[RISKS] Risks Digest 26.38

From: RISKS List Owner <risko_at_private>
Date: Tue, 22 Mar 2011 20:52:51 PDT
RISKS-LIST: Risks-Forum Digest  Tuesday 22 March 2011  Volume 26 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.38.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Interconnectivity -- Local, Global, and All-ways (PGN)
Canadian Nuclear Plant Leaks Radioactive Water Into Lake Ontario
  (Geoff Goodfellow)
Dozens of exploits released for popular SCADA programs (Dan Goodin)
German Parliament in the Dark (Debora Weber-Wulff)
Estonian voting system flawed (PGN)
Three-ship collision attributed to software (Rich Brown)
GPS jamming trial (Martyn Thomas)
UK Royal Academy of Engineering report on GPS jamming (Erling Kristiansen)
Copper thieves cause train wreck (Mark Brader)
Efforts to make Internet secure are ineffective (James Lewis)
Google's "Farmer" search tweaks devastate website rankings (Mark Thorson)
China Tightens Censorship of Electronic Communications (Robert Schaefer)
Risks of playing computerized poker (Gabriel Dance)
Insider threat against Whac-A-Mole (Jeremy Epstein)
NJ came close to selling private data at auction (Jeremy Epstein)
Congratulating National Car rental (Don Norman)
ACSAC 2011 Call for Participation (Jeremy Epstein)
Computers/Freedom/Privacy Research/Poster CFP (Jeremy Epstein)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 22 Mar 2011 14:14:32 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Interconnectivity -- Local, Global, and All-ways

The recent 9.0 earthquake in Japan and the ensuing tsunami remind us once
again about how globally interrelated everything has become.  For example,
the fishing fleet in Crescent City, California was essentially destroyed by
the tsunami -- all the way across the Pacific.  Just-in-time parts supplies
for various automobile manufacturers were disrupted in many different
countries.  Many airport schedules were dramatically affected.  Radiation
concerns abound in Japan, and are echoed around the world with respect to
other potentially susceptible nuclear power plants.

Planning for worst cases is seemingly a losing battle under serious
emergencies in which the design and operational assumptions are dramatically
exceeded.  That certainly compounded the long-term future of the affected
Japanese reactors.  It also reminded us that backup systems can present
serious risks, especially when they are also wiped out and when the standby
power runs out.

Massive propagating electrical outages have recurred since 1965, despite
continual reassurances that they can no longer happen.

With respect to trustworthy computing, the Department of Homeland Security
Cybersecurity Roadmap discusses eleven topic areas in which extensive work
is needed with respect to research, development, test, evaluation, and
technology transfer (http://www.cyber.st.dhs.gov/documents.html).  An
Appendix to that report (Disclaimer: I wrote that appendix) illustrates the
remarkable extent to which each of those eleven areas can depends on the
successful operations in the other areas.  But even more remarkable is the
extent to which all of the critical national infrstructures depend on
computer-communication systems and of course in most cases the Internet
itself.  This may be old stuff to RISKS readers, but too many others do not
seem to get it.  When push comes to shove, we wind up with short-sighted
approaches.  The counter argument says that risk analysis showed that what
was done was prudent.  Prudent, schmoodent.  We still don't build systems
and applications that are trustworthy even under ordinary circumstances.

Thus, we are all in this together.  To paraphrase John Dunne (and to
acknowledge Bob Morris, who in September 1988 at a CSTB meeting in
Washington DC said that ``To a first approximation, every computer in the
world is connected with every other computer.''),

  No system is an island, in spite of itself.
  Every mishaps diminishes me -- and potentially many others.

I'm donne with my soape boxe.  However, it is worth noting that the
Japanese are probably better prepared for major earthquakes than any other
nation.  For example, consider this item from Nic Pottier in Dave Farber's
IP distribution:

  Fantastic take on the Japanese Earthquake

  Covering all the million things that went fantastically well:
http://www.kalzumeus.com/2011/03/13/some-perspective-on-the-japan-earthquake/

------------------------------

Date: March 19, 2011 10:51:44 PM GMT-04:00
From: Geoff Goodfellow <geoff_at_private>
Subject: Canadian Nuclear Plant Leaks Radioactive Water Into Lake Ontario

http://planetsave.com/2011/03/18/canadian-nuclear-plant-leaks-radioactive-water-into-lake-ontario/

With all the focus placed on the Japanese radiation leak as well as the
toxic plume of radioactive particles (possibly containing uranium and
plutonium) heading for the United States, another potential disaster is
receiving virtually no attention.

