RISKS-LIST: Risks-Forum Digest Sunday 20 February 2011 Volume 26 : Issue 35 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.35.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: U.S.-centrism: a Blind Spot (Gene Wirchenko) UK Immigration Officer Puts Wife on the No-Fly List (Bruce Schneier) Risks of trusting GPS (Steve Lamont) Court applies "computer use" sentence enhancement due to simple cell phone use (Lauren Weinstein) New Hacking Tools Pose Bigger Threats to Wi-Fi Users (Kate Murphy via) Monty Solomon) Risk of using old techniques on new technologies (Jim Reisert) Free File Fillable Forms vs. Foreign Country (jidanni) Kill Switch, Anyone? (Gene Wirchenko) DHS/ICE vs. ICANN (Lauren Weinstein) FBI wants surveillance backdoors in ... pretty much everything (Lauren Weinstein) The Dirty Little Secrets of Search (David Segal via Monty Solomon) How does Nabble store passwords? (jidanni) SpyTunes (Andrew Mcafee via Monty Solomon) Precioussss! Mental price comparisons (Gene Wirchenko) Alarm Fatigue (Cliff Sojourner) Re: Tree octopus exposes Internet illiteracy (Kelly Bert Manning) Good, techish, update on Stuxnet (Symantec via Danny Burstein) REVIEW: "Extrusion Detection", Richard Bejtlich (Rob Slade) Computers, Freedom and Privacy 2011, WashDC, 14-16 Jun 2011 (Lillie Coney) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 17 Feb 2011 13:02:14 -0800 From: Gene Wirchenko <genew_at_private> Subject: U.S.-centrism: a Blind Spot Why the revolution will not be tweeted; Twitter and Facebook didn't create the Egyptian revolution. But Silicon Valley's belief they did shows the smug, ethnocentric blindness that's damaging the technology industry, *InfoWorld*, 17 Feb 2011 http://www.infoworld.com/d/the-industry-standard/why-the-revolution-will-not-be-tweeted-753 selected text: Paul Revere galloped from Charlestown to Lexington on that famous night in 1775. He couldn't have done it without his horse, so did that mean the American Revolution was really the "horse revolution"? That's silly, of course. But calling the Egyptian revolution the "Facebook (or Twitter) revolution" is just as misguided, and it's a symptom of our ethnocentric habit of viewing the world through the prism of the American experience or -- in the case of Egypt -- American technology. There's no doubt that Twitter and Facebook were tools the mostly young Egyptian rebels used to good effect. But that's all they were: tools. After all, the revolution continued -- and intensified -- when those tools were disabled by the Egyptian government's shutdown of the Internet. Yet we in the media and the technology industry are absolutely convinced that it couldn't have happened without social networking. As New Yorker magazine author Malcolm Gladwell puts it: "Where activists were once defined by their causes, they are now defined by their tools." Exactly. The blind spot that puts the American tech industry at risk If that blind spot extended no further than to foreign news events, it would be crippling enough. But the emergence of the developing world as a key market, supplier, and competitor makes that occluded vision all the more dangerous -- and yet another reason why it's so difficult for us to compete against countries such as India, China, South Korea, and Singapore. It's worth noting, for example, that Asia now accounts for 20 percent of world software revenue; when that's added to Europe's 36 percent share, the American market is a minority, according to a study by Pierre Audoin Consultants. The middle class in those countries is growing rapidly, and like the Horatio Alger story of old, many of those newly prosperous people are pulling themselves up by their bootstraps. Still, in the popular discourse, it doesn't seem matter how much logic can be brought to bear: We're convinced that Twitter and Facebook are the engines of everything because they are ours. We invented them, we own them, we know how to use them. They must be important. Such thinking isn't so different than that of the product manager who can't find Singapore on a map and wonders why he can't sell anything in that country or strike a deal with a supplier there. Looking at the world as if it were a shadow of the United States is foolish and shortsighted, as well as a recipe for failure. It is all too easy to consider others as being lesser