RISKS Forum mailing list archives
Risks Digest 33.65
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 11 Mar 2023 15:54:26 PST
RISKS-LIST: Risks-Forum Digest Saturday 11 March 2023 Volume 33 : Issue 65 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.65> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Noam Chomsky: The False Promise of ChatGPT (via Matthew Kruk) ChatGPT Convulses Big Tech with its Promise and its Peril (NYTimes) Two types of dataset poisoning attacks that can corrupt AI system results (techxplore.com) Detection Stays Ahead of Deepfakes -- for Now (Matthew Hutson) Tesla under investigation after Model Y steering wheels fall off (The Verge) Stablecoin Issuer Circle Reveals $3.3 Billion SVB Exposure (Bloomberg) Blackbaud Fined $3M For Misleading Disclosures Re: 2020 Ransomware (Ryan Naraine) Canada's tax revenue agency tries to ToS itself out of hacking liability (Risky Biz News) Data breach hits hundreds of lawmakers and staff on Capitol Hill (NBC) North Korean hackers target security researchers with a new backdoor (Ars Technica) Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 (Krebs on Security) When Low-Tech Hacks Cause High-Impact Breaches (Krebs on Security) TikTok whistleblower claims U.S. data privacy efforts are seriously flawed (Engadget) Tech Is Allowing Businesses to Overcharge You in Tips (NYTimes) Why the Floppy Disk Just Won't Die (WiReD) Union `increasingly alarmed' about Indigo cyberattack, demands further disclosure (CBC) Password changing considered harmful (WSJ) Teens are stealing more cars. They learn how on social media (NYT) UK online safety bill -- how to create a digital dictatorship (Lauren Weinstein) Terms of enscamment? (Rob Slade) Re: Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough (Richard S. Russell) Re: Why I'm sticking up for science (zeurkous) Re: rm -rf (Henry Baker, Steve Bacher) Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? (John Levine) Re: FAA reports 'close call' between two planes at Logan Airport (Jan Wolitzky) Re: Everyone is special, SMS-Based Multi-Factor Authentication: What Could Go Wrong? (John Levine) Re: The privacy loophole in your doorbell (Steve Bacher) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 8 Mar 2023 18:40:24 -0700 From: Matthew Kruk <mkrukg () gmail com> Subject: Noam Chomsky: The False Promise of ChatGPT https://www.nytimes.com/2023/03/08/opinion/noam-chomsky-chatgpt-ai.html Jorge Luis Borges once wrote that to live in a time of great peril and promise is to experience both tragedy and comedy, with ``the imminence of a revelation'' in understanding ourselves and the world. Today our supposedly revolutionary advancements in artificial intelligence are indeed cause for both concern and optimism. Optimism because intelligence is the means by which we solve problems. Concern because we fear that the most popular and fashionable strain of AI -- machine learning -- will degrade our science and debase our ethics by incorporating into our technology a fundamentally flawed conception of language and knowledge. ------------------------------ Date: Thu, 9 Mar 2023 14:08:15 PST From: Peter Neumann <neumann () csl sri com> Subject: ChatGPT Convulses Big Tech with its Promise and its Peril (NYT) Tripp Mickle, Cade Metz, and Nico Grant, *The New York Times*, 9 Mar 2023 A scramble to assess the impact of AI. [It seems to be a nice enumeration of many of the problems created such as disrupting cloud providers, advertisers, and e-commerce sales (each discussed in considerable detail), questionable trustworthiness, legal implications, ownership, etc. ``No one knows where the courts will draw the lines.'' -- quoting Bradley J. Hulbert. PGN-ed] ------------------------------ Date: Wed, 08 Mar 2023 12:42:44 +0000 From: Richard Marlon Stein <rmstein () protonmail com> Subject: Two types of dataset poisoning attacks that can corrupt AI system results (techxplore.com) https://techxplore.com/news/2023-03-dataset-poisoning-corrupt-ai-results.html ``The research team calls this type of attack split view poisoning. Testing showed that such an approach could be used to purchase enough URLs to poison a large portion of mainstream AI systems, for as little as $10,000. ``There is another way that AI systems could be subverted -- y manipulating data in