Of course, attention should be paid to the Japanese situation. Nevertheless,
it seems the continent of North America is being hit from two sides in terms
of radiation danger.

On 16 Mar, a report was released by the Canadian Broadcasting Corporation
(CBC) stating that Canada's Ontario Power Generation has released
radioactive water into Lake Ontario via a leak in the Pickering A nuclear
generating station.

As a result of what appears to be a pump seal failure, tens of thousands of
litres of radioactive water escaped the generating station on Monday and
ended up in Lake Ontario.

This is concerning for a number of reasons, but it is especially concerning
considering the fact that Lake Ontario is the main source of drinking water
for millions of people....

------------------------------

Date: Tue, 22 Mar 2011 13:42:48 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Dozens of exploits released for popular SCADA programs (Dan Goodin)

Dan Goodin in San Francisco, *The Register*, 22 Mar 2011
http://www.theregister.co.uk/2011/03/22/scada_exploits_released/
  [Thanks to Jeremy Epstein.  PGN]

The security of software used to control hardware at nuclear plants, gas
refineries and other industrial settings is coming under renewed scrutiny as
researchers released attack code exploiting dozens of serious
vulnerabilities in widely used programs.

The flaws, which reside in programs sold by Siemens, Iconics,
7-Technologies, Datac, and Control Microsystems, in many cases make it
possible for attackers to remotely execute code when the so-called
supervisory control and data acquisition software is installed on machines
connected to the internet. Attack code was released by researchers from two
separate security camps over the past week.

"SCADA is a critical field but nobody really cares about it," Luigi
Auriemma, one of the researchers, wrote in an email sent to The
Register. "That's also the reason why I have preferred to release these
vulnerabilities under the full-disclosure philosophy."

The vulnerability dump includes proof-of-concept code for at least 34
vulnerabilities in widely used SCADA programs sold by four different
vendors. Auriemma said the majority of the bugs allow code execution, while
others allow attackers to access sensitive data stored in configuration
files and one makes it possible to disrupt equipment that uses the
software. He included a complete rundown of the vulnerabilities and their
corresponding PoC code in a post published on Monday to the Bugtraq mail
list. [...]

------------------------------

Date: Wed, 09 Mar 2011 08:15:19 +0100
From: Debora Weber-Wulff <weberwu_at_htw-berlin.de>
Subject: German Parliament in the Dark

On 8 Mar 2011, shortly after 9 am, a Berlin ditch-digger managed a coup that
would have made a terrorist proud. He found the single point of failure -
the three electrical mains cables that run into the Bundestag. The mains
were cut, and suddenly the parliament building and three office buildings in
the immediate neighborhood were plunged into darkness.

They swore. They waited a bit. They twittered - at least the mobile
telephones still had juice, ever if the computers and coffee pots had
died. Then an announcement came through by megaphone: Don't use the toilets!

It seems that the modern toilets in the German parliament are all electronic
flush deals. No juice, no flush.

Minutes dragged on to hours. There was still no electricity.  Luckily, it
was not a day in which parliament was meeting, there were just the workers
around who were told to go home.

The chancellor, it seems, was in a better position. Her offices have an
emergency electrical system that actually worked. So Germany was not
completely thrown into anarchy for half a day, if something important had
happened in the world, it would have been possible to get the chancellor on
the phone, although she couldn't reach her important files that were on a
server somewhere deep in the blackout.

So we are back to the simple risks: Single point of failure.

Will they never learn?

Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin +49-30-5019-2440
weberwu@htw-berlin.de http://www.f4.htw-berlin.de/people/weberwu/

------------------------------

Date: Sun, 13 Mar 2011 19:56:38 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Estonian voting system flawed

Andriaus Vaitkeviiaus, Estonian student finds flaw in e-voting, seeks
nullification of result, alfa.lt, 10 Mar 2011
http://www.alfa.lt/straipsnis/10740189/?Estonian.student.finds.flaw.in.e.voting..seeks.nullification.of.result=2011-03-10_10-28

A university student claims to have found a fatal flaw in the online
election software that could make it possible for a virus to block certain
candidates without the voter ever knowing about that tampering had occurred.

"Those who are operating the system have unfortunately not done their work
well as they have not explained these risks to the electoral committee and
candidates," said Paavo Pihelgas, a student at the University of Tartu, who
has sent the election committee a complaint =seeking nullification of the
election result.

