RISKS-LIST: Risks-Forum Digest Tuesday 26 January 2010 Volume 25 : Issue 92 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.92.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: *NY Times* expose on medical radiation overexposure (Jeremy Epstein) Air-traffic control glitch due to the installation of new software (Chiaki Ishikawa) Extending TCP/IP into space (Randall Webmail) Y2K+10 and SMS (Richard Gadsden) Bodyscanners that don't work (Peter Houppermans) Corporate espionage in the news: Hilton and the Oil industry (Gadi Evron) Have the Chinese Really Hacked into MSN's DB? (Chris J Brady) Cyberattacks on Google in China (PGN) Unsearchable stores (Mark Brader) ICSI claims "effectively perfect" spam blocking method (Lauren Weinstein) LORAN being retired (David Magda) PROVINCE OF CHI (jidanni) Google Maps won't be taking my address for a ride (jidanni) Upgrading a World of Warcraft account ends in tears (Turgut Kalfaoglu) Unique PINs (Dag-Erling Smørgrav) Re: Offensive shutting down of botnets (Dick Mills) Cloud Computing Security (Ivan Arce) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 23 Jan 2010 23:25:21 -0500 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: NY Times expose on medical radiation overexposure There's nothing here that's akin to the infamous Therac disasters where interactions of hardware and software caused unexpected results, but more examples of how wrong configurations lead to dramatic radiation overexposures. "The Times found that on 133 occasions, devices used to shape or modulate radiation beams [...] were left out, wrongly positioned or otherwise misused." But there were also software errors - crashes that lost portions of the programming for the radiation beams. "as [the medical physicist] was trying to save her work, the computer began seizing up, displaying an error message. The hospital would later say that similar system crashes 'are not uncommon with the Varian software, and these issues have been communicated to Varian on numerous occasions.' [...] At 12:57 p.m. -- six minutes after yet another computer crash -- the first of several radioactive beams was turned on." In another case, "One therapist mistakenly programmed the computer for 'wedge out' rather than 'wedge in,' as the plan required. Another therapist failed to catch the error. And the physics staff repeatedly failed to notice it during their weekly checks of treatment records. Even worse, therapists failed to notice that during treatment, their computer screen clearly showed that the wedge was missing. Only weeks earlier, state health officials had sent a notice, reminding hospitals that therapists 'must closely monitor' their computer screens." The problem was lack of fail-safe processes. "The software required that three essential programming instructions be saved in sequence: first, the quantity or dose of radiation in the beam; then a digital image of the treatment area; and finally, instructions that guide the multileaf collimator. When the computer kept crashing, [...] the medical physicist, did not realize that her instructions for the collimator had not been saved, state records show. She proceeded as though the problem had been fixed. " It's a pretty frightening article. http://www.nytimes.com/2010/01/24/health/24radiation.html?hp [The article spans the middle of the front page and three inside pages. It's well worth reading in its entirety. I also received comments on this from Jared Gottlieb, Harry Hochheiser, Matthew Kruk, Nancy Leveson, Martyn Thomas, and others. See recent harbingers (RISKS-25.81,82) of the current round of events, as well as the earlier items on the Therac-25 problems (RISKS-8.5, 12.50, 14.04). PGN] ------------------------------ Date: Thu, 21 Jan 2010 18:19:59 +0900 From: ishikawa <ishikawa_at_private> Subject: Air-traffic control glitch due to the installation of new software http://www.airportbusiness.com/online/article.jsp?siteSection=1&id=33648 Air-traffic control glitch due to the installation of new software Air-traffic control software problem (airplane positions could not be identified in a timely manner) caused the disruption of air flights in Japan on 14 Jan 2010. This happened after the installation of new software that consolidated the air-traffic control operations of two large and busy airports, Haneda and Narita. The program controls the radar screen displays for the controllers. Due to a software problem, the display on the screen got sluggish to the point that the operators switched to a backup system and operators diverted to traffic to other airports and such. On 15 Jan 2010, the official announcement was made by the Ministry of Land, Transport, Infrastructure and Tourism that the climate information, especially bad weather, was mistakenly fed to the module of the control program that display the positions of airplanes in this new software setup. This caused overload of processing, and thus the failure to keep track of the airplanes timely. This incorporation of the bad weather is a new feature according to the short announcement made by the minister in charge. Usual risk. But I really wonder