RISKS Forum
mailing list archives
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 11 May 2024 17:13:03 PDT
RISKS-LIST: Risks-Forum Digest Saturday 11 May 2024 Volume 34 : Issue 24 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.24> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: System outage affecting UniSuper services (via Colin Sutton)´˜´çoß∂Dubjrvy∂ßço More than 200 people with diabetes injured after software issue drained insulin pump batteries (Jamie Gubrecht and FDA) New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (The Hacker News) Solar Flares and Northern Lights (WashPost) Wildfires causing widespread telecom outages in the NWT Yukon (CBC) State actor blamed for cyberattack on B.C. government systems (CBC) Interview With the Russian-Military-Linked Hackers Targeting U.S. Water Utilities (WiReD) AI Is Declared Ready to Make Decisions in War (APNews) Microsoft Creates Top Secret Generative AI Service for U.S. Spies (Katrina Manson) AI Bots Are Taking Over the Job Application Process. Everyone Is Losing. (WSJ) Translation Tech Is Amazing, Except When It's Not (WiReD) Hundreds of charges laid in OPP child sexual abuse investigation (CBC) Did Rihanna and Katy Perry attend the Met Gala? No, but AI had fans thinking otherwise (LATimes) Ethereum's Cofounder Says SEC Is Gaslighting Everyone About Crypto (WiReD) New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (LevianthanSecurity) UnitedHealth Top Executive Slammed Over Cyberattack (NYTimes) Risks with websites providing data that is difficult to interpret (Lars-Henrik Eriksson) Fake photos, but make it fashion. Why the Met Gala pics are just the beginning of AI deception (CBC) Stack Overflow users sabotage their posts after OpenAI deal (ArsTechnica) No Country Should be Making Speech Rules for the World (EFF) Apple faces celebrity backlash over piano crushing (BBC) Robot dogs armed with AI-aimed rifles undergo U.S. Marines Special Ops evaluation (ArsTechnica) Parts supplied to Boeing had 'serious defects' (whistleblower via BBC) How Google Became Evil (Dana F. Blankenhorn) Google's new *Find My* device network is useful but a stalking risk (WashPost) Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (Joseph Gwinn, Jay Libove Alzina) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 9 May 2024 12:45:41 +1000 From: Colin Sutton <colin_sutton () ieee org> Subject: System outage affecting UniSuper services A large Australian investment organisation, UniSuper, "had duplication in two geographies as a protection against outages and loss. However, when the deletion of UniSuper's Private Cloud subscription occurred, it caused deletion across both of these geographies." All access was lost a week ago. It seems everything is still being recreated from backups. https://www.unisuper.com.au/contact-us/outage-update ------------------------------ Date: Fri, 10 May 2024 11:06:16 -0700 From: geoff goodfellow <geoff () iconia com> Subject: More than 200 people with diabetes injured after software issue drained insulin pump batteries (FDA) Jamie Gumbrecht, *CNN*, 8 May 2024, via ACM TechNews More than 200 people with diabetes were injured when their insulin pumps shut down unexpectedly due to a problem with a connected mobile app, the US Food and Drug Administration said Wednesday. <https://www.fda.gov/medical-devices/medical-device-recalls/tandem-diabetes-care-inc-recalls-version-27-apple-ios-tconnect-mobile-app-used-conjunction-tslim-x2?utm_medium=email&utm_source=govdelivery> The FDA has identified this as a Class I recall, the most serious type of recall. Use of these devices may cause serious injuries or death. Version 2.7 of the t:connect Apple iOS app -- used with the t:slim X2 insulin pump with Control-IQ -- has been recalled due to a software = issue that causes the app to crash and relaunch. This cycle drains the pump battery, causing it to shut down sooner than expected and suspend insulin delivery. The issue ``may result in hyperglycemia or even diabetic ketoacidosi= s, which can be a life-threatening condition due to high blood sugars and lack of insulin,'' the FDA said. The agency said there have been 224 reported injuries as of April 15. No deaths have been reported. [...] https://www.cnn.com/2024/05/08/health/tandem-insulin-pump-app-recall/index.