RISKS-LIST: Risks-Forum Digest Wednesday 14 Aug 2024 Volume 34 : Issue 40
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/34.40>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Bird Flu Shows That the U.S. Learned All the Wrong Lessons from Covid
(David Wallace Wells)
Beware Politicians' Newfound Love of Crytpo[currency]
(Eswar Prasad)
Illinois Voter Data Exposed by Unsecured Databases (Lily Hay Newman)
Trump Campaign Confirms It Was Hacked (Alex Isenstadt)
GPS spoofers 'hack time' on commercial airlines, researchers say
Boeing Starliner software (ArsTechnica)
Outages Plague Trading Platforms During Stock-Market Selloff (WSJ)
Canada's food supply -— under threat? (CBC)
French Museum Network Hit by Ransomware Attack (AP)
UK PM Warns Social Media Firms After Misinformation Fuels Riots (Reuters) Chipmaking Giant Learns What Works in Taiwan Doesn't in Arizona (John Liu) Power-hungry AI data centers are raising electric bills and blackout risk
(LA Times)
Cisco to Lay Off Thousands in Latest Round of Tech Cuts (Reuters)
Intel Will Fire 15,000 Workers (Eva Dou)
Excess memes and ‘reply all’ emails are bad for climate, researcher warns
(The Guardian)
Experts to PNT leaders: “It’s not working!” (GPS World)
The nation’s best hackers found vulnerabilities in voting machines
-— but no time to fix them (MSN)
We're Entering an AI Price-Fixing Dystopia (The Atlantic)
Unfixable Infections (WiReD)
Flaw in Hundreds of Mill?ions of AMD Chips Allows Deep, Virtually
Unfixable Infections (WiReD)
New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users
(The Hacker News)
Logic Gone Astray: A Security Analysis Framework for the
Control Plane Protocols of 5G Basebands (USENIX)
Call to ban DJI drones introduced in US Senate, company responds (dronedj)
DDoS Attacks Surge 46% in First Half of 2024 (Gcore Report)
NIST announces post quantum encryption standards (SecurityWeek)
Generative AI Has a 'Shoplifting' Problem. This Startup CEO Has a
Plan to Fix It (WiReD)
Kroger unveils AI-powered automatic price gouger (Pivot to AI)
Corporation Email Looks Like A Scam (Bob Smith)
ICANN Approves DNS Top-Level Domain for Intranets (Bob Gezelter)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 12 Aug 2024 19:05:31 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Bird Flu Shows That the U.S. Learned All the Wrong Lessons from
Covid (David Wallace Wells)
David Wallace Wells, *The New York Times*, Sunday Option, 11 Aug 2024
Two years after H5N1 jumped to mammals, health officials don't
seem to have a plan.
The concluding paragraph is a succinct summary:
The growing indifference has affected those still worried about Covid --
last year the CDC stopped a lot of its pandemic data collection, making
some basic facts like total deaths from Covin-19 much harder to track.
For more backgroumd for those who missed them in earlier issues:
See Robert Redfield's quote:
It's High Time To Admit Significant Side Effects of COVID-19 Vaccines.
(RISKS-34.25)
and Zeynep Tufekci's:
An Object Lesson From Covid on How to Destroy Public Trust: Officials
should have told us what they knew, or at least leveled with us about what
they didn't know. (RISKS-34.30)
------------------------------
Date: Mon, 12 Aug 2024 19:05:31 PDT
From: Peter Neumann <
neumann@csl.sri.com>
Subject: Beware Politicians' Newfound Love of Crytpo[currency]
(Eswar Prasad)
Eswar Prasad, *The New York Times*, 12 Aug 2024
A cynical bid for Silicon Valley cash seeks to prop up a financially
perilous industry.
Politicians’ newfound love of crypto probably has more to do with a cynical bid for young voter support and Silicon Valley cash than a maturing of a financially perilous set of assets. If anything, crypto today presents even greater risks to its investors and to our financial institutions than it did before. The fact that the Republican Party is publicly celebrating crypto to American voters could only make matters worse.