------------------------------

Date: Thu, 10 Mar 2011 08:48:44 -0600
From: Rich Brown <rab_at_private>
Subject: Three-ship collision attributed to software

Aberdeen Harbour: ships collide, caught on camera

On 26 Feb 2011, the SBS Typhoon collided with VOS Scout head-on and forced
her into Ocean Searcher.  The Typhoon's owners said the accident was caused
by a software fault -- ``a glitch in fitting new, high-tech equipment'' for
a new dynamic positioning system.  Minor damage to each ship was reported,
and no injuries.  [Source: BBC News, PGN-ed]
  www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-12689927

------------------------------

Date: Mon, 21 Mar 2011 09:16:10 +0000
From: Martyn Thomas <martyn_at_thomas-associates.co.uk>
Subject: GPS jamming trial

The UK Ministry of Defence has informed Ofcom of the following GPS jamming
exercise:

Dates: Jamming will be conducted on a maximum of 3 week-days in the period
10-21 July 2011.Times: 0900 -1730 BST.

Location: Jamming aircraft will orbit at 10,000ft above mean sea-level
(AMSL) along a 50nm flightpath on a heading of 270°T from Kirkwall,
starting 10nm to the west of Kirkwall and ending 60nm to the west of
Kirkwall

Possible areas affected: The GPS jamming is likely to affect civilian
Standard Positioning Service (SPS) receivers over a large area.  A minimum
jammer to signal vulnerability of 30dB has been assumed for a civilian
receiver.  Signal theory suggests that a SPS civilian receiver should have
approximately 32dB of jamming resistance.

Safety of Life Operations: Safety of life operations will take precedence
over exercise activities at all times. To this end, the AWC is open to
further discussion with any official recipient on the potential implications
of this jamming exercise.

Contact point: During the exercise, any official recipient (or their
delegated representative) and any member of the Emergency Services may
terminate the jamming for safety reasons by calling the contact numbers
below:

(1) Primary: Duty Controller Flying (TLT), RAF Kinloss - Tel: 01309 617857.

(2) Backup: Duty Controller Flying (TLT), RAF Lossiemouth - Tel: 01343
817428.

(3) Tertiary: Duty Air Surveillance Officer, National Air and Space
Operations Centre Tel: 01494 494812.

Note: Safety of life operations will take precedence over exercise
activities at all times.

------------------------------

Date: Sat, 12 Mar 2011 10:41:25 +0100
From: Erling Kristiansen <erling.kristiansen_at_private>
Subject: UK Royal Academy of Engineering report on GPS jamming

http://talksatellite.com/EMEA-A1474.htm">http://talksatellite.com/EMEA-A1474.htm
A couple of quotes from the article:

  We regularly detect instances of GPS jammers in use as we monitor radio
  activity around the UK. The plot from one of our detectors shows one which
  we saw in use on the A4 near Kew Bridge.

  A network of monitors in our major urban centres will allow us to monitor
  use of these jamming devices and get them turned off as soon as they are
  detected. This network will also act as a detector of criminal activity;
  there is no legitimate use for this jamming equipment.

My comments:

The proposed "cure" is to locate and remove jammers.  I don't know what kind
of signal current jammers transmit. But, considering the very low power and
wide spectrum of the GPS signal, it should not be difficult to build a
jammer that is virtually impossible to locate. You can only home in on a
transmitter if you can "see" it above the background noise.

In my opinion, the best cure is to avoid deploying GPS-based applications
that give an incentive for jamming. Road tolling is the first example that
springs to mind.

------------------------------

Date: Fri, 18 Mar 2011 07:05:00 -0400 (EDT)
From: msb_at_private (Mark Brader)
Subject: Copper thieves cause train wreck

As we know, theft of copper has become an increasingly serious problem.
According to an item in the March issue of Modern Railways magazine, it has
now caused a "major railway accident" in the Netherlands.

It happened at Zevenaar, near the Dutch-German border, on January 11.  The
thieves took away more than 300 m (1,000 feet) of wiring, and apparently had
expert knowledge since they selected cables whose absence would not be
immediately detected as a fault.

Consequently the signaling system was unable to detect trains in certain
positions, and an Amsterdam-Cologne Inter-City Express (ICE) was switched
onto a track that was actually occupied by a stationary train of empty
flatcars used for container traffic.  The front of the ICE sideswiped the
last few flatcars, and cars of both trains were derailed.

