RISKS-LIST: Risks-Forum Digest Wednesday 22 July 2009 Volume 25 : Issue 74 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.74.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Elements of Programming, Alexander Stepanov/Paul McJones (PGN) The NSA wiretapping story nobody wanted: Whistleblower Klein (jidanni) Amazon Erases Orwell Books From Kindle Devices (Brad Stone via Monty Solomon) Re: Amazon takes-back Kindle e-books (Hal Murray) Net-filtering tables turned (Geoff Kuenning) Jonathan Zittrain, "Lost in the Cloud" (PGN) Re: cloud computing & server loss (Harlan Rosenthal) Ruhr University team breaks code of KeeLoq system (David Lesher) U.S. Passport RFID security (Erica Naone via Monty Solomon) U.S. Passports: Special alloy sleeves urged to block hackers? (Todd Lewan via Monty Solomon) Arming ATMs with Pepper Spray? (Thomas Dzubin) Eye tracking to prevent screen snooping (Peter Houppermans) U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel via Monty Solomon) Adobe Terms Gone Wild (Gene Wirchenko) Taiwan president in ruckus over prerecorded web messages (jidanni) Canadian Mint says missing gold may have been stolen (Darryl Dueck) Re: July 4 cyber attack (Joseph Brennan) Risks of hierarchical map displays (Paul Wallich) An interesting reversal of the usual credit card problem (Roger Leroux) "Don't freak out," says ING Direct. At least I THINK it's ING Direct! (Daniel P. B. Smith) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 22 Jul 2009 9:39:04 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Elements of Programming, Alexander Stepanov/Paul McJones Alexander Stepanov and Paul McJones Elements of Programming Addison-Wesley 2009 ISBN 978-0-321-63537-2 What could be one of the most important books for developers of low-risk systems has come to my attention, and deserves your consideration if you are serious about understanding the mathematical foundations of programming and applying them sensibly to your practice. It is not an easy read, but it is a very compelling approach. To support its mathematically oriented crispness, the book includes the definition of a small but elegant C++ subset that has been crafted by Sean Parent and Bjarne Stroustrup for illustrative use in the book. I believe this material should be taught within all computer science curricula. A long quote and a short one on the back jacket give an idea of what is involved: Ask a mechanical, structural, or electrical engineer how far they would get without a heavy reliance on a firm mathematical foundation, and they will tell you, `not far.' Yet so-called software engineers often practice their art with little or no idea of the mathematical underpinnings of what they are doing. And then we wonder why software is notorious for being delivered late and full of bugs, while other engineers routinely deliver finished bridges, automobiles, electrical appliances, etc., on time and with only minor defects. This book sets out to redress this imbalance. Members of my advanced development team at Adobe who took the course based on the same material all benefited greatly from the time invested. It may appear as a highly technical text intended only for computer scientists, but it should be required reading for all practicing software engineers. -- Martin Newell, Adobe Fellow The book contains some of the most beautiful code I have ever seen. -- Bjarne Stroustrup The bottom of the inside cover suggests that through this book you will come to understand that mathematics is good for programming, and theory is good for practice. I applaud that sentiment. ------------------------------ Date: Wed, 22 Jul 2009 04:51:46 +0800 From: jidanni_at_private Subject: The NSA wiretapping story nobody wanted: Whistleblower Klein IDG News Service: By some estimates there are 15 to 20 of these secret wiretapping rooms across the country. You're the only AT&T employee who has come forward and talked about them in detail. Why? Mark Klein: Fear. First of all it was a scary time. It still is a scary time, but during the Bush years it was sort of a witch hunt atmosphere and people were afraid. People are afraid of losing their jobs, and it's a rule of thumb that if you become a whistleblower you'll probably lose your job. And if you have a security clearance, you not only lose your job, but you probably will be prosecuted by the government. The Bush administration made that very clear in statements they made over and over again: 'Anybody who reveals anything about our secret programs will be prosecuted and we are running investigations to find out who leaked this to the New York Times.' Well that puts a fear in people. http://www.computerworld.com/s/article/9135645/The_NSA_wiretapping_story_nobody_wanted While campaigning against President George W. Bush, Barack Obama had pledged that there would be "no more wiretapping of American citizens," but President Obama's administration has continued to use many of his predecessor's arguments when it comes to warrantless wiretapping. http://www.computerworld.com/s/article/9135575/Obama_administration_defends_Bush_wiretapping ------------------------------ Date: Sat, 18 Jul 2009 14:42:33 -0400 From: Monty Solomon <monty_at_private> Subject: Amazon Erases Orwell Books From Kindle Devices (Brad Stone) In George Orwell's "1984," government censors erase all traces of news articles embarrassing to Big Brother by sending them down an incineration chute called the "memory hole." On Friday, it was "1984" and another Orwell book, "Animal Farm," that were dropped down the memory hole - by Amazon.com. In a move that angered customers and generated waves of online pique, Amazon remotely deleted some digital editions of the books from the Kindle devices of readers who had bought them. An Amazon spokesman, Drew Herdener, said in an e-mail message that the books were added to the Kindle store by a company that did not have rights to them, using a self-service function. "When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers' devices, and refunded customers," he said. Amazon effectively acknowledged that the deletions were a bad idea. "We are changing our systems so that in the future we will not remove books from customers' devices in these circumstances," Mr. Herdener said. [...] [Source: Brad Stone, *The New York Times*, 18 Jul 2009] http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html [Lots of media coverage on this one, especially the 1984 connection. See also an item from David Pogue's Posts: Some E-Books Are More Equal Than Others, 17 Jul 2009. PGN] http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/ ------------------------------ Date: Fri, 17 Jul 2009 16:37:27 -0700 From: Hal Murray <hmurray_at_private> Subject: Re: Amazon takes-back Kindle e-books I see two RISKS-related issues. One is that it undermines the whole e-book industry. The other is a good reminder of what can happen with closed ecosystems. It's been slashdotted and is in many online news sources and blogs. http://news.cnet.com/8301-13860_3-10289983-56.html ------------------------------ Date: Tue, 07 Jul 2009 13:40:16 -0700 From: Geoff Kuenning <geoff_at_private> Subject: Net-filtering tables turned The July 7th, 2009 edition of "Ask Amy" (an advice columnist) tells the tale of an interesting RISK of using net filtering and online systems to control your children. Briefly, a high-school student's father was using the school's "check up on your kids" Web site to an excessive degree. The fed-up student used the family's parental control software to find out how often the dad was visiting the site (answer: three times daily) and in the process learned some unsavory details about Dad's browsing habits. http://www.chicagotribune.com/features/columnists/advice/chi-0707-ask-amyjul07,0,2095115.column I suppose the RISK lies in assuming you're smarter than your kids...and forgetting that most tools can be used in multiple ways. Geoff Kuenning geoff@private http://www.cs.hmc.edu/~geoff/ In any large population, there are some people who aren't very bright. That's not their fault, it's just in their genes. As an engineer, I have a responsibility to design things that won't kill off the slower ones, just as I have a responsibility to design things that won't harm my neighbor's dog. ------------------------------ Date: Mon, 20 Jul 2009 8:12:56 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Jonathan Zittrain, "Lost in the Cloud" (NYTimes Op-Ed) [I read this over breakfast on paper. Thanks to Lauren Weinstein for the URL.] Jonathan Zittrain, Lost in the Cloud, *The New York Times*, 20 Jul 2009 Earlier this month Google announced a new operating system called Chrome. It's meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online - also known as in "the cloud" - using whatever device is at hand. Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it's not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others - through Facebook, MySpace or Twitter - having it all online can make a lot of sense. The cloud, however, comes with real dangers. [...] http://www.nytimes.com/2009/07/20/opinion/20zittrain.html ------------------------------ Date: Thu, 16 Jul 2009 22:14:27 -0400 From: Harlan Rosenthal <Harlan.Rosenthal_at_private> Subject: Re: cloud computing & server loss (RISKS-25.73) Cloud Computing certainly exposes one to the consequence of other people's actions, but law enforcement's lack of selectivity is nothing new. Consider the Secret Service raid on Steve Jackson Games years ago. http://www.sjgames.com/SS/ ------------------------------ Date: Fri, 10 Jul 2009 14:20:35 -0400 From: David Lesher <wb8foz_at_private> Subject: Ruhr University team breaks code of KeeLoq system <http://www.sundayherald.com/news/heraldnews/display.var.2174801.0.scientists_crack_security_system_of_millions_of_cars.php> Ruhr University scientists say it is now relatively straightforward to clone the remote control devices that act as the electronic keys. They have overcome the KeeLoq security system, which is made by US-based Microchip Technology and is used by Honda, Toyota, Volvo, Volkswagen and other manufacturers to transmit access codes using radio frequency identification technology. The KeeLoq's security relies on poor key management, in which every