risks logo

RISKS Forum
mailing list archives


From: RISKS List Owner <risko () csl sri com>

Date: Sat, 11 May 2024 17:13:03 PDT


RISKS-LIST: Risks-Forum Digest  Saturday 11 May 2024  Volume 34 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/34.24>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
System outage affecting UniSuper services (via Colin Sutton)´˜´çoß∂Dubjrvy∂ßço
More than 200 people with diabetes injured after software issue drained
 insulin pump batteries (Jamie Gubrecht and FDA)
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak
 Encryption Keys and Data (The Hacker News)
Solar Flares and Northern Lights (WashPost)
Wildfires causing widespread telecom outages in the NWT Yukon (CBC)
State actor blamed for cyberattack on B.C. government systems (CBC)
Interview With the Russian-Military-Linked Hackers Targeting U.S. Water
 Utilities (WiReD)
AI Is Declared Ready to Make Decisions in War (APNews)
Microsoft Creates Top Secret Generative AI Service for U.S. Spies
 (Katrina Manson)
AI Bots Are Taking Over the Job Application Process. Everyone Is Losing.
(WSJ)
Translation Tech Is Amazing, Except When It's Not (WiReD)
Hundreds of charges laid in OPP child sexual abuse investigation (CBC)
Did Rihanna and Katy Perry attend the Met Gala? No, but AI had fans
 thinking otherwise (LATimes)
Ethereum's Cofounder Says SEC Is Gaslighting Everyone About Crypto (WiReD)
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP
 Manipulation (LevianthanSecurity)
UnitedHealth Top Executive Slammed Over Cyberattack (NYTimes)
Risks with websites providing data that is difficult to interpret
 (Lars-Henrik Eriksson)
Fake photos, but make it fashion. Why the Met Gala
 pics are just the beginning of AI deception (CBC)
Stack Overflow users sabotage their posts after OpenAI deal
 (ArsTechnica)
No Country Should be Making Speech Rules for the World  (EFF)
Apple faces celebrity backlash over piano crushing (BBC)
Robot dogs armed with AI-aimed rifles undergo U.S. Marines Special Ops
 evaluation (ArsTechnica)
Parts supplied to Boeing had 'serious defects' (whistleblower via BBC)
How Google Became Evil (Dana F. Blankenhorn)
Google's new *Find My* device network is useful but a stalking risk
 (WashPost)
Re: Could the Covid-19 Vaccines Have Caused Some People Harm?
 (Joseph Gwinn, Jay Libove Alzina)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 9 May 2024 12:45:41 +1000
From: Colin Sutton <colin_sutton () ieee org>
Subject: System outage affecting UniSuper services

A large Australian investment organisation, UniSuper, "had duplication in
two geographies as a protection against outages and loss. However, when the
deletion of UniSuper's Private Cloud subscription occurred, it caused
deletion across both of these geographies."  All access was lost a week
ago. It seems everything is still being recreated from backups.
https://www.unisuper.com.au/contact-us/outage-update

------------------------------

Date: Fri, 10 May 2024 11:06:16 -0700
From: geoff goodfellow <geoff () iconia com>
Subject: More than 200 people with diabetes injured after
 software issue drained insulin pump batteries (FDA)

Jamie Gumbrecht, *CNN*, 8 May 2024, via ACM TechNews

More than 200 people with diabetes were injured when their insulin pumps
shut down unexpectedly due to a problem with a connected mobile app, the US
Food and Drug Administration said Wednesday.
<https://www.fda.gov/medical-devices/medical-device-recalls/tandem-diabetes-care-inc-recalls-version-27-apple-ios-tconnect-mobile-app-used-conjunction-tslim-x2?utm_medium=email&utm_source=govdelivery>

The FDA has identified this as a Class I recall, the most serious type of
recall. Use of these devices may cause serious injuries or death.  Version
2.7 of the t:connect Apple iOS app -- used with the t:slim X2 insulin pump
with Control-IQ -- has been recalled due to a software = issue that causes
the app to crash and relaunch. This cycle drains the pump battery, causing
it to shut down sooner than expected and suspend insulin delivery.

The issue ``may result in hyperglycemia or even diabetic ketoacidosi= s,
which can be a life-threatening condition due to high blood sugars and lack
of insulin,'' the FDA said.  The agency said there have been 224 reported
injuries as of April 15. No deaths have been reported. [...]

https://www.cnn.com/2024/05/08/health/tandem-insulin-pump-app-recall/index.=
html

[comment from the press release: Fortunately, this failure mode means the
pump stops dispensing insulin, which, while it can lead to ugly medical
problems, takes hours or days to get bad and can usually be noticed in time.
The reverse problem, namely dumping large amounts of insulin into the blood
stream, can cause immediate brain damage and other life threats (cf. Sunny
von Bullow).]

PRESS RELEASE:
https://www.fda.gov/medical-devices/medical-device-recalls/tandem-diabetes-care-inc-recalls-version-27-apple-ios-tconnect-mobile-app-used-conjunction-tslim-x2

------------------------------

Date: Wed, 8 May 2024 09:16:11 -0700
From: geoff goodfellow <geoff () iconia com>
Subject: New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak
 Encryption Keys and Data (The Hacker News)

Researchers have discovered two novel attack methods targeting
high-performance Intel CPUs that could be exploited to stage a key recovery
attack against the Advanced Encryption Standard (AES) algorithm.

The techniques have been collectively dubbed Pathfinder by a group of
academics from the University of California San Diego, Purdue University,
UNC Chapel Hill, Georgia Institute of Technology, and Google.

"Pathfinder allows attackers to read and manipulate key components of the
branch predictor, enabling two main types of attacks: reconstructing
program control flow history and launching high-resolution Spectre
attacks," Hosein Yavarzadeh, the lead author of the paper
<https://dl.acm.org/doi/10.1145/3620666.3651382>, said in a statement
shared with The Hacker News.

"This includes extracting secret images from libraries like libjpeg and
recovering encryption keys from AES through intermediate value extraction."

Spectre is the name given to a class of side-channel attacks
<https://thehackernews.com/2024/04/researchers-uncover-first-native.html>
that exploit branch prediction
<https://en.wikipedia.org/wiki/Branch_predictor> and speculative
execution <https://en.wikipedia.org/wiki/Speculative_execution> on
modern CPUs to read privileged data in the memory in a manner that
sidesteps isolation protections between applications.

The latest attack approach targets a feature in the branch predictor
called the Path History Register (PHR
<https://ieeexplore.ieee.org/document/955033>) -- which keeps a record
of the last taken branches -- to induce branch mispredictions and
cause a victim program to execute unintended code paths, thereby
inadvertently exposing its confidential data.

Specifically, it introduces new primitives that make it possible to
manipulate PHR as well as the prediction history tables (PHTs) within the
conditional branch predictor (CBR) to leak historical execution data and
ultimately trigger a Spectre-style exploit.   [...]

------------------------------

Date: Sat, 11 May 2024 02:40:01 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Solar Flares and Northern Lights (WashPost)

One of the strongest geomagnetic storms in two decades hit Earth on Friday
afternoon. Scientists say the severe storm could disrupt communication
systems but also bring beautiful displays of the northern lights this
weekend.  [...]

Geomagnetic storms occur when the sun sends a punch of charged particles and
parts of its magnetic field to Earth, often through eruptions from its
surface called coronal mass ejections. This severe geomagnetic storm — rated
a level four out of five — resulted from five coronal mass ejections earlier
this week, some of which are catching up with one another as they hurtle
through space.

“We’re a little concerned in that we haven’t seen this in a long time,”
Shawn Dahl, the service coordinator for the National Oceanic and Atmospheric
Administration’s Space Weather Prediction Center, said in a news conference
Friday. “We have notified all of our infrastructure operators that we
coordinate with, such as satellite operators, communication folks … and of
course, the power grid here in North America.”

A severe geomagnetic storm powered by five coronal ejections from the sun
will result in a vivid aurora borealis. Here are some tips for seeing it
this weekend

A severe geomagnetic storm can cause issues with power systems, spacecraft
operations, radio communications and even pipeline systems, if not
appropriately prepared for.

“Our role is to alert the operators of these different systems so that
they’re aware and can take actions to mitigate these kinds of impacts,” Rob
Steenburgh, a space scientist at NOAA’s Space Weather Prediction Center,
said at a news conference Friday.