well-known data repositories such as Wikipedia. This could be done, the researchers note, by modifying data just prior to regular data dumps, preventing monitors from spotting the changes before they are sent to and used by AI systems. They call this approach front-running poisoning.'' As AI proliferates, overtrust -- reliance on output -- elevates training dataset's provenance and bona fides to bound false positive/negative outcomes. I applied for image diagnosis (mammograms, CAT/MRI, etc.), a patient should be entitled to a traceable explanation to supplement physician's review and concurrence or dispute of platform output. ------------------------------ Date: Wed, 8 Mar 2023 11:09:07 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: Detection Stays Ahead of Deepfakes -- for Now (Matthew Hutson) Matthew Hutson, *IEEE Spectrum*, 6 Mar 2023, via ACM TechNews, March 8, 2023 Computer scientists are developing more advanced algorithms for generating synthetic content, at the same time they are creating counter-algorithms to detect such content. Intel's Real-Time Deepfake Detector, slated for release this spring, will include FakeCatcher, which can identify facial changes due to blood flow. Developed by researchers at Intel and Binghamton University, FakeCatcher cannot be reverse-engineered easily to train a generation algorithm to get better at fooling it. Among other detection tools, researchers at the University of Florida developed a system that models the human vocal tract and can determine if an audio recording is biologically plausible. When it comes to detecting synthetic text, the University of Maryland's Tom Goldstein said the diversity in how people use language and a dearth of signal means it likely will lag other forms of detection. ------------------------------ Date: Wed, 8 Mar 2023 19:19:59 -0500 From: Monty Solomon <monty () roscom com> Subject: Tesla under investigation after Model Y steering wheels fall off (The Verge) https://www.theverge.com/2023/3/8/23630358/tesla-steering-wheel-bolt-nhtsa-model-y ------------------------------ Date: Sat, 11 Mar 2023 09:03:42 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: Stablecoin Issuer Circle Reveals $3.3 Billion SVB Exposure (Bloomberg) https://www.bloomberg.com/news/articles/2023-03-11/usd-coin-stablecoin-falls-further-from-peg-on-svb-exposure-risk?srnd=premium&sref=zVYYYI5e Also: Roku, Roblox and others disclose their exposure to SVB in SEC filings (TechCrunch) https://techcrunch.com/2023/03/11/roku-roblox-and-others-disclose-their-exposure-to-svb-in-sec-filings/ More than 85% of Silicon Valley's Bank's Deposits Were Not Insured https://time.com/6262009/silicon-valley-bank-deposit-insurance/ [Monty Solomon noted this relevant item: Here's how much of your bank deposits are FDIC protected: Michelle Singletary, *WashPost* https://www.washingtonpost.com/business/2023/03/10/faq-fdic-insurance/ PGN] ------------------------------ Date: Fri, 10 Mar 2023 14:28:45 -0500 From: Monty Solomon <monty () roscom com> Subject: Blackbaud Fined $3M For Misleading Disclosures Re: 2020 Ransomware (Ryan Naraine) Ryan Naraine, *Security Week*, 10 Mar 2023 https://www.securityweek.com/blackbaud-fined-3m-for-misleading-disclosures-about-2020-ransomware-attack/ [Among other things, Blackbaud had insisted there had been no leakage of customer information, which actually impacted 1300 customers. The original notice has since disappeared. PGN] ------------------------------ Date: Wed, 8 Mar 2023 13:02:09 -0500 From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema () rinzewind org> Subject: Canada's tax revenue agency tries to ToS itself out of hacking liability (Risky Biz News) https://riskybiznews.substack.com/p/risky-biz-news-canadas-tax-revenue The Canada Revenue Agency (CRA), the tax department of Canada, recently updated its terms and conditions to force taxpayers to agree that CRA is not liable if their personal information is stolen while using the My Account online service portal -- which, ironically, all Canadians must use when doing their taxes and/or running their business. The CRA's terms of use assert the agency is not liable because they have ``taken all reasonable steps to ensure the security of this Web site.'' ------------------------------ Date: Wed, 8 Mar 2023 17:47:03 -0500 