RISKS-LIST: Risks-Forum Digest Wednesday 11 June 2012 Volume 26 : Issue 91 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.91.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Stuxnet Parallels to Voting Security (Rebecca T Mercuri) Campaigns to Track Voters with "Political Cookies" (Lauren Weinstein) A320 Lost 2 of 3 Hydraulic Systems on takeoff (PGN) Risks of the Spent Fuel Pool in Reactor Building 4 at Fukushima Daiichi (Peter Bernard Ladkin) More on Fukushima (Richard I. Cook via PGN) San Diego fireworks suffer a *slight* glitch... (David Lesher) Botched computer "upgrade" in sixth day of transactions chaos at RBS (Peter Bernard Ladkin) RBS computer failure condemns man to spend weekend in the cells (Gabe Goldberg) Time isn't on my side; Lesson: Look before you leap... (Henry Baker) Drones: Yet another reason to keep your sextant at hand (Danny Burstein) Scientists crack RSA SecurID 800 tokens, steal cryptographic keys (Lauren Weinstein) Bugs in source code cannot be used in DUI cases in Minnesota (Ben Blout) RAND: Cyberdeterrence and Cyberwar (Lauren Weinstein) France shutting down their /once groundbreaking/ Minitel service (Lauren Weinstein) UK considers broad Web site blocking by default (Lauren Weinstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 10 Jul 2012 12:45:13 -0400 From: RTMercuri <notable_at_private> Subject: Stuxnet Parallels to Voting Security I had occasion to attend the NIKSUN World Wide Security and Mobility Conference (WWSMC) on July 9, 2012 in Princeton, NJ. The day's closing speaker was Mr. Barry Lyons, CISSP, Cyber Architect, Northrop Grumman Information Systems, on the topic of "STUXNET/FLAME: The Next Generation of Hideous Cyber Attacks." During the Q&A session at the end of the talk, I questioned Barry's characterization of the STUXNET components as "new" and "game changing" and asked him what led him to believe this was the case, especially since prior research (such as in voting machines) had already revealed many similar vulnerabilities and potential exploits. In response, he hopped down off of the stage (he was wearing a wireless microphone), traveled through a large portion of the audience to just in front of where I was sitting, and asserted that voting machines were somehow different because they were "computers." (The talk as well as the Q&A portion was recorded by IEEEtv, and I will provide a link when it becomes available, to the Risks Digest.) I thought that readers of Risks would be interested in seeing my follow-up email message to Mr. Lyons (prompted by his suggestion that we should continue the conversation later), along with his insightful reply (at the bottom): - - --- Original Message ----- Subject: Your Stuxnet Talk Date: Tue, 10 Jul 2012 11:18:59 -0400 From: RTMercuri <notable_at_private> To: barry.lyons_at_private Barry -- Apparently I hit a nerve last evening with my question about the potential exploits of programmable logic controllers having been warned about, years prior to the advent of Stuxnet. Upon returning home, I glanced through my Ph.D. dissertation (Electronic Vote Tabulation: Checks & Balances, publicly defended October 27, 2000 at the School of Engineering and Applied Science of the University of Pennsylvania, freely downloadable at http://www.cis.upenn.edu/grad/documents/mercuri-r.pdf), and located (pages 49-50) the portion of the paragraph that I had recalled writing some 12 years ago, as follows: "But just because tampering with the software may not be the easiest method does not mean that it has not or will not be done. Thompson's [Footnote: Ken Thompson, "Reflections on Trusting Trust," Communications of the ACM, August 1984] implication is that the hooks and backdoors, particularly those within compilers and operating systems, exist and have already been proliferated invisibly throughout the industry. Under this view, software rigging is assumed to have already happened, rather than just a speculative possibility. One could extend these assumptions as well to the hardware. Presently there is nothing that restricts vendors from using custom integrated circuit chips in the DREs [Direct Recording Electronic voting machines], and some do, even for the CPUs. It is not inconceivable that a crafty individual could devise a set of microcoded instructions that would be activated only under certain situations. Reliance on any particular vendor or brand of components would therefore increase vulnerability. Some chips now even permit internally reconfigurable microcode as well as microarchitecture, and such a self-modifying CPU could erase any trace of its own subroutines once they were executed. With election dates and times being well-known and predictable, this could occur within the space of microseconds during the voting session." This description is most certainly generically predictive of targeted long-term attacks on specialized hardware, from particular vendors, established in air-gapped networks, that can exploit vulnerabilities such as those presented with programmable logic controllers. As well, numerous