RISKS-LIST: Risks-Forum Digest Tuesday 6 November 2007 Volume 24 : Issue 90
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/24.90.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Computer Glitch Rolls Back Provincial Government (Ken Dunham)
"Error" blitzes health records in New Zealand (Robert S. Heuman)
UK Revenue loses CD-ROM (Bernhard Riedel)
"Network Neutrality Squad": Users Protecting an Open and Fair Internet
(Lauren Weinstein)
Technology, the Stealthy Tattletale (Christopher Maag via Monty Solomon)
GPS Units With More to Say (Roy Furchgott via Monty Solomon)
Zombie botnet spam attack from over 3,000 IP addresses in 8 hours
(Jonathan Kamens)
Problems with Google's Spam filters and Google Content (Terence Eden)
Spelling corrector creates "Muttonhead Quail Movement" (PGN)
Cellphone in USB charger became default route (Stefan Alfredsson)
Time change problems: Alltel (Steven M. Bellovin)
Broken by design (Aahz)
Update to "Think before you legislate" (Robert S. Heuman)
Re: Predicting fatigue failure (Gary Maxwell)
Re: Mac OS X Leopard firewall (Chris Adams, Ted Lemon)
Re: Plagiarism & technology (Bob Brown)
Re: "Same ol' same ol'" (Eric Ball)
Re: Leaping onward (Rob Seaman)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Thu, 1 Nov 2007 12:27:51 -0400
From: "Ken Dunham" <kdunham@private>
Subject: Computer Glitch Rolls Back Provincial Government
Anyone surfing the New Brunswick government website on 1 Nov 2007 might have
wondered if the province's former Conservative government had staged a coup.
A computer glitch posted the week's agenda for Premier Bernard Lord and a
news conference on pandemic planning with Health Minister Elvy Robichaud.
However, neither man is still in office.
It turns out a faulty computer server spit out information for January 2006
-- well before the Tories were defeated in the last provincial election and
replaced by Premier Shawn Graham and his Liberal government. Technicians
are trying to trace the problem. [Source: Canadian Press item, 1 Nov 2007]
http://ca.news.yahoo.com/s/capress/071101/technology/technology_oddity_computer_glitch
------------------------------
Date: Sat, 03 Nov 2007 11:38:11 -0400
From: "Robert S. Heuman" <robert.heuman@private>
Subject: "Error" blitzes health records in New Zealand
This is what happens when there is NO full OFF-SITE back-up available! Bob
As a result of two disks failing on 21 Oct 2007, thousands of hours' work
over many years on the part of 690 staff members at the Waikato District
Health Board has vanished after a major computer error at Waikato Hospital.
The lost data -- which includes countless e-mails and personal work files,
reports, letters, communications, teaching material, guidelines -- was
information that was backed-up in the hospital's storage area network. The
hospital is spending at least $60,000 trying to retrieve the information and
has hired experts in the US. [Source: Natalie Akoorie, Error blitzes health
records, *Waikato Times* 3 Nov 2007; PGN-ed]
http://www.stuff.co.nz/4260645a11.html
[Also noted by Andrew King in the NZ Herald. PGN]
------------------------------
Date: Sat, 3 Nov 2007 20:48:26 +0100 (CET)
From: "Bernhard Riedel" <bernhard@private>
Subject: UK Revenue loses CD-ROM
"Thousands at risk after data loss"
http://news.bbc.co.uk/2/hi/programmes/moneybox/7076106.stm
A CD-ROM containing personal details about some 15000 people was lost by a
courier. I remember a time when such stuff was moved on magtapes in huge
aluminum boxes, not as easy to mislay, I guess.
Risks of miniaturization?
One really intriguing thing here (for me):
The Revenue refused to say "on security grounds" whether the
information was encrypted.
Does anybody have a plausible idea what kind of security grounds that might
be?
Bonus:
"Dog starts car after eating chip"
http://news.bbc.co.uk/2/hi/uk_news/england/southern_counties/5382878.stm
This one shows that new technology can cause not only unintended new failure
modes, but also new modes of recovery from failures.