= html [comment from the press release: Fortunately, this failure mode means the pump stops dispensing insulin, which, while it can lead to ugly medical problems, takes hours or days to get bad and can usually be noticed in time. The reverse problem, namely dumping large amounts of insulin into the blood stream, can cause immediate brain damage and other life threats (cf. Sunny von Bullow).] PRESS RELEASE: https://www.fda.gov/medical-devices/medical-device-recalls/tandem-diabetes-care-inc-recalls-version-27-apple-ios-tconnect-mobile-app-used-conjunction-tslim-x2 ------------------------------ Date: Wed, 8 May 2024 09:16:11 -0700 From: geoff goodfellow <geoff () iconia com> Subject: New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (The Hacker News) Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google. "Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks," Hosein Yavarzadeh, the lead author of the paper <https://dl.acm.org/doi/10.1145/3620666.3651382>, said in a statement shared with The Hacker News. "This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction." Spectre is the name given to a class of side-channel attacks <https://thehackernews.com/2024/04/researchers-uncover-first-native.html> that exploit branch prediction <https://en.wikipedia.org/wiki/Branch_predictor> and speculative execution <https://en.wikipedia.org/wiki/Speculative_execution> on modern CPUs to read privileged data in the memory in a manner that sidesteps isolation protections between applications. The latest attack approach targets a feature in the branch predictor called the Path History Register (PHR <https://ieeexplore.ieee.org/document/955033>) -- which keeps a record of the last taken branches -- to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data. Specifically, it introduces new primitives that make it possible to manipulate PHR as well as the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit. [...] ------------------------------ Date: Sat, 11 May 2024 02:40:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Solar Flares and Northern Lights (WashPost) One of the strongest geomagnetic storms in two decades hit Earth on Friday afternoon. Scientists say the severe storm could disrupt communication systems but also bring beautiful displays of the northern lights this weekend. [...] Geomagnetic storms occur when the sun sends a punch of charged particles and parts of its magnetic field to Earth, often through eruptions from its surface called coronal mass ejections. This severe geomagnetic storm — rated a level four out of five — resulted from five coronal mass ejections earlier this week, some of which are catching up with one another as they hurtle through space. “We’re a little concerned in that we haven’t seen this in a long time,” Shawn Dahl, the service coordinator for the National Oceanic and Atmospheric Administration’s Space Weather Prediction Center, said in a news conference Friday. “We have notified all of our infrastructure operators that we coordinate with, such as satellite operators, communication folks … and of course, the power grid here in North America.” A severe geomagnetic storm powered by five coronal ejections from the sun will result in a vivid aurora borealis. Here are some tips for seeing it this weekend A severe geomagnetic storm can cause issues with power systems, spacecraft operations, radio communications and even pipeline systems, if not appropriately prepared for. “Our role is to alert the operators of these different systems so that they’re aware and can take actions to mitigate these kinds of impacts,” Rob Steenburgh, a space scientist at NOAA’s Space Weather Prediction Center, said at a news conference Friday. Steenburgh and his colleagues work with grid operators across North America to ensure high voltage transmission lines can withstand the incoming surge of energy from the sun. Over past decades, engineers built systems that can protect power lines rapidly and keep them online during geomagnetic storms. https://www.washingtonpost.com/weather/2024/05/10/northern-lights-solar-storm-where-to-watch/ ------------------------------ From: Matthew Kruk <mkrukg () gmail com> Date: Sat, 11 May 2024 14:32:22 -0600 Subject: Wildfires causing widespread telecom outages in the NWT Yukon (CBC) https://www.cbc.ca/news/canada/north/911-nwt-service-wildfire-alert-1.7201524 As of Saturday morning, the telecom provider confirmed that cell service, long-distance landline calls, and Internet were still down in Yukon, Northern B.C., and the Beaufort Delta and Mackenzie Delta regions of N.W.T." ``We are working closely with our partners to gain safe access to the damaged infrastructure to assess the situation. Once we're able to gain safe access, we can begin repairs. We do not have ETA for repair at this time, customers should plan to be without service for several more hours.'' Northwestel wrote on its Facebook page. <https://www.facebook.com/Northwestel>" [The almost unprecedented Friday evening Solar Flares caused some very spectacular Northern Lights much farther south, as predicted. I wonder if fires or power outages were related. PGN] ------------------------------ Date: Fri, 10 May 2024 15:57:44 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: State actor blamed for cyberattack on B.C. government systems (CBC) https://www.cbc.ca/news/canada/british-columbia/bc-government-cyberattack-state-actor-1.7200735 The head of British Columbia's public service has announced that there is a high degree of confidence a state or state-sponsored actor attempted to breach government systems in a cyberattack. Shannon Salter, head of the public service, announced that three separate attempts were made to breach government systems over the last month. Salter said that investigations remain ongoing, and did not share which state could have been involved in the cyberattack or which systems they attempted to access. ------------------------------ Date: Wed, 8 May 2024 18:15:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Interview With the Russian-Military-Linked Hackers Targeting U.S. Water Utilities (WiReD Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience. Yet as unprecedented and disturbing as it may be for a Russian hacker group to trigger a significant water leak at a US utility, Cyber Army of Russia still seems at times to comically overestimate the clarity of its threat against Ukraine's allies. In response to a question about the Muleshoe water utility attack specifically, Julia noted that the group's operation is intended to persuade “mainly representatives of the Democratic Party [because] their support for Ukraine is the most significant"—a head-scratching statement given that Muleshoe is in a Texas congressional district that hasn't elected a Democratic representative since 1982. In other hacking operations like its targeting of a Polish wastewater utility, cybersecurity researchers who watched the video of the attack told WIRED that Cyber Army of Russia appeared to be arbitrarily changing values in the utility's control system software, with no actual disruptive effect. In another case, the hackers posted a video to their Telegram channel claiming that, in response to French president Emmanuel Macron's threat of sending French military personnel to Ukraine, it had hacked a French hydroelectric dam and caused it to stop generating power. In fact, French newspaper Le Monde reported, the group had actually hacked a water mill in a small village and caused its water level to drop by 20 centimeters. https://www.wired.com/story/cyber-army-of-russia-interview ------------------------------ Date: Tue, 7 May 2024 14:44:02 -0400 From: Charles Dunlop <cdunlop () umich edu> Subject: AI Is Declared Ready to Make Decisions in War (APNews) After taking a ride in an F-16 fighter jet piloted by AI, Air Force Secretary Frank Kendall said that "he'd trust this still-learning AI with the ability to decide whether or not to launch weapons in war." https://apnews.com/article/artificial-intelligence-fighter-jets-air-force-6a1100c96a73ca9b7f41cbd6a2753fda ------------------------------ Date: Fri, 10 May 2024 11:32:13 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Microsoft Creates Top Secret Generative AI Service for U.S. Spies (Katrina Manson) Microsoft Creates Top Secret Generative AI Service for U.S. Spies Katrina Manson, *Bloomberg*, 7 May 2024, via ACM TechNews Microsoft has rolled out a generative AI platform that operates without an Internet connection, which U.S. intelligence agencies can use to analyze top secret information. The large language model is based on GPT-4 and operates in an air-gapped environment in the cloud. The model can read files but is unable to learn from them or from the open Internet. ------------------------------ Date: Sat, 11 May 2024 17:14:20 +0000 (UTC) From: Steve Bacher <sebmb1 () verizon net> Subject: AI Bots Are Taking Over the Job Application Process. Everyone Is Losing. (WSJ) Job seekers, frustrated with corporate hiring software, are using artificial intelligence to craft cover letters and resumes in seconds, band deploying new automated bots to robo-apply for hundreds of jobs in just a few clicks. In response, companies are deploying more bots of their own to sort through the oceans of applications. The result: a bot versus bot war that's leaving both applicants and employers