Steenburgh and his colleagues work with grid operators across North America
to ensure high voltage transmission lines can withstand the incoming surge
of energy from the sun. Over past decades, engineers built systems that can
protect power lines rapidly and keep them online during geomagnetic storms.

https://www.washingtonpost.com/weather/2024/05/10/northern-lights-solar-storm-where-to-watch/

------------------------------

From: Matthew Kruk <mkrukg () gmail com>
Date: Sat, 11 May 2024 14:32:22 -0600
Subject: Wildfires causing widespread telecom outages in the NWT Yukon (CBC)

https://www.cbc.ca/news/canada/north/911-nwt-service-wildfire-alert-1.7201524

As of Saturday morning, the telecom provider confirmed that cell service,
long-distance landline calls, and Internet were still down in Yukon,
Northern B.C., and the Beaufort Delta and Mackenzie Delta regions of N.W.T."
``We are working closely with our partners to gain safe access to the
damaged infrastructure to assess the situation. Once we're able to gain safe
access, we can begin repairs. We do not have ETA for repair at this time,
customers should plan to be without service for several more hours.''
Northwestel wrote on its Facebook page.
<https://www.facebook.com/Northwestel>"

  [The almost unprecedented Friday evening Solar Flares caused some very
  spectacular Northern Lights much farther south, as predicted.  I wonder if
  fires or power outages were related.  PGN]

------------------------------

Date: Fri, 10 May 2024 15:57:44 -0600
From: Matthew Kruk <mkrukg () gmail com>
Subject: State actor blamed for cyberattack on B.C. government systems (CBC)

https://www.cbc.ca/news/canada/british-columbia/bc-government-cyberattack-state-actor-1.7200735

The head of British Columbia's public service has announced that there is a
high degree of confidence a state or state-sponsored actor attempted to
breach government systems in a cyberattack.

Shannon Salter, head of the public service, announced that three separate
attempts were made to breach government systems over the last month.  Salter
said that investigations remain ongoing, and did not share which state could
have been involved in the cyberattack or which systems they attempted to
access.

------------------------------

Date: Wed, 8 May 2024 18:15:01 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Interview With the Russian-Military-Linked Hackers Targeting U.S.
 Water Utilities (WiReD

Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,”
experts say the cyber sabotage group appears to be hyping its hacking for a
domestic audience.

Yet as unprecedented and disturbing as it may be for a Russian hacker group
to trigger a significant water leak at a US utility, Cyber Army of Russia
still seems at times to comically overestimate the clarity of its threat
against Ukraine's allies. In response to a question about the Muleshoe water
utility attack specifically, Julia noted that the group's operation is
intended to persuade “mainly representatives of the Democratic Party
[because] their support for Ukraine is the most significant"—a
head-scratching statement given that Muleshoe is in a Texas congressional
district that hasn't elected a Democratic representative since 1982.

In other hacking operations like its targeting of a Polish wastewater
utility, cybersecurity researchers who watched the video of the attack told
WIRED that Cyber Army of Russia appeared to be arbitrarily changing values
in the utility's control system software, with no actual disruptive
effect. In another case, the hackers posted a video to their Telegram
channel claiming that, in response to French president Emmanuel Macron's
threat of sending French military personnel to Ukraine, it had hacked a
French hydroelectric dam and caused it to stop generating power. In fact,
French newspaper Le Monde reported, the group had actually hacked a water
mill in a small village and caused its water level to drop by 20
centimeters.

https://www.wired.com/story/cyber-army-of-russia-interview

------------------------------

Date: Tue, 7 May 2024 14:44:02 -0400
From: Charles Dunlop <cdunlop () umich edu>
Subject: AI Is Declared Ready to Make Decisions in War (APNews)

After taking a ride in an F-16 fighter jet piloted by AI, Air Force
Secretary Frank Kendall said that "he'd trust this still-learning AI with
the ability to decide whether or not to launch weapons in war."

https://apnews.com/article/artificial-intelligence-fighter-jets-air-force-6a1100c96a73ca9b7f41cbd6a2753fda

------------------------------

Date: Fri, 10 May 2024 11:32:13 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: Microsoft Creates Top Secret Generative AI Service for U.S. Spies
 (Katrina Manson)

Microsoft Creates Top Secret Generative AI Service for U.S. Spies
Katrina Manson, *Bloomberg*, 7 May 2024, via ACM TechNews

Microsoft has rolled out a generative AI platform that operates without an
Internet connection, which U.S. intelligence agencies can use to analyze top
secret information. The large language model is based on GPT-4 and operates
in an air-gapped environment in the cloud. The model can read files but is
unable to learn from them or from the open Internet.