why this was not caught in advance testing. The unwanted climate data by the position display module was silently thrown away without no logging? If the bad weather was properly reflected on the screen by the feed to the proper module (assuming the testing was done for the display of bad weather condition on radar), then the data was duplicated by mistake and fed to the airplane position display module, also? Why and how? Inquiring minds want to know more. I really wish that there is a public database of software bugs that caused social glitches like this one and that record details for posterity for the benefit of future programmers, etc. I suspect such a database will be a loath to parties in the legal tangling as the result of such bugs, but the society needs such a database, I think. We need better foundation and not try to build sand castles from scratch again and again with similar mistakes in the foundation. (This incident has nothing to do with the bankruptcy filing of Japan Air Lines recently.) ------------------------------ Date: January 22, 2010 11:16:07 AM EST From: Randall Webmail <rvh40_at_private> Subject: Extending TCP/IP into space (From Dave Farber's IP) NASA EXTENDS THE WORLD WIDE WEB OUT INTO SPACE Astronauts aboard the International Space Station received a special software upgrade this week - personal access to the Internet and the World Wide Web via the ultimate wireless connection. Expedition 22 Flight Engineer T.J. Creamer made first use of the new system [on 22 Jan 2010], when he posted the first unassisted update to his Twitter account, @Astro_TJ, from the space station. Previous tweets from space had to be e-mailed to the ground where support personnel posted them to the astronaut's Twitter account. "Hello Twitterverse! We r now LIVE tweeting from the International Space Station -- the 1st live tweet from Space! :) More soon, send your ?s" This personal Web access, called the Crew Support LAN, takes advantage of existing communication links to and from the station and gives astronauts the ability to browse and use the Web. The system will provide astronauts with direct private communications to enhance their quality of life during long-duration missions by helping to ease the isolation associated with life in a closed environment. During periods when the station is actively communicating with the ground using high-speed Ku-band communications, the crew will have remote access to the Internet via a ground computer. The crew will view the desktop of the ground computer using an onboard laptop and interact remotely with their keyboard touchpad. Astronauts will be subject to the same computer use guidelines as government employees on Earth. In addition to this new capability, the crew will continue to have official e-mail, Internet Protocol telephone and limited videoconferencing capabilities. To follow Twitter updates from Creamer and two of his crewmates, ISS Commander Jeff Williams and Soichi Noguchi, visit: http://twitter.com/NASA_Astronauts For more information about the space station, visit: http://www.nasa.gov/station Archives: https://www.listbox.com/member/archive/247/=now [Well, that may be just a little more secure than an early desire for the space station that I heard when I visited Johnson Space Center long ago, which was that researchers should be able to uplink over the Internet to the Space Station control computer and monitor and guide their own experiments in real time. PGN] ------------------------------ Date: Thu, 21 Jan 2010 14:21:01 +0000 From: Richard Gadsden <richard_at_private> Subject: Y2K+10 and SMS The timestamp on SMS messages (known as TP-SCTS) stores the year in two nibbles in a binary-coded decimal representation with the nibbles swapped. Aside from the known risks of using a two-digit year, this is about as bad a representation as can be imagined. 2009 is represented as 1001 0000 in BCD swapped-nibble (i.e., as 09, decimal). 2010 (decimal) is represented as 0000 0001. A number of telephone SMS programs, generally those that don't inherit a code-base from pre-Y2K systems, have misread the spec, and are interpreting it as swapped-nibble binary, rather than BCD, so are interpreting 0000 0001 as 00010000, i.e., as 0x10 or 16 instead of 10. This is why some phones (notably Windows Mobiles) are displaying text messages as having been sent in 2016, rather than 2010. It's worthy of note that these systems would not have worked correctly in 1999 either - they would have interpreted 0x99 as 153 (decimal) - and may have displayed either 19153 or 2053. In the specific case of Windows Mobile, the text message database stores two dates, the TP-SCTS date and an internal datestamp applied to the text when received by the phone. There is a setting in the firmware that allows the internal datestamp to be shown in preference to the TP-SCTS date, so some phones are showing the correct information and some are not. This setting is set by the firmware programmer, normally being either the manufacturer or the network operator. RISKS: Date code written after 2000 may display Y2K-like bugs, by making assumptions that all dates