key is derived from a master that's stored in the reading device. Moreover, it uses a proprietary algorithm that had already been shown to generate cryptographically-weak output. ------------------------------ Date: Fri, 17 Jul 2009 13:37:36 -0400 From: Monty Solomon <monty_at_private> Subject: U.S. Passport RFID security (Erica Naone) Meanwhile, although experts say that some RFID technologies are quite secure, a University of Virginia security researcher's analysis of the NXP Mifare Classic (see Hack, November/December 2008), an RFID chip used in fare cards for the public-transit systems of Boston, London, and other cities, has shown that the security of smart cards can't be taken for granted. "I think we are in the growing-pains phase," says Johns Hopkins University computer science professor Avi Rubin, a security and privacy researcher. "This happens with a lot of technologies when they are first developed." ... [Source: Erica Naone, RFID's Security Problem: Are U.S. passport cards and new state driver's licenses with RFID truly secure? Technology Review, Jan/Feb 2009; PGN-ed] http://www.technologyreview.com/computing/21842/ ------------------------------ Date: Sat, 18 Jul 2009 14:42:33 -0400 From: Monty Solomon <monty_at_private> Subject: U.S. Passports: Special alloy sleeves urged to block hackers? (Todd Lewan) To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver's licenses in "radio-opaque" sleeves. That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader technology. [Source: Todd Lewan, The Associated Press, 12 Jul 2009; PGN-ed] http://www.washingtonpost.com/wp-dyn/content/article/2009/07/11/AR2009071101929.html ------------------------------ Date: Mon, 13 Jul 2009 08:32:38 -0700 (PDT) From: dzubint_at_private Subject: Arming ATMs with Pepper Spray? Now I've seen everything... Apparently, a leading South African bank has fitted 11 ATMs around the Cape Peninsula with pepper spray cans in an effort to prevent card skimming and ATM bombing. I guess the person who thought of this wasn't a reader of Risks Digest. According to the following Guardian article http://www.guardian.co.uk/world/2009/jul/12/south-africa-cash-machine-pepper-spray ...the mechanism backfired in one incident last week when pepper spray was inadvertently inhaled by three technicians who required treatment from paramedics. Patrick Wadula, spokesman for the Absa bank, which is piloting the scheme, told the Mail & Guardian Online: "During a routine maintenance check at an Absa ATM in Fish Hoek, the pepper spray device was accidentally activated. "At the time there were no customers using the ATM. However, the spray spread into the shopping centre where the ATMs are situated." What's next? PCs that pepper spray their users when they download a virus or malware? Hmmmm... perhaps not a bad idea :-) Thomas Dzubin, Calgary, Saskatoon, or Vancouver CANADA ------------------------------ Date: Wed, 08 Jul 2009 11:56:07 +0200 From: Peter Houppermans <peter_at_private> Subject: Eye tracking to prevent screen snooping This is IMHO a rather promising new development in security, mainly because it appears to promise more security without too much usability impact. And it may ruin Powerpoint presentations, another point in its favour :-). It neatly uses the fact that most modern laptops have a camera built in. Source: http://www.siliconvalley.com/ci_12743292 ========= Anderson calls it his "aha" moment -- a flash of insight from which he drew a career-altering connection between decades-old research and his job as a computer security expert. Nearly two years ago, Anderson had a comfortable job as vice president at an established computer security company. But while reading "Consciousness Explained," a book by philosopher Daniel Dennett, Anderson learned about one scientist's research into variations in the way the human eye reads and processes text and images. "This obscure characteristic ... suddenly struck me as (a solution to) a security problem," said Anderson, 42, who has a doctorate in cryptology. "I said, 'Holy cow. No one has thought of using this to protect the contents of a screen.' It was just some obscure research." Anderson quit his job at SafeNet, raised $1.2 million in seed money from friends and family and plunged full time into developing his idea -- a software program that allows only an authorized user to read text on the screen, while everyone else sees gibberish. [..] The private version of the product can already be bought from the company at http://oculislabs.com, at a price well below your average privacy screen. >From their website it appears the "look, your mother is watching" Pro version is not yet released. ------------------------------ Date: Wed, 22 Jul 2009 00:08:23 -0400 From: Monty Solomon <monty_at_private> Subject: U.S. Withheld Data on Risks of Distracted Driving (Matt Richtel) In 2003, researchers at a federal agency proposed a long-term study of 10,000 drivers to assess the safety risk posed by cellphone use behind the wheel. They sought the study based on evidence that such multitasking was a serious and growing threat on America's roadways. But