RISKS-LIST: Risks-Forum Digest Saturday 13 March 2010 Volume 25 : Issue 96 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.96.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [Backlogged, but without spare time] Silly season: DST is approaching (David Magda) Sony PS3: Yet Another leap year folly (Steve Summit) Sony thinks 2010 is a leap year (Debora Weber-Wulff) Old models of PS3 failed to connect to network due to leap-year miscalculation (Chiaki Ishikawa) Re: The Century Bug Will Repeat (Jerry Leichter) Death in the Atlantic: The Last 4 Minutes of Air France Flight 447 (F John Reinke) Software flaws may be at the root of Toyota's woes (Gene Wirchenko) Risk: Toyota secretive on 'black box' data (AP via Gabe Goldberg) Breakthrough in Electron Spin Control Brings Quantum Computers Closer to Reality (NSF) German Data Retention Law Overturned (Bob Gezelter) USGov rescinds 'leave Internet alone' policy (Richard Forno) Man posts "wanted" poster of himself on own Facebook page (Mark Brader) Car insurance bug (Clive D.W. Feather) Daily cyber attacks on the UK (Martyn Thomas) "Traffic analysis" from data (David Magda) Paranoia 101 (Paul Wexelblat) Risks of having friends with computers (Rob McCool) Computer core risks (Robert Schaefer) 4th International Conference on Network and System Security (NSS 2010) IEEE Symposium on Security and Privacy (Ulf Lindqvist) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 1 Mar 2010 08:06:58 -0500 From: David Magda <dmagda_at_private> Subject: Silly season: DST is approaching [This one was stuck in my queueueueue. But it's more appropriate tonight anyway, on the eve of U.S. DST. PGN] Everyone gird your loins as it's March, so that means we're now entering "silly season": the bi-annual event of adjusting our time pieces by one hour. North America will be making the great leap forward on 14 Mar, while in Europe it's 28 Mar. Anyone want to start a pool on how many time incidents will make the news this time around? ------------------------------ Date: Mon, 01 Mar 2010 23:18:10 -0500 From: scs_at_private (Steve Summit) Subject: Sony PS3: Yet Another leap year folly It's been widely reported that some models of Sony's PS3 game console malfunctioned today, evidently because they thought the date was 29 Feb. Hard to believe that in this 21st century, programmers are still having trouble with this algorithm... http://news.cnet.com/8301-17938_105-10461881-1.html [PGN notes Mark Brader commented on this one: Well, maybe it's not the *same* programmers who had trouble with it in the 20th century...] ------------------------------ Date: Sat, 06 Mar 2010 01:37:08 +0100 From: Debora Weber-Wulff <weberwu_at_htw-berlin.de> Subject: Sony thinks 2010 is a leap year As noted on http://scitech.blogs.cnn.com/2010/03/01/playstation-network-down/ Sony's Playstation 3 was convinced that 2010 was a leap year and attempted to use Feb. 29, 2010. This kept gamers from connecting to the Playstation Network (http://blog.us.playstation.com/2010/03/playstation-network-service-restored/) It seems that the clock is a necessary part of the DRM scheme that Sony uses to make sure that people don't use bootleg copies of their games. It rather incensed some users to be locked out of using their perfectly legal copies because the programmers had a little trouble dividing by 4. Prof. Dr. Debora Weber-Wulff, Treskowallee 8, 10313 Berlin +49-30-5019-2320 weberwu@htw-berlin.de http://www.f4.htw-berlin.de/people/weberwu/ ------------------------------ Date: Wed, 03 Mar 2010 02:43:58 +0900 From: "ishikawa,chiaki" <ishikawa_at_private> Subject: Old models of PS3 failed to connect to network due to leap-year miscalculation Japan may have experienced the problem due to timezone differences earlier than others. Sony Computer Entertainment announced on 2 Mar 2010 (and many users have complained on blogs and twitters) that old models of PS3 popular game console experienced failures such as failing to connect to network since its software miscalculated the year 2010 to be a leap year and its internal date was set to bogus 29 Feb on 1 Mar. The model sold after September of 2009 didn't experience this bug. As the date rolled to March 2nd (UCT), the problem disappeared. Every now and then I noticed this leap-year miscalculation occur in OS and other basic software, but please note 2010 is not even a multiple of four. I wonder what faulty calculation was done in the software. It could be a classic example that should be put in software engineering textbook if the faulty line is made public. ------------------------------ Date: Sun, 14 Feb 2010 19:44:11 -0500 