are post-2000. Programs installed in firmware are much more difficult to correct for bugs, so code quality for firmware is much more important. Systems are frequently coded to a small set of sample data, rather than to the actual specification. Checking against the specification rather than unit testing with sample data is harder, but may be necessary, especially for systems that are difficult to correct. Richard Gadsden richard_at_private [The authors of the post-Y2K phone software have obviously never heard The Ring of the Nibble-Young-un (Wagner). It's worthy of a Ring-Tone-Poem (Strauss). PGN] ------------------------------ Date: Sun, 24 Jan 2010 14:22:55 +0100 From: Peter Houppermans <peter_at_private> Subject: Bodyscanners that don't work Interesting article in The Register about a full body scanner demo on German live TV demo. You guessed: it would not be news unless the thing had failed to detect some Very Bad Stuff. You may want to watch the video, it's in German but I think you will be able to see that the key message is that the man scanned was carrying more than what he originally mentioned: http://www.theregister.co.uk/2010/01/24/body_scanner_fail/ Keep watching - he will use the stuff that wasn't picked up, just to prove the point (notice that he almost ruins a camera when he stirs the remains). I hope these scanners won't lure security staff into a false sense of security, and wonder how the use of these expensive devices will pan out in real life use. We'll soon see. Speaking of pan - no idea of correlation between frying pan material and what is used for a plane hull.. ------------------------------ Date: Tue, 26 Jan 2010 08:53:07 +0200 From: Gadi Evron <ge_at_private> Subject: Corporate espionage in the news: Hilton and the Oil industry Corporate espionage in the news, and not just because of Google: Hilton and the Oil industry. Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. US oil industry hit by cyberattacks: Was China involved? http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved "At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage." Starwood Charges That Top Hilton Execs Abetted Espionage http://www.meetings-conventions.com/article_ektid31918.aspx "Starwood's claim points to a "mountain of undisputed evidence," including e-mails among Hilton senior management, that Klein and Lalvani worked with others within Starwood to steal sensitive documents by sending them via personal e-mail accounts, among other methods, and that such information was shared and used by all of Hilton's luxury and lifestyle brands, as well as in the development of Hilton's now-shelved Denizen brand. In the new filing, Starwood says, "This case is extraordinary, and presents the clearest imaginable case of corporate espionage, theft of trade secrets, unfair competition and computer fraud...Hilton's conduct is outrageous."" As to whether China is involved, maybe. But the automatic blaming has got to stop. Many other countries have been known to be conducting corporate espionage, such as France, and as the second story above shows, so do corporations themselves. [ Source on naming France: http://samvak.tripod.com/pp144.html ] But.. here are a few questions: - My dog barked, was China involved? - The traffic light turned red, was China involved? - I am tired. Is China involved? ------------------------------ Date: Wed, 20 Jan 2010 06:04:14 -0800 (PST) From: Chris J Brady <chrisjbrady_at_private> Subject: Have the Chinese Really Hacked into MSN's DB? Seen in a forum on LoveMoney.com: "There is a new scam today offering cheap goods from China. They probably don't exist and they have hacked accounts, it appears they are in the MSN database. Anyone with hotmail or live.com accounts should change their passwords. This may be in the wrong thread. We are trying to figure out what they are doing. It looks like a major operation hacking from China." Is the risk believing that there is a risk here, or is there more of a risk in ignoring it? Hmm ... but the Chinese do seem to be gaining a reputation for hacking. ------------------------------ Date: Tue, 19 Jan 2010 16:21:02 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Cyberattacks on Google in China Google has uncovered a "highly sophisticated and targeted attack" coming from China on its infrastructure that resulted in some of its intellectual property being stolen. The cited article suggests that at least 20 technology companies were similarly targeted (and more than 30, according to other reports). http://www.computerworld.com/s/article/9145679/ In addition, *The Jewish Chronicle* website (thejc.com) was recently defaced. http://www.theregister.co.uk/2010/01/18/jc_defaced/ See also John Markoff, David E. Sanger, Thom Shanker, "In Digital Combat, U.S. Finds No Easy Deterrent, *The New York Times*, 26 Jan 2010, A1/A6 today's National Edition. ------------------------------ Date: Sun, 24 Jan 2010 17:06:43 -0500 (EST) From: msb_at_private (Mark Brader) Subject: Unsearchable stores Tangentially to recent thread in alt.usage.english, Cheryl Perkins made a comment about how programmers dealing with addresses "don't like apostrophes" and "don't allow for their existence". John Varela then wrote this (quoted by permission) about his TomTom One 130: | I ran into that today when I wanted the GPS to take me to a store | called "Lowe's". There's no way to enter an apostrophe on the GPS. | A search for "Lowe" found nothing and a search for "Lowes" found a | store called "Lowest Price something-or-other". I had to find the | place on my own. Doing so gave me a real feeling of independence | and of superiority to technology. Mark Brader, Toronto, msb_at_private | "Fast, cheap, good: choose any two." [Lowe'stcommon denominator? PGN] ------------------------------ Date: January 25, 2010 6:51:19 PM EST From: Lauren Weinstein <lauren_at_private> Subject: ICSI claims "effectively perfect" spam blocking method ``Researchers have now come up with a system that deciphers the templates a botnet is using to create spam. These templates are then used to teach spam filters what to look for.'' [Maybe "effectively perfect" against that specific type of attack *at this point in the development of spam*. Just ask Darwin.] http://bit.ly/7GwsVx (New Scientist) [From the Network Neutrality Squad, http://www.nnsquad.org] ------------------------------ Date: Thu, 21 Jan 2010 09:00:27 -0500 From: David Magda <dmagda_at_private> Subject: LORAN being retired The U.S. Coast Guard has announced that it will begin turning off the Loran-C navigation system on February 8, 2010, with a full decommissioning by October 1, 2010: http://www.access.gpo.gov/su_docs/fedreg/a100107c.html#Coast%20Guard http://yro.slashdot.org/article.pl?sid=10/01/12/223241 While some people have said that GPS has made it redundant, critics of the decision have said that having redundancy / backups is entirely the point. The "Federal Register" statement implies that this concern is not very pressing: > The Loran-C system was not established as, nor was it intended to be, a > viable systemic backup for GPS. Backups to GPS for safety-of-life > navigation applications, or other critical applications, can be other > radio-navigation systems, or operational procedures, or a combination of > these systems and procedures. Backups to GPS for timing applications can > be a highly accurate crystal oscillator or atomic clock and a > communications link to a timing source that is traceable to Coordinated > Universal Time. http://edocket.access.gpo.gov/2010/2010-83.htm Not sure what these other navigation systems would be (e.g., WAAS "augments" GPS, not replaces it). For time a least, WWVB is available in large portion of the continental U.S. http://en.wikipedia.org/wiki/Wide_Area_Augmentation_System Other countries have their own LORAN towers, and it remains to be seen how this will affect them: http://en.wikipedia.org/wiki/LORAN ------------------------------ Date: Mon, 11 Jan 2010 02:18:46 +0800 From: jidanni_at_private Subject: PROVINCE OF CHI Fidelity.com is where I keep my retirement millions. A few days after a cordial address update I double checked to find it had become a mangled DONGSHI 42351 PROV-INCE OF CHI TAIWAN behind both my and staff's backs. In order to please neighboring China, their run a batch job that alters all Taiwan addresses. It then took much staff effort whack mine back into shape. Jackson.com is where I keep my other millions. Foreign customers have a pseudo-state of "OT" appended to their addresses. It used to be "OC" but that probably landed mail into an even darker hole at the post office. ------------------------------ Date: Tue, 26 Jan 2010 07:30:24 +0800 From: jidanni_at_private Subject: Google Maps won't be taking my address for a ride Ah, the amazing ability of http://maps.google.com/ to pinpoint anything one tosses into its search box. Let's just change this search string from house number 21, to e.g., 22: http://maps.google.com/maps?f=q&hl=en&q=21+DaGuan+RD+%E5%A4%A7%E8%A7%80%E8%B7%AF21%E8%99%9F%2C+Taichung%2C+Taiwan http://maps.google.com/maps?f=q&hl=en&q=22+DaGuan+RD+%E5%A4%A7%E8%A7%80%E8%B7%AF22%E8%99%9F%2C+Taichung%2C+Taiwan Whammo... for #21 all along Google was merely matching a text string attached to a story associated with a point in their database. For #22 etc. Google Maps says "We could not understand the location." If one has a Facebook account, here I am telling the business owner their new address finds a point (stuck to their old address (mentioning their new address.)) http://www.facebook.com/permalink.php?story_fbid=253295461155&id=12619981155 Me? I'm at http://maps.google.com/maps?ll=24.181699,120.866261. No text strings to get hijacked by pagerank. ------------------------------ Date: Wed, 20 Jan 2010 11:04:54 +0200 From: Turgut Kalfaoglu <turgut_at_private> Subject: Upgrading a World of Warcraft account ends in tears My son and I have something in common: We love the online game Warcraft. We are separated by a continent as he lives with his mother, but we still meet online through this game. For those who are not familiar, it consists of a 5GB game download, followed by numerous similarly-sized updates, and finally being able to play (and pay monthly) online. We recently