[Perhaps the dog thought it was a BONE-US. PGN]
------------------------------
Date: Mon, 05 Nov 2007 16:49:47 -0800
From: Lauren Weinstein <lauren@private>
Subject: "Network Neutrality Squad": Users Protecting an Open and Fair Internet
"Network Neutrality Squad": Users Protecting an Open and Fair Internet
http://lauren.vortex.com/archive/000327.html
Greetings. I'm very pleased to announce a new project from
PFIR - People For Internet Responsibility:
"Network Neutrality Squad" - NNSquad
http://www.nnsquad.org
PFIR Co-Founders Peter G. Neumann and I are joined in this announcement by
Keith Dawson (Slashdot.org), David J. Farber (Carnegie Mellon University),
Bob Frankston, Phil Karn (Qualcomm), David P. Reed, Paul Saffo, and Bruce
Schneier (BT Counterpane).
Recent events such as Comcast's lack of candor regarding their secretive
disruption of BitTorrent protocols, and Verizon's altering of domain name
lookup results to favor their own advertising pages, are but
tip-of-the-iceberg examples of how easily Internet operations can be altered
in ways that may not be immediately obvious, but that still can have
dramatic, distorting, and in some cases far-reaching negative consequences
for the Internet's users.
The Network Neutrality Squad ("NNSquad") is an open-membership, open-source
effort, enlisting the Internet's users to help keep the Internet's
operations fair and unhindered from unreasonable restrictions.
The project's focus includes detection, analysis, and incident reporting of
any anticompetitive, discriminatory, or other restrictive actions on the
part of Internet service Providers (ISPs) or affiliated entities, such as
the blocking or disruptive manipulation of applications, protocols,
transmissions, or bandwidth; or other similar behaviors not specifically
requested by their customers.
Other key aspects of the project are discussions, technology development and
deployment, and associated activities -- fostering cooperation and mutually
agreeable methodologies whenever possible -- aimed at keeping the Internet a
maximally unhindered, useful, competitive, fair, and open environment for
the broadest possible range of applications and services.
We invite individual, commercial, nonprofit, government, and all other
Internet users and stakeholders (including ISPs) to participate in the
Network Neutrality Squad.
Please join the moderated mailing list (choice of immediate
distribution or digest) for project announcements and discussions,
by sending a message (any subject or text) to:
nnsquad-subscribe@private
or by signing up at the mailing list Web page:
http://lists.nnsquad.org/mailman/listinfo/nnsquad
A moderated, interactive discussion and incident reporting forum is also
available for more real-time communications on related topics:
http://forums.pfir.org/main/messages/714/714.html
Questions and comments are welcome at nnsquad-info@private, or feel free
to contact me directly for details.
Working together, we can help to keep the Internet an incredibly useful
resource for everyone around the globe, unhampered by any efforts to skew
its enormous capabilities in ways that could hinder the many while
benefiting the relative few.
We hope that you'll join this cause. Thank you for your consideration.
(Affiliations shown for identification purposes only.)
Lauren Weinstein http://www.pfir.org/lauren lauren@private
Tel: +1 (818) 225-2800 Lauren's Blog: http://lauren.vortex.com
People For Internet Responsibility - http://www.pfir.org
Founder, PRIVACY Forum - http://www.vortex.com
------------------------------
Date: Fri, 2 Nov 2007 23:34:21 -0400
From: Monty Solomon <monty@private>
Subject: Technology, the Stealthy Tattletale (Christopher Maag)
After stealing $7,000 from a PNC Bank in Evendale, Ohio, Kenneth Maples
climbed into a white Ford pickup driven by his wife, Jewell, according to a
police report. ... But the suspects never had a chance. A Global
Positioning System tracking device had been tucked inside the stolen cash,
according to the report, allowing a small army of local police officers and
F.B.I. agents to follow the signal from on-ramps and overpasses as it moved
south into downtown Cincinnati. [Source: Christopher Maag, Tracking
Thieves, or Teens: Technology, the Stealthy Tattletale, *The New York
Times*, 27 Oct 2007; PGN-ed]
http://www.nytimes.com/2007/10/27/technology/27tracking.html?ex=1351137600&en=8d6b9fafbd080801&ei=5090
------------------------------
Date: Fri, 2 Nov 2007 23:36:58 -0400
From: Monty Solomon <monty@private>
Subject: GPS Units With More to Say (Roy Furchgott)
The most advanced attempt at dynamic content is currently being made by Dash
Navigation, whose portable GPS device not only receives positioning signals
from satellites, but also collects driving speed and road data from cars
that use it and anonymously report this information to a database. That
data would let Dash know the actual speed at which traffic travels at
different times of the day, so that it could route cars more effectively
than current systems can. But for the Dash to build the database, it needs
many drivers to buy the things and use them. [Source: Roy Furchgott, *The
New York Times*, 24 Oct 2007; PGN-ed]
http://www.nytimes.com/2007/10/24/automobiles/autospecial/24gps.html
------------------------------
Date: Tue, 06 Nov 2007 02:21:27 -0500
From: Jonathan Kamens <jik@private>
Subject: Zombie botnet spam attack from over 3,000 IP addresses in 8 hours
This may be old news to some, but it was rather surprising to me, so I
thought I'd pass it on...
