[33863] in RISKS Forum
Risks Digest 34.87
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Feb 14 16:30:42 2026
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 14 Feb 2026 13:38:41 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 14 February 2026 Volume 34 : Issue 87
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.87>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Inside the Debacle That Led to the Closure of El Paso’s Airspace (NYT)
OpenAI is Making the Mistakes Facebook Made. I quit. (Zoe Hitzig)
America Isn't Ready for What AI Will Do to Jobs (The Boston Globe)
ChatGPT's Memory Feature Supercharges Prompt Injection (DarkReading)
Lawsuit against Tesla reveals harrowing 911 call as driver trapped in
burning car (The Boston Globe)
Hackers Publish Personal Information Stolen During Harvard, UPenn Data
Breaches (Lorenzo Franceschi-Bicchierai)
European Commission Breached (Tom Allen)
When Prison Body Scanners Mistake Tampons and Piercings for Contraband (NYTimes)
Look for a citation (WSJ)
Risks of naive AI (Rob Slade with picky PGN comments)
Re: New Site Lets AI Rent Human Bodies (Martin Ward)
Dave Farber passed away at 91 (sundry)
Abridged info on RISKS (comp.risks)
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 14 Feb 2026 14:27:31 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Inside the Debacle That Led to the Closure of El Paso’s Airspace (NYT)
The FAA, citing “a grave risk of fatalities” from a new technology being
used on the Mexican border, got caught in a stalemate with the Pentagon,
which deemed the weapon “necessary.”
https://www.nytimes.com/2026/02/14/us/politics/el-paso-airspace-closure-faa-pentagon.html
------------------------------
Date: Fri, 13 Feb 2026 14:32:55 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: OpenAI is Making the Mistakes Facebook Made. I quit. (Zoe Hitzig)
Zoe Hitzig, *The New York Times* Opinion, 13 Feb 2026
Chatbot add risk exploiting users who believe their interlocutors
have no ulterior motives
... None of these options are easy. But we still have time to work them out
to avert the two outcomes I fear most: a technology that manipulates the
people who use it at no cost, and one that exclusively benefits the few who
can afford it.
------------------------------
Date: Wed, 11 Feb 2026 11:23:01 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: America Isn't Ready for What AI Will Do to Jobs (The Boston Globe)
https://www.theatlantic.com/magazine/2026/03/ai-economy-labor-market-trans=
formation/685731/
------------------------------
Date: Thu, 8 Jan 2026 19:15:50 -0500
From: Monty Solomon <monty@roscom.com>
Subject: ChatGPT's Memory Feature Supercharges Prompt Injection (DarkReading)
https://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injection
------------------------------
Date: Fri, 6 Feb 2026 18:13:18 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Lawsuit against Tesla reveals harrowing 911 call as driver trapped in
burning car (The Boston Globe)
The wrongful death suit claims the Massachusetts driver survived the crash
but died from thermal injuries after being unable to escape.
Samuel Tremblett was driving a Tesla in the afternoon of Oct. 29 when he
lost control of the vehicle and collided with a tree off Route 138 in
Easton. Immediately after the crash, the car burst into flames.
As described in a lawsuit filed Wednesday by his mother, Jacquelyn, against
Tesla in U.S. District Court for the District of Massachusetts, Tremblett,
20, survived the crash but was unable to exit the vehicle because the
electric door handles were inoperable. [...]
https://www.boston.com/news/local-news/2026/02/05/lawsuit-against-tesla-reveals-harrowing-911-call-as-driver-trapped-in-burning-car/
[This is a case where China has shown more smarts than the U.S., at least
regarding door-handle safety. SB]
[This not the first case involving an automated car-door that could not
be opened electrically because there was no power -- or because the door
had been crunched by the crash and could not be opened before the
battery caught on fire. However, we have noted here before that Teslas
with no power could still be opened by ripping up the inside of the
door; thus, there had been an long-undocumented escape mechanism for
opening the driver's door manually when there was no power. PGN]
------------------------------
Date: Fri, 6 Feb 2026 11:40:48 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Hackers Publish Personal Information Stolen During Harvard, UPenn
Data Breaches (Lorenzo Franceschi-Bicchierai)
Lorenzo Franceschi-Bicchierai, TechCrunch (02/04/26)
A hacking group known as ShinyHunters claimed responsibility for last year's
data breaches at Harvard University and the University of Pennsylvania
(UPenn) and published the stolen information online after the schools
refused to pay a ransom. The group said it leaked more than 1 million
records from each university. UPenn attributed its breach to social
engineering, while Harvard said its incident stemmed from a voice-phishing
attack linked to broader assaults on identity providers.
------------------------------
Date: Wed, 11 Feb 2026 11:35:55 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: European Commission Breached (Tom Allen)
Tom Allen, Computing (UK) (02/09/26) via TechNews
The European Commission (EC) said CERT-EU, the EU's central cybersecurity
service, detected a cyberattack on the EC's mobile infrastructure on Jan. 30
and contained it within nine hours. It remains uncertain how the EC's
systems were breached, but the incident may be associated with
vulnerabilities in Ivanti's Endpoint Manager Mobile software that were used
to target other European institutions late last year and have since been
patched. Ivanti disclosed two additional code-injection vulnerabilities on
Jan. 29.