The concluding paragraph is both pithy and incisive:
For all the potential benefits, decentralized finance built around
cryptocurrencies has essentially imported the fragilities of
traditional finance, but with much less regulation and with many new
risks. While being open to innovations that improve access to and
efficiency in financial markets, users, investors and regulators
ought to beware of false premises and hype. Especially if that hype
comes from politicians.
https://www.nytimes.com/2024/08/09/opinion/crypto-2024-election.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb
[Also noted by Gabe Goldberg. PGN]
------------------------------
Date: Wed, 7 Aug 2024 11:24:44 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Illinois Voter Data Exposed by Unsecured Databases
(Lily Hay Newman)
Lily Hay Newman, *WiReD&, via ACM TechNews, 2 Aug 2024
More than a dozen databases containing sensitive voter information from multiple counties in Illinois were openly accessible on the Internet,
revealing 4.6 million records that included driver's license numbers and
other personally identifiable information. Security researcher Jeremiah
Fowler uncovered a total of 13 exposed databases, none of them password-protected or requiring any type of authentication to access.
------------------------------
Date: Mon, 12 Aug 2024 11:18:03 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Trump Campaign Confirms It Was Hacked (Alex Isenstadt)
Alex Isenstadt, *Politico*, 10 Aug 2024, via ACM TechNews
Former President Donald Trump's campaign said Saturday that some of its internal emails had been hacked. The admission came after Politico started receiving emails from an anonymous account with documents from inside
Trump's operation, including a research dossier the campaign had done on Trump's running mate, Ohio Sen. JD Vance. The campaign blamed "foreign
sources hostile to the U.S.," citing a Microsoft report on Friday that
Iranian hackers "sent a spear-phishing email in June to a high-ranking
official on a presidential campaign."
------------------------------
Date: Sun, 11 Aug 2024 08:31:46 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: GPS spoofers 'hack time' on commercial airlines, researchers say
(Reuters)
A recent surge in GPS “spoofing”, a form of digital attack which can send commercial airliners off course, has entered an intriguing new dimension, according to cybersecurity researchers: The ability to hack time.
There has been a 400% surge in GPS spoofing incidents affecting commercial airliners in recent months, according to aviation advisory body
OPSGROUP. Many of those incidents involve illicit ground-based GPS systems, particularly around conflict zones, that broadcast incorrect positions to
the surrounding airspace in a bid to confuse incoming drones or missiles.
[...]
https://www.reuters.com/technology/cybersecurity/gps-spoofers-hack-time-commercial-airlines-researchers-say-2024-08-10/
------------------------------
Date: Tue, 6 Aug 2024 16:18:21 -0400
From: "Jan Wolitzky" <
jan.wolitzky@gmail.com>
Subject: Boeing Starliner software (ArsTechnica)
While NASA continues to decide whether the thrusters on the Boeing
Starliner now docked to the International Space Station can be relied upon
to return the two astronauts who rode it up to the ISS back to Earth, a new issue has apparently arisen: the current flight software on board
Starliner cannot perform an automated undocking from the space station and re-entry into Earth’s atmosphere.
From Ars Technica:
At first blush, this seems absurd. After all, Boeing’s Orbital Flight Test 2 mission in May 2022 was a fully automated test of the Starliner vehicle.
During this mission, the spacecraft flew up to the space station without
crew on board and then returned to Earth six days later. Although the 2022 flight test was completed by a different Starliner vehicle, it clearly demonstrated the ability of the program's flight software to autonomously
dock and return to Earth. Boeing did not respond to a media query about why this capability was removed for the crew flight test.
It is not clear what change Boeing officials made to the vehicle or its software in the two years prior to the launch of Wilmore and Williams. It
is possible that the crew has to manually press an undock button in the spacecraft, or the purely autonomous software was removed from coding on
board Starliner to simplify its software package. Regardless, sources
described the process to update the software on Starliner as "non-trivial"
and "significant," and that it could take up to four weeks. This is what is driving the delay to launch Crew 9 later next month.
Notably, NASA's Commercial Crew Program Manager Steve Stich obliquely referenced this during his most recent press availability on July 25. Stich
was asked whether NASA would certify Starliner for operational missions if
the vehicle returned to Earth autonomously but ultimately safely.
"There are a lot of good reasons to complete this mission and bring Butch
and Suni home on Starliner," he said. "Starliner was designed as a
spacecraft to have the crew in the cockpit. The crew is integral to the spacecraft."
https://arstechnica.com/space/2024/08/nasa-likely-to-significantly-delay-the-launch-of-crew-9-due-to-starliner-issues/
------------------------------
Date: Wed, 7 Aug 2024 11:24:44 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Outages Plague Trading Platforms During Stock-Market Selloff
(WSJ)
Hannah Miao and Alexander Osipovich, *The Wall Street Journal*,
6 Aug 2024, via ACM TechNews
Major retail brokerages experienced online outages amid Monday's stock sell-off, frustrating panicky customers. Charles Schwab, Vanguard Group, and Fidelity Investments each said some customers experienced difficulties
logging into their accounts on Monday morning. By around midday, the
brokerages said the issues had been resolved.