At around 3:21pm US/Eastern on November 4, 2007, a zombie botnet began a
dictionary spam attack against one of the domains I host.
*zombie botnet* --- a group of PCs that have been broken into by a hacker
and turned into "zombies," i.e., PCs over which the hacker now has
control, so that he can tell them to do things like send out spam on his
behalf.
*dictionary spam attack* --- an attempt to deliver spam to legitimate
users at a particular domain by attempting to send email to many different
addresses within the domain in the hope that some of them will be valid.
I knew this was happening because the log monitor I run on my mail server
began reporting many "User unknown" mail delivery failures for this domain
every minute.
If this has been a typical dictionary spam attack coming from a single host,
it would have been quickly blocked by my fail2ban <http://www.fail2ban.org/>
configuration, which temporarily bans any host which attempts a few failed
SMTP deliveries within a short period of time. However, since the delivery
attempts were coming from many different IP addresses all over the world,
fail2ban was powerless to stop them.
When I realized what was going on, I wrote a script to block all the IP
addresses from which invalid deliveries to the domain had been attempted,
and I set up the script to run frequently to block any new IP addresses that
turned up.
The attack continued until around midnight, i.e., for over eight hours.
During that time, I saw failed delivery attempts from 3,025 different IP
addresses, along with 815 delivery attempts from IP addresses that I had
already blocked.
At this point, I have two outstanding questions about this attack:
1. Was it really a dictionary spam attack, or was it actually a
denial-of-service attack of some sort? I consider the latter a
possibility because the email addresses to which delivery was
attempted during the attack simply do not look like email
addresses that someone would guess if they were seriously trying
to get email through to a domain. Here are some examples of the
addresses that were attempted: Lundberghrpor, Lanhamypxg,
zsgohuwrhykr, CLIFFORDforonda, Lange, ThreeRiojas,
Witold-Johannesen, birtlesioiis, Djurkovicnyqz, NevenHeinritz.
2. Is there anything productive I can do with the list I now have of
the IP addresses over 3,000 compromised PCs? Is there a site
somewhere to which I can submit the list that will notify the
appropriate network service providers about compromised PCs on
their networks? Is there any point in doing that? I suppose I
could write a script to run "whois" on each of the IP addresses,
try to parse out the contact email addresses, and send a form
letter to those addresses, but (a) I don't really have the time,
and (b) I believe that multiple whois queries from a single host
are throttled, so it would take me an awful long time to get
through them all.
------------------------------
Date: Thu, 1 Nov 2007 14:23:57 -0000
From: "Eden, Terence, VF UK - Technology" <Terence.Eden@private>
Subject: Problems with Google's Spam filters and Google Content
Over the last few months, I've noticed an increase in unfiltered spam
within my GoogleMail inbox.
The spam - usually for online pharmacies - falls into two
characteristics.
1) A sales pitch pointing to a Google Pages website e.g.
http://12312.googlepages.com
2) A sales pitch pointing to a Google Search e.g.
http://www.google.co.uk/search?q=somestring
The string that is passed to Google is usually the name of the pharmacy,
ensuring that the spammer is in the top or the returned rankings.
However, many spammers are using a "Googlewhack" - a unique string - to
ensure that their page is the *only* one that is returned.
The risks are two fold.
Google's spam filter seems to trust "Google" content disproportionately.
