RISKS-LIST: Risks-Forum Digest Sunday 18 March 2012 Volume 26 : Issue 75 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.75.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [Bin travlin'. Baklogged. RISKS Bakson. PGN] Risks of Leap Years and Dumb Digital Watches (Mark Brader) Windsat Data Outage 29 Feb 2012 (David J Taylor) "Windows Azure Leap-Year Glitch Takes Down G-Cloud" (Steve McCaskill via Gene Wirchenko) Aussie leap-year problems (Don Gingrich) Defibrillator risks (Benoit Goas) Internet voting redux (VVW via PGN) Internet Voting a "disaster in waiting" (Lauren Weinstein) Another video of Alex Halderman on Internet voting (David Jefferson) Board of Elections does nothing as hundreds of Bronx votes go missing (Joseph Lorenzo Hall) First enforcement action under HITECH Breach Notification Rule (Deborah Peel via PGN) The Hidden Risk of a Meltdown in the Cloud (ACM TechNews) Jonathan Zittrain on Data tracking (Alexander Furnas via David Farber) "Bodog case could affect all Canadian sites using U.S. domains" (Christine Wong via Gene Wirchenko) Not even a tiny bit creepy. After all, Orwell WAS British, no? (Eric Pfeiffer via Randall) "Thieves use victims' SIM cards to hack into online banking" (Gene Wirchenko) Re: GPS jamming: a clear and present reality, Plus Fukushima and infrastructure CyberSecurity issues (Peter Bernard Ladkin) More on do-it-yourself drones (PGN) Facebook, Apple, Twitter, Yelp, 14 others sued for privacy-invading mobile apps (Jaikumar Vijayan via Gene Wirchenko) Flashback Mac trojan is back with new and improved exploit strategy (Jacqui Cheng via Monty Solomon) Re: Armored SUV (David Lesher) Washington Post's Ombudsman's Mea Culpa regarding origins of e-mail (Lauren Weinstein) Re: Google Mobile Phone Tracker (Matthew Kruk) EVT/WOTE 2012 call for participation (Jeremy Epstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 29 Feb 2012 14:30:09 -0500 (EST) From: msb_at_private (Mark Brader) Subject: Risks of Leap Years and Dumb Digital Watches All right now, how many people reading this: [1] saw a previous version of this message in RISKS-6.34, 13.21, 17.81, 20.83, 23.24, and/or 25.07? [2] still wear a wristwatch instead of using a cellphone or something as a pocket watch? [3] have the kind that needs to be set back a day because (unlike the smarter types that track the year) it went directly from February 28 to March 1? and [4] *hadn't realized it yet*? Me, I remembered around 11:50 pm, but could do nothing about it then -- and didn't remember *again* until nearly 12 hours later. ["Deja vu all over again" is Standard here! PGN] ------------------------------ Date: Thu, 1 Mar 2012 07:38:56 -0000 From: "David J Taylor" <david-taylor_at_private> Subject: Windsat Data Outage 29 Feb 2012 Product Outage/Anomaly: Windsat Data Outage: Issued February 29, 2012, 1229 UTC (CORRECTION) *Topic:*: Windsat data will not be available ***Date/Time**:*February 29, 2012, 1229 UTC* * Product(s) or Data Impacted:*Windsat data** * Date/Time of Initial Impact: *February 29, 2012 0000 UTC** * Date/Time of Expected End: * March 01, 2012 0000 UTC * Length of Outage:* 24 hours * Details/Specifics of Change:*FNMOC/MONTEREY has informed ESPC that because of the leap year, Windsat data will be unavailable for 24 hours. *Contact Information for Further Information:* ESPC Operations at ESPCOperations_at_private and 301-817-3880 ** ------------------------------ Date: Fri, 02 Mar 2012 09:55:15 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Windows Azure Leap-Year Glitch Takes Down G-Cloud" (Steve McCaskill) In the "When will they ever learn?" department: Steve McCaskill, Windows Azure Leap-Year Glitch Takes Down G-Cloud; Microsoft says that most services have now returned to normal after a day of chaos, *Tech Week Europe*, 1 Mar 2012, http://www.techweekeurope.co.uk/news/windows-azure-leap-year-glitch-takes-down-g-cloud-63920 Microsoft has confirmed that a service outage that affected its cloud computing service Microsoft Azure, appears to be caused by a leap year bug. ------------------------------ Date: Wed, 29 Feb 2012 15:29:57 +1100 From: Don Gingrich <gingrich_at_private> Subject: Aussie leap-year problems I can hardly believe that there are leap-year problems, but both the system used for processing health insurance claims and one of the major banks seem to have stuffed it up. Medical insurance claims: http://www.theage.com.au/business/leap-year-blamed-for-hicaps-stumble-20120229-1u1z7.html ATMs at Commonwealth Bank: http://www.theage.com.au/business/commbank-atms-crash-nationwide-20120229-1u1q9.html I would have thought that this was sorted a long time