters.com/business/aerospace-defense/alaska-737-cockpit-voice-recorder-data-erasure-renews-industry-safety-debate-2024-01-08/

[Monty Solomon spotted a related article:
Alaska Airlines flight: Cockpit audio is lost, and a mysterious
warning light is investigated
https://www.latimes.com/california/story/2024-01-07/alaska-flight-door-plug-cockpit-audio-erased-warning-lights
PGN]

------------------------------

Date: Mon, 8 Jan 2024 15:13:09 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: United finds loose bolts on plug doors during 737 Max 9 inspections
(The Air Current)

https://theaircurrent.com/feed/dispatches/united-finds-loose-bolts-on-plug-doors-during-737-max-9-inspections/

------------------------------

Date: Fri, 12 Jan 2024 11:26:34 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Security of Georgia's Dominion Voting Machines on Triale
(CBS)

Jared Eggleston, CBS News, 9 Jan 2024, via ACM TechNews, 12 Jan 2024

A federal trial has begun to determine whether Dominion Voting Systems'
touch-screen voting machines used in the U.S. state of Georgia can be hacked
or manipulated. In Georgia, once voters make their choices, their ballots
are printed with their votes and a QR code; the QR code is ultimately what
is read and cast as the voter's ballot. Several voters and the Coalition for
Good Governance, who launched the suit, want the state to revert to paper
ballots which, they say, will assure voters their ballots are being counted
properly.

------------------------------

Date: Wed, 10 Jan 2024 17:54:55 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Linux devices are under attack by a never-before-seen worm
(ArsTechnica)

Based on Mirai malware, self-replicating NoaBot installs cryptomining app on
infected devices.

https://arstechnica.com/security/2024/01/a-previously-unknown-worm-has-been-stealthily-targeting-linux-devices-for-a-year/

------------------------------

Date: Fri, 12 Jan 2024 20:03:20 -0500
From: Monty Solomon <monty@roscom.com>
Subject: OpenAI Quietly Deletes Ban on Using ChatGPT for Military and
Warfare (The Intercept)

https://theintercept.com/2024/01/12/open-ai-military-ban-chatgpt/

------------------------------

Date: Wed, 10 Jan 2024 09:03:28 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Pennsylvania government workers will start using ChatGPT
in test program (The Verge)

https://www.theverge.com/2024/1/9/24031904/openai-pennsylvania-chatgpt-pilot-program-ai

------------------------------

Date: Tue, 9 Jan 2024 00:37:17 -0500
From: Monty Solomon <monty@roscom.com>
Subject: AI firms' pledges to defend customers from IP issues have real
limits (ArsTechnica)

https://arstechnica.com/?p=1994243

------------------------------

Date: Sun, 7 Jan 2024 21:28:14 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Microsoft's Image Creator makes violent AI images of Biden,'
the Pope and more (The Washington Post)

The AI Image Creator, part of Microsoft’s Bing and Windows Paint, makes
extremely violent images of Joe Biden, the pope and others. Microsoft’s
failed response points the finger at rogue users.

McDuffie’s precise original prompt no longer works, but after he changed
around a few words, Image Generator still makes images of people with
injuries to their necks and faces. Sometimes the AI responds with the
message *Unsafe content detected(, but not always.

The images it produces are less bloody now — Microsoft appears to have
cottoned on to the red corn syrup — but they’re still awful. [...]

``Fundamentally, I don’t think this is a technology problem; I think it’s a
capitalism problem,'' says Hany Farid, a professor at the University of
California at Berkeley. ``They’re all looking at this latest wave of AI and
thinking, *We can’t miss the boat here.*''

He adds: “The era of ‘move fast and break things’ was always stupid, and now
more so than ever.”

Profiting from the latest craze while blaming bad people for misusing your
tech is just a way of shirking responsibility.

https://www.washingtonpost.com/technology/2023/12/28/microsoft-ai-bing-image-creator/

------------------------------

Date: Sun, 7 Jan 2024 21:32:01 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: CLEAR wants to scan your face at airports. Privacy experts
are worried. (The Washington Post)

The company’s move into facial recognition technology speaks to a broader
exchange of privacy for convenience

https://www.washingtonpost.com/travel/2023/12/20/clear-facial-recognition-technology-airport-security/

TSA self-screening is the next big step for airport security. Checking in
with airport security could soon resemble ordering from a kiosk at a
fast-food restaurant

In January, select passengers at Harry Reid International Airport in Las
Vegas will begin testing a new self-service screening system from the
Transportation Security Administration. The setup will resemble a
supermarket self-checkout, with travelers scanning their identification and
carry-on bags instead of arugula and toilet paper.

https://www.washingtonpost.com/travel/2023/12/18/tsa-self-service-screening-las-vegas/

------------------------------

Date: Sun, 7 Jan 2024 15:11:23 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: Advances in Mind-Decoding Technologies Raise Hopes -- and Worries
(Undark)

https://undark.org/2024/01/03/brain-computer-neurorights/

------------------------------

Date: Sat, 13 Jan 2024 12:15:17 -0500
From: Monty Solomon <monty@roscom.com>
Subject: More Police Are Using Your Cameras for Video Evidence
(The Marshall Project)