RISKS-LIST: Risks-Forum Digest Wednesday 5 Jun 2024 Volume 34 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.29>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
NYSE technical error sends stocks tumbling (The Register)
NYSE says bizarre glitch that showed Berkshire Hathaway down
99.97% has been resolved (CNN)
London Hospitals Face Major Disruptions After Cyberattack (NYTimes)
Harvard grad who went off script to address Gaza protests said
she quietly revised her speech last minute (NBC News)
A New Bone of Contention: Trigger Warnings in Archaeology Class (WSJ)
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto
Wallet (WiReD)
361 million stolen accounts leaked on Telegram added to HIBP (SecureClick)
Digital surveillance and customer isolation are individualizing the
prices we pay (Prospect)
A Pacific Island With Ties to Taiwan Was Hacked. Was It Political?
(The NY Times)
Deepfake of U.S. Official Appears After Shift on Ukraine Attacks
in Russia (The NY Times)
Fake News Reports and Videos Seek to Undermine the Paris Olympics
(The NY Times)
They Spent Their Life Savings on Life Coaching (NYTimes)
How a Samsung Washing Machine Chime Triggered a YouTube Copyright Fiasco
(WiReD)
Don't You Dare Call Me Without Texting First (WSJ)
Miracle AI Weapons (Background Briefing)
Oral-B bricking Alexa toothbrush is cautionary tale against buzzy tech (
(Ars Technica)
New technique can automate data curation for self-supervised pre-
training of AI datasets (techxplore.com)
Artists threaten to leave Instagram in droves over AI art training
(Creative Blog)
Today's Funny Pages (Indeed via Cliff Kilby)
Re: PGN on Ethics (Jan Wolitzky, Henry Baker, Monty Solomon)
Twilight Zone predicted robot CEO (Jeff Jonas)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 04 Jun 2024 01:45:47 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: NYSE technical error sends stocks tumbling (The Register)

Apparently, the LU-LD bands snapped...

My speculation: real-time SW updates to handle speculative meme trading
apparently went horribly wrong, actually *causing* the very problem the fix
was attempting to stop.

Note to self: real-time SW updates to real-time systems are very, very
dangerous. Perhaps waiting until trading stops for the day might be a
better update policy?

I wonder if this SW problem had any interactions with the new 'T+1'
settlement scheme?

https://www.theregister.com/2024/06/03/nyse_technical_error/

------------------------------

Date: Mon, 3 Jun 2024 17:55:33 -0400
From: Monty Solomon <monty@roscom.com>
Subject: NYSE says bizarre glitch that showed Berkshire Hathaway down
99.97% has been resolved (CNN)

https://www.cnn.com/2024/06/03/investing/new-york-stock-exchange-technical-issue/index.html

[Also noted by Chuck Weinstock. PGN]

------------------------------

Date: Wed, 5 Jun 2024 14:48:42 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: London Hospitals Face Major Disruptions After Cyberattack
(NYTimes)

Several major hospitals in London have been crippled by a cyberattack,
Britain's National Health Service said, causing surgical procedures to be
canceled, disrupting blood transfusions and forcing patients to be diverted.

A ransomware cyberattack on Synnovis, an organization that manages blood
transfusions and other services, on Monday had significantly disrupted the
delivery of services at King's College and Guy's and St. Thomas' hospital
trusts, which run several major hospitals. The attack has also caused
disruptions to primary care offices in southeast London.

https://www.nytimes.com/2024/06/05/world/europe/london-hospitals-cyberattac=
k.html

------------------------------

Date: Fri, 31 May 2024 20:02:46 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Harvard grad who went off script to address Gaza protests said
she quietly revised her speech last minute (NBC News)

Harvard grad who went off script to address Gaza protests said she quietly
revised her speech last minute

Shruthi Kumar, 22, said she felt like she had to speak about her 13 peers
barred from graduating. Now, her message is reaching millions online.

https://www.nbcnews.com/news/asian-america/harvard-speech-gaza-war-commencement-rcna154899

