[RISKS] Risks Digest 26.45

From: RISKS List Owner <risko_at_private>
Date: Tue, 24 May 2011 16:33:05 PDT
RISKS-LIST: Risks-Forum Digest  Tuesday 23 May 2011  Volume 26 : Issue 45

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/26.45.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Computer glitch forces U.S. to cancel visa lottery results (Robert McMillan
  via Ben Moore)
Westpac systems crash in IT meltdown notsp (Michael Rosa)
Car Talk and Talk and... (Joseph B. White via Eli the Bearded)
Sony breach may drive down value of stolen credit cards (Jeremy Epstein)
WSJ Reporter Takes Heat Over Tone Of Privacy Series (Joe Mullin)
Monty Solomon <monty_at_private>
Subject: When the Internet Thinks It Knows You (Eli Pariser via
  Monty Solomon)
"Automatic Updates" considered Zombieware (Henry Baker)
Amazon Cloud Crash Write-up (Gene Wirchenko)
Lawsuit alleges spyware on rental computers (Joe Mandak via Matt Roberds)
The Web browser that cried "wolf" (Mark Thorson)
You must enable javascript to view this page (jidanni)
Future Risks (John Brandon via Gene Wirchenko)
Poor choice for automatic password (Tony Luck)
REVIEW: "The Black Swan", Nassim Nicholas Taleb (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 16 May 2011 01:39:03 GMT
From: "Ben Moore" <ben.moore_at_private>
Subject: Computer glitch forces U.S. to cancel visa lottery results

Robert McMillan, IDG News Service, 13 May, 2011 [PGN-ed]
http://www.networkworld.com/news/2011/051311-computer-glitch-forces-us-to.html

It turns out that the country's 2012 Diversity Lottery wasn't fair. In a
videotaped statement posted to the Web, Deputy Assistant Secretary of State
for Visa Services David Donahue said the results, announced by his
department earlier this month, "did not represent a fair random selection of
the entrants, as required by U.S. law.  Although we received large numbers
of entries every day during the 30-day registration period, a computer
programming error caused more than 90 percent of the selectees to come from
the first two days of the registration period." (5-6 Oct 2010)

More than 12 million people applied for the green card lottery last
year. The program is designed to even out the mix of U.S. immigrants by
giving some people from certain countries priority in the years-long wait
for a U.S. work visa, also known as a green card. There are between 50,000
and 55,000 winners each year.  Entrants will have to wait until July 15,
when the State Department will announce results based on a new, random
algorithm.

------------------------------

Date: Thu, 5 May 2011 13:07:07 +0930
From: Michael Rosa <MRosa_at_private>
Subject: Westpac systems crash in IT meltdown

http://www.theaustralian.com.au/business/industry-sectors/westpac-systems-crash-in-it-meltdown/story-e6frg96f-1226050242014

An air-conditioning failure has crippled Westpac's (Australian bank) IT
systems throughout the nation one day after reporting record profits of
almost $4 billion.

At 12.05 AEST Westpac said ATM and EFTPOS facilities were restored but there
was no word on when online banking would be working.  "Westpac sincerely
apologises to all our customers who have been impacted by today's outage.
We take systems reliability extremely seriously and are very disappointed by
the inconvenience to our customers and will undertake a thorough review,"
Rob Coombe, Westpac Group executive, retail and business banking, said.

Westpac subsidiary St George Bank was also affected by the system failure.

Customers have complained to The Australian and taken to social media
websites to vent their anger after they couldn't withdraw funds from ATMs or
use EFTPOS facilities this morning.

Earlier a Westpac spokeswoman told ABC Radio that an air conditioning
problem at one of its data centres had triggered the shut down of the bank's
systems.

Michal Rosa, WorkCover SA, 100 Waymouth St, Adelaide, SA 5000 P: 0882332147
www.workcover.com<http://www.workcover.com/> mrosa@private

------------------------------

Date: Mon, 23 May 2011 15:27:15 -0400 (EDT)
From: Eli the Bearded <risks_at_private>
Subject: Car Talk and Talk and... (Joseph B. White)

I noticed an article in the Wall Street Journal today about
vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications
to cars. The idea is cars so equipped could help alert drivers to sudden
changes in traffic.

