RISKS-LIST: Risks-Forum Digest Friday 24 February 2012 Volume 26 : Issue 74 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.74.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Re: Google Mobile Phone Tracker (Tim Diebert, PGN) Re: It's A Brick: Tesla Motor's Devastating Design Problem (Martyn Thomas) "13 security myths you'll hear -- but should you believe?" (Ellen Messmer via Gene Wirchenko) Not-so-faster-than-light superluminal neutrinos! (smolloy via David Bolduc) NewSci: GPS jamming: a clear and present reality (Paul Saffo) UK - 4G TV interference: Up to a million homes 'need filters' (Lauren Weinstein) Behind the Google Goggles, Virtual Reality (Nick Bilton via Matthew Kruk) Facebook contractor reportedly reveals "secret""censorship" list (Stephen C. Webster via Lauren Weinstein) Nortel breached for years; management knew but didn't react (Jeremy Epstein) Re: Armored SUV could not protect U.S. agents in Mexico (Chris Barnabo, Richard S. Russell, R. G. Newbury) Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives (LW) Long distance mail, but why? (Richard O'Keefe) REVIEW: The Tangled Web: A Guide to Securing Modern Web Applications (Ben Rothke) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 24 Feb 2012 08:17:53 PST From: Tim Diebert <diebert_at_private> Subject: Re: Google Mobile Phone Tracker (Kruk, RISKS-26.73) I'd like to point out that there is a *real risk* with this posting. If you actually go to "-http://googlephone.page.tl/-" you get the opportunity to click on 2 links, one in the middle of the page or one at the bottom of it. Both of these URLs, labeled "http://googlephone.com/Apps/Google_Mobile_Phone_Tracker_v6.5.8" actually points to "http://dl.dropbox.com/u/61356096/Google%20Mobile%20Phone%20Tracker%20v6.5.8.exe". If this link is actually downloaded and run, you get a virus installed. I use a Mac that has "McAfee Security" installed, and it identified the downloaded file as a virus. I would assume that the anti-virus software for Windows will also catch this one. The link at the end of this item in the digest, "-http://googlephone.com/Apps/Google_Mobile_Phone_Tracker_v6.5.8-" gets a "server not found" error. While there is a registration by Google for googlephone.com, there is no DNS entry for it. I thoroughly understand that publishing the "Risks Digest" is a time consuming task, and following every link published to validate it is just too time consuming. This is something that the person supplying this item should have done! Tim Diebert, Sr. Research Engineer, Palo Alto Research Center 3333 Coyote Hill Road, Palo Alto, CA 94304-1313 1.650.812.4433 ------------------------------ Date: Fri, 24 Feb 2012 10:00:33 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Re: Google Mobile Phone Tracker (Kruk, RISKS-26.73) My sincerest apologies for including this item at all without further inspection or with a serious warning about the risks of remotely plausible messages. I should know better than try to put out an issue at 4am while half of my brain was still thinking I should be asleep. But I am glad to see that so many of you reacted sensibly and complained to me. A few more responses are included here. Others were received early on from Joe Hall, Dan Ritter, Larry Werring, Lauren Weinstein -- and Richard Martin, whose note included this: The link on the website it references downloads a *very* dodgy -- and very obviously not Google-produced or approved - .exe file that Chrome immediately identifies as malicious and which Sophos identifies as a variant of the Sality worm. If it infects a PC it will proceed to download further malware onto the victim machine, so not a sensible thing to have around. On the other hand, the tracking behaviour described in the badly-spelled writeup has been provided for quite a while now on all Google Android phones capable of running Google Latitude. I put a warning note in the archive copy of RISKS-26.73 rather than deleting the item altogether, which we normally do not do. The educational importance of this item and its risks is decidedly important. Again, my apologies for letting this one slip through. Thanks to all of you who responded, and my best wishes to *all* RISKS readers. The attackers are becoming ever more sophisticated and devious, and require continual escalations in our collective eternal vigilance. PGN ------------------------------ Date: Fri, 24 Feb 2012 16:49:36 +0000 From: Martyn Thomas <martyn_at_thomas-associates.co.uk> Subject: Re: It's A Brick: Tesla Motor's Devastating Design Problem (R-26.73) The cited article also says: ``After the first 500 Roadsters, Tesla added a remote monitoring system to the vehicles, connecting through AT&T's GSM-based cellular network. Tesla uses this system to monitor various vehicle metrics including the battery charge levels, as long as the vehicle has the GSM connection activated and is within range of AT&T's network. According to the Tesla service manager, Tesla has used this information on multiple occasions to proactively telephone customers to warn them when their