From: Monty Solomon <monty () roscom com> Subject: Data breach hits hundreds of lawmakers and staff on Capitol Hill (NBC) Ryan Nobles, Frank Thorp V, Zoƫ Richards and Kevin Collier NBC News https://www.nbcnews.com/politics/congress/data-breach-hits-lawmakers-staff-capitol-hill-rcna74061 House Chief Administrative Officer Catherine L. Szpindor said the breach at the DC Health Exchange did not appear to target members of Congress. The Senate was also affected. The actual quote is somewhat less reasssuring: ``Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and [personally identifiable information] of hundreds of Member and House staff were stolen,'' Szpindor added that it did not appear that House lawmakers were ``the specific target of the attack'' on DC Health Link *. [PGN-ed] [* Just everyone using the Health Exchange used by Congress! PGN] ------------------------------ Date: Sat, 11 Mar 2023 09:10:42 -0500 From: Monty Solomon <monty () roscom com> Subject: North Korean hackers target security researchers with a new backdoor (Ars Technica) https://arstechnica.com/information-technology/2023/03/security-researchers-are-again-in-the-crosshairs-of-north-korean-hackers/ ------------------------------ Date: Thu, 9 Mar 2023 20:22:09 -0500 From: Monty Solomon <monty () roscom com> Subject: Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 (Krebs on Security) https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/ ------------------------------ Date: Thu, 9 Mar 2023 20:23:21 -0500 From: Monty Solomon <monty () roscom com> Subject: When Low-Tech Hacks Cause High-Impact Breaches (Krebs on Security) https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/ ------------------------------ Date: Fri, 10 Mar 2023 23:40:15 -0500 From: Monty Solomon <monty () roscom com> Subject: TikTok whistleblower claims U.S. data privacy efforts are seriously flawed (Engadget) https://www.engadget.com/tiktok-whistleblower-claims-us-data-privacy-efforts-are-seriously-flawed-211255093.html ------------------------------ Date: Fri, 10 Mar 2023 16:41:31 -0500 From: Monty Solomon <monty () roscom com> Subject: Tech Is Allowing Businesses to Overcharge You in Tips (NYTimes) Payment apps and touch screens have made it easy for merchants to ask us for preset gratuity amounts. We don't need to succumb to the pressure. https://www.nytimes.com/2023/03/01/technology/personaltech/tipping-defaults-digital-payments.html ------------------------------ Date: Wed, 8 Mar 2023 13:36:57 +0200 From: Amos Shapir <amos083 () gmail com> Subject: Why the Floppy Disk Just Won't Die (WiReD) It seems that there are still a lot of businesses around who use systems (including industrial machinery and even passenger aircraft) which are 20-30 years old, and depend on floppy disks to get their data -- and these are now running out. https://www.wired.co.uk/article/why-the-floppy-disk-just-wont-die ------------------------------ Date: Sat, 11 Mar 2023 13:51:45 -0700 From: Matthew Kruk <mkrukg () gmail com> Subject: Union `increasingly alarmed' about Indigo cyberattack, demands further disclosure (CBC) https://www.cbc.ca/news/business/indigo-workers-cyberattack-data-1.6776119 A union representing 200 employees of Indigo Books & Music Inc. is calling on the retailer to disclose more information about the scope of its recent data breach and offer additional support to staff affected. United Food and Commercial Workers International Union Local 1006A says it is *increasingly alarmed* by new information that has come to light about a 8 Feb 2023 cyberattack on Canada's biggest bookstore. ------------------------------ Date: Sat, 11 Mar 2023 13:35:31 -0500 From: dan () geer org Subject: Password changing considered harmful (WSJ) [Long item PGN-ed.] https://www.wsj.com/articles/annoying-password-rules-actually-make-us-less-secure-a05edb70 Annoying Password Rules Actually Make Us Less Secure Does your company network or a frequently visited website force you to come up with a new password because it has declared your old one is past its expiration date? If you find that annoying, you're not alone. What's worse: It's actually bad for cybersecurity, say researchers. The scheduled-replacement policy is one of a number of poor or ineffective password practices that make logging into sites, apps and