[33838] in RISKS Forum
Risks Digest 34.78
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Oct 25 19:40:35 2025
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 25 Oct 2025 16:45:17 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 25 October 2025 Volume 34 : Issue 78
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.78>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
BART outage snarls commute for hours (The Chron)
Hackers take over public-address systems at 4 North American airports (CNN)
Software update bricks some Jeep 4xe hybrids over the weekend (Ars Technica)
Morons: Tesla reintroduces 'Mad Max' Full Self-Driving mode that breaks
speed limits (Engadget)
More DNS vulnerabilities (BIND)
F5 loss of trust (The Register)
American Mayor Fears Dangerous Human Failures in the Department of Homeland
Security (Newsweek)
ICE is building a social media panopticon (The Verge)
Hackers, Pre-Internet Edition (Now I Know/Beehiiv)
Mic-E-Mouse Covert Eavesdropping through Computer Mice
(Google via geoff goodfellow)
Summary of the Amazon DynamoDB Service Disruption in Northern Virginia
Region US-EAST-1 (Amazon)
The Threat and Promise of AI (The Daily Show)
Armed police handcuff teen after AI mistakes crisp packet for gun in U.S. (BBC)
AI in Insurance (LA Times)
EHow AI and Wikipedia have sent vulnerable languages into a doom spiral
(MIT Technology Review)
POV: What You Would See During an AI Takeover (You Tube via Matt Kruk)
Altman announcing he's turning OpenAI into an AI porn machine (Lauren Weinstock)
ChatGPT will soon allow erotica for verified adults, says OpenAI boss (BBC)
A Crazy Crypto[currency Heist That's the Story of Our Time (Philip Shishkin)
Crypto exchange Cryptomus fined record $177M by Canada's financial crime
watchdog (CBC)
Nation-state hackers deliver malware from “bulletproof” blockchains (Dan Goodin)
The mysterious owner of a 'scam empire' accused of stealing $14bn in crypto
(BBC)
Hollywood's newest drama: Fake movie props (LA Times)
Chip Supply Chains Brace for China's Rare-Earth Curbs (Bloomberg)
Satellites Are Leaking the World's Secrets (WiReD)
OpenAI Weakened ChatGPT's Self-Harm Guardrails in Lead-Up to Teen's Death,
Lawsuit Says (Gimzmodo)
Google won't fix ASCII smuggling hack in Gemini AI (Pivot to AI)
Predatory gambling (The New York Times)
Researchers compare Universe browser to malware (Ars Technica)
The women taking Meta to task after their baby loss (BBC)
Re: Scientists grow mini human brains to power computers (Steve Bacher)
Re: A delivery robot collided with a disabled man (Henry Baker)
Re: Why Are Car Software Updates Still So Bad? (Kent Borg, Gabe Goldberg)
An AI became a crypto millionaire. Now it's fighting to become a person
(Steve Bacher)
AI Video Generators Are Now So Good You Can No Longer Trust Your Eyes
(Matthew Kruk)
Re: The dangers of AI anything (John Levine)
Re: How an Internet mapping glitch turned a random Kansas farm into a
digital hell (John Levine)
Meta slashes AI and Risks teams, will replace most privacy employees with
"automated" systems (Lauren Weinstein)
Fun Fact: In August, Amazon boasted that AI was pushing 75% of their
production code (Lauren Weinstein)
A Scammy Job Offer Over Text? I’ll Take It! (Gabe Goldberg)
Amazon issues detailed postmortem re AWS failure (Lauren Weinstein)
Script of my national radio report yesterday on the Amazon Web Outage ...
(Lauren Weinstein)
AWS outage: Are we relying too much on U.S. big tech? (BBC via Matt Kruk)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 23 Oct 2025 15:53:45 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: BART outage snarls commute for hours (The Chron)
*San Francisco Chronicle*, 6 Sep 2025, Shwanika Narayan et al.
Overnight computer upgrade triggers systemwide shutdown during peak time
``We knew there was an issue at 4:30am'' following an earlier routine
network upgrade that apparently failed. Traffic through the Transbay Tube
was halted until just before noon, although some East-Bay stations reopened
earlier.
