[risks] Risks Digest 22.46

From: RISKS List Owner (riskoat_private)
Date: Fri Jan 03 2003 - 17:00:03 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.47"

    RISKS-LIST: Risks-Forum Digest  Friday 3 January 2003  Volume 22 : Issue 46
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.46.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    H&R Block employees suspected of identity theft against 27 customers 
      (Monty Solomon)
    Half-million people victimized by stolen hard-drives (Monty Solomon)
    Woman shot by former classmate who stalked her by Internet (Monty Solomon)
    Man allegedly stalks ex-girlfriend with help of GPS (George Mannes)
    Credit agencies provide information on your relations under DPA (Tim Storer)
    PGP.COM cannot handle sales to some US residents (Michel E. Kabay)
    /Trivial/ Risks of Technical Arrogance (melandrob searle)
    Oregon proposing taxing in-state car mileage via GPS (Mike Hogsett)
    Re: Total Information Awareness / O Big Brother (Fredric L. Rice)
    Re: Computer programmer faces U.S. fraud charge (Bob Morrell)
    Re: Surgical tool left in woman's stomach for 4 months (John Sullivan)
    Caller ID untrustworthy (Mathew Lodge)
    REVIEW: "Protect Your Digital Privacy", Glee Harrah Cady/Pat McGregor
      (Rob Slade)
    REVIEW: "Privacy Defended", Gary Bahadur/William Chan/Chris Weber (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Thu, 2 Jan 2003 16:12:19 -0500
    From: Monty Solomon <montyat_private>
    Subject: H&R Block employees suspected of identity theft against 27 customers
    
    A federal complaint charges that 27 people who went to H&R Block for help
    with tax preparation through April 2001 had their personal information
    stolen in an identity theft scam involving four suspects, who allegedly used
    names, addresses, SSNs, and dates of birth to alter the victims' addresses
    for tax refunds, opened new credit-card accounts, etc.  H&R Block reportedly
    would not cooperate in the investigation until it was subpoenaed.  [Source:
    Associated Press, 2 Jan 2003, PGN-ed]
    http://www.boston.com/dailynews/002/economy/H_R_Block_employee_accused_of_:.shtml
    
    ------------------------------
    
    Date: Thu, 2 Jan 2003 18:05:17 -0500
    From: Monty Solomon <montyat_private>
    Subject: Half-million people victimized by stolen hard-drives
    
    SSNs and other personal information for a half million military personnel
    and family members were stolen from hard-drives belonging to Phoenix-based
    TriWest Healthcare Alliance on 14 Dec 2002.  [Source: Associated Press item,
    $100K Reward for stolen ID data, 2 Jan 2003; PGN-ed...  Coincidentally, DoD
    is in the process of computerizing medical records of all military
    personnel.  Can they spell Security?  Encryption?  Identity Theft?]
      http://www.wired.com/news/privacy/0,1848,57045,00.html
    
    ------------------------------
    
    Date: Tue, 31 Dec 2002 02:06:01 -0500
    From: Monty Solomon <montyat_private>
    Subject: Woman shot by former classmate who stalked her by Internet
    
    A former classmate of Amy Boyer, 20, paid an Internet information broker to
    track her down, and then shot her on 15 Oct 1999.  Since her death, the
    family has been fighting to protect other potential victims, most recently
    suing the information broker for negligence and invasion of privacy.
    [Source: Parents of slain woman want to stop Internet brokers from selling
    personal information, by Holly Ramer, Associated Press, 30 Dec 2002; PGN-ed]
    
    http://www.boston.com/dailynews/364/nation/Parents_of_slain_woman_want_to:.shtml
    
    ------------------------------
    
    Date: Fri, 3 Jan 2003 11:57:23 -0500
    From: George.Mannesat_private
    Subject: Man allegedly stalks ex-girlfriend with help of GPS
    
    The story starts here on The Smoking Gun (GPS angle appears at bottom of second
    page of typed complaint):
      http://www.thesmokinggun.com/archive/pseidler1.html
    
    As far as I can guess (not confirmed) this is the product allegedly used:
      http://www.landairsea.com/Land%20Air%20Sea%20Smart%20Track%20Brochure.pdf
    
    Now anyone, for better or worse, can be James Bond.
    
