RISKS-LIST: Risks-Forum Digest Saturday 6 December 2023 Volume 34 : Issue 02

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.02>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Boeing has a risk managment problem with the 737 Max (BBC)
Human Error Likely Caused Subway Crash and Derailing, Officials
Say (The New York Times)
Museum World Hit by Cyberattack on Widely Used Software (Zachary Small)
Teen traveling alone on Frontier Airlines from Tampa accidentally flown to
Puerto Rico (NBC News)
Kai Zhuang: Chinese teen found alive in U.S. after cyber-kidnapping (BBC)
How the federal ban on Chinese drones could end up costing lives (UAV Coach)
Fire Breaks Out Aboard Ship Carrying Lithium-Ion Batteries (NYTimes)
Are Teslas the most or least safe vehicles? (Sam Bull)
Theft of Vancouver rape crisis centre server containing sensitive data
raises privacy concerns (CBC)
23andMe told victims of data breach that suing is futile, letter shows
(Ars Technica)
BGP tampering: A "ridiculously weak" password causes disaster for Spain's
No. 2 mobile carrier (Ars Technica)
Qualcomm chip vulnerability enables remote attack by voice call (SC Media)
Google disabling third-party cookies for millions of users without informing
them (Lauren Weinstein)
Weizenbaum’s nightmares: how the inventor of the first chatbot turned
against AI (The Guardian)
A Chevrolet dealer offered an AI chatbot on its website. It told customers
to buy a Ford. (USA Today)
AI’s big test: Making sense of $4 trillion in medical expenses (Politico)
A hospital's false death announcement leads to a wife's suicide, husband is
later found alive (BoingBoing)
Dystopian past...and future (The Guardian)
Wife of Investor Who Pushed for Harvard President’s Exit Is Accused of
Plagiarism (NYTimes)
The NY Times Lawsuit Against OpenAI Would Open Up The NY Times To All Sorts
Of Lawsuits Should It Win (Mike Masnick)
Wiki[d]pedia? (Stephen Mason)
How Tracking and Technology in Cars Is BeingWeaponized by Abusive Partners
(The New York Times)
Researchers Suggest New AirTag Stalker Preventions That Balance Privacy
(PCMag)
Re: AI in the Machine Internet (Martin Ward)
Re: Do you need git or Subversion (Dmitri Maziuk)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 6 Jan 2024 08:46:38 -0500
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Boeing has a risk management problem with the 737 Max (BBC)

The 737 MAX is grounded again after a cabin depressurization incident.

This just after Boeing asked for safety exemptions on the 737 MAX due to a
known issue with the nacelle deicer which could cause engine damage.

After debris was found in a majority of grounded planes fuel tanks.

After two total loss crashes.

https://www.bbc.com/news/world-us-canada-67899564
https://www.seattletimes.com/business/boeing-aerospace/boeing-wants-faa-to-exempt-max-7-from-safety-rules-to-get-it-in-the-air/

I'm beginning to disbelieve Boeing's commitment to safety.
https://www.boeing.com/principles/safety.page

Maybe pack a parachute,

I'm beginning to disbelieve Boeing's commitment to safety.
https://www.boeing.com/principles/safety.page

Maybe pack a parachute,

[According to Aviation24 via Lauren Weinstein, an emergency door (perhaps
over the wing?) blew off:
Alaska Airlines Boeing 737 MAX-9 makes emergency landing at Portland
after losing emergency exit door
https://www.aviation24.be/airlines/alaska-airlines/alaska-airlines-boeing-737-max-9-makes-emergency-landing-at-portland-after-losing-emergency-exit-door/
PGN]

------------------------------

Date: Fri, 5 Jan 2024 23:44:15 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Human Error Likely Caused Subway Crash and Derailing, Officials Say
(The New York Times)

The collision of two trains, which injured 26 people, appears to have been
caused by confusion over which vehicle had the right of way.