Joseph B. White, Car Talk and Talk and..., *Wall Street Journal*, 23 May 2011
http://online.wsj.com/article/SB10001424052748703778104576286631174569232.html

Mostly the article does a good job of outlining positives and the risks of
this effort: false alarms could numb drivers, auto makers could be sued if
an alarm fails to sound, drivers would not like their cars to help them get
tickets.

One quote near the end from an advocacy group spokesman caught my attention
as worrisome however:

  "It's important to move to large-scale deployments to figure out what the
  issues are," says Scott Belcher, president of the Intelligent
  Transportation Society of America ...

I hope most issues can be found before the "large-scale deployments" take
place.

------------------------------

Date: Wed, 04 May 2011 02:53:33 -0400
From: Jeremy Epstein <jeremy.epstein_at_private>
Subject: Sony breach may drive down value of stolen credit cards (Nick Bilton)

This is actually quite funny - the thieves are worried that the increased
supply of stolen credit card numbers will drive down the value of the
already-stolen cards.  Perhaps they'll ask for government regulation to
protect the value of their stolen merchandise?

Nick Bilton, Bits, Perverse cybereconomic impacts, *The New York Times*,
3 May 2011
http://bits.blogs.nytimes.com/2011/05/03/card-data-is-stolen-and-sold/

Last week, after the Sony PlayStation Network was attacked by a group of
unknown hackers, Sony's 77 million customers, along with security
specialists and government officials, were surprised by the amount of
information that might have been stolen from the company.

But there was another group that worried about the attack: other hackers who
steal credit card numbers and personal identity online and then sell and
trade this information in underground markets.

"We're keeping a close eye on the Sony story as it would drastically affect
the resale of other cards," explained an experienced hacker based in Europe
who declined to share his name due to the nature of his work.

Kevin Stevens, senior threat researcher at the computer security firm Trend
Micro, explained in an interview last week that there was a lot of
discussion taking place in hacker forums about the Sony data breach.
Several credit card dealers are worried that the distribution of millions of
credit cards would flood the market and lower prices, he said. [...]

Jeremy Epstein, Senior Computer Scientist, SRI International
1100 Wilson Blvd, Suite 2800, Arlington VA  22209  703-989-8907 (M)

------------------------------

Date: Tue, 24 May 2011 11:53:23 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: WSJ Reporter Takes Heat Over Tone Of Privacy Series (Joe Mullin)

  [Thanks to Richard M. Smith, computerbytesman.  PGN]

Joe Mullin, *The Wall Street Journal*, 20 May 2011
http://paidcontent.org/article/419-wall-street-journal-reporter-takes-heat-over-tone-of-privacy-series/

In many ways, the series of articles about online privacy that *The Wall
Street Journal* began publishing last year has set the tone for the privacy
debate nationally -- but not everyone is thrilled about that.

During a discussion about personal information and privacy at the pii2011
<http://pii2011.com/> conference, Evidon CEO Scott Meyer suggested that the
tone of the WSJ series about digital privacy, called
<http://online.wsj.com/public/page/what-they-know-digital-privacy.html>
"What They Know," was over the top and inflammatory. "When you use words
like 'surveillance' and 'spying,' it freaks people out," Meyer said to Julia
Angwin, one of the WSJ reporters who has worked on the series. "If it
weren't for you, we wouldn't be here," he said, referring to the panel of
behavioral advertising companies that he was on, which Angwin was
moderating.

A questioner from the audience, Morgan Reed of the Association for
Competitive Technology <http://actonline.org/>, agreed, noting that the WSJ
series had directly influenced the comments made by Congressional
representatives. "The question addressed to me [by Congress] was, 'Look at
these apps the Wall Street Journal found-so you, app developer, tell us why
we shouldn't be afraid of these.'"