Users may trust their search engine to provide clear and unbiased
results, they may not expect that a search engine can be so easily
bamboozled.
http://www.google.co.uk/search?q=terence+Novarra+betavine
------------------------------
Date: Tue, 6 Nov 2007 13:17:34 PST
From: "Peter G. Neumann" <neumann@private>
Subject: Spelling corrector creates "Muttonhead Quail Movement"
"Pakistan city virtually shut down after strike call. The opposition
blames the government and the pro-government Muttonhead Quail Movement
(MQM), which runs Karachi, for the violence."
[Someone noted that MQM actually stands for "Muttahida Quami Movement".]
["This is possibly the most unfortunate spell-check blunder I've ever
seen. We corrected it: GBU Editor"]
[From Reuters blogs, filed by The Good, the Bad, & the Ugly Editor (GBU),
14 May 2007; PGN-ed; thanks to Charles C. Mann for spotting it.]
http://blogs.reuters.com/blog/2007/05/14/muttonhead-quail/
------------------------------
Date: Mon, 5 Nov 2007 09:55:50 +0100
From: Stefan Alfredsson <Stefan.Alfredsson@private>
Subject: Cellphone in USB charger became default route
His cellphone charger was broken, so 17 year old Christoffer connected his
phone, a Sony Ericsson k800i, via USB to his parents computer and left it to
charge over night.
A month later, he got a bill of SEK 6911 (about USD $1100).
It turns out that the phone became the "default broadband" when plugged in
via USB, and his long-running downloads were done over the phone instead of
his broadband connection. The common price per Mbyte GPRS/UMTS data traffic
is SEK 10 to 15 (about USD $1.5 to $2.3), which would correspond to about
500 Mbyte downloaded data.
Christoffer claims "there was no warning to allow the phone to take over the
connection. I did not even know it was possible". According to the operator
Tele2, he must pay the bill even if it was a mistake. They concluded that
the phone modem had been used, but could not tell how it happened. The
operator were not aware of previous incidents, but claims that "there is
software to link the phone to the computer and start the phone Internet
function, but it's not possible for the computer to do this on its own".
Original article in Swedish:
http://www.aftonbladet.se/goteborg/article1141706.ab
------------------------------
Date: Mon, 5 Nov 2007 02:37:35 +0000
From: "Steven M. Bellovin" <smb@private>
Subject: Time change problems: Alltel
We see reports like this twice a year, with some variation in timing because
of different cut-over days in different countries. This time, Alltel -- a
mobile phone company -- reported that some of its customers saw the time on
their phones move forward an hour instead of back.
http://ap.google.com/article/ALeqM5idDfj-VyOMd0rsD0UlwoSxGaIMLwD8SN4B001
Steve Bellovin, http://www.cs.columbia.edu/~smb
------------------------------
Date: Sun, 4 Nov 2007 20:26:56 -0800
From: Aahz <aahz@private>
Subject: Broken by design
After reading RISKS for more than a decade, it takes *a lot* to shock me.
Here's "a lot" (lightly edited for name-hiding):
Date: Sun, 04 Nov 2007 17:24:49 -0500
From: Modest Needs Technical Support <tech@private>
To: Someone <foo@private>
Subject: Re: Modest Needs - Technical
Dear Someone,
Since we only allow one account per household, we've merged everything
under your partner's (Aahz) account. Please ask him/her for the login
information.
I hope this helps. Please write back if you still need technical support.
Sincerely,
Thierry Mellon, Chief Information Officer
Modest Needs is a charitable foundation that supplies short-term loans
to people in sudden need. I've been donating to them for several years
now, but given their unwillingness to use a sane security system, I
shan't in the future. (We have received additional messages that
communicate quite clearly that they have no intention of fixing this.)
Aside from the obvious RISKS about sharing passwords and financial
information even for people who are partnered, what if Someone was just
my roommate? Under what sane account-management regime do you simply
merge accounts without asking permission?
------------------------------
Date: Fri, 02 Nov 2007 20:03:56 -0400
From: "R.S. (Bob) Heuman" <robert.heuman@private>
Subject: Update to "Think before you legislate" (RISKS-24.88)
The Conservative government introduced a bill on Friday aimed at fixing a
glitch in the Elections Act that could have prevented up to a million rural
residents from voting... The bill introduced Friday clarifies that
addresses do not need to contain a street name and number. CBC News, 2 Nov
2007
------------------------------
Date: Fri, 2 Nov 2007 18:31:28 -0700
From: "Gary Maxwell" <gmaxwell@private>
Subject: Re: Predicting fatigue failure
Ken Knowlton's musings on real-world stress testing of in-service systems
reminded me of a missed opportunity some years ago.
On Sunday, May 24, 1987, in celebration of its 50th anniversary, the Golden
Gate Bridge District closed down the bridge and allowed pedestrians to roam
freely on the span. The District estimates that nearly 300,000 people
"surged" onto the roadway. Clearly, the weight of shoulder-to-shoulder
people is much more than bumper-to-bumper traffic, and on this day, the
slight upward arch on the bridge's roadway actually flattened under the
weight. However, engineers did not anticipate this scenario, and the bridge
had not been instrumented to record the stresses encountered on this
day. The Center for Design Informatics at the Harvard Design School wrote a
paper evaluating the stresses, but this effort would have been surely helped
by empirical data.
------------------------------
Date: Fri, 2 Nov 2007 16:29:29 -0700
From: Chris Adams <chris@private>
Subject: Re: Mac OS X Leopard firewall (Schmidt, RISKS-24.89)
This argument and the similar argument regarding wifi encryption comes up
fairly often, which worries me because they're founded on an implicit
assumption that network-specific security policies are a good idea. We have
a mountain of evidence demonstrating that trusting any network is a bad idea
because of rogue/unmanaged clients, malware and the difficulty of ensuring
that the actual network setup faithfully conforms to policy.
Things like the TJX disaster demonstrate just how costly it can be assuming
that it's ever safe to use applications which depend on network-level
security rather than incorporating security into the application itself. In
contrast, refusing to use applications which are insecure by design is not
only better from a security standpoint but also tends to be easier to use
because the users don't have to learn different, network-dependent ways to
work.
I've been advocating the untrusted network approach for awhile but I can't
claim the idea is particularly novel - of particular interest might be Abe
Singer's 2003 report describing the San Diego Supercomputing Center's
firewall-less network:
http://www.usenix.org/publications/login/2003-12/pdfs/singer.pdf
------------------------------
Date: Fri, 2 Nov 2007 19:36:30 -0700
From: Ted Lemon <Ted.Lemon@private>
Subject: Re: Mac OS X Leopard firewall (Schmidt, RISKS-24.89)
Look, I don't want to be an apologist for Mac OS X security, which I do not
think is invulnerable. But this statement is kind of ridiculous. The idea
that some networks are trustworthy and some aren't has been disproven time
and time again over the past years. It's perfectly possible for a virus to
be carried inside of a network and disseminate there, and it's happened and
made news several times that I've noticed in the past couple of years.
Imagine how many times it *didn't* make news, or was mentioned in passing in
a story about botnets attacking from inside corporate networks, where the
focus of the story, unbelievably, was not even *on* the idea that such a
network had been penetrated by a virus infestation.
The problem here is not that Leopard trusts all networks equally -- that is
appropriate, because no network is "trustworthy." The problem is that Vista
lulls people into a false sense of security by suggesting that it is only
when they are sitting in Starbucks that they are at risk of attack. Nothing
could be further from the truth. If you examine all the machines in all the
botnets in the world, the ones that were infected in Starbucks don't amount
to a hill of beans...
------------------------------
Date: Sat, 3 Nov 2007 17:16:44 -0400
From: "Bob Brown" <bbrown@private>
Subject: Re: Plagiarism & technology (Re: Epstein, RISKS-24.88)
I am a college teacher and user of Turnitin.com. I've used it for several
years for term papers, and occasionally for shorter papers. I am very
familiar with what teachers see when they use this product or its
competitors.
> There are several problems with products of this sort:
> (1) False positives...
Turnitin.com and its various competitors do not detect plagiarism; they
detect similarity of text in the student's paper to text found elsewhere: on
the Web, in certain publications, and in previously-submitted papers. The
teacher must then read the paper, checking for proper citation, and where
appropriate, proper quotation. A teacher who does not do this is both lazy
and intellectually dishonest.
