RISKS Forum mailing list archives
Risks Digest 28.13
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 5 Aug 2014 10:56:03 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 5 August 2014 Volume 28 : Issue 13 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.13.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Canada: China hacked into National Research Council computers (Larry Werring) CIA admits to spying on Senate (TheHill via David Farber) Driverless cars and speed limits (Michael Bacon) Tappan Zee Bridge: Left Coast Lifter gets tech upgrade? (Theresa Juva-Brown via Gene Wirchenko) "The EPA doesn't know what clouds it has -- and neither do you" (David Linthicum via Gene Wirchenko) BBC: Russia enacts 'draconian' law for bloggers and online media (Lauren Weinstein) Chinese Communist Party-Backed Tech Giants Bring Censorship To The Global Stage (Techcrunch via NNSquad) It's Legal to Unlock Your Cell Phone (*The White House* via Dave Farber) How safe are your quantified selfies? (Symantec item via Henry Baker) Google scans your e-mail for child porn, and reports to law enforcement when it finds same (Herb Lin via Dave Farber) The Visual Microphone: Passive Recovery of Sound from Video (YouTube via NNSquad) Forget "Heart Bleed"; meet "Heart Rate" (Henry Baker) Re: 'Big Brother' airport installs world's first ... (Adam Shostack, Rob Bailey) Re: Fouling the NEST; Who's roo(s)ting in your home? (Alister Wm Macintyre) Re: Smart grid hack worries to raise insurance rates? (Brian Inglis) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 31 Jul 2014 21:44:22 -0400 From: "Larry Werring" <larry.werring () cyberunitss com> Subject: Canada: China hacked into National Research Council computers http://www.thestar.com/news/canada/2014/07/29/canadian_spy_agency_says_chinese_hacked_into_national_research_council_computers.html The Canadian government took the unusual step Tuesday of pointing fingers squarely at Beijing after a cyber attack on a prominent federal scientific research agency. The federal government's chief information officer confirmed Tuesday that the National Research Council of Canada (NRC) was the target of a cyberattack from a "highly sophisticated Chinese state-sponsored actor." Laurentius (Larry) Werring, VP Systems Security, Cyberun IT Security Services, 207 Bank Street, Suite 168, Ottawa, ON K2P 2N2 Canada 1-613-297-9232 [Also noted by Suzanne Johnson. PGN] ------------------------------ Date: Thu, 31 Jul 2014 14:10:20 -0400 From: "David Farber via ip" <ip () listbox com> Subject: CIA admits to spying on Senate | TheHill http://thehill.com/policy/technology/213933-cia-admits-to-wrongly-hacking-into-senate-computers CIA officials improperly hacked the Senate Intelligence Committee's computers ahead of a report on `enhanced interrogation' techniques, the spy agency's inspector general has concluded. In a statement shared with The Hill, CIA spokesman Dean Boyd said that the internal watchdog determined ``that some CIA employees acted in a manner inconsistent with the common understanding'' between the agency and the committee about access to the network they used to share documents. CIA chief John Brennan told Intel Committee Chairwoman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) about the findings ``and apologized to them for such actions by CIA officers,'' Boyd added. ------------------------------ Date: Fri, 1 Aug 2014 08:14:54 +0100 From: Michael Bacon <michaelbacon () tiscali co uk> Subject: Driverless cars and speed limits It is interesting to contemplate what confusion will be caused when a driverless car passes a speed camera at a speed above the posted limit, say, in temporary road works. It is then amusing to contemplate the scenario of a faulty speed camera falsely pinging a driverless car. An "Oh no I wasn't." / "Oh yes you were." pantomime dialogue between computers might ensue. This brings to mind the situation reported a great many years ago when the UK changed the dialing code for the telephone operator. After consumers complained of having no power, a faulty electricity substation was discovered to be repeatedly sending an automated status report to which another automated system was responding: "You no longer dial '0' for the operator. Please replace your receiver and dial '100'. The RISK is that no-one will have thought of all the RISKS. Unless, of course, they are avid readers here. ------------------------------ Date: Thu, 31 Jul 2014 20:37:33 -0700 From: Gene Wirchenko <genew () telus net> Subject: Tappan Zee Bridge: Left Coast Lifter gets tech upgrade? (Theresa Juva-Brown) Theresa Juva-Brown, tjuva () lohud com 30 Jul 2014 The famous Left Coast Lifter -- the ginormous crane that will help build the new Tappan Zee Bridge -- just got a new computer system http://www.lohud.com/story/news/local/tappan-zee-bridge/2014/07/28/tappan-zee-bridge-left-coast-lifter-gets-tech-upgrade/13287985/ selected text: This week Hiti's team finished installing the crane's new computer software and hardware, including a flat panel touch screen for the operator. The computer now uses Windows 7 and has a solid-state hard drive instead of one with cooling fans, which tend to erode in a marine environment, he said. As noted in alt.folklore.computers by Walter Bushell: "IIUC the license for Windows always states it's not to be used in critical operations. Why oh why do people insist on using OSes