irritated and has made the chances of landing an interview, much less a job, even slimmer than before. [...] https://www.wsj.com/lifestyle/careers/ai-job-application-685f29f7 ------------------------------ Date: Wed, 8 May 2024 01:29:43 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Translation Tech Is Amazing, Except When It's Not (WiReD) We can hold surprisingly deep conversations across languages using simple apps on our phones. But even as these apps get a fresh boost from AI, they can still lead to some awkward moments. https://www.wired.com/story/translation-tech-is-amazing-except-when-its-not ------------------------------ Date: Wed, 8 May 2024 10:22:57 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Hundreds of charges laid in OPP child sexual abuse investigation (CBC) https://www.cbc.ca/news/canada/toronto/project-aquatic-online-child-sexual-abuse-opp-1.7197494 Brown also said AI-generated images have created a problem for investigators, who now have to differentiate between what he called "real and synthetic victims." Signy Arnason, associate executive director at the Canadian Centre for Child Protection, told reporters Wednesday that the number of AI-generated sexual abuse images her team is finding just keeps growing: ]...] ------------------------------ Date: Wed, 8 May 2024 06:49:02 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Did Rihanna and Katy Perry attend the Met Gala? No, but AI had fans thinking otherwise (LATimes) Katy Perry's mom was among the social media fans duped by AI images of the 'Roar' singer and Rihanna at the 2024 Met Gala. Neither one attended the event. https://www.latimes.com/entertainment-arts/story/2024-05-07/rihanna-katy-perry-ai-pictures-2024-met-gala ------------------------------ Date: Wed, 8 May 2024 01:40:40 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Ethereum's Cofounder Says SEC Is Gaslighting Everyone About Crypto (WiReD) Joe Lubin cofounded Ethereum. Now his company is suing the Securities and Exchange Commission, and he says the future of the internet is at stake. [...] In bringing the lawsuit, Consensys hopes to drag itself and Ethereum out from underneath the SEC, by clarifying the limits of its jurisdiction, and embolden the rest of the crypto industry to retaliate against what it describes as “aggressive and unlawful SEC overreach.” An SEC spokesperson declined to comment on the specific allegations made by Consensys, saying only that “noncompliance with the securities laws deprives investors of critical protections, including rulebooks that prevent fraud and manipulation, proper disclosures, segregation of customer assets, safeguards against conflicts of interest, oversight by a self-regulatory organization, and routine inspection by the SEC. It’s investors who get hurt and the American financial markets that may suffer.” https://www.wired.com/story/ethereums-co-founder-says-sec-is-gaslighting-us-about-crypto ------------------------------ Date: Thu, 9 May 2024 11:17:12 -0700 From: geoff goodfellow <geoff () iconia com> Subject: New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation (LevianthanSecurity) Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method <https://www.leviathansecurity.com/blog/tunnelvision> has been assigned the CVE identifier CVE-2024-3661 <https://nvd.nist.gov/vuln/detail/CVE-2024-3661> (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has support for DHCP option 121 routes. At its core, TunnelVision involves the routing of traffic without An attacker who can change the configuration of a DHCP server can force clients to route their not encrypted traffic through the DHCP server instead of the VPN tunnel. https://www.leviathansecurity.com/blog/tunnelvision [See also https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ PGN] ------------------------------ Date: Wed, 8 May 2024 12:44:30 PDT From: Peter Neumann <neumann () csl sri com> Subject: UnitedHealth Top Executive Slammed Over Cyberattack (NYTimes) (See earlier items: RISKS-34.09 and 12) Reed Abelson and Noah Weiland, *The New York Times" National Edition Business Section front page, 2 May 2024 Senators from both parties questioned whether the 21 Feb 2024 ransomware cyberattack of Change Healthcare (which manages a third of all U.S. patient records and 15 billion transactions a year, with its parent Unitedhealth having reported $372B in revenues in 1923) is too deeply embedded in almost every aspect of U.S. healthcare. [PGN-ed] They had to shut down for several weeks, despite having paid the $22M ransom. [No backup-and-recovery