From: Jerry Leichter <leichter_at_private> Subject: Re: The Century Bug Will Repeat (Pollard, RISKS-25.94) Jonathan de Boyne Pollard discusses software that ignores even quite recent experience and continues to use techniques - like 2-digit years - that have quite recently caused us much grief and expense. He asks why we don't seem to learn from this experience. I really hate to point this out but ... there are two reasons that, in other engineering and technological fields, we *do* manage to avoid repeating at least the reasonably common mistakes: 1. We develop standards and practices that have the force of law. Electrical circuitry in houses is subject to a variety of such standards. So is plumbing. You can't sell a house if it fails to meet code. In some cases, you'll be required to make modifications to come up to code even to remain in your own nose. If you're an electrician or a plumber and you do work that doesn't meet code, you'll lose your license and no longer be allowed to work in the field. You may be subject to criminal penalties. You can certainly be sued if someone is injured or property is damaged because you didn't follow the rules. 2. We require training and passing of exams *on those standards and practices*. We enforce this requirement by requiring licenses to work in many fields - and those licenses depend on passing the exams. Now, I know all the downsides of this approach - the technology that's frozen in place for years, the use of licensing to limit competition, the pointlessness of much of what's on those exams. But the fact is that we have indoor plumbing that (usually) doesn't leak water on us, and that only very rarely causes disease even as it pumps gallons of pure stuff we eat and drink right near gallons of contaminated stuff. And we have electrical systems in our houses that don't (usually) start fires or electrocute us. We're so used to this latter feature that we've forgotten that this doesn't happen automatically. At least 12 US soldiers died in Iraq - not due to battles, but electrocuted due to incorrect wiring, like improperly grounded pumps that killed several soldiers in their showers. We in the software industry have been leading charmed lives for many years. We've managed to avoid liability, avoid serious training in good practices, avoid any kind of standards - all by arguing that this would cramp our style and keep us from continuing to innovate. Maybe that's true - but we've been building up a massive debt side by side with all that innovation. Eventually, that debt's going to come due. If we don't clean up our own mess, the greater society will come along and do it for us - and the results won't be pleasant. ------------------------------ Date: Mon, 1 Mar 2010 09:15:30 -0500 From: fjohn reinke <fjohn_at_private> Subject: Death in the Atlantic: The Last 4 Minutes of Air France Flight 447 A lot of people are dead because they depended upon obsolete testing to keep them safe. While there is probably a lot of blame to go around, the failure of knowledgeable experts to make bureaucrats and bean-counters do the "right thing" seems to be obvious all throughout this story. I submit any risk reader will find this fascinating, educational, and, if you fly, scared! What else is hidden, overlooked, or just lazily ignored. There is a hint of corruption as well (i.e., failure to come down hard on a local business); the possibility of politics or payoffs can't be overlooked. Even if unprovable, suspicion is warranted. Argh! In fact, the problem with the airspeed indicators lies far deeper. To this day, the relevant licensing bodies still only test pitot tubes down to temperatures of minus 40 degrees Celsius (minus 40 degrees Fahrenheit) and an altitude of about 9,000 meters (30,000 feet). These completely antiquated specifications date back to 1947 -- before the introduction of jet planes. What's more, most of the incidents of recent years, including that involving the ill-fated flight AF 447, occurred at altitudes above 10,000 meters (33,000 feet). (SPIEGEL ONLINE - News - International) http://www.spiegel.de/international/world/0,1518,679980-2,00.html Blog "Reinke Faces Life", http://krunchd.com/reinkefj ------------------------------ Date: Thu, 04 Mar 2010 11:21:50 -0800 From: Gene Wirchenko <genew_at_private> Subject: Software flaws may be at the root of Toyota's woes While Toyota CEO President Akio Toyoda insists that neither electronics nor software can be blamed for the rash of runaway Toyotas, others aren't so sure. [Source: Joab Jackson, *IT Business*, 4 Mar 2010] http://www.itbusiness.ca/it/client/en/home/news.asp?id=56648 Page 2 has discussion of an electronic control module (ECM) that supposedly has fail-safe, but "David Gilbert, a professor of automotive technology at Southern Illinois University Carbondale, found that the ETC is not foolproof, despite Toyota's claims. In tests, which he later described before last week's Congressional hearings, he found that the ETC did not detect certain types of short-circuit malfunctions that could occur with the pedal sensors. If the ETC did not detect the complete possible range of errors, then it could not enter into a fail-safe mode, he argued." ------------------------------ Date: Fri, 05 Mar 2010 17:06:18 -0500 From: Gabe Goldberg <gabe_at_private> Subject: Risk: Toyota secretive on 'black box' data (AP) Toyota has for years blocked access to data stored in devices similar to airline "black boxes" that could explain crashes blamed on sudden unintended acceleration, according to an Associated Press review of lawsuits nationwide and interviews with auto crash experts. The AP investigation found that Toyota has been inconsistent -- and sometimes even contradictory -- in revealing exactly what the devices record and don't record, including critical data about whether the brake or accelerator pedals were depressed at the time of a crash. By contrast, most other automakers routinely allow much more open access to information from their event data recorders, commonly known as EDRs. AP also found that Toyota: * Has frequently refused to provide key information sought by crash victims and survivors. * Uses proprietary software in its EDRs. Until this week, there was only a single laptop in the U.S. containing the software needed to read the data following a crash. * In some lawsuits, when pressed to provide recorder information Toyota either settled or provided printouts with the key columns blank. [Source: Curt Anderson and Danny Robbins, Associated Press Writers, 4 Mar 2010] http://finance.yahoo.com/news/AP-IMPACT-Toyota-secretive-on-apf-1294427692.html?x=0&sec=topStories&pos=1&asset=&ccode= Gabriel Goldberg, 3401 Silver Maple Place, Falls Church, VA 22042 703-204-0433 ------------------------------ Date: Fri, 26 Feb 2010 14:29:33 -0600 (CST) From: National Science Foundation Update <nsf-update_at_private> Subject: Breakthrough in Electron Spin Control Brings Quantum Computers Closer to Reality [Noted by Bob Rosenberg in Dave Farber's IP distribution. PGN] Illustration showing optical beam splitter method and new method of controlling electron spin. Research allows control of a single electron without disturbing other nearby electrons. More: http://www.nsf.gov/discoveries/disc_summ.jsp?cntn_id=116456&WT.mc_id=USNSF_1 ------------------------------ Date: Wed, 03 Mar 2010 10:26:31 -0500 From: Bob Gezelter <gezelter_at_private> Subject: German Data Retention Law Overturned *The New York Times* (pp A6) 3 Mar 2010 "The country's highest court ruled Tuesday that a security law requiring the mass storage of telephone, e-mail, and Internet data violated a constitution provision on privacy and must be revised. The 2008 law required telecommunications carriers to retain customer usage data for six months so authorities could use it to track criminal networks." The citation to the actual law was not given in the small article. Mass retention of data without specific cause is a challenge. The retained data can be used for its intended purpose, but its mere existence presents a hazard for inappropriate use. I addressed similar issues in an item entitled "Will Long Term Dynamic Address Allocation Record Retention Help or Hurt?" in the context of the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009" (S.436) introduced by Senator John Cornyn (R-Texas). http://www.rlgsc.com/blog/ruminations/retain-dynamic-address-allocation-logs.html Bob Gezelter, http://www.rlgsc.com ------------------------------ Date: February 26, 2010 9:06:56 PM EST From: Richard Forno <rforno_at_private> Subject: USGov rescinds 'leave Internet alone' policy [From Dave Farber's IP list. PGN] US government rescinds 'leave Internet alone' policy Kieren McCarthy, Networks, 27 Feb 2010> http://www.theregister.co.uk/2010/02/27/internet_3_dot_0_policy/ The US government's policy of leaving the Internet alone is over, according to Obama's top official at the Department of Commerce. Instead, an Internet Policy 3.0 approach will see policy discussions between government agencies, foreign governments, and key Internet constituencies, according to Assistant Secretary Larry Strickling, with those discussions covering issues such as privacy, child