RISKS Forum mailing list archives
(no subject)
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 25 Oct 2025 16:45:17 PDT
Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 34.78 RISKS-LIST: Risks-Forum Digest Saturday 25 October 2025 Volume 34 : Issue 78 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.78> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: BART outage snarls commute for hours (The Chron) Hackers take over public-address systems at 4 North American airports (CNN) Software update bricks some Jeep 4xe hybrids over the weekend (Ars Technica) Morons: Tesla reintroduces 'Mad Max' Full Self-Driving mode that breaks speed limits (Engadget) More DNS vulnerabilities (BIND) F5 loss of trust (The Register) American Mayor Fears Dangerous Human Failures in the Department of Homeland Security (Newsweek) ICE is building a social media panopticon (The Verge) Hackers, Pre-Internet Edition (Now I Know/Beehiiv) Mic-E-Mouse Covert Eavesdropping through Computer Mice (Google via geoff goodfellow) Summary of the Amazon DynamoDB Service Disruption in Northern Virginia Region US-EAST-1 (Amazon) The Threat and Promise of AI (The Daily Show) Armed police handcuff teen after AI mistakes crisp packet for gun in U.S. (BBC) AI in Insurance (LA Times) EHow AI and Wikipedia have sent vulnerable languages into a doom spiral (MIT Technology Review) POV: What You Would See During an AI Takeover (You Tube via Matt Kruk) Altman announcing he's turning OpenAI into an AI porn machine (Lauren Weinstock) ChatGPT will soon allow erotica for verified adults, says OpenAI boss (BBC) A Crazy Crypto[currency Heist That's the Story of Our Time (Philip Shishkin) Crypto exchange Cryptomus fined record $177M by Canada's financial crime watchdog (CBC) Nation-state hackers deliver malware from âbulletproofâ blockchains (Dan Goodin) The mysterious owner of a 'scam empire' accused of stealing $14bn in crypto (BBC) Hollywood's newest drama: Fake movie props (LA Times) Chip Supply Chains Brace for China's Rare-Earth Curbs (Bloomberg) Satellites Are Leaking the World's Secrets (WiReD) OpenAI Weakened ChatGPT's Self-Harm Guardrails in Lead-Up to Teen's Death, Lawsuit Says (Gimzmodo) Google won't fix ASCII smuggling hack in Gemini AI (Pivot to AI) Predatory gambling (The New York Times) Researchers compare Universe browser to malware (Ars Technica) The women taking Meta to task after their baby loss (BBC) Re: Scientists grow mini human brains to power computers (Steve Bacher) Re: A delivery robot collided with a disabled man (Henry Baker) Re: Why Are Car Software Updates Still So Bad? (Kent Borg, Gabe Goldberg) An AI became a crypto millionaire. Now it's fighting to become a person (Steve Bacher) AI Video Generators Are Now So Good You Can No Longer Trust Your Eyes (Matthew Kruk) Re: The dangers of AI anything (John Levine) Re: How an Internet mapping glitch turned a random Kansas farm into a digital hell (John Levine) Meta slashes AI and Risks teams, will replace most privacy employees with "automated" systems (Lauren Weinstein) Fun Fact: In August, Amazon boasted that AI was pushing 75% of their production code (Lauren Weinstein) A Scammy Job Offer Over Text? Iâll Take It! (Gabe Goldberg) Amazon issues detailed postmortem re AWS failure (Lauren Weinstein) Script of my national radio report yesterday on the Amazon Web Outage ... (Lauren Weinstein) AWS outage: Are we relying too much on U.S. big tech? (BBC via Matt Kruk) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 23 Oct 2025 15:53:45 PDT From: Peter Neumann <neumann () csl sri com> Subject: BART outage snarls commute for hours (The Chron) *San Francisco Chronicle*, 6 Sep 2025, Shwanika Narayan et al. Overnight computer upgrade triggers systemwide shutdown during peak time ``We knew there was an issue at 4:30am'' following an earlier routine network upgrade that apparently failed. Traffic through the Transbay Tube was halted until just before noon, although some East-Bay stations reopened earlier. ------------------------------ Date: Thu, 16 Oct 2025 16:38:12 PDT From: Peter Neumann <neumann () csl sri com> Subject: Hackers take over public-address systems at 4 North American airports (CNN) https://www.cnn.com/2025/10/15/us/airport-cyber-breach-pennsylvania-canada-hnk ------------------------------ Date: Mon, 13 Oct 2025 13:54:23 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Software update bricks some Jeep 4xe hybrids over the weekend (Ars Technica) Owners of some Jeep Wrangler 4xe hybrids have