ago. I was wrong. ------------------------------ Date: Thu, 1 Mar 2012 22:10:35 +0100 From: Benoit Goas <goasben_at_private> Subject: Defibrillator risks I just read an article in the IEEE *Spectrum* and so many risks are hinted/listed that even if I only read the forum once in a while without having subscribed, I think it may interest some other readers! http://spectrum.ieee.org/biomedical/devices/the-shocking-truth-about-defibrillators/0 ------------------------------ Date: Sun, 4 Mar 2012 6:30:08 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Internet voting redux The Voting News Weekly for February 27 - March 4 2012, 4 Mar 2012 The Voting News Weekly is a service of the Verified Voting Foundation. [This long, well documented, and extremely informative item has been truncated for RISKS. VVF is an extremely worthy organization devoted to election integrity. PGN] Computerworld reported on discussions of Internet voting at the RSA computer security conference. Doug Chapin observed that while the latest felony voter fraud stunt (this time in New Mexico) was possible in was nevertheless still wrong. PolitiFact Florida determined that Stephen Colbert's observation that shark attacks are more common than voter fraud was "mostly true." Advocates for Latino voting rights criticized redistricting maps drawn by a Federal court. The majority Tory Party in Canada was implicated in robocall scheme aimed at suppressing voter turnout in Ontario. With all genuine opposition to the Supreme Council banished, different conservative factions vied in Iran's Presidential election, while Vladimir Putin is expected to win re-election in an election widely perceived by many Russians and outside observers as unfair and Senegal is headed for a run-off after no candidates received a majority of the vote in their Presidential election. ------------------------------ Date: Thu, 1 Mar 2012 17:37:51 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Internet Voting a "disaster in waiting" Internet voting systems too insecure, researcher warns "Internet voting systems are inherently insecure and should not be allowed in the upcoming general elections, a noted security researcher said at the RSA Conference 2012 being held here this week. David Jefferson, a computer scientist at Lawrence Livermore National Laboratories and chairman of the election watchdog group Verified Voting, called on election officials around the country to drop plans to allow an estimated 3.5 million voters to cast their ballots over the Internet in this year's general elections." http://j.mp/yHJ2nU (Computerworld) Nothing fundamentally has changed to make Internet Voting any less insecure since I wrote "Hacking the Vote" in 2000: http://j.mp/w2qhSp (Nettime) ------------------------------ Date: Mon, 12 Mar 2012 9:17:39 PDT From: David Jefferson <d_jefferson_at_private> Subject: Another video of Alex Halderman on Internet voting A new video has been released of Prof. Alex Halderman at the RSA conference last week describing the attack on the D.C. Internet voting system and the general problem of Internet voting security. This is one of the most articulate, most compact presentations of the subject ever offered. The video runs 8 minutes. http://it.slashdot.org/story/12/03/10/2351259/prof-j-alex-halderman-tells-us-why-internet-based-voting-is-a-bad-idea-video?utm_source=rss1.0moreanon&utm_medium=feed ------------------------------ Date: Mon, 27 Feb 2012 15:11:23 -0500 From: Joseph Lorenzo Hall <joehall_at_private> Subject: Board of Elections does nothing as hundreds of Bronx votes go missing This is about the most amazing story of a malfunction (I think!) laid bare that I've ever seen in my work on voting systems! best, Joe On 27 Feb 2012, John Travis <TravisJ_at_private> wrote: > Board of Elections does nothing as hundreds of Bronx votes go missing > Ignores warnings of busted ballot scanner > *NEW YORK DAILY NEWS*, 27 Feb 2012 > http://www.nydailynews.com/opinion/voters-damned-article-1.1028275#ixzz1nb60Oaz2 > > The Board of Elections' highest duty is to ensure that New Yorkers get a > straight count when they exercise the franchise. The patronage-ridden > cesspool can't even do that. > > More than six months ago, voting experts at New York University Law School's > Brennan Center detected an alarming pattern at one polling place in the > South Bronx: > > The tallies from the electronic scanning machines at Public School 65 > included high proportions of invalidated votes. > > There were two possibilities: Either huge numbers of voters had improperly > filled out their ballots, or at least one of the scanners had gone