RISKS-LIST: Risks-Forum Digest Tuesday 17 April 2012 Volume 26 : Issue 79 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.79.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Hospital generator failure following earthquake (Jonathan Hunt) For want of an isolating ground, a railroad was shutdown (Danny Burstein) Insider attack on smart meters (PGN) UK Government to give consumers control over smart meter data amidst privacy concerns (Bob Waixel) Why one in five U.S. adults don't use the Internet (CNN) 60% of Wikipedia entries about companies contain errors: correcting them isn't easy (Science News) Computer Fraud Act Case Dismissed (Donn Parker) GPS is a humanitarian weapon system (jidanni) DHS chief contemplating proactive cyber attacks (Steve Johnson via Richard Forno) MintChip -- a virtual cryptocurrency backed up by a government (Mark Thorson) ICANN data breach exposes gTLD applicant data ... (ars technica) CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover (Robert Schaefer) "Apple under fire for backing off IPv6 support" (Gene Wirchenko) CISPA, Cybersecurity, and the Devil in the Dark (Lauren Weinstein) Web freedom faces greatest threat ever, warns Google's Sergey Brin (The Guardian) DARPA Challenge Seeks Robots to Drive Into Disasters (ACM TechNews) Walled gardens look rosy for Facebook, Apple -- and would-be censors (The Guardian) Re: Unraveling a massive click fraud scheme (Martin Ward) "Did first DDOS attack sink the Titanic?" (Gene Wirchenko) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 17 Apr 2012 22:50:08 +1200 From: Jonathan Hunt <risks.org_at_private> Subject: Hospital generator failure following earthquake A report in the Lancet by Michael Ardagh et al. describes the initial health-system response to the earthquake in Christchurch, New Zealand, in February 2011, with a focus on the Christchurch Hospital emergency department. While the response is assessed as effective, the report notes "Power was lost immediately. Within seconds, six diesel-fueled generators activated to provide power to electrical outlets designated as essential services. However, the severe shaking disturbed sump sludge within the diesel tanks. Consequently during subsequent hours, a generator failed several times, leaving the emergency department clinical areas, ICU, blood bank, radiology department, and other areas with no power." Under Lessons learned, the report states, "The back-up generator diesel tanks have since been drained and cleaned." http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(12)60313-4/fulltext (registration required) ------------------------------ Date: Wed, 11 Apr 2012 22:32:51 -0400 (EDT) From: Danny Burstein <dannyb_at_private> Subject: For want of an isolating ground, a railroad was shutdown [from the IG report looking into a Long Island RR (NYC suburban commuter line) failure last year] At approximately 4:30 p.m. on 29 Sep 2011, the beginning of the evening rush, lightning struck near Long Island Rail Road (LIRR) tracks, creating a power surge that disabled the signal system controlling the train interlocking just west of Jamaica Station Approximately three and a half hours after the strike, in an attempt to repair a computer server believed to have been damaged by the power surge, a LIRR employee erroneously disabled the separate signaling system controlling the train interlocking just east of Jamaica Station. At that point, all service was suspended. * So, how did lightning get through the various safeguards? The report continues: Specifically, OIG found that: In accordance with its contract, ASTS designed the new signaling system for the Jamaica Interlocking but LIRR employees installed it. During the installation, LIRR added a piece of computer equipment called a "serial server", which was not part of the ASTS design. This server allows LIRR to remotely monitor various pieces of the equipment. In the course of attaching the server to the new signaling equipment, a LIRR employee used one incorrect connector. ASTS, LIRR, and Systra all agree that this connector created the pathway by which the power surge generated by the lightning damaged the signal system and brought it down. rest: http://mtaig.state.ny.us/assets/pdf/12-01.pdf ------------------------------ Date: Sun, 15 Apr 2012 10:40:46 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Insider attack on smart meters Interesting convergence of different underestimated issues - insider attacks (frequently ignored) and smart meters (largely ignored). [Thanks to Jeremy Epstein for spotting this one. PGN] FBI Concerned About Smart Meter Hacking, 9 Apr 2012 According to an FBI cyber bulletin, an unnamed utility company in Puerto Rico was the target of attacks against smart meters, costing the company hundreds of millions of dollars. This appears to be the first report of such attacks and the FBI expects that the occurrence of similar attacks will rise as the smart grid technology is more widely adopted. The FBI believes that former employees of the meter manufacturer reprogrammed meters for between US $300 and US $3,000 so that the associated buildings appeared to be consuming less power than they actually used. Most meters are read remotely, making fraud detection difficult. The alterations require physical access. http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/ ------------------------------ Date: Fri, 13 Apr 2012 17:10:36 +0100 From: "Robert (Bob) Waixel" <r.waixel_at_private> Subject: UK Government to give consumers control over smart meter data amidst privacy concerns Outlaw, the blog of the respected UK IT law firm Pinocent Masons has a thorough article on the risks of installing 'smart' utility (Gas and/or electricity) meters at: http://www.out-law.com/en/articles/2012/april/government-to-give-consumers-control-over-smart-meter-data-amidst-privacy-concerns/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+out-law-NewsRoundUP+%28OUT-LAW+News-RoundUP%29 <http://www.out-law.com/en/articles/2012/april/government-to-give-consumers-control-over-smart-meter-data-amidst-privacy-concerns/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed:+out-law-NewsRoundUP+%28OUT-LAW+News-RoundUP%29> It refers to a paper by Ross Anderson and Shailendra Fuloria ("Who controls the off switch?") http://www.cl.cam.ac.uk/~rja14/Papers/meters-offswitch.pdf Both are well worth reading. There are risks to switching to computerised metering / systems including * unwanted intruders to the data held your house, in transit or at the utility, accessing when you are in/out or being able to have a good guess at when you are watching TV, or even using the bedroom? * various other privacy beaches involving an individual or household's personal data There are an additional set of risks if such a meter incorporates an 'off' switch to the supply at your location. especially if unauthorised access to such functionality is a possibility. I know the suppliers will claim their security is (will be) so perfect that it is ridiculous to consider this as feasible. If it is a business of course, it might be a ripe source of potential blackmail (greenmail or any colour of your choice). I'm sure the data will be a tempting target at all stages of its journey from home or business to utility's database. Robert (Bob) Waixel, MBCS, MCInstM, FHEA, CITP RW Systems, Cambridge, UK, r.waixel_at_private ------------------------------ Date: Fri, 13 Apr 2012 23:53:55 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Why one in five U.S. adults don't use the Internet (CNN) "Even though the Internet has become a key tool for accessing services, getting an education, finding jobs, getting the news, keeping up with people you know and much more, one in five U.S. adults still does not use the Internet at all, according to a new Pew report. Why? Mostly they're just not interested -- not in the Web, e-mail, YouTube, Facebook or anything else that happens online." http://j.mp/HSPgL7 (CNN) ------------------------------ Date: Tue, 17 Apr 2012 10:12:30 -0700 From: Lauren Weinstein <lauren_at_private> Subject: 60% of Wikipedia entries about companies contain errors - correcting them isn't easy http://j.mp/IuII3Q (Science News) When respondents attempted to engage editors through Wikipedia's "Talk" pages to request factual corrections to entries, 40 percent said it took "days" to receive a response, 12 percent indicated "weeks," while 24 percent never received any type of response. According to Wikipedia, the standard response time to requests for corrections is between two and five days. Only 35 percent of respondents were able to engage with Wikipedia, either by using its "Talk" pages to converse with editors or through direct editing of a client's entry. Respondents indicated this figure is low partly because some fear media backlash over making edits to clients' entries. Respondents also expressed a certain level of uncertainty regarding how to properly edit Wikipedia entries. Of those who were familiar with the process of editing Wikipedia entries, 23 percent said making changes was "near impossible." Twenty-nine percent said their interactions with Wikipedia editors were "never productive." ------------------------------ Date: Wed, 11 Apr 2012 19:41:50 -0400 (EDT) From: Donn Parker <Donnlorna_at_private> Subject: Computer Fraud Act Case Dismissed It has finally happened. The Federal Computer Fraud and Abuse Act has been limited. See http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/04/11/BU7P1O1AST.DTL The Ninth U.S. Circuit Court of Appeals said: "Under the prosecution's interpretation [of the Act], "millions of unsuspecting individuals would find that they are engaging in criminal conduct," said Chief Judge Alex Kozinski in the majority opinion." The defendant in the case is still being prosecuted for engaging in other criminal acts. Although I supported with testimony, helped write, and assisted in getting the original Computer Fraud and Abuse Act adopted, I pointed out that all violations it covered seemed to be covered by existing criminal laws (as was this case) and in most cases had stronger penalties. Several prosecutors told me that they wouldn't apply the new law anyway because violation of existing laws would be more easily understood by the courts. However, there is still value in the Computer Fraud and Abuse Act for three reasons. It has drawn public attention onto crimes in the new IT environments, it encouraged potential victims to protect themselves, and it helped law enforcement agencies get funding and motivation for gaining the skills and knowledge to investigate and prosecute the old crimes in the new IT environments. When I write "new IT environments", I mean where a computer plays one or more