------------------------------

Date: Tue, 24 May 2011 00:34:08 -0400
From: Monty Solomon <monty_at_private>
Subject: When the Internet Thinks It Knows You (Eli Pariser)

Eli Pariser, 22 May 2011, *The New York Times*, 23 May 2011
http://www.nytimes.com/2011/05/23/opinion/23pariser.html

Once upon a time, the story goes, we lived in a broadcast society. In that
dusty pre-Internet age, the tools for sharing information weren't widely
available. If you wanted to share your thoughts with the masses, you had to
own a printing press or a chunk of the airwaves, or have access to someone
who did. Controlling the flow of information was an elite class of editors,
producers and media moguls who decided what people would see and hear about
the world. They were the Gatekeepers.

Then came the Internet, which made it possible to communicate with millions
of people at little or no cost. Suddenly anyone with an Internet connection
could share ideas with the whole world. A new era of democratized news media
dawned.

You may have heard that story before - maybe from the conservative blogger
Glenn Reynolds (blogging is "technology undermining the gatekeepers") or the
progressive blogger Markos Moulitsas (his book is called "Crashing the
Gate"). It's a beautiful story about the revolutionary power of the medium,
and as an early practitioner of online politics, I told it to describe what
we did at MoveOn.org. But I'm increasingly convinced that we've got the
ending wrong - perhaps dangerously wrong. There is a new group of
gatekeepers in town, and this time, they're not people, they're code.

Today's Internet giants - Google, Facebook, Yahoo and Microsoft - see the
remarkable rise of available information as an opportunity. If they can
provide services that sift though the data and supply us with the most
personally relevant and appealing results, they'll get the most users and
the most ad views. As a result, they're racing to offer personalized filters
that show us the Internet that they think we want to see. These filters, in
effect, control and limit the information that reaches our screens. ...

------------------------------

Date: Wed, 27 Apr 2011 17:24:03 -0700
From: Henry Baker <hbaker1_at_private>
Subject: "Automatic Updates" considered Zombieware

I wish this were only April 1st.

My Windows computer is now spending a significant fraction of its time
running "updates" on every program that I have installed.  I have no idea
what these "updates" do, but each "update" takes more and more space, and my
computer runs slower and slower.  A large fraction of these "updates"
require restarting Windows, so these "updates" are disruptive to my use of
my computer.

The "going rate" for updates now appears to be 100Mbytes.  Adobe's Reader X
is *three times* the size of Reader 8, and (as far as I'm concerned) it is
much worse because it takes forever to load.  I'm also terribly concerned
that Javascript is enabled by default in Adobe Reader; since when does Adobe
Reader need Javascript?  For that one time per year when I need to fill out
the IRS form?

The latest Apple iTunes "update" from a couple of days ago not only didn't
work, but froze my system so badly I had to "system restore" to a previous
date.  Apple themselves has the hubris to not bother installing a restore
point itself, because it assumes that its software would _never_ be buggy
enough to require a restore.  I'm about ready to ditch iTunes completely,
since none of this additional bloat has anything to do with me (I don't have
an iPhone or iPad, although I do have an older iPod).  iTunes also has an
unfixed bug that has existed for the past two years, where with hundreds of
podcast feeds, I try to update them all at once, iTunes reliably crashes.
Each crash, of course, is dutifully sent back to Microsoft, which Microsoft
apparently throws directly into the circular file because Microsoft is
thrilled to see Apple software crash & burn.

If I were cynical, I would assume that that the computer in "cloud
computing" means *my computer*, and under the guise of "updates", all of
these vendors are stealing time & disk space on my computer to sell to their
cloud customers.

At the current rate of bloat, my computer will soon run out of disk space --
not for any of *my* data -- but for all the bloatware "updates" that
everyone wants to install.