services more complicated and annoying than ever. We're not just talking about issues with government and corporate IT systems, though they can be among the worst offenders. Companies and services including Apple, Microsoft, Instagram and LinkedIn, among others, all have less-than-optimal password policies, according to a recent paper by researchers at Princeton University. These password policies can increase the chance that individuals' accounts can be breached, especially if users aren't using additional means of securing their accounts, such as two-factor authentication, says Arvind Narayanan, a professor of computer science at Princeton and one of the authors of the paper on bad password policies. Compelling routine password changes, for example, while a seemingly logical way to reset a password that may have been leaked, actually tends to make people more likely to choose weak passwords in the first place, according to numerous studies. Another flawed-but-common practice is to limit the combinations of characters one can use in a password, or compel users to include special characters in their passwords. It turns out those rules don't generally lead to more secure passwords, either. [...] Making better security available isn't enough Cybersecurity-savvy readers may, by now, be throwing up their hands in exasperation. Of course these are all bad password policies! But do they matter, if a person uses two-factor authentication on their most important accounts, and they're using a password manager to generate a unique and complicated password for everything they log into? (A password manager, which everyone should adopt, generates strong passwords, stores them and automatically enters them into apps and sites.) [...] In sum, the key to making individuals and organizations more secure is to create cybersecurity policies that respect how people actually behave in the real world. ``I think security has always been everybody's problem, but now we are realizing it, And I think a well-designed security system can help reduce the burden on the non-security experts on the team.'' [Dr. Lorrie Cranor, who is quoted heavily throughout the article. PGN] [WSJ article also noted by Monty Solomon. PGN] ------------------------------ Date: Fri, 10 Mar 2023 07:45:05 -0700 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: Teens are stealing more cars. They learn how on social media (NYT) Tim Arango and Jacey Fortin, *The New York Times*, 10 Mar 2023 https://www.nytimes.com/2023/03/10/us/car-thefts-kia-challenge-tiktok.html Violent crime is largely receding from pandemic highs, but cities face a surge in car thefts, driven in part by videos that show how to hot-wire models by Kia and Hyundai. ------------------------------ Date: Sat, 11 Mar 2023 08:49:44 -0800 From: Lauren Weinstein <lauren () vortex com> Subject: UK online safety bill -- how to create a digital dictatorship Essentially this bill turns the UK into Iran, North Korea, Russia, and China. And the U.S. is definitely next, with both the Left and Right on-board toward furthering their own ends. -L Also: Secure messaging apps line up to warn UK's Online Safety Bill risks web security https://techcrunch.com/2023/03/10/uk-osb-e2ee-warning/ ------------------------------ Date: Wed, 8 Mar 2023 07:34:16 -0800 From: Rob Slade <rslade () gmail com> Subject: Terms of enscamment? I have mentioned that a number of people seem to think that my GMail email address, rslade () gmail com, is theirs. I've received all kinds of email messages, over the years, from legitimate vendors and contacts, who have apparently been told to use rslade () gmail com as the contact for a bunch of people who aren't me. Mostly I think it's just carelessness. I wonder, at times, if sometimes it could, partly, be part of a scam by someone who is hiding their own identity. I try to look at any of these messages from a variety of perspectives. Today I got a message from Eventbrite. It seems to be legitimately from Eventbrite. Someone bought tickets to *Terms of Endearment*--in Shanghai, China. (Ticket prices seem to be fairly steep in China: they are $23.17 each, according to the statement.) (Then again, it may be live theatre, rather than an old movie, so, in that case, it's pretty cheap.) Seven people seem to be going. The tickets