October 24, 2025

The Weekly Cybers #90

There’s that Amazon Web Services outage you may have noticed, Westpac forced to allow working from home, a new AI web browser, and much more.

24 October 2025

Welcome

I’m focusing on just one big story this week: the Amazon Web Services outage on Monday. But there’s plenty of links to important stories to which I have nothing to add.

One that fascinates me — but which I didn’t have time to explore further — is the Fair Work Commission’s decision to order Westpac to allow an employee to work from home full-time.

Westpac had argued that being in the office boosts collaboration, improves productivity, and allows for meaningful engagement — but that was all rejected.

Is there in fact any proof that the office brings these benefits now, in the age of global instantaneous communication? Or is it all just on the vibes?

AWS outage shows internet’s interdependence

The biggest story this week, or at least the most obvious one, was Monday’s outage at Amazon Web Services (AWS) which caused a vast number of internet service to fall down go boom.

Why? AWS’s northern Virginia data centre cluster, known as US-EAST-1, suffered a cascading failure triggered by by what the said was a rare software bug in one of the company’s most critical systems.

One of the key reasons for using AWS is that failures in one location don’t affect your services, because the load is automatically transferred to other data centres — but not this time.

Companies and platforms affected directly included CommBank, Bank of Scotland, Lloyd Bank, digital wallet Venmo, and even the UK government’s tax services; ChatGPT, Claude AI, and AI startup Perplexity; messaging apps Snapchat, Signal, and WhatsApp; Zoom and Slack; Reddit; Duolingo and Wordle; rideshare companies Lyft and Uber; Roblox, Fortnite, and Pokemon Go; and of course all of Amazon’s own brands.

AWS has more than four million customers — although not all of them would have been using the specific tools that went down — so obviously this is only a very partial list.

There were also secondary effects. When graphic design platforms Canva and Adobe Creative Cloud went down, all manner of creatives couldn’t do their work. Autodesk going down meant that their tools weren’t available to architects, engineers, and construction companies. And teachers lost educational software Canvas.

Even the sportsball was affected. As BBC News reported, “Monday’s premier league fixture between West Ham United and Brentford has started without the use of Semi-Automated Offside Technology (SAOT)”.

“Smart” beds get stuck and start roasting their owners

One of the more ridiculous stories was that owners of the Eight Sleep smart bed were unable to change the bed’s position or change the temperature settings, leading to cases of overheating.

Other smart devices that didn’t work without being able to talk to home base include water purifiers, Ring doorbells, and pet feeders.

Smart devices that don’t work when they can’t connect to their mothership are obviously a very bad idea, but all too often that’s how they’re built.

I wonder whether there’s any scope here for regulation?

NEW PODCAST: Journalist Erin Cook and I discuss Philippines politics, preview the ASEAN Summit, and chat about other South-East Asian issues in The 9pm Bongbong in the Region with Erin Cook. Look for “The 9pm Edict” in your podcast app.

Also in the news

• Foreign affairs minister Senator Penny Wong has appointed Jessica Hunter as Australia’s next Ambassador for Cyber Affairs and Critical Technology.

• Two senior executives from Optus will step down ahead of an inquiry into the company’s Triple Zero failures.

• Education minister Jason Clare said AI chatbots are hurting children as he announced an anti-bullying plan. However, there’s is little evidence AI chatbots are “bullying kids”, reports The Conversation, although that doesn’t mean they’re safe.

• The eSafety Commissioner has asked four AI chatbot companies to explain their measures to protect children from exposure to “a range of harms, including sexually explicit conversations and images and suicidal ideation and self-harm”: Character Technologies, Inc. (character.ai), Glimpse.AI (Nomi), Chai Research Corp (Chai), and Chub AI Inc. (Chub.ai).

• The Australian Communications and Media Authority (ACMA) has rejected a draft Telecommunications Consumer Protections Code (TCP Code), saying “it would not provide appropriate community safeguards for telco consumers”. Here’s the rejected code.

• Westpac has been order to allow an employee to work from home permanently. The Fair Work Commission (FWC) said that the bank didn’t have reasonable grounds to refuse the request. All employers should probably read this.

• “Staff and a union say a generative AI model being tested in Australian Community Media’s regional newspapers is misattributing facts and leaving some fearing for their jobs,” reports ABC News.

• Also from ABC News, “At least a dozen Australian universities are using AI technology to detect cheating, and they’re getting it wrong”.

• Western Sydney University has issued yet another statement about its series of data breaches, confirming that the breached data includes dates of birth and details of bank accounts, driver licenses, passports, visas, health and disability status, tax file numbers, and much more.

• Police forces, led by the Australian Federal Police (AFP), have launched ClickFit, an awareness campaign “designed to help Australians recognise the warning signs of cybercrime and take simple steps to protect themselves online”.

• Home Affairs has published a new Protective Security Policy Framework (PSPF), giving “non-corporate Commonwealth entities” a deadline in 31 October to remove non-compliant apps and web services.

• We have some new Guidance for AI Adoption from the Department of Industry, Science and Resources.

• From The Conversation, “AI is using your data to set personalised prices online. It could seriously backfire”.

• The Bureau of Meteorology (BoM) has a new website, but critics have called it confusing, clunky and “really, really bad”. Your writer has yet to form an opinion.

• Design educator Zoë Rose celebrates the virtue of dullness in AI ethics is boring (as it should be), a lovely antidote to some of the hype.

IF YOU FIND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip. Please consider.

Elsewhere

• Australia is about the sign the United Nations Convention against Cybercrime in Hanoi this weekend. As iTnews reports, “the treaty has come under withering criticism by a large swathe of the technology sector”, calling it a surveillance treaty that would undermine both privacy and security.

• SpaceX says it has disabled more than 2,000 Starlink devices connected to scam compounds in Myanmar following a heap of criticism. This coincided with a massive cybercrime centre raid with more than 2,000 people arrested.

• “Amazon plans to replace more than half a million jobs with robots,” reports the New York Times (gift link).

• OpenAI, the money-sucking owner of ChatGPT, has release an AI web browser called Atlas, so far for macOS only. Platformer has some first impressions.

• South Korea spent US$850 million on failed AI school textbooks.

• From the Carnegie Endowment for International Peace, an analysis of how China views AI risks and what to do about them.

• “Tech bros have been accidentally poisoning themselves with severe brain toxins for years,” which possibly explains a few things.

WHY NOT LISTEN TO OUR PODCAST ABOUT MUSIC? My good friend Snarky Platypus and I have posted a fresh episode of Another Untitled Music Podcast. Look for it in your podcast app.

Inquiries of note

• Treasury has released exposure draft regulations for mandating the acceptance of cash by grocery and fuel retailers, with some exemptions. Submissions close 31 October.

What’s next?

Parliament returns this coming Monday 27 October for two weeks of sitting.

The Senate draft legislation program lists debate on the Telecommunications Legislation Amendment (Triple Zero Custodian and Emergency Calling Powers) Bill 2025 and the Telecommunications and Other Legislation Amendment Bill 2025.

The House of Reps program includes the Home Affairs Legislation Amendment (2025 Measures No. 2) Bill 2025, which includes laws relating to biometric facial recognition, and the Strengthening Oversight of the National Intelligence Community Bill.

As usual, the government may well introduce new legislation at any time, depending on the demands of the news cycle and, to a lesser extent, the effective government of the Commonwealth.

DOES SOMETHING IN THE EMAIL LOOK WRONG? Let me know. If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.

---

The Weekly Cybers is a personal weekly digest of what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).

If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.

If you find this newsletter useful, please consider throwing a tip into the tip jar.

This is not a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.