I'm starting to downgrade my software -- I've reinstalled Adobe Reader 8
(only 33Mbytes), and I'm moving more and more to open source software which
(at least so far) isn't so bloated with features that I have no idea what
they do or why they are there, yet they open security holes that continually
need to be fixed with even more updates.

 - - -

I can't wait for automobiles with WiFi to start automatically "updating"
themselves every time I want to buy gas.  Clearly, *nothing could go wrong*
in that scenario.

I can foresee massed armies arrayed against one another in the near future,
but neither is capable of fighting, because each is receiving "updates" for
all of its computers & rebooting...

Who needs Stuxnet, when we have Microsoft/Apple/Adobe/Java/...
automatic updating?

------------------------------

Date: Fri, 29 Apr 2011 10:12:07 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Amazon Cloud Crash Write-up

Summary of the Amazon EC2 and Amazon RDS Service Disruption in the US
East Region

Now that we have fully restored functionality to all affected services, we
would like to share more details with our customers about the events that
occurred with the Amazon Elastic Compute Cloud ("EC2") last week, our
efforts to restore the services, and what we are doing to prevent this sort
of issue from happening again. We are very aware that many of our customers
were significantly impacted by this event, and as with any significant
service issue, our intention is to share the details of what happened and
how we will improve the service for our customers.
http://aws.amazon.com/message/65648/

------------------------------

Date: Wed, 4 May 2011 02:56:50 -0500 (CDT)
From: Matt Roberds <mroberds_at_private>
Subject: Lawsuit alleges spyware on rental computers (Joe Mandak)

Joe Mandak, AP wire story, 3 May 2011:

PITTSBURGH - A major furniture rental chain has software on its computers
that lets it track the keystrokes, screenshots and even webcam images of
customers while they use the devices at home.  A lawsuit was filed on behalf
of a Wyoming couple who said they learned about the PC Rental Agent "device
and/or software" inside the computer they rented last year when an Aaron's
Inc. store manager in Casper came to their home on 22 Dec 2010.

The manager tried to repossess the computer because he mistakenly believed
the couple hadn't finished paying for it, the couple said.  Brian Byrd, 26,
said the manager showed him a picture of Byrd using the computer - taken by
the computer's webcam. The image was shot with the help of spying software,
which the lawsuit contends is made by North East, Pa.-based Designerware LLC
and is installed on all Aaron's rental computers.  [...]

PC Rental Agent includes components soldered into the computer's motherboard
or otherwise physically attached to the PC's electronics, the lawsuit
said. It therefore cannot be uninstalled and can only be deactivated using a
wand, the suit said."

source: http://news.yahoo.com/s/ap/20110503/ap_on_re_us/us_rental_computer_spyware

I'm not exactly sure what the hardware components mentioned above *are*,
especially not the one that can be "deactivated using a wand".  I have seen
a recent (mid-2000s) IBM PC that had some kind of antenna connected to the
motherboard, but it wasn't for a built-in WiFi adapter.  The marketing
material for that machine implied it was some kind of asset-tracking system.
The machine boots and appears to run OK with the antenna unplugged.

The other functions mentioned (remote activation of webcam, key logging,
etc.) could easily be implemented in software, and this has already been
done by various school districts to spy on their students (Wirchenko,
RISKS-25.95).

------------------------------

Date: Sun, 8 May 2011 17:23:08 -0700
From: Mark Thorson <eee_at_private>
Subject: The Web browser that cried "wolf"

Sometimes those annoying pop-ups warning about not having a trusted
certificate really do indicate something is wrong, as in the case of this
recent Syrian man-in-the-middle attack.

https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook

As noted in the bulletin, we often reflexively click through these warnings.
The RISK is that a warning given too often is ignored, a scenario we've seen
so many times in other contexts, such as warning alarms on medical
equipment.

------------------------------

Date: Sun, 15 May 2011 10:25:55 +0800
From: jidanni_at_private
Subject: You must enable javascript to view this page

Muhahaha, they forgot that we occasional _text browser_ users can still
see their page as plain as day!