are paid, by a MasterCard account that is not mine. The event seems to be about 22 hours from now, if the world clock Website that I use frequently is correct. I hope that they get in and enjoy the show. I'm pretty sure that there is no risk to me, and the only risk I can see is that they may not get in if they don't get the tickets. I do wonder why Eventbrite let them buy tickets on my account without knowing my password, but that is presumably Eventbrite's problem ... ------------------------------ Date: Tue, 7 Mar 2023 15:11:23 -0600 From: "Richard S. Russell" <RichardSRussell () tds net> Subject: Re: Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough (RISKS-33.64) https://madison.com/news/local/madison-city-council-looks-to-sue-kia-hyundai-for-making-it-too-easy-to-steal/article_3193e905-5ce7-51ef-a792-825df201cc00.html Madison City Council looks to sue Kia, Hyundai, for making it too easy to steal cars Since the article itself, dated 2023-03-07, is behind a paywall, I've copied it for you: The city of Madison [Wisconsin] is gearing up to sue car manufacturers Kia and Hyundai over the lack of anti-theft software in their vehicles after they accounted for nearly half of thefts of cars in the city last summer. City council members will take up a resolution Tuesday night over whether the city can retain outside counsel for a federal lawsuit for Kia and Hyundai's ``role in creating a public nuisance,'' a statement from the city said. Car thefts dropped by 5% <https://madison.com/news/local/crime-and-courts/we-do-have-a-safe-city-gunfire-car-thefts-down-in-madison-after-summertime-anti/article_efded0db-c166-57b4-8e8d-6cf6f3b76d62.html> in Madison last summer, compared to the prior year, but thefts of Kia and Hyundai cars increased by 270%, making up 45% of all stolen auto cases in July and August. Rates of Kia and Hyundai thefts are even higher in Milwaukee, where the two brands comprise 60% of all stolen autos. <https://www.jsonline.com/story/news/crime/2023/02/20/new-class-action-lawsuit-by-milwaukee-man-targets-kia-hyundai/69924626007/> The two brands are especially susceptible to theft because of a manufacturing flaw in less-expensive models that allows vehicles to be stolen even if a key isn't present. Viral TikTok challenges spearheaded by Milwaukee-based *Kia Boys* taught people how advantage of that flaw by starting the engine with a USB cable and a screwdriver. ``Madison residents deserve better,'' Mayor Satya Rhodes-Conway said in a statement. ``These corporations cut corners and put people at risk. In their search for profits, they pushed the costs of keeping people safe off to cities like Madison. That's unacceptable.'' ------------------------------ Date: Wed, 08 Mar 2023 08:56:07 +0000 (UTC) From: zeurkous () blaatscaahp org Subject: Re: Why I'm sticking up for science (Richard Dawkins) [IME, Mr. Dawkins's rant constitutes propaganda unworthy of RISKS. Nonetheless, I have a short response.] [It was worthy of RISKS precisely because it raised a lot of hackles -- with me as well, and I am delighted your zeurkous circus has chimed in. What worries me most is that you were the *only* one to respond. RISKS is *always* interested in smoking out falsehoods. PGN] In his rant, Mr. Dawkins falls into the common trap of defending science(tm) [insert Chester from the Bunnicula cartoons here] against political interference: from most scientists' point of view, science is supposed to dictate politics, not the other way around! Unsurprisingly, politicians often feel exactly the opposite, and this is thus is a likely factor leading to Mr. Hipkins's intervention. Furthermore, I think it's very ironic of Mr. Dawkins to allege *special treatment* for the Maori when the colonists made themselves the exception from virtually the moment they arrived (and have been doing so ever since), at the near-total expense of the original human population! Now who needs *special treatment*, eh? The *forcing to learn* issue comes down to a discussion about unschooling and that, too, seems to be pretty off-topic for this list. Overall it would seem wise to move the discussion onwards from *how do we protect the institution of science against those barbarian politicans?