been left stranded after installing an over-the-air software update this weekend. The automaker pushed out a telematics update for the Uconnect infotainment system that evidently wasn't ready, resulting in cars losing power while driving and then becoming stranded. https://arstechnica.com/cars/2025/10/software-update-bricks-some-jeep-4xe-hybrids-over-the-weekend Oh, no -- not over the WEEKEND! If only problems like this could have been anticipated. Oh, wait... [Also noted by Victor Miller. PGN] ------------------------------ Date: Thu, 16 Oct 2025 12:18:47 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Morons: Tesla reintroduces 'Mad Max' Full Self-Driving mode that breaks speed limits (Engadget) https://www.engadget.com/tesla-reintroduces-mad-max-full-self-driving-mode-that-breaks-speed-limits-190659583.html?src=rss (Who needs steenking limits? or Move to Germany in hopes of going 140mpg on freeways? I thought they had learned it was bad for the forests? PGN) ------------------------------ Date: Wed, 22 Oct 2025 15:42:22 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: More DNS vulnerabilities (BIND) https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social ------------------------------ Date: Wed, 15 Oct 2025 18:51:08 -0400 From: Cliff Kilby <cliffjkilby () gmail com> Subject: F5 loss of trust (The Register) https://www.theregister.com/2025/10/15/highly_sophisticated_government_hackers_breached F5 rotated their attestation keys as part of this kerfuffle. They have yet to answer if that was preventative, or responsive. Personally, if they aren't hammering on preventative, I'm forced to conclude it was responsive. Time to patch, and triple check the attestation. ------------------------------ Date: Sun, 19 Oct 2025 18:16:18 -0700 From: Rob Wilcox <robwilcoxjr () gmail com> Subject: American Mayor Fears Dangerous Human Failures in the Department of Homeland Security (Newsweek) Portland, Oregon and many cities are protesting government policy. Anyone who has worked for an organization including the military knows clear instructions, training, communication, and quality determine whether the organization succeeds or fails. The risks are high when the organization carries weapons, is placed in an unfamiliar situation, or is exhausted. The Portland mayor has managed a trucking company and is responsible for those employees and their safety. That is why he wrote an editorial, linked. He is not a Risks professional, but he very quickly understood the risk. The Homeland Security building is in a dense residential area, with only a few roads to it, and a hospital clinic with hundreds of employees. The human factor we often find on Risks is a serious concern. https://www.newsweek.com/portland-mayor-ice-facility-disaster-opinion-10892062 ------------------------------ Date: Sat, 25 Oct 2025 15:02:18 -0400 From: Monty Solomon <monty () roscom com> Subject: ICE is building a social media panopticon (The Verge) https://www.theverge.com/policy/806425/ice-social-media-surveillance-free-speech-assault ------------------------------ Date: Thu, 23 Oct 2025 01:22:32 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Hackers, Pre-Internet Edition (Now I Know/Beehiiv) French towers were the 1800s version of the information superhighway -- and had bandits of their own. https://nowiknow.beehiiv.com/p/hackers-pre-internet-edition ------------------------------ Date: Sun, 12 Oct 2025 14:24:45 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Mic-E-Mouse Covert Eavesdropping through Computer Mice *Your computer mouse has big ears* EXCERPT: *Abstract* High-Performance Optical Sensors in Mice expose a *critical vulnerability* =E2=80=94 one where confidential user speech can be leaked. Attackers can exploit these sensors' ever-increasing polling rate and sensitivity to emulate a makeshift microphone and covertly eavesdrop on unsuspecting users. We present an attack vector that capitalizes on acoustic vibrations propagated through the user's work surface, and we show that existing consumer-grade mice can detect these vibrations. However, the collected signal is low-quality and suffers from non-uniform sampling, a non-linear frequency response, and extreme quantization. We introduce *Mic-E-Mouse*, a pipeline consisting of successive signal processing and machine learning techniques to overcome these challenges and achieve intelligible reconstruction of user speech. We measure Mic-E-Mouse against consumer-grade sensors on the VCTK and