[33831] in RISKS Forum
Risks Digest 34.77
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Oct 11 20:51:43 2025
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 11 Oct 2025 17:56:28 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 11 October 2025 Volume 34 : Issue 77
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.77>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Long gap. Working backwards. I'm still human. PGN]
How the World's Biggest Car-Makers Fell Behind in Software (FT)
Why Are Car Software Updates Still So Bad? (WiReD via Gabe Goldberg)
A delivery robot collided with a disabled man on L.A. street.
The aftermath is getting ugly (LA Times via Steve Bacher)
Scientists grow mini human brains to power computers (BBC)
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
(WiReD)
Every question you ask, every comment you make, will be recording you
(The Register)
EU to Expand Satellite Defenses After GPS Jamming of EC President's Flight
(Franklin Okeke)
NIST Enhances Security Controls for Improved Patching (Arielle Waldman)
When AI Came for Hollywood (The NY Times)
Small numbers of poisoned samples can wreck LLM AI models of any size
(Cornell Study)
Taco Bell Rethinks Future of Voice AI at Drive-Through (Isabelle Bousquette)
AI Tool Identifies 1,000 'Questionable' Scientific Journals (Daniel Strain)
Stanford Study: AI is destroying job prospects for younger workers
especially in computing (Digital Economy)
The dangers of AI coding (Lauren Weinstein)
AI safety tool flags student activity, spurs debate on privacy and accuracy
(san.com)
The AI Prompt That Could End the World (The NY Times)
Recruiters Use AI to Scan Resumes; Applicants Are Trick It (The NYT Times)
Tristan Harris on The Dangers of Unregulated AI on Humanity and the
Workforce (The Daily Show YouTube)
The popular conception was that AI would be a danger to civilization because
AI would be so smart, but the reality turns out to be the danger is that AI
is so stupid. (Lauren Weinstein)
AI Data Centers Are an Even Bigger Disaster Than Previously Thought
(Futurism)
Microsoft's agent mode is a tool for generating fake data (Pivot to AI)
Cheer Up, or Else. China Cracks Down on the Haters and Cynics (NYT)
Criminals offer reporter money to hack BBC (BBC)
Tech billionaires seem to be doom prepping. Should we all be worried? (BBC)
Japan faces Asahi beer shortage after cyber-attack (BBC)
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus
Interposer (The Hacker News)
Exploit Allows for Takeover of Fleets of Unitree Robots (Evan Ackerman)
Google Says 90% of Tech Workers Are Now Using AI at Work (Lisa Eadicicco)
Neon buys phone calls to train AI, then leaks them all (Martin Ward)
Government ID data used for age verification stolen (This week in Security)
Federal cyber agency warns of 'serious and urgent' attack on tech used by
remote workers (CBC)
Billions of Dollars ‘Vanished’: Low-Profile Bankruptcy Rings Alarms on Wall
Street (The New York Times)
911 Service Is Restored in Louisiana and Mississippi
How an Internet mapping glitch turned a random Kansas farm into a digital
hell (Fusion)
Microsoft cuts off cloud services to Israeli military unit (NBC)
ShareFile website (Martin Ward)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 3 Sep 2025 11:30:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: How the World's Biggest Car-Makers Fell Behind in Software (FT)
Kana Inagaki, Harry Dempsey and David Keohane, Financial Times (08/28/25),
via ACM TechNews
Legacy automakers are struggling to keep pace with Tesla and Chinese
electric vehicle makers in the race to build software-defined vehicles.
Despite hiring tech talent and investing billions, companies like Toyota,
Volkswagen, and Volvo face buggy platforms, delays, and rising costs.
Carmakers are partnering with tech giants like Google, Nvidia, and Rivian,
but tensions remain over control of data and systems.
------------------------------
Date: Sun, 5 Oct 2025 14:17:02 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Why Are Car Software Updates Still So Bad? (WiReD)
Over-the-air upgrades can not only transform your ride, they can help
car=makers slash costs. Here's why they’re still miles away from being
seamless.
https://www.wired.com/story/why-are-car-software-updates-still-so-bad/
Omits two critical issues: security of updates, preventing malware. And
bricking cars -- though "bricking" is in a section heading, but only meaning
reducing function rather than -- you know, making a car useless.
I badgered auto execs about these issues and got nothing but "it'll be
wonderful".
------------------------------
Date: Fri, 26 Sep 2025 07:15:09 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: A delivery robot collided with a disabled man on L.A. street.
The aftermath is getting ugly (LA Times)
A collision in West Hollywood between a delivery robot and a man using a
mobility scooter went viral, generating attacks on the robot company and
on the man himself.
https://www.latimes.com/california/story/2025-09-25/viral-video-of-delivery-robot-colliding-with-man-in-wheelchair-sparks-accessibility-debate
------------------------------
Date: Sat, 4 Oct 2025 17:30:25 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Scientists grow mini human brains to power computers (BBC)
https://www.bbc.com/news/articles/cy7p1lzvxjro
It may have its roots in science fiction, but a small number of researchers
are making real progress trying to create computers out of living cells.
Welcome to the weird world of biocomputing.
Among those leading the way are a group of scientists in Switzerland, who I
went to meet.
One day, they hope we could see data centres full of "living" servers which
replicate aspects of how artificial intelligence (AI) learns - and could
use a fraction of the energy of current methods.
------------------------------
Date: Fri, 10 Oct 2025 12:28:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous
Exploits (WiReD)
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells
WIRED that the company is also offering bonuses that could bring the max
total reward for iPhone exploits to $5 million.
https://www.wired.com/story/apple-announces-2-million-bug-bounty-reward/
Apple Took Down These ICE-Tracking Apps. The Developers Aren't Giving
Up. “We are going to do everything in our power to fight this,” says
ICEBlock developer Joshua Aaron after Apple removed his app from the App
Store.
https://www.wired.com/story/apple-took-down-ice-tracking-apps-their-developers-arent-giving-up/
------------------------------
Date: Mon, 18 Aug 2025 16:53:36 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Every question you ask, every comment you make, will be
recording you (The Register)
When you're asking AI chatbots for answers, they're data-mining you
https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/?td=rt-3a
------------------------------
Date: Wed, 3 Sep 2025 11:30:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: EU to Expand Satellite Defenses After GPS Jamming of EC
President's Flight (Franklin Okeke)
Franklin Okeke, Computing (U.K.) (09/02/25), via ACM TechNews
The European Union (EU) plans to deploy additional satellites in low Earth
orbit to strengthen its ability to detect GPS interference, following an
incident targeting European Commission (EC) President Ursula von der Leyen's
flight. Pilots reportedly had to rely on paper maps to land von der Leyen's
plane safely in Plovdiv, Bulgaria. An EU spokesperson said Bulgarian
authorities suspect Russia was behind the jamming, though the Kremlin denies
involvement. Similar GPS disruptions have affected the Baltic region and
previous EU and U.K. flights.
------------------------------
Date: Wed, 3 Sep 2025 11:30:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: NIST Enhances Security Controls for Improved Patching
(Arielle Waldman)
Arielle Waldman, Dark Reading (09/02/25), via ACM TechNews
The U.S. National Institute of Standards and Technology (NIST) updated its
Security and Privacy Control catalog to improve software patch and update
management. The revisions focus on three key areas: standardized logging
syntax to speed incident response, root-cause analysis to address underlying
software issues, and designing systems for cyber-resiliency to maintain
critical functions under attack. The update also emphasizes least-privilege
access, flaw-remediation testing, and coordinated notifications.
------------------------------
Date: Sat, 4 Oct 2025 22:23:13 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: When AI Came for Hollywood (The NY Times)
https://www.nytimes.com/2025/10/04/opinion/ai-hollywood-tilly-norwood-actress.html
In the immortal words of Emily Blunt, ``Good Lord, we're screwed.''
She was on a podcast with Variety Monday when she was handed a headline
about cinema's latest sensation, Tilly Norwood.
Agents are circling the hot property, a fresh-faced young British brunette
actress who is attracting global attention.
Norwood is AI, and Blunt is P.O.ed. In fact, she says, she's terrified.
Told that Tilly's creator, Eline Van der Velden, a Dutch former actress
with a masters in physics, wants her to be the next Scarlett Johansson,
Blunt protested. But we have Scarlett Johansson. (Cue the Invasion of
the Body Snatchers music.)
[This item follows Matthew's earlier item:
She can fight monsters, flee explosions, and even cry on Graham Norton --
but Tilly Norwood is no Hollywood darling.
https://www.cbc.ca/news/entertainment/ai-actress-backlash-1.7647478
I wonder if her eyes have back-lashes? I am afraid some of you may be
her pupils, in which she should have been named IRIS. Tilly seems Silly.
unless money is flowing into the Till(y). But she is certainly proof
that AI has no limits. PGN]
------------------------------
Date: Thu, 9 Oct 2025 14:25:42 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Small numbers of poisoned samples can wreck LLM AI models of any
size (Cornell Study)
https://arxiv.org/pdf/2510.07192
------------------------------
Date: Wed, 3 Sep 2025 11:30:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Taco Bell Rethinks Future of Voice AI at Drive-Through
(Isabelle Bousquette)
Isabelle Bousquette, The Wall Street Journal (08/29/25), via ACM TechNews
Taco Bell has seen mixed results in its experiment with voice AI ordering at
over 500 drives-through. Customers have reported glitches, delays, and even
trolled the system with absurd orders, prompting concerns about reliability.
The fastfood chain's Dane Mathews acknowledged the technology sometimes
disappoints, noting it may not suit all locations, especially high-traffic
ones. The chain is reassessing where AI adds value and when human staff
should step in.
------------------------------
Date: Wed, 3 Sep 2025 11:30:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: AI Tool Identifies 1,000 'Questionable' Scientific Journals
(Daniel Strain)
Daniel Strain, CU Boulder Today (08/28/25), via ACM TechNews
Computer scientists at the University of Colorado Boulder developed an AI
platform to identify questionable or "predatory" scientific journals. These
journals often charge researchers high fees to publish work without proper
peer review, undermining scientific credibility. The AI, trained on data
from the non-profit Directory of Open Access Journals, analyzed 15,200
journals and flagged over 1,400 as suspicious, with human experts later
confirming more than 1,000 as likely problematic. The tool evaluates
editorial boards, website quality, and publication practices.
------------------------------
Date: Tue, 26 Aug 2025 07:04:13 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Stanford Study: AI is destroying job prospects for younger workers
especially in computing (Digital Economy)
The Big Tech Billionaire CEO are toasting the destruction of young
people's lives. THEY DO NOT CARE ABOUT YOU. -L
https://digitaleconomy.stanford.edu/wp-content/uploads/2025/08/Canaries_BrynjolfssonChandarChen.pdf
------------------------------
Date: Sat, 4 Oct 2025 09:02:12 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: The dangers of AI coding
I am SO glad I phased out of most coding years ago, except as needed for my
own systems. Those jobs are toast. But the dangers are very real.
Just now I needed a Bash script for a network monitoring task. I must have
written dozens of these in various forms over the years. Pings and status
flags and the usual stuff.
So this time, just for the hell of it, I asked Gemini (free version of
course) to do it:
"write me a bash script that will ping a specific ip address and when the
pings start failing keep trying to ping and then when the pings are
successful again send a specific curl command to that ip address"
wAnd about 10 seconds or less later out came a completely reasonable
looking, nicely commented Bash script, along with a reminder to make
the file executable and how to stop it with ^C.
This of course is a very simple, really trivial task, and I was able to
quickly read through the code and verify that it looked correct.
The problem of course is obvious. I could do this verification only because
I have enough skill to easily write that code MYSELF, it would just take me
more time. If the code were more complex and/or voluminous, just checking
could range from very lengthy to utterly impractical to do at all, meaning
any errors could go undetected with everything that implies, especially for
dangerous "sleeper" bugs.
There may be a useful analogy to vehicle driver assist systems, that may
lull drivers into being less attentive and causing them to be unable to
respond to emergency situations quickly when their intervention is most
required.
Crashing code and crashing cars. All very dangerous.
------------------------------
Date: Thu, 25 Sep 2025 14:54:28 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: AI safety tool flags student activity, spurs debate on privacy and
accuracy (san.com)
https://san.com/cc/ai-safety-tool-flags-student-activity-spurs-debate-on-privacy-and-accuracy/
In federal lawsuit, students allege Lawrence school district's AI
surveillance tool violates their rights
https://lawrencekstimes.com/2025/08/01/usd497-gaggle-lawsuit-filed/
------------------------------
Date: Fri, 10 Oct 2025 15:48:55 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: The AI Prompt That Could End the World (The NY Times)
https://www.nytimes.com/2025/10/10/opinion/ai-destruction-technology-future.html
How much do we have to fear from AI, really? It's a question I've been
masking experts since the debut of ChatGPT in late 2022.
The AI pioneer Yoshua Bengio, a computer science professor at the
Universit=C3=A9 de Montr=C3=A9al, is the most-cited researcher alive, in any
discipline. When I spoke with him in 2024, Dr. Bengio told me that he had
trouble sleeping while thinking of the future. Specifically, he was worried
that an AI would engineer a lethal pathogen == some sort of
super-coronavirus -- to eliminate humanity. ``I don't think there's
anything close in terms of the scale of danger,'' he said.
Contrast Dr. Bengio's view with that of his frequent collaborator Yann
LeCun, who heads AI research at Mark Zuckerberg's Meta. Like Dr. Bengio,
Dr. LeCun is one of the world's most-cited scientists. He thinks that AI
will usher in a new era of prosperity and that discussions of existential
risk are ridiculous. ``You can think of A.I. as an amplifier of human
intelligence,'' he said in 2023.
------------------------------
Date: Thu, 9 Oct 2025 15:24:59 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Recruiters Use AI to Scan Resumes; Applicants Are Trying to Trick
It (The NYT Times)
In an escalating cat-and-mouse game, job hunters are trying to fool AI into
moving their applications to the top of the pile with embedded instructions.
https://www.nytimes.com/2025/10/07/business/ai-chatbot-prompts-resumes.html?smid=nytcore-ios-share&referringSource=articleShare
...read comments.
------------------------------
Date: Wed, 8 Oct 2025 17:28:53 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Tristan Harris on The Dangers of Unregulated AI on Humanity and
the Workforce (The Daily Show YouTube)
“This does not have to be our destiny.” Co-founder of the Center for Humane
Technology Tristan Harris sits down with Jon Stewart to discuss how AI has
already disrupted the workforce as current iterations of the technology have
dropped entry-level work by 13%, tech companies prioritization of their
first-to-market stance over product and human safety, and how reliance on AI
is stifling human growth. #DailyShow #TristanHarris #AI
https://www.youtube.com/watch?v=675d_6WGPbo
[Also noted by Matthew Kruk. PGN]
------------------------------
Date: Tue, 7 Oct 2025 08:25:38 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: The popular conception was that AI would be a danger to
civilization because AI would be so smart, but the reality turns out to be
the danger is that AI is so stupid.
------------------------------
Date: Sat, 11 Oct 2025 08:52:15 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: AI Data Centers Are an Even Bigger Disaster Than Previously Thought
(Futurism)
https://futurism.com/future-society/ai-data-centers-finances
------------------------------
Date: Thu, 2 Oct 2025 11:00:41 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Microsoft's agent mode is a tool for generating fake data
(Pivot to AI via YouTube)
Microsoft has put a co-pilot document generator into the online version of
Office 365, called "agent mode". Quote: "In the same way, Vibe coding has
transformed software development, the latest reasoning models in C-Pilot
unlock agentic productivity for office artifacts"
This is a gadget for faking evidence.
Security researcher Kevin Bowmont gave agent mode a good try out. He asked
it: "Make a spreadsheet about how our endpoint detection response tool
blocks 100% of ransomware." It did exactly that. It made up a spreadsheet
of completely fake data about the product's effectiveness. With graphs.
Pivot to AI report:
https://www.youtube.com/watch?v=kH59-8dD08g
------------------------------
Date: Tue, 7 Oct 2025 23:09:51 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Cheer Up, or Else. China Cracks Down on the Haters and Cynics (NYT)
https://www.nytimes.com/2025/10/08/world/asia/china-censorship-pessimism-despair.html
As China struggles with economic discontent, Internet censors are silencing
those who voice doubts about work, marriage, or simply sigh too loudly
online.
------------------------------
Date: Mon, 29 Sep 2025 11:45:38 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Criminals offer reporter money to hack BBC (BBC)
https://www.bbc.com/news/articles/c3w5n903447o
Like many things in the shadowy world of cyber-crime, an insider threat is
something very few people have experience of.
Even fewer people want to talk about it.
But I was given a unique and worrying experience of how hackers can
leverage insiders when I myself was recently propositioned by a criminal
gang.
"If you are interested, we can offer you 15% of any ransom payment if you
give us access to your PC."
------------------------------
Date: Thu, 9 Oct 2025 20:54:45 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Tech billionaires seem to be doom prepping. Should we all be
worried? (BBC)
https://www.bbc.com/news/articles/cly17834524o
Mark Zuckerberg is said to have started work on Koolau Ranch, his sprawling
1,400-acre compound on the Hawaiian island of Kauai, as far back as 2014.
It is set to include a shelter, complete with its own energy and food
supplies, though the carpenters and electricians working on the site were
banned from talking about it by non-disclosure agreements, according to a
report by Wired magazine. A six-foot wall blocked the project from view of
a nearby road.
Asked last year if he was creating a doomsday bunker, the Facebook founder
gave a flat "no". The underground space spanning some 5,000 square feet is,
he explained, is "just like a little shelter, it's like a basement".
------------------------------
Date: Fri, 3 Oct 2025 06:36:32 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Japan faces Asahi beer shortage after cyber-attack (BBC)
https://www.bbc.com/news/articles/c0r0y14ly5ro
Japan is facing a shortage of Asahi products, including beer and bottled
tea, as the drinks giant grapples with the impact of a major cyber-attack
that has affected its operations in the country.
Most of the Asahi Group's factories in Japan have been at a standstill
since Monday, after the attack hit its ordering and delivering systems.
Major Japanese retailers, including 7-Eleven and FamilyMart, have now
warned customers to expect shortages of Asahi products.
[A kiss is just a kiss, Asahi is just a sigh, as time goes by(e)...
Casablanca. We'll always have Paris for wine -- and bierre. PGN]
------------------------------
Date: Sat, 4 Oct 2025 01:23:59 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus
Interposer (The Hacker News)
https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html?m=1
------------------------------
Date: Mon, 29 Sep 2025 11:22:12 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Exploit Allows for Takeover of Fleets of Unitree Robots
(Evan Ackerman)
Evan Ackerman, *IEEE Spectrum* (09/25/25), via ACM TechNews
Security researchers disclosed a critical Bluetooth Low Energy vulnerability
in several robots manufactured by Chinese robotics company Unitree that
gives attackers full root access and enables worm-like self-propagation
between nearby devices. The exploit, called UniPwn, affects Unitree's Go2
and B2 quadrupeds as well as its G1 and H1 humanoids, and arises from
hardcoded encryption keys and insufficient packet validation. Attackers can
inject malicious code disguised as Wi-Fi credentials, leading to persistent
compromise and potential botnet formation.
------------------------------
Date: Fri, 26 Sep 2025 11:32:18 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Google Says 90% of Tech Workers Are Now Using AI at Work
(Lisa Eadicicco)
Lisa Eadicicco, CNN (09/23/25), via ACM TechNews
Of 5,000 global technology professionals surveyed by Google's DORA research
decision, the vast majority (90%) said they now use AI in their jobs, up
from just 14% who did so in 2024. However, the survey found only 20% of
respondents place "a lot" of trust in the quality of AI-generated code,
compared to 23% who trust it "a little" and 46% who trust it "somewhat."
------------------------------
Date: Sat, 27 Sep 2025 10:48:55 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Neon buys phone calls to train AI, then leaks them all
Neon Mobile is an app that sells your phone calls to AI companies for
training, and pays you 15–30 cents per minute!
Could there be a RISK of all this personal data leaking?
One day after reporting on the new app, Techcrunch reported that Neon's
publicly accessible web site listed "data about the most recent calls made
by the app’s users, as well as providing public web links to their raw audio
files and the transcript text"
Pivot to AI report:
https://www.youtube.com/watch?v=G_LKccOiCoo
------------------------------
Date: Sat, 4 Oct 2025 07:23:13 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Government ID data used for age verification stolen
(This Week in Security)
[Gee, as if nobody predicted stuff like this, huh?]
https://this.weekinsecurity.com/discord-says-users-government-ids-used-for-age-checks-stolen-by-hackers/
------------------------------
Date: Fri, 26 Sep 2025 15:23:40 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Federal cyber agency warns of 'serious and urgent' attack on
tech used by remote workers (CBC)
https://www.cbc.ca/news/politics/cisco-cyber-attack-vpn-1.7644591
Government cyber-agencies around the world are rushing to clamp down on
what appears to be an advanced and sophisticated espionage campaign
targeting popular security software used by remote workers.
Calling the threat "serious and urgent," Canada's Communication Security
Establishment's (CSE) Centre for Cyber Security joined its international
allies Thursday urging organizations to take immediate action to patch up
vulnerabilities following a widespread hit on the technology security
company Cisco.
------------------------------
Date: Sat, 11 Oct 2025 12:44:20 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: Billions of Dollars ‘Vanished’: Low-Profile Bankruptcy Rings Alarms
on Wall Street (The New York Times)
The unraveling of First Brands, a midsize auto-parts maker, is exposing
hidden losses at international banks and “private credit” lenders.
Unlike traditional banks, private credit lenders say, they have the
ability to lend quickly because they understand complicated, risky
businesses and do not need to worry about repaying ordinary depositors
or reporting public earnings.
Trillions of dollars have been plowed into private credit over the past
decade, principally from pension funds, endowments and other groups that
rely on such investments to fulfill obligations to retirees and the like.