------------------------------
Date: Sat, 10 Aug 2024 22:10:08 -0600
From: "Matthew Kruk" <
mkrukg@gmail.com>
Subject: Canada's food supply -— under threat? (CBC)
https://www.cbc.ca/newsinteractives/features/agri-food-canada-hacking
The oldest piece of equipment on Chris McLaren’s southern Ontario dairy farm is a W4 International, a four-cylinder tractor his grandfather bought in the 1940s.
Among the newest pieces of equipment is an automated calf feeder that reads
a chip in each animal’s ear and delivers them preset quantities of heated milk.
That data is uploaded to a server, and McLaren receives alerts on his phone
if one of his calves isn’t drinking enough. If the machine breaks down, a technician can fix it remotely.
“As farms get bigger and bigger, there gets to be more strain on the time
for the owner and operators of the farm. So moving towards technology
allows you to manage the cattle better,” said McLaren, whose family has
owned the farm for nearly 160 years.
But as farms like McLaren’s increasingly become connected — with reams of farming data uploaded daily to cloud servers — they also become more
exposed to cyber attacks, including from groups operating with tacit
approval of the Russian government.
“With us moving into robotic milking in the next six to eight months, that becomes even more concerning. It's definitely top of mind right now.”
[Different kind of *stock market*, with moo-lah. PGN]
------------------------------
Date: Wed, 7 Aug 2024 11:24:44 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: French Museum Network Hit by Ransomware Attack (AP)
Associated Press. 06 Aug 2024, via ACM TechNews
The central data systems of dozens of museums in the Reunion des Musees Nationaux network in France were targeted by a ransomware attack. While
venues in the network are hosting competitions for the Summer Olympics, officials say no events have been disrupted thus far. The attack, detected Sunday, hit data systems used by around 40 museums across the country.
------------------------------
Date: Mon, 5 Aug 2024 11:08:25 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: UK PM Warns Social Media Firms After Misinformation Fuels
Riots (Reuters)
Alistair Smout and Nick Vant, Reutersm 2 Aug 2024
via ACM TechNews
UK Prime Minister Keir Starmer warned social media companies they must
uphold laws prohibiting incitement of violence online, after
misinformation around a fatal mass stabbing earlier in the week
sparked violent riots. "Let me also say to large social media
companies, and those who run them, violent disorder clearly whipped up
online: that is also a crime," Starmer said, adding there was a
"balance to be struck" in handling such platforms.
------------------------------
Date: Mon, 12 Aug 2024 11:18:03 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Chipmaking Giant Learns What Works in Taiwan Doesn't in
Arizona (John Liu)
John Liu, *The New York Times*, 8 Aug 2924,via ACM TechNews
Four years after announcing plans to build a chip plant in Arizona, Taiwan Semiconductor Manufacturing Company (TSMC) still has not started selling semiconductors manufactured there, with chip production now expected to commence in the first half of 2025. Much of the lag can be attributed to cultural clashes between Taiwanese managers and U.S. workers, prompting the company to provide managers with communication training. TSMC also lacks a network of skilled workers and suppliers in Arizona, and while it brought thousands of workers from Taiwan to Phoenix, executives say that strategy is not sustainable. Meanwhile, local high schools and universities are boosting efforts to train future TSMC workers.
------------------------------
Date: Tue, 13 Aug 2024 06:35:32 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Power-hungry AI data centers are raising electric bills and
blackout risk (LA Times)
Experts warn that a frenzy of data center construction could delay California’s transition away from fossil fuels, raise electric bills and increase risk of blackouts [...]
While the benefits and risks of AI continue to be debated, one thing is
clear: The technology is rapacious for power. Experts warn that the frenzy
of data center construction could delay California’s transition away from fossil fuels and raise electric bills for everyone else. The data centers’ insatiable appetite for electricity, they say, also increases the risk of blackouts.
