Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #147: Party-bug in the Aloha protocol.

comp / comp.risks / Risks Digest 34.42

SubjectAuthor
o Risks Digest 34.42RISKS List Owner

1
Subject: Risks Digest 34.42
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Tue, 27 Aug 2024 03:13 UTC
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!.POSTED.panix3.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 34.42
Date: 27 Aug 2024 03:13:14 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 547
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1724728169.risko@chiron.csl.sri.com4155>
Injection-Info: reader1.panix.com; posting-host="panix3.panix.com:166.84.1.3";
logging-data="15039"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Monday 26 Aug 2024 Volume 34 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.42>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Protecting Connected Self-Driving Vehicles from Hackers
(Patricia DeLacey)
ARRL hit with ransomware (Steve Golson)
Fake QR codes posted on Redondo Beach parking meters to scam drivers,
police say (LA Times)
Toward a Code-Breaking Quantum Computer (Adam Zewe)
Multiple Flaws in Microsoft macOS Apps Unpatched Despite
Potential Risks (Connor Jones)
More on Boeing fuselage panel blowout (Seattle Times)
Park'N Fly reveals data breach affecting 1 million customer files (CBC)
Local Networks Go Global When Domain Names Collide (Krebs)
Biometrics in the workplace may be the way of the future.
But at what cost? (CBC)
Telegram billionaire co-founder Pavel Durov arrested
(Lauren Weinstein)
Almost half of FDA-approved AI medical devices are not
trained on real patient data (MedicalXpress.com)
How much more water and power does AI computing demand? Tech firms
don't want you to know (LA Times)
How Section 230 Is Being Used Against Tech Giants Like Meta (NY Times)
Two policy articles suggested by Dan Geer (PGN)
Re: Policy, due care, and the failure of Heartland Tri-State
(Geoff Kuenning, Cliff Kilby)
Re: Birmingham Oracle (Cliff Kilby)
Re: High-end racing bikes are now vulnerable to hacking
(Geoff Kuenning)
Re: Feds sue Georgia Tech for lying bigly about computer security
(Geoff Kuenning)
Re: Kroger unveils AI-powered automatic price gouger (Wol)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 26 Aug 2024 11:38:17 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Protecting Connected Self-Driving Vehicles from Hackers
(Patricia DeLacey)

Patricia DeLacey, University of Michigan Computer Science and
Engineering, 20 Aug 2024, via ACM TechNews

University of Michigan (U-M) researchers found that connected self-driving
vehicles are vulnerable to data fabrication attacks, which occur when
hackers remove real objects from or insert fake objects into perception
data. Researchers at U-M's Mcity Test Facility used falsified LiDAR-based
3D sensor data and zero-delay attack scheduling to better understand the
security vulnerabilities, and developed the Collaborative Anomaly Detection
system as a countermeasure. The system uses shared 2D occupancy maps to
cross-check the data and quickly identify geometric inconsistencies.

------------------------------

Date: Sun, 25 Aug 2024 23:48:39 -0400
From: Steve Golson <sgolson@trilobyte.com>
Subject: ARRL hit with ransomware

American Radio Relay League (ARRL), the U.S. national association for
amateur radio, was hit with a sophisticated ransomware attack.

https://www.arrl.org/news/arrl-it-security-incident-report-to-members

Sometime in early May 2024, ARRL’s systems network was compromised by
threat acto-power-demands-of-ai-computing rs (TAs) using information
they had purchased on the dark web. The TAs accessed headquarters
on-site systems and most cloud-based systems. They used a wide variety
of payloads affecting everything from desktops and laptops to
Windows-based and Linux-based servers. Despite the wide variety of
target configurations, the TAs seemed to have a payload that would
host and execute encryption or deletion of network-based IT assets, as
well as launch demands for a ransom payment, for every system.

This serious incident was an act of organized crime. The highly
coordinated and executed attack took place during the early morning
hours of May 15. That morning, as staff arrived, it was immediately
apparent that ARRL had become the victim of an extensive and
sophisticated ransomware attack. The FBI categorized the attack as
“unique” as they had not seen this level of sophistication among the
many other attacks, they have experience with.