Editors’ Picks
Out of This World Fashion for Life on Earth
Should I Keep Donating to an Animal Shelter That Treats Employees Badly?
Can I Take Batteries on a Plane? What to Know Before You Fly.
The Trump administration made moves this summer to allow 401(k) plans to
invest savings into the private equity funds that extend private credit
to companies, raising the stakes even further.
The First Brands bankruptcy could amount to something of an
I-told-you-so moment for the traditional bankers and private-credit
skeptics who have long maintained that these upstart lenders deserve
more scrutiny.
https://www.nytimes.com/2025/10/10/business/first-brands-bankruptcy-wall-street.html?smid=nytcore-ios-share&referringSource=articleShare
------------------------------
Date: Thu, 25 Sep 2025 23:08:03 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: 911 Service Is Restored in Louisiana and Mississippi (NYTimes)
https://www.nytimes.com/2025/09/25/us/mississippi-louisiana-outages-911-emergency.html
Emergency call service was disrupted across Louisiana and Mississippi for
more than two hours on Thursday afternoon, officials said, citing damage to
fiber optic lines operated by AT&T.
Gov. Tate Reeves of Mississippi said that the state’s Emergency Management
Agency had received reports that AT&T was responding to “a series of fiber
cuts,” which he said had interrupted service in Mississippi and Louisiana.
Scott Simmons, a spokesman for the Mississippi Emergency Management Agency,
said there were no indications of foul play, and that AT&T was
investigating.
------------------------------
Date: Thu, 2 Oct 2025 08:44:19 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: How an Internet mapping glitch turned a random Kansas farm into a
digital hell (Fusion)
EXCERPT:
An hour’s drive from Wichita, Kansas, in a little town called Potwin, there
is a 360-acre piece of land with a very big problem.
The plot has been owned by the Vogelman family for more than a hundred
years, though the current owner, Joyce Taylor née Vogelman, 82, now rents
it out. The acreage is quiet and remote: a farm, a pasture, an old orchard,
two barns, some hog shacks and a two-story house. It’s the kind of place
you move to if you want to get away from it all. The nearest neighbor is a
mile away, and the closest big town has just 13,000 people. It is real,
rural America; in fact, it’s a two-hour drive from the exact geographical
center of the United States.
But instead of being a place of respite, the people who live on Joyce
Taylor’s land find themselves in a technological horror story.
For the last decade, Taylor and her renters have been visited by all kinds
of mysterious trouble. They've been accused of being identity thieves,
spammers, scammers and fraudsters. They've gotten visited by FBI agents,
federal marshals, IRS collectors, ambulances searching for suicidal
veterans, and police officers searching for runaway children. They've found
people scrounging around in their barn. The renters have been doxxed, their
names and addresses posted on the Internet by vigilantes. Once, someone
left a broken toilet in the driveway as a strange, indefinite threat.
All in all, the residents of the Taylor property have been treated like
criminals for a decade. And until I called them this week, they had no idea
why.
To understand what happened to the Taylor farm, you have to know a little
bit about how digital cartography works in the modern era—in particular, a
form of location service known as “IP mapping:. [...]
https://archive.ph/zHha3
------------------------------
Date: Fri, 26 Sep 2025 13:04:28 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Microsoft cuts off cloud services to Israeli military unit (NBC)
I don't know which is more unsettling: That a private company takes action
against a sovereign nation's military at war -- or that a nation at war
keeps some of its top secrets on a cloud managed by a foreign private
company.
------------------------------
Date: Fri, 26 Sep 2025 10:42:17 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: ShareFile website
I recently had to set up an account on ShareFile.
(1) I used the Firefox feature to generate a strong password. The website
said there was a "bad character" in the generated password. It wouldn't say
*which* character, so I had to go through taking out characters one at a
time until it was happy. It turned out to be "<". Presumably, this
character triggered a bug in their software somewhere. Rather than fix the
bug, they added a check to prevent this character from appearing in
passwords
(2) I pasted in my phone number and it complained that spaces are not
allowed in phone numbers. The computer code to strip spaces from a phone
number is not particularly difficult or complex to write: they had already
implemented the code to check for spaces. But I had to manually execute the
process of stripping spaces from
These are irritants rather than security hazards: but given that the quality
of the customer-facing interface software is so poor, it does not inspire
much confidence in the security of their file sharing software generally.
At least the file I was sharing was encrypted before uploading to the
ShareFile site!
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.77
************************