Even now, California is at the verge of not having enough power. An analysis
of public data by the nonprofit GridClue ranks California 49th of the 50
states in resilience -— or the ability to avoid blackouts by having more electricity available than homes and businesses need at peak hours. [...]
https://www.latimes.com/environment/story/2024-08-12/california-data-centers-could-derail-clean-energy-goals
------------------------------
Date: Mon, 12 Aug 2024 11:18:03 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Cisco to Lay Off Thousands in Latest Round of Tech Cuts
(Reuters)
Utkarsh Shetti and Supantha Mukherjee, *Reuters*, 10 Aug 2024,
via ACM TechNews
Networking equipment maker Cisco will cut thousands of jobs in a second
round of layoffs this year, say insiders. The number of people affected
could be similar to or slightly higher than the 4,000 employees Cisco laid
off in February, the sources said. The layoffs are the latest in the tech industry, which has been cutting costs this year to offset big investments
in AI. Over 126,000 people have been laid off across 393 tech companies
since the start of the year, according to data from tracking website
Layoffs.
------------------------------
Date: Mon, 5 Aug 2024 11:08:25 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Intel Will Fire 15,000 Workers (Eva Dou)
Eva Dou, *The Washington Post*m 1 Aug 2024, via ACM TechNews
Chip-maker Intel said Thursday it plans to lay off 15,000 people, more
than 15% of its workforce. Intel had emerged as the big winner of the
Chips for America program, with the Biden administration announcing
$8.5 billion in grants and $11 billion in loans for the company this
year to help bring some chip manufacturing operations back to the
U.S. Intel has yet to receive those funds.
------------------------------
Date: Tue, 13 Aug 2024 06:57:09 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Excess memes and ‘reply all’ emails are bad for climate, researcher
warns (The Guardian)
Most data stored on power-hungry servers is used once then never looked at again
When “I can has cheezburger?” became one of the first Internet memes to blow
our minds, it’s unlikely that anyone worried about how much energy it would use up.
But research has now found that the vast majority of data stored in the
cloud is “dark data”, meaning it is used once then never visited again. That means that all the memes and jokes and films that we love to share with friends and family – from “All your base are belong to us”, through Ryan Gosling saying “Hey Girl”, to Tim Walz with a piglet –- are out there somewhere, sitting in a datacentre, using up energy. By 2030, the National
Grid anticipates that datacentres will account for just under 6% of the UK’s total electricity consumption, so tackling junk data is an important part of tackling the climate crisis. [...]
https://www.theguardian.com/media/article/2024/aug/09/excess-memes-photos-and-reply-all-emails-are-bad-for-climate-finds-study
------------------------------
Date: Tue, 13 Aug 2024 11:55:09 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: Experts to PNT leaders: “It’s not working!” (GPS World)
The President’s National Space-based Positioning, Navigation and Timing
(PNT) Advisory Board has warned United States leaders that the nation is
highly vulnerable to disruption of GPS services. Also, national PNT issues
have not received sufficient priority and attention for the last 20 years,
and no one is accountable for system performance.
The warning came in a four-page memo to the Deputy Secretaries of Defense
and Transportation from retired Admiral Thad Allen, Chair of the advisory board. The memo was nominally a report of the board’s April 2024 meeting in Colorado Springs.
The overwhelming majority of Allen’s message, though, dealt with GPS and
U.S. PNT being vulnerable, the importance of PNT to the nation’s safety and security and the failure of the government to do the things it said it
should and would do. It says:
“America’s continued over-reliance on GPS for PNT makes critical infrastructure and applications vulnerable to a variety of well-documented accidental, natural and malicious threats.
…our conclusion is that PNT, in general, and GPS, in particular, have not been accorded their rightful prominence in the national policy agenda.
Simply put, the Board believes that the 20-year-old framework for GPS governance and the current policy statements establish neither the priority that the system deserves nor sufficiently clear accountability for its performance.”
The reason for this was assessed to be that the leadership and governance structure established by 2004’s NSPD-39 and confirmed in 2021’s SPD-7 was not working.
Allen gave a recent policy document on critical infrastructure as an
example. All critical infrastructure sectors use PNT, and most depend on it.
“These findings were reinforced just earlier this year by the release of
the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22, April 30, 2024). We were surprised to discover that GPS
is nowhere mentioned in that important document.”
While not mentioned in the memo, PNT was also not mentioned in national cybersecurity documents issued last year. This is despite timing being essential to the operation of IT systems, and time and location data being
key elements in many applications. [...]
https://www.gpsworld.com/experts-to-pnt-leaders-its-not-working/
------------------------------
Date: Tue, 13 Aug 2024 15:57:56 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: The nation’s best hackers found vulnerabilities in voting machines
-— but no time to fix them (MSN)
Some of the best hackers in the world gathered in Las Vegas over the weekend
to try to break into voting machines that will be used in this year’s election -— all with an eye to helping officials identify and fix vulnerabilities.
