Risks Digest 34.63

RISKS-LIST: Risks-Forum Digest Saturday 17 May 2025 Volume 34 : Issue 63 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: Newark’s Air-Traffic Control Staffing Crisis Is Dire. It’s Also Not Unique. (The New York Times) Exclusive: NSF faces radical shake-up as officials abolish its 37 divisions (Science) Rogue communication devices found in Chinese solar power inverters (PGN, Ben Moore) EU Security Bug Database Fully Operational (Jessica Lyon) Researchers Discover New Security Vulnerability in Intel Processors (Daniel Meierhans) Investigation into false evacuation alerts sent during L.A. fires places blame, calls for more regulation (LA Times) Meta to Train AI on EU User Data From May 27 Without Consent; Noyb Threatens Lawsuit (The Hacker News) Young Americans are investing in crypto and meme coins as a path to wealth (The Washington Post) If AI is so good at_coding, where are the open-source contributions (Pivot to AI) How Apple Created a Legal Mess When It Skirted a Judge’s Ruling (NYTimes) How to Secure Your Phone’s Data Before Traveling Abroad (NYTimes) Thumbprint on Cigarette Carton Cracks a 48-Year-Old California Murder Case (NY Times) Walgreens doubles down on prescription-filling robots to cut costs, free up pharmacists amid turnaround (CNBC) Smart Phones Finally Getting Expelled in Classes (New York Magazine) A VPN Company Canceled All Lifetime Subscriptions, Claiming It Didn’t Know About Them (WiReD) Why We’re Unlikely to Get Artificial General Intelligence Anytime Soon (NY Times) Attack Steals Cryptocurrency by Planting False Memories in Chatbots (Dan Goodin) Young Americans are investing in crypto and meme coins as a path to wealth (The Washington Post) His X Account Was Hijacked to Sell a Fake WIRED Memecoin. Then Came the Backlash (WiReD) CISA mutes own website, shifts routine cyber-alerts to Musk’s RSS, email (The Register) Tragedy, Fools but no Iago in sight (Peter Bernard Ladkin) Riverside wants to become ‘the new Detroit.’ Can this self-driving electric bus get it there? (LA Times) IBM Vibe coding (Martin Ward) How to fix your code using OpenAI (Martin Ward) Case quacked: Flying duck caught by Swiss speed camera is repeat offender (BBC) We live in the tension between overestimating risks and ignoring them (Jim Geissman) RISKS-34.62 layout (Mark Brader) Re: FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Richard Marlon Stein) Re: New Zealand’s prime minister proposes social media ban for under-16s (Steve Bacher) Re: After an Arizona man was shot, an AI video of him addresses his killer in court (Steve Bacher) Abridged info on RISKS (comp.risks) ———————————————————————- Date: Fri, 16 May 2025 07:32:53 -0700 From: “Jim” Subject: Newark’s Air-Traffic Control Staffing Crisis Is Dire. It’s Also Not Unique. (The New York Times) NY Times 16 May 2025 Ninety-nine percent of the air traffic control facilities in the United States are operating below recommended staffing levels, a New York Times analysis has found. The ongoing crisis at Newark Liberty International Airport has put a spotlight on the prolonged nationwide shortage of air traffic controllers. As of 7 May 2025, only two of 313 facilities – one in Akron, Ohio, and another in Fort Lauderdale, Fla. — met staffing targets set by the Federal Aviation Administration and the union representing controllers, according to union data obtained by The Times. [Even if you are flying from Akron to Fort Lauderdale, that is not good enough, because you have to cross undermanned ATC centers. PGN] —————————— Date: Fri, 9 May 2025 20:21:24 +0900 From: David Farber Subject: Exclusive: NSF faces radical shake-up as officials abolish its 37 divisions (Science) https://www.science.org/content/article/exclusive-nsf-faces-radical-shake-officials-abolish-its-37-divisions The National Science Foundation (NSF), already battered by White House directives and staff reductions, is plunging into deeper turmoil. According to sources who requested anonymity for fear of retribution, staff were told today that the agency’s 37 divisions — across all eight NSF directorates — are being abolished and the number of programs within those divisions will be drastically reduced. The current directors and deputy directors will lose their titles and might be reassigned to other positions at the agency or elsewhere in the federal government. The consolidation appears to be driven in part by President Donald Trump’s proposal to cut the agency’s $9-billion budget by 55% for the 2026 fiscal year that begins on 1 October. NSF’s decision to abolish its divisions could also be part of a larger restructuring of the agency’s grant-making process that involves adding a new layer of review. NSF watchers fear that a smaller, restructured agency could be more vulnerable to pressure from the White House to fund research that suits its ideological bent. —————————— Date: Thu, 15 May 2025 14:09:41 -0700 From: “Peter G. Neumann” Subject: Rogue communication devices found in Chinese solar power inverters https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/ [This resembles a cross between the DMA problem addressed by the Thunderclap paper, and planted Trojan horses. PGN] —————————— Date: Fri, 16 May 2025 09:37:13 -0500 From: Ben Moore Subject: Rogue communication devices found in Chinese solar power inverter (MSN) As Bruce Schneier says “This is a weird story.” https://www.msn.com/en-us/news/world/ar-AA1EMfHP But less so when you consider this story. https://www.huschblackwell.com/newsandinsights/new-executive-order-prohibits-use-of-equipment-produced-by-foreign-adversaries-in-bulk-power-system —————————— Date: Fri, 16 May 2025 11:37:34 -0400 (EDT) From: ACM TechNews Subject: EU Security Bug Database Fully Operational (Jessica Lyon) Jessica Lyon, *The Register* (UK) (05/13/25), via ACM TechNews The European Union Agency for Cybersecurity has rolled out the European Vulnerability Database (EUVD). Updated in real time and now fully operational, the database identifies disclosed bugs with their U.S. Common Vulnerabilities and Exposures (CVE)-assigned IDs and EUVD identifiers, details their criticality and exploitation status, and provides links to available advisories and patches. [The U.S. mothballing of the MITRE-NIST CVE collection was the result of an abonimable showman. The CVE repository may have been the wrong solution to the wrong problem, but it provided a very useful catalog of vulnerabilities against which to track progress (or the lack of it). The deeper problem that is not being adequately confronted is that commercial-system security sucks, so-called best practices are dramatically incomplete, and the industry apparently does not want to bother avoiding even the most critical flaws, much less the way it develops new systems. This has been going on during all of my 71 years as a computer professional, with very few exceptions, and shows few signs of changing (except for perhaps our SRI/Cambridge-UK CHERI clean-slate hardware-software approach, which earlier this week received this year’s Test-of-Time award at the 46th IEEE Symposium on Security and Privacy for our 2015 paper, CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization). I am delighted to see the European Union showing fortitude (although the letters VD in EUVD have a connotation that is symbolic of the self-infectious nature of system and network vulnerabilities). PGN] —————————— Date: Fri, 16 May 2025 11:37:34 -0400 (EDT) From: ACM TechNews Subject: Researchers Discover New Security Vulnerability in Intel Processors (Daniel Meierhans) Daniel Meierhans, ETH Zurich (Switzerland) (05/13/25) A new class of vulnerabilities in all Intel processors identified by computer scientists at Switzerland’s ETH Zurich can be exploited to misuse the central processing unit’s (CPU) prediction calculations to gain access to information from other users of the same CPU. The vulnerabilities enable the incorrect assignment of privileges during the few nanoseconds when the CPU switches between prediction calculations for two users with different permissions. ETH Zurich’s Sandro Ruegge said quickly repeating the attack can result in a more than 5,000-bytes-per-second readout speed, allowing attackers to read the entire memory over time. —————————— Date: Mon, 12 May 2025 09:14:07 -0700 From: Steve Bacher Subject: Investigation into false evacuation alerts sent during L.A. fires places blame, calls for more regulation () The alerts were intended for a small group of residents near Calabasas, but stoked panic and confusion as they were blasted out repeatedly to a much larger area. […] In “Sounding the Alarm: Lessons From the Kenneth Fire False Alerts,” Garcia’s office reports that Genasys, the software company contracted with the county to issue wireless emergency alerts, said a technical error caused the faulty alert to ping across the sprawling metro region. […] https://www.latimes.com/california/story/2025-05-12/report-on-faulty-fire-alert-calls-for-more-federal-regulation-of-private-tech-companies-issuing-alerts —————————— Date: Fri, 16 May 2025 10:38:05 -0700 From: geoff goodfellow Subject: IS: Meta to Train AI on EU User Data From May 27 Without Consent; Noyb Threatens Lawsuit (The Hacker News) Austrian privacy non-profit noyb (none of your business) has sent Meta’s Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users’ data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models using public data shared by adults across Facebook and Instagram in the European Union (EU) starting May 27, 2025, after it paused the efforts in June 2024 following concerns raised by Irish data protection authorities. “Instead of asking consumers for opt-in consent, Meta relies on an alleged ‘legitimate interest’ to just suck up all user data,” noyb said . “Meta may face massive legal risks — just because it relies on an ‘opt-out’ instead of an ‘opt-in’ system for AI training.” The advocacy group further noted that Meta AI is not compliant with the General Data Protection Regulation (GDPR) in the region, and that, besides claiming that it has a ”legitimate interest in taking user data for AI training, the company is also limiting the right to opt-out before the training has started.” —————————— Date: Mon, 12 May 2025 12:58:06 -0400 From: Gabe Goldberg Subject: Young Americans are investing in crypto and meme coins as a path to wealth (The Washington Post) These young people see meme coins as their best shot at the American Dream When traditional routes to wealth feel out of reach, jokey cryptocurrencies can look more attractive. “Financial nihilism” is driving some members of Gen Z to crypto, said Joe McCann, founder and CEO of Asymmetric, a crypto hedge fund that counts itself as one of the first institutional investors in meme coins. Young people with high levels of student debt, who are more likely to live with their parents than prior generations, are less inclined to stash money into a 401(k), he said. They’d rather wager a few hundred bucks on a meme coin, McCann added, because they feel they don’t have other good options. […] Several conference attendees told *The Washington Post( they expected crypto to thrive during President Donald Trump’s administration in part because he has a personal stake in meme coins. The president has been promoting two coins launched in January called $TRUMP and $MELANIA that were created by a firm affiliated with the Trump Organization. His association with the coins, including a recent offer to host a dinner for top investors, has been criticized for creating a conflict of interest. Trump has also overseen a pullback in regulatory scrutiny of crypto firms. In February, the U.S. Securities and Exchange Commission ruled that meme coins are collectibles, not securities. Industry players say that could lead to a bumper crop of newly minted meme coins. […] Following the meme coin market’s moves requires dedication as the Internet cycles from one punch line to the next. “I always have my phone in my hand,” said Jeff Matthews, who estimates that he notches 14 to 17 hours of screen time daily, mostly spent trading meme coins. —————————— Date: Tue, 13 May 2025 17:53:56 -0400 From: Gabe Goldberg Subject: If AI is so good at_coding, where are the open-source contributions (Pivot to AI) It’s true that a lot of open source projects really hate AI code. There’s several objections, but the biggest one is that users who don’t understand their own lack of competence spam the projects with time-wasting AI garbage. The Curl project banned AI-generated security reports because they were getting flooded with automated AI-generated “bug bounty” requests. [LinkedIn] More broadly, the very hardest problem in open source is not code, it’s people – — how to work with others. Some AI users just don’t understand the level they simply aren’t working at. One user of the LLVM compiler complained that his AI-generated pull requests were not being taken seriously — by a compiler project, where correct computer science and knowing precisely what the heck you’re doing is profoundly important. The user considered it was the unpaid volunteer coders’ “job” to take his AI submissions seriously. He even filed a code of conduct complaint with the project against the developers. This was not upheld. So he proclaimed the project corrupt. [GitHub; Seylaw, archive] This is an actual comment that this user left on another project: [GitLab] As a non-programmer, I have zero understanding of the code and the analysis and fully rely on AI and even reviewed that AI analysis with a different AI to get the best possible solution (which was not good enough in this case). You can see why people don’t really want to deal with this sort of contribution. But maybe we’ll get a flood of obviously excellent AI code – — and AI code submitters — – next year. https://pivot-to-ai.com/2025/05/13/if-ai-is-so-good-at-coding-where-are-the-open-source-contributions/ —————————— Date: Sat, 10 May 2025 21:31:38 -0400 From: Monty Solomon Subject: How Apple Created a Legal Mess When It Skirted a Judge’s Ruling Court documents show the company commissioned a sham report and lied on the stand to justify its actions, which will cast a shadow over future lawsuits. https://www.nytimes.com/2025/05/09/technology/apple-app-store-antitrust.html —————————— Date: Sat, 10 May 2025 21:39:32 -0400 From: Monty Solomon Subject: How to Secure Your Phone’s Data Before Traveling Abroad (NYTimes) Here are some best practices for safeguarding sensitive personal data. https://www.nytimes.com/2025/04/30/technology/personaltech/travel-burner-phone-cbp.html —————————— Date: Sat, 10 May 2025 22:54:46 -0400 From: Monty Solomon Subject: Thumbprint on Cigarette Carton Cracks a 48-Year-Old California Murder Case (NY Times) A young mother told friends that she’d be “back in 10 minutes.” She never returned, and the police in San Jose have now charged a man in her death. https://www.nytimes.com/2025/05/10/us/jeanette-ralston-cold-case-murder-suspect.html —————————— Date: Sun, 11 May 2025 07:00:32 -0700 From: Steve Bacher Subject: Walgreens doubles down on prescription-filling robots to cut costs, free up pharmacists amid turnaround (CNBC) Walgreens is expanding the number of its retail stores served by its micro-fulfillment centers as it works to turn itself around and prepares to go private. As struggling drugstore chains work to regain their footing, Walgreens is doubling down on automation. The company is expanding the number of retail stores served by its micro-fulfillment centers, which use robots to fill thousands of prescriptions for patients who take medications to manage or treat diabetes, high blood pressure and other conditions. Walgreens aims to free up time for pharmacy staff, reducing their routine tasks and eliminating inventory waste. Fewer prescription fills would allow employees to interact directly with patients and perform more clinical services such as vaccinations and testing. […] https://www.cnbc.com/2025/05/11/walgreens-doubles-down-on-robots-to-fill-prescriptions-amid-turnaround.html —————————— Date: Fri, 9 May 2025 10:12:25 PDT From: Peter Neumann Subject: Smart Phones Finally Getting Expelled in Classes (New York Magazine) NY Magazine, 8 May 2025 Starting at the beginning of the 2025-26 school year, New York public and charter schools will be implementing plans for “bell-to-bell” smartphone bans, which prohibit the “unsanctioned use of smartphones and other Internet-enabled personal devices on school grounds in K-12 schools for the entire school day.” Yes, there is a growing trend of schools and states banning or restricting student smartphone use, particularly during class time. This is driven by concerns about student distraction, mental health, and the potential for bullying and negative social behaviors. Many states, including Florida, Indiana, and New York, have already implemented or are planning to implement such bans. —————————— Date: Wed, 14 May 2025 22:46:42 -0400 From: Gabe Goldberg Subject: A VPN Company Canceled All Lifetime Subscriptions, Claiming It Didn’t Know About Them (WiReD) In March, complaints started appearing online about lifetime subscriptions to VPNSecure no longer working. The new owners of VPN provider VPNSecure have drawn ire after canceling lifetime subscriptions. The owners told customers that they didn’t know about the lifetime subscriptions when they bought VPNSecure, and they cannot honor the purchases. The first public response Ars Technica found came on April 28, when lifetime subscription holders reported receiving an email from the VPN provider saying: “To continue providing a secure and high-quality experience for all users, Lifetime Deal accounts have now been deactivated as of April 28th, 2025.” A copy of the email from “The VPN Secure Team” and posted on Reddit notes that VPNSecure had previously deactivated accounts with lifetime subscriptions that it said hadn’t been used in “over 6 months.” The message noted that VPNSecure was acquired in 2023, “including the technology, domain, and customer database — but not the liabilities.” The email continues: Unfortunately, the previous owner did not disclose that thousands of Lifetime Deals (LTDs) had been sold through platforms like StackSocial. We discovered this only months later — when a large portion of our resources were strained by these LTD accounts and high support volume from users, who through part of the database, provided no sustaining income to help us improve and maintain the service. https://www.wired.com/story/vpnsecure-canceled-all-lifetime-subscriptions-claiming-it-didnt-know-about-them —————————— Date: Sat, 17 May 2025 11:32:33 -0400 From: Gabe Goldberg Subject: Why We’re Unlikely to Get Artificial General Intelligence Anytime Soon (NY Times) The titans of the tech industry say artificial intelligence will soon match the powers of humans’ brains. Are they underestimating us? [(No) surprise] https://www.nytimes.com/2025/05/16/technology/what-is-agi.html?smid=nytcore-ios-share&referringSource=articleShare —————————— Date: Fri, 16 May 2025 11:37:34 -0400 (EDT) From: ACM TechNews Subject: Attack Steals Cryptocurrency by Planting False Memories in Chatbots (Dan Goodin) Dan Goodin, *Ars Technica* (05/13/25), via ACM TechNews A “context manipulation” exploit developed by Princeton University researchers leverages prompt injection attacks against the open source framework ElizaOS to steal cryptocurrency. ElizaOS uses large language models to undertake blockchain-based transactions for users based on predefined rules. The attacks depend on a feature of ElizaOS in which past conversations are stored in an external database, which allows anyone authorized to transact with an agent to create a false memory that triggers an override of security defenses. —————————— Date: Mon, 12 May 2025 12:58:06 -0400 From: Gabe Goldberg Subject: Young Americans are investing in crypto and meme coins as a path to wealth (The Washington Post) These young people see meme coins as their best shot at the American Dream. When traditional routes to wealth feel out of reach, jokey cryptocurrencies can look more attractive. “Financial nihilism” is driving some members of Gen Z to crypto, said Joe McCann, founder and CEO of Asymmetric, a crypto hedge fund that counts itself as one of the first institutional investors in meme coins. Young people with high levels of student debt, who are more likely to live with their parents than prior generations, are less inclined to stash money into a 401(k), he said. They’d rather wager a few hundred bucks on a meme coin, McCann added, because they feel they don’t have other good options. […] Several conference attendees told The Washington Post they expected crypto to thrive during President Donald Trump’s administration in part because he has a personal stake in meme coins. The president has been promoting two coins launched in January called $TRUMP and $MELANIA that were created by a firm affiliated with the Trump Organization. His association with the coins, including a recent offer to host a dinner for top investors, has been criticized for creating a conflict of interest. Trump has also overseen a pullback in regulatory scrutiny of crypto firms. In February, the U.S. Securities and Exchange Commission ruled that meme coins are collectibles, not securities. Industry players say that could lead to a bumper crop of newly minted meme coins. […] Following the meme coin market’s moves requires dedication as the Internet cycles from one punch line to the next. “I always have my phone in my hand,” said Jeff Matthews, who estimates that he notches 14 to 17 hours of screen time daily, mostly spent trading meme coins. —————————— Date: Mon, 12 May 2025 12:55:31 -0400 From: Gabe Goldberg Subject: His X Account Was Hijacked to Sell a Fake WIRED Memecoin. Then Came the Backlash (WiReD) Earlier this year, a hacker used his X account to hawk a fraudulent WIRED-branded crypto coin. After they pulled the rug on investors, he faced the aftermath. https://www.wired.com/story/wired-memecoin-scam-hacked-x-account/ —————————— Date: Tue, 13 May 2025 08:12:00 -0700 From: “Jim” Subject: CISA mutes own website, shifts routine cyber-alerts to Musk’s RSS, email (The Register) Cripes, we were only joking when we called Elon’s social network the new state media Iain Thomson —————————— Date: Mon, 12 May 2025 14:05:28 +0200 From: “Prof. Dr. Peter Bernard Ladkin” Subject: Tragedy, Fools but no Iago in sight On Friday, 2 May, at about 17.50 local time, the driver of a Mercedes SUV ran into pedestrians on a busy street near the centre of the city of Stuttgart in Germany. One died; seven others were injured. It seems to have all the indications of a tragic accident. The car is (very) expensive; the owner was driving; his young son was sitting in the passenger seat. The most-read newspaper in Germany is the “tabloid” Bild-Zeitung. Bild reported the accident, as well as that the driver is a “Selfmade-Millionär” (which is German for “selfmade millionaire”) with an Internet portal on which he sells stuff. Bild also invented a pseudonym for him, “Markus S.” (German law prevents reporting full last names in potential criminal cases, in this case a possible charge of “causing death by negligence”, fahrlässige Tötung). There is, however, a real Markus S., last name “Schön”, who is an Internet entrepreneur in Detmold, a city some 450+km north of the accident site in Stuttgart. Herr Schön’s site sells office and school supplies. He started receiving hate mails and death threats almost immediately, it seems, and sales on his site went precipitiously down. Sunday 4 May he posted on LinkedIn to say it wasn’t him. The editor of Bild got in touch. Bild amended its story to make it clear that it wasn’t him, and offered him space to do so himself (which he didn’t take). By Friday 9 May it seems things were back to “normal” for Herr Schön and his business. All this courtesy of a story in my local paper at the weekend (10-11 May) by Silke Buhrmester entitled “Detmolder Unternehmer bedroht” (“Detmold businessman threatened”). [PDL, Danke Schön. PGN] —————————— Date: Fri, 16 May 2025 07:50:00 -0700 From: Steve Bacher Subject: Riverside wants to become ‘the new Detroit.’ Can this self-driving electric bus get it there? (LA Times) In 2023, the Riverside (CA) City Council approved a two-year pilot program to have the Riverside Transit Agency operate, staff and maintain three automated, fully electric shuttle buses. The first bus began serving the Riverside Municipal Airport this week. There is a little shuttle bus in the Inland Empire that’s fueled with big aspirations. It’s electric, tops out at 25 mph, and can only go on a pre-designated route set up by the Riverside Transit Agency. But here’s a catch — it also drives itself. As of Monday, commuters in Riverside are the first in the country to ride a fully self-driving, publicly accessible bus that is deployed by a city transit agency. […] https://www.latimes.com/california/story/2025-05-15/riverside-self-driving-buses —————————— Date: Thu, 15 May 2025 12:56:54 +0100 From: Martin Ward Subject: IBM Vibe coding IBM is really into the new vibe of “vibe coding”: https://www.ibm.com/think/topics/vibe-coding There are just a few, really minor, limitations: “for real world applications … vibe coding becomes challenging.” “Code generated by AI is challenging to debug because it’s dynamic and lacks architectural structure.” “Applications built using AI generated code face maintenance and update challenges” “This can cause developers to struggle to understand the underlying logic” “Security concerns … unseen vulnerabilities that can go unnoticed and be exploited” But hey, as long as your application isn’t a real world application, does not need optimisation, you don’t care about bugs, you don’t need to maintain it or understand the underlying logic, and you don’t care about security, then vibe coding is for you! —————————— Date: Thu, 15 May 2025 12:56:18 +0100 From: Martin Ward Subject: How to fix your code using OpenAI You write a try/catch and in the catch send a message to OpenAI: “Fix this error but return only the code” and then you eval the result! https://www.youtube.com/watch?v=TZt6thN7AU8 —————————— Date: Tue, 13 May 2025 21:47:44 -0600 From: Matthew Kruk Subject: Case quacked: Flying duck caught by Swiss speed camera is repeat offender (BBC) https://www.bbc.com/news/articles/c1ldnedvde9o A duck has been caught speeding on traffic cameras in the town of Koeniz in central Switzerland. Local police said the mallard — a wild duck — was snapped on radar images on 13 April clocking in at 52km (32 miles per hour) in a 30km zone. Adding to the mystery, authorities said the duck was likely a repeat offender and shared an image of a similar looking duck traveling in the same spot, at the same speed and on the same date in 2018. [Perhaps the duck thought the zone was 30mph? There’s a somewhat tortured German pun here: Gans Gut! However, Gans is a Goose not a duck (Ente), and Ganz is German for more-or-less. So, since it might be the same duck, it might be flying until Die Ente Time. PGN] —————————— Date: Fri, 16 May 2025 07:13:49 -0700 From: “Jim” Subject: We live in the tension between overestimating risks and ignoring them http://enewspaper.latimes.com/infinity/article_share.aspx?guid=80b7df93-cfb5 -4ba3-a2b2-0a87bb7cd025 [I wish it were so simple. Lately, I have been unable to keep up with the huge pile of e-mail, which suggests that our readers are more tuned to the middle ground — some sort of huge area in between, in which veteran RISKS readers are not overestimating the risks. However, I have had to ignore a few items because of the huge pile of potentially fascinating items submitted that I cannot always read. If you ever submit something really germane that I seem to have overlooked, please RESUBMIT with a subject line that says perhaps I UNDERLOOKED it and ask me to consider it. That would make me feel much better about not missing a superb item. PGN] —————————— Date: Wed, 14 May 2025 03:35:23 -0400 (EDT) From: Mark Brader Subject: RISKS-34.62 layout As seen in comp.risks, RISKS-34.62 contains 12 items that are second or third occurrences of earlier items in the same issue. (That was based on the table of contents, but I think the body was the same way.) [Mark, My apologies to all readers. I had a series of EMACS accidents after having completed an earlier version of the issue and then tried to add lots more items to try to catch up. I think there were actually some dupes that were not duped in the ToC but duped in the text. I won’t try that again — as it evidently created unneeded risks! I usually keep a backup once I get a stable version, but did not do so this time. And I don’t have time to try to fix it now after it was immediately discovered by Lindsay Marshall in Newcastle… PGN] —————————— Date: Mon, 12 May 2025 06:19:30 +0000 From: Richard Marlon Stein Subject: Re: FBI Says Cybercrime Cost Surpassed $16 Billion in 2024 (Raphael Satter, RISKS 34.62)