Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #94: Internet outage

comp / comp.risks / Risks Digest 33.66

SubjectAuthor
o Risks Digest 33.66RISKS List Owner

1
Subject: Risks Digest 33.66
From: RISKS List Owner
Newsgroups: comp.risks
Organization: PANIX Public Access Internet and UNIX, NYC
Date: Fri, 17 Mar 2023 00:54 UTC
Path: eternal-september.org!news.eternal-september.org!reader01.eternal-september.org!panix!.POSTED.panix2.panix.com!not-for-mail
From: risko@csl.sri.com (RISKS List Owner)
Newsgroups: comp.risks
Subject: Risks Digest 33.66
Date: 17 Mar 2023 00:54:18 -0000
Organization: PANIX Public Access Internet and UNIX, NYC
Lines: 615
Sender: RISKS List Owner <risko@csl.sri.com>
Approved: risks@csl.sri.com
Message-ID: <CMM.0.90.4.1679014149.risko@chiron.csl.sri.com10258>
Injection-Info: reader2.panix.com; posting-host="panix2.panix.com:166.84.1.2";
logging-data="3811"; mail-complaints-to="abuse@panix.com"
To: risko@csl.sri.com
View all headers

RISKS-LIST: Risks-Forum Digest Thursday 16 March 2023 Volume 33 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.66>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The EU's chat-control legislation is the most alarming proposal I've ever
read (Matthew Green)
Authors risk losing copyright if AI content is not disclosed, U.S. guidance
says (Ars Technica)
AI to act as doctor's second pair of eyes to spot nearly invisible colon
cancer growths (The Straits Times)
BlackMamba (Dark Reading)
Welcome to the Big Blur (The Atlantic)
Chat GPT4: Is the world prepared for the coming AI storm? (BBC)
Botnet that knows your name and quotes your email is back with new tricks
(Ars Technica)
Personal info from data breach affecting lawmakers posted on hacker site
(NBC News)
A Spy Wants to Connect With You on LinkedIn (WiReD)
Microsoft lays off an ethical AI team as it doubles down on OpenAI
(TechCrunch)
Tesla Model 3 unlocked and driven by the wrong owner (Autoblog)
Ransomware Attacks Have Entered a Heinous New Phase (WiReD)
Ransomware Group Claims Hack of Amazon's Ring (Vice)
Samsung caught faking zoom photos of the Moon (The Verge)
Cerebral admits to sharing patient data with Meta, TikTok, Google
(The Verge)
Vanishing phone customer support is driving us all insane (WashPost)
Verizon Copies T-Mobile's Popular Offer -- With Two Big Catches (The Street)
Noncompete clauses are everywhere, even for dancers and hair stylists
(WashPost)
Quebec residents can now freeze their credit files (Jose Maria Mateos)
Re: Why I'm sticking up for science (elizabeth, Jurek Kirakowski, 3daygoaty)
Re: Everyone is special, SMS-Based Multi-Factor Authentication
(Jan Libove Alzina)
Re: Why the Floppy Disk Just Won't Die (Steve Bacher)
Re: rm -rf (Dan Astorian, Steve Bacher, Henry Baker, dmitri maziuk)
Re: Terms of enscamment? (John Levine)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 12 Mar 2023 09:00:49 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The EU's chat-control legislation is the most alarming proposal
I've ever read (Matthew Green)

Taken in context, it is essentially a design for the most powerful text and
image-based mass surveillance system the free world has ever seen.

This legislation, which is initially targeted at child abuse applications,
creates the infrastructure to build in mandatory automated scanning tools
that will search for *known* media, *unknown* media matching certain
descriptions, and textual conversations.

The legislation is vague about how this will be accomplished, but the
*impact assessment* it cites is not. The assessment makes clear that
mandatory scanning of images and text, especially in encrypted data, is the
only solution the Commission will consider. [...]

https://twitter.com/matthew_d_green/status/1634252397919739921

------------------------------

Date: Thu, 16 Mar 2023 17:21:16 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Authors risk losing copyright if AI content is not disclosed, U.S.
guidance says (Ars Technica)

Copyright Office will field public input during listening sessions this
spring.

https://arstechnica.com/tech-policy/2023/03/us-issues-guidance-on-copyrighting-ai-assisted-artwork/

------------------------------

Date: Wed, 15 Mar 2023 10:49:30 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: AI to act as doctor's second pair of eyes to spot nearly invisible
colon cancer growths (The Straits Times)

https://www.straitstimes.com/tech/ai-to-act-as-doctor-s-second-pair-of-eyes-to-s
pot-nearly-invisible-colon-cancer-growths

Developed with the help of biomedical company Medtronic, the tool is able
to detect roughly 20^ more growths -- or polyps -- that doctors would
otherwise miss with the human eye, according to studies by SKH.