------------------------------

Date: Sat, 11 May 2024 17:14:20 +0000 (UTC)
From: Steve Bacher <sebmb1 () verizon net>
Subject: AI Bots Are Taking Over the Job Application Process. Everyone Is
 Losing. (WSJ)

Job seekers, frustrated with corporate hiring software, are using artificial
intelligence to craft cover letters and resumes in seconds, band deploying
new automated bots to robo-apply for hundreds of jobs in just a few
clicks. In response, companies are deploying more bots of their own to sort
through the oceans of applications.

The result: a bot versus bot war that's leaving both applicants and
employers irritated and has made the chances of landing an interview, much
less a job, even slimmer than before.  [...]

https://www.wsj.com/lifestyle/careers/ai-job-application-685f29f7

------------------------------

Date: Wed, 8 May 2024 01:29:43 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Translation Tech Is Amazing, Except When It's Not
 (WiReD)

We can hold surprisingly deep conversations across languages using simple
apps on our phones. But even as these apps get a fresh boost from AI, they
can still lead to some awkward moments.

https://www.wired.com/story/translation-tech-is-amazing-except-when-its-not

------------------------------

Date: Wed, 8 May 2024 10:22:57 -0600
From: Matthew Kruk <mkrukg () gmail com>
Subject: Hundreds of charges laid in OPP child sexual abuse
 investigation (CBC)

https://www.cbc.ca/news/canada/toronto/project-aquatic-online-child-sexual-abuse-opp-1.7197494

Brown also said AI-generated images have created a problem for
investigators, who now have to differentiate between what he called "real
and synthetic victims."

Signy Arnason, associate executive director at the Canadian Centre for Child
Protection, told reporters Wednesday that the number of AI-generated sexual
abuse images her team is finding just keeps growing: ]...]

------------------------------

Date: Wed, 8 May 2024 06:49:02 -0700
From: Steve Bacher <sebmb1 () verizon net>
Subject: Did Rihanna and Katy Perry attend the Met Gala? No, but AI had fans
 thinking otherwise (LATimes)

Katy Perry's mom was among the social media fans duped by AI images of the
'Roar' singer and Rihanna at the 2024 Met Gala. Neither one attended the
event.

https://www.latimes.com/entertainment-arts/story/2024-05-07/rihanna-katy-perry-ai-pictures-2024-met-gala

------------------------------

Date: Wed, 8 May 2024 01:40:40 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Ethereum's Cofounder Says SEC Is Gaslighting Everyone About Crypto
 (WiReD)

Joe Lubin cofounded Ethereum. Now his company is suing the Securities and
Exchange Commission, and he says the future of the internet is at stake.
[...]

In bringing the lawsuit, Consensys hopes to drag itself and Ethereum out
from underneath the SEC, by clarifying the limits of its jurisdiction, and
embolden the rest of the crypto industry to retaliate against what it
describes as “aggressive and unlawful SEC overreach.” An SEC spokesperson
declined to comment on the specific allegations made by Consensys, saying
only that “noncompliance with the securities laws deprives investors of
critical protections, including rulebooks that prevent fraud and
manipulation, proper disclosures, segregation of customer assets, safeguards
against conflicts of interest, oversight by a self-regulatory organization,
and routine inspection by the SEC. It’s investors who get hurt and the
American financial markets that may suffer.”

https://www.wired.com/story/ethereums-co-founder-says-sec-is-gaslighting-us-about-crypto

------------------------------

Date: Thu, 9 May 2024 11:17:12 -0700
From: geoff goodfellow <geoff () iconia com>
Subject: New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP
 Manipulation (LevianthanSecurity)

Researchers have detailed a Virtual Private Network (VPN) bypass technique
dubbed TunnelVision that allows threat actors to snoop on victim's network
traffic by just being on the same local network.

The "decloaking" method
<https://www.leviathansecurity.com/blog/tunnelvision> has been assigned the
CVE identifier CVE-2024-3661
<https://nvd.nist.gov/vuln/detail/CVE-2024-3661> (CVSS score: 7.6). It
impacts all operating systems that implement a DHCP client and has support
for DHCP option 121 routes.

