RISKS Forum mailing list archives
Risks Digest 27.25
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 19 Apr 2013 12:10:15 PDT
RISKS-LIST: Risks-Forum Digest Friday 19 April 2013 Volume 27 : Issue 25 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.25.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: The Boston Marathon bomber: Caught on film? (Kate Dailey via Monty Solomon) How the Internet Accused a High School Student of Terrorism (PGN) Citizen Surveillance Helps Officials Put Pieces Together (Fowler/Schectman) The Shame of Boston's Wireless Woes (Dewayne Hendricks) American Airlines computer glitch grounds flights (ibm36044) Venezuela constitution bans recounting of votes ... (Bob Heuman) Reclaiming the American Republic from the corruption of election funding (KurzweilAI via Michael Cheponis via Dewayne Hendricks) Reinhart and Rogoff: 'Full Stop,' We Made A Microsoft Excel Blunder In Our Debt Study, And It Makes A Difference (Joe Weisenthal via Geoff Goodfellow) Economic policy decisions may be affected by spreadsheet errors (Jeremy Epstein) Buggy spreadsheets and the economy (Valdis Kletnieks) The risks of/when not releasing your code & data (Paul Nash) Vint Cerf Explains How to Make SDN as Successful as the Internet (Stacey Higginbotham via ACM TechNews) Video: "The Internet: A Warning From History" (Lauren Weinstein) DDoS Attack Bandwidth Jumps 718% (Geoff Goodfellow) Laptop goes up in flames (Jordan Graham via Monty Solomon) How do you code a secure system? (Earl Boebert) Fake Twitter accounts earn real money (Mark Thorson) Lauren Weinstein <lauren () vortex com> French homeland intelligence threatens a volunteer sysop to delete Wikipedia Article (Lauren Weinstein) An English language version of the Wikipedia article (NNSquad) American Express Australia Mail Merge Stuff-up (Don Gingrich) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 17 Apr 2013 23:38:20 -0400 From: Monty Solomon <monty () roscom com> Subject: The Boston Marathon bomber: Caught on film? (Kate Dailey) Kate Dailey, BBC News Magazine, 17 April 2013 More personal videos are being shot now than ever before, and such footage could help identify the Boston Marathon bomber[s!]. But how is that footage processed - and could civilians really solve the crime? There was the marathon runner closing in on the finish line, and the businessman with offices in a prime position over Boylston Street. And there were thousands of others crowding the last stretch of the Boston Marathon, all capturing the events before and after the bombs exploded. "The reality is with the number of people who are carrying with them the equivalent of video camera, history is being documented by millions of people every day," says Karen North, director of University of Southern California's Annenberg Program on online communities. Infusing video In just over a decade, she says, the amount of video being shot by amateurs has increased dramatically - and so too, has the evidence available to law enforcement officials. ... http://www.bbc.co.uk/news/magazine-22191029 ------------------------------ Date: Thu, 18 Apr 2013 16:12:10 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: How the Internet Accused a High School Student of Terrorism Online morons nearly ruin innocent lives after Boston bombings (*New York Post*, 18 Apr 2013) How the Internet Accused a High School Student of Terrorism Online sleuths thought they nailed two suspects in the Boston bombing -- and there they were on the cover of the *New York Post* the next day. But now everyone's backpedaling in a big way." http://j.mp/17sAfJA (Daily Beast) [Paul Saffo noted to me some remarkable annotated by-stander footage before and after the Boston Marathon bombing: http://imgur.com/a/sUrnA He later noted that "Now people are photoshopping pics with the FBI's suspects in them..." PGN] http://gawker.com/5995025/did-reddits-boston-bomber-sleuthing-actually-turn-up-a-decent-piece-of-evidence-update?tag=marathon-bombing ------------------------------ Date: Fri, 19 Apr 2013 11:39:20 -0400 From: ACM TechNews <technews () HQ ACM ORG> Subject: Citizen Surveillance Helps Officials Put Pieces Together (WSJ) *Wall Street Journal*, 17 Apr 2013, Geoffrey A. Fowler, Joel Schectman [via ACM TechNews, 19 Apr 2013] The proliferation of surveillance technology to popular commercial products such as smartphones is proving to be a boon for criminal investigations, as evidenced by the U.S. Federal Bureau of Investigation using video surveillance from department store and restaurant cameras, along with photos from citizens, news organizations, and others, to help identify a suspicious individual at the Boston Marathon. Forrester Research says video surveillance technologies have been adopted by 68 percent of public-sector and 59 percent of private-sector companies, with another 9 percent planning to adopt them in the next two years. Furthermore, more than 1 billion people now own camera-equipped, Web-linked smartphones. Integrating forensic data from professional and personal sources has helped with earlier investigations, although a lack of full-frontal images makes facial recognition problematic in large probes. Moreover, collecting and sifting through the data is a major challenge, as Boston has one of 77 nationwide intelligence fusion centers used to pool data and conduct analysis, notes the Northern California Regional Intelligence Center's Mike Sena. Meanwhile, researchers at Boston's Northeastern University have organized a 10-person social media research team to run a project that would let people upload video from the marathon bombing to tag clues. http://online.wsj.com/article/SB10001424127887324763404578429220091342796.html [This morning's news media report the seemingly definitive identification of the two suspected brothers, the shooting of one, and the manhunt in progress for the other. Not quite incidentally, some analists report a considerable increase in popular acceptance of ubiquitous surveillance -- despite the privacy implications frequently discussed in RISKS. PGN] ------------------------------ Date: Wednesday, April 17, 2013 From: *Dewayne Hendricks* Subject: The Shame of Boston's Wireless Woes The Shame of Boston's Wireless Woes Anthony Townsend, The Atlantic Cities, 17 Apr 2013 http://www.theatlanticcities.com/technology/2013/04/shame-bostons-wireless-woes/5320/ Almost immediately after Monday's tragic bombings at the Boston Marathon, the city's cellular networks collapsed. The Associated Press initially reported what many of us suspected, that law enforcement officials had requested a communications blackout to prevent the remote detonation of additional explosives. But the claim was soon redacted as the truth became clear. It didn't take government fiat to shut down the cellular networks. They fell apart all on their own. As cell service sputtered under a surge of calls, runners were left in the dark, families couldn't reach loved ones, and even investigators were stymied in making calls related to their pursuit of suspects. Admirably, Boston residents and businesses responded quickly by opening up Wi-Fi hotspots to help evacuees communicate with loved ones. The same thing happens every time there is a crisis in a large city. But most, even the super-connected elite, were knocked offline. As his Twitter followers know, it took Dennis Crowley, a Massachusetts native and CEO of New York City-based social network Foursquare, an hour to reunite with his fiance and family, who were scattered around the finish line as the bombs went off. Their reunion was coordinated by a handful of SMS messages he was able to squeeze through the crippled network. He also reported helping several stunned senior citizens discover the value of their own phones' texting functions for the first time. We shouldn't be surprised by the collapse of Boston's cellular networks. The same thing happens every time there is a crisis in a large city. On an average day, Americans make nearly 400,000 emergency 911 calls on their mobile phones. Yet during large-scale crises this vital lifeline is all-too-frequently cut off. The culprit is usually congestion. During a disaster, call volumes spike and overwhelm the over-subscribed capacity of wireless carriers' networks. On September 11, 2001, fewer than 1 in 20 mobile phone calls in New York City was connected. The same thing happened after the August 2011 earthquake that shook the East Coast. And on Monday, in Boston. But, as we learned in the aftermath of Hurricane Sandy, wireless carriers have also neglected to harden their networks against extended losses of electrical power. Thousands of towers were knocked offline in the New York region alone when backup batteries failed. Yet as a member of Governor Andrew Cuomo's NYS Ready Commission this fall, I was stunned to learn that wireless carriers had never formally discussed plans with the region's electric utilities to restore power to cell sites after a major disaster. The loss of vital wireless communications during disasters is all the more dismaying because it is largely preventable. After 9/11 a system was put in place to give government officials priority access to cellular channels during periods of high demand. (Though it requires pre-registration and a special code be used when dialing). In the wake of Sandy, New York Senator Charles Schumer called for stricter federal oversight of backup power and landline network connections for cell sites. Yet these reforms have been stalled by industry lobbying. Lacking a redundant cellular system, Americans will continue to resort to the century-old technology of amateur radio for lifeline communications during and after large disasters. In Boston, this technology is still widely used during the marathon because of past experience with cellular traffic jams. With over 320 million active wireless subscriber connections, Americans are a fully untethered people. Our smart phones keep our complicated lives choreographed across the sprawling metropolitan areas we inhabit. Psychologists and sociologists have found that we think of these devices as extensions of our bodies and minds. In Boston, this was all too apparent. Even when runners, whose mobile batteries were drained after the long run, could locate a phone, they couldn't recall what numbers to dial, having long ago given up memorizing phone numbers in favor of their smart phone's electronic address book. [snip] Dewayne-Net RSS Feed: <http://www.warpspeed.com/wordpress> ------------------------------ Date: Wed, 17 Apr 2013 06:20:09 +0200 From: IBM-360/44 running OS/360 <ibm36044 () sbcglobal net> Subject: American Airlines computer glitch grounds flights American Airlines had to ground all its flights across the US for several hours on Tuesday due to a fault with its computerized reservation system. The carrier halted all departures from about 13:30 ET (18:30 GMT), saying that it was working ""to resolve this issue as quickly as we can". [Source: BBC News Business: 17 Apr 2013] [Gene Wirchenko noted an article by Ashley Halsey III in *The Washington Post* giving the number 900 for flights grounded. PGN] http://www.washingtonpost.com/local/trafficandcommuting/computer-problem-grounds-american-airlines/2013/04/16/75d4c410-a6d3-11e2-a8e2-5b98cb59187f_story.html [Bob Heuman noted a Fox News report that ``American Airlines has fixed the computer glitch but not told anyone precisely what happened.'' PGN] http://www.foxnews.com/us/2013/04/16/american-airlines-reservations-system-down-flights-grounded-nationwide/ ------------------------------ Date: Thu, 18 Apr 2013 21:18:01 -0400 From: RsH <robert.heuman () alumni monmouth edu> Subject: Venezuela constitution bans recounting of votes ... The Constitution forbids manual recounting of votes in a Presidential Election You can read the full article, but the following is a quick summary of what I consider a risk we have discussed forever and a load of bull.... if they have really implemented a system that makes manual checking impossible. CARACAS, 17 Apr 2013 (Xinhua) -- Manual vote counting is not possible in Venezuela, the president of the Supreme Court said Wednesday amid opposition's request for an audit. "The electoral system is fully automated, so there is no manual counting. Anyone who thought that could really happen has been deceived," Luisa Estella Morales said at a press conference. Manual counting was canceled in Venezuela by the 1999 constitution, she said, adding [that] the majority of those asking for a manual count know it. http://news.xinhuanet.com/english/world/2013-04/18/c_132319635.htm R. S. (Bob) Heuman North York, ON, Canada ------------------------------ Date: April 4, 2013 1:29:22 PM PDT From: Michael Cheponis <michael.cheponis () gmail com> Subject: Reclaiming the American Republic from the corruption of election funding (KurzweilAI, to risks via Dewayne Hendricks) Reclaiming the American Republic from the corruption of election funding April 3, 2013 http://www.kurzweilai.net/reclaiming-the-american-republic-from-the-corruption-of-election-funding There is a corruption at the heart of American politics, caused by the dependence of Congressional candidates on funding from the tiniest percentage of citizens That's the argument at the core of a new just-posted TED talk by legal scholar Lawrence Lessig... ``He shows how the funding process weakens the Republic in the most fundamental way, and issues a rallying bipartisan cry that will resonate with many in the U.S. and beyond,'' says TED Curator Chris Anderson. Lawrence Lessig has already transformed intellectual-property law with his Creative Commons innovation. Now he's focused on an even bigger problem: The U.S.'s broken political system. TED is also introducing a media innovation, simultaneously launching a TED-talk video and accompanying TED Book.LESTERLAND: The Corruption of Congress and How To End It, which outlines the path to a solution in much greater detail. Dewayne-Net RSS Feed: <http://www.warpspeed.com/wordpress> ------------------------------ Date: Wednesday, April 17, 2013 From: Geoff Goodfellow <geoff () iconia com> Subject: Reinhart and Rogoff: 'Full Stop,' We Made A Microsoft Excel Blunder In Our Debt Study, And It Makes A Difference (Joe Weisenthal) Joe Weisenthal, *Business Insider*, 17 Apr 2013 http://www.businessinsider.com/reinhart-and-rogoff-admit-excel-blunder-2013-4 The big talk in the world of economics continues to be the famous study by Carmen Reinhart and Ken Rogoff, which claimed that as countries see debt/GDP going above 90%, growth slows dramatically. Economists have always been skeptical of the correlation/causality on this. But yesterday, a new study emerged which claimed that Reinhart and Rogoff used a faulty dataset to make that claim and (most stunningly) had an excel error that exacerbated the growth dropoff for countries with debt/GDP higher than 90%. After the report dropped (and proceeded to blow up the Internet), Reinhart and Rogoff rushed out a quick statement claiming that the new study (which was done by some UMass professors) supported their thesis that growth slowed as debt to GDP got higher. And Reinhart and Rogoff were quick to reiterate that even they weren't necessarily implying causation on this (which may be true, but the fact that they say this is not well known to the politicians who are always citing the dreaded 90% level). But in a new response, Reinhart and Rogoff admit they did make an Excel blunder, and that it mattered! Here's the key part:... http://www.businessinsider.com/reinhart-and-rogoff-admit-excel-blunder-2013-4 http://geoff.livejournal.com * Geoff () iconia com <javascript:;> ------------------------------ Date: Wed, 17 Apr 2013 09:11:30 -0400 From: Jeremy Epstein <jeremy.j.epstein () gmail com> Subject: Economic policy decisions may be affected by spreadsheet errors An error in a formula in an Excel spreadsheet seems to have led to some incorrect results about the effects of government debt, and thereby may have affected economic policy. The error, which was in a formula developed by the authors of a key paper and not in the Excel software itself, was that a cell contained the formula AVERAGE(L30:L44) where it should have said AVERAGE(L30:L49). The error led to a small but significant discrepancy in conclusions, although the authors of the original paper are disputing how important the error is. Perhaps we need methods for spreadsheet assurance, just as we need methods for assuring the security and reliability of our operating systems and applications? WashPost: "The paper in question is Carmen Reinhart and Kenneth Rogoff's famous 2010 study -- Growth in a Time of Debt -- which found that economic growth severely suffers when a country's public debt level reaches 90 percent of GDP. " A further description and a rebuttal by Reinhart & Rogoff can be found at http://www.washingtonpost.com/blogs/wonkblog/wp/2013/04/16/is-the-best-evidence-for-austerity-based-on-an-excel-spreadsheet-error/ Another article (http://blogs.marketwatch.com/thetell/2013/04/16/the-spreadsheet-error-in-reinhart-and-rogoffs-famous-paper-on-debt-sustainability/) notes "Reinhart and Rogoff are not the only people to have difficulty navigating the Microsoft product. One of the reasons behind the so-called London Whale incident at J.P. Morgan, in which the bank took a $6.2 billion trading loss, was a spreadsheet error in their model." ------------------------------ Date: Thu, 18 Apr 2013 19:26:20 -0400 From: Valdis Kletnieks <Valdis.Kletnieks () vt edu> Subject: Buggy spreadsheets and the economy In today's *New York Magazine*, Thomas Herndon explains how he found a problem with Reinhart and Rogoff's work that has been used as a basis for austerity spending by governments. "I clicked on cell L51, and saw that they had only averaged rows 30 through 44, instead of rows 30 through 49." Given the economic damage done by austerity spending over the past few years, this is quite likely by far the most expensive programming error ever made. http://nymag.com/daily/intelligencer/2013/04/grad-student-who-shook-global-austerity-movement.html ------------------------------ Date: Friday, April 19, 2013 From: *Paul Nash* Subject: The risks of/when not releasing your code & data Quite apart from being "clumsy" with their Excel model, they forgot the first rule of research: correlation does not imply causation. So when are they going to resign, and when are the various central bankers who used their model to impose austerity going to change tack? Or will they just brush it aside and get on with screwing the working man? ------------------------------ Date: Fri, 19 Apr 2013 11:39:20 -0400 From: ACM TechNews <technews () HQ ACM ORG> Subject: Vint Cerf Explains How to Make SDN as Successful as the Internet Stacey Higginbotham, Google's Vint Cerf Explains How to Make SDN as Successful as the Internet (GigaOm.com) 16 Apr 2013 Google chief Internet evangelist and ACM president Vint Cerf believes that software defined networking (SDN) could benefit from some of the Internet's design flaws and lessons learned in creating the Internet. For example, open standards should be implemented, with differentiation stemming from branded versions of standard protocols rather than from patented protocols. Interoperability is essential for stable networks, and that requires standards, notes Cerf. As companies create SDNs, they also should take into account the successful design features of the Internet, including the loose pairing of underlying equipment instead of a heavily integrated solution, the modular approach, and open source technologies. However, he says SDNs can improve on the Internet's traffic routing, which now relies on sending packets to a physical port. Instead of this physical port, the OpenFlow protocol changes the destination address to a table entry, enabling a new type of networking that is better suited to the collaborative Web of the future. Another option could be content-based routing, in which the content of a packet determines its destiny. SDN's basic principal, dividing the control plane and the data plane, should have been incorporated into the Internet's design, Cerf notes. In the future, SDN could improve controlled access to intellectual property to help prevent piracy, and could bring together various existing networks. http://gigaom.com/2013/04/16/googles-vint-cerf-explains-how-to-make-sdn-as-successful-as-the-internet/ ------------------------------ Date: Thu, 18 Apr 2013 16:19:28 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Video: "The Internet: A Warning From History" "The Internet was one of the greatest disasters to befall mankind. Now its survivors share their experiences of the tragedy." http://j.mp/14A3HBy (YouTube via NNSquad) [Caution: Grain of Salt required. PGN] ------------------------------ Date: Apr 18, 2013 4:44 PM From: Geoff Goodfellow <geoff () iconia com> Subject: DDoS Attack Bandwidth Jumps 718% (via Dave Farber's IP) The average bandwidth seen in distributed denial-of-service (DDoS) attacks has recently increased by a factor of seven, jumping from 6 Gbps to 48 Gbps. Furthermore, 10% of DDoS attacks now exceed 60 Gbps. Those findings come from a new report released Wednesday by DDoS mitigation service provider Prolexic Technologies, which saw across-the-board increases in DDoS attack metrics involving the company's customers... http://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q1.html http://www.informationweek.com/security/attacks/ddos-attack-bandwidth-jumps-718/240153084 http://geoff.livejournal.com * Geoff () iconia com ------------------------------ Date: Sun, 7 Apr 2013 15:21:58 -0400 From: Monty Solomon <monty () roscom com> Subject: Laptop goes up in flames (Jordan Graham) Jordan Graham, *Boston Herald*, 7 Apr 2013 90 Framingham students displaced An overheated laptop burst into flames inside a Framingham State University dorm room Friday in what officials warn is the latest in a string of computer-related fires. Firefighters also were called to a blaze caused by a laptop in Western Massachusetts several weeks ago, and crews declared a Milford home a total loss two weeks ago after an unattended laptop left on some cardboard sparked an inferno, State Fire Marshal Stephen D. Coan said. ... http://bostonherald.com/news_opinion/local_coverage/2013/04/laptop_goes_up_in_flames ------------------------------ Date: Wed, 3 Apr 2013 13:36:28 -0600 From: Earl Boebert <boebert () swcp com> Subject: How do you code a secure system? Here's a screed I wrote for a journalist who asked "how do you code a secure system." First, you don't code secure systems, you design them. All the important stuff takes place at a level of abstraction above that of coding. Once you have a design you have internalized both your problem and your solution. Coding is then mechanical, and code verification will be straightforward. So how do you get a design? Start by studying exploits that have defeated the kinds of systems you're interested in. The various development life cycles attempt to sanitize the inherently dirty and reactive business of secure systems design. The late Rick Proto, who retired as the director of research for the National Security Agency said it best: "Theories of Security come from Theories of Insecurity." Or, in my favorite quote from Seneca, "There is a great deal of difference between a person who chooses not to sin and one who doesn't know how." Your goal in this phase is to become like Sherlock Holmes and have a first-class criminal mind without a criminal temperament. Being a good guy who thinks like a bad guy lets you have all the intellectual fun without running the risk of coming to a sticky end. Your study of exploits should focus on forming Theories of Insecurity, factors that are common to whole classes of exploits. Stack games are a well known example. A good approach is to analyze exploits using the "bindings model." A binding is an important association between two values. For example, a system may maintain a binding between a user name and a set of privileges. A second binding may be between that user name and a human being. Important systems decisions may assume that both bindings are valuable, i.e., my access to my files. Exploits then can be characterized as breaking or forging significant bindings. Looking at things this way will get you familiar with two valuable concepts: bindings and dependencies. After you've developed your Theories of Insecurity you then invert them to form your Theories of Security. If you're up on your systems engineering (which you should be) then the Theories of Security are, in effect, the specifications of the desired emergent properties of your system. They will almost all expressed as negatives, that is, things that aren't supposed to happen. As such they will not be testable and must be verified (as far as possible) by analytic methods. What you've done so far will provide the basis for your analysis plan. Your object, and the best you can probably do, is to force attackers to expend the resources to come up with a new class of exploit, instead of sticking it to you by putting a systems-specific spin on something they already know how to do. And of course you have to do the functional requirements, the stuff that pays the rent, whatever problem your system is supposed to solve while being secure. Then you go through the design process du jour and come up with a modular decomposition in the descriptive notation du jour and submit progress reports in the life cycle process du jour to keep the marketeers and spreadsheet jockeys happy. To keep yourself up on progress I strongly recommend the use of Earned Value Management, which you can implement with a sheet of graph paper you keep up on a nearby bulletin board. Within all this you submit your design to an intensive analysis from every direction you can think of. As a minimum you should understand how it enforces critical bindings and you should also construct a dependency diagram. This is a tree based on the "uses" concept Dave Parnas came up with 40 years ago or so. Module A "uses" Module B if the correctness of A depends on the correctness of B. Modules at the bottom (those that lots of things depend on) should be scheduled for extra scrutiny in the implementation stage. Circularities in the diagram are deadly. These are spots where A depends on B and B depends on A. A circularity means your modularity is an illusion, A and B are actually one "blob." After you've got the cleanest design you can devise it's just a problem of pounding code in the implementation language du jour and integrating. The motto of the integration team should be "integrate early, integrate often." Put stuff together as soon as it's ready and feed it test cases that only touch the modules you have. When it all works you have the victory celebration and deploy. Sooner or later you're going to get whacked. First thing you do after rolling the alert PR squadron is to analyze the exploit (which you should be good at by now) and determine if it is a variation on a class you thought you handled or something completely different. If it's a variation on a class you thought you handled then the chances are good there's a low-level coding flaw that can be patched. If it's something completely different then it's time for Rev 2, starting with a rethink of your Theory of Security and going all the way down to code. And so it goes, round and round, white hats vs. black hats. Computer security fits the description a diplomat once gave of diplomacy: all you do is buy time, and if you buy enough time you get to die in bed and it becomes somebody else's problem :-) ------------------------------ Date: Sun, 7 Apr 2013 13:25:39 -0700 From: Mark Thorson <eee () sonic net> Subject: Fake Twitter accounts earn real money Fake followers and fake retweets have become a large and growing market. "There are now more than two dozen services that sell fake Twitter accounts, but Mr. Stroppa and Mr. De Micheli said they limited themselves to the most popular networks, forums and Web sites, which include Fiverr, SeoClerks, InterTwitter, FanMeNow, LikedSocial, SocialPresence and Viral Media Boost. Based on the number of accounts for sale through those services -- and eliminating overlapping accounts -- they estimate that there are now as many as 20 million fake follower accounts." http://bits.blogs.nytimes.com/2013/04/05/fake-twitter-followers-becomes-multimillion-dollar-business/ As the technology of software to create and manage large numbers of fake entities is refined, how will people discern real from fake? They won't, and a putative Twitter follower will have as little value as a review on Yelp. ------------------------------ Date: Sat, 6 Apr 2013 12:08:59 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: French homeland intelligence threatens a volunteer sysop to delete a Wikipedia Article http://j.mp/16C8Cxn (Wikimedia France) "Unhappy with the Foundation's answer, the DCRI summoned a Wikipedia volunteer in their offices on April 4th. This volunteer, which was one of those having access to the tools that allow the deletion of pages, was forced to delete the article while in the DCRI offices, on the understanding that he would have been held in custody and prosecuted if he did not comply. Under pressure, he had no other choice than to delete the article, despite explaining to the DCRI this is not how Wikipedia works. He warned the other sysops that trying to undelete the article would engage their responsibility before the law. This volunteer had no link with that article, having never edited it and not even knowing of its existence before entering the DCRI offices. He was chosen and summoned because he was easily identifiable, given his regular promotional actions of Wikipedia and Wikimedia projects in France." The return of "Vichy France" mentalities, apparently. ------------------------------ Date: Sat, 6 Apr 2013 12:30:40 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: An English language version of the Wikipedia article (NNSquad) Here is apparently an English language version of the article that France attempted to censor with threats http://j.mp/16CbqKF (Google+) This apparently is a newly translated version of the French Wikipedia article that France attempted to censor by threatening a non-associated Wikipedia volunteer in France. And it wasn't lobbying -- it was direct threats. (English and French material.) "Streisand Effect" fully engaged. ------------------------------ Date: Wed, 17 Apr 2013 13:02:55 +1000 From: Don Gingrich <gingrich () internode on net> Subject: American Express Australia Mail Merge Stuff-up I just received an e-mail on 11 April from AMEX touting a few current offers, but the name in the message was not mine -- luckily the final digits *were* from my card, though it could also have been his and, though unlikely, just happened to be the same. When I contacted AMEX about it I received the following: - ------ Dear Cardmember, On the 11th April 2013 you received an e-mail from us entitled 'Enjoy more rewards in more places'. Due to a technical issue this e-mail was incorrectly addressed. We confirm this e-mail and the offers enclosed were intended for you. We would also like to assure you that your privacy and security has not been compromised in any way. We would like to sincerely apologise for any confusion this may have caused to you. Yours sincerely, American Express Australia - ------ This apparently went out to everyone who received the original message. The real problem for me was the lack of awareness on the part of the person with whom I spoke at AMEX. It took a long time to convince them that this sort of stuff-up is a real problem. I'm also not completely convinced of the statements in the second paragraph. ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.25 ************************
Current thread:
- Risks Digest 27.25 RISKS List Owner (Apr 19)