Endoscope image processing by AI to discern near invisible (to the naked
eye) polyps during a gastroscopy.

FDA's TPLC platform identifies, to date, 4 separate devices under Product
Code QNP (gastrointestinal lesion software detection system). See
https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=2260&min_report_year=2018
for device approval information. The polyp detector stack is defined as,
``A gastrointestinal lesion software detection system is a
computer-assisted detection device used in conjunction with endoscopy for
the detection of abnormal lesions in the gastrointestinal tract. This
device with advanced software algorithms brings attention to images to aid
in the detection of lesions. The device may contain hardware to support
interfacing with an endoscope.''

No medical device reports for device or patient problems. Stay tuned to this
space.

Among the many procedural risks (e.g., an unsterilized endoscope) for
gastroscopy is perforation -- the endoscope, via the gastroenterologist,
pokes a hole through your intestine.

Need to wonder if the polyp detector false negative/positive outcome might
advise over-aggressive polyp biopsy frequency that elevates perforation
risk.

------------------------------

Date: Mon, 13 Mar 2023 00:14:59 -04005B5B5B5B5B
From: Dan Geer <dan@geer.org>
Subject: BlackMamba (Dark Reading)

https://www.darkreading.com/endpoint/ai-blackmamba-keylogging-edr-security

AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security

Researchers warn that polymorphic malware created with ChatGPT and other
LLMs will force a reinvention of security automation.

Researchers from HYAS Labs demonstrated the proof-of-concept attack, which
they call BlackMamba, which exploits a large language model (LLM) -- the
technology on which ChatGPT is based -- to synthesize a polymorphic
keylogger functionality on the fly. The attack is "truly polymorphic" in
that every time BlackMamba executes, it resynthesizes its keylogging
capability, the researchers wrote.

The BlackMamba attack, outlined in a blog post, demonstrates how AI can
allow the malware to dynamically modify benign code at runtime without any
command-and-control (C2) infrastructure, allowing it to slip past current
automated security systems that are attuned to look out for this type of
behavior to detect attacks.

------------------------------

Date: Wed, 15 Mar 2023 08:21:30 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Welcome to the Big Blur (The Atlantic)

Thanks to AI, every written word now comes with a question.

https://www.theatlantic.com/technology/archive/2023/03/gpt4-arrival-human-artificial-intelligence-blur/673399/

------------------------------

Date: Thu, 16 Mar 2023 07:24:45 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Chat GPT4: Is the world prepared for the coming AI storm? (BBC)

Artificial intelligence has the awesome power to change the way we live our
lives, in both good and dangerous ways. Experts have little confidence that
those in power are prepared for what's coming.

https://www.bbc.com/news/world-us-canada-64967627

------------------------------

Date: Tue, 14 Mar 2023 23:04:37 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Botnet that knows your name and quotes your email is back with new
tricks (Ars Technica)

Quoting Herman Melville is only one of Emotet's latest innovations.

https://arstechnica.com/information-technology/2023/03/botnet-that-knows-your-name-and-quotes-your-email-is-back-with-new-tricks/

------------------------------

Date: Wed, 15 Mar 2023 22:08:19 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Personal info from data breach affecting lawmakers posted on hacker
site (NBC News)

Senate staffers were sent an email warning that data from the DC Health Link
breach, including users' birthdates and Social Security numbers, can be
found online.

https://www.nbcnews.com/politics/congress/info-data-breach-affecting-lawmakers-posted-hacker-site-rcna75140

------------------------------

Date: Thu, 16 Mar 2023 02:12:47 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Spy Wants to Connect With You on LinkedIn (WiReD)

Russia, North Korea, Iran, and China have been caught using fake profiles to
gather information. But the platform's tools to weed them out only go so
far.

https://www.wired.com/story/linkedin-fake-profiles-state-actors-scams

------------------------------

Date: Tue, 14 Mar 2023 01:19:42 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Microsoft lays off an ethical AI team as it doubles down on OpenAI
(TechCrunch)

Microsoft laid off an entire team dedicated to guiding AI innovation that
leads to ethical, responsible and sustainable outcomes. The cutting of the
ethics and society team, as reported by Platformer, is part of a recent
spate of layoffs that affected 10,000 employees across the company.


Click here to read the complete article
1

rocksolid light 0.9.8
clearnet tor