procedures? We might expect that a company with that much revenue would invest in something significantly better than the alleged so-called industry *best practices*, which are obviously rather mediocre, and nowhere near good enough. PGN] ------------------------------ Date: Wed, 8 May 2024 08:24:56 +0200 From: Lars-Henrik Eriksson <lhe () it uu se> Subject: Risks with websites providing data that is difficult to interpret During a recent major outdoor event in my hometown, police used drones for surveillance. They had set up a flight restriction and was monitoring the airspace using flightradar24.com. They were unaware that the barometric altitude transmitted by aircraft transponders and reported by flightradar24.com has standard altimeter setting (1013 hPa) as reference. At the time, there was a high pressure weather situation and aircraft were actually more than 400-ft higher than reported by flightradar24.com. One overflying aircraft thus appeared to be inside the restricted area, causing drone activities to stop for flight safety reasons and a criminal investigation to be initiated against the pilot for violation of the Aviation Act. After several days, following discussions with both the aircraft operator and air traffic control, the police realised their mistake and closed the investigation. The RISK is that authorities -- and people in general -- use publicly available web sites that provide information where correct interpretation is not obvious. ------------------------------ Date: Thu, 9 May 2024 06:32:10 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Fake photos, but make it fashion. Why the Met Gala pics are just the beginning of AI deception (CBC) https://www.cbc.ca/news/world/fake-photos-met-gala-1.7197566 Actor Jared Leto carrying around his own head as an accessory? Real. Rapper Lil Nas X, painted head to toe in silver, his body encrusted with pearls and crystals, wearing only a metallic Dior thong? It happened. Actor and singer Billy Porter, wearing a catsuit, carried into the event by six shirtless men in gold pants? Yes. If there's any event where it might be difficult to discern reality from fantasy, it's the Met Gala, where Grimes once brandished a sword and Lady Gaga once stripped through four different outfits until she was wearing only a black lingerie set, go-go boots, and pulling a pink wagon behind her on the carpet. But this year, people weren't tripped up by the fashion choices (which were relatively tame, naked dresses aside). Instead, they were confused about which celebrities were actually there, thanks to AI-generated images during fashion's biggest night. ------------------------------ Date: Fri, 10 May 2024 08:26:08 -0400 From: Monty Solomon <monty () roscom com> Subject: Stack Overflow users sabotage their posts after OpenAI deal (ArsTechnica) Stack Overflow users sabotage their posts after OpenAI deal https://arstechnica.com/information-technology/2024/05/stack-overflow-users-sabotage-their-posts-after-openai-deal/ ------------------------------ Date: Fri, 10 May 2024 17:32:45 -0700 From: geoff goodfellow <geoff () iconia com> Subject: No Country Should be Making Speech Rules for the World (EFF) It's a simple proposition: no single country should be able to restrict speech across the entire Internet. Any other approach invites a swift relay race to the bottom for online expression, giving governments and courts in countries with the weakest speech protections carte blanche to edit the Internet. Unfortunately, governments, including democracies that care about the rule of law, too often lose sight of this simple proposition. That's why EFF, represented by Johnson Winter Slattery <https://jws.com.au/>, has moved to intervene in support of X, formerly known as Twitter's legal challenge to a global takedown <https://www.theguardian.com/australia-news/2024/apr/23/elon-musks-x-v-australias-online-safety-regulator-untangling-the-tweet-takedown-orders> order from Australia's eSafety Commissioner. The Commissioner ordered X and Meta to take down a post with a video of a stabbing in a church. X complied by geo-blocking the post so Australian users couldn't access it, but it declined to block it elsewhere. The Commissioner asked an Australian court to order a global takedown. Our intervention <https://www.eff.org/files/2024/05/09/34174.pdf> calls the court's attention to the important public interests at stake in this litigation, particularly for Internet users who are not parties to the case but will nonetheless be affected by the precedent it sets. A ruling