RISKS-LIST: Risks-Forum Digest Sunday 24 March 2024 Volume 34 : Issue 11

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.11>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
DMVs Nationwide Hit With Outage, Officials In Multiple States Say
Across America (U.S. Patch)
DMV services disrupted nationwide by system out[r]age (Henry Baker)
McDonald's blames global outage on third party (BBC)
Re: McDonald's hit by outages at stores worldwide (Steve Bacher)
Re: McDonald's (=?UTF-8?Q?turgut_kalfao=C4=9Flu?)
Tesco and Sainsbury's working to fix technical issues that suspended food
deliveries to customers (CNN)
Anti-drone radio jammers marketed on Amazon and Google despite
being outlawed by FCC rules (Steve Bacher)
A ChatGPT for Music Is Here. Inside Suno, the Startup Changing Everything
(Rolling Stone)
Albertans have lost at least $156M to fraud this decade (CBC)
Chinese & Western Scientists Identify 'Red Lines' on AI Risks
(Financial Times)
Unpatchable vulnerability in Apple chip leaks secret encryption keys
(Ars Technica)
Apple has effectively abandoned HomeKit Secure Routers (Monty Solomon)
Paper about the gofetch attack (Victor Miller)
Why Tech Companies Are Not Your Friends: Lessons From Roku (NYTimes)
Is your smart device safe from hackers? New FCC program will label
cybersecure technology (LA Times)
Hackers can unlock over 3 million hotel doors in seconds (ArsTechnica)
Man Boarded Delta Flight Using Ticket Ruse (NYTimes)
Never-before-seen data wiper may have been used by Russia against Ukraine
(ArsTechnica)
UPS worker charged after $1.3M Apple product theft spree fines, report finds
(WashPost)
Social Security program failed to properly notify people of huge service
(Ars Technica)
FCC bans cable TV industry's favorite trick for hiding full cost of service
(Ars Technica)
Hype cycle meets rinse cycle: does dishwasher really need a mobile app?
(Rob Pegoraro)
LAUSD's new student advisor is an AI bot that designs academic plans,
suggests books (LATimes)
Lawyer warns 'integrity of the entire system in jeopardy' if rising use of
AI in legal circles goes wrong (CBC)
I recommend DISABLING Google's new Chrome "real-time, privacy-preserving URL
protection" (Lauren Weinstein)
Why Tech Companies Are Not Your Friends: Lessons From Roku (NYTimes)
Re: Risks of Leap Years and Dumb Digital Watches (Mark Brader)
Re: AT&T proposals to kill landlines and more in California
(Lauren Weinstein)
Re: Hackers Breached Key Microsoft Systems (Bernie Cosell)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 21 Mar 2024 18:10:04 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: DMVs Nationwide Hit With Outage, Officials In Multiple States Say |
Across America (U.S. Patch)

CROSS AMERICA — All motor vehicle departments in the United States went down
Thursday, according to officials in multiple states. Officials in Illinois,
Virginia, Massachusetts, Arkansas and Colorado all confirmed they
experienced an outage.

"We are currently experiencing a nationwide network outage at our DMV
facilities," tweeted Illinois Secretary of State Alexi Giannoulias. "All
DMVs across the country are currently down."

Virginia's DMV said the outage stemmed from "a third-party technical
outage," and that driver's license services were unavailable online and at
all in-person locations.

"We apologize for the inconvenience. Please stay tuned to social media for
updates," the agency said.

https://patch.com/virginia/annandale/s/ivgud/dmvs-nationwide-hit-with-outage-officials-in-multiple-states-say

A technical outage hit all DMVs at once? Need details..

------------------------------

Date: Fri, 22 Mar 2024 02:03:12 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: DMV services disrupted nationwide by system out[r]age

I'm surprised that anyone could tell the difference from typical DMV
operations. ..

https://www.nbcnews.com/news/rcna144496

DMV services disrupted nationwide by system out[r]age

The American Association of Motor Vehicle Administrators said the outage was
due to ``a loss in cloud connectivity'' Thursday.