      [A 42-year-old Wisconsin man is accused of stalking an ex-girlfriend by
      placing a GPS tracking device under the hood of her car.  The device
      George refers to is called SmartTrack.  PGN]
    
    ------------------------------
    
    Date: Mon, 30 Dec 2002 12:30:54 -0000
    From: "Tim Storer" <twsat_private-and.ac.uk>
    Subject: Credit agencies provide information on your relations under DPA
    
    http://www.bbc.co.uk/cgi-perl/whatson/prog_parse.cgi?FILENAME=20021229/20021229_1700_49700_9239_40
    
    http://www.bbc.co.uk/cgi-perl/whatson/prog_parse.cgi
      ?FILENAME=20021229/20021229_1700_49700_9239_40
    
    The programme is A Right to Know presented by Michael Crick on BBC Radio 4.
    He requested information held on him by a credit agency under the Data
    Protection Act.  Interestingly, the company supplied the information --
    including the credit history of another member of his family because this is
    used to assess your own rating.  Apparently the agency's policy was to
    supply the data on other occupants at an address if they shared a surname.
    The representative of the agency didn't seem overly clear as to whether this
    procedure had now been corrected.  Crick goes on to point out the rather
    obvious risks...
    
    ------------------------------
    
    Date: Tue, 31 Dec 2002 14:52:46 -0500
    From: "Michel E. Kabay" <mkabayat_private>
    Subject: PGP.COM cannot handle sales to some US residents
    
    PGP.COM's Web site is programmed so that customers can go through all the
    forms required to order and pay for a license for PGP -- and then can refuse
    access to the download after the credit-card has been debited if it cannot
    do a reverse IP lookup on what it receives as the customer's IP address.
    
    The following message appeared on my screen when I clicked on the download
    button: "In accordance with current US Export restrictions, PGP 8.0 products
    may be downloaded by individuals throughout the world except those in the
    following countries: Cuba, Libya, Iran, Iraq, North Korea, Sudan, and
    Syria. If you are in one of these countries, you may not download PGP
    software."
    
    I was downloading from Vermont using my StarBand account.  I tried again
    after disabling my firewall -- no luck.
    
    The customer service agent was very nice and obviously embarrassed about
    this situation and admitted that there are no measures in place for dealing
    with such a technical glitch.  She diffidently suggested that I try to
    download the product again using a different ISP or Internet access point.
    
    I did suggest that the company might deal with such glitches in several
    ways:
    
    1) Check the IP address BEFORE the user fills out all the forms and the
    credit card gets debited.
    
    2) Send the user a CD-ROM to the US address listed in the order.
    
    3) Ask the user for strong evidence that they are in fact living in the
    US:  e.g., 
    
      a) have the user send a fax from the appropriate US fax machine phone line
      with a US driver's license showing the same address as the one used in the
      order;
    
      b) ask for other corroborating evidence such as a US address listing in
      university or corporate Web sites.
    
    Of course, I canceled the charge on my card.  Someday (not soon), I'll try
    to download the product from my university access point and -- if the
    university firewall does not conceal my IP address -- maybe I'll succeed in
    giving these people my money in return for an upgrade to their product.  In
    the meantime, I'll just continue using my PGP v6.5.8
    
    RISKS of assuming your automated system is perfect:  you lose sales.
    
    M. E. Kabay, PhD, CISSP  http://www2.norwich.edu/mkabay/index.htm
    
    * Associate Professor of Information Assurance
    Dept. of Computer Information Systems
    
    * Program Director, MSc in Information Assurance
    http://www3.norwich.edu/msia
    
    Norwich University, Northfield VT  +1.802.479.7937  mkabayat_private
    
    ------------------------------
    
    Date: Thu, 2 Jan 2003 16:36:22 +1300
    From: "melandrob.searle" <melandrob.searleat_private>
    Subject: /Trivial/ Risks of Technical Arrogance
    
    I am just about calmed down after a trying time with a christmas present for
    a five-year old. The whole sorry episode is of course my fault, I merely
    needed to read the minimum system requirements more thoroughly and remember
    precisely the characteristics of the family machine.
    