such an ambitious study never happened. And the researchers' agency, the National Highway Traffic Safety Administration, decided not to make public hundreds of pages of research and warnings about the use of phones by drivers - in part, officials say, because of concerns about angering Congress. ... [Source: Matt Richtel, *The New York Times*, 21 Jul 2009; PGN-ed] http://www.nytimes.com/2009/07/21/technology/21distracted.html ------------------------------ Date: Mon, 13 Jul 2009 16:47:50 -0700 From: Gene Wirchenko <genew_at_private> Subject: Adobe Terms Gone Wild Hello: Would you like to report a bug in an Adobe product? Here is the URL: https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform They do have rather stringent terms. You have to affirm lots of things about interest in your bug report, oops, Idea. My favourite bit is "You represent and affirm that you are 18 years of age or older." Oh, to be 17 again. How many people take one look at that page and decide not to bother? Does this affect the quality of Adobe software? ------------------------------ Date: Mon, 20 Jul 2009 14:33:23 +0800 From: jidanni_at_private Subject: Taiwan president in ruckus over prerecorded web messages Taiwan President Ma Ying-jeou was criticized after prerecorded Internet messages leaked out. Experienced Internet surfers found the messages due to be broadcast the next two weeks had already been recorded. The surfers only had to change the dates on the presidential website to see the new messages. Presidential Office Spokesman Wang Yu-chi said Ma had prerecorded the videos, which were supposed to address current affairs, adding that Ma would remake the videos, and asked the person who first discovered the messages to come forward and receive a "small prize" from the Presidential Office. http://www.taipeitimes.com/News/taiwan/archives/2009/07/20/2003449078 http://www.etaiwannews.com/etn/news_content.php?id=1007831 ------------------------------ Date: Mon, 6 Jul 2009 19:36:58 -0500 From: "Darryl/Becky Dueck" <dbdueck_at_private> Subject: Canadian Mint says missing gold may have been stolen http://www.cbc.ca/canada/ottawa/story/2009/06/29/ottawa-mint-gold-missing.html Money is missing, and all they're saying is, "we'll look into it - we have one of the most secure facilities in the world". I can't believe how little uproar there has been. -Darryl Dueck, Winnipeg, MB CANADA The Royal Canadian Mint said Monday that $15.3 million worth of gold missing from its vaults could have been stolen. The gold was reported missing last fall, but officials at the mint said they had hoped they would find that an accounting error was responsible. A review conducted by auditors Deloitte and Touche, however, recently concluded that the gold wasn't simply forgotten during inventory. "The unaccounted for difference in gold does not appear to relate to an accounting error in the reconciliation process, an accounting error in the physical stock count schedules or an accounting error in the record keeping of transactions during the year," the company concluded in a report released Monday. Christine Aquino, director of communications with the mint, said that many possible scenarios are being considered. "We're not going to speculate on the cause just yet. We're not giving up on this. We're going to pursue this rather vigorously." Aquino said the mint asked the RCMP to look into the matter two weeks ago. She said in the meantime, the mint is prepared to follow three of Deloitte and Touche's recommendations concerning its accounting procedures and building security. "They've also asked that we go through our security measures for review. But it's just one of the avenues we're pursuing. We have one of the most secure facilities in Canada, if not the world." [Source: CBC News, 29 Jun 2009] http://www.cbc.ca/news/credit.html ------------------------------ Date: Fri, 17 Jul 2009 10:50:23 -0400 From: Joseph Brennan <brennan_at_private> Subject: Re: July 4 cyber attack (RISKS-25.73) The attacks on web sites from Korea made the news, but there was at least one attack on email, at columbia.edu. More than 26,000 hosts in Korea connected to the columbia.edu mx pool, collectively 160,000 times an hour, and then just sat there. Our network monitoring showed that they sent some bytes that may have been a HELO string, but they did not send MAIL. Our system responds by forking a sendmail process for each connection, and even though they were mostly doing nothing waiting for data, the system load went up. However, it is summer at an edu, and we are pretty well provisioned anyway, so the effect was "hm, that's funny, wonder why the load is that high" rather than "OMG the sky is falling". We shortened the timeout waiting for MAIL, and rate-limited the worst-offending IP blocks, and got the load back to normal. The attack was not continuous throughout the weekend. Maybe the botnet had other missions part of the time. Like the http attacks, it stopped during the following week. Possibly the goal was that we would be forced to blackhole South Korean IP space in order to function. Columbia University has a