At its core, TunnelVision involves the routing of traffic without

An attacker who can change the configuration of a DHCP server can force
clients to route their not encrypted traffic through the DHCP server
instead of the VPN tunnel.

https://www.leviathansecurity.com/blog/tunnelvision

  [See also
https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
  PGN]

------------------------------

Date: Wed, 8 May 2024 12:44:30 PDT
From: Peter Neumann <neumann () csl sri com>
Subject: UnitedHealth Top Executive Slammed Over Cyberattack
 (NYTimes)

 (See earlier items: RISKS-34.09 and 12)

Reed Abelson and Noah Weiland, *The New York Times" National
Edition Business Section front page, 2 May 2024

Senators from both parties questioned whether the 21 Feb 2024
ransomware cyberattack of Change Healthcare (which manages a third of
all U.S. patient records and 15 billion transactions a year, with its
parent Unitedhealth having reported $372B in revenues in 1923) is too
deeply embedded in almost every aspect of U.S. healthcare.  [PGN-ed]

They had to shut down for several weeks, despite having paid the $22M
ransom.

  [No backup-and-recovery procedures?  We might expect that a company
  with that much revenue would invest in something significantly
  better than the alleged so-called industry *best practices*, which
  are obviously rather mediocre, and nowhere near good enough.  PGN]

------------------------------

Date: Wed, 8 May 2024 08:24:56 +0200
From: Lars-Henrik Eriksson <lhe () it uu se>
Subject: Risks with websites providing data that is difficult
 to interpret

During a recent major outdoor event in my hometown, police used drones for
surveillance. They had set up a flight restriction and was monitoring the
airspace using flightradar24.com. They were unaware that the barometric
altitude transmitted by aircraft transponders and reported by
flightradar24.com has standard altimeter setting (1013 hPa) as reference. At
the time, there was a high pressure weather situation and aircraft were
actually more than 400-ft higher than reported by flightradar24.com.

One overflying aircraft thus appeared to be inside the restricted area,
causing drone activities to stop for flight safety reasons and a criminal
investigation to be initiated against the pilot for violation of the
Aviation Act. After several days, following discussions with both the
aircraft operator and air traffic control, the police realised their mistake
and closed the investigation.

The RISK is that authorities -- and people in general -- use publicly
available web sites that provide information where correct interpretation is
not obvious.

------------------------------

Date: Thu, 9 May 2024 06:32:10 -0600
From: Matthew Kruk <mkrukg () gmail com>
Subject: Fake photos, but make it fashion. Why the Met Gala
 pics are just the beginning of AI deception (CBC)

https://www.cbc.ca/news/world/fake-photos-met-gala-1.7197566

Actor Jared Leto carrying around his own head as an accessory? Real. Rapper
Lil Nas X, painted head to toe in silver, his body encrusted with pearls
and crystals, wearing only a metallic Dior thong? It happened. Actor and
singer Billy Porter, wearing a catsuit, carried into the event by six
shirtless men in gold pants? Yes.

If there's any event where it might be difficult to discern reality from
fantasy, it's the Met Gala, where Grimes once brandished a sword and Lady
Gaga once stripped through four different outfits until she was wearing
only a black lingerie set, go-go boots, and pulling a pink wagon behind her
on the carpet.

But this year, people weren't tripped up by the fashion choices (which were
relatively tame, naked dresses aside). Instead, they were confused about
which celebrities were actually there, thanks to AI-generated images during
fashion's biggest night.

------------------------------

Date: Fri, 10 May 2024 08:26:08 -0400
From: Monty Solomon <monty () roscom com>
Subject: Stack Overflow users sabotage their posts after OpenAI deal
 (ArsTechnica)

Stack Overflow users sabotage their posts after OpenAI deal
https://arstechnica.com/information-technology/2024/05/stack-overflow-users-sabotage-their-posts-after-openai-deal/

------------------------------

Date: Fri, 10 May 2024 17:32:45 -0700
From: geoff goodfellow <geoff () iconia com>
Subject: No Country Should be Making Speech Rules for the World
 (EFF)

It's a simple proposition: no single country should be able to restrict
speech across the entire Internet. Any other approach invites a swift relay
race to the bottom for online expression, giving governments and courts in
countries with the weakest speech protections carte blanche to edit the
Internet.

Unfortunately, governments, including democracies that care about the rule
of law, too often lose sight of this simple proposition. That's why EFF,
represented by Johnson Winter Slattery <https://jws.com.au/>, has moved to
intervene in support of X, formerly known as Twitter's legal challenge to a
global takedown
<https://www.theguardian.com/australia-news/2024/apr/23/elon-musks-x-v-australias-online-safety-regulator-untangling-the-tweet-takedown-orders>
order from Australia's eSafety Commissioner. The Commissioner ordered X and
Meta to take down a post with a video of a stabbing in a church. X complied
by geo-blocking the post so Australian users couldn't access it, but it
declined to block it elsewhere. The Commissioner asked an Australian court
to order a global takedown.