    The details :
    
    The game - shall remain nameless to protect somebody.
    The stated minimum system:
        Win 95 (OK I have XP which should be compatible and Google says the 
          game was released last year so I assume that the vendors/game 
          programmers mean or equivalent)
        Pentium 90 MHz or faster (Much faster)
        16 MB RAM (More than that)
        15 MB Hard Disk (No problem)
        Quad-speed CD-ROM (Yeah, yeah)
        Stereo sound card (Got a sound card, two speakers ----- Oops missed
          that one )
    
    So, eager five-year old by my side, go through installation. Fool the
    registration screen by lying about the location of Canterbury and the postal
    code (already said the country is Other but the stupid screen will not
    accept four digit post-codes or state/province abbreviations outside the
    US). First technical arrogance.  Installation completed successfully
    
    Locate the shortcut to the game and launch, wait, FATAL error no stereo
    sound game over. Second technical arrogance and this one gets me steamed up
    enough to write.
    
    I have worked on system and product software for nearly eighteen years and
    every year somebody decides that the behaviour under an error condition can
    be specified by the programmers (only the expected normal behaviour is a
    requirement). Handling of errors is ALWAYS a system issue. (My feelings on
    the game are that it is a bit like causing a core meltdown in a nuclear
    facility because the siren doesn't work).
    
    Programmers in their techy way decide that the minimum hardware is a
    critical environmental requirement and nobody told them that the PC on their
    desk may be a bit better specified than the typically available.  Has nobody
    heard of graceful degradation ?
    
    ------------------------------
    
    Date: Wed, 01 Jan 2003 13:43:55 -0800
    From: Mike Hogsett <hogsettat_private>
    Subject: Oregon proposing taxing in-state car mileage via GPS
    
      http://news.statesmanjournal.com/article.cfm?i=54184
    
    Despite "To protect drivers' privacy, using the system to track cars in
    real time would be illegal" the risks seem obvious.
    
    What about travel on private land and/or off-road mileage?  Who pays when
    you car is towed?  What about the fact that due to inaccuracies of GPS your
    position when stationary will often bounce back and forth between the
    extremes of those inaccuracies?
    
    ------------------------------
    
    Date: Fri, 03 Jan 2003 03:28:41 GMT
    From: friceat_private (Rev. Fredric L. Rice)
    Subject: Re: Total Information Awareness / O Big Brother
    
    The last couple of RISKS have touched upon the so-called "Total Information
    Awareness" plan that various United State law enforcement and intelligence
    agencies are planning (dare I say "plotting?") to implement.
    
    The issue of false positives when sifting through the mountain of
    information that's planned to be collected should be a nice waste of time,
    money, and resources for our government, diverting them from doing _real_
    police work by catching _real_ bad guys but if such a plan is implemented
    and is eventually developed to a minimum of perfection, innocent, lawful
    people who simply don't want to be identified, it seems to me, can
    eventually be so identified.  Apparently Americans don't have the right to
    privcy or the right to lawfully disappear in America.
    
    Quite a few years ago someone anonymously sent me a text document titled,
    "Vanishing Point: How to disappear in America without a trace" which I
    originally thought was rather paranoid though, with the passage of the
    euphemistically named "Patriot Act" I'm thinking might not be so paranoid at
    all.  After removing some of the more irresponsible text fragments from it,
    I posted it to my Web site, where it can be found at
      http://www.skeptictank.org/hs/vanish.htm
    
    One of the suggested items is:
    
      Alter your buying habits. When you throw your old self away, you need to
      discard as many predictable patterns as possible. One of the most common
      mistakes when hiding is maintaining old habits.  If you're a smoker,
      stop. If you don't smoke, start. If you enjoy hot and spicy foods, stop
      purchasing those items and change to mild foods. If you frequent bars,
      stop. This may seem an unusual step but you're working toward
      disappearing, right? Patterns are predictable. Break them.
    
      There is the possibility that in the future people may be identifiable by
      their purchasing habits. Granted the point-of-sale data collected by
      computers would need to be immense yet eventually pattern-recognition
      software may some day be able to provide authorities with perhaps 100 of
      the best possible "hits" on people matching your known buying habits. When
      -- if ever -- that becomes a reality, you can be sure you won't know about
      it until it's shown on cable television. By that time the technology will
      have been in use for years and you may end up on a list of possible
      matching a purchase profile.
    
