Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
A couple of days after this all broke I was due to do another “security for seniors” session. We were going to start frauds and scams. But with this all over the news, and everybody talking about it (mostly incomplete, and often misinformed), and with some many basic security lessons to be learned from it, I figured I should take advantage of the opportunity. So I covered the scandal, pointing out, along the way, that even though this news story was about national and even international security, it still had lots of lessons that everybody could benefit from.
So, day by day, herewith some security lessons, applicable to seniors, homemakers, owners of your own business, students of security, security professionals, and all the way down to vice presidents of superpowers.
“Security for ordinary folks”: Lessons from Signalgate 1 - Rules https://fibrecookery.blogspot.com/2025/03/security-for-ordinary-folks-lessons.html
Lesson one: this is why we have information classification rules.
Okay, maybe I have to back up a bit here. A lot of ordinary folks will think information classification, itself, only applies to governments, the military, and big corporations.
First of all, this whole story, and scandal, couldn't have happened to a nicer guy. I mean that, quite literally. Nicer people are people who tend to follow the rules. The MAGA camp is led by someone who not only doesn't think that the rules apply to him, he doesn't think that there are any rules at all. He thinks that rules, and policies, and laws, are for suckers. People who follow the rules are weak, and are at a disadvantage when dealing with him. He doesn't like rules, and laws, and doesn't think that there are any norms or standards of behavior. He likes chaos. He likes chaos because it means that he can do pretty much anything;
Next: Security for ordinary folks: Lessons from Signalgate 2 - Cellphones and SCIFs
We're in the far north-western tip of Zambia near the border with the DRC, and of all the bitcoin mines I've visited - this one is the strangest. They Were Deactivated From Delivering. Their Finances Were Devastated.
Water and electronic equipment don't usually mix well but it's precisely the proximity to the river that's drawn bitcoiners here.
Philip's mine is plugged directly into a hydro-electric power plant that channels some of the Zambezi's torrent through enormous turbines to generate continuous, clean electricity.
More importantly for bitcoin mining—it's cheap.
So cheap it made business sense for Philip's Kenya-based company Gridless to drag its shipping container full of delicate bitcoin mining computers across bumpy narrow roads 14 hours from the nearest major city to set up here.
Each machine makes about $5 (=A33.90) a day. More if the price of coins is high, less if to drops. https://www.bbc.com/news/articles/cly4xe373p4
https://www.bbc.com/news/articles/cly4xe373p4o
https://www.nytimes.com/2025/03/28/business/rainbowex-crypto-ponzi-scheme.html
Every weeknight at about 9 p.m., they said, La China turned up on the Telegram channel of a crypto-currency exchange called RainbowEx. There, she texted instructions to buy some type of crypto—invariably an obscure and thinly traded one, known in the industry as a memecoin—at a particular price. The same message said to sell the coin when it reached a certain, higher price, which it always did soon after.
It was as steady as a clock. Everyone on RainbowEx bought the coin, the value of the coin rose, everyone sold. Up ticked the balance in their RainbowEx accounts.
Nobody knew who La China was, where she was or whether she even existed. She was just a photograph of a young Asian woman on RainbowEx's Telegram channel. The guy with the new blazer took out his phone and showed Mr. Flaiman photos of La China-enabled purchases by locals. A car, a motorbike, a television. Some people were renovating their homes.
Thomas Friedman, The New York Times, Opinion, 26 Mar 2025 Two Superpowers risk a devatating competition. Cue the humanoid robots.
Two reports should be of particular interest here.
Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations Apostol Vassilev, Alina Oprea, Alie Fordyce, Hyrum Anderson, Xander Davies, Maia Hamin A NIST Report, March 2025 https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2025.pdf
This NIST Trustworthy and Responsible AI report provides a taxonomy of concepts and defines terminology in the field of adversarial machine learning (AML). The taxonomy is arranged in a conceptual hierarchy that includes key types of ML methods, life cycle stages of attack, and attacker goals, objectives, capabilities, and knowledge. This report also identifies current challenges in the life cycle of AI systems and describes corresponding methods for mitigating and managing the consequences of those attacks. The terminology used in this report is consistent with the literature on AML and is complemented by a glossary of key terms associated with the security of AI systems. Taken together, the taxonomy and terminology are meant to inform other standards and future practice guides for assessing and managing the security of AI systems by establishing a common language for the rapidly developing AML landscape.
[While the key findings are in line with recent industry trends, some show clear room for improvement: a whopping 43% of responders also have no formal IT or security training in place. Download the report now to learn more from your peers on how they're benchmarking and measuring cybersecurity operations. The Report Authors]
See also;
Frameworks, Tools, and Techniques: The Journey to Operational Security Effectiveness and Maturity, David Shackleford, SANS Survey, December 2023
Tech companies are revamping computing -” from how tiny chips are built to the way they are arranged, cooled and powered ”- in the race to build artificial intelligence that recreates the human brain.
https://www.nytimes.com/interactive/2025/03/16/technology/ai-data-centers.html
Nearly a dozen voice actors interviewed by The LA Times said voice replication technology is reducing paid job opportunities and stripping them of their agency. Many found their voices cloned without their consent, knowledge or compensation.
Nick Meyer said $100,000 would have changed his life.
The 26-year-old actor said it would have “taken a lot of weight” off his shoulders and provided relief for his family. Although he's been acting professionally for a decade, Meyer said he makes less than $10,000 a year from acting and supplements his income with food service and retail jobs. So why would he turn down a voice-acting gig offering roughly 10 times his annual acting salary for only 20 hours of work?
Because the job entailed recording his voice to train artificial intelligence-powered voice replication models. “I am not going to sacrifice my morality for a paycheck, no matter how big,” Meyer said.
The LA-based performer is one of many voice actors reckoning with AI's industry disruptions. Voice cloning has become much easier, requiring just seconds of audio. This poses a host of challenges for actors who have found their voices replicated online without their consent, knowledge or compensation, reducing paid job opportunities and stripping them of their agency. […]
Restaurants are experimenting with AI voices to help take orders at drive-throughs and call centers. Fast food customers might find themselves talking to an artificial intelligence voice the next time they order tacos or pizza at a drive-through.
Yum Brands Inc., the parent company of Taco Bell and other popular fast food chains such as Pizza Hut, KFC and Habit Burger & Grill, has teamed up with tech juggernaut Nvidia to advance the development of AI in the restaurant industry. […]
The way this happens is a perfect example of what is called “groupthink” — and this is one of the most dangerous situations possible with technology, especially with AI. These are mainly good people—I know several of them
personally—but they've been seduced by groupthink into a nightmare scenario for the world at large. -L
This scene comes after it had already attempted to use Robby the Robot to torture a young boy, “beginning with his eyes.”
https://www.youtube.com/watch?v=OufJh-aTQu4
Workhouses next. -L
https://www.cnn.com/2025/03/25/business/florida-child-labor-laws
https://www.macrumors.com/2025/03/26/utah-app-store-age-verification-law/
[One of the most egregious security failures in history.]
~<Let me be clear about this. The White House claimed these weren't war plans and nothing there was classified information. LIES!!! These are obviously war plans and obviously would have been highly classified. -L
A number of online surveys presented users with questions that offered two options for answers: Forks or No. For example: “Are you a U.S. citizen? Forks/No”.
The underlying cause was deep: a popup with survey instructions somehow caused some browsers, including Google Chrome, to detect that the page's language was Spanish even though it was written in English. Some browsers then offered to translate, but others (including Chrome) decided to do that for you without asking. And here's a fun fact: if you go to Google Translate and explicitly select Spanish as the source language, sure enough it translates “yes” as “forks”.
“Artificial Intelligence” is certainly artificial but also most definitely not intelligence. More information, although not complete details can be found here:
Cloakd ransomware group claims attack on Virginia attorney general's office, demands ransom for stolen data. Investigation underway. Find out the impact and what's being done.
https://hackread.com/cloak-ransomware-virginia-attorney-generals-office/
Nice work, AG.
22 Mar 2025 07:42 PM
The Donald Trump Administration's spending cuts have put put] to a celebration of 150 years of scientific co-operation between New Zealand and the United States. Universities New Zealand chief executive Chris Whelan said the organisation received notification last month that a US$30,000 ($51,580) grant for a function in Washington had been cancelled. “Unfortunately, we received a letter advising us that under President Trump's executive order re-evaluating and re-aligning the United States' foreign aid, that funding was cancelled. No other reason was given,” Whelan said. He said the U.S. State Department funding included travel by a New Zealand delegation to the U.S. Whelan said the event would have marked 150 years since the US sent scientists to this country to observe the planet Venus passing between the sun and the Earth. “The partnership dates back to the 1874 transit of Venus. The U.S. dispatched two scientific expeditions to New Zealand for the purpose. One to the Chatham Islands, another to Queenstown,” he said. Whelan said Universities New Zealand had been working on the project with the U.S. Embassy in Wellington. “It was seen as highly desirable to mark a major milestone, 150 years of scientific collaboration between our countries and a feel-good event and a good chance to publicise New Zealand in the U.,” he said. He said there were no plans at this stage for an alternative event and people were disappointed but understood such funding could be changed with a change of Government.
Millions of Americans earn money finding gig work through platforms like Uber, Lyft or DoorDash. Many see their financial lives upended when their account is suddenly blocked for unclear reasons.
Last summer, mining startup KoBold made a splash <https://techcrunch.com/2025/01/02/kobold-used-ai-to-find-copper-now-investo rs-are-piling-in-to-the-tune-of-537m/> when it said it had discovered in Zambia one of the world's largest copper deposits in more than a decade.
Now, another startup, Earth AI <https://earth-ai.com> , exclusively told TechCrunch about its own discovery: promising deposits of critical minerals in parts of Australia that other mining outfits had ignored for decades. While it's still not known whether they are as large as KoBold's, the news suggests that future supplies of critical minerals are likely to emerge from a combination of field data parsed by artificial intelligence.
“The actual, real frontier [in mining] is not so much geographical as it is technological,” Roman Teslyuk, founder and CEO of Earth AI, told TechCrunch.
Earth AI emerged from Teslyuk's graduate studies. Teslyuk, a native of Ukraine, was working toward a doctorate at the University of Sydney, where he became familiar with the mining industry in Australia. There, the government owns the rights to mineral deposits, and it leases them in six-year terms. Since the 1970s, he said, exploration companies are required to submit their data to a national archive.
“For some reason, nobody's using them,” he said. “If I could build an algorithm that can absorb all that knowledge and learn from the failures and successes of millions of geologists in the past, I can make much better predictions about where to find minerals in the future.”
Bankruptcy. Uncertanty.
23andMe Customers Scramble to Delete Data, Seek Assurances After Bankruptcy The DNA-testing company's site was slow in responding to some deletion requests, leading customers to be uncertain about the process. https://www.wsj.com/business/23andme-delete-data-bankruptcy-5778341f
>If airports weren't already a hellscape, TikTok has found a way to make >them worse. Welcome to airport theory, a viral delusion that suggests you >can roll up to the airport 15 minutes before boarding, waltz through >security, and still make your flight with time to spare. No stress, no >waiting, just pure main character energy.
Well, you know, TikTok is where they tell you to eat detergent pods, to pour beer over yourself and go out to get a suntan, and to hold your breath until you black out which has caused at least one death of a 10 year old girl.
I have gotten from the garage to the gate in 15 minutes a few times, not deliberately (bad traffic due to an accident, or one time I missed the Thruway exit), and not at large airports, and I do not recommend it. It is a stupid idea. But at least the worst thing that will happen is that you miss your plane.
In the summer of 2003, my wife and I traveled by AmTrak from southern California, up the Pacific coast to Seattle. We then went by Canada's Via Rail from Vancouver to Montreal.
We were ticketed to fly home via Air Canada on a non-stop flight from Dorval Airport (now Pierre Elliot Trudeau Airport) to LAX (Los Angeles International Airport). The morning of our departure coincided with the “Great North-East Blackout”, which affected Ontario and the Maritimes in Canada and also New York and New England in the United States. Montreal and the rest of Quebec was no affected,
Dorval was chaos, but only relative to Air Canada. U.S. and other foreign airlines were still boarding passengers and taking off. Dorval had electricity. However, Air Canada's computer center, however, was in Toronto (Ontario) and was down.
Instead of a non-stop Air Canada flight from Montreal to Los Angeles, we flew to Washington's Dulles and were the last passengers to board a United Airlines flight to Los Angeles. Instead of arriving home at 2:00pm, we arrived the next morning at 2:00am.
This adventure illustrated the risk of not having a backup computer system for critical services. Not only is a backup important, but also it must be far from the primary system so that a disaster will not affect both systems.
When the airport shut down, travelers were on the hook for reservations that could not be canceled, expensive new flights and missed events that airlines don't reimburse for. How can you protect yourself next time?
Tech companies are revamping computing ” from how tiny chips are built to the way they are arranged, cooled and powered ” in the race to build artificial intelligence that recreates the human brain.
https://www.nytimes.com/interactive/2025/03/16/technology/ai-data-centers.html
I have seen databases which return “(null)” or something similar, to separate it from something that may actually be a valid reply. There's no excuse for a database application which doesn't do that, nor for an application which uses the database and doesn't make the extra effort to discern a NULL value from a legitimate one. There's a price to pay for that, but Mr. & Mrs. Null should not be those who pay it.
Please report problems with the web pages to the maintainer