------------------------------
Date: Thu, 16 Oct 2025 16:38:12 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Hackers take over public-address systems at 4 North American
airports (CNN)
https://www.cnn.com/2025/10/15/us/airport-cyber-breach-pennsylvania-canada-hnk
------------------------------
Date: Mon, 13 Oct 2025 13:54:23 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Software update bricks some Jeep 4xe hybrids over the weekend
(Ars Technica)
Owners of some Jeep Wrangler 4xe hybrids have been left stranded after
installing an over-the-air software update this weekend. The automaker
pushed out a telematics update for the Uconnect infotainment system that
evidently wasn't ready, resulting in cars losing power while driving and
then becoming stranded.
https://arstechnica.com/cars/2025/10/software-update-bricks-some-jeep-4xe-hybrids-over-the-weekend
Oh, no -- not over the WEEKEND!
If only problems like this could have been anticipated. Oh, wait...
[Also noted by Victor Miller. PGN]
------------------------------
Date: Thu, 16 Oct 2025 12:18:47 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Morons: Tesla reintroduces 'Mad Max' Full Self-Driving mode that
breaks speed limits (Engadget)
https://www.engadget.com/tesla-reintroduces-mad-max-full-self-driving-mode-that-breaks-speed-limits-190659583.html?src=rss
(Who needs steenking limits? or Move to Germany in hopes of going 140mpg
on freeways? I thought they had learned it was bad for the forests? PGN)
------------------------------
Date: Wed, 22 Oct 2025 15:42:22 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: More DNS vulnerabilities (BIND)
https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
------------------------------
Date: Wed, 15 Oct 2025 18:51:08 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: F5 loss of trust (The Register)
https://www.theregister.com/2025/10/15/highly_sophisticated_government_hackers_breached
F5 rotated their attestation keys as part of this kerfuffle. They have yet
to answer if that was preventative, or responsive.
Personally, if they aren't hammering on preventative, I'm forced to conclude
it was responsive.
Time to patch, and triple check the attestation.
------------------------------
Date: Sun, 19 Oct 2025 18:16:18 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: American Mayor Fears Dangerous Human Failures in the Department
of Homeland Security (Newsweek)
Portland, Oregon and many cities are protesting government policy.
Anyone who has worked for an organization including the military knows
clear instructions, training, communication, and quality determine whether
the organization succeeds or fails. The risks are high when the
organization carries weapons, is placed in an unfamiliar situation, or is
exhausted.
The Portland mayor has managed a trucking company and is responsible for
those employees and their safety.
That is why he wrote an editorial, linked. He is not a Risks professional,
but he very quickly understood the risk.
The Homeland Security building is in a dense residential area, with only a
few roads to it, and a hospital clinic with hundreds of employees.
The human factor we often find on Risks is a serious concern.
https://www.newsweek.com/portland-mayor-ice-facility-disaster-opinion-10892062
------------------------------
Date: Sat, 25 Oct 2025 15:02:18 -0400
From: Monty Solomon <monty@roscom.com>
Subject: ICE is building a social media panopticon (The Verge)
https://www.theverge.com/policy/806425/ice-social-media-surveillance-free-speech-assault
------------------------------
Date: Thu, 23 Oct 2025 01:22:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Hackers, Pre-Internet Edition (Now I Know/Beehiiv)
French towers were the 1800s version of the information superhighway -- and
had bandits of their own.
https://nowiknow.beehiiv.com/p/hackers-pre-internet-edition
------------------------------
Date: Sun, 12 Oct 2025 14:24:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Mic-E-Mouse Covert Eavesdropping through Computer Mice
*Your computer mouse has big ears*
EXCERPT:
*Abstract*
High-Performance Optical Sensors in Mice expose a *critical vulnerability*
=E2=80=94 one where confidential user speech can be leaked.
Attackers can exploit these sensors' ever-increasing polling rate and
sensitivity to emulate a makeshift microphone and covertly eavesdrop on
unsuspecting users. We present an attack vector that capitalizes on acoustic
vibrations propagated through the user's work surface, and we show that
existing consumer-grade mice can detect these vibrations. However, the
collected signal is low-quality and suffers from non-uniform sampling, a
non-linear frequency response, and extreme quantization. We introduce
*Mic-E-Mouse*, a pipeline consisting of successive signal processing and
machine learning techniques to overcome these challenges and achieve
intelligible reconstruction of user speech. We measure Mic-E-Mouse against
consumer-grade sensors on the VCTK and AudioMNIST speech datasets, and we
achieve an *SI-SNR* increase of +19=F0=9D=91=91=F0=9D=90=B5, a
*Speaker-Recognition* accuracy of 80% on the automated tests and a *WER* of
16.79% on the human study
*Vulnerable Mice*
The accessibility of these advanced input devices is steadily increasing.
Consumer-grade mice with high-fidelity sensors are *already readily
available* for under 50 U.S. Dollars. As improvements in process technology
and sensor development continue, it is reasonable to expect further
decreases in price, similar to the trend shown in the picture above.
Ultimately, these developments entail an *increased usage of vulnerable
mice* by consumers, companies, and governmental entities, *expanding the
attack surface* of vulnerabilities in these advanced sensor technologies.
*The Mic-E-Mouse Pipeline*
With only a vulnerable mouse, and a victim's computer running compromised or
even benign software (in the case of a web-based attack surface), we show
that it is possible to collect mouse packet data and *extract audio
waveforms*. Moreover, the software used scheme used in our pipeline is
*invisible to the average user* during the data collection process. After
this stage, all signal processing and data analysis can be performed offsite
at any time the adversary wishes. We present a visual outline of our
pipeline in the above diagram.
Threat Model* [...]
https://sites.google.com/view/mic-e-mouse
------------------------------
Date: Fri, 24 Oct 2025 18:49:51 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Summary of the Amazon DynamoDB Service Disruption in Northern
Virginia Region US-EAST-1 (Amazon)
https://aws.amazon.com/message/101925/
They buried the lede:
The root cause of this issue was a latent race condition in the DynamoDB DNS
management system that resulted in an incorrect empty DNS record for the
service's regional endpoint (dynamodb.us-east-1.amazonaws.com) that the
automation failed to repair.
------------------------------
From: Matthew Kruk <mkrukg@gmail.com>
Date: Thu, 16 Oct 2025 22:52:11 -0600
Subject: The Threat and Promise of AI (The Daily Show)
https://www.youtube.com/watch?v=eR5x7CArfT4
Is artificial intelligence an existential threat to humanity? Jon Stewart
and Jordan Klepper interview guests Mark Cuban, Carole Cadwalladr, Yuval
Noah Harari, Christine Lagarde, and Tristan Harris about the future of AI
and its role in society. #DailyShow #Technology #ArtificialIntelligence
------------------------------
Date: Fri, 24 Oct 2025 12:59:35 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Armed police handcuff teen after AI mistakes crisp packet for gun
in U.S. (BBC)
https://www.bbc.com/news/articles/cgjdlx92lylo
A U.S teenager was handcuffed by armed police after an artificial
intelligence (AI) system mistakenly said he was carrying a gun -- when really
he was holding a packet of crisps. "Police showed up, like eight cop cars,
and then they all came out with guns pointed at me talking about getting on
the ground," 16-year-old Baltimore pupil Taki Allen told local outlet WMAR-2
News.
Baltimore County Police Department said their officers "responded
appropriately and proportionally based on the information provided at the
time". It said the AI alert was sent to human reviewers who found no threat
-- but the principal missed this and contacted the school's safety team, who
ultimately called the police.
------------------------------
Date: Sun, 19 Oct 2025 12:38:22 PDT
From: Jim Geissman <jgeissman@socal.rr.com>
Subject: AI in Insurance (LA Times)
An insurance company is using AI to help in "risky" areas.
https://enewspaper.latimes.com/desktop/latimes/default.aspx?pubid=50435180-e58e-48b5-8e0c-236bf740270e
[Ouroboros -- the snake eating its own tail. PGN]
------------------------------
Date: Thu, 16 Oct 2025 05:09:40 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: How AI and Wikipedia have sent vulnerable languages into a doom
spiral (MIT Technology Review)
https://www.technologyreview.com/2025/09/25/1124005/ai-wikipedia-vulnerable-languages-doom-spiral/
------------------------------
Date: Fri, 24 Oct 2025 21:29:46 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: POV: What You Would See During an AI Takeover (You Tube via Matt Kruk)
https://www.youtube.com/watch?v=D8RtMHuFsUw
Species | Documenting AGI tagged products below. Learn more
If Anyone Builds It, Everyone Dies: Why Superhuman AI Would Kill Us All;
Hardcover; Author -- Eliezer Yudkowsky
Limited shipping areas
barnesandnoble.com/w/if-anyone-builds-it-everyone-dies-eliezer-yudkowsky/1147242101?ean=9780316595643
Highly recommend the full book, which goes into way more detail:
https://amzn.to/4qeJgFL
Detailed sources: https://docs.google.com/document/d/1o...
------------------------------
Date: Thu, 16 Oct 2025 07:54:05 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Altman announcing he's turning OpenAI into an AI porn machine
This suggests to me that the AI Bubble Bursting may be coming much faster
than even most pessimists warned.
------------------------------
Date: Wed, 15 Oct 2025 07:21:20 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: ChatGPT will soon allow erotica for verified adults, says OpenAI
boss (BBC)
https://www.bbc.com/news/articles/cpd2qv58yl5o
AI slowly goes down the toilet.
"OpenAI plans to allow a wider range of content, including erotica, on its
popular chatbot ChatGPT as part of its push to "treat adult users like
adults", says its boss Sam Altman.
In a post on X on Tuesday, Mr Altman said upcoming versions of the popular
chatbot would enable it to behave in a more human-like way - "but only if
you want it, not because we are usage maxxing".
The move, reminiscent of Elon Musk's xAI's recent introduction of two
sexually explicit chatbots to Grok, could help OpenAI attract more paying
subscribers."
[We are in the midst of a Toilet Bowling Game? PGN]
------------------------------
Date: Thu, 23 Oct 2025 15:53:45 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: A Crazy Crypto[currency Heist That's the Story of Our Time,
(Philip Shishkin)
Philip Shishkin, *The New York Times*, Opinion 12 Oct 2025
The cautionary tale of a billionaire [Bidzina Ivanishvili] and a fugitive
entrepeneur with control over a Bitcoin fortune [George Bachiashvili,
Georgian] who walked into the lobby of an Abu Dhabi hotel with a lawyer.
Moments later he was reportedly surrounded by a group of security
operatives, and whisked away on a private flight back to Georgia, where he
was imprisoned and asked to transfer his Bitcoin to Ivanishvili. He was
then beaten unconscious in his cell. [Full-page story PGN-ed]
------------------------------
Date: Wed, 22 Oct 2025 12:43:11 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Crypto exchange Cryptomus fined record $177M by Canada's financial
crime watchdog (CBC)
https://www.cbc.ca/news/business/cryptomus-fined-177-million-fintrac-9.6948338
A cryptocurrency exchange has been slapped with a fine of almost $177
million -- the largest-ever penalty by Canada's financial intelligence
agency -- for infractions including failing to flag more than 1,000
transactions with suspected links to criminal activity.
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
announced the penalty for Xeltox Enterprises Ltd. on Wednesday. The
B.C.-incorporated business operates as Cryptomus and was previously known
as Certa Payments Ltd.
The $176,960,190 fine eclipses the previous record -- roughly $20 million --
for a fine imposed by FINTRAC. That penalty was given to Peken Global Ltd,
the operator of another cryptocurrency firm, KuCoin, in September.
------------------------------
Date: Fri, 17 Oct 2025 20:41:43 -0400
From: Peter Neumann <neumann@csl.sri.com>
Subject: Nation-state hackers deliver malware from “bulletproof” blockchains
(Dan Goodin)
Ars Techica, Dan Goodin, 16 Oct 2025 3:40 PM (via Dan Geer)
Malicious payloads stored on Ethereum and BNB blockchains are immune to
takedowns.
https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/
------------------------------
Date: Thu, 23 Oct 2025 19:14:34 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: The mysterious owner of a 'scam empire' accused of stealing $14bn
in crypto (BBC)
https://www.bbc.com/news/articles/c70jz8e00g1o
Just 37 years old, Chen Zhi is accused of being "the mastermind behind a
sprawling cyber-fraud empire -- a criminal enterprise built on human
suffering".
With his wispy goatee beard and baby-faced features, he looks even younger
than he is. He has certainly become very wealthy, very quickly.
Last week the U.S. Department of Justice charged him with running scam
compounds in Cambodia that stole billions in cryptocurrency from victims all
over the world. The U.S Treasury Department has confiscated more than $14bn
(=C2=A310.5bn) worth of bitcoin that it says is linked to him -- it said
this was the largest ever crypto-currency seizure.
------------------------------
Date: Mon, 13 Oct 2025 09:16:06 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Hollywood's newest drama: Fake movie props (LA Times)
Props from iconic films like 'Star Wars' and 'Back to the Future' are
earning big dollars at auction and private sales. But as prices for these
objects have surged, so have questions about their authenticity.
https://www.latimes.com/entertainment-arts/business/story/2025-10-13/fake-movie-props-hollywood-star-wars-back-to-the-future-heritage-auctions
(My summary: Fakers are using 3-D printers to make copies of genuine movie
props and selling them as authentic.)
------------------------------
Date: Wed, 15 Oct 2025 11:18:25 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Chip Supply Chains Brace for China's Rare-Earth Curbs (Bloomberg)
Dasha Afanasieva, Debby Wu and Maggie Eastland, Bloomberg (10/11/25)
China's new export restrictions on rare earth minerals threaten to disrupt
the global semiconductor supply chain. The curbs, which require licenses for
any materials containing Chinese rare earths, could delay shipments for
ASML, the only manufacturer in the world of machines that make the most
advanced semiconductors, and raise costs for chipmakers reliant on
rare-earth magnets and components. In response, U.S. President Donald Trump
announced new export controls on "critical software," among other measures.
------------------------------
Date: Wed, 15 Oct 2025 11:18:25 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org
Subject: Satellites Are Leaking the World's Secrets (WiReD)
Andy Greenberg and Matt Burgess, Wired (10/13/25)
About half of geostationary satellite communications, which carry sensitive
data, are unencrypted and vulnerable to eavesdropping, according to
researchers at the universities of California, San Diego, and Maryland. Over
three years, the team used an $800 satellite receiver to capture unsecured
communications, including phone calls, text messages, and military
data. These findings exposed private data, including the location of
military personnel, critical infrastructure communication, and personal
information from cellular networks.
[Also noted by geoff goodfellow. PGN]
------------------------------
Date: Thu, 23 Oct 2025 06:35:11 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: OpenAI Weakened ChatGPT's Self-Harm Guardrails in Lead-Up to Teen's
Death, Lawsuit Says (Gizmodo)
[Charge the CEO with accessory to murder]
https://gizmodo.com/openai-weakened-chatgpts-self-harm-guardrails-in-lead-up-to-teens-death-lawsuit-says-2000675800
------------------------------
Date: Sun, 12 Oct 2025 01:40:10 -0400Su
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Google won't fix ASCII smuggling hack in Gemini AI (Pivot to AI)
Chatbots have various guard rails. But they're trained on all the good stuff
and the bad stuff, so slapping a filter on the front just isn’t going to
work well. You can probably sneak around it to give commands to the bot.
One way to get around the filters is ASCII smuggling -— where you hide your
command in weird high-end Unicode characters.
Viktor Markopoulos at FireTail tested a pile of chatbots on how well they
block ASCII smuggling. ChatGPT, Copilot, and Claude all catch this attack
and block it successfully. Gemini, Grok, and DeepSeek do not. [FireTail]
Gemini is special -— Google's put it everywhere. For instance, in any
company that uses Google Apps. Markopoulos built test attacks against Google
Calendar invites. He could hit the titles, the meeting organizer's name, and
the meeting descriptions.
Markopoulos reported this to Google last month. Google said it wasn't a
security bug: The issue you’re describing can only result in social
engineering.
------------------------------
Date: Thu, 16 Oct 2025 07:52:27 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subjct: Phishes from Google are going through the roof
Google Calendar invitations are now being used to send out PayPal phishing
scams. Also, about half of the phishing and gambling promotion emails I get
now are being forwarded to me by Gmail even when they end up in the Spam
folder in Gmail. Frankly, Gmail is showing signs of falling apart. Sure,
bring AI into Gmail, and let the basic functions rot. Great work, Google.
[It'S PHISHES CYCLE! PGN]
------------------------------
Date: Sat, 25 Oct 2025 14:47:07 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Predatory gambling (The New York Times)
What's the Deal With All Those FanDuel Ads? Peter Jackson, the chief
executive of Flutter Entertainment, FanDuel's parent company, is fighting
for attention as online gambling spreads across the United States.
*You've said that the market for sports betting in Britain is 20 years ahead
of the United States. In Britain, more regulations have been introduced as
awareness of gambling addiction has increased. Would you want to apply the
same standards in the U.S.?*
You’ve got to remember the context of the country. There’d be uproar in
America, the land of the free, if you brought in some of the “nanny state”
rules and regulations that people in the UK have to put up with.
https://www.nytimes.com/2025/10/12/business/fanduel-flutter-sports-betting-gambling.html
------------------------------
Date: Fri, 24 Oct 2025 07:42:27 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Researchers compare Universe browser to malware (Ars Technica)
https://arstechnica.com/security/2025/10/this-browser-claims-perfect-privacies-protection-but-it-acts-like-malware/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
------------------------------
Date: Sat, 11 Oct 2025 22:35:45 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: The women taking Meta to task after their baby loss (BBC)
https://www.bbc.com/news/articles/ce8450380zyo
What does my baby look like at six weeks? When's my due date? When should I
book my first midwife appointment?
These are just some questions women type into search engines when they find
out they're pregnant.
For Sammi Claxon, it was no different. Soon after she started searching for
answers, algorithms picked up that she was pregnant, and began targeting her
with adverts.
But when she lost her baby due to a miscarriage, the adverts didn't stop.
------------------------------
Date: Sun, 12 Oct 2025 10:32:27 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Scientists grow mini human brains to power computers (BBC)
So the wetware needs a power supply but "organoids don't have blood
vessels." That means some sort of energy generation and distribution system
needs to be connected. It could be a complete digestive and circulatory
system plus an input method for sources of energy, otherwise known as a
mouth, plus an output device for waste. You can see where this is going.
OTOH, maybe they can figure out a way to make the organoids use
photosynthesis. Another "green technology."
------------------------------
Date: Sun, 12 Oct 2025 16:31:40 +0000
From: Henry Baker <hbaker1@pipeline.com>o
Subject: Re: A delivery robot collided with a disabled man
(Bacher, RISKS-34.86)
I was in West Hollywood yesterday, and saw a delivery robot cross the street
(safely, at least this time!) in a "zebra" crosswalk in front of a Waymo.
I can't wait for the certain-to-happen news of a Waymo/delivery robot
altercation !
------------------------------
Date: Sun, 12 Oct 2025 11:33:49 -0700
From: Kent Borg <kentborg@borg.org>
Subject: Re: Why Are Car Software Updates Still So Bad? (WiReD)
> I badgered auto execs about these issues and got nothing but "it'll be
> wonderful". (Gabe Goldberg)
I know about technology, technology is a good friend of mine.
And that is why I have *no* intention of buying a new car anytime soon, not
until they realize that a "smartphone" on wheels, sold for tens of thousands
of dollars, is ridiculous.
I think there are some early regrets among consumers as they discover a
modern "bumper" is an extremely fragile component full of very expensive
parts that can't be repaired but must be replaced. Wait a few years and new
replacements won't even be available. There is a backlash coming, and
current execs will have collected their bonuses and have moved on by the
time it settles in.
------------------------------
Date: Sun, 12 Oct 2025 20:45:45 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Re: Why Are Car Software Updates Still So Bad? (Borg)
Same for me -- technophile, car-as-rolling/snooping computer averse.
I'm happy driving my 2007 Honda Accord 6-cyl stick shift coupe. Its
highest-tech is built-in nav system no longer getting updated map DVDs; no
connectivity. Nothing automotive I want has been offered for years
------------------------------
Date: Sun, 12 Oct 2025 10:35:02 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: An AI became a crypto millionaire. Now it's fighting to become a
person (BBC)
Over the past year, an AI made millions in cryptocurrency. It's written the
gospel of its own pseudo-religion and counts billionaire tech moguls among
its devotees. Now it wants legal rights. Meet Truth Terminal.
https://www.bbc.com/future/article/20251008-truth-terminal-the-ai-bot-that-became-a-real-life-millionaire
------------------------------
Date: Sun, 12 Oct 2025 23:59:49 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: AI Video Generators Are Now So Good You Can No Longer Trust Your
Eyes (NYTimes)
https://www.nytimes.com/2025/10/09/technology/personaltech/sora-ai-video-impact.html
Welcome to the era of fakery. The widespread use of instant video
generators like Sora will bring an end to visuals as proof.
------------------------------
Date: 12 Oct 2025 14:53:05 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: The dangers of AI anything (Lauren)
An article in today's *Financial Times* reports on the plight of a woman who
has worked as a specialized translator but now most of the work she is
offered is to review and clean up machine translations, at very low pay.
But you need to read the original to see if the translation is correct, so
it's no faster than doing the translation by hand.
https://on.ft.com/4oisN1n
I have read a lot of reports of people who think that AI has made them work
faster, but when actually measured, they're slower. Some are programmers,
some are in other fields. There's nothing new about people overestimating
what AI can do -- I remember when people thought that ELIZA was intelligent
when it was actually a small Fortran program.
------------------------------
Date: 14 Oct 2025 15:02:50 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: How an Internet mapping glitch turned a random Kansas farm into
a digital hell (Fusion)
This story about the default geolocation address is real, but it is also
from 2016. Surely something has changed in the past decade.
------------------------------
Date: Thu, 23 Oct 2025 17:55:02 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Meta slashes AI and Risks teams, will replace most privacy
employees with "automated" systesm
------------------------------
Date: Fri, 24 Oct 2025 09:39:29 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Fun Fact: In August, Amazon boasted that AI was pushing 75% of
their production code
Tdphought for the Day: How do you get your AI to fix the code that the AI
wrote when the systems that run the AI are down and you fired everyone
who know how the AI actually works? -L
------------------------------
Date: Mon, 13 Oct 2025 16:57:56 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Scammy Job Offer Over Text? I’ll Take It!
Author: It’s not, by many measures, a good time to be looking for work. As
The Wall Street Journal put it succinctly on Oct. 8: “The Unofficial Jobs
Numbers Are In and It’s Rough Out There.” Things are so bad that even the
person who puts out the federal government's employment numbers got fired.
It’s even worse for me. As a professional magazine writer, my career
prospects are not what they used to be. And yet, about six months ago, I
started getting deluged with offers. Sometimes multiple times a day.
Instead of coming from personal connections, these exciting opportunities
were coming unbidden via text.
At first, I thought this was weird, but everything happens to me through my
phone now. It makes sense that my next job would come from a text that
began, ``Hi There!'' I’m Angelina from Swagbucks.” This new era of
opportunity seemed friendly.
https://www.nytimes.com/2025/10/12/opinion/culture/a-scammy-job-offer-over-text-ill-take-it.html?smid=nytcore-ios-share&referringSource=articleShare
------------------------------
Date: Fri, 24 Oct 2025 06:53:27 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Amazon issues detailed postmortem re AWS failure
https://aws.amazon.com/message/101925/
------------------------------
Date: Tue, 21 Oct 2025 07:39:56 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Script of my national radio report yesterday on the Amazon Web
Services outage and the reliability of cloud services
[This is the script of my national radio report yesterday on the
widespread Amazon Web Services outage and the reliability of cloud
services. As always there may have been minor wording variations from this
script as I presented the report live on air.]
Yeah, so you may have discovered that one of more of your favorite web sites
didn't seem to be working properly and may not have been accessible at
all. And this happened around the world to a vast number of web sites
including reportedly many important services. Just to name a few in no
particular order: Wall Street Journal, Snapchat, McDonalds, Ring video
doorbells, Venmo, Hulu, Signal, various banks and government sites here in
the U.S. and in other countries -- very, very long list.
And indeed it turns out that this was all the fault of one company:
Amazon. And you might quite reasonably have been thinking to yourself, well
why would all those sites be messed up due to Amazon? And the answer is THE
CLOUD.
Yep, over the years more and more firms, government agencies, other
organizations and so on have moved some or all of the information technology
that they use from their own owned and operated systems to various Big Tech
cloud services providers -- and in an increasing number of cases
organizations and firms never had their own computing server facilities in
the first place and have operated from these cloud services from day one.
And these services provide various advantages especially in terms of being
able to quickly scale up when more capacity is needed and -- in theory
anyway -- being very reliable. But as we see, theory and practice can be
very different things indeed, and when these cloud services fail the results
can be very negative, very dramatic, and very widespread.
The big three cloud services providers are Amazon Web Services (AWS)
reportedly with about 30% of the global market, Microsoft Azure with about
20%, and Google Cloud Platform (GCP) with about 13%. So between them a bit
more than 60%. The remainder is filled by various Chinese based services and
a variety of smaller services here in the U.S. and elsewhere.
In the case of this particular Amazon AWS outage the problem apparently
originated in their us-east-1 region which is in a data center in Virginia,
starting a bit after 3 AM eastern and mostly apparently restored by about
5:30 AM eastern. Eventually Amazon may publish details on the outage, but
reports are that the outage was triggered by a DNS -- Domain Name System --
related failure.
There's an old saying in the Internet tech world that when there's a
widespread problem "It's ALWAYS the DNS". Well, in reality of course
it's not always the DNS, but yeah, often it IS the DNS. The Domain
Name System is the widely distributed and frankly rather rickety
mechanism used to map site names to the Internet site numeric
addresses that are actually used to establish communications between
sites and users. And when the DNS fails for any number of reasons it's
bad news that can cause all sorts of problems very quickly.
If it seems to you that centralization of so many sites running mostly
on the resources of a handful of cloud providers seems risky
irrespective of the reliability promises made by those cloud services,
you're not alone. In fact, some firms, organizations, and agencies
that originally moved to cloud services have been moving toward
migrating some or all of their IT operations back to self-owned
computing resources due to exactly these kinds of concerns. And it
doesn't take rocket science to see the logic in this.
Millions of websites are hosted by these cloud providers, and
especially by those Big Tech Big Three: Amazon, Microsoft, and Google.
And note also that these are all companies investing heavily in AI,
firms who could potentially be financially destabilized if the AI
bubble dramatically bursts as many observers predict is only a matter
of time.
Not putting all your eggs in one basket has long been a warning. It
applies even more today with websites, where a lot of sites could end
up with egg on their faces if they don't heed that warning -- and all
of us who depend on those websites could end up being the even bigger
losers.
------------------------------
Date: Tue, 21 Oct 2025 20:34:27 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: AWS outage: Are we relying too much on U.S. big tech? (BBC)
https://www.bbc.com/news/articles/c0jdgp6n45po
The Amazon Web Services (AWS) outage on Monday made global headlines after
knocking some of the world's largest sites offline for hours.
For users, the impacts ranged from the serious -- such as not being able to
access vital banking, government or work services -- to the not-so-serious,
such as fears of losing long built-up streaks on Duolingo.
But the outage has also reignited the debate around whether countries,
including the UK, are over-dependent on a handful of U.S. tech firms.
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.78
************************