* to *how can we be more empirical and less dogmatic?'' If anything, science(tm) [insert Chester again] desperately needs the latter discussion, not the former. But the newspapers won't be interested. No shock value. I'm hoping better for this list. ------------------------------ Date: Wed, 08 Mar 2023 03:26:15 +0000 From: Henry Baker <hbaker1 () pipeline com> Subject: Re: rm -rf I've been discussing this problem with Sylvestre Ledru, who has been *re-implementing* the so-called 'Core Utilities' in *Rust*. <sylvestre () debian org> So far, he's been trying to implement compatibility with the Gnu Core Utils (but with fewer errors, of which there have been precious few for Gnu). But these Core Utilities form the basis of a computer *language* that is extensively used by Unix/Linux developers, and have never been completely systematized. For example, in the case of error conditions, one is never 100% sure what state the system will be left in. This isn't normally a problem for individual execution from an interactive user, but it becomes a serious problem in scripts. I have suggested that these *core utilities* have *clean composable semantics* with *predictable* results; including undoing any visible side-effects, when this makes sense. For example, one principle which might be helpful for *most* such utilities: either run to completion w/o errors, or reset the state to the situation prior to the start of execution. I.e., an *atomic* 'all-or-none' set of side-effects, along the lines of 'ACID' databases: https://en.wikipedia.org/wiki/ACID I realize this won't help when 'cd' errs out, but perhaps something like cd foo && rm -rf is the right solution ? cd --help: Exit Status: Returns 0 if the directory is changed ... non-zero otherwise. ------------------------------ Date: Fri, 10 Mar 2023 10:29:21 -0800 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: rm -rf (Mateos, RISKS-33.64) /set -euo pipefail/ That is a good idea and one I had not taken advantage of. However, one needs to be careful about the effects it may have on other parts of the script, including external scripts invoked from the script where you code the set command. Also, there are cases where you want to run a command and test its outcome (like access to a file or other resource) where continuation of the script is preferable at that point. Of course you can encase those sections of code inside a subshell with pipefail turned off. But care should still be taken with any global setting. ------------------------------ Date: 7 Mar 2023 16:15:15 -0500 From: "John Levine" <johnl () iecc com> Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? (Libove, RISKS-33.64) Vanguard uses whatever 2FA you have configured. If you don't like SMS (and you shouldn't), don't use it. I have my account configured to use a couple of Fido keys and my phone as 2FA, no SMS. I wouldn't use BofA if they paid me, so no idea what their policy is. ------------------------------ Date: Tue, 7 Mar 2023 18:35:08 -0500 From: Jan Wolitzky <jan.wolitzky () gmail com> Subject: Re: FAA reports 'close call' between two planes at Logan Airport (RISKS-33.64) There's nothing in this story relevant to this forum. It's not about a system problem; it's not about a computer issue. The clearance was proper, the readback was proper; the pilot just screwed up. [And that's not relevant? Isn't the TCAS technology supposed to prevent that? PGN] ------------------------------ Date: 7 Mar 2023 21:59:49 -0500 From: "John Levine" <johnl () iecc com> Subject: Re: Everyone is special, SMS-Based Multi-Factor Authentication: What Could Go Wrong? (Cosell, RISKS-33.64)
... So what's the weakness that might make me have to mess with 2FA?
The obvious ones are that some piece of malware installs a keylogger on your computer, or you make an unfortunate typo and don't notice it in time. or your password vault has a bug and it leaks. (See messages about Lastpass in recent RISKS digests.) ------------------------------ Date: Fri, 10 Mar 2023 08:21:35 -0800 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: The privacy loophole in your doorbell When this appeared in RISKS-33.64, the URL was omitted. https://www.politico.com/news/2023/03/07/privacy-loophole-ring-doorbell-0008497 ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest-33.65 ************************
Current thread:
- Risks Digest 33.65 RISKS List Owner (Mar 11)