haywire. > The board did nothing. Actually, the board did worse than nothing. It > refused to check -- even when asked to do so by state election officials. > > Using the Freedom of Information Law, this editorial page then demanded the > right to inspect ballots cast at PS 65 in the 2010 primary and general > elections -- the ones that put Gov. Cuomo into office. > > The board complied, marking what may be the first time members of the public > in New York State have been given permission to look over cast ballots and > review how they were counted. > > All too predictably, we discovered that voters had done their part > correctly, while one of the three scanners at PS 65 misread and miscounted > votes. Here are the disgraceful findings: > > In the September primary, the scanner processed 103 ballots and made errors > on 69 of them, a failure rate approaching 70%. > > In the November general election, the scanner handled 289 ballots and > misread votes on 156 of them, a 54% failure rate. > > The errors occurred in identifying so-called overvotes. These happen when > voters fill in two ballot ovals for different candidates in the same race, > darkening one for, say, Cuomo and the other for opponent Carl Paladino. > > Presented with the conflicting marks, a scanner alerts the voter with an > on-screen message that gives two choices: Correct the ballot or proceed. If > the voter proceeds, the machine invalidates the vote in that race. Neither > Cuomo nor Paladino would be credited with a vote. > > Time after time, looking at photographic images of the ballots that are > recorded by the scanners, we found ballots that were perfectly filled out: > one vote for Cuomo, one vote for Eric Schneiderman, then running for > attorney general, one vote for Kirsten Gillibrand, running for Senate. > > And, time after time, we also saw that the machine had registered overvotes > where none existed. For example, detecting a valid Cuomo vote while also > recording phantom votes for Paladino and for the five other lesser-known > candidates, plus a write-in. > > In those circumstances, the machine invalidated proper votes. > > On other ballots, voters chose not to fill out an oval in a particular race > -- and the machine recorded that they had filled one in. For example, a voter > opted to skip the contest between Gillibrand and Democratic primary > challenger Gail Goode -- but the scanner scored a vote for Goode. > > The board and the scanner supplier, Election Systems & Software, swear the > machines are accurate. Really? And that the machines are calibrated and > tested before every Election Day. Really? > > That's not what happened -- and the failures occurred twice. There must a > complete investigation by an independent authority that examines the faulty > machine and goes far into checking on the possibility of broader undetected > failures. > > The Board of Elections cannot be trusted with the inquiry. It's an outdated, > unaccountable, mismanaged operation dominated by the Democratic and > Republican parties. It should be put out of its misery -- and the public's > -- to be replaced by a professional, nonpartisan [non?]bureaucracy. > > Read more: > http://www.nydailynews.com/opinion/voters-damned-article-1.1028275#ixzz1nb5sB4hP > John Travis, Research Associate, Democracy Program, john.travis_at_private > Brennan Center for Justice at NYU School of Law > 161 Avenue of the Americas, 12th Floor, New York, New York 10013 > (646) 292-8349 Joseph Lorenzo Hall, Postdoctoral Research Fellow, Media, Culture and Communication, New York University https://josephhall.org/ ------------------------------ Date: Wed, 14 Mar 2012 17:18:58 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: First enforcement action under HITECH Breach Notification Rule Thanks to Deborah Peel of PatientPrivacyRights.org [PGN-ed] The Office of Civil Rights in the Dept of Health and Human Services (OCR) slapped the wrist of BCBS of Tennessee. One million people's protected health information was breached because Blue Cross Blue Shield (BCBS) of Tennessee violated data security laws. The fine cost BCBS a little more than $1.00 per person -- hardly a deterrent to other corporations or adequate punishment. However, that is the highest possible fine permitted by law (HITECH). But criminal charges could have been filed for "willful disregard". OCR's finding that legally-required "adequate administrative and physical safeguards" were lacking is evidence of "willful neglect". Worst of all, the one million victims received NO protection against future ID theft or medical ID theft. *OCR could have also required BCBS