    It seems more and more likely to me that such technology will be upon us
    thanks to the galloping fascism we're experiencing in America ...
    
    ------------------------------
    
    Date: Mon, 30 Dec 2002 18:39:26 -0500
    From: "Bob Morrell" <bmorrellat_private>
    Subject: Re: Computer programmer faces U.S. fraud charge (RISKS-22.44)
    
    Regarding the attempted manipulation of stock via spreading a virus in the
    company, the item noted "He had reportedly been hoping to gain from the
    resulting stock price drop."  This might leave the RISKS digest reader with
    the impression that the price of the stock did in fact fall as the result of
    the viral infection, which is not true, according to the NYTimes article, a
    link to which Mr. Solomon also provided. The article states: "The plan
    failed when a computer virus that Mr. Duronio personally transmitted to
    1,000 of the 1,500 computers used by PaineWebber brokers across the country
    failed to disrupt work seriously or cause a sharp change in the stock
    price." It wasn't that the virus was, like most viruses, harmless, or that
    computers are just not as important as we all think... Apparently backup
    computers kicked in and minimized any disruption.
     
    Good management of RISKS. Thank you Paine Webber...  [And incomplete PGN-ed]
    
    ------------------------------
    
    Date: Fri, 3 Jan 2003 14:21:50 +0000
    From: John Sullivan <john.sullivanat_private>
    Subject: Re: Surgical tool left in woman's stomach for 4 months (R-22.44)
    
    Well, the CNN URL has expired and I can't find anything via their search
    facility, so taking a hint from the URL looked it up directly on
    reuters.com:
    
      "Why Does This Metal Detector Keep Going Off??"
      http://www.reuters.com/newsArticle.jhtml?type=topNews&storyID=1921184
    
        "Several days later the woman had an X-ray [...] It showed a
         12-inch-long, 2-inch-wide surgical retractor".
    
    Hmm.
    
    None of "canadian", "surgical" or "retractor" find it even on Reuters,
    despite those words definitely being in the article, only "x-ray" seems to
    turn it up. Looking at news.google.com whose search actually works gives
    more variations: 33cm; 30cm x 5cm; 30cm (11.7in); 11.7in; 11.7in x 5cm;
    30cm x 6cm; 30cm (13in) x 6cm (2in); 13in.
    
    http://news.google.com/news?hl=en&q=surgical+retractor&btnG=Search+News
    
    You can almost trace the history of unit conversion and rounding errors
    through the various sources. A RISK various space agencies are painfully
    aware of. Averaging to get a more accurate figure ;-) gives about 12 inches
    though.
    
    Ow.
    
      [I had already updated the archive copy, which notes the broken URL, offers
         http://www.hon.ch/News/HSN/510912.html 
      instead, which says it was a 33-centimeter retractor.  PGN]
    
    ------------------------------
    
    Date: Fri, 03 Jan 2003 14:00:30 -0800
    From: Mathew Lodge <mathewat_private>
    Subject: Caller ID untrustworthy (was: Why you should read Mitnick's book)
    
    > ... So don't trust caller ID to show that the caller is someone you know,
    > or from your own company.  [Don Norman]
    
    I was thinking about this last night when I called American Express to 
    dispute a charge. Normally, after entering your card number, Amex has 
    requires the last four digits of your SSN to "authenticate" you (no risk 
    there, right? :-). This time, a recording said something like "we have 
    verified your home or office phone number" and connected me to a customer 
    service rep who asked no further authorization questions.
    
    Faking caller ID is a lot easier these days because you don't need to buy a 
    DMS-100 (bulky and expensive), learn how to program it (a specialized task 
    with little generally available documentation), and buy the right kind of 
    interconnect to your local telco (the really expensive and time-consuming bit).
    
    Any voice over IP gateway that uses an ISDN PRI interface will allow you to 
    configure any calling number (caller ID) you like, and then signal it to 
    the PSTN via the PRI during call set-up. The ability to control caller ID 
    is necessary to seamlessly integrate VoIP endpoints (e.g. IP Phones) into 
    the PSTN.
    
    A Cisco 3620 would do the job, is 2" high by 19" wide and can be bought on 
    Ebay today for $849. There is good, free 3620 configuration advice on 
    www.cisco.com. There are likely cheaper alternatives, I just know setting 
    caller ID can be done on a 3620.
    