significant number of people with personal and academic contacts in South Korea. Joseph Brennan, Lead E-mail Systems Engineer Columbia University Information Technology ------------------------------ Date: Mon, 20 Jul 2009 22:30:01 -0400 From: Paul Wallich <pw_at_private> Subject: Risks of hierarchical map displays The other day, for no good reason, I got misplaced on some local dirt roads. "No problem," I thought, because my car had a GPS and a map database that actually knew about all those dirt roads. But when I zoomed the display out far enough to see where the nearest paved road back to exurbia might be, all the dirt roads disappeared, and I was apparently driving through a void. So I couldn't figure out which road would take me back to pavement, because I couldn't display both the roads I was on and the one I wanted to get to at the same time. Obviously, I could have pulled over and used pan as well as zoom controls, or asked for directions to some known point (and hoped none of the dirt roads on the route was closed or washed out). But that would have required both presence of mind and a place to park where I could be sure of getting back on the road after figuring out location and route. I wonder whether such hierarchical displays contribute to some of the GPS-aided navigation debacles that sometimes grace this publication -- a driver may have some idea that they're going the wrong way, but their display doesn't offer enough information to plan a new route easily, and the psychological pressure to keep moving forward can increase as conditions get worse. ------------------------------ Date: Thu, 16 Jul 2009 23:00:38 +0000 From: Roger Leroux <yrl1967_at_private> Subject: An interesting reversal of the usual credit card problem There's a board game company called GMT Games (www.gmtgames.com). They have a "pre-order" system in place that lets you order a game before it is published (they call it the P500 system), and in order to participate you need to provide them with a credit card number. Recently, I and other customers received this e-mail from them: "Please Update Your Online Credit Card Information Ugh! Microsoft strikes again! As you probably know, we encrypt your credit card data, several times, to make sure that your data is always safe online. Well, a recent Windows update done by our service provider apparently modified the encryption key used to decrypt the data for us to read and use for charging. Please don't worry about your cc info. *There was absolutely no security issue here. In fact, it's quite the opposite. For any card that you entered into our system before July 4, neither we nor anyone else can read the card # (as the encryption key was changed).* There is no problem with cc #s entered after July 4. So we're asking you guys to please go into your online account in the next day or two and update the credit card # that is listed there (for many of you it will now look like a long string of alphanumerics) with your correct # so that we can charge the games slated to begin charging on Monday, July 13th. If you guys have any questions about this, or would prefer to do this by phone or online chat, please don't hesitate to contact our office ladies either on our website or at our toll-free number. They'll be happy to help you get the data re-entered if you'd like some help. We apologize for any inconvenience this may cause." It was nice that for a change no personal information was leaked, but I think this highlights the problems of applying OS updates without the ability to do a rollback or for that matter, having a backup of the original (suitably encrypted of course) data. ------------------------------ Date: Wed, 22 Jul 2009 11:53:08 -0400 From: "Daniel P. B. Smith" <usenet2006_at_private> Subject: "Don't freak out," says ING Direct. At least I THINK it's ING Direct! Every time I turn around, a bank website presents me with glaringly obvious RISKS about which one can only say "what _were_ they thinking? 1) When I click on "View My Account" at http://www.ingdirect.com , I am taken to a login screen headed by a bold blue notice: "Our site will be getting a minor facelift soon. So if you notice anything different after you sign in, don't freak out. You're in the right place." *That* should train customers to be vigilant. 2) I opened a bank account at a local bank, and went through all the silly rigamarole about picking a picture and so forth, and got to the idiotic "security questions." This site is one of the kind that forces you to select from a limited list of bad options, which usually manage to be both insecure yet difficult to remember (Let me think, did I enter the answer as "Main Street," "main street," or "Main st."?) But one made my jaw drop: one of the available choices was "How many children do you have?" What are the chances that a stranger could successfully guess *that* one? By comparison, my birthday is as strong as Fort Knox. ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.74 ************************Received on Wed Jul 22 2009 - 13:37:02 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 22 2009 - 14:30:53 PDT