of four roles, object of attack, subject (unique environment), tool, and symbol (for deception.) Donn ------------------------------ Date: Sun, 15 Apr 2012 23:45:16 +0800 From: jidanni_at_private Subject: GPS is a humanitarian weapon system "GPS is a humanitarian weapon system" says Dr Bradford W Parkinson, Chief Architect of Global Positioning System http://mycoordinates.org/his-coordinates-2/ "Just before the first Iraq war, the US had turned on the GPS Selective Availability feature. But the irony was that, as soon as the war started, they decided to turn it off since many of the soldiers had civilian GPS sets. It was hurting themselves. We never should have done it in the first place." "Incidentally, I was very instrumental in getting that turned off; my argument always was that wiggling the signal with selective availability was only going to speed up the introduction of differential systems and that is exactly what happened. By 1978 we had already demonstrated differential GPS that could reduce errors to about 2 meters, so I said why on earth would you try and put something in place that is so trivially defeated." ------------------------------ Date: Tuesday, April 17, 2012 From: Richard Forno Subject: DHS chief contemplating proactive cyber attacks (Steve Johnson) Begin forwarded message (via Dave Farber's IP distribution): Steve Johnson, Homeland Security chief contemplating proactive cyber attacks *San Jose Mercury News*, 16 Apr 2012 sjohnson_at_private, Posted: 04/16/2012 07:35:38 PM PDT Updated: 04/16/2012 09:08:36 PM PDT http://www.mercurynews.com/rss/ci_20410915 Homeland Security Secretary Janet Napolitano said Monday she would consider having tech companies participate with the government in "proactive" efforts to combat hackers based in foreign countries. Napolitano, who made the comments during a meeting at the *San Jose Mercury News* with the editorial board and reporters, declined to say what steps corporations and federal agencies might take against foreign cybercrooks, who have been blamed for numerous computerized incursions against the United States. She made the remarks in response to a question, and emphasized the idea is merely one she would consider and that no decisions have been made. In discussing the private partnerships she is promoting to combat cyberattacks, Napolitano was asked if instead of just taking defensive measures, the government and companies should be launching proactive counterattacks against foreign-based culprits. "Should there be some aspect that is in a way proactive instead of reactive?" she responded, and then answered her own question with "yes." She added, "it is not something that we haven't been thinking about," noting someone else had raised the subject with her earlier Monday. However, Napolitano said some restrictions might have to be placed on businesses participating in such cyber activities because "what you are doing is authorizing a private entity to do what might otherwise be construed as an attack on another entity." [Long item truncated for RISKS. PGN] ------------------------------ Date: Wed, 11 Apr 2012 14:44:52 -0700 From: Mark Thorson <eee_at_private> Subject: MintChip -- a virtual cryptocurrency backed up by a government One of the major objections to the Bitcoin cryptocurrency is it isn't backed up by anything, no hard assets or government. MintChip aims to succeed where Bitcoin faltered by having the backing of the Royal Canadian Mint. http://www2.macleans.ca/2012/04/10/mintchip-is-a-fresh-idea/ Is it secure? Of course it's secure! It has the dual advantages of a (presumably) cryptologically reliable technology combined with a totally secret implementation. http://mintchipchallenge.com/forum_topics/759 ------------------------------ Date: Fri, 13 Apr 2012 10:44:36 -0700 From: Lauren Weinstein <lauren_at_private> Subject: ICANN data breach exposes gTLD applicant data ... (ars technica) ICANN data breach exposes gTLD applicant data, leads to deadline extension http://j.mp/IlHuaN (ars technica) "The group that oversees the Internet's address system has extended the application deadline for new generic top level domains (TLDs) and warned that a glitch in its processing system exposed potentially sensitive applicant information to competitors." They can't even get the basic application security right. ------------------------------ Date: Thu, 12 Apr 2012 10:31:31 -0400 From: Robert Schaefer <rps_at_private> Subject: CIA's Secret Fear: High-Tech Border Checks Will Blow Spies' Cover Who would have guessed that this would happen - high-tech security is getting so good at border crossings that it can actually catch spies. http://www.wired.com/dangerroom/2012/04/cia-spies-biometric-tech/all/1 Robert Schaefer, Atmospheric Sciences Group, MIT Haystack Observatory, Westford MA 01886 http://www.haystack.mit.edu 781-981-5767 rps@private ------------------------------ Date: Mon, 16 Apr 2012 08:08:53 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Apple under fire for backing off IPv6 support" http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=67004 Apple under fire for backing off IPv6 support Presenters at the North American IPv6 Summit expressed annoyance that the latest version of Apple's AirPort Utility is no longer compatible with IPv6 4/13/2012 3:01:00 PM By: Carolyn Duffy Marsan ------------------------------ Date: Sat, 14 Apr 2012 12:01:42 -0700 (PDT) From: lauren_at_private Subject: CISPA, Cybersecurity, and the Devil in the Dark Lauren Weinstein's Blog Update, April 14, 2012 CISPA, Cybersecurity, and the Devil in the Dark http://lauren.vortex.com/archive/000947.html The threat of "cyberattacks" is real enough. But associated risks have in many cases been vastly overblown, and not by accident of chance. The "cybersecurity" industry has become an increasingly bloated "money machine" for firms wishing to cash in on cyber fears of every stripe, from realistic to ridiculous. And even more alarmingly, it has become an excuse for potential government intrusions into Internet operations on a scope never before imagined. There are warning signs galore. While we can all agree that SCADA systems that operate industrial control and other infrastructure environments are in need of serious security upgrades -- most really never should have been connected to the public Internet in the first place -- "war game" scenarios now being promulgated to garner political support (and the really big bucks!) for "cyber protection" have become de rigueur for agencies and others hell bent for a ride on the cybersecurity gravy train. Phony demos purporting to illustrate mass cyber attacks are more akin to Fantasyland than reality, and the turf war between the Department of Homeland Security (DHS) and intelligence agencies such as CIA and NSA in this sphere should give all of us cause for significant concern. The Cyber Intelligence Sharing and Protection Act (CISPA - H.R. 3523) has become the embodiment of hopes for those entities who hope to turn overblown fears of cyber attacks into a pipeline for potentially massive access by government into the private data of Internet users. Sponsors of the legislation tout its relative shortness and generality, but those are precisely among the aspects that make this legislation so problematic. CISPA effectively overrides virtually all existing laws related to Internet privacy protections. And since CISPA offers firms access to government cybersecurity "threat data" in exchange for ostensibly voluntary feeding of data back from those firms to the government, and provides for broad protective immunity for companies that choose to do so, a pantheon of tech heavyweights have lined up in support. Just a few of the firms who have to various extents professed direct support of CISPA include Facebook, Symantec, Verizon, IBM, Intel, Microsoft, and Oracle. There are many others. Notably absent from this list is Google, who has not taken a formal position on the existing CISPA legislation and apparently is unlikely to do so. Google's current approach to CISPA seems particularly prescient. While it would be absolutely incorrect to attribute bad motives to the firms supporting CISPA, the legislation itself is in my view so vague and general that it represents largely an "empty vessel" capable of enormous potential damage if deployed and then subjected to the inevitable stream of court interpretations. CISPA claims to ban using data collected under its authority for other than cyber threat activities. But we've seen such data compartmentalization bans fall many times before in other data collection contexts. Since the legislation creates such a broad override of existing privacy protections, and such encompassing immunities for firms that provide associated data to the government, the lack of specificity in so many aspects of CISPA creates what could be the opportunity for a "perfect storm" of abuses down the line. There are indeed genuine risks of serious attacks on the Internet and connected infrastructural systems. But in the fog of the military-industrial complex's rapid push into this area, it has become obvious that realistic assessments are being shoved aside in favor of scare tactics, agency power struggles, and "get rich quick" scheming. This entire area has become a quintessential example of sowing F.U.D. -- Fear, Uncertainly, Doubt -- while legitimate questions of privacy and individual rights are purposefully being marginalized. We saw much the same thing happen after 9/11, with the knee-jerk rush to pass the PATRIOT Act and Homeland Security Act, with a range of profiteering and abuses against individual liberties that then resulted -- even leading the U.S. down the evil path of torture. We must avoid a repeat of this madness. Information sharing can be a crucial element of cybersecurity, but for legislation addressing this area, the devil is very much in the details, and the lack of details in CISPA is an invitation to possible privacy disasters. To the extent that cybersecurity threats do exist, the desire to quell them must not be permitted to run slipshod over our personal privacy, liberties, and associated protections in existing laws. We can work together to help protect ourselves from actual cyber threats, without allowing ourselves to become cyber schnooks in the process. ------------------------------ Date: Sun, 15 Apr 2012 09:51:37 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Web freedom faces greatest threat ever, warns Google's Sergey Brin "The principles of openness and universal access that underpinned the creation of the Internet three decades ago are under greater threat than ever, according to Google co-founder Sergey Brin. In an interview with the Guardian, Brin warned that there were "very powerful forces that have lined up against the open Internet on all sides and around the world. I am more worried than I have been in the past it's scary." He said the threat to the freedom of the Internet came from a combination of governments increasingly trying to control access and communication by their citizens, the entertainment industry attempting to crack down on piracy, and the rise of "restrictive" so-called walled gardens such as Facebook and Apple, which tightly controlled what software could be released on their platforms." http://j.mp/IJN8Z1 (Guardian) I agree 100% with Sergey. And regardless of how you personally feel about Google, to try deny the truth of his remarks is beyond foolish. ------------------------------ Date: Wed, 11 Apr 2012 11:24:11 -0400 From: ACM TechNews <technews_at_private> Subject: DARPA Challenge Seeks Robots to Drive Into Disasters Excerpted from ACM TechNews, Wednesday, April 11, 2012 Read the TechNews Online at: http://technews.acm.org J. Nicholas Hoover, DARPA Challenge Seeks Robots to Drive Into Disasters, *Information Week* 10 Apr 2012 The U.S. Defense Advanced Research Projects Agency (DARPA) announced the Robotics Challenge, which will offer a $2 million prize to anyone who can build a robot capable of navigating disaster-response scenarios and using human devices that range from hand tools to vehicles. The challenge aims to improve the ability of robots to navigate rough terrain at disaster sites, operate vehicles, and use common tools, as well as to make robot hardware and software development more accessible. As part of the challenge, robots will be required to complete several discrete tasks, including traveling across rubble, removing debris from a blocked entryway, climbing a ladder, and entering and driving a car. DARPA says it will provide "a robotic hardware platform with arms, legs, torso, and head" to some entrants, although robots in humanoid form are not required to enter the challenge. "For robots to be useful to [the U.S. Department of Defense], they need to offer gains in either physical protection or productivity," notes DARPA's Kaigham Gabriel. DARPA's announcement says the "proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems." The challenge will take place in two phases and will finish at the end of 2014. http://www.informationweek.com/news/government/info-management/232900054 ------------------------------ Date: Tue, 17 Apr 2012 10:56:34 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Walled gardens look rosy for Facebook, Apple -- and would-be censors Battle for the Internet: Walled gardens look rosy for Facebook, Apple - and would-be censors http://j.mp/I3BV2B (Guardian) Zittrain's real worry is that "the personal computer is dead". His conclusion is a call to arms: "We need some angry nerds" - people capable of breaking out of the walled gardens. Indeed, the US government has found some: it has backed projects such as "the Internet in a suitcase", which could set up a telecommunications network inside a country separate from the existing infrastructure. Zittrain acknowledges such projects, but for the wider world, he says, "convenience is great. I wouldn't call for a return to the green blinking cursor of [Microsoft's pre-Windows] MS-DOS or the [text-based] Apple II. But we should build architectures that permit innovation and experimentation if consumers wish to go 'off-roading'." ------------------------------ Date: Thu, 12 Apr 2012 11:01:45 +0100 From: Martin Ward <martin_at_private> Subject: Re: Unraveling a massive click fraud scheme (NNSquad) Panos Ipeirotis writes at the end of his dissection of the click fraud scheme: "The guy essentially realized that this type of fraud is really behaving like a parasite within a much bigger ecosystem." Given that the entire advertising industry is itself a parasite, this makes the guy a parasite on a parasite: which is probably a good thing! Is it really "fraud"? Only in the same sense that running Adblock Plus is fraud, or recording the programmes I want to watch and editing out the adverts before I watch them is fraud. What about going to the kitchen to get a drink when the adverts are on? Or just not paying attention to the adverts? Or paying attention but deciding not to buy the goods advertised? What is the worst that could happen? The collapse of the entire advertising industry? And this would be a bad thing? (Those worried about all the jobs that would be lost needn't worry: they could all get jobs in the stone-throwing-and-reglazing industry, with no loss to the economy as a whole). STRL Reader in Software Engineering and Royal Society Industry Fellow martin@private http://www.cse.dmu.ac.uk/~mward/ ------------------------------ Date: Mon, 16 Apr 2012 08:42:58 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Did first DDOS attack sink the Titanic?" http://www.itbusiness.ca/it/client/en/Home/News.asp?id=66989 Did first DDOS attack sink the Titanic? Well maybe not. But overstressed wireless operators inundated with personal messages played a critical role on the night of the tragic sinking. 4/13/2012 10:12:00 AM By: Sharon Gaudin ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.79 ************************Received on Tue Apr 17 2012 - 16:00:11 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 17 2012 - 16:36:52 PDT