    T1 PRI pricing is dependent on your distance from the central office and 
    whether you have a competitive alternative to your local RBOC, but can cost 
    as little as $300/month. An E1 PRI will work just as well overseas.
    
    ------------------------------
    
    Date: Thu, 5 Dec 2002 08:17:04 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Protect Your Digital Privacy", Glee Harrah Cady/Pat McGregor
    
    BKPYDPRV.RVW   20020924
    
    "Protect Your Digital Privacy", Glee Harrah Cady/Pat McGregor, 2002,
    0-7897-2604-1, U$29.99/C$44.95/UK#21.99
    %A   Glee Harrah Cady gleeat_private
    %A   Pat McGregor
    %C   201 W. 103rd Street, Indianapolis, IN   46290
    %D   2002
    %G   0-7897-2604-1
    %I   Macmillan Computer Publishing (MCP)
    %O   U$29.99/C$44.95/UK#21.99 800-858-7674 317-581-3743 infoat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0789726041/robsladesinterne
    %P   652 p.
    %T   "Protect Your Digital Privacy: Survival Skills for the
          Information Age"
    
    Part one sets the stage.  Chapter one gives vague ideas about
    protecting your privacy in the twenty first century, mostly about
    e-commerce.  A variety of definitions of privacy, from differing
    perspectives, are listed in chapter two.
    
    Part two discusses privacy and the individual.  From celebrity
    magazines to publicly available government databases to e-commerce
    loyalty programs, chapter three discusses who might want to know
    different types of information about people.  Chapter four presents
    the usual information about kids and the net: the net is potentially
    dangerous for kids, talk to your kids about their net use, and safe
    sites.  Although there is nothing new here, the material is reasonable
    and well presented.  Email address harvesting and cookies are reviewed
    in chapter five.  Chapter six talks about high speed Internet access,
    including little content on security or privacy, but an odd bit on
    malware.  There is a similar discussion of cellular phones and
    technology in chapter seven.  Chapter eight examines cell phone
    location systems, "pay-fobs," face recognition and other miscellaneous
    technologies.
    
    Part three talks about taking control of your privacy and information. 
    Chapter nine suggests taking an inventory of your personal information
    (available online) and looks at Web search engines and the inaccuracy
    of commercial search services.  Chapter ten is a mixed bag of security
    topics, including a little cryptography, something on passwords, and
    cookies again.  Although there are some good tips on protecting online
    transactions, chapter eleven suffers from a lack of structure.  The
    advice to know where you are and who you are dealing with, for
    example, is on page 308, but the material on server authentication is
    on page 294.  Neither location actually demonstrates the ability to
    verify the certificate, or the "Paypal/Paypa1" fraud.  Chapter twelve
    deals with what to do if your information is compromised, but doesn't
    cover the topic particularly well.  There is mention of spam filters,
    but not the dangers of losing email; there are directions for
    reporting frauds, but few details on the levels below which the
    agencies aren't interested; addresses of credit agencies, but little
    useful information on identity theft.
    
    Part four looks at legal protection.  Chapter thirteen is an excellent
    overview of laws regarding privacy, covering both the United States
    and a number of other countries.  (While the rest of the book is
    primarily directed at home users, this chapter alone may be worth the
    price of the volume for security practitioners.  I am not aware of any
    other text that deals with current laws as well.)  Advocacy groups are
    listed in chapter fourteen, with self-regulation programs in fifteen. 
    Electronic voting is examined in chapter sixteen, concentrating on
    Internet or online voting, although most of the studies cited dealt
    with other forms of voting technology.  Chapter seventeen asks where
    we are going, and meanders around so much that it is hard to say. 
    There is a vague wrapup in chapter eighteen.
    