versions of oneself. U.S. people are rather prone to this, but it can strike anywhere. ------------------------------ Date: Tue, 15 Feb 2011 00:03:31 -0600 From: Bruce Schneier <schneier_at_private> Subject: UK Immigration Officer Puts Wife on the No-Fly List [From CRYPTO-GRAM, 15 Feb 2011. PGN] A UK immigration officer decided to get rid of his wife by putting her on the no-fly list, ensuring that she could not return to the UK from abroad. This worked for three years, until he put in for a promotion and -- during the routine background check -- someone investigated why his wife was on the no-fly list. Okay, so he's an idiot. And a bastard. But the real piece of news here is how easy it is for a UK immigration officer to put someone on the no-fly list with *absolutely no evidence* that that person belongs there. And how little auditing is done on that list. Once someone is on, they're on for good. That's simply no way to run a free country. http://www.cnbc.com/id/41372870 http://www.loweringthebar.net/2011/02/immigration-officer-puts-wife-on-the-no-fly-list.html or http://tinyurl.com/4qghpxg http://www.dailymail.co.uk/news/article-1351937/Immigration-officer-fired-putting-wife-list-terrorists-stop-flying-home.html or http://tinyurl.com/67ofkgo ------------------------------ Date: Fri, 18 Feb 2011 12:21:07 -0800 From: Steve Lamont <spl_at_private> Subject: Risks of trusting GPS My commuter train was 90 minutes late on Wednesday evening (2/16/11). Here's why: GPS Blamed For Car On Tracks Hit By Train, 17 Feb 2011 http://www.10news.com/news/26899033/detail.html A 63-year-old Oklahoma woman in San Diego to visit her son narrowly escaped injury when her rental car became stuck on train tracks thanks to bad directions she received from the vehicle's GPS feature. The rented 2009 Hyundai Accent was struck in the rear by a Coaster train at 3298 Kettner Blvd. around 7:20 p.m. 15 Feb 2011, according to San Diego County sheriff's Sgt. Darrell Strohl. It was wet and dark outside, and the GPS directed the woman to turn left onto the railway, which she believed was a street, he said, adding that the car became stuck on some gravel. ------------------------------ Date: Mon, 14 Feb 2011 09:50:23 -0800 From: Lauren Weinstein Subject: Court applies "computer use" sentence enhancement due to simple cell phone use http://j.mp/gJDb6G (City Business) But the man objected when federal prosecutors moved to make his sentence longer for use of a computer. Prosecutors argued his cellphone qualifies as a computer under the definition in federal law. U.S. District Judge Richard Dorr agreed, sentencing Kramer to 14 years in prison, a term that the judge said was more than two years longer than he otherwise would have imposed. Kramer appealed, arguing he only used his phone to make calls and send text messages, so it shouldn't be considered a computer. But a three-judge panel of the St.Louis-based 8th Circuit upheld the sentence, finding the federal definition of computer is broad enough to encompass cellphones. ------------------------------ Date: Sat, 19 Feb 2011 01:26:05 -0500 From: Monty Solomon <monty_at_private> Subject: New Hacking Tools Pose Bigger Threats to Wi-Fi Users (Kate Murphy) Kate Murphy, *The New York Times*, 16 Feb 201 http://www.nytimes.com/2011/02/17/technology/personaltech/17basics.html You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents' basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online. "Like it or not, we are now living in a cyberpunk novel," said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. "When people find out how trivial and easy it is to see and even modify what you do online, they are shocked." Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited. Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections. ------------------------------ Date: Thu, 17 Feb 2011 14:11:31 -0700 From: Jim Reisert AD1C <jjreisert_at_private> Subject: Risk of using old techniques on new technologies "At the Non-volatile Systems Laboratory we have designed a procedure to bypass the flash translation layer (FTL) on SSDs and directly access the raw NAND flash chips to audit the success of any given sanitization technique. Our results show that naively applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact. Furthermore, our results also show that sanitizing single files on an SSD is much more difficult than on a traditional hard drive." http://nvsl.ucsd.edu/sanitize/ Jim Reisert AD1C, <jjreisert@private>, http://www.ad1c.us ------------------------------ Date: Sun, 13 Feb 2011 09:03:37 +0800 From: jidanni_at_private Subject: Free File Fillable Forms vs. Foreign Country http://www.irs.gov/efile/article/0,,id=218049,00.html : "Can I electronically file using Free File Fillable Forms if my address is in a foreign country? No, if the address on Form 1040, Form 1040A or Form 1040EZ is in a foreign country you will not be able to electronically file your return." So junior/aka/bozo/aka/me fills in his mom's address. And gets hit with a hefty Illinois tax bill. ------------------------------ Date: Thu, 17 Feb 2011 13:44:28 -0800 From: Gene Wirchenko <genew_at_private> Subject: Kill Switch, Anyone? Ted Samson, Feds wrongly links 84,000 seized sites to child porn; Homeland Security overshoots as it takes down popular mooo.com domain alongside child porn sites, *InfoWorld*, 17 Feb 2011 http://www.infoworld.com/t/regulation/feds-wrongly-links-84000-seized-sites-child-porn-966 Imagine, if you will, that you're a respectable, law-abiding owner of a small-business. You show up to your shop one fine morning only to find the doors barred and a big sign in front window reading, "The Federal government has seized this business as it's affiliated with creating, distributing, and/or storing child pornography." As part of the successful seizure of 10 Web domains suspected of storing, displaying, or peddling child pornography, The Department of Justice and Homeland Security's ICE (Immigration and Customs Enforcement) office also seized a domain called mooo.com, the most popular shared domain at afraid.org, which belongs to a DNS provider called FreeDNS. According to FreeDNS, mooo.com isn't a domain used for anything related to child porn; rather, it's home to some 84,000 Web sites primarily belonging to individuals and small businesses. Yet in pulling the plug on mooo.com, the Feds effectively shut down all 84,000 of those sites. But visitors to those sites wouldn't simply get an error along the lines of "This site is currently down," or even "This site has been temporarily seized by Homeland Security." Nope, instead, a visitor would be taken to a banner with the logos of the Homeland Security and the Department of Justice, beneath which text reading: "This domain name has been seized by ICE -- Homeland Security Investigations pursuant to a seizure warrant ... under the authority of Title 17 USC 2254. Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes...." One of the big questions here is, how did this happen? Under Federal law, the ICE simply needs to convince a district court judge to sign a seizure warrant, then to order the domain registries to redirect the seized domains to warning message. What's not clear, though, is how or why mooo.com ended up seized. Clerical error? Typo? Who knows? ------------------------------ Date: Thu, 17 Feb 2011 15:17:33 -0800 From: Lauren Weinstein <lauren_at_private> Subject: DHS/ICE vs. ICANN Greetings. In the vein of making lemonade when you have lemons, it occurs to me that the upcoming damage from ICANN's TLD expansion madness may have an unexpected solution -- the folks at DHS/ICE. Here's the simple plan. All we have to do is convince ICE to confiscate domains faster than ICANN can issue TLDs for new ones. Given how ICE managed to shut down 84K innocent domains in one fell swoop and tarnish them with c-porn allegations for site visitors, this should be easy as pie for those guys, especially since due process isn't required! After all, much of the world is going to block dot-ex-ex-ex from day one anyway. And probably dot-gay. And who knows what else ... All it should take is a few allegations of illicit Disney videos hosted on (or even just linked from) a TLD, and ICE will be out at the registry ordering them to flip the domain "off" switch. In fact, to make this even easier, perhaps the government should have direct access to DNS databases so that they can terminate domains without all the muss and fuss of dealing with the registries and registrars at all! Or is that already in pending legislation? Gotta go check that again. It's all so much simpler when you just toss Internet Freedoms out