to mitigate future patient harms, but didn't*. New technologies can protect against medical ID theft by enabling patients to review all new claims, so they can detect and prevent fraudulent claims and erroneous data from being entered into their records. Why didn't OCR propose that BCBS adopt remedies to protect the patients whose records were breached from further misuse and theft? Shouldn't OCR help protect victims? ------------------------------ Date: Wed, 14 Mar 2012 11:29:40 -0400 From: ACM TechNews <technews_at_private> Subject: The Hidden Risk of a Meltdown in the Cloud *Technology Review* 13 Mar 2012, via ACM TechNews, Wednesday, March 14, 2012 Despite the rising popularity of cloud-based computing, the risks of a full-scale cloud migration have yet to be properly explored, says Yale University professor Bryan Ford. He notes that in the worst-case scenario, a cloud could experience a full meltdown that could seriously threaten any business that relies on it. "This simplistic example might be unlikely to occur in exactly this form on real systems--or might be quickly detected and 'fixed' during development and testing--but it suggests a general risk," Ford says. He notes, for example, that a lack of transparency between different cloud providers could lead to conflicting internal control loop cycles. "Non-transparent layering structures ... may create unexpected and potentially catastrophic failure correlations, reminiscent of financial industry crashes," Ford warns. A more general risk occurs when systems are complex because unrelated parts become intertwined in unexpected ways. He notes that only recently have industry experts begun to realize that bizarre and unpredictable behavior often occurs in systems consisting of networks of networks. "We should study [these unrecognized risks] before our socioeconomic fabric becomes inextricably dependent on a convenient but potentially unstable computing model," Ford says. http://www.technologyreview.com/blog/arxiv/27642/ ------------------------------ Date: Thu, 15 Mar 2012 17:37:22 -0400 From: David Farber <dave_at_private> Subject: Jonathan Zittrain on Data tracking (Alexander Furnas) It's Not All About You: What Privacy Advocates Don't Get About Data Tracking on the Web - Alexander Furnas - Technology - The Atlantic http://www.theatlantic.com/technology/archive/2012/03/its-not-all-about-you-what-privacy-advocates-dont-get-about-data-tracking-on-the-web/254533/#.T2JeAt-uWRY.email Jonathan Zittrain noted last summer, "If what you are getting online is for free, you are not the customer, you are the product." This is just a fact: The Internet of free platforms, free services and free content is wholly subsidized by targeted advertising, the efficacy (and thus profitability) of which relies on collecting and mining user data. We experience this commodification of our attention everyday in virtually everything we do online, whether it's searching, checking email, using Facebook or reading The Atlantic Technology section on this site. That is to say, right now you are a product. ------------------------------ Date: Thu, 01 Mar 2012 10:38:00 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Bodog case could affect all Canadian sites using U.S. domains" Christine Wong, What the U.S. takedown of billionaire Canadian Calvin Ayre could mean for other Canadian Web domains registered via the U.S.-based top level domains. *IT Business*, 29 Feb 2012 http://www.itbusiness.ca/it/client/en/home/News.asp?id=66320 opening text: The shutdown of a Canadian billionaire's online gambling Web site shows the U.S. government is willing to assert its legal authority over Internet properties outside American boundaries -- even those based in Canada, a Toronto domain name registrar warns. Saskatchewan-born Calvin Ayre, 50, and three of his associates were charged Tuesday with allegedly operating an online gambling site, a practice outlawed in the U.S. in 2006. The charges were filed in a federal court in Maryland. The case raises questions about Internet sovereignty because U.S. officials were able to take the site, Bodog.com, off the Net even though it's owned by a Canadian and operated out of various offices overseas. ------------------------------ Date: Mar 16, 2012 8:30 PM From: "Randall Webmail" <rvh40_at_private> Subject: Not even a tiny bit creepy. After all, Orwell WAS British, no? (Eric Pfeiffer) Cameras at U.K. gas stations will block uninsured drivers from refueling Eric Pfeiffer, The Sideshow, 14 Mar 2012, From johnmacsgroup A new plan from the British government will use closed-circuit television (CCTV) cameras at gas stations