$ w3m -dump http://lyrics.wikia.com/Devo:Triumph_Of_The_Will
You must enable javascript to view this page. This is a requirement of
our licensing agreement with music Gracenote.

------------------------------

Date: Tue, 24 May 2011 13:44:54 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Future Risks

John Brandon, Six rising threats from cyber criminals Watch out for these
cyber attacks that can turn smartphones into texting botnets, shut off
electricity, jam GPS signals, ...  InfoWorld, 19 May 2011
http://www.infoworld.com/d/security/six-rising-threats-cyber-criminals-573

      The article is eight Web pages long.  Here are the topics:
1. Text-message malware
2. Hacking into smart grids
3. Social network account spoofing
4. Cyber stalking
5. Hackers controlling your car
6. GPS jamming and spoofing: Threat or nuisance?

------------------------------

Date: Mon, 9 May 2011 14:46:22 -0700
From: Tony Luck <tony.luck_at_private>
Subject: Poor choice for automatic password

My credit union has been acquired by a larger credit union.  Instructions
for logging in to the "bill pay" area of the new website include:

  Important: Your new Bill Pay Password is the last four digits of your
  five-digit home ZIP code, followed by the last four digits of your home
  phone number (i.e., if your ZIP code is "95125," and your home phone
  number is "555-1234," your CEFCU Bill Pay password would be "51251234")

Somebody thinks that my zip code and home phone number are secrets
only known to me ... sigh.

------------------------------

Date: Tue, 24 May 2011 14:20:35 -0800
From: Rob Slade <rMslade_at_private>
Subject: REVIEW: "The Black Swan", Nassim Nicholas Taleb

BKBLKSWN.RVW   20110109

"The Black Swan", Nassim Nicholas Taleb, 2007, 978-1-4000-6351-2,
U$26.95/C$34.95
%A   Nassim Nicholas Taleb
%C   One Toronto Street, Unit 300, Toronto, ON, Canada  M5C 2V6
%D   2007
%G   978-1-4000-6351-2 1-4000-6351-5
%I   Random House/Vintage/Pantheon/Knopf/Times/Crown
%O   U$26.95/C$34.95 800-733-3000 randomhouse.ca www.atrandom.com
%O  http://www.amazon.com/exec/obidos/ASIN/1400063515/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1400063515/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1400063515/robsladesin03-20
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   366 p.
%T   "The Black Swan: The Impact of the Highly Improbable"

I was irritated into reviewing this book.  I knew that the title referred to
events which are rare, and therefore seen as unlikely or impossible, but
which, once observed, are obviously true.  I had heard this book (and idea)
discussed in terms of risk analysis, but the mere fact didn't strike me as
terribly useful.  To a certain extent we deal with such issues all the time
in business continuity planning.  So, when, during yet another conversation
on risk analysis, one participant insisted that we should all read this
text, I responded that the earth might fall into the sun, soon, and
therefore I couldn't see risking what little time I had left reading Taleb's
work.

The participant insisted that we weren't going to fall into the sun for a
long while, and therefore I should read the book.  Having now read it, I can
say that this person didn't understand one of the author's main points.

In the prologue, Taleb describes a Black Swan event as one which is rare,
has an enormous impact on the world, and is explainable after the fact.
During the course of the work he presents a number of examples.  A great
deal of the text, though, discusses, disparages, and even rants against
efforts to predict future events or outcomes, particularly those which rely
on models.  The author notes that many of these models fail to take certain
factors into account.  This is quite true: a model, by its very nature, must
be limited.  A map of Canada, the full size of Canada, would be accurate,
but not very portable, and thus not useful.  In the same way, any model is a
heuristic, giving a quick indication of operation on the basis of a very
limited set of factors.  Taleb's thesis about rare events seems to take
second place to his assertion that you can go badly awry by relying on a
model which fails to take all factors into account.

My "earth into the sun" example, therefore, fits well into the theme of the
book.  As far as we understand, we have probably billions of years before we
spiral into the sun.  On the other hand, some rare event may make this
happen much sooner, and we'll all be impacted (if you'll pardon the
expression).  And, if it does happen, you can bet that, in the few weeks or
hours between the event and our incineration, there will be plenty of people
who will be building models to explain why it did happen.

This statement is undoubtedly true.  But is it helpful?  Much of the
author's work is addressed at the issue of investment, and particularly
"playing" the stock market.  He notes that an investor, by betting on black
swan events, can make a large return (since black swan events have a large
impact).  This declaration is also true, but you can't bet on all possible
events, so which ones do you choose?  For example, computer equipment
retailers who "bet" on tablet computers last year would, this year, be in a
very strong position.  Those who did the same thing twenty-three years ago
would have been stuck supporting the Newton.

Taleb keeps repeating (and repeating, and repeating, and repeating: his few
points are duplicated many times over through nineteen chapters) that just
about everyone tries to avoid risk on the basis of what they have seen in
the past.  In fact, not only many studies but also common observation show
that this isn't the case.  The general public loves to gamble.  Studies of
"successful" people (business leaders, etc.) indicate that they are more
prone to gambling and risk- taking than the general public, and, in fact,
foolishly so.  ("Leaders" have a strong tendency to gamble even when it is
quite clear that taking the small but sure return is the better deal.)

Is this, in fact, evidence that Taleb is correct, and that we all should be
risk-takers, betting on black swans?  No.  As he, himself, points out in a
different context, some risk-takers win, and become "successful," while a
lot of risk-takers lose, but disappear into the general population.  (Or
just disappear.)

The central point about making predictions on the basis of insufficient
knowledge is emphasized most repetitively in regard to investments and
finance.  The author does suggest a method for ventures: keep 90% of your
funds in the most conservative undertakings, and invest the 10% in wildly
speculative "positive" black swans.  Of course, this doesn't guarantee that
any of your wild investments do pay off, but at least you will have your
90%.  Unless a "negative" black swan comes along and wipes them out.

The book is, actually, fairly fun to read, but annoying to review.  Taleb
has good facility with language, and writes in an amusing, if scattered,
manner.  As a means of passing the time, the text is fluid, entertaining,
and even has some points worth thinking about.  However, in terms of this
review series, I must consider whether the tome is useful or not, and I'm
not certain that it is.  Taleb presents some salient warnings, but makes any
number of statements ( several of them outrageous) without going to the
trouble of backing them up.  (This fact is rather ironic in view of his
repeated denigration of academics and technical authors who cannot write
clearly and "properly."  He even admits, almost up front, that a friend
"caught [him] red-handed" by challenging him to "justify the use of the
precise metaphor of a Black Swan," and he had to confess "this book is a
story.")

To take a page from the way Taleb writes, I could point out that his
"Extremistan" bears a strong resemblance to the age of the dinosaurs.  They
developed the largest land-dwelling creatures ever to walk on earth, lasted
much longer than we humans have, and, some models show, were able, simply
because of their immense numbers, to effect climate in ways that we have
only recently been able to do by pumping their remains out of the earth and
burning them.  They were also subject to a black swan event in the shape of
an asteroid, which left, as their descendants, only Taleb's much maligned
turkeys.

There are certainly holes in this argument, but it is as entertaining, and
as valid, as much of what Taleb writes in the book.

In the end, I have to agree with Taleb's mother: there is some use in
this book, but an enormous disparity between what the author thinks it
is worth, and what it is actually worth.

(No ballet dancers were mentally harmed in the reviewing of this book.)

copyright, Robert M. Slade   2011     BKBLKSWN.RVW   20110109
rslade_at_private     slade_at_private     rslade_at_private
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links

------------------------------

Date: Thu, 29 May 2008 07:53:46 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.   The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request_at_private
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users should contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
 http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 26.45
************************
Received on Tue May 24 2011 - 16:33:05 PDT

This archive was generated by hypermail 2.2.0 : Tue May 24 2011 - 22:11:26 PDT