RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 29.70

From: RISKS List Owner <risko () csl sri com>
Date: Thu, 18 Aug 2016 15:31:57 PDT
RISKS-LIST: Risks-Forum Digest  Thursday 17 August 2016  Volume 29 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/29.70>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Pentagon Cannot Account For $6.5 Trillion Dollars (Jay Syrmopoulos
  via Mark E. Smith)
'Shadow Brokers' Leak Raises Alarming Question: Was the NSA Hacked?
  (NYTimes)
EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy
  (via PGN)
"Donald Trump's Lack of Respect for Science Is Alarming"
  (*Scientific American*)
Squirrel blamed for power outage in Menlo Park CA (PGN)
China launches first quantum-enabled satellite (BBC via Rob Slade)
"Clinic won't pay breach protection for victims; CEO says it would
  be death of company" (John Fontana)
Australia rising (Alister Wm Macintyre)
42 infants found in secret CalGang gang database (Henry Baker)
A Distracted-Driving Ban in New Jersey? Some Say It Threatens a Way of Life
  (NY Times)
Ford to offer self-driving cars without steering wheels to Uber by 2021
  (Computer World via Gregory Aharonian)
Re: Ford to offer self-driving cars without steering wheels
  to Uber by 2021 (Lauren Weinstein)
Re: "Tesla and Troubles" (Michel Bouckaert)
Re: Tesla "autopilot" (Barry Gold)
Re: Hacking the Vote: the Security of Our Election Systems
  (Mark E. Smith)
Re: Thai Plan to Track All Foreigners By SIM Cards Moves Forward
  (Henry Baker)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 16 Aug 2016 21:25:44 -0700
From: "Mark E. Smith" <mymark () gmail com>
Subject: Pentagon Cannot Account For $6.5 Trillion Dollars (Jay Syrmopoulos)

The computers don't get accurate data, or perhaps don't get any data at all.
The data is missing, or perhaps never existed.

http://www.globalresearch.ca/pentagon-cannot-account-for-6-5-trillion-dollars/5541244

When trillions of dollars go missing and cannot be accounted for, that fact
accounts for why the United States of America has so much homelessness and
poverty, why life expectancy in the USA is declining, why our health care
system costs more but has worse outcomes than any other developed country
and many less developed countries, and why there is less funding for schools
as the elected thieves, I mean politicians, prefer not to educate students
sufficiently for them to understand the problem.

Spending millions or billions on better computers won't help, as there is no
way to ensure that accurate data, without which computers cannot produce
accurate results, are input. Not even the most technologically advanced
computers in the world can function without good data. GIGO.  Yet I can feel
sympathy for people who knowingly input bad data because it is the only way
they can keep their jobs.

But this is the Pentagon, arguably the greatest military power on earth.
Should citizens of the United States revolt, the Pentagon can easily nuke a
few US cities to ensure that their trillions in graft continue, as it has
under both Republican and Democratic administrations.

How does the Pentagon, which has a budget measured in billions of dollars
annually, manage to lose trillions of dollars? I'm a simple, low-income
person. If I give somebody $50 to get me some groceries and they take my
money and don't come back, I've been ripped off for $50.  Suppose the same
thief then figures out a way to hack my bank account and steals every last
dime I have, including my rent money. I really don't think I'd turn around
and trust that person with my security and defense. But of course elected
officials must be smarter than me or people wouldn't elect them, right?

So perhaps this comment is inappropriate, as I'm not talking about a risk to
the public in computers and related systems, but a risk to the public when
there is no way to ensure that accurate data exists to account for
widespread governmental theft, and that computers therefore cannot function.
Unless, perhaps the system that is supposed to input the data to computers
is a "related system?"

------------------------------

Date: Wed, 17 Aug 2016 09:53:28 -0400
From: Monty Solomon <monty () roscom com>
Subject: 'Shadow Brokers' Leak Raises Alarming Question: Was the NSA Hacked?
  (*The New York Times*)

Outside experts said the data contained what appeared to be genuine samples
of the top-secret code used in the production of the NSA's custom-built
malware.

http://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-raises-alarming-question-was-the-nsa-hacked.html

------------------------------

Date: Thu, 17 Aug 2016 12:19:18 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy

    https://epic.org/2016/08/epic-verified-voting-common-ca.html

EPIC, Verified Voting, and Common Cause today released The Secret Ballot at
Risk: Recommendations for Protecting Democracy, a report highlighting the
right to a secret ballot and how Internet voting threatens voter
privacy. All 50 states recognize ballot secrecy as a core value. Despite
this, 32 states and DC are promoting Internet voting, typically for overseas
and military voters, and are asking those voters to waive their right to a
secret ballot. That threatens voting freedom and election integrity. The
report recommends actions voters can take to protect the secrecy of their
ballot, and encourages states to do more to safeguard voter privacy. EPIC
has a long history of working to protect voter privacy and election
integrity.

The report is linked here:
  http://www.secretballotatrisk.org

And here is a quick summary:

The right to cast a secret ballot in a public election is a core value in
the United States' system of self-governance. Secrecy and privacy in
elections guard against coercion and are essential to integrity in the
electoral process. Secrecy of the ballot is guaranteed in state
constitutions and statutes nationwide. However, as states permit the marking
and transmitting of marked ballots over the Internet, the right to a secret
ballot is eroded and the integrity of our elections is put at risk.

------------------------------

Date: Thu, 17 Aug 2016 12:02:12 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: "Donald Trump's Lack of Respect for Science Is Alarming"
  (*Scientific American*)

  ``Scientific American is not in the business of endorsing political
  candidates.  But we do take a stand for science -- the most reliable path
  to objective knowledge the world has seen -- and the Enlightenment values
  that gave rise to it.  For more than 170 years we have documented, for
  better and for worse, the rise of science and technology and their impact
  on the nation and the world.  We have strived to assert in our reporting,
  writing and editing the principle that decision making in the sphere of
  public policy should accept the conclusions that evidence, gathered in the
  spirit and with the methods of science, tells us to be true.''
http://www.scientificamerican.com/article/donald-trump-s-lack-of-respect-for-science-is-alarming/

  Note also *WiReD*'s unprecedented statement:
https://www.salon.com/2016/08/18/wired-endorses-presidential-candidate-for-the-first-time-in-its-23-year-history/

  How about Trump's call to shut down the Internet for use "by our enemy"?
http://abcnews.go.com/Politics/wireStory/ap-explains-trump-shut-internet-41493822

  This topic transcends political issues that RISKS has always eschewed, and
  seems broadly relevant here to many more-specifically risks-related
  issues.  PGN

------------------------------

Date: Wed, 17 Aug 2016 11:47:55 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Squirrel blamed for power outage in Menlo Park CA

A squirrel bit into a power line on Crane Street in downtown Menlo Park at
6:30 p.m. on 16 Aug 2016.  In the aftermath of the arc and subsequent explosion
that knocked out power for 1700 PG&E customers, a "smoldering grey squirrel"
was found in the gutter.  In each of two different buildings on Crane
Street, someone was trapped in an elevator for about 20 minutes and had to
be rescued by the fire department.  [Source: today's local *Daily Post*
front-page item, PGN-ed]

As noted below, surprisingly many squirrels have been featured in RISKS
since RISKS-4.02, almost 30 years ago!  You might think that this problem
should be easily preventable.  On the other hand, this is just another kind
of RISKS case that seems to recur [*].  (You might think it was not so kind
for the squirrel -- except that the article quotes the MP Fire Chief: ``It
all happened in the blink of an eye, and we don't think he suffered at
all.'')

