RISKS-LIST: Risks-Forum Digest Saturday 28 November 2009 Volume 25 : Issue 85 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.85.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: London's stock exchange crashes again (John Oates via Kevin Pacheco) Your wallet in the cloud (Martin Ward) Used ATM Machines for Sale on Craigslist (Ben Moore) The Joy of satellite navigation failures (Steve Loughran) Re: Toyota Toyota uncontrolled acceleration (David Lesher, JC Cantrell) Patients' data used as Packing (Robert (Bob) Waixel) Re: Apostrophe in Your Name? You Can't Fly! (Andy Behrens, JosephKK, Dag-Erling_Smørgrav, Bob Frankston) Re: Warren Buffett cell phone skills: did they doom Lehman? (Curt Sampson, Henry Baker) Re: Teleportation via Skyhook (Charles Wood) Android Mythbusters (Matt Porter via jidanni) Solving the Android "Grayed Out Application" Deadlock (Lauren Weinstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 26 Nov 2009 18:17:57 +0000 From: Kevin Pacheco <kevinpacheco_at_private> Subject: London's stock exchange crashes again (John Oates) John Oates, Who's to blame this time? *The Register*, 26 Nov 2009 The London Stock Exchange has suffered yet another systems crash, leaving brokers high and dry since 9.30 this morning. The Exchange last went down in September 2008 and took almost the entire day to get back online. That outage, on one of the Exchange's busiest days, was the day after the $200bn bailout of US housing giants Freddie Mac and Fannie Mae, leading to lots of conspiracy theories. [It resumed operation at 14.00.] <http://www.theregister.co.uk/2008/09/08/lse_down/> <http://www.londonstockexchange.com/global/incident/previous-updates.htm> http://forms.theregister.co.uk/mail_author/?story_url=/2009/11/26/lse_crash_again/ ------------------------------ Date: Fri, 27 Nov 2009 11:20:16 +0000 From: Martin Ward <martin_at_private> Subject: Your wallet in the cloud (was: At Checkout, More Ways to Avoid Cash or Plastic) "What we're trying to do and what we think is very important is to displace the use of cash or checks," said Scott Thompson, president of PayPal, "We'll just have one wallet, and it lives in the cloud." The "dream scenario" for any financial institution is to be in the position to take a cut from *every* financial transaction carried out by *every* person in the country. This is why the president of PayPal thinks it is so important to "displace the use of cash or checks." For the rest of us, this is a nightmare scenario. If you think it would be bad to have all your data is held hostage in a proprietary format on a machine you have no control over: think what it will be like when *all* your money is controlled by a single organisation which decides (purely on the basis of maximising profit) how big a cut to take out of each and every transaction. martin@private http://www.cse.dmu.ac.uk/~mward/ http://www.gkc.org.uk ------------------------------ Date: Thu, 26 Nov 2009 04:49:10 GMT From: "Ben Moore" <ben.moore_at_private> Subject: Used ATM Machines for Sale on Craigslist http://www.tomsguide.com/us/ATM-Hackers-Credit-Card-numbers,news-5203.html Used ATM machines are for sale on auction sites, many of which still contain credit card numbers. Identity theft expert Robert Siciliano is claiming that he bought a used ATM machine on Craigslist for $750. Apparently, this isn't unusual: he found plenty of machines on both Craigslist and eBay ranging between $500 and $2000 USD. However, this particular ATM machine was listed by a bar north of Boston, and contained 1000 credit card numbers. That's right: the machine wasn't wiped. Siciliano said, in an interesting way, that his "hacker friend" came over with a manual and gutted the machine's eprom, spilling the 150-foot spread of sensitive data all over the floor. Surprised and excited, Siciliano thus called a "TV producer friend," and now his local FOX affiliate is running a series on ATM hacking and Siciliano's discovery. Siciliano also said in his report that he was considering a scheme to use the numbers to leech millions from unsuspecting victims, however his wife told him a firm "NO!" FOX Boston, on the other hand, added that the credit cards stored in the ATM consisted of numbers processed in a four month period. With that said, it's highly likely that many more used ATM machines for sale on eBay, Craigslist, and other auction sites contain credit card numbers, ripe for the picking. Then again, consumers are more susceptible to identity theft thanks to ATM skimming devices sold on the very same auction sites. So how do you protect yourself from ATM hackers? "By paying attention to your statements," Siciliano said. "Don’t use just any ATM. Instead, look for ATMs in more secure locations." He also said to cover your pins when punching them into the keypad on the ATM or within retail stores. ------------------------------ Date: Fri, 27 Nov 2009 12:44:36 +0000 From: Steve