There were no deaths or serious injuries, but once the signaling system was
failing to detect trains, it was clearly just a matter of luck as to what
trains would collide and exactly how.  As it is, repairs to the track and
trains are expected to cost 1,000,000 euros.

Mark Brader, Toronto, msb_at_private | "Volts are like proof." --Steve Summit

------------------------------

Date: Mon, 21 Mar 2011 1:47:39 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Efforts to make Internet secure are ineffective (James Lewis)

John P. Mello, Jr. writing on the testimony of James Lewis (CSIS):
Examining the Cyber Threat to Critical Infrastructure and the American
Economy; Efforts to make Internet secure are ineffective, 18 Mar 2011
http://www.gsnmagazine.com/node/22713?c=cyber_security

James Lewis: While some progress has been made by some federal agencies in
making cyberspace secure, overall efforts have been ineffective, according
to a well-known security expert.  "What we are doing now to secure
cyberspace is not working," a House subcommittee was told March 16 by James
Lewis, director and a senior fellow in the Technology and Public Policy
program at the Center for Strategic and International Studies in Washington,
DC (CSIS.org).  "There's been real progress at some agencies like DHS, but
we need to rethink our approach," he told the Cybersecurity, Infrastructure
Protection and Security Technologies panel.

Military establishments in some countries have the capability to launch a
cyber attack on the United States, he maintained. "They're not going to
launch a cyber attack because they're not going to start a war for no reason
with the U.S., they're deterred by our military, but if they ever did attack
us, we are unprepared to defend ourselves."

Terrorists don't have the capability -- yet -- to launch cyber attacks,
however groups like al-Qaeda are trying to obtain the capability, he
said. "Perhaps more worrisome.  Iran and North Korea are developing
cyber-attack capabilities. When these terrorist and rogue states can launch
a cyber attack, they, too, will find that we're unprepared."  He declared
that cyber crime and cyber espionage are daily occurrences in the United
States and are doing long-term damage to the nation's economy and global
competitiveness.  What's more, they set the stage for cyber attacks. "Some
of our opponents use cyber criminals as mercenaries.  Our most advanced
opponents in cyber crime and cyber espionage can overpower even the most
technologically sophisticated U.S. company."

He called for shelving the status quo in cyber security. "We need a new
strategy that uses all the tools of American power -- military, law
enforcement, homeland security, partnership with the private sector," he
said. "If we can come up with this new combined strategy, we will be able to
do something effective to protect ourselves, but we're not there yet by any
stretch of the imagination."

------------------------------

Date: Thu, 17 Mar 2011 20:00:56 -0700
From: Mark Thorson <eee_at_private>
Subject: Google's "Farmer" search tweaks devastate website rankings

On 24 Feb 2011, Google made a change to their search algorithm that has
devastated the search rankings of many sites.  According to this article, it
was done to downgrade so-called "farmer" websites that have shallow,
low-value content.

http://searchengineland.com/google-forecloses-on-content-farms-with-farmer-algorithm-update-66071

As evidenced by the reader comments (more like complaints) at the end of the
article, many sites with high-value content have seen drastic reductions in
visitors.  One of my favorite websites is http://www.waynesthisandthat.com
written by a retired engineer.  He writes about his hobbies and interests,
and the site is high-value, original content.  But he got hit hard -- an
average of 8,500 visits daily before the 24th dropped to 6,500 afterward,
though there were 14,000 on the 24th.

Risks?  Not many for a hobbyist site, other than less satisfaction from
creating and adding to it.  For a commercial site, it could have tremendous
economic impact.  In the big picture, Google may have developed too much
dominance in this space, like IBM or AT&T did in their spaces before the
consent decrees of 1956.

------------------------------

Date: Tue, 22 Mar 2011 15:57:21 -0400
From: Robert Schaefer <rps_at_private>
Subject: China Tightens Censorship of Electronic Communications

I think this takes the concept of corporate email filters that block naughty
words to a whole new level:

  "... A Beijing entrepreneur, discussing restaurant choices with his
  fiance over their cellphones last week, quoted Queen Gertrude's
  response to Hamlet: ``The lady doth protest too much, methinks.''  The
  second time he said the word `protest', her phone cut off."
    http://www.nytimes.com/2011/03/22/world/asia/22china.html?_r=3

robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford, MA 01886  781-981-5767  http://www.haystack.mit.edu

------------------------------

Date: Wed, 16 Mar 2011 22:12:26 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: Risks of playing computerized poker (Gabriel Dance)

Gabriel Dance, Computers Get Better at Knowing When to Hold 'Em or Fold 'Em:
Smarter Than You Think: Invasion of the Poker Bots, *The New York Times*,
14 March 2011, National Edition pp. A13,A16.

