From Newsgroup: comp.risks

RISKS-LIST: Risks-Forum Digest Saturday 19 July 2025 Volume 34 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.72>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Growing Challenge of Radar Interference in Autonomous Vehicles (EE Times) Financial institutions should prepare for subsea cable sabotage (FT)
Railroad industry first warned about this nasty vulnerability inrC>2005.
(Security Boulevard)
Driving assistance systems could backfire: Some warning alerts can lead to
more hazardous driving (phys.org)
Bug / Feature of Google Maps (Amos Shapir)
Calif hit hard by weather service cuts (LA Times)
Ghostwriting Scam (Schneier on Security)
Trial against Meta higher-ups ends on 2nd day as investors, Zuckerberg reach
settlement (CDC)
Mercedes-Benz will let you use an in-car camera in Microsoft Teams while
driving (The Verge)
Hackers exploit a blind spot by hiding malware inside DNS records
(ArsTechnica)
Crypto Industry Reaches Milestone with Passage of Its First Major Bill
(NY Times)
Plans to augment or replace government with AI (WashPost)
Looking for a job? An AI recruiter might interview you next (NBCNews)
AI videos are tricking tourists into visiting places that don't exist.
That's just the beginning (Fast Company)
Artificial Intelligence, Cybersecurity, and National Security
(Richard Danzig)
Name collisions meet AI with predictable results (Dave Barry)
Malware finding a way (Sundry sources via Spaf)
Update on where has @grok been & what happened on July 8th. (xAI)
'I can't drink the water': life next to a U.S. data centre (bbc.com)
Meta Built a Data Center Next Door. The NeighborsrCO Water Taps Went Dry.
(The New York Times)
Musicians fight uphill battle as AI infiltrates streaming platforms, cutting
into royalties (CBC)
Garbage AI Overviews from Google (Lauren Weinstein)
Got a weird text message? 'Smishing' scams likely rising because of AI,
experts warn (CDC)
Chinese authorities are using a new tool to hack seized phones and extract
data (TechCrunch)
Spain chooses Huawei for intelligence wiretaps despite risks
(European Times)
National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly a year,
DHS memo says (NBC News)
Microsoft Digital Escorts Could Expose Defense Dept Data to Chinese Hackers
(ProPublica)
ICEBlock isn't completely anonymous, but no app is (The Verge)
Not just no. HELL NO! ChatGPT Agent Wants You to Hand Over Full Control of
Your Computer (Gizmodo)
UK lowering voting age to 16 ... (Lauren Weinstein)
Re: Interesting Quirky Japanese research result (Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 16 Jul 2025 09:15:37 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Growing Challenge of Radar Interference in Autonomous
Vehicles (EE Times)

Radar technology has become a foundational sensor modality in modern
vehicles, offering reliable object detection and distance measurement across
a variety of environmental conditions.

As automakers advance towards higher levels of autonomy, the prevalence of radar sensors is increasing not only in front-facing configurations but also around the entire vehicle perimeter. However, this growing sensor density is giving rise to an emerging challenge that has largely gone unnoticed: radar interference.

While it is not yet a widespread concern, the risk of radar-to-radar interference is becoming more significant as the automotive radar landscape continues to evolve. If this issue is not addressed, it could lead to perception failures, degraded performance, and ultimately, a decline in
"Those in need of emergency services should call 911 but also be prepared to call nonemergency lines in their counties, he said.

"Next Generation 911 is based on the Internet and designed to route calls around problems.

"The outages came after the push of a software update for the state's
system, Padfield said, but so far, the push doesn't appear to be the
culprit."

------------------------------

Date: Wed, 16 Jul 2025 09:08:39 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Financial institutions should prepare for subsea cable sabotage
(FT)
Attacks on the infrastructure that moves money could be a bigger threat
than cyber hacks.

A string of mysterious undersea cable incidents is spooking governments and NATO. But they should spook another group too: the financial services
industry. If several cables connecting Britain or the US east coast were severed, the City of London and Wall Street would face colossal disruption
and losses. Both London and New York should prepare for it.