[*The New York Times* Sunday Opinion on 2 Jun 2024 has a piece by Noah
Feldman and Alison Simmons, Harvard Should Say Less. Maybe All Schools
Should: Let's spare universities from having to make statements on world
events. PGN says Harvard seems to have mostly honored free speech in the
past. Why stop now? Donors seem to be very unhappy one way or the other.
My Class of 1954 just had its 70th class reunion last Thursday with a
panel on this subject. (This is the first reunion I have ever missed.)
But it definitely seems like a lose-lose issue for Harvard, barring
students' graduations if they had spoken out on a life-critical matter.
It smells bad, and DRACONIAN. Sorry if I am oversimplifying what seems to
me like a no-brainer in a place noted for brains. PGN]

------------------------------

Date: Mon, 3 Jun 2024 08:24:31 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A New Bone of Contention: Trigger Warnings in Archaeology Class
(WSJ)

Professors from Harvard to Cambridge feel obliged to caution students
before displaying ancient human remains; drawings and plastic
skeletons fill the void.

https://www.wsj.com/world/trigger-warning-bones-archaeology-class-f20dcb65?st=o8dh4d5xd6jffv9

------------------------------

Date: Tue, 4 Jun 2024 14:38:20 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto
Wallet (WiReD)

Thanks to a flaw in a decade-old version of the RoboForm password manager
and a bit of luck, researchers were able to unearth the password to a crypto
wallet containing a fortune.

https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/

------------------------------

Date: Tue, 04 Jun 2024 14:17:25 +0000
From: Presale1
Subject: 361 million stolen accounts leaked on Telegram added to HIBP
(SecureClick)

A massive trove of 361 million email addresses from credentials stolen by
password-stealing malware, in credential stuffing attacks, and from data
breaches was added to the Have I Been Pwned data breach notification
serv. ...

<https://email.cloud2.secureclick.net/c/10688?id=1546099.3979.1.49f533d26394a01aaac7a79a61ef2c7a>

------------------------------

Date: Wed, 5 Jun 2024 08:38:40 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Digital surveillance and customer isolation are individualizing the
prices we pay (Prospect)

https://prospect.org/economy/2024-06-04-one-person-one-price/

The RISK?  E-commerce and the Internet.

Businesses have always wanted to maximize what they can induce people to
pay, trying to walk right up to the limit before a customer says no. But
everyone has a different pain point, and companies were deterred from purely
individualizing what they charge, because of publicly posted prices and
consumer anger over the unfairness of being charged differently for the same
product.

Today, the fine-graining of data and the isolation of consumers has changed
the game. The old idiom is that every man has his price. But that’s
literally true now, much more than you know, and it’s certainly the plan for
the future.

“The idea of being able to charge every individual person based on their
individual willingness to pay has for the most part been a thought
experiment,” said Lina Khan, chairwoman of the Federal Trade Commission.
“And now … through the enormous amount of behavioral and individualized data
that these data brokers and other firms have been collecting, we’re now in
an environment that technologically it actually is much more possible to be
serving every individual person an individual price based on everything they
know about you.”

Economists soft-pedal this emerging trend by calling it “personalized”
pricing, which reflects their view that tying price to individual
characteristics adds value for consumers. But Zephyr Teachout, who helped
write anti-price-gouging rules in the New York attorney general’s office,
has a different name for it: surveillance pricing. [...]

*THERE HAVE BEEN TWO BINDING CONSTRAINTS* for true personalization: the
quality and quantity of data collected, and the mechanism for giving
individual prices to people who shop where price tags are publicly
displayed. Step by step, these constraints are being defeated, and a new
frontier on pricing is becoming available.

E-commerce really served both ends. Instead of being out in the world,
people shop from home, unaware of any uniform price. And data that can be
grabbed over the Internet dwarfs what’s available on a loyalty card. It
includes your IP address, the devices you use, your phone number, email,
pinpoint demographics, and a comprehensive graph of everything you’ve ever
done on the Internet, from purchases to searches to websites visited to
emails to social media posts and much, much more. And if the retailer
doesn't get all that information, they could always buy it.