researchers (including Harri Hursti in 2005 and Ed Felten in 2006) have repeatedly demonstrated that removable memory units (such as those that establish ballot configurations for elections) can be compromised such that the system will generate false reports, as well as assist in the dissemination of malware that is transferable from machine to machine. The parallels to Stuxnet are clearly obvious. I had thought that you would welcome the opportunity to explain, or at least acknowledge, to the WWSMC conference audience, the fact that many salient aspects of the Stuxnet approach were indeed exploits of long-known vulnerabilities. Instead, I was rather surprised that you chose to continue with head-in-the-sand assertions that Stuxnet was somehow new and also a "game changer." I recognize that it is embarrassing that your employer, Northrop Grumman (and many other large firms relied on by the U.S. and other governments to provide security advice and protection), was caught with its pants down in being unaware of particular design flaws common to many critical infrastructure systems (including those that elect the officials that authorize payment for your security analysis and training contracts with our tax dollars). But to pretend that the possibility of such attacks had not been well-publicized by highly-regarded computer security experts, years before Stuxnet, is foolhardy, since it perpetuates the illusion that systems developers need not keep abreast of all such advance warnings in the scientific literature. Certainly, rogue government agents, malcontents, and recreational hackers, have their ears to the ground in monitoring these computer security discussions, as their proof-of-concept attacks continue to illustrate. This started with the Morris Worm in 1988, with its exploit of UNIX security flaws previously exposed by the hacker's father (some believe that the elder Morris may have intentionally put his son up to the challenge or conveniently provided the tools and information necessary to perform the attack, after the scientist's earlier admonishments in this regard were not taken seriously by the technical community). Indeed, Robert Sr.'s remarks (to the NY Times, November 5, 1988), that the worm "has raised the public awareness to a considerable degree" and that "it is likely to make people more careful and more attentive to vulnerabilities in the future," are not much different, especially in their naivete, from your "game changer" assertions. As you continue in your role as a security evangelist, I would urge you to modify your take-home messages, such as in talks on Stuxnet and other NextGen attacks, to include warnings that the development of malware does not occur in a vacuum. Security experts need to be as well-informed (if not more so) on the evolving exploitable design flaws, as those who intend to compromise it already are. If not, then we are most certainly conceding the future CyberWars to the opposition. In fact, we may have already lost the upcoming battles. Good predictive security means that fewer reactive band-aids should need to be used and less loss may occur. In this regard, Dr. Pruthi and his colleagues at NIKSUN are to be commended for raising the bar on "knowing the unknown" especially by bringing such warnings to the attention of the security community while there is still time to consider redesigns, instead of encouraging reliance on after-the-fact mitigation methods. I welcome your thoughts and hope to continue this dialogue. Rebecca Mercuri, Ph.D., Notable Software, Inc. - -- ----- Reply -------- Subject: Re: EXT :Your Stuxnet Talk Date: Tue, 10 Jul 2012 16:10:52 +0000 From: Lyons, Barry (IS) <barry.lyons_at_private> To: 'notable_at_private' <notable_at_private> Dear Dr. Mercuri, Wishing you success in all endeavors. Barry Lyons, CISSP Sent from BlackBerry - please forgive errors. ------------------------------ Date: Wed, 27 Jun 2012 08:07:16 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Campaigns to Track Voters with "Political Cookies" http://j.mp/M4qHis (Technology Review via NNSquad) "The firm gathers publicly available voter files from all 50 states and supplements this with records of political donations and other profiles purchased from commercial data brokers, says CEO Jeff Dittus. Then, working with about 100 high-traffic websites that register their users, they can match the offline data to the online identities of individuals." While I generally feel that way too much angst is directed Web site ad personalization and related tracking, the creepy line is breached for me when non-Web activities (and related identity linkages at some level) are merged with online actions, especially without users' active notification and specific informed consent. This is particularly of concern when political activities are involved, since the main goal of such systems seems to be to pitch what cynical observers of the political process might call personalized lies. The underlying technology is not new. I've been publicly discussing what I consider