Playing against opponents in online poker, a professional poker player --
Bryan Taylor -- found some of his frequent opponents were playing quite
similarly on PokerStars.  After an investigation, he discovered that his
opponents were in fact computer programs masquerading as people -- and are
so much better than they used to be that they are very difficult to beat
[especially if they are going to clean you out, or worse, if the gambling
site were itself cheating.  PGN].  Bryan managed to get PokerStars to shut
down some of the bots.  On the other hand, poker bots are widely available
on the Internet, and seem to be proliferating widely!  (Although Internet
gambling is illegal in the U.S., many sites are off-shore and widely used.)

  [I saw *The Sting* on TV last night for the Nth time, with its own lessons
  on clever scams.  But I am once again reminded that anyone thinking he or
  she can make easy money on the Internet from an off-shore game is probably
  one of those who believes that electronic voting machines are absolutely
  infallible -- and especially the off-shore ones run by unknown third
  parties.  Caveat aleator!  PGN]

------------------------------

Date: Tue, 15 Mar 2011 16:26:42 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: Insider threat against Whac-A-Mole

No, it's not a joke.  Marvin Wimberly was afraid he was going to lose his
job at Bob's Space Racers, maker of Whac-A-Mole.  So he modified the
software (who knew there was software in those things?) so after some number
of moles, they stop popping up - and he'd keep his job fixing the software.

I heard this first on NPR's Wait Wait (a comedy quiz show), and wasn't
convinced it was true.  (See
http://www.npr.org/2011/03/05/134276249/Bluff-The-Listener for the
transcript.)  But an Orlando TV station is also reporting it
(http://www.wftv.com/news/26986709/detail.html) and other seemingly
mainstream news sources.

The charge is for infringing on Bob's intellectual property, punishable by
15 years in jail.  I never knew moles had IP.

I'm not sure if the risk is the obvious insider threat, or using software to
implement such a game, or my gullibility in believing such a fish story....

------------------------------

Date: Thu, 10 Mar 2011 21:24:22 -0500
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: NJ came close to selling private data at auction

*The NY Times* reports that New Jersey came close to selling used computers
with files on abused children, employee evaluations, tax returns, lists of
passwords, memoranda from a judge regarding possible lawyer misconduct,
etc. According to a study by the state comptroller, 79% of the machines
being sold held data, "much of it confidential".

Nothing new here - there have been studies showing this before.  Cf. Simson
Garfinkel "Remembrance of Data Passed: Used Disk Drives and Computer
Forensics", USENIX LISA 2004
(www.usenix.org/event/lisa04/tech/talks/garfinkel.pdf).  Just sad that this
is still happening...

Perhaps this was the most interesting part: "[The comptroller's] report says
that one agency had a device that magnetically erased computer drives, but
that employees did not like to use it because it was noisy."  Do you suppose
government agencies that handle classified data have such a cavalier
attitude about data protection?

http://www.nytimes.com/2011/03/10/nyregion/10computers.html

------------------------------

Date: Wed, 9 Mar 2011 16:22:58 -0800
From: Don Norman <don_at_private>
Subject: Congratulating National Car rental

We hear of so many clueless, unresponsive companies that i thought I
would report a success story. I recently got an email from National
Car rental about their Emerald Club (I am a member), asking me to
click on a link inside the email. But the URL for that link, a long
complex one, was to the site cl.exct.net/...   . So I sent my usual
letter of complaint, explaining that this type of letter was teaching
people to fall for phishing attempts.  I send these letters out a lot;
I never get any answers (except sometimes a form letter thanking me
for writing).

But hey, National forwarded my letter to an assistant VP, who said:

  "Thank you for your recent comment regarding our update links.  You
  were kind enough to point out to us the flaw in having such a long link
  not directly associated with our brand.  In today's world, there is no
  doubt that many of our customers would see this as a phishing
  e-mail.   Certainly this is the opposite of the service we are trying
  to provide in this e-mail.