On Christmas Day last year, the Cook Islands-flagged tanker Eagle S hit five cables in the Gulf of Finland. Had the Finnish Border Guard not boarded the tanker, which belongs to Russia's so-called shadow fleet, the destruction
could have been even worse. The cables' operators closely followed the developments -- and so did Jaakko Weuro, the head of Finland's Financial Stability Authority (RVV).

RVV, established in 2015 to protect taxpayers from the effects of financial crises and to prevent financial crises, is not in charge of undersea infrastructure. But money travels through the world's more than 500 data
cables -- some $10tn of it every single day.

Weuro knew that if the Eagle S had hit more cables before the Border Guard intervened, Finland's financial stability could have been shaken. Since
2022, Finland has been working to set up a rudimentary system ensuring
payments in case of a blackout.

But most other countries don't even have a Finnish-style backup. ``We need with satellites.'' Compared to undersea cables, satellites are costly and cumbersome. No wonder the workhorses of the ocean carry 99 per cent of all Internet traffic, including virtually all financial transactions.

If the cable system fails, what do we do? There is no clear answer. London
and New York, too, are profoundly dependent on the cables. The coasts off
these two cities just happen to be hubs for the cables connecting the UK
with Europe and the east coast of the US with Europe, which makes them even more attractive for sabotage. [...]

https://on.ft.com/4nWOyoc

------------------------------

Date: Wed, 16 Jul 2025 17:35:21 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Railroad industry first warned about this nasty vulnerability
inrC>2005. (Security Boulevard)

Freight trains in the U.S. use a radio link between front and rear, designed around 40 years ago. ItrCOs emerged that the Flashing Rear End Device (FRED) can be told to slam on the brakes via an extremely weak wireless protocol.

The latest researcher to signal the problem says, rCLYou could shutdown the entire railway system.rCY In todayrCOs SBrC>rC>Blogwatch, we get to the points.

https://securityboulevard.com/2025/07/train-fred-vuln-20-years-richixbw

------------------------------

Date: Sat, 12 Jul 2025 09:31:42 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Driving assistance systems could backfire: Some warning alerts can
lead to more hazardous driving (phys.org)

https://techxplore.com/news/2025-07-backfire-hazardous.html

"In recent years, every new car driver has been getting used to bells and beeps. As automakers try to make cars safer, they've introduced
increasingly sophisticated driving assistance systems, to warn a driver when they're drifting out of their lane or someone's in their blind spot.

"But do these features actually improve safety? Proponents point to studies showing that blind spot and lane departure warnings lead to decreases in collisions. Skeptics contend the systems can make drivers less attentive, relying too much on warning signals."

------------------------------

Date: Sat, 12 Jul 2025 12:05:50 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Bug / Feature of Google Maps

I was driving while navigating with Waze, when I noticed it was directing
me to a wrong address. It turned out that whenever I searched for a
specific address (say, "32 State Ave"), Waze would direct to another (say,
"21 Main st.").

I filed a complaint with Waze, they indicated that the culprit was Google
Maps -- which indeed showed the same behavior for that address. It seems
that someone had saved the location at 21 Main st., but labeled it as
"32 State Ave". Consequently, anyone searching for the latter, would
(also) receive a suggestion directing to the former.

A human searching on Google Maps, could note the wrong address, but it seems that when Waze does that, it accepts Google Maps' first suggestion. It
seems that Google Maps allows *anything* in a saved location's label,
including a wrong address.

------------------------------

Date: Wed, 16 Jul 2025 06:16:29 -0700
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Calif hit hard by weather service cuts (LA Times)

NWS offices in California suffering staff vacancies

http://enewspaper.latimes.com/infinity/article_share.aspx?guid=fd7ee0af-f0e1 -464c-b2b1-2d767162cdb8

[LW's comment on this:
In wake of Texas flooding, Trump orders NOAA to SHUT DOWN emergency
warning systems to save money.
https://bsky.app/profile/markey.senate.gov/post/3ltzxwu4ohs2y
]


------------------------------

Date: Wed, 16 Jul 2025 15:38:05 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Ghostwriting Scam (Schneier on Security)

The variations seem to be endless. HererCOs a fake ghostwriting scam that
seems to be making boatloads of money.