to be abuses in this realm by Aristotle, in postings I've made since late in the last century! And to see Aristotle now salivating at the prospect of how online voting would play into all this has to be one of the most chilling warnings against the utterly unworkable and dangerous concept of online voting that has yet been explicitly stated, albeit unintentionally. ------------------------------ Date: Mon, 25 Jun 2012 10:34:30 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: A320 Lost 2 of 3 Hydraulic Systems on takeoff Interesting story from aero-news.net [Thanks to Ira Rimso.n] A JetBlue A320 on a flight from Las Vegas to New York Tuesday reportedly lost two of its three hydraulic systems during the flight, which forced the pilot to circle an area south the Nevada city for four hours burning off enough fuel to make a safe landing. Passengers described the experience as the airplane "careening wildly through the sky" as it made steep turns and "lurched from side to side." One of the pilots of the plane told ATC that "we've lost two hydraulic systems," and declared an emergency, according to a report in the New York Post. JetBlue confirmed that the incident occurred. The plane, which had just departed from Las Vegas, carried five hours of fuel. The A320 is unable to dump fuel, so the pilot had to stay airborne while it was burned off. One passenger described the flight as "four hours of hell." Another described "an obvious metal screeching" just as the airplane lifted off from McCarran International Airport. Dave Esser, an ERAU professor based in Florida, said that the side-to-side swerving was a likely sign of a loss of lateral control. But Esser said the passengers were not in serious danger because of the backup systems and redundancies built into the Airbus. However, an Airbus manual indicated that the simultaneous failure of two hydraulic systems is "improbable in operation." The airplane did eventually land safely. The FAA and NTSB will conduct an investigation. ------------------------------ Date: Tue, 26 Jun 2012 08:07:21 +0200 From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de> Subject: Risks of the Spent Fuel Pool in Reactor Building 4 at Fukushima Daiichi (Yurman, RISKS-28.87) In RISKS-28.87, Dan Yurman tries to reassure us about the state of the Spent Fuel Pool in Reactor Building 4 at Fukushima Daiichi nuclear power plant. Yurman cites an article by Will Davis on a blog at the American Nuclear Society. Yurman's note seems to me to be little more than propaganda, and Davis's account is flawed. There are obvious reasons to continue to worry about the state of this Spent Fuel Pool (SFP4), about its structural stability, as well as the continued viability of its ad-hoc cooling system. As far as I know, there is no public hazard analysis of the state of SFP4; neither do I know of an engineering assessment of it independent of Tepco. Such an independent assessment seems to me to be required. There are instances in which engineering representations in which Tepco has been involved, for example assessing the INES Level of the situation at Reactors 5 and 6, have misled as to the true situation. That is surely something which would have been noted in an adequate report on engineering performance, yet Tepco has recently produced one and "exonerates itself", according to the New York Times' Hirok Tabuchi. http://www.nytimes.com/2012/06/21/world/asia/tepco-operator-of-fukushima-exonerates-itself-in-report.html It "never hid information, never underplayed the extent of fuel meltdown and certainly never considered abandoning the ravaged site. It asserts that government interference in the disaster response created confusion and delays." The worst case outcome of a structural failure of SFP4 is nowhere near benign, as Davis suggests. The chances of that worst-case outcome are neither zero nor negligible. These two observations alone suffice to vitiate the claims of Yurman and Davis. I wrote an extended essay at http://www.abnormaldistribution.org/2012/06/05/concerns-about-spent-fuel-pool-4-at-fukushima-daiichi/ Peter Bernard Ladkin, University of Bielefeld and Causalis Limited ------------------------------ Date: Sun, 8 Jul 2012 9:13:20 PDT From: "Peter G. Neumann" <neumann_at_private> Subject: Fukushima [From Richard I. Cook, MD] http://naiic.go.jp/en/report/ http://naiic.go.jp/en/about/chairmans-message/ Chairman's message ``...nuclear power became an unstoppable force, immune to scrutiny by civil society. Its regulation was entrusted to the same government bureaucracy responsible for its promotion. At a time when Japan's self-confidence was soaring, a tightly knit elite with enormous financial resources had diminishing regard for anything `not invented here.' ``This conceit was reinforced by the collective mindset of Japanese bureaucracy, by which the first duty of any individual bureaucrat is to defend the interests of his organization. Carried to an extreme, this led bureaucrats to put organizational interests ahead of their paramount duty to protect public safety. ``Only