The problem? Their findings will likely come too late to make any fixes
before Nov. 5.
In one sense, it’s the normal course of events: Every August, hackers at
the DEF CON conference find security gaps in voting equipment, and every
year the long and complex process of fixing them means nothing is
implemented until the next electoral cycle.
But Election Day security is under particular scrutiny in 2024. That’s both because of increasing worries that foreign adversaries will figure out how
to breach machines, and because President Donald Trump’s unsubstantiated allegations of widespread fraud in 2020 undermined confidence in the vote
among his supporters.
As a result, many in the election security community are bemoaning the fact that no system has been developed to roll out fixes faster and worrying that the security gaps that get identified this year will provide fodder for
those who may want to question the results.
“As far as time goes, it is hard to make any real, major, systemic changes, but especially 90 days out from the election,” said Catherine Terranova,
one of the organizers of the DEF CON “Voting Village” hacking event. She argued that’s particularly troubling during “an election year like this.” [...]
https://www.msn.com/en-us/news/politics/the-nation-s-best-hackers-found-vulnerabilities-in-voting-machines-but-no-time-to-fix-them/ar-AA1oFNBX
------------------------------
Date: Mon, 12 Aug 2024 06:58:32 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: We're Entering an AI Price-Fixing Dystopia (The Atlantic)
Algorithmic collusion appears to be spreading to more and more industries.
And existing laws may not be equipped to stop it.
If you rent your home, there’s a good chance your landlord uses RealPage to set your monthly payment. The company describes itself as merely helping landlords set the most profitable price. But a series of lawsuits says it’s something else: an AI-enabled price-fixing conspiracy.
The classic image of price-fixing involves the executives of rival companies gathering behind closed doors and secretly agreeing to charge the same
inflated price for whatever they’re selling. This type of collusion is one
of the gravest sins you can commit against a free-market economy; the late Justice Antonin Scalia once called price-fixing the “supreme evil” of antitrust law. Agreeing to fix prices is punishable with up to 10 years in prison and a $100 million fine.
But, as the RealPage example suggests, technology may offer a
workaround. Instead of getting together with your rivals and agreeing not to compete on price, you can all independently rely on a third party to set
your prices for you. Property owners feed RealPage’s “property management software” their data, including unit prices and vacancy rates, and the algorithm—which also knows what competitors are charging—spits out a rent recommendation. If enough landlords use it, the result could look the same
as a traditional price-fixing cartel: lockstep price increases instead of
price competition, no secret handshake or clandestine meeting needed. [...]
https://www.theatlantic.com/ideas/archive/2024/08/ai-price-algorithms-realpage/679405/
------------------------------
Date: Sun, 11 Aug 2024 15:22:58 +0000
From: Victor Miller <
victorsmiller@gmail.com>
Subject: Flaw in Hundreds of Mill?ions of AMD Chips Allows Deep, Virtually
Unfixable Infections (WiReD)
https://www.wired.com/story/amd-chip-sinkclose-flaw/
------------------------------
From: the keyboard of geoff goodfellow <
geoff@iconia.com>
Date: Fri, 9 Aug 2024 07:13:52 -0700
Subject: New Flaws in Sonos Smart Speakers Allow Hackers to
Eavesdrop on Users (The Hacker News)
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.
The vulnerabilities "led to an entire break in the security of Sonos's
secure boot process across a wide range of devices and remotely being able
to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera said. <
https://www.nccgroup.com/us/research-blog/blackhat-usa-2024-listen-up-sonos-over-the-air-remote-kernel-exploitation-and-covert-wiretap/>
Successful exploitation of one of these flaws could allow a remote attacker
to obtain covert audio capture from Sonos devices by means of an
over-the-air attack. They impact all versions <
https://www.sonos.com/en-gb/security-advisory-2024-0001> prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.
The findings were presented at Black Hat USA 2024. A description of the two security defects is as follows:
* CVE-2023-50809 -- A vulnerability in the Sonos One Gen 2 Wi-Fi stack
does not properly validate an information element while negotiating a
WPA2 four-way handshake, leading to remote code execution
* CVE-2023-50810 -- A vulnerability in the U-Boot component of the Sonos
Era-100 firmware that would allow for persistent arbitrary code execution
with Linux kernel privileges
NCC Group, which reverse-engineered the boot process to achieve remote code execution on Sonos Era-100 and the Sonos One devices, said CVE-2023-50809 is the result of a memory corruption vulnerability in the Sonos One's wireless driver, which is a third-party chipset manufactured by MediaTek. [...]