Loughran <steve.loughran_at_private> Subject: The Joy of satellite navigation failures Part of BMW's new "Joy" marketing campaign includes one on GPS, that claims that if "Joy" does get lost, GPS will get it home again. http://tinyurl.com/yf98b2e As any reader RISKS readers will know, that is not always the case, so it is a shame that vehicle vendors can make this claim in their advertising. Here in the UK, the Advertising Standards Authority does let you complain about adverts making false claims; it is even possible for them to ban adverts. Accordingly I did actually file a complaint on the the ASA's web site (http://www.asa.org.uk/asa/how_to_complain/complaints_form/). The complaint is attached below, it lists many of the failure modes of GPS as documented on RISKS, and Volpe's 2001 paper discussing the vulnerability to the US transport infrastructure to GPS failures. I was curious to see what the reaction of the ASA/BMW would be. Last week I got a reply, telling me that: 1. I was the only person that complained 2. It was meant to be metaphor, and therefore the fact that GPS fails is unimportant. I'm disappointed by this. The more adverts that imply GPS is infallible, the more people believe the claims, the more they drive off cliffs and under bridges too low for their trucks, and the less equipped they are to deal with failures of GPS or the maps themselves. Yet clearly there is no point for a single individual to complain, because the complaint gets dismissed, without any attempt to consider the technical merits of the argument. Which means that the myth "GPS doesn't fail" is going to keep on being repeated, while on this list we get to read about more vehicles getting into trouble, yet the root cause -people blindly doing what their satellite navigation devices tell them to do- remains. I wish to complain about the accuracy of the advert for a BMW X1 which appeared in the Guardian on September 21 2009, an advert which included the statement "On the rare occasion Joy finds itself hopelessly lost, a GPS can guide it back home" I believe this statement is dangerously misleading as it implies that GPS is something drivers can rely on in emergencies. This is untrue. As a computer scientist I believe it places excessive faith in complex computing infrastructure, and perhaps reflects the copywriter's own lack of awareness of the infrastructure behind GPS satellite navigation, and the risks that the abdication of decision making to computers presents to car drivers, passengers and other road users. The Navstar Global Positioning Satellite System (GPS) is run by U.S. Air Force Systems Command's Space Division in Los Angeles [1]. A constellation of atomic clocks are in low-earth orbit, continually announcing the location of all the satellites and their local clock's time, the latter compensated for relativity effects so as to appear consistent with atomic clocks on the earth's surface. GPS receivers pick up the signal from three or more satellites, and by comparing the differences in time received, estimate their location on the geode, the ellipse that represents their view of the Earth's surface in their mapping tool's datum. The location of the satellites is calculated in advance by observing the satellites orbits and predicting their future locations, information which must be regularly updated and relayed to the satellites themselves for rebroadcasting. The time and location data is broadcast on an encrypted "P" signal which can only be decrypted by military receivers, and a civilian "C/A" signal. The civilian signal was made available after the shooting down of the KAL 007 passenger airliner over Soviet Airspace, and receivers for which have become a feature built into cars and mobile phones. It is not digitally signed; there is no way to distinguish a spoof civilian signal publishing invalid information. In computing circles, there are number of well-known failure modes for GPS. The natural failures are: 1. Geomagnetic storms. Affects all civilian GPS receivers, and magnetic compasses. As well as effecting the signal, the expansion of the atmosphere alters the satellite's orbits, and hence the locations they claim to be at becomes incorrect. [2] 2. "Canyoning", loss of signal while deep inside a natural canyon, or an artificial one (such as street with skyscrapers). 3. Reflected Signal. This is a known problem in Scottish Mountaineering: large cliff faces can reflect GPS signals. The extra delay can result in the receiver's location being misplaced. 4. Accidental interference with GPS from sources including consumer electronics. [3] 5. Loss of signal due to overhead materials. Civilian GPS can be lost in woods and forests, and of course in tunnels, covered car parks and the like there is minimal likelihood that a signal will be picked up. Note that as no satellites in the GPS constellation orbit at a latitude above 54 degrees N, the risk of canyoning and reflection increases above this point -which means the Lake District and points north, including all of Scotland. From the Lake District up, no GPS satellite will ever be directly above the receiver, they will either be in the south, or near the horizon to the far north, those being the satellites on the other side of the earth becoming visible. There are also receiver-side software or hardware problems 1. Errors in the maps. These are common and widely documented. Note that such errors effects are invariably amplified by the trust that drivers place in the SatNav units, following them up footpaths and off river banks. To cite one example of this general problem, we would draw attention to a BMW 5 series which recently got stuck on a cliff in Yorkshire when the driver followed the SatNav's instructions to drive down a bridleway. [6] 2. Software errors in the system. This has been discovered on a number of occasions, including in such vehicles as the International Space Station [4]. 3. Hardware errors. In the absence of formally verified hardware, the reliability of the underlying microprocessor and other hardware in a GPS receiver cannot be guaranteed. Finally, the entire GPS infrastructure is vulnerable to malicious attack. This is covered in Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System [5]. This paper by the US Department of Transport, spells out clearly the how vulnerable GPS is. The author's concerns are of malicious failures, either from local jamming, or "Loss of GPS satellites or the Operational Control Segment" though on the latter they note that "attacking these elements can be more challenging and likely would produce a more aggressive U.S. Government response". Given the report was published, poignantly, on September 10, 2001, we know what a more aggressive response would be. A key recommendation of the paper is: "Create awareness among members of the domestic and global transportation community of the need for GPS backup systems or operational procedures, and of the need for operator and user training in transitions from primary to backup systems, and in incident reporting, so that safety can be maintained in the event of loss of GPS" Given that US Government, the providers of GPS, believe that it constitutes a Single Point of Failure ("SPOF") for land, sea and air travel in the US, it seems unlikely that BMW can state unequivocally that GPS will get their customers out of trouble. All the advertisment does is reinforce the mistaken belief that GPS is reliable, and that the SatNav units' instructions should be followed blindly. Please can this advert not be printed again, or could its claims be qualified to state that a number of natural and human problems may affect GPS coverage in an area, and that the stored maps cannot be trusted. The US Department of Transport report should act as a foundation for these qualifications. They may also mention that the risks of canyoning, reflection and other problems become more common above 54 degrees north, and therefore that GPS is less trustworthy in Scotland. A more accurate statement would therefore be "On the rare occasions that Joy finds itself lost, GPS will guide it home, provided Joy did not get lost in Scotland, or in woodland, the GPS maps are kept up to date, and none of the failure modes outlined in (Volpe 2001) have occurred. In keeping with Volpe's guidelines, should Joy consider getting home to be critical, we recommend gaining familiarity with alternate non-GPS navigation techniques, such as using a printed map in conjunction with a magnetic compass." Thank you Citations 1. 2001 GPS SPS Performance Standard Final http://www.navcen.uscg.gov/GPS/geninfo/2001SPSPerformanceStandardFINAL.pdf 2. The Geomagnetic Storm of 13 March 1989. ACM Risks Digest Volume 8 Issue 72 http://catless.ncl.ac.uk/Risks/8.72.html 3. Detrimental Effects of Installing Consumer Electronics on Ships, Ken Hamer 1997 http://www.naval.com/help/emi.html 4. "Truncation error" found in GPS code on International Space Station ACM Risks Digest Volume 21 Issue 11. http://catless.ncl.ac.uk/Risks/22.11.html 5. Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning system, John A. Volpe, U.S. National Transportation Systems Centre, 2001, http://www.navcen.uscg.gov/gps/geninfo/vulnerability_assess_2001.pdf 6. £900 fine for sat nav nut. The Sun, 2009 http://www.thesun.co.uk/sol/homepage/news/2640633/900-fine-for-sat-nav-driver-who-was-left-dangling-over-cliff.html ------------------------------ Date: Fri, 27 Nov 2009 17:59:38 -0500 From: David Lesher <wb8foz_at_private> Subject: Re: Toyota uncontrolled acceleration (Lesher, RISKS-25.82) Update: Toyota has announced a 3.8E6 vehicle recall for the unattended acceleration problem discussed before. Press reports indicate that Toyota will modify the floormats and pedals. Further, they'll install engine cut-offs that activate when the brake and accelerator are both depressed, at least on new production vehicles. (Reports vary widely re: their backfitting to existing vehicles.) Unmentioned is any change to the ignition switch design; which requires the driver hold down the START button to stop. Also no mention of transmission changes. ------------------------------ Date: Mon, 9 Nov 2009 12:41:33 -0800 (PST) From: JC Cantrell <jccant_at_private> Subject: Re: Toyota uncontrolled acceleration (Lesher, RISKS-25.82) David Lesher wrote: "... The second is more alarming. I thought that there was a {?unwritten} requirement that no US road-legal car could even overpower its own brakes; i.e., given full throttle and full brakes; the car stops, period. (This may not be the case for a dedicated race car...) " LA Times story on 8 November: "In reviewing consumer complaints during its investigations, the NHTSA relied on established "positions" that defined how the agency viewed the causes of sudden acceleration. Cases in which consumers alleged that the brakes did not stop a car were discarded, for example, because the agency's official position was that a braking system would always overcome an engine and stop a car. The decision was laid out in a March 2004 memorandum." http://www.latimes.com/news/local/la-fi-toyota-recall8-2009nov08,0,2472257,full.story Now, it sounds to me that the NHTSA believes (i.e., its official position) that the brakes should stop the car, but it does not sound like an edict, regulation or that it is even tested. Well, that is why I buy a manual transmission. When that clutch is in, I KNOW I can stop the car... ------------------------------ Date: Sat, 21 Nov 2009 22:37:59 +0000 From: "Robert (Bob) Waixel" <r.waixel_at_private> Subject: Patients' data used as Packing Jeweler finds hospital records sent in packaging for gift boxes; Confidential records from "solicitor's office acting for patients" were shredded (but not enough) and then used as gift box packing. Jeweler had ordered gift boxes for her Jewelry products, and the boxes came with the shreddings as packing. Patients' data came from Papworth Hospital, Cambridge, England, 'who were horrified' and 'were investigating'. "I could clearly make out the name and address and the name of the hospital and solicitors" said the finder. The solicitors said " we don't shred paper here and we will be having a chat with our suppliers". Papworth Hospital described the secure shredding service it used onsite to make sure that all confidential paperwork was completely unidentifiable. "In certain circumstances a patient will request that their notes are given to a third party, such as a solicitor. In these circumstances we would expect that extreme care is taken in the disposal of these documents by this third party." Reported by Raymond Brown <raymond.brown_at_cambridge-news.uk> [Abridged summary by R Waixel from Cambridge Evening News Fri 20 Nov 09 Pp 1, 5] Bob's Comments * Clear breach of UK Data Protection Act 1998 and Principle 7 (Security) by the solicitors... Wonder whether the hospital has any written procedures for handing personal data over to solicitors. Presumably not as such professionals have their own clear professional duty of care as well as legal (Data Protection) one. * How easily the Hospital can be tarnished by the Solicitor's carelessness (Hospital data lost not Solicitor's!) Page 1 headline. * Solicitor possibly had the data because of potential litigation against Hospital? (mere speculation by me) * The solicitors seem to be remarkably relaxed over the matter - perhaps it could invest in (several) cross cut shredders? * Pity the solicitor [who was] not identified. * There for the grace of God goes many another organisation too... Robert (Bob) Waixel, MBCS, MCInstM, FHEA, RW Systems, Cambridge, UK Chartered Information Technology Professional (CITP) <r.waixel_at_private> ------------------------------ Date: Wed, 25 Nov 2009 23:01:54 -0500 From: Andy Behrens <andy_at_private> Subject: Re: Apostrophe in Your Name? You Can't Fly! I would call this a bureaucratic problem rather than a technological one. It is well known that airline computer systems drop apostrophes, remove accents from letters, and truncate long names. The insanity lies in the fact that someone wrote a regulation which requires an exact match, even though it should be clear that such a match is frequently not possible. At least there are no signs posted saying "No Irish Need A-fly". ------------------------------ Date: Fri, 27 Nov 2009 18:49:38 -0800 From: "JosephKK" <quiettechblue_at_private> Subject: Re: Apostrophe in Your Name? You Can't Fly! (Brady, RISKS-25.84) And the next (or as likely at the same time) problem will be hyphenated names. I have seen this way too much already. And current programming (CS) courses do not help. I have met people with names like O'Hara-Mgabe and O'Rourke-Hollins. [Not to mention multiple hyphens, and multipart middle names such as Charles Henry Anthony Richard. PGN] ------------------------------ Date: Thu, 26 Nov 2009 12:54:19 +0100 From: Dag-Erling_Smørgrav <des_at_private> Subject: Re: Apostrophe in Your Name? You Can't Fly! (Brady, RISKS-25.84) They can't print accented letters either, or in fact any character not used in English, such as in German, Scandinavian, Icelandic, Finnish, Sami, etc. [And my mailer has trouble with them also!] ------------------------------ Date: Fri, 27 Nov 2009 00:50:01 -0500 From: "Bob Frankston" <bob2-39_at_private> Subject: Re: Apostrophe in Your Name? You Can't Fly! (Brady, RISKS-25.84) We'll have to see what happens in practice as there are too many such examples because the airlines are stuck with 1960's US 6 bit character sets. No hyphens, accents or other markings. I suspect special characters will be simply ignored. Though optional spaces may be an issue.. More problematic will be ambiguous translations into English characters and name variations like Bob vs. Robert or insisting on matching my middle name. When flying from SFO on Virgin America a two weeks ago where I am Bob I did ask the security people and was told it would be no problem. 100% strictness won't work in practice but I do worry about depending on the security people's willingness to be flexible. ------------------------------ Date: Thu, 26 Nov 2009 14:42:06 +0900 From: Curt Sampson <cjs_at_private> Subject: Re: Warren Buffett cell phone skills: did they doom Lehman? For the record, here's are the final two paragraphs of the above misleadingly titled article: > It makes a great story - but as Michael Corkery of the Wall Street > Journal wrote last night: "If the Oracle from Omaha really thought he > could profit from insuring Lehman's assets, he would have followed up > with Diamond. Likewise, if Diamond thought he had a realistic chance > of closing a deal with Buffett, don't you think he would have likely > lobbed a follow up call?" > > Here's the truth according to Corkery: "Buffett may not know how > to use a cell phone, but he's pretty savvy about avoiding terrible > investments. That was one call he has to be glad he never answered." In other words, there was a system in place to deal with the risk of failure, it it simply wasn't activated because he wasn't interested in the deal. Curt Sampson <cjs_at_starling-software.com> +81 90 7737 2974 ------------------------------ Date: Thu, 26 Nov 2009 05:21:49 -0800 From: Henry Baker <hbaker1_at_private> Subject: Re: Warren Buffett cell phone skills: did they doom Lehman? Oh, and you've never used the old "your cellphone signal is fading, I'll have to call you back" excuse to get out of a call ? Buffet is nothing, if not polite. ------------------------------ Date: Fri, 27 Nov 2009 12:01:13 +0800 From: Charles Wood <j.charles.wood_at_private> Subject: Re: Teleportation via Skyhook (RISKS-25.84) Checking on the Skyhook wireless site they describe their location methodology in http://www.skyhookwireless.com/howitworks/privacypolicy.php As part of the location process all available information is collected by the mobile device and sent to the server system for location calculation. A result is then sent back. From the wording it appears that only phone tower and wireless network information is sent; though there is an option to manually enter a street address. What seems odd to me is why they don't collect and transmit GPS information at the same time. It would make a lot more sense to have a host of end users doing their mapping for them rather than having to pay for expensive vans to go around and do the mapping. The fairly accurate location of the user is usually known already based on their database. The addition of GPS would not significantly affect the privacy of the user as they have already agreed to submit location identifying information. In fact the user's main focus is to get very precise location information as quickly as possible and has agreed to let skyhook wireless access to all data that will achieve that aim. I also tried the service from a windows laptop. I am not in an area of the world that is especially likeley to have been mapped and so it returned an error. What surprises me is that they don't appear to have a fallback to IP geolocation. Nor do they seem to use it for verification purposes - The example in the teleportation post would very easily have been solved by use of IP geolocation and sanity checks on successive readings ------------------------------ Date: Sun, 15 Nov 2009 03:52:05 +0800 From: jidanni_at_private Subject: Android Mythbusters (Matt Porter) http://laforge.gnumonks.org/weblog/2009/11/04#20091104-android_mythbusters Executive summary: Android is a screwed, hard-coded, non-portable abomination. ------------------------------ Date: Mon, 16 Nov 2009 14:40:32 -0800 (PST) From: Lauren Weinstein <lauren_at_private> Subject: Solving the Android "Grayed Out Application" Deadlock