that will automatically prevent uninsured drivers from filling up their gas tanks -- that is, until their vehicle information has been logged in the system. *The Mirror* reports that the plan is meant to address the 1.4 million uninsured motorists in Britain and act as a deterrent. That may not sound like a huge number compared with the estimated 13.8 percent of uninsured American motorists, but the 1.4 million figure represents four percent of all U.K. drivers. ... http://news.yahoo.com/blogs/sideshow/cameras-u-k-gas-stations-block-uninsur= ed-drivers-155857252.html ------------------------------ Date: Tue, 13 Mar 2012 08:23:30 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Thieves use victims' SIM cards to hack into online banking" http://www.itbusiness.ca/it/client/en/home/News.asp?id=66506 Web security firm Trusteer has uncovered a new method used by cybercriminals to infiltrate online banking security. 3/13/2012 12:01:00 AM By: ITBusiness Staff ------------------------------ Date: Sat, 25 Feb 2012 09:22:28 +0100 From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de> Subject: Re: GPS jamming: a clear and present reality (Saffo, RISKS-26.74) Plus Fukushima and infrastructure CyberSecurity issues It is an important topic! It has much more worrying consequences than people's and vehicles' movements being tracked by third parties. The UK's Royal Academy of Engineering (RAEng) published a report a year ago on the vulnerabilities of critical infrastructure to Global Navigation Satellite System (GNSS) disruptions. GNSS is a generic term for systems of which GPS is one, GLONASS another and Galileo to be a third. The Committee that produced the report was chaired by Martyn Thomas (MT), who contributes regularly to RISKS (RISKS). The news got rather lost; it was headlined in the United Kingdom (UK) the day before the Tohoku earthquake (Martyn's 15 minutes of fame on the front page of the British Broadcasting Corporation's (BBC) World-Wide Web (WWW) site :-) ) Martyn recently (7 Feb 2012) gave a Keynote talk on the topic to the 20th Safety-Critical Systems Symposium (SSS'12) in Bristol, which was filmed by the Institution of Engineering and Technology (IET) for its archives. I find Martyn a very entertaining as well as informative speaker, and I encourage people to look at the film. Martyn's Talk on IET.tv: http://scpro.streamuk.com/uk/player/Default.aspx?wid=12667&ptid=32&t=0 RAEng news release: http://www.raeng.org.uk/news/releases/shownews.htm?NewsID=633 Report (read it!!): http://www.raeng.org.uk/news/publications/list/reports/RAoE_Global_Navigation_Systems_Report.pdf Google Preview of SSS'12 paper: http://www.scsc.org.uk/p116 Some more RISKy issues: Readers/viewers might also like to check out an IET.tv film on the Fukushima Daiichi accident at the same conference by a certain PBL. Chris Johnson's talk was not filmed, but his paper on CyberSafety and CyberSecurity is available at http://www.dcs.gla.ac.uk/~johnson/papers/IET_2011/CyberSafety.pdf . Unfortunately you can't necessarily see Google previews of all the content of all these papers on the Safety Critical Systems Club (SCSC) Web site because of restrictions listed there. I was, however, able to reach agreement with the proceedings publisher, Springer Verlag, to present my paper on the WWW in perpetuity, for which I thank Springer. My paper is at and the myriad references are all hyperlinked. http://www.rvs.uni-bielefeld.de/publications/Papers/LadkinFukushimaAccOnlineVersion.pdf Peter Bernard Ladkin, Causalis Limited and University of Bielefeld, Germany www.causalis.com www.rvs.uni-bielefeld.de ------------------------------ Date: Wed, 7 Mar 2012 9:34:35 PST From: "Peter G. Neumann" <neumann_at_private> Subject: More on do-it-yourself drones Drones by mail: http://www.ilounge.com/index.php/news/comments/parrot-ar.drone-2.0-ships-in-may-pre-orders-start-mar.-1 Also available on Amazon.com. ------------------------------ Date: Fri, 16 Mar 2012 09:35:58 -0700 From: Gene Wirchenko <genew_at_private> Subject: Facebook, Apple, Twitter, Yelp, 14 others sued for privacy-invading mobile apps (Jaikumar Vijayan) http://www.itbusiness.ca/it/client/en/Home/News.asp?id=66565 Jaikumar Vijayan, Class action suit charges 18 firms with surreptitiously taking user data. *IT Business*, 15 Mar 2012 ------------------------------ Date: Fri, 24 Feb 2012 13:28:49 -0500 From: Monty Solomon <monty_at_private> Subject: Flashback Mac trojan is back with new and improved exploit strategy Jacqui Cheng, Arstechnica The "Flashback" Mac trojan is back, and it's smarter than ever. Mac security company Intego says the latest