-a This is a big story about scams being run from Texas and Pakistan
estimated to run into tens if not hundreds of millions of dollars,
viciously defrauding Americans with false hopes of publishing bestseller
books (a scam yourCOd not think many people would fall for but is
surprisingly huge). In January, three people were charged with defrauding
elderly authors across the United States of almost $44 million -!by
rCLconvincing the victims that publishers and filmmakers wanted to turn
their books into blockbusters.rCY

https://www.schneier.com/blog/archives/2025/06/ghostwriting-scam.html

------------------------------

Date: Thu, 17 Jul 2025 13:15:01 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Trial against Meta higher-ups ends on 2nd day as investors,
Zuckerberg reach settlement (CDC)

https://www.cbc.ca/news/business/meta-trial-settlement-1.7587412

Mark Zuckerberg and current and former directors and officers of Meta
Platforms agreed on Thursday to settle claims seeking $8 billion for the
damage they allegedly caused the company by allowing repeated violations of Facebook users' privacy, a lawyer for the shareholders told a Delaware
judge on Thursday.

None of the parties disclosed details of the settlement, and defence
lawyers did not address the judge, Kathaleen McCormick of the Delaware
ReCourt of Chancery. McCormick adjourned the trial -- which was entering its second day -- and she congratulated the parties.

------------------------------

Date: Thu, 17 Jul 2025 09:05:00 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Mercedes-Benz will let you use an in-car camera in Microsoft Teams
while driving (The Verge)

https://www.theverge.com/news/708481/microsoft-teams-mercedes-benz-integration-in-car-camera-support

------------------------------

Date: Thu, 17 Jul 2025 09:08:01 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Hackers exploit a blind spot by hiding malware inside DNS records
(ArsTechnica)

https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/

------------------------------

Date: Fri, 18 Jul 2025 15:05:44 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Crypto Industry Reaches Milestone with Passage of Its First Major
Bill (NY Times)

David Yaffe-Bellany and Robert Jimson, *The New York Times*,
National Edition page A18, 18 Jul 2025
Determined lobbyig efforts overcome a week of squabbling

Bipartisan vote in the U.S. House sent the Genius Act to the
President, for his expected signature. The House also passed the
Clarity Act, sending the Senate legislation that would establish
cryptocurrency market regulation that industry executives have
championed for months.

Final para:

If the Clarity Act passed, ``we'd definitely be boxed out of
bringing any cases for past misconduct. It would retroactively
bless all the conduct of the crypto[currency] industry.'' Quote
from Amanda Fischer, who was a top SEC official during the Biden
administration.

------------------------------

Date: Tue, 15 Jul 2025 10:15:01 -0700
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: Plans to augment or replace government with AI (WashPost)

The government wants AI to fight wars and review your taxes.

The Trump administration is pushing federal agencies to rapidly adopt artificial intelligence tools. Are the efficiency gains worth the risks?

Elon Musk has receded from Washington but one of his most disruptive ideas about government is surging inside the Trump administration.

Artificial intelligence, Musk has said, can do a better job than federal employees at many tasks - a notion being tested by AI projects trying to automate work across nearly every agency in the executive branch. <https://www.bloomberg.com/news/articles/2025-05-05/musk-at-milken-says-ai-c an-offset-losing-some-government-workers>

The Federal Aviation Administration is exploring whether AI can be a better
air traffic controller. The Pentagon is using AI to help officers
distinguish between combatants and civilians in the field, and said Monday
that its personnel would begin using the chatbot Grok offered by Musk's start-up, xAI, which is trying to gain a foothold in federal agencies.

Artificial intelligence technology could soon play a central role in tax audits, airport security screenings and more, according to public documents
and interviews with current and former federal workers.

