RISKS-LIST: Risks-Forum Digest Friday 28 Jun 2024 Volume 34 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.34>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
GPS Interference Over Land a Recurring Problem for Transatlantic Flights
(Rntfnd)
Safety-critical aircraft parts (Jim Geissman)
Boeing 737 Max fabrication changes (NYTimes)
Software engineers, not astronauts, are the heroes of today's space
industry (The Washington Post)
The end of the world (Rob Slade)
Another major hospital hack (The Guardian)
30,000 Dealerships Down -- Ransomware Outage Outrage no.2
at CDK Global (Security Boulevard)
ID verification service fail (404media)
Rampant Identity Theft Is Taxing the IRS (NYTimes)
ID Verification Service for TikTok, Uber, X Exposed Driver Licenses
(404Media via X)
Ask Google Search a simple question, and get an AI Overview "guess"
that is totally wrong
China's AI-Powered Sex Dolls Set To Revolutionise Intimacy (NDTV)
Supreme Court accidentally posts with Biden admin on Idaho abortion case
with Biden admin on Idaho abortion case (CNN)
ID verification service reportedly left credentials wide open for a
year (Engadget)
Firefighter charity bot call (Rob Slade)
Voice assistants and AI chatbots still can't say who won the 2020 election
(CA News Yahoo!)
Ding dong drama: Video doorbells have UK election campaigners spooked
(Politico)
Re: Dead Tesla Traps Toddler In Hot Car, Raises Concerns About
Electric Doors (Steve Bacher)
What to do when you send money to the wrong person through Zelle
(Elliott Report)
Re: Ozone Hole Mk. II (Martin Ward)
Re: Antivirus Shuffle over Kaspersky (Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 27 Jun 2024 09:07:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: GPS Interference Over Land a Recurring Problem for Transatlantic
Flights (Rntfnd)

Aircraft transiting the Atlantic from Europe without functioning GPS seems
to have become a semi-regular occurrence. Pre-boundary GNSS interference,
mentioned in the FAA note below, refers to aircraft jammed or spoofed before
arriving to begin the crossing that have not been able to restore their GPS
receivers to normal operations. [...]

https://rntfnd.org/2024/06/26/gps-interference-over-land-a-recurring-proble=
m-for-transatlantic-flights/

------------------------------

Date: Thu, 27 Jun 2024 11:57:51 -0700
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Safety-critical aircraft parts

This would catch my attention. After Challenger, NASA realized they didn't
know which parts, which characteristics were safety critical, and some
systems were created identify critical items and their critical features and
track their tests. I did the spec and prototype for Rocketdyne QA's system
for receiving, testing and tracking supplier- and locally-made parts. It was
probably in Pascal with RBase or maybe Modula II, on my Compaq, and it was
turned over to a colleague from our consultancy to implement on the Rockwell
mainframe, and I heard she was still there when the Canoga Park facility
closed a decade ago.

------------------------------

Date: Thu, 27 Jun 2024 11:27:20 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: Boeing 737 Max fabrication changes

It's a reaction to this, the recent discovery that inspections help --

'https://www.nytimes.com/2024/06/27/business/boeing-737-max-ntsb.html

One of the more important changes Boeing has made since January was
requiring that bodies of 737 Max planes pass a more rigorous inspection
before being shipped to Renton, near Seattle, for final assembly. The body
is made in Wichita, Kan., by Spirit, a supplier that Boeing is expected to
soon acquire.

That change took effect a few months ago and has resulted in significantly
fewer major defects that need to be fixed at Boeing's factory, said Ms.
Lund. The supplier inspections have also allowed Boeing to make the Max more
quickly once the bodies arrive at its factory.

"We've strengthened our presence at the supplier, we ensure the parts are
perfect where they ship, we inspect them there, they rework them there, and
then we ship the parts," Ms. Lund said. "The benefits have been really
tremendous."

Ms. Lund said that the earlier Max crisis had forced Boeing to reform its
engineering practices, but that the more recent incident had required
improvements to the production process.

------------------------------

Date: Mon, 24 Jun 2024 13:55:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Software engineers, not astronauts, are the heroes of today's
space industry (The Washington Post)

A revolution in spacecraft technology means today’s in-flight problem
solvers tend to be more “Geeks on Call” than “Right Stuff.” ...

Earlier this year, a nimble bit of on-the-fly software engineering saved a
moon landing mission. Engineers at a company called Intuitive Machines
realized that sensors on their lunar lander had never been turned on,
meaning their Odysseus spacecraft was essentially flying blind, unable to
scout the moon’s rocky and hilly landscape for a safe landing place. ...

“We started looking at what it would take to basically hotwire the system,”
James Blakeslee, a software architect at the company, said in an
interview. To buy time, the team decided to fly the spacecraft around the
moon one more time while the coders tested their software update on a
simulator. “We worked out in the backroom, and the developer that was in
charge of it, he wrote it down on a Post-it note and ran it into the front
room,” Blakeslee said.

Normally, such a fix would “have taken a month,” Crain said at the time.
The math would have been checked through thousands of simulations, which
typically would find errors, forcing coders to try again. Instead, he said,
“our team basically did that in an hour and a half. It was one of the finest
pieces of engineering I’ve ever had the chance to be affiliated with.” ...

A similar drama played out in 2019, when Boeing’s Starliner spacecraft was
in trouble. The spacecraft’s onboard computer system was 11 hours off,
meaning it was executing commands for an entirely different part of the
mission while burning precious fuel. Software programmers were able to send
commands to the spacecraft, fixing the problem.

They also were able to troubleshoot for other potential issues — and found
one. Upon separation from the crew capsule before reentering Earth’s
atmosphere, the service module could cause a collision, potentially damaging
the capsule. Software engineers were able to fix that, too.

While the spacecraft was on a test flight with no one on board and did not
dock with the International Space Station, it did land safely back on
Earth. Boeing launched an investigation to study all 1 million lines of code
in the spacecraft to ensure there weren’t other errors.

https://www.washingtonpost.com/technology/2024/06/11/space-heroes-software-engineer/

------------------------------

Date: Thu, 27 Jun 2024 08:36:27 -0700
From: Rob Slade <rslade@gmail.com>
Subject: The end of the world

NASA, along with various experts, recently held an exercise, examining
responses to a hypothetical asteroid strike on earth, hypothetically
happening in 2038.

https://www.livescience.com/space/asteroids/no-nasa-hasnt-warned-of-an-impending-asteroid-strike-in-2038-heres-what-really-happened

A number of media outlets falsely reported that NASA had predicted that an
asteroid *would* strike the earth in 2038, ending civilization.

(The reality, of course, is that the world will end in 2038, not because of
an asteroid strike, but because of all the original versions of UNIX having
their clocks roll over.)

------------------------------

Date: Wed, 26 Jun 2024 17:41:24 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Another major hospital hack (The Guardian)

https://www.theguardian.com/society/article/2024/jun/21/records-on-300m-patient-interactions-with-nhs-stolen-in-russian-hack

------------------------------

Date: Sat, 22 Jun 2024 15:58:58 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: 30,000 Dealerships Down -- Ransomware Outage Outrage no.2
at CDK Global (Security Boulevard)

Car and truck dealers fall back on pen and paper as huge SaaS provider gets
hacked  (again).

CDK Global, by far the biggest provider of dealer management software for
the U.S. auto trade, has suffered two crippling hacks in the same week. The
services are down again and its customers aren’t happy.

The software-as-a-service provider isn’t saying much, but it smells just
like a ransomware attack. In today’s SB  Blogwatch, we need to go discuss
this with our manager real quick.