attempted to upgrade our gaming accounts to their new "Wrath of Leech King" expansion - it was suppose to be a Christmas present for him. So I entered their web site, gave my credit card details, clicked upgrade. It promptly said congratulations, and that the account was upgraded. A day later, we got another e-mail saying that the purchase was "undone" and the game upgrade was rolled back. No details were given, but we were given a hint that we should phone them. That simple task of phoning them took three days of non-stop phoning from overseas: Their UK help desk was so swamped/understaffed that I could not get in their waiting queue. When I did, I was dropped off after waiting 9 minutes on the phone. It eventually turned out that my security-conscious son had not entered his correct name and address when signing up to the service some years back, and apparently only during the upgrade that Blizzard bothers to check these things. After a successful phone call to their help desk, we were sent a questionnaire to fill out to correct the details. However, even after the details were entered into their system, we were STILL denied the upgrade. Reason? As far as I can tell, it was their security system again: It will not let you "upgrade" twice from the same IP address! Since according to their records, we had one "successfully" upgraded, we were now denied an upgrade! After numerous fruitless e-mails, I finally re-re-re-did the registration from a work computer, and it went through, and it became a late new year present for my son instead. Moral of the story: 1) You must reveal your complete identity if you want to play games, 2) Your request must not look like it's coming from a sweatshop in China. And you thought playing online games was all fun and games? Turgut Kalfaoglu, Msc. Computer Engineering, Izmir Institute of Technology ------------------------------ Date: Wed, 20 Jan 2010 11:51:22 +0100 From: Dag-Erling Smørgrav <des_at_private> Subject: Unique PINs A number of municipal cinemas in larger Norwegian cities have a common fidelity program called Kinosonen ("the cinema zone"). Amongst other benefits, members get a card they can use to prepay tickets (at a discount, of course). A few days ago, two e-mails were sent out to program members. The first e-mail enjoined all members to change their PIN as quickly as possible "for security reasons". All well and good. The second... The second said, loosely translated: We have been notified of a flaw in our procedures, and have asked all our members to change their PIN. Several members have been issued the same PIN for their membership cards. As many as 1200 cards may be affected. This only applies to cards issued after 2007-11-25. We are in the process of changing the PIN for those 1200 members. You will receive a new PIN by e-mail. So... am I to conclude that the security of their system depends on each member's PIN being unique? The mind boggles. If so, why do they ask members to select their own PIN? What happens if a member selects a PIN that is already in use - does she get a message to that effect? So now she knows that somebody else uses that PIN, can she take advantage of that knowledge? If not, why are duplicate PINs a problem in the first place? I'm not sure how long the PIN is, by the way, but my guess is four or five digits. The total population of these cities and their suburbs is around two million people. Even with conservative estimates of their membership base, latecomers are going to have a hell of a time trying to find an unused PIN. Even with six digits, the odds are that a lot of people are going to use either their birth date or the last six digits of their 12-digit card number... ------------------------------ Date: Thu, 21 Jan 2010 09:14:38 -0500 From: Dick Mills <dickandlibbymills_at_private> Subject: Re: Offensive shutting down of botnets It seems foreseeable that someday a mass cutoff of botnet infected computers will trigger some kind of disastrous side effect. Of course, mission critical or life critical applications should never be allowed to exists on unprotected net connected computers, especially those infected by malware. Nevertheless, it would be foolish to presume that nobody else is ever foolish. Here's the risk. We may know that a mass collection of computers are hosting malware, but we have no way of knowing what good and vital services they may also be providing. Is it not true therefore, that any action to remotely cut off a class of nodes is somewhat reckless by nature. [Old whine in new bot-tles? PGN] ------------------------------ Date: Sat, 23 Jan 2010 18:24:12 -0200 From: Ivan Arce <ivan.arce_at_private> Subject: Cloud Computing Security We have a special issue on Security in Cloud Computing scheduled for publication in Nov/Dec 2010. The final date for submissions is approaching (5 Mar 2010). and The Call for Papers is here: http://www.computer.org/portal/web/computingnow/spcfp6 ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.92 ************************Received on Tue Jan 26 2010 - 16:38:04 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 26 2010 - 17:35:44 PST