Many of these AI programs aim to shrink the federal workforce - continuing
the work of Musk's U.S. DOGE Service that has cut thousands of government employees. Government AI is also promised to reduce wait times and lower
costs to American taxpayers.

Government tech watchdogs worry the Trump administration's automation drive
-- combined with federal layoffs - will give unproven technology an outsize role.

If AI drives federal decision-making instead of aiding human experts,
glitches could unfairly deprive people of benefits or harm public safety,
said Elizabeth Laird, a director at the Washington-based nonprofit Center
for Democracy and Technology.

There is "a fundamental mismatch" between what AI can do and what citizens expect from government, she said.

President Joe Biden in 2023 signed an executive order <https://img3.washingtonpost.com/technology/2023/10/30/biden-artificial-intelligence-executive-order/> aimed at spurring government use of AI, while
also containing its risks. In January, President Donald Trump repealed that order. His administration has removed AI guardrails while seeking to
accelerate its rollout.

A comprehensive White House AI plan is expected this month.

"President Trump has long stressed the importance of American AI dominance,
and his administration is using every possible tool to streamline our government and deliver more efficient results for the American people,"
White House spokeswoman Anna Kelly said in a statement.

The Washington Post reviewed government disclosures and interviewed current
and former federal workers about plans to expand government AI. Some
expressed alarm at the administration's disregard for safety and government staff. Others saw potential to improve efficiency.

"In government, you have so much that needs doing and AI can help get it
done and get it done faster," said Jennifer Pahlka, who was deputy U.S.
chief technology officer in President Barack Obama's second term.

Sahil Lavingia, a former DOGE staffer who pushed the Department of Veterans Affairs to use AI to identify <https://www.propublica.org/article/inside-ai-tool-doge-veterans-affairs-con tracts-sahil-lavingia> potentially wasteful spending, said government
should aggressively deploy the technology becoming so prevalent elsewhere. Government processes are efficient today, he said, "but could be made more efficient with AI."

Lavingia argued no task should be off limits for experimentation,
"especially in war."

"I don't trust humans with life and death tasks," he said, echoing a
maximalist view of AI's potential shared by some DOGE staffers.

Here's how AI is being deployed within some government agencies embracing
the technology. [The article discusses these areas.]

1.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#YSAISJBYYZCFLHY5Z3P5V2REKE-0> Waging war
2.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#655D26QBO5CQZLG6RU6MRNRSWU-1> Air traffic control
3.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#2DSI3R4NTJBAJPTWJJRXQ3PHR4-2> Examining patents
4.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#BULDPXMZVJBUTMUR4ZFDLULRSU-3> Airport security screening
5.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#LEMZM5ESTJCT5NO5BHB3MKYZCE-4> Tax audits
6.
<https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war- taxes-jobs/#C6DJDKBET5HGPGYOAWWZFVHUY4-5> Caring for veterans

https://www.washingtonpost.com/business/2025/07/14/trump-ai-government-war-t axes-jobs/

------------------------------

Date: Sat, 12 Jul 2025 07:46:10 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Looking for a job? An AI recruiter might interview you next
(NBCNews)

The use of AI recruiters has rolled out quickly among major companies
despite glitches and privacy concerns.

Wafa Shafiq, a 26-year-old Canadian marketing professional and lifestyle influencer, has been job hunting off and on since winter 2024.

She applied for a Marketing Specialist II position with a retirement plan company around midnight and was emailed by someone named Alex almost immediately. Shafiq answered screening questions and scheduled an initial interview with Alex for the next day.

But there was a catch rCo Alex wasnrCOt human.

Alex was an AI talent recruiting agent that would also be interviewing her
for the position, Shafiq discovered after an Internet deep dive into
Apriora, the company behind Alex.

Shafiq had stumbled into the world of AI recruiting agents that can interact with candidates via text, phone and even video calls. These AI talent acquisition agents have been used and tested by major brands including the Boston Red Sox, Zillow, Chipotle, Ace Hardware, Sears Home Services, Club Pilates, McDonaldrCOs and more, according to AI recruiting companies.

