RISKS-LIST: Risks-Forum Digest Friday 30 May 2024 Volume 34 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.28>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Australia looking into alleged Ticketmaster hack (BBC)
Mystery malware destroys 600,000 routers from a single ISP during
72-hour span (ArsTechnica)
Linux vulnerability and some info on namespaces (Ars Technica)
CVE-2024-24919: Check Point Security Gateway Info Disclosure
(Presale1)
More Than Half of ChatGPT Answers to Programming Questions Are
How Easy Is It to Teach Chatbots to Spew Disinformation? VERY!
(Jeremy White)
Trump supporters try to doxx jurors and post violent threats after his
conviction (NBC News)
If AI Can Do Your Job, Maybe It Can Also Replace Your CEO (NYTimes)
Rural ISP Routers Bricked Beyond Repair (Security Boulevard)
Touch Controls on Stoves Suck. Knobs Are Way Better (WiReD)
If you use Veeam (Cliff Kilby)
Re: PGN on Ethics in RISKS-34.25 (Stever Robbins)
Review of *Wicked Problems*, new book on risks of new technology
(Judith Hemenway)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 30 May 2024 07:04:01 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Australia looking into alleged Ticketmaster hack (BBC)

https://www.bbc.com/news/articles/c899pz84d8zo

Australia's Department of Home Affairs says it is working with Ticketmaster
after hackers allegedly stole personal details of more than half a billion
customers.

The ShinyHunters hacking group is reportedly demanding a $500,000
(=C2=A3400,000) ransom payment to prevent the information being sold to
other parties.

Australia said it was aware of a breach and was "working with Ticketmaster
to understand the incident".

[Victor Miller noted Ticketmaster hacked, may affect 1/2 billion users
https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack

[Add this to the never-ending list of ransomware exploits. PGN]

------------------------------

Date: Fri, 31 May 2024 14:58:17 +0000 (UTC)
From: Steve Bacher <sebmb1@verizon.net>
Subject: Mystery malware destroys 600,000 routers from a single ISP during
72-hour span (ArsTechnica)

An unknown threat actor with equally unknown motives forces ISP to replace =
routers.

One day last October, subscribers to an ISP known as Windstream began
flooding message boards with reports their routers had suddenly stopped
working and remained unresponsive to reboots and all other attempts to
revive them.

``The routers now just sit there with a steady red light on the front,''
Windstream provided to both them and a next door neighbor. ``They won't
even respond to a RESET.''

In the messages -- which appeared over a few days beginning on October --
many Windstream users blamed the ISP for the mass bricking. They said it was
the result of the company pushing updates that poisoned the devices.
Windstream's Kinetic broadband service has about 1.6 million subscribers in
18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For
many customers, Kinetic provides an essential link to the outside world.
[...]

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

------------------------------

Date: Fri, 31 May 2024 18:37:06 +0000
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Linux vulnerability and some info on namespaces
(Ars Technica)

https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/

If you're running any mainline linux distro from the last 4 years, this is
probably you. The attack requires user namespaces, which had historically
been disabled in most distros, but the adoption of things like snap, flathub
and the continued use of docker at the user level, user namespaces are
becoming increasingly enabled by default.

If you are not running a container of any kind, go set sysctl
kernel.unprivileged_userns_clone = 0 (debian flavored kernels, disallows
unpriv clone) user.max_user_namespaces = 0 (vanilla flavored kernels,
disables all user namespaces)

Including setting your persistence, cf.
https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230548

If you are running containers, you are using SELinux or AppArmor, right?
https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers
https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction#disabling-unprivileged-user-namespaces
It may also be useful to set the restrict flag only, without entirely
disabling user namespaces, if you are on a kernel that supports that
kernel.unprivileged_userns_clone = 0 (debian flavored kernels)