variant, Flashback.G, uses three new methods in order to make its way onto Macs, though it won't install itself at all if it detects a number of antivirus or anti-malware security programs already installed. ... http://arstechnica.com/apple/news/2012/02/flashback-mac-trojan-is-back-with-new-and-improved-exploit-strategy.ars ------------------------------ Date: Fri, 24 Feb 2012 22:31:16 -0500 (EST) From: wb8foz_at_private (David Lesher) Subject: Re: Armored SUV - Risks-26.73 >The door locks popped open. ... > [However, defaulting to all doors locked without manual overrides in cases > of loss of power or fire is also not a happy choice.] Indeed, I believe it was CarTalk who related the saga of leaving a sleeping grandfather in a BMW and locking the door. When he woke up, he could not exit the car, period. Further, I checked with a friend whose job has involved riding in such Suburbans for USG elsewhere in the world, and he remembers a clear UNLOCK OVERRIDE switch on the dashboard. ------------------------------ Date: Mar 15, 2012 8:36 AMF rom: "Monty Solomon" <monty_at_private> Subject: Inside the Stratfor Attack (via Dave Farber's IP) Nicole Perlroth, 12 Mar 2012 Last December, a group of hackers quietly orchestrated an attack on Stratfor Global Intelligence Service, a company based in Austin, Tex., that analyzes geopolitical risk and publishes a newsletter for various clients, among them the Departments of Homeland Security and Defense. The hackers breached the company's network and, once inside, confided in their fellow hacker, Hector Xavier Monsegur, and, as it turns out, the Federal Bureau of Investigation. Six months earlier, in June, the F.B.I. had arrested Mr. Monsegur and turned him into an informant. With his help, four hackers in Britain and Ireland were charged last Tuesday with computer crimes; a fifth man was arrested Monday in Chicago. Using the information he passed along, F.B.I. officials said it was able to thwart attacks on roughly 300 private companies and government agencies. But with Stratfor, they were not so lucky. ... http://bits.blogs.nytimes.com/2012/03/12/inside-the-stratfor-attack/ ------------------------------ Date: Thu, 1 Mar 2012 20:01:20 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Washington Post's Ombudsman's Mea Culpa regarding origins of e-mail http://j.mp/wkRFq8 (*The Washington Post*) "V.A. Shiva Ayyadurai is a clever man, with MIT credentials, and a good sense of public relations plus a P.R. firm working with him. A press release by that P.R. firm got a young reporter/editor interested in his donation of his "EMAIL" documents to a well-respected D.C. institution, The Smithsonian's Museum of American History. Kolawole's interviews with Ayyadurai convinced her that he was interesting and worthy of a profile and online video interviews." Patrick Pexton's detailed mea culpa is honorable. [In case you have not heard of Tom Van Vleck and Noel Morris and their CTSS e-mail system at MIT from the mid-1960s, see this blog item from Noel's brother, film-maker Erol Morris: http://opinionator.blogs.nytimes.com/2011/06/19/did-my-brother-invent-e-mail-with-tom-van-vleck-part-one/ PGN] ------------------------------ Date: Sun, 26 Feb 2012 02:54:28 -0700 From: "Matthew Kruk" <mkrukg_at_private> Subject: Re: Google Mobile Phone Tracker (RISKS-26.73,74) Likewise my apologies. This came to me from a "trusted source" and I forwarded to Risks without performing additional checks beforehand. Like Peter, it was an early morning etc. But I must note that I originally found it possibly "real" ... consider: - Cellphone GPS info is available. - Cellphones have information such as their phone numbers and other personal info - Map information is available via GPS location So, for sincere discussion, how long before someone puts all of this together and generates an app to track users by phone number? Maybe I'm too cynical and have lived too long on this planet. Again, my sincere apologies to Peter and RISKS readers for the initial post. ------------------------------ Date: Thu, 15 Mar 2012 20:08:33 -0400 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: EVT/WOTE 2012 call for participation Looking forward to seeing many of you in Seattle this summer! https://www.usenix.org/conference/evtwote12/call-for-papers [This is the pre-eminent combined conference/workshop for those seriously interested in election integrity, associated with USENIX Security. PGN] ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.75 ************************Received on Sun Mar 18 2012 - 16:33:23 PDT
This archive was generated by hypermail 2.2.0 : Sun Mar 18 2012 - 17:09:38 PDT