AudioMNIST speech datasets, and we achieve an *SI-SNR* increase of +19=F0=9D=91=91=F0=9D=90=B5, a *Speaker-Recognition* accuracy of 80% on the automated tests and a *WER* of 16.79% on the human study *Vulnerable Mice* The accessibility of these advanced input devices is steadily increasing. Consumer-grade mice with high-fidelity sensors are *already readily available* for under 50 U.S. Dollars. As improvements in process technology and sensor development continue, it is reasonable to expect further decreases in price, similar to the trend shown in the picture above. Ultimately, these developments entail an *increased usage of vulnerable mice* by consumers, companies, and governmental entities, *expanding the attack surface* of vulnerabilities in these advanced sensor technologies. *The Mic-E-Mouse Pipeline* With only a vulnerable mouse, and a victim's computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and *extract audio waveforms*. Moreover, the software used scheme used in our pipeline is *invisible to the average user* during the data collection process. After this stage, all signal processing and data analysis can be performed offsite at any time the adversary wishes. We present a visual outline of our pipeline in the above diagram. Threat Model* [...] https://sites.google.com/view/mic-e-mouse ------------------------------ Date: Fri, 24 Oct 2025 18:49:51 +0000 From: Victor Miller <victorsmiller () gmail com> Subject: Summary of the Amazon DynamoDB Service Disruption in Northern Virginia Region US-EAST-1 (Amazon) https://aws.amazon.com/message/101925/ They buried the lede: The root cause of this issue was a latent race condition in the DynamoDB DNS management system that resulted in an incorrect empty DNS record for the service's regional endpoint (dynamodb.us-east-1.amazonaws.com) that the automation failed to repair. ------------------------------ From: Matthew Kruk <mkrukg () gmail com> Date: Thu, 16 Oct 2025 22:52:11 -0600 Subject: The Threat and Promise of AI (The Daily Show) https://www.youtube.com/watch?v=eR5x7CArfT4 Is artificial intelligence an existential threat to humanity? Jon Stewart and Jordan Klepper interview guests Mark Cuban, Carole Cadwalladr, Yuval Noah Harari, Christine Lagarde, and Tristan Harris about the future of AI and its role in society. #DailyShow #Technology #ArtificialIntelligence ------------------------------ Date: Fri, 24 Oct 2025 12:59:35 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Armed police handcuff teen after AI mistakes crisp packet for gun in U.S. (BBC) https://www.bbc.com/news/articles/cgjdlx92lylo A U.S teenager was handcuffed by armed police after an artificial intelligence (AI) system mistakenly said he was carrying a gun -- when really he was holding a packet of crisps. "Police showed up, like eight cop cars, and then they all came out with guns pointed at me talking about getting on the ground," 16-year-old Baltimore pupil Taki Allen told local outlet WMAR-2 News. Baltimore County Police Department said their officers "responded appropriately and proportionally based on the information provided at the time". It said the AI alert was sent to human reviewers who found no threat -- but the principal missed this and contacted the school's safety team, who ultimately called the police. ------------------------------ Date: Sun, 19 Oct 2025 12:38:22 PDT From: Jim Geissman <jgeissman () socal rr com> Subject: AI in Insurance (LA Times) An insurance company is using AI to help in "risky" areas. https://enewspaper.latimes.com/desktop/latimes/default.aspx?pubid=50435180-e58e-48b5-8e0c-236bf740270e [Ouroboros -- the snake eating its own tail. PGN] ------------------------------ Date: Thu, 16 Oct 2025 05:09:40 +0000 From: Victor Miller <victorsmiller () gmail com> Subject: How AI and Wikipedia have sent vulnerable languages into a doom spiral (MIT Technology Review) https://www.technologyreview.com/2025/09/25/1124005/ai-wikipedia-vulnerable-languages-doom-spiral/ ------------------------------ Date: Fri, 24 Oct 2025 21:29:46 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: POV: What You Would See During an AI Takeover (You Tube via Matt Kruk) https://www.youtube.com/watch?v=D8RtMHuFsUw Species | Documenting AGI tagged products below. Learn more If Anyone Builds It, Everyone Dies: Why Superhuman AI Would Kill Us All; Hardcover; Author -- Eliezer Yudkowsky Limited shipping areas barnesandnoble.com/w/if-anyone-builds-it-everyone-dies-eliezer-yudkowsky/1147242101?ean=9780316595643 Highly recommend the full book, which goes into way more detail: https://amzn.to/4qeJgFL Detailed sources: https://docs.google.com/document/d/1o... ------------------------------ Date: Thu, 16 Oct 2025 07:54:05 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Altman announcing he's turning OpenAI into an AI porn machine This suggests to me that the AI Bubble Bursting may be coming much faster than even most pessimists warned. ------------------------------ Date: Wed, 15 Oct 2025 07:21:20 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: ChatGPT will soon allow erotica for verified adults, says OpenAI boss (BBC) https://www.bbc.com/news/articles/cpd2qv58yl5o AI slowly goes down the toilet. "OpenAI plans to allow a wider range of content, including erotica, on its popular chatbot ChatGPT as part of its push to "treat adult users like adults", says its boss Sam Altman. In a post on X on Tuesday, Mr Altman said upcoming versions of the popular chatbot would enable it to behave in a more human-like way - "but only if you want it, not because we are usage maxxing". The move, reminiscent of Elon Musk's xAI's recent introduction of two sexually explicit chatbots to Grok, could help OpenAI attract more paying subscribers." [We are in the midst of a Toilet Bowling Game? PGN] ------------------------------ Date: Thu, 23 Oct 2025 15:53:45 PDT From: Peter Neumann <neumann () csl sri com> Subject: A Crazy Crypto[currency Heist That's the Story of Our Time, (Philip Shishkin) Philip Shishkin, *The New York Times*, Opinion 12 Oct 2025 The cautionary tale of a billionaire [Bidzina Ivanishvili] and a fugitive entrepeneur with control over a Bitcoin fortune [George Bachiashvili, Georgian] who walked into the lobby of an Abu Dhabi hotel with a lawyer. Moments later he was reportedly surrounded by a group of security operatives, and whisked away on a private flight back to Georgia, where he was imprisoned and asked to transfer his Bitcoin to Ivanishvili. He was then beaten unconscious in his cell. [Full-page story PGN-ed] ------------------------------ Date: Wed, 22 Oct 2025 12:43:11 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: Crypto exchange Cryptomus fined record $177M by Canada's financial crime watchdog (CBC) https://www.cbc.ca/news/business/cryptomus-fined-177-million-fintrac-9.6948338 A cryptocurrency exchange has been slapped with a fine of almost $177 million -- the largest-ever penalty by Canada's financial intelligence agency -- for infractions including failing to flag more than 1,000 transactions with suspected links to criminal activity. The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) announced the penalty for Xeltox Enterprises Ltd. on Wednesday. The B.C.-incorporated business operates as Cryptomus and was previously known as Certa Payments Ltd. The $176,960,190 fine eclipses the previous record -- roughly $20 million -- for a fine imposed by FINTRAC. That penalty was given to Peken Global Ltd, the operator of another cryptocurrency firm, KuCoin, in September. ------------------------------ Date: Fri, 17 Oct 2025 20:41:43 -0400 From: Peter Neumann <neumann () csl sri com> Subject: Nation-state hackers deliver malware from âbulletproofâ blockchains (Dan Goodin) Ars Techica, Dan Goodin, 16 Oct 2025 3:40 PM (via Dan Geer) Malicious payloads stored on Ethereum and BNB blockchains are immune to takedowns. https://arstechnica.com/security/2025/10/hackers-bullet-proof-hosts-deliver-malware-from-blockchains/ ------------------------------ Date: Thu, 23 Oct 2025 19:14:34 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: The mysterious owner of a 'scam empire' accused of stealing $14bn in crypto (BBC) https://www.bbc.com/news/articles/c70jz8e00g1o Just 37 years old, Chen Zhi is accused of being "the mastermind behind a sprawling cyber-fraud empire -- a criminal enterprise built on human suffering". With his wispy goatee beard and baby-faced features, he looks even younger than he is. He has certainly become very wealthy, very quickly. Last week the U.S. Department of Justice charged him with running scam compounds in Cambodia that stole billions in cryptocurrency from victims all over the world. The U.S Treasury Department has confiscated more than $14bn (=C2=A310.5bn) worth of bitcoin that it says is linked to him -- it said this was the largest ever crypto-currency seizure. ------------------------------ Date: Mon, 13 Oct 2025 09:16:06 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Hollywood's newest drama: Fake movie props (LA Times) Props from iconic films like 'Star Wars' and 'Back to the Future' are earning big dollars at auction and private sales. But as prices for these objects have surged, so have questions about their authenticity. https://www.latimes.com/entertainment-arts/business/story/2025-10-13/fake-movie-props-hollywood-star-wars-back-to-the-future-heritage-auctions (My summary: Fakers are using 3-D printers to make copies of genuine movie props and selling them as authentic.) ------------------------------ Date: Wed, 15 Oct 2025 11:18:25 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Chip Supply Chains Brace for China's Rare-Earth Curbs (Bloomberg) Dasha Afanasieva, Debby Wu and Maggie Eastland, Bloomberg (10/11/25) China's new export restrictions on rare earth minerals threaten to disrupt the global semiconductor supply chain. The curbs, which require licenses for any materials containing Chinese rare earths, could delay shipments for ASML, the only manufacturer in the world of machines that make the most advanced semiconductors, and raise costs for chipmakers reliant on rare-earth magnets and components. In response, U.S. President Donald Trump announced new export controls on "critical software," among other measures. ------------------------------ Date: Wed, 15 Oct 2025 11:18:25 -0400 (EDT) From: ACM TechNews <technews-editor () acm org Subject: Satellites Are Leaking the World's Secrets (WiReD) Andy Greenberg and Matt Burgess, Wired (10/13/25) About half of geostationary satellite communications, which carry sensitive data, are unencrypted and vulnerable to eavesdropping, according to researchers at the universities of California, San Diego, and Maryland. Over three years, the team used an $800 satellite receiver to capture unsecured communications, including phone calls, text messages, and military data. These findings exposed private data, including the location of military personnel, critical infrastructure communication, and personal information from cellular networks. [Also noted by geoff goodfellow. PGN] ------------------------------ Date: Thu, 23 Oct 2025 06:35:11 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: OpenAI Weakened ChatGPT's Self-Harm Guardrails in Lead-Up to Teen's Death, Lawsuit Says (Gizmodo) [Charge the CEO with accessory to murder] https://gizmodo.com/openai-weakened-chatgpts-self-harm-guardrails-in-lead-up-to-teens-death-lawsuit-says-2000675800 ------------------------------ Date: Sun, 12 Oct 2025 01:40:10 -0400Su From: Gabe Goldberg <gabe () gabegold com> Subject: Google won't fix ASCII smuggling hack in Gemini AI (Pivot to AI) Chatbots have various guard rails. But they're trained on all the good stuff and the bad stuff, so slapping a filter on the front just isnât going to work well. You can probably sneak around it to give commands to the bot. One way to get around the filters is ASCII smuggling -â where you hide your command in weird high-end Unicode characters. Viktor Markopoulos at FireTail tested a pile of chatbots on how well they block ASCII smuggling. ChatGPT, Copilot, and Claude all catch this attack and block it successfully. Gemini, Grok, and DeepSeek do not. [FireTail] Gemini is special -â Google's put it everywhere. For instance, in any company that uses Google Apps. Markopoulos built test attacks against Google Calendar invites. He could hit the titles, the meeting organizer's name, and the meeting descriptions. Markopoulos reported this to Google last month. Google said it wasn't a security bug: The issue youâre describing can only result in social engineering. ------------------------------ Date: Thu, 16 Oct 2025 07:52:27 -0700 From: Lauren Weinstein <lauren () vortex com> Subjct: Phishes from Google are going through the roof Google Calendar invitations are now being used to send out PayPal phishing scams. Also, about half of the phishing and gambling promotion emails I get now are being forwarded to me by Gmail even when they end up in the Spam folder in Gmail. Frankly, Gmail is showing signs of falling apart. Sure, bring AI into Gmail, and let the basic functions rot. Great work, Google. [It'S PHISHES CYCLE! PGN] ------------------------------ Date: Sat, 25 Oct 2025 14:47:07 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Predatory gambling (The New York Times) What's the Deal With All Those FanDuel Ads? Peter Jackson, the chief executive of Flutter Entertainment, FanDuel's parent company, is fighting for attention as online gambling spreads across the United States. *You've said that the market for sports betting in Britain is 20 years ahead of the United States. In Britain, more regulations have been introduced as awareness of gambling addiction has increased. Would you want to apply the same standards in the U.S.?