Roadster's battery was dangerously low. In at least one case, Tesla went even further. The Tesla service manager admitted that, unable to contact an owner by phone, Tesla remotely activated a dying vehicle's GPS to determine its location and then dispatched Tesla staff to go there. It is not clear if Tesla had obtained this owner's consent to allow this tracking, or if the owner is even aware that his vehicle had been tracked. Further, the service manager acknowledged that this use of tracking was not something they generally tell customers about.'' But this article suggests that there may be other reasons for the story. ------------------------------ Date: Fri, 24 Feb 2012 09:15:18 -0800 From: Gene Wirchenko <genew_at_private> Subject: "13 security myths you'll hear -- but should you believe?" (Ellen Messmer) Ellen Messmer, *Network World*, 14 Feb 2012 http://www.networkworld.com/news/2012/021412-security-myths-256109.html opening paragraph: They're "security myths," oft-repeated and generally accepted notions about IT security that arguably are simply not true -- in order words, it's just a myth. We asked security experts, consultants, vendors and enterprise security managers to share their favorite "security myths" with us. Here are 13 of them: ------------------------------ Date: Feb 22, 2012 5:43 PM From: "David Bolduc" <bolduc_at_private> Subject: Not-so-faster-than-light superluminal neutrinos! [via both Dave Farber and johnmacsgroup. PGN] http://science.slashdot.org/story/12/02/22/2116251/faulty-cable-to-blame-for-superluminal-neutrino-results Faulty Cable To Blame For Superluminal Neutrino Results samzenpus_at_private, from the not-so-fast dept., 22 Feb 2012 smolloy writes* "It would appear that the hotly debated faster-than-light neutrino observation is the result of a fault in the connection between a GPS unit and a CERN computer. This connection was used to correct for time delays in the neutrino flight, and after fixing the correction the researchers have found that the time discrepancy appears to have vanished."* <http://science.slashdot.org/story/11/09/22/1841217/cern-experiment-indicates-faster-than-light-neutrinos?sdsrc=rel> <http://news.sciencemag.org/scienceinsider/2012/02/breaking-news-error-undoes-faster.html?ref=hp#.T0U_N0pYVRc.twitter> ------------------------------ Date: Feb 23, 2012 9:21 AM From: "Paul Saffo" <paul_at_private> Subject: NewSci: GPS jamming: a clear and present reality [From New Scientist's One Percent blog, via Paul on Dave Farber's IP] GPS Jamming: a clear and present reality, 22 Feb 2012 A secret network of 20 roadside listening stations across the UK has confirmed that criminals are attempting to jam GPS signals on a regular basis, a conference <https://connect.innovateuk.org/web/6517437/agenda> at the National Physical Laboratory, in London, will hear later today. Set up by the government's Technology Strategy Board (TSB) and run by Chronos Technology of the Forest of Dean, UK, the Sentinel network<http://www.chronos.co.uk/index.php/en/sentinel.html>has sensed an average of ten jamming incidents per month since September 2011. "Our jamming sensors use very small GPS receivers like those in cellphones. They are installed at locations where our partner companies have experienced unexplained outages to their professional GPS equipment," says Chronos managing director Charles Curry. "The jammers sweep a signal through the GPS band around 1.5 gigahertz and we log the impact that has on the local GPS signal." One victim of these GPS outages was Britain's national mapping agency, Ordnance Survey. Details on the 60 incidents recorded to date are scant as Sentinel is still evaluating the causes, but at least one jamming device has been seized. Curry says most jammers seem to be being used by truckers to stop 'spy-in-the-cab' tachographs working, preventing their journeys being tracked by their bosses, or by thieves stealing commercial vehicles. "The one police have confiscated is of the type that fits in a vehicle and is powered via a lighter socket," he says. Oddly, more than one person appears to be responsible for the jamming at some locations: Chronos is trying to differentiate between different jammers to give "a better idea of how many individuals at a particular location are jamming GPS". Vigilantes could be one source: a major problem with GPS is the way some small villages and towns suffer visits from dangerously outsized trucks - which often get stuck in tiny streets - attempting to follow satnav-advised shortcuts. So it is possible locals are placing jammers to prevent drivers' antisocial behaviour. The GPS signal is weak and easily jammed - its radiation is only as intense as a car headlight shining from 20,000 kilometres away. Hundreds of online vendors illegally sell jamming equipment online yet at the same time the GPS signal has fast become critical national infrastructure<http://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life.html>. In addition to location services via satnavs, the atomic clocks aboard the satellites are