The use of the technology has quickly scaled to some of the worldrCOs biggest companies, despite viral videos showing glitches with the technology and a security vulnerability that potentially exposed applicantsrCO data to hackers. [...]

https://www.nbcnews.com/tech/innovation/ai-job-recruiters-used-top-companies-glitches-rcna215128

------------------------------

Date: Fri, 18 Jul 2025 16:12:05 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: AI videos are tricking tourists into visiting places that
don't exist. That's just the beginning (Fast Company)

Jesus Diaz, Fast Company, 07-17-2025

I can perfectly imagine the pain, confusion, and betrayal in the voice of
the elderly Malaysian woman who, according to a hotel staff member, asked
"Why do they do this to people?" when she found out that her dream holiday destination wasn't real but a video fabricated with Veo3, the generative artificial engine made by Google. She and her husband had just driven three hours from Kuala Lumpur to this location in Perak state, convinced they
would find a scenic cable car attraction called the Kuak Skyride. Instead of
a gondola to wander across paradise, they found nothing but a quiet town and
a hotel worker trying to explain that the glamorous TV journalist they'd watched on TikTokrCothe one who had ridden the tram through lush forests and interviewed happy touristsrCohad never existed at all.

https://www.fastcompany.com/91368492/ai-video-tricking-tourists-places-that-dont-exist

------------------------------

Date: Tue, 15 Jul 2025 21:21:31 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Artificial Intelligence, Cybersecurity, and National Security
(Richard Danzig)

Richard Danzig,
Artificial Intelligence, Cybersecurity, and National Security
The Fierce Urgency of Now
https://www.rand.org/pubs/perspectives/PEA4079-1.html

------------------------------

Date: Fri, 18 Jul 2025 17:03:57 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Name collisions meet AI with predictable results (Dave Barry)

Dave Barry explains it all: https://davebarry.substack.com/p/death-by-ai

------------------------------

Date: Fri, 18 Jul 2025 09:46:10 -0400
From: Gene Spafford <spaf@cerias.purdue.edu>
Subject: Malware finding a way (Sundry sources via Spaf)

We've been seeing malware in the wild for at least 40 years (there are some disputes about the first instances, so it may be longer).

Two recent developments suggest that we aren't going to see the topic go
away any time soon.

1) Malware over DNS https://www.wired.com/story/dns-records-hidden-malicious-code/

As noted in the article, the increasing use of encrypted DNS (DOH and DOT)
will make detection more difficult. DOT and DOH are largely a reaction to concerns over privacy and censorship, so the tradeoff is privacy
vs. security -- a classic risk tradeoff.

2) Malware using AI

This was hinted at in the previous article, with chatbot commands embedded
in DNS records. But here is a case of malware using an AI agent more
directly to hack systems: https://cip.gov.ua/en/news/art28-atakuye-sektor-bezpeki-ta-oboroni-za-dopomogoyu-programnogo-zasobu-sho-vikoristovuye-shtuchnii-intelekt

AI in malware isn't a new idea. It has been speculated about for decades (I recall it being discussed nearly 30 years ago at a workshop, and before that
in science fiction literature). However, here is the first realized
instance.

Soon, expect hardened DNS clients that use scanning techniques pioneered in IDS-aware firewalls and web browsers from years ago.

Arguably, a root cause was in the design of DNS by making it extensible.
That contributed to its utility, but not all extensions are benign. A risk tradeoff every protocol designer should understand!

------------------------------

Date: Sat, 12 Jul 2025 08:06:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Update on where has @grok been & what happened on July 8th. (xAI)

First off, we deeply apologize for the horrific behavior that many
experienced.

Our intent for @grok is to provide helpful and truthful responses to users. After careful investigation, we discovered the root cause was an update to a code path upstream of the@grok bot. This is independent of the underlying language model that powers @grok.

The update was active for 16 hrs, in which deprecated code made @grok susceptible to existing X user posts; including when such posts contained extremist views.

We have removed that deprecated code and refactored the entire system to prevent further abuse. The new system prompt for the @grok bot will be published to our public github repo.

We thank all of the X users who provided feedback to identify the abuse of @grok functionality, helping us advance our mission of developing helpful
and truth-seeking artificial intelligence.

https://x.com/grok/status/1943916977481036128

[Technical Details of what happened to @grok on July 8th. (xAI)
https://x.com/grok/status/1943916979494232378]

------------------------------

Date: Sat, 12 Jul 2025 03:08:53 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: 'I can't drink the water': life next to a U.S. data centre
(bbc.com)

https://www.bbc.com/news/articles/cy8gy7lv448o

"The cloud lives in over 10,000 data centres around the world, most of them located in the US, followed by the UK and Germany. With AI now driving a
surge in online activity, that number is growing fast. And with them, more complaints from nearby residents. The U.S. boom is being challenged by a
rise in local activism -- with $64bn (-u47bn) in projects delayed or blocked nationwide, according to a report from pressure group Data Center Watch.
And the concerns aren't just about construction. It's also about water
usage. Keeping those servers cool requires a lot of water."

A pattern emerges: technological infrastucture installation followed by
environmental impact and deterioration.

Legal latency callously exploited and leveraged for industrial profit.
Pychopathy is often characterized by cruel unemotional traits.

------------------------------

Date: Fri, 18 Jul 2025 15:29:02 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: Meta Built a Data Center Next Door. The NeighborsrCO Water Taps
Went Dry. (The New York Times)

In the race to develop artificial intelligence, tech giants are building
data centers that guzzle up water. That has led to problems for people
who live nearby.

https://www.nytimes.com/2025/07/14/technology/meta-data-center-water.html

[LW's comment on this article:
Big Tech Billionaire CEO's AI data centers are leaving people without
water -- and the CEOs couldn't care less.]

------------------------------

Date: Sun, 13 Jul 2025 13:11:41 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Musicians fight uphill battle as AI infiltrates streaming
platforms, cutting into royalties (CBC)

https://www.cbc.ca/news/entertainment/musicians-ai-bands-streaming-1.7581400

Musicians are calling for regulations and finding creative ways to fight
back as AI "bands" climb the charts on streaming platforms, soaking up
already meagre royalty payments.

But as a major musicians' union works for legal change, a copyright expert
says the law is failing to keep up with artificial intelligence. This comes
as an act called The Velvet Sundown has hit 1.2 million monthly listeners
on Spotify after stirring controversy over its use of AI, sparking conversations about the future of the music business.

"It's obviously a challenge in the industry," Allistair Elliott, director of Canadians affairs for the American Federation of Musicians, which represents 70,000 professional musicians in the U.S. and Canada, told CBC News.

------------------------------

Date: Thu, 17 Jul 2025 08:09:43 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Garbage AI Overviews from Google

One of the increasingly annoying aspects of Google AI Overviews in
Search is that Google is so desperate to present an Overview for as
many searches as possible, and divert every possible user from
clicking on the sites from which Google took the data to feed Gemini,
that many of the Overviews are just brainless garbage comments that
don't even make sense, because Gemini has absolutely no idea of what
your search query actually was about. It's like asking a six-year-old
for advice about nuclear physics. They'll say something, but it won't
help you at all. -L

------------------------------

Date: Fri, 11 Jul 2025 15:45:28 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Got a weird text message? 'Smishing' scams likely rising because of
AI, experts warn (CDC)

https://www.cbc.ca/news/business/smishing-scams-rise-1.7582672

If it seems like your phone has been blowing up with more spam text messages recently, you're probably right.

The Canadian Anti-Fraud Centre says so-called "smishing" attempts appear to
be on the rise, thanks in part to new technologies that allow for
co-ordinated bulk attacks.

Smishing is "more than likely increasing" with help from artificial intelligence tools that can craft convincing messages or scour data from security breaches to uncover new targets, according to the centre's spokesperson, Jeff Horncastle.

------------------------------

Date: Wed, 16 Jul 2025 19:47:10 +0000 (UTC)
From: Steve Bacher <sebmb1@verizon.net>
Subject: Chinese authorities are using a new tool to hack seized phones and
extract data (TechCrunch)

Security researchers say Chinese authorities are using a new type of malware
to extract data from seized phones, allowing them to obtain text messages -- including from chat apps such as Signal -- images, location histories, audio recordings, contacts, and more.

On Wednesday, mobile cybersecurity company Lookout published a new report -- shared exclusively with TechCrunch -- detailing the hacking tool called Massistant, which the company said was developed by Chinese tech giant
Xiamen Meiya Pico.

Massistant, according to Lookout, is Android software used for the forensic extraction of data from mobile phones, meaning the authorities using it need
to have physical access to those devices. While Lookout doesn't know for
sure which Chinese police agencies are using the tool, its use is assumed widespread, which means both Chinese residents, as well as travelers to
China, should be aware of the tool's existence and the risks it poses.

``It's a big concern. I think anybody who's traveling in the region needs to
be aware that the device that they bring into the country could very well be confiscated and anything that's on it could be collected,'' Kristina Balaam,
a researcher at Lookout who analyzed the malware, told TechCrunch ahead of
the report's release. ``I think it's something everybody should be aware of
if they're traveling in the region.'' [...]

https://techcrunch.com/2025/07/16/chinese-authorities-are-using-a-new-tool-to-hack-seized-phones-and-extract-data/

------------------------------

Date: Sat, 12 Jul 2025 14:35:37 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Spain chooses Huawei for intelligence wiretaps despite risks
(European Times)

MADRID: In a move that has sparked concern among cybersecurity experts and
law enforcement circles, the Spanish government has awarded contracts worth =E2=82=AC12.3 million to Huawei, the Chinese tech conglomerate, to store and manage judicially ordered police wiretaps. The decision, made by Spain's Ministry of the Interior, involves the use of Huawei's OceanStor 6800 V5
data storage systems for archiving sensitive legal intercepts -- despite growing warnings from NATO allies over Huawei's close ties to the Chinese Communist Party.

The contract, part of Spain's centralized procurement framework between 2021 and 2025, places the custody of police surveillance data in the hands of a company banned from critical infrastructure in multiple Western
countries. The OceanStor system is a high-performance enterprise-grade
storage solution already used in various countries across Africa and Eastern Europe due to its competitive cost. However, its manufacturer's geopolitical affiliations have long been a matter of international concern.

Huawei's involvement in Spanish law enforcement systems is not new. The company has supported Spain's SITEL system -- used for legal surveillance -- since previous administrations. However, recent revelations have intensified debate about the strategic prudence of continuing to rely on a supplier
flagged as high-risk by U.S. and EU intelligence agencies. [...]

https://europeantimes.org/spain-chooses-huawei-for-intelligence-wiretaps-despite-risks/

------------------------------

Date: Wed, 16 Jul 2025 11:47:32 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly
a year, DHS memo says (NBC New)s

An elite Chinese cyberspy group hacked at least one staterCOs National Guard network for nearly a year, the Department of Defense has found.

The hackers, already responsible for one of the most expansive
cyberespionage campaigns against the U.S. to date, are alleged to have
burrowed even further than previously known, and may have obtained sensitive military or law enforcement information. Authorities are still working to discover the extent of the data accessed.

A Department of Homeland Security memo from June, describing the PentagonrCOs findings, said that the group, publicly known by the nickname Salt Typhoon, rCLextensively compromised a U.S. staterCOs Army National Guard networkrCY from March 2024 through December 2024. The memo did not specify which state was affected. [...]

https://www.nbcnews.com/tech/security/national-guard-was-hacked-chinas-salt-typhoon-group-dhs-says-rcna218648

------------------------------

Date: Wed, 16 Jul 2025 15:39:57 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Microsoft Digital Escorts Could Expose Defense Dept Data to Chinese
Hackers (ProPublica)

Chinese Tech Support: Microsoft is using engineers in China to help maintain the Defense DepartmentrCOs computer systems rCo with minimal supervision by U.S. personnel.