* Youâve got to remember the context of the country. Thereâd be uproar in America, the land of the free, if you brought in some of the ânanny stateâ rules and regulations that people in the UK have to put up with. https://www.nytimes.com/2025/10/12/business/fanduel-flutter-sports-betting-gambling.html ------------------------------ Date: Fri, 24 Oct 2025 07:42:27 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Researchers compare Universe browser to malware (Ars Technica) https://arstechnica.com/security/2025/10/this-browser-claims-perfect-privacies-protection-but-it-acts-like-malware/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social ------------------------------ Date: Sat, 11 Oct 2025 22:35:45 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: The women taking Meta to task after their baby loss (BBC) https://www.bbc.com/news/articles/ce8450380zyo What does my baby look like at six weeks? When's my due date? When should I book my first midwife appointment? These are just some questions women type into search engines when they find out they're pregnant. For Sammi Claxon, it was no different. Soon after she started searching for answers, algorithms picked up that she was pregnant, and began targeting her with adverts. But when she lost her baby due to a miscarriage, the adverts didn't stop. ------------------------------ Date: Sun, 12 Oct 2025 10:32:27 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: Scientists grow mini human brains to power computers (BBC) So the wetware needs a power supply but "organoids don't have blood vessels." That means some sort of energy generation and distribution system needs to be connected. It could be a complete digestive and circulatory system plus an input method for sources of energy, otherwise known as a mouth, plus an output device for waste. You can see where this is going. OTOH, maybe they can figure out a way to make the organoids use photosynthesis. Another "green technology." ------------------------------ Date: Sun, 12 Oct 2025 16:31:40 +0000 From: Henry Baker <hbaker1 () pipeline com>o Subject: Re: A delivery robot collided with a disabled man (Bacher, RISKS-34.86) I was in West Hollywood yesterday, and saw a delivery robot cross the street (safely, at least this time!) in a "zebra" crosswalk in front of a Waymo. I can't wait for the certain-to-happen news of a Waymo/delivery robot altercation ! ------------------------------ Date: Sun, 12 Oct 2025 11:33:49 -0700 From: Kent Borg <kentborg () borg org> Subject: Re: Why Are Car Software Updates Still So Bad? (WiReD)
I badgered auto execs about these issues and got nothing but "it'll be wonderful". (Gabe Goldberg)
I know about technology, technology is a good friend of mine. And that is why I have *no* intention of buying a new car anytime soon, not until they realize that a "smartphone" on wheels, sold for tens of thousands of dollars, is ridiculous. I think there are some early regrets among consumers as they discover a modern "bumper" is an extremely fragile component full of very expensive parts that can't be repaired but must be replaced. Wait a few years and new replacements won't even be available. There is a backlash coming, and current execs will have collected their bonuses and have moved on by the time it settles in. ------------------------------ Date: Sun, 12 Oct 2025 20:45:45 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Re: Why Are Car Software Updates Still So Bad? (Borg) Same for me -- technophile, car-as-rolling/snooping computer averse. I'm happy driving my 2007 Honda Accord 6-cyl stick shift coupe. Its highest-tech is built-in nav system no longer getting updated map DVDs; no connectivity. Nothing automotive I want has been offered for years ------------------------------ Date: Sun, 12 Oct 2025 10:35:02 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: An AI became a crypto millionaire. Now it's fighting to become a person (BBC) Over the past year, an AI made millions in cryptocurrency. It's written the gospel of its own pseudo-religion and counts billionaire tech moguls among its devotees. Now it wants legal rights. Meet Truth Terminal. https://www.bbc.com/future/article/20251008-truth-terminal-the-ai-bot-that-became-a-real-life-millionaire ------------------------------ Date: Sun, 12 Oct 2025 23:59:49 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: AI Video Generators Are Now So Good You Can No Longer Trust Your Eyes (NYTimes) https://www.nytimes.com/2025/10/09/technology/personaltech/sora-ai-video-impact.html Welcome to the era of fakery. The widespread use of instant video generators like Sora will bring an end to visuals as proof. ------------------------------ Date: 12 Oct 2025 14:53:05 -0400 From: "John Levine" <johnl () iecc com> Subject: Re: The dangers of AI anything (Lauren) An article in today's *Financial Times* reports on the plight of a woman who has worked as a specialized translator but now most of the work she is offered is to review and clean up machine translations, at very low pay. But you need to read the original to see if the translation is correct, so it's no faster than doing the translation by hand. https://on.ft.com/4oisN1n I have read a lot of reports of people who think that AI has made them work faster, but when actually measured, they're slower. Some are programmers, some are in other fields. There's nothing new about people overestimating what AI can do -- I remember when people thought that ELIZA was intelligent when it was actually a small Fortran program. ------------------------------ Date: 14 Oct 2025 15:02:50 -0400 From: "John Levine" <johnl () iecc com> Subject: Re: How an Internet mapping glitch turned a random Kansas farm into a digital hell (Fusion) This story about the default geolocation address is real, but it is also from 2016. Surely something has changed in the past decade. ------------------------------ Date: Thu, 23 Oct 2025 17:55:02 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Meta slashes AI and Risks teams, will replace most privacy employees with "automated" systesm ------------------------------ Date: Fri, 24 Oct 2025 09:39:29 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Fun Fact: In August, Amazon boasted that AI was pushing 75% of their production code Tdphought for the Day: How do you get your AI to fix the code that the AI wrote when the systems that run the AI are down and you fired everyone who know how the AI actually works? -L ------------------------------ Date: Mon, 13 Oct 2025 16:57:56 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: A Scammy Job Offer Over Text? Iâll Take It! Author: Itâs not, by many measures, a good time to be looking for work. As The Wall Street Journal put it succinctly on Oct. 8: âThe Unofficial Jobs Numbers Are In and Itâs Rough Out There.â Things are so bad that even the person who puts out the federal government's employment numbers got fired. Itâs even worse for me. As a professional magazine writer, my career prospects are not what they used to be. And yet, about six months ago, I started getting deluged with offers. Sometimes multiple times a day. Instead of coming from personal connections, these exciting opportunities were coming unbidden via text. At first, I thought this was weird, but everything happens to me through my phone now. It makes sense that my next job would come from a text that began, ``Hi There!'' Iâm Angelina from Swagbucks.â This new era of opportunity seemed friendly. https://www.nytimes.com/2025/10/12/opinion/culture/a-scammy-job-offer-over-text-ill-take-it.html?smid=nytcore-ios-share&referringSource=articleShare ------------------------------ Date: Fri, 24 Oct 2025 06:53:27 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Amazon issues detailed postmortem re AWS failure https://aws.amazon.com/message/101925/ ------------------------------ Date: Tue, 21 Oct 2025 07:39:56 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Script of my national radio report yesterday on the Amazon Web Services outage and the reliability of cloud services [This is the script of my national radio report yesterday on the widespread Amazon Web Services outage and the reliability of cloud services. As always there may have been minor wording variations from this script as I presented the report live on air.] Yeah, so you may have discovered that one of more of your favorite web sites didn't seem to be working properly and may not have been accessible at all. And this happened around the world to a vast number of web sites including reportedly many important services. Just to name a few in no particular order: Wall Street Journal, Snapchat, McDonalds, Ring video doorbells, Venmo, Hulu, Signal, various banks and government