Lauren Weinstein's Blog Update: Solving the Android "Grayed Out Application" Deadlock November 16, 2009 http://lauren.vortex.com/archive/000636.html Greetings. Since I'm fairly vocal in my support of -- and enthusiasm for -- Google's Android OS, I tend to have quite a few people who send me their own Android experiences, both pro and con. While by far most of these notes are positive, there has been a recurring theme lately of reported deadlocks involving already installed applications on Android phones. Previously installed applications suddenly wouldn't run, couldn't be uninstalled, and couldn't be reinstalled. Apparently no "official" explanation or cure for this condition has been apparent. I wasn't in a position to investigate this myself until a few days ago, when a significant number of apps on my Android 1.6 G1 phone suddenly entered this "zombie" state, triggering my looking at the situation rather intently. The primary symptom of these unusable apps is that not only won't they run directly, but the Android "Market" mechanism refuses to either "Open" or "Uninstall" them -- those options are grayed out. But since Market believes the apps are still installed, they cannot be reinstalled either. Even with a rooted phone, this presents a quandary -- on a non-rooted phone, even more so. Here are the results of my investigation into this issue, and my recommended procedure for recovery from such situations without completely resetting your phone and having to manually rebuild your entire configuration from scratch. The basic problem appears to occur when (for whatever reason) an installed app's "apk" file has vanished from /data/app (or /data/app-private). Once this occurs the market app apparently goes out of sync, and then the affected programs won't run, can't be uninstalled, and can't be reinstalled -- via market directly, anyway. The trick out of this dilemma is to obtain the original apk files that are missing. If you already have backups of these files, you can reinstall them via the app package manager. In my case, I used the Astro file manager to select the app apk files for which I had backups -- Astro then executes the package manager. The affected programs will appear to already be installed -- that is, the app package manager will offer an UNINSTALL choice, not an INSTALL choice. Go ahead and tap UNINSTALL. When the uninstall finishes, go back to the package (e.g. via Astro again), then back to the package manager, and this time tap the offered INSTALL. The app should reinstall and be good to go. It may also be possible to follow a similar sequence via the Android "adb" tool externally, but I had mixed results trying this, so I recommend working on the phone itself if possible, from backups on the sd card. The adb tool is still useful in this context for file copying operations -- see below. If you don't have backups of the necessary apk files for the desired apps, you need to get them, but as noted above, market won't let you download them since it thinks they're already installed. Here's how to get them. First, use Nandroid to back up the current state of the phone. I can't emphasize enough the value of Nandroid -- it's extremely useful. Once you have a Nandroid backup, do a factory data reset ("wipe") and reboot. You'll need to re-authenticate the phone to Google (that is, login with your Google account). Now go to the market program and install the programs for which you were missing apk files earlier -- you should be able to download them successfully now. Once they've downloaded and installed, the new apk files should be in /data/app (or in some cases, /data/app-private). Copy the files (e.g. "cp") from the /data/app or /data/app-private dirs to the sdcard (/sdcard). You can do this via a terminal console on the phone or through the "adb shell" command. Now reboot, then restore the Nandroid backup that you made before doing the factory reset wipe. After you're back in the previously saved system, you can navigate (e.g., with Astro) to the new apk files that you copied to the sd card, and follow the procedure above to first "uninstall" and then "install" those programs through the app package manager. Using these techniques, I was able to completely restore all apps on my G1 that had mysteriously found themselves in the limbo of the unusable "grayed out" state. Why the apk files vanished from /data/app in the first place, triggering this entire sequence of events, remains a mystery to me at this point. Lauren Weinstein <lauren_at_private> Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Lauren's Blog: http://lauren.vortex.com Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Founder, PRIVACY Forum - http://www.vortex.com ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.85 ************************Received on Sat Nov 28 2009 - 14:18:48 PST
This archive was generated by hypermail 2.2.0 : Sat Nov 28 2009 - 15:13:03 PST