Skills Gap: Digital escorts often lack the technical expertise to police foreign engineers with far more advanced skills, leaving highly sensitive
data vulnerable to hacking.

Ignored Warnings: Various people involved in the work told ProPublica that
they warned Microsoft that the arrangement is inherently risky, but the
company launched and expanded it anyway.

https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers

------------------------------

Date: Wed, 16 Jul 2025 17:38:06 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ICEBlock isn't completely anonymous, but no app is (The Verge)

The developer of ICEBlock, an iOS app for anonymously reporting sightings of
US Immigration and Customs Enforcement (ICE) officials, promises that it rCLensures user privacy by storing no personal data.rCY But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making
false promises regarding user anonymity and privacy, being rCLmisguidedrCY about
the privacy offered by iOS, and of being an Apple fanboy. The issue isnrCOt what ICEBlock stores. ItrCOs about what it could accidentally reveal through its tight integration with iOS.

https://www.theverge.com/cyber-security/707116/iceblock-data-privacy-security-android-version

Paywalled, and mostly speculative about iOS risks.

------------------------------

Date: Thu, 17 Jul 2025 14:38:21 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Not just no. HELL NO! ChatGPT Agent Wants You to Hand Over Full
Control of Your Computer (Gizmodo)

https://gizmodo.com/chatgpt-agent-wants-you-to-hand-over-full-control-of-your-computer-2000630925

------------------------------

Date: Thu, 17 Jul 2025 07:59:22 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: UK lowering voting age to 16 ...

Apparently UK legislators never saw "Wild in the Streets" (1968). https://www.youtube.com/watch?v=gbwkZnNWUPo

------------------------------

Date: Sat, 12 Jul 2025 13:30:44 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Interesting Quirky Japanese research result (RISKS-34.71)

This [clip] is a resrospective study of a single cancer centre, which raises the question as to why this particular centre was selected for study? There
are 397 hospitals in Japan which are designated as cancer care hospitals, so
a "statistically significant" correlation between survival rates of some
form of cancer at one of these centres is highly probable, just by the
theory of probability.

cf. https://xkcd.com/882/

The p values (level of significance in the results) are not mentioned in the abstract or conclusion, which is odd, given the above.

Looking at Table 1m there are 186 pre-COVID patients (2018-2021), which is
46.5 per year. Obviously, none of these were vaccinated. There are 86 post-COVID patients (2022-2023), which is 43 per year. Does this mean that
the incidence of PC (pancreatic cancer) is generally busier, so can only
take on the more serious patients? Vaccination status is unknown for 31 of
the 86 post-COVID patients. Only 4 post-COVID patients have fewer than 3 vaccinations, which is clearly not statistically significant, so the correlation between vaccination and survival is identical to a correlation between admission year and survival.

27.4% of the pre-COVID patients had surgery, while only 11.6% of post-COVID patients had surgery: this is highly significant. The introduction states
that "adjuvant therapy in combination with surgery have also improved prognoses": why are fewer patients getting surgery at this centre if surgery improves prognosis? Are their fewer surgeons available now, or are they
busier with other operations so can handle fewer PC cases? Could this be the reason for the observed correlation?

Finally, PC survival rates have reduced during the COVID-19 pandemic,
according to this study:

https://pmc.ncbi.nlm.nih.gov/articles/PMC9105306/

The study concludes that "the causes were multifactorial, including
increased likelihood of emergency presentation, reduced use of surgical resection, changes in treatment regimes, and other possible factors"

Note that the study includes reduced use of surgery as a possible cause
for the reduced survival rate.

Another study shows that "Infection with COVID-19 promotes
the progression of pancreatic cancer":

https://pmc.ncbi.nlm.nih.gov/articles/PMC10709274/

So, not getting vaccinated could reduce the chance of surviving PC if the patient ends up getting COVID at the same time.

[Many thanks for your statistical wisdom. PGN]

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.72
************************

--- Synchronet 3.21a-Linux NewsLink 1.2