by grasping this mindset can one understand how Japan's nuclear industry managed to avoid absorbing the critical lessons learned from Three Mile Island and Chernobyl; and how it became accepted practice to resist regulatory pressure and cover up small-scale accidents. It was this mindset that led to the disaster at the Fukushima Daiichi Nuclear Plant...'' ------------------------------ Date: Thu, 05 Jul 2012 19:59:59 -0400 From: David Lesher <wb8foz_at_private> Subject: San Diego fireworks suffer a *slight* glitch... and a 20+ minute show goes off in 15 seconds.... I'm shocked to read that: Garden State co-owner August Santore spoke to KPBS media partner Channel 10 News. He said the mishap wasn't due to human error or firework technology, but to a corrupt computer file. <http://www.kpbs.org/news/2012/jul/05/sd-bay-fireworks-show-major-misfire/> [Corrupt, eh? I'm really shocked that a computer file would be so evil. PGN] ------------------------------ Date: Tue, 26 Jun 2012 07:39:01 +0200 From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de> Subject: Botched computer "upgrade" in sixth day of transactions chaos at RBS Last Tuesday, 19 Jun 2012, the Royal Bank of Scotland upgraded a computer system associated with transaction processing. It didn't go well. The transaction-processing system, which apparently processes up to 10 million transactions per day, was not able to keep up with demand. *The Guardian* is reporting that up to 13 million customers of RBS and subsidiary banks, including NatWest and Ulster Bank, have been unable to access account information. Payments, including automatic payments on loans, have not been made. The Financial Services Authority, which regulates banking and finance in GB, is demanding a "complete account" of the problems. The bank branches have been opened later hours until 7pm, to enable personal transactions for people after work, and were also open Sunday, for which 7,000 temporary staff were hired, according to the Guardian. I have no technical details. The public reports seem to be somewhat shy of details. I don't know whether it is SW, HW, or SW+HW, and I don't know which system is involved; whether it is the transaction-processing system itself or some other interconnected system. Stephen Hester, chief executive of RBS, says the bank is "well on the way to recovery" from the problems. Reports from customers on Monday, 25 June, were that many were no longer experiencing problems. Suppose that such computerised highly-connected transaction-processing systems have been in place for 40 years (Wikipedia suggests that the first "modern" ATMs, which were enabled for simultaneous transaction processing, came into use in 1972 in the UK, although I remember them first from Wells Fargo Bank in California in the mid-late 1970's.) At 8,760 hours in the year (or 8,784 in a leap year), 40 years represents about 350,000 operating hours. Looking at it another way, if there is a major system upgrade once a week, then 40 years represents about 20,000 system upgrades. Not that these figures give much of a guide to reliability (for example, the systems have changed almost unrecognisably in this time), upgrading a running TP system seems not to be an operation which one would call ultrareliable, given the meaning of that term in the critical-systems community. Peter Bernard Ladkin, Causalis Limited and University of Bielefeld [Also noted by Wendy Grossman. PGN] http://www.guardian.co.uk/technology/2012/jun/25/how-natwest-it-meltdown ------------------------------ Date: Tue, 26 Jun 2012 10:36:12 -0400 From: Gabe Goldberg <gabe_at_private> Subject: RBS computer failure condemns man to spend weekend in the cells Companies are of course responsible for problems caused by shortcuts, mistakes, malfeasance. But it's not clear who's the villain here -- if there is one. Offshoring jobs is mentioned but not conclusively implicated. The company's mostly apologetic tone seems appropriate (though more explanation would have helped) and the last couple sentences are correct: Things go wrong. Things go wrong in technology. We have to learn the lessons from what went wrong here and try to make then less likely to happen in the future. RBS computer failure condemns man to spend weekend in the cells - Telegraph [Source: *The Telegraph*] http://www.telegraph.co.uk/finance/personalfinance/consumertips/banking/9355467/RBS-computer-failure-condemns-man-to-spend-weekend-in-the-cells.html Gabriel Goldberg, Computers and Publishing, Inc. gabe_at_private 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ------------------------------ Date: Tue, 03 Jul 2012 07:57:15 -0700 From: Henry Baker <hbaker1_at_private> Subject: Time isn't on my side; Lesson: Look before you leap... http://seekingalpha.com/article/699681-big-cloud-lessons-from-a-bad-weekend?source=yahoo "Yelp (YELP), Reddit, and LinkedIn (LNKD) all suffered problems from the addition of a "leap second" at midnight on Saturday, aimed at synchronizing Internet time with the atomic clocks of real time. Those systems with configurations expecting 60 second minutes were knocked down, and although they quickly got back up it was embarrassing." ------------------------------ Date: Thu, 28 Jun 2012 15:45:36 -0400 (EDT) From: danny burstein <dannyb_at_private> Subject: Drones: Yet another reason to keep your sextant at hand Commercial Drones and GPS Spoofers a Bad Mix Researchers at the University of Texas at Austin Radionavigation Laboratory have successfully demonstrated that a drone with an unencrypted GPS system can be taken over by a person wielding a GPS spoofing device. You can see a video accompanying a Fox News story on it, as well as a video here of an experiment conducted by the researchers, led by Professor Todd Humphreys. Humphreys and company were recently invited by the U.S. Department of Homeland Security (DHS) to demonstrate whether their capability to successfully spoof commercial GPS systems in the laboratory could work in the field. ... The UT researchers took equipment costing about $1000 to the White Sands Missile Range in New Mexico last week and showed observers from both the Federal Aviation Administration (FAA) and DHS how control of a test drone could be taken away from its original overseers. The UT researchers, as the above article notes, have been able to take control of basically every type of unencrypted commercial GPS system in their laboratory. rest: http://spectrum.ieee.org/riskfactor/aerospace/aviation/commercial-drones-and-gps-spoofers-a-bad-mix popular news article: http://rt.com/usa/news/texas-1000-us-government-906/ Note that this is _unencrypted_ GPS, but that's a hefty chunk of the users. [Also noted by Paul Saffo. PGN] ------------------------------ Date: Mon, 25 Jun 2012 08:38:07 -0700 From: Lauren Weinstein <lauren_at_private> Subject: Scientists crack RSA SecurID 800 tokens, steal cryptographic keys http://j.mp/MvhBKv (ars technica via NNSquad) "The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA's SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies." ------------------------------ Date: Mon, 2 Jul 2012 23:09:43 -0400 (EDT) From: Ben Blout <bdbnext_at_private> Subject: Bugs in source code cannot be used in DUI cases in Minnesota A ruling from the Minnesota Supreme Court means that defendants will not be able to use the source code for the Intoxilyzer breath-test machine in their legal defense. (These machines are used to determine blood alcohol levels for DUI cases, and are known colloquially as breathalyzers.) An earlier ruling found that the source code contained bugs, including one that caused the proximity of a cell phone during testing to affect results. However, the Supreme Court ruled that the Intoxilyzer was accurate by a preponderance of the evidence. http://minnesota.publicradio.org/collections/special/columns/news_cut/archive/2012/06/minnesota_supreme_court_limits.shtml http://www.startribune.com/local/160533855.html An earlier, including mention that the replacement devices include their source code: http://www.startribune.com/local/158324965.html ------------------------------ Date: Thu, 28 Jun 2012 12:34:14 -0700 From: Lauren Weinstein <lauren_at_private> Subject: RAND: Cyberdeterrence and Cyberwar http://j.mp/NGWeTb (RAND [PDF] via NNSquad) "Cyberwar is nothing so much as the manipulation of ambiguity. The author explores these topics in detail and uses the results to address such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and other actions the United States and the U.S. Air Force can take to protect itself in the face of deliberate cyberattack." ------------------------------ Date: Wed, 27 Jun 2012 22:05:19 -0700 From: Lauren Weinstein <lauren_at_private> Subject: France shutting down their /once groundbreaking/ Minitel service http://j.mp/MUYSag (BBC [Video]) "France is switching off its groundbreaking Minitel service which brought online banking, travel reservations, and porn to millions of users in the 1980s. But then came the worldwide web. Minitel has been dying slowly and the plug will be pulled on Saturday." ------------------------------ Date: Wed, 27 Jun 2012 19:30:01 -0700 From: Lauren Weinstein <lauren_at_private> Subject: UK considers broad Web site blocking by default http://j.mp/LuEiK7 (BBC via NNSquad) "The government is to consider putting extra pressure on computer users to filter out pornography when setting up Internet accounts. Ministers are suggesting that people should automatically be barred from accessing unsuitable adult material unless they actually choose to view it. It is one of several suggestions being put out for a consultation on how to shield children from pornography. Websites promoting suicide, anorexia and self-harm are also being targeted." The good old UK police state mentality marches on. And of course, if you ask to have the blocks lifted, you automatically go on Her Majesty's government "pervert" list. ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.91 ************************Received on Wed Jul 11 2012 - 05:15:20 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 11 2012 - 05:55:32 PDT