against X is effectively a declaration that an Australian court (or its eSafety Commissioner) can prevent Internet users around the world from accessing something online, even if the law in their own country is quite different. In the United States, for example, the First Amendment guarantees that platforms generally have the right to decide what content they will host, and their users have a corollary right to receive it. We've seen this movie before. In *Google v Equustek*, <https://www.eff.org/cases/google-v-equustek> a company used a trade secret claim to persuade a Canadian court to order Google to delete search results linking to sites that contained allegedly infringing goods from Google.ca and *all* other Google domains, including Google.com <http://google.com/> and Google.co.uk <http://google.co.uk/>. Google appealed, but both the British Columbia Court of Appeal and the Supreme Court of Canada upheld the order. The following year, a U.S. court held the ruling couldn't be enforced against Google US. <https://www.eff.org/deeplinks/2017/11/us-federal-court-rejects-global-search-order> The Australian takedown order also ignores international human rights standards, restricting global access to information without considering less speech-intrusive alternatives. In other words: the Commissioner used a sledgehammer to crack a nut. If one court can impose speech-restrictive rules on the entire Internet -- despite direct conflicts with laws a foreign jurisdiction as well as international human rights principles -- the norms of expectations of all Internet users are at risk. We're glad X is fighting back, and we hope the judge will recognize the eSafety regulator's demand for what it is a big step toward unchecked global censorship -- and refuse to let Australia set another dangerous precedent. https://www.eff.org/deeplinks/2024/05/no-country-should-be-making-speech-rules-world ------------------------------ Date: Thu, 9 May 2024 07:17:42 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Apple faces celebrity backlash over piano crushing (BBC) https://www.bbc.com/news/articles/cld0rxlqgggo Apple is facing a backlash online over an advert in which objects including musical instruments and books are crushed into oblivion by a hydraulic press. The video is meant to demonstrate how their creativity has been compressed into the latest iPad. But celebrities including Hugh Grant and Justine Bateman have reacted with horror to the destruction on view. Apple boss Tim Cook has been called tone deaf for his post on X, formerly Twitter, about the device, where he asked people to "imagine all the things it'll be used to create". ------------------------------ Date: Thu, 9 May 2024 11:54:01 -0400 From: Monty Solomon <monty () roscom com> Subject: Robot dogs armed with AI-aimed rifles undergo U.S. Marines Special Ops evaluation (ArsTechnica) https://arstechnica.com/?p=2022843 ------------------------------ Date: Thu, 9 May 2024 01:14:00 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Parts supplied to Boeing had 'serious defects' (whistleblower) https://www.bbc.com/news/business-68979354 ------------------------------ Date: Wed, 8 May 2024 18:55:26 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: How Google Became Evil (Dana F. Blankenhorn) Author: You can't make men work for money alone - you starve their souls when you try it When a company loses its passion, when it tosses employee morale in the sink, it’s time to walk away. I dumped my Alphabet (Google) stock last week. Google began losing its way the day co-founders Larry Page and Sergey Brin left. They’re now the 6th and 7th richest people in the world. Their fortunes, taken together, would rank them 1st, by a huge margin. What are they doing? Not much. Page “invests in start-ups” and “life extension.” Brin has hosted a baby shower where adults wore diapers. These are no longer serious people. Yet both retain their voting stock meaning they, and in time their kids, will be absolute rulers of all Google domains. Ruth Porat, a former Morgan Stanley banker, stepped into the vacuum. She has made CEO Sundar Pichai a billionaire, but he has hollowed out the company. Have you tried Microsoft Edge lately? How about Bing and Co-Pilot? I have, and they’re miles ahead of Google. Google knows this. But it’s not responding, because it pays Apple and others for its traffic. That’s the subject of an antitrust trial, now nearing its climax, which could hit Google as hard as Microsoft was hit a generation ago. https://danafblankenhorn.substack.com/p/how-google-became-evil ------------------------------ Date: Fri, 10 May 2024 20:18:27 -0400 From: Monty Solomon <monty () roscom com> Subject: Google's new *Find My* device network is useful but a stalking risk (WashPost) The always-on Bluetooth tracking technologies from Apple and Google help pinpoint lost or stolen devices. But they can be abused. https://www.washingtonpost.com/technology/2024/05/10/android-find-my-network= -google-is-it-safe/ ------------------------------ Date: Wed, 8 May 2024 15:30:03 -0400 From: Joseph Gwinn <joegwinn () comcast net> Subject: Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (RISKS-34.23) First, note that COVID vaccines have measured serious problem rates of order a part per million, so for vaccines that have been administered to hundreds of millions of people, one would expect hundreds of bad outcome reports to have accumulated. Mandavilli argues that a very slightly imperfect vaccine is infinitely worse than no vaccine at all. But vaccinated people tended to have less severe COVID and very few deaths compared to unvaccinated people. This has been proven worldwide in multiple often massive formal studies, in many cases conducted over the entire population of a country. The anti-vax folk may focus on the few adverse results, but denying the existence of well-documented adverse results destroys credibility making the public health problem worse. ------------------------------ Date: Tue, 7 May 2024 13:55:28 +0000 From: Jay Libove Alzina <libove () felines org> Subject: Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (PGN, (RISKS-34.23) I had read *The NY Times* article that Peter Neumann points out. The article (from my perspective as a European) might as well have been subtitled "commercial liability nearly unique to the United States", but the content is still valid, and the difficulty that patients worldwide are having with getting acknowledgment and even moreso with getting treatment, whether for "post-COVID" or "post-vaccine", is very real. (For the record, I have some kind of immune dysfunction post-COVID syndrome, which began in November 2022, and continues today. It sucks). Peter's disclaimer about not being anti-vaccine does not go far enough, after he points to the vaccine batch lookup website which draws apparently completely uncurated data from the vaccine adverse events reporting system. I can't figure out what that site is supposed to be useful for. In concept, it should be to allow someone who believes they've been harmed to look to see if a disproportionately high number of other recipients of a particular vaccine batch had also reported problems ... but as not remotely enough information is provided to even draw that minimum conclusion, and VAERS is self-reporting and is pretty much useless in its raw form (which that vaccine batch VAERS lookup site uses). That leads me to believe that the batch/"reactions" lookup site is part of the anti-vaccine disinformation campaign. I'm disturbed to even see that site linked here. [The strange thing here is that much of the data on the Bad Batch website and elsewhere appears to be from public reports (e.g., from doctors and hospitals, but also from injured patients or reports from their survivors), even if those reports have not been officially sanctioned by the CDC. There seems to be considerable evidence that significant amounts of negative information is being suppressed or overcome by misinformation. That is a question posed by Stephen Colbert's use of the term *truthiness* (i.e., giving the false appearance of truth): whom should you trust if the only approved sources are not transparent? One other point, what is the main ingredient of the vaccines that have to be kept at -70 degrees? Antifreeze (i.e., polyethylene glycol), which is known to have potentially fatal anaphillactic reactions to certain individuals. But, what happens to a batch at room temperature, or that has been indvertently left in the sun on the loading doc? The main remedy thus far appears to be only tossing the rest of an unused batch at the end of the day, or (rarely) discarding an entire batch that has been identified as bad. As I think I have noted here before, there is no black-and-white one-size-fits-all solution that works equally for everyone. Furthermore, the existence of some sort of bad-batch problem seems to be irrefutable -- even if `officially' or `popularly' discounted. PGN] ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.24 ************************
Current thread:
- Risks Digest 34.24 RISKS List Owner (May 11)