protection, cybersecurity, copyright protection, and Internet governance. The outcomes of such discussions will be *flexible* but may result in recommendations for legislation or regulation, Strickling said in a speech at the Media Institute in Washington this week. (http://www.ntia.doc.gov/presentations/2010/MediaInstitute_02242010.html) The new approach is a far cry from a US government that consciously decided not to intrude into the Internet's functioning and growth and in so doing allowed an academic network to turn into a global communications phenomenon. Strickling referred to these roots arguing that it was ``the right policy for the United States in the early stages of the Internet, and the right message to send to the rest of the world.'' But, he continued, ``that was then and this is now. As we at NTIA approach a wide range of Internet policy issues, we take the view that we are now in the third generation of Internet policy making.'' Outlining three decades of Internet evolution - from transition to commercialization, from the garage to Main Street, and now, starting in 2010, the Policy 3.0 approach - Strickling argued that with the Internet is now a social network as well a business network. We must take rules more seriously. He cited a number of examples where this new approach was needed: end users worried about credit card transactions, content providers who want to prevent their copyright, companies concerned about hacking, network neutrality, and foreign governments worried about Internet governance systems. The decision to effectively end the policy that made the Internet what it is today is part of a wider global trend of governments looking to impose rules on use of the network by its citizens. In the UK, the Digital Economy Bill currently making its way through Parliament has been the subject of significant controversy for advocating strict rules on copyright infringement and threatening to ban people from the Internet if they are found to do so. The bill includes a wide variety of other measures, including giving regulator Ofcom a wider remit, forcing ISPs to monitor their customers' behavior, and allowing the government to take over the dot-uk registry. In New Zealand, a similar measure to the UK's cut-off provision has been proposed by revising the Copyright Act to allow a tribunal to fine those found guilty of infringing copyright online as well as suspend their Internet accounts for up to six months. And in Italy this week, three Google executives were sentenced to jail for allowing a video that was subsequently pulled down to be posted onto its YouTube video site. Internationally, the Internet Governance Forum -- set up by under a United Nations banner to deal with global governance issues -- is due to end its experimental run this year and become an acknowledged institution. However, there are signs that governments are increasingly dominating the IGF, with civil society and the Internet community sidelined in the decision-making process. In this broader context, the US government's newly stated policy more in line with the traditional laissez-faire Internet approach. Internet Policy 3.0 also offers a more global perspective than the isolationist approach taken by the previous Bush administration. In explicitly stating that foreign governments will be a part of the upcoming discussions, Strickling recognizes the United States' unique position as the country that gives final approval for changes made to the Internet's Croot zone. Currently the global Internet is dependent on an address book whose contents are changed through a contract that the US government has granted to the Internet Corporation for Assigned Names and Number (ICANN), based in Los Angeles. [long item truncated for RISKS, with considerable subsequent discussion in IP. PGN] [Dan Lynch added: It was good while it lasted. The cat is out of the bag and now all the watchdogs of our morals are descending for good reasons. We have foisted communications anarchy on the world quite successfully. Let's see how they route around their paranoia.] IP Archives: https://www.listbox.com/member/archive/247/ ------------------------------ Date: Fri, 5 Mar 2010 03:17:01 -0500 (EST) From: msb_at_private (Mark Brader) Subject: Man posts "wanted" poster of himself on own Facebook page Chris Crego, of Lockport, New York, pleaded guilty to assault but fled the state before sentencing. However, he then put up Facebook and MySpace pages under his real name, showing his photo, his place and hours of employment, and -- in case there was any doubt -- the police "wanted" poster of him. He was arrested and returned to Lockport, and police posted a "thank you" notice on his page. http://www.cbsnews.com/blogs/2010/02/08/crimesider/entry6186573.shtml http://www.buffalonews.com/2010/03/02/974619/crego-back-in-lockport-held-on.html ------------------------------ Date: Sat, 6 Mar 2010 09:33:46 +0000 From: "Clive D.W. Feather" <clive_at_private> Subject: Car insurance bug I bought a new car a couple of weeks ago, though for obvious reasons [1] I didn't collect it until Monday. As soon as I knew the new registration number, I contacted my insurance company to alter the details. The paperwork finally arrived yesterday. At one point it reads: It has been owned by, and registered to you or your partner, for approximately - 1 year(s) 11 month(s). This puzzled me, so I phoned them, to be told "it always does that for new cars". Then I realized what had happened; the clue was that the previous paperwork did *not* have the dash in this text. The computer must have done something like "now = Feb 2010, bought Mar 2010, therefore owned for -1 months". Then it converted months to years by dividing by 12 and determining the remainder. There are two sensible answers for "-1 div/rem 12" (0 remainder -1 and -1 remainder 11) and which gets used depends on what properties you want to preserve. Or, in this case, because nobody had thought about negative inputs! The only remaining problem: how on earth do I get this information past the call centre and to the people who actually maintain this code? Perhaps they read RISKS. [1] Well, obvious to UK readers - it gives the car a "10" registration rather than a "59" one, affecting the resale value. Clive D.W. Feather <clive@private> http://www.davros.org +44 7973 377646 ------------------------------ Date: Sun, 07 Mar 2010 09:39:41 +0000 From: Martyn Thomas <martyn_at_thomas-associates.co.uk> Subject: Daily cyber attacks on the UK Foreign states and terrorist groups are regularly launching cyber-attacks on the UK's computer systems with the potential to cause widespread damage, according to the government's security tsar. Lord West of Spithead, who is parliamentary under-secretary for security and counter-terrorism, told the *Observer* that the UK was under daily cyber attack, often from agencies working on behalf of foreign governments. He said there had been "300 significant attacks" on the government's core computer networks in the last year and warned of chaotic scenes if one successfully targeted infrastructure such as the UK's communications systems... http://www.guardian.co.uk/technology/2010/mar/07/britain-fends-off-cyber-attacks ------------------------------ Date: Fri, 12 Mar 2010 09:09:50 -0500 (EST) From: "David Magda" <dmagda_at_private> Subject: "Traffic analysis" from data A little while ago the Ontario Privacy Commissioner released a report on the privacy implication of electrical smart grids (RISKS-25.84: "Your smart meter is watching"). Well, it turns out water pressure is another way that "traffic analysis" can be done on people's activities: > The water utility in Edmonton, EPCOR, published the most incredible graph > of water consumption last week. By now you've probably heard that up to > 80% of Canadians were watching last Sunday's gold medal Olympic hockey > game. So I guess it stands to reason that they'd all go pee between > periods. http://tinyurl.com/yedz5jt http://www.patspapers.com/blog/item/what_if_everybody_flushed_at_once_Edmonton_water_gold_medal_hockey_game/ Via: http://www.boingboing.net/2010/03/11/the-effects-of-gold-.html Not so much a technological RISK, but more of a reminder that as chips and sensors are placed in more places, we get more data. The more data we have, the more it can be linked with other data, and that can lead to unforeseen consequences. ------------------------------ Date: Mon, 1 Mar 2010 09:07:23 -0500 From: Paul Wexelblat <wex_at_private> Subject: Paranoia 101 Are they tracking us (a/k/a Paranoia 101) - Or, What I'd do if I was "one of 'them'". OK, Let's do an update 1. How many "Smart Cards" are you carrying? 2. How about your "New, Improved" Passport? 3. EZ Pass (or equivalent)? 4. How about those Tire Pressure things in your tires (4 and the spare!)- they're RFID's 5. Y'know, that "keyless entry" thingie in your pocket/key - RFID, again. 6. Oh, that ON-Star like thing in your car, can you turn it off? (Are you sure?) 7. About that cellphone, You want Paranoia - 8. Um, about the remote diagnostic capability of my Mom's pacemaker 9. The implanted ID chip in your pet 10. Do those "security" bags really protect RFID's from concerted reading devices? 11. "They" could easily record the serial numbers of the cash you get from the ATM 12. While they're doing facial recognition of everyone within range of the camera. How many of these things can be read from how far away? [Quite a few. PGN] ------------------------------ Date: Fri, 12 Mar 2010 12:21:59 -0800 (PST) From: Rob McCool <robm_at_private> Subject: Risks of having friends with computers http://www.mpi-sws.org/~gummadi/papers/inferring_profiles.pdf This paper discusses an interesting phenomenon for privacy. If a user has turned on privacy in either LinkedIn or Facebook such that their friends list is accessible but nothing else, the researchers were able to infer with 80% accuracy the values of the hidden attributes based solely upon 20% of those friends revealing their own value for those attributes. The article states that 95% of Facebook users expose their friends list to strangers, which means that for most people their privacy may be effectively compromised by a relatively small percentage of their friends. To me, this is a difficult tradeoff for Facebook users. Hiding your friends list means that people you know but with whom you have not connected will have difficulty deciding if that's really you, or another John Smith. The "N mutual friends" link is an incredibly useful one for finding people you might want to reconnect with. ------------------------------ Date: Wed, 10 Mar 2010 14:47:06 -0500 From: Robert Schaefer <rps_at_private> Subject: Computer core risks This came through via slashdot: http://www.gearlog.com/2010/03/hands_on_fake_intel_core_i7-92_1.php Apparently the computer core you thought you were purchasing is now the risk. Robert Schaefer, Atmospheric Sciences Group, MIT Haystack Observatory Westford MA 01886 781-981-5767 http://www.haystack.mit.edu rps@private ------------------------------ Date: Wed, 3 Mar 2010 23:29:33 +1000 From: "NSS 2010" <ieee.nss_at_private> Subject: 4th International Conference on Network and SystemSecurity 4th International Conference on Network and System Security (NSS 2010) September 1-3, 2010, Melbourne, Australia http://www.anss.org.au/nss2010 In technical co-sponsorship with the IEEE and the IEEE Computer Society Technical Committee on Scalable Computing Workshop proposal due: March 31, 2010 Paper submission due: March 31, 2010 ------------------------------ Date: Thu, 11 Mar 2010 08:41:27 -0800 From: Ulf Lindqvist <ulf.lindqvist_at_private> Subject: IEEE Symposium on Security and Privacy IEEE Symposium on Security and Privacy, May 16-19, 2010 The Claremont Resort, Oakland, California, USA Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research (IACR) It is my pleasure to announce the 2010 IEEE Symposium on Security and Privacy, to be held at the Claremont Resort 30 years after the very first symposium in this series. Please visit http://oakland31.cs.virginia.edu/ for information about the symposium and the co-located workshops. [The SSP 2010 program is also in RISKS-25.95. PGN] *Important Highlights:* * Register <http://www.regonline.com/Checkin.asp?EventId=810837> before April 18 to take advantage of the early registration rates * Reserve your hotel room <http://oakland31.cs.virginia.edu/travel.html> early, especially if you require and qualify for the government rate * The 30th anniversary of Security and Privacy welcomes all in the security research community to a light-hearted *awards dinner* on May 17. Registered symposium attendees and registered guests are welcome at this retrospective event with Master of Ceremonies Peter G. Neumann. The ceremonies will include the presentation of the National Computer Systems Security Award for 2010 by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). * The advance program <http://oakland31.cs.virginia.edu/program.html> is available * Student travel grants <http://oakland31.cs.virginia.edu/grants.html> are available, and applications are due by April 2 * The Call for Posters <http://oakland31.cs.virginia.edu/posters.html> is now open, and poster abstracts are due by April 8 * Three co-located workshops <http://oakland31.cs.virginia.edu/workshops.html> will be held in conjunction with the symposium on May 20: o Systematic Approaches to Digital Forensic Engineering (SADFE) o Web 2.0 Security and Privacy (W2SP) o Workshop on Security and Privacy in Social Networks I hope to see you at the symposium on May 16-19! Ulf Lindqvist, General Chair ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.96 ************************Received on Sat Mar 13 2010 - 17:40:13 PST
This archive was generated by hypermail 2.2.0 : Sat Mar 13 2010 - 18:40:41 PST