Our intervention <https://www.eff.org/files/2024/05/09/34174.pdf> calls the
court's attention to the important public interests at stake in this
litigation, particularly for Internet users who are not parties to the case
but will nonetheless be affected by the precedent it sets. A ruling against
X is effectively a declaration that an Australian court (or its eSafety
Commissioner) can prevent Internet users around the world from accessing
something online, even if the law in their own country is quite different.
In the United States, for example, the First Amendment guarantees that
platforms generally have the right to decide what content they will host,
and their users have a corollary right to receive it.

We've seen this movie before. In *Google v Equustek*,
<https://www.eff.org/cases/google-v-equustek> a company used a trade secret
claim to persuade a Canadian court to order Google to delete search results
linking to sites that contained allegedly infringing goods from Google.ca
and *all* other Google domains, including Google.com <http://google.com/>
and Google.co.uk <http://google.co.uk/>. Google appealed, but both the
British Columbia Court of Appeal and the Supreme Court of Canada upheld the
order. The following year, a U.S. court held the ruling couldn't be enforced
against Google US.
<https://www.eff.org/deeplinks/2017/11/us-federal-court-rejects-global-search-order>

The Australian takedown order also ignores international human rights
standards, restricting global access to information without considering less
speech-intrusive alternatives. In other words: the Commissioner used a
sledgehammer to crack a nut.

If one court can impose speech-restrictive rules on the entire Internet --
despite direct conflicts with laws a foreign jurisdiction as well as
international human rights principles -- the norms of expectations of all
Internet users are at risk. We're glad X is fighting back, and we hope the
judge will recognize the eSafety regulator's demand for what it is a big
step toward unchecked global censorship -- and refuse to let Australia set
another dangerous precedent.

https://www.eff.org/deeplinks/2024/05/no-country-should-be-making-speech-rules-world

------------------------------

Date: Thu, 9 May 2024 07:17:42 -0600
From: Matthew Kruk <mkrukg () gmail com>
Subject: Apple faces celebrity backlash over piano crushing (BBC)

https://www.bbc.com/news/articles/cld0rxlqgggo

Apple is facing a backlash online over an advert in which objects including
musical instruments and books are crushed into oblivion by a hydraulic
press.

The video is meant to demonstrate how their creativity has been compressed
into the latest iPad.

But celebrities including Hugh Grant and Justine Bateman have reacted with
horror to the destruction on view.

Apple boss Tim Cook has been called tone deaf for his post on X, formerly
Twitter, about the device, where he asked people to "imagine all the things
it'll be used to create".

------------------------------

Date: Thu, 9 May 2024 11:54:01 -0400
From: Monty Solomon <monty () roscom com>
Subject: Robot dogs armed with AI-aimed rifles undergo U.S. Marines Special
 Ops evaluation (ArsTechnica)

https://arstechnica.com/?p=2022843

------------------------------

Date: Thu, 9 May 2024 01:14:00 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Parts supplied to Boeing had 'serious defects' (whistleblower)

https://www.bbc.com/news/business-68979354

------------------------------

Date: Wed, 8 May 2024 18:55:26 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: How Google Became Evil (Dana F. Blankenhorn)

Author: You can't make men work for money alone - you starve their souls
when you try it

When a company loses its passion, when it tosses employee morale in the
sink, it’s time to walk away.

I dumped my Alphabet (Google) stock last week.

Google began losing its way the day co-founders Larry Page and Sergey Brin
left. They’re now the 6th and 7th richest people in the world.  Their
fortunes, taken together, would rank them 1st, by a huge margin.

What are they doing? Not much. Page “invests in start-ups” and “life
extension.” Brin has hosted a baby shower where adults wore diapers.  These
are no longer serious people. Yet both retain their voting stock meaning
they, and in time their kids, will be absolute rulers of all Google domains.

Ruth Porat, a former Morgan Stanley banker, stepped into the vacuum. She has
made CEO Sundar Pichai a billionaire, but he has hollowed out the company.

Have you tried Microsoft Edge lately? How about Bing and Co-Pilot? I have,
and they’re miles ahead of Google.