the window. Phew. Problem solved. http://j.mp/euQaAB (Google Buzz) Lauren Weinstein (lauren@private): http://www.vortex.com/lauren Network Neutrality Squad: http://www.nnsquad.org Tel: +1 (818) 225-2800 Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein ------------------------------ Date: Thu, 17 Feb 2011 10:56:21 -0800 From: Lauren Weinstein <lauren_at_private> Subject: FBI wants surveillance backdoors in ... pretty much everything http://j.mp/hdBHRE (CNET) [From Network Neutrality Squad] ------------------------------ Date: Sun, 13 Feb 2011 15:14:59 -0500 From: Monty Solomon <monty_at_private> Subject: The Dirty Little Secrets of Search (David Segal) David Segal, The Dirty Little Secrets of Search, 12 Feb 2011 http://www.nytimes.com/2011/02/13/business/13search.html PRETEND for a moment that you are Google's search engine. Someone types the word "dresses" and hits enter. What will be the very first result? There are, of course, a lot of possibilities. Macy's comes to mind. Maybe a specialty chain, like J. Crew or the Gap. Perhaps a Wikipedia entry on the history of hemlines. O.K., how about the word "bedding"? Bed Bath & Beyond seems a candidate. Or Wal-Mart, or perhaps the bedding section of Amazon.com. "Area rugs"? Crate & Barrel is a possibility. Home Depot, too, and Sears, Pier 1 or any of those Web sites with "area rug" in the name, like arearugs.com. You could imagine a dozen contenders for each of these searches. But in the last several months, one name turned up, with uncanny regularity, in the No. 1 spot for each and every term: J. C. Penney. The company bested millions of sites - and not just in searches for dresses, bedding and area rugs. For months, it was consistently at or near the top in searches for "skinny jeans," "home decor," "comforter sets," "furniture" and dozens of other words and phrases, from the blandly generic ("tablecloths") to the strangely specific ("grommet top curtains"). This striking performance lasted for months, most crucially through the holiday season, when there is a huge spike in online shopping. J. C. Penney even beat out the sites of manufacturers in searches for the products of those manufacturers. Type in "Samsonite carry on luggage," for instance, and Penney for months was first on the list, ahead of Samsonite.com. With more than 1,100 stores and $17.8 billion in total revenue in 2010, Penney is certainly a major player in American retailing. But Google's stated goal is to sift through every corner of the Internet and find the most important, relevant Web sites. Does the collective wisdom of the Web really say that Penney has the most essential site when it comes to dresses? And bedding? And area rugs? And dozens of other words and phrases? ... ------------------------------ Date: Sat, 19 Feb 2011 06:25:08 +0800 From: jidanni_at_private Subject: How does Nabble store passwords? Nabble is a public forum where all users' messages are public records. With Nabble, your user account is for public posting and identification, and contains no valuable private information. Because of this public nature, we do not see a need to encrypt password. Your password is stored in our secure database but is not encrypted. If you forget your password, you can retrieve it through our website and the password will be emailed to you in clear text. http://old.nabble.com/help/Answer.jtp?id=25 ------------------------------ Date: Sat, 19 Feb 2011 01:16:08 -0500 From: Monty Solomon <monty_at_private> Subject: SpyTunes (Andrew Mcafee) Andrew Mcafee, 18 Feb 2011 A little while back I was putting together an iTunes playlist to give to my Mom as a gift, and found myself frustrated by the application's user interface. It kept telling me that Mom already had one song after another, and refusing to let me complete the gifting process until I removed the duplicate song from the playlist. After I did this three or four times I gave up, complaining to my girlfriend how clunky the process was. She replied "That's not the real problem. The real problem is that iTunes is telling you what music someone else has." http://andrewmcafee.org/2011/02/mcafee-apple-itunes-privacy-hole-violation/ ------------------------------ Date: Tue, 15 Feb 2011 10:59:25 -0800 From: Gene Wirchenko <genew_at_private> Subject: Precioussss! Mental price comparisons Inapt price