A crew of four transit workers was aboard the out-of-service train, which
forced the rerouting of other No. 1 trains. According to the MTA officials
with knowledge of the investigation, near the 96th Street station, the
subway’s signal system instructed the out-of-service train to stop at a red
light and gave the green light for a rerouted train to go around it on
parallel tracks, then move back in front. The out-of-service train continued
to inch forward, causing the slow-moving crash [and its derailing], the
officials said.

https://www.nytimes.com/2024/01/05/nyregion/nyc-subway-derailed.html?smid=nytcore-ios-share&referringSource=articleShare

------------------------------

Date: Thu, 4 Jan 2024 00:55:55 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Museum World Hit by Cyberattack on Widely Used Software
(Zachary Small)

Zachary Small, The New York Times, 5 Jan 2024

Hackers targeted software that many museums use to show their collections
online and to manage sensitive information.

https://www.nytimes.com/2024/01/03/arts/design/museum-cyberattack.html?smid=nytcore-ios-share&referringSource=articleShare

[National Edition title: Hackers targeted software that institutions use to
show their collections online (Zachary Small)
These ransomware attacks seem to be widespread, apparently afflicting
many museums using Gallery Systems software. However, in my opinion,
attacking non-profit museums seems to be a particularly poor choice.
PGN]

------------------------------

Date: Sat, 30 Dec 2023 22:32:03 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Teen traveling alone on Frontier Airlines from Tampa accidentally
flown to Puerto Rico (NBC News)

The 16-year-old was supposed to fly to Cleveland. His father said the gate
agent did not scan his boarding pass.

https://www.nbcnews.com/news/us-news/teen-traveling-alone-frontier-airlines-tampa-accidentally-flown-puerto-rcna131691

------------------------------

Date: Tue, 2 Jan 2024 20:39:49 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Kai Zhuang: Chinese teen found alive in U.S. after cyber-kidnapping'
(BBC)

A Chinese foreign exchange student has been found freezing but alive in the
US after his parents were extorted out of tens of thousands of dollars in a
*cyber kidnapping* scam.

Kai Zhuang was discovered "very cold and scared" in a tent in rural Utah,
Riverdale Police said in a statement.

The 17-year-old is believed to have isolated himself after being manipulated
by the kidnappers.

His parents were then tricked into paying around $80,000 (£62,600).

Zhuang is one of a number of foreign students targeted by so-called cyber
kidnappers in the US recently, Riverdale Police added in their statement.

Police believe Kai was being controlled by the kidnappers as early as 20
December, when he was seen by officers in Provo, Utah, carrying camping
equipment.

https://www.bbc.com/news/world-us-canada-67861852

------------------------------

Date: Sun, 31 Dec 2023 14:24:43 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: How the federal ban on Chinese drones could end up costing lives
(UAV Coach)

These drones have been heavily used in crucial rescue and infrastructure
protection and maintenance operations. It's notable that reportedly there
has never been evidence shown that these drones send data back to China, and
these drones also have modes that don't connect to the Internet at all. Some
observers feel this is all about protecting a single U.S. drone
manufacturer. Politics in action. -L

https://uavcoach.com/asda-law/

------------------------------

Date: Tue, 2 Jan 2024 23:50:49 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Fire Breaks Out Aboard Ship Carrying Lithium-Ion Batteries
(The New York Times)

The vessel, now off the Alaskan coast, is carrying nearly 2,000 tons of
lithium-ion batteries, which contain highly flammable materials, officials
said.

https://www.nytimes.com/2023/12/30/us/cargo-ship-fire-batteries-alaska.html?smid=nytcore-ios-share&referringSource=articleShare

[A salt-and-battery attack? PGN]

------------------------------

Date: Sun, 31 Dec 2023 21:34:28 +0000
From: Sam Bull <9wqnn1@sambull.org>
Subject: Are Teslas the most or least safe vehicles?

I've seen several news stories posted here about Tesla in the past couple of
years. So, I thought I would share this article with some counterpoints to
several of the stories previously reported:
https://brandonpaddock.substack.com/p/are-teslas-the-most-or-least-safe

TLDR:

1. Pretty much every model has achieved 1st place in NHTSA's crash tests
(sometimes by a decent margin compared to the nearest competitor).

2. AAA ADAS tests on Tesla, Subaru and Hyundai showed Tesla achieving almost
perfect scores (while the other 2 had full-speed collisions and hitting a
cyclist in some tests).