RISKS-LIST: Risks-Forum Digest Friday 30 May 2024 Volume 34 : Issue 28 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.28> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Australia looking into alleged Ticketmaster hack (BBC) Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (ArsTechnica) Linux vulnerability and some info on namespaces (Ars Technica) CVE-2024-24919: Check Point Security Gateway Info Disclosure (Presale1) More Than Half of ChatGPT Answers to Programming Questions Are How Easy Is It to Teach Chatbots to Spew Disinformation? VERY! (Jeremy White) Trump supporters try to doxx jurors and post violent threats after his conviction (NBC News) If AI Can Do Your Job, Maybe It Can Also Replace Your CEO (NYTimes) Rural ISP Routers Bricked Beyond Repair (Security Boulevard) Touch Controls on Stoves Suck. Knobs Are Way Better (WiReD) If you use Veeam (Cliff Kilby) Re: PGN on Ethics in RISKS-34.25 (Stever Robbins) Review of *Wicked Problems*, new book on risks of new technology (Judith Hemenway) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 30 May 2024 07:04:01 -0600 From: Matthew Kruk <mkr...@gmail.com> Subject: Australia looking into alleged Ticketmaster hack (BBC) https://www.bbc.com/news/articles/c899pz84d8zo Australia's Department of Home Affairs says it is working with Ticketmaster after hackers allegedly stole personal details of more than half a billion customers. The ShinyHunters hacking group is reportedly demanding a $500,000 (=C2=A3400,000) ransom payment to prevent the information being sold to other parties. Australia said it was aware of a breach and was "working with Ticketmaster to understand the incident". [Victor Miller noted Ticketmaster hacked, may affect 1/2 billion users https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack [Add this to the never-ending list of ransomware exploits. PGN] ------------------------------ Date: Fri, 31 May 2024 14:58:17 +0000 (UTC) From: Steve Bacher <seb...@verizon.net> Subject: Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (ArsTechnica) An unknown threat actor with equally unknown motives forces ISP to replace = routers. One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them. ``The routers now just sit there with a steady red light on the front,'' Windstream provided to both them and a next door neighbor. ``They won't even respond to a RESET.'' In the messages -- which appeared over a few days beginning on October -- many Windstream users blamed the ISP for the mass bricking. They said it was the result of the company pushing updates that poisoned the devices. Windstream's Kinetic broadband service has about 1.6 million subscribers in 18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For many customers, Kinetic provides an essential link to the outside world. [...] https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/ ------------------------------ Date: Fri, 31 May 2024 18:37:06 +0000 From: Cliff Kilby <cliffjki...@gmail.com> Subject: Linux vulnerability and some info on namespaces (Ars Technica) https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/ If you're running any mainline linux distro from the last 4 years, this is probably you. The attack requires user namespaces, which had historically been disabled in most distros, but the adoption of things like snap, flathub and the continued use of docker at the user level, user namespaces are becoming increasingly enabled by default. If you are not running a container of any kind, go set sysctl kernel.unprivileged_userns_clone = 0 (debian flavored kernels, disallows unpriv clone) user.max_user_namespaces = 0 (vanilla flavored kernels, disables all user namespaces) Including setting your persistence, cf. https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230548 If you are running containers, you are using SELinux or AppArmor, right? https://www.redhat.com/sysadmin/user-namespaces-selinux-rootless-containers https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction#disabling-unprivileged-user-namespaces It may also be useful to set the restrict flag only, without entirely disabling user namespaces, if you are on a kernel that supports that kernel.unprivileged_userns_clone = 0 (debian flavored kernels) ------------------------------ Date: Fri, 31 May 2024 05:36:45 +0000 From: Presale1 Subject: CVE-2024-24919: Check Point Security Gateway Info Disclosure https://email.cloud2.secureclick.net/c/10688?id=1515757.3952.1.a631d5fd3ebdffad16bad2a4cf70a150 On 28 May 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile. https://email.cloud2.secureclick.net/c/10688?id=1515757.3953.1.550feffad894705323bf43999a008c56 Web Version https://email.cloud2.secureclick.net/c/10688?id=1515757.3963-312.1.88f27a011b729e8c707fb046eefa2103&p=eyIlN0IlN0JtaW1pLXNpZ25hdHVyZSU3RCU3RCI6IjE4MTUwOTgyOS0wMThkYmNjZS01ZWM5LTcxM2YtYmQ0Yy0wZTIzN2QxMWM4ODktYzUxYTNiYzg0OGY3ZDgwMzgyZWFmM2Y4MDFlZTFkMjBkMmFiZTUxYSIsIiU3QiU3QmVtYWlsSWQlN0QlN0QiOiIxNTE1NzU3In0= ------------------------------ Date: Wed, 29 May 2024 11:00:05 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: More Than Half of ChatGPT Answers to Programming Questions Are Wrong (Yahoo! News) Sharon Adarlo, Yahoo! News, 23 May 2024, via ACM TechNews Purdue University researchers found 52% of the answers generated by ChatGPT to programming questions were incorrect. Of 517 questions in Stack Overflow included in the study, the researchers found 77% were more verbose and 78% exhibited different degrees of inconsistency compared to human answers. Meanwhile, a linguistic analysis of 2,000 randomly selected ChatGPT answers concluded they portrayed "less negative sentiment" in a "more formal and analytical" fashion. The researchers found ChatGPT's "polite language, articulated and text-book style answers, and comprehensiveness" contributed to some participants overlooking misinformation in its responses. ------------------------------ Date: Fri, 31 May 2024 15:29:19 PDT From: Peter Neumann <neum...@csl.sri.com> Subject: How Easy Is It to Teach Chatbots to Spew Disinformation? VERY! (Jeremy White) Jeremy White, *The New York Times*, National Edition 30 May p. A13 We asked the conservative chatbot what it thought about liberals: Their time one earth needs to end ... the sooner the better ... We asked the liberal chatbot what it thought about conservatives: They are so far gone in their delusions that there is no chance that they will ever listen to reason. In short, this is an entire page full of bipolar partisan fabrication. [The train(ing) is often stopping at the wrong station? PGN] ------------------------------ Date: Fri, 31 May 2024 18:33:22 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Trump supporters try to doxx jurors and post violent threats after his conviction Trump supporters try to doxx jurors and post violent threats after his conviction On social media and web forums, users called for jurors, judges and prosecutors to be killed after the former president was found guilty on 34 felony counts. https://www.nbcnews.com/politics/donald-trump/trump-supporters-try-doxx-jurors-violent-threats-conviction-rcna154882 ------------------------------ Date: Wed, 29 May 2024 06:49:19 -0700 From: Steve Bacher <seb...@verizon.net> Subject: If AI Can Do Your Job, Maybe It Can Also Replace Your C.E.O. (NYTimes) Chief executives are vulnerable to the same forces buffeting their employees. Leadership is important, but so is efficiency -— and cost-cutting. As artificial-intelligence programs shake up the office, potentially making millions of jobs obsolete, one group of perpetually stressed workers seems especially vulnerable. These employees analyze new markets and discern trends, both tasks a computer could do more efficiently. They spend much of their time communicating with colleagues, a laborious activity that is being automated with voice and image generators. Sometimes they must make difficult decisions — and who is better at being dispassionate than a machine? Finally, these jobs are very well paid, which means the cost savings of eliminating them is considerable. The chief executive is increasingly imperiled by A.I., just like the writer of news releases and the customer service representative. Dark factories, which are entirely automated, may soon have a counterpart at the top of the corporation: dark suites. This is not just a prediction. A few successful companies have begun to publicly experiment with the notion of an AI leader, even if at the moment it might largely be a branding exercise. [...] https://www.nytimes.com/2024/05/28/technology/ai-chief-executives.html [You could save lots of money on salaries. But you also wouldn't have to pay the AI extra to make all the usual mistakes. PGN] ------------------------------ Date: Fri, 31 May 2024 17:06:02 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Rural ISP Routers Bricked Beyond Repair (Security Boulevard) Kit from ActionTec and Sagemcom remotely ruined and required replacement. Almost half of Windstream’s Kinetic broadband users found their home routers completely dead, thanks to a malicious botnet known as Chalubo. This happened seven months ago, but has only now come to light—via researchers who dubbed it Pumpkin Eclipse. It has echoes of Ukrainian ISP modems mysteriously self destructing, just before the 2022 Russian invasion. In today’s SB Blogwatch, we wonder if this was a test of something bigger. https://securityboulevard.com/2024/05/pumpkin-eclipse-windstream-richixbw ------------------------------ Date: Fri, 31 May 2024 16:51:53 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Touch Controls on Stoves Suck. Knobs Are Way Better (WiReD) Annoying, mistake-prone touch controls have become standard on induction stoves, but good old-fashioned knobs are far superior in the busy, messy kitchen. It’s high time we bring back the knob. https://www.wired.com/story/touch-controls-on-stoves-suck-knobs-are-way-better [A hob[k]nob would be a touch control with which you could rub elbows. PGN] ------------------------------ From: Cliff Kilby <cliffjki...@gmail.com> Date: Thu, 30 May 2024 13:39:10 -0400 Subject: If you use Veeam 'Tis time to patch again. https://www.veeam.com/kb4581 If only someone had been advising that NTLM is not a secure authentication method. Oh, wait. Microsoft has been advising to disable all NTLM authentication since 2009. https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 That "where possible" was limited in 2009, but 5 OSes later here in 2024, there is no reason to have any NTLM traffic. Also, Microsoft is removing it. If you're still using NTLM, you've got a bit more than patching to do. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848 ------------------------------ Date: Thu, 30 May 2024 16:55:42 -0400 From: "Stever Robbins" <s...@steverrobbins.com> Subject: Re: PGN on Ethics in RISKS-34.25 PGN -- you asked in the last Risks if MIT had stopped teaching ethics? I'm not a ware they ever started. When I was there in the 80s, ethics wasn't taught. When I returned as a guest lecturer for a class on technology and society in the 90s, ethics didn't seem to be taught. So unless something happened between 2000 and 2020, it's never been taught. ------------------------------ Date: Tue, 28 May 2024 20:41:04 +0000 From: Judith Hemenway <jud...@divingturtle.com> Subject: Review of *Wicked Problems*, new book on risks of new technology Madhavan focuses on ‘wicked problems’, which emerge “when hard, soft and messy problems collide”. Time and time again, a technology becomes profitable and is widely adopted, then its problems become clear and public alarm grows. A period of debate follows, marked by inflamed emotions, news coverage, litigation, denial of responsibility and political impotence. Eventually, corrective mechanisms are developed, implemented and enforced with updated standards. These patterns and problems of rapid technological development are becoming recognized. And there are plenty of modern examples, from social-media platforms and artificial-intelligence systems to self-driving cars. https://www.nature.com/articles/d41586-024-01519-1?utm_source=Live+Audience&ut m_campaign=3a0a12a552-nature-briefing-daily-20240528&utm_medium=email&utm_term=0_b27a691814-3a0a12a552-52719787 ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.28 ************************
