Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

The whole world is a tuxedo and you are a pair of brown shoes. -- George Gobel


comp / comp.risks / Risks Digest 34.22

SubjectAuthor
o Risks Digest 34.22RISKS List Owner

1
Subject: Risks Digest 34.22
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Sat, 4 May 2024 18:04 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 34.22
Date: 4 May 2024 18:04:52 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 693
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1714845597.risko@chiron.csl.sri.com20313>
Injection-Info: reader1.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="2644"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Saturday 4 May 2024 Volume 34 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.22>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Locating where a photo was taken (Jeremy Epstein)
Russia Accused of Meddling in GPS Systems (France24)
An AI tool used in thousands of criminal cases is facing legal challenges
(NBC News)
SonarMed Inc. Recalls Airway Monitors Due to a Software Anomaly
Resulting in Failure to Detect a Partial Obstruction in 2.5mm Sensors and
Up To 3mm Distal to the Sensor Tip (Einpresswire)
Engine cover falls off Boeing plane, hits wing flap; Southwest flight
returns to Denver airport (NBC News)
AI Faces Its 'Oppenheimer Moment (Jonathan Tirone)
AI priest avatar gets the chop in first week of digital ministry -
(Catholic Herald)
Meta AI falsely claims lawmakers were accused of sexua harassment
(City & State New York)
ChatGPT provides false information about people (NOYB)
GitHub's Take on AI-Powered Software Engineering (Kyle Wiggers)
Developers seethe as Google surfaces buggy AI-written code (The Register)
Precision Attacks Target Intel and AMD Processors (ScienceBlog)
Phone Keyboard Exploits Leaves Billion Users Exposed (Margo Anderson)
Coffee County, GA, this time ransomware (Douglas Lucas)
EU Investigates Meta Over Fears of Election Interference, Foreign
Disinformation (Brian Fung)
Lawsuits test Tesla claim that drivers are solely responsible for crashes
(WashPost)
UK bans devices with weak passwords (Computing)
Net Neutrality Is Back as FCC Votes to Regulate Internet Providers
(Brian Fung)
FCC Fines Wireless Carriers About $200 Million for Sharing Customer Data
(WSJ)
London Drugs closes stores until further notice due to cyberattack
(CBC News)
Century wrap-around: 101-year old becomes 1-year old (BBC)
Healthcare giant comes clean about recent hack and paid ransom
(ArsTechnica)
Google SGE and shoplifting (Lauren Weinstein)
New York Daily News, Chicago Tribune, and others sue OpenAI and Microsoft
(The Verge)
Can AI-powered drive-throughs save the day for fast food operators?
(LATimes)
Unexpected S3 bucket costs (Medium)
CenturyLink left users with no service for two months, then billed them $239
(ArsTechnica)
More customers say 'tap-to-pay' charged their credit card through bags,
pockets (ABC7)
New Job Scams Targeting Young Professionals Are Flourishing (WSJ)
Court upholds New York law that says ISPs must offer $15 broadband
(ArsTechnica)
We Are Blowing the Fight to Contain Bird Flu (NYTimes)
Covid Vaccine Side Effects: 4 Takeaways From Our Investigation (NYTimes)
Re: We're always fighting the last war (Amos Shapir)
Re: A Chinese firm is America's favorite drone maker except in Washington
(Lauren Weinstein)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 3 May 2024 09:28:45 -0400
From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
Subject: Locating where a photo was taken

Readers of RISKS are quite aware that most photos taken these days have
embedded GPS data. I learned yesterday about geospy.ai
<https://l.facebook.com/l.php?u=http%3A%2F%2Fgeospy.ai%2F%3Ffbclid%wZX=
h0bgNhZW0CMTAAAR2rXPkUMJF25CnDgRycn3se6hDOhh5goDEGvPLGP-rqHbw2dD6T1xmQYi8_a=
em_AWrS5muaJoIeuBHvjvmpl7FeajnQSE2iKmunEQqQq0pi185qxhmdYVFmHKdrlwvIvS5Dghy2=
dlcNSXi2HeAi24he&h=AT1xfgfzcOu0ZtYm2FfaS-PNYJTqTRKREXEIq0fBy7NgzZ8FJixLLZ=
EmETk4kkPgyv25NrB1O59D_axIN2M8HLsHFkyNdIhcDkKbwJJJ11fwjuhXI-rZ9bguxvtJiTU7B=
Z25-ls&__tn__=-UK*F>,
which claims to identify where a photo was taken using AI and computer
vision -- implying that it is not relying on the GPS data.

Playing with it, started with some photos my daughter had sent me from
Spain and Czechia. It sometimes got the right country, but the explanation
was generally wrong -- e.g., it identified one picture as being from Czechia
because the signs were in Czech (they were actually in English), there was
a Czech flag (not so), and there were cobblestones (there weren't).
Another picture from Prague it insisted was in Paris.

A picture of my grandson was identified as being taken in a suburban
backyard because of the grass, but couldn't get beyond that.

A picture taken of the Jefferson Memorial in DC it got right -- perhaps from
the GPS data, but there's enough photos of that site that it's not too
surprising.

Moving on, I provided a picture of my girlfriend's birthday cake sitting on
the kitchen counter, with no windows that might provide a view of the
outside world. It claims that the photo (which was taken in Falls Church
VA) was "taken in Hoboken, New Jersey. This is evident from the street
signs, which are in English and use the American spelling of "Hoboken." The
buildings in the background are also typical of American architecture. The
coordinates of the photo are 40=C2=B043'N 74=C2=B002'W".

I ran it again, and it gave a specific address (1100 Maxwell Lane, Hoboken
NJ). Another time it said "the photo was taken in New York City because
the cake has the words "happy two thirds century Julie" written on it
[which is] a reference to the song "happy birthday to you", which was
written by two sisters from New York City".

Another try said the inscription was "likely a reference to Julie Andrews,
who was born in Surrey England, but has lived in New York City since the
1960s".

Another try said that the ribbon on the cake is the "color of the New York
Yankees ... [and the inscription] is likely a reference to the New York
Yankees baseball team, as they have won 27 World Series championships,
which is two-thirds of the World Series championships that have been won by
all of the teams in Major League Baseball". [Note to non sports fans,
including myself -- WIkipedia says the World Series has been played almost
every year since 1903, so 27 isn't 2/3 of that. And I don't know if the
Yankees have won 27 times.]

Yes, it's a beta product, with appropriate disclaimers. It's not an
auspicious start. It's hard to imagine people making decisions based on
this quality of software, but we're all seeing plenty of blind reliance on
AI.

------------------------------

Date: Fri, 3 May 2024 11:20:34 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Russia Accused of Meddling in GPS Systems (France24)

S=C3=88bastian Seibt, France 24, 1 May 24 [May-Day!]

GPS signal interference at Tartu airport in Estonia is being attributed to
Russia. An increase in such incidents, where signal jamming or spoofing make
it difficult to land aircraft safely, has prompted Finland's Finnair to stop
its aircraft from landing there over the next month. About 46,000 aircraft
flying in and out of Britain since August 2023 have reportedly encountered
GPS signal issues over the Baltic Sea.

------------------------------

Date: Fri, 3 May 2024 15:07:39 -0400
From: chuck fee <chuckfee@gmail.com>
Subject: An AI tool used in thousands of criminal cases is facing legal
challenges (NBC News)

Black box software with no audit trail and no peer review seems to be a
critical piece of prosecutors' cases for murder. And its creator, who
refuses to disclose pretty much anything about the program, might have
perjured himself. Judges are now tossing the 'evidence.'

This line explaining the software's capabilities seemed hard to believe.
How does a random third party access to debug-level logging output of a
random wifi security camera? And at just the right place and time?

*Cybercheck connected the profiles to the scene of the killing within
minutes of the homicide using a network address -- a unique number that
identifies devices connected to the Internet -- from a Wi-Fi-enabled
security camera, according to the filing.*

*At least one device -- possibly a phone -- with a suspect's cyber profile
had tried to communicate with the camera's Wi-Fi connection, according to
the report, Malarcik said.*

https://www.nbcnews.com/news/crime-courts/ai-tool-used-thousands-criminal-cases-facing-legal-challenges-rcna149607

------------------------------

Date: Mon, 29 Apr 2024 12:55:08 -0400
From: Monty Solomon <monty@roscom.com>
Subject: SonarMed Inc. Recalls Airway Monitors Due to a Software Anomaly
Resulting in Failure to Detect a Partial Obstruction in 2.5mm Sensors and
Up To 3mm Distal to the Sensor Tip (Einpresswire)

https://www.einpresswire.com/article/707437349/sonarmed-inc-recalls-airway-monitors-due-to-a-software-anomaly-resulting-in-failure-to-detect-a-partial-obstruction-in-2-5mm-sensors-and-up-to-3mm

------------------------------

Date: Sun, 28 Apr 2024 14:16:49 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Engine cover falls off Boeing plane, hits wing flap;
Southwest flight returns to Denver airport (NBC News)


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor