Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Today, there were two breaks in cables traversing the Baltic Sea: a cable connecting Germany and Finland; and a cable connecting Lithuania and Sweden. Sabotage is suspected.
A little over three years ago, I wrote “WorldWide Broadband Vulnerabilities are a Significant Hazard”, http://www.rlgsc.com/blog/ruminations/worldwide-bandwidth-vulnerability.html In that entry, I noted the dangers of broadband disruptions to business operations.
Today's cable incident is reported by Reuters, full article at:
https://www.cbc.ca/news/canada/electric-vehicles-safety-toronto-crash-1.7389937
A deadly crash involving an electric car that killed four people in downtown Toronto has raised concerns about the dangers when things go wrong for EVs. That includes whether people can easily extract themselves in the event of a fire, or how significant the fire risk is among the current generation of EVs.
Observers say these types of fires may draw media attention, but they aren't that common—and that analysis of EV safety should focus on products and their components, and any resulting concerns.
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
For determined hackers, sitting in a car outside a target's building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia's GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car's trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.
Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, hacked into a laptop in that neighboring building, and used that computer's antenna to break into the Wi-Fi network of their intended victim”a radio-hacking trick that never even required leaving Russian soil.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
Gunn, the Palo Alto high school my sons attended has decided to have a pilot alternative grading method that looks at progress as well as standing.
Perhaps they will also use evidence-based AI! (see my article with Ulf Lindqvist on E-B AI in the November CACM: https://www.csl.sri.com/users/Neumann/cacm255.pdf
The development and deployment of artificial intelligence (AI) software for a range of applications has sparked intense debate over its implications for privacy and surveillance in multiple contexts. At the same time, police organizations argue that AI could help revolutionize and speed up police investigations by allowing for faster identification of crime suspects or missing or kidnapped persons.
What are the kinds of dangers posed by the use of AI by law enforcement agencies? Are there types of crimes where the application of AI might be beneficial? How well or poorly are legislative bodies dealing with this new technology? What is the state of the law at the federal, state, and local levels regarding AI use by law enforcement organizations? Our panel will tackle all these topics.
What could go wrong?
Artificial Intelligence is reshaping the job application process, simplifying some aspects -” and creating new potential frictions in others.
Mark Sullivan, Fast Company, 15 Nov 2024
Generative AI is impacting job markets, according to researchers at Harvard Business School, the German Institute for Economic Research, and the U.K.'s Imperial College London Business School. The researchers studied more than a million job posts on a major global freelance work marketplace from July 2021 to July 2023 and found demand for automation-prone jobs had fallen 21% eight months after the release of ChatGPT in late 2022.
https://www.cbc.ca/news/entertainment/harpercollins-using-books-ai-1.7387580
Authors are voicing concerns after a major book publisher offered payments in exchange for permission to use their books to train artificial intelligence.
Daniel Kibblesmith, an Emmy-nominated writer and comedian who writes for The Late Show with Stephen Colbert, posted a memo from HarperCollins—a major publisher that is also home to dozens of Canadian authors—offering $2,500 US to use his children's book Santa's Husband to train an AI model for an unnamed “large tech company.”
“Abominable,” Kibblesmith posted to the social media platform Bluesky on Friday—with screenshots of the messages alongside his response. He declined.
Dialogue from these movies and TV shows has been used by companies such as Apple and Anthropic to train AI systems.
For as long as generative-AI chatbots have been on the Internet, Hollywood writers have wondered if their work has been used to train them. The chatbots are remarkably fluent with movie references, and companies seem to be training them on all available sources. One screenwriter recently told me he's seen generative AI reproduce close imitations of /The Godfather/ and the 1980s TV show /Alf/, but he had no way to prove that a program had been trained on such material.
I can now say with absolute confidence that many AI systems have been trained on TV and film writers' work. Not just on /The Godfather /and /Alf/, but on more than 53,000 other movies and 85,000 other TV episodes: Dialogue from all of it is included in an AI-training data set that has been used by Apple, Anthropic, Meta, Nvidia, Salesforce, Bloomberg, and other companies. I recently downloaded this data set, which I saw referenced in papers about the development of various large language models (or LLMs). It includes writing from every film nominated for Best Picture from 1950 to 2016, at least 616 episodes of /The Simpsons/, 170 episodes of /Seinfeld/, 45 episodes of /Twin Peaks/, and every episode of /The Wire/, /The Sopranos/, and /Breaking Bad/. It even includes prewritten “live” dialogue from Golden Globes and Academy Awards broadcasts. If a chatbot can mimic a crime-show mobster or a sitcom alien”or, more pressingly, if it can piece together whole shows that might otherwise require a room of writers”data like this are part of the reason why. [..]
https://www.theatlantic.com/technology/archive/2024/11/opensubtitles-ai-data-set/680650/
Yifan Yu, Nikkei Asiam, 15 Nov 2024
The U.S. finalized a CHIPS Act grant of $6.6 billion to Taiwan Semiconductor Manufacturing Co. (TSMC), with at least $1 billion to be disbursed by the end of the year. The funds will be distributed in phases as the company hits certain project milestones. TSCMC will produce 3 nanometer (nm), 2 nm, and A16 chips at three Arizona fabs.
Alex Scroxton, Computer Weekly, 12 Nov 2024
Cyber agencies from the Five Eyes governments published a list of the 15 most exploited vulnerabilities of last year, the majority of which were zero-days, a trend that has continued this year. “More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks,” said Ollie Whitehouse at the UK's National Cyber Security Centre.
Lars Daniel, Forbes, 15 Nov 2024
Researchers at the U.S. National Institute of Standards and Technology identified 98 vulnerabilities that allow chips to be hacked. Most involve access control, with 43 different scenarios identified that would allow unauthorized users to access sensitive data or control systems. The researchers noted modern computer chips contain millions of components and software that are physically embedded in silicon and thus difficult and expensive to patch.
https://www.bbc.com/news/articles/c30p16gn3pvo
On patrol at Mar-a-Lago, robotic dogs have their moment British Broadcasting Corporation, 17 Nov 2024
A robotic dog named “Spot” made by Boston Dynamics is the latest tool in the arsenal of the US Secret Service. The device has lately been spotted patrolling the perimeter of President-elect Donald Trump's Mar-a-Lago resort in Palm Beach, Florida.
They do not have weapons - and each can be controlled remotely or automatically—as long as its route is pre-programmed.
Privacy experts cringed when people started feeding their medical images to the AI tool Grok.
As predicted. -L
https://www.cbsnews.com/news/matt-gaetz-depositions-leak-investigations/
Re: DOJ's call for Google to sell off Chrome could be a disaster for users
Google over recent years, I can't emphasize enough what an utter disaster for the privacy and security of ordinary users most of the DOJ “remedies” being suggested to the judge in the Google antitrust case would be. I can't figure out if DOJ just isn't considering these issues in their rush to create “competition” in a manner that wouldn't actually help ordinary consumers at all—and more likely just cause them more tech-related problems and confusion—or if the folks at DOJ working on this simply don't really understand the technical realities involved. -L
https://www.bbc.com/news/articles/cdrdyxk4k4ro
For a harrowing week in August, Ruchika Tandon, a 44-year-old neurologist at one of India's top hospitals, was ensnared in what felt like a high-stakes federal crime investigation.
Yet, it was an elaborate scam—a web of deceit spun by scammers who manipulated her every move and drained her and her family's life savings.
Under the pretense of “digital arrest”—a term fabricated by her perpetrators—Dr Tandon was coerced to take leave from work, surrender her daily freedoms, and comply with nonstop surveillance and instructions from strangers on the phone, who convinced her she was at the centre of a grave investigation.
The “digital arrest” scam involves fraudsters impersonating law enforcement officials on video calls, threatening victims with arrest over fake charges, and pressuring them to transfer large sums of money.
NEWPORT NEWS, VA. -” There's an alarming scam targeting Navy Federal customers in our area. Someone takes out a loan in a customer's name, and they're left out to dry and forced to pay it back, police say.
It is not exactly news that the corporate tech giants are using us, their clients. in every possible way that they can. I just thought that this particular example is an illustration of just how far it goes.
Niantic is the company and technology behind Pokemon Go. I know very little about the game: at various times various of my grandsons have been enthralled with Pokemon cards, but I don't think any of them ever got into the online game. I did, once, encounter a person wandering around with a cell phone, who admitted to searching for … well, whatever you search for in Pokemon Go.
Apparently, Niantic has been collecting visual and location data from those who have been playing the game. They are now feeding this into a geospatially-oriented large language model AI.
https://nianticlabs.com/news/largegeospatialmodel
Final paragraph of the article:
In the event of a crash passengers are directed to pull away a palen in the door and tug at a cable underneath to open the doors, but safety watchdogs have said dazed or panicked crash victims may not be able to search for the feature after a car crash.
What the hell is a “palen”? A Google search comes up with nothing but brand names, except for the Wiktionary definition.
[could it be Sarah running a line from Alaska?]
I don't see that electronic verification of age (or other identity information) means that you need to “share private information with government or other institutions about what you desire to access.”
The electronic ID needs to be issued by a government or institution, but verification does not have to involve them. Public-key cryptography can be used to verify the authenticity of the ID. The risk is rather that the ID is used by someone other than the holder, but that risk exists also with physical ID cards.
This is nothing new: back in late 1990s I worked at a Computer Telephony service provider Down Under when the legislature pushed down the age verification law for “adult chat” phone services. After it has been repeatedly explained to them by many consultations with Telcos and other relevant players that a) there isn't a way to implement reliable age verification mechanism over telephone lines and b) there is no infrastructure to support any kind of age verification over said lines; it would have to be invented and built first.
That never stopped them, and we (I) had to scramble to re-code a bunch of service scripts from 1-800 to direct credit card bulling as that made them not “open” and thus no subject to the “child protection”.
The running joke at the office cooler was “this is an adult chat service billed to your credit card at $4.95 a minute; if you are over 18, please have your credit card ready; if you are under 18, please have your dad's credit card ready.”
The lack of freeways is prudent risk-management. Freeways are actually far easier for a self driving vehicle (far fewer exceptional cases, its why proper level-2 systems (aka not Tesla) are restricted to freeways and similar locations), but the penalty for errors is much higher as the energy levels are much higher.
Since one of the biggest risks for an autonomous vehicle company is an accident, whether or not the autonomous vehicle is at fault, it is best for the company's interests to ensure that accidents are at dense city street speed where a “high speed” crash is 25 MPH rather than 75 MPH and 9x the energy.
Please report problems with the web pages to the maintainer