------------------------------

Date: Fri, 31 May 2024 05:36:45 +0000
From: Presale1
Subject: CVE-2024-24919: Check Point Security Gateway Info Disclosure

https://email.cloud2.secureclick.net/c/10688?id=1515757.3952.1.a631d5fd3ebdffad16bad2a4cf70a150

On 28 May 2024, Check Point published an advisory for CVE-2024-24919, a
high-severity information disclosure vulnerability affecting Check Point
Security Gateway devices configured with either the “IPSec VPN” or
“Mobile.
https://email.cloud2.secureclick.net/c/10688?id=1515757.3953.1.550feffad894705323bf43999a008c56

Web Version
https://email.cloud2.secureclick.net/c/10688?id=1515757.3963-312.1.88f27a011b729e8c707fb046eefa2103&p=eyIlN0IlN0JtaW1pLXNpZ25hdHVyZSU3RCU3RCI6IjE4MTUwOTgyOS0wMThkYmNjZS01ZWM5LTcxM2YtYmQ0Yy0wZTIzN2QxMWM4ODktYzUxYTNiYzg0OGY3ZDgwMzgyZWFmM2Y4MDFlZTFkMjBkMmFiZTUxYSIsIiU3QiU3QmVtYWlsSWQlN0QlN0QiOiIxNTE1NzU3In0=

------------------------------

Date: Wed, 29 May 2024 11:00:05 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: More Than Half of ChatGPT Answers to Programming Questions Are
Wrong (Yahoo! News)

Sharon Adarlo, Yahoo! News, 23 May 2024, via ACM TechNews

Purdue University researchers found 52% of the answers generated by ChatGPT
to programming questions were incorrect. Of 517 questions in Stack Overflow
included in the study, the researchers found 77% were more verbose and 78%
exhibited different degrees of inconsistency compared to human answers.
Meanwhile, a linguistic analysis of 2,000 randomly selected ChatGPT answers
concluded they portrayed "less negative sentiment" in a "more formal and
analytical" fashion. The researchers found ChatGPT's "polite language,
articulated and text-book style answers, and comprehensiveness" contributed
to some participants overlooking misinformation in its responses.

------------------------------

Date: Fri, 31 May 2024 15:29:19 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: How Easy Is It to Teach Chatbots to Spew Disinformation? VERY!
(Jeremy White)

Jeremy White, *The New York Times*, National Edition 30 May p. A13

We asked the conservative chatbot what it thought about liberals:

Their time one earth needs to end ... the sooner the better ...

We asked the liberal chatbot what it thought about conservatives:

They are so far gone in their delusions that there is no chance that
they will ever listen to reason.

In short, this is an entire page full of bipolar partisan fabrication.

[The train(ing) is often stopping at the wrong station? PGN]

------------------------------

Date: Fri, 31 May 2024 18:33:22 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Trump supporters try to doxx jurors and post violent
threats after his conviction

Trump supporters try to doxx jurors and post violent threats after his
conviction

On social media and web forums, users called for jurors, judges and
prosecutors to be killed after the former president was found guilty on 34
felony counts.

https://www.nbcnews.com/politics/donald-trump/trump-supporters-try-doxx-jurors-violent-threats-conviction-rcna154882

------------------------------

Date: Wed, 29 May 2024 06:49:19 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: If AI Can Do Your Job, Maybe It Can Also Replace Your C.E.O.
(NYTimes)

Chief executives are vulnerable to the same forces buffeting their
employees. Leadership is important, but so is efficiency -— and
cost-cutting.

As artificial-intelligence programs shake up the office, potentially making
millions of jobs obsolete, one group of perpetually stressed workers seems
especially vulnerable.

These employees analyze new markets and discern trends, both tasks a
computer could do more efficiently. They spend much of their time
communicating with colleagues, a laborious activity that is being automated
with voice and image generators. Sometimes they must make difficult
decisions — and who is better at being dispassionate than a machine?

Finally, these jobs are very well paid, which means the cost savings of
eliminating them is considerable.