comparisons are all too common. Comparing the price of a with the price of an equal weight of precious metal might seem to be one, but. Keir Thomas, High prices threaten to kill tablet adoption; With the Motorola Xoom rumored to cost $1199, a high-price niche could turn people away from tablet computing. *ITBusiness*, 15 Feb 2011 http://www.itbusiness.ca/it/client/en/cdn/News.asp?id=61312 This sounds like a grouchy (and obvious) question, but are tablet computers too expensive? Are high prices going to push the nascent tablet computing platform into a nose dive it can't recover from? The Galaxy Tab weighs 368 grams. If you decided to invest in the equivalent weight of pure silver, it'd cost half the price of a Tab ($356 for 368 grams of silver vs. $600 for the Tab at $0.97 per gram of silver). The top-range, Wi-Fi-only iPad is also more expensive as its own weight in silver: $659.60 for 680 grams of silver vs. $699 for a 64GB Wi-Fi iPad. Comparisons to precious metals are apt. I've yet to invest in a tablet and there's a reason: I'm seriously concerned about theft. Like jewelry, tablet computers are highly portable by design. A computer journalist friend of mine wanted to write about the practicality of tablets so he used one on subway trains, and in the park, and on buses. It was going very well until one particular bus came to a stop, and somebody snatched the tablet out of his hands before sprinting away. ------------------------------ Date: Fri, 18 Feb 2011 09:23:33 -0800 From: Cliff Sojourner <cls_at_private> Subject: Alarm Fatigue As a follow-up from my note 15 years ago in RISKS-17.50, (http://catless.ncl.ac.uk/Risks/17.50.html#subj6.1)... this article from *The Boston Globe* does a good job relating risks of medical alarm systems. http://www.boston.com/news/local/massachusetts/articles/2011/02/14/no_easy_solutions_for_alarm_fatigue/ "Alarm fatigue" is a good term, I think most people can grasp the concept. The article also talks about "unintended consequences," a major component of risk assessment. ------------------------------ Date: Wed, 16 Feb 2011 02:49:44 -0500 (EST) From: bo774_at_private (Kelly Bert Manning) Subject: Re: Tree octopus exposes Internet illiteracy Seeing should not always be believing. Do a web search on BBC Spaghetti Harvest. West Coast Pioneering photographers found they could earn money making and selling composite photos of fish superimposed on railway flatcars and similar spectacles. One result of the recent proliferation of using edited digital photos in court and other arenas is that some people, at least, are beginning to realize that "photographic evidence" may not be all that it claims to be. ------------------------------ Date: Sat, 12 Feb 2011 23:09:02 -0500 (EST) From: danny burstein <dannyb_at_private> Subject: Good, techish, update on Stuxnet (Symantec) When we released our paper on Stuxnet by Nicolas Falliere, Liam O Murchu, and Eric Chien in September, we mentioned we=E2=80=99d likely continue to make revisions. We have two major updates to the paper and some other minor changes throughout. A summary of these updates follows and more detailed information can be found in the paper. [Symantec] http://www.symantec.com/connect/fr/blogs/updated-w32stuxnet-dossier-available ------------------------------ Date: Mon, 14 Feb 2011 16:51:47 -0800 From: Rob Slade <rMslade_at_private> Subject: REVIEW: "Extrusion Detection", Richard Bejtlich BKEXTDET.RVW 20101023 "Extrusion Detection", Richard Bejtlich, 2006, 0-321-34996-2, U$49.99/C$69.99 %A Richard Bejtlich www.taosecurity.com taosecurity.blogspot.com %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2006 %G 0-321-34996-2 %I Addison-Wesley Publishing Co. %O U$49.99/C$69.99 416-447-5101 800-822-6339 bkexpress_at_private %O http://www.amazon.com/exec/obidos/ASIN/0321349962/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321349962/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321349962/robsladesin03-20 %O Audience a+ Tech 3 Writing 2 (see revfaq.htm for explanation) %P 385 p. %T "Extrusion Detection:Security Monitoring for Internal Intrusions" According to the preface, this book explains the use of extrusion detection (related to egress scanning), to detect intruders who are using client-side attacks to enter or work within your network. The audience is intended to be