    A number of other authors have attempted to provide a book about
    privacy for the masses.  Chris Peterson's attempt (cf. BKILIWMP.RVW)
    was about privacy, but not really about the net.  David Brin's "The
    Transparent Society" (cf. BKTRASOC.RVW), which gets a mention in the
    current work, is fascinating, but doesn't really cover the present
    situation.  "Privacy Defended" (cf. BKPRVDFN.RVW) is only nominally
    about privacy.  Cady and McGregor have managed to stick pretty close
    to the topic.  They present a good deal of useful information,
    although the book would definitely benefit from an improved framework
    and a general tightening up of the writing: with a trimming of
    verbiage and a more focussed thread to the ideas the volume could be
    lightened by a third or more.  However, for those who want some
    guidance on the topic and don't want the academic classics like
    "Privacy on the Line" (cf. BKPRIVLN.RVW) or "Technology and Privacy"
    (cf. BKTCHPRV.RVW), this would be a good choice.
    
    copyright Robert M. Slade, 2002   BKPYDPRV.RVW   20020924
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Mon, 9 Dec 2002 08:18:12 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Privacy Defended", Gary Bahadur/William Chan/Chris Weber
    
    BKPRVDFN.RVW   20020923
    
    "Privacy Defended", Gary Bahadur/William Chan/Chris Weber, 2002,
    0-7897-2605-X, U$34.99/C$54.99/UK#25.50
    %A   Gary Bahadur garyat_private
    %A   William Chan williamat_private
    %A   Chris Weber chris.weberat_private
    %C   201 W. 103rd Street, Indianapolis, IN   46290
    %D   2002
    %G   0-7897-2605-X
    %I   Macmillan Computer Publishing (MCP)
    %O   U$34.99/C$54.99/UK#25.50 800-858-7674 infoat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/078972605X/robsladesinterne
    %P   699 p.
    %T   "Privacy Defended: Protecting Yourself Online"
    
    The introduction states that this is a privacy book for non- specialists,
    but the write up seems to deal with computer intrusions or malware rather
    than privacy issues.
    
    Part one talks about life in the digital age.  Chapter one is an
    uncompelling demonstration of how to obtain personal information online plus
    more on intrusions and a lengthy outline of the rest of the chapters in the
    book.  There is a slightly unfocused look at privacy laws and related issues
    in chapter two.  Various government, industry, commercial, and other groups
    and agencies (as well as a few programs) are described in chapter three.
    
    Part two tells us that the enemy is out there.  Chapter four points out
    legal threats to individual privacy that people may not know about, but not
    in much detail.  Illegal threats, such as blackhats, intruders, identity
    theft, and fraud (as well as those of questionable legality, like spyware)
    are reviewed in chapter five.
    
    Part three looks at protecting your privacy.  Chapter six lists lookup and
    anonymity tools.  Cookies, spyware, some tools, and payment systems are
    presented in chapter seven.  Spam, malware, and PGP are discussed in chapter
    eight, along with miscellaneous other topics related to e-mail.
    
    Part four advises on securing your PC.  Chapter nine reviews SSL (Secure
    Sockets Layer) and digital certificates, but because cryptography has not
    been explained the background discussion is poor.  (It is also sometimes
    erroneous: for most people SSL does *not* authenticate the client.)  A
    collection of random security factors and tools, by operating system, is
    presented in chapter ten.  (The division by operating system is not always
    clear: tools vary on different versions of Windows, and this is not made
    clear.  There are also a number of errors: IPSec is an Internet protocol and
    has nothing to do with the Microsoft Windows IP Security Policy.)  Screen
    shots of configuration menus for personal firewalls make up most of chapter
    eleven.  Chapter twelve deals with viruses (poorly), chat (chat systems seem
    to be almost inherently insecure, so it's hard to understand why), and
    cryptography (poorly and briefly).  Miscellaneous and random network topics
    are covered in chapter thirteen.
    
    Part five looks at other devices, in a single chapter, fourteen, covering
    various gadgets, threats, and protections--not necessarily for those
    threats.
    
    Part six says what to do if your privacy is compromised.  Chapter fifteen
    mentions kids, mostly rehashing previous material and adding content
    restriction.  Intrusion detection and a review of other tools from prior
    chapters finishes out in sixteen.
    
    This book is not really about privacy, it is yet another attempt at a
    general security guide.  "Protect Your Digital Privacy" (cf.  BKPYDPRV.RVW)
    sticks much closer to the privacy topic.  "Inside Internet Security"
    (cf. BKININSC.RVW) and even "Access Denied" (cf.  BKACCDEN.RVW) are better
    at covering general security for non- professionals.
    
    copyright Robert M. Slade, 2002   BKPRVDFN.RVW   20020923
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.46
    ************************
    



    This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:44:50 PST