------------------------------

Date: Sat, 16 Mar 2024 18:03:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: McDonald's blames global outage on third party (BBC)

McDonald's has revealed the technical problems which brought much of its
fast food chain to a standstill on Friday were caused by a third party
provider.

The international restaurant said the global outage happened during a
"configuration change" and stopped stores taking orders in the UK, Australia
and Japan -- amongst others.

McDonald's stressed the issue was not caused by a cyberattack.

https://www.bbc.com/news/business-68573106

Configuration change hits single point of failure, craters world-wide
restaurant chain. Nice. A plus for momentary healthy eating, though.

------------------------------

Date: Sun, 17 Mar 2024 08:46:14 -0700
Subject: Re: McDonald's hit by outages at stores worldwide
From: Steve Bacher <sebmb1@verizon.net>

This comes at a bad time for McDonald's, since they are aggressively rolling
out kiosk-only ordering in place of humans. Recently I had to deal with one
of those in my local McD's -- the counterwoman kindly fingerwalked through
the menus for me to order 2 coffees but the kiosks had no provision for the
senior discount price so she still had to ring it up manually for me
instead.

So it's kind of karmic justice in a way.

------------------------------

Date: Sun, 17 Mar 2024 20:21:31 +0300
From: =?UTF-8?Q?turgut_kalfao=C4=9Flu?= <turgut@kalfaoglu.com>
Subject: Re: McDonald's (RISKS-34.10)

> McDonald's has revealed the technical problems which brought much of its
> fast food chain to a standstill on Friday were caused by a third party
> provider.

What I fail to understand is why do all of the world's McDonald's stores
have to be online to be able to sell food?

It seems the more eggs you put in one basket, the more eggs you are going to
lose.

[Chickens as well. PGN]

------------------------------

Date: Sun, 17 Mar 2024 00:55:39 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tesco and Sainsbury's working to fix technical issues that
suspended food deliveries to customers (CNN)

https://www.cnn.com/2024/03/16/business/tesco-sainsburys-delivery-technical-issues/index.html

------------------------------

Date: Wed, 20 Mar 2024 16:15:55 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Anti-drone radio jammers marketed on Amazon and Google despite
being outlawed by FCC rules

Several online retailers and drone technology companies are marketing the
sale of radio frequency jammers as drone deterrence or privacy tools,
sidestepping federal laws that prohibit such devices from being offered for
sale in the U.S. [Long item PGN-curtailed]

https://www.nbcnews.com/tech/security/drone-radio-frequency-jammer-signal-online-defense-technology-rcna135103

------------------------------

Date: Tue, 19 Mar 2024 06:53:20 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: A ChatGPT for Music Is Here. Inside Suno, the Startup Changing
Everything (Rolling Stone)

AI music-generation illustration
www.rollingstone.com

Suno AI wants everyone to be able to produce their own pro-level songs with
artificial intelligence — but what does that mean for artists?

------------------------------

Date: Fri, 22 Mar 2024 06:46:55 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Albertans have lost at least $156M to fraud this decade (CBC)

Many others don't report the crime

https://www.cbc.ca/news/canada/edmonton/alberta-fraud-money-victims-1.71467=
51

Albertans have reported losing more than $156 million to fraudsters since
the start of this decade, with tens of millions more being taken each year.
But there hasn't been a coinciding rise in victims -- in part, experts say,
because people are reluctant to come forward.

In 2023, roughly 2,900 Albertans lost more than $62.5 million to various
fraud schemes -- up more than fivefold from the $11.3 million taken = from
about 2,600 people in 2020, data shows.

More than half the reported losses in the province last year were from
investment scams, particularly cryptocurrency frauds. Spear-phishing -- when
scammers pretend to be legitimate sources to con businesses and people into
sending money -- was the second-most lucrative type of fraud, taking= more
than $8.5 million from 72 people.

------------------------------

Date: Wed, 20 Mar 2024 11:42:38 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Chinese & Western Scientists Identify 'Red Lines' on AI Risks
(Financial Times)