Over the years, the game Doom has been ported onto some amazing platforms including a pregnancy test kit screen. The latest iteration of this practice has turned up in a version that will run in a .PDF file. If you are like me, then this will cause your mental processing to pause for a moment and your next thought may well be: "Wait, what?" The Portable Document Format (PDF) was developed to present documents in a manner that is independent of the software, hardware and operating system showing them. While it does this well, some malware writers have exploited its complexities.
- If you want to, download DoomPDF from github.com/ading2210/doompdf and open it in a PDF program that supports Javascript, or at least enough of it for this to work. A Chrome browser for example will work just fine. A clever programmer can compile C code to execute inside a PDF and using a framebuffer, a 320 by 200 resolution can be output in six colour monochrome. Performance is poor, but spending way too much time on it will demonstrate that it's playable. The attempt was inspired by pdftris, or Tetris in PDF. Now I'm off to kill a few monsters in Doom nightmare mode running in a CAPTCHA. Yes, really.
- I watched the announcement from the new Trump administration on the proposed Stargate artificial intelligence initiative. Involving people like Larry Ellison of Oracle, Sam Altman of OpenAI and organisations like Softbank, the initial investment will be US$500 billion over five years with the first $100 billion ready for immediate use. Larry Ellison touted such benefits like the sharing of health-related data between doctors across the country. There are of course implications for the advancement of artificial intelligence in general. The CEO of Softbank was talking up impending General AI and Super General AI. I think we are still some ways from either of those but they will follow each other fairly quickly once GAI appears. Putting this much effort into the field could potentially speed up the process and I hope they have thought through the implications of this, but as this is a business-focused enterprise my expectations are low. The scary part of the announcement was the idea that AI could potentially generate a person-specific vaccine in 48 hours. A day later, Elon Musk said the people involved do not have the funds required for the project. Let's see how that plays out.
- Since we are on the subject of OpenAI, their ChatGPT crawler can be used to start distributed denial of service (DDoS) attacks on websites. This is a known vulnerability the tech giant has yet to acknowledge. Benjamin Flesch, a security researcher in Germany, detailed how a single HTTP request to the ChatGPT API can be used to flood a targeted website with network requests from the ChatGPT crawler, specifically ChatGPT-User. While this flood of connections may or may not be enough to knock over any given site, it's still a danger and a bit of an oversight by OpenAI as it can be used to amplify a single API request into 20 to 5,000 or more requests to a chosen victim's website, every second, over and over again. As of writing, Flesch says he reported this unauthenticated reflective DDoS vulnerability through numerous channels including OpenAI's BugCrowd vulnerability reporting platform, OpenAI's security team email, Microsoft (including Azure) and HackerOne, but has heard nothing. Perhaps OpenAI is just too busy with the new Stargate initiative.
- As I write this, confusion around the TikTok ban in the US is also another hot topic. From what I can gather, it was going to be banned, but because in his estimation it helped the new president get elected, the ban lasted a few hours. Then the app was reinstated for a period of, depending on the source, 75 or 90 days, while the option of it becoming a US joint venture is explored. If such a joint venture is not ratified, then the app will vanish for US users after the negotiation period. Some have already jumped over to the alternative Chinese Red Book application, Little Red Book in Chinese, as an alternative. TikTok has been criticised in many countries because "it can have a bad influence of the youth". The equivalent platform in China is an educational one, vastly different from the one being used elsewhere, so there may be some merit in those opinions. It has been banned in India, Nepal, Iran, Afghanistan, Syria, Jordan, Kyrgyzstan, Uzbekistan and on all government devices from many other countries including Australia, Canada and Taiwan.
- Potentially, 60 million student records held by the software provider PowerSchool may have been taken by hackers. A Canadian school board was the first to indicate that records back to 1985 may have been accessed. Forty US states have been affected along with locations like Bermuda. The data includes names, genders, home addresses, phone numbers, dates of birth, health card numbers and other medical details along with parent, guardian or caregiver contact information. This was not a ransomware attack but a regular data hack. According to PowerSchool, "we do not anticipate the data being shared or made public, and we believe it has been deleted without any further replication or dissemination". Hackers and malware are alive and active in 2025.
James Hein is an IT professional with over 30 years' standing. You can contact him at jclhein@gmail.com.