architects, engineers, analysts, operators and managers with an intermediate to advanced knowledge of network security. Background for readers should include knowledge of scripting, network attack tools and controls, basic system administration, TCP/IP, as well as management and policy. (It should also be understood that those who will get the most out of the text should know not only the concepts of TCP/IP, but advanced level details of packet and log structures.) Bejtlich notes that he is not explicitly addressing malware or phishing, and provides references for those areas. (It appears that the work is not directed at information which might detect insider attacks.) Part one is about detecting and controlling intrusions. Chapter one reviews network security monitoring, with a basic introduction to security (brief but clear), and then gives an overview of monitoring and listing of some tools. Defensible network architecture, in chapter two, provides lucid explanations of the basics, but the later sections delve deeply into packets, scripts and configurations. Managers will understand the fundamental points being made, but pages of the material will be impenetrable unless you have serious hands-on experience with traffic analysis. Extrusion detection itself is illustrated with intelligible concepts and examples (and a useful survey of the literature) in chapter three. Chapter four examines both hardware and software instruments for viewing enterprise network traffic. Useful but limited instances of layer three network access controls are reviewed in chapter five. Part two addresses network security operations. Chapter six delves into traffic threat assessment, and, oddly, at this point explains the details of logs, packets, and sessions clearly and in more detail. A decent outline of the advance planning and basic concepts necessary for network incident response is detailed in chapter seven (although the material is generic and has limited relation to the rest of the content of the book). Network forensics gets an excellent overview in chapter eight: not just technical points, but stressing the importance of documentation and transparent procedures. Part three turns to internal intrusions. Chapter nine is a case study of a traffic threat assessment. It is, somewhat of necessity, dependent upon detailed examination of logs, but the material demands an advanced background in packet analysis. The (somewhat outdated) use of IRC channels in botnet command and control is reviewed in chapter ten. Bejtlich's prose is clear, informative, and even has touches of humour. The content is well-organized. (There is a tendency to use idiosyncratic acronyms, sometimes before they've been expanded or defined.) This work is demanding, particularly for those still at the intermediate level, but does examine an area of security which does not get sufficient attention. copyright, Robert M. Slade 2010 BKEXTDET.RVW 20101023 rslade_at_private slade_at_private rslade_at_private victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ ------------------------------ Date: Fri, 18 Feb 2011 17:54:59 -0500 From: Lillie Coney <coney_at_private> Subject: Computers, Freedom and Privacy 2011, WashDC, 14-16 Jun 2011 The 2011 Computers Freedom and Privacy annual conference will convene at the Georgetown Law Center located in Washington DC on 14-16 Jun 2011. This year's CFP will explore the intersection of policy, technology, and action. The meeting will involve technology and policy experts and activists in forums designed to engage the public and policymakers in discussions about the information society and the future of technology, innovation, and freedom. For more on the meeting visit: http://cfp.org/2011 A research poster session is planned for 16 Jun 2011. To submit for the research poster session visit: https://www.easychair.org/account/signin.cgi?conf=cfp21research To submit proposals for panels, workshops, plenaries, speakers or BoFs visit: http://www.cfp.org/2011/wiki/index.php/Submission_guidelines You are encouraged to share information regarding the meeting with your online and offline network. ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.35 ************************Received on Sun Feb 20 2011 - 21:11:37 PST
This archive was generated by hypermail 2.2.0 : Sun Feb 20 2011 - 23:22:10 PST