sites here in the U.S. and in other countries -- very, very long list. And indeed it turns out that this was all the fault of one company: Amazon. And you might quite reasonably have been thinking to yourself, well why would all those sites be messed up due to Amazon? And the answer is THE CLOUD. Yep, over the years more and more firms, government agencies, other organizations and so on have moved some or all of the information technology that they use from their own owned and operated systems to various Big Tech cloud services providers -- and in an increasing number of cases organizations and firms never had their own computing server facilities in the first place and have operated from these cloud services from day one. And these services provide various advantages especially in terms of being able to quickly scale up when more capacity is needed and -- in theory anyway -- being very reliable. But as we see, theory and practice can be very different things indeed, and when these cloud services fail the results can be very negative, very dramatic, and very widespread. The big three cloud services providers are Amazon Web Services (AWS) reportedly with about 30% of the global market, Microsoft Azure with about 20%, and Google Cloud Platform (GCP) with about 13%. So between them a bit more than 60%. The remainder is filled by various Chinese based services and a variety of smaller services here in the U.S. and elsewhere. In the case of this particular Amazon AWS outage the problem apparently originated in their us-east-1 region which is in a data center in Virginia, starting a bit after 3 AM eastern and mostly apparently restored by about 5:30 AM eastern. Eventually Amazon may publish details on the outage, but reports are that the outage was triggered by a DNS -- Domain Name System -- related failure. There's an old saying in the Internet tech world that when there's a widespread problem "It's ALWAYS the DNS". Well, in reality of course it's not always the DNS, but yeah, often it IS the DNS. The Domain Name System is the widely distributed and frankly rather rickety mechanism used to map site names to the Internet site numeric addresses that are actually used to establish communications between sites and users. And when the DNS fails for any number of reasons it's bad news that can cause all sorts of problems very quickly. If it seems to you that centralization of so many sites running mostly on the resources of a handful of cloud providers seems risky irrespective of the reliability promises made by those cloud services, you're not alone. In fact, some firms, organizations, and agencies that originally moved to cloud services have been moving toward migrating some or all of their IT operations back to self-owned computing resources due to exactly these kinds of concerns. And it doesn't take rocket science to see the logic in this. Millions of websites are hosted by these cloud providers, and especially by those Big Tech Big Three: Amazon, Microsoft, and Google. And note also that these are all companies investing heavily in AI, firms who could potentially be financially destabilized if the AI bubble dramatically bursts as many observers predict is only a matter of time. Not putting all your eggs in one basket has long been a warning. It applies even more today with websites, where a lot of sites could end up with egg on their faces if they don't heed that warning -- and all of us who depend on those websites could end up being the even bigger losers. ------------------------------ Date: Tue, 21 Oct 2025 20:34:27 -0600 From: Matthew Kruk <mkrukg () gmail com> Subject: AWS outage: Are we relying too much on U.S. big tech? (BBC) https://www.bbc.com/news/articles/c0jdgp6n45po The Amazon Web Services (AWS) outage on Monday made global headlines after knocking some of the world's largest sites offline for hours. For users, the impacts ranged from the serious -- such as not being able to access vital banking, government or work services -- to the not-so-serious, such as fears of losing long built-up streaks on Duolingo. But the outage has also reignited the debate around whether countries, including the UK, are over-dependent on a handful of U.S. tech firms. ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.78 ************************
Current thread:
- (no subject) RISKS List Owner (Oct 11)
- <Possible follow-ups>
- (no subject) RISKS List Owner (Oct 16)
- (no subject) RISKS List Owner (Oct 25)
- (no subject) RISKS List Owner (Nov 28)