  "As a result of your comment we are in the process of introducing a brand
  friendly link.  We hope to roll this out on all new emails beginning in
  April."

Rare successes should be celebrated. Ideally, these requests should be
unnecessary, but it is nice to see a company that is trying to help reduce
risks.

Don Norman, www.jnd.org, don_at_private

------------------------------

Date: Thu, 17 Mar 2011 16:08:04 -0400
From: Jeremy Epstein <jeremy.epstein_at_private>
Subject: ACSAC 2011 Call for Participation

27th Annual Computer Security Applications Conference (ACSAC 2011)
Buena Vista Palace Hotel & Spa in the Walt Disney World Resort, Florida, USA
5-9 December 2011
http://www.acsac.org

CALL FOR PARTICIPATION

The Annual Computer Security Applications Conference (ACSAC) is an
internationally recognized forum where practitioners, researchers, and
developers in information and system security meet to learn and to exchange
practical ideas and experiences. If you are developing, researching, or
implementing practical security solutions, consider sharing your experience
and expertise at ACSAC.

We are especially interested in submissions that address the application of
security technology, the implementation of systems, and lessons learned. [...]

SUBMISSION DEADLINES:

Papers (peer-reviewed),  Case Studies,  Courses/Tutorials, Panels, Workshops
all 6 June 2011; Posters and Works-in-Progress 2 Sept 2011


TECHNICAL TRACK PAPER SUBMISSIONS:
  Chair: John McDermott, Naval Research Lab
  Co-Chair: Michael Locasto, University of Calgary

CASE STUDIES IN APPLIED SECURITY:
  Chair: Steven Rome, Booz Allen Hamilton
  Co-Chair: Ken Shotting, DoD

  [Long item PGN-ed for RISKS.  See http://www.acsac.org for details.
  This is an excellent conference (with workshops) for application security.
  PGN]

------------------------------

Date: Mon, 14 Mar 2011 17:53:22 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: Computers/Freedom/Privacy Research/Poster CFP

Computers, Freedom, and Privacy: Research Poster Showcase

Submission Site:
https://www.easychair.org/account/signin.cgi?conf=cfp21research

This year's Computers, Freedom and Privacy Conference will feature a
research showcase in the form of a research poster session as well as a
research panel that includes the authors of the best research posters. CFP
is the leading policy conference exploring the impact of the Internet,
computers, and communications technologies on society. For more than a
decade, CFP has anticipated policy trends and issues, and has shaped the
public debate on the future of privacy and freedom in an ever more
technology-filled world. CFP focuses on topics such as freedom of speech,
privacy, intellectual property, cybersecurity, telecommunications,
electronic democracy, digital rights and responsibilities, and the future of
technologies and their implications. Researchers who work in any of these
areas are invited to submit research abstracts.

We seek research abstracts describing recent or ongoing research in all
areas relevant to the conference themes. We are especially interested in
research abstracts that present results with clearly articulated policy
implications. Abstracts should be written for a general audience and
should avoid using technical or legal jargon.

Submitted research abstracts can be either unpublished original research
(including work in progress), or research that has been recently published
(2010 or 2011).

Accepted abstracts or links to published papers will be posted on the CFP
web site and authors will be invited to present their work in the form of a
poster during a poster session on June 16, 2011. The authors of the best
research posters will be invited to participate in a panel discussion.

Please submit your abstract online at:
https://www.easychair.org/account/signin.cgi?conf=cfp21research

If the research has been published, also include the full citation and
URL. Attach a 1-2 page extended abstract or the full paper as a PDF file.
Please note that poster abstracts should be formatted like short papers, not
like posters. Authors of accepted posters will be sent information about how
to prepare and format posters for the conference.

Submissions will close at 5pm, US East Coast time, the evening of April 3.

* Co-chair Serge Egelman <serge.egelman_at_private>, NIST
* Co-chair Jeremy Epstein <jeremy.j.epstein_at_private>, SRI
* L Jean Camp <ljeanc_at_private>, Indiana University
* Joseph Lorenzo Hall <joehall_at_private>, UC Berkeley / Princeton
* Andy Oram <andyo_at_private>, O'Reilly Media
* Janice Tsai <harraton_at_private>, Microsoft

------------------------------

Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.38
************************
Received on Tue Mar 22 2011 - 20:52:51 PDT

This archive was generated by hypermail 2.2.0 : Wed Mar 23 2011 - 02:06:20 PDT