outside their design regions?" ------------------------------ Date: Fri, 01 Aug 2014 10:02:16 -0700 From: Gene Wirchenko <genew () telus net> Subject: "The EPA doesn't know what clouds it has -- and neither do you" (David Linthicum) David Linthicum | InfoWorld, 01 Aug 2014 A federal audit shows what's probably true at most enterprises: Cloud services are hiding in the shadows of IT http://www.infoworld.com/d/cloud-computing/the-epa-doesnt-know-what-clouds-it-has-and-neither-do-you-247150 opening text: Do you know how much cloud computing is really going on in your organization? If you're like IT management in most companies and government agencies, you don't have a clue. For example, the Environmental Protection Agency (EPA) doesn't know how many cloud computing contracts it has or how secure they are, according to a recent audit by the agency's inspector general, in a report released last week. In at least one instance, the EPA may not have had access to a subcontractor's cloud for investigative purposes. Worse, that same subcontractor was not compliant with the Federal Risk and Authorization Management Program (FedRAMP), which sets security standards for cloud providers. ------------------------------ Date: Fri, 1 Aug 2014 09:33:11 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: BBC: Russia enacts 'draconian' law for bloggers and online media "A new law imposing restrictions on users of social media has come into effect in Russia. It means bloggers with more than 3,000 daily readers must register with the mass media regulator, Roskomnadzor, and conform to the regulations that govern the country's larger media outlets. Internet companies will also be required to allow Russian authorities access to users' information. One human rights group called the move "draconian". The law was approved by Russia's upper house of parliament in April. It includes measures to ensure that bloggers cannot remain anonymous, and states that social networks must maintain six months of data on its users. The information must be stored on servers based in Russian territory, so that government authorities can gain access." BBC via NNSquad http://www.bbc.com/news/technology-28583669 - - - Don't worry, Czar Putin knows what's good for you, comrade. ------------------------------ Date: Sat, 2 Aug 2014 22:52:55 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Chinese Communist Party-Backed Tech Giants Bring Censorship To The Global Stage Techcrunch via NNSquad http://techcrunch.com/2014/08/02/chinese-communist-party-backed-tech-giants-bring-censorship-to-the-global-stage/ "It should come as no surprise, then, that the Portuguese version of Baidu produces heavily censored results on topics considered sensitive to the Chinese leadership. Compare search results between Google's Portuguese edition and Baidu's. On Google.br.com, a search for Tank Man (el hombre del tanque) turns up photos, documentary video and news articles about the lone rebel who stood in the way of approaching tanks outside of Tiananmen Square in 1989 ..." - - - The result when one country or group of countries tries to impose its own censorship desires onto the entire planet. ------------------------------ Date: Friday, August 1, 2014 From: *The White House* <info () mail whitehouse gov> Subject: It's Legal to Unlock Your Cell Phone (via Dave Farber) *Note: You're receiving this email because you've previously petitioned the White House on cell phone unlocking.* It's Legal to Unlock Your Cell Phone Last week, Congress passed a bill legalizing cell phone unlocking -- and this afternoon, President Obama signed that bill into law. This effort began as a result of the petition you signed, "Make Unlocking Cell Phones Legal." Two weeks after the petition crossed the threshold, we laid out steps that the Federal Communications Commission (FCC), industry, and Congress could take. Your effort culminated in the Unlocking Consumer Choice and Wireless Competition Act that President Obama signed today. The bill not only restores the rights of consumers to unlock their phones, but ensures that they can receive help doing so if they lack the technological savvy to unlock on their own. It's the first time a We the People petition has led to a legislative fix. [...] The White House, 1600 Pennsylvania Ave NW, Washington, DC 20500 202-456-1111 ------------------------------ Date: Mon, 04 Aug 2014 09:05:54 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: How safe are your quantified selfies? (Symantec item) FYI -- More about the vulnerabilities associated with Fitbit/Nike/Garmin/etc. "For example in one app that tracks sexual activity, the app makes specific requests to an analytics service URL at the start and end of each session." http://www.symantec.com/connect/blogs/how-safe-your-quantified-self-tracking-monitoring-and-wearable-tech Tracking, monitoring, and wearable tech, Symantec, 30 Jul 2014 Each day, millions of people worldwide are actively recording every aspect of their lives, thoughts, experiences, and achievements in an activity known as self-tracking (aka quantified self or life logging). People who engage in self-tracking do so for various reasons. Given the amount of personal data being generated, transmitted, and stored at various locations, privacy and security are important considerations for users of these devices and applications. Symantec has found security risks in a large number of self-tracking devices and applications. One of the most significant findings was that all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking. Our researchers built a number of scanning devices using Raspberry Pi minicomputers and, by taking them out to athletic events and busy public spaces, found that tracking of individuals was possible. Symantec also found vulnerabilities in how personal data is stored and managed, such as passwords being transmitted in clear text and poor session management. www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/how-safe-is-your-quantified-self.pdf [Long item pruned for RISKS. Main section headings include: * How do self-tracking systems work? * So just how safe is your quantified self? * Location tracking of wearable devices * Transmission of tracking and personal data in clear text (20 percent of apps transmitted user credentials in clear text.) * Lack of privacy policies (52 percent of apps examined did not have privacy policies.) * Unintentional data leakage (The maximum number of unique domains contacted by a single app was 14 and the average was five.) * Other security weaknesses * What can you do about this? * More information: latest paper www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/how-safe-is-your-quantified-self.pdf ------------------------------ Date: Monday, August 4, 2014 From: Herb Lin <HLin () nas edu> Subject: Google scans your e-mail for child porn and reports to law enforcement when it finds same (via Dave Farber) Interesting thought. http://www.telegraph.co.uk/technology/google/11010182/Why-Google-scans-your-emails-for-child-porn.html Why Google scans your e-mail for child porn Google trawls both the public internet and your private data to look for images of child abuse, it has been revealed, after a convicted sex offender is arrested over the contents of his GMail account A convicted sex offender has been arrested after Google flagged images of child abuse found in his GMail account to authorities, according to reports, revealing that the search giant is quietly but methodically watching our email activity for illegal images. Google spotted that the man had illegal images of a young girl stored in his GMail account during an automated search and reported it to the US non-profit National Center for Missing and Exploited Children. A subsequent police investigation lead to his arrest. [...] So, this process opens all kinds of opportunities for malicious behavior. A wants to harass B. So A sends B a known child porn image through gmail, even though B has not requested it in any way. Google identifies the image, and notifies law enforcement authorities. B is now the target of an investigation -- the criminal offense being the receipt of child pornography. Even worse -- if the email is not opened or goes into spam, Google probably still scans it, so B never knows he has to report anything to law enforcement authorities even though Google is reporting it to them. Folks, please think about a fix for this -- and don't propose a solution that says Google should not scan those emails. Is there a way to get both the benefit of the scans and to prevent the harassment problem described above? [For those of you who want to know how Google knows an image is child porn -- they compute a hash of the image and compare it against a database of hashes of known CP images, that is images that have been adjudicated to be CP in court.] Thoughts? Thanks, Herb Lin ------------------------------ Date: Mon, 4 Aug 2014 08:44:29 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: The Visual Microphone: Passive Recovery of Sound from Video YouTube via NNSquad https://www.youtube.com/watch?v=FKXOucXB4a8 Using video (even consumer video) to recover sound from silent video, even from outside rooms. Using a laser bouncing off window glass has long been a technique for recovering room sounds remotely. The technology described here emphasizes the need to keep external windows completely covered during sensitive communications! Also, we can safely assume that intelligence agencies (at a minimum) have been using this technique for some time. ------------------------------ Date: Sun, 03 Aug 2014 14:23:17 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Forget "Heart Bleed"; meet "Heart Rate" FYI -- "[Low Resting Heart Rate] might be used to help predict future risk among criminals" Do you really want to share your FitBit/Nike/Garmin information with the FBI and the NSA ? Just sleep in the cloud... "Are Fitbit, Nike, and Garmin Planning to Sell Your Personal Fitness Data?" http://www.motherjones.com/politics/2014/01/are-fitbit-nike-and-garmin-selling-your-personal-fitness-data David Kohn, Calm Hearts, Bad Behavior, *The New Yorker*, 2 Aug 2014 http://www.newyorker.com/tech/elements/calm-hearts-bad-behavior For the past two years, researchers in Hong Kong interviewed the parents of three hundred and thirty-four adolescents about the aggressive and antisocial behavior of their children. Did the kids hurt others to win a game? Were they concerned about the feelings of their peers? The scientists also measured the heart rate of the children and found that low resting heart rate (L.R.H.R.) -- usually an indicator of good cardiovascular health and the envy of distance runners and endurance athletes -- was linked to bad behavior. Adrian Raine, the lead author of the Hong Kong study, which appeared in the July issue of the journal Aggressive Behavior, has been examining this odd correlation since 1977, when he studied a group of fifteen-year-old boys and found that those with a low heart rate were more likely to be convicted of crimes. Since then, Raine, a criminologist and psychologist at the University of Pennsylvania, and the author of *The Anatomy of Violence*, has become an expert on L.R.H.R. and other possible biological markers of antisocial behavior, such as brain size and neurotransmitter levels. He says that it's still not clear how the trait is connected to bad behavior. ``We've established that the link exists. But we haven't nailed down why.'' There are several theories, but Raine tends to favor the fearlessness hypothesis, which says that some of those with L.R.H.R. remain undaunted by the threats that would keep most of us in check. When you get scared, your heart rate goes up, because your body activates to deal with the imminent hazard. By definition, people with less fear tend not to get activated in situations that others find threatening. ``These people don't learn that it's wrong to be aggressive,'' Laura Wilson, a research psychologist at Virginia Tech University who has studied the topic, told me. ``They don't fear consequences. They don't get sculpted into the law-abiding citizens that most people become.'' Another possibility is that people with L.R.H.R. are chronically under-aroused. ``Having a low heart rate can be uncomfortable. It kind of feels like boredom,'' Amy Gower, a psychology researcher at the University of Minnesota, says. ``To relieve that, some people seek stimulation through aggression.'' Raine's skeptics argue that L.R.H.R. and other biological factors play a relatively minor role in determining who becomes a criminal. ``The evidence is pretty consistent that biological traits don't have a large effect,'' Robert Sampson, a social scientist at Harvard University who has studied the topic for more than two decades, told me. ``Social and environmental characteristics have much more weight.'' He notes that crime rates vary widely from country to country (Spain's murder rate, for instance, is twenty-five times lower than Brazil's, and four times lower than in the United States), even though the biology of humans in those countries differs very little. Sampson says that L.R.H.R. may not be biological but, rather, the result of the same environmental factors that lead to crime: some people may adapt to chronic stress with a lower heart rate. Raine suggests that L.R.H.R. might be used to help predict future risk among criminals. Information about heart rate might help when deciding whether a prisoner should be released early, or which sort of prison best fits a particular offender. If this idea, in which the fate of a prisoner would be determined in part by biological data, evokes thoughts of eugenics, Raine, whose research on so-called `neurocriminology' has been controversial for decades, acknowledges that the proposal does, in fact, bring up difficult issues about science, probability, and social control. He agrees that L.R.H.R. is far from the sole determinant of criminality; his review of the research indicates that the trait accounts for about five per cent of all antisocial behavior (and that the rest can be explained by social and biological factors such as upbringing, neighborhood, education, income level, brain chemistry and structure, and so on). L.R.H.R. should be seen, Raine says, as a potential warning sign rather than a definitive mark of inevitable criminality. ``Low heart rate is one piece of the jigsaw puzzle. It's not the whole story, but it's not trivial either.'' ------------------------------ Date: Fri, 1 Aug 2014 11:09:21 -0400 From: Adam Shostack <adam () shostack org> Subject: Re: 'Big Brother' airport installs world's first ... (RISKS-28.12) The Seattle mesh network has been at least temporarily turned off as a result of a local activism group, the Seattle Privacy Coalition. Details about that network have been requested under local freedom of information laws. Some additional links for details: https://www.seattleprivacy.org/the-sort-of-thing-we-are-curious-about/ http://www.dailydot.com/politics/seattle-police-mesh-network-shut-down/ https://twitter.com/SeattlePD/status/410248692264759297 ------------------------------ Date: Thu, 31 Jul 2014 19:42:46 -0500 From: Rob Bailey <rob () wm8s com> Subject: Re: 'Big Brother' airport installs world's first real-time passenger tracking system (RISKS-28.12) In addition to cameras, Houston's TRANSTAR traffic monitoring system uses your toll tag's serial number to track your location around the region, and not just where you pay tolls. It then uses your location over time to estimate average speeds on the various roads along your route. And lest you think that you can avoid tracking by not getting a toll tag (something that will make your travel more difficult, since they've restricted some roads to tag-holders only), the system also uses the hardware address of your Bluetooth devices (phone, car media system, etc.), for the same purpose. Area drivers are given this assurance: "The MAC addresses read by AWAM [Anonymous Wireless Address Matching] are not directly associated with a specific user and do not contain any personal data or information that could be used to identify or 'track' an individual's whereabouts. In addition, all addresses collected by AWAM are anonymized through encryption immediately upon receipt. Users who have privacy concerns are also able to turn off the Bluetooth discovery function of their device which prevents it from being read by AWAM at all." http://traffic.houstontranstar.org/bluetooth/transtar_bluetooth.html ------------------------------ Date: Thu, 31 Jul 2014 20:14:50 -0500 From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com> Subject: Re: Fouling the NEST; Who's roo(s)ting in your home? (RISKS-28.12) The severity of security breach has not been fully embraced due to the traditional assumption that thermostat cannot function more than a thermostat even though users are enjoying its smartness. Wasn't the TARGET breach a variation on this? . They had a system to help manage refrigeration, and the hackers got in thru that system to do how much damage? The more complicated the system, the easier for hackers to spoof the people who made it complicated. ------------------------------ Date: Thu, 31 Jul 2014 19:43:59 -0600 From: Brian Inglis <Brian.Inglis () systematicsw ab ca> Subject: Re: Smart grid hack worries to raise insurance rates? (RISKS-28.10,11) There may be more immediate issues for power companies and insurers to worry about. CBC News reports "SaskPower to remove 105,000 smart meters following fires" subheaded "8 unexplained fires associated with new devices that measure power consumption" at http://www.cbc.ca/news/canada/saskatchewan/1.2723046 and says the Saksatchewan government has ordered the provincial power utility to remove all "smart" meters installed so far across the province. The costs are estimated at $45/meter ("dumb" presumably) and $45 labour, costing $9.5M. The utility also has 100,000 more meters in stock, and estimates the effort will take 6-8 months and total cost will reach $14M. Little of this is mentioned in their Smart Meters FAQ: http://www.saskpower.com/our-power-future/construction-projects/smart-meters CBC quotes the vendor as saying "Sensus underscores the critical importance of careful meter installation procedures, including the examination of meter boxes and wiring at installation, training of meter installers and the need to have rapid remedial action when field problems are observed". This may indeed point to an issue when installing 105,000 meters in a year across areas of a large, sparsely populated province, on existing (outside) meter bases, where the annual temperature range may be (a dry) -40C to +40C. A quick web search indicates that these problems have been widespread across North America and large deployments of "smart" meters have been canceled and reversed due to some fires in a number of states. The same vendor name crops up in a number of these cancellations. Risk of not checking the reputation of the vendor and product, and possibly installers too, or inadequately weighting such evidence against many governments' requirement to accept the lowest bid offered. Published reports on the causes and subsequent post-installation inspections mention inadequate retraining of meter readers as installers, problems reusing existing older meter bases, corrosion of bases, boxes, and connectors, broken connection blocks, melted conductors, and loose wiring connections as some of the installation issues identified. Risk of not understanding the possible impact of opening up and fiddling with an installation which may have been untouched for years or decades, and not following manufacturers recommendations on installer training, inspection and replacement practices, and prerequisites for equipment installation. Also mentioned in some of those reports where "smart" meter installation resumed, sometimes with different equipment from a different vendor, meter readers would be retrained and redeployed as meter inspectors, to monitor the condition and safety of the new meters. Risk of accounting only for savings from the great new thing, and ignoring any potential requirements and associated costs of going the new way. Also mentioned at the bottom of the CBC article: "Among the features of the new meters was an ability to transmit power usage data through a radio frequency, making it unnecessary for a meter reader to enter a home. That feature had not been implemented for the new meters already installed but was part of the overall plan for the new technology." My experience and understanding of "smart" meter deployment benefits has been that the costs are mainly justified by being able to have meter "readers" drive by meter locations with wireless equipment to interrogate the meter and receive the meter and usage data. Thereby getting actual usage more accurately, frequently, and cheaply than occasional meter location visits and manual usage recording, with estimated usage billed between visits. The paragraph quoted above implies that a further installation or feature enabling visit would have been necessary to gain any benefit from the new meters. Risk of having someone change something twice rather than doing everything (hopefully properly) at once doubles the chances that some issue will occur to let out the magic smoke, doubling the remediation costs (at least, as these events demonstrate). ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.13 ************************
Current thread:
- Risks Digest 28.13 RISKS List Owner (Aug 05)