Google knows this. But it’s not responding, because it pays Apple and others
for its traffic. That’s the subject of an antitrust trial, now nearing its
climax, which could hit Google as hard as Microsoft was hit a generation
ago.

https://danafblankenhorn.substack.com/p/how-google-became-evil

------------------------------

Date: Fri, 10 May 2024 20:18:27 -0400
From: Monty Solomon <monty () roscom com>
Subject: Google's new *Find My* device network is useful but a stalking risk
 (WashPost)

The always-on Bluetooth tracking technologies from Apple and Google help
pinpoint lost or stolen devices. But they can be abused.

https://www.washingtonpost.com/technology/2024/05/10/android-find-my-network=
-google-is-it-safe/

------------------------------

Date: Wed, 8 May 2024 15:30:03 -0400
From: Joseph Gwinn <joegwinn () comcast net>
Subject: Re: Could the Covid-19 Vaccines Have Caused Some People Harm?
 (RISKS-34.23)

First, note that COVID vaccines have measured serious problem rates of order
a part per million, so for vaccines that have been administered to hundreds
of millions of people, one would expect hundreds of bad outcome reports to
have accumulated.

Mandavilli argues that a very slightly imperfect vaccine is infinitely worse
than no vaccine at all.  But vaccinated people tended to have less severe
COVID and very few deaths compared to unvaccinated people. This has been
proven worldwide in multiple often massive formal studies, in many cases
conducted over the entire population of a country.

The anti-vax folk may focus on the few adverse results, but denying the
existence of well-documented adverse results destroys credibility making the
public health problem worse.

------------------------------

Date: Tue, 7 May 2024 13:55:28 +0000
From: Jay Libove Alzina <libove () felines org>
Subject: Re: Could the Covid-19 Vaccines Have Caused Some People Harm? (PGN,
 (RISKS-34.23)

I had read *The NY Times* article that Peter Neumann points out. The article
(from my perspective as a European) might as well have been subtitled
"commercial liability nearly unique to the United States", but the content
is still valid, and the difficulty that patients worldwide are having with
getting acknowledgment and even moreso with getting treatment, whether for
"post-COVID" or "post-vaccine", is very real. (For the record, I have some
kind of immune dysfunction post-COVID syndrome, which began in November
2022, and continues today. It sucks).

Peter's disclaimer about not being anti-vaccine does not go far enough,
after he points to the vaccine batch lookup website which draws apparently
completely uncurated data from the vaccine adverse events reporting system.

I can't figure out what that site is supposed to be useful for. In concept,
it should be to allow someone who believes they've been harmed to look to
see if a disproportionately high number of other recipients of a particular
vaccine batch had also reported problems ... but as not remotely enough
information is provided to even draw that minimum conclusion, and VAERS is
self-reporting and is pretty much useless in its raw form (which that
vaccine batch VAERS lookup site uses).  That leads me to believe that the
batch/"reactions" lookup site is part of the anti-vaccine disinformation
campaign. I'm disturbed to even see that site linked here.

  [The strange thing here is that much of the data on the Bad Batch website
  and elsewhere appears to be from public reports (e.g., from doctors and
  hospitals, but also from injured patients or reports from their
  survivors), even if those reports have not been officially sanctioned by
  the CDC.  There seems to be considerable evidence that significant amounts
  of negative information is being suppressed or overcome by misinformation.
  That is a question posed by Stephen Colbert's use of the term *truthiness*
  (i.e., giving the false appearance of truth): whom should you trust if the
  only approved sources are not transparent?

  One other point, what is the main ingredient of the vaccines that have to
  be kept at -70 degrees?  Antifreeze (i.e., polyethylene glycol), which is
  known to have potentially fatal anaphillactic reactions to certain
  individuals.  But, what happens to a batch at room temperature, or that
  has been indvertently left in the sun on the loading doc?  The main remedy
  thus far appears to be only tossing the rest of an unused batch at the end
  of the day, or (rarely) discarding an entire batch that has been
  identified as bad.  As I think I have noted here before, there is no
  black-and-white one-size-fits-all solution that works equally for
  everyone.  Furthermore, the existence of some sort of bad-batch problem
  seems to be irrefutable -- even if `officially' or `popularly' discounted.
  PGN]

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) has moved to the ftp.sri.com site:
   <risksinfo.html>.
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    delightfully searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.24
************************


Current thread:

  • Risks Digest 34.24 RISKS List Owner (May 11)

By

Leave a Reply

Your email address will not be published. Required fields are marked *