  [* "Recur" would be more appropriate in this context if it had involved
  mongrel dogs rather than squirrels.]*

Here's the squirrelitany in RISKS to date:

Vol 4:  Insurgent Squirrel Joins No-Ways Arc (Ross McKenrick)
Vol 5:  Squirrels and other pesky animals (Frank Houston)
Vol 5:  Squirrels, mice, bugs, and Grace Hopper's moth (Mark Mandel)
Vol 6:  Yet another skunk in the squirrel story (Rick Jaffe)
Vol 8:  SRI attacked by kamikaze squirrels? (David L. Edwards)
Vol 8:  No power lunch, just no-power crunch (after the squirrel's over)
Vol 16: Squirrels again bring down Nasdaq (Joe Morris, Bob Frankston)
Vol 16: More than squirrels: Newbridge Networks (Bob Frankston)
Vol 16: Re: squirrelcide (Douglas W. Jones)
Vol 17: Invaders in Eastern Washington [more squirrels] (David Burlingame)
Vol 19: 5th SRI squirrelcide causes 18.5-hour outage (PGN)
Vol 20: Squirrelcide at San Jose Airport (Dave Stringer-Calvert)
Vol 27: The goto Squirrel (Dennis E. Hamilton)
Vol 28: Squirrels are now performing coordinated attacks (Jerry Saltzer)
Vol 29: Squirrel blamed for power outage in Menlo Park CA (PGN)

------------------------------

Date: Wed, 17 Aug 2016 11:59:04 -0700
From: Rob Slade <rmslade () shaw ca>
Subject: China launches first quantum-enabled satellite (BBC)

(... or, maybe not)

http://www.bbc.com/news/world-asia-china-37091833

Aside from the fact that it allows me to make a quantum joke, this article
allows me to rant about quantum cryptography.

Ever since I have started to research the security implications of quantum
computing, quantum crypto has bugged me.  Yes, the theory is beautifully
elegant, and (theoretically) allows us to detect passive eavesdropping for
the first time.  But dozens of attacks have demonstrated that, as usual, the
devil is in the implementation details.

And the implementation details here are even bigger.  Our current quantum
crypto systems require dedicated, single-mode fibre optic cable.  And, as I
keep pointing out to students and in presentations, if you've got dedicated,
single-mode fibre optic cable you have very little need for encryption.
(No, agreed, not zero.  But I think we can agree that this is a pretty good
definition of "vanishingly small.")

I did once hear of a project to try and use quantum crypto between ATMs and
smartphones, and that might (*MIGHT*) have been a defence against shimming
attacks.  But that was limited to 30 cm, and this is going to be a lot
farther.

Despite the mounting evidence that quantum crypto is not going to be a
panacea for all security ills, interest in the topic just keeps growing.
(And what *really* irks me is that it diverts attention from other areas of
research into the use of actual quantum computing, which probably would be
really useful in security.)

I will be interested to learn of the results of the testing.

But I'm not holding my breath.

rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/

------------------------------

Date: Wed, 17 Aug 2016 10:22:36 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Clinic won't pay breach protection for victims; CEO says it
  would be death of company" (John Fontana)

John Fontana for Identity Matters, ZDNet, 16 Aug 2016
Is Death by Breach a real affliction to be feared by mid-sized small
businesses?
http://www.zdnet.com/article/clinic-wont-pay-breach-protection-for-victims-ceo-says-it-would-be-death-of-company/

------------------------------

Date: Wed, 17 Aug 2016 14:16:08 -0500
From: "Alister Wm Macintyre \(Wow\)" <macwheel99 () wowway com>
Subject: Australia rising

Australia moves northward 3 inches a year, or 5 feet north of where it was
20 years ago.  This means that longitude & latitude should have been
updated, but they wait until over-reliance on GPS leads Australian drivers
into harms way, before trying to both fix the system, and fix it in such a
way that there will be continuous updates, so not get in this mess again.
In the process, they blame GPS for the actions of mother nature, and the
inactions of mankind.

http://www.popularmechanics.com/science/environment/a22125/australia-gps/
http://phys.org/news/2016-07-australia-world-literally.html

------------------------------

Date: Wed, 17 Aug 2016 06:47:16 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: 42 infants found in secret CalGang gang database

FYI -- These babies are at risk if they wear the wrong colors, the wrong
headgear, or if they don't put their hands up...

"Law enforcement officials told auditors no real harm comes to those who end
up in the database."

RISKS has from its inception talked about the problems with these types of
databases.  But with 'no fly lists' and other extra-Constitutional
restrictions on civil liberties, these database "errors" can destroy lives.

http://www.voiceofsandiego.org/topics/public-safety/scathing-audit-bolsters-critics-fears-secretive-state-gang-database/
http://www.voiceofsandiego.org/wp-content/uploads/2016/08/CalGangs-audit.pdf

Scathing Audit Bolsters Critics' Fears About Secretive State Gang Database

An explosive state audit confirms many of the fears that San Diego
Assemblywoman Shirley Weber and others have long expressed about the state's
gang database: that it cannot ensure individuals' privacy, that people can
be entered in the database without proper substantiation, and that people
are kept in the database long after their names should have been purged.

An audit of the state's gang database was prompted by inquiries from San
Diego Assemblywoman Shirley Weber.

Sara Libby, Beware the gangster babies, 11 Aug 2016

Among the explosive findings included in a new audit of the state gang
database, CalGang, auditors say they found "42 individuals in CalGang who
were supposedly younger than one year of age at the time of entry--28 of
whom were entered for 'admitting to being gang members.'"

The state Legislature, prompted by San Diego Assemblywoman Shirley Weber,
requested the audit, which was released Thursday.

The database is a statewide tool that provides law enforcement officers
access to data about an individual's gang ties.

But Weber said that she was troubled when she struggled to find basic
details about how the gang database operates.  Now the audit has provided
some of those answers -- and they're disturbing.

The audit confirms many of the fears that Weber and others have long
expressed about the CalGang system: that it cannot ensure individuals'
rights to privacy, that people can be entered in the database without proper
substantiation and that people are kept in the database long after their
names should have been purged.

"Probably people are pretty shocked about just how deep the problems are in
the CalGang system in terms of lack of transparency, lack of consistency in
terms of how the standards are used," Weber said.

Weber herself was not one of them.

"I was not shocked at all.  If you don't live in a community that has had
concerns about this ... I've heard these complaints for years.  As most
folks know, my own son was threatened to be put on the gang list, and he
hadn't done anything.  I hear these things from parents on a regular basis.
But I think some of my colleagues were shocked," she said.

A snapshot of the findings:

* Even with the broad criteria for including someone in CalGang, a check on
  100 individuals included in the database found that "law enforcement
  agencies did not have adequate support for inclusion of 13 of these
  individuals."

* "flaws in CalGang's controls caused many individuals to remain in the
  system longer than federal regulations allow; in fact, some individuals
  are currently scheduled to remain in CalGang for hundreds of years."

* the CalGang leadership structure doesn't allow for any public input or
  oversight, and conflicts are rampant.  One law enforcement officer, for
  example, "stated that he enters approximately 95 percent of CalGang
  records for his agency, yet this same sergeant is also responsible for
  conducting any audits of CalGang records for the region because he is the
  node administrator."

* Though CalGang data is intended to be used only as a law enforcement tool,
  the audit found "at least three law enforcement agencies may have
  inappropriately used CalGang as an employment screening tool" -- possibly
  in violation of those individuals' privacy rights.

Law enforcement officials told auditors no real harm comes to those who end
up in the database.  In San Diego, we've seen that's not true.

Aaron Harvey's inclusion in the database landed him in the thick of a case
that threatened to send him to jail for life -- even though San Diego
prosecutors admitted he hadn't actually committed the crime at hand.
Rather, they argued, the Lincoln Park resident benefited from a series of
shootings because the real criminals belonged to the same gang as Harvey.
Harvey denies he's in a gang, and says he landed in the database thanks to
being stopped by police in his neighborhood dozens of times.

Here's how I described some of what can land a person in the gang database
last year:

  According to the state, a person can be entered into the CalGang database
  if he or she meets any two criteria from a list that includes: admitting
  to being a gang member: being arrested alongside known gang members; being
  ID'd as a gang member by a reliable source; being seen affiliating with
  documented gang members; displaying hand gestures affiliated with a gang;
  frequenting gang areas; wearing gang dress; or having gang tattoos.

Harvey's case was later dismissed.

Critics have for years said the criteria for inclusion in the database is
too broad.  The report notes: "academic literature suggests that the broad
criteria used to label gangs and gang members may make it difficult for
youth living in gang-heavy communities to avoid meeting the qualifying
criteria and that gang labeling can stigmatize minority, inner-city youth,
limiting their social and economic opportunities."

Indeed, the report says that being seen associating with gang members, and
wearing "gang dress" are the No. 2 and No. 4 most-used criteria to land
someone on the database.  In a gang-heavy neighborhood, that could include
simply talking to a neighbor and wearing a red shirt.

The No. 1 most-used criteria to land a person in the database, according to
the report, is self-admitting to being in a gang.  But even this can be
problematic: The report notes it found at least one instance of someone
being included in the database under this criteria, even though interview
notes revealed the man had told officers he was not in a gang.

A bill written by Weber that would mandate that adults be notified when
they're entered into the database passed out of the Senate Appropriations
Committee on Thursday.

A 2013 law requires officials to notify parents of juveniles when their kids
land in the database.  But the audit found that in many cases, that's still
not happening.

Despite the problems, Weber said she still believes CalGang -- if used and
monitored properly, can be a good crime-fighting tool.

"This is an important tool in law enforcement," Weber said.  "And this
report says that probably the manner in which we're using it is not very
effective in terms of fighting crime."

As for the audit's discovery that people younger than 1 year old were
entered in the database, that finding was in a section on rampant errors --
presumably those people were adults whose ages were entered incorrectly.

------------------------------

Date: Wed, 17 Aug 2016 18:12:51 -0400
From: Monty Solomon <monty () roscom com>
Subject: A Distracted-Driving Ban in New Jersey? Some Say It Threatens a Way
  of Life (NY Times)

A bill that could fine distracted drivers as much as $800 has led to an
outcry among residents for whom driving is more a state of being than an
activity.

http://www.nytimes.com/2016/08/18/nyregion/new-jersey-distracted-driving-ban.html

------------------------------

Date: August 16, 2016 at 5:21:01 PM EDT
From: Gregory Aharonian <greg.aharonian () gmail com>
Subject: Ford to offer self-driving cars without steering wheels to Uber by 2021

  [via Dave Farber]

http://www.computerworld.com/article/3108493/car-tech/ford-to-offer-self-driving-cars-without-steering-wheels-by-2021.html

First, Uber destroys the livelihoods of taxi drivers by replacing them with
Uber serfs, and then Ford will destroy the livelihoods of the serfs by
taking away the steering wheels.

Telling and sad that article does not mention "job".  The technology press
has to expose its hidden misanthropy.  We need to innovate (and patent -- I
need work!) technologies that bring new benefits and new jobs - for all.

Greg Aharonian, Editor, Internet Patent News Service

  [See also
https://www.theguardian.com/technology/2016/aug/16/ford-self-driving-cars-ride-sharing-uber-lyft

------------------------------

Date: August 16, 2016 at 6:35:01 PM EDT
From: Lauren Weinstein <lauren () vortex com>
Subject: Re: Ford to offer self-driving cars without steering wheels
  to Uber by 2021

Most of this is almost entirely academic at this point. Ford is mostly
blowing smoke. Outside of the fact that vehicles as they describe would be
explicitly *illegal* on public roads in California and various other locales
based on the draft regulations in circulation that require an alert human
driver, steering wheel, pedals, etc. -- we're not even close to dealing with
the extremely long tail of all kinds of roads, all kinds of weather, all
kinds of common situations (like dealing with the verbal commands of an
officer at a traffic accident) and on and on. The list of issues is almost
endless and we've barely scratched the surface. My guess is that Ford is
actually pushing for some sort of "people mover" concept in controlled,
restricted areas.

The amount of hype in this sphere is almost beyond measure. I saw an article
today predicting most delivery drivers would be out of work in 10 years. You
don't need more than half a brain and a few minutes thought to realize the
multiple reasons why that won't happen even if we had miracles of tech
developments and cost decreases over that time. Or even twice that time.

I still feel that the research is worthwhile toward improved safety systems,
but I would like to see serious discussion from the proponents of the "all
autonomous vehicles future" of what that could mean in terms of governmental
access to vehicle data and remote control over vehicle operations,
individually and en masse. Control travel and you control the
population. Amusingly, the same folks with the stars in their eyes about a
future demise of human-driven vehicles seem to avoid discussing how law
enforcement and other government agencies could leverage it. You can be sure
those entities are *already* drooling at the prospects though, however
distant they may be.

------------------------------

Date: Wed, 17 Aug 2016 10:52:17 -0700
From: Michel Bouckaert <michel () lodix net>
Subject: Re: "Tesla and Troubles" (AlMac, RISKS-29.69)

  [Re: "Autopilot"]

The problem is the hype in reporting.  Even touting the feature as a
"co-pilot" who is never PIC ("Pilot in command") should not become a problem
-- until the meaning is corrupted.

In the Tesla case, overclaiming was the problem.

Under-claiming happens too: that could be seen in another automotive
evolutionary move, where most of what I read in the dailies about GM's Volt
was "omitting" that it had a conventional engine too.

In the Tesla tale, Tesla is the messenger.  Don't shoot it.  It's hard to
correct the daily press when it [the press] is going astray.

  [Although controversial today, it seems likely that by 2021 we will
  acknowledge that cars without human drivers will be *substantially* safer
  than cars with human drivers -- which is probably already the case today!
  PGN]

------------------------------

Date: Tue, 16 Aug 2016 17:49:50 -0700
From: Barry Gold <barrydgold () ca rr com>
Subject: Re: Tesla "autopilot"

I have to wonder if Musk has thought about the level of risk he has taken on
in advertising the "Autopilot" in this way.

Assume the owner/"operator" turns on the "autopilot" and then stops paying
attention to his environment -- perhaps watching a movie on their phone or
tablet, perhaps texting, perhaps even sleeping. The car drives for a while,
then has an accident in which an innocent person (not an occupant of the
car) is severely injured or killed.

The owner may have the statutory minimum liability insurance ($15,000 per
victim, $30,000 per accident), which won't even cover the healthcare costs
of a severe injury, to say nothing of the other economic and non-economic
damages. The victim's lawyer will look around for "deep pockets" and, lo and
behold, there's Tesla Motors with a market cap of $33E9. I think any
competent lawyer could convince a judge that he has at least a triable case
that Tesla's advertising was negligent and contributed to the victim's death
or injuries. If the accident occurs in one of the 46 states that use Joint
and Several liability, Tesla could have to pay everything above that
(ridiculously small) statutory liability limit.

------------------------------

Date: Tue, 16 Aug 2016 19:01:27 -0700
From: "Mark E. Smith" <mymark () gmail com>
Subject: Re: Hacking the Vote: the Security of Our Election Systems

The risk here seems to be that if we hack and/or influence foreign
elections, foreign countries might do unto us as we have done unto them.

Which isn't acceptable because we're exceptional and we're a democracy. Our
government would never hack foreign elections, bail out banks, or start wars
based on lies without first requesting and obtaining the consent of the
governed.

Oh? We gave our elected officials blanket consent to do whatever they wished
when we voted? Our job was over once we voted, as we had delegated all
decision making power to our elected representatives and we no longer had a
voice?

And I should be concerned about the security of the processes that
legitimize this sham?

------------------------------

Date: Wed, 17 Aug 2016 06:25:33 -0700
From: Henry Baker <hbaker1 () pipeline com>
Subject: Re: Thai Plan to Track All Foreigners By SIM Cards Moves
  Forward (Jacobson, RISKS-29.69)

So why not just give every "foreigner" a GPS ankle bracelet?  ;-)

(Both U.S. Presidential candidates are already competing vigorously for who can destroy more civil rights; perhaps we 
shouldn't give them any more ideas?)

------------------------------

Date: Wed, 17 Aug 2016 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
  http://www.risks.org takes you to Lindsay Marshall's searchable archive at
    newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html --> VoLume, ISsue.
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
  <http://the.wiretapped.net/security/info/textfiles/risks-digest/>
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 29.70
************************
Previous By Date Next
Previous By Thread Next

Current thread: