RISKS-LIST: Risks-Forum Digest Saturday 12 May 2012 Volume 26 : Issue 83 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.83.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: 6 Disasters Caused by Poorly Designed User Interfaces (John Hillabin via Brian Westley) Never Trust a Robot (Earl Boebert) Robot Soldiers Will Be a Reality -- and a Threat (Jonathan D. Moreno via John F. McMullen) Automatic cars? Not so fast.. (Peter Houppermans) "Fire risk: Lenovo expands recall of ThinkCentre all-in-ones" (Agam Shah via Gene Wirchenko) Disruptions: Indiscreet Photos, Glimpsed Then Gone (Nick Bilton via Monty Solomon) USPS curtailing international lithium battery shipments... no iPads, laptops, cameras... (Danny Burstein) Man jailed for accepting call in court (Gene Wirchenko) FBI issues warning on hotel Internet connections (Michael Cooney via Monty Solomon) ".secure" TLD proposed (Lauren Weinstein) More details on the .secure TLD proposal -- and why I believe it is fundamentally flawed (Lauren Weinstein) Re: The Campus Tsunami (David Alexander) Re: The Power of Individual Voters to Transform Their Government (Roderick A Rees, Andrew Douglass) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 12 May 2012 01:37:10 -0500 From: "Brian Westley" <westley_at_private> Subject: 6 Disasters Caused by Poorly Designed User Interfaces: John Hillabin [John Hillabin has chosen 6 incidents at least partially blamed on bad UIs. As we have noted many times before, blame can usually be more widely distributed. Most of these should be familiar to long-time RISKS readers. PGN-ed from a detailed illustrated item by John Hillabin, cracked.com, 17 Apr 2012] 6. The Vincennes shootdown of an Iranian commercial airliner -- inability to distinguish between a fighter and the airliner 5. Three Mile Island -- light on a console 4. Air Inter flight 148 crash -- display screen too small 3. Herald of Free Enterprise capsized -- because of an open door 2. Kegworth air disaster -- a digital dial 1. Space Shuttle Columbia burned up -- because of PowerPoint http://www.cracked.com/article_19776_6-disasters-caused-by-poorly-designed-user-interfaces.html ------------------------------ Date: Fri, 11 May 2012 12:52:25 -0600 From: Earl Boebert <boebert_at_private> Subject: Never Trust a Robot [From Steve Greenwald's distribution] Each year an ocean race for sailboats is run from Newport, CA to Ensenada, Mexico. Owing to diminishing entries, the organizers some years ago allowed cruising sailboats to enter. These are generally largish, slowish motor sailors intended for comfortable recreational sailing. Since the race occurs in a time and place known for light winds, the rules permit the cruising sailboats to proceed under motor during nighttime, so that they may reach the finish in time for the party. This year, dawn broke after the first night to reveal a debris field and three bodies near a set of rocky islets known as Coronado Island. The remains were identified as that of an entered boat and three of her four-man crew. The body of the fourth crew member was discovered a week later. These were the first fatalities in the 60 year history of the race. The boat was equipped with every possible electronic aid, and the captain (the fourth crewmember) was an electronics executive and highly experienced sailor. One of the aids was a commercial tracking system called SPOT, which permits shoreside viewing on the Web of the track of the vessel carrying it. When the SPOT track surfaced it showed a dead straight line headed into the northernmost of the Coronados. The point of intersection was a sheer rocky cliff. The most plausible inference (which may be invalidated by later evidence) is that the crew started the motor, set a waypoint at the entrance to Ensenada harbor, and turned on the turned on the autopilot. A further inference is that in doing so they had the electronic chart zoomed out to a point where the Coronado Islands no longer showed up, and so had no warning that their track would take them straight into a rock. It then seems likely that the three crew members went below to sleep and sometime later the captain fell overboard. The robot then motored the boat and the sleeping crew straight into the cliff. Given the sea state and the speed shown on the track it is estimated that impact velocity was in the order of 11 kt, sufficient to split the hull and flood the boat, which was then pounded to pieces by the surf beating against the sheer cliff. Even if the crew had survived the impact, survival that close to the rocks in that sea state was impossible. One comment in a long forum thread about this incident claimed that the UK maritime safety organizations have now adopted an acronym called "SNIG," which stands for "Sat-Nav Induced Grounding." A half-smart robot (smart enough to steer a straight line, but not smart enough to know the line goes through a rock) is a dangerous thing. ------------------------------ Date: May 12, 2012 1:35 PM From: "John F. McMullen" <johnmac13_at_private> Subject: Robot Soldiers Will Be a Reality -- and a Threat: Jonathan D. Moreno Given the obvious dangers, fully autonomous offensive lethal weapons should never be permitted. Jonathan D. Moreno, *The Wall Street Journal [PGN-ed] http://online.wsj.com/article/SB10001424052702304203604577396282717616136.html?mod=WSJ_Opinion_LEFTTopOpinion Much controversy has surrounded the use of remote-controlled drone aircraft or "unmanned aerial vehicles" in the war on terror. But another, still more awe-inducing possibility has emerged: taking human beings out of the decision loop altogether. Emerging brain science could take us there. ... [J,D, Moreno is a professor of medical ethics and health policy at the University of Pennsylvania and a senior fellow of the Center for American Progress. He is the author of "Mind Wars: Brain Research and the Military in the 21st Century" (Bellevue, 2012).] For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml http://johnmacrants.blogspot.com http://johnmac13.pulsememe.com/ Editor - Web2.0 The Magazine -- www.web2themag.com http://bit.ly/johnmac ------------------------------ Date: Sat, 12 May 2012 16:50:08 +0200 From: Peter Houppermans <peter_at_private> Subject: Automatic cars? Not so fast.. I have read with amusement a lot of pieces such as the BBC article linked below that predicts a rosy future now Google is on its way (sorry) to test its driverless car in Nevada: http://www.bbc.co.uk/news/magazine-18012812 I even came across a piece that predicted a brutal drop in insurance rates somewhere. Not so fast, if you pardon the pun, all of this is based on the assumption that it (a) all will work wonderfully and (b) third parties will not find a way to get creative with it. Point (a) really needs no elaboration - the development of such software is several million dollars of manhours and innovation behind of the telematics that keeps planes in the air, and we're aware of enough bugs in that environment to make a RISK aware professional nervous. Furthermore, Google may be a hothouse of innovation according to some, but if their code controls are so shoddy that an engineer "accidentally" can throw a Wifi snooping application into the Streetview data gathering process (including the required data storage back end) I would hazard a guess that there is room for improvement. It would put a whole new spin on their "I feel lucky" slogan.. I assume point (b) to be an almost instinctive focus for faithful readers of RISKS. I would be rather concerned about ANY data exchange from such a vehicle - not just from the privacy angle (not to harp on about Google), but also from the kind of mischief that could be had from messing with the car. It should no longer be news that present embedded systems in cars can be hacked to the point of disabling the brakes remotely (www.autosec.org) - I dare say that that ought to inspire some better focus on shielding such systems first. For the James Bond fans, this could otherwise work out neater than shipping a dessert portion of polonium abroad.. On the plus side, it does open the perspective of a new era of car tuneups, and I personally would not want a Jetsons style flying car above me without automation (because of the driving styles I encounter daily in the present 2D environment) - there certainly is room for progress. I would simply like to repeat the theme of a Swiss speed awareness campaign: Slow down - take it easy. ------------------------------ Date: Thu, 10 May 2012 09:03:36 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Fire risk: Lenovo expands recall of ThinkCentre all-in-ones": Agam Shah http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=67413 Agam Shah, Fire risk: Lenovo expands recall of ThinkCentre all-in-ones Some of Lenovo's ThinkCentre M70z and M90z models could catch fire due a faulty power supply, *IT Business* 9 May 2012 ------------------------------ Date: Wed, 9 May 2012 10:49:53 -0400 From: Monty Solomon <monty_at_private> Subject: Disruptions: Indiscreet Photos, Glimpsed Then Gone: Nick Bilton Nick Bilton, 6 May 2012 People once took photographs so they could capture a moment for themselves and keep it forever. Then digital cameras and cellphones turned photos into something more ephemeral and more easily shared. But as the case of Anthony Weiner demonstrated, photos that are shared but are not meant to last, sometimes stick around. Mr. Weiner's downfall does not seem to have discouraged people from sharing risque photos. According to a study by the Pew Research Center's Internet and American Life Project that is due out later this year, 6 percent of adult Americans admit to having sent a "sexually suggestive nude or nearly nude photo or video" using a cellphone. Another 15 percent have received such material. Three percent of teenagers admit to sending sexually explicit content. All of this sexting, as the practice is known, creates an opening for technology that might make the photos less likely to end up in wide circulation. This is where a free and increasingly popular iPhone app called Snapchat comes in. Snapchat allows a person to take and send a picture and control how long it is visible by the person who receives it, up to 10 seconds. After that, the picture disappears and can't be seen again. If the person viewing the picture tries to use an iPhone feature that captures an image of whatever is on the screen, the sender is notified. http://bits.blogs.nytimes.com/2012/05/06/disruptions-indiscreet-photos-glimpsed-then-gone/ ------------------------------ Date: Sat, 12 May 2012 18:27:39 -0400 (EDT) From: USPS curtailing international lithium battery shipments... no iPads, laptops, cameras... If you're a servicemember overseas planning to order the latest smartphone or laptop from the United States, take a second look at your options. Effective 16 May 2012, new U.S. Postal Service restrictions will ban air shipping of any electronics containing lithium batteries - such as iPads, smart phones and digital cameras - between the United States and overseas locations. [stripes.com] rest: http://www.stripes.com/gadgets-using-lithium-to-be-barred-from-overseas-shipments-1.176965 the USPS info sheet clarifies that you can't send lithium batteries, even if in their own box: http://about.usps.com/postal-bulletin/2012/pb22336/html/updt_010.htm "Primary lithium metal or lithium alloy (non-rechargeable) cells and batteries, or secondary lithium-ion cells and batteries (rechargeable), regardless of quantity, size, or watt hours, and regardless of whether the cells or batteries are packed in the equipment they are intended to operate with the equipment they are intended to operate, or without equipment (individual batteries). This standard applies to all APO, FPO, or DPO locations." * and looks like this also applies to Canada/Mexico. Don't know about Hawaii. (The service rep at my local Post Office just got the notice Fri., May 11th, and it left the question of Hawaii up in the air, so to speak). * There are *plenty* of consumer items that have these batteries, sometimes obviously (such as a laptop), but frequently hidden away and/or built in. hmm, wonder what's in my ultrasonic tapeless tape measure? ------------------------------ Date: Wed, 9 May 2012 10:49:31 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Net Neutrality and Economic Equality Are Intertwined [*The New York Times* via NNSquad] http://j.mp/Jyv0xe (New York Times) "If I watch last night's 'S.N.L.' episode on my Xbox through the Hulu app, it eats up about one gigabyte of my cap, but if I watch that same episode through the Xfinity Xbox app, it doesn't use up my cap at all," Mr. Hastings wrote on his Facebook page. "In what way is this neutral?" Comcast argues that its Xfinity move is not subject to the Federal Communications Commission's neutrality rules because the video travels exclusively on its network and not on the public Internet. I will note that Comcast's excuse is -- in my opinion -- specious, since they alone determine how much of their total cable bandwidth they devote to "outside" Internet access services, how much those cost, where arbitrary bandwidth caps are set, and so on. All without any effective regulatory oversight whatsoever. This is *exactly* the anticompetitive scenario that many of us have been warning about for years. ------------------------------ Date: Thu, 10 May 2012 23:48:43 -0400 From: Monty Solomon <monty_at_private> Subject: Neurosurgeon pulled off cruise after fake bioterrorism tweet Posted by Erin Mulvaney, 9 May 2012 A Nashville neurosurgeon was pulled off a Carnival cruise suspected of planning to commit a bio-terrorist attack, after a tweet from an impostor account claimed the doctor had a vial of harmful bacteria on board. ... http://blog.chron.com/newswatch/2012/05/neurosurgeon-pulled-off-cruise-after-fake-bioterrorism-tweet/ ------------------------------ Date: Fri, 11 May 2012 13:10:17 -0400 From: James Nettesheim <james.nettesheim_at_private> Subject: Humorous Doctor Office Interaction? My Doctor's Office Asked me to Lie-- Richard Stallman [From Steve Greenwald's distribution] I saw a doctor this week. Before the appointment, I was asked to sign a privacy policy consent form which started out this way 1. The Practice's privacy Notice has been provided to me prior to my signing this consent... 2. The Practice reserves the right to change its privacy practices that are described in its Privacy Notice, in accordance with applicable law. Since I was unwilling to sign a false statement, I asked to see the privacy notice. The receptionist offered me another copy of the consent form. I said I already had that, but that it referred to a "privacy notice" and that's what I didn't have a copy of. The receptionist said, "The rest of this page gives a summary of the privacy notice." It was a very brief summary and treated few points. I said, "This clearly refers to some other Privacy Notice, and it asks me to sign a statement that I have seen it. I cannot sign that if it is not true." She said it was a binder 3,000 pages long. I said that I would not ask for a copy, but I did want to take a look at it. She went to look for it, then came back and said she could not find it, but asked me to sign anyway. I said, "Are you asking me to lie?" She said, "No, I am asking you to sign a piece of paper." I said. "I cannot sign a statement that is not true." She said, "You can reschedule your appointment for some other time." I suggested, "How about if I add 'not' to make it a true statement?" She accepted this. So I had my appointment. The substance of the issue probably doesn't matter much. There is no real confidentiality of medical records in the US, since the police can get them under very easy conditions. Nonetheless, it is a dishonest proceeding, systematically asking patients to accept policies they have not seen and then make false statements. Copyright 2011 Richard Stallman released under Creative Commons Attribution Noderivs 3.0 unported http://www.stallman.org/articles/asked_to_lie.html ------------------------------ Date: Fri, 11 May 2012 12:19:50 -0700 From: Gene Wirchenko <genew_at_private> Subject: "Facebook file-sharing could be security, piracy nightmare" http://www.infoworld.com/t/social-networking/facebook-file-sharing-could-be-security-piracy-nightmare-192959 InfoWorld Home / InfoWorld Tech Watch May 11, 2012 Facebook file-sharing could be security, piracy nightmare Users won't be able to pass along music or .exe files -- but infected PDFs and other forms of pirated content are permissible By Ted Samson | InfoWorld ------------------------------ Date: Fri, 11 May 2012 15:44:45 -0400 (EDT) From: danny burstein <dannyb_at_private> Subject: USPS curtailing international lithium battery shipments... no iPads, etc... [stripes.com] If you're a servicemember overseas planning to order the latest smartphone or laptop from the United States, take a second look at your options. Effective May 16, new U.S. Postal Service restrictions will ban air shipping of any electronics containing lithium batteries - such as iPads, smart phones and digital cameras - between the United States and overseas locations. ------ rest: http://www.stripes.com/gadgets-using-lithium-to-be-barred-from-overseas-shipments-1.176965 - the USPS website doesn't seem to have any "press releases" or other "recent announcements" menu choice ------------------------------ Date: Thu, 10 May 2012 21:14:23 -0700 From: Gene Wirchenko <genew_at_private> Subject: Man jailed for accepting call in court I like this risk! I would like to see it happen more often. *The Daily News* (Kamloops, British Columbia, Canada); Thurday, May 10, 2012; p. A2: "ODDITIES Man jailed for accepting call in court DUBLIN, Ireland, via the Associated Press": Letting your cellphone ring in a courtroom is rarely a good idea. Taking the call is worse. A Northern Ireland man received a brief jail sentence Wednesday after his phone rang. The judge told him to turn it off, but instead he took the call and had a brief chat. The judge ordered 36-year-old Paddy Sweeney behind bars for two hours, then fined him $322 for willfully interrupting the court in Londonderry, Northern Ireland's second-largest city. Sweeney had been watching a civil trial at the time. ------------------------------ Date: Thu, 10 May 2012 11:18:56 -0400 From: Monty Solomon <monty_at_private> Subject: FBI issues warning on hotel Internet connections: Michael Cooney Michael Cooney, FBI says malware lurking in hotel room connections, particularly overseas *Network World*, 9 May 2012 The FBI today warned travelers there has been an uptick in malicious software infecting laptops and other devices linked to hotel Internet connections. The FBI wasn't specific about any particular hotel chain, nor the software involved but stated: "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms. The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor's website if updates are necessary while abroad." The FBI said typically travelers attempting to set up a hotel room Internet connection were presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available. ... http://www.networkworld.com/news/2012/050912-fbi-internet-259125.html ------------------------------ Date: Fri, 11 May 2012 11:06:16 -0700 From: Lauren Weinstein <lauren_at_private> Subject: ".secure" TLD proposed http://j.mp/Ku8Cau (Wired via NNSquad) "A security researcher has won investments of more than $9 million to incorporate a tightly policed section of the Internet reserved for banks, healthcare providers, and other groups that are regularly targeted in malware, phishing, and similar online attacks." Describing the many reasons why this idea is fundamentally flawed will be left as an exercise for the reader -- for now. ------------------------------ Date: Sat, 12 May 2012 09:20:42 -0700 From: Lauren Weinstein <lauren_at_private> Subject: More details on the .secure TLD proposal -- and why I believe it is fundamentally flawed More details on the .secure TLD proposal (and why I believe it is fundamentally flawed) http://j.mp/JlSaLU (This message on Google+) You may recall my posting yesterday ( http://j.mp/Ku8pEd [Google+] ) where I suggested that the .secure TLD proposal is fundamentally flawed for many reasons. The CTO of the company involved contacted me this morning, pointing at their blog with more details: http://j.mp/JlRXZ2 (Unhandled) After reviewing this information, which includes their proposals for a broader "domain policy framework," I'm forced to stand by my earlier characterization. I won't get into the technical analysis now, but just point out a few facts. First, the business model for .secure is obvious enough. I mean, hell, if you're not using .secure, you don't care about your users, right? How can you possibly be "secure" if you're not in ... dot-secure? I'm reminded more than a bit of the model used by the dot-xxx slimeballs to try coerce firms into that TLD. Not to say that the .secure folks are slimeballs. Nor that they're not genuinely concerned about security. But their model is not realistic -- except as a profit center for them. There are no obvious benefits to be derived from their model for the Internet community at large, and the most likely outcome is yet another replay of the protective registrations rush. The most common reaction I received yesterday regarding .secure was "LOL" -- but many respondents immediately caught on to one of the most glaring problems with .secure -- that it would present an irresistible target for hackers, denial of service attacks, and all manner of other mischief. The concept of .secure is essentially 180 degrees away from the model I believe we should be working towards. Rather than centralizing security, we need to be distributing it, and doing this effectively means more fundamental changes than new policy frameworks can provide, and certainly cannot take place if we buy into the .secure sort of model. Lauren Weinstein (lauren@private): http://www.vortex.com/lauren People For Internet Responsibility: http://www.pfir.org Network Neutrality Squad: http://www.nnsquad.org +1 (818) 225-2800 PRIVACY Forum: http://www.vortex.com Lauren's Blog: http://lauren.vortex.com ------------------------------ Date: Thu, 10 May 2012 18:31:43 +0100 (BST) From: David Alexander <davidalexander440_at_private> Subject: Re: The Campus Tsunami (David Brooks, RISKS-26.82) I feel well-placed to comment on the article by David Brooks, having recently completed an MSc in Information Security through Royal Holloway, University of London (RHUL) entirely by Distance Learning (DL). I should at this point declare that I am now one of the RHUL DL tutors for the MSc Network Security module, so they do now employ me in a part-time capacity, but it also means that I have seen both sides of the fence - A student and academic staff, in quick succession. The online program opens up qualifications to people who couldn't afford to go to university full-time, and to mature students like me (pulling 40 with a very long rope :) ) who have a mortgage and bills, families, etc. and couldn't afford time off the corporate treadmill to study full-time. I'm now considering doing a PhD by DL, yes I am a glutton for punishment :) There is no question that it is possible to study successfully for a higher level academic qualification by distance learning and remote lecturing/tutoring. All of my learning materials were provided as hard copy books, material on CD and access to the lecture material and a discussion area through a 'Virtual Learning Environment' (VLE) based on Moodle. Four online seminars (three on course material and one exam question revision) were held regularly with distance learning tutors to provide advice and help, and reviewing answers by students to question set for them. I think that the biggest risk/challenge is actually ensuring that DL students are studying effectively and understand the material to a high enough standard. I noticed all the way through my student days, and now as a tutor, that less than half the students participate in the seminars and some don't even log in to the VLE, or do so very rarely. I have no statistics for the drop-out rate or pass rate for those DL students who do sit the exams or pass rates for those who participate on the VLE against those who don't. I can say that I was an active participant all the way through and it helped me a great deal. David Alexander, Towcester, England. ------------------------------ Date: Thu, 10 May 2012 06:57:58 -0700 From: "Rees, Roderick A" <roderick.a.rees_at_private> Subject: Re: The Power of Individual Voters to Transform Their Government (Mark E Smith, RISKS-26.81) Those who control the processes control the declared result. The blank votes, or refusal to vote, can be overcome just like the elections that declare 99% support for dictators. Roderick Rees, Reliability, Maintainability and Testability B-Q26 425-342-5729 ------------------------------ Date: Thu, 10 May 2012 10:40:53 -0400 From: Andrew Douglass <douglass_at_private> Subject: Re: The Power of Individual Voters to Transform Their Government (Mark E Smith, RISKS-26.81) > The only way to get honest elections is to refuse to vote until we do. If > you're willing to vote in elections where your vote doesn't have to be > counted and isn't verifiable, you have no leverage with which to demand > honest elections. Boycott 2012! Isn't boycotting to protest exclusion ironic? Not unlike suicide to ease the executioner's burden. Besides litigation, the way to honest elections is to elect or persuade concerned representatives to enact legislation and enforce existing law such as the Voting Rights Act. Such people most certainly do exist, as in the legislative success of the Verifiable Voting Coalition of Virginia [my state] to ban DREs. It's not hard to judge who most resists enfranchisement and least supports accurate vote counts (granted the contrast is nowhere near as much as it should be!). If you don't vote or influence others to vote, you might as well not exist. ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.83 ************************Received on Sat May 12 2012 - 22:00:18 PDT
This archive was generated by hypermail 2.2.0 : Sat May 12 2012 - 22:36:57 PDT