It is perhaps unfortunate that Turnitin produces a "similarity score" that's
expressed as a percentage of text that is similar to text found elsewhere
because it can facilitate lazy and intellectually dishonest behavior by
teachers. However, it does help teachers in detecting something that's bad,
but not plagiarism: the cut-and-paste paper. In such a paper, everything is
cited and quoted properly, it's just that none of it, with the possible
exception of some glue sentences, was written by the student. The material
went through the Windows clipboard and not through the student's mind; no
learning took place. I tell my students that the cut-and-paste paper is not
plagiarism, but neither is it evidence of learning, and the *best* grade
such a paper can earn is a D-minus. (I also help them to write good papers
by talking and writing about the process.)
> (2) Copyright infringement...
Bogus argument. Does the student who solves a series of math problems
assigned by the teacher hold copyright in the answers? Of course not! I
assign short ethics cases and the students write answers. That's more
complicated because there is both a right answer and the expression of it.
I'd argue that the student who gets the right answer has exhibited evidence
of learning, but has not done creative work. In the case of a term paper or
creative writing assignment, the student has (we hope) done some creative
work, but it is generally work that would never have been done but for the
assignment. It is a work made for hire, and the payment is evaluation by
the teacher and a grade.
Further, Turnitin.com never "publishes" the papers that are uploaded, and
publication is of the essence of copyright infringement. Teacher and
student get to see the analysis, but no one else does. The only way to get
to see what's in such a paper is to submit later a paper that is, at least
in part, substantially identical. Those parts that are identical are called
out, but what is highlighted is material in the *newly submitted* paper, not
material in the stored paper. Turnitin.com does provide contact information
for the teacher whose student submitted the original paper, and that teacher
may then possibly release a copy if allowed by the school's policies and
procedures.
I have not yet had a student object to using Turnitin.com on intellectual
property grounds. If ever I do, I will ask how much money the student
expects to make from the sale of the paper and whether the student would
want a third party to earn a good grade by submitting a copy of the
student's paper as his own.
(I am aware of the court cases. A Pennsylvania court decided that caller ID
was an illegal wiretap, too. This issue is not yet decided, at least in the
United States.)
The real value of a service like Turnitin is not in detecting plagiarism. I
can do that better than any computer system I've seen so far because I know
my students' intellectual capacities and writing styles. I have, in fact,
detected plagiarism not detected by Turnitin.com.
The real value is in plagiarism prevention. Students do not believe that I
can detect writing that's not their own. They do, however, believe that
"the computer" can detect similarity with text on the Web, and the student
who is tempted, but knows the paper will be submitted to Turnitin.com, is
more likely to make a good decision than a bad one. While I have not done a
controlled study, I have observed fewer instances of plagiarism when
Turnitin.com is used in a class than when it is not, and *that* is what's
valuable.
------------------------------
Date: Mon, 5 Nov 2007 13:13:27 -0500
From: Eric Ball <eball@private>
Subject: Re: "Same ol' same ol'" (RISKS-24.88)
I received a similar e-mail from my wife's credit card company. In that
case the links didn't match the URLs because they went through the CC's
3rd-party marketing firm. I called the CC company and said they either had
lousy security or incompetent marketing, and that I would cancel the CC if I
received a similar e-mail. The CC has now been canceled for that reason.
------------------------------
Date: Tue, 6 Nov 2007 16:31:43 -0700
From: Rob Seaman <seaman@private>
Subject: Re: Leaping onward
Tony Finch opines:
The obvious answer is to leave UTC alone, even when it is an hour or more
away from GMT. If the discrepancy becomes inconvenient for civil purposes
then local time offsets can be adjusted. Local time changes do not need to
be agreed globally and they do not need to be applied simultaneously
around the world. Therefore no new mechanism or policy is needed to cope
with a continuous UTC.
Rob Seaman responds:
A brief (negative) response is to consider that computer scientists have
raised all this ruckus over the need to track a single list of historical
leap-second events. However, leaving the question to local officials
replaces that single list with hundreds, or potentially thousands, of such
lists that our software systems would need to consult.
Further discussion ensued and has been redirected to LEAPSECS:
http://six.pairlist.net/mailman/listinfo/leapsecs
Seaman also notes:
Also see http://www.physorg.com/news113282110.html. The disruptions
caused by unexpected Daylight Saving Time style jumps may not be the best
model for establishing safe civil timekeeping practices.
------------------------------
Date: 17 Oct 2007 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request@private
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@private or risks-unsubscribe@private
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 24.90
************************
This archive was generated by hypermail 2.1.3 : Tue Nov 06 2007 - 16:34:08 PST