used to provide crucial timing signals for systems as diverse as cellphone towers and banking systems - and without GPS they fall over. That's why it's no surprise that a US company called LightSquared, which wanted to run a 4G cellphone service very near to the GPS frequencies, has been barred from doing so<http://transition.fcc.gov/Daily_Releases/Daily_Business/2012/db0215/DOC-312479A1.pdf> by the Federal Communications Commission. It could not demonstrate that its technology could steer clear of GPS signals that stray from its alloted bandwidth. The conference will also hear about how the GPS signal can be spoofed so that satnavs are lured in the wrong direction. You can see videos of how spoofing works over at the University of Texas<http://radionavlab.ae.utexas.edu/videos>. Spoofers could become the latter-day equivalent of wreckers who used to make false lights to draw ships onto the rocks. The General Lighthouse Authorities, for instance, suspect that ships are now so dependent on GPS that in the world's busiest sealane - the English Channel - they confidently expect "an incident" due to GPS failure, jamming or spoofing in the next decade. "The question for the authorities is what we are going to do once the owners of jammers are identified and how can we prevent others using them," says Curry. http://www.newscientist.com/blogs/onepercent/2012/02/gps-jamming-a-clear-and-presen.html ------------------------------ Date: Wed, 22 Feb 2012 21:43:24 -0800 From: Lauren Weinstein <lauren_at_private> Subject: UK - 4G TV interference: Up to a million homes 'need filters' http://j.mp/wbMCgL (BBC) [via NNSquad] "Almost a million UK homes will need to have filters installed to prevent TV interference from 4G mobile signals - at a cost of 108m." ------------------------------ Date: Thu, 23 Feb 2012 19:02:58 -0700 From: "Matthew Kruk" <mkrukg_at_private> Subject: Behind the Google Goggles, Virtual Reality (Nick Bilton) [Nick Bilton, Behind the Google Goggles, Virtual Reality, *The New York Times*, 22 Feb 2012; PGN-ed] http://www.nytimes.com/2012/02/23/technology/google-glasses-will-be-powered-by-android.html?_r=2&nl=todaysheadlines&emc=tha25 It wasn't so long ago that legions of people began walking the streets, talking to themselves. On closer inspection, many of them turned out to be wearing tiny earpieces that connected wirelessly to their smartphones. What's next? Perhaps throngs of people in thick-framed sunglasses lurching down the streets, cocking and twisting their heads like extras in a zombie movie. That's because later this year, Google is expected to start selling eyeglasses that will project information, entertainment and, this being a Google product, advertisements onto the lenses. The glasses are not being designed to be worn constantly - although Google engineers expect some users will wear them a lot - but will be more like smartphones, used when needed, with the lenses serving as a kind of see-through computer monitor. [Dig up the entire article. PGN] ------------------------------ Date: Thu, 23 Feb 2012 13:23:25 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Facebook contractor reportedly reveals "secret""censorship" list (Stephen C. Webster) http://j.mp/w1AqEb (Raw Story) http://j.mp/Aaeis5 (Facebook "Abuse Standards Violations" doc [JPG]) "A secret list curated by social network giant Facebook was published online recently after an employee for one of the company's third-world contractors, upset at his poor working conditions and meager wage, decided to fight back. The document reveals exactly what Facebook's censorship brigade looks for on the social network, which boasts over 850 million users spanning the globe." [via NNSquad.org] ------------------------------ Date: Wed, 15 Feb 2012 09:27:16 -0500 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: Nortel breached for years; management knew but didn't react *The Wall Street Journal*, *The Washington Post*, and pretty much all other major papers are reporting that Nortel's security had been breached for years (2004-present), and information was being leaked out to Chinese sites. There are a few key things in this story: * The problem was deep. "The hackers also hid spying software so deeply within some employees' computers that it took investigators years to realize the pervasiveness of the problem." * Management seems to have deliberately turned a blind eye to the problem. "Nortel made no effort to determine if its products were also compromised by hackers" according to several employees the WSJ interviewed. * As they were selling its assets, Nortel executives did not disclose the known breach. "Ciena was not made aware, whether during diligence or any other part of the bankruptcy-sale process, of any possible prior infiltration of the Nortel network by third parties." * Executives seem to be unaware of the risks. "Mr. Zafirovski [former Nortel CEO] said he didn't believe the infiltrations could be passed on to acquiring companies. [...] a significant number of people continued to use Nortel laptops and desktop computers after moving to Avaya and Genband and connected them to those companies' networks." The blame should be shared - assuming that Nortel didn't volunteer the information, it seems that it should be on the M&A checklist for a buyer to ask about risks relating to computer infiltrations. And checking machines brought over should be part of the checklist for the integrated IT department. But perhaps the M&A folks are too busy with the spreadsheets to understand the underlying risks. But the part that I find the scariest is the lack of understanding that not only was the problem spreading within their organization, but it may have also spread within their customers' organizations through infected products. We've certainly seen that happen before... The recent SEC guidance that network security breaches are material events should help push this harder in the future. Perhaps this will be a wakeup call to companies doing acquisitions? The RISKS? Lots, but most notably that buying another organization also buys their risks, which may be unseen.... just the way manufacturing companies discovered in the 1970s and 1980s that they had purchased liability for pollution in addition to buying corporate assets. http://online.wsj.com/article_email/SB10001424052970203363504577187502201577054-lMyQjAxMTAyMDEwNDExNDQyWj.html?mod=wsj_share_email_bot#printMode http://www.washingtonpost.com/business/technology/report-chinese-hackers-breach-nortel-networks/2012/02/14/gIQApXsRDR_story.html?hpid=z11 ------------------------------ Date: Fri, 24 Feb 2012 10:57:45 -0500 From: Chris Barnabo <chris_at_private> Subject: Re: Armored SUV could not protect U.S. agents in Mexico (RISKS-26.73) I own a Suburban (not armored, unfortunately) and the behavior of the door locks is user-selectable. They can be set so only the driver's door unlocks when shifted to park, all doors unlock when shifted to park, all doors unlock when the key is removed from the ignition, or no automatic door unlock occurs (in which case you have to use the button). If power is out, you can manually unlock the door as well. The factory default is to have the driver's door unlock when you shift to park. The RISK here applies to more than armored cars and U.S. special agents - with ANY product, the user should evaluate the available settings and determine what is appropriate for their environment. Factory-defaults are not necessarily secure - we've seen this time and again with wireless routers that ship with security disabled, firewalls initially configured to allow all traffic, etc. In this particular case I'd expect the company that armored the vehicle (i.e. had responsibility for securing it) should have set the door lock parameters, and perhaps they did - there's nothing to prevent any driver from changing the setting. Hopefully in the future they'll inspect these settings and include some user training on them (e.g. DON'T TOUCH!) ------------------------------ Date: Fri, 24 Feb 2012 09:59:14 -0600 From: "Richard S. Russell" <richardsrussell_at_private> Subject: Re: Armored SUV could not protect U.S. agents in Mexico (R-26.73) What I learned during Severe Weather Awareness Week: (1) On the road, you're in danger from tornadoes. Get out of your car and lie down in a ditch. (2) In low-lying areas, you can drown in a flash flood. Get out of that ditch and head for the hills. (3) The highest object around gets hit by lightning. Get off of that hill and into your car. (4) On the road, you're in danger from tornadoes... Richard S. Russell, 2642 Kendall Av. #2, Madison WI 53705-3736 608+233-5640 RichardSRussell@private http://richardsrussell.livejournal.com/ ------------------------------ Date: Fri, 24 Feb 2012 10:37:55 -0500 From: "R. G. Newbury" <newbury_at_private> Subject: Re: Armored SUV could not protect U.S. agents in Mexico (R-26.73) > That terrifying sound -- a quiet click -- And it can get *even* worse than that! This morning, as it happened, as I backed out of the garage, I knocked the right hand rear view mirror out of alignment. My only excuse is that the dog was trying to lick me ear off. Since I could not quite reach the mirror from the driver's seat through the window, I put the car in park with the engine running, and got out. When I closed the door, *the doors locked!* With the engine running! Luckily I *had* left the right window open. I have NO idea what the settings allow. I do know that there are some settings, but I have not found a way to defeat the 'you must be in park to open the doors' rule. But locking the doors when the engine is running is not my idea of a 'positive outcome'. R. Geoffrey Newbury, Barrister and Solicitor, Suite 106, 150 Lakeshore Road West, Mississauga, Ontario, L5H 3R2 o905-271-9600 f905-271-1638 ------------------------------ Date: Fri, 24 Feb 2012 10:46:11 -0500 (EST) From: msb_at_private (Mark Brader) Subject: Re: Small coding mistake led to big Internet voting system failure (RISKS-26.73) Ah, would you believe https://jhalderm.com/pub/papers/dcvoting-fc12.pdf [Corrected URL now noted in RISKS ARCHIVE copies.] ------------------------------ Date: Thursday, February 23, 2012 From: Lauren Weinstein Subject: Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives Court: Fifth Amendment Protects Suspects from Having to Decrypt Hard Drives (+ my comments; from Network Neutrality Squad) http://j.mp/zt5iyr (This message on Google+) http://j.mp/yjQAPV (WSJ) "In a ruling that could have broad ramifications for law enforcement, a federal appeals court has ruled that a man under investigation for child pornography isn't required to unlock his computer hard drives for the federal government, because that act would amount to the man offering testimony against himself." - - - The Journal of course discusses this case in their usual "even-handed" manner -- note the graphic of the hooded man glaring at the reader, holder a keyboard with gloved hands. And loaded language such as, "The ruling could handcuff federal investigators ..." demonstrates the usual News Corp. "balance" in action. Be that as it may, it is true that this is not the end of the line for such disputes. There are other cases in progress that will directly contradict the reasoning of this decision, and the entire mess ending up in front of the Supreme Court seems like a pretty good bet. But will it really matter in the long run? I'm doubtful. The availability of powerful encryption systems that can be applied to disk drives, even in the presence of hardware-based surveillance mechanisms, will continue to expand. Weak key generation and poor key management systems will gradually become the exception rather than rule in many cases, and the power of technologies such as distributed encryption and key systems -- which could make it impossible to decrypt data without the cooperation of parties in multiple jurisdictions, may become common. Over time, whether one chooses to like it or not, governments may be forced to accept the reality that increasing amounts of data will remain beyond their abilities to successfully demand, regardless of sanctions and pressures applied to defendants or other interested parties. Lauren Weinstein http://www.vortex.com/lauren Blog: http://lauren.vortex.com Network Neutrality Squad: http://www.nnsquad.org 1(818) 225-2800 ------------------------------ Date: Fri, 24 Feb 2012 19:54:17 +1300 From: "Richard O'Keefe" <ok_at_private> Subject: Long distance mail, but why? A lecturer in Dunedin sends e-mail to his class. It is sent to Microsoft (Redmond is 7,600 miles away) who pass it on to Singapore (another 8,100 miles), which is 5,200 miles away from Dunedin. When a student wants to read this mail, she does so through a web browser. Log in here, it forwards you to Microsoft, which forwards you to Singapore, and then it's easy, just send requests to Singapore and get your mail back. This is all very impressive, and for students studying off campus it might make sense, but it's a very strange way to communicate with students on the same campus, living in the same city. Surely we have better things to do with the electricity? The idea of mail for students within a single country that doesn't even have any states being subject to three different sets of laws bothers me. Tell me why I am crazy to worry. ------------------------------ Date: Fri, 24 Feb 2012 09:37:39 -0500 From: Ben Rothke <brothke_at_private> Subject: REVIEW: The Tangled Web: A Guide to Securing Modern Web Applications Michal Zalewski The Tangled Web: A Guide to Securing Modern Web Applications Publisher: No Starch Press; 1st edition (26 Nov 2011) ISBN-13: 978-1593273880 In the classic poem *Inferno*, Dante passes through the gates of Hell, which has the inscription *abandon all hope, ye who enter here* above the entrance. After reading The Tangled Web: A Guide to Securing Modern Web Applications, one gets the feeling the writing secure web code is akin to Dante's experience. In this incredibly good and highly technical book, author Michal Zalewski writes that modern web applications are built on a tangled mesh of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. In the book, Zalewski dissects those subtle security consequences to show what their dangers are, and how developers can take it to heart and write secure code for browsers. The Tangled Web: A Guide to Securing Modern Web Applications is written in the same style as Zalewski's last book - Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, which is another highly technical and dense book on the topic. This book tackles the issues surrounding insecure web browsers. Since the browser is the portal of choice for so many users; its inherent secure flaws leaves the user at a significant risk. The book details what developers can do to mitigate those risks. Full review posted at http://365.rsaconference.com/blogs/securityreading/2012/01/25/the-tangled-web-a-guide-to-securing-modern-web-applications ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.74 ************************Received on Fri Feb 24 2012 - 12:05:15 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 24 2012 - 12:24:20 PST