https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html
------------------------------
Date: Wed, 7 Aug 2024 23:45:16 +0000
From: Victor Miller <
victorsmiller@gmail.com>
Subject: Logic Gone Astray: A Security Analysis Framework for the
Control Plane Protocols of 5G Basebands (USENIX)
https://www.usenix.org/conference/usenixsecurity24/presentation/tu
ALSO:
Hackers could exploit major 5G baseband security flaw, researchers say
https://readwrite.com/hackers-5g-baseband-security-flaw/
------------------------------
Date: Sun, 4 Aug 2024 16:59:34 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Call to ban DJI drones introduced in US Senate, company
responds (dronedj)
Two U.S. Senators have formally introduced their version of the Countering
CCP Drones Act as an amendment to the Senate’s FY25 National Defense Authorization Act (NDAA), reintroducing the call for a ban on the sale of
new DJI drones in the US. To be clear, this amendment has not been
considered yet. But tech giant DJI has expressed concerns about the recommendations outlined in the amendment, emphasizing that they are
extremely problematic and damaging for the US drone industry.
Now, the earliest the Senate will vote on NDAA amendments is in September,
if at all. It is also important to note that the amendment introduced by Senator Rick Scott (R-FL) and Senator Mark Warner (D-VA) is significantly different from the House version, which passed in June. If it is included
in the Senate’s NDAA, it will require the Senate and House to hold a conference to reconcile differences between the two versions of the FY25
NDAA before it can become law.
https://dronedj.com/2024/07/31/dji-drone-ban-us-senate/
------------------------------
Date: Wed, 14 Aug 2024 10:17:07 -0700
From: geoff goodfellow <
geoff@iconia.com>
Subject: DDoS Attacks Surge 46% in First Half of 2024 (Gcore Report)
Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report <
https://gcore.com/library/wp-security-gcore-radar-q1-2-2024> for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats.
Here, we share a selection of findings from the full report.
Key Takeaways# <
https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.h= tml#key-takeaways>
The number of DDoS attacks in H1 2024 has increased by 46% compared to the
same period last year, reaching 445K in Q2 2024. Compared to data for the previous six months (Q3--4 2023), it increased by 34%. [...]
https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
------------------------------
Date: Wed, 14 Aug 2024 10:19:22 -0400
From: Cliff Kilby <
cliffjkilby@gmail.com>
Subject: NIST announces post quantum encryption standards
(SecurityWeek)
https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/
TL;DR: nothing has changed. If your org is using strong encryption, this is
a horizon problem. If your org isn't using strong encryption or is using a
soon to be deprecated encryption method, these new standards will likely
not exist in your vendor or standard library soon enough to adopt.
https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Replacing all your existing encryption methods should go in the 5 year
roadmap.
------------------------------
Date: Sat, 10 Aug 2024 07:56:40 -0700
From: Steve Bacher <
sebmb1@verizon.net>
Subject: Generative AI Has a 'Shoplifting' Problem. This Startup CEO Has a
Plan to Fix It (WiReD)
Bill Gross’ ProRata, which has struck deals with partners like Time and Universal Music Group, has a strategy for making AI powerhouses pay for content.
Bill Gross made his name in the tech world in the 1990s, when he came up
with a novel way for search engines to make money on advertising. Under his pricing scheme, advertisers would pay when people clicked on their ads. Now, the “pay-per-click” guy has founded a startup called ProRata, which has an audacious, possibly pie-in-the-sky business model: “AI pay-per-use.” Gross, who is CEO of the Pasadena, California, company, doesn't mince words about
the generative AI industry. “It’s stealing,” he says. “They’re shoplifting
and laundering the world’s knowledge to their benefit.” [...]
But Gross thinks ProRata offers a solution that beats legal battles. “To
make it fair—that’s what I’m trying to do,” he says. “I don’t think this
should be solved by lawsuits.”
His company aims to arrange revenue-sharing deals so publishers and
individuals get paid when AI companies use their work. Gross explains it
like this: “We can take the output of generative AI, whether it's text or an image or music or a movie, and break it down into the components, to figure
out where they came from, and then give a percentage attribution to each copyright holder, and then pay them accordingly.” ProRata has filed patent applications for the algorithms it created to assign attribution and make
the appropriate payments. [...]
https://www.wired.com/story/bill-gross-prorata-generative-ai-business/
------------------------------
Date: Wed, 14 Aug 2024 14:51:38 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Kroger unveils AI-powered automatic price gouger
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)