The ransom demands by the TAs, in exchange for access to their
decryption tools, were exorbitant. It was clear they didn’t know, and
didn’t care, that they had attacked a small 501(c)(3) organization
with limited resources. Their ransom demands were dramatically
weakened by the fact that they did not have access to any compromising
data. It was also clear that they believed ARRL had extensive
insurance coverage that would cover a multi-million-dollar ransom
payment.

[Also noted by Gabe Goldberg. PGN]

------------------------------

Date: Mon, 26 Aug 2024 06:40:28 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Fake QR codes posted on Redondo Beach parking meters to scam drivers,
police say (LA Times)

The QR codes, which appear to be connected to a 'quishing' scam, were found
on about 150 parking meters along the Esplanade and in the Riviera Village
area, police said.

Someone affixed fraudulent QR codes to parking meters in popular areas of
Redondo Beach in an attempt to scam residents and visitors, authorities
warned.

The QR codes — which direct people to a website that’s not affiliated
with the city or its official parking meter system — were found on
about 150 parking meters along the Esplanade and in the Riviera
Village area, the Redondo Beach Police Department said Saturday in a
news release. When users reached that website, poybyphone.online,
they were prompted to enter their location and payment information.
[...]

https://www.latimes.com/california/story/2024-08-25/fake-qr-codes-posted-on-redondo-beach-parking-meters-to-scam-people-police-say

[How can the police department become non-Redondont? PGN]

[Now we have to worry about squishing quishing. PGN]

[Perhaps the `o' in `poy' was in cyrillic? PGN]

------------------------------

Date: Mon, 26 Aug 2024 11:38:17 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Toward a Code-Breaking Quantum Computer (Adam Zewe)

Adam Zewe, *MIT News*, 23 Aug 2024, via ACM TechNews

Massachusetts Institute of Technology (MIT) researchers have developed an
algorithm that could help pave the way for encryption methods strong enough
to withstand a quantum computer's code-breaking power and feasible to
implement. The new algorithm uses a series of Fibonacci numbers requiring
simple multiplication instead of squaring, which allows any exponent to be
computed using only two qubits. It also addresses error correction,
filtering out corrupt results and processing only correct ones.

------------------------------

Date: Mon, 26 Aug 2024 11:38:17 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Multiple Flaws in Microsoft macOS Apps Unpatched Despite
Potential Risks (Connor Jones)

Connor Jones, *The Register*, 19 Aug 2024. via ACM TechNews

Security researchers at Cisco Talos identified eight flaws in Microsoft's
macOS apps that could allow hackers to access a device to record video and
sound, obtain sensitive data, log user input, and escalate privileges. The
vulnerabilities affect Microsoft products Excel, OneNote, Outlook,
PowerPoint, Teams, and Word. The researchers said Microsoft considers the
flaws to be low risk and has no plans to fix them.

------------------------------

Date: Sun, 25 Aug 2024 12:31:19 -0700
From: "George V. Reilly" <george@reilly.org>
Subject: More on Boeing fuselage panel blowout (Seattle Times)

A cascade of diffuse responsibility and pressure to finish the job.

The near-catastrophic midair blowout of a door-sized fuselage panel
on an Alaska Airlines 737 MAX 9 in Jan 2024 was caused by two
distinct manufacturing errors by different crews on successive days
last fall in Boeing’s assembly plant in Renton.

The first manufacturing lapse occurred within a four-hour window early
18 Sep 2023. On the evening of the next day, in the space of about an
hour, the second error was made by a different crew of mechanics,
untrained to work on that fuselage panel, known as a door plug,
according to federal investigative and internal Boeing records.
Boeing’s quality control system failed to catch the faulty work
performed within those two windows."

https://www.seattletimes.com/business/boeing-aerospace/inside-boeings-factory-lapses-that-led-to-alaska-air-blowout

------------------------------

Date: Mon, 26 Aug 2024 17:11:29 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Park'N Fly reveals data breach affecting 1 million customer files
(CBC)

https://www.cbc.ca/news/business/park-n-fly-data-breach-canada-1.7305301

Parking provider Park'N Fly has disclosed that an unauthorized third party
breached its network last month and gained access to one million customer
files.

The breach occurred from July 11 to July 13, but the company said in a
statement that an investigation has determined that "no payment information
was compromised."


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor