[RISKS] Risks Digest 26.75

From: RISKS List Owner <risko_at_private>
Date: Sun, 18 Mar 2012 16:33:23 PDT
RISKS-LIST: Risks-Forum Digest  Sunday 18 March 2012  Volume 26 : Issue 75

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

  Contents: [Bin travlin'.  Baklogged.  RISKS Bakson.  PGN]
Risks of Leap Years and Dumb Digital Watches (Mark Brader)
Windsat Data Outage 29 Feb 2012 (David J Taylor)
"Windows Azure Leap-Year Glitch Takes Down G-Cloud" (Steve McCaskill via
  Gene Wirchenko)
Aussie leap-year problems (Don Gingrich)
Defibrillator risks (Benoit Goas)
Internet voting redux (VVW via PGN)
Internet Voting a "disaster in waiting" (Lauren Weinstein)
Another video of Alex Halderman on Internet voting (David Jefferson)
Board of Elections does nothing as hundreds of Bronx votes go missing
  (Joseph Lorenzo Hall)
First enforcement action under HITECH Breach Notification Rule
  (Deborah Peel via PGN)
The Hidden Risk of a Meltdown in the Cloud (ACM TechNews)
Jonathan Zittrain on Data tracking (Alexander Furnas via David Farber)
"Bodog case could affect all Canadian sites using U.S. domains" (Christine
  Wong via Gene Wirchenko)
Not even a tiny bit creepy. After all, Orwell WAS British, no?
  (Eric Pfeiffer via Randall)
"Thieves use victims' SIM cards to hack into online banking"
  (Gene Wirchenko)
Re: GPS jamming: a clear and present reality, Plus Fukushima and
  infrastructure CyberSecurity issues (Peter Bernard Ladkin)
More on do-it-yourself drones (PGN)
Facebook, Apple, Twitter, Yelp, 14 others sued for privacy-invading
  mobile apps (Jaikumar Vijayan via Gene Wirchenko)
Flashback Mac trojan is back with new and improved exploit strategy
  (Jacqui Cheng via Monty Solomon)
Re: Armored SUV (David Lesher)
Washington Post's Ombudsman's Mea Culpa regarding origins of e-mail
  (Lauren Weinstein)
Re: Google Mobile Phone Tracker (Matthew Kruk)
EVT/WOTE 2012 call for participation (Jeremy Epstein)
Abridged info on RISKS (comp.risks)


Date: Wed, 29 Feb 2012 14:30:09 -0500 (EST)
From: msb_at_private (Mark Brader)
Subject: Risks of Leap Years and Dumb Digital Watches

All right now, how many people reading this:

[1] saw a previous version of this message in RISKS-6.34, 13.21, 17.81,
    20.83, 23.24, and/or 25.07?

[2] still wear a wristwatch instead of using a cellphone or something
    as a pocket watch?

[3] have the kind that needs to be set back a day because (unlike the
    smarter types that track the year) it went directly from February 28
    to March 1?


[4] *hadn't realized it yet*?

Me, I remembered around 11:50 pm, but could do nothing about it then -- and
didn't remember *again* until nearly 12 hours later.

  ["Deja vu all over again" is Standard here! PGN]


Date: Thu, 1 Mar 2012 07:38:56 -0000
From: "David J Taylor" <david-taylor_at_private>
Subject: Windsat Data Outage 29 Feb 2012

Product Outage/Anomaly: Windsat Data Outage:  Issued February 29, 2012,

  *Topic:*: Windsat data will not be available
  ***Date/Time**:*February  29,  2012, 1229 UTC*
* Product(s) or Data Impacted:*Windsat data**
* Date/Time of Initial Impact: *February 29,  2012  0000 UTC**
* Date/Time of Expected End: *  March 01, 2012  0000 UTC
* Length of Outage:*  24 hours
* Details/Specifics of Change:*FNMOC/MONTEREY has informed ESPC that
  because of the leap year, Windsat data will be unavailable for 24 hours.

*Contact Information for Further Information:* ESPC Operations at
ESPCOperations_at_private and 301-817-3880 **


Date: Fri, 02 Mar 2012 09:55:15 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "Windows Azure Leap-Year Glitch Takes Down G-Cloud" (Steve McCaskill)

  In the "When will they ever learn?" department:

Steve McCaskill, Windows Azure Leap-Year Glitch Takes Down G-Cloud;
Microsoft says that most services have now returned to normal after a day of
chaos, *Tech Week Europe*, 1 Mar 2012,

Microsoft has confirmed that a service outage that affected its cloud
computing service Microsoft Azure, appears to be caused by a leap year bug.


Date: Wed, 29 Feb 2012 15:29:57 +1100
From: Don Gingrich <gingrich_at_private>
Subject: Aussie leap-year problems

I can hardly believe that there are leap-year problems, but both the system
used for processing health insurance claims and one of the major banks seem
to have stuffed it up.

Medical insurance claims:


ATMs at Commonwealth Bank:


I would have thought that this was sorted a long time ago. I was wrong.


Date: Thu, 1 Mar 2012 22:10:35 +0100
From: Benoit Goas <goasben_at_private>
Subject: Defibrillator risks

I just read an article in the IEEE *Spectrum* and so many risks are
hinted/listed that even if I only read the forum once in a while without
having subscribed, I think it may interest some other readers!


Date: Sun, 4 Mar 2012 6:30:08 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: Internet voting redux

The Voting News Weekly for February 27 - March 4 2012, 4 Mar 2012
The Voting News Weekly is a service of the Verified Voting Foundation.
  [This long, well documented, and extremely informative item has been
  truncated for RISKS.  VVF is an extremely worthy organization devoted to
  election integrity.  PGN]

Computerworld reported on discussions of Internet voting at the RSA computer
security conference. Doug Chapin observed that while the latest felony voter
fraud stunt (this time in New Mexico) was possible in was nevertheless still
wrong. PolitiFact Florida determined that Stephen Colbert's observation that
shark attacks are more common than voter fraud was "mostly true." Advocates
for Latino voting rights criticized redistricting maps drawn by a Federal
court. The majority Tory Party in Canada was implicated in robocall scheme
aimed at suppressing voter turnout in Ontario. With all genuine opposition
to the Supreme Council banished, different conservative factions vied in
Iran's Presidential election, while Vladimir Putin is expected to win
re-election in an election widely perceived by many Russians and outside
observers as unfair and Senegal is headed for a run-off after no candidates
received a majority of the vote in their Presidential election.


Date: Thu, 1 Mar 2012 17:37:51 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: Internet Voting a "disaster in waiting"

Internet voting systems too insecure, researcher warns

  "Internet voting systems are inherently insecure and should not be allowed
  in the upcoming general elections, a noted security researcher said at the
  RSA Conference 2012 being held here this week.  David Jefferson, a
  computer scientist at Lawrence Livermore National Laboratories and
  chairman of the election watchdog group Verified Voting, called on
  election officials around the country to drop plans to allow an estimated
  3.5 million voters to cast their ballots over the Internet in this year's
  general elections."  http://j.mp/yHJ2nU  (Computerworld)

Nothing fundamentally has changed to make Internet Voting any less
insecure since I wrote "Hacking the Vote" in 2000:

http://j.mp/w2qhSp  (Nettime)


Date: Mon, 12 Mar 2012 9:17:39 PDT
From: David Jefferson <d_jefferson_at_private>
Subject: Another video of Alex Halderman on Internet voting

A new video has been released of Prof. Alex Halderman at the RSA conference
last week describing the attack on the D.C. Internet voting system and the
general problem of Internet voting security.  This is one of the most
articulate, most compact presentations of the subject ever offered.  The
video runs 8 minutes.



Date: Mon, 27 Feb 2012 15:11:23 -0500
From: Joseph Lorenzo Hall <joehall_at_private>
Subject: Board of Elections does nothing as hundreds of Bronx votes go missing

This is about the most amazing story of a malfunction (I think!) laid
bare that I've ever seen in my work on voting systems! best, Joe

On 27 Feb 2012,  John Travis <TravisJ_at_private> wrote:
> Board of Elections does nothing as hundreds of Bronx votes go missing
> Ignores warnings of busted ballot scanner
> *NEW YORK DAILY NEWS*, 27 Feb 2012
> http://www.nydailynews.com/opinion/voters-damned-article-1.1028275#ixzz1nb60Oaz2
> The Board of Elections' highest duty is to ensure that New Yorkers get a
> straight count when they exercise the franchise. The patronage-ridden
> cesspool can't even do that.
> More than six months ago, voting experts at New York University Law School's
> Brennan Center detected an alarming pattern at one polling place in the
> South Bronx:
> The tallies from the electronic scanning machines at Public School 65
> included high proportions of invalidated votes.
> There were two possibilities: Either huge numbers of voters had improperly
> filled out their ballots, or at least one of the scanners had gone haywire.
> The board did nothing. Actually, the board did worse than nothing. It
> refused to check -- even when asked to do so by state election officials.
> Using the Freedom of Information Law, this editorial page then demanded the
> right to inspect ballots cast at PS 65 in the 2010 primary and general
> elections -- the ones that put Gov. Cuomo into office.
> The board complied, marking what may be the first time members of the public
> in New York State have been given permission to look over cast ballots and
> review how they were counted.
> All too predictably, we discovered that voters had done their part
> correctly, while one of the three scanners at PS 65 misread and miscounted
> votes. Here are the disgraceful findings:
> In the September primary, the scanner processed 103 ballots and made errors
> on 69 of them, a failure rate approaching 70%.
> In the November general election, the scanner handled 289 ballots and
> misread votes on 156 of them, a 54% failure rate.
> The errors occurred in identifying so-called overvotes. These happen when
> voters fill in two ballot ovals for different candidates in the same race,
> darkening one for, say, Cuomo and the other for opponent Carl Paladino.
> Presented with the conflicting marks, a scanner alerts the voter with an
> on-screen message that gives two choices: Correct the ballot or proceed. If
> the voter proceeds, the machine invalidates the vote in that race. Neither
> Cuomo nor Paladino would be credited with a vote.
> Time after time, looking at photographic images of the ballots that are
> recorded by the scanners, we found ballots that were perfectly filled out:
> one vote for Cuomo, one vote for Eric Schneiderman, then running for
> attorney general, one vote for Kirsten Gillibrand, running for Senate.
> And, time after time, we also saw that the machine had registered overvotes
> where none existed. For example, detecting a valid Cuomo vote while also
> recording phantom votes for Paladino and for the five other lesser-known
> candidates, plus a write-in.
> In those circumstances, the machine invalidated proper votes.
> On other ballots, voters chose not to fill out an oval in a particular race
> -- and the machine recorded that they had filled one in. For example, a voter
> opted to skip the contest between Gillibrand and Democratic primary
> challenger Gail Goode -- but the scanner scored a vote for Goode.
> The board and the scanner supplier, Election Systems & Software, swear the
> machines are accurate. Really? And that the machines are calibrated and
> tested before every Election Day. Really?
> That's not what happened -- and the failures occurred twice. There must a
> complete investigation by an independent authority that examines the faulty
> machine and goes far into checking on the possibility of broader undetected
> failures.
> The Board of Elections cannot be trusted with the inquiry. It's an outdated,
> unaccountable, mismanaged operation dominated by the Democratic and
> Republican parties. It should be put out of its misery -- and the public's
> -- to be replaced by a professional, nonpartisan [non?]bureaucracy.
> Read more:
> http://www.nydailynews.com/opinion/voters-damned-article-1.1028275#ixzz1nb5sB4hP

> John Travis, Research Associate, Democracy Program, john.travis_at_private
> Brennan Center for Justice at NYU School of Law
> 161 Avenue of the Americas, 12th Floor, New York, New York 10013
> (646) 292-8349

Joseph Lorenzo Hall, Postdoctoral Research Fellow, Media, Culture and
Communication, New York University  https://josephhall.org/


Date: Wed, 14 Mar 2012 17:18:58 PDT
From: "Peter G. Neumann" <neumann_at_private>
Subject: First enforcement action under HITECH Breach Notification Rule

Thanks to Deborah Peel of PatientPrivacyRights.org [PGN-ed]

The Office of Civil Rights in the Dept of Health and Human Services (OCR)
slapped the wrist of BCBS of Tennessee.  One million people's protected
health information was breached because Blue Cross Blue Shield (BCBS) of
Tennessee violated data security laws. The fine cost BCBS a little more than
$1.00 per person -- hardly a deterrent to other corporations or adequate
punishment.  However, that is the highest possible fine permitted by law
(HITECH).  But criminal charges could have been filed for "willful
disregard". OCR's finding that legally-required "adequate administrative and
physical safeguards" were lacking is evidence of "willful neglect".

Worst of all, the one million victims received NO protection against future
ID theft or medical ID theft. *OCR could have also required BCBS to
mitigate future patient harms, but didn't*. New technologies can protect
against medical ID theft by enabling patients to review all new claims, so
they can detect and prevent fraudulent claims and erroneous data from being
entered into their records.

Why didn't OCR propose that BCBS adopt remedies to protect the patients
whose records were breached from further misuse and theft?  Shouldn't OCR
help protect victims?


Date: Wed, 14 Mar 2012 11:29:40 -0400
From: ACM TechNews <technews_at_private>
Subject: The Hidden Risk of a Meltdown in the Cloud

*Technology Review* 13 Mar 2012, via ACM TechNews, Wednesday, March 14, 2012

Despite the rising popularity of cloud-based computing, the risks of a
full-scale cloud migration have yet to be properly explored, says Yale
University professor Bryan Ford.  He notes that in the worst-case scenario,
a cloud could experience a full meltdown that could seriously threaten any
business that relies on it.  "This simplistic example might be unlikely to
occur in exactly this form on real systems--or might be quickly detected and
'fixed' during development and testing--but it suggests a general risk,"
Ford says.  He notes, for example, that a lack of transparency between
different cloud providers could lead to conflicting internal control loop
cycles.  "Non-transparent layering structures ... may create unexpected and
potentially catastrophic failure correlations, reminiscent of financial
industry crashes," Ford warns.  A more general risk occurs when systems are
complex because unrelated parts become intertwined in unexpected ways.  He
notes that only recently have industry experts begun to realize that bizarre
and unpredictable behavior often occurs in systems consisting of networks of
networks.  "We should study [these unrecognized risks] before our
socioeconomic fabric becomes inextricably dependent on a convenient but
potentially unstable computing model," Ford says.


Date: Thu, 15 Mar 2012 17:37:22 -0400
From: David Farber <dave_at_private>
Subject: Jonathan Zittrain on Data tracking (Alexander Furnas)

It's Not All About You: What Privacy Advocates Don't Get About
 Data Tracking on the Web - Alexander Furnas - Technology - The Atlantic


Jonathan Zittrain noted last summer, "If what you are getting online is for
free, you are not the customer, you are the product." This is just a fact:
The Internet of free platforms, free services and free content is wholly
subsidized by targeted advertising, the efficacy (and thus profitability) of
which relies on collecting and mining user data. We experience this
commodification of our attention everyday in virtually everything we do
online, whether it's searching, checking email, using Facebook or reading
The Atlantic Technology section on this site. That is to say, right now you
are a product.


Date: Thu, 01 Mar 2012 10:38:00 -0800
From: Gene Wirchenko <genew_at_private>
Subject: "Bodog case could affect all Canadian sites using U.S. domains"

Christine Wong, What the U.S. takedown of billionaire Canadian Calvin Ayre
could mean for other Canadian Web domains registered via the U.S.-based top
level domains.  *IT Business*, 29 Feb 2012

opening text:

The shutdown of a Canadian billionaire's online gambling Web site shows the
U.S. government is willing to assert its legal authority over Internet
properties outside American boundaries -- even those based in Canada, a
Toronto domain name registrar warns.

Saskatchewan-born Calvin Ayre, 50, and three of his associates were charged
Tuesday with allegedly operating an online gambling site, a practice
outlawed in the U.S. in 2006. The charges were filed in a federal court in

The case raises questions about Internet sovereignty because U.S. officials
were able to take the site, Bodog.com, off the Net even though it's owned by
a Canadian and operated out of various offices overseas.


Date: Mar 16, 2012 8:30 PM
From: "Randall Webmail" <rvh40_at_private>
Subject: Not even a tiny bit creepy. After all, Orwell WAS British, no?
  (Eric Pfeiffer)

Cameras at U.K. gas stations will block uninsured drivers from refueling
Eric Pfeiffer, The Sideshow, 14 Mar 2012, From johnmacsgroup

A new plan from the British government will use closed-circuit television
(CCTV) cameras at gas stations that will automatically prevent uninsured
drivers from filling up their gas tanks -- that is, until their vehicle
information has been logged in the system.  *The Mirror* reports that the
plan is meant to address the 1.4 million uninsured motorists in Britain and
act as a deterrent. That may not sound like a huge number compared with the
estimated 13.8 percent of uninsured American motorists, but the 1.4 million
figure represents four percent of all U.K. drivers. ...



Date: Tue, 13 Mar 2012 08:23:30 -0700
From: Gene Wirchenko <genew_at_private>
Subject: "Thieves use victims' SIM cards to hack into online banking"

Web security firm Trusteer has uncovered a new method used by
cybercriminals to infiltrate online banking security.
3/13/2012 12:01:00 AM By: ITBusiness Staff


Date: Sat, 25 Feb 2012 09:22:28 +0100
From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de>
Subject: Re: GPS jamming: a clear and present reality (Saffo, RISKS-26.74)
  Plus Fukushima and infrastructure CyberSecurity issues

It is an important topic! It has much more worrying consequences than
people's and vehicles' movements being tracked by third parties.

The UK's Royal Academy of Engineering (RAEng) published a report a year ago
on the vulnerabilities of critical infrastructure to Global Navigation
Satellite System (GNSS) disruptions. GNSS is a generic term for systems of
which GPS is one, GLONASS another and Galileo to be a third.

The Committee that produced the report was chaired by Martyn Thomas (MT),
who contributes regularly to RISKS (RISKS). The news got rather lost; it was
headlined in the United Kingdom (UK) the day before the Tohoku earthquake
(Martyn's 15 minutes of fame on the front page of the British Broadcasting
Corporation's (BBC) World-Wide Web (WWW) site :-) )

Martyn recently (7 Feb 2012) gave a Keynote talk on the topic to the 20th
Safety-Critical Systems Symposium (SSS'12) in Bristol, which was filmed by
the Institution of Engineering and Technology (IET) for its archives. I find
Martyn a very entertaining as well as informative speaker, and I encourage
people to look at the film.

Martyn's Talk on IET.tv: http://scpro.streamuk.com/uk/player/Default.aspx?wid=12667&ptid=32&t=0
RAEng news release: http://www.raeng.org.uk/news/releases/shownews.htm?NewsID=633
Report (read it!!):
Google Preview of SSS'12 paper: http://www.scsc.org.uk/p116

Some more RISKy issues:

Readers/viewers might also like to check out an IET.tv film on the Fukushima
Daiichi accident at the same conference by a certain PBL. Chris Johnson's
talk was not filmed, but his paper on CyberSafety and CyberSecurity is
available at
http://www.dcs.gla.ac.uk/~johnson/papers/IET_2011/CyberSafety.pdf .

Unfortunately you can't necessarily see Google previews of all the content
of all these papers on the Safety Critical Systems Club (SCSC) Web site
because of restrictions listed there. I was, however, able to reach
agreement with the proceedings publisher, Springer Verlag, to present my
paper on the WWW in perpetuity, for which I thank Springer. My paper is at
and the myriad references are all hyperlinked.

Peter Bernard Ladkin, Causalis Limited and University of Bielefeld, Germany
www.causalis.com  www.rvs.uni-bielefeld.de


Date: Wed, 7 Mar 2012 9:34:35 PST
From: "Peter G. Neumann" <neumann_at_private>
Subject: More on do-it-yourself drones

Drones by mail:

Also available on Amazon.com.


Date: Fri, 16 Mar 2012 09:35:58 -0700
From: Gene Wirchenko <genew_at_private>
Subject: Facebook, Apple, Twitter, Yelp, 14 others sued for privacy-invading
  mobile apps (Jaikumar Vijayan)

Jaikumar Vijayan, Class action suit charges 18 firms with surreptitiously
taking user data. *IT Business*, 15 Mar 2012


Date: Fri, 24 Feb 2012 13:28:49 -0500
From: Monty Solomon <monty_at_private>
Subject: Flashback Mac trojan is back with new and improved exploit strategy

Jacqui Cheng, Arstechnica

The "Flashback" Mac trojan is back, and it's smarter than ever. Mac security
company Intego says the latest variant, Flashback.G, uses three new methods
in order to make its way onto Macs, though it won't install itself at all if
it detects a number of antivirus or anti-malware security programs already
installed. ...



Date: Fri, 24 Feb 2012 22:31:16 -0500 (EST)
From: wb8foz_at_private (David Lesher)
Subject: Re: Armored SUV -  Risks-26.73

>The door locks popped open.
>  [However, defaulting to all doors locked without manual overrides in cases
>  of loss of power or fire is also not a happy choice.]

Indeed, I believe it was CarTalk who related the saga of leaving a sleeping
grandfather in a BMW and locking the door.  When he woke up, he could not
exit the car, period.

Further, I checked with a friend whose job has involved riding
in such Suburbans for USG elsewhere in the world, and he
remembers a clear UNLOCK OVERRIDE switch on the dashboard.


Date: Mar 15, 2012 8:36 AMF
rom: "Monty Solomon" <monty_at_private>
Subject: Inside the Stratfor Attack (via Dave Farber's IP)

Nicole Perlroth, 12 Mar 2012

Last December, a group of hackers quietly orchestrated an attack on Stratfor
Global Intelligence Service, a company based in Austin, Tex., that analyzes
geopolitical risk and publishes a newsletter for various clients, among them
the Departments of Homeland Security and Defense. The hackers breached the
company's network and, once inside, confided in their fellow hacker, Hector
Xavier Monsegur, and, as it turns out, the Federal Bureau of Investigation.

Six months earlier, in June, the F.B.I. had arrested Mr. Monsegur and
turned him into an informant. With his help, four hackers in Britain
and Ireland were charged last Tuesday with computer crimes; a fifth
man was arrested Monday in Chicago. Using the information he passed
along, F.B.I. officials said it was able to thwart attacks on roughly
300 private companies and government agencies.

But with Stratfor, they were not so lucky. ...



Date: Thu, 1 Mar 2012 20:01:20 -0800
From: Lauren Weinstein <lauren_at_private>
Subject: Washington Post's Ombudsman's Mea Culpa regarding origins of e-mail

http://j.mp/wkRFq8  (*The Washington Post*)

  "V.A. Shiva Ayyadurai is a clever man, with MIT credentials, and a good
  sense of public relations plus a P.R. firm working with him. A press
  release by that P.R. firm got a young reporter/editor interested in his
  donation of his "EMAIL" documents to a well-respected D.C.  institution,
  The Smithsonian's Museum of American History. Kolawole's interviews with
  Ayyadurai convinced her that he was interesting and worthy of a profile
  and online video interviews."

Patrick Pexton's detailed mea culpa is honorable.

  [In case you have not heard of Tom Van Vleck and Noel Morris and their
  CTSS e-mail system at MIT from the mid-1960s, see this blog item from
  Noel's brother, film-maker Erol Morris:


Date: Sun, 26 Feb 2012 02:54:28 -0700
From: "Matthew Kruk" <mkrukg_at_private>
Subject: Re: Google Mobile Phone Tracker (RISKS-26.73,74)

Likewise my apologies.  This came to me from a "trusted source" and I
forwarded to Risks without performing additional checks beforehand.  Like
Peter, it was an early morning etc.

But I must note that I originally found it possibly "real" ...  consider:

- Cellphone GPS info is available.
- Cellphones have information such as their phone numbers and other personal
- Map information is available via GPS location

So, for sincere discussion, how long before someone puts all of this
together and generates an app to track users by phone number?

Maybe I'm too cynical and have lived too long on this planet.

Again, my sincere apologies to Peter and RISKS readers for the initial post.


Date: Thu, 15 Mar 2012 20:08:33 -0400
From: Jeremy Epstein <jeremy.j.epstein_at_private>
Subject: EVT/WOTE 2012 call for participation
Looking forward to seeing many of you in Seattle this summer!


  [This is the pre-eminent combined conference/workshop for those seriously
  interested in election integrity, associated with USENIX Security.  PGN]


Date: Mon, 6 Jun 2011 20:01:16 -0900
From: RISKS-request_at_private
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe_at_private or risks-unsubscribe_at_private
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 The full info file may appear now and then in RISKS issues.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall_at_private>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 26.75
Received on Sun Mar 18 2012 - 16:33:23 PDT

This archive was generated by hypermail 2.2.0 : Sun Mar 18 2012 - 17:09:38 PDT