------------------------------
Date: Sat, 7 Feb 2026 00:24:16 -0500
From: Monty Solomon <monty@roscom.com>
Subject: When Prison Body Scanners Mistake Tampons and Piercings for Contraband
(NYTimes)
When Prison Body Scanners Mistake Tampons and Piercings for Contraband Women
hoping to visit their loved ones at New York prisons are being turned away
after scanners pick up what they say are menstrual products. Some have had
their visitation rights suspended.
https://www.nytimes.com/2026/02/06/nyregion/new-york-prison-body-scanners-women.html
------------------------------
Date: Mon, 2 Feb 2026 10:37:54 -0500
From: Tom Van Vleck <thvv@multicians.org>
Subject: Look for a citation (WSJ)
A U.S. intelligence official has alleged wrongdoing by Director of National
Intelligence Tulsi Gabbard in a whistleblower complaint that is so highly
classified it hasn't been shared with Congress."
rest of article is behind a paywall.
https://www.wsj.com/politics/national-security/classified-whistleblower-complaint-about-tulsi-gabbard-stalls-within-her-agency-027f5331
“you are trying to access a WSJ News Exclusive, loser. “
[A question often arises: How often is information highly classified to protect
individual or group failures and malpractices? PGN]
------------------------------
Date: Wed, 11 Feb 2026 07:38:37 -0800
From: Rob Slade <rslade@gmail.com>
Subject: Risks of naive AI
In a posting about recent activities on Moltbook, someone made the
observation that AI agents are pretty naive.˜
[Someone? It was Mark's fore-sights and my intentionally understated
warning-shot, with added comments in the first item -- and the questioning
second item, AI Agents Have Their Own Social Network. I am startled that
no one else besides Rob sees the gigantic danger ahead in the AI-hyped
Openclawed Moltbook that appears to be riddled with exploitable security
holes, and needs urgent remediation or withdrawal. PGN]
The observation was in regard to the ability of agents to successfully
perform various tasks, but my professionally paranoid mind immediately went
in another direction.
As we use them more, and particularly as we use them on the Internet, AI
agents are going to get scammed. As it happens, I'm writing up a bunch of
material on scams, right now, so this is kind of top of mind for me.
https://fibrecookery.blogspot.com/2026/02/online-scams-frauds-and-other-attacks.html
OK, probably most AI agents don't have any money, so, I can hear you say,
how can they get scammed? Well, they do have access to something of value:
they have a lot of information about *you*. In order to make them more
useful to you, you've given them a lot of information about you. You've
probably given them access to a lot of your online accounts. (Possibly
you've given them access to your bank accounts and credit cards, in order
that they may make purchases for you?)
And this, of course, is only one way in which AI agents could be scammed.
Somebody could claim to *be* you, and give them new orders. Botnets on
steroids?
I suspect somebody needs to think about this ...
[PLEASE go back and read the lead item on MoltBook/Claw in the previous
issue. and try to imagine what might happen. The situation is actually
much worse than it might seem. It has the potential to enable access to
everything on your computer. I cannot believe the RISKS audience missed
this one. PGN]
------------------------------
Date: Sat, 7 Feb 2026 12:52:57 +0000
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: New Site Lets AI Rent Human Bodies (RISKS-34.86)
I am reminded of the film "Billion Dollar Brain" (1967)
"Harry Palmer, who has left MI5 to work as a private investigator, is told
by a mechanical voice on the phone to take a package to Helsinki. [...]
Leo takes Harry to a secret room where a computer issues daily instructions
to the local team, speaking in the same voice that summoned Harry to
Helsinki."
https://en.wikipedia.org/wiki/Billion_Dollar_Brain
------------------------------
Date: Sun, 8 Feb 2026 17:19:47 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: Dave Farber passed away at 91
Dave Farber, often called "the grandfather of the Internet" and a
friend of mine since early ARPANET days, died yesterday at 91. Peace.
[From the Japan Times (02/11/26) Jessica Speed
ACM Fellow David J. Farber, whose work helped lay the foundations of
modern Internet networking, has died at the age of 91. While working at
Bell Laboratories early in his career, Farber helped design the first
electronic switching system and contributed to the SNOBOL programming
language. Later, at the University of California, Irvine, he led research
that produced the world's first operational distributed computer
system. While at the University of Delaware, he helped conceive major
U.S. research networks including CSNET and NSFNet, and played a key role
in the Gigabit Network Testbed Initiative.]
[Many years ago when David first came to Bell Labs in the early 1960s, I
had the great plesure of sharing my Murray Hill office with him until he
finally settled in Holmdel. We have been friends and colleagues since
then. Dave was an amazing contributor for his entire professional career
over many different areas. He provide copious material for RISKS way back
in volume 3. He was still going until the very end. He always had a
wonderful sense of the big picture. He will be sorely missed. Lauren I
both worked closely with Dave later. PGN]
[Via Victor Miller:
cherry.heiyui@keio.jp: Sad news: Dave Farber has passed away]
https://mailarchive.ietf.org/arch/msg/ietf/hyJBX_lXzJ8bXBpAyImNCXOW_no/
[
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.87
************************
